Add m-esr52 at 52.6.0

1174 files changed, 148260 insertions, 0 deletions

diff --git a/security/manager/ssl/CSTrustDomain.cpp b/security/manager/ssl/CSTrustDomain.cpp
new file mode 100644
index 000000000..90008038e
--- /dev/null
+++ b/security/manager/ssl/CSTrustDomain.cpp
@@ -0,0 +1,231 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CSTrustDomain.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Preferences.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "pkix/pkixnss.h"
+
+using namespace mozilla::pkix;
+
+namespace mozilla { namespace psm {
+
+static LazyLogModule gTrustDomainPRLog("CSTrustDomain");
+#define CSTrust_LOG(args) MOZ_LOG(gTrustDomainPRLog, LogLevel::Debug, args)
+
+CSTrustDomain::CSTrustDomain(UniqueCERTCertList& certChain)
+  : mCertChain(certChain)
+  , mCertBlocklist(do_GetService(NS_CERTBLOCKLIST_CONTRACTID))
+{
+}
+
+Result
+CSTrustDomain::GetCertTrust(EndEntityOrCA endEntityOrCA,
+                            const CertPolicyId& policy, Input candidateCertDER,
+                            /*out*/ TrustLevel& trustLevel)
+{
+  MOZ_ASSERT(policy.IsAnyPolicy());
+  if (!policy.IsAnyPolicy()) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  SECItem candidateCertDERSECItem = UnsafeMapInputToSECItem(candidateCertDER);
+  UniqueCERTCertificate candidateCert(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &candidateCertDERSECItem,
+                            nullptr, false, true));
+  if (!candidateCert) {
+    return MapPRErrorCodeToResult(PR_GetError());
+  }
+
+  bool isCertRevoked;
+  nsresult nsrv = mCertBlocklist->IsCertRevoked(
+                    candidateCert->derIssuer.data,
+                    candidateCert->derIssuer.len,
+                    candidateCert->serialNumber.data,
+                    candidateCert->serialNumber.len,
+                    candidateCert->derSubject.data,
+                    candidateCert->derSubject.len,
+                    candidateCert->derPublicKey.data,
+                    candidateCert->derPublicKey.len,
+                    &isCertRevoked);
+  if (NS_FAILED(nsrv)) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  if (isCertRevoked) {
+    CSTrust_LOG(("CSTrustDomain: certificate is revoked\n"));
+    return Result::ERROR_REVOKED_CERTIFICATE;
+  }
+
+  // Is this cert our built-in content signing root?
+  bool isRoot = false;
+  nsCOMPtr<nsINSSComponent> component(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!component) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  nsrv = component->IsCertContentSigningRoot(candidateCert.get(), isRoot);
+  if (NS_FAILED(nsrv)) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+  if (isRoot) {
+    CSTrust_LOG(("CSTrustDomain: certificate is a trust anchor\n"));
+    trustLevel = TrustLevel::TrustAnchor;
+    return Success;
+  }
+  CSTrust_LOG(("CSTrustDomain: certificate is *not* a trust anchor\n"));
+
+  trustLevel = TrustLevel::InheritsTrust;
+  return Success;
+}
+
+Result
+CSTrustDomain::FindIssuer(Input encodedIssuerName, IssuerChecker& checker,
+                          Time time)
+{
+  // Loop over the chain, look for a matching subject
+  for (CERTCertListNode* n = CERT_LIST_HEAD(mCertChain);
+      !CERT_LIST_END(n, mCertChain); n = CERT_LIST_NEXT(n)) {
+    Input certDER;
+    Result rv = certDER.Init(n->cert->derCert.data, n->cert->derCert.len);
+    if (rv != Success) {
+      continue; // probably too big
+    }
+
+    // if the subject does not match, try the next certificate
+    Input subjectDER;
+    rv = subjectDER.Init(n->cert->derSubject.data, n->cert->derSubject.len);
+    if (rv != Success) {
+      continue; // just try the next one
+    }
+    if (!InputsAreEqual(subjectDER, encodedIssuerName)) {
+      CSTrust_LOG(("CSTrustDomain: subjects don't match\n"));
+      continue;
+    }
+
+    // If the subject does match, try the next step
+    bool keepGoing;
+    rv = checker.Check(certDER, nullptr/*additionalNameConstraints*/,
+                       keepGoing);
+    if (rv != Success) {
+      return rv;
+    }
+    if (!keepGoing) {
+      CSTrust_LOG(("CSTrustDomain: don't keep going\n"));
+      break;
+    }
+  }
+
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA,
+                               const CertID& certID, Time time,
+                               Duration validityDuration,
+                               /*optional*/ const Input* stapledOCSPresponse,
+                               /*optional*/ const Input* aiaExtension)
+{
+  // We're relying solely on the CertBlocklist for revocation - and we're
+  // performing checks on this in GetCertTrust (as per nsNSSCertDBTrustDomain)
+  return Success;
+}
+
+Result
+CSTrustDomain::IsChainValid(const DERArray& certChain, Time time)
+{
+  // Check that our chain is not empty
+  if (certChain.GetLength() == 0) {
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckSignatureDigestAlgorithm(DigestAlgorithm digestAlg,
+                                             EndEntityOrCA endEntityOrCA,
+                                             Time notBefore)
+{
+  if (digestAlg == DigestAlgorithm::sha1) {
+    return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
+  }
+  return Success;
+}
+
+Result
+CSTrustDomain::CheckRSAPublicKeyModulusSizeInBits(
+  EndEntityOrCA endEntityOrCA, unsigned int modulusSizeInBits)
+{
+  if (modulusSizeInBits < 2048) {
+    return Result::ERROR_INADEQUATE_KEY_SIZE;
+  }
+  return Success;
+}
+
+Result
+CSTrustDomain::VerifyRSAPKCS1SignedDigest(const SignedDigest& signedDigest,
+                                          Input subjectPublicKeyInfo)
+{
+  return VerifyRSAPKCS1SignedDigestNSS(signedDigest, subjectPublicKeyInfo,
+                                       nullptr);
+}
+
+Result
+CSTrustDomain::CheckECDSACurveIsAcceptable(EndEntityOrCA endEntityOrCA,
+                                           NamedCurve curve)
+{
+  switch (curve) {
+    case NamedCurve::secp256r1: // fall through
+    case NamedCurve::secp384r1: // fall through
+    case NamedCurve::secp521r1:
+      return Success;
+  }
+
+  return Result::ERROR_UNSUPPORTED_ELLIPTIC_CURVE;
+}
+
+Result
+CSTrustDomain::VerifyECDSASignedDigest(const SignedDigest& signedDigest,
+                                       Input subjectPublicKeyInfo)
+{
+  return VerifyECDSASignedDigestNSS(signedDigest, subjectPublicKeyInfo,
+                                    nullptr);
+}
+
+Result
+CSTrustDomain::CheckValidityIsAcceptable(Time notBefore, Time notAfter,
+                                         EndEntityOrCA endEntityOrCA,
+                                         KeyPurposeId keyPurpose)
+{
+  return Success;
+}
+
+Result
+CSTrustDomain::NetscapeStepUpMatchesServerAuth(Time notBefore,
+                                               /*out*/ bool& matches)
+{
+  matches = false;
+  return Success;
+}
+
+void
+CSTrustDomain::NoteAuxiliaryExtension(AuxiliaryExtension /*extension*/,
+                                      Input /*extensionData*/)
+{
+}
+
+Result
+CSTrustDomain::DigestBuf(Input item, DigestAlgorithm digestAlg,
+                         /*out*/ uint8_t* digestBuf, size_t digestBufLen)
+{
+  return DigestBufNSS(item, digestAlg, digestBuf, digestBufLen);
+}
+
+} } // end namespace mozilla::psm
diff --git a/security/manager/ssl/CSTrustDomain.h b/security/manager/ssl/CSTrustDomain.h
new file mode 100644
index 000000000..29a82539b
--- /dev/null
+++ b/security/manager/ssl/CSTrustDomain.h
@@ -0,0 +1,80 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CSTrustDomain_h
+#define CSTrustDomain_h
+
+#include "pkix/pkixtypes.h"
+#include "mozilla/StaticMutex.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsICertBlocklist.h"
+#include "nsIX509CertDB.h"
+#include "ScopedNSSTypes.h"
+
+namespace mozilla { namespace psm {
+
+class CSTrustDomain final : public mozilla::pkix::TrustDomain
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  explicit CSTrustDomain(UniqueCERTCertList& certChain);
+
+  virtual Result GetCertTrust(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    const mozilla::pkix::CertPolicyId& policy,
+    mozilla::pkix::Input candidateCertDER,
+    /*out*/ mozilla::pkix::TrustLevel& trustLevel) override;
+  virtual Result FindIssuer(mozilla::pkix::Input encodedIssuerName,
+                            IssuerChecker& checker,
+                            mozilla::pkix::Time time) override;
+  virtual Result CheckRevocation(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
+    mozilla::pkix::Duration validityDuration,
+    /*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
+    /*optional*/ const mozilla::pkix::Input* aiaExtension) override;
+  virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain,
+                              mozilla::pkix::Time time) override;
+  virtual Result CheckSignatureDigestAlgorithm(
+    mozilla::pkix::DigestAlgorithm digestAlg,
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::Time notBefore) override;
+  virtual Result CheckRSAPublicKeyModulusSizeInBits(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    unsigned int modulusSizeInBits) override;
+  virtual Result VerifyRSAPKCS1SignedDigest(
+    const mozilla::pkix::SignedDigest& signedDigest,
+    mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckECDSACurveIsAcceptable(
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::NamedCurve curve) override;
+  virtual Result VerifyECDSASignedDigest(
+    const mozilla::pkix::SignedDigest& signedDigest,
+    mozilla::pkix::Input subjectPublicKeyInfo) override;
+  virtual Result CheckValidityIsAcceptable(
+    mozilla::pkix::Time notBefore, mozilla::pkix::Time notAfter,
+    mozilla::pkix::EndEntityOrCA endEntityOrCA,
+    mozilla::pkix::KeyPurposeId keyPurpose) override;
+  virtual Result NetscapeStepUpMatchesServerAuth(
+    mozilla::pkix::Time notBefore, /*out*/ bool& matches) override;
+  virtual void NoteAuxiliaryExtension(
+    mozilla::pkix::AuxiliaryExtension extension,
+    mozilla::pkix::Input extensionData) override;
+  virtual Result DigestBuf(mozilla::pkix::Input item,
+                           mozilla::pkix::DigestAlgorithm digestAlg,
+                           /*out*/ uint8_t* digestBuf,
+                           size_t digestBufLen) override;
+
+private:
+  /*out*/ UniqueCERTCertList& mCertChain;
+  nsCOMPtr<nsICertBlocklist> mCertBlocklist;
+};
+
+} } // namespace mozilla::psm
+
+#endif // CSTrustDomain_h
diff --git a/security/manager/ssl/CertBlocklist.cpp b/security/manager/ssl/CertBlocklist.cpp
new file mode 100644
index 000000000..56473eca3
--- /dev/null
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -0,0 +1,671 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertBlocklist.h"
+
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsICryptoHash.h"
+#include "nsIFileStreams.h"
+#include "nsILineInputStream.h"
+#include "nsISafeOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsTHashtable.h"
+#include "nsThreadUtils.h"
+#include "pkix/Input.h"
+#include "prtime.h"
+
+NS_IMPL_ISUPPORTS(CertBlocklist, nsICertBlocklist)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+
+#define PREF_BACKGROUND_UPDATE_TIMER "app.update.lastUpdateTime.blocklist-background-update-timer"
+#define PREF_BLOCKLIST_ONECRL_CHECKED "services.blocklist.onecrl.checked"
+#define PREF_MAX_STALENESS_IN_SECONDS "security.onecrl.maximum_staleness_in_seconds"
+#define PREF_ONECRL_VIA_AMO "security.onecrl.via.amo"
+
+static LazyLogModule gCertBlockPRLog("CertBlock");
+
+uint32_t CertBlocklist::sLastBlocklistUpdate = 0U;
+uint32_t CertBlocklist::sLastKintoUpdate = 0U;
+uint32_t CertBlocklist::sMaxStaleness = 0U;
+bool CertBlocklist::sUseAMO = true;
+
+CertBlocklistItem::CertBlocklistItem(const uint8_t* DNData,
+                                     size_t DNLength,
+                                     const uint8_t* otherData,
+                                     size_t otherLength,
+                                     CertBlocklistItemMechanism itemMechanism)
+  : mIsCurrent(false)
+  , mItemMechanism(itemMechanism)
+{
+  mDNData = new uint8_t[DNLength];
+  memcpy(mDNData, DNData, DNLength);
+  mDNLength = DNLength;
+
+  mOtherData = new uint8_t[otherLength];
+  memcpy(mOtherData, otherData, otherLength);
+  mOtherLength = otherLength;
+}
+
+CertBlocklistItem::CertBlocklistItem(const CertBlocklistItem& aItem)
+{
+  mDNLength = aItem.mDNLength;
+  mDNData = new uint8_t[mDNLength];
+  memcpy(mDNData, aItem.mDNData, mDNLength);
+
+  mOtherLength = aItem.mOtherLength;
+  mOtherData = new uint8_t[mOtherLength];
+  memcpy(mOtherData, aItem.mOtherData, mOtherLength);
+
+  mItemMechanism = aItem.mItemMechanism;
+
+  mIsCurrent = aItem.mIsCurrent;
+}
+
+CertBlocklistItem::~CertBlocklistItem()
+{
+  delete[] mDNData;
+  delete[] mOtherData;
+}
+
+nsresult
+CertBlocklistItem::ToBase64(nsACString& b64DNOut, nsACString& b64OtherOut)
+{
+  nsDependentCSubstring DNString(BitwiseCast<char*, uint8_t*>(mDNData),
+                                 mDNLength);
+  nsDependentCSubstring otherString(BitwiseCast<char*, uint8_t*>(mOtherData),
+                                    mOtherLength);
+  nsresult rv = Base64Encode(DNString, b64DNOut);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Encode(otherString, b64OtherOut);
+  return rv;
+}
+
+bool
+CertBlocklistItem::operator==(const CertBlocklistItem& aItem) const
+{
+  if (aItem.mItemMechanism != mItemMechanism) {
+    return false;
+  }
+  if (aItem.mDNLength != mDNLength ||
+      aItem.mOtherLength != mOtherLength) {
+    return false;
+  }
+  return memcmp(aItem.mDNData, mDNData, mDNLength) == 0 &&
+         memcmp(aItem.mOtherData, mOtherData, mOtherLength) == 0;
+}
+
+uint32_t
+CertBlocklistItem::Hash() const
+{
+  uint32_t hash;
+  // there's no requirement for a serial to be as large as the size of the hash
+  // key; if it's smaller, fall back to the first octet (otherwise, the last
+  // four)
+  if (mItemMechanism == BlockByIssuerAndSerial &&
+      mOtherLength >= sizeof(hash)) {
+    memcpy(&hash, mOtherData + mOtherLength - sizeof(hash), sizeof(hash));
+  } else {
+    hash = *mOtherData;
+  }
+  return hash;
+}
+
+CertBlocklist::CertBlocklist()
+  : mMutex("CertBlocklist::mMutex")
+  , mModified(false)
+  , mBackingFileIsInitialized(false)
+  , mBackingFile(nullptr)
+{
+}
+
+CertBlocklist::~CertBlocklist()
+{
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_BACKGROUND_UPDATE_TIMER,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_MAX_STALENESS_IN_SECONDS,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_ONECRL_VIA_AMO,
+                                  this);
+  Preferences::UnregisterCallback(CertBlocklist::PreferenceChanged,
+                                  PREF_BLOCKLIST_ONECRL_CHECKED,
+                                  this);
+}
+
+nsresult
+CertBlocklist::Init()
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug, ("CertBlocklist::Init"));
+
+  // Init must be on main thread for getting the profile directory
+  if (!NS_IsMainThread()) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::Init - called off main thread"));
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // Register preference callbacks
+  nsresult rv =
+      Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                           PREF_BACKGROUND_UPDATE_TIMER,
+                                           this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_MAX_STALENESS_IN_SECONDS,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_ONECRL_VIA_AMO,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Preferences::RegisterCallbackAndCall(CertBlocklist::PreferenceChanged,
+                                            PREF_BLOCKLIST_ONECRL_CHECKED,
+                                            this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Get the profile directory
+  rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                              getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv) || !mBackingFile) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::Init - couldn't get profile dir"));
+    // Since we're returning NS_OK here, set mBackingFile to a safe value.
+    // (We need initialization to succeed and CertBlocklist to be in a
+    // well-defined state if the profile directory doesn't exist.)
+    mBackingFile = nullptr;
+    return NS_OK;
+  }
+  rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt"));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoCString path;
+  rv = mBackingFile->GetNativePath(path);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::Init certList path: %s", path.get()));
+
+  return NS_OK;
+}
+
+nsresult
+CertBlocklist::EnsureBackingFileInitialized(MutexAutoLock& lock)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::EnsureBackingFileInitialized"));
+  if (mBackingFileIsInitialized || !mBackingFile) {
+    return NS_OK;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::EnsureBackingFileInitialized - not initialized"));
+
+  bool exists = false;
+  nsresult rv = mBackingFile->Exists(&exists);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!exists) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::EnsureBackingFileInitialized no revocations file"));
+    return NS_OK;
+  }
+
+  // Load the revocations file into the cert blocklist
+  nsCOMPtr<nsIFileInputStream> fileStream(
+      do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = fileStream->Init(mBackingFile, -1, -1, false);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineStream(do_QueryInterface(fileStream, &rv));
+  nsAutoCString line;
+  nsAutoCString DN;
+  nsAutoCString other;
+  CertBlocklistItemMechanism mechanism;
+  // read in the revocations file. The file format is as follows: each line
+  // contains a comment, base64 encoded DER for a DN, base64 encoded DER for a
+  // serial number or a Base64 encoded SHA256 hash of a public key. Comment
+  // lines start with '#', serial number lines, ' ' (a space), public key hashes
+  // with '\t' (a tab) and anything else is assumed to be a DN.
+  bool more = true;
+  do {
+    rv = lineStream->ReadLine(line, &more);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+    // ignore comments and empty lines
+    if (line.IsEmpty() || line.First() == '#') {
+      continue;
+    }
+    if (line.First() != ' ' && line.First() != '\t') {
+      DN = line;
+      continue;
+    }
+    other = line;
+    if (line.First() == ' ') {
+      mechanism = BlockByIssuerAndSerial;
+    } else {
+      mechanism = BlockBySubjectAndPubKey;
+    }
+    other.Trim(" \t", true, false, false);
+    // Serial numbers and public key hashes 'belong' to the last DN line seen;
+    // if no DN has been seen, the serial number or public key hash is ignored.
+    if (DN.IsEmpty() || other.IsEmpty()) {
+      continue;
+    }
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::EnsureBackingFileInitialized adding: %s %s",
+            DN.get(), other.get()));
+
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+           ("CertBlocklist::EnsureBackingFileInitialized - pre-decode"));
+
+    rv = AddRevokedCertInternal(DN, other, mechanism, CertOldFromLocalCache,
+                                lock);
+
+    if (NS_FAILED(rv)) {
+      // we warn here, rather than abandoning, since we need to
+      // ensure that as many items as possible are read
+      MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+             ("CertBlocklist::EnsureBackingFileInitialized adding revoked cert "
+              "failed"));
+    }
+  } while (more);
+  mBackingFileIsInitialized = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::RevokeCertBySubjectAndPubKey(const char* aSubject,
+                                            const char* aPubKeyHash)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::RevokeCertBySubjectAndPubKey - subject is: %s and pubKeyHash: %s",
+          aSubject, aPubKeyHash));
+  MutexAutoLock lock(mMutex);
+
+  return AddRevokedCertInternal(nsDependentCString(aSubject),
+                                nsDependentCString(aPubKeyHash),
+                                BlockBySubjectAndPubKey,
+                                CertNewFromBlocklist, lock);
+}
+
+NS_IMETHODIMP
+CertBlocklist::RevokeCertByIssuerAndSerial(const char* aIssuer,
+                                           const char* aSerialNumber)
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+         ("CertBlocklist::RevokeCertByIssuerAndSerial - issuer is: %s and serial: %s",
+          aIssuer, aSerialNumber));
+  MutexAutoLock lock(mMutex);
+
+  return AddRevokedCertInternal(nsDependentCString(aIssuer),
+                                nsDependentCString(aSerialNumber),
+                                BlockByIssuerAndSerial,
+                                CertNewFromBlocklist, lock);
+}
+
+nsresult
+CertBlocklist::AddRevokedCertInternal(const nsACString& aEncodedDN,
+                                      const nsACString& aEncodedOther,
+                                      CertBlocklistItemMechanism aMechanism,
+                                      CertBlocklistItemState aItemState,
+                                      MutexAutoLock& /*proofOfLock*/)
+{
+  nsCString decodedDN;
+  nsCString decodedOther;
+
+  nsresult rv = Base64Decode(aEncodedDN, decodedDN);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = Base64Decode(aEncodedOther, decodedOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CertBlocklistItem item(
+    BitwiseCast<const uint8_t*, const char*>(decodedDN.get()),
+    decodedDN.Length(),
+    BitwiseCast<const uint8_t*, const char*>(decodedOther.get()),
+    decodedOther.Length(),
+    aMechanism);
+
+  if (aItemState == CertNewFromBlocklist) {
+    // We want SaveEntries to be a no-op if no new entries are added.
+    nsGenericHashKey<CertBlocklistItem>* entry = mBlocklist.GetEntry(item);
+    if (!entry) {
+      mModified = true;
+    } else {
+      // Ensure that any existing item is replaced by a fresh one so we can
+      // use mIsCurrent to decide which entries to write out.
+      mBlocklist.RemoveEntry(entry);
+    }
+    item.mIsCurrent = true;
+  }
+  mBlocklist.PutEntry(item);
+
+  return NS_OK;
+}
+
+// Write a line for a given string in the output stream
+nsresult
+WriteLine(nsIOutputStream* outputStream, const nsACString& string)
+{
+  nsAutoCString line(string);
+  line.Append('\n');
+
+  const char* data = line.get();
+  uint32_t length = line.Length();
+  nsresult rv = NS_OK;
+  while (NS_SUCCEEDED(rv) && length) {
+    uint32_t bytesWritten = 0;
+    rv = outputStream->Write(data, length, &bytesWritten);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // if no data is written, something is wrong
+    if (!bytesWritten) {
+      return NS_ERROR_FAILURE;
+    }
+    length -= bytesWritten;
+    data += bytesWritten;
+  }
+  return rv;
+}
+
+// void saveEntries();
+// Store the blockist in a text file containing base64 encoded issuers and
+// serial numbers.
+//
+// Each item is stored on a separate line; each issuer is followed by its
+// revoked serial numbers, indented by one space.
+//
+// lines starting with a # character are ignored
+NS_IMETHODIMP
+CertBlocklist::SaveEntries()
+{
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Debug,
+      ("CertBlocklist::SaveEntries - not initialized"));
+  MutexAutoLock lock(mMutex);
+  if (!mModified) {
+    return NS_OK;
+  }
+
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!mBackingFile) {
+    // We allow this to succeed with no profile directory for tests
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::SaveEntries no file in profile to write to"));
+    return NS_OK;
+  }
+
+  // Data needed for writing blocklist items out to the revocations file
+  IssuerTable issuerTable;
+  BlocklistStringSet issuers;
+  nsCOMPtr<nsIOutputStream> outputStream;
+
+  rv = NS_NewAtomicFileOutputStream(getter_AddRefs(outputStream),
+                                    mBackingFile, -1, -1, 0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = WriteLine(outputStream,
+                 NS_LITERAL_CSTRING("# Auto generated contents. Do not edit."));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Sort blocklist items into lists of serials for each issuer
+  for (auto iter = mBlocklist.Iter(); !iter.Done(); iter.Next()) {
+    CertBlocklistItem item = iter.Get()->GetKey();
+    if (!item.mIsCurrent) {
+      continue;
+    }
+
+    nsAutoCString encDN;
+    nsAutoCString encOther;
+
+    nsresult rv = item.ToBase64(encDN, encOther);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+             ("CertBlocklist::SaveEntries writing revocation data failed"));
+      return NS_ERROR_FAILURE;
+    }
+
+    // If it's a subject / public key block, write it straight out
+    if (item.mItemMechanism == BlockBySubjectAndPubKey) {
+      WriteLine(outputStream, encDN);
+      WriteLine(outputStream, NS_LITERAL_CSTRING("\t") + encOther);
+      continue;
+    }
+
+    // Otherwise, we have to group entries by issuer
+    issuers.PutEntry(encDN);
+    BlocklistStringSet* issuerSet = issuerTable.Get(encDN);
+    if (!issuerSet) {
+      issuerSet = new BlocklistStringSet();
+      issuerTable.Put(encDN, issuerSet);
+    }
+    issuerSet->PutEntry(encOther);
+  }
+
+  for (auto iter = issuers.Iter(); !iter.Done(); iter.Next()) {
+    nsCStringHashKey* hashKey = iter.Get();
+    nsAutoPtr<BlocklistStringSet> issuerSet;
+    issuerTable.RemoveAndForget(hashKey->GetKey(), issuerSet);
+
+    nsresult rv = WriteLine(outputStream, hashKey->GetKey());
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    // Write serial data to the output stream
+    for (auto iter = issuerSet->Iter(); !iter.Done(); iter.Next()) {
+      nsresult rv = WriteLine(outputStream,
+                              NS_LITERAL_CSTRING(" ") + iter.Get()->GetKey());
+      if (NS_FAILED(rv)) {
+        MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+               ("CertBlocklist::SaveEntries writing revocation data failed"));
+        return NS_ERROR_FAILURE;
+      }
+    }
+  }
+
+  nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(outputStream);
+  NS_ASSERTION(safeStream, "expected a safe output stream!");
+  if (!safeStream) {
+    return NS_ERROR_FAILURE;
+  }
+  rv = safeStream->Finish();
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::SaveEntries saving revocation data failed"));
+    return rv;
+  }
+  mModified = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::IsCertRevoked(const uint8_t* aIssuer,
+                             uint32_t aIssuerLength,
+                             const uint8_t* aSerial,
+                             uint32_t aSerialLength,
+                             const uint8_t* aSubject,
+                             uint32_t aSubjectLength,
+                             const uint8_t* aPubKey,
+                             uint32_t aPubKeyLength,
+                             bool* _retval)
+{
+  MutexAutoLock lock(mMutex);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked?"));
+  nsresult rv = EnsureBackingFileInitialized(lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  Input issuer;
+  Input serial;
+  if (issuer.Init(aIssuer, aIssuerLength) != Success) {
+    return NS_ERROR_FAILURE;
+  }
+  if (serial.Init(aSerial, aSerialLength) != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CertBlocklistItem issuerSerial(aIssuer, aIssuerLength, aSerial, aSerialLength,
+                                 BlockByIssuerAndSerial);
+
+  nsAutoCString encDN;
+  nsAutoCString encOther;
+
+  issuerSerial.ToBase64(encDN, encOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked issuer %s - serial %s",
+           encDN.get(), encOther.get()));
+
+  *_retval = mBlocklist.Contains(issuerSerial);
+
+  if (*_retval) {
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+            ("certblocklist::IsCertRevoked found by issuer / serial"));
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsICryptoHash> crypto;
+  crypto = do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
+
+  rv = crypto->Init(nsICryptoHash::SHA256);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = crypto->Update(aPubKey, aPubKeyLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCString hashString;
+  rv = crypto->Finish(false, hashString);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CertBlocklistItem subjectPubKey(
+    aSubject,
+    static_cast<size_t>(aSubjectLength),
+    BitwiseCast<const uint8_t*, const char*>(hashString.get()),
+    hashString.Length(),
+    BlockBySubjectAndPubKey);
+
+  rv = subjectPubKey.ToBase64(encDN, encOther);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked subject %s - pubKey hash %s",
+           encDN.get(), encOther.get()));
+  *_retval = mBlocklist.Contains(subjectPubKey);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsCertRevoked by subject / pubkey? %s",
+           *_retval ? "true" : "false"));
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+CertBlocklist::IsBlocklistFresh(bool* _retval)
+{
+  MutexAutoLock lock(mMutex);
+  *_retval = false;
+
+  uint32_t now = uint32_t(PR_Now() / PR_USEC_PER_SEC);
+  uint32_t lastUpdate = sUseAMO ? sLastBlocklistUpdate : sLastKintoUpdate;
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+          ("CertBlocklist::IsBlocklistFresh using AMO? %i lastUpdate is %i",
+           sUseAMO, lastUpdate));
+
+  if (now > lastUpdate) {
+    int64_t interval = now - lastUpdate;
+    MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+           ("CertBlocklist::IsBlocklistFresh we're after the last BlocklistUpdate "
+            "interval is %i, staleness %u", interval, sMaxStaleness));
+    *_retval = sMaxStaleness > interval;
+  }
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+         ("CertBlocklist::IsBlocklistFresh ? %s", *_retval ? "true" : "false"));
+  return NS_OK;
+}
+
+
+/* static */
+void
+CertBlocklist::PreferenceChanged(const char* aPref, void* aClosure)
+
+{
+  auto blocklist = static_cast<CertBlocklist*>(aClosure);
+  MutexAutoLock lock(blocklist->mMutex);
+
+  MOZ_LOG(gCertBlockPRLog, LogLevel::Warning,
+         ("CertBlocklist::PreferenceChanged %s changed", aPref));
+  if (strcmp(aPref, PREF_BACKGROUND_UPDATE_TIMER) == 0) {
+    sLastBlocklistUpdate = Preferences::GetUint(PREF_BACKGROUND_UPDATE_TIMER,
+                                                uint32_t(0));
+  } else if (strcmp(aPref, PREF_BLOCKLIST_ONECRL_CHECKED) == 0) {
+    sLastKintoUpdate = Preferences::GetUint(PREF_BLOCKLIST_ONECRL_CHECKED,
+                                            uint32_t(0));
+  } else if (strcmp(aPref, PREF_MAX_STALENESS_IN_SECONDS) == 0) {
+    sMaxStaleness = Preferences::GetUint(PREF_MAX_STALENESS_IN_SECONDS,
+                                         uint32_t(0));
+  } else if (strcmp(aPref, PREF_ONECRL_VIA_AMO) == 0) {
+    sUseAMO = Preferences::GetBool(PREF_ONECRL_VIA_AMO, true);
+  }
+}
diff --git a/security/manager/ssl/CertBlocklist.h b/security/manager/ssl/CertBlocklist.h
new file mode 100644
index 000000000..60f675cd8
--- /dev/null
+++ b/security/manager/ssl/CertBlocklist.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef CertBlocklist_h
+#define CertBlocklist_h
+
+#include "mozilla/Mutex.h"
+#include "nsClassHashtable.h"
+#include "nsCOMPtr.h"
+#include "nsICertBlocklist.h"
+#include "nsIOutputStream.h"
+#include "nsTHashtable.h"
+#include "nsIX509CertDB.h"
+#include "pkix/Input.h"
+
+#define NS_CERT_BLOCKLIST_CID \
+{0x11aefd53, 0x2fbb, 0x4c92, {0xa0, 0xc1, 0x05, 0x32, 0x12, 0xae, 0x42, 0xd0} }
+
+enum CertBlocklistItemMechanism {
+  BlockByIssuerAndSerial,
+  BlockBySubjectAndPubKey
+};
+
+enum CertBlocklistItemState {
+  CertNewFromBlocklist,
+  CertOldFromLocalCache
+};
+
+class CertBlocklistItem
+{
+public:
+  CertBlocklistItem(const uint8_t*  DNData, size_t DNLength,
+                    const uint8_t* otherData, size_t otherLength,
+                    CertBlocklistItemMechanism itemMechanism);
+  CertBlocklistItem(const CertBlocklistItem& aItem);
+  ~CertBlocklistItem();
+  nsresult ToBase64(nsACString& b64IssuerOut, nsACString& b64SerialOut);
+  bool operator==(const CertBlocklistItem& aItem) const;
+  uint32_t Hash() const;
+  bool mIsCurrent;
+  CertBlocklistItemMechanism mItemMechanism;
+
+private:
+  size_t mDNLength;
+  uint8_t* mDNData;
+  size_t mOtherLength;
+  uint8_t* mOtherData;
+};
+
+typedef nsGenericHashKey<CertBlocklistItem> BlocklistItemKey;
+typedef nsTHashtable<BlocklistItemKey> BlocklistTable;
+typedef nsTHashtable<nsCStringHashKey> BlocklistStringSet;
+typedef nsClassHashtable<nsCStringHashKey, BlocklistStringSet> IssuerTable;
+
+class CertBlocklist : public nsICertBlocklist
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTBLOCKLIST
+  CertBlocklist();
+  nsresult Init();
+
+private:
+  BlocklistTable mBlocklist;
+  nsresult AddRevokedCertInternal(const nsACString& aEncodedDN,
+                                  const nsACString& aEncodedOther,
+                                  CertBlocklistItemMechanism aMechanism,
+                                  CertBlocklistItemState aItemState,
+                                  mozilla::MutexAutoLock& /*proofOfLock*/);
+  mozilla::Mutex mMutex;
+  bool mModified;
+  bool mBackingFileIsInitialized;
+  // call EnsureBackingFileInitialized before operations that read or
+  // modify CertBlocklist data
+  nsresult EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock);
+  nsCOMPtr<nsIFile> mBackingFile;
+
+protected:
+  static void PreferenceChanged(const char* aPref, void* aClosure);
+  static uint32_t sLastBlocklistUpdate;
+  static uint32_t sLastKintoUpdate;
+  static uint32_t sMaxStaleness;
+  static bool sUseAMO;
+  virtual ~CertBlocklist();
+};
+
+#endif // CertBlocklist_h
diff --git a/security/manager/ssl/ContentSignatureVerifier.cpp b/security/manager/ssl/ContentSignatureVerifier.cpp
new file mode 100644
index 000000000..bdeb3f264
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.cpp
@@ -0,0 +1,562 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "ContentSignatureVerifier.h"
+
+#include "BRNameMatchingPolicy.h"
+#include "SharedCertVerifier.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsContentUtils.h"
+#include "nsISupportsPriority.h"
+#include "nsIURI.h"
+#include "nsNSSComponent.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsStreamUtils.h"
+#include "nsWhitespaceTokenizer.h"
+#include "nsXPCOMStrings.h"
+#include "nssb64.h"
+#include "pkix/pkix.h"
+#include "pkix/pkixtypes.h"
+#include "secerr.h"
+
+NS_IMPL_ISUPPORTS(ContentSignatureVerifier,
+                  nsIContentSignatureVerifier,
+                  nsIInterfaceRequestor,
+                  nsIStreamListener)
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+static LazyLogModule gCSVerifierPRLog("ContentSignatureVerifier");
+#define CSVerifier_LOG(args) MOZ_LOG(gCSVerifierPRLog, LogLevel::Debug, args)
+
+// Content-Signature prefix
+const nsLiteralCString kPREFIX = NS_LITERAL_CSTRING("Content-Signature:\x00");
+
+ContentSignatureVerifier::~ContentSignatureVerifier()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::VerifyContentSignature(
+  const nsACString& aData, const nsACString& aCSHeader,
+  const nsACString& aCertChain, const nsACString& aName, bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+  nsresult rv = CreateContext(aData, aCSHeader, aCertChain, aName);
+  if (NS_FAILED(rv)) {
+    *_retval = false;
+    CSVerifier_LOG(("CSVerifier: Signature verification failed\n"));
+    if (rv == NS_ERROR_INVALID_SIGNATURE) {
+      return NS_OK;
+    }
+    return rv;
+  }
+
+  return End(_retval);
+}
+
+bool
+IsNewLine(char16_t c)
+{
+  return c == '\n' || c == '\r';
+}
+
+nsresult
+ReadChainIntoCertList(const nsACString& aCertChain, CERTCertList* aCertList,
+                      const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  bool inBlock = false;
+  bool certFound = false;
+
+  const nsCString header = NS_LITERAL_CSTRING("-----BEGIN CERTIFICATE-----");
+  const nsCString footer = NS_LITERAL_CSTRING("-----END CERTIFICATE-----");
+
+  nsCWhitespaceTokenizerTemplate<IsNewLine> tokenizer(aCertChain);
+
+  nsAutoCString blockData;
+  while (tokenizer.hasMoreTokens()) {
+    nsDependentCSubstring token = tokenizer.nextToken();
+    if (token.IsEmpty()) {
+      continue;
+    }
+    if (inBlock) {
+      if (token.Equals(footer)) {
+        inBlock = false;
+        certFound = true;
+        // base64 decode data, make certs, append to chain
+        ScopedAutoSECItem der;
+        if (!NSSBase64_DecodeBuffer(nullptr, &der, blockData.BeginReading(),
+                                    blockData.Length())) {
+          CSVerifier_LOG(("CSVerifier: decoding the signature failed\n"));
+          return NS_ERROR_FAILURE;
+        }
+        UniqueCERTCertificate tmpCert(
+          CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &der, nullptr, false,
+                                  true));
+        if (!tmpCert) {
+          return NS_ERROR_FAILURE;
+        }
+        // if adding tmpCert succeeds, tmpCert will now be owned by aCertList
+        SECStatus res = CERT_AddCertToListTail(aCertList, tmpCert.get());
+        if (res != SECSuccess) {
+          return MapSECStatus(res);
+        }
+        Unused << tmpCert.release();
+      } else {
+        blockData.Append(token);
+      }
+    } else if (token.Equals(header)) {
+      inBlock = true;
+      blockData = "";
+    }
+  }
+  if (inBlock || !certFound) {
+    // the PEM data did not end; bad data.
+    CSVerifier_LOG(("CSVerifier: supplied chain contains bad data\n"));
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult
+ContentSignatureVerifier::CreateContextInternal(const nsACString& aData,
+                                                const nsACString& aCertChain,
+                                                const nsACString& aName)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertList certCertList(CERT_NewCertList());
+  if (!certCertList) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  nsresult rv = ReadChainIntoCertList(aCertChain, certCertList.get(), locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  CERTCertListNode* node = CERT_LIST_HEAD(certCertList.get());
+  if (!node || CERT_LIST_END(node, certCertList.get()) || !node->cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  SECItem* certSecItem = &node->cert->derCert;
+
+  Input certDER;
+  mozilla::pkix::Result result =
+    certDER.Init(BitwiseCast<uint8_t*, unsigned char*>(certSecItem->data),
+                 certSecItem->len);
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+
+  // Check the signerCert chain is good
+  CSTrustDomain trustDomain(certCertList);
+  result = BuildCertChain(trustDomain, certDER, Now(),
+                          EndEntityOrCA::MustBeEndEntity,
+                          KeyUsage::noParticularKeyUsageRequired,
+                          KeyPurposeId::id_kp_codeSigning,
+                          CertPolicyId::anyPolicy,
+                          nullptr/*stapledOCSPResponse*/);
+  if (result != Success) {
+    // if there was a library error, return an appropriate error
+    if (IsFatalError(result)) {
+      return NS_ERROR_FAILURE;
+    }
+    // otherwise, assume the signature was invalid
+    CSVerifier_LOG(("CSVerifier: The supplied chain is bad\n"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  // Check the SAN
+  Input hostnameInput;
+
+  result = hostnameInput.Init(
+    BitwiseCast<const uint8_t*, const char*>(aName.BeginReading()),
+    aName.Length());
+  if (result != Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  BRNameMatchingPolicy nameMatchingPolicy(BRNameMatchingPolicy::Mode::Enforce);
+  result = CheckCertHostname(certDER, hostnameInput, nameMatchingPolicy);
+  if (result != Success) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  mKey.reset(CERT_ExtractPublicKey(node->cert));
+
+  // in case we were not able to extract a key
+  if (!mKey) {
+    CSVerifier_LOG(("CSVerifier: unable to extract a key\n"));
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  // Base 64 decode the signature
+  ScopedAutoSECItem rawSignatureItem;
+  if (!NSSBase64_DecodeBuffer(nullptr, &rawSignatureItem, mSignature.get(),
+                              mSignature.Length())) {
+    CSVerifier_LOG(("CSVerifier: decoding the signature failed\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // get signature object
+  ScopedAutoSECItem signatureItem;
+  // We have a raw ecdsa signature r||s so we have to DER-encode it first
+  // Note that we have to check rawSignatureItem->len % 2 here as
+  // DSAU_EncodeDerSigWithLen asserts this
+  if (rawSignatureItem.len == 0 || rawSignatureItem.len % 2 != 0) {
+    CSVerifier_LOG(("CSVerifier: signature length is bad\n"));
+    return NS_ERROR_FAILURE;
+  }
+  if (DSAU_EncodeDerSigWithLen(&signatureItem, &rawSignatureItem,
+                               rawSignatureItem.len) != SECSuccess) {
+    CSVerifier_LOG(("CSVerifier: encoding the signature failed\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // this is the only OID we support for now
+  SECOidTag oid = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE;
+
+  mCx = UniqueVFYContext(
+    VFY_CreateContext(mKey.get(), &signatureItem, oid, nullptr));
+  if (!mCx) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  if (VFY_Begin(mCx.get()) != SECSuccess) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  rv = UpdateInternal(kPREFIX, locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // add data if we got any
+  return UpdateInternal(aData, locker);
+}
+
+nsresult
+ContentSignatureVerifier::DownloadCertChain()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (mCertChainURL.IsEmpty()) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  nsCOMPtr<nsIURI> certChainURI;
+  nsresult rv = NS_NewURI(getter_AddRefs(certChainURI), mCertChainURL);
+  if (NS_FAILED(rv) || !certChainURI) {
+    return rv;
+  }
+
+  // If the address is not https, fail.
+  bool isHttps = false;
+  rv = certChainURI->SchemeIs("https", &isHttps);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!isHttps) {
+    return NS_ERROR_INVALID_SIGNATURE;
+  }
+
+  rv = NS_NewChannel(getter_AddRefs(mChannel), certChainURI,
+                     nsContentUtils::GetSystemPrincipal(),
+                     nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                     nsIContentPolicy::TYPE_OTHER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // we need this chain soon
+  nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(mChannel);
+  if (priorityChannel) {
+    priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
+  }
+
+  rv = mChannel->AsyncOpen2(this);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+// Create a context for content signature verification using CreateContext below.
+// This function doesn't require a cert chain to be passed, but instead aCSHeader
+// must contain an x5u value that is then used to download the cert chain.
+NS_IMETHODIMP
+ContentSignatureVerifier::CreateContextWithoutCertChain(
+  nsIContentSignatureReceiverCallback *aCallback, const nsACString& aCSHeader,
+  const nsACString& aName)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(aCallback);
+  if (mInitialised) {
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+  mInitialised = true;
+
+  // we get the raw content-signature header here, so first parse aCSHeader
+  nsresult rv = ParseContentSignatureHeader(aCSHeader);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mCallback = aCallback;
+  mName.Assign(aName);
+
+  // We must download the cert chain now.
+  // This is async and blocks createContextInternal calls.
+  return DownloadCertChain();
+}
+
+// Create a context for a content signature verification.
+// It sets signature, certificate chain and name that should be used to verify
+// the data. The data parameter is the first part of the data to verify (this
+// can be the empty string).
+NS_IMETHODIMP
+ContentSignatureVerifier::CreateContext(const nsACString& aData,
+                                        const nsACString& aCSHeader,
+                                        const nsACString& aCertChain,
+                                        const nsACString& aName)
+{
+  if (mInitialised) {
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+  mInitialised = true;
+  // The cert chain is given in aCertChain so we don't have to download anything.
+  mHasCertChain = true;
+
+  // we get the raw content-signature header here, so first parse aCSHeader
+  nsresult rv = ParseContentSignatureHeader(aCSHeader);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return CreateContextInternal(aData, aCertChain, aName);
+}
+
+nsresult
+ContentSignatureVerifier::UpdateInternal(
+  const nsACString& aData, const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!aData.IsEmpty()) {
+    if (VFY_Update(mCx.get(), (const unsigned char*)nsPromiseFlatCString(aData).get(),
+                   aData.Length()) != SECSuccess){
+      return NS_ERROR_INVALID_SIGNATURE;
+    }
+  }
+  return NS_OK;
+}
+
+/**
+ * Add data to the context that shold be verified.
+ */
+NS_IMETHODIMP
+ContentSignatureVerifier::Update(const nsACString& aData)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // If we didn't create the context yet, bail!
+  if (!mHasCertChain) {
+    MOZ_ASSERT_UNREACHABLE(
+      "Someone called ContentSignatureVerifier::Update before "
+      "downloading the cert chain.");
+    return NS_ERROR_FAILURE;
+  }
+
+  return UpdateInternal(aData, locker);
+}
+
+/**
+ * Finish signature verification and return the result in _retval.
+ */
+NS_IMETHODIMP
+ContentSignatureVerifier::End(bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+  MOZ_ASSERT(NS_IsMainThread());
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    CSVerifier_LOG(("CSVerifier: nss is already shutdown\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // If we didn't create the context yet, bail!
+  if (!mHasCertChain) {
+    MOZ_ASSERT_UNREACHABLE(
+      "Someone called ContentSignatureVerifier::End before "
+      "downloading the cert chain.");
+    return NS_ERROR_FAILURE;
+  }
+
+  *_retval = (VFY_End(mCx.get()) == SECSuccess);
+
+  return NS_OK;
+}
+
+nsresult
+ContentSignatureVerifier::ParseContentSignatureHeader(
+  const nsACString& aContentSignatureHeader)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  // We only support p384 ecdsa according to spec
+  NS_NAMED_LITERAL_CSTRING(signature_var, "p384ecdsa");
+  NS_NAMED_LITERAL_CSTRING(certChainURL_var, "x5u");
+
+  nsSecurityHeaderParser parser(aContentSignatureHeader.BeginReading());
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    CSVerifier_LOG(("CSVerifier: could not parse ContentSignature header\n"));
+    return NS_ERROR_FAILURE;
+  }
+  LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    CSVerifier_LOG(("CSVerifier: found directive %s\n", directive->mName.get()));
+    if (directive->mName.Length() == signature_var.Length() &&
+        directive->mName.EqualsIgnoreCase(signature_var.get(),
+                                          signature_var.Length())) {
+      if (!mSignature.IsEmpty()) {
+        CSVerifier_LOG(("CSVerifier: found two ContentSignatures\n"));
+        return NS_ERROR_INVALID_SIGNATURE;
+      }
+
+      CSVerifier_LOG(("CSVerifier: found a ContentSignature directive\n"));
+      mSignature = directive->mValue;
+    }
+    if (directive->mName.Length() == certChainURL_var.Length() &&
+        directive->mName.EqualsIgnoreCase(certChainURL_var.get(),
+                                          certChainURL_var.Length())) {
+      if (!mCertChainURL.IsEmpty()) {
+        CSVerifier_LOG(("CSVerifier: found two x5u values\n"));
+        return NS_ERROR_INVALID_SIGNATURE;
+      }
+
+      CSVerifier_LOG(("CSVerifier: found an x5u directive\n"));
+      mCertChainURL = directive->mValue;
+    }
+  }
+
+  // we have to ensure that we found a signature at this point
+  if (mSignature.IsEmpty()) {
+    CSVerifier_LOG(("CSVerifier: got a Content-Signature header but didn't find a signature.\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Bug 769521: We have to change b64 url to regular encoding as long as we
+  // don't have a b64 url decoder. This should change soon, but in the meantime
+  // we have to live with this.
+  mSignature.ReplaceChar('-', '+');
+  mSignature.ReplaceChar('_', '/');
+
+  return NS_OK;
+}
+
+/* nsIStreamListener implementation */
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnStartRequest(nsIRequest* aRequest,
+                                         nsISupports* aContext)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnStopRequest(nsIRequest* aRequest,
+                                        nsISupports* aContext, nsresult aStatus)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCOMPtr<nsIContentSignatureReceiverCallback> callback;
+  callback.swap(mCallback);
+  nsresult rv;
+
+  // Check HTTP status code and return if it's not 200.
+  nsCOMPtr<nsIHttpChannel> http = do_QueryInterface(aRequest, &rv);
+  uint32_t httpResponseCode;
+  if (NS_FAILED(rv) || NS_FAILED(http->GetResponseStatus(&httpResponseCode)) ||
+      httpResponseCode != 200) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  if (NS_FAILED(aStatus)) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  nsAutoCString certChain;
+  for (uint32_t i = 0; i < mCertChain.Length(); ++i) {
+    certChain.Append(mCertChain[i]);
+  }
+
+  // We got the cert chain now. Let's create the context.
+  rv = CreateContextInternal(NS_LITERAL_CSTRING(""), certChain, mName);
+  if (NS_FAILED(rv)) {
+    callback->ContextCreated(false);
+    return NS_OK;
+  }
+
+  mHasCertChain = true;
+  callback->ContextCreated(true);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::OnDataAvailable(nsIRequest* aRequest,
+                                          nsISupports* aContext,
+                                          nsIInputStream* aInputStream,
+                                          uint64_t aOffset, uint32_t aCount)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsAutoCString buffer;
+
+  nsresult rv = NS_ConsumeStream(aInputStream, aCount, buffer);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!mCertChain.AppendElement(buffer, fallible)) {
+    mCertChain.TruncateLength(0);
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+ContentSignatureVerifier::GetInterface(const nsIID& uuid, void** result)
+{
+  return QueryInterface(uuid, result);
+}
diff --git a/security/manager/ssl/ContentSignatureVerifier.h b/security/manager/ssl/ContentSignatureVerifier.h
new file mode 100644
index 000000000..c3b8d762d
--- /dev/null
+++ b/security/manager/ssl/ContentSignatureVerifier.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#ifndef ContentSignatureVerifier_h
+#define ContentSignatureVerifier_h
+
+#include "cert.h"
+#include "CSTrustDomain.h"
+#include "nsIContentSignatureVerifier.h"
+#include "nsIStreamListener.h"
+#include "nsNSSShutDown.h"
+#include "ScopedNSSTypes.h"
+
+// 45a5fe2f-c350-4b86-962d-02d5aaaa955a
+#define NS_CONTENTSIGNATUREVERIFIER_CID \
+  { 0x45a5fe2f, 0xc350, 0x4b86, \
+    { 0x96, 0x2d, 0x02, 0xd5, 0xaa, 0xaa, 0x95, 0x5a } }
+#define NS_CONTENTSIGNATUREVERIFIER_CONTRACTID \
+    "@mozilla.org/security/contentsignatureverifier;1"
+
+class ContentSignatureVerifier final : public nsIContentSignatureVerifier
+                                     , public nsIStreamListener
+                                     , public nsNSSShutDownObject
+                                     , public nsIInterfaceRequestor
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICONTENTSIGNATUREVERIFIER
+  NS_DECL_NSIINTERFACEREQUESTOR
+  NS_DECL_NSISTREAMLISTENER
+  NS_DECL_NSIREQUESTOBSERVER
+
+  ContentSignatureVerifier()
+    : mCx(nullptr)
+    , mInitialised(false)
+    , mHasCertChain(false)
+  {
+  }
+
+  // nsNSSShutDownObject
+  virtual void virtualDestroyNSSReference() override
+  {
+    destructorSafeDestroyNSSReference();
+  }
+
+private:
+  ~ContentSignatureVerifier();
+
+  nsresult UpdateInternal(const nsACString& aData,
+                          const nsNSSShutDownPreventionLock& /*proofOfLock*/);
+  nsresult DownloadCertChain();
+  nsresult CreateContextInternal(const nsACString& aData,
+                                 const nsACString& aCertChain,
+                                 const nsACString& aName);
+
+  void destructorSafeDestroyNSSReference()
+  {
+    mCx = nullptr;
+    mKey = nullptr;
+  }
+
+  nsresult ParseContentSignatureHeader(const nsACString& aContentSignatureHeader);
+
+  // verifier context for incremental verifications
+  mozilla::UniqueVFYContext mCx;
+  bool mInitialised;
+  // Indicates whether we hold a cert chain to verify the signature or not.
+  // It's set by default in CreateContext or when the channel created in
+  // DownloadCertChain finished. Update and End must only be called after
+  // mHashCertChain is set.
+  bool mHasCertChain;
+  // signature to verify
+  nsCString mSignature;
+  // x5u (X.509 URL) value pointing to pem cert chain
+  nsCString mCertChainURL;
+  // the downloaded cert chain to verify against
+  FallibleTArray<nsCString> mCertChain;
+  // verification key
+  mozilla::UniqueSECKEYPublicKey mKey;
+  // name of the verifying context
+  nsCString mName;
+  // callback to notify when finished
+  nsCOMPtr<nsIContentSignatureReceiverCallback> mCallback;
+  // channel to download the cert chain
+  nsCOMPtr<nsIChannel> mChannel;
+};
+
+#endif // ContentSignatureVerifier_h
diff --git a/security/manager/ssl/CryptoTask.cpp b/security/manager/ssl/CryptoTask.cpp
new file mode 100644
index 000000000..71b8ac88d
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.cpp
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CryptoTask.h"
+#include "nsNSSComponent.h"
+
+namespace mozilla {
+
+CryptoTask::~CryptoTask()
+{
+  MOZ_ASSERT(mReleasedNSSResources);
+
+  nsNSSShutDownPreventionLock lock;
+  if (!isAlreadyShutDown()) {
+    shutdown(ShutdownCalledFrom::Object);
+  }
+}
+
+nsresult
+CryptoTask::Dispatch(const nsACString& taskThreadName)
+{
+  MOZ_ASSERT(taskThreadName.Length() <= 15);
+
+  // Ensure that NSS is initialized, since presumably CalculateResult
+  // will use NSS functions
+  if (!EnsureNSSInitializedChromeOrContent()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Can't add 'this' as the event to run, since mThread may not be set yet
+  nsresult rv = NS_NewThread(getter_AddRefs(mThread), nullptr,
+                             nsIThreadManager::DEFAULT_STACK_SIZE);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  NS_SetThreadName(mThread, taskThreadName);
+  // Note: event must not null out mThread!
+  return mThread->Dispatch(this, NS_DISPATCH_NORMAL);
+}
+
+NS_IMETHODIMP
+CryptoTask::Run()
+{
+  if (!NS_IsMainThread()) {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      mRv = NS_ERROR_NOT_AVAILABLE;
+    } else {
+      mRv = CalculateResult();
+    }
+    NS_DispatchToMainThread(this);
+  } else {
+    // back on the main thread
+
+    // call ReleaseNSSResources now, before calling CallCallback, so that
+    // CryptoTasks have consistent behavior regardless of whether NSS is shut
+    // down between CalculateResult being called and CallCallback being called.
+    if (!mReleasedNSSResources) {
+      mReleasedNSSResources = true;
+      ReleaseNSSResources();
+    }
+
+    CallCallback(mRv);
+
+    // Not all uses of CryptoTask use a transient thread
+    if (mThread) {
+      // Don't leak threads!
+      mThread->Shutdown(); // can't Shutdown from the thread itself, darn
+      // Don't null out mThread!
+      // See bug 999104.  We must hold a ref to the thread across Dispatch()
+      // since the internal mThread ref could be released while processing
+      // the Dispatch(), and Dispatch/PutEvent itself doesn't hold a ref; it
+      // assumes the caller does.
+    }
+  }
+
+  return NS_OK;
+}
+
+void
+CryptoTask::virtualDestroyNSSReference()
+{
+  MOZ_ASSERT(NS_IsMainThread(),
+             "virtualDestroyNSSReference called off the main thread");
+  if (!mReleasedNSSResources) {
+    mReleasedNSSResources = true;
+    ReleaseNSSResources();
+  }
+}
+
+} // namespace mozilla
diff --git a/security/manager/ssl/CryptoTask.h b/security/manager/ssl/CryptoTask.h
new file mode 100644
index 000000000..ae107fe30
--- /dev/null
+++ b/security/manager/ssl/CryptoTask.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla__CryptoTask_h
+#define mozilla__CryptoTask_h
+
+#include "mozilla/Attributes.h"
+#include "nsThreadUtils.h"
+#include "nsNSSShutDown.h"
+
+namespace mozilla {
+
+/**
+ * Frequently we need to run a task on a background thread without blocking
+ * the main thread, and then call a callback on the main thread with the
+ * result. This class provides the framework for that. Subclasses must:
+ *
+ *   (1) Override CalculateResult for the off-the-main-thread computation.
+ *       NSS functionality may only be accessed within CalculateResult.
+ *   (2) Override ReleaseNSSResources to release references to all NSS
+ *       resources (that do implement nsNSSShutDownObject themselves).
+ *   (3) Override CallCallback() for the on-the-main-thread call of the
+ *       callback.
+ *
+ * CalculateResult, ReleaseNSSResources, and CallCallback are called in order,
+ * except CalculateResult might be skipped if NSS is shut down before it can
+ * be called; in that case ReleaseNSSResources will be called and then
+ * CallCallback will be called with an error code.
+ *
+ * That sequence of events is what happens if you call Dispatch.  If for
+ * some reason, you decide not to run the task (e.g., due to an error in the
+ * constructor), you may call Skip, in which case the task is cleaned up and
+ * not run.  In that case, only ReleaseNSSResources is called.  (So a
+ * subclass must be prepared for ReleaseNSSResources to be run without
+ * CalculateResult having been called first.)
+ *
+ * Once a CryptoTask is created, the calling code must call either
+ * Dispatch or Skip.
+ *
+ */
+class CryptoTask : public Runnable,
+                   public nsNSSShutDownObject
+{
+public:
+  template <size_t LEN>
+  nsresult Dispatch(const char (&taskThreadName)[LEN])
+  {
+    static_assert(LEN <= 15,
+                  "Thread name must be no more than 15 characters");
+    return Dispatch(nsDependentCString(taskThreadName, LEN - 1));
+  }
+
+  nsresult Dispatch(const nsACString& taskThreadName);
+
+  void Skip()
+  {
+    virtualDestroyNSSReference();
+  }
+
+protected:
+  CryptoTask()
+    : mRv(NS_ERROR_NOT_INITIALIZED),
+      mReleasedNSSResources(false)
+  {
+  }
+
+  virtual ~CryptoTask();
+
+  /**
+   * Called on a background thread (never the main thread). If CalculateResult
+   * is called, then its result will be passed to CallCallback on the main
+   * thread.
+   */
+  virtual nsresult CalculateResult() = 0;
+
+  /**
+   * Called on the main thread during NSS shutdown or just before CallCallback
+   * has been called. All NSS resources must be released. Usually, this just
+   * means assigning nullptr to the ScopedNSSType-based memory variables.
+   */
+  virtual void ReleaseNSSResources() = 0;
+
+  /**
+   * Called on the main thread with the result from CalculateResult() or
+   * with an error code if NSS was shut down before CalculateResult could
+   * be called.
+   */
+  virtual void CallCallback(nsresult rv) = 0;
+
+private:
+  NS_IMETHOD Run() override final;
+  virtual void virtualDestroyNSSReference() override final;
+
+  nsresult mRv;
+  bool mReleasedNSSResources;
+
+  nsCOMPtr<nsIThread> mThread;
+};
+
+} // namespace mozilla
+
+#endif // mozilla__CryptoTask_h
diff --git a/security/manager/ssl/DER.jsm b/security/manager/ssl/DER.jsm
new file mode 100644
index 000000000..97669515a
--- /dev/null
+++ b/security/manager/ssl/DER.jsm
@@ -0,0 +1,304 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// A minimal ASN.1 DER decoder. Supports input lengths up to 65539 (one byte for
+// the outer tag, one byte for the 0x82 length-length indicator, two bytes
+// indicating a contents length of 65535, and then the 65535 bytes of contents).
+// Intended to be used like so:
+//
+// let bytes = <an array of bytes describing a SEQUENCE OF INTEGER>;
+// let der = new DER.DER(bytes);
+// let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+// while (!contents.atEnd()) {
+//   let integerBytes = contents.readTagAndGetContents(DER.INTEGER);
+//   <... do something with integerBytes ...>
+// }
+// der.assertAtEnd();
+//
+// For CHOICE, use readTLVChoice and pass an array of acceptable tags.
+// The convenience function readBIT_STRING is provided to handle the unused bits
+// aspect of BIT STRING. It returns an object that has the properties contents
+// (an array of bytes consisting of the bytes making up the BIT STRING) and
+// unusedBits (indicating the number of unused bits at the end).
+// All other functions generally return an array of bytes or a single byte as
+// appropriate.
+// peekTag can be used to see if the next tag is an expected given tag.
+// readTLV reads and returns an entire (tag, length, value) tuple (again
+// returned as an array of bytes).
+
+const UNIVERSAL = 0 << 6;
+const CONSTRUCTED = 1 << 5;
+const CONTEXT_SPECIFIC = 2 << 6;
+
+const INTEGER = UNIVERSAL | 0x02; // 0x02
+const BIT_STRING = UNIVERSAL | 0x03; // 0x03
+const NULL = UNIVERSAL | 0x05; // 0x05
+const OBJECT_IDENTIFIER = UNIVERSAL | 0x06; // 0x06
+const PrintableString = UNIVERSAL | 0x13; // 0x13
+const TeletexString = UNIVERSAL | 0x14; // 0x14
+const IA5String = UNIVERSAL | 0x16; // 0x16
+const UTCTime = UNIVERSAL | 0x17; // 0x17
+const GeneralizedTime = UNIVERSAL | 0x18; // 0x18
+const UTF8String = UNIVERSAL | 0x0c; // 0x0c
+const SEQUENCE = UNIVERSAL | CONSTRUCTED | 0x10; // 0x30
+const SET = UNIVERSAL | CONSTRUCTED | 0x11; // 0x31
+
+const ERROR_INVALID_INPUT = "invalid input";
+const ERROR_DATA_TRUNCATED = "data truncated";
+const ERROR_EXTRA_DATA = "extra data";
+const ERROR_INVALID_LENGTH = "invalid length";
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_UNSUPPORTED_LENGTH = "unsupported length";
+const ERROR_INVALID_BIT_STRING = "invalid BIT STRING encoding";
+
+/** Class representing a decoded BIT STRING. */
+class BitString {
+  /**
+   * @param {Number} unusedBits the number of unused bits
+   * @param {Number[]} contents an array of bytes comprising the BIT STRING
+   */
+  constructor(unusedBits, contents) {
+    this._unusedBits = unusedBits;
+    this._contents = contents;
+  }
+
+  /**
+   * Get the number of unused bits in the BIT STRING
+   * @return {Number} the number of unused bits
+   */
+  get unusedBits() {
+    return this._unusedBits;
+  }
+
+  /**
+   * Get the contents of the BIT STRING
+   * @return {Number[]} an array of bytes representing the contents
+   */
+  get contents() {
+    return this._contents;
+  }
+}
+
+/** Class representing DER-encoded data. Provides methods for decoding it. */
+class DER {
+  /**
+   * @param {Number[]} bytes an array of bytes representing the encoded data
+   */
+  constructor(bytes) {
+    // Reject non-array inputs.
+    if (!Array.isArray(bytes)) {
+      throw new Error(ERROR_INVALID_INPUT);
+    }
+    if (bytes.length > 65539) {
+      throw new Error(ERROR_UNSUPPORTED_LENGTH);
+    }
+    // Reject inputs containing non-integer values or values too small or large.
+    if (bytes.some(b => !Number.isInteger(b) || b < 0 || b > 255)) {
+      throw new Error(ERROR_INVALID_INPUT);
+    }
+    this._bytes = bytes;
+    this._cursor = 0;
+  }
+
+  /**
+   * Asserts that the decoder is at the end of the given data. Throws an error
+   * if this is not the case.
+   */
+  assertAtEnd() {
+    if (!this.atEnd()) {
+      throw new Error(ERROR_EXTRA_DATA);
+    }
+  }
+
+  /**
+   * Determines whether or not the decoder is at the end of the given data.
+   * @return {Boolean} true if the decoder is at the end and false otherwise
+   */
+  atEnd() {
+    return this._cursor == this._bytes.length;
+  }
+
+  /**
+   * Reads the next byte of data. Throws if no more data is available.
+   * @return {Number} the next byte of data
+   */
+  readByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    let val = this._bytes[this._cursor];
+    this._cursor++;
+    return val;
+  }
+
+  /**
+   * Given the next expected tag, reads and asserts that the next tag is in fact
+   * the given tag.
+   * @param {Number} expectedTag the expected next tag
+   */
+  _readExpectedTag(expectedTag) {
+    let tag = this.readByte();
+    if (tag != expectedTag) {
+      throw new Error(`unexpected tag: found ${tag} instead of ${expectedTag}`);
+    }
+  }
+
+  /**
+   * Decodes and returns the length portion of an ASN.1 TLV tuple. Throws if the
+   * length is incorrectly encoded or if it describes a length greater than
+   * 65535 bytes. Indefinite-length encoding is not supported.
+   * @return {Number} the length of the value of the TLV tuple
+   */
+  _readLength() {
+    let nextByte = this.readByte();
+    if (nextByte < 0x80) {
+      return nextByte;
+    }
+    if (nextByte == 0x80) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    if (nextByte == 0x81) {
+      let length = this.readByte();
+      if (length < 0x80) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    if (nextByte == 0x82) {
+      let length1 = this.readByte();
+      let length2 = this.readByte();
+      let length = (length1 << 8) | length2;
+      if (length < 256) {
+        throw new Error(ERROR_INVALID_LENGTH);
+      }
+      return length;
+    }
+    throw new Error(ERROR_UNSUPPORTED_LENGTH);
+  }
+
+  /**
+   * Reads <length> bytes of data if available. Throws if less than <length>
+   * bytes are available.
+   * @param {Number} length the number of bytes to read. Must be non-negative.
+   * @return {Number[]} the next <length> bytes of data
+   */
+  readBytes(length) {
+    if (length < 0) {
+      throw new Error(ERROR_INVALID_LENGTH);
+    }
+    let bytes = [];
+    for (let i = 0; i < length; i++) {
+      bytes.push(this.readByte());
+    }
+    return bytes;
+  }
+
+  /**
+   * Given an expected next ASN.1 tag, ensures that that tag is next and returns
+   * the contents of that tag. Throws if a different tag is encountered or if
+   * the data is otherwise incorrectly encoded.
+   * @param {Number} tag the next expected ASN.1 tag
+   * @return {Number[]} the contents of the tag
+   */
+  readTagAndGetContents(tag) {
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    return this.readBytes(length);
+  }
+
+  /**
+   * Returns the next byte without advancing the decoder. Throws if no more data
+   * is available.
+   * @return {Number} the next available byte
+   */
+  _peekByte() {
+    if (this._cursor >= this._bytes.length) {
+      throw new Error(ERROR_DATA_TRUNCATED);
+    }
+    return this._bytes[this._cursor];
+  }
+
+  /**
+   * Given an expected tag, reads the next entire ASN.1 TLV tuple, asserting
+   * that the tag matches.
+   * @param {Number} tag the expected tag
+   * @return {Number[]} an array of bytes representing the TLV tuple
+   */
+  _readExpectedTLV(tag) {
+    let mark = this._cursor;
+    this._readExpectedTag(tag);
+    let length = this._readLength();
+    // read the bytes so we know they're there (also to advance the cursor)
+    this.readBytes(length);
+    return this._bytes.slice(mark, this._cursor);
+  }
+
+  /**
+   * Reads the next ASN.1 tag, length, and value and returns them as an array of
+   * bytes.
+   * @return {Number[]} an array of bytes representing the next ASN.1 TLV
+   */
+  readTLV() {
+    let nextTag = this._peekByte();
+    return this._readExpectedTLV(nextTag);
+  }
+
+  /**
+   * Convenience function for decoding a BIT STRING. Reads and returns the
+   * contents of the expected next BIT STRING. Throws if the next TLV isn't a
+   * BIT STRING or if the BIT STRING is incorrectly encoded.
+   * @return {BitString} the next BIT STRING
+   */
+  readBIT_STRING() {
+    let contents = this.readTagAndGetContents(BIT_STRING);
+    if (contents.length < 1) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    let unusedBits = contents[0];
+    if (unusedBits > 7) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    // Zero bytes of content but some amount of padding is invalid.
+    if (contents.length == 1 && unusedBits != 0) {
+      throw new Error(ERROR_INVALID_BIT_STRING);
+    }
+    return new BitString(unusedBits, contents.slice(1, contents.length));
+  }
+
+  /**
+   * Looks to see if the next ASN.1 tag is the expected given tag.
+   * @param {Number} tag the expected next ASN.1 tag
+   * @return {Boolean} true if the next tag is the given one and false otherwise
+   */
+  peekTag(tag) {
+    if (this._cursor >= this._bytes.length) {
+      return false;
+    }
+    return this._bytes[this._cursor] == tag;
+  }
+
+  /**
+   * Given a list of possible next ASN.1 tags, returns the next TLV if the next
+   * tag is in the list. Throws if the next tag is not in the list or if the
+   * data is incorrectly encoded.
+   * @param {Number[]} tagList the list of potential next tags
+   * @return {Number[]} the contents of the next TLV if the next tag is in
+   *                    <tagList>
+   */
+  readTLVChoice(tagList) {
+    let tag = this._peekByte();
+    if (!tagList.includes(tag)) {
+      throw new Error(
+        `unexpected tag: found ${tag} instead of one of ${tagList}`);
+    }
+    return this._readExpectedTLV(tag);
+  }
+}
+
+this.DER = { UNIVERSAL, CONSTRUCTED, CONTEXT_SPECIFIC, INTEGER, BIT_STRING,
+             NULL, OBJECT_IDENTIFIER, PrintableString, TeletexString, IA5String,
+             UTCTime, GeneralizedTime, UTF8String, SEQUENCE, SET, DER };
+this.EXPORTED_SYMBOLS = ["DER"];
diff --git a/security/manager/ssl/DataStorage.cpp b/security/manager/ssl/DataStorage.cpp
new file mode 100644
index 000000000..2d9dbf5c4
--- /dev/null
+++ b/security/manager/ssl/DataStorage.cpp
@@ -0,0 +1,940 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "DataStorage.h"
+
+#include "mozilla/ClearOnShutdown.h"
+#include "mozilla/dom/PContent.h"
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/dom/ContentParent.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Services.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsIObserverService.h"
+#include "nsITimer.h"
+#include "nsNetUtil.h"
+#include "nsStreamUtils.h"
+#include "nsThreadUtils.h"
+#include "prprf.h"
+
+// NB: Read DataStorage.h first.
+
+// The default time between data changing and a write, in milliseconds.
+static const uint32_t sDataStorageDefaultTimerDelay = 5u * 60u * 1000u;
+// The maximum score an entry can have (prevents overflow)
+static const uint32_t sMaxScore = UINT32_MAX;
+// The maximum number of entries per type of data (limits resource use)
+static const uint32_t sMaxDataEntries = 1024;
+static const int64_t sOneDayInMicroseconds = int64_t(24 * 60 * 60) *
+                                             PR_USEC_PER_SEC;
+
+namespace mozilla {
+
+NS_IMPL_ISUPPORTS(DataStorage,
+                  nsIObserver)
+
+StaticAutoPtr<DataStorage::DataStorages> DataStorage::sDataStorages;
+
+DataStorage::DataStorage(const nsString& aFilename)
+  : mMutex("DataStorage::mMutex")
+  , mPendingWrite(false)
+  , mShuttingDown(false)
+  , mInitCalled(false)
+  , mReadyMonitor("DataStorage::mReadyMonitor")
+  , mReady(false)
+  , mFilename(aFilename)
+{
+}
+
+DataStorage::~DataStorage()
+{
+}
+
+// static
+already_AddRefed<DataStorage>
+DataStorage::Get(const nsString& aFilename)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!sDataStorages) {
+    sDataStorages = new DataStorages();
+    ClearOnShutdown(&sDataStorages);
+  }
+  RefPtr<DataStorage> storage;
+  if (!sDataStorages->Get(aFilename, getter_AddRefs(storage))) {
+    storage = new DataStorage(aFilename);
+    sDataStorages->Put(aFilename, storage);
+  }
+  return storage.forget();
+}
+
+// static
+already_AddRefed<DataStorage>
+DataStorage::GetIfExists(const nsString& aFilename)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!sDataStorages) {
+    sDataStorages = new DataStorages();
+  }
+  RefPtr<DataStorage> storage;
+  sDataStorages->Get(aFilename, getter_AddRefs(storage));
+  return storage.forget();
+}
+
+nsresult
+DataStorage::Init(bool& aDataWillPersist)
+{
+  // Don't access the observer service or preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::Init called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  // Ignore attempts to initialize several times.
+  if (mInitCalled) {
+    return NS_OK;
+  }
+
+  mInitCalled = true;
+
+  nsresult rv;
+  if (XRE_IsParentProcess()) {
+    rv = NS_NewNamedThread("DataStorage", getter_AddRefs(mWorkerThread));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    rv = AsyncReadData(aDataWillPersist, lock);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    // In the child process, we ask the parent process for the data.
+    MOZ_ASSERT(XRE_IsContentProcess());
+    aDataWillPersist = false;
+    InfallibleTArray<DataStorageItem> items;
+    dom::ContentChild::GetSingleton()->
+        SendReadDataStorageArray(mFilename, &items);
+    for (auto& item : items) {
+      Entry entry;
+      entry.mValue = item.value();
+      rv = PutInternal(item.key(), entry, item.type(), lock);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+    mReady = true;
+    NotifyObservers("data-storage-ready");
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (NS_WARN_IF(!os)) {
+    return NS_ERROR_FAILURE;
+  }
+  // Clear private data as appropriate.
+  os->AddObserver(this, "last-pb-context-exited", false);
+  // Observe shutdown; save data and prevent any further writes.
+  // In the parent process, we need to write to the profile directory, so
+  // we should listen for profile-before-change so that we can safely
+  // write to the profile.  In the content process however we don't have
+  // access to the profile directory and profile notifications are not
+  // dispatched, so we need to clean up on xpcom-shutdown.
+  if (XRE_IsParentProcess()) {
+    os->AddObserver(this, "profile-before-change", false);
+  }
+  // In the Parent process, this is a backstop for xpcshell and other cases
+  // where profile-before-change might not get sent.
+  os->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false);
+
+  // For test purposes, we can set the write timer to be very fast.
+  mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms",
+                                    sDataStorageDefaultTimerDelay);
+  rv = Preferences::AddStrongObserver(this, "test.datastorage.write_timer_ms");
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+class DataStorage::Reader : public Runnable
+{
+public:
+  explicit Reader(DataStorage* aDataStorage)
+    : mDataStorage(aDataStorage)
+  {
+  }
+  ~Reader();
+
+private:
+  NS_DECL_NSIRUNNABLE
+
+  static nsresult ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut,
+                            Entry& aEntryOut);
+
+  RefPtr<DataStorage> mDataStorage;
+};
+
+DataStorage::Reader::~Reader()
+{
+  // Notify that calls to Get can proceed.
+  {
+    MonitorAutoLock readyLock(mDataStorage->mReadyMonitor);
+    mDataStorage->mReady = true;
+    nsresult rv = mDataStorage->mReadyMonitor.NotifyAll();
+    Unused << NS_WARN_IF(NS_FAILED(rv));
+  }
+
+  // This is for tests.
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod<const char*>(mDataStorage,
+                                   &DataStorage::NotifyObservers,
+                                   "data-storage-ready");
+  nsresult rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+}
+
+NS_IMETHODIMP
+DataStorage::Reader::Run()
+{
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), file);
+  // If we failed for some reason other than the file doesn't exist, bail.
+  if (NS_WARN_IF(NS_FAILED(rv) &&
+                 rv != NS_ERROR_FILE_TARGET_DOES_NOT_EXIST &&  // on Unix
+                 rv != NS_ERROR_FILE_NOT_FOUND)) {             // on Windows
+    return rv;
+  }
+
+  // If there is a file with data in it, read it. If there isn't,
+  // we'll essentially fall through to notifying that we're good to go.
+  nsCString data;
+  if (fileInputStream) {
+    // Limit to 2MB of data, but only store sMaxDataEntries entries.
+    rv = NS_ConsumeStream(fileInputStream, 1u << 21, data);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  // Atomically parse the data and insert the entries read.
+  // Don't clear existing entries - they may have been inserted between when
+  // this read was kicked-off and when it was run.
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // The backing file consists of a list of
+    //   <key>\t<score>\t<last accessed time>\t<value>\n
+    // The final \n is not optional; if it is not present the line is assumed
+    // to be corrupt.
+    int32_t currentIndex = 0;
+    int32_t newlineIndex = 0;
+    do {
+      newlineIndex = data.FindChar('\n', currentIndex);
+      // If there are no more newlines or the data table has too many
+      // entries, we are done.
+      if (newlineIndex < 0 ||
+          mDataStorage->mPersistentDataTable.Count() >= sMaxDataEntries) {
+        break;
+      }
+
+      nsDependentCSubstring line(data, currentIndex,
+                                 newlineIndex - currentIndex);
+      currentIndex = newlineIndex + 1;
+      nsCString key;
+      Entry entry;
+      nsresult parseRV = ParseLine(line, key, entry);
+      if (NS_SUCCEEDED(parseRV)) {
+        // It could be the case that a newer entry was added before
+        // we got around to reading the file. Don't overwrite new entries.
+        Entry newerEntry;
+        bool present = mDataStorage->mPersistentDataTable.Get(key, &newerEntry);
+        if (!present) {
+          mDataStorage->mPersistentDataTable.Put(key, entry);
+        }
+      }
+    } while (true);
+
+    Telemetry::Accumulate(Telemetry::DATA_STORAGE_ENTRIES,
+                          mDataStorage->mPersistentDataTable.Count());
+  }
+
+  return NS_OK;
+}
+
+// The key must be a non-empty string containing no instances of '\t' or '\n',
+// and must have a length no more than 256.
+// The value must not contain '\n' and must have a length no more than 1024.
+// The length limits are to prevent unbounded memory and disk usage.
+/* static */
+nsresult
+DataStorage::ValidateKeyAndValue(const nsCString& aKey, const nsCString& aValue)
+{
+  if (aKey.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aKey.Length() > 256) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  int32_t delimiterIndex = aKey.FindChar('\t', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aKey.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  delimiterIndex = aValue.FindChar('\n', 0);
+  if (delimiterIndex >= 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (aValue.Length() > 1024) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  return NS_OK;
+}
+
+// Each line is: <key>\t<score>\t<last accessed time>\t<value>
+// Where <score> is a uint32_t as a string, <last accessed time> is a
+// int32_t as a string, and the rest are strings.
+// <value> can contain anything but a newline.
+// Returns a successful status if the line can be decoded into a key and entry.
+// Otherwise, an error status is returned and the values assigned to the
+// output parameters are in an undefined state.
+/* static */
+nsresult
+DataStorage::Reader::ParseLine(nsDependentCSubstring& aLine, nsCString& aKeyOut,
+                               Entry& aEntryOut)
+{
+  // First find the indices to each part of the line.
+  int32_t scoreIndex;
+  scoreIndex = aLine.FindChar('\t', 0) + 1;
+  if (scoreIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t accessedIndex = aLine.FindChar('\t', scoreIndex) + 1;
+  if (accessedIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  int32_t valueIndex = aLine.FindChar('\t', accessedIndex) + 1;
+  if (valueIndex <= 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now make substrings based on where each part is.
+  nsDependentCSubstring keyPart(aLine, 0, scoreIndex - 1);
+  nsDependentCSubstring scorePart(aLine, scoreIndex,
+                                  accessedIndex - scoreIndex - 1);
+  nsDependentCSubstring accessedPart(aLine, accessedIndex,
+                                     valueIndex - accessedIndex - 1);
+  nsDependentCSubstring valuePart(aLine, valueIndex);
+
+  nsresult rv;
+  rv = DataStorage::ValidateKeyAndValue(nsCString(keyPart),
+                                        nsCString(valuePart));
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Now attempt to decode the score part as a uint32_t.
+  // XXX nsDependentCSubstring doesn't support ToInteger
+  int32_t integer = nsCString(scorePart).ToInteger(&rv);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mScore = (uint32_t)integer;
+
+  integer = nsCString(accessedPart).ToInteger(&rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (integer < 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  aEntryOut.mLastAccessed = integer;
+
+  // Now set the key and value.
+  aKeyOut.Assign(keyPart);
+  aEntryOut.mValue.Assign(valuePart);
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::AsyncReadData(bool& aHaveProfileDir,
+                           const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+  aHaveProfileDir = false;
+  // Allocate a Reader so that even if it isn't dispatched,
+  // the data-storage-ready notification will be fired and Get
+  // will be able to proceed (this happens in its destructor).
+  RefPtr<Reader> job(new Reader(this));
+  nsresult rv;
+  // If we don't have a profile directory, this will fail.
+  // That's okay - it just means there is no persistent state.
+  rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                              getter_AddRefs(mBackingFile));
+  if (NS_FAILED(rv)) {
+    mBackingFile = nullptr;
+    return NS_OK;
+  }
+
+  rv = mBackingFile->Append(mFilename);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  aHaveProfileDir = true;
+  return NS_OK;
+}
+
+void
+DataStorage::WaitForReady()
+{
+  MonitorAutoLock readyLock(mReadyMonitor);
+  while (!mReady) {
+    nsresult rv = readyLock.Wait();
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      break;
+    }
+  }
+  MOZ_ASSERT(mReady);
+}
+
+nsCString
+DataStorage::Get(const nsCString& aKey, DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  Entry entry;
+  bool foundValue = GetInternal(aKey, &entry, aType, lock);
+  if (!foundValue) {
+    return EmptyCString();
+  }
+
+  // If we're here, we found a value. Maybe update its score.
+  if (entry.UpdateScore()) {
+    PutInternal(aKey, entry, aType, lock);
+  }
+
+  return entry.mValue;
+}
+
+bool
+DataStorage::GetInternal(const nsCString& aKey, Entry* aEntry,
+                         DataStorageType aType,
+                         const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  bool foundValue = table.Get(aKey, aEntry);
+  return foundValue;
+}
+
+DataStorage::DataStorageTable&
+DataStorage::GetTableForType(DataStorageType aType,
+                             const MutexAutoLock& /*aProofOfLock*/)
+{
+  switch (aType) {
+    case DataStorage_Persistent:
+      return mPersistentDataTable;
+    case DataStorage_Temporary:
+      return mTemporaryDataTable;
+    case DataStorage_Private:
+      return mPrivateDataTable;
+  }
+
+  MOZ_CRASH("given bad DataStorage storage type");
+}
+
+void
+DataStorage::ReadAllFromTable(DataStorageType aType,
+                              InfallibleTArray<dom::DataStorageItem>* aItems,
+                              const MutexAutoLock& aProofOfLock)
+{
+  for (auto iter = GetTableForType(aType, aProofOfLock).Iter();
+       !iter.Done(); iter.Next()) {
+    DataStorageItem* item = aItems->AppendElement();
+    item->key() = iter.Key();
+    item->value() = iter.Data().mValue;
+    item->type() = aType;
+  }
+}
+
+void
+DataStorage::GetAll(InfallibleTArray<dom::DataStorageItem>* aItems)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  aItems->SetCapacity(mPersistentDataTable.Count() +
+                      mTemporaryDataTable.Count() +
+                      mPrivateDataTable.Count());
+  ReadAllFromTable(DataStorage_Persistent, aItems, lock);
+  ReadAllFromTable(DataStorage_Temporary, aItems, lock);
+  ReadAllFromTable(DataStorage_Private, aItems, lock);
+}
+
+// Limit the number of entries per table. This is to prevent unbounded
+// resource use. The eviction strategy is as follows:
+// - An entry's score is incremented once for every day it is accessed.
+// - Evict an entry with score no more than any other entry in the table
+//   (this is the same as saying evict the entry with the lowest score,
+//    except for when there are multiple entries with the lowest score,
+//    in which case one of them is evicted - which one is not specified).
+void
+DataStorage::MaybeEvictOneEntry(DataStorageType aType,
+                                const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  if (table.Count() >= sMaxDataEntries) {
+    KeyAndEntry toEvict;
+    // If all entries have score sMaxScore, this won't actually remove
+    // anything. This will never happen, however, because having that high
+    // a score either means someone tampered with the backing file or every
+    // entry has been accessed once a day for ~4 billion days.
+    // The worst that will happen is there will be 1025 entries in the
+    // persistent data table, with the 1025th entry being replaced every time
+    // data with a new key is inserted into the table. This is bad but
+    // ultimately not that concerning, considering that if an attacker can
+    // modify data in the profile, they can cause much worse harm.
+    toEvict.mEntry.mScore = sMaxScore;
+
+    for (auto iter = table.Iter(); !iter.Done(); iter.Next()) {
+      Entry entry = iter.UserData();
+      if (entry.mScore < toEvict.mEntry.mScore) {
+        toEvict.mKey = iter.Key();
+        toEvict.mEntry = entry;
+      }
+    }
+
+    table.Remove(toEvict.mKey);
+  }
+}
+
+template <class Functor>
+static
+void
+RunOnAllContentParents(Functor func)
+{
+  if (!XRE_IsParentProcess()) {
+    return;
+  }
+  using dom::ContentParent;
+  nsTArray<ContentParent*> parents;
+  ContentParent::GetAll(parents);
+  for (auto& parent: parents) {
+    func(parent);
+  }
+}
+
+nsresult
+DataStorage::Put(const nsCString& aKey, const nsCString& aValue,
+                 DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  nsresult rv;
+  rv = ValidateKeyAndValue(aKey, aValue);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  Entry entry;
+  bool exists = GetInternal(aKey, &entry, aType, lock);
+  if (exists) {
+    entry.UpdateScore();
+  } else {
+    MaybeEvictOneEntry(aType, lock);
+  }
+  entry.mValue = aValue;
+  rv = PutInternal(aKey, entry, aType, lock);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    DataStorageItem item;
+    item.key() = aKey;
+    item.value() = aValue;
+    item.type() = aType;
+    Unused << aParent->SendDataStoragePut(mFilename, item);
+  });
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::PutInternal(const nsCString& aKey, Entry& aEntry,
+                         DataStorageType aType,
+                         const MutexAutoLock& aProofOfLock)
+{
+  DataStorageTable& table = GetTableForType(aType, aProofOfLock);
+  table.Put(aKey, aEntry);
+
+  if (aType == DataStorage_Persistent && !mPendingWrite) {
+    return AsyncSetTimer(aProofOfLock);
+  }
+
+  return NS_OK;
+}
+
+void
+DataStorage::Remove(const nsCString& aKey, DataStorageType aType)
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+
+  DataStorageTable& table = GetTableForType(aType, lock);
+  table.Remove(aKey);
+
+  if (aType == DataStorage_Persistent && !mPendingWrite) {
+    Unused << AsyncSetTimer(lock);
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    Unused << aParent->SendDataStorageRemove(mFilename, aKey, aType);
+  });
+}
+
+class DataStorage::Writer : public Runnable
+{
+public:
+  Writer(nsCString& aData, DataStorage* aDataStorage)
+    : mData(aData)
+    , mDataStorage(aDataStorage)
+  {
+  }
+
+private:
+  NS_DECL_NSIRUNNABLE
+
+  nsCString mData;
+  RefPtr<DataStorage> mDataStorage;
+};
+
+NS_IMETHODIMP
+DataStorage::Writer::Run()
+{
+  nsresult rv;
+  // Concurrent operations on nsIFile objects are not guaranteed to be safe,
+  // so we clone the file while holding the lock and then release the lock.
+  // At that point, we can safely operate on the clone.
+  nsCOMPtr<nsIFile> file;
+  {
+    MutexAutoLock lock(mDataStorage->mMutex);
+    // If we don't have a profile, bail.
+    if (!mDataStorage->mBackingFile) {
+      return NS_OK;
+    }
+    rv = mDataStorage->mBackingFile->Clone(getter_AddRefs(file));
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+  }
+
+  nsCOMPtr<nsIOutputStream> outputStream;
+  rv = NS_NewLocalFileOutputStream(getter_AddRefs(outputStream), file,
+                                   PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  const char* ptr = mData.get();
+  int32_t remaining = mData.Length();
+  uint32_t written = 0;
+  while (remaining > 0) {
+    rv = outputStream->Write(ptr, remaining, &written);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+    remaining -= written;
+    ptr += written;
+  }
+
+  // Observed by tests.
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod<const char*>(mDataStorage,
+                                   &DataStorage::NotifyObservers,
+                                   "data-storage-written");
+  rv = NS_DispatchToMainThread(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::AsyncWriteData(const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  if (mShuttingDown || !mBackingFile) {
+    return NS_OK;
+  }
+
+  nsCString output;
+  for (auto iter = mPersistentDataTable.Iter(); !iter.Done(); iter.Next()) {
+    Entry entry = iter.UserData();
+    output.Append(iter.Key());
+    output.Append('\t');
+    output.AppendInt(entry.mScore);
+    output.Append('\t');
+    output.AppendInt(entry.mLastAccessed);
+    output.Append('\t');
+    output.Append(entry.mValue);
+    output.Append('\n');
+  }
+
+  RefPtr<Writer> job(new Writer(output, this));
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  mPendingWrite = false;
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+DataStorage::Clear()
+{
+  WaitForReady();
+  MutexAutoLock lock(mMutex);
+  mPersistentDataTable.Clear();
+  mTemporaryDataTable.Clear();
+  mPrivateDataTable.Clear();
+
+  if (XRE_IsParentProcess()) {
+    // Asynchronously clear the file. This is similar to the permission manager
+    // in that it doesn't wait to synchronously remove the data from its backing
+    // storage either.
+    nsresult rv = AsyncWriteData(lock);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  RunOnAllContentParents([&](dom::ContentParent* aParent) {
+    Unused << aParent->SendDataStorageClear(mFilename);
+  });
+
+  return NS_OK;
+}
+
+/* static */
+void
+DataStorage::TimerCallback(nsITimer* aTimer, void* aClosure)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  RefPtr<DataStorage> aDataStorage = (DataStorage*)aClosure;
+  MutexAutoLock lock(aDataStorage->mMutex);
+  Unused << aDataStorage->AsyncWriteData(lock);
+}
+
+// We only initialize the timer on the worker thread because it's not safe
+// to mix what threads are operating on the timer.
+nsresult
+DataStorage::AsyncSetTimer(const MutexAutoLock& /*aProofOfLock*/)
+{
+  if (mShuttingDown || !XRE_IsParentProcess()) {
+    return NS_OK;
+  }
+
+  mPendingWrite = true;
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod(this, &DataStorage::SetTimer);
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+void
+DataStorage::SetTimer()
+{
+  MOZ_ASSERT(!NS_IsMainThread());
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  MutexAutoLock lock(mMutex);
+
+  nsresult rv;
+  if (!mTimer) {
+    mTimer = do_CreateInstance("@mozilla.org/timer;1", &rv);
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return;
+    }
+  }
+
+  rv = mTimer->InitWithFuncCallback(TimerCallback, this,
+                                    mTimerDelay, nsITimer::TYPE_ONE_SHOT);
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+}
+
+void
+DataStorage::NotifyObservers(const char* aTopic)
+{
+  // Don't access the observer service off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::NotifyObservers called off main thread");
+    return;
+  }
+
+  nsCOMPtr<nsIObserverService> os = services::GetObserverService();
+  if (os) {
+    os->NotifyObservers(nullptr, aTopic, mFilename.get());
+  }
+}
+
+nsresult
+DataStorage::DispatchShutdownTimer(const MutexAutoLock& /*aProofOfLock*/)
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+
+  nsCOMPtr<nsIRunnable> job =
+    NewRunnableMethod(this, &DataStorage::ShutdownTimer);
+  nsresult rv = mWorkerThread->Dispatch(job, NS_DISPATCH_NORMAL);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+void
+DataStorage::ShutdownTimer()
+{
+  MOZ_ASSERT(XRE_IsParentProcess());
+  MOZ_ASSERT(!NS_IsMainThread());
+  MutexAutoLock lock(mMutex);
+  nsresult rv = mTimer->Cancel();
+  Unused << NS_WARN_IF(NS_FAILED(rv));
+  mTimer = nullptr;
+}
+
+//------------------------------------------------------------
+// DataStorage::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+DataStorage::Observe(nsISupports* aSubject, const char* aTopic,
+                     const char16_t* aData)
+{
+  // Don't access preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("DataStorage::Observe called off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  if (strcmp(aTopic, "last-pb-context-exited") == 0) {
+    MutexAutoLock lock(mMutex);
+    mPrivateDataTable.Clear();
+  } else if (strcmp(aTopic, "profile-before-change") == 0 ||
+             (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0 &&
+              XRE_IsParentProcess())) {
+    MOZ_ASSERT(XRE_IsParentProcess());
+    // per bug 1271402, this should be safe to run multiple times
+    {
+      MutexAutoLock lock(mMutex);
+      rv = AsyncWriteData(lock);
+      mShuttingDown = true;
+      Unused << NS_WARN_IF(NS_FAILED(rv));
+      if (mTimer) {
+        rv = DispatchShutdownTimer(lock);
+        Unused << NS_WARN_IF(NS_FAILED(rv));
+      }
+    }
+    // Run the thread to completion and prevent any further events
+    // being scheduled to it. The thread may need the lock, so we can't
+    // hold it here.
+    rv = mWorkerThread->Shutdown();
+    if (NS_WARN_IF(NS_FAILED(rv))) {
+      return rv;
+    }
+
+    sDataStorages->Clear();
+  } else if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    MOZ_ASSERT(!XRE_IsParentProcess());
+    sDataStorages->Clear();
+  } else if (strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    MutexAutoLock lock(mMutex);
+    mTimerDelay = Preferences::GetInt("test.datastorage.write_timer_ms",
+                                      sDataStorageDefaultTimerDelay);
+  }
+
+  return NS_OK;
+}
+
+DataStorage::Entry::Entry()
+  : mScore(0)
+  , mLastAccessed((int32_t)(PR_Now() / sOneDayInMicroseconds))
+{
+}
+
+// Updates this entry's score. Returns true if the score has actually changed.
+// If it's been less than a day since this entry has been accessed, the score
+// does not change. Otherwise, the score increases by 1.
+// The default score is 0. The maximum score is the maximum value that can
+// be represented by an unsigned 32 bit integer.
+// This is to handle evictions from our tables, which in turn is to prevent
+// unbounded resource use.
+bool
+DataStorage::Entry::UpdateScore()
+{
+
+  int32_t nowInDays = (int32_t)(PR_Now() / sOneDayInMicroseconds);
+  int32_t daysSinceAccessed = (nowInDays - mLastAccessed);
+
+  // Update the last accessed time.
+  mLastAccessed = nowInDays;
+
+  // If it's been less than a day since we've been accessed,
+  // the score isn't updated.
+  if (daysSinceAccessed < 1) {
+    return false;
+  }
+
+  // Otherwise, increment the score (but don't overflow).
+  if (mScore < sMaxScore) {
+    mScore++;
+  }
+  return true;
+}
+
+} // namespace mozilla
diff --git a/security/manager/ssl/DataStorage.h b/security/manager/ssl/DataStorage.h
new file mode 100644
index 000000000..5e3182a40
--- /dev/null
+++ b/security/manager/ssl/DataStorage.h
@@ -0,0 +1,202 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_DataStorage_h
+#define mozilla_DataStorage_h
+
+#include "mozilla/Monitor.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/StaticPtr.h"
+#include "nsCOMPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIObserver.h"
+#include "nsIThread.h"
+#include "nsITimer.h"
+#include "nsRefPtrHashtable.h"
+#include "nsString.h"
+
+namespace mozilla {
+
+namespace dom {
+class DataStorageItem;
+}
+
+/**
+ * DataStorage is a threadsafe, generic, narrow string-based hash map that
+ * persists data on disk and additionally handles temporary and private data.
+ * However, if used in a context where there is no profile directory, data
+ * will not be persisted.
+ *
+ * Its lifecycle is as follows:
+ * - Allocate with a filename (this is or will eventually be a file in the
+ *   profile directory, if the profile exists).
+ * - Call Init() from the main thread. This spins off an asynchronous read
+ *   of the backing file.
+ * - Eventually observers of the topic "data-storage-ready" will be notified
+ *   with the backing filename as the data in the notification when this
+ *   has completed.
+ * - Should the profile directory not be available, (e.g. in xpcshell),
+ *   DataStorage will not initially read any persistent data. The
+ *   "data-storage-ready" event will still be emitted. This follows semantics
+ *   similar to the permission manager and allows tests that test
+ *   unrelated components to proceed without a profile.
+ * - When any persistent data changes, a timer is initialized that will
+ *   eventually asynchronously write all persistent data to the backing file.
+ *   When this happens, observers will be notified with the topic
+ *   "data-storage-written" and the backing filename as the data.
+ *   It is possible to receive a "data-storage-written" event while there exist
+ *   pending persistent data changes. However, those changes will cause the
+ *   timer to be reinitialized and another "data-storage-written" event will
+ *   be sent.
+ * - When DataStorage observes the topic "profile-before-change" in
+ *   anticipation of shutdown, all persistent data is synchronously written to
+ *   the backing file. The worker thread responsible for these writes is then
+ *   disabled to prevent further writes to that file (the delayed-write timer
+ *   is cancelled when this happens).
+ * - For testing purposes, the preference "test.datastorage.write_timer_ms" can
+ *   be set to cause the asynchronous writing of data to happen more quickly.
+ * - To prevent unbounded memory and disk use, the number of entries in each
+ *   table is limited to 1024. Evictions are handled in by a modified LRU scheme
+ *   (see implementation comments).
+ * - NB: Instances of DataStorage have long lifetimes because they are strong
+ *   observers of events and won't go away until the observer service does.
+ *
+ * For each key/value:
+ * - The key must be a non-empty string containing no instances of '\t' or '\n'
+ *   (this is a limitation of how the data is stored and will be addressed in
+ *   the future).
+ * - The key must have a length no more than 256.
+ * - The value must not contain '\n' and must have a length no more than 1024.
+ *   (the length limits are to prevent unbounded disk and memory usage)
+ */
+
+/**
+ * Data that is DataStorage_Persistent is saved on disk. DataStorage_Temporary
+ * and DataStorage_Private are not saved. DataStorage_Private is meant to
+ * only be set and accessed from private contexts. It will be cleared upon
+ * observing the event "last-pb-context-exited".
+ */
+enum DataStorageType {
+  DataStorage_Persistent,
+  DataStorage_Temporary,
+  DataStorage_Private
+};
+
+class DataStorage : public nsIObserver
+{
+  typedef dom::DataStorageItem DataStorageItem;
+
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  // If there is a profile directory, there is or will eventually be a file
+  // by the name specified by aFilename there.
+  static already_AddRefed<DataStorage> Get(const nsString& aFilename);
+  static already_AddRefed<DataStorage> GetIfExists(const nsString& aFilename);
+
+  // Initializes the DataStorage. Must be called before using.
+  // aDataWillPersist returns whether or not data can be persistently saved.
+  nsresult Init(/*out*/bool& aDataWillPersist);
+  // Given a key and a type of data, returns a value. Returns an empty string if
+  // the key is not present for that type of data. If Get is called before the
+  // "data-storage-ready" event is observed, it will block. NB: It is not
+  // currently possible to differentiate between missing data and data that is
+  // the empty string.
+  nsCString Get(const nsCString& aKey, DataStorageType aType);
+  // Give a key, value, and type of data, adds an entry as appropriate.
+  // Updates existing entries.
+  nsresult Put(const nsCString& aKey, const nsCString& aValue,
+               DataStorageType aType);
+  // Given a key and type of data, removes an entry if present.
+  void Remove(const nsCString& aKey, DataStorageType aType);
+  // Removes all entries of all types of data.
+  nsresult Clear();
+
+  // Read all of the data items.
+  void GetAll(InfallibleTArray<DataStorageItem>* aItems);
+
+private:
+  explicit DataStorage(const nsString& aFilename);
+  virtual ~DataStorage();
+
+  class Writer;
+  class Reader;
+
+  class Entry
+  {
+  public:
+    Entry();
+    bool UpdateScore();
+
+    uint32_t mScore;
+    int32_t mLastAccessed; // the last accessed time in days since the epoch
+    nsCString mValue;
+  };
+
+  // Utility class for scanning tables for an entry to evict.
+  class KeyAndEntry
+  {
+  public:
+    nsCString mKey;
+    Entry mEntry;
+  };
+
+  typedef nsDataHashtable<nsCStringHashKey, Entry> DataStorageTable;
+  typedef nsRefPtrHashtable<nsStringHashKey, DataStorage> DataStorages;
+
+  void WaitForReady();
+  nsresult AsyncWriteData(const MutexAutoLock& aProofOfLock);
+  nsresult AsyncReadData(bool& aHaveProfileDir,
+                         const MutexAutoLock& aProofOfLock);
+  nsresult AsyncSetTimer(const MutexAutoLock& aProofOfLock);
+  nsresult DispatchShutdownTimer(const MutexAutoLock& aProofOfLock);
+
+  static nsresult ValidateKeyAndValue(const nsCString& aKey,
+                                      const nsCString& aValue);
+  static void TimerCallback(nsITimer* aTimer, void* aClosure);
+  void SetTimer();
+  void ShutdownTimer();
+  void NotifyObservers(const char* aTopic);
+
+  bool GetInternal(const nsCString& aKey, Entry* aEntry, DataStorageType aType,
+                   const MutexAutoLock& aProofOfLock);
+  nsresult PutInternal(const nsCString& aKey, Entry& aEntry,
+                       DataStorageType aType,
+                       const MutexAutoLock& aProofOfLock);
+  void MaybeEvictOneEntry(DataStorageType aType,
+                          const MutexAutoLock& aProofOfLock);
+  DataStorageTable& GetTableForType(DataStorageType aType,
+                                    const MutexAutoLock& aProofOfLock);
+
+  void ReadAllFromTable(DataStorageType aType,
+                        InfallibleTArray<DataStorageItem>* aItems,
+                        const MutexAutoLock& aProofOfLock);
+
+  Mutex mMutex; // This mutex protects access to the following members:
+  DataStorageTable  mPersistentDataTable;
+  DataStorageTable  mTemporaryDataTable;
+  DataStorageTable  mPrivateDataTable;
+  nsCOMPtr<nsIThread> mWorkerThread;
+  nsCOMPtr<nsIFile> mBackingFile;
+  nsCOMPtr<nsITimer> mTimer; // All uses after init must be on the worker thread
+  uint32_t mTimerDelay; // in milliseconds
+  bool mPendingWrite; // true if a write is needed but hasn't been dispatched
+  bool mShuttingDown;
+  bool mInitCalled; // Indicates that Init() has been called.
+  // (End list of members protected by mMutex)
+
+  Monitor mReadyMonitor; // Do not acquire this at the same time as mMutex.
+  bool mReady; // Indicates that saved data has been read and Get can proceed.
+
+  const nsString mFilename;
+
+  static StaticAutoPtr<DataStorages> sDataStorages;
+};
+
+} // namespace mozilla
+
+#endif // mozilla_DataStorage_h
diff --git a/security/manager/ssl/DataStorageIPCUtils.h b/security/manager/ssl/DataStorageIPCUtils.h
new file mode 100644
index 000000000..cab159e60
--- /dev/null
+++ b/security/manager/ssl/DataStorageIPCUtils.h
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef ipc_DataStorageIPCUtils_h
+#define ipc_DataStorageIPCUtils_h
+
+#include "ipc/IPCMessageUtils.h"
+#include "mozilla/DataStorage.h"
+
+namespace IPC {
+  template<>
+  struct ParamTraits<mozilla::DataStorageType> :
+    public ContiguousEnumSerializer<mozilla::DataStorageType,
+                                    mozilla::DataStorage_Persistent,
+                                    mozilla::DataStorageType(mozilla::DataStorage_Private + 1)> {};
+} // namespace IPC
+
+#endif // mozilla_DataStorageIPCUtils_hh
diff --git a/security/manager/ssl/LocalCertService.cpp b/security/manager/ssl/LocalCertService.cpp
new file mode 100644
index 000000000..7ea0b4789
--- /dev/null
+++ b/security/manager/ssl/LocalCertService.cpp
@@ -0,0 +1,501 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "LocalCertService.h"
+
+#include "CryptoTask.h"
+#include "ScopedNSSTypes.h"
+#include "cert.h"
+#include "mozilla/Casting.h"
+#include "mozilla/ModuleUtils.h"
+#include "mozilla/RefPtr.h"
+#include "nsIPK11Token.h"
+#include "nsIPK11TokenDB.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertValidity.h"
+#include "nsLiteralString.h"
+#include "nsProxyRelease.h"
+#include "nsServiceManagerUtils.h"
+#include "nsString.h"
+#include "pk11pub.h"
+
+namespace mozilla {
+
+class LocalCertTask : public CryptoTask
+{
+protected:
+  explicit LocalCertTask(const nsACString& aNickname)
+    : mNickname(aNickname)
+  {
+  }
+
+  nsresult RemoveExisting()
+  {
+    // Search for any existing certs with this name and remove them
+    nsresult rv;
+
+    for (;;) {
+      UniqueCERTCertificate cert(
+        PK11_FindCertFromNickname(mNickname.get(), nullptr));
+      if (!cert) {
+        return NS_OK; // All done
+      }
+
+      // Found a cert, check if generated by this service
+      if (!cert->isRoot) {
+        return NS_ERROR_UNEXPECTED; // Should be self-signed
+      }
+
+      NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN=");
+      nsAutoCString subjectNameFromNickname(commonNamePrefix + mNickname);
+      if (!subjectNameFromNickname.Equals(cert->subjectName)) {
+        return NS_ERROR_UNEXPECTED; // Subject should match nickname
+      }
+      if (!subjectNameFromNickname.Equals(cert->issuerName)) {
+        return NS_ERROR_UNEXPECTED; // Issuer should match nickname
+      }
+
+      rv = MapSECStatus(PK11_DeleteTokenCertAndKey(cert.get(), nullptr));
+      if (NS_FAILED(rv)) {
+        return rv; // Some error, abort the loop
+      }
+    }
+  }
+
+  nsCString mNickname;
+};
+
+class LocalCertGetTask final : public LocalCertTask
+{
+public:
+  LocalCertGetTask(const nsACString& aNickname,
+                   nsILocalCertGetCallback* aCallback)
+    : LocalCertTask(aNickname)
+    , mCallback(new nsMainThreadPtrHolder<nsILocalCertGetCallback>(aCallback))
+    , mCert(nullptr)
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    // Try to lookup an existing cert in the DB
+    nsresult rv = GetFromDB();
+    // Make a new one if getting fails
+    if (NS_FAILED(rv)) {
+      rv = Generate();
+    }
+    // If generation fails, we're out of luck
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Validate cert, make a new one if it fails
+    rv = Validate();
+    if (NS_FAILED(rv)) {
+      rv = Generate();
+    }
+    // If generation fails, we're out of luck
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    return NS_OK;
+  }
+
+  nsresult Generate()
+  {
+    nsresult rv;
+
+    // Get the key slot for generation later
+    UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+    if (!slot) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Remove existing certs with this name (if any)
+    rv = RemoveExisting();
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Generate a new cert
+    NS_NAMED_LITERAL_CSTRING(commonNamePrefix, "CN=");
+    nsAutoCString subjectNameStr(commonNamePrefix + mNickname);
+    UniqueCERTName subjectName(CERT_AsciiToName(subjectNameStr.get()));
+    if (!subjectName) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Use the well-known NIST P-256 curve
+    SECOidData* curveOidData = SECOID_FindOIDByTag(SEC_OID_SECG_EC_SECP256R1);
+    if (!curveOidData) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Get key params from the curve
+    ScopedAutoSECItem keyParams(2 + curveOidData->oid.len);
+    keyParams.data[0] = SEC_ASN1_OBJECT_ID;
+    keyParams.data[1] = curveOidData->oid.len;
+    memcpy(keyParams.data + 2, curveOidData->oid.data, curveOidData->oid.len);
+
+    // Generate cert key pair
+    SECKEYPublicKey* tempPublicKey;
+    UniqueSECKEYPrivateKey privateKey(
+      PK11_GenerateKeyPair(slot.get(), CKM_EC_KEY_PAIR_GEN, &keyParams,
+                           &tempPublicKey, true /* token */,
+                           true /* sensitive */, nullptr));
+    UniqueSECKEYPublicKey publicKey(tempPublicKey);
+    tempPublicKey = nullptr;
+    if (!privateKey || !publicKey) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Create subject public key info and cert request
+    UniqueCERTSubjectPublicKeyInfo spki(
+      SECKEY_CreateSubjectPublicKeyInfo(publicKey.get()));
+    if (!spki) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    UniqueCERTCertificateRequest certRequest(
+      CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
+    if (!certRequest) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Valid from one day before to 1 year after
+    static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
+                               * PRTime(60)  // sec
+                               * PRTime(60)  // min
+                               * PRTime(24); // hours
+
+    PRTime now = PR_Now();
+    PRTime notBefore = now - oneDay;
+    PRTime notAfter = now + (PRTime(365) * oneDay);
+    UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+    if (!validity) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Generate random serial
+    unsigned long serial;
+    // This serial in principle could collide, but it's unlikely
+    rv = MapSECStatus(PK11_GenerateRandomOnSlot(
+           slot.get(), BitwiseCast<unsigned char*, unsigned long*>(&serial),
+           sizeof(serial)));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Create the cert from these pieces
+    UniqueCERTCertificate cert(
+      CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
+                             certRequest.get()));
+    if (!cert) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Update the cert version to X509v3
+    if (!cert->version.data) {
+      return NS_ERROR_INVALID_POINTER;
+    }
+    *(cert->version.data) = SEC_CERTIFICATE_VERSION_3;
+    cert->version.len = 1;
+
+    // Set cert signature algorithm
+    PLArenaPool* arena = cert->arena;
+    if (!arena) {
+      return NS_ERROR_INVALID_POINTER;
+    }
+    rv = MapSECStatus(
+           SECOID_SetAlgorithmID(arena, &cert->signature,
+                                 SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE, 0));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Encode and self-sign the cert
+    UniqueSECItem certDER(
+      SEC_ASN1EncodeItem(nullptr, nullptr, cert.get(),
+                         SEC_ASN1_GET(CERT_CertificateTemplate)));
+    if (!certDER) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+    rv = MapSECStatus(
+           SEC_DerSignData(arena, &cert->derCert, certDER->data, certDER->len,
+                           privateKey.get(),
+                           SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Create a CERTCertificate from the signed data
+    UniqueCERTCertificate certFromDER(
+      CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &cert->derCert, nullptr,
+                              true /* perm */, true /* copyDER */));
+    if (!certFromDER) {
+      return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+    }
+
+    // Save the cert in the DB
+    rv = MapSECStatus(PK11_ImportCert(slot.get(), certFromDER.get(),
+                                      CK_INVALID_HANDLE, mNickname.get(),
+                                      false /* unused */));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // We should now have cert in the DB, read it back in nsIX509Cert form
+    return GetFromDB();
+  }
+
+  nsresult GetFromDB()
+  {
+    nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID);
+    if (!certDB) {
+      return NS_ERROR_FAILURE;
+    }
+
+    nsCOMPtr<nsIX509Cert> certFromDB;
+    nsresult rv;
+    rv = certDB->FindCertByNickname(NS_ConvertASCIItoUTF16(mNickname),
+                                    getter_AddRefs(certFromDB));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    mCert = certFromDB;
+    return NS_OK;
+  }
+
+  nsresult Validate()
+  {
+    // Verify cert is self-signed
+    bool selfSigned;
+    nsresult rv = mCert->GetIsSelfSigned(&selfSigned);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (!selfSigned) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // Check that subject and issuer match nickname
+    nsXPIDLString subjectName;
+    nsXPIDLString issuerName;
+    mCert->GetSubjectName(subjectName);
+    mCert->GetIssuerName(issuerName);
+    if (!subjectName.Equals(issuerName)) {
+      return NS_ERROR_FAILURE;
+    }
+    NS_NAMED_LITERAL_STRING(commonNamePrefix, "CN=");
+    nsAutoString subjectNameFromNickname(
+      commonNamePrefix + NS_ConvertASCIItoUTF16(mNickname));
+    if (!subjectName.Equals(subjectNameFromNickname)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    nsCOMPtr<nsIX509CertValidity> validity;
+    mCert->GetValidity(getter_AddRefs(validity));
+
+    PRTime notBefore, notAfter;
+    validity->GetNotBefore(&notBefore);
+    validity->GetNotAfter(&notAfter);
+
+    // Ensure cert will last at least one more day
+    static const PRTime oneDay = PRTime(PR_USEC_PER_SEC)
+                               * PRTime(60)  // sec
+                               * PRTime(60)  // min
+                               * PRTime(24); // hours
+    PRTime now = PR_Now();
+    if (notBefore > now ||
+        notAfter < (now - oneDay)) {
+      return NS_ERROR_FAILURE;
+    }
+
+    return NS_OK;
+  }
+
+  virtual void ReleaseNSSResources() override {}
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    (void) mCallback->HandleCert(mCert, rv);
+  }
+
+  nsMainThreadPtrHandle<nsILocalCertGetCallback> mCallback;
+  nsCOMPtr<nsIX509Cert> mCert; // out
+};
+
+class LocalCertRemoveTask final : public LocalCertTask
+{
+public:
+  LocalCertRemoveTask(const nsACString& aNickname,
+                      nsILocalCertCallback* aCallback)
+    : LocalCertTask(aNickname)
+    , mCallback(new nsMainThreadPtrHolder<nsILocalCertCallback>(aCallback))
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    return RemoveExisting();
+  }
+
+  virtual void ReleaseNSSResources() override {}
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    (void) mCallback->HandleResult(rv);
+  }
+
+  nsMainThreadPtrHandle<nsILocalCertCallback> mCallback;
+};
+
+NS_IMPL_ISUPPORTS(LocalCertService, nsILocalCertService)
+
+LocalCertService::LocalCertService()
+{
+}
+
+LocalCertService::~LocalCertService()
+{
+}
+
+nsresult
+LocalCertService::LoginToKeySlot()
+{
+  nsresult rv;
+
+  // Get access to key slot
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  // If no user password yet, set it an empty one
+  if (PK11_NeedUserInit(slot.get())) {
+    rv = MapSECStatus(PK11_InitPin(slot.get(), "", ""));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  // If user has a password set, prompt to login
+  if (PK11_NeedLogin(slot.get()) && !PK11_IsLoggedIn(slot.get(), nullptr)) {
+    // Switching to XPCOM to get the UI prompt that PSM owns
+    nsCOMPtr<nsIPK11TokenDB> tokenDB =
+      do_GetService(NS_PK11TOKENDB_CONTRACTID);
+    if (!tokenDB) {
+      return NS_ERROR_FAILURE;
+    }
+    nsCOMPtr<nsIPK11Token> keyToken;
+    tokenDB->GetInternalKeyToken(getter_AddRefs(keyToken));
+    if (!keyToken) {
+      return NS_ERROR_FAILURE;
+    }
+    // Prompt the user to login
+    return keyToken->Login(false /* force */);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+LocalCertService::GetOrCreateCert(const nsACString& aNickname,
+                                  nsILocalCertGetCallback* aCallback)
+{
+  if (NS_WARN_IF(aNickname.IsEmpty())) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (NS_WARN_IF(!aCallback)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Before sending off the task, login to key slot if needed
+  nsresult rv = LoginToKeySlot();
+  if (NS_FAILED(rv)) {
+    aCallback->HandleCert(nullptr, rv);
+    return NS_OK;
+  }
+
+  RefPtr<LocalCertGetTask> task(new LocalCertGetTask(aNickname, aCallback));
+  return task->Dispatch("LocalCertGet");
+}
+
+NS_IMETHODIMP
+LocalCertService::RemoveCert(const nsACString& aNickname,
+                             nsILocalCertCallback* aCallback)
+{
+  if (NS_WARN_IF(aNickname.IsEmpty())) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (NS_WARN_IF(!aCallback)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Before sending off the task, login to key slot if needed
+  nsresult rv = LoginToKeySlot();
+  if (NS_FAILED(rv)) {
+    aCallback->HandleResult(rv);
+    return NS_OK;
+  }
+
+  RefPtr<LocalCertRemoveTask> task(
+    new LocalCertRemoveTask(aNickname, aCallback));
+  return task->Dispatch("LocalCertRm");
+}
+
+NS_IMETHODIMP
+LocalCertService::GetLoginPromptRequired(bool* aRequired)
+{
+  nsresult rv;
+
+  // Get access to key slot
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+  }
+
+  // If no user password yet, set it an empty one
+  if (PK11_NeedUserInit(slot.get())) {
+    rv = MapSECStatus(PK11_InitPin(slot.get(), "", ""));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  *aRequired = PK11_NeedLogin(slot.get()) &&
+               !PK11_IsLoggedIn(slot.get(), nullptr);
+  return NS_OK;
+}
+
+#define LOCALCERTSERVICE_CID \
+{ 0x47402be2, 0xe653, 0x45d0, \
+  { 0x8d, 0xaa, 0x9f, 0x0d, 0xce, 0x0a, 0xc1, 0x48 } }
+
+NS_GENERIC_FACTORY_CONSTRUCTOR(LocalCertService)
+
+NS_DEFINE_NAMED_CID(LOCALCERTSERVICE_CID);
+
+static const Module::CIDEntry kLocalCertServiceCIDs[] = {
+  { &kLOCALCERTSERVICE_CID, false, nullptr, LocalCertServiceConstructor },
+  { nullptr }
+};
+
+static const Module::ContractIDEntry kLocalCertServiceContracts[] = {
+  { LOCALCERTSERVICE_CONTRACTID, &kLOCALCERTSERVICE_CID },
+  { nullptr }
+};
+
+static const Module kLocalCertServiceModule = {
+  Module::kVersion,
+  kLocalCertServiceCIDs,
+  kLocalCertServiceContracts
+};
+
+NSMODULE_DEFN(LocalCertServiceModule) = &kLocalCertServiceModule;
+
+} // namespace mozilla
diff --git a/security/manager/ssl/LocalCertService.h b/security/manager/ssl/LocalCertService.h
new file mode 100644
index 000000000..fb5a999cd
--- /dev/null
+++ b/security/manager/ssl/LocalCertService.h
@@ -0,0 +1,27 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef LocalCertService_h
+#define LocalCertService_h
+
+#include "nsILocalCertService.h"
+
+namespace mozilla {
+
+class LocalCertService final : public nsILocalCertService
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSILOCALCERTSERVICE
+
+  LocalCertService();
+
+private:
+  nsresult LoginToKeySlot();
+  ~LocalCertService();
+};
+
+} // namespace mozilla
+
+#endif // LocalCertService_h
diff --git a/security/manager/ssl/NSSErrorsService.cpp b/security/manager/ssl/NSSErrorsService.cpp
new file mode 100644
index 000000000..0632203b1
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.cpp
@@ -0,0 +1,206 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "NSSErrorsService.h"
+
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+#define PIPNSS_STRBUNDLE_URL "chrome://pipnss/locale/pipnss.properties"
+#define NSSERR_STRBUNDLE_URL "chrome://pipnss/locale/nsserrors.properties"
+
+namespace mozilla {
+namespace psm {
+
+static_assert(mozilla::pkix::ERROR_BASE ==
+                nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE,
+              "MOZILLA_PKIX_ERROR_BASE and "
+                "nsINSSErrorsService::MOZILLA_PKIX_ERROR_BASE do not match.");
+static_assert(mozilla::pkix::ERROR_LIMIT ==
+                nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT,
+              "MOZILLA_PKIX_ERROR_LIMIT and "
+                "nsINSSErrorsService::MOZILLA_PKIX_ERROR_LIMIT do not match.");
+
+static bool
+IsPSMError(PRErrorCode error)
+{
+  return (error >= mozilla::pkix::ERROR_BASE &&
+          error < mozilla::pkix::ERROR_LIMIT);
+}
+
+NS_IMPL_ISUPPORTS(NSSErrorsService, nsINSSErrorsService)
+
+NSSErrorsService::~NSSErrorsService() { }
+
+nsresult
+NSSErrorsService::Init()
+{
+  nsresult rv;
+  nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+  if (NS_FAILED(rv) || !bundleService) 
+    return NS_ERROR_FAILURE;
+  
+  bundleService->CreateBundle(PIPNSS_STRBUNDLE_URL,
+                              getter_AddRefs(mPIPNSSBundle));
+  if (!mPIPNSSBundle)
+    rv = NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle(NSSERR_STRBUNDLE_URL,
+                              getter_AddRefs(mNSSErrorsBundle));
+  if (!mNSSErrorsBundle)
+    rv = NS_ERROR_FAILURE;
+
+  return rv;
+}
+
+#define EXPECTED_SEC_ERROR_BASE (-0x2000)
+#define EXPECTED_SSL_ERROR_BASE (-0x3000)
+
+#if SEC_ERROR_BASE != EXPECTED_SEC_ERROR_BASE || SSL_ERROR_BASE != EXPECTED_SSL_ERROR_BASE
+#error "Unexpected change of error code numbers in lib NSS, please adjust the mapping code"
+/*
+ * Please ensure the NSS error codes are mapped into the positive range 0x1000 to 0xf000
+ * Search for NS_ERROR_MODULE_SECURITY to ensure there are no conflicts.
+ * The current code also assumes that NSS library error codes are negative.
+ */
+#endif
+
+bool
+IsNSSErrorCode(PRErrorCode code)
+{
+  return IS_SEC_ERROR(code) || IS_SSL_ERROR(code) || IsPSMError(code);
+}
+
+nsresult
+GetXPCOMFromNSSError(PRErrorCode code)
+{
+  if (!code) {
+    MOZ_CRASH("Function failed without calling PR_GetError");
+  }
+
+  // The error codes within each module must be a 16 bit value.
+  // For simplicity we use the positive value of the NSS code.
+  return (nsresult)NS_ERROR_GENERATE_FAILURE(NS_ERROR_MODULE_SECURITY,
+                                             -1 * code);
+}
+
+NS_IMETHODIMP
+NSSErrorsService::IsNSSErrorCode(int32_t aNSPRCode, bool *_retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *_retval = mozilla::psm::IsNSSErrorCode(aNSPRCode);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetXPCOMFromNSSError(int32_t aNSPRCode, nsresult *aXPCOMErrorCode)
+{
+  if (!aXPCOMErrorCode) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *aXPCOMErrorCode = mozilla::psm::GetXPCOMFromNSSError(aNSPRCode);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorClass(nsresult aXPCOMErrorCode, uint32_t *aErrorClass)
+{
+  NS_ENSURE_ARG(aErrorClass);
+
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+  
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (mozilla::psm::ErrorIsOverridable(aNSPRCode)) {
+    *aErrorClass = ERROR_CLASS_BAD_CERT;
+  } else {
+    *aErrorClass = ERROR_CLASS_SSL_PROTOCOL;
+  }
+
+  return NS_OK;
+}
+
+bool
+ErrorIsOverridable(PRErrorCode code)
+{
+  switch (code)
+  {
+    // Overridable errors.
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      return true;
+    // Non-overridable errors.
+    default:
+      return false;
+  }
+}
+
+NS_IMETHODIMP
+NSSErrorsService::GetErrorMessage(nsresult aXPCOMErrorCode, nsAString &aErrorMessage)
+{
+  if (NS_ERROR_GET_MODULE(aXPCOMErrorCode) != NS_ERROR_MODULE_SECURITY ||
+      NS_ERROR_GET_SEVERITY(aXPCOMErrorCode) != NS_ERROR_SEVERITY_ERROR) {
+    return NS_ERROR_FAILURE;
+  }
+  
+  int32_t aNSPRCode = -1 * NS_ERROR_GET_CODE(aXPCOMErrorCode);
+
+  if (!mozilla::psm::IsNSSErrorCode(aNSPRCode)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIStringBundle> theBundle = mPIPNSSBundle;
+  const char *id_str = nsNSSErrors::getOverrideErrorStringName(aNSPRCode);
+
+  if (!id_str) {
+    id_str = nsNSSErrors::getDefaultErrorStringName(aNSPRCode);
+    theBundle = mNSSErrorsBundle;
+  }
+
+  if (!id_str || !theBundle) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoString msg;
+  nsresult rv =
+    theBundle->GetStringFromName(NS_ConvertASCIItoUTF16(id_str).get(),
+                                 getter_Copies(msg));
+  if (NS_SUCCEEDED(rv)) {
+    aErrorMessage = msg;
+  }
+  return rv;
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/NSSErrorsService.h b/security/manager/ssl/NSSErrorsService.h
new file mode 100644
index 000000000..844ceda35
--- /dev/null
+++ b/security/manager/ssl/NSSErrorsService.h
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSSErrorsService_h
+#define NSSErrorsService_h
+
+#include "nsINSSErrorsService.h"
+#include "mozilla/Attributes.h"
+#include "nsCOMPtr.h"
+#include "nsIStringBundle.h"
+#include "prerror.h"
+
+namespace mozilla {
+namespace psm {
+
+class NSSErrorsService final : public nsINSSErrorsService
+{
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSERRORSSERVICE
+
+public:
+  nsresult Init();
+
+private:
+  // For XPCOM implementations that are not a base class for some other
+  // class, it is good practice to make the destructor non-virtual and
+  // private.  Then the only way to delete the object is via Release.
+#ifdef _MSC_VER
+  // C4265: Class has virtual members but destructor is not virtual
+  __pragma(warning(disable:4265))
+#endif
+  ~NSSErrorsService();
+
+  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+};
+
+bool IsNSSErrorCode(PRErrorCode code);
+nsresult GetXPCOMFromNSSError(PRErrorCode code);
+bool ErrorIsOverridable(PRErrorCode code);
+
+} // namespace psm
+} // namespace mozilla
+
+#define NS_NSSERRORSSERVICE_CID \
+  { 0x9ef18451, 0xa157, 0x4d17, { 0x81, 0x32, 0x47, 0xaf, 0xef, 0x21, 0x36, 0x89 } }
+
+#endif // NSSErrorsService_h
diff --git a/security/manager/ssl/PPSMContentDownloader.ipdl b/security/manager/ssl/PPSMContentDownloader.ipdl
new file mode 100644
index 000000000..a9c0fc266
--- /dev/null
+++ b/security/manager/ssl/PPSMContentDownloader.ipdl
@@ -0,0 +1,28 @@
+/* vim: set sw=2 sts=2 ts=2 et tw=80 ft=cpp: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+include protocol PContent;
+include protocol PChannelDiverter;
+
+namespace mozilla {
+namespace psm {
+
+protocol PPSMContentDownloader
+{
+  manager PContent;
+
+parent:
+  async OnStartRequest(uint32_t contentLength);
+  async OnDataAvailable(nsCString data, uint64_t offset, uint32_t count);
+  async OnStopRequest(nsresult code);
+
+  async DivertToParentUsing(PChannelDiverter diverter);
+
+child:
+  async __delete__();
+};
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/PSMContentListener.cpp b/security/manager/ssl/PSMContentListener.cpp
new file mode 100644
index 000000000..688e2c18c
--- /dev/null
+++ b/security/manager/ssl/PSMContentListener.cpp
@@ -0,0 +1,454 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set sw=2 sts=2 ts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PSMContentListener.h"
+
+#include "nsIDivertableChannel.h"
+#include "nsIStreamListener.h"
+#include "nsIX509CertDB.h"
+#include "nsIXULAppInfo.h"
+
+#include "mozilla/Casting.h"
+#include "mozilla/Services.h"
+#include "mozilla/Unused.h"
+
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/net/ChannelDiverterParent.h"
+#include "mozilla/net/ChannelDiverterChild.h"
+
+#include "nsCRT.h"
+#include "nsNetUtil.h"
+#include "nsIChannel.h"
+#include "nsIInputStream.h"
+#include "nsIURI.h"
+#include "nsNSSHelper.h"
+
+#include "mozilla/Logging.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+namespace mozilla { namespace psm {
+
+namespace {
+
+const int32_t kDefaultCertAllocLength = 2048;
+
+enum {
+  UNKNOWN_TYPE = 0,
+  X509_CA_CERT = 1,
+  X509_USER_CERT = 2,
+  X509_EMAIL_CERT = 3,
+  X509_SERVER_CERT = 4
+};
+
+/* other mime types that we should handle sometime:
+
+   application/x-pkcs7-mime
+   application/pkcs7-signature
+   application/pre-encrypted
+
+*/
+
+uint32_t
+getPSMContentType(const char* aContentType)
+{
+  // Don't forget to update the registration of content listeners in nsNSSModule.cpp
+  // for every supported content type.
+
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
+    return X509_CA_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
+    return X509_SERVER_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
+    return X509_USER_CERT;
+  if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
+    return X509_EMAIL_CERT;
+
+  return UNKNOWN_TYPE;
+}
+
+int64_t
+ComputeContentLength(nsIRequest* request)
+{
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+  if (!channel) {
+    return -1;
+  }
+
+  int64_t contentLength;
+  nsresult rv = channel->GetContentLength(&contentLength);
+  if (NS_FAILED(rv) || contentLength <= 0) {
+    return kDefaultCertAllocLength;
+  }
+
+  if (contentLength > INT32_MAX) {
+    return -1;
+  }
+
+  return contentLength;
+}
+
+} // unnamed namespace
+
+/* ------------------------
+ * PSMContentStreamListener
+ * ------------------------ */
+
+PSMContentStreamListener::PSMContentStreamListener(uint32_t type)
+  : mType(type)
+{
+}
+
+PSMContentStreamListener::~PSMContentStreamListener()
+{
+}
+
+NS_IMPL_ISUPPORTS(PSMContentStreamListener, nsIStreamListener, nsIRequestObserver)
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnStartRequest(nsIRequest* request, nsISupports* context)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStartRequest\n"));
+
+  int64_t contentLength = ComputeContentLength(request);
+  if (contentLength < 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  mByteData.SetCapacity(contentLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnDataAvailable(nsIRequest* request,
+                                          nsISupports* context,
+                                          nsIInputStream* aIStream,
+                                          uint64_t aSourceOffset,
+                                          uint32_t aLength)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnDataAvailable\n"));
+
+  nsCString chunk;
+  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mByteData.Append(chunk);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentStreamListener::OnStopRequest(nsIRequest* request,
+                                        nsISupports* context,
+                                        nsresult aStatus)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertDownloader::OnStopRequest\n"));
+
+  // Because importing the cert can spin the event loop (via alerts), we can't
+  // do it here. Do it off the event loop instead.
+  nsCOMPtr<nsIRunnable> r =
+    NewRunnableMethod(this, &PSMContentStreamListener::ImportCertificate);
+  MOZ_ALWAYS_SUCCEEDS(NS_DispatchToMainThread(r));
+
+  return NS_OK;
+}
+
+void
+PSMContentStreamListener::ImportCertificate()
+{
+  nsCOMPtr<nsIX509CertDB> certdb;
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+
+  switch (mType) {
+  case X509_CA_CERT:
+  case X509_USER_CERT:
+  case X509_EMAIL_CERT:
+    certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+    break;
+
+  default:
+    break;
+  }
+
+  if (!certdb) {
+    return;
+  }
+
+  switch (mType) {
+  case X509_CA_CERT:
+    certdb->ImportCertificates(BitwiseCast<uint8_t*, char*>(
+                                 mByteData.BeginWriting()),
+                               mByteData.Length(), mType, ctx);
+    break;
+
+  case X509_USER_CERT:
+    certdb->ImportUserCertificate(BitwiseCast<uint8_t*, char*>(
+                                    mByteData.BeginWriting()),
+                                  mByteData.Length(), ctx);
+    break;
+
+  case X509_EMAIL_CERT:
+    certdb->ImportEmailCertificate(BitwiseCast<uint8_t*, char*>(
+                                     mByteData.BeginWriting()),
+                                   mByteData.Length(), ctx);
+    break;
+
+  default:
+    break;
+  }
+}
+
+/* ------------------------
+ * PSMContentDownloaderParent
+ * ------------------------ */
+
+PSMContentDownloaderParent::PSMContentDownloaderParent(uint32_t type)
+  : PSMContentStreamListener(type)
+  , mIPCOpen(true)
+{
+}
+
+PSMContentDownloaderParent::~PSMContentDownloaderParent()
+{
+}
+
+bool
+PSMContentDownloaderParent::RecvOnStartRequest(const uint32_t& contentLength)
+{
+  mByteData.SetCapacity(contentLength);
+  return true;
+}
+
+bool
+PSMContentDownloaderParent::RecvOnDataAvailable(const nsCString& data,
+                                                const uint64_t& offset,
+                                                const uint32_t& count)
+{
+  mByteData.Append(data);
+  return true;
+}
+
+bool
+PSMContentDownloaderParent::RecvOnStopRequest(const nsresult& code)
+{
+  if (NS_SUCCEEDED(code)) {
+    // See also PSMContentStreamListener::OnStopRequest. In this case, we don't
+    // have to dispatch ImportCertificate off of an event because we don't have
+    // to worry about Necko sending "clean up" events and destroying us if
+    // ImportCertificate spins the event loop.
+    ImportCertificate();
+  }
+
+  if (mIPCOpen) {
+    mozilla::Unused << Send__delete__(this);
+  }
+  return true;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderParent::OnStopRequest(nsIRequest* request, nsISupports* context, nsresult code)
+{
+  nsresult rv = PSMContentStreamListener::OnStopRequest(request, context, code);
+
+  if (mIPCOpen) {
+    mozilla::Unused << Send__delete__(this);
+  }
+  return rv;
+}
+
+bool
+PSMContentDownloaderParent::RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent* diverter)
+{
+  MOZ_ASSERT(diverter);
+  auto p = static_cast<mozilla::net::ChannelDiverterParent*>(diverter);
+  p->DivertTo(this);
+  mozilla::Unused << p->Send__delete__(p);
+  return true;
+}
+
+void
+PSMContentDownloaderParent::ActorDestroy(ActorDestroyReason why)
+{
+  mIPCOpen = false;
+}
+
+/* ------------------------
+ * PSMContentDownloaderChild
+ * ------------------------ */
+
+NS_IMPL_ISUPPORTS(PSMContentDownloaderChild, nsIStreamListener)
+
+PSMContentDownloaderChild::PSMContentDownloaderChild()
+{
+}
+
+PSMContentDownloaderChild::~PSMContentDownloaderChild()
+{
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnStartRequest(nsIRequest* request, nsISupports* context)
+{
+  nsCOMPtr<nsIDivertableChannel> divertable = do_QueryInterface(request);
+  if (divertable) {
+    mozilla::net::ChannelDiverterChild* diverter = nullptr;
+    nsresult rv = divertable->DivertToParent(&diverter);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    MOZ_ASSERT(diverter);
+
+    return SendDivertToParentUsing(diverter) ? NS_OK : NS_ERROR_FAILURE;
+  }
+
+  int64_t contentLength = ComputeContentLength(request);
+  if (contentLength < 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  mozilla::Unused << SendOnStartRequest(contentLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnDataAvailable(nsIRequest* request,
+                                           nsISupports* context,
+                                           nsIInputStream* aIStream,
+                                           uint64_t aSourceOffset,
+                                           uint32_t aLength)
+{
+  nsCString chunk;
+  nsresult rv = NS_ReadInputStreamToString(aIStream, chunk, aLength);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  mozilla::Unused << SendOnDataAvailable(chunk, aSourceOffset, aLength);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentDownloaderChild::OnStopRequest(nsIRequest* request,
+                                         nsISupports* context,
+                                         nsresult aStatus)
+{
+  mozilla::Unused << SendOnStopRequest(aStatus);
+  return NS_OK;
+}
+
+/* ------------------------
+ * PSMContentListener
+ * ------------------------ */
+
+NS_IMPL_ISUPPORTS(PSMContentListener,
+                  nsIURIContentListener,
+                  nsISupportsWeakReference) 
+
+PSMContentListener::PSMContentListener()
+{
+  mLoadCookie = nullptr;
+  mParentContentListener = nullptr;
+}
+
+PSMContentListener::~PSMContentListener()
+{
+}
+
+nsresult
+PSMContentListener::init()
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::OnStartURIOpen(nsIURI* aURI, bool* aAbortOpen)
+{
+  //if we don't want to handle the URI, return true in
+  //*aAbortOpen
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::IsPreferred(const char* aContentType,
+                                 char** aDesiredContentType,
+                                 bool* aCanHandleContent)
+{
+  return CanHandleContent(aContentType, true,
+                          aDesiredContentType, aCanHandleContent);
+}
+
+NS_IMETHODIMP
+PSMContentListener::CanHandleContent(const char* aContentType,
+                                      bool aIsContentPreferred,
+                                      char** aDesiredContentType,
+                                      bool* aCanHandleContent)
+{
+  uint32_t type = getPSMContentType(aContentType);
+  *aCanHandleContent = (type != UNKNOWN_TYPE);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::DoContent(const nsACString& aContentType,
+                               bool aIsContentPreferred,
+                               nsIRequest* aRequest,
+                               nsIStreamListener** aContentHandler,
+                               bool* aAbortProcess)
+{
+  uint32_t type;
+  type = getPSMContentType(PromiseFlatCString(aContentType).get());
+  if (gPIPNSSLog) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PSMContentListener::DoContent\n"));
+  }
+  if (type != UNKNOWN_TYPE) {
+    nsCOMPtr<nsIStreamListener> downloader;
+    if (XRE_IsParentProcess()) {
+      downloader = new PSMContentStreamListener(type);
+    } else {
+      downloader = static_cast<PSMContentDownloaderChild*>(
+          dom::ContentChild::GetSingleton()->SendPPSMContentDownloaderConstructor(type));
+    }
+
+    downloader.forget(aContentHandler);
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetLoadCookie(nsISupports** aLoadCookie)
+{
+  nsCOMPtr<nsISupports> loadCookie(mLoadCookie);
+  loadCookie.forget(aLoadCookie);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetLoadCookie(nsISupports* aLoadCookie)
+{
+  mLoadCookie = aLoadCookie;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::GetParentContentListener(nsIURIContentListener** aContentListener)
+{
+  nsCOMPtr<nsIURIContentListener> listener(mParentContentListener);
+  listener.forget(aContentListener);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+PSMContentListener::SetParentContentListener(nsIURIContentListener* aContentListener)
+{
+  mParentContentListener = aContentListener;
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/PSMContentListener.h b/security/manager/ssl/PSMContentListener.h
new file mode 100644
index 000000000..d948383a4
--- /dev/null
+++ b/security/manager/ssl/PSMContentListener.h
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_psm_PSMCOntentListener_h_
+#define mozilla_psm_PSMCOntentListener_h_
+
+#include "nsCOMPtr.h"
+#include "nsIURIContentListener.h"
+#include "nsWeakReference.h"
+#include "mozilla/psm/PPSMContentDownloaderChild.h"
+#include "mozilla/psm/PPSMContentDownloaderParent.h"
+
+#define NS_PSMCONTENTLISTEN_CID {0xc94f4a30, 0x64d7, 0x11d4, {0x99, 0x60, 0x00, 0xb0, 0xd0, 0x23, 0x54, 0xa0}}
+#define NS_PSMCONTENTLISTEN_CONTRACTID "@mozilla.org/security/psmdownload;1"
+
+namespace mozilla {
+namespace net {
+
+class PChannelDiverterParent;
+
+} // namespace net
+} // namespace mozilla
+
+namespace mozilla { namespace psm {
+
+// PSMContentStreamListener for parent-process downloading.
+class PSMContentStreamListener : public nsIStreamListener
+{
+public:
+  explicit PSMContentStreamListener(uint32_t type);
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
+
+  void ImportCertificate();
+
+protected:
+  virtual ~PSMContentStreamListener();
+
+  nsCString mByteData;
+  uint32_t mType;
+};
+
+// Parent actor for importing a remote cert when the load was started by the
+// child.
+class PSMContentDownloaderParent : public PPSMContentDownloaderParent
+                                 , public PSMContentStreamListener
+{
+public:
+  explicit PSMContentDownloaderParent(uint32_t type);
+
+  virtual bool RecvOnStartRequest(const uint32_t &contentLength) override;
+  virtual bool RecvOnDataAvailable(const nsCString &data,
+                                   const uint64_t &offset,
+                                   const uint32_t &count) override;
+  virtual bool RecvOnStopRequest(const nsresult &code) override;
+
+  // We inherit most of nsIStreamListener from PSMContentStreamListener, but
+  // we have to override OnStopRequest to know when we're done with our IPC
+  // ref.
+  NS_IMETHOD OnStopRequest(nsIRequest *request, nsISupports *aContext, nsresult code) override;
+
+  virtual bool RecvDivertToParentUsing(mozilla::net::PChannelDiverterParent *diverter) override;
+
+protected:
+  virtual ~PSMContentDownloaderParent();
+
+  virtual void ActorDestroy(ActorDestroyReason why) override;
+  bool mIPCOpen;
+};
+
+// Child actor for importing a cert.
+class PSMContentDownloaderChild : public nsIStreamListener
+                                , public PPSMContentDownloaderChild
+{
+public:
+  PSMContentDownloaderChild();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIREQUESTOBSERVER
+  NS_DECL_NSISTREAMLISTENER
+
+private:
+  ~PSMContentDownloaderChild();
+};
+
+
+class PSMContentListener : public nsIURIContentListener,
+                           public nsSupportsWeakReference
+{
+public:
+  PSMContentListener();
+  nsresult init();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIURICONTENTLISTENER
+
+protected:
+  virtual ~PSMContentListener();
+
+private:
+  nsCOMPtr<nsISupports> mLoadCookie;
+  nsCOMPtr<nsIURIContentListener> mParentContentListener;
+};
+
+} } // namespace mozilla::psm
+
+#endif // mozilla_psm_PSMCOntentListener_h
diff --git a/security/manager/ssl/PSMRunnable.cpp b/security/manager/ssl/PSMRunnable.cpp
new file mode 100644
index 000000000..9f151a83f
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.cpp
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+ 
+#include "PSMRunnable.h"
+ 
+namespace mozilla { namespace psm {
+
+SyncRunnableBase::SyncRunnableBase()
+  : monitor("SyncRunnableBase::monitor")
+{
+}
+
+nsresult
+SyncRunnableBase::DispatchToMainThreadAndWait()
+{
+  nsresult rv;
+  if (NS_IsMainThread()) {
+    RunOnTargetThread();
+    rv = NS_OK;
+  } else {
+    mozilla::MonitorAutoLock lock(monitor);
+    rv = NS_DispatchToMainThread(this);
+    if (NS_SUCCEEDED(rv)) {
+      lock.Wait();
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+SyncRunnableBase::Run()
+{
+  RunOnTargetThread();
+  mozilla::MonitorAutoLock(monitor).Notify();
+  return NS_OK;
+}
+
+nsresult
+NotifyObserverRunnable::Run()
+{
+  mObserver->Observe(nullptr, mTopic, nullptr);
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/PSMRunnable.h b/security/manager/ssl/PSMRunnable.h
new file mode 100644
index 000000000..b43bc62c6
--- /dev/null
+++ b/security/manager/ssl/PSMRunnable.h
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PSMRunnable_h
+#define PSMRunnable_h
+
+#include "mozilla/Monitor.h"
+#include "nsThreadUtils.h"
+#include "nsIObserver.h"
+#include "nsProxyRelease.h"
+
+namespace mozilla { namespace psm {
+
+// Wait for the event to run on the target thread without spinning the event
+// loop on the calling thread. (Dispatching events to a thread using
+// NS_DISPATCH_SYNC would cause the event loop on the calling thread to spin.)
+class SyncRunnableBase : public Runnable
+{
+public:
+  NS_DECL_NSIRUNNABLE
+  nsresult DispatchToMainThreadAndWait();
+protected:
+  SyncRunnableBase();
+  virtual void RunOnTargetThread() = 0;
+private:
+  mozilla::Monitor monitor;
+};
+
+class NotifyObserverRunnable : public Runnable
+{
+public:
+  NotifyObserverRunnable(nsIObserver * observer,
+                         const char * topicStringLiteral)
+    : mObserver(new nsMainThreadPtrHolder<nsIObserver>(observer)),
+      mTopic(topicStringLiteral) {
+  }
+  NS_DECL_NSIRUNNABLE
+private:
+  nsMainThreadPtrHandle<nsIObserver> mObserver;
+  const char * const mTopic;
+};
+
+} } // namespace mozilla::psm
+
+#endif
diff --git a/security/manager/ssl/PublicKeyPinningService.cpp b/security/manager/ssl/PublicKeyPinningService.cpp
new file mode 100644
index 000000000..1f34c880b
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.cpp
@@ -0,0 +1,374 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "PublicKeyPinningService.h"
+
+#include "RootCertificateTelemetryUtils.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Telemetry.h"
+#include "nsISiteSecurityService.h"
+#include "nsServiceManagerUtils.h"
+#include "nsSiteSecurityService.h"
+#include "nssb64.h"
+#include "pkix/pkixtypes.h"
+#include "seccomon.h"
+#include "sechash.h"
+
+#include "StaticHPKPins.h" // autogenerated by genHPKPStaticpins.js
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+LazyLogModule gPublicKeyPinningLog("PublicKeyPinningService");
+
+/**
+ Computes in the location specified by base64Out the SHA256 digest
+ of the DER Encoded subject Public Key Info for the given cert
+*/
+static nsresult
+GetBase64HashSPKI(const CERTCertificate* cert, nsACString& hashSPKIDigest)
+{
+  hashSPKIDigest.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->derPublicKey.data,
+                                 cert->derPublicKey.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return Base64Encode(nsDependentCSubstring(
+                        BitwiseCast<char*, unsigned char*>(digest.get().data),
+                        digest.get().len),
+                      hashSPKIDigest);
+}
+
+/*
+ * Sets certMatchesPinset to true if a given cert matches any fingerprints from
+ * the given pinset or the dynamicFingerprints array, or to false otherwise.
+ */
+static nsresult
+EvalCert(const CERTCertificate* cert, const StaticFingerprints* fingerprints,
+         const nsTArray<nsCString>* dynamicFingerprints,
+ /*out*/ bool& certMatchesPinset)
+{
+  certMatchesPinset = false;
+  if (!fingerprints && !dynamicFingerprints) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: No hashes found\n"));
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString base64Out;
+  nsresult rv = GetBase64HashSPKI(cert, base64Out);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: GetBase64HashSPKI failed!\n"));
+    return rv;
+  }
+
+  if (fingerprints) {
+    for (size_t i = 0; i < fingerprints->size; i++) {
+      if (base64Out.Equals(fingerprints->data[i])) {
+        MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+               ("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
+        certMatchesPinset = true;
+        return NS_OK;
+      }
+    }
+  }
+  if (dynamicFingerprints) {
+    for (size_t i = 0; i < dynamicFingerprints->Length(); i++) {
+      if (base64Out.Equals((*dynamicFingerprints)[i])) {
+        MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+               ("pkpin: found pin base_64 ='%s'\n", base64Out.get()));
+        certMatchesPinset = true;
+        return NS_OK;
+      }
+    }
+  }
+  return NS_OK;
+}
+
+/*
+ * Sets certListIntersectsPinset to true if a given chain matches any
+ * fingerprints from the given static fingerprints or the
+ * dynamicFingerprints array, or to false otherwise.
+ */
+static nsresult
+EvalChain(const UniqueCERTCertList& certList,
+          const StaticFingerprints* fingerprints,
+          const nsTArray<nsCString>* dynamicFingerprints,
+  /*out*/ bool& certListIntersectsPinset)
+{
+  certListIntersectsPinset = false;
+  CERTCertificate* currentCert;
+
+  if (!fingerprints && !dynamicFingerprints) {
+    MOZ_ASSERT(false, "Must pass in at least one type of pinset");
+    return NS_ERROR_FAILURE;
+  }
+
+  CERTCertListNode* node;
+  for (node = CERT_LIST_HEAD(certList); !CERT_LIST_END(node, certList);
+       node = CERT_LIST_NEXT(node)) {
+    currentCert = node->cert;
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: certArray subject: '%s'\n", currentCert->subjectName));
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: certArray issuer: '%s'\n", currentCert->issuerName));
+    nsresult rv = EvalCert(currentCert, fingerprints, dynamicFingerprints,
+                           certListIntersectsPinset);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (certListIntersectsPinset) {
+      return NS_OK;
+    }
+  }
+  MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug, ("pkpin: no matches found\n"));
+  return NS_OK;
+}
+
+/**
+  Comparator for the is public key pinned host.
+*/
+static int
+TransportSecurityPreloadCompare(const void* key, const void* entry) {
+  auto keyStr = static_cast<const char*>(key);
+  auto preloadEntry = static_cast<const TransportSecurityPreload*>(entry);
+
+  return strcmp(keyStr, preloadEntry->mHost);
+}
+
+nsresult
+PublicKeyPinningService::ChainMatchesPinset(const UniqueCERTCertList& certList,
+                                            const nsTArray<nsCString>& aSHA256keys,
+                                    /*out*/ bool& chainMatchesPinset)
+{
+  return EvalChain(certList, nullptr, &aSHA256keys, chainMatchesPinset);
+}
+
+// Returns via one of the output parameters the most relevant pinning
+// information that is valid for the given host at the given time.
+// Dynamic pins are prioritized over static pins.
+static nsresult
+FindPinningInformation(const char* hostname, mozilla::pkix::Time time,
+               /*out*/ nsTArray<nsCString>& dynamicFingerprints,
+               /*out*/ TransportSecurityPreload*& staticFingerprints)
+{
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  staticFingerprints = nullptr;
+  dynamicFingerprints.Clear();
+  nsCOMPtr<nsISiteSecurityService> sssService =
+    do_GetService(NS_SSSERVICE_CONTRACTID);
+  if (!sssService) {
+    return NS_ERROR_FAILURE;
+  }
+  TransportSecurityPreload* foundEntry = nullptr;
+  char* evalHost = const_cast<char*>(hostname);
+  char* evalPart;
+  // Notice how the (xx = strchr) prevents pins for unqualified domain names.
+  while (!foundEntry && (evalPart = strchr(evalHost, '.'))) {
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: Querying pinsets for host: '%s'\n", evalHost));
+    // Attempt dynamic pins first
+    nsresult rv;
+    bool found;
+    bool includeSubdomains;
+    nsTArray<nsCString> pinArray;
+    rv = sssService->GetKeyPinsForHostname(evalHost, time, pinArray,
+                                           &includeSubdomains, &found);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (found && (evalHost == hostname || includeSubdomains)) {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Found dyn match for host: '%s'\n", evalHost));
+      dynamicFingerprints = pinArray;
+      return NS_OK;
+    }
+
+    foundEntry = (TransportSecurityPreload *)bsearch(evalHost,
+      kPublicKeyPinningPreloadList,
+      sizeof(kPublicKeyPinningPreloadList) / sizeof(TransportSecurityPreload),
+      sizeof(TransportSecurityPreload),
+      TransportSecurityPreloadCompare);
+    if (foundEntry) {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Found pinset for host: '%s'\n", evalHost));
+      if (evalHost != hostname) {
+        if (!foundEntry->mIncludeSubdomains) {
+          // Does not apply to this host, continue iterating
+          foundEntry = nullptr;
+        }
+      }
+    } else {
+      MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+             ("pkpin: Didn't find pinset for host: '%s'\n", evalHost));
+    }
+    // Add one for '.'
+    evalHost = evalPart + 1;
+  }
+
+  if (foundEntry && foundEntry->pinset) {
+    if (time > TimeFromEpochInSeconds(kPreloadPKPinsExpirationTime /
+                                      PR_USEC_PER_SEC)) {
+      return NS_OK;
+    }
+    staticFingerprints = foundEntry;
+  }
+  return NS_OK;
+}
+
+// Returns true via the output parameter if the given certificate list meets
+// pinning requirements for the given host at the given time. It must be the
+// case that either there is an intersection between the set of hashes of
+// subject public key info data in the list and the most relevant non-expired
+// pinset for the host or there is no pinning information for the host.
+static nsresult
+CheckPinsForHostname(const UniqueCERTCertList& certList, const char* hostname,
+                     bool enforceTestMode, mozilla::pkix::Time time,
+             /*out*/ bool& chainHasValidPins,
+    /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+{
+  chainHasValidPins = false;
+  if (!certList) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsTArray<nsCString> dynamicFingerprints;
+  TransportSecurityPreload* staticFingerprints = nullptr;
+  nsresult rv = FindPinningInformation(hostname, time, dynamicFingerprints,
+                                       staticFingerprints);
+  // If we have no pinning information, the certificate chain trivially
+  // validates with respect to pinning.
+  if (dynamicFingerprints.Length() == 0 && !staticFingerprints) {
+    chainHasValidPins = true;
+    return NS_OK;
+  }
+  if (dynamicFingerprints.Length() > 0) {
+    return EvalChain(certList, nullptr, &dynamicFingerprints, chainHasValidPins);
+  }
+  if (staticFingerprints) {
+    bool enforceTestModeResult;
+    rv = EvalChain(certList, staticFingerprints->pinset, nullptr,
+                   enforceTestModeResult);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    chainHasValidPins = enforceTestModeResult;
+    Telemetry::ID histogram = staticFingerprints->mIsMoz
+      ? Telemetry::CERT_PINNING_MOZ_RESULTS
+      : Telemetry::CERT_PINNING_RESULTS;
+    if (staticFingerprints->mTestMode) {
+      histogram = staticFingerprints->mIsMoz
+        ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS
+        : Telemetry::CERT_PINNING_TEST_RESULTS;
+      if (!enforceTestMode) {
+        chainHasValidPins = true;
+      }
+    }
+    // We can collect per-host pinning violations for this host because it is
+    // operationally critical to Firefox.
+    if (pinningTelemetryInfo) {
+      if (staticFingerprints->mId != kUnknownId) {
+        int32_t bucket = staticFingerprints->mId * 2
+                         + (enforceTestModeResult ? 1 : 0);
+        histogram = staticFingerprints->mTestMode
+          ? Telemetry::CERT_PINNING_MOZ_TEST_RESULTS_BY_HOST
+          : Telemetry::CERT_PINNING_MOZ_RESULTS_BY_HOST;
+        pinningTelemetryInfo->certPinningResultBucket = bucket;
+      } else {
+        pinningTelemetryInfo->certPinningResultBucket =
+            enforceTestModeResult ? 1 : 0;
+      }
+      pinningTelemetryInfo->accumulateResult = true;
+      pinningTelemetryInfo->certPinningResultHistogram = histogram;
+    }
+
+    // We only collect per-CA pinning statistics upon failures.
+    CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+    // Only log telemetry if the certificate list is non-empty.
+    if (!CERT_LIST_END(rootNode, certList)) {
+      if (!enforceTestModeResult && pinningTelemetryInfo) {
+        int32_t binNumber = RootCABinNumber(&rootNode->cert->derCert);
+        if (binNumber != ROOT_CERTIFICATE_UNKNOWN ) {
+          pinningTelemetryInfo->accumulateForRoot = true;
+          pinningTelemetryInfo->rootBucket = binNumber;
+        }
+      }
+    }
+
+    MOZ_LOG(gPublicKeyPinningLog, LogLevel::Debug,
+           ("pkpin: Pin check %s for %s host '%s' (mode=%s)\n",
+            enforceTestModeResult ? "passed" : "failed",
+            staticFingerprints->mIsMoz ? "mozilla" : "non-mozilla",
+            hostname, staticFingerprints->mTestMode ? "test" : "production"));
+  }
+
+  return NS_OK;
+}
+
+nsresult
+PublicKeyPinningService::ChainHasValidPins(const UniqueCERTCertList& certList,
+                                           const char* hostname,
+                                           mozilla::pkix::Time time,
+                                           bool enforceTestMode,
+                                   /*out*/ bool& chainHasValidPins,
+                          /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo)
+{
+  chainHasValidPins = false;
+  if (!certList) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  if (!hostname || hostname[0] == 0) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
+  return CheckPinsForHostname(certList, canonicalizedHostname.get(),
+                              enforceTestMode, time, chainHasValidPins,
+                              pinningTelemetryInfo);
+}
+
+nsresult
+PublicKeyPinningService::HostHasPins(const char* hostname,
+                                     mozilla::pkix::Time time,
+                                     bool enforceTestMode,
+                                     /*out*/ bool& hostHasPins)
+{
+  hostHasPins = false;
+  nsAutoCString canonicalizedHostname(CanonicalizeHostname(hostname));
+  nsTArray<nsCString> dynamicFingerprints;
+  TransportSecurityPreload* staticFingerprints = nullptr;
+  nsresult rv = FindPinningInformation(canonicalizedHostname.get(), time,
+                                       dynamicFingerprints, staticFingerprints);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (dynamicFingerprints.Length() > 0) {
+    hostHasPins = true;
+  } else if (staticFingerprints) {
+    hostHasPins = !staticFingerprints->mTestMode || enforceTestMode;
+  }
+  return NS_OK;
+}
+
+nsAutoCString
+PublicKeyPinningService::CanonicalizeHostname(const char* hostname)
+{
+  nsAutoCString canonicalizedHostname(hostname);
+  ToLowerCase(canonicalizedHostname);
+  while (canonicalizedHostname.Length() > 0 &&
+         canonicalizedHostname.Last() == '.') {
+    canonicalizedHostname.Truncate(canonicalizedHostname.Length() - 1);
+  }
+  return canonicalizedHostname;
+}
diff --git a/security/manager/ssl/PublicKeyPinningService.h b/security/manager/ssl/PublicKeyPinningService.h
new file mode 100644
index 000000000..f42376b52
--- /dev/null
+++ b/security/manager/ssl/PublicKeyPinningService.h
@@ -0,0 +1,65 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef PublicKeyPinningService_h
+#define PublicKeyPinningService_h
+
+#include "CertVerifier.h"
+#include "ScopedNSSTypes.h"
+#include "cert.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "pkix/Time.h"
+
+namespace mozilla {
+namespace psm {
+
+class PublicKeyPinningService
+{
+public:
+  /**
+   * Sets chainHasValidPins to true if the given (host, certList) passes pinning
+   * checks, or to false otherwise. If the host is pinned, returns true via
+   * chainHasValidPins if one of the keys in the given certificate chain matches
+   * the pin set specified by the hostname. The certList's head is the EE cert
+   * and the tail is the trust anchor.
+   * Note: if an alt name is a wildcard, it won't necessarily find a pinset
+   * that would otherwise be valid for it
+   */
+  static nsresult ChainHasValidPins(const UniqueCERTCertList& certList,
+                                    const char* hostname,
+                                    mozilla::pkix::Time time,
+                                    bool enforceTestMode,
+                            /*out*/ bool& chainHasValidPins,
+                   /*optional out*/ PinningTelemetryInfo* pinningTelemetryInfo);
+  /**
+   * Sets chainMatchesPinset to true if there is any intersection between the
+   * certificate list and the pins specified in the aSHA256keys array.
+   * Values passed in are assumed to be in base64 encoded form.
+   */
+  static nsresult ChainMatchesPinset(const UniqueCERTCertList& certList,
+                                     const nsTArray<nsCString>& aSHA256keys,
+                             /*out*/ bool& chainMatchesPinset);
+
+  /**
+   * Returns true via the output parameter hostHasPins if there is pinning
+   * information for the given host that is valid at the given time, and false
+   * otherwise.
+   */
+  static nsresult HostHasPins(const char* hostname,
+                              mozilla::pkix::Time time,
+                              bool enforceTestMode,
+                      /*out*/ bool& hostHasPins);
+
+  /**
+   * Given a hostname of potentially mixed case with potentially multiple
+   * trailing '.' (see bug 1118522), canonicalizes it to lowercase with no
+   * trailing '.'.
+   */
+  static nsAutoCString CanonicalizeHostname(const char* hostname);
+};
+
+}} // namespace mozilla::psm
+
+#endif // PublicKeyPinningService_h
diff --git a/security/manager/ssl/PublicSSL.h b/security/manager/ssl/PublicSSL.h
new file mode 100644
index 000000000..71351f3e4
--- /dev/null
+++ b/security/manager/ssl/PublicSSL.h
@@ -0,0 +1,25 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_SSL_h
+#define mozilla_SSL_h
+
+namespace mozilla {
+
+void ClearPrivateSSLState();
+
+namespace psm {
+
+void InitializeSSLServerCertVerificationThreads();
+void StopSSLServerCertVerificationThreads();
+void DisableMD5();
+nsresult InitializeCipherSuite();
+
+} //namespace psm
+} // namespace mozilla
+
+#endif
+
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.cpp b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
new file mode 100644
index 000000000..3f9ea3eb6
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.cpp
@@ -0,0 +1,90 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "RootCertificateTelemetryUtils.h"
+
+#include "mozilla/Logging.h"
+#include "RootHashes.inc" // Note: Generated by genRootCAHashes.js
+#include "ScopedNSSTypes.h"
+#include "mozilla/ArrayUtils.h"
+
+namespace mozilla { namespace psm {
+
+mozilla::LazyLogModule gPublicKeyPinningTelemetryLog("PublicKeyPinningTelemetryService");
+
+// Used in the BinarySearch method, this does a memcmp between the pointer
+// provided to its construtor and whatever the binary search is looking for.
+//
+// This implementation assumes everything to be of HASH_LEN, so it should not
+// be used generically.
+class BinaryHashSearchArrayComparator
+{
+public:
+  explicit BinaryHashSearchArrayComparator(const uint8_t* aTarget, size_t len)
+    : mTarget(aTarget)
+  {
+    NS_ASSERTION(len == HASH_LEN, "Hashes should be of the same length.");
+  }
+
+  int operator()(const CertAuthorityHash val) const {
+    return memcmp(mTarget, val.hash, HASH_LEN);
+  }
+
+private:
+  const uint8_t* mTarget;
+};
+
+// Perform a hash of the provided cert, then search in the RootHashes.inc data
+// structure for a matching bin number.
+int32_t
+RootCABinNumber(const SECItem* cert)
+{
+  Digest digest;
+
+  // Compute SHA256 hash of the certificate
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, cert->data, cert->len);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return ROOT_CERTIFICATE_HASH_FAILURE;
+  }
+
+  // Compare against list of stored hashes
+  size_t idx;
+
+  MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+           ("pkpinTelem: First bytes %02hx %02hx %02hx %02hx\n",
+            digest.get().data[0], digest.get().data[1], digest.get().data[2], digest.get().data[3]));
+
+  if (mozilla::BinarySearchIf(ROOT_TABLE, 0, ArrayLength(ROOT_TABLE),
+        BinaryHashSearchArrayComparator(static_cast<uint8_t*>(digest.get().data),
+                                        digest.get().len),
+        &idx)) {
+
+    MOZ_LOG(gPublicKeyPinningTelemetryLog, LogLevel::Debug,
+          ("pkpinTelem: Telemetry index was %lu, bin is %d\n",
+           idx, ROOT_TABLE[idx].binNumber));
+    return (int32_t) ROOT_TABLE[idx].binNumber;
+  }
+
+  // Didn't match.
+  return ROOT_CERTIFICATE_UNKNOWN;
+}
+
+
+// Attempt to increment the appropriate bin in the provided Telemetry probe ID. If
+// there was a hash failure, we do nothing.
+void
+AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, 
+  const CERTCertificate* cert)
+{
+  int32_t binId = RootCABinNumber(&cert->derCert);
+
+  if (binId != ROOT_CERTIFICATE_HASH_FAILURE) {
+    Accumulate(probe, binId);
+  }
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/RootCertificateTelemetryUtils.h b/security/manager/ssl/RootCertificateTelemetryUtils.h
new file mode 100644
index 000000000..05dbb4e44
--- /dev/null
+++ b/security/manager/ssl/RootCertificateTelemetryUtils.h
@@ -0,0 +1,30 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef RootCertificateTelemetryUtils_h
+#define RootCertificateTelemetryUtils_h
+
+#include "mozilla/Telemetry.h"
+#include "certt.h"
+
+namespace mozilla { namespace psm {
+
+// Note: New CAs will show up as UNKNOWN_ROOT until
+// RootHashes.inc is updated to include them. 0 is reserved by
+// genRootCAHashes.js for the unknowns.
+#define ROOT_CERTIFICATE_UNKNOWN  0
+#define ROOT_CERTIFICATE_HASH_FAILURE -1
+
+int32_t
+RootCABinNumber(const SECItem* cert);
+
+void
+AccumulateTelemetryForRootCA(mozilla::Telemetry::ID probe, const CERTCertificate* cert);
+
+} // namespace psm
+} // namespace mozilla
+
+#endif // RootCertificateTelemetryUtils_h
diff --git a/security/manager/ssl/RootHashes.inc b/security/manager/ssl/RootHashes.inc
new file mode 100644
index 000000000..c335990cb
--- /dev/null
+++ b/security/manager/ssl/RootHashes.inc
@@ -0,0 +1,1140 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* RootCertificateTelemetryUtils.cpp, you shouldn't be #including it.        */
+/*****************************************************************************/
+
+#define HASH_LEN 32
+struct CertAuthorityHash {
+ const uint8_t hash[HASH_LEN];
+ const int32_t binNumber;
+};
+
+static const struct CertAuthorityHash ROOT_TABLE[] = {
+  {
+    /* Entrust_Root_Certification_Authority___EC1 */
+    { 0x02, 0xED, 0x0E, 0xB2, 0x8C, 0x14, 0xDA, 0x45, 0x16, 0x5C, 0x56, 0x67, 0x91, 0x70, 0x0D, 0x64,
+      0x51, 0xD7, 0xFB, 0x56, 0xF0, 0xB2, 0xAB, 0x1D, 0x3B, 0x8E, 0xB0, 0x70, 0xE5, 0x6E, 0xDF, 0xF5 },
+      164 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Commercial */
+    { 0x03, 0x76, 0xAB, 0x1D, 0x54, 0xC5, 0xF9, 0x80, 0x3C, 0xE4, 0xB2, 0xE2, 0x01, 0xA0, 0xEE, 0x7E,
+      0xEF, 0x7B, 0x57, 0xB6, 0x36, 0xE8, 0xA9, 0x3C, 0x9B, 0x8D, 0x48, 0x60, 0xC9, 0x6F, 0x5F, 0xA7 },
+      109 /* Bin Number */
+  },
+  {
+    /* ACEDICOM_Root */
+    { 0x03, 0x95, 0x0F, 0xB4, 0x9A, 0x53, 0x1F, 0x3E, 0x19, 0x91, 0x94, 0x23, 0x98, 0xDF, 0xA9, 0xE0,
+      0xEA, 0x32, 0xD7, 0xBA, 0x1C, 0xDD, 0x9B, 0xC8, 0x5D, 0xB5, 0x7E, 0xD9, 0x40, 0x0B, 0x43, 0x4A },
+      98 /* Bin Number */
+  },
+  {
+    /* Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068 */
+    { 0x04, 0x04, 0x80, 0x28, 0xBF, 0x1F, 0x28, 0x64, 0xD4, 0x8F, 0x9A, 0xD4, 0xD8, 0x32, 0x94, 0x36,
+      0x6A, 0x82, 0x88, 0x56, 0x55, 0x3F, 0x3B, 0x14, 0x30, 0x3F, 0x90, 0x14, 0x7F, 0x5D, 0x40, 0xEF },
+      102 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root___2008 */
+    { 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08, 0x9B, 0x85, 0x42, 0xE9, 0x46,
+      0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94, 0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 },
+      104 /* Bin Number */
+  },
+  {
+    /* DST_Root_CA_X3 */
+    { 0x06, 0x87, 0x26, 0x03, 0x31, 0xA7, 0x24, 0x03, 0xD9, 0x09, 0xF1, 0x05, 0xE6, 0x9B, 0xCF, 0x0D,
+      0x32, 0xE1, 0xBD, 0x24, 0x93, 0xFF, 0xC6, 0xD9, 0x20, 0x6D, 0x11, 0xBC, 0xD6, 0x77, 0x07, 0x39 },
+      52 /* Bin Number */
+  },
+  {
+    /* AddTrust_Public_CA_Root */
+    { 0x07, 0x91, 0xCA, 0x07, 0x49, 0xB2, 0x07, 0x82, 0xAA, 0xD3, 0xC7, 0xD7, 0xBD, 0x0C, 0xDF, 0xC9,
+      0x48, 0x58, 0x35, 0x84, 0x3E, 0xB2, 0xD7, 0x99, 0x60, 0x09, 0xCE, 0x43, 0xAB, 0x6C, 0x69, 0x27 },
+      16 /* Bin Number */
+  },
+  {
+    /* OU_Equifax_Secure_Certificate_Authority_O_Equifax_C_US */
+    { 0x08, 0x29, 0x7A, 0x40, 0x47, 0xDB, 0xA2, 0x36, 0x80, 0xC7, 0x31, 0xDB, 0x6E, 0x31, 0x76, 0x53,
+      0xCA, 0x78, 0x48, 0xE1, 0xBE, 0xBD, 0x3A, 0x0B, 0x01, 0x79, 0xA7, 0x07, 0xF9, 0x2C, 0xF1, 0x78 },
+      4 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Networking */
+    { 0x0A, 0x81, 0xEC, 0x5A, 0x92, 0x97, 0x77, 0xF1, 0x45, 0x90, 0x4A, 0xF3, 0x8D, 0x5D, 0x50, 0x9F,
+      0x66, 0xB5, 0xE2, 0xC5, 0x8F, 0xCD, 0xB5, 0x31, 0x05, 0x8B, 0x0E, 0x17, 0xF3, 0xF0, 0xB4, 0x1B },
+      110 /* Bin Number */
+  },
+  {
+    /* Chambers_of_Commerce_Root */
+    { 0x0C, 0x25, 0x8A, 0x12, 0xA5, 0x67, 0x4A, 0xEF, 0x25, 0xF2, 0x8B, 0xA7, 0xDC, 0xFA, 0xEC, 0xEE,
+      0xA3, 0x48, 0xE5, 0x41, 0xE6, 0xF5, 0xCC, 0x4E, 0xE6, 0x3B, 0x71, 0xB3, 0x61, 0x60, 0x6A, 0xC3 },
+      39 /* Bin Number */
+  },
+  {
+    /* COMODO_Certification_Authority */
+    { 0x0C, 0x2C, 0xD6, 0x3D, 0xF7, 0x80, 0x6F, 0xA3, 0x99, 0xED, 0xE8, 0x09, 0x11, 0x6B, 0x57, 0x5B,
+      0xF8, 0x79, 0x89, 0xF0, 0x65, 0x18, 0xF9, 0x80, 0x8C, 0x86, 0x05, 0x03, 0x17, 0x8B, 0xAF, 0x66 },
+      63 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_CA_1 */
+    { 0x0F, 0x4E, 0x9C, 0xDD, 0x26, 0x4B, 0x02, 0x55, 0x50, 0xD1, 0x70, 0x80, 0x63, 0x40, 0x21, 0x4F,
+      0xE9, 0x44, 0x34, 0xC9, 0xB0, 0x2F, 0x69, 0x7E, 0xC7, 0x10, 0xFC, 0x5F, 0xEA, 0xFB, 0x5E, 0x38 },
+      80 /* Bin Number */
+  },
+  {
+    /* Class_2_Primary_CA */
+    { 0x0F, 0x99, 0x3C, 0x8A, 0xEF, 0x97, 0xBA, 0xAF, 0x56, 0x87, 0x14, 0x0E, 0xD5, 0x9A, 0xD1, 0x82,
+      0x1B, 0xB4, 0xAF, 0xAC, 0xF0, 0xAA, 0x9A, 0x58, 0xB5, 0xD5, 0x7A, 0x33, 0x8A, 0x3A, 0xFB, 0xCB },
+      51 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root___2008 */
+    { 0x13, 0x63, 0x35, 0x43, 0x93, 0x34, 0xA7, 0x69, 0x80, 0x16, 0xA0, 0xD3, 0x24, 0xDE, 0x72, 0x28,
+      0x4E, 0x07, 0x9D, 0x7B, 0x52, 0x20, 0xBB, 0x8F, 0xBD, 0x74, 0x78, 0x16, 0xEE, 0xBE, 0xBA, 0xCA },
+      105 /* Bin Number */
+  },
+  {
+    /* OU_Starfield_Class_2_Certification_Authority_O__Starfield_Technologies__Inc___C_US */
+    { 0x14, 0x65, 0xFA, 0x20, 0x53, 0x97, 0xB8, 0x76, 0xFA, 0xA6, 0xF0, 0xA9, 0x95, 0x8E, 0x55, 0x90,
+      0xE4, 0x0F, 0xCC, 0x7F, 0xAA, 0x4F, 0xB7, 0xC2, 0xC8, 0x67, 0x75, 0x21, 0xFB, 0x5F, 0xB6, 0x58 },
+      44 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G1 */
+    { 0x15, 0x2A, 0x40, 0x2B, 0xFC, 0xDF, 0x2C, 0xD5, 0x48, 0x05, 0x4D, 0x22, 0x75, 0xB3, 0x9C, 0x7F,
+      0xCA, 0x3E, 0xC0, 0x97, 0x80, 0x78, 0xB0, 0xF0, 0xEA, 0x76, 0xE5, 0x61, 0xA6, 0xC7, 0x43, 0x3E },
+      176 /* Bin Number */
+  },
+  {
+    /* Network_Solutions_Certificate_Authority */
+    { 0x15, 0xF0, 0xBA, 0x00, 0xA3, 0xAC, 0x7A, 0xF3, 0xAC, 0x88, 0x4C, 0x07, 0x2B, 0x10, 0x11, 0xA0,
+      0x77, 0xBD, 0x77, 0xC0, 0x97, 0xF4, 0x01, 0x64, 0xB2, 0xF8, 0x59, 0x8A, 0xBD, 0x83, 0x86, 0x0C },
+      64 /* Bin Number */
+  },
+  {
+    /* Baltimore_CyberTrust_Root */
+    { 0x16, 0xAF, 0x57, 0xA9, 0xF6, 0x76, 0xB0, 0xAB, 0x12, 0x60, 0x95, 0xAA, 0x5E, 0xBA, 0xDE, 0xF2,
+      0x2A, 0xB3, 0x11, 0x19, 0xD6, 0x44, 0xAC, 0x95, 0xCD, 0x4B, 0x93, 0xDB, 0xF3, 0xF2, 0x6A, 0xEB },
+      11 /* Bin Number */
+  },
+  {
+    /* COMODO_ECC_Certification_Authority */
+    { 0x17, 0x93, 0x92, 0x7A, 0x06, 0x14, 0x54, 0x97, 0x89, 0xAD, 0xCE, 0x2F, 0x8F, 0x34, 0xF7, 0xF0,
+      0xB6, 0x6D, 0x0F, 0x3A, 0xE3, 0xA3, 0xB8, 0x4D, 0x21, 0xEC, 0x15, 0xDB, 0xBA, 0x4F, 0xAD, 0xC7 },
+      66 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0x17, 0x9F, 0xBC, 0x14, 0x8A, 0x3D, 0xD0, 0x0F, 0xD2, 0x4E, 0xA1, 0x34, 0x58, 0xCC, 0x43, 0xBF,
+      0xA7, 0xF5, 0x9C, 0x81, 0x82, 0xD7, 0x83, 0xA5, 0x13, 0xF6, 0xEB, 0xEC, 0x10, 0x0C, 0x89, 0x24 },
+      158 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_3 */
+    { 0x18, 0xCE, 0x6C, 0xFE, 0x7B, 0xF1, 0x4E, 0x60, 0xB2, 0xE3, 0x47, 0xB8, 0xDF, 0xE8, 0x68, 0xCB,
+      0x31, 0xD0, 0x2E, 0xBB, 0x3A, 0xDA, 0x27, 0x15, 0x69, 0xF5, 0x03, 0x43, 0xB4, 0x6D, 0xB3, 0xA4 },
+      185 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3 */
+    { 0x18, 0xF1, 0xFC, 0x7F, 0x20, 0x5D, 0xF8, 0xAD, 0xDD, 0xEB, 0x7F, 0xE0, 0x07, 0xDD, 0x57, 0xE3,
+      0xAF, 0x37, 0x5A, 0x9C, 0x4D, 0x8D, 0x73, 0x54, 0x6B, 0xF4, 0xF1, 0xFE, 0xD1, 0xE1, 0x8D, 0x35 },
+      33 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_2 */
+    { 0x1B, 0xA5, 0xB2, 0xAA, 0x8C, 0x65, 0x40, 0x1A, 0x82, 0x96, 0x01, 0x18, 0xF8, 0x0B, 0xEC, 0x4F,
+      0x62, 0x30, 0x4D, 0x83, 0xCE, 0xC4, 0x71, 0x3A, 0x19, 0xC3, 0x9C, 0x01, 0x1E, 0xA4, 0x6D, 0xB4 },
+      184 /* Bin Number */
+  },
+  {
+    /* China_Internet_Network_Information_Center_EV_Certificates_Root */
+    { 0x1C, 0x01, 0xC6, 0xF4, 0xDB, 0xB2, 0xFE, 0xFC, 0x22, 0x55, 0x8B, 0x2B, 0xCA, 0x32, 0x56, 0x3F,
+      0x49, 0x84, 0x4A, 0xCF, 0xC3, 0x2B, 0x7B, 0xE4, 0xB0, 0xFF, 0x59, 0x9F, 0x9E, 0x8C, 0x7A, 0xF7 },
+      133 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_1 */
+    { 0x21, 0xDB, 0x20, 0x12, 0x36, 0x60, 0xBB, 0x2E, 0xD4, 0x18, 0x20, 0x5D, 0xA1, 0x1E, 0xE7, 0xA8,
+      0x5A, 0x65, 0xE2, 0xBC, 0x6E, 0x55, 0xB5, 0xAF, 0x7E, 0x78, 0x99, 0xC8, 0xA2, 0x66, 0xD9, 0x2E },
+      47 /* Bin Number */
+  },
+  {
+    /* VeriSign_Universal_Root_Certification_Authority */
+    { 0x23, 0x99, 0x56, 0x11, 0x27, 0xA5, 0x71, 0x25, 0xDE, 0x8C, 0xEF, 0xEA, 0x61, 0x0D, 0xDF, 0x2F,
+      0xA0, 0x78, 0xB5, 0xC8, 0x06, 0x7F, 0x4E, 0x82, 0x82, 0x90, 0xBF, 0xB8, 0x60, 0xE8, 0x4B, 0x3C },
+      90 /* Bin Number */
+  },
+  {
+    /* Izenpe_com */
+    { 0x25, 0x30, 0xCC, 0x8E, 0x98, 0x32, 0x15, 0x02, 0xBA, 0xD9, 0x6F, 0x9B, 0x1F, 0xBA, 0x1B, 0x09,
+      0x9E, 0x2D, 0x29, 0x9E, 0x0F, 0x45, 0x48, 0xBB, 0x91, 0x4F, 0x36, 0x3B, 0xC0, 0xD4, 0x53, 0x1F },
+      103 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G2 */
+    { 0x27, 0x99, 0x58, 0x29, 0xFE, 0x6A, 0x75, 0x15, 0xC1, 0xBF, 0xE8, 0x48, 0xF9, 0xC4, 0x76, 0x1D,
+      0xB1, 0x6C, 0x22, 0x59, 0x29, 0x25, 0x7B, 0xF4, 0x0D, 0x08, 0x94, 0xF2, 0x9E, 0xA8, 0xBA, 0xF2 },
+      179 /* Bin Number */
+  },
+  {
+    /* Certinomis___Root_CA */
+    { 0x2A, 0x99, 0xF5, 0xBC, 0x11, 0x74, 0xB7, 0x3C, 0xBB, 0x1D, 0x62, 0x08, 0x84, 0xE0, 0x1C, 0x34,
+      0xE5, 0x1C, 0xCB, 0x39, 0x78, 0xDA, 0x12, 0x5F, 0x0E, 0x33, 0x26, 0x88, 0x83, 0xBF, 0x41, 0x58 },
+      168 /* Bin Number */
+  },
+  {
+    /* Starfield_Root_Certificate_Authority___G2 */
+    { 0x2C, 0xE1, 0xCB, 0x0B, 0xF9, 0xD2, 0xF9, 0xE1, 0x02, 0x99, 0x3F, 0xBE, 0x21, 0x51, 0x52, 0xC3,
+      0xB2, 0xDD, 0x0C, 0xAB, 0xDE, 0x1C, 0x68, 0xE5, 0x31, 0x9B, 0x83, 0x91, 0x54, 0xDB, 0xB7, 0xF5 },
+      107 /* Bin Number */
+  },
+  {
+    /* OU_ApplicationCA_O_Japanese_Government_C_JP */
+    { 0x2D, 0x47, 0x43, 0x7D, 0xE1, 0x79, 0x51, 0x21, 0x5A, 0x12, 0xF3, 0xC5, 0x8E, 0x51, 0xC7, 0x29,
+      0xA5, 0x80, 0x26, 0xEF, 0x1F, 0xCC, 0x0A, 0x5F, 0xB3, 0xD9, 0xDC, 0x01, 0x2F, 0x60, 0x0D, 0x19 },
+      85 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Public_Sector_Root_CA_1 */
+    { 0x30, 0xD0, 0x89, 0x5A, 0x9A, 0x44, 0x8A, 0x26, 0x20, 0x91, 0x63, 0x55, 0x22, 0xD1, 0xF5, 0x20,
+      0x10, 0xB5, 0x86, 0x7A, 0xCA, 0xE1, 0x2C, 0x78, 0xEF, 0x95, 0x8F, 0xD4, 0xF4, 0x38, 0x9F, 0x2F },
+      162 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G3 */
+    { 0x31, 0xAD, 0x66, 0x48, 0xF8, 0x10, 0x41, 0x38, 0xC7, 0x38, 0xF3, 0x9E, 0xA4, 0x32, 0x01, 0x33,
+      0x39, 0x3E, 0x3A, 0x18, 0xCC, 0x02, 0x29, 0x6E, 0xF9, 0x7C, 0x2A, 0xC9, 0xEF, 0x67, 0x31, 0xD0 },
+      150 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA */
+    { 0x32, 0x7A, 0x3D, 0x76, 0x1A, 0xBA, 0xDE, 0xA0, 0x34, 0xEB, 0x99, 0x84, 0x06, 0x27, 0x5C, 0xB1,
+      0xA4, 0x77, 0x6E, 0xFD, 0xAE, 0x2F, 0xDF, 0x6D, 0x01, 0x68, 0xEA, 0x1C, 0x4F, 0x55, 0x67, 0xD0 },
+      70 /* Bin Number */
+  },
+  {
+    /* EBG_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x35, 0xAE, 0x5B, 0xDD, 0xD8, 0xF7, 0xAE, 0x63, 0x5C, 0xFF, 0xBA, 0x56, 0x82, 0xA8, 0xF0, 0x0B,
+      0x95, 0xF4, 0x84, 0x62, 0xC7, 0x10, 0x8E, 0xE9, 0xA0, 0xE5, 0x29, 0x2B, 0x07, 0x4A, 0xAF, 0xB2 },
+      82 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority */
+    { 0x37, 0xD5, 0x10, 0x06, 0xC5, 0x12, 0xEA, 0xAB, 0x62, 0x64, 0x21, 0xF1, 0xEC, 0x8C, 0x92, 0x01,
+      0x3F, 0xC5, 0xF8, 0x2A, 0xE9, 0x8E, 0xE5, 0x33, 0xEB, 0x46, 0x19, 0xB8, 0xDE, 0xB4, 0xD0, 0x6C },
+      58 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G3 */
+    { 0x3C, 0x4F, 0xB0, 0xB9, 0x5A, 0xB8, 0xB3, 0x00, 0x32, 0xF4, 0x32, 0xB8, 0x6F, 0x53, 0x5F, 0xE1,
+      0x72, 0xC1, 0x85, 0xD0, 0xFD, 0x39, 0x86, 0x58, 0x37, 0xCF, 0x36, 0x18, 0x7F, 0xA6, 0xF4, 0x28 },
+      159 /* Bin Number */
+  },
+  {
+    /* Microsec_e_Szigno_Root_CA_2009 */
+    { 0x3C, 0x5F, 0x81, 0xFE, 0xA5, 0xFA, 0xB8, 0x2C, 0x64, 0xBF, 0xA2, 0xEA, 0xEC, 0xAF, 0xCD, 0xE8,
+      0xE0, 0x77, 0xFC, 0x86, 0x20, 0xA7, 0xCA, 0xE5, 0x37, 0x16, 0x3D, 0xF3, 0x6E, 0xDB, 0xF3, 0x78 },
+      99 /* Bin Number */
+  },
+  {
+    /* PSCProcert */
+    { 0x3C, 0xFC, 0x3C, 0x14, 0xD1, 0xF6, 0x84, 0xFF, 0x17, 0xE3, 0x8C, 0x43, 0xCA, 0x44, 0x0C, 0x00,
+      0xB9, 0x67, 0xEC, 0x93, 0x3E, 0x8B, 0xFE, 0x06, 0x4C, 0xA1, 0xD7, 0x2C, 0x90, 0xF2, 0xAD, 0xB0 },
+      132 /* Bin Number */
+  },
+  {
+    /* EE_Certification_Centre_Root_CA */
+    { 0x3E, 0x84, 0xBA, 0x43, 0x42, 0x90, 0x85, 0x16, 0xE7, 0x75, 0x73, 0xC0, 0x99, 0x2F, 0x09, 0x79,
+      0xCA, 0x08, 0x4E, 0x46, 0x85, 0x68, 0x1F, 0xF1, 0x95, 0xCC, 0xBA, 0x8A, 0x22, 0x9B, 0x8A, 0x76 },
+      128 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_CA */
+    { 0x3E, 0x90, 0x99, 0xB5, 0x01, 0x5E, 0x8F, 0x48, 0x6C, 0x00, 0xBC, 0xEA, 0x9D, 0x11, 0x1E, 0xE7,
+      0x21, 0xFA, 0xBA, 0x35, 0x5A, 0x89, 0xBC, 0xF1, 0xDF, 0x69, 0x56, 0x1E, 0x3D, 0xC6, 0x32, 0x5C },
+      48 /* Bin Number */
+  },
+  {
+    /* Trusted_Certificate_Services */
+    { 0x3F, 0x06, 0xE5, 0x56, 0x81, 0xD4, 0x96, 0xF5, 0xBE, 0x16, 0x9E, 0xB5, 0x38, 0x9F, 0x9F, 0x2B,
+      0x8F, 0xF6, 0x1E, 0x17, 0x08, 0xDF, 0x68, 0x81, 0x72, 0x48, 0x49, 0xCD, 0x5D, 0x27, 0xCB, 0x69 },
+      30 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GA_CA */
+    { 0x41, 0xC9, 0x23, 0x86, 0x6A, 0xB4, 0xCA, 0xD6, 0xB7, 0xAD, 0x57, 0x80, 0x81, 0x58, 0x2E, 0x02,
+      0x07, 0x97, 0xA6, 0xCB, 0xDF, 0x4F, 0xFF, 0x78, 0xCE, 0x83, 0x96, 0xB3, 0x89, 0x37, 0xD7, 0xF5 },
+      69 /* Bin Number */
+  },
+  {
+    /* Secure_Global_CA */
+    { 0x42, 0x00, 0xF5, 0x04, 0x3A, 0xC8, 0x59, 0x0E, 0xBB, 0x52, 0x7D, 0x20, 0x9E, 0xD1, 0x50, 0x30,
+      0x29, 0xFB, 0xCB, 0xD4, 0x1C, 0xA1, 0xB5, 0x06, 0xEC, 0x27, 0xF1, 0x5A, 0xDE, 0x7D, 0xAC, 0x69 },
+      62 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_CA */
+    { 0x43, 0x48, 0xA0, 0xE9, 0x44, 0x4C, 0x78, 0xCB, 0x26, 0x5E, 0x05, 0x8D, 0x5E, 0x89, 0x44, 0xB4,
+      0xD8, 0x4F, 0x96, 0x62, 0xBD, 0x26, 0xDB, 0x25, 0x7F, 0x89, 0x34, 0xA4, 0x43, 0xC7, 0x01, 0x61 },
+      49 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority___G2 */
+    { 0x43, 0xDF, 0x57, 0x74, 0xB0, 0x3E, 0x7F, 0xEF, 0x5F, 0xE4, 0x0D, 0x93, 0x1A, 0x7B, 0xED, 0xF1,
+      0xBB, 0x2E, 0x6B, 0x42, 0x73, 0x8C, 0x4E, 0x6D, 0x38, 0x41, 0x10, 0x3D, 0x3A, 0xA7, 0xF3, 0x39 },
+      163 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x44, 0x04, 0xE3, 0x3B, 0x5E, 0x14, 0x0D, 0xCF, 0x99, 0x80, 0x51, 0xFD, 0xFC, 0x80, 0x28, 0xC7,
+      0xC8, 0x16, 0x15, 0xC5, 0xEE, 0x73, 0x7B, 0x11, 0x1B, 0x58, 0x82, 0x33, 0xA9, 0xB5, 0x35, 0xA0 },
+      54 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015 */
+    { 0x44, 0xB5, 0x45, 0xAA, 0x8A, 0x25, 0xE6, 0x5A, 0x73, 0xCA, 0x15, 0xDC, 0x27, 0xFC, 0x36, 0xD2,
+      0x4C, 0x1C, 0xB9, 0x95, 0x3A, 0x06, 0x65, 0x39, 0xB1, 0x15, 0x82, 0xDC, 0x48, 0x7B, 0x48, 0x33 },
+      175 /* Bin Number */
+  },
+  {
+    /* Go_Daddy_Root_Certificate_Authority___G2 */
+    { 0x45, 0x14, 0x0B, 0x32, 0x47, 0xEB, 0x9C, 0xC8, 0xC5, 0xB4, 0xF0, 0xD7, 0xB5, 0x30, 0x91, 0xF7,
+      0x32, 0x92, 0x08, 0x9E, 0x6E, 0x5A, 0x63, 0xE2, 0x74, 0x9D, 0xD3, 0xAC, 0xA9, 0x19, 0x8E, 0xDA },
+      106 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H5 */
+    { 0x49, 0x35, 0x1B, 0x90, 0x34, 0x44, 0xC1, 0x85, 0xCC, 0xDC, 0x5C, 0x69, 0x3D, 0x24, 0xD8, 0x55,
+      0x5C, 0xB2, 0x08, 0xD6, 0xA8, 0x14, 0x13, 0x07, 0x69, 0x9F, 0x4A, 0xF0, 0x63, 0x19, 0x9D, 0x78 },
+      166 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_2009 */
+    { 0x49, 0xE7, 0xA4, 0x42, 0xAC, 0xF0, 0xEA, 0x62, 0x87, 0x05, 0x00, 0x54, 0xB5, 0x25, 0x64, 0xB6,
+      0x50, 0xE4, 0xF4, 0x9E, 0x42, 0xE3, 0x48, 0xD6, 0xAA, 0x38, 0xE0, 0x39, 0xE9, 0x57, 0xB1, 0xC1 },
+      130 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G3 */
+    { 0x4B, 0x03, 0xF4, 0x58, 0x07, 0xAD, 0x70, 0xF2, 0x1B, 0xFC, 0x2C, 0xAE, 0x71, 0xC9, 0xFD, 0xE4,
+      0x60, 0x4C, 0x06, 0x4C, 0xF5, 0xFF, 0xB6, 0x86, 0xBA, 0xE5, 0xDB, 0xAA, 0xD7, 0xFD, 0xD3, 0x4C },
+      88 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign */
+    { 0x4B, 0x22, 0xD5, 0xA6, 0xAE, 0xC9, 0x9F, 0x3C, 0xDB, 0x79, 0xAA, 0x5E, 0xC0, 0x68, 0x38, 0x47,
+      0x9C, 0xD5, 0xEC, 0xBA, 0x71, 0x64, 0xF7, 0xF2, 0x2D, 0xC1, 0xD6, 0x5F, 0x63, 0xD8, 0x57, 0x08 },
+      152 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_EV_Root_CA */
+    { 0x4D, 0x24, 0x91, 0x41, 0x4C, 0xFE, 0x95, 0x67, 0x46, 0xEC, 0x4C, 0xEF, 0xA6, 0xCF, 0x6F, 0x72,
+      0xE2, 0x8A, 0x13, 0x29, 0x43, 0x2F, 0x9D, 0x8A, 0x90, 0x7A, 0xC4, 0xCB, 0x5D, 0xAD, 0xC1, 0x5A },
+      160 /* Bin Number */
+  },
+  {
+    /* USERTrust_ECC_Certification_Authority */
+    { 0x4F, 0xF4, 0x60, 0xD5, 0x4B, 0x9C, 0x86, 0xDA, 0xBF, 0xBC, 0xFC, 0x57, 0x12, 0xE0, 0x40, 0x0D,
+      0x2B, 0xED, 0x3F, 0xBC, 0x4D, 0x4F, 0xBD, 0xAA, 0x86, 0xE0, 0x6A, 0xDC, 0xD2, 0xA9, 0xAD, 0x7A },
+      156 /* Bin Number */
+  },
+  {
+    /* ComSign_Secured_CA */
+    { 0x50, 0x79, 0x41, 0xC7, 0x44, 0x60, 0xA0, 0xB4, 0x70, 0x86, 0x22, 0x0D, 0x4E, 0x99, 0x32, 0x57,
+      0x2A, 0xB5, 0xD1, 0xB5, 0xBB, 0xCB, 0x89, 0x80, 0xAB, 0x1C, 0xB1, 0x76, 0x51, 0xA8, 0x44, 0xD2 },
+      76 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA2_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0x51, 0x3B, 0x2C, 0xEC, 0xB8, 0x10, 0xD4, 0xCD, 0xE5, 0xDD, 0x85, 0x39, 0x1A, 0xDF, 0xC6, 0xC2,
+      0xDD, 0x60, 0xD8, 0x7B, 0xB7, 0x36, 0xD2, 0xB5, 0x21, 0x48, 0x4A, 0xA4, 0x7A, 0x0E, 0xBE, 0xF6 },
+      118 /* Bin Number */
+  },
+  {
+    /* COMODO_RSA_Certification_Authority */
+    { 0x52, 0xF0, 0xE1, 0xC4, 0xE5, 0x8E, 0xC6, 0x29, 0x29, 0x1B, 0x60, 0x31, 0x7F, 0x07, 0x46, 0x71,
+      0xB8, 0x5D, 0x7E, 0xA8, 0x0D, 0x5B, 0x07, 0x27, 0x34, 0x63, 0x53, 0x4B, 0x32, 0xB4, 0x02, 0x34 },
+      154 /* Bin Number */
+  },
+  {
+    /* LuxTrust_Global_Root_2 */
+    { 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18, 0xF9, 0x97, 0x16, 0x8F, 0x24,
+      0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5, 0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 },
+      187 /* Bin Number */
+  },
+  {
+    /* DigiCert_Trusted_Root_G4 */
+    { 0x55, 0x2F, 0x7B, 0xDC, 0xF1, 0xA7, 0xAF, 0x9E, 0x6C, 0xE6, 0x72, 0x01, 0x7F, 0x4F, 0x12, 0xAB,
+      0xF7, 0x72, 0x40, 0xC7, 0x8E, 0x76, 0x1A, 0xC2, 0x03, 0xD1, 0xD9, 0xD2, 0x0A, 0xC8, 0x99, 0x88 },
+      151 /* Bin Number */
+  },
+  {
+    /* Actalis_Authentication_Root_CA */
+    { 0x55, 0x92, 0x60, 0x84, 0xEC, 0x96, 0x3A, 0x64, 0xB9, 0x6E, 0x2A, 0xBE, 0x01, 0xCE, 0x0B, 0xA8,
+      0x6A, 0x64, 0xFB, 0xFE, 0xBC, 0xC7, 0xAA, 0xB5, 0xAF, 0xC1, 0x55, 0xB3, 0x7F, 0xD7, 0x60, 0x66 },
+      121 /* Bin Number */
+  },
+  {
+    /* Starfield_Services_Root_Certificate_Authority___G2 */
+    { 0x56, 0x8D, 0x69, 0x05, 0xA2, 0xC8, 0x87, 0x08, 0xA4, 0xB3, 0x02, 0x51, 0x90, 0xED, 0xCF, 0xED,
+      0xB1, 0x97, 0x4A, 0x60, 0x6A, 0x13, 0xC6, 0xE5, 0x29, 0x0F, 0xCB, 0x2A, 0xE6, 0x3E, 0xDA, 0xB5 },
+      108 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G1 */
+    { 0x56, 0xC7, 0x71, 0x28, 0xD9, 0x8C, 0x18, 0xD9, 0x1B, 0x4C, 0xFD, 0xFF, 0xBC, 0x25, 0xEE, 0x91,
+      0x03, 0xD4, 0x75, 0x8E, 0xA2, 0xAB, 0xAD, 0x82, 0x6A, 0x90, 0xF3, 0x45, 0x7D, 0x46, 0x0E, 0xB4 },
+      178 /* Bin Number */
+  },
+  {
+    /* TWCA_Global_Root_CA */
+    { 0x59, 0x76, 0x90, 0x07, 0xF7, 0x68, 0x5D, 0x0F, 0xCD, 0x50, 0x87, 0x2F, 0x9F, 0x95, 0xD5, 0x75,
+      0x5A, 0x5B, 0x2B, 0x45, 0x7D, 0x81, 0xF3, 0x69, 0x2B, 0x61, 0x0A, 0x98, 0x67, 0x2F, 0x0E, 0x1B },
+      139 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA */
+    { 0x5C, 0x58, 0x46, 0x8D, 0x55, 0xF5, 0x8E, 0x49, 0x7E, 0x74, 0x39, 0x82, 0xD2, 0xB5, 0x00, 0x10,
+      0xB6, 0xD1, 0x65, 0x37, 0x4A, 0xCF, 0x83, 0xA7, 0xD4, 0xA3, 0x2D, 0xB7, 0x68, 0xC4, 0x40, 0x8E },
+      113 /* Bin Number */
+  },
+  {
+    /* CFCA_EV_ROOT */
+    { 0x5C, 0xC3, 0xD7, 0x8E, 0x4E, 0x1D, 0x5E, 0x45, 0x54, 0x7A, 0x04, 0xE6, 0x87, 0x3E, 0x64, 0xF9,
+      0x0C, 0xF9, 0x53, 0x6D, 0x1C, 0xCC, 0x2E, 0xF8, 0x00, 0xF3, 0x55, 0xC4, 0xC5, 0xFD, 0x70, 0xFD },
+      165 /* Bin Number */
+  },
+  {
+    /* IdenTrust_Commercial_Root_CA_1 */
+    { 0x5D, 0x56, 0x49, 0x9B, 0xE4, 0xD2, 0xE0, 0x8B, 0xCF, 0xCA, 0xD0, 0x8A, 0x3E, 0x38, 0x72, 0x3D,
+      0x50, 0x50, 0x3B, 0xDE, 0x70, 0x69, 0x48, 0xE4, 0x2F, 0x55, 0x60, 0x30, 0x19, 0xE5, 0x28, 0xAE },
+      161 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G2 */
+    { 0x5E, 0xDB, 0x7A, 0xC4, 0x3B, 0x82, 0xA0, 0x6A, 0x87, 0x61, 0xE8, 0xD7, 0xBE, 0x49, 0x79, 0xEB,
+      0xF2, 0x61, 0x1F, 0x7D, 0xD7, 0x9B, 0xF9, 0x1C, 0x1C, 0x6B, 0x56, 0x6A, 0x21, 0x9E, 0xD7, 0x66 },
+      89 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_Global_eBusiness_CA_1 */
+    { 0x5F, 0x0B, 0x62, 0xEA, 0xB5, 0xE3, 0x53, 0xEA, 0x65, 0x21, 0x65, 0x16, 0x58, 0xFB, 0xB6, 0x53,
+      0x59, 0xF4, 0x43, 0x28, 0x0A, 0x4A, 0xFB, 0xD1, 0x04, 0xD7, 0x7D, 0x10, 0xF9, 0xF0, 0x4C, 0x07 },
+      12 /* Bin Number */
+  },
+  {
+    /* SwissSign_Gold_CA___G2 */
+    { 0x62, 0xDD, 0x0B, 0xE9, 0xB9, 0xF5, 0x0A, 0x16, 0x3E, 0xA0, 0xF8, 0xE7, 0x5C, 0x05, 0x3B, 0x1E,
+      0xCA, 0x57, 0xEA, 0x55, 0xC8, 0x68, 0x8F, 0x64, 0x7C, 0x68, 0x81, 0xF2, 0xC8, 0x35, 0x7B, 0x95 },
+      56 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA___G2 */
+    { 0x66, 0x8C, 0x83, 0x94, 0x7D, 0xA6, 0x3B, 0x72, 0x4B, 0xEC, 0xE1, 0x74, 0x3C, 0x31, 0xA0, 0xE6,
+      0xAE, 0xD0, 0xDB, 0x8E, 0xC5, 0xB3, 0x1B, 0xE3, 0x77, 0xBB, 0x78, 0x4F, 0x91, 0xB6, 0x71, 0x6F },
+      93 /* Bin Number */
+  },
+  {
+    /* AddTrust_External_CA_Root */
+    { 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1, 0x1F, 0x8D, 0x43, 0xD5, 0x76,
+      0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA, 0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 },
+      15 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G4 */
+    { 0x69, 0xDD, 0xD7, 0xEA, 0x90, 0xBB, 0x57, 0xC9, 0x3E, 0x13, 0x5D, 0xC8, 0x5E, 0xA6, 0xFC, 0xD5,
+      0x48, 0x0B, 0x60, 0x32, 0x39, 0xBD, 0xC4, 0x54, 0xFC, 0x75, 0x8B, 0x2A, 0x26, 0xCF, 0x7F, 0x79 },
+      91 /* Bin Number */
+  },
+  {
+    /* Visa_eCommerce_Root */
+    { 0x69, 0xFA, 0xC9, 0xBD, 0x55, 0xFB, 0x0A, 0xC7, 0x8D, 0x53, 0xBB, 0xEE, 0x5C, 0xF1, 0xD5, 0x97,
+      0x98, 0x9F, 0xD0, 0xAA, 0xAB, 0x20, 0xA2, 0x51, 0x51, 0xBD, 0xF1, 0x73, 0x3E, 0xE7, 0xD1, 0x22 },
+      26 /* Bin Number */
+  },
+  {
+    /* OISTE_WISeKey_Global_Root_GB_CA */
+    { 0x6B, 0x9C, 0x08, 0xE8, 0x6E, 0xB0, 0xF7, 0x67, 0xCF, 0xAD, 0x65, 0xCD, 0x98, 0xB6, 0x21, 0x49,
+      0xE5, 0x49, 0x4A, 0x67, 0xF5, 0x84, 0x5E, 0x7B, 0xD1, 0xED, 0x01, 0x9F, 0x27, 0xB8, 0x6B, 0xD6 },
+      169 /* Bin Number */
+  },
+  {
+    /* NetLock_Arany__Class_Gold__F_tan_s_tv_ny */
+    { 0x6C, 0x61, 0xDA, 0xC3, 0xA2, 0xDE, 0xF0, 0x31, 0x50, 0x6B, 0xE0, 0x36, 0xD2, 0xA6, 0xFE, 0x40,
+      0x19, 0x94, 0xFB, 0xD1, 0x3D, 0xF9, 0xC8, 0xD4, 0x66, 0x59, 0x92, 0x74, 0xC4, 0x46, 0xEC, 0x98 },
+      92 /* Bin Number */
+  },
+  {
+    /* Certplus_Root_CA_G2 */
+    { 0x6C, 0xC0, 0x50, 0x41, 0xE6, 0x44, 0x5E, 0x74, 0x69, 0x6C, 0x4C, 0xFB, 0xC9, 0xF8, 0x0F, 0x54,
+      0x3B, 0x7E, 0xAB, 0xBB, 0x44, 0xB4, 0xCE, 0x6F, 0x78, 0x7C, 0x6A, 0x99, 0x71, 0xC4, 0x2F, 0x17 },
+      177 /* Bin Number */
+  },
+  {
+    /* Entrust_net_Certification_Authority__2048_ */
+    { 0x6D, 0xC4, 0x71, 0x72, 0xE0, 0x1C, 0xBC, 0xB0, 0xBF, 0x62, 0x58, 0x0D, 0x89, 0x5F, 0xE2, 0xB8,
+      0xAC, 0x9A, 0xD4, 0xF8, 0x73, 0x80, 0x1E, 0x0C, 0x10, 0xB9, 0xC8, 0x37, 0xD2, 0x1E, 0xB1, 0x77 },
+      10 /* Bin Number */
+  },
+  {
+    /* UTN_USERFirst_Hardware */
+    { 0x6E, 0xA5, 0x47, 0x41, 0xD0, 0x04, 0x66, 0x7E, 0xED, 0x1B, 0x48, 0x16, 0x63, 0x4A, 0xA3, 0xA7,
+      0x9E, 0x6E, 0x4B, 0x96, 0x95, 0x0F, 0x82, 0x79, 0xDA, 0xFC, 0x8D, 0x9B, 0xD8, 0x81, 0x21, 0x37 },
+      38 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium */
+    { 0x70, 0xA7, 0x3F, 0x7F, 0x37, 0x6B, 0x60, 0x07, 0x42, 0x48, 0x90, 0x45, 0x34, 0xB1, 0x14, 0x82,
+      0xD5, 0xBF, 0x0E, 0x69, 0x8E, 0xCC, 0x49, 0x8D, 0xF5, 0x25, 0x77, 0xEB, 0xF2, 0xE9, 0x3B, 0x9A },
+      111 /* Bin Number */
+  },
+  {
+    /* Entrust_Root_Certification_Authority */
+    { 0x73, 0xC1, 0x76, 0x43, 0x4F, 0x1B, 0xC6, 0xD5, 0xAD, 0xF4, 0x5B, 0x0E, 0x76, 0xE7, 0x27, 0x28,
+      0x7C, 0x8D, 0xE5, 0x76, 0x16, 0xC1, 0xE6, 0xE6, 0x14, 0x1A, 0x2B, 0x2C, 0xBC, 0x7D, 0x8E, 0x4C },
+      18 /* Bin Number */
+  },
+  {
+    /* DigiCert_High_Assurance_EV_Root_CA */
+    { 0x74, 0x31, 0xE5, 0xF4, 0xC3, 0xC1, 0xCE, 0x46, 0x90, 0x77, 0x4F, 0x0B, 0x61, 0xE0, 0x54, 0x40,
+      0x88, 0x3B, 0xA9, 0xA0, 0x1E, 0xD0, 0x0B, 0xA6, 0xAB, 0xD7, 0x80, 0x6E, 0xD3, 0xB1, 0x18, 0xCF },
+      50 /* Bin Number */
+  },
+  {
+    /* O_Government_Root_Certification_Authority_C_TW */
+    { 0x76, 0x00, 0x29, 0x5E, 0xEF, 0xE8, 0x5B, 0x9E, 0x1F, 0xD6, 0x24, 0xDB, 0x76, 0x06, 0x2A, 0xAA,
+      0xAE, 0x59, 0x81, 0x8A, 0x54, 0xD2, 0x77, 0x4C, 0xD4, 0xC0, 0xB2, 0xC0, 0x11, 0x31, 0xE1, 0xB3 },
+      46 /* Bin Number */
+  },
+  {
+    /* DST_ACES_CA_X6 */
+    { 0x76, 0x7C, 0x95, 0x5A, 0x76, 0x41, 0x2C, 0x89, 0xAF, 0x68, 0x8E, 0x90, 0xA1, 0xC7, 0x0F, 0x55,
+      0x6C, 0xFD, 0x6B, 0x60, 0x25, 0xDB, 0xEA, 0x10, 0x41, 0x6D, 0x7E, 0xB6, 0x83, 0x1F, 0x8C, 0x40 },
+      53 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_1 */
+    { 0x77, 0x40, 0x73, 0x12, 0xC6, 0x3A, 0x15, 0x3D, 0x5B, 0xC0, 0x0B, 0x4E, 0x51, 0x75, 0x9C, 0xDF,
+      0xDA, 0xC2, 0x37, 0xDC, 0x2A, 0x33, 0xB6, 0x79, 0x46, 0xE9, 0x8E, 0x9B, 0xFA, 0x68, 0x0A, 0xE3 },
+      24 /* Bin Number */
+  },
+  {
+    /* Sonera_Class2_CA */
+    { 0x79, 0x08, 0xB4, 0x03, 0x14, 0xC1, 0x38, 0x10, 0x0B, 0x51, 0x8D, 0x07, 0x35, 0x80, 0x7F, 0xFB,
+      0xFC, 0xF8, 0x51, 0x8A, 0x00, 0x95, 0x33, 0x71, 0x05, 0xBA, 0x38, 0x6B, 0x15, 0x3D, 0xD9, 0x27 },
+      35 /* Bin Number */
+  },
+  {
+    /* A_Trust_nQual_03 */
+    { 0x79, 0x3C, 0xBF, 0x45, 0x59, 0xB9, 0xFD, 0xE3, 0x8A, 0xB2, 0x2D, 0xF1, 0x68, 0x69, 0xF6, 0x98,
+      0x81, 0xAE, 0x14, 0xC4, 0xB0, 0x13, 0x9A, 0xC7, 0x88, 0xA7, 0x8A, 0x1A, 0xFC, 0xCA, 0x02, 0xFB },
+      116 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G2 */
+    { 0x7D, 0x05, 0xEB, 0xB6, 0x82, 0x33, 0x9F, 0x8C, 0x94, 0x51, 0xEE, 0x09, 0x4E, 0xEB, 0xFE, 0xFA,
+      0x79, 0x53, 0xA1, 0x14, 0xED, 0xB2, 0xF4, 0x49, 0x49, 0x45, 0x2F, 0xAB, 0x7D, 0x2F, 0xC1, 0x85 },
+      147 /* Bin Number */
+  },
+  {
+    /* America_Online_Root_Certification_Authority_2 */
+    { 0x7D, 0x3B, 0x46, 0x5A, 0x60, 0x14, 0xE5, 0x26, 0xC0, 0xAF, 0xFC, 0xEE, 0x21, 0x27, 0xD2, 0x31,
+      0x17, 0x27, 0xAD, 0x81, 0x1C, 0x26, 0x84, 0x2D, 0x00, 0x6A, 0xF3, 0x73, 0x06, 0xCC, 0x80, 0xBD },
+      25 /* Bin Number */
+  },
+  {
+    /* DigiCert_Assured_ID_Root_G3 */
+    { 0x7E, 0x37, 0xCB, 0x8B, 0x4C, 0x47, 0x09, 0x0C, 0xAB, 0x36, 0x55, 0x1B, 0xA6, 0xF4, 0x5D, 0xB8,
+      0x40, 0x68, 0x0F, 0xBA, 0x16, 0x6A, 0x95, 0x2D, 0xB1, 0x00, 0x71, 0x7F, 0x43, 0x05, 0x3F, 0xC2 },
+      148 /* Bin Number */
+  },
+  {
+    /* NetLock_Kozjegyzoi__Class_A__Tanusitvanykiado */
+    { 0x7F, 0x12, 0xCD, 0x5F, 0x7E, 0x5E, 0x29, 0x0E, 0xC7, 0xD8, 0x51, 0x79, 0xD5, 0xB7, 0x2C, 0x20,
+      0xA5, 0xBE, 0x75, 0x08, 0xFF, 0xDB, 0x5B, 0xF8, 0x1A, 0xB9, 0x68, 0x4A, 0x7F, 0xC9, 0xF6, 0x67 },
+      41 /* Bin Number */
+  },
+  {
+    /* AddTrust_Qualified_CA_Root */
+    { 0x80, 0x95, 0x21, 0x08, 0x05, 0xDB, 0x4B, 0xBC, 0x35, 0x5E, 0x44, 0x28, 0xD8, 0xFD, 0x6E, 0xC2,
+      0xCD, 0xE3, 0xAB, 0x5F, 0xB9, 0x7A, 0x99, 0x42, 0x98, 0x8E, 0xB8, 0xF4, 0xDC, 0xD0, 0x60, 0x16 },
+      17 /* Bin Number */
+  },
+  {
+    /* OU_VeriSign_Trust_Network_OU___c__1998_VeriSign__Inc____For_authorized_use_only__OU_Class_3_Public_Primary_Certification_Authority___G2_O__VeriSign__Inc___C_US */
+    { 0x83, 0xCE, 0x3C, 0x12, 0x29, 0x68, 0x8A, 0x59, 0x3D, 0x48, 0x5F, 0x81, 0x97, 0x3C, 0x0F, 0x91,
+      0x95, 0x43, 0x1E, 0xDA, 0x37, 0xCC, 0x5E, 0x36, 0x43, 0x0E, 0x79, 0xC7, 0xA8, 0x88, 0x63, 0x8B },
+      5 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2 */
+    { 0x85, 0xA0, 0xDD, 0x7D, 0xD7, 0x20, 0xAD, 0xB7, 0xFF, 0x05, 0xF8, 0x3D, 0x54, 0x2B, 0x20, 0x9D,
+      0xC7, 0xFF, 0x45, 0x28, 0xF7, 0xD6, 0x77, 0xB1, 0x83, 0x89, 0xFE, 0xA5, 0xE5, 0xC4, 0x9E, 0x86 },
+      32 /* Bin Number */
+  },
+  {
+    /* UTN___DATACorp_SGC */
+    { 0x85, 0xFB, 0x2F, 0x91, 0xDD, 0x12, 0x27, 0x5A, 0x01, 0x45, 0xB6, 0x36, 0x53, 0x4F, 0x84, 0x02,
+      0x4A, 0xD6, 0x8B, 0x69, 0xB8, 0xEE, 0x88, 0x68, 0x4F, 0xF7, 0x11, 0x37, 0x58, 0x05, 0xB3, 0x48 },
+      37 /* Bin Number */
+  },
+  {
+    /* EC_ACC */
+    { 0x88, 0x49, 0x7F, 0x01, 0x60, 0x2F, 0x31, 0x54, 0x24, 0x6A, 0xE2, 0x8C, 0x4D, 0x5A, 0xEF, 0x10,
+      0xF1, 0xD8, 0x7E, 0xBB, 0x76, 0x62, 0x6F, 0x4A, 0xE0, 0xB7, 0xF9, 0x5B, 0xA7, 0x96, 0x87, 0x99 },
+      119 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_3_G3 */
+    { 0x88, 0xEF, 0x81, 0xDE, 0x20, 0x2E, 0xB0, 0x18, 0x45, 0x2E, 0x43, 0xF8, 0x64, 0x72, 0x5C, 0xEA,
+      0x5F, 0xBD, 0x1F, 0xC2, 0xD9, 0xD2, 0x05, 0x73, 0x07, 0x09, 0xC5, 0xD8, 0xB8, 0x69, 0x0F, 0x46 },
+      146 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_1_G3 */
+    { 0x8A, 0x86, 0x6F, 0xD1, 0xB2, 0x76, 0xB5, 0x7E, 0x57, 0x8E, 0x92, 0x1C, 0x65, 0x82, 0x8A, 0x2B,
+      0xED, 0x58, 0xE9, 0xF2, 0xF2, 0x88, 0x05, 0x41, 0x34, 0xB7, 0xF1, 0xF4, 0xBF, 0xC9, 0xCC, 0x74 },
+      144 /* Bin Number */
+  },
+  {
+    /* CA_WoSign_ECC_Root */
+    { 0x8B, 0x45, 0xDA, 0x1C, 0x06, 0xF7, 0x91, 0xEB, 0x0C, 0xAB, 0xF2, 0x6B, 0xE5, 0x88, 0xF5, 0xFB,
+      0x23, 0x16, 0x5C, 0x2E, 0x61, 0x4B, 0xF8, 0x85, 0x56, 0x2D, 0x0D, 0xCE, 0x50, 0xB2, 0x9B, 0x02 },
+      171 /* Bin Number */
+  },
+  {
+    /* Root_CA_Generalitat_Valenciana */
+    { 0x8C, 0x4E, 0xDF, 0xD0, 0x43, 0x48, 0xF3, 0x22, 0x96, 0x9E, 0x7E, 0x29, 0xA4, 0xCD, 0x4D, 0xCA,
+      0x00, 0x46, 0x55, 0x06, 0x1C, 0x16, 0xE1, 0xB0, 0x76, 0x42, 0x2E, 0xF3, 0x42, 0xAD, 0x63, 0x0E },
+      115 /* Bin Number */
+  },
+  {
+    /* AddTrust_Class_1_CA_Root */
+    { 0x8C, 0x72, 0x09, 0x27, 0x9A, 0xC0, 0x4E, 0x27, 0x5E, 0x16, 0xD0, 0x7F, 0xD3, 0xB7, 0x75, 0xE8,
+      0x01, 0x54, 0xB5, 0x96, 0x80, 0x46, 0xE3, 0x1F, 0x52, 0xDD, 0x25, 0x76, 0x63, 0x24, 0xE9, 0xA7 },
+      14 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA */
+    { 0x8D, 0x72, 0x2F, 0x81, 0xA9, 0xC1, 0x13, 0xC0, 0x79, 0x1D, 0xF1, 0x36, 0xA2, 0x96, 0x6D, 0xB2,
+      0x6C, 0x95, 0x0A, 0x97, 0x1D, 0xB4, 0x6B, 0x41, 0x99, 0xF4, 0xEA, 0x54, 0xB7, 0x8B, 0xFB, 0x9F },
+      59 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_3_CA_II */
+    { 0x8D, 0xA0, 0x84, 0xFC, 0xF9, 0x9C, 0xE0, 0x77, 0x22, 0xF8, 0x9B, 0x32, 0x05, 0x93, 0x98, 0x06,
+      0xFA, 0x5C, 0xB8, 0x11, 0xE1, 0xC8, 0x13, 0xF6, 0xA1, 0x08, 0xC7, 0xD3, 0x36, 0xB3, 0x40, 0x8E },
+      73 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s__H6 */
+    { 0x8D, 0xE7, 0x86, 0x55, 0xE1, 0xBE, 0x7F, 0x78, 0x47, 0x80, 0x0B, 0x93, 0xF6, 0x94, 0xD2, 0x1D,
+      0x36, 0x8C, 0xC0, 0x6E, 0x03, 0x3E, 0x7F, 0xAB, 0x04, 0xBB, 0x5E, 0xB9, 0x9D, 0xA6, 0xB7, 0x00 },
+      167 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_1 */
+    { 0x8E, 0xCD, 0xE6, 0x88, 0x4F, 0x3D, 0x87, 0xB1, 0x12, 0x5B, 0xA3, 0x1A, 0xC3, 0xFC, 0xB1, 0x3D,
+      0x70, 0x16, 0xDE, 0x7F, 0x57, 0xCC, 0x90, 0x4F, 0xE1, 0xCB, 0x97, 0xC6, 0xAE, 0x98, 0x19, 0x6E },
+      183 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_CA_2_G3 */
+    { 0x8F, 0xE4, 0xFB, 0x0A, 0xF9, 0x3A, 0x4D, 0x0D, 0x67, 0xDB, 0x0B, 0xEB, 0xB2, 0x3E, 0x37, 0xC7,
+      0x1B, 0xF3, 0x25, 0xDC, 0xBC, 0xDD, 0x24, 0x0E, 0xA0, 0x4D, 0xAF, 0x58, 0xB4, 0x7E, 0x18, 0x40 },
+      145 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_2 */
+    { 0x91, 0xE2, 0xF5, 0x78, 0x8D, 0x58, 0x10, 0xEB, 0xA7, 0xBA, 0x58, 0x73, 0x7D, 0xE1, 0x54, 0x8A,
+      0x8E, 0xCA, 0xCD, 0x01, 0x45, 0x98, 0xBC, 0x0B, 0x14, 0x3E, 0x04, 0x1B, 0x17, 0x05, 0x25, 0x52 },
+      142 /* Bin Number */
+  },
+  {
+    /* CA_Disig */
+    { 0x92, 0xBF, 0x51, 0x19, 0xAB, 0xEC, 0xCA, 0xD0, 0xB1, 0x33, 0x2D, 0xC4, 0xE1, 0xD0, 0x5F, 0xBA,
+      0x75, 0xB5, 0x67, 0x90, 0x44, 0xEE, 0x0C, 0xA2, 0x6E, 0x93, 0x1F, 0x74, 0x4F, 0x2F, 0x33, 0xCF },
+      94 /* Bin Number */
+  },
+  {
+    /* Cybertrust_Global_Root */
+    { 0x96, 0x0A, 0xDF, 0x00, 0x63, 0xE9, 0x63, 0x56, 0x75, 0x0C, 0x29, 0x65, 0xDD, 0x0A, 0x08, 0x67,
+      0xDA, 0x0B, 0x9C, 0xBD, 0x6E, 0x77, 0x71, 0x4A, 0xEA, 0xFB, 0x23, 0x49, 0xAB, 0x39, 0x3D, 0xA3 },
+      77 /* Bin Number */
+  },
+  {
+    /* ISRG_Root_X1 */
+    { 0x96, 0xBC, 0xEC, 0x06, 0x26, 0x49, 0x76, 0xF3, 0x74, 0x60, 0x77, 0x9A, 0xCF, 0x28, 0xC5, 0xA7,
+      0xCF, 0xE8, 0xA3, 0xC0, 0xAA, 0xE1, 0x1A, 0x8F, 0xFC, 0xEE, 0x05, 0xC0, 0xBD, 0xDF, 0x08, 0xC6 },
+      181 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0x97, 0x8C, 0xD9, 0x66, 0xF2, 0xFA, 0xA0, 0x7B, 0xA7, 0xAA, 0x95, 0x00, 0xD9, 0xC0, 0x2E, 0x9D,
+      0x77, 0xF2, 0xCD, 0xAD, 0xA6, 0xAD, 0x6B, 0xA7, 0x4A, 0xF4, 0xB9, 0x1C, 0x66, 0x59, 0x3C, 0x50 },
+      129 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_2_Root_CA */
+    { 0x9A, 0x11, 0x40, 0x25, 0x19, 0x7C, 0x5B, 0xB9, 0x5D, 0x94, 0xE6, 0x3D, 0x55, 0xCD, 0x43, 0x79,
+      0x08, 0x47, 0xB6, 0x46, 0xB2, 0x3C, 0xDF, 0x11, 0xAD, 0xA4, 0xA0, 0x0E, 0xFF, 0x15, 0xFB, 0x48 },
+      125 /* Bin Number */
+  },
+  {
+    /* ACCVRAIZ1 */
+    { 0x9A, 0x6E, 0xC0, 0x12, 0xE1, 0xA7, 0xDA, 0x9D, 0xBE, 0x34, 0x19, 0x4D, 0x47, 0x8A, 0xD7, 0xC0,
+      0xDB, 0x18, 0x22, 0xFB, 0x07, 0x1D, 0xF1, 0x29, 0x81, 0x49, 0x6E, 0xD1, 0x04, 0x38, 0x41, 0x13 },
+      138 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G5 */
+    { 0x9A, 0xCF, 0xAB, 0x7E, 0x43, 0xC8, 0xD8, 0x80, 0xD0, 0x6B, 0x26, 0x2A, 0x94, 0xDE, 0xEE, 0xE4,
+      0xB4, 0x65, 0x99, 0x89, 0xC3, 0xD0, 0xCA, 0xF1, 0x9B, 0xAF, 0x64, 0x05, 0xE4, 0x1A, 0xB7, 0xDF },
+      60 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA_2 */
+    { 0xA0, 0x23, 0x4F, 0x3B, 0xC8, 0x52, 0x7C, 0xA5, 0x62, 0x8E, 0xEC, 0x81, 0xAD, 0x5D, 0x69, 0x89,
+      0x5D, 0xA5, 0x68, 0x0D, 0xC9, 0x1D, 0x1C, 0xB8, 0x47, 0x7F, 0x33, 0xF8, 0x78, 0xB9, 0x5B, 0x0B },
+      23 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2015 */
+    { 0xA0, 0x40, 0x92, 0x9A, 0x02, 0xCE, 0x53, 0xB4, 0xAC, 0xF4, 0xF2, 0xFF, 0xC6, 0x98, 0x1C, 0xE4,
+      0x49, 0x6F, 0x75, 0x5E, 0x6D, 0x45, 0xFE, 0x0B, 0x2A, 0x69, 0x2B, 0xCD, 0x52, 0x52, 0x3F, 0x36 },
+      174 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Universal_CA */
+    { 0xA0, 0x45, 0x9B, 0x9F, 0x63, 0xB2, 0x25, 0x59, 0xF5, 0xFA, 0x5D, 0x4C, 0x6D, 0xB3, 0xF9, 0xF7,
+      0x2F, 0xF1, 0x93, 0x42, 0x03, 0x35, 0x78, 0xF0, 0x73, 0xBF, 0x1D, 0x1B, 0x46, 0xCB, 0xB9, 0x12 },
+      22 /* Bin Number */
+  },
+  {
+    /* SZAFIR_ROOT_CA2 */
+    { 0xA1, 0x33, 0x9D, 0x33, 0x28, 0x1A, 0x0B, 0x56, 0xE5, 0x57, 0xD3, 0xD3, 0x2B, 0x1C, 0xE7, 0xF9,
+      0x36, 0x7E, 0xB0, 0x94, 0xBD, 0x5F, 0xA7, 0x2A, 0x7E, 0x50, 0x04, 0xC8, 0xDE, 0xD7, 0xCA, 0xFE },
+      172 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_EV_RootCA1_O__SECOM_Trust_Systems_CO__LTD___C_JP */
+    { 0xA2, 0x2D, 0xBA, 0x68, 0x1E, 0x97, 0x37, 0x6E, 0x2D, 0x39, 0x7D, 0x72, 0x8A, 0xAE, 0x3A, 0x9B,
+      0x62, 0x96, 0xB9, 0xFD, 0xBA, 0x60, 0xBC, 0x2E, 0x11, 0xF6, 0x47, 0xF2, 0xC6, 0x75, 0xFB, 0x37 },
+      68 /* Bin Number */
+  },
+  {
+    /* thawte_Primary_Root_CA___G2 */
+    { 0xA4, 0x31, 0x0D, 0x50, 0xAF, 0x18, 0xA6, 0x44, 0x71, 0x90, 0x37, 0x2A, 0x86, 0xAF, 0xAF, 0x8B,
+      0x95, 0x1F, 0xFB, 0x43, 0x1D, 0x83, 0x7F, 0x1E, 0x56, 0x88, 0xB4, 0x59, 0x71, 0xED, 0x15, 0x57 },
+      87 /* Bin Number */
+  },
+  {
+    /* QuoVadis_Root_Certification_Authority */
+    { 0xA4, 0x5E, 0xDE, 0x3B, 0xBB, 0xF0, 0x9C, 0x8A, 0xE1, 0x5C, 0x72, 0xEF, 0xC0, 0x72, 0x68, 0xD6,
+      0x93, 0xA2, 0x1C, 0x99, 0x6F, 0xD5, 0x1E, 0x67, 0xCA, 0x07, 0x94, 0x60, 0xFD, 0x6D, 0x88, 0x73 },
+      31 /* Bin Number */
+  },
+  {
+    /* GTE_CyberTrust_Global_Root */
+    { 0xA5, 0x31, 0x25, 0x18, 0x8D, 0x21, 0x10, 0xAA, 0x96, 0x4B, 0x02, 0xC7, 0xB7, 0xC6, 0xDA, 0x32,
+      0x03, 0x17, 0x08, 0x94, 0xE5, 0xFB, 0x71, 0xFF, 0xFB, 0x66, 0x67, 0xD5, 0xE6, 0x81, 0x0A, 0x36 },
+      1 /* Bin Number */
+  },
+  {
+    /* WellsSecure_Public_Root_Certificate_Authority */
+    { 0xA7, 0x12, 0x72, 0xAE, 0xAA, 0xA3, 0xCF, 0xE8, 0x72, 0x7F, 0x7F, 0xB3, 0x9F, 0x0F, 0xB3, 0xD1,
+      0xE5, 0x42, 0x6E, 0x90, 0x60, 0xB0, 0x6E, 0xE6, 0xF1, 0x3E, 0x9A, 0x3C, 0x58, 0x33, 0xCD, 0x43 },
+      65 /* Bin Number */
+  },
+  {
+    /* Thawte_Premium_Server_CA */
+    { 0xAB, 0x70, 0x36, 0x36, 0x5C, 0x71, 0x54, 0xAA, 0x29, 0xC2, 0xC2, 0x9F, 0x5D, 0x41, 0x91, 0x16,
+      0x3B, 0x16, 0x2A, 0x22, 0x25, 0x01, 0x13, 0x57, 0xD5, 0x6D, 0x07, 0xFF, 0xA7, 0xBC, 0x1F, 0x72 },
+      3 /* Bin Number */
+  },
+  {
+    /* OU_RSA_Security_2048_V3_O_RSA_Security_Inc */
+    { 0xAF, 0x8B, 0x67, 0x62, 0xA1, 0xE5, 0x28, 0x22, 0x81, 0x61, 0xA9, 0x5D, 0x5C, 0x55, 0x9E, 0xE2,
+      0x66, 0x27, 0x8F, 0x75, 0xD7, 0x9E, 0x83, 0x01, 0x89, 0xA5, 0x03, 0x50, 0x6A, 0xBD, 0x6B, 0x4C },
+      19 /* Bin Number */
+  },
+  {
+    /* E_Tugra_Certification_Authority */
+    { 0xB0, 0xBF, 0xD5, 0x2B, 0xB0, 0xD7, 0xD9, 0xBD, 0x92, 0xBF, 0x5D, 0x4D, 0xC1, 0x3D, 0xA2, 0x55,
+      0xC0, 0x2C, 0x54, 0x2F, 0x37, 0x83, 0x65, 0xEA, 0x89, 0x39, 0x11, 0xF5, 0x5E, 0x55, 0xF2, 0x3C },
+      141 /* Bin Number */
+  },
+  {
+    /* Thawte_Server_CA */
+    { 0xB4, 0x41, 0x0B, 0x73, 0xE2, 0xE6, 0xEA, 0xCA, 0x47, 0xFB, 0xC4, 0x2F, 0x8F, 0xA4, 0x01, 0x8A,
+      0xF4, 0x38, 0x1D, 0xC5, 0x4C, 0xFA, 0xA8, 0x44, 0x50, 0x46, 0x1E, 0xED, 0x09, 0x45, 0x4D, 0xE9 },
+      2 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Primary_Certification_Authority___G3 */
+    { 0xB4, 0x78, 0xB8, 0x12, 0x25, 0x0D, 0xF8, 0x78, 0x63, 0x5C, 0x2A, 0xA7, 0xEC, 0x7D, 0x15, 0x5E,
+      0xAA, 0x62, 0x5E, 0xE8, 0x29, 0x16, 0xE2, 0xCD, 0x29, 0x43, 0x61, 0x88, 0x6C, 0xD1, 0xFB, 0xD4 },
+      86 /* Bin Number */
+  },
+  {
+    /* Deutsche_Telekom_Root_CA_2 */
+    { 0xB6, 0x19, 0x1A, 0x50, 0xD0, 0xC3, 0x97, 0x7F, 0x7D, 0xA9, 0x9B, 0xCD, 0xAA, 0xC8, 0x6A, 0x22,
+      0x7D, 0xAE, 0xB9, 0x67, 0x9E, 0xC7, 0x0B, 0xA3, 0xB0, 0xC9, 0xD9, 0x22, 0x71, 0xC1, 0x70, 0xD3 },
+      75 /* Bin Number */
+  },
+  {
+    /* Certum_Trusted_Network_CA_2 */
+    { 0xB6, 0x76, 0xF2, 0xED, 0xDA, 0xE8, 0x77, 0x5C, 0xD3, 0x6C, 0xB0, 0xF6, 0x3C, 0xD1, 0xD4, 0x60,
+      0x39, 0x61, 0xF4, 0x9E, 0x62, 0x65, 0xBA, 0x01, 0x3A, 0x2F, 0x03, 0x07, 0xB6, 0xD0, 0xB8, 0x04 },
+      173 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_CA_1 */
+    { 0xB7, 0xB1, 0x2B, 0x17, 0x1F, 0x82, 0x1D, 0xAA, 0x99, 0x0C, 0xD0, 0xFE, 0x50, 0x87, 0xB1, 0x28,
+      0x44, 0x8B, 0xA8, 0xE5, 0x18, 0x4F, 0x84, 0xC5, 0x1E, 0x02, 0xB5, 0xC8, 0xFB, 0x96, 0x2B, 0x24 },
+      81 /* Bin Number */
+  },
+  {
+    /* OpenTrust_Root_CA_G3 */
+    { 0xB7, 0xC3, 0x62, 0x31, 0x70, 0x6E, 0x81, 0x07, 0x8C, 0x36, 0x7C, 0xB8, 0x96, 0x19, 0x8F, 0x1E,
+      0x32, 0x08, 0xDD, 0x92, 0x69, 0x49, 0xDD, 0x8F, 0x57, 0x09, 0xA4, 0x10, 0xF7, 0x5B, 0x62, 0x92 },
+      180 /* Bin Number */
+  },
+  {
+    /* IGC_A */
+    { 0xB9, 0xBE, 0xA7, 0x86, 0x0A, 0x96, 0x2E, 0xA3, 0x61, 0x1D, 0xAB, 0x97, 0xAB, 0x6D, 0xA3, 0xE2,
+      0x1C, 0x10, 0x68, 0xB9, 0x7D, 0x55, 0x57, 0x5E, 0xD0, 0xE1, 0x12, 0x79, 0xC1, 0x1C, 0x89, 0x32 },
+      67 /* Bin Number */
+  },
+  {
+    /* Hellenic_Academic_and_Research_Institutions_RootCA_2011 */
+    { 0xBC, 0x10, 0x4F, 0x15, 0xA4, 0x8B, 0xE7, 0x09, 0xDC, 0xA5, 0x42, 0xA7, 0xE1, 0xD4, 0xB9, 0xDF,
+      0x6F, 0x05, 0x45, 0x27, 0xE8, 0x02, 0xEA, 0xA9, 0x2D, 0x59, 0x54, 0x44, 0x25, 0x8A, 0xFE, 0x71 },
+      120 /* Bin Number */
+  },
+  {
+    /* AffirmTrust_Premium_ECC */
+    { 0xBD, 0x71, 0xFD, 0xF6, 0xDA, 0x97, 0xE4, 0xCF, 0x62, 0xD1, 0x64, 0x7A, 0xDD, 0x25, 0x81, 0xB0,
+      0x7D, 0x79, 0xAD, 0xF8, 0x39, 0x7E, 0xB4, 0xEC, 0xBA, 0x9C, 0x5E, 0x84, 0x88, 0x82, 0x14, 0x23 },
+      112 /* Bin Number */
+  },
+  {
+    /* Secure_Certificate_Services */
+    { 0xBD, 0x81, 0xCE, 0x3B, 0x4F, 0x65, 0x91, 0xD1, 0x1A, 0x67, 0xB5, 0xFC, 0x7A, 0x47, 0xFD, 0xEF,
+      0x25, 0x52, 0x1B, 0xF9, 0xAA, 0x4E, 0x18, 0xB9, 0xE3, 0xDF, 0x2E, 0x34, 0xA7, 0x80, 0x3B, 0xE8 },
+      29 /* Bin Number */
+  },
+  {
+    /* SwissSign_Silver_CA___G2 */
+    { 0xBE, 0x6C, 0x4D, 0xA2, 0xBB, 0xB9, 0xBA, 0x59, 0xB6, 0xF3, 0x93, 0x97, 0x68, 0x37, 0x42, 0x46,
+      0xC3, 0xC0, 0x05, 0x99, 0x3F, 0xA9, 0x8F, 0x02, 0x0D, 0x1D, 0xED, 0xBE, 0xD4, 0x8A, 0x81, 0xD5 },
+      57 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xBE, 0xC9, 0x49, 0x11, 0xC2, 0x95, 0x56, 0x76, 0xDB, 0x6C, 0x0A, 0x55, 0x09, 0x86, 0xD7, 0x6E,
+      0x3B, 0xA0, 0x05, 0x66, 0x7C, 0x44, 0x2C, 0x97, 0x62, 0xB4, 0xFB, 0xB7, 0x73, 0xDE, 0x22, 0x8C },
+      157 /* Bin Number */
+  },
+  {
+    /* SecureSign_RootCA11 */
+    { 0xBF, 0x0F, 0xEE, 0xFB, 0x9E, 0x3A, 0x58, 0x1A, 0xD5, 0xF9, 0xE9, 0xDB, 0x75, 0x89, 0x98, 0x57,
+      0x43, 0xD2, 0x61, 0x08, 0x5C, 0x4D, 0x31, 0x4F, 0x6F, 0x5D, 0x72, 0x59, 0xAA, 0x42, 0x16, 0x12 },
+      97 /* Bin Number */
+  },
+  {
+    /* TWCA_Root_Certification_Authority */
+    { 0xBF, 0xD8, 0x8F, 0xE1, 0x10, 0x1C, 0x41, 0xAE, 0x3E, 0x80, 0x1B, 0xF8, 0xBE, 0x56, 0x35, 0x0E,
+      0xE9, 0xBA, 0xD1, 0xA6, 0xB9, 0xBD, 0x51, 0x5E, 0xDC, 0x5C, 0x6D, 0x5B, 0x87, 0x11, 0xAC, 0x44 },
+      117 /* Bin Number */
+  },
+  {
+    /* OU_ePKI_Root_Certification_Authority_O__Chunghwa_Telecom_Co___Ltd___C_TW */
+    { 0xC0, 0xA6, 0xF4, 0xDC, 0x63, 0xA2, 0x4B, 0xFD, 0xCF, 0x54, 0xEF, 0x2A, 0x6A, 0x08, 0x2A, 0x0A,
+      0x72, 0xDE, 0x35, 0x80, 0x3E, 0x2F, 0xF5, 0xFF, 0x52, 0x7A, 0xE5, 0xD8, 0x72, 0x06, 0xDF, 0xD5 },
+      78 /* Bin Number */
+  },
+  {
+    /* OU_Trustis_FPS_Root_CA_O_Trustis_Limited_C_GB */
+    { 0xC1, 0xB4, 0x82, 0x99, 0xAB, 0xA5, 0x20, 0x8F, 0xE9, 0x63, 0x0A, 0xCE, 0x55, 0xCA, 0x68, 0xA0,
+      0x3E, 0xDA, 0x5A, 0x51, 0x9C, 0x88, 0x02, 0xA0, 0xD3, 0xA6, 0x73, 0xBE, 0x8F, 0x8E, 0x55, 0x7D },
+      122 /* Bin Number */
+  },
+  {
+    /* OU_Go_Daddy_Class_2_Certification_Authority_O__The_Go_Daddy_Group__Inc___C_US */
+    { 0xC3, 0x84, 0x6B, 0xF2, 0x4B, 0x9E, 0x93, 0xCA, 0x64, 0x27, 0x4C, 0x0E, 0xC6, 0x7C, 0x1E, 0xCC,
+      0x5E, 0x02, 0x4F, 0xFC, 0xAC, 0xD2, 0xD7, 0x40, 0x19, 0x35, 0x0E, 0x81, 0xFE, 0x54, 0x6A, 0xE4 },
+      43 /* Bin Number */
+  },
+  {
+    /* T_RKTRUST_Elektronik_Sertifika_Hizmet_Sa_lay_c_s_ */
+    { 0xC4, 0x70, 0xCF, 0x54, 0x7E, 0x23, 0x02, 0xB9, 0x77, 0xFB, 0x29, 0xDD, 0x71, 0xA8, 0x9A, 0x7B,
+      0x6C, 0x1F, 0x60, 0x77, 0x7B, 0x03, 0x29, 0xF5, 0x60, 0x17, 0xF3, 0x28, 0xBF, 0x4F, 0x6B, 0xE6 },
+      55 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xC7, 0x66, 0xA9, 0xBE, 0xF2, 0xD4, 0x07, 0x1C, 0x86, 0x3A, 0x31, 0xAA, 0x49, 0x20, 0xE8, 0x13,
+      0xB2, 0xD1, 0x98, 0x60, 0x8C, 0xB7, 0xB7, 0xCF, 0xE2, 0x11, 0x43, 0xB8, 0x36, 0xDF, 0x09, 0xEA },
+      45 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority_G2 */
+    { 0xC7, 0xBA, 0x65, 0x67, 0xDE, 0x93, 0xA7, 0x98, 0xAE, 0x1F, 0xAA, 0x79, 0x1E, 0x71, 0x2D, 0x37,
+      0x8F, 0xAE, 0x1F, 0x93, 0xC4, 0x39, 0x7F, 0xEA, 0x44, 0x1B, 0xB7, 0xCB, 0xE6, 0xFD, 0x59, 0x95 },
+      124 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA_2 */
+    { 0xCA, 0x2D, 0x82, 0xA0, 0x86, 0x77, 0x07, 0x2F, 0x8A, 0xB6, 0x76, 0x4F, 0xF0, 0x35, 0x67, 0x6C,
+      0xFE, 0x3E, 0x5E, 0x32, 0x5E, 0x01, 0x21, 0x72, 0xDF, 0x3F, 0x92, 0x09, 0x6D, 0xB7, 0x9B, 0x85 },
+      21 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCA, 0x42, 0xDD, 0x41, 0x74, 0x5F, 0xD0, 0xB8, 0x1E, 0xB9, 0x02, 0x36, 0x2C, 0xF9, 0xD8, 0xBF,
+      0x71, 0x9D, 0xA1, 0xBD, 0x1B, 0x1E, 0xFC, 0x94, 0x6F, 0x5B, 0x4C, 0x99, 0xF4, 0x2C, 0x1B, 0x9E },
+      7 /* Bin Number */
+  },
+  {
+    /* DigiCert_Global_Root_G2 */
+    { 0xCB, 0x3C, 0xCB, 0xB7, 0x60, 0x31, 0xE5, 0xE0, 0x13, 0x8F, 0x8D, 0xD3, 0x9A, 0x23, 0xF9, 0xDE,
+      0x47, 0xFF, 0xC3, 0x5E, 0x43, 0xC1, 0x14, 0x4C, 0xEA, 0x27, 0xD4, 0x6A, 0x5A, 0xB1, 0xCB, 0x5F },
+      149 /* Bin Number */
+  },
+  {
+    /* GlobalSign */
+    { 0xCB, 0xB5, 0x22, 0xD7, 0xB7, 0xF1, 0x27, 0xAD, 0x6A, 0x01, 0x13, 0x86, 0x5B, 0xDF, 0x1C, 0xD4,
+      0x10, 0x2E, 0x7D, 0x07, 0x59, 0xAF, 0x63, 0x5A, 0x7C, 0xF4, 0x72, 0x0D, 0xC9, 0x63, 0xC5, 0x3B },
+      101 /* Bin Number */
+  },
+  {
+    /* XRamp_Global_Certification_Authority */
+    { 0xCE, 0xCD, 0xDC, 0x90, 0x50, 0x99, 0xD8, 0xDA, 0xDF, 0xC5, 0xB1, 0xD2, 0x09, 0xB7, 0x37, 0xCB,
+      0xE2, 0xC1, 0x8C, 0xFB, 0x2C, 0x10, 0xC0, 0xFF, 0x0B, 0xCF, 0x0D, 0x32, 0x86, 0xFC, 0x1A, 0xA2 },
+      42 /* Bin Number */
+  },
+  {
+    /* Equifax_Secure_eBusiness_CA_1 */
+    { 0xCF, 0x56, 0xFF, 0x46, 0xA4, 0xA1, 0x86, 0x10, 0x9D, 0xD9, 0x65, 0x84, 0xB5, 0xEE, 0xB5, 0x8A,
+      0x51, 0x0C, 0x42, 0x75, 0xB0, 0xE5, 0xF9, 0x4F, 0x40, 0xBB, 0xAE, 0x86, 0x5E, 0x19, 0xF6, 0x73 },
+      13 /* Bin Number */
+  },
+  {
+    /* Staat_der_Nederlanden_Root_CA */
+    { 0xD4, 0x1D, 0x82, 0x9E, 0x8C, 0x16, 0x59, 0x82, 0x2A, 0xF9, 0x3F, 0xCE, 0x62, 0xBF, 0xFC, 0xDE,
+      0x26, 0x4F, 0xC8, 0x4E, 0x8B, 0x95, 0x0C, 0x5F, 0xF2, 0x75, 0xD0, 0x52, 0x35, 0x46, 0x95, 0xA3 },
+      36 /* Bin Number */
+  },
+  {
+    /* Certification_Authority_of_WoSign_G2 */
+    { 0xD4, 0x87, 0xA5, 0x6F, 0x83, 0xB0, 0x74, 0x82, 0xE8, 0x5E, 0x96, 0x33, 0x94, 0xC1, 0xEC, 0xC2,
+      0xC9, 0xE5, 0x1D, 0x09, 0x03, 0xEE, 0x94, 0x6B, 0x02, 0xC3, 0x01, 0x58, 0x1E, 0xD9, 0x9E, 0x16 },
+      170 /* Bin Number */
+  },
+  {
+    /* CA______ */
+    { 0xD6, 0xF0, 0x34, 0xBD, 0x94, 0xAA, 0x23, 0x3F, 0x02, 0x97, 0xEC, 0xA4, 0x24, 0x5B, 0x28, 0x39,
+      0x73, 0xE4, 0x47, 0xAA, 0x59, 0x0F, 0x31, 0x0C, 0x77, 0xF4, 0x8F, 0xDF, 0x83, 0x11, 0x22, 0x54 },
+      153 /* Bin Number */
+  },
+  {
+    /* AAA_Certificate_Services */
+    { 0xD7, 0xA7, 0xA0, 0xFB, 0x5D, 0x7E, 0x27, 0x31, 0xD7, 0x71, 0xE9, 0x48, 0x4E, 0xBC, 0xDE, 0xF7,
+      0x1D, 0x5F, 0x0C, 0x3E, 0x0A, 0x29, 0x48, 0x78, 0x2B, 0xC8, 0x3E, 0xE0, 0xEA, 0x69, 0x9E, 0xF4 },
+      28 /* Bin Number */
+  },
+  {
+    /* Certum_CA */
+    { 0xD8, 0xE0, 0xFE, 0xBC, 0x1D, 0xB2, 0xE3, 0x8D, 0x00, 0x94, 0x0F, 0x37, 0xD2, 0x7D, 0x41, 0x34,
+      0x4D, 0x99, 0x3E, 0x73, 0x4B, 0x99, 0xD5, 0x65, 0x6D, 0x97, 0x78, 0xD4, 0xD8, 0x14, 0x36, 0x24 },
+      27 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_EV_CA_2 */
+    { 0xD9, 0x5F, 0xEA, 0x3C, 0xA4, 0xEE, 0xDC, 0xE7, 0x4C, 0xD7, 0x6E, 0x75, 0xFC, 0x6D, 0x1F, 0xF6,
+      0x2C, 0x44, 0x1F, 0x0F, 0xA8, 0xBC, 0x77, 0xF0, 0x34, 0xB1, 0x9E, 0x5D, 0xB2, 0x58, 0x01, 0x5D },
+      135 /* Bin Number */
+  },
+  {
+    /* TeliaSonera_Root_CA_v1 */
+    { 0xDD, 0x69, 0x36, 0xFE, 0x21, 0xF8, 0xF0, 0x77, 0xC1, 0x23, 0xA1, 0xA5, 0x21, 0xC1, 0x22, 0x24,
+      0xF7, 0x22, 0x55, 0xB7, 0x3E, 0x03, 0xA7, 0x26, 0x06, 0x93, 0xE8, 0xA2, 0x4B, 0x0F, 0xA3, 0x89 },
+      140 /* Bin Number */
+  },
+  {
+    /* StartCom_Certification_Authority */
+    { 0xE1, 0x78, 0x90, 0xEE, 0x09, 0xA3, 0xFB, 0xF4, 0xF4, 0x8B, 0x9C, 0x41, 0x4A, 0x17, 0xD6, 0x37,
+      0xB7, 0xA5, 0x06, 0x47, 0xE9, 0xBC, 0x75, 0x23, 0x22, 0x72, 0x7F, 0xCC, 0x17, 0x42, 0xA9, 0x11 },
+      123 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R2 */
+    { 0xE2, 0x3D, 0x4A, 0x03, 0x6D, 0x7B, 0x70, 0xE9, 0xF5, 0x95, 0xB1, 0x42, 0x20, 0x79, 0xD2, 0xB9,
+      0x1E, 0xDF, 0xBB, 0x1F, 0xB6, 0x51, 0xA0, 0x63, 0x3E, 0xAA, 0x8A, 0x9D, 0xC5, 0xF8, 0x07, 0x03 },
+      137 /* Bin Number */
+  },
+  {
+    /* CNNIC_ROOT */
+    { 0xE2, 0x83, 0x93, 0x77, 0x3D, 0xA8, 0x45, 0xA6, 0x79, 0xF2, 0x08, 0x0C, 0xC7, 0xFB, 0x44, 0xA3,
+      0xB7, 0xA1, 0xC3, 0x79, 0x2C, 0xB7, 0xEB, 0x77, 0x29, 0xFD, 0xCB, 0x6A, 0x8D, 0x99, 0xAE, 0xA7 },
+      84 /* Bin Number */
+  },
+  {
+    /* Amazon_Root_CA_4 */
+    { 0xE3, 0x5D, 0x28, 0x41, 0x9E, 0xD0, 0x20, 0x25, 0xCF, 0xA6, 0x90, 0x38, 0xCD, 0x62, 0x39, 0x62,
+      0x45, 0x8D, 0xA5, 0xC6, 0x95, 0xFB, 0xDE, 0xA3, 0xC2, 0x2B, 0x0B, 0xFB, 0x25, 0x89, 0x70, 0x92 },
+      186 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_4_Public_Primary_Certification_Authority___G3 */
+    { 0xE3, 0x89, 0x36, 0x0D, 0x0F, 0xDB, 0xAE, 0xB3, 0xD2, 0x50, 0x58, 0x4B, 0x47, 0x30, 0x31, 0x4E,
+      0x22, 0x2F, 0x39, 0xC1, 0x56, 0xA0, 0x20, 0x14, 0x4E, 0x8D, 0x96, 0x05, 0x61, 0x79, 0x15, 0x06 },
+      9 /* Bin Number */
+  },
+  {
+    /* Certigna */
+    { 0xE3, 0xB6, 0xA2, 0xDB, 0x2E, 0xD7, 0xCE, 0x48, 0x84, 0x2F, 0x7A, 0xC5, 0x32, 0x41, 0xC7, 0xB7,
+      0x1D, 0x54, 0x14, 0x4B, 0xFB, 0x40, 0xC1, 0x1F, 0x3F, 0x1D, 0x0B, 0x42, 0xF5, 0xEE, 0xA1, 0x2D },
+      71 /* Bin Number */
+  },
+  {
+    /* T_B_TAK_UEKAE_K_k_Sertifika_Hizmet_Sa_lay_c_s____S_r_m_3 */
+    { 0xE4, 0xC7, 0x34, 0x30, 0xD7, 0xA5, 0xB5, 0x09, 0x25, 0xDF, 0x43, 0x37, 0x0A, 0x0D, 0x21, 0x6E,
+      0x9A, 0x79, 0xB9, 0xD6, 0xDB, 0x83, 0x73, 0xA0, 0xC6, 0x9E, 0xB1, 0xCC, 0x31, 0xC7, 0xC5, 0x2A },
+      79 /* Bin Number */
+  },
+  {
+    /* e_Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi */
+    { 0xE6, 0x09, 0x07, 0x84, 0x65, 0xA4, 0x19, 0x78, 0x0C, 0xB6, 0xAC, 0x4C, 0x1C, 0x0B, 0xFB, 0x46,
+      0x53, 0xD9, 0xD9, 0xCC, 0x6E, 0xB3, 0x94, 0x6E, 0xB7, 0xF3, 0xD6, 0x99, 0x97, 0xBA, 0xD5, 0x98 },
+      100 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Class_2_CA_II */
+    { 0xE6, 0xB8, 0xF8, 0x76, 0x64, 0x85, 0xF8, 0x07, 0xAE, 0x7F, 0x8D, 0xAC, 0x16, 0x70, 0x46, 0x1F,
+      0x07, 0xC0, 0xA1, 0x3E, 0xEF, 0x3A, 0x1F, 0xF7, 0x17, 0x53, 0x8D, 0x7A, 0xBA, 0xD3, 0x91, 0xB4 },
+      72 /* Bin Number */
+  },
+  {
+    /* OU_Security_Communication_RootCA1_O_SECOM_Trust_net_C_JP */
+    { 0xE7, 0x5E, 0x72, 0xED, 0x9F, 0x56, 0x0E, 0xEC, 0x6E, 0xB4, 0x80, 0x00, 0x73, 0xA4, 0x3F, 0xC3,
+      0xAD, 0x19, 0x19, 0x5A, 0x39, 0x22, 0x82, 0x01, 0x78, 0x95, 0x97, 0x4A, 0x99, 0x02, 0x6B, 0x6C },
+      34 /* Bin Number */
+  },
+  {
+    /* USERTrust_RSA_Certification_Authority */
+    { 0xE7, 0x93, 0xC9, 0xB0, 0x2F, 0xD8, 0xAA, 0x13, 0xE2, 0x1C, 0x31, 0x22, 0x8A, 0xCC, 0xB0, 0x81,
+      0x19, 0x64, 0x3B, 0x74, 0x9C, 0x89, 0x89, 0x64, 0xB1, 0x74, 0x6D, 0x46, 0xC3, 0xD4, 0xCB, 0xD2 },
+      155 /* Bin Number */
+  },
+  {
+    /* OU_certSIGN_ROOT_CA_O_certSIGN_C_RO */
+    { 0xEA, 0xA9, 0x62, 0xC4, 0xFA, 0x4A, 0x6B, 0xAF, 0xEB, 0xE4, 0x15, 0x19, 0x6D, 0x35, 0x1C, 0xCD,
+      0x88, 0x8D, 0x4F, 0x53, 0xF3, 0xFA, 0x8A, 0xE6, 0xD7, 0xC4, 0x66, 0xA9, 0x4E, 0x60, 0x42, 0xBB },
+      83 /* Bin Number */
+  },
+  {
+    /* VeriSign_Class_3_Public_Primary_Certification_Authority___G3 */
+    { 0xEB, 0x04, 0xCF, 0x5E, 0xB1, 0xF3, 0x9A, 0xFA, 0x76, 0x2F, 0x2B, 0xB1, 0x20, 0xF2, 0x96, 0xCB,
+      0xA5, 0x20, 0xC1, 0xB9, 0x7D, 0xB1, 0x58, 0x95, 0x65, 0xB8, 0x1C, 0xB9, 0xA1, 0x7B, 0x72, 0x44 },
+      8 /* Bin Number */
+  },
+  {
+    /* OU_AC_RAIZ_FNMT_RCM_O_FNMT_RCM_C_ES */
+    { 0xEB, 0xC5, 0x57, 0x0C, 0x29, 0x01, 0x8C, 0x4D, 0x67, 0xB1, 0xAA, 0x12, 0x7B, 0xAF, 0x12, 0xF7,
+      0x03, 0xB4, 0x61, 0x1E, 0xBC, 0x17, 0xB7, 0xDA, 0xB5, 0x57, 0x38, 0x94, 0x17, 0x9B, 0x93, 0xFA },
+      182 /* Bin Number */
+  },
+  {
+    /* GlobalSign_Root_CA */
+    { 0xEB, 0xD4, 0x10, 0x40, 0xE4, 0xBB, 0x3E, 0xC7, 0x42, 0xC9, 0xE3, 0x81, 0xD3, 0x1E, 0xF2, 0xA4,
+      0x1A, 0x48, 0xB6, 0x68, 0x5C, 0x96, 0xE7, 0xCE, 0xF3, 0xC1, 0xDF, 0x6C, 0xD4, 0x33, 0x1C, 0x99 },
+      6 /* Bin Number */
+  },
+  {
+    /* TC_TrustCenter_Universal_CA_I */
+    { 0xEB, 0xF3, 0xC0, 0x2A, 0x87, 0x89, 0xB1, 0xFB, 0x7D, 0x51, 0x19, 0x95, 0xD6, 0x63, 0xB7, 0x29,
+      0x06, 0xD9, 0x13, 0xCE, 0x0D, 0x5E, 0x10, 0x56, 0x8A, 0x8A, 0x77, 0xE2, 0x58, 0x61, 0x67, 0xE7 },
+      74 /* Bin Number */
+  },
+  {
+    /* Juur_SK */
+    { 0xEC, 0xC3, 0xE9, 0xC3, 0x40, 0x75, 0x03, 0xBE, 0xE0, 0x91, 0xAA, 0x95, 0x2F, 0x41, 0x34, 0x8F,
+      0xF8, 0x8B, 0xAA, 0x86, 0x3B, 0x22, 0x64, 0xBE, 0xFA, 0xC8, 0x07, 0x90, 0x15, 0x74, 0xE9, 0x39 },
+      95 /* Bin Number */
+  },
+  {
+    /* Buypass_Class_3_Root_CA */
+    { 0xED, 0xF7, 0xEB, 0xBC, 0xA2, 0x7A, 0x2A, 0x38, 0x4D, 0x38, 0x7B, 0x7D, 0x40, 0x10, 0xC6, 0x66,
+      0xE2, 0xED, 0xB4, 0x84, 0x3E, 0x4C, 0x29, 0xB4, 0xAE, 0x1D, 0x5B, 0x93, 0x32, 0xE6, 0xB2, 0x4D },
+      126 /* Bin Number */
+  },
+  {
+    /* D_TRUST_Root_Class_3_CA_2_EV_2009 */
+    { 0xEE, 0xC5, 0x49, 0x6B, 0x98, 0x8C, 0xE9, 0x86, 0x25, 0xB9, 0x34, 0x09, 0x2E, 0xEC, 0x29, 0x08,
+      0xBE, 0xD0, 0xB0, 0xF3, 0x16, 0xC2, 0xD4, 0x73, 0x0C, 0x84, 0xEA, 0xF1, 0xF3, 0xD3, 0x48, 0x81 },
+      131 /* Bin Number */
+  },
+  {
+    /* Global_Chambersign_Root */
+    { 0xEF, 0x3C, 0xB4, 0x17, 0xFC, 0x8E, 0xBF, 0x6F, 0x97, 0x87, 0x6C, 0x9E, 0x4E, 0xCE, 0x39, 0xDE,
+      0x1E, 0xA5, 0xFE, 0x64, 0x91, 0x41, 0xD1, 0x02, 0x8B, 0x7D, 0x11, 0xC0, 0xB2, 0x29, 0x8C, 0xED },
+      40 /* Bin Number */
+  },
+  {
+    /* Swisscom_Root_CA_2 */
+    { 0xF0, 0x9B, 0x12, 0x2C, 0x71, 0x14, 0xF4, 0xA0, 0x9B, 0xD4, 0xEA, 0x4F, 0x4A, 0x99, 0xD5, 0x58,
+      0xB4, 0x6E, 0x4C, 0x25, 0xCD, 0x81, 0x14, 0x0D, 0x29, 0xC0, 0x56, 0x13, 0x91, 0x4C, 0x38, 0x41 },
+      134 /* Bin Number */
+  },
+  {
+    /* SecureTrust_CA */
+    { 0xF1, 0xC1, 0xB5, 0x0A, 0xE5, 0xA2, 0x0D, 0xD8, 0x03, 0x0E, 0xC9, 0xF6, 0xBC, 0x24, 0x82, 0x3D,
+      0xD3, 0x67, 0xB5, 0x25, 0x57, 0x59, 0xB4, 0xE7, 0x1B, 0x61, 0xFC, 0xE9, 0xF7, 0x37, 0x5D, 0x73 },
+      61 /* Bin Number */
+  },
+  {
+    /* Atos_TrustedRoot_2011 */
+    { 0xF3, 0x56, 0xBE, 0xA2, 0x44, 0xB7, 0xA9, 0x1E, 0xB3, 0x5D, 0x53, 0xCA, 0x9A, 0xD7, 0x86, 0x4A,
+      0xCE, 0x01, 0x8E, 0x2D, 0x35, 0xD5, 0xF8, 0xF9, 0x6D, 0xDF, 0x68, 0xA6, 0xF4, 0x1A, 0xA4, 0x74 },
+      143 /* Bin Number */
+  },
+  {
+    /* CA_Disig_Root_R1 */
+    { 0xF9, 0x6F, 0x23, 0xF4, 0xC3, 0xE7, 0x9C, 0x07, 0x7A, 0x46, 0x98, 0x8D, 0x5A, 0xF5, 0x90, 0x06,
+      0x76, 0xA0, 0xF0, 0x39, 0xCB, 0x64, 0x5D, 0xD1, 0x75, 0x49, 0xB2, 0x16, 0xC8, 0x24, 0x40, 0xCE },
+      136 /* Bin Number */
+  },
+  {
+    /* Hongkong_Post_Root_CA_1 */
+    { 0xF9, 0xE6, 0x7D, 0x33, 0x6C, 0x51, 0x00, 0x2A, 0xC0, 0x54, 0xC6, 0x32, 0x02, 0x2D, 0x66, 0xDD,
+      0xA2, 0xE7, 0xE3, 0xFF, 0xF1, 0x0A, 0xD0, 0x61, 0xED, 0x31, 0xD8, 0xBB, 0xB4, 0x10, 0xCF, 0xB2 },
+      96 /* Bin Number */
+  },
+  {
+    /* Certinomis___Autorit__Racine */
+    { 0xFC, 0xBF, 0xE2, 0x88, 0x62, 0x06, 0xF7, 0x2B, 0x27, 0x59, 0x3C, 0x8B, 0x07, 0x02, 0x97, 0xE1,
+      0x2D, 0x76, 0x9E, 0xD1, 0x0E, 0xD7, 0x93, 0x07, 0x05, 0xA8, 0x09, 0x8E, 0xFF, 0xC1, 0x4D, 0x17 },
+      114 /* Bin Number */
+  },
+  {
+    /* T_TeleSec_GlobalRoot_Class_3 */
+    { 0xFD, 0x73, 0xDA, 0xD3, 0x1C, 0x64, 0x4F, 0xF1, 0xB4, 0x3B, 0xEF, 0x0C, 0xCD, 0xDA, 0x96, 0x71,
+      0x0B, 0x9C, 0xD9, 0x87, 0x5E, 0xCA, 0x7E, 0x31, 0x70, 0x7A, 0xF3, 0xE9, 0x6D, 0x52, 0x2B, 0xBD },
+      127 /* Bin Number */
+  },
+  {
+    /* GeoTrust_Global_CA */
+    { 0xFF, 0x85, 0x6A, 0x2D, 0x25, 0x1D, 0xCD, 0x88, 0xD3, 0x66, 0x56, 0xF4, 0x50, 0x12, 0x67, 0x98,
+      0xCF, 0xAB, 0xAA, 0xDE, 0x40, 0x79, 0x9C, 0x72, 0x2D, 0xE4, 0xD2, 0xB5, 0xDB, 0x36, 0xA7, 0x3A },
+      20 /* Bin Number */
+  },
+};
+
diff --git a/security/manager/ssl/SSLServerCertVerification.cpp b/security/manager/ssl/SSLServerCertVerification.cpp
new file mode 100644
index 000000000..4ef79f54a
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.cpp
@@ -0,0 +1,1795 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// For connections that are not processed on the socket transport thread, we do
+// NOT use the async logic described below. Instead, we authenticate the
+// certificate on the thread that the connection's I/O happens on,
+// synchronously. This allows us to do certificate verification for blocking
+// (not non-blocking) sockets and sockets that have their I/O processed on a
+// thread other than the socket transport service thread. Also, we DO NOT
+// support blocking sockets on the socket transport service thread at all.
+//
+// During certificate authentication, we call CERT_PKIXVerifyCert or
+// CERT_VerifyCert. These functions may make zero or more HTTP requests
+// for OCSP responses, CRLs, intermediate certificates, etc. Our fetching logic
+// for these requests processes them on the socket transport service thread.
+//
+// If the connection for which we are verifying the certificate is happening
+// on the socket transport thread (the usually case, at least for HTTP), then
+// if our cert auth hook were to call the CERT_*Verify* functions directly,
+// there would be a deadlock: The CERT_*Verify* function would cause an event
+// to be asynchronously posted to the socket transport thread, and then it
+// would block the socket transport thread waiting to be notified of the HTTP
+// response. However, the HTTP request would never actually be processed
+// because the socket transport thread would be blocked and so it wouldn't be
+// able process HTTP requests. (i.e. Deadlock.)
+//
+// Consequently, when we are asked to verify a certificate on the socket
+// transport service thread, we must always call the CERT_*Verify* cert
+// functions on another thread. To accomplish this, our auth cert hook
+// dispatches a SSLServerCertVerificationJob to a pool of background threads,
+// and then immediately returns SECWouldBlock to libssl. These jobs are where
+// the CERT_*Verify* functions are actually called.
+//
+// When our auth cert hook returns SECWouldBlock, libssl will carry on the
+// handshake while we validate the certificate. This will free up the socket
+// transport thread so that HTTP requests--in particular, the OCSP/CRL/cert
+// requests needed for cert verification as mentioned above--can be processed.
+//
+// Once the CERT_*Verify* function returns, the cert verification job
+// dispatches a SSLServerCertVerificationResult to the socket transport thread;
+// the SSLServerCertVerificationResult will notify libssl that the certificate
+// authentication is complete. Once libssl is notified that the authentication
+// is complete, it will continue the SSL handshake (if it hasn't already
+// finished) and it will begin allowing us to send/receive data on the
+// connection.
+//
+// Timeline of events (for connections managed by the socket transport service):
+//
+//    * libssl calls SSLServerCertVerificationJob::Dispatch on the socket
+//      transport thread.
+//    * SSLServerCertVerificationJob::Dispatch queues a job
+//      (instance of SSLServerCertVerificationJob) to its background thread
+//      pool and returns.
+//    * One of the background threads calls CERT_*Verify*, which may enqueue
+//      some HTTP request(s) onto the socket transport thread, and then
+//      blocks that background thread waiting for the responses and/or timeouts
+//      or errors for those requests.
+//    * Once those HTTP responses have all come back or failed, the
+//      CERT_*Verify* function returns a result indicating that the validation
+//      succeeded or failed.
+//    * If the validation succeeded, then a SSLServerCertVerificationResult
+//      event is posted to the socket transport thread, and the cert
+//      verification thread becomes free to verify other certificates.
+//    * Otherwise, a CertErrorRunnable is posted to the socket transport thread
+//      and then to the main thread (blocking both, see CertErrorRunnable) to
+//      do cert override processing and bad cert listener notification. Then
+//      the cert verification thread becomes free to verify other certificates.
+//    * After processing cert overrides, the CertErrorRunnable will dispatch a
+//      SSLServerCertVerificationResult event to the socket transport thread to
+//      notify it of the result of the override processing; then it returns,
+//      freeing up the main thread.
+//    * The SSLServerCertVerificationResult event will either wake up the
+//      socket (using SSL_RestartHandshakeAfterServerCert) if validation
+//      succeeded or there was an error override, or it will set an error flag
+//      so that the next I/O operation on the socket will fail, causing the
+//      socket transport thread to close the connection.
+//
+// Cert override processing must happen on the main thread because it accesses
+// the nsICertOverrideService, and that service must be accessed on the main
+// thread because some extensions (Selenium, in particular) replace it with a
+// Javascript implementation, and chrome JS must always be run on the main
+// thread.
+//
+// SSLServerCertVerificationResult must be dispatched to the socket transport
+// thread because we must only call SSL_* functions on the socket transport
+// thread since they may do I/O, because many parts of nsNSSSocketInfo (the
+// subclass of TransportSecurityInfo used when validating certificates during
+// an SSL handshake) and the PSM NSS I/O layer are not thread-safe, and because
+// we need the event to interrupt the PR_Poll that may waiting for I/O on the
+// socket for which we are validating the cert.
+
+#include "SSLServerCertVerification.h"
+
+#include <cstring>
+
+#include "BRNameMatchingPolicy.h"
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "PSMRunnable.h"
+#include "RootCertificateTelemetryUtils.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "TransportSecurityInfo.h" // For RememberCertErrorsTable
+#include "cert.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/UniquePtr.h"
+#include "mozilla/Unused.h"
+#include "mozilla/net/DNS.h"
+#include "nsComponentManagerUtils.h"
+#include "nsContentUtils.h"
+#include "nsIBadCertListener2.h"
+#include "nsICertOverrideService.h"
+#include "nsISiteSecurityService.h"
+#include "nsISocketProvider.h"
+#include "nsIThreadPool.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+#include "nsNSSShutDown.h"
+#include "nsSSLStatus.h"
+#include "nsServiceManagerUtils.h"
+#include "nsURLHelper.h"
+#include "nsXPCOMCIDInternal.h"
+#include "pkix/pkix.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "secoidt.h"
+#include "secport.h"
+#include "ssl.h"
+#include "sslerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+using namespace mozilla::pkix;
+
+namespace mozilla { namespace psm {
+
+namespace {
+
+// do not use a nsCOMPtr to avoid static initializer/destructor
+nsIThreadPool* gCertVerificationThreadPool = nullptr;
+
+// We avoid using a mutex for the success case to avoid lock-related
+// performance issues. However, we do use a lock in the error case to simplify
+// the code, since performance in the error case is not important.
+Mutex* gSSLVerificationTelemetryMutex = nullptr;
+
+// We add a mutex to serialize PKCS11 database operations
+Mutex* gSSLVerificationPK11Mutex = nullptr;
+
+} // unnamed namespace
+
+// Called when the socket transport thread starts, to initialize the SSL cert
+// verification thread pool. By tying the thread pool startup/shutdown directly
+// to the STS thread's lifetime, we ensure that they are *always* available for
+// SSL connections and that there are no races during startup and especially
+// shutdown. (Previously, we have had multiple problems with races in PSM
+// background threads, and the race-prevention/shutdown logic used there is
+// brittle. Since this service is critical to things like downloading updates,
+// we take no chances.) Also, by doing things this way, we avoid the need for
+// locks, since gCertVerificationThreadPool is only ever accessed on the socket
+// transport thread.
+void
+InitializeSSLServerCertVerificationThreads()
+{
+  gSSLVerificationTelemetryMutex = new Mutex("SSLVerificationTelemetryMutex");
+  gSSLVerificationPK11Mutex = new Mutex("SSLVerificationPK11Mutex");
+  // TODO: tuning, make parameters preferences
+  // XXX: instantiate nsThreadPool directly, to make this more bulletproof.
+  // Currently, the nsThreadPool.h header isn't exported for us to do so.
+  nsresult rv = CallCreateInstance(NS_THREADPOOL_CONTRACTID,
+                                   &gCertVerificationThreadPool);
+  if (NS_FAILED(rv)) {
+    NS_WARNING("Failed to create SSL cert verification threads.");
+    return;
+  }
+
+  (void) gCertVerificationThreadPool->SetIdleThreadLimit(5);
+  (void) gCertVerificationThreadPool->SetIdleThreadTimeout(30 * 1000);
+  (void) gCertVerificationThreadPool->SetThreadLimit(5);
+  (void) gCertVerificationThreadPool->SetName(NS_LITERAL_CSTRING("SSL Cert"));
+}
+
+// Called when the socket transport thread finishes, to destroy the thread
+// pool. Since the socket transport service has stopped processing events, it
+// will not attempt any more SSL I/O operations, so it is clearly safe to shut
+// down the SSL cert verification infrastructure. Also, the STS will not
+// dispatch many SSL verification result events at this point, so any pending
+// cert verifications will (correctly) fail at the point they are dispatched.
+//
+// The other shutdown race condition that is possible is a race condition with
+// shutdown of the nsNSSComponent service. We use the
+// nsNSSShutdownPreventionLock where needed (not here) to prevent that.
+void StopSSLServerCertVerificationThreads()
+{
+  if (gCertVerificationThreadPool) {
+    gCertVerificationThreadPool->Shutdown();
+    NS_RELEASE(gCertVerificationThreadPool);
+  }
+  if (gSSLVerificationTelemetryMutex) {
+    delete gSSLVerificationTelemetryMutex;
+    gSSLVerificationTelemetryMutex = nullptr;
+  }
+  if (gSSLVerificationPK11Mutex) {
+    delete gSSLVerificationPK11Mutex;
+    gSSLVerificationPK11Mutex = nullptr;
+  }
+}
+
+namespace {
+
+void
+LogInvalidCertError(nsNSSSocketInfo* socketInfo,
+                    PRErrorCode errorCode,
+                    ::mozilla::psm::SSLErrorMessageType errorMessageType)
+{
+  nsString message;
+  socketInfo->GetErrorLogMessage(errorCode, errorMessageType, message);
+  if (!message.IsEmpty()) {
+    nsContentUtils::LogSimpleConsoleError(message, "SSL");
+  }
+}
+
+// Dispatched to the STS thread to notify the infoObject of the verification
+// result.
+//
+// This will cause the PR_Poll in the STS thread to return, so things work
+// correctly even if the STS thread is blocked polling (only) on the file
+// descriptor that is waiting for this result.
+class SSLServerCertVerificationResult : public Runnable
+{
+public:
+  NS_DECL_NSIRUNNABLE
+
+  SSLServerCertVerificationResult(nsNSSSocketInfo* infoObject,
+                                  PRErrorCode errorCode,
+                                  Telemetry::ID telemetryID = Telemetry::HistogramCount,
+                                  uint32_t telemetryValue = -1,
+                                  SSLErrorMessageType errorMessageType =
+                                      PlainErrorMessage);
+
+  void Dispatch();
+private:
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+public:
+  const PRErrorCode mErrorCode;
+  const SSLErrorMessageType mErrorMessageType;
+  const Telemetry::ID mTelemetryID;
+  const uint32_t mTelemetryValue;
+};
+
+class CertErrorRunnable : public SyncRunnableBase
+{
+ public:
+  CertErrorRunnable(const void* fdForLogging,
+                    nsIX509Cert* cert,
+                    nsNSSSocketInfo* infoObject,
+                    PRErrorCode defaultErrorCodeToReport,
+                    uint32_t collectedErrors,
+                    PRErrorCode errorCodeTrust,
+                    PRErrorCode errorCodeMismatch,
+                    PRErrorCode errorCodeTime,
+                    uint32_t providerFlags)
+    : mFdForLogging(fdForLogging), mCert(cert), mInfoObject(infoObject),
+      mDefaultErrorCodeToReport(defaultErrorCodeToReport),
+      mCollectedErrors(collectedErrors),
+      mErrorCodeTrust(errorCodeTrust),
+      mErrorCodeMismatch(errorCodeMismatch),
+      mErrorCodeTime(errorCodeTime),
+      mProviderFlags(providerFlags)
+  {
+  }
+
+  virtual void RunOnTargetThread();
+  RefPtr<SSLServerCertVerificationResult> mResult; // out
+private:
+  SSLServerCertVerificationResult* CheckCertOverrides();
+
+  const void* const mFdForLogging; // may become an invalid pointer; do not dereference
+  const nsCOMPtr<nsIX509Cert> mCert;
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+  const PRErrorCode mDefaultErrorCodeToReport;
+  const uint32_t mCollectedErrors;
+  const PRErrorCode mErrorCodeTrust;
+  const PRErrorCode mErrorCodeMismatch;
+  const PRErrorCode mErrorCodeTime;
+  const uint32_t mProviderFlags;
+};
+
+// A probe value of 1 means "no error".
+uint32_t
+MapOverridableErrorToProbeValue(PRErrorCode errorCode)
+{
+  switch (errorCode)
+  {
+    case SEC_ERROR_UNKNOWN_ISSUER:                     return  2;
+    case SEC_ERROR_CA_CERT_INVALID:                    return  3;
+    case SEC_ERROR_UNTRUSTED_ISSUER:                   return  4;
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:         return  5;
+    case SEC_ERROR_UNTRUSTED_CERT:                     return  6;
+    case SEC_ERROR_INADEQUATE_KEY_USAGE:               return  7;
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:  return  8;
+    case SSL_ERROR_BAD_CERT_DOMAIN:                    return  9;
+    case SEC_ERROR_EXPIRED_CERTIFICATE:                return 10;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY: return 11;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA: return 12;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE: return 13;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: return 14;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+      return 15;
+    case SEC_ERROR_INVALID_TIME: return 16;
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME: return 17;
+  }
+  NS_WARNING("Unknown certificate error code. Does MapOverridableErrorToProbeValue "
+             "handle everything in DetermineCertOverrideErrors?");
+  return 0;
+}
+
+static uint32_t
+MapCertErrorToProbeValue(PRErrorCode errorCode)
+{
+  uint32_t probeValue;
+  switch (errorCode)
+  {
+    // see security/pkix/include/pkix/Result.h
+#define MOZILLA_PKIX_MAP(name, value, nss_name) case nss_name: probeValue = value; break;
+    MOZILLA_PKIX_MAP_LIST
+#undef MOZILLA_PKIX_MAP
+    default: return 0;
+  }
+
+  // Since FATAL_ERROR_FLAG is 0x800, fatal error values are much larger than
+  // non-fatal error values. To conserve space, we remap these so they start at
+  // (decimal) 90 instead of 0x800. Currently there are ~50 non-fatal errors
+  // mozilla::pkix might return, so saving space for 90 should be sufficient
+  // (similarly, there are 4 fatal errors, so saving space for 10 should also
+  // be sufficient).
+  static_assert(FATAL_ERROR_FLAG == 0x800,
+                "mozilla::pkix::FATAL_ERROR_FLAG is not what we were expecting");
+  if (probeValue & FATAL_ERROR_FLAG) {
+    probeValue ^= FATAL_ERROR_FLAG;
+    probeValue += 90;
+  }
+  return probeValue;
+}
+
+SECStatus
+DetermineCertOverrideErrors(const UniqueCERTCertificate& cert,
+                            const char* hostName,
+                            PRTime now, PRErrorCode defaultErrorCodeToReport,
+                            /*out*/ uint32_t& collectedErrors,
+                            /*out*/ PRErrorCode& errorCodeTrust,
+                            /*out*/ PRErrorCode& errorCodeMismatch,
+                            /*out*/ PRErrorCode& errorCodeTime)
+{
+  MOZ_ASSERT(cert);
+  MOZ_ASSERT(hostName);
+  MOZ_ASSERT(collectedErrors == 0);
+  MOZ_ASSERT(errorCodeTrust == 0);
+  MOZ_ASSERT(errorCodeMismatch == 0);
+  MOZ_ASSERT(errorCodeTime == 0);
+
+  // Assumes the error prioritization described in mozilla::pkix's
+  // BuildForward function. Also assumes that CheckCertHostname was only
+  // called if CertVerifier::VerifyCert succeeded.
+  switch (defaultErrorCodeToReport) {
+    case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME:
+    {
+      collectedErrors = nsICertOverrideService::ERROR_UNTRUSTED;
+      errorCodeTrust = defaultErrorCodeToReport;
+
+      SECCertTimeValidity validity = CERT_CheckCertValidTimes(cert.get(), now,
+                                                              false);
+      if (validity == secCertTimeUndetermined) {
+        // This only happens if cert is null. CERT_CheckCertValidTimes will
+        // have set the error code to SEC_ERROR_INVALID_ARGS. We should really
+        // be using mozilla::pkix here anyway.
+        MOZ_ASSERT(PR_GetError() == SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+      }
+      if (validity == secCertTimeExpired) {
+        collectedErrors |= nsICertOverrideService::ERROR_TIME;
+        errorCodeTime = SEC_ERROR_EXPIRED_CERTIFICATE;
+      } else if (validity == secCertTimeNotValidYet) {
+        collectedErrors |= nsICertOverrideService::ERROR_TIME;
+        errorCodeTime =
+          mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE;
+      }
+      break;
+    }
+
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
+      collectedErrors = nsICertOverrideService::ERROR_TIME;
+      errorCodeTime = defaultErrorCodeToReport;
+      break;
+
+    case SSL_ERROR_BAD_CERT_DOMAIN:
+      collectedErrors = nsICertOverrideService::ERROR_MISMATCH;
+      errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;
+      break;
+
+    case 0:
+      NS_ERROR("No error code set during certificate validation failure.");
+      PR_SetError(PR_INVALID_STATE_ERROR, 0);
+      return SECFailure;
+
+    default:
+      PR_SetError(defaultErrorCodeToReport, 0);
+      return SECFailure;
+  }
+
+  if (defaultErrorCodeToReport != SSL_ERROR_BAD_CERT_DOMAIN) {
+    Input certInput;
+    if (certInput.Init(cert->derCert.data, cert->derCert.len) != Success) {
+      PR_SetError(SEC_ERROR_BAD_DER, 0);
+      return SECFailure;
+    }
+    Input hostnameInput;
+    Result result = hostnameInput.Init(
+      BitwiseCast<const uint8_t*, const char*>(hostName),
+      strlen(hostName));
+    if (result != Success) {
+      PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+      return SECFailure;
+    }
+    // Use a lax policy so as to not generate potentially spurious name
+    // mismatch "hints".
+    BRNameMatchingPolicy nameMatchingPolicy(
+      BRNameMatchingPolicy::Mode::DoNotEnforce);
+    // CheckCertHostname expects that its input represents a certificate that
+    // has already been successfully validated by BuildCertChain. This is
+    // obviously not the case, however, because we're in the error path of
+    // certificate verification. Thus, this is problematic. In the future, it
+    // would be nice to remove this optimistic additional error checking and
+    // simply punt to the front-end, which can more easily (and safely) perform
+    // extra checks to give the user hints as to why verification failed.
+    result = CheckCertHostname(certInput, hostnameInput, nameMatchingPolicy);
+    // Treat malformed name information as a domain mismatch.
+    if (result == Result::ERROR_BAD_DER ||
+        result == Result::ERROR_BAD_CERT_DOMAIN) {
+      collectedErrors |= nsICertOverrideService::ERROR_MISMATCH;
+      errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;
+    } else if (IsFatalError(result)) {
+      // Because its input has not been validated by BuildCertChain,
+      // CheckCertHostname can return an error that is less important than the
+      // original certificate verification error. Only return an error result
+      // from this function if we've encountered a fatal error.
+      PR_SetError(MapResultToPRErrorCode(result), 0);
+      return SECFailure;
+    }
+  }
+
+  return SECSuccess;
+}
+
+SSLServerCertVerificationResult*
+CertErrorRunnable::CheckCertOverrides()
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p][%p] top of CheckCertOverrides\n",
+                                    mFdForLogging, this));
+  // "Use" mFdForLogging in non-PR_LOGGING builds, too, to suppress
+  // clang's -Wunused-private-field build warning for this variable:
+  Unused << mFdForLogging;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("CertErrorRunnable::CheckCertOverrides called off main thread");
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+
+  int32_t port;
+  mInfoObject->GetPort(&port);
+
+  nsAutoCString hostWithPortString(mInfoObject->GetHostName());
+  hostWithPortString.Append(':');
+  hostWithPortString.AppendInt(port);
+
+  uint32_t remaining_display_errors = mCollectedErrors;
+
+
+  // If this is an HTTP Strict Transport Security host or a pinned host and the
+  // certificate is bad, don't allow overrides (RFC 6797 section 12.1,
+  // HPKP draft spec section 2.6).
+  bool strictTransportSecurityEnabled = false;
+  bool hasPinningInformation = false;
+  nsCOMPtr<nsISiteSecurityService> sss(do_GetService(NS_SSSERVICE_CONTRACTID));
+  if (!sss) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] couldn't get nsISiteSecurityService to check for HSTS/HPKP\n",
+            mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+  nsresult nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HSTS,
+                                    mInfoObject->GetHostNameRaw(),
+                                    mProviderFlags,
+                                    nullptr,
+                                    &strictTransportSecurityEnabled);
+  if (NS_FAILED(nsrv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] checking for HSTS failed\n", mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+  nsrv = sss->IsSecureHost(nsISiteSecurityService::HEADER_HPKP,
+                           mInfoObject->GetHostNameRaw(),
+                           mProviderFlags,
+                           nullptr,
+                           &hasPinningInformation);
+  if (NS_FAILED(nsrv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] checking for HPKP failed\n", mFdForLogging, this));
+    return new SSLServerCertVerificationResult(mInfoObject,
+                                               mDefaultErrorCodeToReport);
+  }
+
+  if (!strictTransportSecurityEnabled && !hasPinningInformation) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] no HSTS or HPKP - overrides allowed\n",
+            mFdForLogging, this));
+    nsCOMPtr<nsICertOverrideService> overrideService =
+      do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+    // it is fine to continue without the nsICertOverrideService
+
+    uint32_t overrideBits = 0;
+
+    if (overrideService)
+    {
+      bool haveOverride;
+      bool isTemporaryOverride; // we don't care
+      const nsACString& hostString(mInfoObject->GetHostName());
+      nsrv = overrideService->HasMatchingOverride(hostString, port,
+                                                  mCert,
+                                                  &overrideBits,
+                                                  &isTemporaryOverride,
+                                                  &haveOverride);
+      if (NS_SUCCEEDED(nsrv) && haveOverride)
+      {
+       // remove the errors that are already overriden
+        remaining_display_errors &= ~overrideBits;
+      }
+    }
+
+    if (!remaining_display_errors) {
+      // This can double- or triple-count one certificate with multiple
+      // different types of errors. Since this is telemetry and we just
+      // want a ballpark answer, we don't care.
+      if (mErrorCodeTrust != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTrust);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+      if (mErrorCodeMismatch != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeMismatch);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+      if (mErrorCodeTime != 0) {
+        uint32_t probeValue = MapOverridableErrorToProbeValue(mErrorCodeTime);
+        Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, probeValue);
+      }
+
+      // all errors are covered by override rules, so let's accept the cert
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("[%p][%p] All errors covered by override rules\n",
+             mFdForLogging, this));
+      return new SSLServerCertVerificationResult(mInfoObject, 0);
+    }
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p][%p] HSTS or HPKP - no overrides allowed\n",
+            mFdForLogging, this));
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p][%p] Certificate error was not overridden\n",
+         mFdForLogging, this));
+
+  // Ok, this is a full stop.
+  // First, deliver the technical details of the broken SSL status.
+
+  // Try to get a nsIBadCertListener2 implementation from the socket consumer.
+  nsCOMPtr<nsISSLSocketControl> sslSocketControl = do_QueryInterface(
+    NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, mInfoObject));
+  if (sslSocketControl) {
+    nsCOMPtr<nsIInterfaceRequestor> cb;
+    sslSocketControl->GetNotificationCallbacks(getter_AddRefs(cb));
+    if (cb) {
+      nsCOMPtr<nsIBadCertListener2> bcl = do_GetInterface(cb);
+      if (bcl) {
+        nsIInterfaceRequestor* csi
+          = static_cast<nsIInterfaceRequestor*>(mInfoObject);
+        bool suppressMessage = false; // obsolete, ignored
+        nsrv = bcl->NotifyCertProblem(csi, mInfoObject->SSLStatus(),
+                                      hostWithPortString, &suppressMessage);
+      }
+    }
+  }
+
+  // pick the error code to report by priority
+  PRErrorCode errorCodeToReport = mErrorCodeTrust    ? mErrorCodeTrust
+                                : mErrorCodeMismatch ? mErrorCodeMismatch
+                                : mErrorCodeTime     ? mErrorCodeTime
+                                : mDefaultErrorCodeToReport;
+
+  SSLServerCertVerificationResult* result =
+    new SSLServerCertVerificationResult(mInfoObject,
+                                        errorCodeToReport,
+                                        Telemetry::HistogramCount,
+                                        -1,
+                                        OverridableCertErrorMessage);
+
+  LogInvalidCertError(mInfoObject,
+                      result->mErrorCode,
+                      result->mErrorMessageType);
+
+  return result;
+}
+
+void
+CertErrorRunnable::RunOnTargetThread()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  mResult = CheckCertOverrides();
+
+  MOZ_ASSERT(mResult);
+}
+
+// Returns null with the error code (PR_GetError()) set if it does not create
+// the CertErrorRunnable.
+CertErrorRunnable*
+CreateCertErrorRunnable(CertVerifier& certVerifier,
+                        PRErrorCode defaultErrorCodeToReport,
+                        nsNSSSocketInfo* infoObject,
+                        const UniqueCERTCertificate& cert,
+                        const void* fdForLogging,
+                        uint32_t providerFlags,
+                        PRTime now)
+{
+  MOZ_ASSERT(infoObject);
+  MOZ_ASSERT(cert);
+
+  uint32_t probeValue = MapCertErrorToProbeValue(defaultErrorCodeToReport);
+  Telemetry::Accumulate(Telemetry::SSL_CERT_VERIFICATION_ERRORS, probeValue);
+
+  uint32_t collected_errors = 0;
+  PRErrorCode errorCodeTrust = 0;
+  PRErrorCode errorCodeMismatch = 0;
+  PRErrorCode errorCodeTime = 0;
+  if (DetermineCertOverrideErrors(cert, infoObject->GetHostNameRaw(), now,
+                                  defaultErrorCodeToReport, collected_errors,
+                                  errorCodeTrust, errorCodeMismatch,
+                                  errorCodeTime) != SECSuccess) {
+    // Attempt to enforce that if DetermineCertOverrideErrors failed,
+    // PR_SetError was set with a non-overridable error. This is because if we
+    // return from CreateCertErrorRunnable without calling
+    // infoObject->SetStatusErrorBits, we won't have the required information
+    // to actually add a certificate error override. This results in a broken
+    // UI which is annoying but not a security disaster.
+    MOZ_ASSERT(!ErrorIsOverridable(PR_GetError()));
+    return nullptr;
+  }
+
+  RefPtr<nsNSSCertificate> nssCert(nsNSSCertificate::Create(cert.get()));
+  if (!nssCert) {
+    NS_ERROR("nsNSSCertificate::Create failed");
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return nullptr;
+  }
+
+  if (!collected_errors) {
+    // This will happen when CERT_*Verify* only returned error(s) that are
+    // not on our whitelist of overridable certificate errors.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] !collected_errors: %d\n",
+           fdForLogging, static_cast<int>(defaultErrorCodeToReport)));
+    PR_SetError(defaultErrorCodeToReport, 0);
+    return nullptr;
+  }
+
+  infoObject->SetStatusErrorBits(nssCert, collected_errors);
+
+  return new CertErrorRunnable(fdForLogging,
+                               static_cast<nsIX509Cert*>(nssCert.get()),
+                               infoObject, defaultErrorCodeToReport,
+                               collected_errors, errorCodeTrust,
+                               errorCodeMismatch, errorCodeTime,
+                               providerFlags);
+}
+
+// When doing async cert processing, we dispatch one of these runnables to the
+// socket transport service thread, which blocks the socket transport
+// service thread while it waits for the inner CertErrorRunnable to execute
+// CheckCertOverrides on the main thread. CheckCertOverrides must block events
+// on both of these threads because it calls TransportSecurityInfo::GetInterface(),
+// which may call nsHttpConnection::GetInterface() through
+// TransportSecurityInfo::mCallbacks. nsHttpConnection::GetInterface must always
+// execute on the main thread, with the socket transport service thread
+// blocked.
+class CertErrorRunnableRunnable : public Runnable
+{
+public:
+  explicit CertErrorRunnableRunnable(CertErrorRunnable* certErrorRunnable)
+    : mCertErrorRunnable(certErrorRunnable)
+  {
+  }
+private:
+  NS_IMETHOD Run() override
+  {
+    nsresult rv = mCertErrorRunnable->DispatchToMainThreadAndWait();
+    // The result must run on the socket transport thread, which we are already
+    // on, so we can just run it directly, instead of dispatching it.
+    if (NS_SUCCEEDED(rv)) {
+      rv = mCertErrorRunnable->mResult ? mCertErrorRunnable->mResult->Run()
+                                       : NS_ERROR_UNEXPECTED;
+    }
+    return rv;
+  }
+  RefPtr<CertErrorRunnable> mCertErrorRunnable;
+};
+
+class SSLServerCertVerificationJob : public Runnable
+{
+public:
+  // Must be called only on the socket transport thread
+  static SECStatus Dispatch(const RefPtr<SharedCertVerifier>& certVerifier,
+                            const void* fdForLogging,
+                            nsNSSSocketInfo* infoObject,
+                            const UniqueCERTCertificate& serverCert,
+                            const UniqueCERTCertList& peerCertChain,
+                            const SECItem* stapledOCSPResponse,
+                            const SECItem* sctsFromTLSExtension,
+                            uint32_t providerFlags,
+                            Time time,
+                            PRTime prtime);
+private:
+  NS_DECL_NSIRUNNABLE
+
+  // Must be called only on the socket transport thread
+  SSLServerCertVerificationJob(const RefPtr<SharedCertVerifier>& certVerifier,
+                               const void* fdForLogging,
+                               nsNSSSocketInfo* infoObject,
+                               const UniqueCERTCertificate& cert,
+                               UniqueCERTCertList peerCertChain,
+                               const SECItem* stapledOCSPResponse,
+                               const SECItem* sctsFromTLSExtension,
+                               uint32_t providerFlags,
+                               Time time,
+                               PRTime prtime);
+  const RefPtr<SharedCertVerifier> mCertVerifier;
+  const void* const mFdForLogging;
+  const RefPtr<nsNSSSocketInfo> mInfoObject;
+  const UniqueCERTCertificate mCert;
+  UniqueCERTCertList mPeerCertChain;
+  const uint32_t mProviderFlags;
+  const Time mTime;
+  const PRTime mPRTime;
+  const TimeStamp mJobStartTime;
+  const UniqueSECItem mStapledOCSPResponse;
+  const UniqueSECItem mSCTsFromTLSExtension;
+};
+
+SSLServerCertVerificationJob::SSLServerCertVerificationJob(
+    const RefPtr<SharedCertVerifier>& certVerifier, const void* fdForLogging,
+    nsNSSSocketInfo* infoObject, const UniqueCERTCertificate& cert,
+    UniqueCERTCertList peerCertChain, const SECItem* stapledOCSPResponse,
+    const SECItem* sctsFromTLSExtension,
+    uint32_t providerFlags, Time time, PRTime prtime)
+  : mCertVerifier(certVerifier)
+  , mFdForLogging(fdForLogging)
+  , mInfoObject(infoObject)
+  , mCert(CERT_DupCertificate(cert.get()))
+  , mPeerCertChain(Move(peerCertChain))
+  , mProviderFlags(providerFlags)
+  , mTime(time)
+  , mPRTime(prtime)
+  , mJobStartTime(TimeStamp::Now())
+  , mStapledOCSPResponse(SECITEM_DupItem(stapledOCSPResponse))
+  , mSCTsFromTLSExtension(SECITEM_DupItem(sctsFromTLSExtension))
+{
+}
+
+// This function assumes that we will only use the SPDY connection coalescing
+// feature on connections where we have negotiated SPDY using NPN. If we ever
+// talk SPDY without having negotiated it with SPDY, this code will give wrong
+// and perhaps unsafe results.
+//
+// Returns SECSuccess on the initial handshake of all connections, on
+// renegotiations for any connections where we did not negotiate SPDY, or on any
+// SPDY connection where the server's certificate did not change.
+//
+// Prohibit changing the server cert only if we negotiated SPDY,
+// in order to support SPDY's cross-origin connection pooling.
+static SECStatus
+BlockServerCertChangeForSpdy(nsNSSSocketInfo* infoObject,
+                             const UniqueCERTCertificate& serverCert)
+{
+  // Get the existing cert. If there isn't one, then there is
+  // no cert change to worry about.
+  nsCOMPtr<nsIX509Cert> cert;
+
+  RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+  if (!status) {
+    // If we didn't have a status, then this is the
+    // first handshake on this connection, not a
+    // renegotiation.
+    return SECSuccess;
+  }
+
+  status->GetServerCert(getter_AddRefs(cert));
+  if (!cert) {
+    NS_NOTREACHED("every nsSSLStatus must have a cert"
+                  "that implements nsIX509Cert");
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  // Filter out sockets that did not neogtiate SPDY via NPN
+  nsAutoCString negotiatedNPN;
+  nsresult rv = infoObject->GetNegotiatedNPN(negotiatedNPN);
+  NS_ASSERTION(NS_SUCCEEDED(rv),
+               "GetNegotiatedNPN() failed during renegotiation");
+
+  if (NS_SUCCEEDED(rv) && !StringBeginsWith(negotiatedNPN,
+                                            NS_LITERAL_CSTRING("spdy/"))) {
+    return SECSuccess;
+  }
+  // If GetNegotiatedNPN() failed we will assume spdy for safety's safe
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BlockServerCertChangeForSpdy failed GetNegotiatedNPN() call."
+            " Assuming spdy.\n"));
+  }
+
+  // Check to see if the cert has actually changed
+  UniqueCERTCertificate c(cert->GetCert());
+  NS_ASSERTION(c, "very bad and hopefully impossible state");
+  bool sameCert = CERT_CompareCerts(c.get(), serverCert.get());
+  if (sameCert) {
+    return SECSuccess;
+  }
+
+  // Report an error - changed cert is confirmed
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("SPDY Refused to allow new cert during renegotiation\n"));
+  PR_SetError(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, 0);
+  return SECFailure;
+}
+
+void
+AccumulateSubjectCommonNameTelemetry(const char* commonName,
+                                     bool commonNameInSubjectAltNames)
+{
+  if (!commonName) {
+    // 1 means no common name present
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 1);
+  } else if (!commonNameInSubjectAltNames) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: common name '%s' not in subject alt. names "
+            "(or the subject alt. names extension is not present)\n",
+            commonName));
+    // 2 means the common name is not present in subject alt names
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 2);
+  } else {
+    // 0 means the common name is present in subject alt names
+    Telemetry::Accumulate(Telemetry::BR_9_2_2_SUBJECT_COMMON_NAME, 0);
+  }
+}
+
+// Returns true if and only if commonName ends with altName (minus its leading
+// "*"). altName has already been checked to be of the form "*.<something>".
+// commonName may be NULL.
+static bool
+TryMatchingWildcardSubjectAltName(const char* commonName,
+                                  const nsACString& altName)
+{
+  return commonName &&
+         StringEndsWith(nsDependentCString(commonName), Substring(altName, 1));
+}
+
+// Gathers telemetry on Baseline Requirements 9.2.1 (Subject Alternative
+// Names Extension) and 9.2.2 (Subject Common Name Field).
+// Specifically:
+//  - whether or not the subject common name field is present
+//  - whether or not the subject alternative names extension is present
+//  - if there is a malformed entry in the subject alt. names extension
+//  - if there is an entry in the subject alt. names extension corresponding
+//    to the subject common name
+// Telemetry is only gathered for certificates that chain to a trusted root
+// in Mozilla's Root CA program.
+// certList consists of a validated certificate chain. The end-entity
+// certificate is first and the root (trust anchor) is last.
+void
+GatherBaselineRequirementsTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) ||
+              CERT_LIST_END(rootNode, certList)));
+  if (CERT_LIST_END(endEntityNode, certList) ||
+      CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* cert = endEntityNode->cert;
+  PR_ASSERT(cert);
+  if (!cert) {
+    return;
+  }
+  UniquePORTString commonName(CERT_GetCommonName(&cert->subject));
+  // This only applies to certificates issued by authorities in our root
+  // program.
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  bool isBuiltIn = false;
+  Result result = IsCertBuiltInRoot(rootCert, isBuiltIn);
+  if (result != Success || !isBuiltIn) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: root certificate for '%s' is not a built-in root "
+            "(or IsCertBuiltInRoot failed)\n", commonName.get()));
+    return;
+  }
+  ScopedAutoSECItem altNameExtension;
+  SECStatus rv = CERT_FindCertExtension(cert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                        &altNameExtension);
+  if (rv != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: no subject alt names extension for '%s'\n",
+            commonName.get()));
+    // 1 means there is no subject alt names extension
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 1);
+    AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
+    return;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  CERTGeneralName* subjectAltNames =
+    CERT_DecodeAltNameExtension(arena.get(), &altNameExtension);
+  if (!subjectAltNames) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("BR telemetry: could not decode subject alt names for '%s'\n",
+            commonName.get()));
+    // 2 means the subject alt names extension could not be decoded
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 2);
+    AccumulateSubjectCommonNameTelemetry(commonName.get(), false);
+    return;
+  }
+
+  CERTGeneralName* currentName = subjectAltNames;
+  bool commonNameInSubjectAltNames = false;
+  bool nonDNSNameOrIPAddressPresent = false;
+  bool malformedDNSNameOrIPAddressPresent = false;
+  bool nonFQDNPresent = false;
+  do {
+    nsAutoCString altName;
+    if (currentName->type == certDNSName) {
+      altName.Assign(BitwiseCast<char*, unsigned char*>(
+                       currentName->name.other.data),
+                     currentName->name.other.len);
+      nsDependentCString altNameWithoutWildcard(altName, 0);
+      if (StringBeginsWith(altNameWithoutWildcard, NS_LITERAL_CSTRING("*."))) {
+        altNameWithoutWildcard.Rebind(altName, 2);
+        commonNameInSubjectAltNames |=
+          TryMatchingWildcardSubjectAltName(commonName.get(), altName);
+      }
+      // net_IsValidHostName appears to return true for valid IP addresses,
+      // which would be invalid for a DNS name.
+      // Note that the net_IsValidHostName check will catch things like
+      // "a.*.example.com".
+      if (!net_IsValidHostName(altNameWithoutWildcard) ||
+          net_IsValidIPv4Addr(altName.get(), altName.Length()) ||
+          net_IsValidIPv6Addr(altName.get(), altName.Length())) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: DNSName '%s' not valid (for '%s')\n",
+                altName.get(), commonName.get()));
+        malformedDNSNameOrIPAddressPresent = true;
+      }
+      if (!altName.Contains('.')) {
+        nonFQDNPresent = true;
+      }
+    } else if (currentName->type == certIPAddress) {
+      // According to DNS.h, this includes space for the null-terminator
+      char buf[net::kNetAddrMaxCStrBufSize] = { 0 };
+      PRNetAddr addr;
+      if (currentName->name.other.len == 4) {
+        addr.inet.family = PR_AF_INET;
+        memcpy(&addr.inet.ip, currentName->name.other.data,
+               currentName->name.other.len);
+        if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress (v4) not valid (for '%s')\n",
+                commonName.get()));
+          malformedDNSNameOrIPAddressPresent = true;
+        } else {
+          altName.Assign(buf);
+        }
+      } else if (currentName->name.other.len == 16) {
+        addr.inet.family = PR_AF_INET6;
+        memcpy(&addr.ipv6.ip, currentName->name.other.data,
+               currentName->name.other.len);
+        if (PR_NetAddrToString(&addr, buf, sizeof(buf) - 1) != PR_SUCCESS) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress (v6) not valid (for '%s')\n",
+                commonName.get()));
+          malformedDNSNameOrIPAddressPresent = true;
+        } else {
+          altName.Assign(buf);
+        }
+      } else {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("BR telemetry: IPAddress not valid (for '%s')\n",
+                commonName.get()));
+        malformedDNSNameOrIPAddressPresent = true;
+      }
+    } else {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("BR telemetry: non-DNSName, non-IPAddress present for '%s'\n",
+              commonName.get()));
+      nonDNSNameOrIPAddressPresent = true;
+    }
+    if (commonName && altName.Equals(commonName.get())) {
+      commonNameInSubjectAltNames = true;
+    }
+    currentName = CERT_GetNextGeneralName(currentName);
+  } while (currentName && currentName != subjectAltNames);
+
+  if (nonDNSNameOrIPAddressPresent) {
+    // 3 means there's an entry that isn't an ip address or dns name
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 3);
+  }
+  if (malformedDNSNameOrIPAddressPresent) {
+    // 4 means there's a malformed ip address or dns name entry
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 4);
+  }
+  if (nonFQDNPresent) {
+    // 5 means there's a DNS name entry with a non-fully-qualified domain name
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 5);
+  }
+  if (!nonDNSNameOrIPAddressPresent && !malformedDNSNameOrIPAddressPresent &&
+      !nonFQDNPresent) {
+    // 0 means the extension is acceptable
+    Telemetry::Accumulate(Telemetry::BR_9_2_1_SUBJECT_ALT_NAMES, 0);
+  }
+
+  AccumulateSubjectCommonNameTelemetry(commonName.get(),
+                                       commonNameInSubjectAltNames);
+}
+
+// Gather telemetry on whether the end-entity cert for a server has the
+// required TLS Server Authentication EKU, or any others
+void
+GatherEKUTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(!(CERT_LIST_END(endEntityNode, certList) ||
+              CERT_LIST_END(rootNode, certList)));
+  if (CERT_LIST_END(endEntityNode, certList) ||
+      CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* endEntityCert = endEntityNode->cert;
+  PR_ASSERT(endEntityCert);
+  if (!endEntityCert) {
+    return;
+  }
+
+  // Only log telemetry if the root CA is built-in
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  bool isBuiltIn = false;
+  Result rv = IsCertBuiltInRoot(rootCert, isBuiltIn);
+  if (rv != Success || !isBuiltIn) {
+    return;
+  }
+
+  // Find the EKU extension, if present
+  bool foundEKU = false;
+  SECOidTag oidTag;
+  CERTCertExtension* ekuExtension = nullptr;
+  for (size_t i = 0; endEntityCert->extensions && endEntityCert->extensions[i];
+       i++) {
+    oidTag = SECOID_FindOIDTag(&endEntityCert->extensions[i]->id);
+    if (oidTag == SEC_OID_X509_EXT_KEY_USAGE) {
+      foundEKU = true;
+      ekuExtension = endEntityCert->extensions[i];
+    }
+  }
+
+  if (!foundEKU) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 0);
+    return;
+  }
+
+  // Parse the EKU extension
+  UniqueCERTOidSequence ekuSequence(
+    CERT_DecodeOidSequence(&ekuExtension->value));
+  if (!ekuSequence) {
+    return;
+  }
+
+  // Search through the available EKUs
+  bool foundServerAuth = false;
+  bool foundOther = false;
+  for (SECItem** oids = ekuSequence->oids; oids && *oids; oids++) {
+    oidTag = SECOID_FindOIDTag(*oids);
+    if (oidTag == SEC_OID_EXT_KEY_USAGE_SERVER_AUTH) {
+      foundServerAuth = true;
+    } else {
+      foundOther = true;
+    }
+  }
+
+  // Cases 3 is included only for completeness.  It should never
+  // appear in these statistics, because CheckExtendedKeyUsage()
+  // should require the EKU extension, if present, to contain the
+  // value id_kp_serverAuth.
+  if (foundServerAuth && !foundOther) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 1);
+  } else if (foundServerAuth && foundOther) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 2);
+  } else if (!foundServerAuth) {
+    Telemetry::Accumulate(Telemetry::SSL_SERVER_AUTH_EKU, 3);
+  }
+}
+
+// Gathers telemetry on which CA is the root of a given cert chain.
+// If the root is a built-in root, then the telemetry makes a count
+// by root.  Roots that are not built-in are counted in one bin.
+void
+GatherRootCATelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  PR_ASSERT(rootNode);
+  if (!rootNode) {
+    return;
+  }
+  PR_ASSERT(!CERT_LIST_END(rootNode, certList));
+  if (CERT_LIST_END(rootNode, certList)) {
+    return;
+  }
+  CERTCertificate* rootCert = rootNode->cert;
+  PR_ASSERT(rootCert);
+  if (!rootCert) {
+    return;
+  }
+  AccumulateTelemetryForRootCA(Telemetry::CERT_VALIDATION_SUCCESS_BY_CA,
+                               rootCert);
+}
+
+// These time are appoximate, i.e., doesn't account for leap seconds, etc
+const uint64_t ONE_WEEK_IN_SECONDS = (7 * (24 * 60 *60));
+const uint64_t ONE_YEAR_IN_WEEKS   = 52;
+
+// Gathers telemetry on the certificate lifetimes we observe in the wild
+void
+GatherEndEntityTelemetry(const UniqueCERTCertList& certList)
+{
+  CERTCertListNode* endEntityNode = CERT_LIST_HEAD(certList);
+  MOZ_ASSERT(endEntityNode && !CERT_LIST_END(endEntityNode, certList));
+  if (!endEntityNode || CERT_LIST_END(endEntityNode, certList)) {
+    return;
+  }
+
+  CERTCertificate* endEntityCert = endEntityNode->cert;
+  PR_ASSERT(endEntityCert);
+  if (!endEntityCert) {
+    return;
+  }
+
+  PRTime notBefore;
+  PRTime notAfter;
+
+  if (CERT_GetCertTimes(endEntityCert, &notBefore, &notAfter) != SECSuccess) {
+    return;
+  }
+
+  PR_ASSERT(notAfter > notBefore);
+  if (notAfter <= notBefore) {
+    return;
+  }
+
+  uint64_t durationInWeeks = (notAfter - notBefore)
+    / PR_USEC_PER_SEC
+    / ONE_WEEK_IN_SECONDS;
+
+  if (durationInWeeks > (2 * ONE_YEAR_IN_WEEKS)) {
+    durationInWeeks = (2 * ONE_YEAR_IN_WEEKS) + 1;
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_OBSERVED_END_ENTITY_CERTIFICATE_LIFETIME,
+      durationInWeeks);
+}
+
+// There are various things that we want to measure about certificate
+// chains that we accept.  This is a single entry point for all of them.
+void
+GatherSuccessfulValidationTelemetry(const UniqueCERTCertList& certList)
+{
+  GatherBaselineRequirementsTelemetry(certList);
+  GatherEKUTelemetry(certList);
+  GatherRootCATelemetry(certList);
+  GatherEndEntityTelemetry(certList);
+}
+
+void
+GatherTelemetryForSingleSCT(const ct::SignedCertificateTimestamp& sct)
+{
+  // See SSL_SCTS_ORIGIN in Histograms.json.
+  uint32_t origin = 0;
+  switch (sct.origin) {
+    case ct::SignedCertificateTimestamp::Origin::Embedded:
+      origin = 1;
+      break;
+    case ct::SignedCertificateTimestamp::Origin::TLSExtension:
+      origin = 2;
+      break;
+    case ct::SignedCertificateTimestamp::Origin::OCSPResponse:
+      origin = 3;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected SCT::Origin type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_ORIGIN, origin);
+
+  // See SSL_SCTS_VERIFICATION_STATUS in Histograms.json.
+  uint32_t verificationStatus = 0;
+  switch (sct.verificationStatus) {
+    case ct::SignedCertificateTimestamp::VerificationStatus::OK:
+      verificationStatus = 1;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::UnknownLog:
+      verificationStatus = 2;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
+      verificationStatus = 3;
+      break;
+    case ct::SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
+      verificationStatus = 4;
+      break;
+    default:
+      MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
+  }
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS,
+                        verificationStatus);
+}
+
+void
+GatherCertificateTransparencyTelemetry(const UniqueCERTCertList& certList,
+                                       const CertificateTransparencyInfo& info)
+{
+  if (!info.enabled) {
+    // No telemetry is gathered when CT is disabled.
+    return;
+  }
+
+  if (!info.processedSCTs) {
+    // We didn't receive any SCT data for this connection.
+    Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, 0);
+    return;
+  }
+
+  for (const ct::SignedCertificateTimestamp& sct : info.verifyResult.scts) {
+    GatherTelemetryForSingleSCT(sct);
+  }
+
+  // Decoding errors are reported to the 0th bucket
+  // of the SSL_SCTS_VERIFICATION_STATUS enumerated probe.
+  for (size_t i = 0; i < info.verifyResult.decodingErrors; ++i) {
+    Telemetry::Accumulate(Telemetry::SSL_SCTS_VERIFICATION_STATUS, 0);
+  }
+
+  // Handle the histogram of SCTs counts.
+  uint32_t sctsCount = static_cast<uint32_t>(info.verifyResult.scts.length());
+  // Note that sctsCount can be 0 in case we've received SCT binary data,
+  // but it failed to parse (e.g. due to unsupported CT protocol version).
+  Telemetry::Accumulate(Telemetry::SSL_SCTS_PER_CONNECTION, sctsCount);
+}
+
+// Note: Takes ownership of |peerCertChain| if SECSuccess is not returned.
+SECStatus
+AuthCertificate(CertVerifier& certVerifier,
+                nsNSSSocketInfo* infoObject,
+                const UniqueCERTCertificate& cert,
+                UniqueCERTCertList& peerCertChain,
+                const SECItem* stapledOCSPResponse,
+                const SECItem* sctsFromTLSExtension,
+                uint32_t providerFlags,
+                Time time)
+{
+  MOZ_ASSERT(infoObject);
+  MOZ_ASSERT(cert);
+
+  // We want to avoid storing any intermediate cert information when browsing
+  // in private, transient contexts.
+  bool saveIntermediates =
+    !(providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE);
+
+  SECOidTag evOidPolicy;
+  UniqueCERTCertList certList;
+  CertVerifier::OCSPStaplingStatus ocspStaplingStatus =
+    CertVerifier::OCSP_STAPLING_NEVER_CHECKED;
+  KeySizeStatus keySizeStatus = KeySizeStatus::NeverChecked;
+  SHA1ModeResult sha1ModeResult = SHA1ModeResult::NeverChecked;
+  PinningTelemetryInfo pinningTelemetryInfo;
+  CertificateTransparencyInfo certificateTransparencyInfo;
+
+  int flags = 0;
+  if (!infoObject->SharedState().IsOCSPStaplingEnabled() ||
+      !infoObject->SharedState().IsOCSPMustStapleEnabled()) {
+    flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  Result rv = certVerifier.VerifySSLServerCert(cert, stapledOCSPResponse,
+                                               sctsFromTLSExtension, time,
+                                               infoObject,
+                                               infoObject->GetHostNameRaw(),
+                                               certList, saveIntermediates,
+                                               flags, infoObject->
+                                                      GetOriginAttributes(),
+                                               &evOidPolicy,
+                                               &ocspStaplingStatus,
+                                               &keySizeStatus, &sha1ModeResult,
+                                               &pinningTelemetryInfo,
+                                               &certificateTransparencyInfo);
+
+  uint32_t evStatus = (rv != Success) ? 0                   // 0 = Failure
+                    : (evOidPolicy == SEC_OID_UNKNOWN) ? 1  // 1 = DV
+                    : 2;                                    // 2 = EV
+  Telemetry::Accumulate(Telemetry::CERT_EV_STATUS, evStatus);
+
+  if (ocspStaplingStatus != CertVerifier::OCSP_STAPLING_NEVER_CHECKED) {
+    Telemetry::Accumulate(Telemetry::SSL_OCSP_STAPLING, ocspStaplingStatus);
+  }
+  if (keySizeStatus != KeySizeStatus::NeverChecked) {
+    Telemetry::Accumulate(Telemetry::CERT_CHAIN_KEY_SIZE_STATUS,
+                          static_cast<uint32_t>(keySizeStatus));
+  }
+  if (sha1ModeResult != SHA1ModeResult::NeverChecked) {
+    Telemetry::Accumulate(Telemetry::CERT_CHAIN_SHA1_POLICY_STATUS,
+                          static_cast<uint32_t>(sha1ModeResult));
+  }
+
+  if (pinningTelemetryInfo.accumulateForRoot) {
+    Telemetry::Accumulate(Telemetry::CERT_PINNING_FAILURES_BY_CA,
+                          pinningTelemetryInfo.rootBucket);
+  }
+
+  if (pinningTelemetryInfo.accumulateResult) {
+    Telemetry::Accumulate(pinningTelemetryInfo.certPinningResultHistogram,
+                          pinningTelemetryInfo.certPinningResultBucket);
+  }
+
+  if (rv == Success) {
+    // Certificate verification succeeded. Delete any potential record of
+    // certificate error bits.
+    RememberCertErrorsTable::GetInstance().RememberCertHasError(infoObject,
+                                                                nullptr,
+                                                                SECSuccess);
+    GatherSuccessfulValidationTelemetry(certList);
+    GatherCertificateTransparencyTelemetry(certList,
+                                           certificateTransparencyInfo);
+
+    // The connection may get terminated, for example, if the server requires
+    // a client cert. Let's provide a minimal SSLStatus
+    // to the caller that contains at least the cert and its status.
+    RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+    if (!status) {
+      status = new nsSSLStatus();
+      infoObject->SetSSLStatus(status);
+    }
+
+    if (!status->HasServerCert()) {
+      EVStatus evStatus;
+      if (evOidPolicy == SEC_OID_UNKNOWN) {
+        evStatus = EVStatus::NotEV;
+      } else {
+        evStatus = EVStatus::EV;
+      }
+
+      RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert.get());
+      status->SetServerCert(nsc, evStatus);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("AuthCertificate setting NEW cert %p", nsc.get()));
+    }
+
+    status->SetCertificateTransparencyInfo(certificateTransparencyInfo);
+  }
+
+  if (rv != Success) {
+    // Certificate validation failed; store the peer certificate chain on
+    // infoObject so it can be used for error reporting.
+    infoObject->SetFailedCertChain(Move(peerCertChain));
+    PR_SetError(MapResultToPRErrorCode(rv), 0);
+  }
+
+  return rv == Success ? SECSuccess : SECFailure;
+}
+
+/*static*/ SECStatus
+SSLServerCertVerificationJob::Dispatch(
+  const RefPtr<SharedCertVerifier>& certVerifier,
+  const void* fdForLogging,
+  nsNSSSocketInfo* infoObject,
+  const UniqueCERTCertificate& serverCert,
+  const UniqueCERTCertList& peerCertChain,
+  const SECItem* stapledOCSPResponse,
+  const SECItem* sctsFromTLSExtension,
+  uint32_t providerFlags,
+  Time time,
+  PRTime prtime)
+{
+  // Runs on the socket transport thread
+  if (!certVerifier || !infoObject || !serverCert) {
+    NS_ERROR("Invalid parameters for SSL server cert validation");
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return SECFailure;
+  }
+
+  // Copy the certificate list so the runnable can take ownership of it in the
+  // constructor.
+  // We can safely skip checking if NSS has already shut down here since we're
+  // in the middle of verifying a certificate.
+  nsNSSShutDownPreventionLock lock;
+  UniqueCERTCertList peerCertChainCopy =
+    nsNSSCertList::DupCertList(peerCertChain, lock);
+  if (!peerCertChainCopy) {
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return SECFailure;
+  }
+
+  RefPtr<SSLServerCertVerificationJob> job(
+    new SSLServerCertVerificationJob(certVerifier, fdForLogging, infoObject,
+                                     serverCert, Move(peerCertChainCopy),
+                                     stapledOCSPResponse, sctsFromTLSExtension,
+                                     providerFlags, time, prtime));
+
+  nsresult nrv;
+  if (!gCertVerificationThreadPool) {
+    nrv = NS_ERROR_NOT_INITIALIZED;
+  } else {
+    nrv = gCertVerificationThreadPool->Dispatch(job, NS_DISPATCH_NORMAL);
+  }
+  if (NS_FAILED(nrv)) {
+    // We can't call SetCertVerificationResult here to change
+    // mCertVerificationState because SetCertVerificationResult will call
+    // libssl functions that acquire SSL locks that are already being held at
+    // this point. infoObject->mCertVerificationState will be stuck at
+    // waiting_for_cert_verification here, but that is OK because we already
+    // have to be able to handle cases where we encounter non-cert errors while
+    // in that state.
+    PRErrorCode error = nrv == NS_ERROR_OUT_OF_MEMORY
+                      ? SEC_ERROR_NO_MEMORY
+                      : PR_INVALID_STATE_ERROR;
+    PORT_SetError(error);
+    return SECFailure;
+  }
+
+  PORT_SetError(PR_WOULD_BLOCK_ERROR);
+  return SECWouldBlock;
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationJob::Run()
+{
+  // Runs on a cert verification thread
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("[%p] SSLServerCertVerificationJob::Run\n", mInfoObject.get()));
+
+  PRErrorCode error;
+
+  nsNSSShutDownPreventionLock nssShutdownPrevention;
+  if (mInfoObject->isAlreadyShutDown()) {
+    error = SEC_ERROR_USER_CANCELLED;
+  } else {
+    Telemetry::ID successTelemetry
+      = Telemetry::SSL_SUCCESFUL_CERT_VALIDATION_TIME_MOZILLAPKIX;
+    Telemetry::ID failureTelemetry
+      = Telemetry::SSL_INITIAL_FAILED_CERT_VALIDATION_TIME_MOZILLAPKIX;
+
+    // Reset the error code here so we can detect if AuthCertificate fails to
+    // set the error code if/when it fails.
+    PR_SetError(0, 0);
+    SECStatus rv = AuthCertificate(*mCertVerifier, mInfoObject, mCert,
+                                   mPeerCertChain, mStapledOCSPResponse.get(),
+                                   mSCTsFromTLSExtension.get(),
+                                   mProviderFlags, mTime);
+    MOZ_ASSERT(mPeerCertChain || rv != SECSuccess,
+               "AuthCertificate() should take ownership of chain on failure");
+    if (rv == SECSuccess) {
+      uint32_t interval = (uint32_t) ((TimeStamp::Now() - mJobStartTime).ToMilliseconds());
+      RefPtr<SSLServerCertVerificationResult> restart(
+        new SSLServerCertVerificationResult(mInfoObject, 0,
+                                            successTelemetry, interval));
+      restart->Dispatch();
+      Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
+      return NS_OK;
+    }
+
+    // Note: the interval is not calculated once as PR_GetError MUST be called
+    // before any other  function call
+    error = PR_GetError();
+    {
+      TimeStamp now = TimeStamp::Now();
+      MutexAutoLock telemetryMutex(*gSSLVerificationTelemetryMutex);
+      Telemetry::AccumulateTimeDelta(failureTelemetry, mJobStartTime, now);
+    }
+    if (error != 0) {
+      RefPtr<CertErrorRunnable> runnable(
+          CreateCertErrorRunnable(*mCertVerifier, error, mInfoObject, mCert,
+                                  mFdForLogging, mProviderFlags, mPRTime));
+      if (!runnable) {
+        // CreateCertErrorRunnable set a new error code
+        error = PR_GetError();
+      } else {
+        // We must block the the socket transport service thread while the
+        // main thread executes the CertErrorRunnable. The CertErrorRunnable
+        // will dispatch the result asynchronously, so we don't have to block
+        // this thread waiting for it.
+
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                ("[%p][%p] Before dispatching CertErrorRunnable\n",
+                mFdForLogging, runnable.get()));
+
+        nsresult nrv;
+        nsCOMPtr<nsIEventTarget> stsTarget
+          = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+        if (NS_SUCCEEDED(nrv)) {
+          nrv = stsTarget->Dispatch(new CertErrorRunnableRunnable(runnable),
+                                    NS_DISPATCH_NORMAL);
+        }
+        if (NS_SUCCEEDED(nrv)) {
+          return NS_OK;
+        }
+
+        NS_ERROR("Failed to dispatch CertErrorRunnable");
+        error = PR_INVALID_STATE_ERROR;
+      }
+    }
+  }
+
+  if (error == 0) {
+    NS_NOTREACHED("no error set during certificate validation failure");
+    error = PR_INVALID_STATE_ERROR;
+  }
+
+  RefPtr<SSLServerCertVerificationResult> failure(
+    new SSLServerCertVerificationResult(mInfoObject, error));
+  failure->Dispatch();
+  return NS_OK;
+}
+
+} // unnamed namespace
+
+// Extracts whatever information we need out of fd (using SSL_*) and passes it
+// to SSLServerCertVerificationJob::Dispatch. SSLServerCertVerificationJob should
+// never do anything with fd except logging.
+SECStatus
+AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checkSig, PRBool isServer)
+{
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    PR_SetError(SEC_ERROR_NOT_INITIALIZED, 0);
+    return SECFailure;
+  }
+
+  // Runs on the socket transport thread
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] starting AuthCertificateHook\n", fd));
+
+  // Modern libssl always passes PR_TRUE for checkSig, and we have no means of
+  // doing verification without checking signatures.
+  NS_ASSERTION(checkSig, "AuthCertificateHook: checkSig unexpectedly false");
+
+  // PSM never causes libssl to call this function with PR_TRUE for isServer,
+  // and many things in PSM assume that we are a client.
+  NS_ASSERTION(!isServer, "AuthCertificateHook: isServer unexpectedly true");
+
+  nsNSSSocketInfo* socketInfo = static_cast<nsNSSSocketInfo*>(arg);
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(fd));
+
+  if (!checkSig || isServer || !socketInfo || !serverCert) {
+      PR_SetError(PR_INVALID_STATE_ERROR, 0);
+      return SECFailure;
+  }
+
+  // Get the peer certificate chain for error reporting
+  UniqueCERTCertList peerCertChain(SSL_PeerCertificateChain(fd));
+  if (!peerCertChain) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  socketInfo->SetFullHandshake();
+
+  Time now(Now());
+  PRTime prnow(PR_Now());
+
+  if (BlockServerCertChangeForSpdy(socketInfo, serverCert) != SECSuccess)
+    return SECFailure;
+
+  nsCOMPtr<nsISSLSocketControl> sslSocketControl = do_QueryInterface(
+    NS_ISUPPORTS_CAST(nsITransportSecurityInfo*, socketInfo));
+  if (sslSocketControl && sslSocketControl->GetBypassAuthentication()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] Bypass Auth in AuthCertificateHook\n", fd));
+    return SECSuccess;
+  }
+
+  bool onSTSThread;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_SUCCEEDED(nrv)) {
+    nrv = sts->IsOnCurrentThread(&onSTSThread);
+  }
+
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("Could not get STS service or IsOnCurrentThread failed");
+    PR_SetError(PR_UNKNOWN_ERROR, 0);
+    return SECFailure;
+  }
+
+  // SSL_PeerStapledOCSPResponses will never return a non-empty response if
+  // OCSP stapling wasn't enabled because libssl wouldn't have let the server
+  // return a stapled OCSP response.
+  // We don't own these pointers.
+  const SECItemArray* csa = SSL_PeerStapledOCSPResponses(fd);
+  SECItem* stapledOCSPResponse = nullptr;
+  // we currently only support single stapled responses
+  if (csa && csa->len == 1) {
+    stapledOCSPResponse = &csa->items[0];
+  }
+
+  const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd);
+  if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) {
+    // SSL_PeerSignedCertTimestamps returns null on error and empty item
+    // when no extension was returned by the server. We always use null when
+    // no extension was received (for whatever reason), ignoring errors.
+    sctsFromTLSExtension = nullptr;
+  }
+
+  uint32_t providerFlags = 0;
+  socketInfo->GetProviderFlags(&providerFlags);
+
+  if (onSTSThread) {
+
+    // We *must* do certificate verification on a background thread because
+    // we need the socket transport thread to be free for our OCSP requests,
+    // and we *want* to do certificate verification on a background thread
+    // because of the performance benefits of doing so.
+    socketInfo->SetCertVerificationWaiting();
+    SECStatus rv = SSLServerCertVerificationJob::Dispatch(
+                     certVerifier, static_cast<const void*>(fd), socketInfo,
+                     serverCert, peerCertChain, stapledOCSPResponse,
+                     sctsFromTLSExtension, providerFlags, now, prnow);
+    return rv;
+  }
+
+  // We can't do certificate verification on a background thread, because the
+  // thread doing the network I/O may not interrupt its network I/O on receipt
+  // of our SSLServerCertVerificationResult event, and/or it might not even be
+  // a non-blocking socket.
+
+  SECStatus rv = AuthCertificate(*certVerifier, socketInfo, serverCert,
+                                 peerCertChain, stapledOCSPResponse,
+                                 sctsFromTLSExtension, providerFlags, now);
+  MOZ_ASSERT(peerCertChain || rv != SECSuccess,
+             "AuthCertificate() should take ownership of chain on failure");
+  if (rv == SECSuccess) {
+    Telemetry::Accumulate(Telemetry::SSL_CERT_ERROR_OVERRIDES, 1);
+    return SECSuccess;
+  }
+
+  PRErrorCode error = PR_GetError();
+  if (error != 0) {
+    RefPtr<CertErrorRunnable> runnable(
+        CreateCertErrorRunnable(*certVerifier, error, socketInfo, serverCert,
+                                static_cast<const void*>(fd), providerFlags,
+                                prnow));
+    if (!runnable) {
+      // CreateCertErrorRunnable sets a new error code when it fails
+      error = PR_GetError();
+    } else {
+      // We have to return SECSuccess or SECFailure based on the result of the
+      // override processing, so we must block this thread waiting for it. The
+      // CertErrorRunnable will NOT dispatch the result at all, since we passed
+      // false for CreateCertErrorRunnable's async parameter
+      nrv = runnable->DispatchToMainThreadAndWait();
+      if (NS_FAILED(nrv)) {
+        NS_ERROR("Failed to dispatch CertErrorRunnable");
+        PR_SetError(PR_INVALID_STATE_ERROR, 0);
+        return SECFailure;
+      }
+
+      if (!runnable->mResult) {
+        NS_ERROR("CertErrorRunnable did not set result");
+        PR_SetError(PR_INVALID_STATE_ERROR, 0);
+        return SECFailure;
+      }
+
+      if (runnable->mResult->mErrorCode == 0) {
+        return SECSuccess; // cert error override occurred.
+      }
+
+      // We must call SetCanceled here to set the error message type
+      // in case it isn't PlainErrorMessage, which is what we would
+      // default to if we just called
+      // PR_SetError(runnable->mResult->mErrorCode, 0) and returned
+      // SECFailure without doing this.
+      socketInfo->SetCanceled(runnable->mResult->mErrorCode,
+                              runnable->mResult->mErrorMessageType);
+      error = runnable->mResult->mErrorCode;
+    }
+  }
+
+  if (error == 0) {
+    NS_ERROR("error code not set");
+    error = PR_UNKNOWN_ERROR;
+  }
+
+  PR_SetError(error, 0);
+  return SECFailure;
+}
+
+SSLServerCertVerificationResult::SSLServerCertVerificationResult(
+        nsNSSSocketInfo* infoObject, PRErrorCode errorCode,
+        Telemetry::ID telemetryID, uint32_t telemetryValue,
+        SSLErrorMessageType errorMessageType)
+  : mInfoObject(infoObject)
+  , mErrorCode(errorCode)
+  , mErrorMessageType(errorMessageType)
+  , mTelemetryID(telemetryID)
+  , mTelemetryValue(telemetryValue)
+{
+// We accumulate telemetry for (only) successful validations on the main thread
+// to avoid adversely affecting performance by acquiring the mutex that we use
+// when accumulating the telemetry for unsuccessful validations. Unsuccessful
+// validations times are accumulated elsewhere.
+MOZ_ASSERT(telemetryID == Telemetry::HistogramCount || errorCode == 0);
+}
+
+void
+SSLServerCertVerificationResult::Dispatch()
+{
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> stsTarget
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  NS_ASSERTION(stsTarget,
+               "Failed to get socket transport service event target");
+  rv = stsTarget->Dispatch(this, NS_DISPATCH_NORMAL);
+  NS_ASSERTION(NS_SUCCEEDED(rv),
+               "Failed to dispatch SSLServerCertVerificationResult");
+}
+
+NS_IMETHODIMP
+SSLServerCertVerificationResult::Run()
+{
+  // TODO: Assert that we're on the socket transport thread
+  if (mTelemetryID != Telemetry::HistogramCount) {
+     Telemetry::Accumulate(mTelemetryID, mTelemetryValue);
+  }
+  // XXX: This cast will be removed by the next patch
+  ((nsNSSSocketInfo*) mInfoObject.get())
+    ->SetCertVerificationResult(mErrorCode, mErrorMessageType);
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/SSLServerCertVerification.h b/security/manager/ssl/SSLServerCertVerification.h
new file mode 100644
index 000000000..e729457c8
--- /dev/null
+++ b/security/manager/ssl/SSLServerCertVerification.h
@@ -0,0 +1,19 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _SSLSERVERCERTVERIFICATION_H
+#define _SSLSERVERCERTVERIFICATION_H
+
+#include "seccomon.h"
+#include "prio.h"
+
+namespace mozilla { namespace psm {
+
+SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd,
+                              PRBool checkSig, PRBool isServer);
+
+} } // namespace mozilla::psm
+
+#endif
diff --git a/security/manager/ssl/ScopedNSSTypes.h b/security/manager/ssl/ScopedNSSTypes.h
new file mode 100644
index 000000000..d36f84c97
--- /dev/null
+++ b/security/manager/ssl/ScopedNSSTypes.h
@@ -0,0 +1,405 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This header provides smart pointers and various helpers for code that needs
+// to interact with NSS.
+
+#ifndef ScopedNSSTypes_h
+#define ScopedNSSTypes_h
+
+#include <limits>
+#include <memory>
+
+#include "cert.h"
+#include "cms.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Scoped.h"
+#include "mozilla/UniquePtr.h"
+#include "nsDebug.h"
+#include "nsError.h"
+#include "NSSErrorsService.h"
+#include "pk11pub.h"
+#include "pkcs12.h"
+#include "prerror.h"
+#include "prio.h"
+#include "sechash.h"
+#include "secmod.h"
+#include "secpkcs7.h"
+#include "secport.h"
+
+#ifndef MOZ_NO_MOZALLOC
+#include "mozilla/mozalloc_oom.h"
+#endif
+
+namespace mozilla {
+
+// NSPR APIs use PRStatus/PR_GetError and NSS APIs use SECStatus/PR_GetError to
+// report success/failure. This function makes it more convenient and *safer*
+// to translate NSPR/NSS results to nsresult. It is safer because it
+// refuses to translate any bad PRStatus/SECStatus into an NS_OK, even when the
+// NSPR/NSS function forgot to call PR_SetError. The actual enforcement of
+// this happens in mozilla::psm::GetXPCOMFromNSSError.
+// IMPORTANT: This must be called immediately after the function returning the
+// SECStatus result. The recommended usage is:
+//    nsresult rv = MapSECStatus(f(x, y, z));
+inline nsresult
+MapSECStatus(SECStatus rv)
+{
+  if (rv == SECSuccess) {
+    return NS_OK;
+  }
+
+  return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+}
+
+// Alphabetical order by NSS type
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificate,
+                                          CERTCertificate,
+                                          CERT_DestroyCertificate)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateList,
+                                          CERTCertificateList,
+                                          CERT_DestroyCertificateList)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTCertificateRequest,
+                                          CERTCertificateRequest,
+                                          CERT_DestroyCertificateRequest)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTName,
+                                          CERTName,
+                                          CERT_DestroyName)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTSubjectPublicKeyInfo,
+                                          CERTSubjectPublicKeyInfo,
+                                          SECKEY_DestroySubjectPublicKeyInfo)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedCERTValidity,
+                                          CERTValidity,
+                                          CERT_DestroyValidity)
+// Deprecated: use the equivalent UniquePtr templates instead.
+
+namespace internal {
+
+inline void
+PK11_DestroyContext_true(PK11Context * ctx) {
+  PK11_DestroyContext(ctx, true);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSGNDigestInfo,
+                                          SGNDigestInfo,
+                                          SGN_DestroyDigestInfo)
+
+// Emulates MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE, but for UniquePtrs.
+#define MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(name, Type, Deleter) \
+struct name##DeletePolicy \
+{ \
+  void operator()(Type* aValue) { Deleter(aValue); } \
+}; \
+typedef std::unique_ptr<Type, name##DeletePolicy> name;
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11Context,
+                                      PK11Context,
+                                      internal::PK11_DestroyContext_true)
+
+/** A more convenient way of dealing with digests calculated into
+ *  stack-allocated buffers. NSS must be initialized on the main thread before
+ *  use, and the caller must ensure NSS isn't shut down, typically by
+ *  subclassing nsNSSShutDownObject, while Digest is in use.
+ *
+ * Typical usage, for digesting a buffer in memory:
+ *
+ *   nsCOMPtr<nsISupports> nssDummy = do_GetService("@mozilla.org/psm;1", &rv);
+ *   Digest digest;
+ *   nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mybuffer, myBufferLen);
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *   rv = MapSECStatus(SomeNSSFunction(..., digest.get(), ...));
+ *
+ * Less typical usage, for digesting while doing streaming I/O and similar:
+ *
+ *   Digest digest;
+ *   UniquePK11Context digestContext(PK11_CreateDigestContext(SEC_OID_SHA256));
+ *   NS_ENSURE_TRUE(digestContext, NS_ERROR_OUT_OF_MEMORY);
+ *   rv = MapSECStatus(PK11_DigestBegin(digestContext.get()));
+ *   NS_ENSURE_SUCCESS(rv, rv);
+ *   for (...) {
+ *      rv = MapSECStatus(PK11_DigestOp(digestContext.get(), ...));
+ *      NS_ENSURE_SUCCESS(rv, rv);
+ *   }
+ *   rv = digest.End(SEC_OID_SHA256, digestContext);
+ *   NS_ENSURE_SUCCESS(rv, rv)
+ */
+class Digest
+{
+public:
+  Digest()
+  {
+    mItem.type = siBuffer;
+    mItem.data = mItemBuf;
+    mItem.len = 0;
+  }
+
+  nsresult DigestBuf(SECOidTag hashAlg, const uint8_t * buf, uint32_t len)
+  {
+    if (len > static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    return MapSECStatus(PK11_HashBuf(hashAlg, mItem.data, buf,
+                                     static_cast<int32_t>(len)));
+  }
+
+  nsresult End(SECOidTag hashAlg, UniquePK11Context& context)
+  {
+    nsresult rv = SetLength(hashAlg);
+    NS_ENSURE_SUCCESS(rv, rv);
+    uint32_t len;
+    rv = MapSECStatus(PK11_DigestFinal(context.get(), mItem.data, &len,
+                                       mItem.len));
+    NS_ENSURE_SUCCESS(rv, rv);
+    context = nullptr;
+    NS_ENSURE_TRUE(len == mItem.len, NS_ERROR_UNEXPECTED);
+    return NS_OK;
+  }
+
+  const SECItem & get() const { return mItem; }
+
+private:
+  nsresult SetLength(SECOidTag hashType)
+  {
+#ifdef _MSC_VER
+#pragma warning(push)
+    // C4061: enumerator 'symbol' in switch of enum 'symbol' is not
+    // explicitly handled.
+#pragma warning(disable:4061)
+#endif
+    switch (hashType)
+    {
+      case SEC_OID_SHA1:   mItem.len = SHA1_LENGTH;   break;
+      case SEC_OID_SHA256: mItem.len = SHA256_LENGTH; break;
+      case SEC_OID_SHA384: mItem.len = SHA384_LENGTH; break;
+      case SEC_OID_SHA512: mItem.len = SHA512_LENGTH; break;
+      default:
+        return NS_ERROR_INVALID_ARG;
+    }
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
+    return NS_OK;
+  }
+
+  uint8_t mItemBuf[HASH_LENGTH_MAX];
+  SECItem mItem;
+};
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SlotInfo,
+                                          PK11SlotInfo,
+                                          PK11_FreeSlot)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11SymKey,
+                                          PK11SymKey,
+                                          PK11_FreeSymKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPK11GenericObject,
+                                          PK11GenericObject,
+                                          PK11_DestroyGenericObject)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSEC_PKCS12DecoderContext,
+                                          SEC_PKCS12DecoderContext,
+                                          SEC_PKCS12DecoderFinish)
+namespace internal {
+
+inline void
+PORT_FreeArena_false(PLArenaPool* arena)
+{
+  // PL_FreeArenaPool can't be used because it doesn't actually free the
+  // memory, which doesn't work well with memory analysis tools.
+  return PORT_FreeArena(arena, false);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedPLArenaPool,
+                                          PLArenaPool,
+                                          internal::PORT_FreeArena_false)
+
+// Wrapper around NSS's SECItem_AllocItem that handles OOM the same way as
+// other allocators.
+inline void
+SECITEM_AllocItem(SECItem & item, uint32_t len)
+{
+  if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len))) {
+#ifndef MOZ_NO_MOZALLOC
+    mozalloc_handle_oom(len);
+    if (MOZ_UNLIKELY(!SECITEM_AllocItem(nullptr, &item, len)))
+#endif
+    {
+      MOZ_CRASH();
+    }
+  }
+}
+
+class ScopedAutoSECItem final : public SECItem
+{
+public:
+  explicit ScopedAutoSECItem(uint32_t initialAllocatedLen = 0)
+  {
+    data = nullptr;
+    len = 0;
+    if (initialAllocatedLen > 0) {
+      SECITEM_AllocItem(*this, initialAllocatedLen);
+    }
+  }
+
+  void reset()
+  {
+    SECITEM_FreeItem(this, false);
+  }
+
+  ~ScopedAutoSECItem()
+  {
+    reset();
+  }
+};
+
+class MOZ_RAII AutoSECMODListReadLock final
+{
+public:
+  AutoSECMODListReadLock()
+    : mLock(SECMOD_GetDefaultModuleListLock())
+  {
+    MOZ_ASSERT(mLock, "should have SECMOD lock (has NSS been initialized?)");
+    SECMOD_GetReadLock(mLock);
+  }
+
+  ~AutoSECMODListReadLock()
+  {
+    SECMOD_ReleaseReadLock(mLock);
+  }
+
+private:
+  SECMODListLock* mLock;
+};
+
+namespace internal {
+
+inline void SECITEM_FreeItem_true(SECItem * s)
+{
+  return SECITEM_FreeItem(s, true);
+}
+
+inline void SECOID_DestroyAlgorithmID_true(SECAlgorithmID * a)
+{
+  return SECOID_DestroyAlgorithmID(a, true);
+}
+
+inline void SECKEYEncryptedPrivateKeyInfo_true(SECKEYEncryptedPrivateKeyInfo * epki)
+{
+  return SECKEY_DestroyEncryptedPrivateKeyInfo(epki, PR_TRUE);
+}
+
+inline void VFY_DestroyContext_true(VFYContext * ctx)
+{
+  VFY_DestroyContext(ctx, true);
+}
+
+} // namespace internal
+
+// Deprecated: use the equivalent UniquePtr templates instead.
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECItem,
+                                          SECItem,
+                                          internal::SECITEM_FreeItem_true)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPrivateKey,
+                                          SECKEYPrivateKey,
+                                          SECKEY_DestroyPrivateKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYEncryptedPrivateKeyInfo,
+                                          SECKEYEncryptedPrivateKeyInfo,
+                                          internal::SECKEYEncryptedPrivateKeyInfo_true)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECKEYPublicKey,
+                                          SECKEYPublicKey,
+                                          SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_SCOPED_POINTER_TEMPLATE(ScopedSECAlgorithmID,
+                                          SECAlgorithmID,
+                                          internal::SECOID_DestroyAlgorithmID_true)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificate,
+                                      CERTCertificate,
+                                      CERT_DestroyCertificate)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateList,
+                                      CERTCertificateList,
+                                      CERT_DestroyCertificateList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificatePolicies,
+                                      CERTCertificatePolicies,
+                                      CERT_DestroyCertificatePoliciesExtension)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertificateRequest,
+                                      CERTCertificateRequest,
+                                      CERT_DestroyCertificateRequest)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTCertList,
+                                      CERTCertList,
+                                      CERT_DestroyCertList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTName,
+                                      CERTName,
+                                      CERT_DestroyName)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTOidSequence,
+                                      CERTOidSequence,
+                                      CERT_DestroyOidSequence)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTSubjectPublicKeyInfo,
+                                      CERTSubjectPublicKeyInfo,
+                                      SECKEY_DestroySubjectPublicKeyInfo)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTUserNotice,
+                                      CERTUserNotice,
+                                      CERT_DestroyUserNotice)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueCERTValidity,
+                                      CERTValidity,
+                                      CERT_DestroyValidity)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSMessage,
+                                      NSSCMSMessage,
+                                      NSS_CMSMessage_Destroy)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueNSSCMSSignedData,
+                                      NSSCMSSignedData,
+                                      NSS_CMSSignedData_Destroy)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotInfo,
+                                      PK11SlotInfo,
+                                      PK11_FreeSlot)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SlotList,
+                                      PK11SlotList,
+                                      PK11_FreeSlotList)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePK11SymKey,
+                                      PK11SymKey,
+                                      PK11_FreeSymKey)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePLArenaPool,
+                                      PLArenaPool,
+                                      internal::PORT_FreeArena_false)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePORTString,
+                                      char,
+                                      PORT_Free);
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRFileDesc,
+                                      PRFileDesc,
+                                      PR_Close)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECItem,
+                                      SECItem,
+                                      internal::SECITEM_FreeItem_true)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPrivateKey,
+                                      SECKEYPrivateKey,
+                                      SECKEY_DestroyPrivateKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECKEYPublicKey,
+                                      SECKEYPublicKey,
+                                      SECKEY_DestroyPublicKey)
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueSECMODModule,
+                                      SECMODModule,
+                                      SECMOD_DestroyModule)
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniqueVFYContext,
+                                      VFYContext,
+                                      internal::VFY_DestroyContext_true)
+} // namespace mozilla
+
+#endif // ScopedNSSTypes_h
diff --git a/security/manager/ssl/SecretDecoderRing.cpp b/security/manager/ssl/SecretDecoderRing.cpp
new file mode 100644
index 000000000..730251ebb
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.cpp
@@ -0,0 +1,234 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SecretDecoderRing.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Services.h"
+#include "nsCOMPtr.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIObserverService.h"
+#include "nsIServiceManager.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "pk11func.h"
+#include "pk11sdr.h" // For PK11SDR_Encrypt, PK11SDR_Decrypt
+#include "ssl.h" // For SSL_ClearSessionCache
+
+using namespace mozilla;
+
+// NOTE: Should these be the thread-safe versions?
+NS_IMPL_ISUPPORTS(SecretDecoderRing, nsISecretDecoderRing)
+
+SecretDecoderRing::SecretDecoderRing()
+{
+}
+
+SecretDecoderRing::~SecretDecoderRing()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+nsresult
+SecretDecoderRing::Encrypt(const nsACString& data, /*out*/ nsACString& result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Make sure token is initialized. */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  nsresult rv = setPassword(slot.get(), ctx, locker);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  /* Force authentication */
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* Use default key id */
+  SECItem keyid;
+  keyid.data = nullptr;
+  keyid.len = 0;
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Encrypt(&keyid, &request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+nsresult
+SecretDecoderRing::Decrypt(const nsACString& data, /*out*/ nsACString& result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Find token with SDR key */
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  /* Force authentication */
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  if (PK11_Authenticate(slot.get(), true, ctx) != SECSuccess) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECItem request;
+  request.data = BitwiseCast<unsigned char*, const char*>(data.BeginReading());
+  request.len = data.Length();
+  ScopedAutoSECItem reply;
+  if (PK11SDR_Decrypt(&request, &reply, ctx) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  result.Assign(BitwiseCast<char*, unsigned char*>(reply.data), reply.len);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::EncryptString(const nsACString& text,
+                         /*out*/ nsACString& encryptedBase64Text)
+{
+  nsAutoCString encryptedText;
+  nsresult rv = Encrypt(text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Base64Encode(encryptedText, encryptedBase64Text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::DecryptString(const nsACString& encryptedBase64Text,
+                         /*out*/ nsACString& decryptedText)
+{
+  nsAutoCString encryptedText;
+  nsresult rv = Base64Decode(encryptedBase64Text, encryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = Decrypt(encryptedText, decryptedText);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::ChangePassword()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot.get()));
+
+  nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+  nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                              NS_GET_IID(nsITokenPasswordDialogs),
+                              NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  bool canceled; // Ignored
+  return dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::Logout()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    PK11_LogoutAll();
+    SSL_ClearSessionCache();
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+SecretDecoderRing::LogoutAndTeardown()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  {
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    PK11_LogoutAll();
+    SSL_ClearSessionCache();
+  }
+
+  rv = nssComponent->LogoutAuthenticatedPK11();
+
+  // After we just logged out, we need to prune dead connections to make
+  // sure that all connections that should be stopped, are stopped. See
+  // bug 517584.
+  nsCOMPtr<nsIObserverService> os = mozilla::services::GetObserverService();
+  if (os)
+    os->NotifyObservers(nullptr, "net:prune-dead-connections", nullptr);
+
+  return rv;
+}
diff --git a/security/manager/ssl/SecretDecoderRing.h b/security/manager/ssl/SecretDecoderRing.h
new file mode 100644
index 000000000..3bdcbe5c9
--- /dev/null
+++ b/security/manager/ssl/SecretDecoderRing.h
@@ -0,0 +1,39 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SecretDecoderRing_h
+#define SecretDecoderRing_h
+
+#include "nsISecretDecoderRing.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+
+#define NS_SECRETDECODERRING_CONTRACTID "@mozilla.org/security/sdr;1"
+
+#define NS_SECRETDECODERRING_CID \
+  { 0x0c4f1ddc, 0x1dd2, 0x11b2, { 0x9d, 0x95, 0xf2, 0xfd, 0xf1, 0x13, 0x04, 0x4b } }
+
+class SecretDecoderRing : public nsISecretDecoderRing
+                        , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSISECRETDECODERRING
+
+  SecretDecoderRing();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+protected:
+  virtual ~SecretDecoderRing();
+
+private:
+  nsresult Encrypt(const nsACString& data, /*out*/ nsACString& result);
+  nsresult Decrypt(const nsACString& data, /*out*/ nsACString& result);
+};
+
+#endif // SecretDecoderRing_h
diff --git a/security/manager/ssl/SharedCertVerifier.h b/security/manager/ssl/SharedCertVerifier.h
new file mode 100644
index 000000000..03619573a
--- /dev/null
+++ b/security/manager/ssl/SharedCertVerifier.h
@@ -0,0 +1,36 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedCertVerifier_h
+#define SharedCertVerifier_h
+
+#include "CertVerifier.h"
+#include "mozilla/RefPtr.h"
+
+namespace mozilla { namespace psm {
+
+class SharedCertVerifier : public mozilla::psm::CertVerifier
+{
+protected:
+  ~SharedCertVerifier();
+
+public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedCertVerifier)
+
+  SharedCertVerifier(OcspDownloadConfig odc, OcspStrictConfig osc,
+                     OcspGetConfig ogc, uint32_t certShortLifetimeInDays,
+                     PinningMode pinningMode, SHA1Mode sha1Mode,
+                     BRNameMatchingPolicy::Mode nameMatchingMode,
+                     NetscapeStepUpPolicy netscapeStepUpPolicy,
+                     CertificateTransparencyMode ctMode)
+    : mozilla::psm::CertVerifier(odc, osc, ogc, certShortLifetimeInDays,
+                                 pinningMode, sha1Mode, nameMatchingMode,
+                                 netscapeStepUpPolicy, ctMode)
+  {
+  }
+};
+
+} } // namespace mozilla::psm
+
+#endif // SharedCertVerifier_h
diff --git a/security/manager/ssl/SharedSSLState.cpp b/security/manager/ssl/SharedSSLState.cpp
new file mode 100644
index 000000000..c97687541
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.cpp
@@ -0,0 +1,218 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "SharedSSLState.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertOverrideService.h"
+#include "nsIObserverService.h"
+#include "mozilla/Services.h"
+#include "nsThreadUtils.h"
+#include "nsCRT.h"
+#include "nsServiceManagerUtils.h"
+#include "PSMRunnable.h"
+#include "PublicSSL.h"
+#include "ssl.h"
+#include "nsNetCID.h"
+#include "mozilla/Atomics.h"
+#include "mozilla/Unused.h"
+
+using mozilla::psm::SyncRunnableBase;
+using mozilla::Atomic;
+using mozilla::Unused;
+
+namespace {
+
+static Atomic<bool> sCertOverrideSvcExists(false);
+
+class MainThreadClearer : public SyncRunnableBase
+{
+public:
+  MainThreadClearer() : mShouldClearSessionCache(false) {}
+
+  void RunOnTargetThread() {
+    // In some cases it's possible to cause PSM/NSS to initialize while XPCOM shutdown
+    // is in progress. We want to avoid this, since they do not handle the situation well,
+    // hence the flags to avoid instantiating the services if they don't already exist.
+
+    bool certOverrideSvcExists = sCertOverrideSvcExists.exchange(false);
+    if (certOverrideSvcExists) {
+      sCertOverrideSvcExists = true;
+      nsCOMPtr<nsICertOverrideService> icos = do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+      if (icos) {
+        icos->ClearValidityOverride(
+          NS_LITERAL_CSTRING("all:temporary-certificates"),
+          0);
+      }
+    }
+
+    // This needs to be checked on the main thread to avoid racing with NSS
+    // initialization.
+    mShouldClearSessionCache = mozilla::psm::PrivateSSLState() &&
+                               mozilla::psm::PrivateSSLState()->SocketCreated();
+  }
+  bool mShouldClearSessionCache;
+};
+
+} // namespace
+
+namespace mozilla {
+
+void ClearPrivateSSLState()
+{
+  // This only works if it is called on the socket transport
+  // service thread immediately after closing all private SSL
+  // connections.
+#ifdef DEBUG
+  nsresult rv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &rv);
+  MOZ_ASSERT(NS_SUCCEEDED(rv));
+  bool onSTSThread;
+  rv = sts->IsOnCurrentThread(&onSTSThread);
+  MOZ_ASSERT(NS_SUCCEEDED(rv) && onSTSThread);
+#endif
+
+  RefPtr<MainThreadClearer> runnable = new MainThreadClearer;
+  runnable->DispatchToMainThreadAndWait();
+
+  // If NSS isn't initialized, this throws an assertion. We guard it by checking if
+  // the session cache might even have anything worth clearing.
+  if (runnable->mShouldClearSessionCache) {
+    SSL_ClearSessionCache();
+  }
+}
+
+namespace psm {
+
+namespace {
+class PrivateBrowsingObserver : public nsIObserver {
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrivateBrowsingObserver(SharedSSLState* aOwner) : mOwner(aOwner) {}
+protected:
+  virtual ~PrivateBrowsingObserver() {}
+private:
+  SharedSSLState* mOwner;
+};
+
+SharedSSLState* gPublicState;
+SharedSSLState* gPrivateState;
+} // namespace
+
+NS_IMPL_ISUPPORTS(PrivateBrowsingObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrivateBrowsingObserver::Observe(nsISupports     *aSubject,
+                                 const char      *aTopic,
+                                 const char16_t *aData)
+{
+  if (!nsCRT::strcmp(aTopic, "last-pb-context-exited")) {
+    mOwner->ResetStoredData();
+  }
+  return NS_OK;
+}
+
+SharedSSLState::SharedSSLState()
+: mClientAuthRemember(new nsClientAuthRememberService)
+, mMutex("SharedSSLState::mMutex")
+, mSocketCreated(false)
+, mOCSPStaplingEnabled(false)
+, mOCSPMustStapleEnabled(false)
+{
+  mIOLayerHelpers.Init();
+  mClientAuthRemember->Init();
+}
+
+SharedSSLState::~SharedSSLState()
+{
+}
+
+void
+SharedSSLState::NotePrivateBrowsingStatus()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mObserver = new PrivateBrowsingObserver(this);
+  nsCOMPtr<nsIObserverService> obsSvc = mozilla::services::GetObserverService();
+  obsSvc->AddObserver(mObserver, "last-pb-context-exited", false);
+}
+
+void
+SharedSSLState::ResetStoredData()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  mClientAuthRemember->ClearRememberedDecisions();
+  mIOLayerHelpers.clearStoredData();
+}
+
+void
+SharedSSLState::NoteSocketCreated()
+{
+  MutexAutoLock lock(mMutex);
+  mSocketCreated = true;
+}
+
+bool
+SharedSSLState::SocketCreated()
+{
+  MutexAutoLock lock(mMutex);
+  return mSocketCreated;
+}
+
+/*static*/ void
+SharedSSLState::GlobalInit()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+  gPublicState = new SharedSSLState();
+  gPrivateState = new SharedSSLState();
+  gPrivateState->NotePrivateBrowsingStatus();
+}
+
+/*static*/ void
+SharedSSLState::GlobalCleanup()
+{
+  MOZ_ASSERT(NS_IsMainThread(), "Not on main thread");
+
+  if (gPrivateState) {
+    gPrivateState->Cleanup();
+    delete gPrivateState;
+    gPrivateState = nullptr;
+  }
+
+  if (gPublicState) {
+    gPublicState->Cleanup();
+    delete gPublicState;
+    gPublicState = nullptr;
+  }
+}
+
+/*static*/ void
+SharedSSLState::NoteCertOverrideServiceInstantiated()
+{
+  sCertOverrideSvcExists = true;
+}
+
+void
+SharedSSLState::Cleanup()
+{
+  mIOLayerHelpers.Cleanup();
+}
+
+SharedSSLState*
+PublicSSLState()
+{
+  return gPublicState;
+}
+
+SharedSSLState*
+PrivateSSLState()
+{
+  return gPrivateState;
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/SharedSSLState.h b/security/manager/ssl/SharedSSLState.h
new file mode 100644
index 000000000..60a059620
--- /dev/null
+++ b/security/manager/ssl/SharedSSLState.h
@@ -0,0 +1,87 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef SharedSSLState_h
+#define SharedSSLState_h
+
+#include "mozilla/RefPtr.h"
+#include "nsNSSIOLayer.h"
+
+class nsClientAuthRememberService;
+class nsIObserver;
+
+namespace mozilla {
+namespace psm {
+
+class SharedSSLState {
+public:
+  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(SharedSSLState)
+  SharedSSLState();
+
+  static void GlobalInit();
+  static void GlobalCleanup();
+
+  nsClientAuthRememberService* GetClientAuthRememberService() {
+    return mClientAuthRemember;
+  }
+
+  nsSSLIOLayerHelpers& IOLayerHelpers() {
+    return mIOLayerHelpers;
+  }
+
+  // Main-thread only
+  void ResetStoredData();
+  void NotePrivateBrowsingStatus();
+  void SetOCSPStaplingEnabled(bool staplingEnabled)
+  {
+    mOCSPStaplingEnabled = staplingEnabled;
+  }
+  void SetOCSPMustStapleEnabled(bool mustStapleEnabled)
+  {
+    mOCSPMustStapleEnabled = mustStapleEnabled;
+  }
+  void SetSignedCertTimestampsEnabled(bool signedCertTimestampsEnabled)
+  {
+    mSignedCertTimestampsEnabled = signedCertTimestampsEnabled;
+  }
+
+  // The following methods may be called from any thread
+  bool SocketCreated();
+  void NoteSocketCreated();
+  static void NoteCertOverrideServiceInstantiated();
+  bool IsOCSPStaplingEnabled() const { return mOCSPStaplingEnabled; }
+  bool IsOCSPMustStapleEnabled() const { return mOCSPMustStapleEnabled; }
+  bool IsSignedCertTimestampsEnabled() const
+  {
+    return mSignedCertTimestampsEnabled;
+  }
+
+private:
+  ~SharedSSLState();
+
+  void Cleanup();
+
+  nsCOMPtr<nsIObserver> mObserver;
+  RefPtr<nsClientAuthRememberService> mClientAuthRemember;
+  nsSSLIOLayerHelpers mIOLayerHelpers;
+
+  // True if any sockets have been created that use this shared data.
+  // Requires synchronization between the socket and main threads for
+  // reading/writing.
+  Mutex mMutex;
+  bool mSocketCreated;
+  bool mOCSPStaplingEnabled;
+  bool mOCSPMustStapleEnabled;
+  bool mSignedCertTimestampsEnabled;
+};
+
+SharedSSLState* PublicSSLState();
+SharedSSLState* PrivateSSLState();
+
+} // namespace psm
+} // namespace mozilla
+
+#endif
diff --git a/security/manager/ssl/StaticHPKPins.errors b/security/manager/ssl/StaticHPKPins.errors
new file mode 100644
index 000000000..f5b0a1ebb
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.errors
@@ -0,0 +1,28 @@
+Can't find hash in builtin certs for Chrome nickname GoogleG2, inserting GOOGLE_PIN_GoogleG2
+Can't find hash in builtin certs for Chrome nickname RapidSSL, inserting GOOGLE_PIN_RapidSSL
+Can't find hash in builtin certs for Chrome nickname DigiCertSHA2HighAssuranceServerCA, inserting GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA
+Can't find hash in builtin certs for Chrome nickname VeriSignClass1, inserting GOOGLE_PIN_VeriSignClass1
+Can't find hash in builtin certs for Chrome nickname VeriSignClass4_G3, inserting GOOGLE_PIN_VeriSignClass4_G3
+Can't find hash in builtin certs for Chrome nickname VeriSignClass3_G2, inserting GOOGLE_PIN_VeriSignClass3_G2
+Can't find hash in builtin certs for Chrome nickname VeriSignClass2_G2, inserting GOOGLE_PIN_VeriSignClass2_G2
+Can't find hash in builtin certs for Chrome nickname Entrust_SSL, inserting GOOGLE_PIN_Entrust_SSL
+Can't find hash in builtin certs for Chrome nickname UTNDATACorpSGC, inserting GOOGLE_PIN_UTNDATACorpSGC
+Can't find hash in builtin certs for Chrome nickname GTECyberTrustGlobalRoot, inserting GOOGLE_PIN_GTECyberTrustGlobalRoot
+Can't find hash in builtin certs for Chrome nickname GoDaddySecure, inserting GOOGLE_PIN_GoDaddySecure
+Can't find hash in builtin certs for Chrome nickname SymantecClass3EVG3, inserting GOOGLE_PIN_SymantecClass3EVG3
+Can't find hash in builtin certs for Chrome nickname DigiCertECCSecureServerCA, inserting GOOGLE_PIN_DigiCertECCSecureServerCA
+Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityPrimary_X1_X3, inserting GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3
+Can't find hash in builtin certs for Chrome nickname LetsEncryptAuthorityBackup_X2_X4, inserting GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4
+Can't find hash in builtin certs for Chrome nickname COMODORSADomainValidationSecureServerCA, inserting GOOGLE_PIN_COMODORSADomainValidationSecureServerCA
+Writing pinset test
+Writing pinset google
+Writing pinset tor
+Writing pinset twitterCom
+Writing pinset twitterCDN
+Writing pinset dropbox
+Writing pinset facebook
+Writing pinset spideroak
+Writing pinset yahoo
+Writing pinset swehackCom
+Writing pinset ncsccs
+Writing pinset tumblr
diff --git a/security/manager/ssl/StaticHPKPins.h b/security/manager/ssl/StaticHPKPins.h
new file mode 100644
index 000000000..323d8ec85
--- /dev/null
+++ b/security/manager/ssl/StaticHPKPins.h
@@ -0,0 +1,1185 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* PublicKeyPinningService.cpp, you shouldn't be #including it.              */
+/*****************************************************************************/
+#include <stdint.h>
+/* AddTrust External Root */
+static const char kAddTrust_External_RootFingerprint[] =
+  "lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=";
+
+/* AddTrust Low-Value Services Root */
+static const char kAddTrust_Low_Value_Services_RootFingerprint[] =
+  "BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo=";
+
+/* AddTrust Public Services Root */
+static const char kAddTrust_Public_Services_RootFingerprint[] =
+  "OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg=";
+
+/* AddTrust Qualified Certificates Root */
+static const char kAddTrust_Qualified_Certificates_RootFingerprint[] =
+  "xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink=";
+
+/* AffirmTrust Commercial */
+static const char kAffirmTrust_CommercialFingerprint[] =
+  "bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU=";
+
+/* AffirmTrust Networking */
+static const char kAffirmTrust_NetworkingFingerprint[] =
+  "lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA=";
+
+/* AffirmTrust Premium */
+static const char kAffirmTrust_PremiumFingerprint[] =
+  "x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc=";
+
+/* AffirmTrust Premium ECC */
+static const char kAffirmTrust_Premium_ECCFingerprint[] =
+  "MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8=";
+
+/* Baltimore CyberTrust Root */
+static const char kBaltimore_CyberTrust_RootFingerprint[] =
+  "Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o=";
+
+/* COMODO Certification Authority */
+static const char kCOMODO_Certification_AuthorityFingerprint[] =
+  "AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4=";
+
+/* COMODO ECC Certification Authority */
+static const char kCOMODO_ECC_Certification_AuthorityFingerprint[] =
+  "58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU=";
+
+/* COMODO RSA Certification Authority */
+static const char kCOMODO_RSA_Certification_AuthorityFingerprint[] =
+  "grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=";
+
+/* Comodo AAA Services root */
+static const char kComodo_AAA_Services_rootFingerprint[] =
+  "vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM=";
+
+/* Comodo Secure Services root */
+static const char kComodo_Secure_Services_rootFingerprint[] =
+  "RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4=";
+
+/* Comodo Trusted Services root */
+static const char kComodo_Trusted_Services_rootFingerprint[] =
+  "4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg=";
+
+/* Cybertrust Global Root */
+static const char kCybertrust_Global_RootFingerprint[] =
+  "foeCwVDOOVL4AuY2AjpdPpW7XWjjPoWtsroXgSXOvxU=";
+
+/* DST Root CA X3 */
+static const char kDST_Root_CA_X3Fingerprint[] =
+  "Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=";
+
+/* DigiCert Assured ID Root CA */
+static const char kDigiCert_Assured_ID_Root_CAFingerprint[] =
+  "I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o=";
+
+/* DigiCert Assured ID Root G2 */
+static const char kDigiCert_Assured_ID_Root_G2Fingerprint[] =
+  "8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik=";
+
+/* DigiCert Assured ID Root G3 */
+static const char kDigiCert_Assured_ID_Root_G3Fingerprint[] =
+  "Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw=";
+
+/* DigiCert Global Root CA */
+static const char kDigiCert_Global_Root_CAFingerprint[] =
+  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=";
+
+/* DigiCert Global Root G2 */
+static const char kDigiCert_Global_Root_G2Fingerprint[] =
+  "i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=";
+
+/* DigiCert Global Root G3 */
+static const char kDigiCert_Global_Root_G3Fingerprint[] =
+  "uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc=";
+
+/* DigiCert High Assurance EV Root CA */
+static const char kDigiCert_High_Assurance_EV_Root_CAFingerprint[] =
+  "WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=";
+
+/* DigiCert Trusted Root G4 */
+static const char kDigiCert_Trusted_Root_G4Fingerprint[] =
+  "Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw=";
+
+/* End Entity Test Cert */
+static const char kEnd_Entity_Test_CertFingerprint[] =
+  "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+
+/* Entrust Root Certification Authority */
+static const char kEntrust_Root_Certification_AuthorityFingerprint[] =
+  "bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU=";
+
+/* Entrust Root Certification Authority - EC1 */
+static const char kEntrust_Root_Certification_Authority___EC1Fingerprint[] =
+  "/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI=";
+
+/* Entrust Root Certification Authority - G2 */
+static const char kEntrust_Root_Certification_Authority___G2Fingerprint[] =
+  "du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U=";
+
+/* Entrust.net Premium 2048 Secure Server CA */
+static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
+  "HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg=";
+
+/* FacebookBackup */
+static const char kFacebookBackupFingerprint[] =
+  "q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ=";
+
+/* GOOGLE_PIN_COMODORSADomainValidationSecureServerCA */
+static const char kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint[] =
+  "klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=";
+
+/* GOOGLE_PIN_DigiCertECCSecureServerCA */
+static const char kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint[] =
+  "PZXN3lRAy+8tBKk2Ox6F7jIlnzr2Yzmwqc3JnyfXoCw=";
+
+/* GOOGLE_PIN_DigiCertSHA2HighAssuranceServerCA */
+static const char kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint[] =
+  "k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=";
+
+/* GOOGLE_PIN_Entrust_SSL */
+static const char kGOOGLE_PIN_Entrust_SSLFingerprint[] =
+  "nsxRNo6G40YPZsKV5JQt1TCA8nseQQr/LRqp1Oa8fnw=";
+
+/* GOOGLE_PIN_GTECyberTrustGlobalRoot */
+static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
+  "EGn6R6CqT4z3ERscrqNl7q7RC//zJmDe9uBhS/rnCHU=";
+
+/* GOOGLE_PIN_GoDaddySecure */
+static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
+  "MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc=";
+
+/* GOOGLE_PIN_GoogleG2 */
+static const char kGOOGLE_PIN_GoogleG2Fingerprint[] =
+  "7HIpactkIAq2Y49orFOOQKurWxmmSFZhBCoQYcRhJ3Y=";
+
+/* GOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4 */
+static const char kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint[] =
+  "sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=";
+
+/* GOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3 */
+static const char kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint[] =
+  "YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=";
+
+/* GOOGLE_PIN_RapidSSL */
+static const char kGOOGLE_PIN_RapidSSLFingerprint[] =
+  "lT09gPUeQfbYrlxRtpsHrjDblj9Rpz+u7ajfCrg4qDM=";
+
+/* GOOGLE_PIN_SymantecClass3EVG3 */
+static const char kGOOGLE_PIN_SymantecClass3EVG3Fingerprint[] =
+  "gMxWOrX4PMQesK9qFNbYBxjBfjUvlkn/vN1n+L9lE5E=";
+
+/* GOOGLE_PIN_UTNDATACorpSGC */
+static const char kGOOGLE_PIN_UTNDATACorpSGCFingerprint[] =
+  "QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo=";
+
+/* GOOGLE_PIN_VeriSignClass1 */
+static const char kGOOGLE_PIN_VeriSignClass1Fingerprint[] =
+  "LclHC+Y+9KzxvYKGCUArt7h72ZY4pkOTTohoLRvowwg=";
+
+/* GOOGLE_PIN_VeriSignClass2_G2 */
+static const char kGOOGLE_PIN_VeriSignClass2_G2Fingerprint[] =
+  "2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8=";
+
+/* GOOGLE_PIN_VeriSignClass3_G2 */
+static const char kGOOGLE_PIN_VeriSignClass3_G2Fingerprint[] =
+  "AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo=";
+
+/* GOOGLE_PIN_VeriSignClass4_G3 */
+static const char kGOOGLE_PIN_VeriSignClass4_G3Fingerprint[] =
+  "VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU=";
+
+/* GeoTrust Global CA */
+static const char kGeoTrust_Global_CAFingerprint[] =
+  "h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
+
+/* GeoTrust Global CA 2 */
+static const char kGeoTrust_Global_CA_2Fingerprint[] =
+  "F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU=";
+
+/* GeoTrust Primary Certification Authority */
+static const char kGeoTrust_Primary_Certification_AuthorityFingerprint[] =
+  "SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=";
+
+/* GeoTrust Primary Certification Authority - G2 */
+static const char kGeoTrust_Primary_Certification_Authority___G2Fingerprint[] =
+  "vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs=";
+
+/* GeoTrust Primary Certification Authority - G3 */
+static const char kGeoTrust_Primary_Certification_Authority___G3Fingerprint[] =
+  "q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=";
+
+/* GeoTrust Universal CA */
+static const char kGeoTrust_Universal_CAFingerprint[] =
+  "lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA=";
+
+/* GeoTrust Universal CA 2 */
+static const char kGeoTrust_Universal_CA_2Fingerprint[] =
+  "fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE=";
+
+/* GlobalSign ECC Root CA - R4 */
+static const char kGlobalSign_ECC_Root_CA___R4Fingerprint[] =
+  "CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk=";
+
+/* GlobalSign ECC Root CA - R5 */
+static const char kGlobalSign_ECC_Root_CA___R5Fingerprint[] =
+  "fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8=";
+
+/* GlobalSign Root CA */
+static const char kGlobalSign_Root_CAFingerprint[] =
+  "K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=";
+
+/* GlobalSign Root CA - R2 */
+static const char kGlobalSign_Root_CA___R2Fingerprint[] =
+  "iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=";
+
+/* GlobalSign Root CA - R3 */
+static const char kGlobalSign_Root_CA___R3Fingerprint[] =
+  "cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=";
+
+/* Go Daddy Class 2 CA */
+static const char kGo_Daddy_Class_2_CAFingerprint[] =
+  "VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=";
+
+/* Go Daddy Root Certificate Authority - G2 */
+static const char kGo_Daddy_Root_Certificate_Authority___G2Fingerprint[] =
+  "Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA=";
+
+/* GoogleBackup2048 */
+static const char kGoogleBackup2048Fingerprint[] =
+  "IPMbDAjLVSGntGO3WP53X/zilCVndez5YJ2+vJvhJsA=";
+
+/* SpiderOak2 */
+static const char kSpiderOak2Fingerprint[] =
+  "7Y3UnxbffL8aFPXsOJBpGasgpDmngpIhAxGKdQRklQQ=";
+
+/* SpiderOak3 */
+static const char kSpiderOak3Fingerprint[] =
+  "LkER54vOdlygpTsbYvlpMq1CE/lDAG1AP9xmdtwvV2A=";
+
+/* Starfield Class 2 CA */
+static const char kStarfield_Class_2_CAFingerprint[] =
+  "FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ=";
+
+/* Starfield Root Certificate Authority - G2 */
+static const char kStarfield_Root_Certificate_Authority___G2Fingerprint[] =
+  "gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ=";
+
+/* Swehack */
+static const char kSwehackFingerprint[] =
+  "FdaffE799rVb3oyAuhJ2mBW/XJwD07Uajb2G6YwSAEw=";
+
+/* SwehackBackup */
+static const char kSwehackBackupFingerprint[] =
+  "z6cuswA6E1vgFkCjUsbEYo0Lf3aP8M8YOvwkoiGzDCo=";
+
+/* TestSPKI */
+static const char kTestSPKIFingerprint[] =
+  "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+/* Tor1 */
+static const char kTor1Fingerprint[] =
+  "bYz9JTDk89X3qu3fgswG+lBQso5vI0N1f0Rx4go4nLo=";
+
+/* Tor2 */
+static const char kTor2Fingerprint[] =
+  "xXCxhTdn7uxXneJSbQCqoAvuW3ZtQl2pDVTf2sewS8w=";
+
+/* Tor3 */
+static const char kTor3Fingerprint[] =
+  "CleC1qwUR8JPgH1nXvSe2VHxDe5/KfNs96EusbfSOfo=";
+
+/* TumblrBackup */
+static const char kTumblrBackupFingerprint[] =
+  "avlD96PLERV78IN1fD+ab5cupkUDD9wTZWJjHX6VC9w=";
+
+/* Twitter1 */
+static const char kTwitter1Fingerprint[] =
+  "vU9M48LzD/CF34wE5PPf4nBwRyosy06X21J0ap8yS5s=";
+
+/* USERTrust ECC Certification Authority */
+static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
+  "ICGRfpgmOUXIWcQ/HXPLQTkFPEFPoDyjvH7ohhQpjzs=";
+
+/* USERTrust RSA Certification Authority */
+static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] =
+  "x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=";
+
+/* UTN USERFirst Email Root CA */
+static const char kUTN_USERFirst_Email_Root_CAFingerprint[] =
+  "Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM=";
+
+/* UTN USERFirst Hardware Root CA */
+static const char kUTN_USERFirst_Hardware_Root_CAFingerprint[] =
+  "TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI=";
+
+/* UTN USERFirst Object Root CA */
+static const char kUTN_USERFirst_Object_Root_CAFingerprint[] =
+  "D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM=";
+
+/* VeriSign Class 3 Public Primary Certification Authority - G4 */
+static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint[] =
+  "UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=";
+
+/* VeriSign Class 3 Public Primary Certification Authority - G5 */
+static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint[] =
+  "JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=";
+
+/* VeriSign Universal Root Certification Authority */
+static const char kVeriSign_Universal_Root_Certification_AuthorityFingerprint[] =
+  "lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI=";
+
+/* Verisign Class 1 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM=";
+
+/* Verisign Class 2 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM=";
+
+/* Verisign Class 3 Public Primary Certification Authority - G3 */
+static const char kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint[] =
+  "SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=";
+
+/* YahooBackup1 */
+static const char kYahooBackup1Fingerprint[] =
+  "2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY=";
+
+/* YahooBackup2 */
+static const char kYahooBackup2Fingerprint[] =
+  "dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A=";
+
+/* thawte Primary Root CA */
+static const char kthawte_Primary_Root_CAFingerprint[] =
+  "HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=";
+
+/* thawte Primary Root CA - G2 */
+static const char kthawte_Primary_Root_CA___G2Fingerprint[] =
+  "Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM=";
+
+/* thawte Primary Root CA - G3 */
+static const char kthawte_Primary_Root_CA___G3Fingerprint[] =
+  "GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik=";
+
+/* Pinsets are each an ordered list by the actual value of the fingerprint */
+struct StaticFingerprints {
+  const size_t size;
+  const char* const* data;
+};
+
+/* PreloadedHPKPins.json pinsets */
+static const char* const kPinset_google_root_pems_Data[] = {
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
+  kComodo_Trusted_Services_rootFingerprint,
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_G2Fingerprint,
+  kCOMODO_Certification_AuthorityFingerprint,
+  kAddTrust_Low_Value_Services_RootFingerprint,
+  kGlobalSign_ECC_Root_CA___R4Fingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kDigiCert_Assured_ID_Root_G3Fingerprint,
+  kStarfield_Class_2_CAFingerprint,
+  kthawte_Primary_Root_CA___G3Fingerprint,
+  kthawte_Primary_Root_CAFingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kUSERTrust_ECC_Certification_AuthorityFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
+  kAffirmTrust_Premium_ECCFingerprint,
+  kAddTrust_Public_Services_RootFingerprint,
+  kComodo_Secure_Services_rootFingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kUTN_USERFirst_Hardware_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGo_Daddy_Class_2_CAFingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kthawte_Primary_Root_CA___G2Fingerprint,
+  kAffirmTrust_CommercialFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGlobalSign_ECC_Root_CA___R5Fingerprint,
+  kCybertrust_Global_RootFingerprint,
+  kStarfield_Root_Certificate_Authority___G2Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+  kAffirmTrust_NetworkingFingerprint,
+  kAddTrust_External_RootFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kComodo_AAA_Services_rootFingerprint,
+  kAffirmTrust_PremiumFingerprint,
+  kUSERTrust_RSA_Certification_AuthorityFingerprint,
+  kAddTrust_Qualified_Certificates_RootFingerprint,
+};
+static const StaticFingerprints kPinset_google_root_pems = {
+  sizeof(kPinset_google_root_pems_Data) / sizeof(const char*),
+  kPinset_google_root_pems_Data
+};
+
+static const char* const kPinset_mozilla_Data[] = {
+  kGeoTrust_Global_CA_2Fingerprint,
+  kthawte_Primary_Root_CA___G3Fingerprint,
+  kthawte_Primary_Root_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kthawte_Primary_Root_CA___G2Fingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+};
+static const StaticFingerprints kPinset_mozilla = {
+  sizeof(kPinset_mozilla_Data) / sizeof(const char*),
+  kPinset_mozilla_Data
+};
+
+static const char* const kPinset_mozilla_services_Data[] = {
+  kDigiCert_Global_Root_CAFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_services = {
+  sizeof(kPinset_mozilla_services_Data) / sizeof(const char*),
+  kPinset_mozilla_services_Data
+};
+
+static const char* const kPinset_mozilla_test_Data[] = {
+  kEnd_Entity_Test_CertFingerprint,
+};
+static const StaticFingerprints kPinset_mozilla_test = {
+  sizeof(kPinset_mozilla_test_Data) / sizeof(const char*),
+  kPinset_mozilla_test_Data
+};
+
+/* Chrome static pinsets */
+static const char* const kPinset_test_Data[] = {
+  kTestSPKIFingerprint,
+};
+static const StaticFingerprints kPinset_test = {
+  sizeof(kPinset_test_Data) / sizeof(const char*),
+  kPinset_test_Data
+};
+
+static const char* const kPinset_google_Data[] = {
+  kGOOGLE_PIN_GoogleG2Fingerprint,
+  kGoogleBackup2048Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+};
+static const StaticFingerprints kPinset_google = {
+  sizeof(kPinset_google_Data) / sizeof(const char*),
+  kPinset_google_Data
+};
+
+static const char* const kPinset_tor_Data[] = {
+  kTor3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kTor1Fingerprint,
+  kGOOGLE_PIN_RapidSSLFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+  kTor2Fingerprint,
+};
+static const StaticFingerprints kPinset_tor = {
+  sizeof(kPinset_tor_Data) / sizeof(const char*),
+  kPinset_tor_Data
+};
+
+static const char* const kPinset_twitterCom_Data[] = {
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGOOGLE_PIN_VeriSignClass1Fingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kTwitter1Fingerprint,
+};
+static const StaticFingerprints kPinset_twitterCom = {
+  sizeof(kPinset_twitterCom_Data) / sizeof(const char*),
+  kPinset_twitterCom_Data
+};
+
+static const char* const kPinset_twitterCDN_Data[] = {
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kComodo_Trusted_Services_rootFingerprint,
+  kCOMODO_Certification_AuthorityFingerprint,
+  kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
+  kAddTrust_Low_Value_Services_RootFingerprint,
+  kUTN_USERFirst_Object_Root_CAFingerprint,
+  kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
+  kGeoTrust_Global_CA_2Fingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kGlobalSign_Root_CAFingerprint,
+  kUTN_USERFirst_Email_Root_CAFingerprint,
+  kGOOGLE_PIN_VeriSignClass1Fingerprint,
+  kAddTrust_Public_Services_RootFingerprint,
+  kGOOGLE_PIN_UTNDATACorpSGCFingerprint,
+  kComodo_Secure_Services_rootFingerprint,
+  kGeoTrust_Primary_Certification_AuthorityFingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kUTN_USERFirst_Hardware_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kGlobalSign_Root_CA___R3Fingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kGeoTrust_Universal_CA_2Fingerprint,
+  kGeoTrust_Global_CAFingerprint,
+  kGlobalSign_Root_CA___R2Fingerprint,
+  kAddTrust_External_RootFingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kGeoTrust_Universal_CAFingerprint,
+  kGOOGLE_PIN_Entrust_SSLFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
+  kComodo_AAA_Services_rootFingerprint,
+  kTwitter1Fingerprint,
+  kAddTrust_Qualified_Certificates_RootFingerprint,
+};
+static const StaticFingerprints kPinset_twitterCDN = {
+  sizeof(kPinset_twitterCDN_Data) / sizeof(const char*),
+  kPinset_twitterCDN_Data
+};
+
+static const char* const kPinset_dropbox_Data[] = {
+  kEntrust_Root_Certification_Authority___EC1Fingerprint,
+  kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
+  kGOOGLE_PIN_GoDaddySecureFingerprint,
+  kGo_Daddy_Class_2_CAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kEntrust_Root_Certification_AuthorityFingerprint,
+  kEntrust_Root_Certification_Authority___G2Fingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+};
+static const StaticFingerprints kPinset_dropbox = {
+  sizeof(kPinset_dropbox_Data) / sizeof(const char*),
+  kPinset_dropbox_Data
+};
+
+static const char* const kPinset_facebook_Data[] = {
+  kGOOGLE_PIN_DigiCertECCSecureServerCAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGOOGLE_PIN_SymantecClass3EVG3Fingerprint,
+  kFacebookBackupFingerprint,
+};
+static const StaticFingerprints kPinset_facebook = {
+  sizeof(kPinset_facebook_Data) / sizeof(const char*),
+  kPinset_facebook_Data
+};
+
+static const char* const kPinset_spideroak_Data[] = {
+  kSpiderOak2Fingerprint,
+  kSpiderOak3Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kGeoTrust_Global_CAFingerprint,
+};
+static const StaticFingerprints kPinset_spideroak = {
+  sizeof(kPinset_spideroak_Data) / sizeof(const char*),
+  kPinset_spideroak_Data
+};
+
+static const char* const kPinset_yahoo_Data[] = {
+  kYahooBackup1Fingerprint,
+  kGOOGLE_PIN_VeriSignClass2_G2Fingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
+  kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
+  kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
+  kDigiCert_Trusted_Root_G4Fingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
+  kYahooBackup2Fingerprint,
+  kDigiCert_Global_Root_G2Fingerprint,
+  kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kDigiCert_Global_Root_G3Fingerprint,
+};
+static const StaticFingerprints kPinset_yahoo = {
+  sizeof(kPinset_yahoo_Data) / sizeof(const char*),
+  kPinset_yahoo_Data
+};
+
+static const char* const kPinset_swehackCom_Data[] = {
+  kSwehackFingerprint,
+  kDST_Root_CA_X3Fingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kGOOGLE_PIN_COMODORSADomainValidationSecureServerCAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+  kSwehackBackupFingerprint,
+};
+static const StaticFingerprints kPinset_swehackCom = {
+  sizeof(kPinset_swehackCom_Data) / sizeof(const char*),
+  kPinset_swehackCom_Data
+};
+
+static const char* const kPinset_ncsccs_Data[] = {
+  kCOMODO_ECC_Certification_AuthorityFingerprint,
+  kDigiCert_Assured_ID_Root_CAFingerprint,
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kBaltimore_CyberTrust_RootFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityPrimary_X1_X3Fingerprint,
+  kCOMODO_RSA_Certification_AuthorityFingerprint,
+  kAddTrust_External_RootFingerprint,
+  kDigiCert_Global_Root_CAFingerprint,
+  kGOOGLE_PIN_LetsEncryptAuthorityBackup_X2_X4Fingerprint,
+};
+static const StaticFingerprints kPinset_ncsccs = {
+  sizeof(kPinset_ncsccs_Data) / sizeof(const char*),
+  kPinset_ncsccs_Data
+};
+
+static const char* const kPinset_tumblr_Data[] = {
+  kDigiCert_High_Assurance_EV_Root_CAFingerprint,
+  kTumblrBackupFingerprint,
+  kGOOGLE_PIN_DigiCertSHA2HighAssuranceServerCAFingerprint,
+};
+static const StaticFingerprints kPinset_tumblr = {
+  sizeof(kPinset_tumblr_Data) / sizeof(const char*),
+  kPinset_tumblr_Data
+};
+
+/* Domainlist */
+struct TransportSecurityPreload {
+  const char* mHost;
+  const bool mIncludeSubdomains;
+  const bool mTestMode;
+  const bool mIsMoz;
+  const int32_t mId;
+  const StaticFingerprints* pinset;
+};
+
+/* Sort hostnames for binary search. */
+static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
+  { "0.me.uk", true, true, false, -1, &kPinset_ncsccs },
+  { "2mdn.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "accounts.firefox.com", true, false, true, 4, &kPinset_mozilla_services },
+  { "accounts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "addons.mozilla.net", true, false, true, 2, &kPinset_mozilla },
+  { "addons.mozilla.org", true, false, true, 1, &kPinset_mozilla },
+  { "admin.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "api.accounts.firefox.com", true, false, true, 5, &kPinset_mozilla_services },
+  { "api.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "appengine.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "apps.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "at.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "au.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "aus4.mozilla.org", true, true, true, 3, &kPinset_mozilla },
+  { "aus5.mozilla.org", true, true, true, 7, &kPinset_mozilla },
+  { "az.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "be.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "bi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "blog.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "blogger.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "blogspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "br.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "bugs.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "build.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "business.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "business.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "ca.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cd.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cdn.mozilla.net", true, false, true, -1, &kPinset_mozilla },
+  { "cdn.mozilla.org", true, false, true, -1, &kPinset_mozilla },
+  { "cg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ch.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chart.apis.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "check.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "checkout.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chfr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chit.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "chrome-devtools-frontend.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chrome.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumbugs.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "chromiumcodereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "cloud.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "co.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "code.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "code.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "codereview.chromium.org", true, false, false, -1, &kPinset_google_root_pems },
+  { "contributor.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "cr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "crbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crosbug.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "crrev.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ct.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "de.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "dev.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "developer.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "developers.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "dist.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "dk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "dl.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "dns.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "do.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "docs.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "domains.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "drive.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "dropbox.com", true, false, false, -1, &kPinset_dropbox },
+  { "dropboxstatic.com", false, true, false, -1, &kPinset_dropbox },
+  { "dropboxusercontent.com", false, true, false, -1, &kPinset_dropbox },
+  { "edit.yahoo.com", true, true, false, -1, &kPinset_yahoo },
+  { "en-maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "encrypted.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "es.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "espanol.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "exclude-subdomains.pinning.example.com", false, false, false, 0, &kPinset_mozilla_test },
+  { "facebook.com", false, false, false, -1, &kPinset_facebook },
+  { "fi.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "fi.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "firebaseio.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "fj.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "fr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "g.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "g4w.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "ggpht.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "glass.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gm.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "goo.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google", true, false, false, -1, &kPinset_google_root_pems },
+  { "google-analytics.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ac", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ad", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ae", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.am", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.as", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.at", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.az", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ba", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.bs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ca", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cat", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ch", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ci", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.bw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ck", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.cr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.id", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.il", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.in", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ke", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.kr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ls", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ma", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.mz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.nz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.th", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.tz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ug", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.vi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.za", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.co.zw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.af", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ag", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ar", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.au", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bd", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.br", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.by", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.bz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.co", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.cy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.do", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ec", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.eg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.et", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.fj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.gt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.kw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.lb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ly", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.mx", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.my", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.na", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nf", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ng", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ni", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.np", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.om", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pe", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ph", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.pr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.py", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.qa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sa", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sb", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.sv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.tw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ua", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.uy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.ve", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.com.vn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.cz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.de", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dj", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.dz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ee", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.es", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fi", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.fr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ga", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ge", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.gy", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ht", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.hu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ie", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.im", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.info", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.iq", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.is", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.it.ao", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.je", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jo", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jobs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ki", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.kz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.la", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.li", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.lv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.md", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.me", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ml", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ms", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mv", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.mw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ne.jp", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.no", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nr", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.nu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.off.ai", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ps", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.pt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ro", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rs", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ru", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.rw", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sc", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.se", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sh", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.si", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.sn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.so", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.st", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.td", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tk", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tl", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tm", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tn", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.to", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.tt", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.us", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.uz", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vg", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.vu", true, false, false, -1, &kPinset_google_root_pems },
+  { "google.ws", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleadservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecode.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlecommerce.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "googleplex.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesource.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlesyndication.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagmanager.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googletagservices.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleusercontent.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googlevideo.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "googleweblight.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "goto.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "groups.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gstatic.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt1.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt2.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "gvt3.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hangouts.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "history.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "hn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "hostedtalkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "hu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "id.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ie.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "in.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "inbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "include-subdomains.pinning.example.com", true, false, false, -1, &kPinset_mozilla_test },
+  { "it.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "kr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "kz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "li.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "login.corp.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "login.yahoo.com", true, true, false, -1, &kPinset_yahoo },
+  { "lt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "lu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "lv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "m.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "mail-settings.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mail.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mail.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "maktoob.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "malaysia.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "market.android.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "mbasic.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "meet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "messenger.com", false, false, false, -1, &kPinset_facebook },
+  { "mobile.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "mt.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mtouch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "mu.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "mx.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "myaccount.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "myactivity.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ncsccs.com", true, true, false, -1, &kPinset_ncsccs },
+  { "ni.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "nl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "no.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "np.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "nz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "oauth.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "pa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "passwords.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "payments.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pe.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ph.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "pinning-test.badssl.com", true, false, false, -1, &kPinset_test },
+  { "pinningtest.appspot.com", true, false, false, -1, &kPinset_test },
+  { "pixel.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "pixel.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "pl.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "platform.twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "play.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "plus.sandbox.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "pr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "profiles.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "py.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "qc.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "research.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "ro.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ru.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "rw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "script.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "se.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "secure.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "security.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "services.mozilla.com", true, false, true, 6, &kPinset_mozilla_services },
+  { "sg.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "sirburton.com", true, true, false, -1, &kPinset_ncsccs },
+  { "sites.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "spideroak.com", true, false, false, -1, &kPinset_spideroak },
+  { "spreadsheets.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "static.googleadsserving.cn", true, false, false, -1, &kPinset_google_root_pems },
+  { "stats.g.doubleclick.net", true, false, false, -1, &kPinset_google_root_pems },
+  { "sv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "swehack.org", true, true, false, -1, &kPinset_swehackCom },
+  { "t.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "tablet.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "talk.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "talkgadget.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "test-mode.pinning.example.com", true, true, false, -1, &kPinset_mozilla_test },
+  { "th.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "themathematician.uk", true, true, false, -1, &kPinset_ncsccs },
+  { "torproject.org", false, false, false, -1, &kPinset_tor },
+  { "touch.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "tr.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "tv.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "tw.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
+  { "ua.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "uk.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "upload.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "urchin.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "uy.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "uz.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "ve.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "vn.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu-mirror.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings-mirror-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "webfilings.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-bigsky-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-eu.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-demo-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-dogfood-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-pentest.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-staging-hr.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-training-master.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "wf-trial-hrd.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withgoogle.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "withyoutube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.dropbox.com", true, false, false, -1, &kPinset_dropbox },
+  { "www.facebook.com", true, false, false, -1, &kPinset_facebook },
+  { "www.gmail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlegroups.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "www.googlemail.com", false, false, false, -1, &kPinset_google_root_pems },
+  { "www.messenger.com", true, false, false, -1, &kPinset_facebook },
+  { "www.torproject.org", true, false, false, -1, &kPinset_tor },
+  { "www.tumblr.com", false, true, false, -1, &kPinset_tumblr },
+  { "www.twitter.com", true, false, false, -1, &kPinset_twitterCom },
+  { "xa.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "xbrlsuccess.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "xn--7xa.google.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtu.be", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube-nocookie.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "youtube.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "ytimg.com", true, false, false, -1, &kPinset_google_root_pems },
+  { "za.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+  { "zh.search.yahoo.com", false, true, false, -1, &kPinset_yahoo },
+};
+
+// Pinning Preload List Length = 476;
+
+static const int32_t kUnknownId = -1;
+
+static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1524772960289000);
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
new file mode 100644
index 000000000..101e2332c
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -0,0 +1,1100 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TransportSecurityInfo.h"
+
+#include "PSMRunnable.h"
+#include "mozilla/Casting.h"
+#include "nsComponentManagerUtils.h"
+#include "nsIArray.h"
+#include "nsICertOverrideService.h"
+#include "nsIDateTimeFormat.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIWebProgressListener.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "nsXULAppAPI.h"
+#include "pkix/pkixtypes.h"
+#include "secerr.h"
+
+//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal 
+                            //reports when doing SSL read/write
+
+//#define DUMP_BUFFER  //Enable this define along with
+                       //DEBUG_SSL_VERBOSE to dump SSL
+                       //read/write buffer to a log.
+                       //Uses PR_LOG except on Mac where
+                       //we always write out to our own
+                       //file.
+
+namespace mozilla { namespace psm {
+
+TransportSecurityInfo::TransportSecurityInfo()
+  : mMutex("TransportSecurityInfo::mMutex"),
+    mSecurityState(nsIWebProgressListener::STATE_IS_INSECURE),
+    mSubRequestsBrokenSecurity(0),
+    mSubRequestsNoSecurity(0),
+    mErrorCode(0),
+    mErrorMessageType(PlainErrorMessage),
+    mPort(0)
+{
+}
+
+TransportSecurityInfo::~TransportSecurityInfo()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+TransportSecurityInfo::virtualDestroyNSSReference()
+{
+}
+
+NS_IMPL_ISUPPORTS(TransportSecurityInfo,
+                  nsITransportSecurityInfo,
+                  nsIInterfaceRequestor,
+                  nsISSLStatusProvider,
+                  nsIAssociatedContentSecurity,
+                  nsISerializable,
+                  nsIClassInfo)
+
+nsresult
+TransportSecurityInfo::SetHostName(const char* host)
+{
+  mHostName.Adopt(host ? NS_strdup(host) : 0);
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetHostName(char **host)
+{
+  *host = (mHostName) ? NS_strdup(mHostName) : nullptr;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetPort(int32_t aPort)
+{
+  mPort = aPort;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetPort(int32_t *aPort)
+{
+  *aPort = mPort;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetOriginAttributes(
+  const NeckoOriginAttributes& aOriginAttributes)
+{
+  mOriginAttributes = aOriginAttributes;
+  return NS_OK;
+}
+
+PRErrorCode
+TransportSecurityInfo::GetErrorCode() const
+{
+  MutexAutoLock lock(mMutex);
+
+  return mErrorCode;
+}
+
+void
+TransportSecurityInfo::SetCanceled(PRErrorCode errorCode,
+                                   SSLErrorMessageType errorMessageType)
+{
+  MutexAutoLock lock(mMutex);
+
+  mErrorCode = errorCode;
+  mErrorMessageType = errorMessageType;
+  mErrorMessageCached.Truncate();
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetSecurityState(uint32_t* state)
+{
+  *state = mSecurityState;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetSecurityState(uint32_t aState)
+{
+  mSecurityState = aState;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCountSubRequestsBrokenSecurity(
+  int32_t *aSubRequestsBrokenSecurity)
+{
+  *aSubRequestsBrokenSecurity = mSubRequestsBrokenSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::SetCountSubRequestsBrokenSecurity(
+  int32_t aSubRequestsBrokenSecurity)
+{
+  mSubRequestsBrokenSecurity = aSubRequestsBrokenSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetCountSubRequestsNoSecurity(
+  int32_t *aSubRequestsNoSecurity)
+{
+  *aSubRequestsNoSecurity = mSubRequestsNoSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::SetCountSubRequestsNoSecurity(
+  int32_t aSubRequestsNoSecurity)
+{
+  mSubRequestsNoSecurity = aSubRequestsNoSecurity;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::Flush()
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorMessage(char16_t** aText)
+{
+  NS_ENSURE_ARG_POINTER(aText);
+  *aText = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetErrorMessage called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  if (mErrorMessageCached.IsEmpty()) {
+    nsresult rv = formatErrorMessage(lock, 
+                                     mErrorCode, mErrorMessageType,
+                                     true, true, mErrorMessageCached);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  *aText = ToNewUnicode(mErrorMessageCached);
+  return *aText ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+void
+TransportSecurityInfo::GetErrorLogMessage(PRErrorCode errorCode,
+                                          SSLErrorMessageType errorMessageType,
+                                          nsString &result)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetErrorLogMessage called off the main thread");
+    return;
+  }
+
+  MutexAutoLock lock(mMutex);
+  (void) formatErrorMessage(lock, errorCode, errorMessageType,
+                            false, false, result);
+}
+
+static nsresult
+formatPlainErrorMessage(nsXPIDLCString const & host, int32_t port,
+                        PRErrorCode err, 
+                        bool suppressPort443,
+                        nsString &returnedMessage);
+
+static nsresult
+formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
+                                  PRErrorCode errorCodeToReport, 
+                                  const nsXPIDLCString & host, int32_t port,
+                                  bool suppressPort443,
+                                  bool wantsHtml,
+                                  nsString & returnedMessage);
+
+// XXX: uses nsNSSComponent string bundles off the main thread when called by
+//      nsNSSSocketInfo::Write().
+nsresult
+TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock, 
+                                          PRErrorCode errorCode,
+                                          SSLErrorMessageType errorMessageType,
+                                          bool wantsHtml, bool suppressPort443, 
+                                          nsString &result)
+{
+  result.Truncate();
+  if (errorCode == 0) {
+    return NS_OK;
+  }
+
+  if (!XRE_IsParentProcess()) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  nsresult rv;
+  NS_ConvertASCIItoUTF16 hostNameU(mHostName);
+  NS_ASSERTION(errorMessageType != OverridableCertErrorMessage || 
+                (mSSLStatus && mSSLStatus->HasServerCert() &&
+                 mSSLStatus->mHaveCertErrorBits),
+                "GetErrorLogMessage called for cert error without cert");
+  if (errorMessageType == OverridableCertErrorMessage && 
+      mSSLStatus && mSSLStatus->HasServerCert()) {
+    rv = formatOverridableCertErrorMessage(*mSSLStatus, errorCode,
+                                           mHostName, mPort,
+                                           suppressPort443,
+                                           wantsHtml,
+                                           result);
+  } else {
+    rv = formatPlainErrorMessage(mHostName, mPort, 
+                                 errorCode,
+                                 suppressPort443,
+                                 result);
+  }
+
+  if (NS_FAILED(rv)) {
+    result.Truncate();
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetErrorCode(int32_t* state)
+{
+  *state = GetErrorCode();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetInterface(const nsIID & uuid, void * *result)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSSocketInfo::GetInterface called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  if (!mCallbacks) {
+    nsCOMPtr<nsIInterfaceRequestor> ir = new PipUIContext();
+    rv = ir->GetInterface(uuid, result);
+  } else {
+    rv = mCallbacks->GetInterface(uuid, result);
+  }
+  return rv;
+}
+
+// This is a new magic value. However, it re-uses the first 4 bytes
+// of the previous value. This is so when older versions attempt to
+// read a newer serialized TransportSecurityInfo, they will actually
+// fail and return NS_ERROR_FAILURE instead of silently failing.
+#define TRANSPORTSECURITYINFOMAGIC { 0xa9863a23, 0x1faa, 0x4169, \
+  { 0xb0, 0xd2, 0x81, 0x29, 0xec, 0x7c, 0xb1, 0xde } }
+static NS_DEFINE_CID(kTransportSecurityInfoMagic, TRANSPORTSECURITYINFOMAGIC);
+
+NS_IMETHODIMP
+TransportSecurityInfo::Write(nsIObjectOutputStream* stream)
+{
+  nsresult rv = stream->WriteID(kTransportSecurityInfoMagic);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  rv = stream->Write32(mSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(mSubRequestsBrokenSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(mSubRequestsNoSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = stream->Write32(static_cast<uint32_t>(mErrorCode));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (mErrorMessageCached.IsEmpty()) {
+    // XXX: uses nsNSSComponent string bundles off the main thread
+    rv = formatErrorMessage(lock, mErrorCode, mErrorMessageType,
+                            true, true, mErrorMessageCached);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  rv = stream->WriteWStringZ(mErrorMessageCached.get());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // For successful connections and for connections with overridable errors,
+  // mSSLStatus will be non-null. However, for connections with non-overridable
+  // errors, it will be null.
+  nsCOMPtr<nsISerializable> serializable(mSSLStatus);
+  rv = NS_WriteOptionalCompoundObject(stream,
+                                      serializable,
+                                      NS_GET_IID(nsISSLStatus),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = NS_WriteOptionalCompoundObject(stream,
+                                      mFailedCertChain,
+                                      NS_GET_IID(nsIX509CertList),
+                                      true);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::Read(nsIObjectInputStream* stream)
+{
+  nsID id;
+  nsresult rv = stream->ReadID(&id);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!id.Equals(kTransportSecurityInfoMagic)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  MutexAutoLock lock(mMutex);
+
+  rv = stream->Read32(&mSecurityState);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  uint32_t subRequestsBrokenSecurity;
+  rv = stream->Read32(&subRequestsBrokenSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (subRequestsBrokenSecurity >
+      static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  mSubRequestsBrokenSecurity = subRequestsBrokenSecurity;
+  uint32_t subRequestsNoSecurity;
+  rv = stream->Read32(&subRequestsNoSecurity);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (subRequestsNoSecurity >
+      static_cast<uint32_t>(std::numeric_limits<int32_t>::max())) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  mSubRequestsNoSecurity = subRequestsNoSecurity;
+  uint32_t errorCode;
+  rv = stream->Read32(&errorCode);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // PRErrorCode will be a negative value
+  mErrorCode = static_cast<PRErrorCode>(errorCode);
+
+  rv = stream->ReadString(mErrorMessageCached);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // For successful connections and for connections with overridable errors,
+  // mSSLStatus will be non-null. For connections with non-overridable errors,
+  // it will be null.
+  nsCOMPtr<nsISupports> supports;
+  rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(supports));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mSSLStatus = BitwiseCast<nsSSLStatus*, nsISupports*>(supports.get());
+
+  nsCOMPtr<nsISupports> failedCertChainSupports;
+  rv = NS_ReadOptionalObject(stream, true, getter_AddRefs(failedCertChainSupports));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  mFailedCertChain = do_QueryInterface(failedCertChainSupports);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetInterfaces(uint32_t *count, nsIID * **array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetScriptableHelper(nsIXPCScriptable **_retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetContractID(char * *aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassDescription(char * *aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassID(nsCID * *aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetFlags(uint32_t *aFlags)
+{
+  *aFlags = 0;
+  return NS_OK;
+}
+
+static NS_DEFINE_CID(kNSSSocketInfoCID, TRANSPORTSECURITYINFO_CID);
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetClassIDNoAlloc(nsCID *aClassIDNoAlloc)
+{
+  *aClassIDNoAlloc = kNSSSocketInfoCID;
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::GetSSLStatus(nsISSLStatus** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+
+  *_result = mSSLStatus;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetSSLStatus(nsSSLStatus *aSSLStatus)
+{
+  mSSLStatus = aSSLStatus;
+
+  return NS_OK;
+}
+
+/* Formats an error message for non-certificate-related SSL errors
+ * and non-overridable certificate errors (both are of type
+ * PlainErrormMessage). Use formatOverridableCertErrorMessage
+ * for overridable cert errors.
+ */
+static nsresult
+formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
+                        PRErrorCode err, 
+                        bool suppressPort443,
+                        nsString &returnedMessage)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  const char16_t *params[1];
+  nsresult rv;
+
+  nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  if (host.Length())
+  {
+    nsString hostWithPort;
+
+    // For now, hide port when it's 443 and we're reporting the error.
+    // In the future a better mechanism should be used
+    // to make a decision about showing the port number, possibly by requiring
+    // the context object to implement a specific interface.
+    // The motivation is that Mozilla browser would like to hide the port number
+    // in error pages in the common case.
+
+    hostWithPort.AssignASCII(host);
+    if (!suppressPort443 || port != 443) {
+      hostWithPort.Append(':');
+      hostWithPort.AppendInt(port);
+    }
+    params[0] = hostWithPort.get();
+
+    nsString formattedString;
+    rv = component->PIPBundleFormatStringFromName("SSLConnectionErrorPrefix", 
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv))
+    {
+      returnedMessage.Append(formattedString);
+      returnedMessage.AppendLiteral("\n\n");
+    }
+  }
+
+  nsString explanation;
+  rv = nsNSSErrors::getErrorMessageFromCode(err, component, explanation);
+  if (NS_SUCCEEDED(rv))
+    returnedMessage.Append(explanation);
+
+  return NS_OK;
+}
+
+static void
+AppendErrorTextUntrusted(PRErrorCode errTrust,
+                         const nsString &host,
+                         nsIX509Cert* ix509,
+                         nsINSSComponent *component,
+                         nsString &returnedMessage)
+{
+  const char* errorID = nullptr;
+  const char* errorID2 = nullptr;
+  const char* errorID3 = nullptr;
+  bool isSelfSigned;
+  if (NS_SUCCEEDED(ix509->GetIsSelfSigned(&isSelfSigned)) && isSelfSigned) {
+    errorID = "certErrorTrust_SelfSigned";
+  }
+
+  if (!errorID) {
+    switch (errTrust) {
+      case SEC_ERROR_UNKNOWN_ISSUER:
+        errorID = "certErrorTrust_UnknownIssuer";
+        errorID2 = "certErrorTrust_UnknownIssuer2";
+        errorID3 = "certErrorTrust_UnknownIssuer3";
+        break;
+      case SEC_ERROR_CA_CERT_INVALID:
+        errorID = "certErrorTrust_CaInvalid";
+        break;
+      case SEC_ERROR_UNTRUSTED_ISSUER:
+        errorID = "certErrorTrust_Issuer";
+        break;
+      case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
+        errorID = "certErrorTrust_SignatureAlgorithmDisabled";
+        break;
+      case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+        errorID = "certErrorTrust_ExpiredIssuer";
+        break;
+      case SEC_ERROR_UNTRUSTED_CERT:
+      default:
+        errorID = "certErrorTrust_Untrusted";
+        break;
+    }
+  }
+
+  const char* errorIDs[] = { errorID, errorID2, errorID3 };
+  for (size_t i = 0; i < ArrayLength(errorIDs); i++) {
+    if (!errorIDs[i]) {
+      break;
+    }
+
+    nsString formattedString;
+    nsresult rv = component->GetPIPNSSBundleString(errorIDs[i], formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+  }
+}
+
+// Returns the number of dNSName or iPAddress entries encountered in the
+// subject alternative name extension of the certificate.
+// Returns zero if the extension is not present, could not be decoded, or if it
+// does not contain any dNSName or iPAddress entries.
+static uint32_t
+GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
+{
+  allNames.Truncate();
+
+  ScopedAutoSECItem altNameExtension;
+  SECStatus rv = CERT_FindCertExtension(nssCert, SEC_OID_X509_SUBJECT_ALT_NAME,
+                                        &altNameExtension);
+  if (rv != SECSuccess) {
+    return 0;
+  }
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return 0;
+  }
+  CERTGeneralName* sanNameList(CERT_DecodeAltNameExtension(arena.get(),
+                                                           &altNameExtension));
+  if (!sanNameList) {
+    return 0;
+  }
+
+  uint32_t nameCount = 0;
+  CERTGeneralName* current = sanNameList;
+  do {
+    nsAutoString name;
+    switch (current->type) {
+      case certDNSName:
+        {
+          nsDependentCSubstring nameFromCert(BitwiseCast<char*, unsigned char*>(
+                                               current->name.other.data),
+                                             current->name.other.len);
+          // dNSName fields are defined as type IA5String and thus should
+          // be limited to ASCII characters.
+          if (IsASCII(nameFromCert)) {
+            name.Assign(NS_ConvertASCIItoUTF16(nameFromCert));
+            if (!allNames.IsEmpty()) {
+              allNames.AppendLiteral(", ");
+            }
+            ++nameCount;
+            allNames.Append(name);
+          }
+        }
+        break;
+
+      case certIPAddress:
+        {
+          char buf[INET6_ADDRSTRLEN];
+          PRNetAddr addr;
+          if (current->name.other.len == 4) {
+            addr.inet.family = PR_AF_INET;
+            memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
+            PR_NetAddrToString(&addr, buf, sizeof(buf));
+            name.AssignASCII(buf);
+          } else if (current->name.other.len == 16) {
+            addr.ipv6.family = PR_AF_INET6;
+            memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len);
+            PR_NetAddrToString(&addr, buf, sizeof(buf));
+            name.AssignASCII(buf);
+          } else {
+            /* invalid IP address */
+          }
+          if (!name.IsEmpty()) {
+            if (!allNames.IsEmpty()) {
+              allNames.AppendLiteral(", ");
+            }
+            ++nameCount;
+            allNames.Append(name);
+          }
+          break;
+        }
+
+      default: // all other types of names are ignored
+        break;
+    }
+    current = CERT_GetNextGeneralName(current);
+  } while (current != sanNameList); // double linked
+
+  return nameCount;
+}
+
+static nsresult
+AppendErrorTextMismatch(const nsString& host, nsIX509Cert* ix509,
+                        nsINSSComponent* component, bool wantsHtml,
+                        nsString& returnedMessage)
+{
+  // Prepare a default "not valid for <hostname>" string in case anything
+  // goes wrong (or in case the certificate is not valid for any hostnames).
+  nsAutoString notValidForHostnameString;
+  const char16_t* params[1];
+  params[0] = host.get();
+  nsresult rv = component->PIPBundleFormatStringFromName(
+    "certErrorMismatch", params, 1, notValidForHostnameString);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  notValidForHostnameString.Append('\n');
+
+  UniqueCERTCertificate nssCert(ix509->GetCert());
+  if (!nssCert) {
+    returnedMessage.Append(notValidForHostnameString);
+    return NS_OK;
+  }
+
+  nsAutoString allNames;
+  uint32_t nameCount = GetSubjectAltNames(nssCert.get(), allNames);
+  if (nameCount == 0) {
+    returnedMessage.Append(notValidForHostnameString);
+  } else if (nameCount > 1) {
+    nsString message;
+    rv = component->GetPIPNSSBundleString("certErrorMismatchMultiple", message);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    returnedMessage.Append(message);
+    returnedMessage.AppendLiteral("\n  ");
+    returnedMessage.Append(allNames);
+    returnedMessage.AppendLiteral("  \n");
+  } else if (nameCount == 1) {
+    params[0] = allNames.get();
+
+    const char* stringID = wantsHtml ? "certErrorMismatchSingle2"
+                                     : "certErrorMismatchSinglePlain";
+    nsAutoString formattedString;
+    rv = component->PIPBundleFormatStringFromName(stringID, params, 1,
+                                                  formattedString);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    returnedMessage.Append(formattedString);
+    returnedMessage.Append('\n');
+  }
+
+  return NS_OK;
+}
+
+static void
+GetDateBoundary(nsIX509Cert* ix509,
+                nsString &formattedDate,
+                nsString &nowDate,
+                bool &trueExpired_falseNotYetValid)
+{
+  trueExpired_falseNotYetValid = true;
+  formattedDate.Truncate();
+
+  PRTime notAfter, notBefore, timeToUse;
+  nsCOMPtr<nsIX509CertValidity> validity;
+  nsresult rv;
+
+  rv = ix509->GetValidity(getter_AddRefs(validity));
+  if (NS_FAILED(rv))
+    return;
+
+  rv = validity->GetNotAfter(&notAfter);
+  if (NS_FAILED(rv))
+    return;
+
+  rv = validity->GetNotBefore(&notBefore);
+  if (NS_FAILED(rv))
+    return;
+
+  PRTime now = PR_Now();
+  if (now > notAfter) {
+    timeToUse = notAfter;
+  } else {
+    timeToUse = notBefore;
+    trueExpired_falseNotYetValid = false;
+  }
+
+  nsCOMPtr<nsIDateTimeFormat> dateTimeFormat = nsIDateTimeFormat::Create();
+  if (!dateTimeFormat) {
+    return;
+  }
+
+  dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds,
+                               timeToUse, formattedDate);
+  dateTimeFormat->FormatPRTime(nullptr, kDateFormatLong, kTimeFormatNoSeconds,
+                               now, nowDate);
+}
+
+static void
+AppendErrorTextTime(nsIX509Cert* ix509,
+                    nsINSSComponent *component,
+                    nsString &returnedMessage)
+{
+  nsAutoString formattedDate, nowDate;
+  bool trueExpired_falseNotYetValid;
+  GetDateBoundary(ix509, formattedDate, nowDate, trueExpired_falseNotYetValid);
+
+  const char16_t *params[2];
+  params[0] = formattedDate.get(); // might be empty, if helper function had a problem 
+  params[1] = nowDate.get();
+
+  const char *key = trueExpired_falseNotYetValid ? 
+                    "certErrorExpiredNow" : "certErrorNotYetValidNow";
+  nsresult rv;
+  nsString formattedString;
+  rv = component->PIPBundleFormatStringFromName(
+           key,
+           params, 
+           ArrayLength(params),
+           formattedString);
+  if (NS_SUCCEEDED(rv))
+  {
+    returnedMessage.Append(formattedString);
+    returnedMessage.Append('\n');
+  }
+}
+
+static void
+AppendErrorTextCode(PRErrorCode errorCodeToReport,
+                    nsINSSComponent *component,
+                    nsString &returnedMessage)
+{
+  const char *codeName = nsNSSErrors::getDefaultErrorStringName(errorCodeToReport);
+  if (codeName)
+  {
+    nsCString error_id(codeName);
+    NS_ConvertASCIItoUTF16 idU(error_id);
+
+    const char16_t *params[1];
+    params[0] = idU.get();
+
+    nsString formattedString;
+    nsresult rv;
+    rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2",
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append('\n');
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+    else {
+      returnedMessage.AppendLiteral(" (");
+      returnedMessage.Append(idU);
+      returnedMessage.Append(')');
+    }
+  }
+}
+
+/* Formats an error message for overridable certificate errors (of type
+ * OverridableCertErrorMessage). Use formatPlainErrorMessage to format
+ * non-overridable cert errors and non-cert-related errors.
+ */
+static nsresult
+formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
+                                  PRErrorCode errorCodeToReport, 
+                                  const nsXPIDLCString & host, int32_t port,
+                                  bool suppressPort443,
+                                  bool wantsHtml,
+                                  nsString & returnedMessage)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  const char16_t *params[1];
+  nsresult rv;
+  nsAutoString hostWithPort;
+  nsAutoString hostWithoutPort;
+
+  // For now, hide port when it's 443 and we're reporting the error.
+  // In the future a better mechanism should be used
+  // to make a decision about showing the port number, possibly by requiring
+  // the context object to implement a specific interface.
+  // The motivation is that Mozilla browser would like to hide the port number
+  // in error pages in the common case.
+  
+  hostWithoutPort.AppendASCII(host);
+  if (suppressPort443 && port == 443) {
+    params[0] = hostWithoutPort.get();
+  } else {
+    hostWithPort.AppendASCII(host);
+    hostWithPort.Append(':');
+    hostWithPort.AppendInt(port);
+    params[0] = hostWithPort.get();
+  }
+
+  nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  returnedMessage.Truncate();
+  rv = component->PIPBundleFormatStringFromName("certErrorIntro", params, 1,
+                                                returnedMessage);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  returnedMessage.AppendLiteral("\n\n");
+
+  RefPtr<nsIX509Cert> ix509;
+  rv = sslStatus.GetServerCert(getter_AddRefs(ix509));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  bool isUntrusted;
+  rv = sslStatus.GetIsUntrusted(&isUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isUntrusted) {
+    AppendErrorTextUntrusted(errorCodeToReport, hostWithoutPort, ix509, 
+                             component, returnedMessage);
+  }
+
+  bool isDomainMismatch;
+  rv = sslStatus.GetIsDomainMismatch(&isDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isDomainMismatch) {
+    rv = AppendErrorTextMismatch(hostWithoutPort, ix509, component, wantsHtml,
+                                 returnedMessage);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  bool isNotValidAtThisTime;
+  rv = sslStatus.GetIsNotValidAtThisTime(&isNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (isNotValidAtThisTime) {
+    AppendErrorTextTime(ix509, component, returnedMessage);
+  }
+
+  AppendErrorTextCode(errorCodeToReport, component, returnedMessage);
+
+  return NS_OK;
+}
+
+// RememberCertErrorsTable
+
+/*static*/ RememberCertErrorsTable*
+RememberCertErrorsTable::sInstance = nullptr;
+
+RememberCertErrorsTable::RememberCertErrorsTable()
+  : mErrorHosts()
+  , mMutex("RememberCertErrorsTable::mMutex")
+{
+}
+
+static nsresult
+GetHostPortKey(TransportSecurityInfo* infoObject, nsAutoCString &result)
+{
+  nsresult rv;
+
+  result.Truncate();
+
+  nsXPIDLCString hostName;
+  rv = infoObject->GetHostName(getter_Copies(hostName));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  int32_t port;
+  rv = infoObject->GetPort(&port);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  result.Assign(hostName);
+  result.Append(':');
+  result.AppendInt(port);
+
+  return NS_OK;
+}
+
+void
+RememberCertErrorsTable::RememberCertHasError(TransportSecurityInfo* infoObject,
+                                              nsSSLStatus* status,
+                                              SECStatus certVerificationResult)
+{
+  nsresult rv;
+
+  nsAutoCString hostPortKey;
+  rv = GetHostPortKey(infoObject, hostPortKey);
+  if (NS_FAILED(rv))
+    return;
+
+  if (certVerificationResult != SECSuccess) {
+    NS_ASSERTION(status,
+        "Must have nsSSLStatus object when remembering flags");
+
+    if (!status)
+      return;
+
+    CertStateBits bits;
+    bits.mIsDomainMismatch = status->mIsDomainMismatch;
+    bits.mIsNotValidAtThisTime = status->mIsNotValidAtThisTime;
+    bits.mIsUntrusted = status->mIsUntrusted;
+
+    MutexAutoLock lock(mMutex);
+    mErrorHosts.Put(hostPortKey, bits);
+  }
+  else {
+    MutexAutoLock lock(mMutex);
+    mErrorHosts.Remove(hostPortKey);
+  }
+}
+
+void
+RememberCertErrorsTable::LookupCertErrorBits(TransportSecurityInfo* infoObject,
+                                             nsSSLStatus* status)
+{
+  // Get remembered error bits from our cache, because of SSL session caching
+  // the NSS library potentially hasn't notified us for this socket.
+  if (status->mHaveCertErrorBits)
+    // Rather do not modify bits if already set earlier
+    return;
+
+  nsresult rv;
+
+  nsAutoCString hostPortKey;
+  rv = GetHostPortKey(infoObject, hostPortKey);
+  if (NS_FAILED(rv))
+    return;
+
+  CertStateBits bits;
+  {
+    MutexAutoLock lock(mMutex);
+    if (!mErrorHosts.Get(hostPortKey, &bits))
+      // No record was found, this host had no cert errors
+      return;
+  }
+
+  // This host had cert errors, update the bits correctly
+  status->mHaveCertErrorBits = true;
+  status->mIsDomainMismatch = bits.mIsDomainMismatch;
+  status->mIsNotValidAtThisTime = bits.mIsNotValidAtThisTime;
+  status->mIsUntrusted = bits.mIsUntrusted;
+}
+
+void
+TransportSecurityInfo::SetStatusErrorBits(nsNSSCertificate* cert,
+                                          uint32_t collected_errors)
+{
+  MutexAutoLock lock(mMutex);
+
+  if (!mSSLStatus) {
+    mSSLStatus = new nsSSLStatus();
+  }
+
+  mSSLStatus->SetServerCert(cert, EVStatus::NotEV);
+
+  mSSLStatus->mHaveCertErrorBits = true;
+  mSSLStatus->mIsDomainMismatch = 
+    collected_errors & nsICertOverrideService::ERROR_MISMATCH;
+  mSSLStatus->mIsNotValidAtThisTime = 
+    collected_errors & nsICertOverrideService::ERROR_TIME;
+  mSSLStatus->mIsUntrusted = 
+    collected_errors & nsICertOverrideService::ERROR_UNTRUSTED;
+
+  RememberCertErrorsTable::GetInstance().RememberCertHasError(this,
+                                                              mSSLStatus,
+                                                              SECFailure);
+}
+
+NS_IMETHODIMP
+TransportSecurityInfo::GetFailedCertChain(nsIX509CertList** _result)
+{
+  NS_ASSERTION(_result, "non-NULL destination required");
+
+  *_result = mFailedCertChain;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
+
+nsresult
+TransportSecurityInfo::SetFailedCertChain(UniqueCERTCertList certList)
+{
+  nsNSSShutDownPreventionLock lock;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // nsNSSCertList takes ownership of certList
+  mFailedCertChain = new nsNSSCertList(Move(certList), lock);
+
+  return NS_OK;
+}
+
+} } // namespace mozilla::psm
diff --git a/security/manager/ssl/TransportSecurityInfo.h b/security/manager/ssl/TransportSecurityInfo.h
new file mode 100644
index 000000000..7f8847852
--- /dev/null
+++ b/security/manager/ssl/TransportSecurityInfo.h
@@ -0,0 +1,171 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TransportSecurityInfo_h
+#define TransportSecurityInfo_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIAssociatedContentSecurity.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsISSLStatusProvider.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsNSSShutDown.h"
+#include "nsSSLStatus.h"
+#include "pkix/pkixtypes.h"
+
+namespace mozilla { namespace psm {
+
+enum SSLErrorMessageType {
+  OverridableCertErrorMessage  = 1, // for *overridable* certificate errors
+  PlainErrorMessage = 2             // all other errors (or "no error")
+};
+
+class TransportSecurityInfo : public nsITransportSecurityInfo,
+                              public nsIInterfaceRequestor,
+                              public nsISSLStatusProvider,
+                              public nsIAssociatedContentSecurity,
+                              public nsISerializable,
+                              public nsIClassInfo,
+                              public nsNSSShutDownObject,
+                              public nsOnPK11LogoutCancelObject
+{
+protected:
+  virtual ~TransportSecurityInfo();
+public:
+  TransportSecurityInfo();
+  
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSITRANSPORTSECURITYINFO
+  NS_DECL_NSIINTERFACEREQUESTOR
+  NS_DECL_NSISSLSTATUSPROVIDER
+  NS_DECL_NSIASSOCIATEDCONTENTSECURITY
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsresult SetSecurityState(uint32_t aState);
+  nsresult SetShortSecurityDescription(const char16_t *aText);
+
+  const nsACString & GetHostName() const { return mHostName; }
+  const char * GetHostNameRaw() const { return mHostName.get(); }
+
+  nsresult GetHostName(char **aHostName);
+  nsresult SetHostName(const char *aHostName);
+
+  int32_t GetPort() const { return mPort; }
+  nsresult GetPort(int32_t *aPort);
+  nsresult SetPort(int32_t aPort);
+
+  const NeckoOriginAttributes& GetOriginAttributes() const {
+    return mOriginAttributes;
+  }
+  nsresult SetOriginAttributes(const NeckoOriginAttributes& aOriginAttributes);
+
+  PRErrorCode GetErrorCode() const;
+  
+  void GetErrorLogMessage(PRErrorCode errorCode,
+                          ::mozilla::psm::SSLErrorMessageType errorMessageType,
+                          nsString &result);
+  
+  void SetCanceled(PRErrorCode errorCode,
+                   ::mozilla::psm::SSLErrorMessageType errorMessageType);
+
+  /* Set SSL Status values */
+  nsresult SetSSLStatus(nsSSLStatus *aSSLStatus);
+  nsSSLStatus* SSLStatus() { return mSSLStatus; }
+  void SetStatusErrorBits(nsNSSCertificate* cert, uint32_t collected_errors);
+
+  nsresult SetFailedCertChain(UniqueCERTCertList certList);
+
+private:
+  mutable ::mozilla::Mutex mMutex;
+
+protected:
+  nsCOMPtr<nsIInterfaceRequestor> mCallbacks;
+
+private:
+  uint32_t mSecurityState;
+  int32_t mSubRequestsBrokenSecurity;
+  int32_t mSubRequestsNoSecurity;
+
+  PRErrorCode mErrorCode;
+  ::mozilla::psm::SSLErrorMessageType mErrorMessageType;
+  nsString mErrorMessageCached;
+  nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock, 
+                              PRErrorCode errorCode,
+                              ::mozilla::psm::SSLErrorMessageType errorMessageType,
+                              bool wantsHtml, bool suppressPort443, 
+                              nsString &result);
+
+  int32_t mPort;
+  nsXPIDLCString mHostName;
+  NeckoOriginAttributes mOriginAttributes;
+
+  /* SSL Status */
+  RefPtr<nsSSLStatus> mSSLStatus;
+
+  /* Peer cert chain for failed connections (for error reporting) */
+  nsCOMPtr<nsIX509CertList> mFailedCertChain;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class RememberCertErrorsTable
+{
+private:
+  RememberCertErrorsTable();
+
+  struct CertStateBits
+  {
+    bool mIsDomainMismatch;
+    bool mIsNotValidAtThisTime;
+    bool mIsUntrusted;
+  };
+  nsDataHashtable<nsCStringHashKey, CertStateBits> mErrorHosts;
+
+public:
+  void RememberCertHasError(TransportSecurityInfo * infoobject,
+                            nsSSLStatus * status,
+                            SECStatus certVerificationResult);
+  void LookupCertErrorBits(TransportSecurityInfo * infoObject,
+                           nsSSLStatus* status);
+
+  static nsresult Init()
+  {
+    sInstance = new RememberCertErrorsTable();
+    return NS_OK;
+  }
+
+  static RememberCertErrorsTable & GetInstance()
+  {
+    MOZ_ASSERT(sInstance);
+    return *sInstance;
+  }
+
+  static void Cleanup()
+  {
+    delete sInstance;
+    sInstance = nullptr;
+  }
+private:
+  Mutex mMutex;
+
+  static RememberCertErrorsTable * sInstance;
+};
+
+} } // namespace mozilla::psm
+
+// 16786594-0296-4471-8096-8f84497ca428
+#define TRANSPORTSECURITYINFO_CID \
+{ 0x16786594, 0x0296, 0x4471, \
+    { 0x80, 0x96, 0x8f, 0x84, 0x49, 0x7c, 0xa4, 0x28 } }
+
+#endif // TransportSecurityInfo_h
diff --git a/security/manager/ssl/WeakCryptoOverride.cpp b/security/manager/ssl/WeakCryptoOverride.cpp
new file mode 100644
index 000000000..6b86e9f86
--- /dev/null
+++ b/security/manager/ssl/WeakCryptoOverride.cpp
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WeakCryptoOverride.h"
+
+#include "MainThreadUtils.h"
+#include "SharedSSLState.h"
+#include "nss.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(WeakCryptoOverride,
+                  nsIWeakCryptoOverride)
+
+WeakCryptoOverride::WeakCryptoOverride()
+{
+}
+
+WeakCryptoOverride::~WeakCryptoOverride()
+{
+}
+
+NS_IMETHODIMP
+WeakCryptoOverride::AddWeakCryptoOverride(const nsACString& aHostName,
+                                          bool aPrivate, bool aTemporary)
+{
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
+                                         : PublicSSLState();
+  if (!sharedState) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
+  sharedState->IOLayerHelpers().addInsecureFallbackSite(host, aTemporary);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+WeakCryptoOverride::RemoveWeakCryptoOverride(const nsACString& aHostName,
+                                             int32_t aPort, bool aPrivate)
+{
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
+                                         : PublicSSLState();
+  if (!sharedState) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
+  sharedState->IOLayerHelpers().removeInsecureFallbackSite(host, aPort);
+
+  // Some servers will fail with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
+  // unless the session cache is cleared.
+  SSL_ClearSessionCache();
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/WeakCryptoOverride.h b/security/manager/ssl/WeakCryptoOverride.h
new file mode 100644
index 000000000..fefee75ef
--- /dev/null
+++ b/security/manager/ssl/WeakCryptoOverride.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef WEAKCRYPTOOVERRIDE_H
+#define WEAKCRYPTOOVERRIDE_H
+
+#include "nsIWeakCryptoOverride.h"
+#include "nsWeakReference.h"
+
+namespace mozilla {
+namespace psm {
+
+class WeakCryptoOverride final : public nsIWeakCryptoOverride
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIWEAKCRYPTOOVERRIDE
+
+  WeakCryptoOverride();
+
+protected:
+  ~WeakCryptoOverride();
+};
+
+} // psm
+} // mozilla
+
+#define NS_WEAKCRYPTOOVERRIDE_CID /* ffb06724-3c20-447c-8328-ae71513dd618 */ \
+{ 0xffb06724, 0x3c20, 0x447c, \
+  { 0x83, 0x28, 0xae, 0x71, 0x51, 0x3d, 0xd6, 0x18 } }
+
+#endif
diff --git a/security/manager/ssl/X509.jsm b/security/manager/ssl/X509.jsm
new file mode 100644
index 000000000..be107454e
--- /dev/null
+++ b/security/manager/ssl/X509.jsm
@@ -0,0 +1,632 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+const Cu = Components.utils;
+var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {});
+
+const ERROR_UNSUPPORTED_ASN1 = "unsupported asn.1";
+const ERROR_TIME_NOT_VALID = "Time not valid";
+const ERROR_LIBRARY_FAILURE = "library failure";
+
+const X509v3 = 2;
+
+/**
+ * Helper function to read a NULL tag from the given DER.
+ * @param {DER} der a DER object to read a NULL from
+ * @return {NULL} an object representing an ASN.1 NULL
+ */
+function readNULL(der) {
+  return new NULL(der.readTagAndGetContents(DER.NULL));
+}
+
+/**
+ * Class representing an ASN.1 NULL. When encoded as DER, the only valid value
+ * is 05 00, and thus the contents should always be an empty array.
+ */
+class NULL {
+  /**
+   * @param {Number[]} bytes the contents of the NULL tag (should be empty)
+   */
+  constructor(bytes) {
+    // Lint TODO: bytes should be an empty array
+    this._contents = bytes;
+  }
+}
+
+/**
+ * Helper function to read an OBJECT IDENTIFIER from the given DER.
+ * @param {DER} der the DER to read an OBJECT IDENTIFIER from
+ * @return {OID} the value of the OBJECT IDENTIFIER
+ */
+function readOID(der) {
+  return new OID(der.readTagAndGetContents(DER.OBJECT_IDENTIFIER));
+}
+
+/** Class representing an ASN.1 OBJECT IDENTIFIER */
+class OID {
+  /**
+   * @param {Number[]} bytes the encoded contents of the OBJECT IDENTIFIER
+   *                   (not including the ASN.1 tag or length bytes)
+   */
+  constructor(bytes) {
+    this._values = [];
+    // First octet has value 40 * value1 + value2
+    // Lint TODO: validate that value1 is one of {0, 1, 2}
+    // Lint TODO: validate that value2 is in [0, 39] if value1 is 0 or 1
+    let value1 = Math.floor(bytes[0] / 40);
+    let value2 = bytes[0] - 40 * value1;
+    this._values.push(value1);
+    this._values.push(value2);
+    bytes.shift();
+    let accumulator = 0;
+    // Lint TODO: prevent overflow here
+    while (bytes.length > 0) {
+      let value = bytes.shift();
+      accumulator *= 128;
+      if (value > 128) {
+        accumulator += (value - 128);
+      } else {
+        accumulator += value;
+        this._values.push(accumulator);
+        accumulator = 0;
+      }
+    }
+  }
+}
+
+/**
+ * Class that serves as an abstract base class for more specific classes that
+ * represent datatypes from RFC 5280 and others. Given an array of bytes
+ * representing the DER encoding of such types, this framework simplifies the
+ * process of making a new DER object, attempting to parse the given bytes, and
+ * catching and stashing thrown exceptions. Subclasses are to implement
+ * parseOverride, which should read from this._der to fill out the structure's
+ * values.
+ */
+class DecodedDER {
+  constructor() {
+    this._der = null;
+    this._error = null;
+  }
+
+  /**
+   * Returns the first exception encountered when decoding or null if none has
+   * been encountered.
+   * @return {Error} the first exception encountered when decoding or null
+   */
+  get error() {
+    return this._error;
+  }
+
+  /**
+   * Does the actual work of parsing the data. To be overridden by subclasses.
+   * If an implementation of parseOverride throws an exception, parse will catch
+   * that exception and stash it in the error property. This enables parent
+   * levels in a nested decoding hierarchy to continue to decode as much as
+   * possible.
+   */
+  parseOverride() {
+    throw new Error(ERROR_LIBRARY_FAILURE);
+  }
+
+  /**
+   * Public interface to be called to parse all data. Calls parseOverride inside
+   * a try/catch block. If an exception is thrown, stashes the error, which can
+   * be obtained via the error getter (above).
+   * @param {Number[]} bytes encoded DER to be decoded
+   */
+  parse(bytes) {
+    this._der = new DER.DER(bytes);
+    try {
+      this.parseOverride();
+    } catch (e) {
+      this._error = e;
+    }
+  }
+}
+
+/**
+ * Helper function for reading the next SEQUENCE out of a DER and creating a new
+ * DER out of the resulting bytes.
+ * @param {DER} der the underlying DER object
+ * @return {DER} the contents of the SEQUENCE
+ */
+function readSEQUENCEAndMakeDER(der) {
+  return new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+}
+
+/**
+ * Helper function for reading the next item identified by tag out of a DER and
+ * creating a new DER out of the resulting bytes.
+ * @param {DER} der the underlying DER object
+ * @param {Number} tag the expected next tag in the DER
+ * @return {DER} the contents of the tag
+ */
+function readTagAndMakeDER(der, tag) {
+  return new DER.DER(der.readTagAndGetContents(tag));
+}
+
+// Certificate  ::=  SEQUENCE  {
+//      tbsCertificate       TBSCertificate,
+//      signatureAlgorithm   AlgorithmIdentifier,
+//      signatureValue       BIT STRING  }
+class Certificate extends DecodedDER {
+  constructor() {
+    super();
+    this._tbsCertificate = new TBSCertificate();
+    this._signatureAlgorithm = new AlgorithmIdentifier();
+    this._signatureValue = [];
+  }
+
+  get tbsCertificate() {
+    return this._tbsCertificate;
+  }
+
+  get signatureAlgorithm() {
+    return this._signatureAlgorithm;
+  }
+
+  get signatureValue() {
+    return this._signatureValue;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._tbsCertificate.parse(contents.readTLV());
+    this._signatureAlgorithm.parse(contents.readTLV());
+
+    let signatureValue = contents.readBIT_STRING();
+    if (signatureValue.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._signatureValue = signatureValue.contents;
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// TBSCertificate  ::=  SEQUENCE  {
+//      version         [0]  EXPLICIT Version DEFAULT v1,
+//      serialNumber         CertificateSerialNumber,
+//      signature            AlgorithmIdentifier,
+//      issuer               Name,
+//      validity             Validity,
+//      subject              Name,
+//      subjectPublicKeyInfo SubjectPublicKeyInfo,
+//      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+//                           -- If present, version MUST be v2 or v3
+//      extensions      [3]  EXPLICIT Extensions OPTIONAL
+//                           -- If present, version MUST be v3
+//      }
+class TBSCertificate extends DecodedDER {
+  constructor() {
+    super();
+    this._version = null;
+    this._serialNumber = [];
+    this._signature = new AlgorithmIdentifier();
+    this._issuer = new Name();
+    this._validity = new Validity();
+    this._subject = new Name();
+    this._subjectPublicKeyInfo = new SubjectPublicKeyInfo();
+    this._extensions = [];
+  }
+
+  get version() {
+    return this._version;
+  }
+
+  get serialNumber() {
+    return this._serialNumber;
+  }
+
+  get signature() {
+    return this._signature;
+  }
+
+  get issuer() {
+    return this._issuer;
+  }
+
+  get validity() {
+    return this._validity;
+  }
+
+  get subject() {
+    return this._subject;
+  }
+
+  get subjectPublicKeyInfo() {
+    return this._subjectPublicKeyInfo;
+  }
+
+  get extensions() {
+    return this._extensions;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+
+    let versionTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 0;
+    if (!contents.peekTag(versionTag)) {
+      this._version = 1;
+    } else {
+      let versionContents = readTagAndMakeDER(contents, versionTag);
+      let versionBytes = versionContents.readTagAndGetContents(DER.INTEGER);
+      if (versionBytes.length == 1 && versionBytes[0] == X509v3) {
+        this._version = 3;
+      } else {
+        // Lint TODO: warn about non-v3 certificates (this INTEGER could take up
+        // multiple bytes, be negative, and so on).
+        this._version = versionBytes;
+      }
+      versionContents.assertAtEnd();
+    }
+
+    let serialNumberBytes = contents.readTagAndGetContents(DER.INTEGER);
+    this._serialNumber = serialNumberBytes;
+    this._signature.parse(contents.readTLV());
+    this._issuer.parse(contents.readTLV());
+    this._validity.parse(contents.readTLV());
+    this._subject.parse(contents.readTLV());
+    this._subjectPublicKeyInfo.parse(contents.readTLV());
+
+    // Lint TODO: warn about unsupported features
+    let issuerUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 1;
+    if (contents.peekTag(issuerUniqueIDTag)) {
+      contents.readTagAndGetContents(issuerUniqueIDTag);
+    }
+    let subjectUniqueIDTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 2;
+    if (contents.peekTag(subjectUniqueIDTag)) {
+      contents.readTagAndGetContents(subjectUniqueIDTag);
+    }
+
+    let extensionsTag = DER.CONTEXT_SPECIFIC | DER.CONSTRUCTED | 3;
+    if (contents.peekTag(extensionsTag)) {
+      let extensionsSequence = readTagAndMakeDER(contents, extensionsTag);
+      let extensionsContents = readSEQUENCEAndMakeDER(extensionsSequence);
+      while (!extensionsContents.atEnd()) {
+        // TODO: parse extensions
+        this._extensions.push(extensionsContents.readTLV());
+      }
+      extensionsContents.assertAtEnd();
+      extensionsSequence.assertAtEnd();
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AlgorithmIdentifier  ::=  SEQUENCE  {
+//      algorithm               OBJECT IDENTIFIER,
+//      parameters              ANY DEFINED BY algorithm OPTIONAL  }
+class AlgorithmIdentifier extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = null;
+    this._parameters = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get parameters() {
+    return this._parameters;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm = readOID(contents);
+    if (!contents.atEnd()) {
+      if (contents.peekTag(DER.NULL)) {
+        this._parameters = readNULL(contents);
+      } else if (contents.peekTag(DER.OBJECT_IDENTIFIER)) {
+        this._parameters = readOID(contents);
+      }
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// Name ::= CHOICE { -- only one possibility for now --
+//   rdnSequence  RDNSequence }
+//
+// RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+class Name extends DecodedDER {
+  constructor() {
+    super();
+    this._rdns = [];
+  }
+
+  get rdns() {
+    return this._rdns;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    while (!contents.atEnd()) {
+      let rdn = new RelativeDistinguishedName();
+      rdn.parse(contents.readTLV());
+      this._rdns.push(rdn);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// RelativeDistinguishedName ::=
+//   SET SIZE (1..MAX) OF AttributeTypeAndValue
+class RelativeDistinguishedName extends DecodedDER {
+  constructor() {
+    super();
+    this._avas = [];
+  }
+
+  get avas() {
+    return this._avas;
+  }
+
+  parseOverride() {
+    let contents = readTagAndMakeDER(this._der, DER.SET);
+    // Lint TODO: enforce SET SIZE restrictions
+    while (!contents.atEnd()) {
+      let ava = new AttributeTypeAndValue();
+      ava.parse(contents.readTLV());
+      this._avas.push(ava);
+    }
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// AttributeTypeAndValue ::= SEQUENCE {
+//   type     AttributeType,
+//   value    AttributeValue }
+//
+// AttributeType ::= OBJECT IDENTIFIER
+//
+// AttributeValue ::= ANY -- DEFINED BY AttributeType
+class AttributeTypeAndValue extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = new DirectoryString();
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._type = readOID(contents);
+    // We don't support universalString or bmpString.
+    // IA5String is supported because it is valid if `type == id-emailaddress`.
+    // Lint TODO: validate that the type of string is valid given `type`.
+    this._value.parse(contents.readTLVChoice([ DER.UTF8String,
+                                               DER.PrintableString,
+                                               DER.TeletexString,
+                                               DER.IA5String ]));
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// DirectoryString ::= CHOICE {
+//       teletexString           TeletexString (SIZE (1..MAX)),
+//       printableString         PrintableString (SIZE (1..MAX)),
+//       universalString         UniversalString (SIZE (1..MAX)),
+//       utf8String              UTF8String (SIZE (1..MAX)),
+//       bmpString               BMPString (SIZE (1..MAX)) }
+class DirectoryString extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._value = null;
+  }
+
+  get type() {
+    return this._type;
+  }
+
+  get value() {
+    return this._value;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTF8String)) {
+      this._type = DER.UTF8String;
+    } else if (this._der.peekTag(DER.PrintableString)) {
+      this._type = DER.PrintableString;
+    } else if (this._der.peekTag(DER.TeletexString)) {
+      this._type = DER.TeletexString;
+    } else if (this._der.peekTag(DER.IA5String)) {
+      this._type = DER.IA5String;
+    }
+    // Lint TODO: validate that the contents are actually valid for the type
+    this._value = this._der.readTagAndGetContents(this._type);
+    this._der.assertAtEnd();
+  }
+}
+
+// Time ::= CHOICE {
+//      utcTime        UTCTime,
+//      generalTime    GeneralizedTime }
+class Time extends DecodedDER {
+  constructor() {
+    super();
+    this._type = null;
+    this._time = null;
+  }
+
+  get time() {
+    return this._time;
+  }
+
+  parseOverride() {
+    if (this._der.peekTag(DER.UTCTime)) {
+      this._type = DER.UTCTime;
+    } else if (this._der.peekTag(DER.GeneralizedTime)) {
+      this._type = DER.GeneralizedTime;
+    }
+    let contents = readTagAndMakeDER(this._der, this._type);
+    let year;
+    // Lint TODO: validate that the appropriate one of {UTCTime,GeneralizedTime}
+    // is used according to RFC 5280 and what the value of the date is.
+    // TODO TODO: explain this better (just quote the rfc).
+    if (this._type == DER.UTCTime) {
+      // UTCTime is YYMMDDHHMMSSZ in RFC 5280. If YY is greater than or equal
+      // to 50, the year is 19YY. Otherwise, it is 20YY.
+      let y1 = this._validateDigit(contents.readByte());
+      let y2 = this._validateDigit(contents.readByte());
+      let yy = y1 * 10 + y2;
+      if (yy >= 50) {
+        year = 1900 + yy;
+      } else {
+        year = 2000 + yy;
+      }
+    } else {
+      // GeneralizedTime is YYYYMMDDHHMMSSZ in RFC 5280.
+      year = 0;
+      for (let i = 0; i < 4; i++) {
+        let y = this._validateDigit(contents.readByte());
+        year = year * 10 + y;
+      }
+    }
+
+    let m1 = this._validateDigit(contents.readByte());
+    let m2 = this._validateDigit(contents.readByte());
+    let month = m1 * 10 + m2;
+    if (month == 0 || month > 12) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let d1 = this._validateDigit(contents.readByte());
+    let d2 = this._validateDigit(contents.readByte());
+    let day = d1 * 10 + d2;
+    if (day == 0 || day > 31) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let h1 = this._validateDigit(contents.readByte());
+    let h2 = this._validateDigit(contents.readByte());
+    let hour = h1 * 10 + h2;
+    if (hour > 23) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let min1 = this._validateDigit(contents.readByte());
+    let min2 = this._validateDigit(contents.readByte());
+    let minute = min1 * 10 + min2;
+    if (minute > 59) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let s1 = this._validateDigit(contents.readByte());
+    let s2 = this._validateDigit(contents.readByte());
+    let second = s1 * 10 + s2;
+    if (second > 60) { // leap-seconds mean this can be as much as 60
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+
+    let z = contents.readByte();
+    if (z != "Z".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    // Lint TODO: verify that the Time doesn't specify a nonsensical
+    // month/day/etc.
+    // months are zero-indexed in JS
+    this._time = new Date(Date.UTC(year, month - 1, day, hour, minute,
+                                   second));
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+
+  /**
+   * Takes a byte that is supposed to be in the ASCII range for "0" to "9".
+   * Validates the range and then converts it to the range 0 to 9.
+   * @param {Number} the digit in question (as ASCII in the range ["0", "9"])
+   * @return {Number} the numerical value of the digit (in the range [0, 9])
+   */
+  _validateDigit(d) {
+    if (d < "0".charCodeAt(0) || d > "9".charCodeAt(0)) {
+      throw new Error(ERROR_TIME_NOT_VALID);
+    }
+    return d - "0".charCodeAt(0);
+  }
+}
+
+// Validity ::= SEQUENCE {
+//      notBefore      Time,
+//      notAfter       Time }
+class Validity extends DecodedDER {
+  constructor() {
+    super();
+    this._notBefore = new Time();
+    this._notAfter = new Time();
+  }
+
+  get notBefore() {
+    return this._notBefore;
+  }
+
+  get notAfter() {
+    return this._notAfter;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._notBefore.parse(contents.readTLVChoice(
+      [DER.UTCTime, DER.GeneralizedTime]));
+    this._notAfter.parse(contents.readTLVChoice(
+      [DER.UTCTime, DER.GeneralizedTime]));
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+// SubjectPublicKeyInfo  ::=  SEQUENCE  {
+//      algorithm            AlgorithmIdentifier,
+//      subjectPublicKey     BIT STRING  }
+class SubjectPublicKeyInfo extends DecodedDER {
+  constructor() {
+    super();
+    this._algorithm = new AlgorithmIdentifier();
+    this._subjectPublicKey = null;
+  }
+
+  get algorithm() {
+    return this._algorithm;
+  }
+
+  get subjectPublicKey() {
+    return this._subjectPublicKey;
+  }
+
+  parseOverride() {
+    let contents = readSEQUENCEAndMakeDER(this._der);
+    this._algorithm.parse(contents.readTLV());
+    let subjectPublicKeyBitString = contents.readBIT_STRING();
+    if (subjectPublicKeyBitString.unusedBits != 0) {
+      throw new Error(ERROR_UNSUPPORTED_ASN1);
+    }
+    this._subjectPublicKey = subjectPublicKeyBitString.contents;
+
+    contents.assertAtEnd();
+    this._der.assertAtEnd();
+  }
+}
+
+this.X509 = { Certificate };
+this.EXPORTED_SYMBOLS = ["X509"];
diff --git a/security/manager/ssl/crashtests/398665-1.html b/security/manager/ssl/crashtests/398665-1.html
new file mode 100644
index 000000000..85afb1137
--- /dev/null
+++ b/security/manager/ssl/crashtests/398665-1.html
@@ -0,0 +1 @@
+<html><body><keygen></keygen></body></html>
diff --git a/security/manager/ssl/crashtests/crashtests.list b/security/manager/ssl/crashtests/crashtests.list
new file mode 100644
index 000000000..fbc5b8504
--- /dev/null
+++ b/security/manager/ssl/crashtests/crashtests.list
@@ -0,0 +1 @@
+load 398665-1.html
diff --git a/security/manager/ssl/md4.c b/security/manager/ssl/md4.c
new file mode 100644
index 000000000..696865de3
--- /dev/null
+++ b/security/manager/ssl/md4.c
@@ -0,0 +1,145 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*
+ * "clean room" MD4 implementation (see RFC 1320)
+ */
+
+#include <string.h>
+#include "md4.h"
+
+/* the "conditional" function */
+#define F(x,y,z) (((x) & (y)) | (~(x) & (z)))
+
+/* the "majority" function */
+#define G(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+
+/* the "parity" function */
+#define H(x,y,z) ((x) ^ (y) ^ (z))
+
+/* rotate n-bits to the left */
+#define ROTL(x,n) (((x) << (n)) | ((x) >> (0x20 - n)))
+
+/* round 1: [abcd k s]: a = (a + F(b,c,d) + X[k]) <<< s */
+#define RD1(a,b,c,d,k,s) a += F(b,c,d) + X[k]; a = ROTL(a,s)
+
+/* round 2: [abcd k s]: a = (a + G(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD2(a,b,c,d,k,s) a += G(b,c,d) + X[k] + 0x5A827999; a = ROTL(a,s)
+
+/* round 3: [abcd k s]: a = (a + H(b,c,d) + X[k] + MAGIC) <<< s */
+#define RD3(a,b,c,d,k,s) a += H(b,c,d) + X[k] + 0x6ED9EBA1; a = ROTL(a,s)
+
+/* converts from word array to byte array, len is number of bytes */
+static void w2b(uint8_t *out, const uint32_t *in, uint32_t len)
+{
+  uint8_t *bp; const uint32_t *wp, *wpend;
+
+  bp = out;
+  wp = in;
+  wpend = wp + (len >> 2);
+
+  for (; wp != wpend; ++wp, bp += 4)
+  {
+    bp[0] = (uint8_t) ((*wp      ) & 0xFF);
+    bp[1] = (uint8_t) ((*wp >>  8) & 0xFF);
+    bp[2] = (uint8_t) ((*wp >> 16) & 0xFF);
+    bp[3] = (uint8_t) ((*wp >> 24) & 0xFF);
+  }
+}
+
+/* converts from byte array to word array, len is number of bytes */
+static void b2w(uint32_t *out, const uint8_t *in, uint32_t len)
+{
+  uint32_t *wp; const uint8_t *bp, *bpend;
+
+  wp = out;
+  bp = in;
+  bpend = in + len;
+
+  for (; bp != bpend; bp += 4, ++wp)
+  {
+    *wp = (uint32_t) (bp[0]      ) |
+          (uint32_t) (bp[1] <<  8) |
+          (uint32_t) (bp[2] << 16) |
+          (uint32_t) (bp[3] << 24);
+  }
+}
+
+/* update state: data is 64 bytes in length */
+static void md4step(uint32_t state[4], const uint8_t *data)
+{
+  uint32_t A, B, C, D, X[16];
+
+  b2w(X, data, 64);
+
+  A = state[0];
+  B = state[1];
+  C = state[2];
+  D = state[3];
+
+  RD1(A,B,C,D, 0,3); RD1(D,A,B,C, 1,7); RD1(C,D,A,B, 2,11); RD1(B,C,D,A, 3,19);
+  RD1(A,B,C,D, 4,3); RD1(D,A,B,C, 5,7); RD1(C,D,A,B, 6,11); RD1(B,C,D,A, 7,19);
+  RD1(A,B,C,D, 8,3); RD1(D,A,B,C, 9,7); RD1(C,D,A,B,10,11); RD1(B,C,D,A,11,19);
+  RD1(A,B,C,D,12,3); RD1(D,A,B,C,13,7); RD1(C,D,A,B,14,11); RD1(B,C,D,A,15,19);
+
+  RD2(A,B,C,D, 0,3); RD2(D,A,B,C, 4,5); RD2(C,D,A,B, 8, 9); RD2(B,C,D,A,12,13);
+  RD2(A,B,C,D, 1,3); RD2(D,A,B,C, 5,5); RD2(C,D,A,B, 9, 9); RD2(B,C,D,A,13,13);
+  RD2(A,B,C,D, 2,3); RD2(D,A,B,C, 6,5); RD2(C,D,A,B,10, 9); RD2(B,C,D,A,14,13);
+  RD2(A,B,C,D, 3,3); RD2(D,A,B,C, 7,5); RD2(C,D,A,B,11, 9); RD2(B,C,D,A,15,13);
+
+  RD3(A,B,C,D, 0,3); RD3(D,A,B,C, 8,9); RD3(C,D,A,B, 4,11); RD3(B,C,D,A,12,15);
+  RD3(A,B,C,D, 2,3); RD3(D,A,B,C,10,9); RD3(C,D,A,B, 6,11); RD3(B,C,D,A,14,15);
+  RD3(A,B,C,D, 1,3); RD3(D,A,B,C, 9,9); RD3(C,D,A,B, 5,11); RD3(B,C,D,A,13,15);
+  RD3(A,B,C,D, 3,3); RD3(D,A,B,C,11,9); RD3(C,D,A,B, 7,11); RD3(B,C,D,A,15,15);
+
+  state[0] += A;
+  state[1] += B;
+  state[2] += C;
+  state[3] += D;
+}
+
+void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result)
+{
+  uint8_t final[128];
+  uint32_t i, n, m, state[4];
+  uint64_t inputLenBits;
+  uint32_t inputLenBitsLow;
+  uint32_t inputLenBitsHigh;
+
+  /* magic initial states */
+  state[0] = 0x67452301;
+  state[1] = 0xEFCDAB89;
+  state[2] = 0x98BADCFE;
+  state[3] = 0x10325476;
+
+  /* compute number of complete 64-byte segments contained in input */
+  m = inputLen >> 6;
+
+  /* digest first m segments */
+  for (i=0; i<m; ++i)
+    md4step(state, (input + (i << 6)));
+
+  /* build final buffer */
+  n = inputLen % 64;
+  memcpy(final, input + (m << 6), n);
+  final[n] = 0x80;
+  memset(final + n + 1, 0, 120 - (n + 1));
+
+  /* Append the original input length in bits as a 64-bit number. This is done
+   * in two 32-bit chunks, with the least-significant 32 bits first.
+   * w2b will handle endianness. */
+  inputLenBits = inputLen << 3;
+  inputLenBitsLow = (uint32_t)(inputLenBits & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 120 : 56), &inputLenBitsLow, 4);
+  inputLenBitsHigh = (uint32_t)((inputLenBits >> 32) & 0xFFFFFFFF);
+  w2b(final + (n >= 56 ? 124 : 60), &inputLenBitsHigh, 4);
+
+  md4step(state, final);
+  if (n >= 56)
+    md4step(state, final + 64);
+
+  /* copy state to result */
+  w2b(result, state, 16);
+}
diff --git a/security/manager/ssl/md4.h b/security/manager/ssl/md4.h
new file mode 100644
index 000000000..4107aed40
--- /dev/null
+++ b/security/manager/ssl/md4.h
@@ -0,0 +1,38 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef md4_h__
+#define md4_h__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stdint.h>
+
+/**
+ * md4sum - computes the MD4 sum over the input buffer per RFC 1320
+ *
+ * @param input
+ *        buffer containing input data
+ * @param inputLen
+ *        length of input buffer (number of bytes)
+ * @param result
+ *        16-byte buffer that will contain the MD4 sum upon return
+ *
+ * NOTE: MD4 is superceded by MD5.  do not use MD4 unless required by the
+ * protocol you are implementing (e.g., NTLM requires MD4).
+ *
+ * NOTE: this interface is designed for relatively small buffers.  A streaming
+ * interface would make more sense if that were a requirement.  Currently, this
+ * is good enough for the applications we care about.
+ */
+void md4sum(const uint8_t *input, uint32_t inputLen, uint8_t *result);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* md4_h__ */
diff --git a/security/manager/ssl/moz.build b/security/manager/ssl/moz.build
new file mode 100644
index 000000000..19e1b4f4b
--- /dev/null
+++ b/security/manager/ssl/moz.build
@@ -0,0 +1,194 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [ 'tests' ]
+
+XPIDL_SOURCES += [
+    'nsIASN1Object.idl',
+    'nsIASN1PrintableItem.idl',
+    'nsIASN1Sequence.idl',
+    'nsIAssociatedContentSecurity.idl',
+    'nsIBadCertListener2.idl',
+    'nsICertBlocklist.idl',
+    'nsICertificateDialogs.idl',
+    'nsICertOverrideService.idl',
+    'nsIClientAuthDialogs.idl',
+    'nsIContentSignatureVerifier.idl',
+    'nsIDataSignatureVerifier.idl',
+    'nsIGenKeypairInfoDlg.idl',
+    'nsIKeygenThread.idl',
+    'nsIKeyModule.idl',
+    'nsILocalCertService.idl',
+    'nsINSSU2FToken.idl',
+    'nsINSSVersion.idl',
+    'nsIPK11Token.idl',
+    'nsIPK11TokenDB.idl',
+    'nsIPKCS11.idl',
+    'nsIPKCS11Module.idl',
+    'nsIPKCS11ModuleDB.idl',
+    'nsIPKCS11Slot.idl',
+    'nsIProtectedAuthThread.idl',
+    'nsISecretDecoderRing.idl',
+    'nsISecurityUITelemetry.idl',
+    'nsISiteSecurityService.idl',
+    'nsISSLStatus.idl',
+    'nsISSLStatusProvider.idl',
+    'nsITokenDialogs.idl',
+    'nsITokenPasswordDialogs.idl',
+    'nsIU2FToken.idl',
+    'nsIWeakCryptoOverride.idl',
+    'nsIX509Cert.idl',
+    'nsIX509CertDB.idl',
+    'nsIX509CertList.idl',
+    'nsIX509CertValidity.idl',
+]
+
+if CONFIG['MOZ_XUL']:
+    XPIDL_SOURCES += [
+        'nsICertTree.idl',
+    ]
+
+XPIDL_MODULE = 'pipnss'
+
+EXTRA_JS_MODULES.psm += [
+    'DER.jsm',
+    'X509.jsm',
+]
+
+EXPORTS += [
+    'CryptoTask.h',
+    'nsClientAuthRemember.h',
+    'nsCrypto.h',
+    'nsNSSCallbacks.h',
+    'nsNSSCertificate.h',
+    'nsNSSComponent.h',
+    'nsNSSHelper.h',
+    'nsNSSShutDown.h',
+    'nsNSSU2FToken.h',
+    'nsRandomGenerator.h',
+    'nsSecurityHeaderParser.h',
+    'NSSErrorsService.h',
+    'ScopedNSSTypes.h',
+    'SharedCertVerifier.h',
+]
+
+EXPORTS.mozilla += [
+    'DataStorage.h',
+    'PublicSSL.h',
+]
+
+EXPORTS.mozilla.psm += [
+    'PSMContentListener.h',
+]
+
+EXPORTS.ipc += [
+    'DataStorageIPCUtils.h',
+]
+
+UNIFIED_SOURCES += [
+    'CertBlocklist.cpp',
+    'ContentSignatureVerifier.cpp',
+    'CryptoTask.cpp',
+    'CSTrustDomain.cpp',
+    'DataStorage.cpp',
+    'LocalCertService.cpp',
+    'nsCertOverrideService.cpp',
+    'nsClientAuthRemember.cpp',
+    'nsCrypto.cpp',
+    'nsCryptoHash.cpp',
+    'nsDataSignatureVerifier.cpp',
+    'nsKeygenHandler.cpp',
+    'nsKeygenHandlerContent.cpp',
+    'nsKeygenThread.cpp',
+    'nsKeyModule.cpp',
+    'nsNSSASN1Object.cpp',
+    'nsNSSCallbacks.cpp',
+    'nsNSSCertHelper.cpp',
+    'nsNSSCertificate.cpp',
+    'nsNSSCertificateDB.cpp',
+    'nsNSSCertificateFakeTransport.cpp',
+    'nsNSSCertTrust.cpp',
+    'nsNSSCertValidity.cpp',
+    'nsNSSComponent.cpp',
+    'nsNSSErrors.cpp',
+    'nsNSSIOLayer.cpp',
+    'nsNSSModule.cpp',
+    'nsNSSShutDown.cpp',
+    'nsNSSU2FToken.cpp',
+    'nsNSSVersion.cpp',
+    'nsNTLMAuthModule.cpp',
+    'nsPK11TokenDB.cpp',
+    'nsPKCS11Slot.cpp',
+    'nsPKCS12Blob.cpp',
+    'nsProtectedAuthThread.cpp',
+    'nsRandomGenerator.cpp',
+    'nsSecureBrowserUIImpl.cpp',
+    'nsSecurityHeaderParser.cpp',
+    'NSSErrorsService.cpp',
+    'nsSiteSecurityService.cpp',
+    'nsSSLSocketProvider.cpp',
+    'nsSSLStatus.cpp',
+    'nsTLSSocketProvider.cpp',
+    'PSMContentListener.cpp',
+    'PSMRunnable.cpp',
+    'PublicKeyPinningService.cpp',
+    'RootCertificateTelemetryUtils.cpp',
+    'SecretDecoderRing.cpp',
+    'SharedSSLState.cpp',
+    'SSLServerCertVerification.cpp',
+    'TransportSecurityInfo.cpp',
+    'WeakCryptoOverride.cpp',
+]
+
+IPDL_SOURCES += [
+    'PPSMContentDownloader.ipdl',
+]
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    UNIFIED_SOURCES += [
+        'nsSmartCardMonitor.cpp',
+    ]
+
+if CONFIG['MOZ_XUL']:
+    UNIFIED_SOURCES += [
+        'nsCertTree.cpp',
+    ]
+
+UNIFIED_SOURCES += [
+    'md4.c',
+]
+
+FINAL_LIBRARY = 'xul'
+
+LOCAL_INCLUDES += [
+    '/dom/base',
+    '/dom/crypto',
+    '/security/certverifier',
+    '/security/pkix/include',
+]
+
+LOCAL_INCLUDES += [
+    '!/dist/public/nss',
+]
+
+if CONFIG['NSS_DISABLE_DBM']:
+    DEFINES['NSS_DISABLE_DBM'] = '1'
+
+DEFINES['SSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES'] = 'True'
+DEFINES['NSS_ENABLE_ECC'] = 'True'
+for var in ('DLL_PREFIX', 'DLL_SUFFIX'):
+    DEFINES[var] = '"%s"' % CONFIG[var]
+
+DEFINES['CERT_AddTempCertToPerm'] = '__CERT_AddTempCertToPerm'
+
+USE_LIBS += [
+    'crmf',
+]
+
+include('/ipc/chromium/chromium-config.mozbuild')
+
+if CONFIG['GNU_CXX']:
+    CXXFLAGS += ['-Wno-error=shadow']
diff --git a/security/manager/ssl/nsCertOverrideService.cpp b/security/manager/ssl/nsCertOverrideService.cpp
new file mode 100644
index 000000000..6582eda03
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.cpp
@@ -0,0 +1,705 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertOverrideService.h"
+
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "mozilla/Telemetry.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsILineInputStream.h"
+#include "nsIObserver.h"
+#include "nsIObserverService.h"
+#include "nsIOutputStream.h"
+#include "nsISafeOutputStream.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNetUtil.h"
+#include "nsPromiseFlatString.h"
+#include "nsStreamUtils.h"
+#include "nsStringBuffer.h"
+#include "nsThreadUtils.h"
+#include "ssl.h" // For SSL_ClearSessionCache
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+#define CERT_OVERRIDE_FILE_NAME "cert_override.txt"
+
+void
+nsCertOverride::convertBitsToString(OverrideBits ob, nsACString &str)
+{
+  str.Truncate();
+
+  if (ob & ob_Mismatch)
+    str.Append('M');
+
+  if (ob & ob_Untrusted)
+    str.Append('U');
+
+  if (ob & ob_Time_error)
+    str.Append('T');
+}
+
+void
+nsCertOverride::convertStringToBits(const nsACString &str, OverrideBits &ob)
+{
+  const nsPromiseFlatCString &flat = PromiseFlatCString(str);
+  const char *walk = flat.get();
+
+  ob = ob_None;
+
+  for ( ; *walk; ++walk)
+  {
+    switch (*walk)
+    {
+      case 'm':
+      case 'M':
+        ob = (OverrideBits)(ob | ob_Mismatch);
+        break;
+
+      case 'u':
+      case 'U':
+        ob = (OverrideBits)(ob | ob_Untrusted);
+        break;
+
+      case 't':
+      case 'T':
+        ob = (OverrideBits)(ob | ob_Time_error);
+        break;
+
+      default:
+        break;
+    }
+  }
+}
+
+NS_IMPL_ISUPPORTS(nsCertOverrideService,
+                  nsICertOverrideService,
+                  nsIObserver,
+                  nsISupportsWeakReference)
+
+nsCertOverrideService::nsCertOverrideService()
+  : monitor("nsCertOverrideService.monitor")
+{
+}
+
+nsCertOverrideService::~nsCertOverrideService()
+{
+}
+
+nsresult
+nsCertOverrideService::Init()
+{
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("nsCertOverrideService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  // Note that the names of these variables would seem to indicate that at one
+  // point another hash algorithm was used and is still supported for backwards
+  // compatibility. This is not the case. It has always been SHA256.
+  mOidTagForStoringNewHashes = SEC_OID_SHA256;
+  mDottedOidForStoringNewHashes.Assign("OID.2.16.840.1.101.3.4.2.1");
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+
+  // If we cannot add ourselves as a profile change observer, then we will not
+  // attempt to read/write any settings file. Otherwise, we would end up
+  // reading/writing the wrong settings file after a profile change.
+  if (observerService) {
+    observerService->AddObserver(this, "profile-before-change", true);
+    observerService->AddObserver(this, "profile-do-change", true);
+    // simulate a profile change so we read the current profile's settings file
+    Observe(nullptr, "profile-do-change", nullptr);
+  }
+
+  SharedSSLState::NoteCertOverrideServiceInstantiated();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::Observe(nsISupports     *,
+                               const char      *aTopic,
+                               const char16_t *aData)
+{
+  // check the topic
+  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+    // The profile is about to change,
+    // or is going away because the application is shutting down.
+
+    RemoveAllFromMemory();
+  } else if (!nsCRT::strcmp(aTopic, "profile-do-change")) {
+    // The profile has already changed.
+    // Now read from the new profile location.
+    // we also need to update the cached file location
+
+    ReentrantMonitorAutoEnter lock(monitor);
+
+    nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR, getter_AddRefs(mSettingsFile));
+    if (NS_SUCCEEDED(rv)) {
+      mSettingsFile->AppendNative(NS_LITERAL_CSTRING(CERT_OVERRIDE_FILE_NAME));
+    } else {
+      mSettingsFile = nullptr;
+    }
+    Read();
+    CountPermanentOverrideTelemetry();
+  }
+
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::RemoveAllFromMemory()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  mSettingsTable.Clear();
+}
+
+void
+nsCertOverrideService::RemoveAllTemporaryOverrides()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry *entry = iter.Get();
+    if (entry->mSettings.mIsTemporary) {
+      entry->mSettings.mCert = nullptr;
+      iter.Remove();
+    }
+  }
+  // no need to write, as temporaries are never written to disk
+}
+
+nsresult
+nsCertOverrideService::Read()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+
+  // If we don't have a profile, then we won't try to read any settings file.
+  if (!mSettingsFile)
+    return NS_OK;
+
+  nsresult rv;
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream), mSettingsFile);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsILineInputStream> lineInputStream = do_QueryInterface(fileInputStream, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsAutoCString buffer;
+  bool isMore = true;
+  int32_t hostIndex = 0, algoIndex, fingerprintIndex, overrideBitsIndex, dbKeyIndex;
+
+  /* file format is:
+   *
+   * host:port \t fingerprint-algorithm \t fingerprint \t override-mask \t dbKey
+   *
+   *   where override-mask is a sequence of characters,
+   *     M meaning hostname-Mismatch-override
+   *     U meaning Untrusted-override
+   *     T meaning Time-error-override (expired/not yet valid)
+   *
+   * if this format isn't respected we move onto the next line in the file.
+   */
+
+  while (isMore && NS_SUCCEEDED(lineInputStream->ReadLine(buffer, &isMore))) {
+    if (buffer.IsEmpty() || buffer.First() == '#') {
+      continue;
+    }
+
+    // this is a cheap, cheesy way of parsing a tab-delimited line into
+    // string indexes, which can be lopped off into substrings. just for
+    // purposes of obfuscation, it also checks that each token was found.
+    // todo: use iterators?
+    if ((algoIndex         = buffer.FindChar('\t', hostIndex)         + 1) == 0 ||
+        (fingerprintIndex  = buffer.FindChar('\t', algoIndex)         + 1) == 0 ||
+        (overrideBitsIndex = buffer.FindChar('\t', fingerprintIndex)  + 1) == 0 ||
+        (dbKeyIndex        = buffer.FindChar('\t', overrideBitsIndex) + 1) == 0) {
+      continue;
+    }
+
+    const nsASingleFragmentCString &tmp = Substring(buffer, hostIndex, algoIndex - hostIndex - 1);
+    const nsASingleFragmentCString &algo_string = Substring(buffer, algoIndex, fingerprintIndex - algoIndex - 1);
+    const nsASingleFragmentCString &fingerprint = Substring(buffer, fingerprintIndex, overrideBitsIndex - fingerprintIndex - 1);
+    const nsASingleFragmentCString &bits_string = Substring(buffer, overrideBitsIndex, dbKeyIndex - overrideBitsIndex - 1);
+    const nsASingleFragmentCString &db_key = Substring(buffer, dbKeyIndex, buffer.Length() - dbKeyIndex);
+
+    nsAutoCString host(tmp);
+    nsCertOverride::OverrideBits bits;
+    nsCertOverride::convertStringToBits(bits_string, bits);
+
+    int32_t port;
+    int32_t portIndex = host.RFindChar(':');
+    if (portIndex == kNotFound)
+      continue; // Ignore broken entries
+
+    nsresult portParseError;
+    nsAutoCString portString(Substring(host, portIndex+1));
+    port = portString.ToInteger(&portParseError);
+    if (NS_FAILED(portParseError))
+      continue; // Ignore broken entries
+
+    host.Truncate(portIndex);
+
+    AddEntryToList(host, port,
+                   nullptr, // don't have the cert
+                   false, // not temporary
+                   algo_string, fingerprint, bits, db_key);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::Write()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+
+  // If we don't have any profile, then we won't try to write any file
+  if (!mSettingsFile) {
+    return NS_OK;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIOutputStream> fileOutputStream;
+  rv = NS_NewSafeLocalFileOutputStream(getter_AddRefs(fileOutputStream),
+                                       mSettingsFile,
+                                       -1,
+                                       0600);
+  if (NS_FAILED(rv)) {
+    NS_ERROR("failed to open cert_warn_settings.txt for writing");
+    return rv;
+  }
+
+  // get a buffered output stream 4096 bytes big, to optimize writes
+  nsCOMPtr<nsIOutputStream> bufferedOutputStream;
+  rv = NS_NewBufferedOutputStream(getter_AddRefs(bufferedOutputStream), fileOutputStream, 4096);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  static const char kHeader[] =
+      "# PSM Certificate Override Settings file" NS_LINEBREAK
+      "# This is a generated file!  Do not edit." NS_LINEBREAK;
+
+  /* see ::Read for file format */
+
+  uint32_t unused;
+  bufferedOutputStream->Write(kHeader, sizeof(kHeader) - 1, &unused);
+
+  static const char kTab[] = "\t";
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    nsCertOverrideEntry *entry = iter.Get();
+
+    const nsCertOverride &settings = entry->mSettings;
+    if (settings.mIsTemporary) {
+      continue;
+    }
+
+    nsAutoCString bits_string;
+    nsCertOverride::convertBitsToString(settings.mOverrideBits, bits_string);
+
+    bufferedOutputStream->Write(entry->mHostWithPort.get(),
+                                entry->mHostWithPort.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mFingerprintAlgOID.get(),
+                                settings.mFingerprintAlgOID.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mFingerprint.get(),
+                                settings.mFingerprint.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(bits_string.get(),
+                                bits_string.Length(), &unused);
+    bufferedOutputStream->Write(kTab, sizeof(kTab) - 1, &unused);
+    bufferedOutputStream->Write(settings.mDBKey.get(),
+                                settings.mDBKey.Length(), &unused);
+    bufferedOutputStream->Write(NS_LINEBREAK, NS_LINEBREAK_LEN, &unused);
+  }
+
+  // All went ok. Maybe except for problems in Write(), but the stream detects
+  // that for us
+  nsCOMPtr<nsISafeOutputStream> safeStream = do_QueryInterface(bufferedOutputStream);
+  NS_ASSERTION(safeStream, "expected a safe output stream!");
+  if (safeStream) {
+    rv = safeStream->Finish();
+    if (NS_FAILED(rv)) {
+      NS_WARNING("failed to save cert warn settings file! possible dataloss");
+      return rv;
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GetCertFingerprintByOidTag(nsIX509Cert *aCert,
+                           SECOidTag aOidTag,
+                           nsCString &fp)
+{
+  UniqueCERTCertificate nsscert(aCert->GetCert());
+  if (!nsscert) {
+    return NS_ERROR_FAILURE;
+  }
+  return GetCertFingerprintByOidTag(nsscert.get(), aOidTag, fp);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberValidityOverride(const nsACString& aHostName,
+                                                int32_t aPort,
+                                                nsIX509Cert* aCert,
+                                                uint32_t aOverrideBits,
+                                                bool aTemporary)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+  if (aPort < -1)
+    return NS_ERROR_INVALID_ARG;
+
+  UniqueCERTCertificate nsscert(aCert->GetCert());
+  if (!nsscert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString nickname;
+  nsresult rv = DefaultServerNicknameForCert(nsscert.get(), nickname);
+  if (!aTemporary && NS_SUCCEEDED(rv)) {
+    UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+    if (!slot) {
+      return NS_ERROR_FAILURE;
+    }
+
+    SECStatus srv = PK11_ImportCert(slot.get(), nsscert.get(), CK_INVALID_HANDLE,
+                                    nickname.get(), false);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  nsAutoCString fpStr;
+  rv = GetCertFingerprintByOidTag(nsscert.get(), mOidTagForStoringNewHashes,
+                                  fpStr);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsAutoCString dbkey;
+  rv = aCert->GetDbKey(dbkey);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    AddEntryToList(aHostName, aPort,
+                   aTemporary ? aCert : nullptr,
+                     // keep a reference to the cert for temporary overrides
+                   aTemporary,
+                   mDottedOidForStoringNewHashes, fpStr,
+                   (nsCertOverride::OverrideBits)aOverrideBits,
+                   dbkey);
+    if (!aTemporary) {
+      Write();
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::RememberTemporaryValidityOverrideUsingFingerprint(
+  const nsACString& aHostName,
+  int32_t aPort,
+  const nsACString& aCertFingerprint,
+  uint32_t aOverrideBits)
+{
+  if(aCertFingerprint.IsEmpty() || aHostName.IsEmpty() || (aPort < -1)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  ReentrantMonitorAutoEnter lock(monitor);
+  AddEntryToList(aHostName, aPort,
+                 nullptr, // No cert to keep alive
+                 true, // temporary
+                 mDottedOidForStoringNewHashes,
+                 aCertFingerprint,
+                 (nsCertOverride::OverrideBits)aOverrideBits,
+                 EmptyCString());  // dbkey
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::HasMatchingOverride(const nsACString & aHostName, int32_t aPort,
+                                           nsIX509Cert *aCert,
+                                           uint32_t *aOverrideBits,
+                                           bool *aIsTemporary,
+                                           bool *_retval)
+{
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+  if (aPort < -1)
+    return NS_ERROR_INVALID_ARG;
+
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aOverrideBits);
+  NS_ENSURE_ARG_POINTER(aIsTemporary);
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  *aOverrideBits = nsCertOverride::ob_None;
+
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  nsCertOverride settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get());
+
+    if (!entry)
+      return NS_OK;
+
+    settings = entry->mSettings; // copy
+  }
+
+  *aOverrideBits = settings.mOverrideBits;
+  *aIsTemporary = settings.mIsTemporary;
+
+  nsAutoCString fpStr;
+  nsresult rv;
+
+  // This code was originally written in a way that suggested that other hash
+  // algorithms are supported for backwards compatibility. However, this was
+  // always unnecessary, because only SHA256 has ever been used here.
+  if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+    rv = GetCertFingerprintByOidTag(aCert, mOidTagForStoringNewHashes, fpStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  } else {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  *_retval = settings.mFingerprint.Equals(fpStr);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::GetValidityOverride(const nsACString & aHostName, int32_t aPort,
+                                           nsACString & aHashAlg,
+                                           nsACString & aFingerprint,
+                                           uint32_t *aOverrideBits,
+                                           bool *aIsTemporary,
+                                           bool *_found)
+{
+  NS_ENSURE_ARG_POINTER(_found);
+  NS_ENSURE_ARG_POINTER(aIsTemporary);
+  NS_ENSURE_ARG_POINTER(aOverrideBits);
+  *_found = false;
+  *aOverrideBits = nsCertOverride::ob_None;
+
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  nsCertOverride settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.GetEntry(hostPort.get());
+
+    if (entry) {
+      *_found = true;
+      settings = entry->mSettings; // copy
+    }
+  }
+
+  if (*_found) {
+    *aOverrideBits = settings.mOverrideBits;
+    *aIsTemporary = settings.mIsTemporary;
+    aFingerprint = settings.mFingerprint;
+    aHashAlg = settings.mFingerprintAlgOID;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::AddEntryToList(const nsACString &aHostName, int32_t aPort,
+                                      nsIX509Cert *aCert,
+                                      const bool aIsTemporary,
+                                      const nsACString &fingerprintAlgOID,
+                                      const nsACString &fingerprint,
+                                      nsCertOverride::OverrideBits ob,
+                                      const nsACString &dbKey)
+{
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsCertOverrideEntry *entry = mSettingsTable.PutEntry(hostPort.get());
+
+    if (!entry) {
+      NS_ERROR("can't insert a null entry!");
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+
+    entry->mHostWithPort = hostPort;
+
+    nsCertOverride &settings = entry->mSettings;
+    settings.mAsciiHost = aHostName;
+    settings.mPort = aPort;
+    settings.mIsTemporary = aIsTemporary;
+    settings.mFingerprintAlgOID = fingerprintAlgOID;
+    settings.mFingerprint = fingerprint;
+    settings.mOverrideBits = ob;
+    settings.mDBKey = dbKey;
+    // remove whitespace from stored dbKey for backwards compatibility
+    settings.mDBKey.StripWhitespace();
+    settings.mCert = aCert;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, int32_t aPort)
+{
+  if (aPort == 0 &&
+      aHostName.EqualsLiteral("all:temporary-certificates")) {
+    RemoveAllTemporaryOverrides();
+    return NS_OK;
+  }
+  nsAutoCString hostPort;
+  GetHostWithPort(aHostName, aPort, hostPort);
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    mSettingsTable.RemoveEntry(hostPort.get());
+    Write();
+  }
+
+  if (EnsureNSSInitialized(nssEnsure)) {
+    SSL_ClearSessionCache();
+  } else {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::CountPermanentOverrideTelemetry()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  uint32_t overrideCount = 0;
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    if (!iter.Get()->mSettings.mIsTemporary) {
+      overrideCount++;
+    }
+  }
+  Telemetry::Accumulate(Telemetry::SSL_PERMANENT_CERT_ERROR_OVERRIDES,
+                        overrideCount);
+}
+
+static bool
+matchesDBKey(nsIX509Cert* cert, const nsCString& matchDbKey)
+{
+  nsAutoCString dbKey;
+  nsresult rv = cert->GetDbKey(dbKey);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  return dbKey.Equals(matchDbKey);
+}
+
+NS_IMETHODIMP
+nsCertOverrideService::IsCertUsedForOverrides(nsIX509Cert *aCert,
+                                              bool aCheckTemporaries,
+                                              bool aCheckPermanents,
+                                              uint32_t *_retval)
+{
+  NS_ENSURE_ARG(aCert);
+  NS_ENSURE_ARG(_retval);
+
+  uint32_t counter = 0;
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+      const nsCertOverride &settings = iter.Get()->mSettings;
+
+      if (( settings.mIsTemporary && !aCheckTemporaries) ||
+          (!settings.mIsTemporary && !aCheckPermanents)) {
+        continue;
+      }
+
+      if (matchesDBKey(aCert, settings.mDBKey)) {
+        nsAutoCString cert_fingerprint;
+        nsresult rv = NS_ERROR_UNEXPECTED;
+        if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+          rv = GetCertFingerprintByOidTag(aCert,
+                 mOidTagForStoringNewHashes, cert_fingerprint);
+        }
+        if (NS_SUCCEEDED(rv) &&
+            settings.mFingerprint.Equals(cert_fingerprint)) {
+          counter++;
+        }
+      }
+    }
+  }
+  *_retval = counter;
+  return NS_OK;
+}
+
+nsresult
+nsCertOverrideService::EnumerateCertOverrides(nsIX509Cert *aCert,
+                         CertOverrideEnumerator aEnumerator,
+                         void *aUserData)
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  for (auto iter = mSettingsTable.Iter(); !iter.Done(); iter.Next()) {
+    const nsCertOverride &settings = iter.Get()->mSettings;
+
+    if (!aCert) {
+      aEnumerator(settings, aUserData);
+    } else {
+      if (matchesDBKey(aCert, settings.mDBKey)) {
+        nsAutoCString cert_fingerprint;
+        nsresult rv = NS_ERROR_UNEXPECTED;
+        if (settings.mFingerprintAlgOID.Equals(mDottedOidForStoringNewHashes)) {
+          rv = GetCertFingerprintByOidTag(aCert,
+                 mOidTagForStoringNewHashes, cert_fingerprint);
+        }
+        if (NS_SUCCEEDED(rv) &&
+            settings.mFingerprint.Equals(cert_fingerprint)) {
+          aEnumerator(settings, aUserData);
+        }
+      }
+    }
+  }
+  return NS_OK;
+}
+
+void
+nsCertOverrideService::GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval)
+{
+  nsAutoCString hostPort(aHostName);
+  if (aPort == -1) {
+    aPort = 443;
+  }
+  if (!hostPort.IsEmpty()) {
+    hostPort.Append(':');
+    hostPort.AppendInt(aPort);
+  }
+  _retval.Assign(hostPort);
+}
diff --git a/security/manager/ssl/nsCertOverrideService.h b/security/manager/ssl/nsCertOverrideService.h
new file mode 100644
index 000000000..bb410f8da
--- /dev/null
+++ b/security/manager/ssl/nsCertOverrideService.h
@@ -0,0 +1,187 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __NSCERTOVERRIDESERVICE_H__
+#define __NSCERTOVERRIDESERVICE_H__
+
+#include "mozilla/ReentrantMonitor.h"
+#include "nsICertOverrideService.h"
+#include "nsTHashtable.h"
+#include "nsIObserver.h"
+#include "nsString.h"
+#include "nsIFile.h"
+#include "secoidt.h"
+#include "nsWeakReference.h"
+#include "mozilla/Attributes.h"
+
+class nsCertOverride
+{
+public:
+
+  enum OverrideBits { ob_None=0, ob_Untrusted=1, ob_Mismatch=2,
+                      ob_Time_error=4 };
+
+  nsCertOverride()
+  :mPort(-1)
+  ,mOverrideBits(ob_None)
+  {
+  }
+
+  nsCertOverride(const nsCertOverride &other)
+  {
+    this->operator=(other);
+  }
+
+  nsCertOverride &operator=(const nsCertOverride &other)
+  {
+    mAsciiHost = other.mAsciiHost;
+    mPort = other.mPort;
+    mIsTemporary = other.mIsTemporary;
+    mFingerprintAlgOID = other.mFingerprintAlgOID;
+    mFingerprint = other.mFingerprint;
+    mOverrideBits = other.mOverrideBits;
+    mDBKey = other.mDBKey;
+    mCert = other.mCert;
+    return *this;
+  }
+
+  nsCString mAsciiHost;
+  int32_t mPort;
+  bool mIsTemporary; // true: session only, false: stored on disk
+  nsCString mFingerprint;
+  nsCString mFingerprintAlgOID;
+  OverrideBits mOverrideBits;
+  nsCString mDBKey;
+  nsCOMPtr <nsIX509Cert> mCert;
+
+  static void convertBitsToString(OverrideBits ob, nsACString &str);
+  static void convertStringToBits(const nsACString &str, OverrideBits &ob);
+};
+
+
+// hash entry class
+class nsCertOverrideEntry final : public PLDHashEntryHdr
+{
+  public:
+    // Hash methods
+    typedef const char* KeyType;
+    typedef const char* KeyTypePointer;
+
+    // do nothing with aHost - we require mHead to be set before we're live!
+    explicit nsCertOverrideEntry(KeyTypePointer aHostWithPortUTF8)
+    {
+    }
+
+    nsCertOverrideEntry(const nsCertOverrideEntry& toCopy)
+    {
+      mSettings = toCopy.mSettings;
+      mHostWithPort = toCopy.mHostWithPort;
+    }
+
+    ~nsCertOverrideEntry()
+    {
+    }
+
+    KeyType GetKey() const
+    {
+      return HostWithPortPtr();
+    }
+
+    KeyTypePointer GetKeyPointer() const
+    {
+      return HostWithPortPtr();
+    }
+
+    bool KeyEquals(KeyTypePointer aKey) const
+    {
+      return !strcmp(HostWithPortPtr(), aKey);
+    }
+
+    static KeyTypePointer KeyToPointer(KeyType aKey)
+    {
+      return aKey;
+    }
+
+    static PLDHashNumber HashKey(KeyTypePointer aKey)
+    {
+      return PLDHashTable::HashStringKey(aKey);
+    }
+
+    enum { ALLOW_MEMMOVE = false };
+
+    // get methods
+    inline const nsCString &HostWithPort() const { return mHostWithPort; }
+
+    inline KeyTypePointer HostWithPortPtr() const
+    {
+      return mHostWithPort.get();
+    }
+
+    nsCertOverride mSettings;
+    nsCString mHostWithPort;
+};
+
+class nsCertOverrideService final : public nsICertOverrideService
+                                  , public nsIObserver
+                                  , public nsSupportsWeakReference
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTOVERRIDESERVICE
+  NS_DECL_NSIOBSERVER
+
+  nsCertOverrideService();
+
+  nsresult Init();
+  void RemoveAllTemporaryOverrides();
+
+  typedef void 
+  (*CertOverrideEnumerator)(const nsCertOverride &aSettings,
+                            void *aUserData);
+
+  // aCert == null: return all overrides
+  // aCert != null: return overrides that match the given cert
+  nsresult EnumerateCertOverrides(nsIX509Cert *aCert,
+                                  CertOverrideEnumerator enumerator,
+                                  void *aUserData);
+
+    // Concates host name and the port number. If the port number is -1 then
+    // port 443 is automatically used. This method ensures there is always a port
+    // number separated with colon.
+    static void GetHostWithPort(const nsACString & aHostName, int32_t aPort, nsACString& _retval);
+
+protected:
+    ~nsCertOverrideService();
+
+    mozilla::ReentrantMonitor monitor;
+    nsCOMPtr<nsIFile> mSettingsFile;
+    nsTHashtable<nsCertOverrideEntry> mSettingsTable;
+
+    SECOidTag mOidTagForStoringNewHashes;
+    nsCString mDottedOidForStoringNewHashes;
+
+    void CountPermanentOverrideTelemetry();
+
+    void RemoveAllFromMemory();
+    nsresult Read();
+    nsresult Write();
+    nsresult AddEntryToList(const nsACString &host, int32_t port,
+                            nsIX509Cert *aCert,
+                            const bool aIsTemporary,
+                            const nsACString &algo_oid, 
+                            const nsACString &fingerprint,
+                            nsCertOverride::OverrideBits ob,
+                            const nsACString &dbKey);
+};
+
+#define NS_CERTOVERRIDE_CID { /* 67ba681d-5485-4fff-952c-2ee337ffdcd6 */ \
+    0x67ba681d,                                                        \
+    0x5485,                                                            \
+    0x4fff,                                                            \
+    {0x95, 0x2c, 0x2e, 0xe3, 0x37, 0xff, 0xdc, 0xd6}                   \
+  }
+
+#endif
diff --git a/security/manager/ssl/nsCertTree.cpp b/security/manager/ssl/nsCertTree.cpp
new file mode 100644
index 000000000..1ad4e296b
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.cpp
@@ -0,0 +1,1451 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCertTree.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Logging.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsHashKeys.h"
+#include "nsISupportsPrimitives.h"
+#include "nsITreeColumns.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsTHashtable.h"
+#include "nsUnicharUtils.h"
+#include "nsXPCOMCID.h"
+#include "nsXPIDLString.h"
+#include "pkix/pkixtypes.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+static NS_DEFINE_CID(kCertOverrideCID, NS_CERTOVERRIDE_CID);
+
+// treeArrayElStr
+//
+// structure used to hold map of tree.  Each thread (an organization
+// field from a cert) has an element in the array.  The numChildren field
+// stores the number of certs corresponding to that thread.
+struct treeArrayElStr {
+  nsString   orgName;     /* heading for thread                   */
+  bool       open;        /* toggle open state for thread         */
+  int32_t    certIndex;   /* index into cert array for 1st cert   */
+  int32_t    numChildren; /* number of chidren (certs) for thread */
+};
+
+CompareCacheHashEntryPtr::CompareCacheHashEntryPtr()
+{
+  entry = new CompareCacheHashEntry;
+}
+
+CompareCacheHashEntryPtr::~CompareCacheHashEntryPtr()
+{
+  delete entry;
+}
+
+CompareCacheHashEntry::CompareCacheHashEntry()
+:key(nullptr)
+{
+  for (int i = 0; i < max_criterions; ++i) {
+    mCritInit[i] = false;
+  }
+}
+
+static bool
+CompareCacheMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const CompareCacheHashEntryPtr *entryPtr = static_cast<const CompareCacheHashEntryPtr*>(hdr);
+  return entryPtr->entry->key == key;
+}
+
+static void
+CompareCacheInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  new (hdr) CompareCacheHashEntryPtr();
+  CompareCacheHashEntryPtr *entryPtr = static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->entry->key = (void*)key;
+}
+
+static void
+CompareCacheClearEntry(PLDHashTable *table, PLDHashEntryHdr *hdr)
+{
+  CompareCacheHashEntryPtr *entryPtr = static_cast<CompareCacheHashEntryPtr*>(hdr);
+  entryPtr->~CompareCacheHashEntryPtr();
+}
+
+static const PLDHashTableOps gMapOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  CompareCacheMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  CompareCacheClearEntry,
+  CompareCacheInitEntry
+};
+
+NS_IMPL_ISUPPORTS0(nsCertAddonInfo)
+NS_IMPL_ISUPPORTS(nsCertTreeDispInfo, nsICertTreeItem)
+
+nsCertTreeDispInfo::nsCertTreeDispInfo()
+:mAddonInfo(nullptr)
+,mTypeOfEntry(direct_db)
+,mPort(-1)
+,mOverrideBits(nsCertOverride::ob_None)
+,mIsTemporary(true)
+{
+}
+
+nsCertTreeDispInfo::nsCertTreeDispInfo(nsCertTreeDispInfo &other)
+{
+  mAddonInfo = other.mAddonInfo;
+  mTypeOfEntry = other.mTypeOfEntry;
+  mAsciiHost = other.mAsciiHost;
+  mPort = other.mPort;
+  mOverrideBits = other.mOverrideBits;
+  mIsTemporary = other.mIsTemporary;
+  mCert = other.mCert;
+}
+
+nsCertTreeDispInfo::~nsCertTreeDispInfo()
+{
+}
+
+NS_IMETHODIMP
+nsCertTreeDispInfo::GetCert(nsIX509Cert **_cert)
+{
+  NS_ENSURE_ARG(_cert);
+  if (mCert) {
+    // we may already have the cert for temporary overrides
+    *_cert = mCert;
+    NS_IF_ADDREF(*_cert);
+    return NS_OK;
+  }
+  if (mAddonInfo) {
+    *_cert = mAddonInfo->mCert.get();
+    NS_IF_ADDREF(*_cert);
+  }
+  else {
+    *_cert = nullptr;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTreeDispInfo::GetHostPort(nsAString &aHostPort)
+{
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(mAsciiHost, mPort, hostPort);
+  aHostPort = NS_ConvertUTF8toUTF16(hostPort);
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsCertTree, nsICertTree, nsITreeView)
+
+nsCertTree::nsCertTree()
+  : mTreeArray(nullptr)
+  , mCompareCache(&gMapOps, sizeof(CompareCacheHashEntryPtr),
+                  kInitialCacheLength)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  mNSSComponent = do_GetService(kNSSComponentCID);
+  mOverrideService = do_GetService("@mozilla.org/security/certoverride;1");
+  // Might be a different service if someone is overriding the contract
+  nsCOMPtr<nsICertOverrideService> origCertOverride =
+    do_GetService(kCertOverrideCID);
+  mOriginalOverrideService =
+    static_cast<nsCertOverrideService*>(origCertOverride.get());
+  mCellText = nullptr;
+}
+
+void nsCertTree::ClearCompareHash()
+{
+  mCompareCache.ClearAndPrepareForLength(kInitialCacheLength);
+}
+
+nsCertTree::~nsCertTree()
+{
+  delete [] mTreeArray;
+}
+
+void
+nsCertTree::FreeCertArray()
+{
+  mDispInfo.Clear();
+}
+
+CompareCacheHashEntry*
+nsCertTree::getCacheEntry(void* cache, void* aCert)
+{
+  PLDHashTable& aCompareCache = *static_cast<PLDHashTable*>(cache);
+  auto entryPtr = static_cast<CompareCacheHashEntryPtr*>
+                             (aCompareCache.Add(aCert, fallible));
+  return entryPtr ? entryPtr->entry : nullptr;
+}
+
+void nsCertTree::RemoveCacheEntry(void *key)
+{
+  mCompareCache.Remove(key);
+}
+
+// CountOrganizations
+//
+// Count the number of different organizations encountered in the cert
+// list.
+int32_t
+nsCertTree::CountOrganizations()
+{
+  uint32_t i, certCount;
+  certCount = mDispInfo.Length();
+  if (certCount == 0) return 0;
+  nsCOMPtr<nsIX509Cert> orgCert = nullptr;
+  nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(0)->mAddonInfo;
+  if (addonInfo) {
+    orgCert = addonInfo->mCert;
+  }
+  nsCOMPtr<nsIX509Cert> nextCert = nullptr;
+  int32_t orgCount = 1;
+  for (i=1; i<certCount; i++) {
+    nextCert = nullptr;
+    addonInfo = mDispInfo.SafeElementAt(i, nullptr)->mAddonInfo;
+    if (addonInfo) {
+      nextCert = addonInfo->mCert;
+    }
+    // XXX we assume issuer org is always criterion 1
+    if (CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None) != 0) {
+      orgCert = nextCert;
+      orgCount++;
+    }
+  }
+  return orgCount;
+}
+
+// GetThreadDescAtIndex
+//
+// If the row at index is an organization thread, return the collection
+// associated with that thread.  Otherwise, return null.
+treeArrayEl *
+nsCertTree::GetThreadDescAtIndex(int32_t index)
+{
+  int i, idx=0;
+  if (index < 0) return nullptr;
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx) {
+      return &mTreeArray[i];
+    }
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+    }
+    idx++;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+//  GetCertAtIndex
+//
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsIX509Cert>
+nsCertTree::GetCertAtIndex(int32_t index, int32_t *outAbsoluteCertOffset)
+{
+  RefPtr<nsCertTreeDispInfo> certdi(
+    GetDispInfoAtIndex(index, outAbsoluteCertOffset));
+  if (!certdi)
+    return nullptr;
+
+  nsCOMPtr<nsIX509Cert> ret;
+  if (certdi->mCert) {
+    ret = certdi->mCert;
+  } else if (certdi->mAddonInfo) {
+    ret = certdi->mAddonInfo->mCert;
+  }
+  return ret.forget();
+}
+
+//  If the row at index is a cert, return that cert.  Otherwise, return null.
+already_AddRefed<nsCertTreeDispInfo>
+nsCertTree::GetDispInfoAtIndex(int32_t index, 
+                               int32_t *outAbsoluteCertOffset)
+{
+  int i, idx = 0, cIndex = 0, nc;
+  if (index < 0) return nullptr;
+  // Loop over the threads
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx) return nullptr; // index is for thread
+    idx++; // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) { // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+      if (outAbsoluteCertOffset)
+        *outAbsoluteCertOffset = certIndex;
+      RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
+                                                                nullptr));
+      if (certdi) {
+        return certdi.forget();
+      }
+      break;
+    }
+    if (mTreeArray[i].open)
+      idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index) break;
+  }
+  return nullptr;
+}
+
+nsCertTree::nsCertCompareFunc
+nsCertTree::GetCompareFuncFromCertType(uint32_t aType)
+{
+  switch (aType) {
+    case nsIX509Cert::ANY_CERT:
+    case nsIX509Cert::USER_CERT:
+      return CmpUserCert;
+    case nsIX509Cert::CA_CERT:
+      return CmpCACert;
+    case nsIX509Cert::EMAIL_CERT:
+      return CmpEmailCert;
+    case nsIX509Cert::SERVER_CERT:
+    default:
+      return CmpWebSiteCert;
+  }
+}
+
+struct nsCertAndArrayAndPositionAndCounterAndTracker
+{
+  RefPtr<nsCertAddonInfo> certai;
+  nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
+  int position;
+  int counter;
+  nsTHashtable<nsCStringHashKey> *tracker;
+};
+
+// Used to enumerate host:port overrides that match a stored
+// certificate, creates and adds a display-info-object to the
+// provided array. Increments insert position and entry counter.
+// We remove the given key from the tracker, which is used to 
+// track entries that have not yet been handled.
+// The created display-info references the cert, so make a note
+// of that by incrementing the cert usage counter.
+static void
+MatchingCertOverridesCallback(const nsCertOverride &aSettings,
+                              void *aUserData)
+{
+  nsCertAndArrayAndPositionAndCounterAndTracker *cap = 
+    (nsCertAndArrayAndPositionAndCounterAndTracker*)aUserData;
+  if (!cap)
+    return;
+
+  nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+  if (certdi) {
+    if (cap->certai)
+      cap->certai->mUsageCount++;
+    certdi->mAddonInfo = cap->certai;
+    certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override;
+    certdi->mAsciiHost = aSettings.mAsciiHost;
+    certdi->mPort = aSettings.mPort;
+    certdi->mOverrideBits = aSettings.mOverrideBits;
+    certdi->mIsTemporary = aSettings.mIsTemporary;
+    certdi->mCert = aSettings.mCert;
+    cap->array->InsertElementAt(cap->position, certdi);
+    cap->position++;
+    cap->counter++;
+  }
+
+  // this entry is now associated to a displayed cert, remove
+  // it from the list of remaining entries
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  cap->tracker->RemoveEntry(hostPort);
+}
+
+// Used to collect a list of the (unique) host:port keys
+// for all stored overrides.
+static void
+CollectAllHostPortOverridesCallback(const nsCertOverride &aSettings,
+                                    void *aUserData)
+{
+  nsTHashtable<nsCStringHashKey> *collectorTable =
+    (nsTHashtable<nsCStringHashKey> *)aUserData;
+  if (!collectorTable)
+    return;
+
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  collectorTable->PutEntry(hostPort);
+}
+
+struct nsArrayAndPositionAndCounterAndTracker
+{
+  nsTArray< RefPtr<nsCertTreeDispInfo> > *array;
+  int position;
+  int counter;
+  nsTHashtable<nsCStringHashKey> *tracker;
+};
+
+// Used when enumerating the stored host:port overrides where
+// no associated certificate was found in the NSS database.
+static void
+AddRemaningHostPortOverridesCallback(const nsCertOverride &aSettings,
+                                     void *aUserData)
+{
+  nsArrayAndPositionAndCounterAndTracker *cap = 
+    (nsArrayAndPositionAndCounterAndTracker*)aUserData;
+  if (!cap)
+    return;
+
+  nsAutoCString hostPort;
+  nsCertOverrideService::GetHostWithPort(aSettings.mAsciiHost, aSettings.mPort, hostPort);
+  if (!cap->tracker->GetEntry(hostPort))
+    return;
+
+  // This entry is not associated to any stored cert,
+  // so we still need to display it.
+
+  nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+  if (certdi) {
+    certdi->mAddonInfo = nullptr;
+    certdi->mTypeOfEntry = nsCertTreeDispInfo::host_port_override;
+    certdi->mAsciiHost = aSettings.mAsciiHost;
+    certdi->mPort = aSettings.mPort;
+    certdi->mOverrideBits = aSettings.mOverrideBits;
+    certdi->mIsTemporary = aSettings.mIsTemporary;
+    certdi->mCert = aSettings.mCert;
+    cap->array->InsertElementAt(cap->position, certdi);
+    cap->position++;
+    cap->counter++;
+  }
+}
+
+nsresult
+nsCertTree::GetCertsByTypeFromCertList(CERTCertList *aCertList,
+                                       uint32_t aWantedType,
+                                       nsCertCompareFunc  aCertCmpFn,
+                                       void *aCertCmpFnArg)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetCertsByTypeFromCertList"));
+  if (!aCertList)
+    return NS_ERROR_FAILURE;
+
+  if (!mOriginalOverrideService)
+    return NS_ERROR_FAILURE;
+
+  nsTHashtable<nsCStringHashKey> allHostPortOverrideKeys;
+
+  if (aWantedType == nsIX509Cert::SERVER_CERT) {
+    mOriginalOverrideService->
+      EnumerateCertOverrides(nullptr, 
+                             CollectAllHostPortOverridesCallback, 
+                             &allHostPortOverrideKeys);
+  }
+
+  CERTCertListNode *node;
+  int count = 0;
+  for (node = CERT_LIST_HEAD(aCertList);
+       !CERT_LIST_END(node, aCertList);
+       node = CERT_LIST_NEXT(node)) {
+
+    bool wantThisCert = (aWantedType == nsIX509Cert::ANY_CERT);
+    bool wantThisCertIfNoOverrides = false;
+    bool wantThisCertIfHaveOverrides = false;
+    bool addOverrides = false;
+
+    if (!wantThisCert) {
+      uint32_t thisCertType = getCertType(node->cert);
+
+      // The output from getCertType is a "guess", which can be wrong.
+      // The guess is based on stored trust flags, but for the host:port
+      // overrides, we are storing certs without any trust flags associated.
+      // So we must check whether the cert really belongs to the 
+      // server, email or unknown tab. We will lookup the cert in the override
+      // list to come to the decision. Unfortunately, the lookup in the
+      // override list is quite expensive. Therefore we are using this 
+      // lengthy if/else statement to minimize 
+      // the number of override-list-lookups.
+
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::UNKNOWN_CERT) {
+        // This unknown cert was stored without trust
+        // Are there host:port based overrides stored?
+        // If yes, display them.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::UNKNOWN_CERT
+          && thisCertType == nsIX509Cert::UNKNOWN_CERT) {
+        // This unknown cert was stored without trust.
+        // If there are associated overrides, do not show as unknown.
+        // If there are no associated overrides, display as unknown.
+        wantThisCertIfNoOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::SERVER_CERT) {
+        // This server cert is explicitly marked as a web site peer, 
+        // with or without trust, but editable, so show it
+        wantThisCert = true;
+        // Are there host:port based overrides stored?
+        // If yes, display them.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::SERVER_CERT
+          && thisCertType == nsIX509Cert::EMAIL_CERT) {
+        // This cert might have been categorized as an email cert
+        // because it carries an email address. But is it really one?
+        // Our cert categorization is uncertain when it comes to
+        // distinguish between email certs and web site certs.
+        // So, let's see if we have an override for that cert
+        // and if there is, conclude it's really a web site cert.
+        addOverrides = true;
+      }
+      else
+      if (aWantedType == nsIX509Cert::EMAIL_CERT
+          && thisCertType == nsIX509Cert::EMAIL_CERT) {
+        // This cert might have been categorized as an email cert
+        // because it carries an email address. But is it really one?
+        // Our cert categorization is uncertain when it comes to
+        // distinguish between email certs and web site certs.
+        // So, let's see if we have an override for that cert
+        // and if there is, conclude it's really a web site cert.
+        wantThisCertIfNoOverrides = true;
+      }
+      else
+      if (thisCertType == aWantedType) {
+        wantThisCert = true;
+      }
+    }
+
+    nsCOMPtr<nsIX509Cert> pipCert = nsNSSCertificate::Create(node->cert);
+    if (!pipCert)
+      return NS_ERROR_OUT_OF_MEMORY;
+
+    if (wantThisCertIfNoOverrides || wantThisCertIfHaveOverrides) {
+      uint32_t ocount = 0;
+      nsresult rv = 
+        mOverrideService->IsCertUsedForOverrides(pipCert, 
+                                                 true, // we want temporaries
+                                                 true, // we want permanents
+                                                 &ocount);
+      if (wantThisCertIfNoOverrides) {
+        if (NS_FAILED(rv) || ocount == 0) {
+          // no overrides for this cert
+          wantThisCert = true;
+        }
+      }
+
+      if (wantThisCertIfHaveOverrides) {
+        if (NS_SUCCEEDED(rv) && ocount > 0) {
+          // there are overrides for this cert
+          wantThisCert = true;
+        }
+      }
+    }
+
+    RefPtr<nsCertAddonInfo> certai(new nsCertAddonInfo);
+    certai->mCert = pipCert;
+    certai->mUsageCount = 0;
+
+    if (wantThisCert || addOverrides) {
+      int InsertPosition = 0;
+      for (; InsertPosition < count; ++InsertPosition) {
+        nsCOMPtr<nsIX509Cert> cert = nullptr;
+        RefPtr<nsCertTreeDispInfo> elem(
+          mDispInfo.SafeElementAt(InsertPosition, nullptr));
+        if (elem && elem->mAddonInfo) {
+          cert = elem->mAddonInfo->mCert;
+        }
+        if ((*aCertCmpFn)(aCertCmpFnArg, pipCert, cert) < 0) {
+          break;
+        }
+      }
+      if (wantThisCert) {
+        nsCertTreeDispInfo *certdi = new nsCertTreeDispInfo;
+        certdi->mAddonInfo = certai;
+        certai->mUsageCount++;
+        certdi->mTypeOfEntry = nsCertTreeDispInfo::direct_db;
+        // not necessary: certdi->mAsciiHost.Clear(); certdi->mPort = -1;
+        certdi->mOverrideBits = nsCertOverride::ob_None;
+        certdi->mIsTemporary = false;
+        mDispInfo.InsertElementAt(InsertPosition, certdi);
+        ++count;
+        ++InsertPosition;
+      }
+      if (addOverrides) {
+        nsCertAndArrayAndPositionAndCounterAndTracker cap;
+        cap.certai = certai;
+        cap.array = &mDispInfo;
+        cap.position = InsertPosition;
+        cap.counter = 0;
+        cap.tracker = &allHostPortOverrideKeys;
+
+        mOriginalOverrideService->
+          EnumerateCertOverrides(pipCert, MatchingCertOverridesCallback, &cap);
+        count += cap.counter;
+      }
+    }
+  }
+
+  if (aWantedType == nsIX509Cert::SERVER_CERT) {
+    nsArrayAndPositionAndCounterAndTracker cap;
+    cap.array = &mDispInfo;
+    cap.position = 0;
+    cap.counter = 0;
+    cap.tracker = &allHostPortOverrideKeys;
+    mOriginalOverrideService->
+      EnumerateCertOverrides(nullptr, AddRemaningHostPortOverridesCallback, &cap);
+  }
+
+  return NS_OK;
+}
+
+nsresult 
+nsCertTree::GetCertsByType(uint32_t           aType,
+                           nsCertCompareFunc  aCertCmpFn,
+                           void              *aCertCmpFnArg)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+  UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, cxt));
+  return GetCertsByTypeFromCertList(certList.get(), aType, aCertCmpFn,
+                                    aCertCmpFnArg);
+}
+
+nsresult
+nsCertTree::GetCertsByTypeFromCache(nsIX509CertList   *aCache,
+                                    uint32_t           aType,
+                                    nsCertCompareFunc  aCertCmpFn,
+                                    void              *aCertCmpFnArg)
+{
+  NS_ENSURE_ARG_POINTER(aCache);
+  // GetRawCertList checks for NSS shutdown since we can't do it ourselves here
+  // easily. We still have to acquire a shutdown prevention lock to prevent NSS
+  // shutting down after GetRawCertList has returned. While cumbersome, this is
+  // at least mostly correct. The rest of this implementation doesn't even go
+  // this far in attempting to check for or prevent NSS shutdown at the
+  // appropriate times. If this were reimplemented at a higher level using
+  // more encapsulated types that handled NSS shutdown themselves, we wouldn't
+  // be having these kinds of problems.
+  nsNSSShutDownPreventionLock locker;
+  CERTCertList* certList = aCache->GetRawCertList();
+  if (!certList)
+    return NS_ERROR_FAILURE;
+  return GetCertsByTypeFromCertList(certList, aType, aCertCmpFn, aCertCmpFnArg);
+}
+
+// LoadCerts
+//
+// Load all of the certificates in the DB for this type.  Sort them
+// by token, organization, then common name.
+NS_IMETHODIMP
+nsCertTree::LoadCertsFromCache(nsIX509CertList *aCache, uint32_t aType)
+{
+  if (mTreeArray) {
+    FreeCertArray();
+    delete [] mTreeArray;
+    mTreeArray = nullptr;
+    mNumRows = 0;
+  }
+  ClearCompareHash();
+
+  nsresult rv = GetCertsByTypeFromCache(aCache, aType,
+                                        GetCompareFuncFromCertType(aType),
+                                        &mCompareCache);
+  if (NS_FAILED(rv)) return rv;
+  return UpdateUIContents();
+}
+
+NS_IMETHODIMP 
+nsCertTree::LoadCerts(uint32_t aType)
+{
+  if (mTreeArray) {
+    FreeCertArray();
+    delete [] mTreeArray;
+    mTreeArray = nullptr;
+    mNumRows = 0;
+  }
+  ClearCompareHash();
+
+  nsresult rv = GetCertsByType(aType, GetCompareFuncFromCertType(aType),
+                               &mCompareCache);
+  if (NS_FAILED(rv)) return rv;
+  return UpdateUIContents();
+}
+
+nsresult
+nsCertTree::UpdateUIContents()
+{
+  uint32_t count = mDispInfo.Length();
+  mNumOrgs = CountOrganizations();
+  mTreeArray = new treeArrayEl[mNumOrgs];
+
+  mCellText = nsArrayBase::Create();
+
+if (count) {
+  uint32_t j = 0;
+  nsCOMPtr<nsIX509Cert> orgCert = nullptr;
+  nsCertAddonInfo *addonInfo = mDispInfo.ElementAt(j)->mAddonInfo;
+  if (addonInfo) {
+    orgCert = addonInfo->mCert;
+  }
+  for (int32_t i=0; i<mNumOrgs; i++) {
+    nsString &orgNameRef = mTreeArray[i].orgName;
+    if (!orgCert) {
+      mNSSComponent->GetPIPNSSBundleString("CertOrgUnknown", orgNameRef);
+    }
+    else {
+      orgCert->GetIssuerOrganization(orgNameRef);
+      if (orgNameRef.IsEmpty())
+        orgCert->GetCommonName(orgNameRef);
+    }
+    mTreeArray[i].open = true;
+    mTreeArray[i].certIndex = j;
+    mTreeArray[i].numChildren = 1;
+    if (++j >= count) break;
+    nsCOMPtr<nsIX509Cert> nextCert = nullptr;
+    nsCertAddonInfo *addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
+    if (addonInfo) {
+      nextCert = addonInfo->mCert;
+    }
+    while (0 == CmpBy(&mCompareCache, orgCert, nextCert, sort_IssuerOrg, sort_None, sort_None)) {
+      mTreeArray[i].numChildren++;
+      if (++j >= count) break;
+      nextCert = nullptr;
+      addonInfo = mDispInfo.SafeElementAt(j, nullptr)->mAddonInfo;
+      if (addonInfo) {
+        nextCert = addonInfo->mCert;
+      }
+    }
+    orgCert = nextCert;
+  }
+}
+  if (mTree) {
+    mTree->BeginUpdateBatch();
+    mTree->RowCountChanged(0, -mNumRows);
+  }
+  mNumRows = count + mNumOrgs;
+  if (mTree)
+    mTree->EndUpdateBatch();
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::DeleteEntryObject(uint32_t index)
+{
+  if (!mTreeArray) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509CertDB> certdb = 
+    do_GetService("@mozilla.org/security/x509certdb;1");
+  if (!certdb) {
+    return NS_ERROR_FAILURE;
+  }
+
+  int i;
+  uint32_t idx = 0, cIndex = 0, nc;
+  // Loop over the threads
+  for (i=0; i<mNumOrgs; i++) {
+    if (index == idx)
+      return NS_OK; // index is for thread
+    idx++; // get past the thread
+    nc = (mTreeArray[i].open) ? mTreeArray[i].numChildren : 0;
+    if (index < idx + nc) { // cert is within range of this thread
+      int32_t certIndex = cIndex + index - idx;
+
+      bool canRemoveEntry = false;
+      RefPtr<nsCertTreeDispInfo> certdi(mDispInfo.SafeElementAt(certIndex,
+                                                                nullptr));
+      
+      // We will remove the element from the visual tree.
+      // Only if we have a certdi, then we can check for additional actions.
+      nsCOMPtr<nsIX509Cert> cert = nullptr;
+      if (certdi) {
+        if (certdi->mAddonInfo) {
+          cert = certdi->mAddonInfo->mCert;
+        }
+        nsCertAddonInfo* addonInfo =
+          certdi->mAddonInfo ? certdi->mAddonInfo.get() : nullptr;
+        if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) {
+          mOverrideService->ClearValidityOverride(certdi->mAsciiHost, certdi->mPort);
+          if (addonInfo) {
+            addonInfo->mUsageCount--;
+            if (addonInfo->mUsageCount == 0) {
+              // The certificate stored in the database is no longer
+              // referenced by any other object displayed.
+              // That means we no longer need to keep it around
+              // and really can remove it.
+              canRemoveEntry = true;
+            }
+          } 
+        }
+        else {
+          if (addonInfo && addonInfo->mUsageCount > 1) {
+            // user is trying to delete a perm trusted cert,
+            // although there are still overrides stored,
+            // so, we keep the cert, but remove the trust
+
+            UniqueCERTCertificate nsscert(cert->GetCert());
+
+            if (nsscert) {
+              CERTCertTrust trust;
+              memset((void*)&trust, 0, sizeof(trust));
+
+              SECStatus srv = CERT_DecodeTrustString(&trust, ""); // no override 
+              if (srv == SECSuccess) {
+                CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nsscert.get(),
+                                     &trust);
+              }
+            }
+          }
+          else {
+            canRemoveEntry = true;
+          }
+        }
+      }
+
+      mDispInfo.RemoveElementAt(certIndex);
+
+      if (canRemoveEntry) {
+        RemoveCacheEntry(cert);
+        certdb->DeleteCertificate(cert);
+      }
+
+      delete [] mTreeArray;
+      mTreeArray = nullptr;
+      return UpdateUIContents();
+    }
+    if (mTreeArray[i].open)
+      idx += mTreeArray[i].numChildren;
+    cIndex += mTreeArray[i].numChildren;
+    if (idx > index)
+      break;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+//
+//  Begin nsITreeView methods
+//
+/////////////////////////////////////////////////////////////////////////////
+
+NS_IMETHODIMP
+nsCertTree::GetCert(uint32_t aIndex, nsIX509Cert **_cert)
+{
+  NS_ENSURE_ARG(_cert);
+  *_cert = GetCertAtIndex(aIndex).take();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetTreeItem(uint32_t aIndex, nsICertTreeItem **_treeitem)
+{
+  NS_ENSURE_ARG(_treeitem);
+
+  RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(aIndex));
+  if (!certdi)
+    return NS_ERROR_FAILURE;
+
+  *_treeitem = certdi;
+  NS_IF_ADDREF(*_treeitem);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetRowCount(int32_t *aRowCount)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  uint32_t count = 0;
+  for (int32_t i=0; i<mNumOrgs; i++) {
+    if (mTreeArray[i].open) {
+      count += mTreeArray[i].numChildren;
+    }
+    count++;
+  }
+  *aRowCount = count;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetSelection(nsITreeSelection * *aSelection)
+{
+  *aSelection = mSelection;
+  NS_IF_ADDREF(*aSelection);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetSelection(nsITreeSelection * aSelection)
+{
+  mSelection = aSelection;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetRowProperties(int32_t index, nsAString& aProps)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellProperties(int32_t row, nsITreeColumn* col, 
+                              nsAString& aProps)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetColumnProperties(nsITreeColumn* col, nsAString& aProps)
+{
+  return NS_OK;
+}
+NS_IMETHODIMP 
+nsCertTree::IsContainer(int32_t index, bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsContainerOpen(int32_t index, bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el && el->open) {
+    *_retval = true;
+  } else {
+    *_retval = false;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsContainerEmpty(int32_t index, bool *_retval)
+{
+  *_retval = !mTreeArray;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsSeparator(int32_t index, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetParentIndex(int32_t rowIndex, int32_t *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx < rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      if (rowIndex <= idx + mTreeArray[i].numChildren) {
+        *_retval = idx;
+        return NS_OK;
+      }
+      idx += mTreeArray[i].numChildren;
+    }
+  }
+  *_retval = -1;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::HasNextSibling(int32_t rowIndex, int32_t afterIndex, 
+                               bool *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  int i, idx = 0;
+  for (i = 0; i < mNumOrgs && idx <= rowIndex; i++, idx++) {
+    if (mTreeArray[i].open) {
+      idx += mTreeArray[i].numChildren;
+      if (afterIndex <= idx) {
+        *_retval = afterIndex < idx;
+        return NS_OK;
+      }
+    }
+  }
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetLevel(int32_t index, int32_t *_retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    *_retval = 0;
+  } else {
+    *_retval = 1;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetImageSrc(int32_t row, nsITreeColumn* col, 
+                        nsAString& _retval)
+{
+  _retval.Truncate();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCertTree::GetProgressMode(int32_t row, nsITreeColumn* col, int32_t* _retval)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellValue(int32_t row, nsITreeColumn* col, 
+                         nsAString& _retval)
+{
+  _retval.Truncate();
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::GetCellText(int32_t row, nsITreeColumn* col, 
+                        nsAString& _retval)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  nsresult rv = NS_OK;
+  _retval.Truncate();
+
+  const char16_t* colID;
+  col->GetIdConst(&colID);
+
+  treeArrayEl *el = GetThreadDescAtIndex(row);
+  if (el) {
+    if (NS_LITERAL_STRING("certcol").Equals(colID))
+      _retval.Assign(el->orgName);
+    else
+      _retval.Truncate();
+    return NS_OK;
+  }
+
+  int32_t absoluteCertOffset;
+  RefPtr<nsCertTreeDispInfo> certdi(GetDispInfoAtIndex(row, &absoluteCertOffset));
+  if (!certdi)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> cert = certdi->mCert;
+  if (!cert && certdi->mAddonInfo) {
+    cert = certdi->mAddonInfo->mCert;
+  }
+
+  int32_t colIndex;
+  col->GetIndex(&colIndex);
+  uint32_t arrayIndex=absoluteCertOffset+colIndex*(mNumRows-mNumOrgs);
+  uint32_t arrayLength=0;
+  if (mCellText) {
+    mCellText->GetLength(&arrayLength);
+  }
+  if (arrayIndex < arrayLength) {
+    nsCOMPtr<nsISupportsString> myString(do_QueryElementAt(mCellText, arrayIndex));
+    if (myString) {
+      myString->GetData(_retval);
+      return NS_OK;
+    }
+  }
+
+  if (NS_LITERAL_STRING("certcol").Equals(colID)) {
+    if (!cert) {
+      mNSSComponent->GetPIPNSSBundleString("CertNotStored", _retval);
+    }
+    else {
+      rv = cert->GetCommonName(_retval);
+      if (NS_FAILED(rv) || _retval.IsEmpty()) {
+        // kaie: I didn't invent the idea to cut off anything before 
+        //       the first colon. :-)
+        nsAutoString nick;
+        rv = cert->GetNickname(nick);
+        
+        nsAString::const_iterator start, end, end2;
+        nick.BeginReading(start);
+        nick.EndReading(end);
+        end2 = end;
+  
+        if (FindInReadable(NS_LITERAL_STRING(":"), start, end)) {
+          // found. end points to the first char after the colon,
+          // that's what we want.
+          _retval = Substring(end, end2);
+        }
+        else {
+          _retval = nick;
+        }
+      }
+    }
+  } else if (NS_LITERAL_STRING("tokencol").Equals(colID) && cert) {
+    rv = cert->GetTokenName(_retval);
+  } else if (NS_LITERAL_STRING("emailcol").Equals(colID) && cert) {
+    rv = cert->GetEmailAddress(_retval);
+  } else if (NS_LITERAL_STRING("issuedcol").Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      validity->GetNotBeforeLocalDay(_retval);
+    }
+  } else if (NS_LITERAL_STRING("expiredcol").Equals(colID) && cert) {
+    nsCOMPtr<nsIX509CertValidity> validity;
+
+    rv = cert->GetValidity(getter_AddRefs(validity));
+    if (NS_SUCCEEDED(rv)) {
+      validity->GetNotAfterLocalDay(_retval);
+    }
+  } else if (NS_LITERAL_STRING("serialnumcol").Equals(colID) && cert) {
+    rv = cert->GetSerialNumber(_retval);
+  } else if (NS_LITERAL_STRING("sitecol").Equals(colID)) {
+    if (certdi->mTypeOfEntry == nsCertTreeDispInfo::host_port_override) {
+      nsAutoCString hostPort;
+      nsCertOverrideService::GetHostWithPort(certdi->mAsciiHost, certdi->mPort, hostPort);
+      _retval = NS_ConvertUTF8toUTF16(hostPort);
+    }
+    else {
+      _retval = NS_LITERAL_STRING("*");
+    }
+  } else if (NS_LITERAL_STRING("lifetimecol").Equals(colID)) {
+    const char *stringID = 
+      (certdi->mIsTemporary) ? "CertExceptionTemporary" : "CertExceptionPermanent";
+    rv = mNSSComponent->GetPIPNSSBundleString(stringID, _retval);
+  } else {
+    return NS_ERROR_FAILURE;
+  }
+  if (mCellText) {
+    nsCOMPtr<nsISupportsString> text(do_CreateInstance(NS_SUPPORTS_STRING_CONTRACTID, &rv));
+    NS_ENSURE_SUCCESS(rv, rv);
+    text->SetData(_retval);
+    mCellText->ReplaceElementAt(text, arrayIndex, false);
+  }
+  return rv;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetTree(nsITreeBoxObject *tree)
+{
+  mTree = tree;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::ToggleOpenState(int32_t index)
+{
+  if (!mTreeArray)
+    return NS_ERROR_NOT_INITIALIZED;
+  treeArrayEl *el = GetThreadDescAtIndex(index);
+  if (el) {
+    el->open = !el->open;
+    int32_t newChildren = (el->open) ? el->numChildren : -el->numChildren;
+    if (mTree) mTree->RowCountChanged(index + 1, newChildren);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::CycleHeader(nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SelectionChanged()
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP 
+nsCertTree::CycleCell(int32_t row, nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsEditable(int32_t row, nsITreeColumn* col, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::IsSelectable(int32_t row, nsITreeColumn* col, bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetCellValue(int32_t row, nsITreeColumn* col, 
+                         const nsAString& value)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::SetCellText(int32_t row, nsITreeColumn* col, 
+                        const nsAString& value)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformAction(const char16_t *action)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformActionOnRow(const char16_t *action, int32_t row)
+{
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsCertTree::PerformActionOnCell(const char16_t *action, int32_t row, 
+                                nsITreeColumn* col)
+{
+  return NS_OK;
+}
+
+#ifdef DEBUG_CERT_TREE
+void
+nsCertTree::dumpMap()
+{
+  for (int i=0; i<mNumOrgs; i++) {
+    nsAutoString org(mTreeArray[i].orgName);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ORG[%s]", NS_LossyConvertUTF16toASCII(org).get()));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("OPEN[%d]", mTreeArray[i].open));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("INDEX[%d]", mTreeArray[i].certIndex));
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NCHILD[%d]", mTreeArray[i].numChildren));
+  }
+  for (int i=0; i<mNumRows; i++) {
+    treeArrayEl *el = GetThreadDescAtIndex(i);
+    if (el) {
+      nsAutoString td(el->orgName);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("thread desc[%d]: %s", i, NS_LossyConvertUTF16toASCII(td).get()));
+    }
+    nsCOMPtr<nsIX509Cert> ct = GetCertAtIndex(i);
+    if (ct) {
+      char16_t *goo;
+      ct->GetCommonName(&goo);
+      nsAutoString doo(goo);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert [%d]: %s", i, NS_LossyConvertUTF16toASCII(doo).get()));
+    }
+  }
+}
+#endif
+
+//
+// CanDrop
+//
+NS_IMETHODIMP nsCertTree::CanDrop(int32_t index, int32_t orientation,
+                                  nsIDOMDataTransfer* aDataTransfer, bool *_retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = false;
+  
+  return NS_OK;
+}
+
+
+//
+// Drop
+//
+NS_IMETHODIMP nsCertTree::Drop(int32_t row, int32_t orient, nsIDOMDataTransfer* aDataTransfer)
+{
+  return NS_OK;
+}
+
+
+//
+// IsSorted
+//
+// ...
+//
+NS_IMETHODIMP nsCertTree::IsSorted(bool *_retval)
+{
+  *_retval = false;
+  return NS_OK;
+}
+
+#define RETURN_NOTHING
+
+void 
+nsCertTree::CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
+                             sortCriterion crit, int32_t level)
+{
+  NS_ENSURE_TRUE(cert && entry, RETURN_NOTHING);
+
+  entry->mCritInit[level] = true;
+  nsXPIDLString &str = entry->mCrit[level];
+  
+  switch (crit) {
+    case sort_IssuerOrg:
+      cert->GetIssuerOrganization(str);
+      if (str.IsEmpty())
+        cert->GetCommonName(str);
+      break;
+    case sort_Org:
+      cert->GetOrganization(str);
+      break;
+    case sort_Token:
+      cert->GetTokenName(str);
+      break;
+    case sort_CommonName:
+      cert->GetCommonName(str);
+      break;
+    case sort_IssuedDateDescending:
+      {
+        nsresult rv;
+        nsCOMPtr<nsIX509CertValidity> validity;
+        PRTime notBefore;
+
+        rv = cert->GetValidity(getter_AddRefs(validity));
+        if (NS_SUCCEEDED(rv)) {
+          rv = validity->GetNotBefore(&notBefore);
+        }
+
+        if (NS_SUCCEEDED(rv)) {
+          PRExplodedTime explodedTime;
+          PR_ExplodeTime(notBefore, PR_GMTParameters, &explodedTime);
+          char datebuf[20]; // 4 + 2 + 2 + 2 + 2 + 2 + 1 = 15
+          if (0 != PR_FormatTime(datebuf, sizeof(datebuf), "%Y%m%d%H%M%S", &explodedTime)) {
+            str = NS_ConvertASCIItoUTF16(nsDependentCString(datebuf));
+          }
+        }
+      }
+      break;
+    case sort_Email:
+      cert->GetEmailAddress(str);
+      break;
+    case sort_None:
+    default:
+      break;
+  }
+}
+
+int32_t
+nsCertTree::CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, 
+                      nsIX509Cert *b, CompareCacheHashEntry *bce, 
+                      sortCriterion crit, int32_t level)
+{
+  NS_ENSURE_TRUE(a && ace && b && bce, 0);
+
+  if (!ace->mCritInit[level]) {
+    CmpInitCriterion(a, ace, crit, level);
+  }
+
+  if (!bce->mCritInit[level]) {
+    CmpInitCriterion(b, bce, crit, level);
+  }
+
+  nsXPIDLString &str_a = ace->mCrit[level];
+  nsXPIDLString &str_b = bce->mCrit[level];
+
+  int32_t result;
+  if (str_a && str_b)
+    result = Compare(str_a, str_b, nsCaseInsensitiveStringComparator());
+  else
+    result = !str_a ? (!str_b ? 0 : -1) : 1;
+
+  if (sort_IssuedDateDescending == crit)
+    result *= -1; // reverse compare order
+
+  return result;
+}
+
+int32_t
+nsCertTree::CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, 
+                  sortCriterion c0, sortCriterion c1, sortCriterion c2)
+{
+  // This will be called when comparing items for display sorting.
+  // Some items might have no cert associated, so either a or b is null.
+  // We want all those orphans show at the top of the list,
+  // so we treat a null cert as "smaller" by returning -1.
+  // We don't try to sort within the group of no-cert entries,
+  // so we treat them as equal wrt sort order.
+
+  if (!a && !b)
+    return 0;
+
+  if (!a)
+    return -1;
+
+  if (!b)
+    return 1;
+
+  NS_ENSURE_TRUE(cache && a && b, 0);
+
+  CompareCacheHashEntry *ace = getCacheEntry(cache, a);
+  CompareCacheHashEntry *bce = getCacheEntry(cache, b);
+
+  int32_t cmp;
+  cmp = CmpByCrit(a, ace, b, bce, c0, 0);
+  if (cmp != 0)
+    return cmp;
+
+  if (c1 != sort_None) {
+    cmp = CmpByCrit(a, ace, b, bce, c1, 1);
+    if (cmp != 0)
+      return cmp;
+    
+    if (c2 != sort_None) {
+      return CmpByCrit(a, ace, b, bce, c2, 2);
+    }
+  }
+
+  return cmp;
+}
+
+int32_t
+nsCertTree::CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Org, sort_Token);
+}
+
+int32_t
+nsCertTree::CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_CommonName, sort_None);
+}
+
+int32_t
+nsCertTree::CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Token, sort_IssuedDateDescending);
+}
+
+int32_t
+nsCertTree::CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b)
+{
+  // XXX we assume issuer org is always criterion 1
+  return CmpBy(cache, a, b, sort_IssuerOrg, sort_Email, sort_CommonName);
+}
+
diff --git a/security/manager/ssl/nsCertTree.h b/security/manager/ssl/nsCertTree.h
new file mode 100644
index 000000000..bf17b4efa
--- /dev/null
+++ b/security/manager/ssl/nsCertTree.h
@@ -0,0 +1,154 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_CERTTREE_H_
+#define _NS_CERTTREE_H_
+
+#include "nsCOMPtr.h"
+#include "nsIServiceManager.h"
+#include "nsICertTree.h"
+#include "nsITreeView.h"
+#include "nsITreeBoxObject.h"
+#include "nsITreeSelection.h"
+#include "nsIMutableArray.h"
+#include "nsNSSComponent.h"
+#include "nsTArray.h"
+#include "PLDHashTable.h"
+#include "nsIX509CertDB.h"
+#include "nsCertOverrideService.h"
+#include "mozilla/Attributes.h"
+
+typedef struct treeArrayElStr treeArrayEl;
+
+struct CompareCacheHashEntry {
+  enum { max_criterions = 3 };
+  CompareCacheHashEntry();
+
+  void *key; // no ownership
+  bool mCritInit[max_criterions];
+  nsXPIDLString mCrit[max_criterions];
+};
+
+struct CompareCacheHashEntryPtr : PLDHashEntryHdr {
+  CompareCacheHashEntryPtr();
+  ~CompareCacheHashEntryPtr();
+  CompareCacheHashEntry *entry;
+};
+
+class nsCertAddonInfo final : public nsISupports
+{
+private:
+  ~nsCertAddonInfo() {}
+
+public:
+  NS_DECL_ISUPPORTS
+
+  nsCertAddonInfo() : mUsageCount(0) {}
+
+  RefPtr<nsIX509Cert> mCert;
+  // how many display entries reference this?
+  // (and therefore depend on the underlying cert)
+  int32_t mUsageCount;
+};
+
+class nsCertTreeDispInfo : public nsICertTreeItem
+{
+protected:
+  virtual ~nsCertTreeDispInfo();
+
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREEITEM
+
+  nsCertTreeDispInfo();
+  nsCertTreeDispInfo(nsCertTreeDispInfo &other);
+
+  RefPtr<nsCertAddonInfo> mAddonInfo;
+  enum {
+    direct_db, host_port_override
+  } mTypeOfEntry;
+  nsCString mAsciiHost;
+  int32_t mPort;
+  nsCertOverride::OverrideBits mOverrideBits;
+  bool mIsTemporary;
+  nsCOMPtr<nsIX509Cert> mCert;
+};
+
+class nsCertTree : public nsICertTree
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICERTTREE
+  NS_DECL_NSITREEVIEW
+
+  nsCertTree();
+
+  enum sortCriterion { sort_IssuerOrg, sort_Org, sort_Token, 
+    sort_CommonName, sort_IssuedDateDescending, sort_Email, sort_None };
+
+protected:
+  virtual ~nsCertTree();
+
+  void ClearCompareHash();
+  void RemoveCacheEntry(void *key);
+
+  typedef int (*nsCertCompareFunc)(void *, nsIX509Cert *a, nsIX509Cert *b);
+
+  static CompareCacheHashEntry *getCacheEntry(void *cache, void *aCert);
+  static void CmpInitCriterion(nsIX509Cert *cert, CompareCacheHashEntry *entry,
+                               sortCriterion crit, int32_t level);
+  static int32_t CmpByCrit(nsIX509Cert *a, CompareCacheHashEntry *ace, 
+                           nsIX509Cert *b, CompareCacheHashEntry *bce, 
+                           sortCriterion crit, int32_t level);
+  static int32_t CmpBy(void *cache, nsIX509Cert *a, nsIX509Cert *b, 
+                       sortCriterion c0, sortCriterion c1, sortCriterion c2);
+  static int32_t CmpCACert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpWebSiteCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpUserCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  static int32_t CmpEmailCert(void *cache, nsIX509Cert *a, nsIX509Cert *b);
+  nsCertCompareFunc GetCompareFuncFromCertType(uint32_t aType);
+  int32_t CountOrganizations();
+
+  nsresult GetCertsByType(uint32_t aType, nsCertCompareFunc aCertCmpFn,
+                          void *aCertCmpFnArg);
+
+  nsresult GetCertsByTypeFromCache(nsIX509CertList *aCache, uint32_t aType,
+                                   nsCertCompareFunc aCertCmpFn, void *aCertCmpFnArg);
+private:
+  static const uint32_t kInitialCacheLength = 64;
+
+  nsTArray< RefPtr<nsCertTreeDispInfo> > mDispInfo;
+  nsCOMPtr<nsITreeBoxObject>  mTree;
+  nsCOMPtr<nsITreeSelection>  mSelection;
+  treeArrayEl                *mTreeArray;
+  int32_t                         mNumOrgs;
+  int32_t                         mNumRows;
+  PLDHashTable mCompareCache;
+  nsCOMPtr<nsINSSComponent> mNSSComponent;
+  nsCOMPtr<nsICertOverrideService> mOverrideService;
+  RefPtr<nsCertOverrideService> mOriginalOverrideService;
+
+  treeArrayEl *GetThreadDescAtIndex(int32_t _index);
+  already_AddRefed<nsIX509Cert> 
+    GetCertAtIndex(int32_t _index, int32_t *outAbsoluteCertOffset = nullptr);
+  already_AddRefed<nsCertTreeDispInfo>
+    GetDispInfoAtIndex(int32_t index, int32_t *outAbsoluteCertOffset = nullptr);
+  void FreeCertArray();
+  nsresult UpdateUIContents();
+
+  nsresult GetCertsByTypeFromCertList(CERTCertList *aCertList,
+                                      uint32_t aType,
+                                      nsCertCompareFunc  aCertCmpFn,
+                                      void              *aCertCmpFnArg);
+
+  nsCOMPtr<nsIMutableArray> mCellText;
+
+#ifdef DEBUG_CERT_TREE
+  /* for debugging purposes */
+  void dumpMap();
+#endif
+};
+
+#endif /* _NS_CERTTREE_H_ */
+
diff --git a/security/manager/ssl/nsClientAuthRemember.cpp b/security/manager/ssl/nsClientAuthRemember.cpp
new file mode 100644
index 000000000..059955901
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.cpp
@@ -0,0 +1,213 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsClientAuthRemember.h"
+
+#include "nsIX509Cert.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/RefPtr.h"
+#include "nsCRT.h"
+#include "nsNSSCertHelper.h"
+#include "nsIObserverService.h"
+#include "nsNetUtil.h"
+#include "nsISupportsPrimitives.h"
+#include "nsPromiseFlatString.h"
+#include "nsThreadUtils.h"
+#include "nsStringBuffer.h"
+#include "cert.h"
+#include "nspr.h"
+#include "pk11pub.h"
+#include "certdb.h"
+#include "sechash.h"
+#include "SharedSSLState.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsClientAuthRememberService,
+                  nsIObserver,
+                  nsISupportsWeakReference)
+
+nsClientAuthRememberService::nsClientAuthRememberService()
+  : monitor("nsClientAuthRememberService.monitor")
+{
+}
+
+nsClientAuthRememberService::~nsClientAuthRememberService()
+{
+  RemoveAllFromMemory();
+}
+
+nsresult
+nsClientAuthRememberService::Init()
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsClientAuthRememberService::Init called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+  if (observerService) {
+    observerService->AddObserver(this, "profile-before-change", true);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsClientAuthRememberService::Observe(nsISupports* aSubject,
+                                     const char* aTopic,
+                                     const char16_t* aData)
+{
+  // check the topic
+  if (!nsCRT::strcmp(aTopic, "profile-before-change")) {
+    // The profile is about to change,
+    // or is going away because the application is shutting down.
+
+    ReentrantMonitorAutoEnter lock(monitor);
+    RemoveAllFromMemory();
+  }
+
+  return NS_OK;
+}
+
+void nsClientAuthRememberService::ClearRememberedDecisions()
+{
+  ReentrantMonitorAutoEnter lock(monitor);
+  RemoveAllFromMemory();
+}
+
+void nsClientAuthRememberService::ClearAllRememberedDecisions()
+{
+  RefPtr<nsClientAuthRememberService> svc =
+    PublicSSLState()->GetClientAuthRememberService();
+  svc->ClearRememberedDecisions();
+
+  svc = PrivateSSLState()->GetClientAuthRememberService();
+  svc->ClearRememberedDecisions();
+}
+
+void
+nsClientAuthRememberService::RemoveAllFromMemory()
+{
+  mSettingsTable.Clear();
+}
+
+nsresult
+nsClientAuthRememberService::RememberDecision(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  CERTCertificate* aServerCert, CERTCertificate* aClientCert)
+{
+  // aClientCert == nullptr means: remember that user does not want to use a cert
+  NS_ENSURE_ARG_POINTER(aServerCert);
+  if (aHostName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsAutoCString fpStr;
+  nsresult rv = GetCertFingerprintByOidTag(aServerCert, SEC_OID_SHA256, fpStr);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    if (aClientCert) {
+      RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(aClientCert));
+      nsAutoCString dbkey;
+      rv = pipCert->GetDbKey(dbkey);
+      if (NS_SUCCEEDED(rv)) {
+        AddEntryToList(aHostName, aOriginAttributes, fpStr, dbkey);
+      }
+    } else {
+      nsCString empty;
+      AddEntryToList(aHostName, aOriginAttributes, fpStr, empty);
+    }
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsClientAuthRememberService::HasRememberedDecision(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  CERTCertificate* aCert, nsACString& aCertDBKey, bool* aRetVal)
+{
+  if (aHostName.IsEmpty())
+    return NS_ERROR_INVALID_ARG;
+
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aRetVal);
+  *aRetVal = false;
+
+  nsresult rv;
+  nsAutoCString fpStr;
+  rv = GetCertFingerprintByOidTag(aCert, SEC_OID_SHA256, fpStr);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsAutoCString entryKey;
+  GetEntryKey(aHostName, aOriginAttributes, fpStr, entryKey);
+  nsClientAuthRemember settings;
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsClientAuthRememberEntry* entry = mSettingsTable.GetEntry(entryKey.get());
+    if (!entry)
+      return NS_OK;
+    settings = entry->mSettings; // copy
+  }
+
+  aCertDBKey = settings.mDBKey;
+  *aRetVal = true;
+  return NS_OK;
+}
+
+nsresult
+nsClientAuthRememberService::AddEntryToList(
+  const nsACString& aHostName, const NeckoOriginAttributes& aOriginAttributes,
+  const nsACString& aFingerprint, const nsACString& aDBKey)
+{
+  nsAutoCString entryKey;
+  GetEntryKey(aHostName, aOriginAttributes, aFingerprint, entryKey);
+
+  {
+    ReentrantMonitorAutoEnter lock(monitor);
+    nsClientAuthRememberEntry* entry = mSettingsTable.PutEntry(entryKey.get());
+
+    if (!entry) {
+      NS_ERROR("can't insert a null entry!");
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+
+    entry->mEntryKey = entryKey;
+
+    nsClientAuthRemember& settings = entry->mSettings;
+    settings.mAsciiHost = aHostName;
+    settings.mFingerprint = aFingerprint;
+    settings.mDBKey = aDBKey;
+  }
+
+  return NS_OK;
+}
+
+void
+nsClientAuthRememberService::GetEntryKey(
+  const nsACString& aHostName,
+  const NeckoOriginAttributes& aOriginAttributes,
+  const nsACString& aFingerprint,
+  nsACString& aEntryKey)
+{
+  nsAutoCString hostCert(aHostName);
+  nsAutoCString suffix;
+  aOriginAttributes.CreateSuffix(suffix);
+  hostCert.Append(suffix);
+  hostCert.Append(':');
+  hostCert.Append(aFingerprint);
+
+  aEntryKey.Assign(hostCert);
+}
diff --git a/security/manager/ssl/nsClientAuthRemember.h b/security/manager/ssl/nsClientAuthRemember.h
new file mode 100644
index 000000000..1be5601ce
--- /dev/null
+++ b/security/manager/ssl/nsClientAuthRemember.h
@@ -0,0 +1,155 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __NSCLIENTAUTHREMEMBER_H__
+#define __NSCLIENTAUTHREMEMBER_H__
+
+#include "mozilla/ReentrantMonitor.h"
+#include "nsTHashtable.h"
+#include "nsIObserver.h"
+#include "nsIX509Cert.h"
+#include "nsNSSCertificate.h"
+#include "nsString.h"
+#include "nsWeakReference.h"
+#include "mozilla/Attributes.h"
+
+namespace mozilla {
+  class NeckoOriginAttributes;
+}
+
+using mozilla::NeckoOriginAttributes;
+
+class nsClientAuthRemember
+{
+public:
+
+  nsClientAuthRemember()
+  {
+  }
+
+  nsClientAuthRemember(const nsClientAuthRemember& aOther)
+  {
+    this->operator=(aOther);
+  }
+
+  nsClientAuthRemember& operator=(const nsClientAuthRemember& aOther)
+  {
+    mAsciiHost = aOther.mAsciiHost;
+    mFingerprint = aOther.mFingerprint;
+    mDBKey = aOther.mDBKey;
+    return *this;
+  }
+
+  nsCString mAsciiHost;
+  nsCString mFingerprint;
+  nsCString mDBKey;
+};
+
+
+// hash entry class
+class nsClientAuthRememberEntry final : public PLDHashEntryHdr
+{
+  public:
+    // Hash methods
+    typedef const char* KeyType;
+    typedef const char* KeyTypePointer;
+
+    // do nothing with aHost - we require mHead to be set before we're live!
+    explicit nsClientAuthRememberEntry(KeyTypePointer aHostWithCertUTF8)
+    {
+    }
+
+    nsClientAuthRememberEntry(const nsClientAuthRememberEntry& aToCopy)
+    {
+      mSettings = aToCopy.mSettings;
+    }
+
+    ~nsClientAuthRememberEntry()
+    {
+    }
+
+    KeyType GetKey() const
+    {
+      return EntryKeyPtr();
+    }
+
+    KeyTypePointer GetKeyPointer() const
+    {
+      return EntryKeyPtr();
+    }
+
+    bool KeyEquals(KeyTypePointer aKey) const
+    {
+      return !strcmp(EntryKeyPtr(), aKey);
+    }
+
+    static KeyTypePointer KeyToPointer(KeyType aKey)
+    {
+      return aKey;
+    }
+
+    static PLDHashNumber HashKey(KeyTypePointer aKey)
+    {
+      return PLDHashTable::HashStringKey(aKey);
+    }
+
+    enum { ALLOW_MEMMOVE = false };
+
+    // get methods
+    inline const nsCString& GetEntryKey() const { return mEntryKey; }
+
+    inline KeyTypePointer EntryKeyPtr() const
+    {
+      return mEntryKey.get();
+    }
+
+    nsClientAuthRemember mSettings;
+    nsCString mEntryKey;
+};
+
+class nsClientAuthRememberService final : public nsIObserver,
+                                          public nsSupportsWeakReference
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  nsClientAuthRememberService();
+
+  nsresult Init();
+
+  static void GetEntryKey(const nsACString& aHostName,
+                          const NeckoOriginAttributes& aOriginAttributes,
+                          const nsACString& aFingerprint,
+                          /*out*/ nsACString& aEntryKey);
+
+  nsresult RememberDecision(const nsACString& aHostName,
+                            const NeckoOriginAttributes& aOriginAttributes,
+                            CERTCertificate* aServerCert,
+                            CERTCertificate* aClientCert);
+
+  nsresult HasRememberedDecision(const nsACString& aHostName,
+                                 const NeckoOriginAttributes& aOriginAttributes,
+                                 CERTCertificate* aServerCert,
+                                 nsACString& aCertDBKey, bool* aRetVal);
+
+  void ClearRememberedDecisions();
+  static void ClearAllRememberedDecisions();
+
+protected:
+    ~nsClientAuthRememberService();
+
+    mozilla::ReentrantMonitor monitor;
+    nsTHashtable<nsClientAuthRememberEntry> mSettingsTable;
+
+    void RemoveAllFromMemory();
+    nsresult AddEntryToList(const nsACString& aHost,
+                            const NeckoOriginAttributes& aOriginAttributes,
+                            const nsACString& aServerFingerprint,
+                            const nsACString& aDBKey);
+};
+
+#endif
diff --git a/security/manager/ssl/nsCrypto.cpp b/security/manager/ssl/nsCrypto.cpp
new file mode 100644
index 000000000..361257968
--- /dev/null
+++ b/security/manager/ssl/nsCrypto.cpp
@@ -0,0 +1,113 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCrypto.h"
+
+#include "nsNSSComponent.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "ScopedNSSTypes.h"
+
+// QueryInterface implementation for nsPkcs11
+NS_INTERFACE_MAP_BEGIN(nsPkcs11)
+  NS_INTERFACE_MAP_ENTRY(nsIPKCS11)
+  NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+NS_IMPL_ADDREF(nsPkcs11)
+NS_IMPL_RELEASE(nsPkcs11)
+
+nsPkcs11::nsPkcs11()
+{
+}
+
+nsPkcs11::~nsPkcs11()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+// Delete a PKCS11 module from the user's profile.
+NS_IMETHODIMP
+nsPkcs11::DeleteModule(const nsAString& aModuleName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ConvertUTF16toUTF8 moduleName(aModuleName);
+  // Introduce additional scope for module so all references to it are released
+  // before we call SECMOD_DeleteModule, below.
+#ifndef MOZ_NO_SMART_CARDS
+  {
+    mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
+    if (!module) {
+      return NS_ERROR_FAILURE;
+    }
+    nsCOMPtr<nsINSSComponent> nssComponent(
+      do_GetService(PSM_COMPONENT_CONTRACTID));
+    nssComponent->ShutdownSmartCardThread(module.get());
+  }
+#endif
+
+  // modType is an output variable. We ignore it.
+  int32_t modType;
+  SECStatus srv = SECMOD_DeleteModule(moduleName.get(), &modType);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+// Add a new PKCS11 module to the user's profile.
+NS_IMETHODIMP
+nsPkcs11::AddModule(const nsAString& aModuleName,
+                    const nsAString& aLibraryFullPath,
+                    int32_t aCryptoMechanismFlags,
+                    int32_t aCipherFlags)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aModuleName.IsEmpty()) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ConvertUTF16toUTF8 moduleName(aModuleName);
+  nsCString fullPath;
+  // NSS doesn't support Unicode path.  Use native charset
+  NS_CopyUnicodeToNative(aLibraryFullPath, fullPath);
+  uint32_t mechFlags = SECMOD_PubMechFlagstoInternal(aCryptoMechanismFlags);
+  uint32_t cipherFlags = SECMOD_PubCipherFlagstoInternal(aCipherFlags);
+  SECStatus srv = SECMOD_AddNewModule(moduleName.get(), fullPath.get(),
+                                      mechFlags, cipherFlags);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+#ifndef MOZ_NO_SMART_CARDS
+  mozilla::UniqueSECMODModule module(SECMOD_FindModule(moduleName.get()));
+  if (!module) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsINSSComponent> nssComponent(
+    do_GetService(PSM_COMPONENT_CONTRACTID));
+  nssComponent->LaunchSmartCardThread(module.get());
+#endif
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsCrypto.h b/security/manager/ssl/nsCrypto.h
new file mode 100644
index 000000000..ec231b471
--- /dev/null
+++ b/security/manager/ssl/nsCrypto.h
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _nsCrypto_h_
+#define _nsCrypto_h_
+
+#include "nsIPKCS11.h"
+
+#include "nsNSSShutDown.h"
+
+#define NS_PKCS11_CID \
+  {0x74b7a390, 0x3b41, 0x11d4, { 0x8a, 0x80, 0x00, 0x60, 0x08, 0xc8, 0x44, 0xc3} }
+
+class nsPkcs11 : public nsIPKCS11
+               , public nsNSSShutDownObject
+{
+public:
+  nsPkcs11();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11
+
+protected:
+  virtual ~nsPkcs11();
+
+private:
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif //_nsCrypto_h_
diff --git a/security/manager/ssl/nsCryptoHash.cpp b/security/manager/ssl/nsCryptoHash.cpp
new file mode 100644
index 000000000..d57eb5f58
--- /dev/null
+++ b/security/manager/ssl/nsCryptoHash.cpp
@@ -0,0 +1,438 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <algorithm>
+
+#include "nsCryptoHash.h"
+
+#include "nsIInputStream.h"
+#include "nsIKeyModule.h"
+
+#include "nsString.h"
+
+#include "sechash.h"
+#include "pk11pub.h"
+#include "base64.h"
+
+#define NS_CRYPTO_HASH_BUFFER_SIZE 4096
+
+//---------------------------------------------
+// Implementing nsICryptoHash
+//---------------------------------------------
+
+nsCryptoHash::nsCryptoHash()
+  : mHashContext(nullptr)
+  , mInitialized(false)
+{
+}
+
+nsCryptoHash::~nsCryptoHash()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsCryptoHash::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsCryptoHash::destructorSafeDestroyNSSReference()
+{
+  if (mHashContext)
+    HASH_Destroy(mHashContext);
+  mHashContext = nullptr;
+}
+
+NS_IMPL_ISUPPORTS(nsCryptoHash, nsICryptoHash)
+
+NS_IMETHODIMP 
+nsCryptoHash::Init(uint32_t algorithm)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  HASH_HashType hashType = (HASH_HashType)algorithm;
+  if (mHashContext)
+  {
+    if ((!mInitialized) && (HASH_GetType(mHashContext) == hashType))
+    {
+      mInitialized = true;
+      HASH_Begin(mHashContext);
+      return NS_OK;
+    }
+
+    // Destroy current hash context if the type was different
+    // or Finish method wasn't called.
+    HASH_Destroy(mHashContext);
+    mInitialized = false;
+  }
+
+  mHashContext = HASH_Create(hashType);
+  if (!mHashContext)
+    return NS_ERROR_INVALID_ARG;
+
+  HASH_Begin(mHashContext);
+  mInitialized = true;
+  return NS_OK; 
+}
+
+NS_IMETHODIMP
+nsCryptoHash::InitWithString(const nsACString & aAlgorithm)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("md2"))
+    return Init(nsICryptoHash::MD2);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("md5"))
+    return Init(nsICryptoHash::MD5);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha1"))
+    return Init(nsICryptoHash::SHA1);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha256"))
+    return Init(nsICryptoHash::SHA256);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha384"))
+    return Init(nsICryptoHash::SHA384);
+
+  if (aAlgorithm.LowerCaseEqualsLiteral("sha512"))
+    return Init(nsICryptoHash::SHA512);
+
+  return NS_ERROR_INVALID_ARG;
+}
+
+NS_IMETHODIMP
+nsCryptoHash::Update(const uint8_t *data, uint32_t len)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  HASH_Update(mHashContext, data, len);
+  return NS_OK; 
+}
+
+NS_IMETHODIMP
+nsCryptoHash::UpdateFromStream(nsIInputStream *data, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!data)
+    return NS_ERROR_INVALID_ARG;
+
+  uint64_t n;
+  nsresult rv = data->Available(&n);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // if the user has passed UINT32_MAX, then read
+  // everything in the stream
+
+  uint64_t len = aLen;
+  if (aLen == UINT32_MAX)
+    len = n;
+
+  // So, if the stream has NO data available for the hash,
+  // or if the data available is less then what the caller
+  // requested, we can not fulfill the hash update.  In this
+  // case, just return NS_ERROR_NOT_AVAILABLE indicating
+  // that there is not enough data in the stream to satisify
+  // the request.
+
+  if (n == 0 || n < len)
+    return NS_ERROR_NOT_AVAILABLE;
+  
+  char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
+  uint32_t read, readLimit;
+  
+  while(NS_SUCCEEDED(rv) && len>0)
+  {
+    readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
+    
+    rv = data->Read(buffer, readLimit, &read);
+    
+    if (NS_SUCCEEDED(rv))
+      rv = Update((const uint8_t*)buffer, read);
+    
+    len -= read;
+  }
+  
+  return rv;
+}
+
+NS_IMETHODIMP
+nsCryptoHash::Finish(bool ascii, nsACString & _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  
+  if (!mInitialized)
+    return NS_ERROR_NOT_INITIALIZED;
+  
+  uint32_t hashLen = 0;
+  unsigned char buffer[HASH_LENGTH_MAX];
+  unsigned char* pbuffer = buffer;
+
+  HASH_End(mHashContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
+
+  mInitialized = false;
+
+  if (ascii)
+  {
+    UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen));
+    NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
+
+    _retval.Assign(asciiData.get());
+  }
+  else
+  {
+    _retval.Assign((const char*)buffer, hashLen);
+  }
+
+  return NS_OK;
+}
+
+//---------------------------------------------
+// Implementing nsICryptoHMAC
+//---------------------------------------------
+
+NS_IMPL_ISUPPORTS(nsCryptoHMAC, nsICryptoHMAC)
+
+nsCryptoHMAC::nsCryptoHMAC()
+{
+  mHMACContext = nullptr;
+}
+
+nsCryptoHMAC::~nsCryptoHMAC()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsCryptoHMAC::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsCryptoHMAC::destructorSafeDestroyNSSReference()
+{
+  if (mHMACContext)
+    PK11_DestroyContext(mHMACContext, true);
+  mHMACContext = nullptr;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Init(uint32_t aAlgorithm, nsIKeyObject *aKeyObject)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (mHMACContext)
+  {
+    PK11_DestroyContext(mHMACContext, true);
+    mHMACContext = nullptr;
+  }
+
+  CK_MECHANISM_TYPE HMACMechType;
+  switch (aAlgorithm)
+  {
+  case nsCryptoHMAC::MD2:
+    HMACMechType = CKM_MD2_HMAC; break;
+  case nsCryptoHMAC::MD5:
+    HMACMechType = CKM_MD5_HMAC; break;
+  case nsCryptoHMAC::SHA1:
+    HMACMechType = CKM_SHA_1_HMAC; break;
+  case nsCryptoHMAC::SHA256:
+    HMACMechType = CKM_SHA256_HMAC; break;
+  case nsCryptoHMAC::SHA384:
+    HMACMechType = CKM_SHA384_HMAC; break;
+  case nsCryptoHMAC::SHA512:
+    HMACMechType = CKM_SHA512_HMAC; break;
+  default:
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  NS_ENSURE_ARG_POINTER(aKeyObject);
+
+  nsresult rv;
+
+  int16_t keyType;
+  rv = aKeyObject->GetType(&keyType);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  NS_ENSURE_TRUE(keyType == nsIKeyObject::SYM_KEY, NS_ERROR_INVALID_ARG);
+
+  PK11SymKey* key;
+  // GetKeyObj doesn't addref the key
+  rv = aKeyObject->GetKeyObj(&key);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  SECItem rawData;
+  rawData.data = 0;
+  rawData.len = 0;
+  mHMACContext = PK11_CreateContextBySymKey(
+      HMACMechType, CKA_SIGN, key, &rawData);
+  NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
+
+  SECStatus ss = PK11_DigestBegin(mHMACContext);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Update(const uint8_t *aData, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!aData)
+    return NS_ERROR_INVALID_ARG;
+
+  SECStatus ss = PK11_DigestOp(mHMACContext, aData, aLen);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+  
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::UpdateFromStream(nsIInputStream *aStream, uint32_t aLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  if (!aStream)
+    return NS_ERROR_INVALID_ARG;
+
+  uint64_t n;
+  nsresult rv = aStream->Available(&n);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // if the user has passed UINT32_MAX, then read
+  // everything in the stream
+
+  uint64_t len = aLen;
+  if (aLen == UINT32_MAX)
+    len = n;
+
+  // So, if the stream has NO data available for the hash,
+  // or if the data available is less then what the caller
+  // requested, we can not fulfill the HMAC update.  In this
+  // case, just return NS_ERROR_NOT_AVAILABLE indicating
+  // that there is not enough data in the stream to satisify
+  // the request.
+
+  if (n == 0 || n < len)
+    return NS_ERROR_NOT_AVAILABLE;
+  
+  char buffer[NS_CRYPTO_HASH_BUFFER_SIZE];
+  uint32_t read, readLimit;
+  
+  while(NS_SUCCEEDED(rv) && len > 0)
+  {
+    readLimit = (uint32_t)std::min<uint64_t>(NS_CRYPTO_HASH_BUFFER_SIZE, len);
+    
+    rv = aStream->Read(buffer, readLimit, &read);
+    if (read == 0)
+      return NS_BASE_STREAM_CLOSED;
+    
+    if (NS_SUCCEEDED(rv))
+      rv = Update((const uint8_t*)buffer, read);
+    
+    len -= read;
+  }
+  
+  return rv;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Finish(bool aASCII, nsACString & _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mHMACContext)
+    return NS_ERROR_NOT_INITIALIZED;
+
+  uint32_t hashLen = 0;
+  unsigned char buffer[HASH_LENGTH_MAX];
+  unsigned char* pbuffer = buffer;
+
+  PK11_DigestFinal(mHMACContext, pbuffer, &hashLen, HASH_LENGTH_MAX);
+  if (aASCII)
+  {
+    UniquePORTString asciiData(BTOA_DataToAscii(buffer, hashLen));
+    NS_ENSURE_TRUE(asciiData, NS_ERROR_OUT_OF_MEMORY);
+
+    _retval.Assign(asciiData.get());
+  }
+  else
+  {
+    _retval.Assign((const char*)buffer, hashLen);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsCryptoHMAC::Reset()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECStatus ss = PK11_DigestBegin(mHMACContext);
+  NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsCryptoHash.h b/security/manager/ssl/nsCryptoHash.h
new file mode 100644
index 000000000..194f274d6
--- /dev/null
+++ b/security/manager/ssl/nsCryptoHash.h
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsCryptoHash_h_
+#define _nsCryptoHash_h_
+
+#include "nsICryptoHash.h"
+#include "nsICryptoHMAC.h"
+#include "nsNSSShutDown.h"
+#include "hasht.h"
+#include "secmodt.h"
+
+class nsIInputStream;
+
+#define NS_CRYPTO_HASH_CID {0x36a1d3b3, 0xd886, 0x4317, {0x96, 0xff, 0x87, 0xb0, 0x00, 0x5c, 0xfe, 0xf7}}
+#define NS_CRYPTO_HMAC_CID {0xa496d0a2, 0xdff7, 0x4e23, {0xbd, 0x65, 0x1c, 0xa7, 0x42, 0xfa, 0x17, 0x8a}}
+
+class nsCryptoHash final : public nsICryptoHash, public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICRYPTOHASH
+
+  nsCryptoHash();
+
+private:
+  ~nsCryptoHash();
+
+  HASHContext* mHashContext;
+  bool mInitialized;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class nsCryptoHMAC : public nsICryptoHMAC, public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSICRYPTOHMAC
+
+  nsCryptoHMAC();
+
+private:
+  ~nsCryptoHMAC();
+  PK11Context* mHMACContext;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+#endif // _nsCryptoHash_h_
+
diff --git a/security/manager/ssl/nsDataSignatureVerifier.cpp b/security/manager/ssl/nsDataSignatureVerifier.cpp
new file mode 100644
index 000000000..e67ff2406
--- /dev/null
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -0,0 +1,336 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsDataSignatureVerifier.h"
+
+#include "cms.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsNSSComponent.h"
+#include "nssb64.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "ScopedNSSTypes.h"
+#include "secerr.h"
+#include "SharedCertVerifier.h"
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::psm;
+
+SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
+
+NS_IMPL_ISUPPORTS(nsDataSignatureVerifier, nsIDataSignatureVerifier)
+
+const SEC_ASN1Template CERT_SignatureDataTemplate[] =
+{
+    { SEC_ASN1_SEQUENCE,
+        0, nullptr, sizeof(CERTSignedData) },
+    { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
+        offsetof(CERTSignedData,signatureAlgorithm),
+        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate), },
+    { SEC_ASN1_BIT_STRING,
+        offsetof(CERTSignedData,signature), },
+    { 0, }
+};
+
+nsDataSignatureVerifier::~nsDataSignatureVerifier()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsDataSignatureVerifier::VerifyData(const nsACString& aData,
+                                    const nsACString& aSignature,
+                                    const nsACString& aPublicKey,
+                                    bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // Allocate an arena to handle the majority of the allocations
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Base 64 decode the key
+  SECItem keyItem;
+  PORT_Memset(&keyItem, 0, sizeof(SECItem));
+  if (!NSSBase64_DecodeBuffer(arena.get(), &keyItem,
+                              PromiseFlatCString(aPublicKey).get(),
+                              aPublicKey.Length())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Extract the public key from the data
+  UniqueCERTSubjectPublicKeyInfo pki(
+    SECKEY_DecodeDERSubjectPublicKeyInfo(&keyItem));
+  if (!pki) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueSECKEYPublicKey publicKey(SECKEY_ExtractPublicKey(pki.get()));
+  if (!publicKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Base 64 decode the signature
+  SECItem signatureItem;
+  PORT_Memset(&signatureItem, 0, sizeof(SECItem));
+  if (!NSSBase64_DecodeBuffer(arena.get(), &signatureItem,
+                              PromiseFlatCString(aSignature).get(),
+                              aSignature.Length())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Decode the signature and algorithm
+  CERTSignedData sigData;
+  PORT_Memset(&sigData, 0, sizeof(CERTSignedData));
+  SECStatus srv = SEC_QuickDERDecodeItem(arena.get(), &sigData,
+                                         CERT_SignatureDataTemplate,
+                                         &signatureItem);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Perform the final verification
+  DER_ConvertBitString(&(sigData.signature));
+  srv = VFY_VerifyDataWithAlgorithmID(
+    BitwiseCast<const unsigned char*, const char*>(
+      PromiseFlatCString(aData).get()),
+    aData.Length(), publicKey.get(), &(sigData.signature),
+    &(sigData.signatureAlgorithm), nullptr, nullptr);
+
+  *_retval = (srv == SECSuccess);
+
+  return NS_OK;
+}
+
+namespace mozilla {
+
+nsresult
+VerifyCMSDetachedSignatureIncludingCertificate(
+  const SECItem& buffer, const SECItem& detachedDigest,
+  nsresult (*verifyCertificate)(CERTCertificate* cert, void* context,
+                                void* pinArg),
+  void* verifyCertificateContext, void* pinArg,
+  const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  // XXX: missing pinArg is tolerated.
+  if (NS_WARN_IF(!buffer.data && buffer.len > 0) ||
+      NS_WARN_IF(!detachedDigest.data && detachedDigest.len > 0) ||
+      (!verifyCertificate) ||
+      NS_WARN_IF(!verifyCertificateContext)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage
+    cmsMsg(NSS_CMSMessage_CreateFromDER(const_cast<SECItem*>(&buffer), nullptr,
+                                        nullptr, nullptr, nullptr, nullptr,
+                                        nullptr));
+  if (!cmsMsg) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  if (!NSS_CMSMessage_IsSigned(cmsMsg.get())) {
+    return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
+  if (!cinfo) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // We're expecting this to be a PKCS#7 signedData content info.
+  if (NSS_CMSContentInfo_GetContentTypeTag(cinfo)
+        != SEC_OID_PKCS7_SIGNED_DATA) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // signedData is non-owning
+  NSSCMSSignedData* signedData =
+    static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
+  if (!signedData) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
+  // Set digest value.
+  if (NSS_CMSSignedData_SetDigestValue(signedData, SEC_OID_SHA1,
+                                       const_cast<SECItem*>(&detachedDigest))) {
+    return NS_ERROR_CMS_VERIFY_BAD_DIGEST;
+  }
+
+  // Parse the certificates into CERTCertificate objects held in memory so
+  // verifyCertificate will be able to find them during path building.
+  UniqueCERTCertList certs(CERT_NewCertList());
+  if (!certs) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  if (signedData->rawCerts) {
+    for (size_t i = 0; signedData->rawCerts[i]; ++i) {
+      UniqueCERTCertificate
+        cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                     signedData->rawCerts[i], nullptr, false,
+                                     true));
+      // Skip certificates that fail to parse
+      if (!cert) {
+        continue;
+      }
+
+      if (CERT_AddCertToListTail(certs.get(), cert.get()) != SECSuccess) {
+        return NS_ERROR_OUT_OF_MEMORY;
+      }
+
+      Unused << cert.release(); // Ownership transferred to the cert list.
+    }
+  }
+
+  // Get the end-entity certificate.
+  int numSigners = NSS_CMSSignedData_SignerInfoCount(signedData);
+  if (NS_WARN_IF(numSigners != 1)) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+  // signer is non-owning.
+  NSSCMSSignerInfo* signer = NSS_CMSSignedData_GetSignerInfo(signedData, 0);
+  if (NS_WARN_IF(!signer)) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+  CERTCertificate* signerCert =
+    NSS_CMSSignerInfo_GetSigningCertificate(signer, CERT_GetDefaultCertDB());
+  if (!signerCert) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  nsresult rv = verifyCertificate(signerCert, verifyCertificateContext, pinArg);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  // See NSS_CMSContentInfo_GetContentTypeOID, which isn't exported from NSS.
+  SECOidData* contentTypeOidData =
+    SECOID_FindOID(&signedData->contentInfo.contentType);
+  if (!contentTypeOidData) {
+    return NS_ERROR_CMS_VERIFY_ERROR_PROCESSING;
+  }
+
+  return MapSECStatus(NSS_CMSSignerInfo_Verify(signer,
+                         const_cast<SECItem*>(&detachedDigest),
+                         &contentTypeOidData->oid));
+}
+
+} // namespace mozilla
+
+namespace {
+
+struct VerifyCertificateContext
+{
+  nsCOMPtr<nsIX509Cert> signingCert;
+  UniqueCERTCertList builtChain;
+};
+
+static nsresult
+VerifyCertificate(CERTCertificate* cert, void* voidContext, void* pinArg)
+{
+  // XXX: missing pinArg is tolerated
+  if (NS_WARN_IF(!cert) || NS_WARN_IF(!voidContext)) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  VerifyCertificateContext* context =
+    static_cast<VerifyCertificateContext*>(voidContext);
+
+  nsCOMPtr<nsIX509Cert> xpcomCert(nsNSSCertificate::Create(cert));
+  if (!xpcomCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  context->signingCert = xpcomCert;
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  mozilla::pkix::Result result =
+    certVerifier->VerifyCert(cert,
+                             certificateUsageObjectSigner,
+                             Now(), pinArg,
+                             nullptr, // hostname
+                             context->builtChain);
+  if (result != Success) {
+    return GetXPCOMFromNSSError(MapResultToPRErrorCode(result));
+  }
+
+  return NS_OK;
+}
+
+} // namespace
+
+NS_IMETHODIMP
+nsDataSignatureVerifier::VerifySignature(const char* aRSABuf,
+                                         uint32_t aRSABufLen,
+                                         const char* aPlaintext,
+                                         uint32_t aPlaintextLen,
+                                         int32_t* aErrorCode,
+                                         nsIX509Cert** aSigningCert)
+{
+  if (!aRSABuf || !aPlaintext || !aErrorCode || !aSigningCert) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aErrorCode = VERIFY_ERROR_OTHER;
+  *aSigningCert = nullptr;
+
+  Digest digest;
+  nsresult rv = digest.DigestBuf(
+    SEC_OID_SHA1,
+    BitwiseCast<const uint8_t*, const char*>(aPlaintext),
+    aPlaintextLen);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  SECItem buffer = {
+    siBuffer,
+    BitwiseCast<unsigned char*, const char*>(aRSABuf),
+    aRSABufLen
+  };
+
+  VerifyCertificateContext context;
+  // XXX: pinArg is missing
+  rv = VerifyCMSDetachedSignatureIncludingCertificate(buffer, digest.get(),
+                                                      VerifyCertificate,
+                                                      &context, nullptr, locker);
+  if (NS_SUCCEEDED(rv)) {
+    *aErrorCode = VERIFY_OK;
+  } else if (NS_ERROR_GET_MODULE(rv) == NS_ERROR_MODULE_SECURITY) {
+    if (rv == GetXPCOMFromNSSError(SEC_ERROR_UNKNOWN_ISSUER)) {
+      *aErrorCode = VERIFY_ERROR_UNKNOWN_ISSUER;
+    } else {
+      *aErrorCode = VERIFY_ERROR_OTHER;
+    }
+    rv = NS_OK;
+  }
+  if (rv == NS_OK) {
+    context.signingCert.forget(aSigningCert);
+  }
+
+  return rv;
+}
diff --git a/security/manager/ssl/nsDataSignatureVerifier.h b/security/manager/ssl/nsDataSignatureVerifier.h
new file mode 100644
index 000000000..485af70c8
--- /dev/null
+++ b/security/manager/ssl/nsDataSignatureVerifier.h
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsDataSignatureVerifier_h
+#define nsDataSignatureVerifier_h
+
+#include "certt.h"
+#include "nsIDataSignatureVerifier.h"
+#include "nsNSSShutDown.h"
+
+#define NS_DATASIGNATUREVERIFIER_CID \
+    { 0x296d76aa, 0x275b, 0x4f3c, \
+    { 0xaf, 0x8a, 0x30, 0xa4, 0x02, 0x6c, 0x18, 0xfc } }
+#define NS_DATASIGNATUREVERIFIER_CONTRACTID \
+    "@mozilla.org/security/datasignatureverifier;1"
+
+class nsDataSignatureVerifier final : public nsIDataSignatureVerifier
+                                    , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIDATASIGNATUREVERIFIER
+
+  nsDataSignatureVerifier()
+  {
+  }
+
+private:
+  ~nsDataSignatureVerifier();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+namespace mozilla {
+
+nsresult VerifyCMSDetachedSignatureIncludingCertificate(
+  const SECItem& buffer, const SECItem& detachedDigest,
+  nsresult (*verifyCertificate)(CERTCertificate* cert, void* context,
+                                void* pinArg),
+  void* verifyCertificateContext, void* pinArg,
+  const nsNSSShutDownPreventionLock& proofOfLock);
+
+} // namespace mozilla
+
+#endif // nsDataSignatureVerifier_h
diff --git a/security/manager/ssl/nsIASN1Object.idl b/security/manager/ssl/nsIASN1Object.idl
new file mode 100644
index 000000000..3996286b7
--- /dev/null
+++ b/security/manager/ssl/nsIASN1Object.idl
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * This represents an ASN.1 object,
+ * where ASN.1 is "Abstract Syntax Notation number One".
+ *
+ * The additional state information carried in this interface
+ * makes it fit for being used as the data structure
+ * when working with visual reprenstation of ASN.1 objects
+ * in a human user interface, like in a tree widget
+ * where open/close state of nodes must be remembered.
+ */
+[scriptable, uuid(ba8bf582-1dd1-11b2-898c-f40246bc9a63)]
+interface nsIASN1Object : nsISupports {
+
+  /**
+   *  Identifiers for the possible types of object.
+   */
+  const unsigned long ASN1_END_CONTENTS     = 0;
+  const unsigned long ASN1_BOOLEAN          = 1;
+  const unsigned long ASN1_INTEGER          = 2;
+  const unsigned long ASN1_BIT_STRING       = 3;
+  const unsigned long ASN1_OCTET_STRING     = 4;
+  const unsigned long ASN1_NULL             = 5; 
+  const unsigned long ASN1_OBJECT_ID        = 6;
+  const unsigned long ASN1_ENUMERATED       = 10;
+  const unsigned long ASN1_UTF8_STRING      = 12;
+  const unsigned long ASN1_SEQUENCE         = 16;
+  const unsigned long ASN1_SET              = 17;
+  const unsigned long ASN1_PRINTABLE_STRING = 19;
+  const unsigned long ASN1_T61_STRING       = 20;
+  const unsigned long ASN1_IA5_STRING       = 22;
+  const unsigned long ASN1_UTC_TIME         = 23;
+  const unsigned long ASN1_GEN_TIME         = 24;
+  const unsigned long ASN1_VISIBLE_STRING   = 26;
+  const unsigned long ASN1_UNIVERSAL_STRING = 28; 
+  const unsigned long ASN1_BMP_STRING       = 30;
+  const unsigned long ASN1_HIGH_TAG_NUMBER  = 31;
+  const unsigned long ASN1_CONTEXT_SPECIFIC = 32;
+  const unsigned long ASN1_APPLICATION      = 33;
+  const unsigned long ASN1_PRIVATE          = 34;
+
+  /**
+   *  "type" will be equal to one of the defined object identifiers.
+   */
+  attribute unsigned long type;
+
+
+  /**
+   *  This contains a tag as explained in ASN.1 standards documents.
+   */
+  attribute unsigned long tag;
+
+  /**
+   *  "displayName" contains a human readable explanatory label.
+   */
+  attribute AString displayName;
+
+  /**
+   *  "displayValue" contains the human readable value.
+   */
+  attribute AString displayValue;
+};
+
diff --git a/security/manager/ssl/nsIASN1PrintableItem.idl b/security/manager/ssl/nsIASN1PrintableItem.idl
new file mode 100644
index 000000000..84e6879c4
--- /dev/null
+++ b/security/manager/ssl/nsIASN1PrintableItem.idl
@@ -0,0 +1,15 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIASN1Object.idl"
+
+[scriptable, uuid(114e1142-1dd2-11b2-ac26-b6db19d9184a)]
+interface nsIASN1PrintableItem : nsIASN1Object {
+  [noscript] void setData(in charPtr data, in unsigned long len);
+  [noscript] void getData(out charPtr data, out unsigned long len);
+};
+
diff --git a/security/manager/ssl/nsIASN1Sequence.idl b/security/manager/ssl/nsIASN1Sequence.idl
new file mode 100644
index 000000000..c865f2bfc
--- /dev/null
+++ b/security/manager/ssl/nsIASN1Sequence.idl
@@ -0,0 +1,56 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIASN1Object.idl"
+
+interface nsIMutableArray;
+
+/**
+ * This represents a sequence of ASN.1 objects,
+ * where ASN.1 is "Abstract Syntax Notation number One".
+ *
+ * Overview of how this ASN1 interface is intended to
+ * work.
+ *
+ * First off, the nsIASN1Sequence is any type in ASN1
+ * that consists of sub-elements (ie SEQUENCE, SET)
+ * nsIASN1Printable Items are all the other types that
+ * can be viewed by themselves without interpreting further.
+ * Examples would include INTEGER, UTF-8 STRING, OID.
+ * These are not intended to directly reflect the numberous
+ * types that exist in ASN1, but merely an interface to ease
+ * producing a tree display the ASN1 structure of any DER
+ * object.
+ *
+ * The additional state information carried in this interface
+ * makes it fit for being used as the data structure
+ * when working with visual reprenstation of ASN.1 objects
+ * in a human user interface, like in a tree widget
+ * where open/close state of nodes must be remembered.
+ */
+[scriptable, uuid(b6b957e6-1dd1-11b2-89d7-e30624f50b00)]
+interface nsIASN1Sequence : nsIASN1Object {
+
+  /**
+   *  The array of objects stored in the sequence.
+   */
+  attribute nsIMutableArray ASN1Objects;
+
+  /**
+   *  Whether the node at this position in the ASN.1 data structure
+   *  sequence contains sub elements understood by the
+   *  application.
+   */
+  attribute boolean isValidContainer;
+
+  /**
+   *  Whether the contained objects should be shown or hidden.
+   *  A UI implementation can use this flag to store the current
+   *  expansion state when shown in a tree widget.
+   */
+  attribute boolean isExpanded;
+};
diff --git a/security/manager/ssl/nsIAssociatedContentSecurity.idl b/security/manager/ssl/nsIAssociatedContentSecurity.idl
new file mode 100644
index 000000000..666f141f9
--- /dev/null
+++ b/security/manager/ssl/nsIAssociatedContentSecurity.idl
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/**
+ * This interface is used to cache associated (sub) content security
+ * state. That is determined asynchronously based on callback notification
+ * while loading the content and its sub content particles. 
+ *
+ * Some optimizations like bfcaching removes these callback notifications
+ * and therefor the subcontent state could not be determined. In such
+ * a case it is loaded from this object stored in nsIChannel.securityInfo.
+ */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(a8285dae-f125-454f-9d1b-089e3f01b2c4)]
+interface nsIAssociatedContentSecurity : nsISupports
+{
+  attribute long countSubRequestsBrokenSecurity;
+  attribute long countSubRequestsNoSecurity;
+  void flush();
+};
diff --git a/security/manager/ssl/nsIBadCertListener2.idl b/security/manager/ssl/nsIBadCertListener2.idl
new file mode 100644
index 000000000..9cd1cd382
--- /dev/null
+++ b/security/manager/ssl/nsIBadCertListener2.idl
@@ -0,0 +1,32 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISSLStatus;
+interface nsIInterfaceRequestor;
+
+/**
+ * A mechanism to report a broken SSL status. The recipient should NOT block.
+ * Can be used to obtain the SSL handshake status of a connection
+ * that will be canceled because of improper cert status.
+ */
+[scriptable, uuid(2c3d268c-ad82-49f3-99aa-e9ffddd7a0dc)]
+interface nsIBadCertListener2 : nsISupports {
+
+  /**
+   *  @param socketInfo A network communication context that can be used to obtain more information
+   *                    about the active connection.
+   *  @param status The SSL status object that describes the problem(s).
+   *  @param targetSite The Site name that was used to open the current connection.
+   *
+   *  @return The consumer shall return true if it wants to suppress the error message
+   *          related to the bad cert (the connection will still get canceled).
+   */
+  boolean notifyCertProblem(in nsIInterfaceRequestor socketInfo, 
+                            in nsISSLStatus status,
+                            in AUTF8String targetSite);
+};
diff --git a/security/manager/ssl/nsICertBlocklist.idl b/security/manager/ssl/nsICertBlocklist.idl
new file mode 100644
index 000000000..5cf1c0952
--- /dev/null
+++ b/security/manager/ssl/nsICertBlocklist.idl
@@ -0,0 +1,61 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+%{C++
+#define NS_CERTBLOCKLIST_CONTRACTID "@mozilla.org/security/certblocklist;1"
+%}
+
+/**
+ * Represents a service to add certificates as explicitly blocked/distrusted.
+ */
+[scriptable, uuid(e0654480-f433-11e4-b939-0800200c9a66)]
+interface nsICertBlocklist : nsISupports {
+  /**
+   * Add details of a revoked certificate :
+   * issuer name (base-64 encoded DER) and serial number (base-64 encoded DER).
+   */
+   void revokeCertByIssuerAndSerial(in string issuer, in string serialNumber);
+
+  /**
+   * Add details of a revoked certificate :
+   * subject name (base-64 encoded DER) and hash of public key (base-64 encoded
+   * sha-256 hash of the public key).
+   */
+   void revokeCertBySubjectAndPubKey(in string subject, in string pubKeyHash);
+
+  /**
+   * Persist (fresh) blocklist entries to the profile (if a profile directory is
+   * available). Note: calling this will result in synchronous I/O.
+   */
+   void saveEntries();
+
+  /**
+   * Check if a certificate is blocked.
+   * isser - issuer name, DER encoded
+   * serial - serial number, DER encoded
+   * subject - subject name, DER encoded
+   * pubkey - public key, DER encoded
+   */
+   boolean isCertRevoked([const, array, size_is(issuer_length)] in octet issuer,
+                          in unsigned long issuer_length,
+                          [const, array, size_is(serial_length)] in octet serial,
+                          in unsigned long serial_length,
+                          [const, array, size_is(subject_length)] in octet subject,
+                          in unsigned long subject_length,
+                          [const, array, size_is(pubkey_length)] in octet pubkey,
+                          in unsigned long pubkey_length);
+
+   /**
+    * Check that the blocklist data is current. Specifically, that the current
+    * time is no more than security.onecrl.maximum_staleness_in_seconds seconds
+    * after the last blocklist update (as stored in the
+    * app.update.lastUpdateTime.blocklist-background-update-timer pref)
+    */
+   boolean isBlocklistFresh();
+};
diff --git a/security/manager/ssl/nsICertOverrideService.idl b/security/manager/ssl/nsICertOverrideService.idl
new file mode 100644
index 000000000..b220851e2
--- /dev/null
+++ b/security/manager/ssl/nsICertOverrideService.idl
@@ -0,0 +1,144 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+
+%{C++
+#define NS_CERTOVERRIDE_CONTRACTID "@mozilla.org/security/certoverride;1"
+%}
+
+/**
+ * This represents the global list of triples
+ *   {host:port, cert-fingerprint, allowed-overrides}
+ * that the user wants to accept without further warnings.
+ */
+[scriptable, uuid(be019e47-22fc-4355-9f16-9ab047d6742d)]
+interface nsICertOverrideService : nsISupports {
+
+  /**
+   *  Override Untrusted
+   */
+  const short ERROR_UNTRUSTED = 1;
+
+  /**
+   *  Override hostname Mismatch
+   */
+  const short ERROR_MISMATCH = 2;
+
+  /**
+   *  Override Time error
+   */
+  const short ERROR_TIME = 4;
+
+  /**
+   *  The given cert should always be accepted for the given hostname:port,
+   *  regardless of errors verifying the cert.
+   *  Host:Port is a primary key, only one entry per host:port can exist.
+   *  The implementation will store a fingerprint of the cert.
+   *  The implementation will decide which fingerprint alg is used.
+   *
+   *  Each override is specific to exactly the errors overridden, so
+   *  overriding everything won't match certs at the given host:port
+   *  which only exhibit some subset of errors.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aCert The cert that should always be accepted
+   *  @param aOverrideBits The precise set of errors we want to be overriden
+   */
+  void rememberValidityOverride(in ACString aHostName,
+                                in int32_t aPort,
+                                in nsIX509Cert aCert,
+                                in uint32_t aOverrideBits,
+                                in boolean aTemporary);
+
+  /**
+   *  Certs with the given fingerprint should always be accepted for the
+   *  given hostname:port, regardless of errors verifying the cert.
+   *  Host:Port is a primary key, only one entry per host:port can exist.
+   *  The fingerprint should be an SHA-256 hash of the certificate.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aCertFingerprint The cert fingerprint that should be accepted, in
+   *          the format 'AA:BB:...' (colon-separated upper-case hex bytes).
+   *  @param aOverrideBits The errors we want to be overriden
+   */
+  void rememberTemporaryValidityOverrideUsingFingerprint(
+      in ACString aHostName,
+      in int32_t aPort,
+      in ACString aCertFingerprint,
+      in uint32_t aOverrideBits);
+
+  /**
+   *  Return whether this host, port, cert triple has a stored override.
+   *  If so, the outparams will contain the specific errors that were
+   *  overridden, and whether the override is permanent, or only for the current
+   *  session.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPort The port this mapping belongs to, if it is -1 then it
+   *         is internally treated as 443
+   *  @param aCert The certificate this mapping belongs to
+   *  @param aOverrideBits The errors that are currently overridden
+   *  @param aIsTemporary Whether the stored override is session-only,
+   *         or permanent
+   *  @return Whether an override has been stored for this host+port+cert
+   */
+  boolean hasMatchingOverride(in ACString aHostName,
+                              in int32_t aPort,
+                              in nsIX509Cert aCert,
+                              out uint32_t aOverrideBits,
+                              out boolean aIsTemporary);
+
+  /**
+   *  Retrieve the stored override for the given hostname:port.
+   *
+   *  @param aHostName The host (punycode) whose entry should be tested
+   *  @param aPort The port whose entry should be tested, if it is -1 then it
+   *          is internaly treated as 443
+   *  @param aHashAlg On return value True, the fingerprint hash algorithm
+   *                  as an OID value in dotted notation.
+   *  @param aFingerprint On return value True, the stored fingerprint
+   *  @param aOverrideBits The errors that are currently overriden
+   *  @return whether a matching override entry for aHostNameWithPort
+   *          and aFingerprint is currently on file
+   */
+  boolean getValidityOverride(in ACString aHostName,
+                              in int32_t aPort,
+                              out ACString aHashAlg,
+                              out ACString aFingerprint,
+                              out uint32_t aOverrideBits,
+                              out boolean aIsTemporary);
+
+  /**
+   *  Remove a override for the given hostname:port.
+   *
+   *  @param aHostName The host (punycode) whose entry should be cleared.
+   *  @param aPort The port whose entry should be cleared.
+   *               If it is -1, then it is internaly treated as 443.
+   *               If it is 0 and aHostName is "all:temporary-certificates",
+   *               then all temporary certificates should be cleared.
+   */
+  void clearValidityOverride(in ACString aHostName,
+                             in int32_t aPort);
+
+  /**
+   *  Is the given cert used in rules?
+   *
+   *  @param aCert The cert we're looking for
+   *  @return how many override entries are currently on file
+   *          for the given certificate
+   */
+  uint32_t isCertUsedForOverrides(in nsIX509Cert aCert,
+                                  in boolean aCheckTemporaries,
+                                  in boolean aCheckPermanents);
+};
diff --git a/security/manager/ssl/nsICertTree.idl b/security/manager/ssl/nsICertTree.idl
new file mode 100644
index 000000000..2ef4e1947
--- /dev/null
+++ b/security/manager/ssl/nsICertTree.idl
@@ -0,0 +1,37 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsITreeView.idl"
+
+interface nsIX509Cert;
+interface nsIX509CertList;
+
+[scriptable, uuid(d0180863-606e-49e6-8324-cf45ed4dd891)]
+interface nsICertTreeItem : nsISupports {
+  readonly attribute nsIX509Cert cert;
+  readonly attribute AString hostPort;
+};
+
+[scriptable, uuid(55d5ad6b-5572-47fe-941c-f01fe723659e)]
+interface nsICertTree : nsITreeView {
+  void loadCerts(in unsigned long type);
+  void loadCertsFromCache(in nsIX509CertList cache, in unsigned long type);
+
+  nsIX509Cert getCert(in unsigned long index);
+  nsICertTreeItem getTreeItem(in unsigned long index);
+
+  void deleteEntryObject(in unsigned long index);
+};
+
+%{C++
+
+#define NS_CERTTREE_CID { 0x4ea60761, 0x31d6, 0x491d, \
+                         { 0x9e, 0x34, 0x4b, 0x53, 0xa2, 0x6c, 0x41, 0x6c } }
+
+#define NS_CERTTREE_CONTRACTID "@mozilla.org/security/nsCertTree;1"
+
+%}
diff --git a/security/manager/ssl/nsICertificateDialogs.idl b/security/manager/ssl/nsICertificateDialogs.idl
new file mode 100644
index 000000000..a5f023ffd
--- /dev/null
+++ b/security/manager/ssl/nsICertificateDialogs.idl
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIX509Cert;
+
+/**
+ * Functions that implement user interface dialogs to manage certificates.
+ */
+[scriptable, uuid(da871dab-f69e-4173-ab26-99fcd47b0e85)]
+interface nsICertificateDialogs : nsISupports
+{
+  /**
+   *  UI shown when a user is asked to download a new CA cert.
+   *  Provides user with ability to choose trust settings for the cert.
+   *  Asks the user to grant permission to import the certificate.
+   *
+   *  @param ctx A user interface context.
+   *  @param cert The certificate that is about to get installed.
+   *  @param trust a bit mask of trust flags, 
+   *               see nsIX509CertDB for possible values.
+   *
+   *  @return true if the user allows to import the certificate.
+   */
+  boolean confirmDownloadCACert(in nsIInterfaceRequestor ctx,
+                                in nsIX509Cert cert,
+                                out unsigned long trust);
+
+  /**
+   *  UI shown when a user's personal certificate is going to be
+   *  exported to a backup file.
+   *  The implementation of this dialog should make sure 
+   *  to prompt the user to type the password twice in order to
+   *  confirm correct input.
+   *  The wording in the dialog should also motivate the user 
+   *  to enter a strong password.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  boolean setPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+                                out AString password);
+
+  /**
+   *  UI shown when a user is about to restore a personal
+   *  certificate from a backup file.
+   *  The user is requested to enter the password
+   *  that was used in the past to protect that backup file.
+   *
+   *  @param ctx A user interface context.
+   *  @param password The password provided by the user.
+   *
+   *  @return false if the user requests to cancel.
+   */
+  boolean getPKCS12FilePassword(in nsIInterfaceRequestor ctx, 
+                                out AString password);
+
+  /**
+   *  UI shown when a certificate needs to be shown to the user.
+   *  The implementation should try to display as many attributes
+   *  as possible.
+   *
+   *  @param ctx A user interface context.
+   *  @param cert The certificate to be shown to the user.
+   */
+  void viewCert(in nsIInterfaceRequestor ctx, 
+                in nsIX509Cert cert);
+};
+
+%{C++
+#define NS_CERTIFICATEDIALOGS_CONTRACTID "@mozilla.org/nsCertificateDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIClientAuthDialogs.idl b/security/manager/ssl/nsIClientAuthDialogs.idl
new file mode 100644
index 000000000..8fcc7094e
--- /dev/null
+++ b/security/manager/ssl/nsIClientAuthDialogs.idl
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIInterfaceRequestor;
+
+/**
+ * Provides UI for SSL client-auth dialogs.
+ */
+[scriptable, uuid(fa4c7520-1433-11d5-ba24-00108303b117)]
+interface nsIClientAuthDialogs : nsISupports
+{
+  /**
+   * Called when a user is asked to choose a certificate for client auth.
+   *
+   * @param ctx Context that allows at least nsIClientAuthUserDecision to be
+   *            queried.
+   * @param hostname Hostname of the server.
+   * @param port Port of the server.
+   * @param organization Organization field of the server cert.
+   * @param issuerOrg Organization field of the issuer cert of the server cert.
+   * @param certList List of certificates the user can choose from.
+   * @param selectedIndex Index of the cert in |certList| that the user chose.
+   *                      Ignored if the return value is false.
+   * @return true if a certificate was chosen. false if the user canceled.
+   */
+  boolean chooseCertificate(in nsIInterfaceRequestor ctx,
+                            in AUTF8String hostname,
+                            in long port,
+                            in AUTF8String organization,
+                            in AUTF8String issuerOrg,
+                            in nsIArray certList,
+                            out unsigned long selectedIndex);
+};
+
+[scriptable, uuid(95c4373e-bdd4-4a63-b431-f5b000367721)]
+interface nsIClientAuthUserDecision : nsISupports
+{
+  attribute boolean rememberClientAuthCertificate;
+};
+
+%{C++
+#define NS_CLIENTAUTHDIALOGS_CONTRACTID "@mozilla.org/nsClientAuthDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIContentSignatureVerifier.idl b/security/manager/ssl/nsIContentSignatureVerifier.idl
new file mode 100644
index 000000000..59a9d83ee
--- /dev/null
+++ b/security/manager/ssl/nsIContentSignatureVerifier.idl
@@ -0,0 +1,116 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+
+interface nsIContentSignatureReceiverCallback;
+
+/**
+ * An interface for verifying content-signatures, inspired by
+ * https://tools.ietf.org/html/draft-thomson-http-content-signature-00
+ * described here https://github.com/franziskuskiefer/content-signature/tree/pki
+ *
+ * A new signature verifier instance should be created for each signature
+ * verification - you can create these instances with do_CreateInstance.
+ *
+ * There are two ways to use this functionality:
+ * The first allows a signature to be verified all at once by simply calling
+ * verifyContentSignature.
+ * The second allows for streaming; call createContext with the signature
+ * information (and initial data), call update with more data as it becomes
+ * available then, finally, call end to verify the signature.
+ */
+[scriptable, uuid(45a5fe2f-c350-4b86-962d-02d5aaaa955a)]
+interface nsIContentSignatureVerifier : nsISupports
+{
+
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData                   The data to be tested.
+   * @param aContentSignatureHeader The content-signature header,
+   *                                url-safe base64 encoded.
+   * @param aCertificateChain       The certificate chain to use for verification.
+   *                                PEM encoded string.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   * @returns true if the signature matches the data and aCertificateChain is
+   *          valid within aContext, false if not.
+   */
+  boolean verifyContentSignature(in ACString aData,
+                                 in ACString aContentSignatureHeader,
+                                 in ACString aCertificateChain,
+                                 in ACString aName);
+
+  /**
+   * Creates a context to verify a content signature against data that is added
+   * later with update calls.
+   *
+   * @param aData                   The first chunk of data to be tested.
+   * @param aContentSignatureHeader The signature of the data, url-safe base64
+   *                                encoded.
+   * @param aCertificateChain       The certificate chain to use for
+   *                                verification. PEM encoded string.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   */
+  void createContext(in ACString aData, in ACString aContentSignatureHeader,
+                     in ACString aCertificateChain, in ACString aName);
+
+  /**
+   * Creates a context to verify a content signature against data that is added
+   * later with update calls.
+   * This does not require the caller to download the certificate chain. It's
+   * done internally.
+   * It requires the x5u parameter to be present in aContentSignatureHeader
+   *
+   * NOTE: Callers have to wait for aCallback to return before invoking anything
+   *       else. Otherwise the ContentSignatureVerifier will fail.
+   *
+   * @param aCallback               Callback that's invoked when the cert chain
+   *                                got fetched.
+   * @param aContentSignatureHeader The signature of the data, url-safe base64
+   *                                encoded, and the x5u value.
+   * @param aName                   The (host)name for which the end entity must
+                                    be valid.
+   */
+  void createContextWithoutCertChain(in nsIContentSignatureReceiverCallback aCallback,
+                                     in ACString aContentSignatureHeader,
+                                     in ACString aName);
+
+  /**
+   * Adds data to the context that was used to generate the signature.
+   *
+   * @param aData        More data to be tested.
+   */
+  void update(in ACString aData);
+
+  /**
+   * Finalises the signature and returns the result of the signature
+   * verification.
+   *
+   * @returns true if the signature matches the data added with createContext
+   *          and update, false if not.
+   */
+  boolean end();
+};
+
+/**
+ * Callback for nsIContentSignatureVerifier.
+ * { 0x1eb90707, 0xdf59, 0x48b7, \
+ *   { 0x9d, 0x42, 0xd8, 0xbf, 0x63, 0x0a, 0xe7, 0x44 } }
+ */
+[scriptable, uuid(1eb90707-df59-48b7-9d42-d8bf630ae744)]
+interface nsIContentSignatureReceiverCallback : nsISupports
+{
+  /**
+   * Notification callback that's called by nsIContentSignatureVerifier when
+   * the cert chain is downloaded.
+   * If download and initialisation were successful, successful is true,
+   * otherwise false. If successful is false, the verification must be aborted.
+   */
+  void contextCreated(in boolean successful);
+};
diff --git a/security/manager/ssl/nsIDataSignatureVerifier.idl b/security/manager/ssl/nsIDataSignatureVerifier.idl
new file mode 100644
index 000000000..347eaedc9
--- /dev/null
+++ b/security/manager/ssl/nsIDataSignatureVerifier.idl
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+/**
+ * An interface for verifying that a given string of data was signed by the
+ * private key matching the given public key.
+ */
+[scriptable, uuid(94066a00-37c9-11e4-916c-0800200c9a66)]
+interface nsIDataSignatureVerifier : nsISupports
+{
+  /**
+   * Verifies that the data matches the data that was used to generate the
+   * signature.
+   *
+   * @param aData      The data to be tested.
+   * @param aSignature The signature of the data, base64 encoded.
+   * @param aPublicKey The public part of the key used for signing, DER encoded
+   *                   then base64 encoded.
+   * @returns true if the signature matches the data, false if not.
+   */
+  boolean verifyData(in ACString aData, in ACString aSignature, in ACString aPublicKey);
+
+   /* Sig Verification Error Codes */
+  const long VERIFY_OK = 0;
+  const long VERIFY_ERROR_UNKNOWN_ISSUER = 1;
+  const long VERIFY_ERROR_OTHER = 2;
+
+  nsIX509Cert verifySignature(in string aSignature,
+                              in unsigned long aSignatureLen,
+                              in string plaintext,
+                              in unsigned long plaintextLen,
+                              out long errorCode);
+
+};
diff --git a/security/manager/ssl/nsIGenKeypairInfoDlg.idl b/security/manager/ssl/nsIGenKeypairInfoDlg.idl
new file mode 100644
index 000000000..03f2c4658
--- /dev/null
+++ b/security/manager/ssl/nsIGenKeypairInfoDlg.idl
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIKeygenThread;
+
+/**
+ * nsIGeneratingKeypairInfoDialogs
+ *  This is the interface for giving feedback to the user
+ *  while generating a key pair.
+ */
+[scriptable, uuid(11bf5cdc-1dd2-11b2-ba6a-c76afb326fa1)]
+interface nsIGeneratingKeypairInfoDialogs : nsISupports
+{
+  void displayGeneratingKeypairInfo(in nsIInterfaceRequestor ctx,
+                                    in nsIKeygenThread runnable);
+};
+
+%{C++
+/**
+ * This component is to be implemented by the embeddor. It is used to show
+ * feedback to the user while a private key is being generated.
+ *
+ * This component is only ever used on the UI thread.
+ *
+ * INTERFACES THAT NEED TO BE IMPLEMENTED:
+ *   nsIGeneratingKeypairInfoDialogs
+ */
+#define NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID \
+            "@mozilla.org/nsGeneratingKeypairInfoDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIKeyModule.idl b/security/manager/ssl/nsIKeyModule.idl
new file mode 100644
index 000000000..d9e1d1138
--- /dev/null
+++ b/security/manager/ssl/nsIKeyModule.idl
@@ -0,0 +1,37 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{ C++
+ /* forward declaration */
+ typedef struct PK11SymKeyStr PK11SymKey;
+%}
+[ptr] native PK11SymKeyPtr(PK11SymKey);
+
+// An opaque key object.
+[scriptable, uuid(ee2dc516-ba7b-4e77-89fe-c43b886ef715)]
+interface nsIKeyObject : nsISupports
+{
+  // Key types
+  const short SYM_KEY = 1;
+
+  // Algorithm types
+  const short HMAC = 257;
+
+  // The nsIKeyObject will take ownership of the key and be responsible
+  // for freeing the key memory when destroyed.
+  [noscript] void initKey(in short aAlgorithm, in PK11SymKeyPtr aKey);
+
+  // Returns a pointer to the underlying key object.
+  [noscript] PK11SymKeyPtr getKeyObj();
+
+  short getType();
+};
+
+[scriptable, uuid(838bdbf1-8244-448f-8bcd-cede70227d75)]
+interface nsIKeyObjectFactory : nsISupports
+{
+  nsIKeyObject keyFromString(in short aAlgorithm, in ACString aKey);
+};
diff --git a/security/manager/ssl/nsIKeygenThread.idl b/security/manager/ssl/nsIKeygenThread.idl
new file mode 100644
index 000000000..85d619b97
--- /dev/null
+++ b/security/manager/ssl/nsIKeygenThread.idl
@@ -0,0 +1,48 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// make sure to include all the required file headers
+
+#include "nsISupports.idl"
+
+interface nsIObserver;
+
+/**
+ * nsIKeygenThread
+ *  This is used to communicate with the thread generating a key pair,
+ *  to be used by the dialog displaying status information.
+ */
+[scriptable, uuid(8712a243-5539-447c-9f47-8653f40c3a09)]
+interface nsIKeygenThread : nsISupports
+{
+  /**
+   * startKeyGeneration - run the thread
+   *   A user interface using this interface needs to
+   *   call this method as soon as the status information
+   *   is displaying. This will trigger key generation.
+   *   To allow the closure of the status information,
+   *   the thread needs a handle to an observer.
+   *
+   *   observer will be called on the UI thread.
+   *   When the key generation is done, the observe method will
+   *   be called with a topic of "keygen-finished" and null data
+   *   and subject.
+   */
+  void startKeyGeneration(in nsIObserver observer);
+
+  /**
+   * userCanceled - notify the thread
+   *   If the user canceled, the thread is no longer allowed to
+   *   close the dialog. However, if the thread already closed
+   *   it, we are not allowed to close it.
+   */
+  void userCanceled(out boolean threadAlreadyClosedDialog);
+};
+
+%{ C++
+// {195763b8-1dd2-11b2-a843-eb44e44aaa37}
+#define NS_KEYGENTHREAD_CID \
+{ 0x195763b8, 0x1dd2, 0x11b2, { 0xa8, 0x43, 0xeb, 0x44, 0xe4, 0x4a, 0xaa, 0x37 } }
+#define NS_KEYGENTHREAD_CONTRACTID "@mozilla.org/security/keygenthread;1"
+%}
diff --git a/security/manager/ssl/nsILocalCertService.idl b/security/manager/ssl/nsILocalCertService.idl
new file mode 100644
index 000000000..a452683d9
--- /dev/null
+++ b/security/manager/ssl/nsILocalCertService.idl
@@ -0,0 +1,69 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+interface nsILocalCertGetCallback;
+interface nsILocalCertCallback;
+
+[scriptable, uuid(9702fdd4-4c2c-439c-ba2e-19cda018eb99)]
+interface nsILocalCertService : nsISupports
+{
+  /**
+   * Get or create a new self-signed X.509 cert to represent this device over a
+   * secure transport, like TLS.
+   *
+   * The cert is stored permanently in the profile's key store after first use,
+   * and is valid for 1 year.  If an expired or otherwise invalid cert is found
+   * with the nickname supplied here, it is removed and a new one is made.
+   *
+   * @param nickname Nickname that identifies the cert
+   * @param cb       Callback to be notified with the result
+   */
+  void getOrCreateCert(in ACString nickname, in nsILocalCertGetCallback cb);
+
+  /**
+   * Remove a X.509 cert with the given nickname.
+   *
+   * @param nickname Nickname that identifies the cert
+   * @param cb       Callback to be notified with the result
+   */
+  void removeCert(in ACString nickname, in nsILocalCertCallback cb);
+
+  /**
+   * Whether calling |getOrCreateCert| or |removeCert| will trigger a login
+   * prompt to be displayed.  Generally this happens if the user has set a
+   * master password, but has not yet logged in.
+   */
+  readonly attribute boolean loginPromptRequired;
+};
+
+[scriptable, uuid(cc09633e-7c70-4093-a9cf-79ab676ca8a9)]
+interface nsILocalCertGetCallback : nsISupports
+{
+  /**
+   * Called with the result of the getOrCreateCert operation above.
+   *
+   * @param cert   Requested cert, or null if some error
+   * @param result Result code from the get operation
+   */
+  void handleCert(in nsIX509Cert cert, in nsresult result);
+};
+
+[scriptable, uuid(518124e9-55e6-4e23-97c0-4995b3a1bec6)]
+interface nsILocalCertCallback : nsISupports
+{
+  /**
+   * Called with the result of the removeCert operation above.
+   *
+   * @param result Result code from the operation
+   */
+  void handleResult(in nsresult result);
+};
+
+%{ C++
+#define LOCALCERTSERVICE_CONTRACTID \
+  "@mozilla.org/security/local-cert-service;1"
+%}
diff --git a/security/manager/ssl/nsINSSU2FToken.idl b/security/manager/ssl/nsINSSU2FToken.idl
new file mode 100644
index 000000000..649ed682a
--- /dev/null
+++ b/security/manager/ssl/nsINSSU2FToken.idl
@@ -0,0 +1,21 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsIU2FToken.idl"
+
+/**
+ * Interface used to interact with the NSS-backed software U2F Token
+ */
+[scriptable, uuid(d9104a00-140b-4f86-a4b0-4998878ef4e6 )]
+interface nsINSSU2FToken : nsIU2FToken {
+  /**
+   * Initializes the token and constructs and persists keys, if needed. Asserts
+   * that it is only called by the main thread.
+   */
+  void init();
+};
+
+%{C++
+#define NS_NSSU2FTOKEN_CONTRACTID  "@mozilla.org/dom/u2f/nss-u2f-token;1"
+%}
diff --git a/security/manager/ssl/nsINSSVersion.idl b/security/manager/ssl/nsINSSVersion.idl
new file mode 100644
index 000000000..0ad474b35
--- /dev/null
+++ b/security/manager/ssl/nsINSSVersion.idl
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define NS_NSSVERSION_CONTRACTID "@mozilla.org/security/nssversion;1"
+%}
+
+[scriptable, uuid(a8a53a2b-75cc-4c68-a9bb-9791dbddaa00)]
+interface nsINSSVersion : nsISupports {
+    /* Minimal required versions as used at build time */
+    readonly attribute AString NSPR_MinVersion;
+    readonly attribute AString NSS_MinVersion;
+    readonly attribute AString NSSUTIL_MinVersion;
+    readonly attribute AString NSSSSL_MinVersion;
+    readonly attribute AString NSSSMIME_MinVersion;
+
+    /* Versions of libraries currently in use */
+    readonly attribute AString NSPR_Version;
+    readonly attribute AString NSS_Version;
+    readonly attribute AString NSSUTIL_Version;
+    readonly attribute AString NSSSSL_Version;
+    readonly attribute AString NSSSMIME_Version;
+};
diff --git a/security/manager/ssl/nsIPK11Token.idl b/security/manager/ssl/nsIPK11Token.idl
new file mode 100644
index 000000000..1d53ce19a
--- /dev/null
+++ b/security/manager/ssl/nsIPK11Token.idl
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(51191434-1dd2-11b2-a17c-e49c4e99a4e3)]
+interface nsIPK11Token : nsISupports
+{
+  const long ASK_EVERY_TIME  = -1;
+  const long ASK_FIRST_TIME  =  0;
+  const long ASK_EXPIRE_TIME =  1;
+
+  /*
+   * The name of the token
+   */
+  readonly attribute AUTF8String tokenName;
+  readonly attribute AUTF8String tokenLabel;
+  /**
+   * Manufacturer ID of the token.
+   */
+  readonly attribute AUTF8String tokenManID;
+  /**
+   * Hardware version of the token.
+   */
+  readonly attribute AUTF8String tokenHWVersion;
+  /**
+   * Firmware version of the token.
+   */
+  readonly attribute AUTF8String tokenFWVersion;
+  readonly attribute AUTF8String tokenSerialNumber;
+
+  /*
+   * Login information
+   */
+  boolean isLoggedIn();
+  void login(in boolean force);
+  void logoutSimple();
+  void logoutAndDropAuthenticatedResources();
+
+  /*
+   * Reset password
+   */
+  void reset();
+
+  /*
+   * Password information
+   */
+  readonly attribute long minimumPasswordLength;
+  readonly attribute boolean needsUserInit;
+  /**
+   * Checks whether the given password is correct. Logs the token out if an
+   * incorrect password is given.
+   *
+   * @param password The password to check.
+   * @return true if the password was correct, false otherwise.
+   */
+  boolean checkPassword(in AUTF8String password);
+  void initPassword(in AUTF8String initialPassword);
+  void changePassword(in AUTF8String oldPassword, in AUTF8String newPassword);
+  long getAskPasswordTimes();
+  long getAskPasswordTimeout();
+  void setAskPasswordDefaults([const] in long askTimes, [const] in long timeout);
+
+  /*
+   * Other attributes
+   */
+  boolean isHardwareToken();
+  boolean needsLogin();
+  boolean isFriendly();
+};
+
diff --git a/security/manager/ssl/nsIPK11TokenDB.idl b/security/manager/ssl/nsIPK11TokenDB.idl
new file mode 100644
index 000000000..297f3da11
--- /dev/null
+++ b/security/manager/ssl/nsIPK11TokenDB.idl
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+interface nsISimpleEnumerator;
+
+/**
+ * The PK11 Token Database provides access to the PK11 modules
+ * that are installed, and the tokens that are available.
+ * Interfaces: nsIPK11TokenDB
+ * Threading: ??
+ */
+%{C++
+#define NS_PK11TOKENDB_CONTRACTID "@mozilla.org/security/pk11tokendb;1"
+%}
+
+/**
+ * nsIPK11TokenDB - Manages PK11 Tokens
+ */
+[scriptable, uuid(4ee28c82-1dd2-11b2-aabf-bb4017abe395)]
+interface nsIPK11TokenDB : nsISupports
+{
+  /*
+   * Get the internal key database token
+   */
+  nsIPK11Token getInternalKeyToken();
+
+  /*
+   * Find a token by name
+   */
+  nsIPK11Token findTokenByName(in AUTF8String tokenName);
+
+  /*
+   * List all tokens
+   */
+  nsISimpleEnumerator listTokens();
+};
diff --git a/security/manager/ssl/nsIPKCS11.idl b/security/manager/ssl/nsIPKCS11.idl
new file mode 100644
index 000000000..c1e636b47
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11.idl
@@ -0,0 +1,16 @@
+/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(5743f870-958e-4f02-aef2-c0afeef67f05)]
+interface nsIPKCS11 : nsISupports
+{
+  void deleteModule(in AString moduleName);
+  void addModule(in AString moduleName,
+                 in AString libraryFullPath,
+                 in long cryptoMechanismFlags,
+                 in long cipherFlags);
+};
diff --git a/security/manager/ssl/nsIPKCS11Module.idl b/security/manager/ssl/nsIPKCS11Module.idl
new file mode 100644
index 000000000..8a1591878
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Module.idl
@@ -0,0 +1,21 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+[scriptable, uuid(8a44bdf9-d1a5-4734-bd5a-34ed7fe564c2)]
+interface nsIPKCS11Module : nsISupports
+{
+  readonly attribute AUTF8String name;
+  readonly attribute AUTF8String libName;
+
+  nsIPKCS11Slot findSlotByName(in AUTF8String name);
+
+  nsISimpleEnumerator listSlots();
+};
diff --git a/security/manager/ssl/nsIPKCS11ModuleDB.idl b/security/manager/ssl/nsIPKCS11ModuleDB.idl
new file mode 100644
index 000000000..6c0749de5
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11ModuleDB.idl
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPKCS11Module;
+interface nsIPKCS11Slot;
+interface nsISimpleEnumerator;
+
+%{C++
+#define NS_PKCS11MODULEDB_CONTRACTID "@mozilla.org/security/pkcs11moduledb;1"
+%}
+
+[scriptable, uuid(ff9fbcd7-9517-4334-b97a-ceed78909974)]
+interface nsIPKCS11ModuleDB : nsISupports
+{
+  nsIPKCS11Module getInternal();
+
+  nsIPKCS11Module getInternalFIPS();
+
+  nsIPKCS11Module findModuleByName(in AUTF8String name);
+
+  nsIPKCS11Slot findSlotByName(in AUTF8String name);
+
+  nsISimpleEnumerator listModules();
+
+  readonly attribute boolean canToggleFIPS;
+
+  void toggleFIPSMode();
+
+  readonly attribute boolean isFIPSEnabled;
+};
diff --git a/security/manager/ssl/nsIPKCS11Slot.idl b/security/manager/ssl/nsIPKCS11Slot.idl
new file mode 100644
index 000000000..7c41e4fcc
--- /dev/null
+++ b/security/manager/ssl/nsIPKCS11Slot.idl
@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIPK11Token;
+
+[scriptable, uuid(c2d4f296-ee60-11d4-998b-00b0d02354a0)]
+interface nsIPKCS11Slot : nsISupports {
+  readonly attribute AUTF8String name;
+  readonly attribute AUTF8String desc;
+  /**
+   * Manufacturer ID of the slot.
+   */
+  readonly attribute AUTF8String manID;
+  /**
+   * Hardware version of the slot.
+   */
+  readonly attribute AUTF8String HWVersion;
+  /**
+   * Firmware version of the slot.
+   */
+  readonly attribute AUTF8String FWVersion;
+
+  const unsigned long SLOT_DISABLED      = 0;
+  const unsigned long SLOT_NOT_PRESENT   = 1;
+  const unsigned long SLOT_UNINITIALIZED = 2;
+  const unsigned long SLOT_NOT_LOGGED_IN = 3;
+  const unsigned long SLOT_LOGGED_IN     = 4;
+  const unsigned long SLOT_READY         = 5;
+  readonly attribute unsigned long status;
+
+  /* This is really a workaround for now.  All of the "slot" functions
+   * (isTokenPresent(), etc.) are in nsIPK11Token.  For now, return the
+   * token and handle those things there.
+   */
+  nsIPK11Token getToken();
+
+  /* more fun with workarounds - we're referring to everything by token name */
+  readonly attribute AUTF8String tokenName;
+};
diff --git a/security/manager/ssl/nsIProtectedAuthThread.idl b/security/manager/ssl/nsIProtectedAuthThread.idl
new file mode 100644
index 000000000..3dc650fe9
--- /dev/null
+++ b/security/manager/ssl/nsIProtectedAuthThread.idl
@@ -0,0 +1,46 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+#include "nsIObserver.idl"
+#include "nsIPKCS11Slot.idl"
+
+/**
+ * nsIProtectedAuthThread
+ *  This is used to communicate with the thread login on to 
+ *  a token with CKF_PROTECTED_AUTHENTICATION_PATH set.
+ */
+[scriptable, uuid(4bb27cb7-8984-4cee-8ce7-9b014c3d091b)]
+interface nsIProtectedAuthThread : nsISupports
+{
+  /**
+   * login - run the thread
+   *   A user interface implementing this interface needs to
+   *   call this method as soon as the message to the user is
+   *   displayed. This will trigger login operation. No user 
+   *   cancellation is possible during login operation.
+   *
+   *   When the login is done, the observe method of @observer will
+   *   be called on the UI thread with a topic of "login-finished"
+   *   and null data and subject.
+   */
+  void login(in nsIObserver observer);
+
+  /**
+   * The PKCS11 slot
+   */
+  readonly attribute nsIPKCS11Slot slot;
+
+  /**
+   * Gets token to be logged in name.
+   */
+  AString getTokenName();
+};
+
+%{ C++
+// {45334489-3D30-47c6-920B-0A55A313AEBF}
+#define NS_PROTECTEDAUTHTHREAD_CID \
+{ 0x45334489, 0x3d30, 0x47c6, { 0x92, 0x0b, 0x0a, 0x55, 0xa3, 0x13, 0xae, 0xbf } }
+#define NS_PROTECTEDAUTHTHREAD_CONTRACTID "@mozilla.org/security/protectedauththread;1"
+%}
diff --git a/security/manager/ssl/nsISSLStatus.idl b/security/manager/ssl/nsISSLStatus.idl
new file mode 100644
index 000000000..f5c56a8cf
--- /dev/null
+++ b/security/manager/ssl/nsISSLStatus.idl
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIX509Cert;
+
+[scriptable, uuid(fa9ba95b-ca3b-498a-b889-7c79cf28fee8)]
+interface nsISSLStatus : nsISupports {
+  readonly attribute nsIX509Cert serverCert;
+
+  readonly attribute ACString cipherName;
+  readonly attribute unsigned long keyLength;
+  readonly attribute unsigned long secretKeyLength;
+
+  const short SSL_VERSION_3   = 0;
+  const short TLS_VERSION_1   = 1;
+  const short TLS_VERSION_1_1 = 2;
+  const short TLS_VERSION_1_2 = 3;
+  const short TLS_VERSION_1_3 = 4;
+  readonly attribute unsigned short protocolVersion;
+
+  const short CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE = 0;
+  const short CERTIFICATE_TRANSPARENCY_NONE           = 1;
+  const short CERTIFICATE_TRANSPARENCY_OK             = 2;
+  const short CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG    = 3;
+  const short CERTIFICATE_TRANSPARENCY_INVALID        = 4;
+  readonly attribute unsigned short certificateTransparencyStatus;
+
+  readonly attribute boolean isDomainMismatch;
+  readonly attribute boolean isNotValidAtThisTime;
+
+  /* Note: To distinguish between
+   *         "unstrusted because missing or untrusted issuer"
+   *       and
+   *         "untrusted because self signed"
+   *       query nsIX509Cert::isSelfSigned
+   */
+  readonly attribute boolean isUntrusted;
+
+  /**
+   * True only if (and after) serverCert was successfully validated as
+   * Extended Validation (EV).
+   */
+  readonly attribute boolean isExtendedValidation;
+};
diff --git a/security/manager/ssl/nsISSLStatusProvider.idl b/security/manager/ssl/nsISSLStatusProvider.idl
new file mode 100644
index 000000000..83048f179
--- /dev/null
+++ b/security/manager/ssl/nsISSLStatusProvider.idl
@@ -0,0 +1,13 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISSLStatus;
+
+[scriptable, uuid(179b1ab1-0950-4427-9556-6f496dc4a27f)]
+interface nsISSLStatusProvider : nsISupports {
+  readonly attribute nsISSLStatus SSLStatus;
+};
diff --git a/security/manager/ssl/nsISecretDecoderRing.idl b/security/manager/ssl/nsISecretDecoderRing.idl
new file mode 100644
index 000000000..e9f67cbee
--- /dev/null
+++ b/security/manager/ssl/nsISecretDecoderRing.idl
@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(0EC80360-075C-11d4-9FD4-00C04F1B83D8)]
+interface nsISecretDecoderRing: nsISupports {
+  /**
+   * Encrypt to Base64 output.
+   * Note that the input must basically be a byte array (i.e. the code points
+   * must be within the range [0, 255]). Hence, using this method directly to
+   * encrypt passwords (or any text, really) won't work as expected.
+   * Instead, use something like nsIScriptableUnicodeConverter to first convert
+   * the desired password or text to UTF-8, then encrypt that. Remember to
+   * convert back when calling decryptString().
+   *
+   * @param text The text to encrypt.
+   * @return The encrypted text, encoded as Base64.
+   */
+  ACString encryptString(in ACString text);
+
+  /**
+   * Decrypt Base64 input.
+   * See the encryptString() documentation - this method has basically the same
+   * limitations.
+   *
+   * @param encryptedBase64Text Encrypted input text, encoded as Base64.
+   * @return The decoded text.
+   */
+  ACString decryptString(in ACString encryptedBase64Text);
+
+  /**
+   * Prompt the user to change the password on the SDR key.
+   */
+  void changePassword();
+
+  /**
+   * Logout of the security device that protects the SDR key.
+   */
+  void logout();
+
+  /**
+   * Logout of the security device that protects the SDR key and tear
+   * down authenticated objects.
+   */
+  void logoutAndTeardown();
+};
diff --git a/security/manager/ssl/nsISecurityUITelemetry.idl b/security/manager/ssl/nsISecurityUITelemetry.idl
new file mode 100644
index 000000000..05d3473ad
--- /dev/null
+++ b/security/manager/ssl/nsISecurityUITelemetry.idl
@@ -0,0 +1,150 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+[scriptable, uuid(5d1acf82-223a-46fb-a8f3-a1b16e2ceb04)]
+
+interface nsISecurityUITelemetry : nsISupports {
+
+/*
+ * Addon installation warnings
+ */
+
+// Firefox prevented this site from asking you to install addon
+const uint32_t WARNING_ADDON_ASKING_PREVENTED = 1;
+// User clicks through and allows site to ask to install addons
+const uint32_t WARNING_ADDON_ASKING_PREVENTED_CLICK_THROUGH = 2;
+// Are you sure you want to install this addon? Only install addons you trust
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL = 3;
+// User clicked she is sure after waiting 3secs
+const uint32_t WARNING_CONFIRM_ADDON_INSTALL_CLICK_THROUGH  = 4;
+
+
+/*
+ * modal dialogs/warnings 
+ */
+
+//     removed WARNING_ENTERING_SECURE_SITE = 5;
+//     removed WARNING_ENTERING_WEAK_SITE = 6;
+//     removed WARNING_LEAVING_SECURE_SITE = 7;
+//     removed WARNING_MIXED_CONTENT  = 8;
+
+// For confirmation dialogs, the clickthrough constant needs to be 1
+// more than the dialog constant so that
+// WARNING_CONFIRM_<X> + 1 == WARNING_CONFIRM_<X>_CLICK_THROUGH
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE = 9;
+const uint32_t WARNING_CONFIRM_POST_TO_INSECURE_FROM_SECURE_CLICK_THROUGH = 10;
+//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE = 11;
+//     removed WARNING_CONFIRM_POST_TO_INSECURE_FROM_INSECURE_CLICK_THROUGH = 12;
+
+/*
+ * Phishing / Malware page warnings
+ * deprecated: we use the _TOP and _FRAME versions below
+ */
+
+const uint32_t WARNING_MALWARE_PAGE = 13;
+const uint32_t WARNING_MALWARE_PAGE_WHY_BLOCKED = 14;
+const uint32_t WARNING_MALWARE_PAGE_GET_ME_OUT_OF_HERE = 15;
+const uint32_t WARNING_MALWARE_PAGE_IGNORE_WARNING = 16;
+
+const uint32_t WARNING_PHISHING_PAGE = 17;
+const uint32_t WARNING_PHISHING_PAGE_WHY_BLOCKED = 18;
+const uint32_t WARNING_PHISHING_PAGE_GET_ME_OUT_OF_HERE = 19;
+const uint32_t WARNING_PHISHING_PAGE_IGNORE_WARNING = 20;
+
+/* 
+ * SSL Error dialogs
+ * deprecated: we use the _TOP versions below
+ */
+
+const uint32_t WARNING_BAD_CERT = 21;
+const uint32_t WARNING_BAD_CERT_STS = 22;
+const uint32_t WARNING_BAD_CERT_CLICK_ADD_EXCEPTION = 23;
+const uint32_t WARNING_BAD_CERT_CLICK_VIEW_CERT = 24;
+const uint32_t WARNING_BAD_CERT_DONT_REMEMBER_EXCEPTION = 25;
+const uint32_t WARNING_BAD_CERT_GET_ME_OUT_OF_HERE = 27;
+const uint32_t WARNING_BAD_CERT_UNDERSTAND_RISKS = 28;
+const uint32_t WARNING_BAD_CERT_TECHINICAL_DETAILS = 29;
+
+/*
+ * Note that if we add more possibilities in the warning dialogs,
+ * it is a new experiment and we shouldn't reuse these buckets.
+ */
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_BASE = 30;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_ADD_EXCEPTION_FLAG_TIME = 4;
+
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_BASE = 38;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
+// This uses up buckets till 45
+
+/*
+ * Geolocation Popup Telemetry
+ */
+
+const uint32_t WARNING_GEOLOCATION_REQUEST = 46;
+const uint32_t WARNING_GEOLOCATION_REQUEST_SHARE_LOCATION = 47;
+const uint32_t WARNING_GEOLOCATION_REQUEST_ALWAYS_SHARE = 48;
+const uint32_t WARNING_GEOLOCATION_REQUEST_NEVER_SHARE = 49;
+// It would be nice to measure the two cases of user clicking
+// "not now", and user closing the popup. This is currently not implemented.
+
+const uint32_t WARNING_MALWARE_PAGE_TOP = 52;
+const uint32_t WARNING_MALWARE_PAGE_TOP_WHY_BLOCKED = 53;
+const uint32_t WARNING_MALWARE_PAGE_TOP_GET_ME_OUT_OF_HERE = 54;
+const uint32_t WARNING_MALWARE_PAGE_TOP_IGNORE_WARNING = 55;
+
+const uint32_t WARNING_PHISHING_PAGE_TOP = 56;
+const uint32_t WARNING_PHISHING_PAGE_TOP_WHY_BLOCKED = 57;
+const uint32_t WARNING_PHISHING_PAGE_TOP_GET_ME_OUT_OF_HERE = 58;
+const uint32_t WARNING_PHISHING_PAGE_TOP_IGNORE_WARNING = 59;
+
+const uint32_t WARNING_MALWARE_PAGE_FRAME = 60;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_WHY_BLOCKED = 61;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_GET_ME_OUT_OF_HERE = 62;
+const uint32_t WARNING_MALWARE_PAGE_FRAME_IGNORE_WARNING = 63;
+
+const uint32_t WARNING_PHISHING_PAGE_FRAME = 64;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_WHY_BLOCKED = 65;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_GET_ME_OUT_OF_HERE = 66;
+const uint32_t WARNING_PHISHING_PAGE_FRAME_IGNORE_WARNING = 67;
+
+const uint32_t WARNING_BAD_CERT_TOP = 68;
+const uint32_t WARNING_BAD_CERT_TOP_STS = 69;
+const uint32_t WARNING_BAD_CERT_TOP_CLICK_ADD_EXCEPTION = 70;
+const uint32_t WARNING_BAD_CERT_TOP_CLICK_VIEW_CERT = 71;
+const uint32_t WARNING_BAD_CERT_TOP_DONT_REMEMBER_EXCEPTION = 72;
+const uint32_t WARNING_BAD_CERT_TOP_GET_ME_OUT_OF_HERE = 73;
+const uint32_t WARNING_BAD_CERT_TOP_UNDERSTAND_RISKS = 74;
+//     removed WARNING_BAD_CERT_TOP_TECHNICAL_DETAILS = 75;
+
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_BASE = 76;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_TOP_ADD_EXCEPTION_FLAG_TIME = 4;
+
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_BASE = 84;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_UNTRUSTED = 1;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_DOMAIN = 2;
+const uint32_t WARNING_BAD_CERT_TOP_CONFIRM_ADD_EXCEPTION_FLAG_TIME = 4;
+
+// Another Safe Browsing list (like malware & phishing above)
+const uint32_t WARNING_UNWANTED_PAGE_TOP = 92;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_WHY_BLOCKED = 93;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_GET_ME_OUT_OF_HERE = 94;
+const uint32_t WARNING_UNWANTED_PAGE_TOP_IGNORE_WARNING = 95;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME = 96;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_WHY_BLOCKED = 97;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_GET_ME_OUT_OF_HERE = 98;
+const uint32_t WARNING_UNWANTED_PAGE_FRAME_IGNORE_WARNING = 99;
+
+// This uses up buckets till 99 (including)
+// We only have buckets up to 100.
+};
diff --git a/security/manager/ssl/nsISiteSecurityService.idl b/security/manager/ssl/nsISiteSecurityService.idl
new file mode 100644
index 000000000..fa20fe307
--- /dev/null
+++ b/security/manager/ssl/nsISiteSecurityService.idl
@@ -0,0 +1,204 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIURI;
+interface nsIObserver;
+interface nsIHttpChannel;
+interface nsISSLStatus;
+
+%{C++
+#include "nsTArrayForwardDeclare.h"
+class nsCString;
+namespace mozilla
+{
+  namespace pkix
+  {
+    class Time;
+  }
+}
+%}
+[ref] native nsCStringTArrayRef(nsTArray<nsCString>);
+[ref] native mozillaPkixTime(mozilla::pkix::Time);
+
+[scriptable, uuid(275127f8-dbd7-4681-afbf-6df0c6587a01)]
+interface nsISiteSecurityService : nsISupports
+{
+    const uint32_t HEADER_HSTS = 0;
+    const uint32_t HEADER_HPKP = 1;
+    const uint32_t HEADER_OMS = 2;
+
+    const uint32_t Success = 0;
+    const uint32_t ERROR_UNKNOWN = 1;
+    const uint32_t ERROR_UNTRUSTWORTHY_CONNECTION = 2;
+    const uint32_t ERROR_COULD_NOT_PARSE_HEADER = 3;
+    const uint32_t ERROR_NO_MAX_AGE = 4;
+    const uint32_t ERROR_MULTIPLE_MAX_AGES = 5;
+    const uint32_t ERROR_INVALID_MAX_AGE = 6;
+    const uint32_t ERROR_MULTIPLE_INCLUDE_SUBDOMAINS = 7;
+    const uint32_t ERROR_INVALID_INCLUDE_SUBDOMAINS = 8;
+    const uint32_t ERROR_INVALID_PIN = 9;
+    const uint32_t ERROR_MULTIPLE_REPORT_URIS = 10;
+    const uint32_t ERROR_PINSET_DOES_NOT_MATCH_CHAIN = 11;
+    const uint32_t ERROR_NO_BACKUP_PIN = 12;
+    const uint32_t ERROR_COULD_NOT_SAVE_STATE = 13;
+    const uint32_t ERROR_ROOT_NOT_BUILT_IN = 14;
+
+    /**
+     * Parses a given HTTP header and records the results internally.
+     * Currently two header types are supported: HSTS (aka STS) and HPKP
+     * The format of the HSTS header is defined by the HSTS specification:
+     * https://tools.ietf.org/html/rfc6797
+     * and allows a host to specify that future HTTP requests should be
+     * upgraded to HTTPS.
+     * The format of the HPKP header is defined by the HPKP specification:
+     * https://tools.ietf.org/html/rfc7469
+     * and allows a host to specify a subset of trusted anchors to be used
+     * in future HTTPS connections.
+     *
+     * @param aType the type of security header in question.
+     * @param aSourceURI the URI of the resource with the HTTP header.
+     * @param aSSLStatus the SSLStatus of the current channel
+     * @param aHeader the HTTP response header specifying security data.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aMaxAge the parsed max-age directive of the header.
+     * @param aIncludeSubdomains the parsed includeSubdomains directive.
+     * @param aFailureResult a more specific failure result if NS_ERROR_FAILURE
+                             was returned.
+     * @return NS_OK            if it succeeds
+     *         NS_ERROR_FAILURE if it can't be parsed
+     *         NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+     *                          if there are unrecognized tokens in the header.
+     */
+    void processHeader(in uint32_t aType,
+                       in nsIURI aSourceURI,
+                       in string aHeader,
+                       in nsISSLStatus aSSLStatus,
+                       in uint32_t aFlags,
+                       [optional] out unsigned long long aMaxAge,
+                       [optional] out boolean aIncludeSubdomains,
+                       [optional] out uint32_t aFailureResult);
+
+    /**
+     * Same as processHeader but without checking for the security properties
+     * of the connection. Use ONLY for testing.
+     */
+    void unsafeProcessHeader(in uint32_t aType,
+                             in nsIURI aSourceURI,
+                             in string aHeader,
+                             in uint32_t aFlags,
+                             [optional] out unsigned long long aMaxAge,
+                             [optional] out boolean aIncludeSubdomains,
+                             [optional] out uint32_t aFailureResult);
+
+    /**
+     * Given a header type, removes state relating to that header of a host,
+     * including the includeSubdomains state that would affect subdomains.
+     * This essentially removes the state for the domain tree rooted at this
+     * host.
+     * @param aType   the type of security state in question
+     * @param aURI    the URI of the target host
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     */
+    void removeState(in uint32_t aType,
+                     in nsIURI aURI,
+                     in uint32_t aFlags);
+
+    /**
+     * See isSecureURI
+     *
+     * @param aType the type of security state in question.
+     * @param aHost the hostname (punycode) to query for state.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aCached true if we have cached information regarding whether or not
+     *                  the host is HSTS, false otherwise.
+     */
+    boolean isSecureHost(in uint32_t aType,
+                         in string aHost,
+                         in uint32_t aFlags,
+                         [optional] out boolean aCached);
+
+    /**
+     * Checks whether or not the URI's hostname has a given security state set.
+     * For example, for HSTS:
+     * The URI is an HSTS URI if either the host has the HSTS state set, or one
+     * of its super-domains has the HSTS "includeSubdomains" flag set.
+     * NOTE: this function makes decisions based only on the
+     * host contained in the URI, and disregards other portions of the URI
+     * such as path and port.
+     *
+     * @param aType the type of security state in question.
+     * @param aURI the URI to query for STS state.
+     * @param aFlags  options for this request as defined in nsISocketProvider:
+     *                  NO_PERMANENT_STORAGE
+     * @param aCached true if we have cached information regarding whether or not
+     *                  the host is HSTS, false otherwise.
+     */
+    boolean isSecureURI(in uint32_t aType, in nsIURI aURI, in uint32_t aFlags,
+                        [optional] out boolean aCached);
+
+    /**
+     * Removes all non-preloaded security state by resetting to factory-original
+     * settings.
+     */
+    void clearAll();
+
+    /**
+     * Removes all preloaded security state.
+     */
+    void clearPreloads();
+
+    /**
+     * Returns an array of sha256-hashed key pins for the given domain, if any.
+     * If these pins also apply to subdomains of the given domain,
+     * aIncludeSubdomains will be true. Pins returned are only for non-built-in
+     * pin entries.
+     *
+     * @param aHostname the hosname (punycode) to be queried about
+     * @param the time at which the pins should be valid. This is in
+              mozilla::pkix::Time which uses internally seconds since 0 AD.
+     * @param aPinArray the set of sha256-hashed key pins for the given domain
+     * @param aIncludeSubdomains true if the pins apply to subdomains of the
+     *        given domain
+     */
+    [noscript] boolean getKeyPinsForHostname(in string aHostname,
+                                             in mozillaPkixTime evalTime,
+                                             out nsCStringTArrayRef aPinArray,
+                                             out boolean aIncludeSubdomains);
+
+    /**
+     * Set public-key pins for a host. The resulting pins will be permanent
+     * and visible from private and non-private contexts. These pins replace
+     * any already set by this mechanism or those built-in to Gecko.
+     *
+     * @param aHost the hostname (punycode) that pins will apply to
+     * @param aIncludeSubdomains whether these pins also apply to subdomains
+     * @param aExpires the time this pin should expire (millis since epoch)
+     * @param aPinCount number of keys being pinnned
+     * @param aSha256Pins array of hashed key fingerprints (SHA-256, base64)
+     * @param aIsPreload are these key pins for a preload entry? (false by
+     *        default)
+     */
+     boolean setKeyPins(in string aHost, in boolean aIncludeSubdomains,
+                        in int64_t aExpires, in unsigned long aPinCount,
+                        [array, size_is(aPinCount)] in string aSha256Pins,
+                        [optional] in boolean aIsPreload);
+
+    /**
+     * Mark a host as declining to provide a given security state so that features
+     * such as HSTS priming will not flood a server with requests.
+     *
+     * @param aURI the nsIURI that this applies to
+     * @param aMaxAge lifetime (in seconds) of this negative cache
+     */
+    [noscript] void cacheNegativeHSTSResult(in nsIURI aURI, in unsigned long long aMaxAge);
+};
+
+%{C++
+#define NS_SSSERVICE_CONTRACTID "@mozilla.org/ssservice;1"
+%}
diff --git a/security/manager/ssl/nsITokenDialogs.idl b/security/manager/ssl/nsITokenDialogs.idl
new file mode 100644
index 000000000..ceb625294
--- /dev/null
+++ b/security/manager/ssl/nsITokenDialogs.idl
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+interface nsIProtectedAuthThread;
+
+[scriptable, uuid(a1cbc159-468c-495d-8068-61dd538cbcca)]
+interface nsITokenDialogs : nsISupports
+{
+  void ChooseToken(in nsIInterfaceRequestor ctx,
+                   [array, size_is(count)] in wstring tokenNameList,
+                   in unsigned long count,
+                   out wstring tokenName,
+                   out boolean canceled);
+
+    /**
+    * displayProtectedAuth - displays notification dialog to the user 
+    * that he is expected to authenticate to the token using its
+    * "protected authentication path" feature
+    */
+  void displayProtectedAuth(in nsIInterfaceRequestor ctx,
+                            in nsIProtectedAuthThread runnable);
+};
+
+%{C++
+#define NS_TOKENDIALOGS_CONTRACTID "@mozilla.org/nsTokenDialogs;1"
+%}
diff --git a/security/manager/ssl/nsITokenPasswordDialogs.idl b/security/manager/ssl/nsITokenPasswordDialogs.idl
new file mode 100644
index 000000000..6e5660b17
--- /dev/null
+++ b/security/manager/ssl/nsITokenPasswordDialogs.idl
@@ -0,0 +1,29 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIInterfaceRequestor;
+
+
+/**
+ * nsITokenPasswordDialogs
+ *  This is the interface for setting and changing password
+ *  on a PKCS11 token.
+ */
+[scriptable, uuid(87dbd64a-4466-474e-95f5-1ad1cee5702c)]
+interface nsITokenPasswordDialogs : nsISupports
+{
+  /**
+   * setPassword - sets the password/PIN on the named token.
+   *   The canceled output value should be set to TRUE when
+   *   the user (or implementation) cancels the operation.
+   */
+  void setPassword(in nsIInterfaceRequestor ctx, in wstring tokenName,
+                   out boolean canceled);
+};
+
+%{C++
+#define NS_TOKENPASSWORDSDIALOG_CONTRACTID "@mozilla.org/nsTokenPasswordDialogs;1"
+%}
diff --git a/security/manager/ssl/nsIU2FToken.idl b/security/manager/ssl/nsIU2FToken.idl
new file mode 100644
index 000000000..119c18593
--- /dev/null
+++ b/security/manager/ssl/nsIU2FToken.idl
@@ -0,0 +1,66 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+
+/**
+ * Interface used to interact with U2F Token devices
+ */
+[scriptable, uuid(5778242f-1f42-47a2-b514-fa1adde2d904)]
+interface nsIU2FToken : nsISupports {
+  /**
+   * Is this token compatible with the provided version?
+   *
+   * @param version The offered version to test
+   * @return True if the offered version is compatible
+   */
+  void isCompatibleVersion(in AString version, [retval] out boolean result);
+
+  /**
+   * Return whether the provided KeyHandle belongs to this Token
+   *
+   * @param keyHandle Key Handle to evaluate.
+   * @return True if the Key Handle is ours.
+   */
+  void isRegistered([array, size_is(keyHandleLen)] in octet keyHandle,
+                    in uint32_t keyHandleLen,
+                    [retval] out boolean result);
+
+  /**
+   * Generates a public/private keypair for the provided application
+   * and challenge, returning the pubkey, challenge response, and
+   * key handle in the registration data.
+   *
+   * @param application The FIDO Application data to associate with the key.
+   * @param challenge The Challenge to satisfy in the response.
+   * @param registration An array containing the pubkey, challenge response,
+   *                     and key handle.
+   */
+  void register([array, size_is(applicationLen)] in octet application,
+                in uint32_t applicationLen,
+                [array, size_is(challengeLen)] in octet challenge,
+                in uint32_t challengeLen,
+                [array, size_is(registrationLen)] out octet registration,
+                out uint32_t registrationLen);
+
+  /**
+   * Creates a signature over the "param" arguments using the private key
+   * provided in the key handle argument.
+   *
+   * @param application The FIDO Application data to associate with the key.
+   * @param challenge The Challenge to satisfy in the response.
+   * @param keyHandle The Key Handle opaque object to use.
+   * @param signature The resulting signature.
+   */
+  void sign([array, size_is(applicationLen)] in octet application,
+            in uint32_t applicationLen,
+            [array, size_is(challengeLen)] in octet challenge,
+            in uint32_t challengeLen,
+            [array, size_is(keyHandleLen)] in octet keyHandle,
+            in uint32_t keyHandleLen,
+            [array, size_is(signatureLen)] out octet signature,
+            out uint32_t signatureLen);
+};
diff --git a/security/manager/ssl/nsIWeakCryptoOverride.idl b/security/manager/ssl/nsIWeakCryptoOverride.idl
new file mode 100644
index 000000000..7e3aa663f
--- /dev/null
+++ b/security/manager/ssl/nsIWeakCryptoOverride.idl
@@ -0,0 +1,45 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+%{C++
+#define NS_WEAKCRYPTOOVERRIDE_CONTRACTID "@mozilla.org/security/weakcryptooverride;1"
+%}
+
+/**
+ * This represents the fallback whitelist for
+ * weak crypto servers such as RC4-only.
+ */
+[scriptable, uuid(27b4d3df-8f15-4eb4-a35f-474e911b61e7)]
+interface nsIWeakCryptoOverride : nsISupports {
+  /**
+   *  Add a weak crypto override for the given hostname.
+   *  Main thread only.
+   *
+   *  @param aHostName The host (punycode) this mapping belongs to
+   *  @param aPrivate The override info will used for the private browsing
+   *                  session and no information will be written to the disk.
+   *  @param aTemporary The override info will not persist between sessions.
+   *                    Ignored if aPrivate is true.
+   */
+  void addWeakCryptoOverride(in ACString aHostName,
+                             in boolean aPrivate,
+                             [optional] in boolean aTemporary);
+
+  /**
+   *  Remove a weak crypto override for the given hostname:port.
+   *  Main thread only.
+   *
+   *  @param aHostName The host (punycode) whose entry should be cleared.
+   *  @param aPort The port whose entry should be cleared.
+   *  @param aPrivate The override info will used for the private browsing
+   *                  session.
+   */
+  void removeWeakCryptoOverride(in ACString aHostName,
+                                in int32_t aPort,
+                                in boolean aPrivate);
+};
diff --git a/security/manager/ssl/nsIX509Cert.idl b/security/manager/ssl/nsIX509Cert.idl
new file mode 100644
index 000000000..b1965edd4
--- /dev/null
+++ b/security/manager/ssl/nsIX509Cert.idl
@@ -0,0 +1,261 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509CertValidity;
+interface nsIASN1Object;
+interface nsICertVerificationListener;
+
+%{ C++
+ /* forward declaration */
+ typedef struct CERTCertificateStr CERTCertificate;
+%}
+[ptr] native CERTCertificatePtr(CERTCertificate);
+
+/**
+ * This represents a X.509 certificate.
+ *
+ * NOTE: Service workers persist x.509 certs in object form on disk.  If you
+ *       change this uuid you probably need a hack in nsBinaryInputStream to
+ *       read the old uuid.  If you change the format of the object
+ *       serialization then more complex changes will be needed.
+ */
+[scriptable, uuid(bdc3979a-5422-4cd5-8589-696b6e96ea83)]
+interface nsIX509Cert : nsISupports {
+
+  /**
+   *  A nickname for the certificate.
+   */
+  readonly attribute AString nickname;
+
+  /**
+   *  The primary email address of the certificate, if present.
+   */
+  readonly attribute AString emailAddress;
+
+  /**
+   * Did this certificate ship with the platform as a built-in root?
+   */
+  readonly attribute bool isBuiltInRoot;
+
+  /**
+   *  Obtain a list of all email addresses
+   *  contained in the certificate.
+   *
+   *  @param length The number of strings in the returned array.
+   *  @return An array of email addresses.
+   */
+  void getEmailAddresses(out unsigned long length,
+                         [retval, array, size_is(length)] out wstring addresses);
+
+  /**
+   *  Check whether a given address is contained in the certificate.
+   *  The comparison will convert the email address to lowercase.
+   *  The behaviour for non ASCII characters is undefined.
+   *
+   *  @param aEmailAddress The address to search for.
+   *
+   *  @return True if the address is contained in the certificate.
+   */
+  boolean containsEmailAddress(in AString aEmailAddress);
+
+  /**
+   *  The subject owning the certificate.
+   */
+  readonly attribute AString subjectName;
+
+  /**
+   *  The subject's common name.
+   */
+  readonly attribute AString commonName;
+
+  /**
+   *  The subject's organization.
+   */
+  readonly attribute AString organization;
+
+  /**
+   *  The subject's organizational unit.
+   */
+  readonly attribute AString organizationalUnit;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA-256 algorithm.
+   */
+  readonly attribute AString sha256Fingerprint;
+
+  /**
+   *  The fingerprint of the certificate's DER encoding,
+   *  calculated using the SHA1 algorithm.
+   */
+  readonly attribute AString sha1Fingerprint;
+
+  /**
+   *  A human readable name identifying the hardware or
+   *  software token the certificate is stored on.
+   */
+  readonly attribute AString tokenName;
+
+  /**
+   *  The subject identifying the issuer certificate.
+   */
+  readonly attribute AString issuerName;
+
+  /**
+   *  The serial number the issuer assigned to this certificate.
+   */
+  readonly attribute AString serialNumber;
+
+  /**
+   *  The issuer subject's common name.
+   */
+  readonly attribute AString issuerCommonName;
+
+  /**
+   *  The issuer subject's organization.
+   */
+  readonly attribute AString issuerOrganization;
+
+  /**
+   *  The issuer subject's organizational unit.
+   */
+  readonly attribute AString issuerOrganizationUnit;
+
+  /**
+   *  The certificate used by the issuer to sign this certificate.
+   */
+  readonly attribute nsIX509Cert issuer;
+
+  /**
+   *  This certificate's validity period.
+   */
+  readonly attribute nsIX509CertValidity validity;
+
+  /**
+   *  A unique identifier of this certificate within the local storage.
+   */
+  readonly attribute ACString dbKey;
+
+  /**
+   *  A human readable identifier to label this certificate.
+   */
+  readonly attribute AString windowTitle;
+
+  /**
+   *  Constants to classify the type of a certificate.
+   */
+  const unsigned long UNKNOWN_CERT =      0;
+  const unsigned long CA_CERT      = 1 << 0;
+  const unsigned long USER_CERT    = 1 << 1;
+  const unsigned long EMAIL_CERT   = 1 << 2;
+  const unsigned long SERVER_CERT  = 1 << 3;
+  const unsigned long ANY_CERT     = 0xffff;
+
+  /**
+   * Type of this certificate
+   */
+  readonly attribute unsigned long certType;
+
+  /**
+   *  True if the certificate is self-signed. CA issued
+   *  certificates are always self-signed.
+   */
+  readonly attribute boolean isSelfSigned;
+
+  /**
+   *  Constants for specifying the chain mode when exporting a certificate
+   */
+  const unsigned long CMS_CHAIN_MODE_CertOnly = 1;
+  const unsigned long CMS_CHAIN_MODE_CertChain = 2;
+  const unsigned long CMS_CHAIN_MODE_CertChainWithRoot = 3;
+
+  /**
+   *  Obtain a list of certificates that contains this certificate
+   *  and the issuing certificates of all involved issuers,
+   *  up to the root issuer.
+   *
+   *  @return The chain of certifficates including the issuers.
+   */
+  nsIArray getChain();
+
+  /**
+   * A comma separated list of localized strings representing the contents of
+   * the certificate's key usage extension, if present. The empty string if the
+   * certificate doesn't have the key usage extension, or has an empty extension.
+   */
+  readonly attribute AString keyUsages;
+
+  /**
+   *  This is the attribute which describes the ASN1 layout
+   *  of the certificate.  This can be used when doing a
+   *  "pretty print" of the certificate's ASN1 structure.
+   */
+  readonly attribute nsIASN1Object ASN1Structure;
+
+  /**
+   *  Obtain a raw binary encoding of this certificate
+   *  in DER format.
+   *
+   *  @param length The number of bytes in the binary encoding.
+   *  @param data The bytes representing the DER encoded certificate.
+   */
+  void getRawDER(out unsigned long length,
+	               [retval, array, size_is(length)] out octet data);
+
+  /**
+   *  Test whether two certificate instances represent the
+   *  same certificate.
+   *
+   *  @return Whether the certificates are equal
+   */
+  boolean equals(in nsIX509Cert other);
+
+  /**
+   * The base64 encoding of the DER encoded public key info using the specified
+   * digest.
+   */
+  readonly attribute ACString sha256SubjectPublicKeyInfoDigest;
+
+  /**
+   *  Obtain the certificate wrapped in a PKCS#7 SignedData structure,
+   *  with or without the certificate chain
+   *
+   *  @param chainMode Whether to include the chain (with or without the root),
+                       see CMS_CHAIN_MODE constants.
+   *  @param length The number of bytes of the PKCS#7 data.
+   *  @param data The bytes representing the PKCS#7 wrapped certificate.
+   */
+  void exportAsCMS(in unsigned long chainMode,
+                   out unsigned long length,
+                   [retval, array, size_is(length)] out octet data);
+
+  /**
+   * Retrieves the NSS certificate object wrapped by this interface
+   */
+   [notxpcom, noscript] CERTCertificatePtr getCert();
+
+  /**
+   * Human readable names identifying all hardware or
+   * software tokens the certificate is stored on.
+   *
+   * @param length On success, the number of entries in the returned array.
+   * @return On success, an array containing the names of all tokens
+   *         the certificate is stored on (may be empty).
+   *         On failure the function throws/returns an error.
+   */
+  void getAllTokenNames(out unsigned long length,
+                       [retval, array, size_is(length)] out wstring
+                       tokenNames);
+
+  /**
+   * Either delete the certificate from all cert databases,
+   * or mark it as untrusted.
+   */
+  void markForPermDeletion();
+};
diff --git a/security/manager/ssl/nsIX509CertDB.idl b/security/manager/ssl/nsIX509CertDB.idl
new file mode 100644
index 000000000..44d8e0588
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertDB.idl
@@ -0,0 +1,431 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsIArray;
+interface nsIX509Cert;
+interface nsIFile;
+interface nsIInterfaceRequestor;
+interface nsIZipReader;
+interface nsIX509CertList;
+interface nsIInputStream;
+
+%{C++
+#define NS_X509CERTDB_CONTRACTID "@mozilla.org/security/x509certdb;1"
+%}
+
+typedef uint32_t AppTrustedRoot;
+
+[scriptable, function, uuid(fc2b60e5-9a07-47c2-a2cd-b83b68a660ac)]
+interface nsIOpenSignedAppFileCallback : nsISupports
+{
+  void openSignedAppFileFinished(in nsresult rv,
+                                 in nsIZipReader aZipReader,
+                                 in nsIX509Cert aSignerCert);
+};
+
+[scriptable, function, uuid(d5f97827-622a-488f-be08-d850432ac8ec)]
+interface nsIVerifySignedDirectoryCallback : nsISupports
+{
+  void verifySignedDirectoryFinished(in nsresult rv,
+                                     in nsIX509Cert aSignerCert);
+};
+
+[scriptable, function, uuid(3d6a9c87-5c5f-46fc-9410-96da6092f0f2)]
+interface nsIVerifySignedManifestCallback : nsISupports
+{
+  void verifySignedManifestFinished(in nsresult rv,
+                                    in nsIX509Cert aSignerCert);
+};
+
+/**
+ * Callback type for use with asyncVerifyCertAtTime.
+ * If aPRErrorCode is PRErrorCodeSuccess (i.e. 0), aVerifiedChain represents the
+ * verified certificate chain determined by asyncVerifyCertAtTime. aHasEVPolicy
+ * represents whether or not the end-entity certificate verified as EV.
+ * If aPRErrorCode is non-zero, it represents the error encountered during
+ * verification. aVerifiedChain is null in that case and aHasEVPolicy has no
+ * meaning.
+ */
+[scriptable, function, uuid(49e16fc8-efac-4f57-8361-956ef6b960a4)]
+interface nsICertVerificationCallback : nsISupports {
+  void verifyCertFinished(in int32_t aPRErrorCode,
+                          in nsIX509CertList aVerifiedChain,
+                          in bool aHasEVPolicy);
+};
+
+/**
+ * This represents a service to access and manipulate
+ * X.509 certificates stored in a database.
+ */
+[scriptable, uuid(5c16cd9b-5a73-47f1-ab0f-11ede7495cce)]
+interface nsIX509CertDB : nsISupports {
+
+  /**
+   *  Constants that define which usages a certificate
+   *  is trusted for.
+   */
+  const unsigned long UNTRUSTED       =      0;
+  const unsigned long TRUSTED_SSL     = 1 << 0;
+  const unsigned long TRUSTED_EMAIL   = 1 << 1;
+  const unsigned long TRUSTED_OBJSIGN = 1 << 2;
+
+  /**
+   *  Given a nickname,
+   *  locate the matching certificate.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find a certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findCertByNickname(in AString aNickname);
+
+  /**
+   *  Will find a certificate based on its dbkey
+   *  retrieved by getting the dbKey attribute of
+   *  the certificate.
+   *
+   *  @param aDBkey Database internal key, as obtained using
+   *                attribute dbkey in nsIX509Cert.
+   */
+  nsIX509Cert findCertByDBKey(in string aDBkey);
+
+  /**
+   *  Find user's own email encryption certificate by nickname.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findEmailEncryptionCert(in AString aNickname);
+
+  /**
+   *  Find user's own email signing certificate by nickname.
+   *
+   *  @param aNickname The nickname to be used as the key
+   *                   to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findEmailSigningCert(in AString aNickname);
+
+  /**
+   *  Find a certificate by email address.
+   *
+   *  @param aEmailAddress The email address to be used as the key
+   *                       to find the certificate.
+   *
+   *  @return The matching certificate if found.
+   */
+  nsIX509Cert findCertByEmailAddress(in string aEmailAddress);
+
+  /**
+   *  Use this to import a stream sent down as a mime type into
+   *  the certificate database on the default token.
+   *  The stream may consist of one or more certificates.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param type The type of the certificate, see constants in nsIX509Cert
+   *  @param ctx A UI context.
+   */
+  void importCertificates([array, size_is(length)] in octet data,
+                          in unsigned long length,
+                          in unsigned long type,
+                          in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import another person's email certificate into the database.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importEmailCertificate([array, size_is(length)] in octet data,
+                              in unsigned long length,
+                              in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Import a personal certificate into the database, assuming
+   *  the database already contains the private key for this certificate.
+   *
+   *  @param data The raw data to be imported
+   *  @param length The length of the data to be imported
+   *  @param ctx A UI context.
+   */
+  void importUserCertificate([array, size_is(length)] in octet data,
+                             in unsigned long length,
+                             in nsIInterfaceRequestor ctx);
+
+  /**
+   *  Delete a certificate stored in the database.
+   *
+   *  @param aCert Delete this certificate.
+   */
+  void deleteCertificate(in nsIX509Cert aCert);
+
+  /**
+   *  Modify the trust that is stored and associated to a certificate within
+   *  a database. Separate trust is stored for
+   *  One call manipulates the trust for one trust type only.
+   *  See the trust type constants defined within this interface.
+   *
+   *  @param cert Change the stored trust of this certificate.
+   *  @param type The type of the certificate. See nsIX509Cert.
+   *  @param trust A bitmask. The new trust for the possible usages.
+   *               See the trust constants defined within this interface.
+   */
+  void setCertTrust(in nsIX509Cert cert,
+                    in unsigned long type,
+                    in unsigned long trust);
+
+  /**
+   * @param cert        The certificate for which to modify trust.
+   * @param trustString decoded by CERT_DecodeTrustString. 3 comma separated
+   *                    characters, indicating SSL, Email, and Obj signing
+   *                    trust.
+   */
+  void setCertTrustFromString(in nsIX509Cert cert, in ACString trustString);
+
+  /**
+   *  Query whether a certificate is trusted for a particular use.
+   *
+   *  @param cert Obtain the stored trust of this certificate.
+   *  @param certType The type of the certificate. See nsIX509Cert.
+   *  @param trustType A single bit from the usages constants defined
+   *                   within this interface.
+   *
+   *  @return Returns true if the certificate is trusted for the given use.
+   */
+  boolean isCertTrusted(in nsIX509Cert cert,
+                        in unsigned long certType,
+                        in unsigned long trustType);
+
+  /**
+   *  Import certificate(s) from file
+   *
+   *  @param aFile Identifies a file that contains the certificate
+   *               to be imported.
+   *  @param aType Describes the type of certificate that is going to
+   *               be imported. See type constants in nsIX509Cert.
+   */
+  void importCertsFromFile(in nsIFile aFile,
+                           in unsigned long aType);
+
+  /**
+   *  Import a PKCS#12 file containing cert(s) and key(s) into the database.
+   *
+   *  @param aToken Optionally limits the scope of
+   *                this function to a token device.
+   *                Can be null to mean any token.
+   *  @param aFile Identifies a file that contains the data
+   *               to be imported.
+   */
+  void importPKCS12File(in nsISupports aToken,
+                        in nsIFile aFile);
+
+  /**
+   *  Export a set of certs and keys from the database to a PKCS#12 file.
+   *
+   *  @param aToken Optionally limits the scope of
+   *                this function to a token device.
+   *                Can be null to mean any token.
+   *  @param aFile Identifies a file that will be filled with the data
+   *               to be exported.
+   *  @param count The number of certificates to be exported.
+   *  @param aCerts The array of all certificates to be exported.
+   */
+  void exportPKCS12File(in nsISupports aToken,
+                        in nsIFile aFile,
+                        in unsigned long count,
+                        [array, size_is(count)] in nsIX509Cert aCerts);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param base64 The raw representation of a certificate,
+   *                encoded as Base 64.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509FromBase64(in ACString base64);
+
+  /*
+   *  Decode a raw data presentation and instantiate an object in memory.
+   *
+   *  @param certDER The raw representation of a certificate,
+   *                 encoded as raw DER.
+   *  @param length  The length of the DER string.
+   *  @return The new certificate object.
+   */
+  nsIX509Cert constructX509(in string certDER, in unsigned long length);
+
+  /**
+   *  Verifies the signature on the given JAR file to verify that it has a
+   *  valid signature.  To be considered valid, there must be exactly one
+   *  signature on the JAR file and that signature must have signed every
+   *  entry. Further, the signature must come from a certificate that
+   *  is trusted for code signing.
+   *
+   *  On success, NS_OK, a nsIZipReader, and the trusted certificate that
+   *  signed the JAR are returned.
+   *
+   *  On failure, an error code is returned.
+   *
+   *  This method returns a nsIZipReader, instead of taking an nsIZipReader
+   *  as input, to encourage users of the API to verify the signature as the
+   *  first step in opening the JAR.
+   */
+  const AppTrustedRoot AppMarketplaceProdPublicRoot = 1;
+  const AppTrustedRoot AppMarketplaceProdReviewersRoot = 2;
+  const AppTrustedRoot AppMarketplaceDevPublicRoot = 3;
+  const AppTrustedRoot AppMarketplaceDevReviewersRoot = 4;
+  const AppTrustedRoot AppMarketplaceStageRoot = 5;
+  const AppTrustedRoot AppXPCShellRoot = 6;
+  const AppTrustedRoot AddonsPublicRoot = 7;
+  const AppTrustedRoot AddonsStageRoot = 8;
+  const AppTrustedRoot PrivilegedPackageRoot = 9;
+  /*
+   * If DeveloperImportedRoot is set as trusted root, a CA from local file
+   * system will be imported. Only used when preference
+   * "network.http.packaged-apps-developer-mode" is set.
+   * The path of the CA is specified by preference
+   * "network.http.packaged-apps-developer-trusted-root".
+   */
+  const AppTrustedRoot DeveloperImportedRoot = 10;
+  void openSignedAppFileAsync(in AppTrustedRoot trustedRoot,
+                              in nsIFile aJarFile,
+                              in nsIOpenSignedAppFileCallback callback);
+
+  /**
+   *  Verifies the signature on a directory representing an unpacked signed
+   *  JAR file. To be considered valid, there must be exactly one signature
+   *  on the directory structure and that signature must have signed every
+   *  entry. Further, the signature must come from a certificate that
+   *  is trusted for code signing.
+   *
+   *  On success NS_OK and the trusted certificate that signed the
+   *  unpacked JAR are returned.
+   *
+   *  On failure, an error code is returned.
+   */
+  void verifySignedDirectoryAsync(in AppTrustedRoot trustedRoot,
+                                  in nsIFile aUnpackedDir,
+                                  in nsIVerifySignedDirectoryCallback callback);
+
+  /**
+   * Given streams containing a signature and a manifest file, verifies
+   * that the signature is valid for the manifest. The signature must
+   * come from a certificate that is trusted for code signing and that
+   * was issued by the given trusted root.
+   *
+   *  On success, NS_OK and the trusted certificate that signed the
+   *  Manifest are returned.
+   *
+   *  On failure, an error code is returned.
+   */
+  void verifySignedManifestAsync(in AppTrustedRoot trustedRoot,
+                                 in nsIInputStream aManifestStream,
+                                 in nsIInputStream aSignatureStream,
+                                 in nsIVerifySignedManifestCallback callback);
+
+  /*
+   * Add a cert to a cert DB from a binary string.
+   *
+   * @param certDER The raw DER encoding of a certificate.
+   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
+   *                indicating SSL, Email, and Obj signing trust
+   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
+   */
+  void addCert(in ACString certDER, in ACString aTrust, in AUTF8String aName);
+
+  // Flags for verifyCertNow (these must match the values in CertVerifier.cpp):
+  // Prevent network traffic. Doesn't work with classic verification.
+  const uint32_t FLAG_LOCAL_ONLY = 1 << 0;
+  // Do not fall back to DV verification after attempting EV validation.
+  // Actually does prevent network traffic, but can cause a valid EV
+  // certificate to not be considered valid.
+  const uint32_t FLAG_MUST_BE_EV = 1 << 1;
+
+  /** Warning: This interface is inteded to use only for testing only as:
+   *    1. It can create IO on the main thread.
+   *    2. It is in constant change, so in/out can change at any release.
+   *
+   *  Obtain the verification result for a cert given a particular usage.
+   *  On success, the call returns 0, the chain built during verification,
+   *  and whether the cert is good for EV usage.
+   *  On failure, the call returns the PRErrorCode for the verification failure
+   *
+   *  @param aCert Obtain the stored trust of this certificate
+   *  @param aUsage a integer representing the usage from NSS
+   *  @param aFlags flags as described above
+   *  @param aHostname the (optional) hostname to verify for
+   *  @param aTime the time at which to verify, in seconds since the epoch
+   *  @param aVerifiedChain chain of verification up to the root if success
+   *  @param aHasEVPolicy bool that signified that the cert was an EV cert
+   *  @return 0 if success or the value or the error code for the verification
+   *          failure
+   */
+  int32_t /*PRErrorCode*/
+    verifyCertAtTime(in nsIX509Cert aCert,
+                     in int64_t /*SECCertificateUsage*/ aUsage,
+                     in uint32_t aFlags,
+                     in string aHostname,
+                     in uint64_t aTime,
+                     out nsIX509CertList aVerifiedChain,
+                     out bool aHasEVPolicy);
+  int32_t /*PRErrorCode*/
+    verifyCertNow(in nsIX509Cert aCert,
+                  in int64_t /*SECCertificateUsage*/ aUsage,
+                  in uint32_t aFlags,
+                  in string aHostname,
+                  out nsIX509CertList aVerifiedChain,
+                  out bool aHasEVPolicy);
+
+  /**
+   * Similar to the above, but asynchronous. As a result, use of this API is not
+   * limited to tests.
+   */
+  void asyncVerifyCertAtTime(in nsIX509Cert aCert,
+                             in int64_t /*SECCertificateUsage*/ aUsage,
+                             in uint32_t aFlags,
+                             in string aHostname,
+                             in uint64_t aTime,
+                             in nsICertVerificationCallback aCallback);
+
+  // Clears the OCSP cache for the current certificate verification
+  // implementation.
+  void clearOCSPCache();
+
+  /*
+   * Add a cert to a cert DB from a base64 encoded string.
+   *
+   * @param base64 The raw representation of a certificate,
+   *                encoded as Base 64.
+   * @param aTrust decoded by CERT_DecodeTrustString. 3 comma separated characters,
+   *                indicating SSL, Email, and Obj signing trust
+   * @param aName name of the cert for display purposes.
+   *              TODO(bug 857627): aName is currently ignored. It should either
+   *              not be ignored, or be removed.
+   */
+  void addCertFromBase64(in ACString base64, in ACString aTrust,
+                         in AUTF8String aName);
+
+  /*
+   * Get all the known certs in the database
+   */
+  nsIX509CertList getCerts();
+
+  /*
+   * Get a list of imported enterprise root certificates (currently only
+   * implemented on Windows).
+   */
+  nsIX509CertList getEnterpriseRoots();
+};
diff --git a/security/manager/ssl/nsIX509CertList.idl b/security/manager/ssl/nsIX509CertList.idl
new file mode 100644
index 000000000..63f1c5e38
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertList.idl
@@ -0,0 +1,49 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+interface nsISimpleEnumerator;
+interface nsIX509Cert;
+
+%{C++
+typedef struct CERTCertListStr CERTCertList;
+%}
+[ptr] native CERTCertListPtr(CERTCertList);
+
+[scriptable, uuid(ae74cda5-cd2f-473f-96f5-f0b7fff62c68)]
+interface nsIX509CertList : nsISupports {
+   void addCert(in nsIX509Cert cert);
+   void deleteCert(in nsIX509Cert cert);
+   nsISimpleEnumerator getEnumerator();
+
+   /**
+    * Returns the raw, backing cert list.
+    * Must be called only from functions where an nsNSSShutDownPreventionLock
+    * has been acquired.
+    */
+   [notxpcom, noscript] CERTCertListPtr getRawCertList();
+
+   /**
+    * Test whether two certificate list instances represent the same
+    * certificate list.
+    *
+    * @return Whether the certificate lists are equal
+    */
+   boolean equals(in nsIX509CertList other);
+
+};
+
+%{C++
+
+#define NS_X509CERTLIST_CID { /* 959fb165-6517-487f-ab9b-d8913be53197 */  \
+    0x959fb165,                                                           \
+    0x6517,                                                               \
+    0x487f,                                                               \
+    {0xab, 0x9b, 0xd8, 0x91, 0x3b, 0xe5, 0x31, 0x97}                      \
+  }
+
+#define NS_X509CERTLIST_CONTRACTID "@mozilla.org/security/x509certlist;1"
+
+%}
diff --git a/security/manager/ssl/nsIX509CertValidity.idl b/security/manager/ssl/nsIX509CertValidity.idl
new file mode 100644
index 000000000..25d4c004b
--- /dev/null
+++ b/security/manager/ssl/nsIX509CertValidity.idl
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsISupports.idl"
+
+/**
+ * Information on the validity period of a X.509 certificate.
+ */
+[scriptable, uuid(e701dfd8-1dd1-11b2-a172-ffa6cc6156ad)]
+interface nsIX509CertValidity : nsISupports {
+
+  /**
+   *  The earliest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notBefore;
+  
+  /**
+   *  "notBefore" attribute formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notBeforeLocalTime;
+
+  /**
+   *  The day portion of "notBefore" 
+   *  formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notBeforeLocalDay;
+
+  /**
+   *  "notBefore" attribute formatted as a string
+   *  according to the environment locale,
+   *  displayed as GMT / UTC.
+   */
+  readonly attribute AString notBeforeGMT;
+
+  /**
+   *  The latest point in time where
+   *  a certificate is valid.
+   */
+  readonly attribute PRTime notAfter;
+
+  /**
+   *  "notAfter" attribute formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notAfterLocalTime;
+
+  /**
+   *  The day portion of "notAfter" 
+   *  formatted as a time string
+   *  according to the environment locale,
+   *  according to the environment time zone.
+   */
+  readonly attribute AString notAfterLocalDay;
+
+  /**
+   *  "notAfter" attribute formatted as a time string
+   *  according to the environment locale,
+   *  displayed as GMT / UTC.
+   */
+  readonly attribute AString notAfterGMT;
+};
diff --git a/security/manager/ssl/nsKeyModule.cpp b/security/manager/ssl/nsKeyModule.cpp
new file mode 100644
index 000000000..41e5f5df9
--- /dev/null
+++ b/security/manager/ssl/nsKeyModule.cpp
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsKeyModule.h"
+#include "nsString.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsKeyObject, nsIKeyObject)
+
+nsKeyObject::nsKeyObject()
+  : mSymKey(nullptr)
+{
+}
+
+nsKeyObject::~nsKeyObject()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsKeyObject::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsKeyObject::destructorSafeDestroyNSSReference()
+{
+  mSymKey = nullptr;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+// nsIKeyObject
+
+NS_IMETHODIMP
+nsKeyObject::InitKey(int16_t aAlgorithm, PK11SymKey* aKey)
+{
+  if (!aKey || aAlgorithm != nsIKeyObject::HMAC) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  mSymKey.reset(aKey);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsKeyObject::GetKeyObj(PK11SymKey** _retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  *_retval = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mSymKey) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  *_retval = mSymKey.get();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsKeyObject::GetType(int16_t *_retval)
+{
+  if (!_retval) {
+    return NS_ERROR_INVALID_ARG;
+  }
+  *_retval = nsIKeyObject::SYM_KEY;
+  return NS_OK;
+}
+
+//////////////////////////////////////////////////////////////////////////////
+// nsIKeyObjectFactory
+
+NS_IMPL_ISUPPORTS(nsKeyObjectFactory, nsIKeyObjectFactory)
+
+nsKeyObjectFactory::nsKeyObjectFactory()
+{
+}
+
+nsKeyObjectFactory::~nsKeyObjectFactory()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsKeyObjectFactory::KeyFromString(int16_t aAlgorithm, const nsACString& aKey,
+                                  nsIKeyObject** _retval)
+{
+  if (!_retval || aAlgorithm != nsIKeyObject::HMAC) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  CK_MECHANISM_TYPE cipherMech = CKM_GENERIC_SECRET_KEY_GEN;
+  CK_ATTRIBUTE_TYPE cipherOperation = CKA_SIGN;
+
+  nsresult rv;
+  nsCOMPtr<nsIKeyObject> key(
+    do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Convert the raw string into a SECItem
+  const nsCString& flatKey = PromiseFlatCString(aKey);
+  SECItem keyItem;
+  keyItem.data = (unsigned char*)flatKey.get();
+  keyItem.len = flatKey.Length();
+
+  UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SymKey symKey(PK11_ImportSymKey(slot.get(), cipherMech,
+                                            PK11_OriginUnwrap, cipherOperation,
+                                            &keyItem, nullptr));
+  if (!symKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  rv = key->InitKey(aAlgorithm, symKey.release());
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  key.swap(*_retval);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsKeyModule.h b/security/manager/ssl/nsKeyModule.h
new file mode 100644
index 000000000..2f7c21937
--- /dev/null
+++ b/security/manager/ssl/nsKeyModule.h
@@ -0,0 +1,63 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeyModule_h
+#define nsKeyModule_h
+
+#include "ScopedNSSTypes.h"
+#include "nsIKeyModule.h"
+#include "nsNSSShutDown.h"
+#include "pk11pub.h"
+
+#define NS_KEYMODULEOBJECT_CID   \
+{ 0x9d383ddd, 0x6856, 0x4187, {0x84, 0x85, 0xf3, 0x61, 0x95, 0xb2, 0x9a, 0x0e} }
+#define NS_KEYMODULEOBJECT_CONTRACTID "@mozilla.org/security/keyobject;1"
+
+#define NS_KEYMODULEOBJECTFACTORY_CID   \
+{ 0x2a35dd47, 0xb026, 0x4e8d, {0xb6, 0xb7, 0x57, 0x40, 0xf6, 0x1a, 0xb9, 0x02} }
+#define NS_KEYMODULEOBJECTFACTORY_CONTRACTID \
+"@mozilla.org/security/keyobjectfactory;1"
+
+class nsKeyObject final : public nsIKeyObject
+                        , public nsNSSShutDownObject
+{
+public:
+  nsKeyObject();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIKEYOBJECT
+
+private:
+  ~nsKeyObject();
+
+  // Disallow copy constructor
+  nsKeyObject(nsKeyObject&);
+
+  UniquePK11SymKey mSymKey;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+
+class nsKeyObjectFactory final : public nsIKeyObjectFactory
+                               , public nsNSSShutDownObject
+{
+public:
+  nsKeyObjectFactory();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIKEYOBJECTFACTORY
+
+private:
+  ~nsKeyObjectFactory();
+
+  // Disallow copy constructor
+  nsKeyObjectFactory(nsKeyObjectFactory&);
+
+  // No NSS resources to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif // nsKeyModule_h
diff --git a/security/manager/ssl/nsKeygenHandler.cpp b/security/manager/ssl/nsKeygenHandler.cpp
new file mode 100644
index 000000000..c4529f877
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -0,0 +1,785 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base64.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Telemetry.h"
+#include "nsIContent.h"
+#include "nsIDOMHTMLSelectElement.h"
+#include "nsIGenKeypairInfoDlg.h"
+#include "nsIServiceManager.h"
+#include "nsITokenDialogs.h"
+#include "nsKeygenHandler.h"
+#include "nsKeygenHandlerContent.h"
+#include "nsKeygenThread.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsNSSHelper.h"
+#include "nsReadableUtils.h"
+#include "nsUnicharUtils.h"
+#include "nsXULAppAPI.h"
+#include "nspr.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secdert.h"
+
+//These defines are taken from the PKCS#11 spec
+#define CKM_RSA_PKCS_KEY_PAIR_GEN     0x00000000
+#define CKM_DH_PKCS_KEY_PAIR_GEN      0x00000020
+
+DERTemplate SECAlgorithmIDTemplate[] = {
+    { DER_SEQUENCE,
+          0, nullptr, sizeof(SECAlgorithmID) },
+    { DER_OBJECT_ID,
+          offsetof(SECAlgorithmID,algorithm), },
+    { DER_OPTIONAL | DER_ANY,
+          offsetof(SECAlgorithmID,parameters), },
+    { 0, }
+};
+
+DERTemplate CERTSubjectPublicKeyInfoTemplate[] = {
+    { DER_SEQUENCE,
+          0, nullptr, sizeof(CERTSubjectPublicKeyInfo) },
+    { DER_INLINE,
+          offsetof(CERTSubjectPublicKeyInfo,algorithm),
+          SECAlgorithmIDTemplate, },
+    { DER_BIT_STRING,
+          offsetof(CERTSubjectPublicKeyInfo,subjectPublicKey), },
+    { 0, }
+};
+
+DERTemplate CERTPublicKeyAndChallengeTemplate[] =
+{
+    { DER_SEQUENCE, 0, nullptr, sizeof(CERTPublicKeyAndChallenge) },
+    { DER_ANY, offsetof(CERTPublicKeyAndChallenge,spki), },
+    { DER_IA5_STRING, offsetof(CERTPublicKeyAndChallenge,challenge), },
+    { 0, }
+};
+
+typedef struct curveNameTagPairStr {
+    const char *curveName;
+    SECOidTag curveOidTag;
+} CurveNameTagPair;
+
+static CurveNameTagPair nameTagPair[] =
+{ 
+  { "prime192v1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "prime192v2", SEC_OID_ANSIX962_EC_PRIME192V2 },
+  { "prime192v3", SEC_OID_ANSIX962_EC_PRIME192V3 },
+  { "prime239v1", SEC_OID_ANSIX962_EC_PRIME239V1 },
+  { "prime239v2", SEC_OID_ANSIX962_EC_PRIME239V2 },
+  { "prime239v3", SEC_OID_ANSIX962_EC_PRIME239V3 },
+  { "prime256v1", SEC_OID_ANSIX962_EC_PRIME256V1 },
+
+  { "secp112r1", SEC_OID_SECG_EC_SECP112R1},
+  { "secp112r2", SEC_OID_SECG_EC_SECP112R2},
+  { "secp128r1", SEC_OID_SECG_EC_SECP128R1},
+  { "secp128r2", SEC_OID_SECG_EC_SECP128R2},
+  { "secp160k1", SEC_OID_SECG_EC_SECP160K1},
+  { "secp160r1", SEC_OID_SECG_EC_SECP160R1},
+  { "secp160r2", SEC_OID_SECG_EC_SECP160R2},
+  { "secp192k1", SEC_OID_SECG_EC_SECP192K1},
+  { "secp192r1", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "nistp192", SEC_OID_ANSIX962_EC_PRIME192V1 },
+  { "secp224k1", SEC_OID_SECG_EC_SECP224K1},
+  { "secp224r1", SEC_OID_SECG_EC_SECP224R1},
+  { "nistp224", SEC_OID_SECG_EC_SECP224R1},
+  { "secp256k1", SEC_OID_SECG_EC_SECP256K1},
+  { "secp256r1", SEC_OID_ANSIX962_EC_PRIME256V1 },
+  { "nistp256", SEC_OID_ANSIX962_EC_PRIME256V1 },
+  { "secp384r1", SEC_OID_SECG_EC_SECP384R1},
+  { "nistp384", SEC_OID_SECG_EC_SECP384R1},
+  { "secp521r1", SEC_OID_SECG_EC_SECP521R1},
+  { "nistp521", SEC_OID_SECG_EC_SECP521R1},
+
+  { "c2pnb163v1", SEC_OID_ANSIX962_EC_C2PNB163V1 },
+  { "c2pnb163v2", SEC_OID_ANSIX962_EC_C2PNB163V2 },
+  { "c2pnb163v3", SEC_OID_ANSIX962_EC_C2PNB163V3 },
+  { "c2pnb176v1", SEC_OID_ANSIX962_EC_C2PNB176V1 },
+  { "c2tnb191v1", SEC_OID_ANSIX962_EC_C2TNB191V1 },
+  { "c2tnb191v2", SEC_OID_ANSIX962_EC_C2TNB191V2 },
+  { "c2tnb191v3", SEC_OID_ANSIX962_EC_C2TNB191V3 },
+  { "c2onb191v4", SEC_OID_ANSIX962_EC_C2ONB191V4 },
+  { "c2onb191v5", SEC_OID_ANSIX962_EC_C2ONB191V5 },
+  { "c2pnb208w1", SEC_OID_ANSIX962_EC_C2PNB208W1 },
+  { "c2tnb239v1", SEC_OID_ANSIX962_EC_C2TNB239V1 },
+  { "c2tnb239v2", SEC_OID_ANSIX962_EC_C2TNB239V2 },
+  { "c2tnb239v3", SEC_OID_ANSIX962_EC_C2TNB239V3 },
+  { "c2onb239v4", SEC_OID_ANSIX962_EC_C2ONB239V4 },
+  { "c2onb239v5", SEC_OID_ANSIX962_EC_C2ONB239V5 },
+  { "c2pnb272w1", SEC_OID_ANSIX962_EC_C2PNB272W1 },
+  { "c2pnb304w1", SEC_OID_ANSIX962_EC_C2PNB304W1 },
+  { "c2tnb359v1", SEC_OID_ANSIX962_EC_C2TNB359V1 },
+  { "c2pnb368w1", SEC_OID_ANSIX962_EC_C2PNB368W1 },
+  { "c2tnb431r1", SEC_OID_ANSIX962_EC_C2TNB431R1 },
+
+  { "sect113r1", SEC_OID_SECG_EC_SECT113R1},
+  { "sect113r2", SEC_OID_SECG_EC_SECT113R2},
+  { "sect131r1", SEC_OID_SECG_EC_SECT131R1},
+  { "sect131r2", SEC_OID_SECG_EC_SECT131R2},
+  { "sect163k1", SEC_OID_SECG_EC_SECT163K1},
+  { "nistk163", SEC_OID_SECG_EC_SECT163K1},
+  { "sect163r1", SEC_OID_SECG_EC_SECT163R1},
+  { "sect163r2", SEC_OID_SECG_EC_SECT163R2},
+  { "nistb163", SEC_OID_SECG_EC_SECT163R2},
+  { "sect193r1", SEC_OID_SECG_EC_SECT193R1},
+  { "sect193r2", SEC_OID_SECG_EC_SECT193R2},
+  { "sect233k1", SEC_OID_SECG_EC_SECT233K1},
+  { "nistk233", SEC_OID_SECG_EC_SECT233K1},
+  { "sect233r1", SEC_OID_SECG_EC_SECT233R1},
+  { "nistb233", SEC_OID_SECG_EC_SECT233R1},
+  { "sect239k1", SEC_OID_SECG_EC_SECT239K1},
+  { "sect283k1", SEC_OID_SECG_EC_SECT283K1},
+  { "nistk283", SEC_OID_SECG_EC_SECT283K1},
+  { "sect283r1", SEC_OID_SECG_EC_SECT283R1},
+  { "nistb283", SEC_OID_SECG_EC_SECT283R1},
+  { "sect409k1", SEC_OID_SECG_EC_SECT409K1},
+  { "nistk409", SEC_OID_SECG_EC_SECT409K1},
+  { "sect409r1", SEC_OID_SECG_EC_SECT409R1},
+  { "nistb409", SEC_OID_SECG_EC_SECT409R1},
+  { "sect571k1", SEC_OID_SECG_EC_SECT571K1},
+  { "nistk571", SEC_OID_SECG_EC_SECT571K1},
+  { "sect571r1", SEC_OID_SECG_EC_SECT571R1},
+  { "nistb571", SEC_OID_SECG_EC_SECT571R1},
+
+};
+
+mozilla::UniqueSECItem
+DecodeECParams(const char* curve)
+{
+    SECOidData *oidData = nullptr;
+    SECOidTag curveOidTag = SEC_OID_UNKNOWN; /* default */
+    int i, numCurves;
+
+    if (curve && *curve) {
+        numCurves = sizeof(nameTagPair)/sizeof(CurveNameTagPair);
+        for (i = 0; ((i < numCurves) && (curveOidTag == SEC_OID_UNKNOWN)); 
+             i++) {
+            if (PL_strcmp(curve, nameTagPair[i].curveName) == 0)
+                curveOidTag = nameTagPair[i].curveOidTag;
+        }
+    }
+
+    /* Return nullptr if curve name is not recognized */
+    if ((curveOidTag == SEC_OID_UNKNOWN) || 
+        (oidData = SECOID_FindOIDByTag(curveOidTag)) == nullptr) {
+        return nullptr;
+    }
+
+    mozilla::UniqueSECItem ecparams(SECITEM_AllocItem(nullptr, nullptr,
+                                                      2 + oidData->oid.len));
+    if (!ecparams) {
+        return nullptr;
+    }
+
+    /* 
+     * ecparams->data needs to contain the ASN encoding of an object ID (OID)
+     * representing the named curve. The actual OID is in 
+     * oidData->oid.data so we simply prepend 0x06 and OID length
+     */
+    ecparams->data[0] = SEC_ASN1_OBJECT_ID;
+    ecparams->data[1] = oidData->oid.len;
+    memcpy(ecparams->data + 2, oidData->oid.data, oidData->oid.len);
+
+    return ecparams;
+}
+
+NS_IMPL_ISUPPORTS(nsKeygenFormProcessor, nsIFormProcessor)
+
+nsKeygenFormProcessor::nsKeygenFormProcessor()
+{ 
+   m_ctx = new PipUIContext();
+} 
+
+nsKeygenFormProcessor::~nsKeygenFormProcessor()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+nsresult
+nsKeygenFormProcessor::Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult)
+{
+  if (GeckoProcessType_Content == XRE_GetProcessType()) {
+    nsCOMPtr<nsISupports> contentProcessor = new nsKeygenFormProcessorContent();
+    return contentProcessor->QueryInterface(aIID, aResult);
+  }
+
+  nsresult rv;
+  NS_ENSURE_NO_AGGREGATION(aOuter);
+  nsKeygenFormProcessor* formProc = new nsKeygenFormProcessor();
+
+  nsCOMPtr<nsISupports> stabilize = formProc;
+  rv = formProc->Init();
+  if (NS_SUCCEEDED(rv)) {
+    rv = formProc->QueryInterface(aIID, aResult);
+  }
+  return rv;
+}
+
+nsresult
+nsKeygenFormProcessor::Init()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv;
+
+  nsCOMPtr<nsINSSComponent> nssComponent;
+  nssComponent = do_GetService(kNSSComponentCID, &rv);
+  if (NS_FAILED(rv))
+    return rv;
+
+  // Init possible key size choices.
+  nssComponent->GetPIPNSSBundleString("HighGrade", mSECKeySizeChoiceList[0].name);
+  mSECKeySizeChoiceList[0].size = 2048;
+
+  nssComponent->GetPIPNSSBundleString("MediumGrade", mSECKeySizeChoiceList[1].name);
+  mSECKeySizeChoiceList[1].size = 1024;
+
+  return NS_OK;
+}
+
+nsresult
+nsKeygenFormProcessor::GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return GetSlotWithMechanism(aMechanism, m_ctx, aSlot, locker);
+}
+
+uint32_t MapGenMechToAlgoMech(uint32_t mechanism)
+{
+    uint32_t searchMech;
+
+    /* We are interested in slots based on the ability to perform
+       a given algorithm, not on their ability to generate keys usable
+       by that algorithm. Therefore, map keygen-specific mechanism tags
+       to tags for the corresponding crypto algorithm. */
+    switch(mechanism)
+    {
+    case CKM_RSA_PKCS_KEY_PAIR_GEN:
+        searchMech = CKM_RSA_PKCS;
+        break;
+    case CKM_RC4_KEY_GEN:
+        searchMech = CKM_RC4;
+        break;
+    case CKM_DH_PKCS_KEY_PAIR_GEN:
+        searchMech = CKM_DH_PKCS_DERIVE; /* ### mwelch  is this right? */
+        break;
+    case CKM_DES_KEY_GEN:
+        /* What do we do about DES keygen? Right now, we're just using
+           DES_KEY_GEN to look for tokens, because otherwise we'll have
+           to search the token list three times. */
+    case CKM_EC_KEY_PAIR_GEN:
+        /* The default should also work for EC key pair generation. */
+    default:
+        searchMech = mechanism;
+        break;
+    }
+    return searchMech;
+}
+
+
+nsresult
+GetSlotWithMechanism(uint32_t aMechanism, nsIInterfaceRequestor* m_ctx,
+                     PK11SlotInfo** aSlot, nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+    PK11SlotList * slotList = nullptr;
+    char16_t** tokenNameList = nullptr;
+    nsCOMPtr<nsITokenDialogs> dialogs;
+    char16_t *unicodeTokenChosen;
+    PK11SlotListElement *slotElement, *tmpSlot;
+    uint32_t numSlots = 0, i = 0;
+    bool canceled;
+    nsresult rv = NS_OK;
+
+    *aSlot = nullptr;
+
+    // Get the slot
+    slotList = PK11_GetAllTokens(MapGenMechToAlgoMech(aMechanism), 
+                                true, true, m_ctx);
+    if (!slotList || !slotList->head) {
+        rv = NS_ERROR_FAILURE;
+        goto loser;
+    }
+
+    if (!slotList->head->next) {
+        /* only one slot available, just return it */
+        *aSlot = slotList->head->slot;
+      } else {
+        // Gerenate a list of slots and ask the user to choose //
+        tmpSlot = slotList->head;
+        while (tmpSlot) {
+            numSlots++;
+            tmpSlot = tmpSlot->next;
+        }
+
+        // Allocate the slot name buffer //
+        tokenNameList = static_cast<char16_t**>(moz_xmalloc(sizeof(char16_t *) * numSlots));
+        if (!tokenNameList) {
+            rv = NS_ERROR_OUT_OF_MEMORY;
+            goto loser;
+        }
+
+        i = 0;
+        slotElement = PK11_GetFirstSafe(slotList);
+        while (slotElement) {
+            tokenNameList[i] = UTF8ToNewUnicode(nsDependentCString(PK11_GetTokenName(slotElement->slot)));
+            slotElement = PK11_GetNextSafe(slotList, slotElement, false);
+            if (tokenNameList[i])
+                i++;
+            else {
+                // OOM. adjust numSlots so we don't free unallocated memory. 
+                numSlots = i;
+                PK11_FreeSlotListElement(slotList, slotElement);
+                rv = NS_ERROR_OUT_OF_MEMORY;
+                goto loser;
+            }
+        }
+
+        // Throw up the token list dialog and get back the token.
+        rv = getNSSDialogs(getter_AddRefs(dialogs), NS_GET_IID(nsITokenDialogs),
+                           NS_TOKENDIALOGS_CONTRACTID);
+
+        if (NS_FAILED(rv)) {
+            goto loser;
+        }
+
+    if (!tokenNameList || !*tokenNameList) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+    } else {
+        rv = dialogs->ChooseToken(m_ctx, (const char16_t**)tokenNameList,
+                                  numSlots, &unicodeTokenChosen, &canceled);
+    }
+		if (NS_FAILED(rv)) goto loser;
+
+		if (canceled) { rv = NS_ERROR_NOT_AVAILABLE; goto loser; }
+
+        // Get the slot //
+        slotElement = PK11_GetFirstSafe(slotList);
+        nsAutoString tokenStr(unicodeTokenChosen);
+        while (slotElement) {
+            if (tokenStr.Equals(NS_ConvertUTF8toUTF16(PK11_GetTokenName(slotElement->slot)))) {
+                *aSlot = slotElement->slot;
+                PK11_FreeSlotListElement(slotList, slotElement);
+                break;
+            }
+            slotElement = PK11_GetNextSafe(slotList, slotElement, false);
+        }
+        if(!(*aSlot)) {
+            rv = NS_ERROR_FAILURE;
+            goto loser;
+        }
+      }
+
+      // Get a reference to the slot //
+      PK11_ReferenceSlot(*aSlot);
+loser:
+      if (slotList) {
+          PK11_FreeSlotList(slotList);
+      }
+      if (tokenNameList) {
+          NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(numSlots, tokenNameList);
+      }
+      return rv;
+}
+
+
+void
+GatherKeygenTelemetry(uint32_t keyGenMechanism, int keysize, char* curve)
+{
+  if (keyGenMechanism == CKM_RSA_PKCS_KEY_PAIR_GEN) {
+    if (keysize > 8196 || keysize < 0) {
+      return;
+    }
+
+    nsCString telemetryValue("rsa");
+    telemetryValue.AppendPrintf("%d", keysize);
+    mozilla::Telemetry::Accumulate(
+        mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, telemetryValue);
+  } else if (keyGenMechanism == CKM_EC_KEY_PAIR_GEN) {
+    nsCString secp384r1 = NS_LITERAL_CSTRING("secp384r1");
+    nsCString secp256r1 = NS_LITERAL_CSTRING("secp256r1");
+
+    mozilla::UniqueSECItem decoded = DecodeECParams(curve);
+    if (!decoded) {
+      switch (keysize) {
+        case 2048:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+          break;
+        case 1024:
+        case 512:
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+          break;
+      }
+    } else {
+      if (secp384r1.EqualsIgnoreCase(curve, secp384r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp384r1);
+      } else if (secp256r1.EqualsIgnoreCase(curve, secp256r1.Length())) {
+          mozilla::Telemetry::Accumulate(
+              mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, secp256r1);
+      } else {
+        mozilla::Telemetry::Accumulate(
+            mozilla::Telemetry::KEYGEN_GENERATED_KEY_TYPE, NS_LITERAL_CSTRING("other_ec"));
+      }
+    }
+  } else {
+    MOZ_CRASH("Unknown keygen algorithm");
+    return;
+  }
+}
+
+nsresult
+nsKeygenFormProcessor::GetPublicKey(const nsAString& aValue,
+                                    const nsAString& aChallenge,
+                                    const nsAFlatString& aKeyType,
+                                    nsAString& aOutPublicKey,
+                                    const nsAString& aKeyParams)
+{
+    nsNSSShutDownPreventionLock locker;
+    if (isAlreadyShutDown()) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+
+    nsresult rv = NS_ERROR_FAILURE;
+    UniquePORTString keystring;
+    char *keyparamsString = nullptr;
+    uint32_t keyGenMechanism;
+    PK11SlotInfo *slot = nullptr;
+    PK11RSAGenParams rsaParams;
+    mozilla::UniqueSECItem ecParams;
+    SECOidTag algTag;
+    int keysize = 0;
+    void *params = nullptr; // Non-owning.
+    SECKEYPrivateKey *privateKey = nullptr;
+    SECKEYPublicKey *publicKey = nullptr;
+    CERTSubjectPublicKeyInfo *spkInfo = nullptr;
+    SECStatus srv = SECFailure;
+    SECItem spkiItem;
+    SECItem pkacItem;
+    SECItem signedItem;
+    CERTPublicKeyAndChallenge pkac;
+    pkac.challenge.data = nullptr;
+    nsCOMPtr<nsIGeneratingKeypairInfoDialogs> dialogs;
+    nsKeygenThread *KeygenRunnable = 0;
+    nsCOMPtr<nsIKeygenThread> runnable;
+
+    // permanent and sensitive flags for keygen
+    PK11AttrFlags attrFlags = PK11_ATTR_TOKEN | PK11_ATTR_SENSITIVE | PK11_ATTR_PRIVATE;
+
+    UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+    if (!arena) {
+        goto loser;
+    }
+
+    // Get the key size //
+    for (size_t i = 0; i < number_of_key_size_choices; ++i) {
+        if (aValue.Equals(mSECKeySizeChoiceList[i].name)) {
+            keysize = mSECKeySizeChoiceList[i].size;
+            break;
+        }
+    }
+    if (!keysize) {
+        goto loser;
+    }
+
+    // Set the keygen mechanism
+    if (aKeyType.IsEmpty() || aKeyType.LowerCaseEqualsLiteral("rsa")) {
+        keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+    } else if (aKeyType.LowerCaseEqualsLiteral("ec")) {
+        keyparamsString = ToNewCString(aKeyParams);
+        if (!keyparamsString) {
+            rv = NS_ERROR_OUT_OF_MEMORY;
+            goto loser;
+        }
+
+        keyGenMechanism = CKM_EC_KEY_PAIR_GEN;
+        /* ecParams are initialized later */
+    } else {
+        goto loser;
+    }
+
+    // Get the slot
+    rv = GetSlot(keyGenMechanism, &slot);
+    if (NS_FAILED(rv)) {
+        goto loser;
+    }
+    switch (keyGenMechanism) {
+        case CKM_RSA_PKCS_KEY_PAIR_GEN:
+            rsaParams.keySizeInBits = keysize;
+            rsaParams.pe = DEFAULT_RSA_KEYGEN_PE;
+            algTag = DEFAULT_RSA_KEYGEN_ALG;
+            params = &rsaParams;
+            break;
+        case CKM_EC_KEY_PAIR_GEN:
+            /* XXX We ought to rethink how the KEYGEN tag is 
+             * displayed. The pulldown selections presented
+             * to the user must depend on the keytype.
+             * The displayed selection could be picked
+             * from the keyparams attribute (this is currently called
+             * the pqg attribute).
+             * For now, we pick ecparams from the keyparams field
+             * if it specifies a valid supported curve, or else 
+             * we pick one of secp384r1, secp256r1 or secp192r1
+             * respectively depending on the user's selection
+             * (High, Medium, Low). 
+             * (RSA uses RSA-2048, RSA-1024 and RSA-512 for historical
+             * reasons, while ECC choices represent a stronger mapping)
+             * NOTE: The user's selection
+             * is silently ignored when a valid curve is presented
+             * in keyparams.
+             */
+            ecParams = DecodeECParams(keyparamsString);
+            if (!ecParams) {
+                /* The keyparams attribute did not specify a valid
+                 * curve name so use a curve based on the keysize.
+                 * NOTE: Here keysize is used only as an indication of
+                 * High/Medium/Low strength; elliptic curve
+                 * cryptography uses smaller keys than RSA to provide
+                 * equivalent security.
+                 */
+                switch (keysize) {
+                case 2048:
+                    ecParams = DecodeECParams("secp384r1");
+                    break;
+                case 1024:
+                case 512:
+                    ecParams = DecodeECParams("secp256r1");
+                    break;
+                } 
+            }
+            MOZ_ASSERT(ecParams);
+            params = ecParams.get();
+            /* XXX The signature algorithm ought to choose the hashing
+             * algorithm based on key size once ECDSA variations based
+             * on SHA256 SHA384 and SHA512 are standardized.
+             */
+            algTag = SEC_OID_ANSIX962_ECDSA_SIGNATURE_WITH_SHA1_DIGEST;
+            break;
+      default:
+          goto loser;
+      }
+
+    /* Make sure token is initialized. */
+    rv = setPassword(slot, m_ctx, locker);
+    if (NS_FAILED(rv))
+        goto loser;
+
+    srv = PK11_Authenticate(slot, true, m_ctx);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    rv = getNSSDialogs(getter_AddRefs(dialogs),
+                       NS_GET_IID(nsIGeneratingKeypairInfoDialogs),
+                       NS_GENERATINGKEYPAIRINFODIALOGS_CONTRACTID);
+
+    if (NS_SUCCEEDED(rv)) {
+        KeygenRunnable = new nsKeygenThread();
+        NS_IF_ADDREF(KeygenRunnable);
+    }
+
+    if (NS_FAILED(rv) || !KeygenRunnable) {
+        rv = NS_OK;
+        privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism, params,
+                                                   &publicKey, attrFlags, m_ctx);
+    } else {
+        KeygenRunnable->SetParams( slot, attrFlags, nullptr, 0,
+                                   keyGenMechanism, params, m_ctx );
+
+        runnable = do_QueryInterface(KeygenRunnable);
+        if (runnable) {
+            rv = dialogs->DisplayGeneratingKeypairInfo(m_ctx, runnable);
+            // We call join on the thread so we can be sure that no
+            // simultaneous access to the passed parameters will happen.
+            KeygenRunnable->Join();
+
+            if (NS_SUCCEEDED(rv)) {
+                PK11SlotInfo *used_slot = nullptr;
+                rv = KeygenRunnable->ConsumeResult(&used_slot, &privateKey, &publicKey);
+                if (NS_SUCCEEDED(rv) && used_slot) {
+                  PK11_FreeSlot(used_slot);
+                }
+            }
+        }
+    }
+    
+    if (NS_FAILED(rv) || !privateKey) {
+        goto loser;
+    }
+    // just in case we'll need to authenticate to the db -jp //
+    privateKey->wincx = m_ctx;
+
+    /*
+     * Create a subject public key info from the public key.
+     */
+    spkInfo = SECKEY_CreateSubjectPublicKeyInfo(publicKey);
+    if ( !spkInfo ) {
+        goto loser;
+    }
+
+    /*
+     * Now DER encode the whole subjectPublicKeyInfo.
+     */
+    srv = DER_Encode(arena.get(), &spkiItem, CERTSubjectPublicKeyInfoTemplate,
+                     spkInfo);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * set up the PublicKeyAndChallenge data structure, then DER encode it
+     */
+    pkac.spki = spkiItem;
+    pkac.challenge.len = aChallenge.Length();
+    pkac.challenge.data = (unsigned char *)ToNewCString(aChallenge);
+    if (!pkac.challenge.data) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+        goto loser;
+    }
+
+    srv = DER_Encode(arena.get(), &pkacItem, CERTPublicKeyAndChallengeTemplate,
+                     &pkac);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * now sign the DER encoded PublicKeyAndChallenge
+     */
+    srv = SEC_DerSignData(arena.get(), &signedItem, pkacItem.data, pkacItem.len,
+                          privateKey, algTag);
+    if (srv != SECSuccess) {
+        goto loser;
+    }
+
+    /*
+     * Convert the signed public key and challenge into base64/ascii.
+     */
+    keystring = UniquePORTString(
+      BTOA_DataToAscii(signedItem.data, signedItem.len));
+    if (!keystring) {
+        rv = NS_ERROR_OUT_OF_MEMORY;
+        goto loser;
+    }
+
+    CopyASCIItoUTF16(keystring.get(), aOutPublicKey);
+
+    rv = NS_OK;
+
+    GatherKeygenTelemetry(keyGenMechanism, keysize, keyparamsString);
+loser:
+    if (srv != SECSuccess) {
+        if ( privateKey ) {
+            PK11_DestroyTokenObject(privateKey->pkcs11Slot,privateKey->pkcs11ID);
+        }
+        if ( publicKey ) {
+            PK11_DestroyTokenObject(publicKey->pkcs11Slot,publicKey->pkcs11ID);
+        }
+    }
+    if ( spkInfo ) {
+        SECKEY_DestroySubjectPublicKeyInfo(spkInfo);
+    }
+    if ( publicKey ) {
+        SECKEY_DestroyPublicKey(publicKey);
+    }
+    if ( privateKey ) {
+        SECKEY_DestroyPrivateKey(privateKey);
+    }
+    if (slot) {
+        PK11_FreeSlot(slot);
+    }
+    if (KeygenRunnable) {
+        NS_RELEASE(KeygenRunnable);
+    }
+    if (keyparamsString) {
+        free(keyparamsString);
+    }
+    if (pkac.challenge.data) {
+        free(pkac.challenge.data);
+    }
+    return rv;
+}
+
+// static
+void
+nsKeygenFormProcessor::ExtractParams(nsIDOMHTMLElement* aElement,
+                                     nsAString& challengeValue,
+                                     nsAString& keyTypeValue,
+                                     nsAString& keyParamsValue)
+{
+    aElement->GetAttribute(NS_LITERAL_STRING("keytype"), keyTypeValue);
+    if (keyTypeValue.IsEmpty()) {
+        // If this field is not present, we default to rsa.
+        keyTypeValue.AssignLiteral("rsa");
+    }
+
+    aElement->GetAttribute(NS_LITERAL_STRING("pqg"),
+                           keyParamsValue);
+    /* XXX We can still support the pqg attribute in the keygen 
+     * tag for backward compatibility while introducing a more 
+     * general attribute named keyparams.
+     */
+    if (keyParamsValue.IsEmpty()) {
+        aElement->GetAttribute(NS_LITERAL_STRING("keyparams"), 
+                               keyParamsValue);
+    }
+
+    aElement->GetAttribute(NS_LITERAL_STRING("challenge"), challengeValue);
+}
+
+nsresult
+nsKeygenFormProcessor::ProcessValue(nsIDOMHTMLElement* aElement,
+                                    const nsAString& aName,
+                                    nsAString& aValue)
+{
+    nsAutoString challengeValue;
+    nsAutoString keyTypeValue;
+    nsAutoString keyParamsValue;
+    ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
+
+    return GetPublicKey(aValue, challengeValue, keyTypeValue, 
+                        aValue, keyParamsValue);
+}
+
+nsresult
+nsKeygenFormProcessor::ProcessValueIPC(const nsAString& aOldValue,
+                                       const nsAString& aChallenge,
+                                       const nsAString& aKeyType,
+                                       const nsAString& aKeyParams,
+                                       nsAString& newValue)
+{
+    return GetPublicKey(aOldValue, aChallenge, PromiseFlatString(aKeyType),
+                        newValue, aKeyParams);
+}
+
+nsresult
+nsKeygenFormProcessor::ProvideContent(const nsAString& aFormType,
+                                      nsTArray<nsString>& aContent,
+                                      nsAString& aAttribute)
+{ 
+  if (Compare(aFormType, NS_LITERAL_STRING("SELECT"),
+              nsCaseInsensitiveStringComparator()) == 0) {
+
+    for (size_t i = 0; i < number_of_key_size_choices; ++i) {
+      aContent.AppendElement(mSECKeySizeChoiceList[i].name);
+    }
+    aAttribute.AssignLiteral("-mozilla-keygen");
+  }
+  return NS_OK;
+} 
+
diff --git a/security/manager/ssl/nsKeygenHandler.h b/security/manager/ssl/nsKeygenHandler.h
new file mode 100644
index 000000000..56cac4850
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandler.h
@@ -0,0 +1,82 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeygenHandler_h
+#define nsKeygenHandler_h
+
+#include "ScopedNSSTypes.h"
+#include "keythi.h"
+#include "nsCOMPtr.h"
+#include "nsError.h"
+#include "nsIFormProcessor.h"
+#include "nsIInterfaceRequestor.h"
+#include "nsNSSShutDown.h"
+#include "nsTArray.h"
+#include "secmodt.h"
+
+nsresult GetSlotWithMechanism(uint32_t mechanism,
+                              nsIInterfaceRequestor* ctx,
+                              PK11SlotInfo** retSlot,
+                              nsNSSShutDownPreventionLock& /*proofOfLock*/);
+
+#define DEFAULT_RSA_KEYGEN_PE 65537L
+#define DEFAULT_RSA_KEYGEN_ALG SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION
+
+mozilla::UniqueSECItem DecodeECParams(const char* curve);
+
+class nsKeygenFormProcessor : public nsIFormProcessor
+                            , public nsNSSShutDownObject
+{
+public:
+  nsKeygenFormProcessor();
+  nsresult Init();
+
+  virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement,
+                                const nsAString& aName,
+                                nsAString& aValue) override;
+
+  virtual nsresult ProcessValueIPC(const nsAString& aOldValue,
+                                   const nsAString& aChallenge,
+                                   const nsAString& aKeyType,
+                                   const nsAString& aKeyParams,
+                                   nsAString& aNewValue) override;
+
+  virtual nsresult ProvideContent(const nsAString& aFormType,
+                                  nsTArray<nsString>& aContent,
+                                  nsAString& aAttribute) override;
+  NS_DECL_THREADSAFE_ISUPPORTS
+
+  static nsresult Create(nsISupports* aOuter, const nsIID& aIID, void* *aResult);
+
+  static void ExtractParams(nsIDOMHTMLElement* aElement,
+                            nsAString& challengeValue,
+                            nsAString& keyTypeValue,
+                            nsAString& keyParamsValue);
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+protected:
+  virtual ~nsKeygenFormProcessor();
+
+  nsresult GetPublicKey(const nsAString& aValue, const nsAString& aChallenge,
+                        const nsAFlatString& akeyType, nsAString& aOutPublicKey,
+                        const nsAString& aPqg);
+  nsresult GetSlot(uint32_t aMechanism, PK11SlotInfo** aSlot);
+private:
+  nsCOMPtr<nsIInterfaceRequestor> m_ctx;
+
+  typedef struct SECKeySizeChoiceInfoStr {
+      nsString name;
+      int size;
+  } SECKeySizeChoiceInfo;
+
+  enum { number_of_key_size_choices = 2 };
+
+  SECKeySizeChoiceInfo mSECKeySizeChoiceList[number_of_key_size_choices];
+};
+
+#endif // nsKeygenHandler_h
diff --git a/security/manager/ssl/nsKeygenHandlerContent.cpp b/security/manager/ssl/nsKeygenHandlerContent.cpp
new file mode 100644
index 000000000..766da0a6d
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandlerContent.cpp
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=2 sw=2 sts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsKeygenHandlerContent.h"
+
+#include "nsIFormProcessor.h"
+#include "nsString.h"
+
+#include "mozilla/dom/ContentChild.h"
+#include "mozilla/Unused.h"
+
+#include "keythi.h"
+#include "nss.h"
+#include "secmodt.h"
+#include "nsKeygenHandler.h"
+
+using mozilla::dom::ContentChild;
+using mozilla::Unused;
+
+NS_IMPL_ISUPPORTS(nsKeygenFormProcessorContent, nsIFormProcessor)
+
+nsKeygenFormProcessorContent::nsKeygenFormProcessorContent()
+{
+}
+
+nsKeygenFormProcessorContent::~nsKeygenFormProcessorContent()
+{
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProcessValue(nsIDOMHTMLElement* aElement,
+                                           const nsAString& aName,
+                                           nsAString& aValue)
+{
+  nsAutoString challengeValue;
+  nsAutoString keyTypeValue;
+  nsAutoString keyParamsValue;
+  nsKeygenFormProcessor::ExtractParams(aElement, challengeValue, keyTypeValue, keyParamsValue);
+
+  ContentChild* child = ContentChild::GetSingleton();
+
+  nsString oldValue(aValue);
+  nsString newValue;
+  Unused << child->SendKeygenProcessValue(oldValue, challengeValue,
+                                          keyTypeValue, keyParamsValue,
+                                          &newValue);
+
+  aValue.Assign(newValue);
+  return NS_OK;
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProcessValueIPC(const nsAString& aOldValue,
+                                              const nsAString& aChallenge,
+                                              const nsAString& aKeyType,
+                                              const nsAString& aKeyParams,
+                                              nsAString& aNewValue)
+{
+  MOZ_ASSERT(false, "should never be called in the child process");
+  return NS_ERROR_UNEXPECTED;
+}
+
+nsresult
+nsKeygenFormProcessorContent::ProvideContent(const nsAString& aFormType,
+                                             nsTArray<nsString>& aContent,
+                                             nsAString& aAttribute)
+{
+  nsString attribute;
+  Unused <<
+    ContentChild::GetSingleton()->SendKeygenProvideContent(&attribute,
+                                                           &aContent);
+  aAttribute.Assign(attribute);
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsKeygenHandlerContent.h b/security/manager/ssl/nsKeygenHandlerContent.h
new file mode 100644
index 000000000..c36e57051
--- /dev/null
+++ b/security/manager/ssl/nsKeygenHandlerContent.h
@@ -0,0 +1,42 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ * vim: set ts=2 sw=2 sts=2 et tw=80:
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsKeygenHandlerContent_h
+#define nsKeygenHandlerContent_h
+
+#include "mozilla/Attributes.h"
+#include "nsIFormProcessor.h"
+#include "nsStringFwd.h"
+#include "nsTArray.h"
+
+class nsIDOMHTMLElement;
+
+class nsKeygenFormProcessorContent final : public nsIFormProcessor {
+public:
+  nsKeygenFormProcessorContent();
+
+  virtual nsresult ProcessValue(nsIDOMHTMLElement* aElement,
+                                const nsAString& aName,
+                                nsAString& aValue) override;
+
+  virtual nsresult ProcessValueIPC(const nsAString& aOldValue,
+                                   const nsAString& aChallenge,
+                                   const nsAString& aKeyType,
+                                   const nsAString& aKeyParams,
+                                   nsAString& aNewValue) override;
+
+  virtual nsresult ProvideContent(const nsAString& aFormType,
+                                  nsTArray<nsString>& aContent,
+                                  nsAString& aAttribute) override;
+
+  NS_DECL_ISUPPORTS
+
+protected:
+  ~nsKeygenFormProcessorContent();
+};
+
+#endif // nsKeygenHandlerContent_h
diff --git a/security/manager/ssl/nsKeygenThread.cpp b/security/manager/ssl/nsKeygenThread.cpp
new file mode 100644
index 000000000..b295c4f36
--- /dev/null
+++ b/security/manager/ssl/nsKeygenThread.cpp
@@ -0,0 +1,254 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11func.h"
+#include "nsCOMPtr.h"
+#include "nsThreadUtils.h"
+#include "nsKeygenThread.h"
+#include "nsIObserver.h"
+#include "nsNSSShutDown.h"
+#include "PSMRunnable.h"
+#include "mozilla/DebugOnly.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsKeygenThread, nsIKeygenThread)
+
+
+nsKeygenThread::nsKeygenThread()
+:mutex("nsKeygenThread.mutex"),
+ iAmRunning(false),
+ keygenReady(false),
+ statusDialogClosed(false),
+ alreadyReceivedParams(false),
+ privateKey(nullptr),
+ publicKey(nullptr),
+ slot(nullptr),
+ flags(0),
+ altSlot(nullptr),
+ altFlags(0),
+ usedSlot(nullptr),
+ keyGenMechanism(0),
+ params(nullptr),
+ wincx(nullptr),
+ threadHandle(nullptr)
+{
+}
+
+nsKeygenThread::~nsKeygenThread()
+{
+  // clean up in the unlikely case that nobody consumed our results
+  
+  if (privateKey)
+    SECKEY_DestroyPrivateKey(privateKey);
+    
+  if (publicKey)
+    SECKEY_DestroyPublicKey(publicKey);
+    
+  if (usedSlot)
+    PK11_FreeSlot(usedSlot);
+}
+
+void nsKeygenThread::SetParams(
+    PK11SlotInfo *a_slot,
+    PK11AttrFlags a_flags,
+    PK11SlotInfo *a_alternative_slot,
+    PK11AttrFlags a_alternative_flags,
+    uint32_t a_keyGenMechanism,
+    void *a_params,
+    void *a_wincx )
+{
+  nsNSSShutDownPreventionLock locker;
+  MutexAutoLock lock(mutex);
+ 
+    if (!alreadyReceivedParams) {
+      alreadyReceivedParams = true;
+      slot = (a_slot) ? PK11_ReferenceSlot(a_slot) : nullptr;
+      flags = a_flags;
+      altSlot = (a_alternative_slot) ? PK11_ReferenceSlot(a_alternative_slot) : nullptr;
+      altFlags = a_alternative_flags;
+      keyGenMechanism = a_keyGenMechanism;
+      params = a_params;
+      wincx = a_wincx;
+    }
+}
+
+nsresult nsKeygenThread::ConsumeResult(
+    PK11SlotInfo **a_used_slot,
+    SECKEYPrivateKey **a_privateKey,
+    SECKEYPublicKey **a_publicKey)
+{
+  if (!a_used_slot || !a_privateKey || !a_publicKey) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv;
+
+  MutexAutoLock lock(mutex);
+  
+    // GetParams must not be called until thread creator called
+    // Join on this thread.
+    NS_ASSERTION(keygenReady, "logic error in nsKeygenThread::GetParams");
+
+    if (keygenReady) {
+      *a_privateKey = privateKey;
+      *a_publicKey = publicKey;
+      *a_used_slot = usedSlot;
+
+      privateKey = 0;
+      publicKey = 0;
+      usedSlot = 0;
+      
+      rv = NS_OK;
+    }
+    else {
+      rv = NS_ERROR_FAILURE;
+    }
+  
+  return rv;
+}
+
+static void nsKeygenThreadRunner(void *arg)
+{
+  PR_SetCurrentThreadName("Keygen");
+  nsKeygenThread *self = static_cast<nsKeygenThread *>(arg);
+  self->Run();
+}
+
+nsresult nsKeygenThread::StartKeyGeneration(nsIObserver* aObserver)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsKeygenThread::StartKeyGeneration called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  
+  if (!aObserver)
+    return NS_OK;
+
+  MutexAutoLock lock(mutex);
+
+    if (iAmRunning || keygenReady) {
+      return NS_OK;
+    }
+
+    // We must AddRef aObserver only here on the main thread, because it
+    // probably does not implement a thread-safe AddRef.
+    mNotifyObserver = new NotifyObserverRunnable(aObserver, "keygen-finished");
+
+    iAmRunning = true;
+
+    threadHandle = PR_CreateThread(PR_USER_THREAD, nsKeygenThreadRunner, static_cast<void*>(this), 
+      PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+
+    // bool thread_started_ok = (threadHandle != nullptr);
+    // we might want to return "thread started ok" to caller in the future
+    NS_ASSERTION(threadHandle, "Could not create nsKeygenThreadRunner thread\n");
+  
+  return NS_OK;
+}
+
+nsresult nsKeygenThread::UserCanceled(bool *threadAlreadyClosedDialog)
+{
+  if (!threadAlreadyClosedDialog)
+    return NS_OK;
+
+  *threadAlreadyClosedDialog = false;
+
+  MutexAutoLock lock(mutex);
+  
+    if (keygenReady)
+      *threadAlreadyClosedDialog = statusDialogClosed;
+
+    // User somehow closed the dialog, but we will not cancel.
+    // Bad luck, we told him not do, and user still has to wait.
+    // However, we remember that it's closed and will not close
+    // it again to avoid problems.
+    statusDialogClosed = true;
+
+  return NS_OK;
+}
+
+void nsKeygenThread::Run(void)
+{
+  nsNSSShutDownPreventionLock locker;
+  bool canGenerate = false;
+
+  {
+    MutexAutoLock lock(mutex);
+    if (alreadyReceivedParams) {
+      canGenerate = true;
+      keygenReady = false;
+    }
+  }
+
+  if (canGenerate) {
+    privateKey = PK11_GenerateKeyPairWithFlags(slot, keyGenMechanism,
+                                               params, &publicKey,
+                                               flags, wincx);
+
+    if (privateKey) {
+      usedSlot = PK11_ReferenceSlot(slot);
+    }
+    else if (altSlot) {
+      privateKey = PK11_GenerateKeyPairWithFlags(altSlot, keyGenMechanism,
+                                                 params, &publicKey,
+                                                 altFlags, wincx);
+      if (privateKey) {
+        usedSlot = PK11_ReferenceSlot(altSlot);
+      }
+    }
+  }
+  
+  // This call gave us ownership over privateKey and publicKey.
+  // But as the params structure is owner by our caller,
+  // we effectively transferred ownership to the caller.
+  // As long as key generation can't be canceled, we don't need 
+  // to care for cleaning this up.
+
+  nsCOMPtr<nsIRunnable> notifyObserver;
+  {
+    MutexAutoLock lock(mutex);
+
+    keygenReady = true;
+    iAmRunning = false;
+
+    // forget our parameters
+    if (slot) {
+      PK11_FreeSlot(slot);
+      slot = 0;
+    }
+    if (altSlot) {
+      PK11_FreeSlot(altSlot);
+      altSlot = 0;
+    }
+    keyGenMechanism = 0;
+    params = 0;
+    wincx = 0;
+
+    if (!statusDialogClosed && mNotifyObserver)
+      notifyObserver = mNotifyObserver;
+
+    mNotifyObserver = nullptr;
+  }
+
+  if (notifyObserver) {
+    DebugOnly<nsresult> rv = NS_DispatchToMainThread(notifyObserver);
+    NS_ASSERTION(NS_SUCCEEDED(rv),
+		 "failed to dispatch keygen thread observer to main thread");
+  }
+}
+
+void nsKeygenThread::Join()
+{
+  if (!threadHandle)
+    return;
+  
+  PR_JoinThread(threadHandle);
+  threadHandle = nullptr;
+
+  return;
+}
diff --git a/security/manager/ssl/nsKeygenThread.h b/security/manager/ssl/nsKeygenThread.h
new file mode 100644
index 000000000..139bf89f8
--- /dev/null
+++ b/security/manager/ssl/nsKeygenThread.h
@@ -0,0 +1,72 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSKEYGENTHREAD_H_
+#define _NSKEYGENTHREAD_H_
+
+#include "keyhi.h"
+#include "nspr.h"
+
+#include "mozilla/Mutex.h"
+#include "nsIKeygenThread.h"
+#include "nsCOMPtr.h"
+
+class nsIRunnable;
+
+class nsKeygenThread : public nsIKeygenThread
+{
+private:
+  mozilla::Mutex mutex;
+  
+  nsCOMPtr<nsIRunnable> mNotifyObserver;
+
+  bool iAmRunning;
+  bool keygenReady;
+  bool statusDialogClosed;
+  bool alreadyReceivedParams;
+
+  SECKEYPrivateKey *privateKey;
+  SECKEYPublicKey *publicKey;
+  PK11SlotInfo *slot;
+  PK11AttrFlags flags;
+  PK11SlotInfo *altSlot;
+  PK11AttrFlags altFlags;
+  PK11SlotInfo *usedSlot;
+  uint32_t keyGenMechanism;
+  void *params;
+  void *wincx;
+
+  PRThread *threadHandle;
+
+protected:
+  virtual ~nsKeygenThread();
+
+public:
+  nsKeygenThread();
+  
+  NS_DECL_NSIKEYGENTHREAD
+  NS_DECL_THREADSAFE_ISUPPORTS
+
+  void SetParams(
+    PK11SlotInfo *a_slot,
+    PK11AttrFlags a_flags,
+    PK11SlotInfo *a_alternative_slot,
+    PK11AttrFlags a_alternative_flags,
+    uint32_t a_keyGenMechanism,
+    void *a_params,
+    void *a_wincx );
+
+  nsresult ConsumeResult(
+    PK11SlotInfo **a_used_slot,
+    SECKEYPrivateKey **a_privateKey,
+    SECKEYPublicKey **a_publicKey);
+  
+  void Join(void);
+
+  void Run(void);
+};
+
+#endif //_NSKEYGENTHREAD_H_
diff --git a/security/manager/ssl/nsNSSASN1Object.cpp b/security/manager/ssl/nsNSSASN1Object.cpp
new file mode 100644
index 000000000..6b52d8c94
--- /dev/null
+++ b/security/manager/ssl/nsNSSASN1Object.cpp
@@ -0,0 +1,430 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsNSSASN1Object.h"
+
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsIComponentManager.h"
+#include "nsReadableUtils.h"
+#include "nsXPCOMCID.h"
+#include "secasn1.h"
+
+NS_IMPL_ISUPPORTS(nsNSSASN1Sequence, nsIASN1Sequence, nsIASN1Object)
+NS_IMPL_ISUPPORTS(nsNSSASN1PrintableItem, nsIASN1PrintableItem, nsIASN1Object)
+
+// This function is used to interpret an integer that
+// was encoded in a DER buffer. This function is used
+// when converting a DER buffer into a nsIASN1Object 
+// structure.  This interprets the buffer in data
+// as defined by the DER (Distinguised Encoding Rules) of
+// ASN1.
+static int
+getInteger256(unsigned char *data, unsigned int nb)
+{
+    int val;
+
+    switch (nb) {
+      case 1:
+        val = data[0];
+        break;
+      case 2:
+        val = (data[0] << 8) | data[1];
+        break;
+      case 3:
+        val = (data[0] << 16) | (data[1] << 8) | data[2];
+        break;
+      case 4:
+        val = (data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3];
+        break;
+      default:
+        return -1;
+    }
+
+    return val;
+}
+
+// This function is used to retrieve the lenght of a DER encoded
+// item.  It looks to see if this a multibyte length and then
+// interprets the buffer accordingly to get the actual length value.
+// This funciton is used mostly while parsing the DER headers.
+// 
+// A DER encoded item has the following structure:
+//
+//  <tag><length<data consisting of lenght bytes>
+static int32_t
+getDERItemLength(unsigned char *data, unsigned char *end,
+                 unsigned long *bytesUsed, bool *indefinite)
+{
+  unsigned char lbyte = *data++;
+  int32_t length = -1;
+  
+  *indefinite = false;
+  if (lbyte >= 0x80) {
+    // Multibyte length
+    unsigned nb = (unsigned) (lbyte & 0x7f);
+    if (nb > 4) {
+      return -1;
+    }
+    if (nb > 0) {
+    
+      if ((data+nb) > end) {
+        return -1;
+      }
+      length = getInteger256(data, nb);
+      if (length < 0)
+        return -1;
+    } else {
+      *indefinite = true;
+      length = 0;
+    }
+    *bytesUsed = nb+1;
+  } else {
+    length = lbyte;
+    *bytesUsed = 1; 
+  }
+  return length;
+}
+
+static nsresult
+buildASN1ObjectFromDER(unsigned char *data,
+                       unsigned char *end,
+                       nsIASN1Sequence *parent)
+{
+  nsresult rv;
+  nsCOMPtr<nsIASN1Sequence> sequence;
+  nsCOMPtr<nsIASN1PrintableItem> printableItem;
+  nsCOMPtr<nsIASN1Object> asn1Obj;
+  nsCOMPtr<nsIMutableArray> parentObjects;
+
+  NS_ENSURE_ARG_POINTER(parent);
+  if (data >= end)
+    return NS_OK;
+
+  unsigned char code, tagnum;
+
+  // A DER item has the form of |tag|len|data
+  // tag is one byte and describes the type of element
+  //     we are dealing with.
+  // len is a DER encoded int telling us how long the data is
+  // data is a buffer that is len bytes long and has to be
+  //      interpreted according to its type.
+  unsigned long bytesUsed;
+  bool indefinite;
+  int32_t len;
+  uint32_t type;
+
+  rv = parent->GetASN1Objects(getter_AddRefs(parentObjects));
+  if (NS_FAILED(rv) || !parentObjects)
+    return NS_ERROR_FAILURE;
+  while (data < end) {
+    code = *data;
+    tagnum = code & SEC_ASN1_TAGNUM_MASK;
+
+    /*
+     * NOTE: This code does not (yet) handle the high-tag-number form!
+     */
+    if (tagnum == SEC_ASN1_HIGH_TAG_NUMBER) {
+      return NS_ERROR_FAILURE;
+    }
+
+    data++;
+    len = getDERItemLength(data, end, &bytesUsed, &indefinite);
+    if (len < 0) {
+      return NS_ERROR_FAILURE;
+    }
+
+    data += bytesUsed;
+    if (data + len > end) {
+      return NS_ERROR_FAILURE;
+    }
+
+    if (code & SEC_ASN1_CONSTRUCTED) {
+      if (len > 0 || indefinite) {
+        sequence = new nsNSSASN1Sequence();
+        switch (code & SEC_ASN1_CLASS_MASK) {
+        case SEC_ASN1_UNIVERSAL:
+          type = tagnum;
+          break;
+        case SEC_ASN1_APPLICATION:
+          type = nsIASN1Object::ASN1_APPLICATION;
+          break;
+        case SEC_ASN1_CONTEXT_SPECIFIC:
+          type = nsIASN1Object::ASN1_CONTEXT_SPECIFIC;
+          break;
+        case SEC_ASN1_PRIVATE:
+          type = nsIASN1Object::ASN1_PRIVATE;
+          break;
+        default:
+          NS_ERROR("Bad DER");
+          return NS_ERROR_FAILURE;
+        }
+        sequence->SetTag(tagnum);
+        sequence->SetType(type);
+        rv = buildASN1ObjectFromDER(data, (len == 0) ? end : data + len, 
+                                    sequence);
+        asn1Obj = sequence;
+      }
+    } else {
+      printableItem = new nsNSSASN1PrintableItem();
+
+      asn1Obj = printableItem;
+      asn1Obj->SetType(tagnum);
+      asn1Obj->SetTag(tagnum); 
+      printableItem->SetData((char*)data, len);
+    }
+    data += len;
+    parentObjects->AppendElement(asn1Obj, false);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+CreateFromDER(unsigned char *data,
+              unsigned int   len,
+              nsIASN1Object **retval)
+{
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence;
+  *retval = nullptr;
+  
+  nsresult rv =  buildASN1ObjectFromDER(data, data+len, sequence);
+
+  if (NS_SUCCEEDED(rv)) {
+    // The actual object will be the first element inserted
+    // into the sequence of the sequence variable we created.
+    nsCOMPtr<nsIMutableArray> elements;
+
+    sequence->GetASN1Objects(getter_AddRefs(elements));
+    nsCOMPtr<nsIASN1Object> asn1Obj = do_QueryElementAt(elements, 0);
+    if (!asn1Obj) {
+      return NS_ERROR_FAILURE;
+    }
+
+    asn1Obj.forget(retval);
+  }
+  return rv; 
+}
+
+nsNSSASN1Sequence::nsNSSASN1Sequence() : mType(0),
+                                         mTag(0),
+                                         mIsValidContainer(true),
+                                         mIsExpanded(true)
+{
+  /* member initializers and constructor code */
+}
+
+nsNSSASN1Sequence::~nsNSSASN1Sequence()
+{
+  /* destructor code */
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetASN1Objects(nsIMutableArray * *aASN1Objects)
+{
+  if (!mASN1Objects) {
+    mASN1Objects = nsArrayBase::Create();
+  }
+  *aASN1Objects = mASN1Objects;
+  NS_IF_ADDREF(*aASN1Objects);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetASN1Objects(nsIMutableArray * aASN1Objects)
+{
+  mASN1Objects = aASN1Objects;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetTag(uint32_t *aTag)
+{
+  *aTag = mTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetTag(uint32_t aTag)
+{
+  mTag = aTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetType(uint32_t *aType)
+{
+  *aType = mType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetType(uint32_t aType)
+{
+  mType = aType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetDisplayName(nsAString &aDisplayName)
+{
+  aDisplayName = mDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetDisplayName(const nsAString &aDisplayName)
+{
+  mDisplayName = aDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetDisplayValue(nsAString &aDisplayValue)
+{
+  aDisplayValue = mDisplayValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetDisplayValue(const nsAString &aDisplayValue)
+{
+  mDisplayValue = aDisplayValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetIsValidContainer(bool *aIsValidContainer)
+{
+  NS_ENSURE_ARG_POINTER(aIsValidContainer);
+  *aIsValidContainer = mIsValidContainer;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSASN1Sequence::SetIsValidContainer(bool aIsValidContainer)
+{
+  mIsValidContainer = aIsValidContainer;
+  SetIsExpanded(mIsValidContainer);
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::GetIsExpanded(bool *aIsExpanded)
+{
+  NS_ENSURE_ARG_POINTER(aIsExpanded);
+  *aIsExpanded = mIsExpanded;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1Sequence::SetIsExpanded(bool aIsExpanded)
+{
+  mIsExpanded = aIsExpanded;
+  return NS_OK;
+}
+
+nsNSSASN1PrintableItem::nsNSSASN1PrintableItem() : mType(0),
+                                                   mTag(0),
+                                                   mData(nullptr),
+                                                   mLen(0)
+{
+  /* member initializers and constructor code */
+}
+
+nsNSSASN1PrintableItem::~nsNSSASN1PrintableItem()
+{
+  /* destructor code */
+  if (mData)
+    free(mData);
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetDisplayValue(nsAString &aValue)
+{
+  aValue = mValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetDisplayValue(const nsAString &aValue)
+{
+  mValue = aValue;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetTag(uint32_t *aTag)
+{
+  *aTag = mTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetTag(uint32_t aTag)
+{
+  mTag = aTag;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetType(uint32_t *aType)
+{
+  *aType = mType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetType(uint32_t aType)
+{
+  mType = aType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetData(char *data, uint32_t len)
+{
+  if (len > 0) {
+    if (mLen < len) {
+      unsigned char* newData = (unsigned char*)moz_xrealloc(mData, len);
+      if (!newData)
+        return NS_ERROR_OUT_OF_MEMORY;
+
+      mData = newData;
+    }
+
+    memcpy(mData, data, len);
+  } else if (len == 0) {
+    if (mData) {
+      free(mData);
+      mData = nullptr;
+    }
+  }
+  mLen = len;
+  return NS_OK;  
+}
+
+NS_IMETHODIMP
+nsNSSASN1PrintableItem::GetData(char **outData, uint32_t *outLen)
+{
+  NS_ENSURE_ARG_POINTER(outData);
+  NS_ENSURE_ARG_POINTER(outLen);
+
+  *outData = (char*)mData;
+  *outLen  = mLen;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::GetDisplayName(nsAString &aDisplayName)
+{
+  aDisplayName = mDisplayName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSASN1PrintableItem::SetDisplayName(const nsAString &aDisplayName)
+{
+  mDisplayName = aDisplayName;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSASN1Object.h b/security/manager/ssl/nsNSSASN1Object.h
new file mode 100644
index 000000000..b995a58fc
--- /dev/null
+++ b/security/manager/ssl/nsNSSASN1Object.h
@@ -0,0 +1,64 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef _NSSASN_H_
+#define _NSSASN_H_
+
+#include "nscore.h"
+#include "nsIX509Cert.h"
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsIASN1Sequence.h"
+#include "nsIASN1PrintableItem.h"
+#include "nsIMutableArray.h"
+
+//
+// Read comments in nsIX509Cert.idl for a description of the desired
+// purpose for this ASN1 interface implementation.
+//
+
+class nsNSSASN1Sequence : public nsIASN1Sequence
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIASN1SEQUENCE
+  NS_DECL_NSIASN1OBJECT
+
+  nsNSSASN1Sequence();
+protected:
+  virtual ~nsNSSASN1Sequence();
+  /* additional members */
+private:
+  nsCOMPtr<nsIMutableArray> mASN1Objects;
+  nsString mDisplayName;
+  nsString mDisplayValue;
+  uint32_t mType;
+  uint32_t mTag;
+  bool     mIsValidContainer;
+  bool     mIsExpanded;
+};
+
+class nsNSSASN1PrintableItem : public nsIASN1PrintableItem
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIASN1PRINTABLEITEM
+  NS_DECL_NSIASN1OBJECT
+
+  nsNSSASN1PrintableItem();
+protected:
+  virtual ~nsNSSASN1PrintableItem();
+  /* additional members */
+private:
+  nsString mDisplayName;
+  nsString mValue;
+  uint32_t mType;
+  uint32_t mTag;
+  unsigned char *mData;
+  uint32_t       mLen;
+};
+
+nsresult CreateFromDER(unsigned char *data,
+                       unsigned int   len,
+                       nsIASN1Object **retval);
+#endif //_NSSASN_H_
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
new file mode 100644
index 000000000..e28760d5f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -0,0 +1,1379 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCallbacks.h"
+
+#include "PSMRunnable.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "SharedSSLState.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/Casting.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/TimeStamp.h"
+#include "mozilla/Unused.h"
+#include "nsContentUtils.h"
+#include "nsICertOverrideService.h"
+#include "nsIHttpChannelInternal.h"
+#include "nsIPrompt.h"
+#include "nsISupportsPriority.h"
+#include "nsITokenDialogs.h"
+#include "nsIUploadChannel.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSIOLayer.h"
+#include "nsNetUtil.h"
+#include "nsProtectedAuthThread.h"
+#include "nsProxyRelease.h"
+#include "pkix/pkixtypes.h"
+#include "ssl.h"
+#include "sslproto.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+static void AccumulateCipherSuite(Telemetry::ID probe,
+                                  const SSLChannelInfo& channelInfo);
+
+namespace {
+
+// Bits in bit mask for SSL_REASONS_FOR_NOT_FALSE_STARTING telemetry probe
+// These bits are numbered so that the least subtle issues have higher values.
+// This should make it easier for us to interpret the results.
+const uint32_t NPN_NOT_NEGOTIATED = 64;
+const uint32_t POSSIBLE_VERSION_DOWNGRADE = 4;
+const uint32_t POSSIBLE_CIPHER_SUITE_DOWNGRADE = 2;
+const uint32_t KEA_NOT_SUPPORTED = 1;
+
+} // namespace
+
+class nsHTTPDownloadEvent : public Runnable {
+public:
+  nsHTTPDownloadEvent();
+  ~nsHTTPDownloadEvent();
+
+  NS_IMETHOD Run();
+
+  nsNSSHttpRequestSession *mRequestSession;
+  
+  RefPtr<nsHTTPListener> mListener;
+  bool mResponsibleForDoneSignal;
+  TimeStamp mStartTime;
+};
+
+nsHTTPDownloadEvent::nsHTTPDownloadEvent()
+:mResponsibleForDoneSignal(true)
+{
+}
+
+nsHTTPDownloadEvent::~nsHTTPDownloadEvent()
+{
+  if (mResponsibleForDoneSignal && mListener)
+    mListener->send_done_signal();
+
+  mRequestSession->Release();
+}
+
+NS_IMETHODIMP
+nsHTTPDownloadEvent::Run()
+{
+  if (!mListener)
+    return NS_OK;
+
+  nsresult rv;
+
+  nsCOMPtr<nsIIOService> ios = do_GetIOService();
+  NS_ENSURE_STATE(ios);
+
+  nsCOMPtr<nsIChannel> chan;
+  ios->NewChannel2(mRequestSession->mURL,
+                   nullptr,
+                   nullptr,
+                   nullptr, // aLoadingNode
+                   nsContentUtils::GetSystemPrincipal(),
+                   nullptr, // aTriggeringPrincipal
+                   nsILoadInfo::SEC_ALLOW_CROSS_ORIGIN_DATA_IS_NULL,
+                   nsIContentPolicy::TYPE_OTHER,
+                   getter_AddRefs(chan));
+  NS_ENSURE_STATE(chan);
+
+  // Security operations scheduled through normal HTTP channels are given
+  // high priority to accommodate real time OCSP transactions.
+  nsCOMPtr<nsISupportsPriority> priorityChannel = do_QueryInterface(chan);
+  if (priorityChannel)
+    priorityChannel->AdjustPriority(nsISupportsPriority::PRIORITY_HIGHEST);
+
+  chan->SetLoadFlags(nsIRequest::LOAD_ANONYMOUS |
+                     nsIChannel::LOAD_BYPASS_SERVICE_WORKER);
+
+  // For OCSP requests, only the first party domain aspect of origin attributes
+  // is used. This means that OCSP requests are shared across different
+  // containers.
+  if (mRequestSession->mOriginAttributes != NeckoOriginAttributes()) {
+    NeckoOriginAttributes attrs;
+    attrs.mFirstPartyDomain =
+      mRequestSession->mOriginAttributes.mFirstPartyDomain;
+
+    nsCOMPtr<nsILoadInfo> loadInfo = chan->GetLoadInfo();
+    if (loadInfo) {
+      rv = loadInfo->SetOriginAttributes(attrs);
+      NS_ENSURE_SUCCESS(rv, rv);
+    }
+  }
+
+  // Create a loadgroup for this new channel.  This way if the channel
+  // is redirected, we'll have a way to cancel the resulting channel.
+  nsCOMPtr<nsILoadGroup> lg = do_CreateInstance(NS_LOADGROUP_CONTRACTID);
+  chan->SetLoadGroup(lg);
+
+  if (mRequestSession->mHasPostData)
+  {
+    nsCOMPtr<nsIInputStream> uploadStream;
+    rv = NS_NewPostDataStream(getter_AddRefs(uploadStream),
+                              false,
+                              mRequestSession->mPostData);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    nsCOMPtr<nsIUploadChannel> uploadChannel(do_QueryInterface(chan));
+    NS_ENSURE_STATE(uploadChannel);
+
+    rv = uploadChannel->SetUploadStream(uploadStream, 
+                                        mRequestSession->mPostContentType,
+                                        -1);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  // Do not use SPDY for internal security operations. It could result
+  // in the silent upgrade to ssl, which in turn could require an SSL
+  // operation to fulfill something like an OCSP fetch, which is an
+  // endless loop.
+  nsCOMPtr<nsIHttpChannelInternal> internalChannel = do_QueryInterface(chan);
+  if (internalChannel) {
+    rv = internalChannel->SetAllowSpdy(false);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  nsCOMPtr<nsIHttpChannel> hchan = do_QueryInterface(chan);
+  NS_ENSURE_STATE(hchan);
+
+  rv = hchan->SetAllowSTS(false);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = hchan->SetRequestMethod(mRequestSession->mRequestMethod);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  mResponsibleForDoneSignal = false;
+  mListener->mResponsibleForDoneSignal = true;
+
+  mListener->mLoadGroup = lg.get();
+  NS_ADDREF(mListener->mLoadGroup);
+  mListener->mLoadGroupOwnerThread = PR_GetCurrentThread();
+
+  rv = NS_NewStreamLoader(getter_AddRefs(mListener->mLoader), 
+                          mListener);
+
+  if (NS_SUCCEEDED(rv)) {
+    mStartTime = TimeStamp::Now();
+    rv = hchan->AsyncOpen2(mListener->mLoader);
+  }
+
+  if (NS_FAILED(rv)) {
+    mListener->mResponsibleForDoneSignal = false;
+    mResponsibleForDoneSignal = true;
+
+    NS_RELEASE(mListener->mLoadGroup);
+    mListener->mLoadGroup = nullptr;
+    mListener->mLoadGroupOwnerThread = nullptr;
+  }
+
+  return NS_OK;
+}
+
+struct nsCancelHTTPDownloadEvent : Runnable {
+  RefPtr<nsHTTPListener> mListener;
+
+  NS_IMETHOD Run() override {
+    mListener->FreeLoadGroup(true);
+    mListener = nullptr;
+    return NS_OK;
+  }
+};
+
+mozilla::pkix::Result
+nsNSSHttpServerSession::createSessionFcn(const char* host,
+                                         uint16_t portnum,
+                                 /*out*/ nsNSSHttpServerSession** pSession)
+{
+  if (!host || !pSession) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  nsNSSHttpServerSession* hss = new nsNSSHttpServerSession;
+  if (!hss) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  hss->mHost = host;
+  hss->mPort = portnum;
+
+  *pSession = hss;
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::createFcn(const nsNSSHttpServerSession* session,
+                                   const char* http_protocol_variant,
+                                   const char* path_and_query_string,
+                                   const char* http_request_method,
+                                   const NeckoOriginAttributes& origin_attributes,
+                                   const PRIntervalTime timeout,
+                           /*out*/ nsNSSHttpRequestSession** pRequest)
+{
+  if (!session || !http_protocol_variant || !path_and_query_string ||
+      !http_request_method || !pRequest) {
+    return Result::FATAL_ERROR_INVALID_ARGS;
+  }
+
+  nsNSSHttpRequestSession* rs = new nsNSSHttpRequestSession;
+  if (!rs) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  rs->mTimeoutInterval = timeout;
+
+  // Use a maximum timeout value of 10 seconds because of bug 404059.
+  // FIXME: Use a better approach once 406120 is ready.
+  uint32_t maxBug404059Timeout = PR_TicksPerSecond() * 10;
+  if (timeout > maxBug404059Timeout) {
+    rs->mTimeoutInterval = maxBug404059Timeout;
+  }
+
+  rs->mURL.Assign(http_protocol_variant);
+  rs->mURL.AppendLiteral("://");
+  rs->mURL.Append(session->mHost);
+  rs->mURL.Append(':');
+  rs->mURL.AppendInt(session->mPort);
+  rs->mURL.Append(path_and_query_string);
+
+  rs->mOriginAttributes = origin_attributes;
+
+  rs->mRequestMethod = http_request_method;
+
+  *pRequest = rs;
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::setPostDataFcn(const char* http_data,
+                                        const uint32_t http_data_len,
+                                        const char* http_content_type)
+{
+  mHasPostData = true;
+  mPostData.Assign(http_data, http_data_len);
+  mPostContentType.Assign(http_content_type);
+
+  return Success;
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+                                              uint16_t* http_response_code,
+                                              const char** http_response_content_type,
+                                              const char** http_response_headers,
+                                              const char** http_response_data,
+                                              uint32_t* http_response_data_len)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("nsNSSHttpRequestSession::trySendAndReceiveFcn to %s\n", mURL.get()));
+
+  bool onSTSThread;
+  nsresult nrv;
+  nsCOMPtr<nsIEventTarget> sts
+    = do_GetService(NS_SOCKETTRANSPORTSERVICE_CONTRACTID, &nrv);
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("Could not get STS service");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  nrv = sts->IsOnCurrentThread(&onSTSThread);
+  if (NS_FAILED(nrv)) {
+    NS_ERROR("IsOnCurrentThread failed");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  if (onSTSThread) {
+    NS_ERROR("nsNSSHttpRequestSession::trySendAndReceiveFcn called on socket "
+             "thread; this will not work.");
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  const int max_retries = 2;
+  int retry_count = 0;
+  bool retryable_error = false;
+  Result rv = Result::ERROR_UNKNOWN_ERROR;
+
+  do
+  {
+    if (retry_count > 0)
+    {
+      if (retryable_error)
+      {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+               ("nsNSSHttpRequestSession::trySendAndReceiveFcn - sleeping and retrying: %d of %d\n",
+                retry_count, max_retries));
+      }
+
+      PR_Sleep( PR_MillisecondsToInterval(300) * retry_count );
+    }
+
+    ++retry_count;
+    retryable_error = false;
+
+    rv =
+      internal_send_receive_attempt(retryable_error, pPollDesc, http_response_code,
+                                    http_response_content_type, http_response_headers,
+                                    http_response_data, http_response_data_len);
+  }
+  while (retryable_error &&
+         retry_count < max_retries);
+
+  if (retry_count > 1)
+  {
+    if (retryable_error)
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("nsNSSHttpRequestSession::trySendAndReceiveFcn - still failing, giving up...\n"));
+    else
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+             ("nsNSSHttpRequestSession::trySendAndReceiveFcn - success at attempt %d\n",
+              retry_count));
+  }
+
+  return rv;
+}
+
+void
+nsNSSHttpRequestSession::AddRef()
+{
+  ++mRefCount;
+}
+
+void
+nsNSSHttpRequestSession::Release()
+{
+  int32_t newRefCount = --mRefCount;
+  if (!newRefCount) {
+    delete this;
+  }
+}
+
+mozilla::pkix::Result
+nsNSSHttpRequestSession::internal_send_receive_attempt(bool &retryable_error,
+                                                       PRPollDesc **pPollDesc,
+                                                       uint16_t *http_response_code,
+                                                       const char **http_response_content_type,
+                                                       const char **http_response_headers,
+                                                       const char **http_response_data,
+                                                       uint32_t *http_response_data_len)
+{
+  if (pPollDesc) *pPollDesc = nullptr;
+  if (http_response_code) *http_response_code = 0;
+  if (http_response_content_type) *http_response_content_type = 0;
+  if (http_response_headers) *http_response_headers = 0;
+  if (http_response_data) *http_response_data = 0;
+
+  uint32_t acceptableResultSize = 0;
+
+  if (http_response_data_len)
+  {
+    acceptableResultSize = *http_response_data_len;
+    *http_response_data_len = 0;
+  }
+
+  if (!mListener) {
+    return Result::FATAL_ERROR_INVALID_STATE;
+  }
+
+  Mutex& waitLock = mListener->mLock;
+  CondVar& waitCondition = mListener->mCondition;
+  volatile bool &waitFlag = mListener->mWaitFlag;
+  waitFlag = true;
+
+  RefPtr<nsHTTPDownloadEvent> event(new nsHTTPDownloadEvent);
+  if (!event) {
+    return Result::FATAL_ERROR_NO_MEMORY;
+  }
+
+  event->mListener = mListener;
+  this->AddRef();
+  event->mRequestSession = this;
+
+  nsresult rv = NS_DispatchToMainThread(event);
+  if (NS_FAILED(rv)) {
+    event->mResponsibleForDoneSignal = false;
+    return Result::FATAL_ERROR_LIBRARY_FAILURE;
+  }
+
+  bool request_canceled = false;
+
+  {
+    MutexAutoLock locker(waitLock);
+
+    const PRIntervalTime start_time = PR_IntervalNow();
+    PRIntervalTime wait_interval;
+
+    bool running_on_main_thread = NS_IsMainThread();
+    if (running_on_main_thread)
+    {
+      // The result of running this on the main thread
+      // is a series of small timeouts mixed with spinning the
+      // event loop - this is always dangerous as there is so much main
+      // thread code that does not expect to be called re-entrantly. Your
+      // app really shouldn't do that.
+      NS_WARNING("Security network blocking I/O on Main Thread");
+
+      // let's process events quickly
+      wait_interval = PR_MicrosecondsToInterval(50);
+    }
+    else
+    { 
+      // On a secondary thread, it's fine to wait some more for
+      // for the condition variable.
+      wait_interval = PR_MillisecondsToInterval(250);
+    }
+
+    while (waitFlag)
+    {
+      if (running_on_main_thread)
+      {
+        // Networking runs on the main thread, which we happen to block here.
+        // Processing events will allow the OCSP networking to run while we 
+        // are waiting. Thanks a lot to Darin Fisher for rewriting the 
+        // thread manager. Thanks a lot to Christian Biesinger who
+        // made me aware of this possibility. (kaie)
+
+        MutexAutoUnlock unlock(waitLock);
+        NS_ProcessNextEvent(nullptr);
+      }
+
+      waitCondition.Wait(wait_interval);
+      
+      if (!waitFlag)
+        break;
+
+      if (!request_canceled)
+      {
+        bool timeout = 
+          (PRIntervalTime)(PR_IntervalNow() - start_time) > mTimeoutInterval;
+ 
+        if (timeout)
+        {
+          request_canceled = true;
+
+          RefPtr<nsCancelHTTPDownloadEvent> cancelevent(
+            new nsCancelHTTPDownloadEvent);
+          cancelevent->mListener = mListener;
+          rv = NS_DispatchToMainThread(cancelevent);
+          if (NS_FAILED(rv)) {
+            NS_WARNING("cannot post cancel event");
+          }
+          break;
+        }
+      }
+    }
+  }
+
+  if (!event->mStartTime.IsNull()) {
+    if (request_canceled) {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 0);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_CANCELED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+    else if (NS_SUCCEEDED(mListener->mResultCode) &&
+             mListener->mHttpResponseCode == 200) {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 1);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_SUCCEEDED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+    else {
+      Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 2);
+      Telemetry::AccumulateTimeDelta(
+        Telemetry::CERT_VALIDATION_HTTP_REQUEST_FAILED_TIME,
+        event->mStartTime, TimeStamp::Now());
+    }
+  }
+  else {
+    Telemetry::Accumulate(Telemetry::CERT_VALIDATION_HTTP_REQUEST_RESULT, 3);
+  }
+
+  if (request_canceled) {
+    return Result::ERROR_OCSP_SERVER_ERROR;
+  }
+
+  if (NS_FAILED(mListener->mResultCode)) {
+    if (mListener->mResultCode == NS_ERROR_CONNECTION_REFUSED ||
+        mListener->mResultCode == NS_ERROR_NET_RESET) {
+      retryable_error = true;
+    }
+    return Result::ERROR_OCSP_SERVER_ERROR;
+  }
+
+  if (http_response_code)
+    *http_response_code = mListener->mHttpResponseCode;
+
+  if (mListener->mHttpRequestSucceeded && http_response_data &&
+      http_response_data_len) {
+    *http_response_data_len = mListener->mResultLen;
+
+    // acceptableResultSize == 0 means: any size is acceptable
+    if (acceptableResultSize != 0 &&
+        acceptableResultSize < mListener->mResultLen) {
+      return Result::ERROR_OCSP_SERVER_ERROR;
+    }
+
+    // Return data by reference, result data will be valid until "this" gets
+    // destroyed.
+    *http_response_data = (const char*)mListener->mResultData;
+  }
+
+  if (mListener->mHttpRequestSucceeded && http_response_content_type) {
+    if (mListener->mHttpResponseContentType.Length()) {
+      *http_response_content_type = mListener->mHttpResponseContentType.get();
+    }
+  }
+
+  return Success;
+}
+
+nsNSSHttpRequestSession::nsNSSHttpRequestSession()
+: mRefCount(1),
+  mHasPostData(false),
+  mTimeoutInterval(0),
+  mListener(new nsHTTPListener)
+{
+}
+
+nsNSSHttpRequestSession::~nsNSSHttpRequestSession()
+{
+}
+
+nsHTTPListener::nsHTTPListener()
+: mResultData(nullptr),
+  mResultLen(0),
+  mLock("nsHTTPListener.mLock"),
+  mCondition(mLock, "nsHTTPListener.mCondition"),
+  mWaitFlag(true),
+  mResponsibleForDoneSignal(false),
+  mLoadGroup(nullptr),
+  mLoadGroupOwnerThread(nullptr)
+{
+}
+
+nsHTTPListener::~nsHTTPListener()
+{
+  if (mResponsibleForDoneSignal)
+    send_done_signal();
+
+  if (mResultData) {
+    free(const_cast<uint8_t *>(mResultData));
+  }
+
+  if (mLoader) {
+    NS_ReleaseOnMainThread(mLoader.forget());
+  }
+}
+
+NS_IMPL_ISUPPORTS(nsHTTPListener, nsIStreamLoaderObserver)
+
+void
+nsHTTPListener::FreeLoadGroup(bool aCancelLoad)
+{
+  nsILoadGroup *lg = nullptr;
+
+  MutexAutoLock locker(mLock);
+
+  if (mLoadGroup) {
+    if (mLoadGroupOwnerThread != PR_GetCurrentThread()) {
+      NS_ASSERTION(false,
+                   "attempt to access nsHTTPDownloadEvent::mLoadGroup on multiple threads, leaking it!");
+    }
+    else {
+      lg = mLoadGroup;
+      mLoadGroup = nullptr;
+    }
+  }
+
+  if (lg) {
+    if (aCancelLoad) {
+      lg->Cancel(NS_ERROR_ABORT);
+    }
+    NS_RELEASE(lg);
+  }
+}
+
+NS_IMETHODIMP
+nsHTTPListener::OnStreamComplete(nsIStreamLoader* aLoader,
+                                 nsISupports* aContext,
+                                 nsresult aStatus,
+                                 uint32_t stringLen,
+                                 const uint8_t* string)
+{
+  mResultCode = aStatus;
+
+  FreeLoadGroup(false);
+
+  nsCOMPtr<nsIRequest> req;
+  nsCOMPtr<nsIHttpChannel> hchan;
+
+  nsresult rv = aLoader->GetRequest(getter_AddRefs(req));
+  
+  if (NS_FAILED(aStatus))
+  {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsHTTPListener::OnStreamComplete status failed %d", aStatus));
+  }
+
+  if (NS_SUCCEEDED(rv))
+    hchan = do_QueryInterface(req, &rv);
+
+  if (NS_SUCCEEDED(rv))
+  {
+    rv = hchan->GetRequestSucceeded(&mHttpRequestSucceeded);
+    if (NS_FAILED(rv))
+      mHttpRequestSucceeded = false;
+
+    mResultLen = stringLen;
+    mResultData = string; // take ownership of allocation
+    aStatus = NS_SUCCESS_ADOPTED_DATA;
+
+    unsigned int rcode;
+    rv = hchan->GetResponseStatus(&rcode);
+    if (NS_FAILED(rv))
+      mHttpResponseCode = 500;
+    else
+      mHttpResponseCode = rcode;
+
+    hchan->GetResponseHeader(NS_LITERAL_CSTRING("Content-Type"), 
+                                    mHttpResponseContentType);
+  }
+
+  if (mResponsibleForDoneSignal)
+    send_done_signal();
+  
+  return aStatus;
+}
+
+void nsHTTPListener::send_done_signal()
+{
+  mResponsibleForDoneSignal = false;
+
+  {
+    MutexAutoLock locker(mLock);
+    mWaitFlag = false;
+    mCondition.NotifyAll();
+  }
+}
+
+static char*
+ShowProtectedAuthPrompt(PK11SlotInfo* slot, nsIInterfaceRequestor *ir)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("ShowProtectedAuthPrompt called off the main thread");
+    return nullptr;
+  }
+
+  char* protAuthRetVal = nullptr;
+
+  // Get protected auth dialogs
+  nsCOMPtr<nsITokenDialogs> dialogs;
+  nsresult nsrv = getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsITokenDialogs),
+                                NS_TOKENDIALOGS_CONTRACTID);
+  if (NS_SUCCEEDED(nsrv))
+  {
+    nsProtectedAuthThread* protectedAuthRunnable = new nsProtectedAuthThread();
+    if (protectedAuthRunnable)
+    {
+      NS_ADDREF(protectedAuthRunnable);
+
+      protectedAuthRunnable->SetParams(slot);
+      
+      nsCOMPtr<nsIProtectedAuthThread> runnable = do_QueryInterface(protectedAuthRunnable);
+      if (runnable)
+      {
+        nsrv = dialogs->DisplayProtectedAuth(ir, runnable);
+              
+        // We call join on the thread,
+        // so we can be sure that no simultaneous access will happen.
+        protectedAuthRunnable->Join();
+              
+        if (NS_SUCCEEDED(nsrv))
+        {
+          SECStatus rv = protectedAuthRunnable->GetResult();
+          switch (rv)
+          {
+              case SECSuccess:
+                  protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_AUTHENTICATED));
+                  break;
+              case SECWouldBlock:
+                  protAuthRetVal = ToNewCString(nsDependentCString(PK11_PW_RETRY));
+                  break;
+              default:
+                  protAuthRetVal = nullptr;
+                  break;
+          }
+        }
+      }
+
+      NS_RELEASE(protectedAuthRunnable);
+    }
+  }
+
+  return protAuthRetVal;
+}
+
+class PK11PasswordPromptRunnable : public SyncRunnableBase
+                                 , public nsNSSShutDownObject
+{
+public:
+  PK11PasswordPromptRunnable(PK11SlotInfo* slot, 
+                             nsIInterfaceRequestor* ir)
+    : mResult(nullptr),
+      mSlot(slot),
+      mIR(ir)
+  {
+  }
+  virtual ~PK11PasswordPromptRunnable();
+
+  // This doesn't own the PK11SlotInfo or any other NSS objects, so there's
+  // nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+  char * mResult; // out
+  virtual void RunOnTargetThread() override;
+private:
+  PK11SlotInfo* const mSlot; // in
+  nsIInterfaceRequestor* const mIR; // in
+};
+
+PK11PasswordPromptRunnable::~PK11PasswordPromptRunnable()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+PK11PasswordPromptRunnable::RunOnTargetThread()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIPrompt> prompt;
+  if (!mIR) {
+    rv = nsNSSComponent::GetNewPrompter(getter_AddRefs(prompt));
+    if (NS_FAILED(rv)) {
+      return;
+    }
+  } else {
+    prompt = do_GetInterface(mIR);
+    MOZ_ASSERT(prompt, "Interface requestor should implement nsIPrompt");
+  }
+
+  if (!prompt) {
+    return;
+  }
+
+  if (PK11_ProtectedAuthenticationPath(mSlot)) {
+    mResult = ShowProtectedAuthPrompt(mSlot, mIR);
+    return;
+  }
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID));
+  if (!nssComponent) {
+    return;
+  }
+
+  NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(mSlot));
+  const char16_t* formatStrings[] = {
+    tokenName.get(),
+  };
+  nsAutoString promptString;
+  rv = nssComponent->PIPBundleFormatStringFromName("CertPassPrompt",
+                                                   formatStrings,
+                                                   ArrayLength(formatStrings),
+                                                   promptString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  nsXPIDLString password;
+  // |checkState| is unused because |checkMsg| (the argument just before it) is
+  // null, but XPConnect requires it to point to a valid bool nonetheless.
+  bool checkState = false;
+  bool userClickedOK = false;
+  rv = prompt->PromptPassword(nullptr, promptString.get(),
+                              getter_Copies(password), nullptr, &checkState,
+                              &userClickedOK);
+  if (NS_FAILED(rv) || !userClickedOK) {
+    return;
+  }
+
+  mResult = ToNewUTF8String(password);
+}
+
+char*
+PK11PasswordPrompt(PK11SlotInfo* slot, PRBool /*retry*/, void* arg)
+{
+  RefPtr<PK11PasswordPromptRunnable> runnable(
+    new PK11PasswordPromptRunnable(slot,
+                                   static_cast<nsIInterfaceRequestor*>(arg)));
+  runnable->DispatchToMainThreadAndWait();
+  return runnable->mResult;
+}
+
+// call with shutdown prevention lock held
+static void
+PreliminaryHandshakeDone(PRFileDesc* fd)
+{
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+  if (!infoObject)
+    return;
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
+    infoObject->SetSSLVersionUsed(channelInfo.protocolVersion);
+    infoObject->SetEarlyDataAccepted(channelInfo.earlyDataAccepted);
+
+    SSLCipherSuiteInfo cipherInfo;
+    if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                               sizeof cipherInfo) == SECSuccess) {
+      /* Set the SSL Status information */
+      RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+      if (!status) {
+        status = new nsSSLStatus();
+        infoObject->SetSSLStatus(status);
+      }
+
+      status->mHaveCipherSuiteAndProtocol = true;
+      status->mCipherSuite = channelInfo.cipherSuite;
+      status->mProtocolVersion = channelInfo.protocolVersion & 0xFF;
+      infoObject->SetKEAUsed(channelInfo.keaType);
+      infoObject->SetKEAKeyBits(channelInfo.keaKeyBits);
+      infoObject->SetMACAlgorithmUsed(cipherInfo.macAlgorithm);
+    }
+  }
+
+  // Don't update NPN details on renegotiation.
+  if (infoObject->IsPreliminaryHandshakeDone()) {
+    return;
+  }
+
+  // Get the NPN value.
+  SSLNextProtoState state;
+  unsigned char npnbuf[256];
+  unsigned int npnlen;
+
+  if (SSL_GetNextProto(fd, &state, npnbuf, &npnlen,
+                       AssertedCast<unsigned int>(ArrayLength(npnbuf)))
+        == SECSuccess) {
+    if (state == SSL_NEXT_PROTO_NEGOTIATED ||
+        state == SSL_NEXT_PROTO_SELECTED) {
+      infoObject->SetNegotiatedNPN(BitwiseCast<char*, unsigned char*>(npnbuf),
+                                   npnlen);
+    } else {
+      infoObject->SetNegotiatedNPN(nullptr, 0);
+    }
+    mozilla::Telemetry::Accumulate(Telemetry::SSL_NPN_TYPE, state);
+  } else {
+    infoObject->SetNegotiatedNPN(nullptr, 0);
+  }
+
+  infoObject->SetPreliminaryHandshakeDone();
+}
+
+SECStatus
+CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart)
+{
+  *canFalseStart = false;
+
+  nsNSSShutDownPreventionLock locker;
+
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+  if (!infoObject) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  infoObject->SetFalseStartCallbackCalled();
+
+  if (infoObject->isAlreadyShutDown()) {
+    MOZ_CRASH("SSL socket used after NSS shut down");
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    return SECFailure;
+  }
+
+  PreliminaryHandshakeDone(fd);
+
+  uint32_t reasonsForNotFalseStarting = 0;
+
+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) != SECSuccess) {
+    return SECSuccess;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                             sizeof (cipherInfo)) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      " KEA %d\n", fd,
+                                      static_cast<int32_t>(channelInfo.keaType)));
+    return SECSuccess;
+  }
+
+  nsSSLIOLayerHelpers& helpers = infoObject->SharedState().IOLayerHelpers();
+
+  // Prevent version downgrade attacks from TLS 1.2, and avoid False Start for
+  // TLS 1.3 and later. See Bug 861310 for all the details as to why.
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_2) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      "SSL Version must be TLS 1.2, was %x\n", fd,
+                                      static_cast<int32_t>(channelInfo.protocolVersion)));
+    reasonsForNotFalseStarting |= POSSIBLE_VERSION_DOWNGRADE;
+  }
+
+  // See bug 952863 for why ECDHE is allowed, but DHE (and RSA) are not.
+  if (channelInfo.keaType != ssl_kea_ecdh) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                      "unsupported KEA %d\n", fd,
+                                      static_cast<int32_t>(channelInfo.keaType)));
+    reasonsForNotFalseStarting |= KEA_NOT_SUPPORTED;
+  }
+
+  // Prevent downgrade attacks on the symmetric cipher. We do not allow CBC
+  // mode due to BEAST, POODLE, and other attacks on the MAC-then-Encrypt
+  // design. See bug 1109766 for more details.
+  if (cipherInfo.macAlgorithm != ssl_mac_aead) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("CanFalseStartCallback [%p] failed - non-AEAD cipher used, %d, "
+            "is not supported with False Start.\n", fd,
+            static_cast<int32_t>(cipherInfo.symCipher)));
+    reasonsForNotFalseStarting |= POSSIBLE_CIPHER_SUITE_DOWNGRADE;
+  }
+
+  // XXX: An attacker can choose which protocols are advertised in the
+  // NPN extension. TODO(Bug 861311): We should restrict the ability
+  // of an attacker leverage this capability by restricting false start
+  // to the same protocol we previously saw for the server, after the
+  // first successful connection to the server.
+
+  // Enforce NPN to do false start if policy requires it. Do this as an
+  // indicator if server compatibility.
+  if (helpers.mFalseStartRequireNPN) {
+    nsAutoCString negotiatedNPN;
+    if (NS_FAILED(infoObject->GetNegotiatedNPN(negotiatedNPN)) ||
+        !negotiatedNPN.Length()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] failed - "
+                                        "NPN cannot be verified\n", fd));
+      reasonsForNotFalseStarting |= NPN_NOT_NEGOTIATED;
+    }
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_REASONS_FOR_NOT_FALSE_STARTING,
+                        reasonsForNotFalseStarting);
+
+  if (reasonsForNotFalseStarting == 0) {
+    *canFalseStart = PR_TRUE;
+    infoObject->SetFalseStarted();
+    infoObject->NoteTimeUntilReady();
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CanFalseStartCallback [%p] ok\n", fd));
+  }
+
+  return SECSuccess;
+}
+
+static void
+AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits)
+{
+  unsigned int value = bits <   512 ?  1 : bits ==   512 ?  2
+                     : bits <   768 ?  3 : bits ==   768 ?  4
+                     : bits <  1024 ?  5 : bits ==  1024 ?  6
+                     : bits <  1280 ?  7 : bits ==  1280 ?  8
+                     : bits <  1536 ?  9 : bits ==  1536 ? 10
+                     : bits <  2048 ? 11 : bits ==  2048 ? 12
+                     : bits <  3072 ? 13 : bits ==  3072 ? 14
+                     : bits <  4096 ? 15 : bits ==  4096 ? 16
+                     : bits <  8192 ? 17 : bits ==  8192 ? 18
+                     : bits < 16384 ? 19 : bits == 16384 ? 20
+                     : 0;
+  Telemetry::Accumulate(probe, value);
+}
+
+// XXX: This attempts to map a bit count to an ECC named curve identifier. In
+// the vast majority of situations, we only have the Suite B curves available.
+// In that case, this mapping works fine. If we were to have more curves
+// available, the mapping would be ambiguous since there could be multiple
+// named curves for a given size (e.g. secp256k1 vs. secp256r1). We punt on
+// that for now. See also NSS bug 323674.
+static void
+AccumulateECCCurve(Telemetry::ID probe, uint32_t bits)
+{
+  unsigned int value = bits == 256 ? 23 // P-256
+                     : bits == 384 ? 24 // P-384
+                     : bits == 521 ? 25 // P-521
+                     : 0; // Unknown
+  Telemetry::Accumulate(probe, value);
+}
+
+static void
+AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
+{
+  uint32_t value;
+  switch (channelInfo.cipherSuite) {
+    // ECDHE key exchange
+    case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: value = 1; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: value = 2; break;
+    case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: value = 3; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: value = 4; break;
+    case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: value = 5; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: value = 6; break;
+    case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 7; break;
+    case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
+    case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
+    case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
+    case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: value = 11; break;
+    case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: value = 12; break;
+    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: value = 13; break;
+    case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: value = 14; break;
+    // DHE key exchange
+    case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
+    case TLS_DHE_RSA_WITH_AES_256_CBC_SHA: value = 23; break;
+    case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 24; break;
+    case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 25; break;
+    case TLS_DHE_DSS_WITH_AES_128_CBC_SHA: value = 26; break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA: value = 27; break;
+    case TLS_DHE_DSS_WITH_AES_256_CBC_SHA: value = 28; break;
+    case TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA: value = 29; break;
+    case TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA: value = 30; break;
+    // ECDH key exchange
+    case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA: value = 41; break;
+    case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA: value = 42; break;
+    case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA: value = 43; break;
+    case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: value = 44; break;
+    case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 45; break;
+    case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: value = 46; break;
+    case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: value = 47; break;
+    case TLS_ECDH_RSA_WITH_RC4_128_SHA: value = 48; break;
+    // RSA key exchange
+    case TLS_RSA_WITH_AES_128_CBC_SHA: value = 61; break;
+    case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 62; break;
+    case TLS_RSA_WITH_AES_256_CBC_SHA: value = 63; break;
+    case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA: value = 64; break;
+    case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: value = 65; break;
+    case TLS_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break;
+    case TLS_RSA_WITH_SEED_CBC_SHA: value = 67; break;
+    case TLS_RSA_WITH_RC4_128_SHA: value = 68; break;
+    case TLS_RSA_WITH_RC4_128_MD5: value = 69; break;
+    // TLS 1.3 PSK resumption
+    case TLS_AES_128_GCM_SHA256: value = 70; break;
+    case TLS_CHACHA20_POLY1305_SHA256: value = 71; break;
+    case TLS_AES_256_GCM_SHA384: value = 72; break;
+    // unknown
+    default:
+      value = 0;
+      break;
+  }
+  MOZ_ASSERT(value != 0);
+  Telemetry::Accumulate(probe, value);
+}
+
+// In the case of session resumption, the AuthCertificate hook has been bypassed
+// (because we've previously successfully connected to our peer). That being the
+// case, we unfortunately don't know if the peer's server certificate verified
+// as extended validation or not. To address this, we attempt to build a
+// verified EV certificate chain here using as much of the original context as
+// possible (e.g. stapled OCSP responses, SCTs, the hostname, the first party
+// domain, etc.). Note that because we are on the socket thread, this must not
+// cause any network requests, hence the use of FLAG_LOCAL_ONLY.
+static void
+DetermineEVStatusAndSetNewCert(RefPtr<nsSSLStatus> sslStatus, PRFileDesc* fd,
+                               nsNSSSocketInfo* infoObject)
+{
+  MOZ_ASSERT(sslStatus);
+  MOZ_ASSERT(fd);
+  MOZ_ASSERT(infoObject);
+
+  if (!sslStatus || !fd || !infoObject) {
+    return;
+  }
+
+  UniqueCERTCertificate cert(SSL_PeerCertificate(fd));
+  MOZ_ASSERT(cert, "SSL_PeerCertificate failed in TLS handshake callback?");
+  if (!cert) {
+    return;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  MOZ_ASSERT(certVerifier,
+             "Certificate verifier uninitialized in TLS handshake callback?");
+  if (!certVerifier) {
+    return;
+  }
+
+  // We don't own these pointers.
+  const SECItemArray* stapledOCSPResponses = SSL_PeerStapledOCSPResponses(fd);
+  const SECItem* stapledOCSPResponse = nullptr;
+  // we currently only support single stapled responses
+  if (stapledOCSPResponses && stapledOCSPResponses->len == 1) {
+    stapledOCSPResponse = &stapledOCSPResponses->items[0];
+  }
+  const SECItem* sctsFromTLSExtension = SSL_PeerSignedCertTimestamps(fd);
+  if (sctsFromTLSExtension && sctsFromTLSExtension->len == 0) {
+    // SSL_PeerSignedCertTimestamps returns null on error and empty item
+    // when no extension was returned by the server. We always use null when
+    // no extension was received (for whatever reason), ignoring errors.
+    sctsFromTLSExtension = nullptr;
+  }
+
+  int flags = mozilla::psm::CertVerifier::FLAG_LOCAL_ONLY |
+              mozilla::psm::CertVerifier::FLAG_MUST_BE_EV;
+  if (!infoObject->SharedState().IsOCSPStaplingEnabled() ||
+      !infoObject->SharedState().IsOCSPMustStapleEnabled()) {
+    flags |= CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  }
+
+  SECOidTag evOidPolicy;
+  UniqueCERTCertList unusedBuiltChain;
+  const bool saveIntermediates = false;
+  mozilla::pkix::Result rv = certVerifier->VerifySSLServerCert(
+    cert,
+    stapledOCSPResponse,
+    sctsFromTLSExtension,
+    mozilla::pkix::Now(),
+    infoObject,
+    infoObject->GetHostNameRaw(),
+    unusedBuiltChain,
+    saveIntermediates,
+    flags,
+    infoObject->GetOriginAttributes(),
+    &evOidPolicy);
+
+  RefPtr<nsNSSCertificate> nssc(nsNSSCertificate::Create(cert.get()));
+  if (rv == Success && evOidPolicy != SEC_OID_UNKNOWN) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("HandshakeCallback using NEW cert %p (is EV)", nssc.get()));
+    sslStatus->SetServerCert(nssc, EVStatus::EV);
+  } else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("HandshakeCallback using NEW cert %p (is not EV)", nssc.get()));
+    sslStatus->SetServerCert(nssc, EVStatus::NotEV);
+  }
+}
+
+void HandshakeCallback(PRFileDesc* fd, void* client_data) {
+  nsNSSShutDownPreventionLock locker;
+  SECStatus rv;
+
+  nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+
+  // Do the bookkeeping that needs to be done after the
+  // server's ServerHello...ServerHelloDone have been processed, but that doesn't
+  // need the handshake to be completed.
+  PreliminaryHandshakeDone(fd);
+
+  nsSSLIOLayerHelpers& ioLayerHelpers
+    = infoObject->SharedState().IOLayerHelpers();
+
+  SSLVersionRange versions(infoObject->GetTLSVersionRange());
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] HandshakeCallback: succeeded using TLS version range (0x%04x,0x%04x)\n",
+          fd, static_cast<unsigned int>(versions.min),
+              static_cast<unsigned int>(versions.max)));
+
+  // If the handshake completed, then we know the site is TLS tolerant
+  ioLayerHelpers.rememberTolerantAtVersion(infoObject->GetHostName(),
+                                           infoObject->GetPort(),
+                                           versions.max);
+
+  bool usesFallbackCipher = false;
+  SSLChannelInfo channelInfo;
+  rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
+  MOZ_ASSERT(rv == SECSuccess);
+  if (rv == SECSuccess) {
+    // Get the protocol version for telemetry
+    // 1=tls1, 2=tls1.1, 3=tls1.2
+    unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
+    MOZ_ASSERT(versionEnum > 0);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_VERSION, versionEnum);
+    AccumulateCipherSuite(
+      infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL
+                                    : Telemetry::SSL_CIPHER_SUITE_RESUMED,
+      channelInfo);
+
+    SSLCipherSuiteInfo cipherInfo;
+    rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
+                                sizeof cipherInfo);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv == SECSuccess) {
+      usesFallbackCipher = channelInfo.keaType == ssl_kea_dh;
+
+      // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
+      Telemetry::Accumulate(
+        infoObject->IsFullHandshake()
+          ? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
+          : Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
+        channelInfo.keaType);
+
+      MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType);
+
+      if (infoObject->IsFullHandshake()) {
+        switch (channelInfo.keaType) {
+          case ssl_kea_rsa:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_RSA_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_dh:
+            AccumulateNonECCKeySize(Telemetry::SSL_KEA_DHE_KEY_SIZE_FULL,
+                                    channelInfo.keaKeyBits);
+            break;
+          case ssl_kea_ecdh:
+            AccumulateECCCurve(Telemetry::SSL_KEA_ECDHE_CURVE_FULL,
+                               channelInfo.keaKeyBits);
+            break;
+          default:
+            MOZ_CRASH("impossible KEA");
+            break;
+        }
+
+        Telemetry::Accumulate(Telemetry::SSL_AUTH_ALGORITHM_FULL,
+                              channelInfo.authType);
+
+        // RSA key exchange doesn't use a signature for auth.
+        if (channelInfo.keaType != ssl_kea_rsa) {
+          switch (channelInfo.authType) {
+            case ssl_auth_rsa:
+            case ssl_auth_rsa_sign:
+              AccumulateNonECCKeySize(Telemetry::SSL_AUTH_RSA_KEY_SIZE_FULL,
+                                      channelInfo.authKeyBits);
+              break;
+            case ssl_auth_ecdsa:
+              AccumulateECCCurve(Telemetry::SSL_AUTH_ECDSA_CURVE_FULL,
+                                 channelInfo.authKeyBits);
+              break;
+            default:
+              MOZ_CRASH("impossible auth algorithm");
+              break;
+          }
+        }
+      }
+
+      Telemetry::Accumulate(
+          infoObject->IsFullHandshake()
+            ? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
+            : Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
+          cipherInfo.symCipher);
+    }
+  }
+
+  PRBool siteSupportsSafeRenego;
+  if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) {
+    rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn,
+                                          &siteSupportsSafeRenego);
+    MOZ_ASSERT(rv == SECSuccess);
+    if (rv != SECSuccess) {
+      siteSupportsSafeRenego = false;
+    }
+  } else {
+    // TLS 1.3 dropped support for renegotiation.
+    siteSupportsSafeRenego = true;
+  }
+  bool renegotiationUnsafe = !siteSupportsSafeRenego &&
+                             ioLayerHelpers.treatUnsafeNegotiationAsBroken();
+
+
+  /* Set the SSL Status information */
+  RefPtr<nsSSLStatus> status(infoObject->SSLStatus());
+  if (!status) {
+    status = new nsSSLStatus();
+    infoObject->SetSSLStatus(status);
+  }
+
+  RememberCertErrorsTable::GetInstance().LookupCertErrorBits(infoObject,
+                                                             status);
+
+  uint32_t state;
+  if (renegotiationUnsafe) {
+    state = nsIWebProgressListener::STATE_IS_BROKEN;
+  } else {
+    state = nsIWebProgressListener::STATE_IS_SECURE |
+            nsIWebProgressListener::STATE_SECURE_HIGH;
+    if (!usesFallbackCipher) {
+      SSLVersionRange defVersion;
+      rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
+      if (rv == SECSuccess && versions.max >= defVersion.max) {
+        // we know this site no longer requires a fallback cipher
+        ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
+                                                  infoObject->GetPort());
+      }
+    }
+  }
+
+  if (status->HasServerCert()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("HandshakeCallback KEEPING existing cert\n"));
+  } else {
+    DetermineEVStatusAndSetNewCert(status, fd, infoObject);
+  }
+
+  bool domainMismatch;
+  bool untrusted;
+  bool notValidAtThisTime;
+  // These all return NS_OK, so don't even bother checking the return values.
+  Unused << status->GetIsDomainMismatch(&domainMismatch);
+  Unused << status->GetIsUntrusted(&untrusted);
+  Unused << status->GetIsNotValidAtThisTime(&notValidAtThisTime);
+  // If we're here, the TLS handshake has succeeded. Thus if any of these
+  // booleans are true, the user has added an override for a certificate error.
+  if (domainMismatch || untrusted || notValidAtThisTime) {
+    state |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  infoObject->SetSecurityState(state);
+
+  // XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,
+  // we should set a flag on the channel that higher (UI) level code can check
+  // to log the warning. In particular, these warnings should go to the web
+  // console instead of to the error console. Also, the warning is not
+  // localized.
+  if (!siteSupportsSafeRenego) {
+    nsXPIDLCString hostName;
+    infoObject->GetHostName(getter_Copies(hostName));
+
+    nsAutoString msg;
+    msg.Append(NS_ConvertASCIItoUTF16(hostName));
+    msg.AppendLiteral(" : server does not support RFC 5746, see CVE-2009-3555");
+
+    nsContentUtils::LogSimpleConsoleError(msg, "SSL");
+  }
+
+  infoObject->NoteTimeUntilReady();
+  infoObject->SetHandshakeCompleted();
+}
diff --git a/security/manager/ssl/nsNSSCallbacks.h b/security/manager/ssl/nsNSSCallbacks.h
new file mode 100644
index 000000000..e9d7f3172
--- /dev/null
+++ b/security/manager/ssl/nsNSSCallbacks.h
@@ -0,0 +1,198 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCallbacks_h
+#define nsNSSCallbacks_h
+
+#include "mozilla/Attributes.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/CondVar.h"
+#include "mozilla/Mutex.h"
+#include "nsAutoPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIStreamLoader.h"
+#include "nspr.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "pkix/pkixtypes.h"
+
+#include "ocspt.h" // Must be included after pk11func.h.
+
+using mozilla::NeckoOriginAttributes;
+
+class nsILoadGroup;
+
+char*
+PK11PasswordPrompt(PK11SlotInfo *slot, PRBool retry, void* arg);
+
+void HandshakeCallback(PRFileDesc *fd, void *client_data);
+SECStatus CanFalseStartCallback(PRFileDesc* fd, void* client_data,
+                                PRBool *canFalseStart);
+
+class nsHTTPListener final : public nsIStreamLoaderObserver
+{
+private:
+  // For XPCOM implementations that are not a base class for some other
+  // class, it is good practice to make the destructor non-virtual and
+  // private.  Then the only way to delete the object is via Release.
+#ifdef _MSC_VER
+  // C4265: Class has virtual members but destructor is not virtual
+  __pragma(warning(disable:4265))
+#endif
+  ~nsHTTPListener();
+
+public:
+  nsHTTPListener();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISTREAMLOADEROBSERVER
+
+  nsCOMPtr<nsIStreamLoader> mLoader;
+
+  nsresult mResultCode;
+
+  bool mHttpRequestSucceeded;
+  uint16_t mHttpResponseCode;
+  nsCString mHttpResponseContentType;
+
+  const uint8_t* mResultData; // allocated in loader, but owned by listener
+  uint32_t mResultLen;
+
+  mozilla::Mutex mLock;
+  mozilla::CondVar mCondition;
+  volatile bool mWaitFlag;
+
+  bool mResponsibleForDoneSignal;
+  void send_done_signal();
+
+  // no nsCOMPtr. When I use it, I get assertions about
+  //   loadgroup not being thread safe.
+  // So, let's use a raw pointer and ensure we only create and destroy
+  // it on the network thread ourselves.
+  nsILoadGroup *mLoadGroup;
+  PRThread *mLoadGroupOwnerThread;
+  void FreeLoadGroup(bool aCancelLoad);
+};
+
+class nsNSSHttpServerSession
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  nsCString mHost;
+  uint16_t mPort;
+
+  static Result createSessionFcn(const char* host,
+                                 uint16_t portnum,
+                         /*out*/ nsNSSHttpServerSession** pSession);
+};
+
+class nsNSSHttpRequestSession
+{
+protected:
+  mozilla::ThreadSafeAutoRefCnt mRefCount;
+
+public:
+  typedef mozilla::pkix::Result Result;
+
+  static Result createFcn(const nsNSSHttpServerSession* session,
+                          const char* httpProtocolVariant,
+                          const char* pathAndQueryString,
+                          const char* httpRequestMethod,
+                          const NeckoOriginAttributes& originAttributes,
+                          const PRIntervalTime timeout,
+                  /*out*/ nsNSSHttpRequestSession** pRequest);
+
+  Result setPostDataFcn(const char* httpData,
+                        const uint32_t httpDataLen,
+                        const char* httpContentType);
+
+  Result trySendAndReceiveFcn(PRPollDesc** pPollDesc,
+                              uint16_t* httpResponseCode,
+                              const char** httpResponseContentType,
+                              const char** httpResponseHeaders,
+                              const char** httpResponseData,
+                              uint32_t* httpResponseDataLen);
+
+  void AddRef();
+  void Release();
+
+  nsCString mURL;
+  nsCString mRequestMethod;
+
+  bool mHasPostData;
+  nsCString mPostData;
+  nsCString mPostContentType;
+
+  NeckoOriginAttributes mOriginAttributes;
+
+  PRIntervalTime mTimeoutInterval;
+
+  RefPtr<nsHTTPListener> mListener;
+
+protected:
+  nsNSSHttpRequestSession();
+  ~nsNSSHttpRequestSession();
+
+  Result internal_send_receive_attempt(bool& retryableError,
+                                       PRPollDesc** pPollDesc,
+                                       uint16_t* httpResponseCode,
+                                       const char** httpResponseContentType,
+                                       const char** httpResponseHeaders,
+                                       const char** httpResponseData,
+                                       uint32_t* httpResponseDataLen);
+};
+
+class nsNSSHttpInterface
+{
+public:
+  typedef mozilla::pkix::Result Result;
+
+  static Result createSessionFcn(const char* host,
+                                 uint16_t portnum,
+                         /*out*/ nsNSSHttpServerSession** pSession)
+  {
+    return nsNSSHttpServerSession::createSessionFcn(host, portnum, pSession);
+  }
+
+  static Result createFcn(const nsNSSHttpServerSession* session,
+                          const char* httpProtocolVariant,
+                          const char* pathAndQueryString,
+                          const char* httpRequestMethod,
+                          const NeckoOriginAttributes& originAttributes,
+                          const PRIntervalTime timeout,
+                  /*out*/ nsNSSHttpRequestSession** pRequest)
+  {
+    return nsNSSHttpRequestSession::createFcn(session, httpProtocolVariant,
+                                              pathAndQueryString,
+                                              httpRequestMethod, originAttributes,
+                                              timeout, pRequest);
+  }
+
+  static Result setPostDataFcn(nsNSSHttpRequestSession* request,
+                               const char* httpData,
+                               const uint32_t httpDataLen,
+                               const char* httpContentType)
+  {
+    return request->setPostDataFcn(httpData, httpDataLen, httpContentType);
+  }
+
+  static Result trySendAndReceiveFcn(nsNSSHttpRequestSession* request,
+                                     PRPollDesc** pPollDesc,
+                                     uint16_t* httpResponseCode,
+                                     const char** httpResponseContentType,
+                                     const char** httpResponseHeaders,
+                                     const char** httpResponseData,
+                                     uint32_t* httpResponseDataLen)
+  {
+    return request->trySendAndReceiveFcn(pPollDesc, httpResponseCode,
+                                         httpResponseContentType,
+                                         httpResponseHeaders,
+                                         httpResponseData, httpResponseDataLen);
+  }
+};
+
+#endif // nsNSSCallbacks_h
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
new file mode 100644
index 000000000..64c87ad2f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -0,0 +1,2039 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertHelper.h"
+
+#include <algorithm>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/UniquePtr.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDateTimeFormatCID.h"
+#include "nsIDateTimeFormat.h"
+#include "nsNSSASN1Object.h"
+#include "nsNSSCertTrust.h"
+#include "nsNSSCertValidity.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "secder.h"
+
+using namespace mozilla;
+ 
+/* Object Identifier constants */
+#define CONST_OID static const unsigned char
+#define MICROSOFT_OID 0x2b, 0x6, 0x1, 0x4, 0x1, 0x82, 0x37
+#define PKIX_OID 0x2b, 0x6, 0x01, 0x05, 0x05, 0x07
+CONST_OID msCertExtCerttype[]      = { MICROSOFT_OID, 20, 2};
+CONST_OID msNTPrincipalName[]      = { MICROSOFT_OID, 20, 2, 3 };
+CONST_OID msCertsrvCAVersion[]     = { MICROSOFT_OID, 21, 1 };
+CONST_OID msNTDSReplication[]      = { MICROSOFT_OID, 25, 1 };
+CONST_OID pkixLogotype[]           = { PKIX_OID, 1, 12 };
+
+#define OI(x) { siDEROID, (unsigned char *)x, sizeof x }
+#define OD(oid,desc,mech,ext) {OI(oid), SEC_OID_UNKNOWN, desc, mech, ext}
+#define SEC_OID(tag) more_oids[tag].offset
+
+static SECOidData more_oids[] = {
+    /* Microsoft OIDs */
+    #define MS_CERT_EXT_CERTTYPE 0
+    OD( msCertExtCerttype,
+        "Microsoft Certificate Template Name", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_NT_PRINCIPAL_NAME 1
+    OD( msNTPrincipalName,
+        "Microsoft Principal Name", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_CERTSERV_CA_VERSION 2
+    OD( msCertsrvCAVersion,
+        "Microsoft CA Version", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define MS_NTDS_REPLICATION 3
+    OD( msNTDSReplication,
+        "Microsoft Domain GUID", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+
+    #define PKIX_LOGOTYPE 4
+    OD( pkixLogotype,
+        "Logotype", 
+        CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ),
+};
+
+static const unsigned int numOids = (sizeof more_oids) / (sizeof more_oids[0]);
+
+static nsresult
+ProcessVersion(SECItem* versionItem, nsINSSComponent* nssComponent,
+               nsIASN1PrintableItem** retItem)
+{
+  nsAutoString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpVersion", text);
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+  nsresult rv = printableItem->SetDisplayName(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Now to figure out what version this certificate is.
+  unsigned int version;
+  if (versionItem->data) {
+    // Filter out totally bogus version values/encodings.
+    if (versionItem->len != 1) {
+      return NS_ERROR_FAILURE;
+    }
+    version = *BitwiseCast<uint8_t*, unsigned char*>(versionItem->data);
+  } else {
+    // If there is no version present in the cert, then RFC 5280 says we
+    // default to v1 (0).
+    version = 0;
+  }
+
+  // A value of n actually corresponds to version n + 1
+  nsAutoString versionString;
+  versionString.AppendInt(version + 1);
+  const char16_t* params[1] = { versionString.get() };
+  rv = nssComponent->PIPBundleFormatStringFromName("CertDumpVersionValue",
+                                                   params,
+                                                   MOZ_ARRAY_LENGTH(params),
+                                                   text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = printableItem->SetDisplayValue(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  printableItem.forget(retItem);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSerialNumberDER(const SECItem& serialItem,
+                       NotNull<nsINSSComponent*> nssComponent,
+               /*out*/ nsCOMPtr<nsIASN1PrintableItem>& retItem)
+{
+  nsAutoString text;
+  nsresult rv = nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+  rv = printableItem->SetDisplayName(text);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniquePORTString serialNumber(
+    CERT_Hexify(const_cast<SECItem*>(&serialItem), 1));
+  if (!serialNumber) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  rv = printableItem->SetDisplayValue(NS_ConvertASCIItoUTF16(serialNumber.get()));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  retItem = printableItem.forget();
+  return NS_OK;
+}
+
+static nsresult
+GetDefaultOIDFormat(SECItem *oid,
+                    nsINSSComponent *nssComponent,
+                    nsAString &outString,
+                    char separator)
+{
+  outString.Truncate();
+  int invalidCount = 0;
+    
+  unsigned int i;
+  unsigned long val  = 0;
+  bool invalid = false;
+  bool first = true;
+
+  val = 0;
+  for (i = 0; i < oid->len; ++i) {
+    // In this loop, we have to parse a DER formatted 
+    // If the first bit is a 1, then the integer is 
+    // represented by more than one byte.  If the 
+    // first bit is set then we continue on and add
+    // the values of the later bytes until we get 
+    // a byte without the first bit set.
+    unsigned long j;
+
+    j = oid->data[i];
+    val = (val << 7) | (j & 0x7f);
+    if (j & 0x80) {
+      // - If val is 0 in this block, the OID number particle starts with 0x80
+      // what is specified as an invalid formating.
+      // - If val is larger then 2^32-7, on next left shift by 7 we will loose
+      // the most significant bits, this OID number particle cannot be read
+      // by our implementation.
+      // - If the first bit is set while this is the last component of the OID
+      // we are also in an invalid state.
+      if (val == 0 || (val >= (1 << (32-7))) || (i == oid->len-1)) {
+        invalid = true;
+      }
+
+      if (i < oid->len-1)
+        continue;
+    }
+
+    if (!invalid) {
+      if (first) {
+        unsigned long one = std::min(val/40, 2UL); // never > 2
+        unsigned long two = val - (one * 40);
+
+        outString.AppendPrintf("%lu%c%lu", one, separator, two);
+      }
+      else {
+        outString.AppendPrintf("%c%lu", separator, val);
+      }
+    }
+    else {
+      if (!first) {
+        outString.AppendPrintf("%c", separator);
+      }
+      nsAutoString unknownText;
+      nssComponent->GetPIPNSSBundleString("CertUnknown", 
+                                          unknownText);
+      outString.Append(unknownText);
+
+      if (++invalidCount > 3) {
+        // Allow only 3 occurences of Unknown in OID display string to
+        // prevent bloat.
+        break;
+      }
+    }
+
+    val = 0;      
+    invalid = false;
+    first = false;
+  }
+
+  return NS_OK; 
+}
+
+static nsresult
+GetOIDText(SECItem *oid, nsINSSComponent *nssComponent, nsAString &text)
+{ 
+  nsresult rv;
+  SECOidTag oidTag = SECOID_FindOIDTag(oid);
+  const char *bundlekey = 0;
+
+  switch (oidTag) {
+  case SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpMD2WithRSA";
+    break;
+  case SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpMD5WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA1WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA256WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA384WithRSA";
+    break;
+  case SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION:
+    bundlekey = "CertDumpSHA512WithRSA";
+    break;
+  case SEC_OID_PKCS1_RSA_ENCRYPTION:
+    bundlekey = "CertDumpRSAEncr";
+    break;
+  case SEC_OID_PKCS1_RSA_PSS_SIGNATURE:
+    bundlekey = "CertDumpRSAPSSSignature";
+    break;
+  case SEC_OID_AVA_COUNTRY_NAME:
+    bundlekey = "CertDumpAVACountry";
+    break;
+  case SEC_OID_AVA_COMMON_NAME:
+    bundlekey = "CertDumpAVACN";
+    break;
+  case SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME:
+    bundlekey = "CertDumpAVAOU";
+    break;
+  case SEC_OID_AVA_ORGANIZATION_NAME:
+    bundlekey = "CertDumpAVAOrg";
+    break;
+  case SEC_OID_AVA_LOCALITY:
+    bundlekey = "CertDumpAVALocality";
+    break;
+  case SEC_OID_AVA_DN_QUALIFIER:
+    bundlekey = "CertDumpAVADN";
+    break;
+  case SEC_OID_AVA_DC:
+    bundlekey = "CertDumpAVADC";
+    break;
+  case SEC_OID_AVA_STATE_OR_PROVINCE:
+    bundlekey = "CertDumpAVAState";
+    break;
+  case SEC_OID_AVA_SURNAME:
+    bundlekey = "CertDumpSurname";
+    break;
+  case SEC_OID_AVA_GIVEN_NAME:
+    bundlekey = "CertDumpGivenName";
+    break;
+  case SEC_OID_X509_SUBJECT_DIRECTORY_ATTR:
+    bundlekey = "CertDumpSubjectDirectoryAttr";
+    break;
+  case SEC_OID_X509_SUBJECT_KEY_ID:
+    bundlekey = "CertDumpSubjectKeyID";
+    break;
+  case SEC_OID_X509_KEY_USAGE:
+    bundlekey = "CertDumpKeyUsage";
+    break;
+  case SEC_OID_X509_SUBJECT_ALT_NAME:
+    bundlekey = "CertDumpSubjectAltName";
+    break;
+  case SEC_OID_X509_ISSUER_ALT_NAME:
+    bundlekey = "CertDumpIssuerAltName";
+    break;
+  case SEC_OID_X509_BASIC_CONSTRAINTS:
+    bundlekey = "CertDumpBasicConstraints";
+    break;
+  case SEC_OID_X509_NAME_CONSTRAINTS:
+    bundlekey = "CertDumpNameConstraints";
+    break;
+  case SEC_OID_X509_CRL_DIST_POINTS:
+    bundlekey = "CertDumpCrlDistPoints";
+    break;
+  case SEC_OID_X509_CERTIFICATE_POLICIES:
+    bundlekey = "CertDumpCertPolicies";
+    break;
+  case SEC_OID_X509_POLICY_MAPPINGS:
+    bundlekey = "CertDumpPolicyMappings";
+    break;
+  case SEC_OID_X509_POLICY_CONSTRAINTS:
+    bundlekey = "CertDumpPolicyConstraints";
+    break;
+  case SEC_OID_X509_AUTH_KEY_ID:
+    bundlekey = "CertDumpAuthKeyID";
+    break;
+  case SEC_OID_X509_EXT_KEY_USAGE:
+    bundlekey = "CertDumpExtKeyUsage";
+    break;
+  case SEC_OID_X509_AUTH_INFO_ACCESS:
+    bundlekey = "CertDumpAuthInfoAccess";
+    break;
+  case SEC_OID_ANSIX9_DSA_SIGNATURE:
+    bundlekey = "CertDumpAnsiX9DsaSignature";
+    break;
+  case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST:
+    bundlekey = "CertDumpAnsiX9DsaSignatureWithSha1";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha1";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha224";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha256";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha384";
+    break;
+  case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE:
+    bundlekey = "CertDumpAnsiX962ECDsaSignatureWithSha512";
+    break;
+  case SEC_OID_RFC1274_UID:
+    bundlekey = "CertDumpUserID";
+    break;
+  case SEC_OID_PKCS9_EMAIL_ADDRESS:
+    bundlekey = "CertDumpPK9Email";
+    break;
+  case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+    bundlekey = "CertDumpECPublicKey";
+    break;
+  /* ANSI X9.62 named elliptic curves (prime field) */
+  case SEC_OID_ANSIX962_EC_PRIME192V1:
+    /* same as SEC_OID_SECG_EC_SECP192r1 */
+    bundlekey = "CertDumpECprime192v1";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME192V2:
+    bundlekey = "CertDumpECprime192v2";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME192V3:
+    bundlekey = "CertDumpECprime192v3";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V1:
+    bundlekey = "CertDumpECprime239v1";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V2:
+    bundlekey = "CertDumpECprime239v2";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME239V3:
+    bundlekey = "CertDumpECprime239v3";
+    break;
+  case SEC_OID_ANSIX962_EC_PRIME256V1:
+    /* same as SEC_OID_SECG_EC_SECP256r1 */
+    bundlekey = "CertDumpECprime256v1";
+    break;
+  /* SECG named elliptic curves (prime field) */
+  case SEC_OID_SECG_EC_SECP112R1:
+    bundlekey = "CertDumpECsecp112r1";
+    break;
+  case SEC_OID_SECG_EC_SECP112R2:
+    bundlekey = "CertDumpECsecp112r2";
+    break;
+  case SEC_OID_SECG_EC_SECP128R1:
+    bundlekey = "CertDumpECsecp128r1";
+    break;
+  case SEC_OID_SECG_EC_SECP128R2:
+    bundlekey = "CertDumpECsecp128r2";
+    break;
+  case SEC_OID_SECG_EC_SECP160K1:
+    bundlekey = "CertDumpECsecp160k1";
+    break;
+  case SEC_OID_SECG_EC_SECP160R1:
+    bundlekey = "CertDumpECsecp160r1";
+    break;
+  case SEC_OID_SECG_EC_SECP160R2:
+    bundlekey = "CertDumpECsecp160r2";
+    break;
+  case SEC_OID_SECG_EC_SECP192K1:
+    bundlekey = "CertDumpECsecp192k1";
+    break;
+  case SEC_OID_SECG_EC_SECP224K1:
+    bundlekey = "CertDumpECsecp224k1";
+    break;
+  case SEC_OID_SECG_EC_SECP224R1:
+    bundlekey = "CertDumpECsecp224r1";
+    break;
+  case SEC_OID_SECG_EC_SECP256K1:
+    bundlekey = "CertDumpECsecp256k1";
+    break;
+  case SEC_OID_SECG_EC_SECP384R1:
+    bundlekey = "CertDumpECsecp384r1";
+    break;
+
+  case SEC_OID_SECG_EC_SECP521R1:
+    bundlekey = "CertDumpECsecp521r1";
+    break;
+  /* ANSI X9.62 named elliptic curves (characteristic two field) */
+  case SEC_OID_ANSIX962_EC_C2PNB163V1:
+    bundlekey = "CertDumpECc2pnb163v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB163V2:
+    bundlekey = "CertDumpECc2pnb163v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB163V3:
+    bundlekey = "CertDumpECc2pnb163v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB176V1:
+    bundlekey = "CertDumpECc2pnb176v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V1:
+    bundlekey = "CertDumpECc2tnb191v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V2:
+    bundlekey = "CertDumpECc2tnb191v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB191V3:
+    bundlekey = "CertDumpECc2tnb191v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB191V4:
+    bundlekey = "CertDumpECc2onb191v4";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB191V5:
+    bundlekey = "CertDumpECc2onb191v5";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB208W1:
+    bundlekey = "CertDumpECc2pnb208w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V1:
+    bundlekey = "CertDumpECc2tnb239v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V2:
+    bundlekey = "CertDumpECc2tnb239v2";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB239V3:
+    bundlekey = "CertDumpECc2tnb239v3";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB239V4:
+    bundlekey = "CertDumpECc2onb239v4";
+    break;
+  case SEC_OID_ANSIX962_EC_C2ONB239V5:
+    bundlekey = "CertDumpECc2onb239v5";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB272W1:
+    bundlekey = "CertDumpECc2pnb272w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB304W1:
+    bundlekey = "CertDumpECc2pnb304w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB359V1:
+    bundlekey = "CertDumpECc2tnb359v1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2PNB368W1:
+    bundlekey = "CertDumpECc2pnb368w1";
+    break;
+  case SEC_OID_ANSIX962_EC_C2TNB431R1:
+    bundlekey = "CertDumpECc2tnb431r1";
+    break;
+  /* SECG named elliptic curves (characteristic two field) */
+  case SEC_OID_SECG_EC_SECT113R1:
+    bundlekey = "CertDumpECsect113r1";
+    break;
+  case SEC_OID_SECG_EC_SECT113R2:
+    bundlekey = "CertDumpECsect113r2";
+    break;
+  case SEC_OID_SECG_EC_SECT131R1:
+    bundlekey = "CertDumpECsect131r1";
+    break;
+  case SEC_OID_SECG_EC_SECT131R2:
+    bundlekey = "CertDumpECsect131r2";
+    break;
+  case SEC_OID_SECG_EC_SECT163K1:
+    bundlekey = "CertDumpECsect163k1";
+    break;
+  case SEC_OID_SECG_EC_SECT163R1:
+    bundlekey = "CertDumpECsect163r1";
+    break;
+  case SEC_OID_SECG_EC_SECT163R2:
+    bundlekey = "CertDumpECsect163r2";
+    break;
+  case SEC_OID_SECG_EC_SECT193R1:
+    bundlekey = "CertDumpECsect193r1";
+    break;
+  case SEC_OID_SECG_EC_SECT193R2:
+    bundlekey = "CertDumpECsect193r2";
+    break;
+  case SEC_OID_SECG_EC_SECT233K1:
+    bundlekey = "CertDumpECsect233k1";
+    break;
+  case SEC_OID_SECG_EC_SECT233R1:
+    bundlekey = "CertDumpECsect233r1";
+    break;
+  case SEC_OID_SECG_EC_SECT239K1:
+    bundlekey = "CertDumpECsect239k1";
+    break;
+  case SEC_OID_SECG_EC_SECT283K1:
+    bundlekey = "CertDumpECsect283k1";
+    break;
+  case SEC_OID_SECG_EC_SECT283R1:
+    bundlekey = "CertDumpECsect283r1";
+    break;
+  case SEC_OID_SECG_EC_SECT409K1:
+    bundlekey = "CertDumpECsect409k1";
+    break;
+  case SEC_OID_SECG_EC_SECT409R1:
+    bundlekey = "CertDumpECsect409r1";
+    break;
+  case SEC_OID_SECG_EC_SECT571K1:
+    bundlekey = "CertDumpECsect571k1";
+    break;
+  case SEC_OID_SECG_EC_SECT571R1:
+    bundlekey = "CertDumpECsect571r1";
+    break;
+  default: 
+    if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
+      bundlekey = "CertDumpMSCerttype";
+      break;
+    }
+    if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) {
+      bundlekey = "CertDumpMSCAVersion";
+      break;
+    }
+    if (oidTag == SEC_OID(PKIX_LOGOTYPE)) {
+      bundlekey = "CertDumpLogotype";
+      break;
+    }
+    /* fallthrough */
+  }
+
+  if (bundlekey) {
+    rv = nssComponent->GetPIPNSSBundleString(bundlekey, text);
+  } else {
+    nsAutoString text2;
+    rv = GetDefaultOIDFormat(oid, nssComponent, text2, ' ');
+    if (NS_FAILED(rv))
+      return rv;
+
+    const char16_t *params[1] = {text2.get()};
+    rv = nssComponent->PIPBundleFormatStringFromName("CertDumpDefOID",
+                                                     params, 1, text);
+  }
+  return rv;  
+}
+
+#define SEPARATOR "\n"
+
+static nsresult
+ProcessRawBytes(nsINSSComponent *nssComponent, SECItem *data, 
+                nsAString &text, bool wantHeader = true)
+{
+  // This function is used to display some DER bytes
+  // that we have not added support for decoding.
+  // If it's short, let's display as an integer, no size header.
+
+  if (data->len <= 4) {
+    int i_pv = DER_GetInteger(data);
+    nsAutoString value;
+    value.AppendInt(i_pv);
+    text.Append(value);
+    text.AppendLiteral(SEPARATOR);
+    return NS_OK;
+  }
+
+  // Else produce a hex dump.
+
+  if (wantHeader) {
+    nsAutoString bytelen, bitlen;
+    bytelen.AppendInt(data->len);
+    bitlen.AppendInt(data->len*8);
+  
+    const char16_t *params[2] = {bytelen.get(), bitlen.get()};
+    nsresult rv = nssComponent->PIPBundleFormatStringFromName("CertDumpRawBytesHeader",
+                                                              params, 2, text);
+    if (NS_FAILED(rv))
+      return rv;
+
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  // This prints the value of the byte out into a 
+  // string that can later be displayed as a byte
+  // string.  We place a new line after 24 bytes
+  // to break up extermaly long sequence of bytes.
+
+  uint32_t i;
+  char buffer[5];
+  for (i=0; i<data->len; i++) {
+    SprintfLiteral(buffer, "%02x ", data->data[i]);
+    AppendASCIItoUTF16(buffer, text);
+    if ((i+1)%16 == 0) {
+      text.AppendLiteral(SEPARATOR);
+    }
+  }
+  return NS_OK;
+}
+
+/**
+ * Appends a pipnss bundle string to the given string.
+ *
+ * @param nssComponent For accessing the string bundle.
+ * @param bundleKey Key for the string to append.
+ * @param currentText The text to append to, using |SEPARATOR| as the separator.
+ */
+template<size_t N>
+void AppendBundleString(const NotNull<nsINSSComponent*>& nssComponent,
+                        const char (&bundleKey)[N],
+             /*in/out*/ nsAString& currentText)
+{
+  nsAutoString bundleString;
+  nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  currentText.Append(bundleString);
+  currentText.AppendLiteral(SEPARATOR);
+}
+
+static nsresult
+ProcessKeyUsageExtension(SECItem *extData, nsAString &text,
+                         nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(extData);
+  MOZ_ASSERT(nssComponent);
+  NS_ENSURE_ARG(extData);
+  NS_ENSURE_ARG(nssComponent);
+
+  NotNull<nsINSSComponent*> wrappedNSSComponent = WrapNotNull(nssComponent);
+  ScopedAutoSECItem decoded;
+  if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_BitStringTemplate),
+                         extData) != SECSuccess) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpExtensionFailure", text);
+    return NS_OK;
+  }
+  unsigned char keyUsage = 0;
+  if (decoded.len) {
+    keyUsage = decoded.data[0];
+  }
+
+  if (keyUsage & KU_DIGITAL_SIGNATURE) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text);
+  }
+  if (keyUsage & KU_NON_REPUDIATION) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text);
+  }
+  if (keyUsage & KU_KEY_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text);
+  }
+  if (keyUsage & KU_DATA_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text);
+  }
+  if (keyUsage & KU_KEY_AGREEMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text);
+  }
+  if (keyUsage & KU_KEY_CERT_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text);
+  }
+  if (keyUsage & KU_CRL_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSigner", text);
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessBasicConstraints(SECItem  *extData, 
+                        nsAString &text,
+                        nsINSSComponent *nssComponent)
+{
+  nsAutoString local;
+  CERTBasicConstraints value;
+  SECStatus rv;
+  nsresult rv2;
+
+  value.pathLenConstraint = -1;
+  rv = CERT_DecodeBasicConstraintValue (&value, extData);
+  if (rv != SECSuccess) {
+    ProcessRawBytes(nssComponent, extData, text);
+    return NS_OK;
+  }
+  if (value.isCA)
+    rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsCA", local);
+  else
+    rv2 = nssComponent->GetPIPNSSBundleString("CertDumpIsNotCA", local);
+  if (NS_FAILED(rv2))
+    return rv2;
+  text.Append(local.get());
+  if (value.pathLenConstraint != -1) {
+    nsAutoString depth;
+    if (value.pathLenConstraint == CERT_UNLIMITED_PATH_CONSTRAINT)
+      nssComponent->GetPIPNSSBundleString("CertDumpPathLenUnlimited", depth);
+    else
+      depth.AppendInt(value.pathLenConstraint);
+    const char16_t *params[1] = {depth.get()};
+    rv2 = nssComponent->PIPBundleFormatStringFromName("CertDumpPathLen",
+                                                      params, 1, local);
+    if (NS_FAILED(rv2))
+      return rv2;
+    text.AppendLiteral(SEPARATOR);
+    text.Append(local.get());
+  }
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtKeyUsage(SECItem  *extData, 
+                   nsAString &text,
+                   nsINSSComponent *nssComponent)
+{
+  nsAutoString local;
+  SECItem **oids;
+  SECItem *oid;
+  nsresult rv;
+
+  UniqueCERTOidSequence extKeyUsage(CERT_DecodeOidSequence(extData));
+  if (!extKeyUsage) {
+    return NS_ERROR_FAILURE;
+  }
+
+  oids = extKeyUsage->oids;
+  while (oids && *oids) {
+    // For each OID, try to find a bundle string
+    // of the form CertDumpEKU_<underlined-OID>
+    nsAutoString oidname;
+    oid = *oids;
+    rv = GetDefaultOIDFormat(oid, nssComponent, oidname, '_');
+    if (NS_FAILED(rv))
+      return rv;
+    nsAutoString bundlekey = NS_LITERAL_STRING("CertDumpEKU_")+ oidname;
+    NS_ConvertUTF16toUTF8 bk_ascii(bundlekey);
+    
+    rv = nssComponent->GetPIPNSSBundleString(bk_ascii.get(), local);
+    nsresult rv2 = GetDefaultOIDFormat(oid, nssComponent, oidname, '.');
+    if (NS_FAILED(rv2))
+      return rv2;
+    if (NS_SUCCEEDED(rv)) {
+      // display name and OID in parentheses
+      text.Append(local);
+      text.AppendLiteral(" (");
+      text.Append(oidname);
+      text.Append(')');
+    } else
+      // If there is no bundle string, just display the OID itself
+      text.Append(oidname);
+
+    text.AppendLiteral(SEPARATOR);
+    oids++;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessRDN(CERTRDN* rdn, nsAString &finalString, nsINSSComponent *nssComponent)
+{
+  nsresult rv;
+  CERTAVA** avas;
+  CERTAVA* ava;
+  nsString avavalue;
+  nsString type;
+  nsAutoString temp;
+  const char16_t *params[2];
+
+  avas = rdn->avas;
+  while ((ava = *avas++) != 0) {
+    rv = GetOIDText(&ava->type, nssComponent, type);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    //This function returns a string in UTF8 format.
+    UniqueSECItem decodeItem(CERT_DecodeAVAValue(&ava->value));
+    if (!decodeItem) {
+      return NS_ERROR_FAILURE;
+    }
+
+    // We know we can fit buffer of this length. CERT_RFC1485_EscapeAndQuote
+    // will fail if we provide smaller buffer then the result can fit to.
+    int escapedValueCapacity = decodeItem->len * 3 + 3;
+    UniquePtr<char[]> escapedValue = MakeUnique<char[]>(escapedValueCapacity);
+
+    SECStatus status = CERT_RFC1485_EscapeAndQuote(
+          escapedValue.get(),
+          escapedValueCapacity, 
+          (char*)decodeItem->data, 
+          decodeItem->len);
+    if (SECSuccess != status) {
+      return NS_ERROR_FAILURE;
+    }
+
+    avavalue = NS_ConvertUTF8toUTF16(escapedValue.get());
+
+    params[0] = type.get();
+    params[1] = avavalue.get();
+    nssComponent->PIPBundleFormatStringFromName("AVATemplate",
+                                                  params, 2, temp);
+    finalString += temp + NS_LITERAL_STRING("\n");
+  }
+  return NS_OK;
+}
+
+static nsresult
+ProcessName(CERTName *name, nsINSSComponent *nssComponent, char16_t **value)
+{
+  CERTRDN** rdns;
+  CERTRDN** rdn;
+  nsString finalString;
+
+  rdns = name->rdns;
+
+  nsresult rv;
+  CERTRDN **lastRdn;
+  /* find last RDN */
+  lastRdn = rdns;
+  while (*lastRdn) lastRdn++;
+  // The above whille loop will put us at the last member
+  // of the array which is a nullptr pointer.  So let's back
+  // up one spot so that we have the last non-nullptr entry in 
+  // the array in preparation for traversing the 
+  // RDN's (Relative Distinguished Name) in reverse oder.
+  lastRdn--;
+   
+  /*
+   * Loop over name contents in _reverse_ RDN order appending to string
+   * When building the Ascii string, NSS loops over these entries in 
+   * reverse order, so I will as well.  The difference is that NSS
+   * will always place them in a one line string separated by commas,
+   * where I want each entry on a single line.  I can't just use a comma
+   * as my delimitter because it is a valid character to have in the 
+   * value portion of the AVA and could cause trouble when parsing.
+   */
+  for (rdn = lastRdn; rdn >= rdns; rdn--) {
+    rv = ProcessRDN(*rdn, finalString, nssComponent);
+    if (NS_FAILED(rv))
+      return rv;
+  }
+  *value = ToNewUnicode(finalString);    
+  return NS_OK;
+}
+
+static nsresult
+ProcessIA5String(const SECItem& extData, /*in/out*/ nsAString& text)
+{
+  ScopedAutoSECItem item;
+  if (SEC_ASN1DecodeItem(nullptr, &item, SEC_ASN1_GET(SEC_IA5StringTemplate),
+                         &extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  text.AppendASCII(BitwiseCast<char*, unsigned char*>(item.data),
+                   AssertedCast<uint32_t>(item.len));
+  return NS_OK;
+}
+
+static nsresult
+AppendBMPtoUTF16(const UniquePLArenaPool& arena, unsigned char* data,
+                 unsigned int len, nsAString& text)
+{
+  if (len % 2 != 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* XXX instead of converting to and from UTF-8, it would
+     be sufficient to just swap bytes, or do nothing */
+  unsigned int utf8ValLen = len * 3 + 1;
+  unsigned char* utf8Val = (unsigned char*)PORT_ArenaZAlloc(arena.get(),
+                                                            utf8ValLen);
+  if (!PORT_UCS2_UTF8Conversion(false, data, len, utf8Val, utf8ValLen,
+                                &utf8ValLen)) {
+    return NS_ERROR_FAILURE;
+  }
+  AppendUTF8toUTF16((char*)utf8Val, text);
+  return NS_OK;
+}
+
+static nsresult
+ProcessBMPString(SECItem* extData, nsAString& text)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECItem item;
+  if (SEC_ASN1DecodeItem(arena.get(), &item, SEC_ASN1_GET(SEC_BMPStringTemplate),
+                         extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return AppendBMPtoUTF16(arena, item.data, item.len, text);
+}
+
+static nsresult
+ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current,
+                   nsAString& text, nsINSSComponent* nssComponent)
+{
+  NS_ENSURE_ARG_POINTER(current);
+
+  nsAutoString key;
+  nsXPIDLString value;
+  nsresult rv = NS_OK;
+
+  switch (current->type) {
+  case certOtherName: {
+    SECOidTag oidTag = SECOID_FindOIDTag(&current->name.OthName.oid);
+    if (oidTag == SEC_OID(MS_NT_PRINCIPAL_NAME)) {
+	/* The type of this name is apparently nowhere explicitly
+	   documented. However, in the generated templates, it is always
+	   UTF-8. So try to decode this as UTF-8; if that fails, dump the
+	   raw data. */
+	SECItem decoded;
+	nssComponent->GetPIPNSSBundleString("CertDumpMSNTPrincipal", key);
+        if (SEC_ASN1DecodeItem(arena.get(), &decoded,
+			       SEC_ASN1_GET(SEC_UTF8StringTemplate), 
+			       &current->name.OthName.name) == SECSuccess) {
+	  AppendUTF8toUTF16(nsAutoCString((char*)decoded.data, decoded.len),
+			    value);
+	} else {
+	  ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+	}
+	break;
+    } else if (oidTag == SEC_OID(MS_NTDS_REPLICATION)) {
+	/* This should be a 16-byte GUID */
+	SECItem guid;
+	nssComponent->GetPIPNSSBundleString("CertDumpMSDomainGUID", key);
+        if (SEC_ASN1DecodeItem(arena.get(), &guid,
+			       SEC_ASN1_GET(SEC_OctetStringTemplate),
+			       &current->name.OthName.name) == SECSuccess
+	    && guid.len == 16) {
+	  char buf[40];
+	  unsigned char *d = guid.data;
+          SprintfLiteral(buf,
+            "{%.2x%.2x%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2x}",
+            d[3], d[2], d[1], d[0], d[5], d[4], d[7], d[6],
+            d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]);
+	  value.AssignASCII(buf);
+	} else {
+	  ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+	}
+    } else {
+      rv = GetDefaultOIDFormat(&current->name.OthName.oid, nssComponent, key, ' ');
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      ProcessRawBytes(nssComponent, &current->name.OthName.name, value);
+    }
+    break;
+  }
+  case certRFC822Name:
+    nssComponent->GetPIPNSSBundleString("CertDumpRFC822Name", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certDNSName:
+    nssComponent->GetPIPNSSBundleString("CertDumpDNSName", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certX400Address:
+    nssComponent->GetPIPNSSBundleString("CertDumpX400Address", key);
+    ProcessRawBytes(nssComponent, &current->name.other, value);
+    break;
+  case certDirectoryName:
+    nssComponent->GetPIPNSSBundleString("CertDumpDirectoryName", key);
+    rv = ProcessName(&current->name.directoryName, nssComponent, 
+		     getter_Copies(value));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    break;
+  case certEDIPartyName:
+    nssComponent->GetPIPNSSBundleString("CertDumpEDIPartyName", key);
+    ProcessRawBytes(nssComponent, &current->name.other, value);
+    break;
+  case certURI:
+    nssComponent->GetPIPNSSBundleString("CertDumpURI", key);
+    value.AssignASCII((char*)current->name.other.data, current->name.other.len);
+    break;
+  case certIPAddress:
+    {
+      char buf[INET6_ADDRSTRLEN];
+      PRStatus status = PR_FAILURE;
+      PRNetAddr addr;
+      memset(&addr, 0, sizeof(addr));
+      nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key);
+      if (current->name.other.len == 4) {
+        addr.inet.family = PR_AF_INET;
+        memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
+        status = PR_NetAddrToString(&addr, buf, sizeof(buf));
+      } else if (current->name.other.len == 16) {
+        addr.ipv6.family = PR_AF_INET6;
+        memcpy(&addr.ipv6.ip, current->name.other.data, current->name.other.len);
+        status = PR_NetAddrToString(&addr, buf, sizeof(buf));
+      }
+      if (status == PR_SUCCESS) {
+        value.AssignASCII(buf);
+      } else {
+        /* invalid IP address */
+        ProcessRawBytes(nssComponent, &current->name.other, value);
+      }
+      break;
+    }
+  case certRegisterID:
+    nssComponent->GetPIPNSSBundleString("CertDumpRegisterID", key);
+    rv = GetDefaultOIDFormat(&current->name.other, nssComponent, value, '.');
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    break;
+  }
+  text.Append(key);
+  text.AppendLiteral(": ");
+  text.Append(value);
+  text.AppendLiteral(SEPARATOR);
+
+  return rv;
+}
+
+static nsresult
+ProcessGeneralNames(const UniquePLArenaPool& arena, CERTGeneralName* nameList,
+                    nsAString& text, nsINSSComponent* nssComponent)
+{
+  CERTGeneralName* current = nameList;
+  nsresult rv;
+
+  do {
+    rv = ProcessGeneralName(arena, current, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+    current = CERT_GetNextGeneralName(current);
+  } while (current != nameList);
+  return rv;
+}
+
+static nsresult
+ProcessAltName(SECItem* extData, nsAString& text, nsINSSComponent* nssComponent)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTGeneralName* nameList = CERT_DecodeAltNameExtension(arena.get(), extData);
+  if (!nameList) {
+    return NS_OK;
+  }
+
+  return ProcessGeneralNames(arena, nameList, text, nssComponent);
+}
+
+static nsresult
+ProcessSubjectKeyId(SECItem  *extData, 
+		    nsAString &text,
+		    nsINSSComponent *nssComponent)
+{
+  SECItem decoded;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  if (SEC_QuickDERDecodeItem(arena.get(), &decoded,
+			     SEC_ASN1_GET(SEC_OctetStringTemplate), 
+			     extData) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local);
+  text.Append(local);
+  text.AppendLiteral(": ");
+  ProcessRawBytes(nssComponent, &decoded, text);
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessAuthKeyId(SECItem  *extData, 
+		 nsAString &text,
+		 nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTAuthKeyID* ret = CERT_DecodeAuthKeyID(arena.get(), extData);
+  if (!ret) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (ret->keyID.len > 0) {
+    nssComponent->GetPIPNSSBundleString("CertDumpKeyID", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    ProcessRawBytes(nssComponent, &ret->keyID, text);
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  if (ret->authCertIssuer) {
+    nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    rv = ProcessGeneralNames(arena, ret->authCertIssuer, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  if (ret->authCertSerialNumber.len > 0) {
+    nssComponent->GetPIPNSSBundleString("CertDumpSerialNo", local);
+    text.Append(local);
+    text.AppendLiteral(": ");
+    ProcessRawBytes(nssComponent, &ret->authCertSerialNumber, text);
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessUserNotice(SECItem* derNotice, nsAString& text,
+                  nsINSSComponent* nssComponent)
+{
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  UniqueCERTUserNotice notice(CERT_DecodeUserNotice(derNotice));
+  if (!notice) {
+    ProcessRawBytes(nssComponent, derNotice, text);
+    return NS_OK;
+  }
+
+  if (notice->noticeReference.organization.len != 0) {
+    switch (notice->noticeReference.organization.type) {
+    case siAsciiString:
+    case siVisibleString:
+    case siUTF8String:
+      text.Append(NS_ConvertUTF8toUTF16(
+                  (const char *)notice->noticeReference.organization.data,
+                  notice->noticeReference.organization.len));
+      break;
+    case siBMPString:
+      AppendBMPtoUTF16(arena, notice->noticeReference.organization.data,
+                       notice->noticeReference.organization.len, text);
+      break;
+    default:
+      break;
+    }
+    text.AppendLiteral(" - ");
+    SECItem** itemList = notice->noticeReference.noticeNumbers;
+    while (*itemList) {
+      unsigned long number;
+      char buffer[60];
+      if (SEC_ASN1DecodeInteger(*itemList, &number) == SECSuccess) {
+        SprintfLiteral(buffer, "#%lu", number);
+        if (itemList != notice->noticeReference.noticeNumbers)
+          text.AppendLiteral(", ");
+        AppendASCIItoUTF16(buffer, text);
+      }
+      itemList++;
+    }
+  }
+  if (notice->displayText.len != 0) {
+    text.AppendLiteral(SEPARATOR);
+    text.AppendLiteral("    ");
+    switch (notice->displayText.type) {
+    case siAsciiString:
+    case siVisibleString:
+    case siUTF8String:
+      text.Append(NS_ConvertUTF8toUTF16((const char *)notice->displayText.data,
+                                        notice->displayText.len));
+      break;
+    case siBMPString:
+      AppendBMPtoUTF16(arena, notice->displayText.data, notice->displayText.len,
+		       text);
+      break;
+    default:
+      break;
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessCertificatePolicies(SECItem  *extData, 
+			   nsAString &text,
+			   nsINSSComponent *nssComponent)
+{
+  CERTPolicyInfo **policyInfos, *policyInfo;
+  CERTPolicyQualifier **policyQualifiers, *policyQualifier;
+  nsAutoString local;
+  nsresult rv = NS_OK;
+
+  UniqueCERTCertificatePolicies policies(
+    CERT_DecodeCertificatePoliciesExtension(extData));
+  if (!policies) {
+    return NS_ERROR_FAILURE;
+  }
+
+  policyInfos = policies->policyInfos;
+  while (*policyInfos) {
+    policyInfo = *policyInfos++;
+    switch (policyInfo->oid) {
+    case SEC_OID_VERISIGN_USER_NOTICES:
+      nssComponent->GetPIPNSSBundleString("CertDumpVerisignNotices", local);
+      text.Append(local);
+      break;
+    default:
+      GetDefaultOIDFormat(&policyInfo->policyID, nssComponent, local, '.');
+      text.Append(local);
+    }
+
+    if (policyInfo->policyQualifiers) {
+      /* Add all qualifiers on separate lines, indented */
+      policyQualifiers = policyInfo->policyQualifiers;
+      text.Append(':');
+      text.AppendLiteral(SEPARATOR);
+      while (*policyQualifiers) {
+	text.AppendLiteral("  ");
+	policyQualifier = *policyQualifiers++;
+	switch(policyQualifier->oid) {
+	case SEC_OID_PKIX_CPS_POINTER_QUALIFIER:
+	  nssComponent->GetPIPNSSBundleString("CertDumpCPSPointer", local);
+	  text.Append(local);
+	  text.Append(':');
+	  text.AppendLiteral(SEPARATOR);
+	  text.AppendLiteral("    ");
+	  /* The CPS pointer ought to be the cPSuri alternative
+	     of the Qualifier choice. */
+          rv = ProcessIA5String(policyQualifier->qualifierValue, text);
+          if (NS_FAILED(rv)) {
+            return rv;
+          }
+	  break;
+	case SEC_OID_PKIX_USER_NOTICE_QUALIFIER:
+	  nssComponent->GetPIPNSSBundleString("CertDumpUserNotice", local);
+	  text.Append(local);
+	  text.AppendLiteral(": ");
+	  rv = ProcessUserNotice(&policyQualifier->qualifierValue,
+				 text, nssComponent);
+	  break;
+	default:
+	  GetDefaultOIDFormat(&policyQualifier->qualifierID, nssComponent, local, '.');
+	  text.Append(local);
+	  text.AppendLiteral(": ");
+	  ProcessRawBytes(nssComponent, &policyQualifier->qualifierValue, text);
+	}
+	text.AppendLiteral(SEPARATOR);
+      } /* while policyQualifiers */
+    } /* if policyQualifiers */
+    text.AppendLiteral(SEPARATOR);
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessCrlDistPoints(SECItem  *extData, 
+		     nsAString &text,
+		     nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTCrlDistributionPoints* crldp =
+    CERT_DecodeCRLDistributionPoints(arena.get(), extData);
+  if (!crldp || !crldp->distPoints) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (CRLDistributionPoint** points = crldp->distPoints; *points; points++) {
+    CRLDistributionPoint* point = *points;
+    switch (point->distPointType) {
+    case generalName:
+      rv = ProcessGeneralName(arena, point->distPoint.fullName,
+			      text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      break;
+    case relativeDistinguishedName:
+      rv = ProcessRDN(&point->distPoint.relativeName, 
+		      text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      break;
+    }
+    if (point->reasons.len) { 
+      int reasons = point->reasons.data[0];
+      text.Append(' ');
+      bool comma = false;
+      if (reasons & RF_UNUSED) {
+	nssComponent->GetPIPNSSBundleString("CertDumpUnused", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_KEY_COMPROMISE) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpKeyCompromise", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CA_COMPROMISE) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpCACompromise", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_AFFILIATION_CHANGED) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpAffiliationChanged", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_SUPERSEDED) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpSuperseded", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CESSATION_OF_OPERATION) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpCessation", local);
+        text.Append(local);
+        comma = true;
+      }
+      if (reasons & RF_CERTIFICATE_HOLD) {
+	if (comma) text.AppendLiteral(", ");
+	nssComponent->GetPIPNSSBundleString("CertDumpHold", local);
+        text.Append(local);
+        comma = true;
+      }
+      text.AppendLiteral(SEPARATOR);
+    }
+    if (point->crlIssuer) {
+      nssComponent->GetPIPNSSBundleString("CertDumpIssuer", local);
+      text.Append(local);
+      text.AppendLiteral(": ");
+      rv = ProcessGeneralNames(arena, point->crlIssuer,
+			       text, nssComponent);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+ProcessAuthInfoAccess(SECItem  *extData, 
+		      nsAString &text,
+		      nsINSSComponent *nssComponent)
+{
+  nsresult rv = NS_OK;
+  nsAutoString local;
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTAuthInfoAccess** aia = CERT_DecodeAuthInfoAccessExtension(arena.get(),
+                                                                extData);
+  if (!aia) {
+    return NS_OK;
+  }
+
+  while (*aia) {
+    CERTAuthInfoAccess* desc = *aia++;
+    switch (SECOID_FindOIDTag(&desc->method)) {
+    case SEC_OID_PKIX_OCSP:
+      nssComponent->GetPIPNSSBundleString("CertDumpOCSPResponder", local);
+      break;
+    case SEC_OID_PKIX_CA_ISSUERS:
+      nssComponent->GetPIPNSSBundleString("CertDumpCAIssuers", local);
+      break;
+    default:
+      rv = GetDefaultOIDFormat(&desc->method, nssComponent, local, '.');
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+    text.Append(local);
+    text.AppendLiteral(": ");
+    rv = ProcessGeneralName(arena, desc->location, text, nssComponent);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return rv;
+}
+
+static nsresult
+ProcessMSCAVersion(SECItem  *extData, 
+		   nsAString &text,
+		   nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(extData);
+  NS_ENSURE_ARG(extData);
+
+  ScopedAutoSECItem decoded;
+  if (SEC_ASN1DecodeItem(nullptr, &decoded, SEC_ASN1_GET(SEC_IntegerTemplate),
+                         extData) != SECSuccess) {
+    /* This extension used to be an Integer when this code
+       was written, but apparently isn't anymore. Display
+       the raw bytes instead. */
+    return ProcessRawBytes(nssComponent, extData, text);
+  }
+
+  unsigned long version;
+  if (SEC_ASN1DecodeInteger(&decoded, &version) != SECSuccess) {
+    /* Value out of range, display raw bytes */
+    return ProcessRawBytes(nssComponent, extData, text);
+  }
+
+  /* Apparently, the encoding is <minor><major>, with 16 bits each */
+  char buf[50];
+  if (SprintfLiteral(buf, "%lu.%lu", version & 0xFFFF, version >> 16) <= 0) {
+    return NS_ERROR_FAILURE;
+  }
+
+  text.AppendASCII(buf);
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtensionData(SECOidTag oidTag, SECItem *extData, 
+                     nsAString &text, 
+                     nsINSSComponent *nssComponent)
+{
+  nsresult rv;
+  switch (oidTag) {
+  case SEC_OID_X509_KEY_USAGE:
+    rv = ProcessKeyUsageExtension(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_BASIC_CONSTRAINTS:
+    rv = ProcessBasicConstraints(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_EXT_KEY_USAGE:
+    rv = ProcessExtKeyUsage(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_ISSUER_ALT_NAME:
+  case SEC_OID_X509_SUBJECT_ALT_NAME:
+    rv = ProcessAltName(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_SUBJECT_KEY_ID:
+    rv = ProcessSubjectKeyId(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_AUTH_KEY_ID:
+    rv = ProcessAuthKeyId(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_CERTIFICATE_POLICIES:
+    rv = ProcessCertificatePolicies(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_CRL_DIST_POINTS:
+    rv = ProcessCrlDistPoints(extData, text, nssComponent);
+    break;
+  case SEC_OID_X509_AUTH_INFO_ACCESS:
+    rv = ProcessAuthInfoAccess(extData, text, nssComponent);
+    break;
+  default:
+    if (oidTag == SEC_OID(MS_CERT_EXT_CERTTYPE)) {
+      rv = ProcessBMPString(extData, text);
+      break;
+    }
+    if (oidTag == SEC_OID(MS_CERTSERV_CA_VERSION)) {
+      rv = ProcessMSCAVersion(extData, text, nssComponent);
+      break;
+    }
+    rv = ProcessRawBytes(nssComponent, extData, text);
+    break; 
+  }
+  return rv;
+}
+
+static nsresult
+ProcessSingleExtension(CERTCertExtension *extension,
+                       nsINSSComponent *nssComponent,
+                       nsIASN1PrintableItem **retExtension)
+{
+  nsAutoString text, extvalue;
+  GetOIDText(&extension->id, nssComponent, text);
+  nsCOMPtr<nsIASN1PrintableItem>extensionItem = new nsNSSASN1PrintableItem();
+
+  extensionItem->SetDisplayName(text);
+  SECOidTag oidTag = SECOID_FindOIDTag(&extension->id);
+  text.Truncate();
+  if (extension->critical.data) {
+    if (extension->critical.data[0]) {
+      nssComponent->GetPIPNSSBundleString("CertDumpCritical", text);
+    } else {
+      nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text);
+    }
+  } else {
+    nssComponent->GetPIPNSSBundleString("CertDumpNonCritical", text);
+  }
+  text.AppendLiteral(SEPARATOR);
+  nsresult rv = ProcessExtensionData(oidTag, &extension->value, extvalue, 
+                                     nssComponent);
+  if (NS_FAILED(rv)) {
+    extvalue.Truncate();
+    rv = ProcessRawBytes(nssComponent, &extension->value, extvalue, false);
+  }
+  text.Append(extvalue);
+
+  extensionItem->SetDisplayValue(text);
+  extensionItem.forget(retExtension);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSECAlgorithmID(SECAlgorithmID *algID,
+                      nsINSSComponent *nssComponent,
+                      nsIASN1Sequence **retSequence)
+{
+  SECOidTag algOIDTag = SECOID_FindOIDTag(&algID->algorithm);
+  SECItem paramsOID = { siBuffer, nullptr, 0 };
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  *retSequence = nullptr;
+  nsString text;
+  GetOIDText(&algID->algorithm, nssComponent, text);
+  if (!algID->parameters.len || algID->parameters.data[0] == nsIASN1Object::ASN1_NULL) {
+    sequence->SetDisplayValue(text);
+    sequence->SetIsValidContainer(false);
+  } else {
+    nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nsCOMPtr<nsIMutableArray> asn1Objects;
+    sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+    asn1Objects->AppendElement(printableItem, false);
+    nssComponent->GetPIPNSSBundleString("CertDumpAlgID", text);
+    printableItem->SetDisplayName(text);
+
+    printableItem = new nsNSSASN1PrintableItem();
+
+    asn1Objects->AppendElement(printableItem, false);
+    nssComponent->GetPIPNSSBundleString("CertDumpParams", text);
+    printableItem->SetDisplayName(text);
+    if ((algOIDTag == SEC_OID_ANSIX962_EC_PUBLIC_KEY) &&
+        (algID->parameters.len > 2) && 
+        (algID->parameters.data[0] == nsIASN1Object::ASN1_OBJECT_ID)) {
+       paramsOID.len = algID->parameters.len - 2;
+       paramsOID.data = algID->parameters.data + 2;
+       GetOIDText(&paramsOID, nssComponent, text);
+    } else {
+       ProcessRawBytes(nssComponent, &algID->parameters,text);
+    }
+    printableItem->SetDisplayValue(text);
+  }
+  sequence.forget(retSequence);
+  return NS_OK;
+}
+
+static nsresult
+ProcessTime(PRTime dispTime, const char16_t* displayName,
+            nsIASN1Sequence* parentSequence)
+{
+  nsCOMPtr<nsIDateTimeFormat> dateFormatter = nsIDateTimeFormat::Create();
+  if (!dateFormatter) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsString text;
+  nsString tempString;
+
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(dispTime, PR_LocalTimeParameters, &explodedTime);
+
+  dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+                                      kTimeFormatSeconds, &explodedTime,
+                                      tempString);
+
+  text.Append(tempString);
+  text.AppendLiteral("\n(");
+
+  PRExplodedTime explodedTimeGMT;
+  PR_ExplodeTime(dispTime, PR_GMTParameters, &explodedTimeGMT);
+
+  dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+                                      kTimeFormatSeconds, &explodedTimeGMT,
+                                      tempString);
+
+  text.Append(tempString);
+  text.AppendLiteral(" GMT)");
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayValue(text);
+  printableItem->SetDisplayName(nsDependentString(displayName));
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(printableItem, false);
+  return NS_OK;
+}
+
+static nsresult
+ProcessSubjectPublicKeyInfo(CERTSubjectPublicKeyInfo *spki, 
+                            nsIASN1Sequence *parentSequence,
+                            nsINSSComponent *nssComponent)
+{
+  nsCOMPtr<nsIASN1Sequence> spkiSequence = new nsNSSASN1Sequence();
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpSPKI", text);
+  spkiSequence->SetDisplayName(text);
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSPKIAlg", text);
+  nsCOMPtr<nsIASN1Sequence> sequenceItem;
+  nsresult rv = ProcessSECAlgorithmID(&spki->algorithm, nssComponent,
+                                      getter_AddRefs(sequenceItem));
+  if (NS_FAILED(rv))
+    return rv;
+  sequenceItem->SetDisplayName(text);
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  spkiSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(sequenceItem, false);
+
+  nsCOMPtr<nsIASN1PrintableItem> printableItem = new nsNSSASN1PrintableItem();
+
+  text.Truncate();
+
+  UniqueSECKEYPublicKey key(SECKEY_ExtractPublicKey(spki));
+  bool displayed = false;
+  if (key) {
+      switch (key->keyType) {
+      case rsaKey: {
+         displayed = true;
+         nsAutoString length1, length2, data1, data2;
+         length1.AppendInt(key->u.rsa.modulus.len * 8);
+         length2.AppendInt(key->u.rsa.publicExponent.len * 8);
+         ProcessRawBytes(nssComponent, &key->u.rsa.modulus, data1, 
+                         false);
+         ProcessRawBytes(nssComponent, &key->u.rsa.publicExponent, data2,
+                         false);
+         const char16_t *params[4] = {length1.get(), data1.get(), 
+                                       length2.get(), data2.get()};
+         nssComponent->PIPBundleFormatStringFromName("CertDumpRSATemplate",
+                                                     params, 4, text);
+         break;
+      }
+      case ecKey: {
+        displayed = true;
+        SECKEYECPublicKey &ecpk = key->u.ec;
+        int fieldSizeLenAsBits = 
+              SECKEY_ECParamsToKeySize(&ecpk.DEREncodedParams);
+        int basePointOrderLenAsBits = 
+              SECKEY_ECParamsToBasePointOrderLen(&ecpk.DEREncodedParams);
+        nsAutoString s_fsl, s_bpol, s_pv;
+        s_fsl.AppendInt(fieldSizeLenAsBits);
+        s_bpol.AppendInt(basePointOrderLenAsBits);
+
+        if (ecpk.publicValue.len > 4) {
+          ProcessRawBytes(nssComponent, &ecpk.publicValue, s_pv, false);
+        } else {
+          int i_pv = DER_GetInteger(&ecpk.publicValue);
+          s_pv.AppendInt(i_pv);
+        }
+        const char16_t *params[] = {s_fsl.get(), s_bpol.get(), s_pv.get()};
+        nssComponent->PIPBundleFormatStringFromName("CertDumpECTemplate",
+                                                    params, 3, text);
+        break;
+      }
+      default:
+         /* Algorithm unknown, or too rarely used to bother displaying it */
+         break;
+      }
+  }
+  if (!displayed) {
+      // Algorithm unknown, display raw bytes
+      // The subjectPublicKey field is encoded as a bit string.
+      // ProcessRawBytes expects the length to be in bytes, so 
+      // let's convert the lenght into a temporary SECItem.
+      SECItem data;
+      data.data = spki->subjectPublicKey.data;
+      data.len  = spki->subjectPublicKey.len / 8;
+      ProcessRawBytes(nssComponent, &data, text);
+  
+  }
+ 
+  printableItem->SetDisplayValue(text);
+  nssComponent->GetPIPNSSBundleString("CertDumpSubjPubKey", text);
+  printableItem->SetDisplayName(text);
+  asn1Objects->AppendElement(printableItem, false);
+  
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(spkiSequence, false);
+  return NS_OK;
+}
+
+static nsresult
+ProcessExtensions(CERTCertExtension **extensions, 
+                  nsIASN1Sequence *parentSequence,
+                  nsINSSComponent *nssComponent)
+{
+  nsCOMPtr<nsIASN1Sequence> extensionSequence = new nsNSSASN1Sequence;
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpExtensions", text);
+  extensionSequence->SetDisplayName(text);
+  int32_t i;
+  nsresult rv;
+  nsCOMPtr<nsIASN1PrintableItem> newExtension;
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  extensionSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  for (i=0; extensions[i] != nullptr; i++) {
+    rv = ProcessSingleExtension(extensions[i], 
+                                nssComponent,
+                                getter_AddRefs(newExtension));
+    if (NS_FAILED(rv))
+      return rv;
+
+    asn1Objects->AppendElement(newExtension, false);
+  }
+  parentSequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+  asn1Objects->AppendElement(extensionSequence, false);
+  return NS_OK;
+}
+
+static bool registered;
+static SECStatus RegisterDynamicOids()
+{
+  unsigned int i;
+  SECStatus rv = SECSuccess;
+
+  if (registered)
+    return rv;
+
+  for (i = 0; i < numOids; i++) {
+    SECOidTag tag = SECOID_AddEntry(&more_oids[i]);
+    if (tag == SEC_OID_UNKNOWN) {
+      rv = SECFailure;
+      continue;
+    }
+    more_oids[i].offset = tag;
+  }
+  registered = true;
+  return rv;
+}
+
+nsresult
+nsNSSCertificate::CreateTBSCertificateASN1Struct(nsIASN1Sequence **retSequence,
+                                                 nsINSSComponent *nssComponent)
+{
+  MOZ_ASSERT(nssComponent);
+  NS_ENSURE_ARG(nssComponent);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (RegisterDynamicOids() != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  //
+  //   TBSCertificate  ::=  SEQUENCE  {
+  //        version         [0]  EXPLICIT Version DEFAULT v1,
+  //        serialNumber         CertificateSerialNumber,
+  //        signature            AlgorithmIdentifier,
+  //        issuer               Name,
+  //        validity             Validity,
+  //        subject              Name,
+  //        subjectPublicKeyInfo SubjectPublicKeyInfo,
+  //        issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+  //                             -- If present, version shall be v2 or v3
+  //        subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+  //                             -- If present, version shall be v2 or v3
+  //        extensions      [3]  EXPLICIT Extensions OPTIONAL
+  //                            -- If present, version shall be v3
+  //        }
+  //
+  // This is the ASN1 structure we should be dealing with at this point.
+  // The code in this method will assert this is the structure we're dealing
+  // and then add more user friendly text for that field.
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpCertificate", text);
+  sequence->SetDisplayName(text);
+  nsCOMPtr<nsIASN1PrintableItem> printableItem;
+  
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+
+  nsresult rv = ProcessVersion(&mCert->version, nssComponent,
+                               getter_AddRefs(printableItem));
+  if (NS_FAILED(rv))
+    return rv;
+
+  asn1Objects->AppendElement(printableItem, false);
+
+  rv = ProcessSerialNumberDER(mCert->serialNumber, WrapNotNull(nssComponent),
+                              printableItem);
+  if (NS_FAILED(rv))
+    return rv;
+  asn1Objects->AppendElement(printableItem, false);
+
+  nsCOMPtr<nsIASN1Sequence> algID;
+  rv = ProcessSECAlgorithmID(&mCert->signature,
+                             nssComponent, getter_AddRefs(algID));
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
+  algID->SetDisplayName(text);
+  asn1Objects->AppendElement(algID, false);
+
+  nsXPIDLString value;
+  ProcessName(&mCert->issuer, nssComponent, getter_Copies(value));
+
+  printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayValue(value);
+  nssComponent->GetPIPNSSBundleString("CertDumpIssuer", text);
+  printableItem->SetDisplayName(text);
+  asn1Objects->AppendElement(printableItem, false);
+  
+  nsCOMPtr<nsIASN1Sequence> validitySequence = new nsNSSASN1Sequence();
+  nssComponent->GetPIPNSSBundleString("CertDumpValidity", text);
+  validitySequence->SetDisplayName(text);
+  asn1Objects->AppendElement(validitySequence, false);
+  nssComponent->GetPIPNSSBundleString("CertDumpNotBefore", text);
+  nsCOMPtr<nsIX509CertValidity> validityData;
+  GetValidity(getter_AddRefs(validityData));
+  PRTime notBefore, notAfter;
+
+  validityData->GetNotBefore(&notBefore);
+  validityData->GetNotAfter(&notAfter);
+  validityData = nullptr;
+  rv = ProcessTime(notBefore, text.get(), validitySequence);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpNotAfter", text);
+  rv = ProcessTime(notAfter, text.get(), validitySequence);
+  if (NS_FAILED(rv))
+    return rv;
+
+  nssComponent->GetPIPNSSBundleString("CertDumpSubject", text);
+
+  printableItem = new nsNSSASN1PrintableItem();
+
+  printableItem->SetDisplayName(text);
+  ProcessName(&mCert->subject, nssComponent,getter_Copies(value));
+  printableItem->SetDisplayValue(value);
+  asn1Objects->AppendElement(printableItem, false);
+
+  rv = ProcessSubjectPublicKeyInfo(&mCert->subjectPublicKeyInfo, sequence,
+                                   nssComponent); 
+  if (NS_FAILED(rv))
+    return rv;
+ 
+  SECItem data; 
+  // Is there an issuerUniqueID?
+  if (mCert->issuerID.data) {
+    // The issuerID is encoded as a bit string.
+    // The function ProcessRawBytes expects the
+    // length to be in bytes, so let's convert the
+    // length in a temporary SECItem
+    data.data = mCert->issuerID.data;
+    data.len  = (mCert->issuerID.len + 7) / 8;
+
+    ProcessRawBytes(nssComponent, &data, text);
+    printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nssComponent->GetPIPNSSBundleString("CertDumpIssuerUniqueID", text);
+    printableItem->SetDisplayName(text);
+    asn1Objects->AppendElement(printableItem, false);
+  }
+
+  if (mCert->subjectID.data) {
+    // The subjectID is encoded as a bit string.
+    // The function ProcessRawBytes expects the
+    // length to be in bytes, so let's convert the
+    // length in a temporary SECItem
+    data.data = mCert->subjectID.data;
+    data.len  = (mCert->subjectID.len + 7) / 8;
+
+    ProcessRawBytes(nssComponent, &data, text);
+    printableItem = new nsNSSASN1PrintableItem();
+
+    printableItem->SetDisplayValue(text);
+    nssComponent->GetPIPNSSBundleString("CertDumpSubjectUniqueID", text);
+    printableItem->SetDisplayName(text);
+    asn1Objects->AppendElement(printableItem, false);
+
+  }
+  if (mCert->extensions) {
+    rv = ProcessExtensions(mCert->extensions, sequence, nssComponent);
+    if (NS_FAILED(rv))
+      return rv;
+  }
+  sequence.forget(retSequence);
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificate::CreateASN1Struct(nsIASN1Object** aRetVal)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsCOMPtr<nsIASN1Sequence> sequence = new nsNSSASN1Sequence();
+
+  nsCOMPtr<nsIMutableArray> asn1Objects;
+  sequence->GetASN1Objects(getter_AddRefs(asn1Objects));
+
+  nsAutoString title;
+  nsresult rv = GetWindowTitle(title);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  sequence->SetDisplayName(title);
+  sequence.forget(aRetVal);
+
+  // This sequence will be contain the tbsCertificate, signatureAlgorithm,
+  // and signatureValue.
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  rv = CreateTBSCertificateASN1Struct(getter_AddRefs(sequence),
+                                      nssComponent);
+  if (NS_FAILED(rv))
+    return rv;
+
+  asn1Objects->AppendElement(sequence, false);
+  nsCOMPtr<nsIASN1Sequence> algID;
+
+  rv = ProcessSECAlgorithmID(&mCert->signatureWrap.signatureAlgorithm, 
+                             nssComponent, getter_AddRefs(algID));
+  if (NS_FAILED(rv))
+    return rv;
+  nsString text;
+  nssComponent->GetPIPNSSBundleString("CertDumpSigAlg", text);
+  algID->SetDisplayName(text);
+  asn1Objects->AppendElement(algID, false);
+  nsCOMPtr<nsIASN1PrintableItem>printableItem = new nsNSSASN1PrintableItem();
+  nssComponent->GetPIPNSSBundleString("CertDumpCertSig", text);
+  printableItem->SetDisplayName(text);
+  // The signatureWrap is encoded as a bit string.
+  // The function ProcessRawBytes expects the
+  // length to be in bytes, so let's convert the
+  // length in a temporary SECItem
+  SECItem temp;
+  temp.data = mCert->signatureWrap.signature.data;
+  temp.len  = mCert->signatureWrap.signature.len / 8;
+  text.Truncate();
+  ProcessRawBytes(nssComponent, &temp,text);
+  printableItem->SetDisplayValue(text);
+  asn1Objects->AppendElement(printableItem, false);
+  return NS_OK;
+}
+
+uint32_t 
+getCertType(CERTCertificate *cert)
+{
+  nsNSSCertTrust trust(cert->trust);
+  if (cert->nickname && trust.HasAnyUser())
+    return nsIX509Cert::USER_CERT;
+  if (trust.HasAnyCA())
+    return nsIX509Cert::CA_CERT;
+  if (trust.HasPeer(true, false, false))
+    return nsIX509Cert::SERVER_CERT;
+  if (trust.HasPeer(false, true, false) && cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  if (CERT_IsCACert(cert, nullptr))
+    return nsIX509Cert::CA_CERT;
+  if (cert->emailAddr)
+    return nsIX509Cert::EMAIL_CERT;
+  return nsIX509Cert::UNKNOWN_CERT;
+}
+
+nsresult
+GetCertFingerprintByOidTag(CERTCertificate* nsscert,
+                           SECOidTag aOidTag, 
+                           nsCString &fp)
+{
+  Digest digest;
+  nsresult rv = digest.DigestBuf(aOidTag, nsscert->derCert.data,
+                                 nsscert->derCert.len);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  UniquePORTString tmpstr(CERT_Hexify(const_cast<SECItem*>(&digest.get()), 1));
+  NS_ENSURE_TRUE(tmpstr, NS_ERROR_OUT_OF_MEMORY);
+
+  fp.Assign(tmpstr.get());
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertHelper.h b/security/manager/ssl/nsNSSCertHelper.h
new file mode 100644
index 000000000..d84e1b39f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertHelper.h
@@ -0,0 +1,23 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertHelper_h
+#define nsNSSCertHelper_h
+
+#ifndef INET6_ADDRSTRLEN
+#define INET6_ADDRSTRLEN 46
+#endif
+
+#include "certt.h"
+#include "nsString.h"
+
+uint32_t
+getCertType(CERTCertificate *cert);
+
+nsresult
+GetCertFingerprintByOidTag(CERTCertificate* nsscert,
+                           SECOidTag aOidTag, 
+                           nsCString &fp);
+
+#endif // nsNSSCertHelper_h
diff --git a/security/manager/ssl/nsNSSCertTrust.cpp b/security/manager/ssl/nsNSSCertTrust.cpp
new file mode 100644
index 000000000..b608aebe1
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.cpp
@@ -0,0 +1,233 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertTrust.h"
+
+void
+nsNSSCertTrust::AddCATrust(bool ssl, bool email, bool objSign)
+{
+  if (ssl) {
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+  if (email) {
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+  if (objSign) {
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+  }
+}
+
+void
+nsNSSCertTrust::AddPeerTrust(bool ssl, bool email, bool objSign)
+{
+  if (ssl)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (email)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+  if (objSign)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
+}
+
+nsNSSCertTrust::nsNSSCertTrust()
+{
+  memset(&mTrust, 0, sizeof(CERTCertTrust));
+}
+
+nsNSSCertTrust::nsNSSCertTrust(unsigned int ssl, 
+                               unsigned int email, 
+                               unsigned int objsign)
+{
+  memset(&mTrust, 0, sizeof(CERTCertTrust));
+  addTrust(&mTrust.sslFlags, ssl);
+  addTrust(&mTrust.emailFlags, email);
+  addTrust(&mTrust.objectSigningFlags, objsign);
+}
+
+nsNSSCertTrust::nsNSSCertTrust(CERTCertTrust *t)
+{
+  if (t)
+    memcpy(&mTrust, t, sizeof(CERTCertTrust));
+  else
+    memset(&mTrust, 0, sizeof(CERTCertTrust)); 
+}
+
+nsNSSCertTrust::~nsNSSCertTrust()
+{
+}
+
+void
+nsNSSCertTrust::SetSSLTrust(bool peer, bool tPeer,
+                            bool ca,   bool tCA, bool tClientCA,
+                            bool user, bool warn)
+{
+  mTrust.sslFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.sslFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.sslFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.sslFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.sslFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.sslFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetEmailTrust(bool peer, bool tPeer,
+                              bool ca,   bool tCA, bool tClientCA,
+                              bool user, bool warn)
+{
+  mTrust.emailFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.emailFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.emailFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.emailFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.emailFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.emailFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetObjSignTrust(bool peer, bool tPeer,
+                                bool ca,   bool tCA, bool tClientCA,
+                                bool user, bool warn)
+{
+  mTrust.objectSigningFlags = 0;
+  if (peer || tPeer)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD);
+  if (tPeer)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED);
+  if (ca || tCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_VALID_CA);
+  if (tClientCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA);
+  if (tCA)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_TRUSTED_CA);
+  if (user)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_USER);
+  if (warn)
+    addTrust(&mTrust.objectSigningFlags, CERTDB_SEND_WARN);
+}
+
+void
+nsNSSCertTrust::SetValidCA()
+{
+  SetSSLTrust(false, false,
+              true, false, false,
+              false, false);
+  SetEmailTrust(false, false,
+                true, false, false,
+                false, false);
+  SetObjSignTrust(false, false,
+                  true, false, false,
+                  false, false);
+}
+
+void 
+nsNSSCertTrust::SetValidPeer()
+{
+  SetSSLTrust(true, false,
+              false, false, false,
+              false, false);
+  SetEmailTrust(true, false,
+                false, false, false,
+                false, false);
+  SetObjSignTrust(true, false,
+                  false, false, false,
+                  false, false);
+}
+
+bool
+nsNSSCertTrust::HasAnyCA()
+{
+  if (hasTrust(mTrust.sslFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.emailFlags, CERTDB_VALID_CA) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_VALID_CA))
+    return true;
+  return false;
+}
+
+bool
+nsNSSCertTrust::HasPeer(bool checkSSL, 
+                        bool checkEmail,  
+                        bool checkObjSign)
+{
+  if (checkSSL && !hasTrust(mTrust.sslFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  if (checkEmail && !hasTrust(mTrust.emailFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  if (checkObjSign && !hasTrust(mTrust.objectSigningFlags, CERTDB_TERMINAL_RECORD))
+    return false;
+  return true;
+}
+
+bool
+nsNSSCertTrust::HasAnyUser()
+{
+  if (hasTrust(mTrust.sslFlags, CERTDB_USER) ||
+      hasTrust(mTrust.emailFlags, CERTDB_USER) ||
+      hasTrust(mTrust.objectSigningFlags, CERTDB_USER))
+    return true;
+  return false;
+}
+
+bool
+nsNSSCertTrust::HasTrustedCA(bool checkSSL, 
+                             bool checkEmail,  
+                             bool checkObjSign)
+{
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CA) ||
+                    hasTrust(mTrust.sslFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CA) ||
+                      hasTrust(mTrust.emailFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  if (checkObjSign && 
+       !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CA) ||
+         hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED_CLIENT_CA)))
+    return false;
+  return true;
+}
+
+bool
+nsNSSCertTrust::HasTrustedPeer(bool checkSSL, 
+                               bool checkEmail,  
+                               bool checkObjSign)
+{
+  if (checkSSL && !(hasTrust(mTrust.sslFlags, CERTDB_TRUSTED)))
+    return false;
+  if (checkEmail && !(hasTrust(mTrust.emailFlags, CERTDB_TRUSTED)))
+    return false;
+  if (checkObjSign && 
+       !(hasTrust(mTrust.objectSigningFlags, CERTDB_TRUSTED)))
+    return false;
+  return true;
+}
+
+void
+nsNSSCertTrust::addTrust(unsigned int *t, unsigned int v)
+{
+  *t |= v;
+}
+
+bool
+nsNSSCertTrust::hasTrust(unsigned int t, unsigned int v)
+{
+  return !!(t & v);
+}
diff --git a/security/manager/ssl/nsNSSCertTrust.h b/security/manager/ssl/nsNSSCertTrust.h
new file mode 100644
index 000000000..c3f7e5441
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertTrust.h
@@ -0,0 +1,70 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertTrust_h
+#define nsNSSCertTrust_h
+
+#include "certdb.h"
+#include "certt.h"
+
+/*
+ * Class for maintaining trust flags for an NSS certificate.
+ */
+class nsNSSCertTrust
+{
+public:
+  nsNSSCertTrust();
+  nsNSSCertTrust(unsigned int ssl, unsigned int email, unsigned int objsign);
+  explicit nsNSSCertTrust(CERTCertTrust *t);
+  virtual ~nsNSSCertTrust();
+
+  /* query */
+  bool HasAnyCA();
+  bool HasAnyUser();
+  bool HasPeer(bool checkSSL = true, 
+                 bool checkEmail = true,  
+                 bool checkObjSign = true);
+  bool HasTrustedCA(bool checkSSL = true, 
+                      bool checkEmail = true,  
+                      bool checkObjSign = true);
+  bool HasTrustedPeer(bool checkSSL = true, 
+                        bool checkEmail = true,  
+                        bool checkObjSign = true);
+
+  /* common defaults */
+  /* equivalent to "c,c,c" */
+  void SetValidCA();
+  /* equivalent to "p,p,p" */
+  void SetValidPeer();
+
+  /* general setters */
+  /* read: "p, P, c, C, T, u, w" */
+  void SetSSLTrust(bool peer, bool tPeer,
+                   bool ca,   bool tCA, bool tClientCA,
+                   bool user, bool warn); 
+
+  void SetEmailTrust(bool peer, bool tPeer,
+                     bool ca,   bool tCA, bool tClientCA,
+                     bool user, bool warn);
+
+  void SetObjSignTrust(bool peer, bool tPeer,
+                       bool ca,   bool tCA, bool tClientCA,
+                       bool user, bool warn);
+
+  /* set c <--> CT */
+  void AddCATrust(bool ssl, bool email, bool objSign);
+  /* set p <--> P */
+  void AddPeerTrust(bool ssl, bool email, bool objSign);
+
+  /* get it (const?) (shallow?) */
+  CERTCertTrust * GetTrust() { return &mTrust; }
+
+private:
+  void addTrust(unsigned int *t, unsigned int v);
+  void removeTrust(unsigned int *t, unsigned int v);
+  bool hasTrust(unsigned int t, unsigned int v);
+  CERTCertTrust mTrust;
+};
+
+#endif // nsNSSCertTrust_h
diff --git a/security/manager/ssl/nsNSSCertValidity.cpp b/security/manager/ssl/nsNSSCertValidity.cpp
new file mode 100644
index 000000000..536aafc8f
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertValidity.cpp
@@ -0,0 +1,130 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertValidity.h"
+
+#include "cert.h"
+#include "mozilla/Assertions.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsReadableUtils.h"
+
+NS_IMPL_ISUPPORTS(nsX509CertValidity, nsIX509CertValidity)
+
+nsX509CertValidity::nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert)
+  : mTimesInitialized(false)
+{
+  MOZ_ASSERT(cert);
+  if (!cert) {
+    return;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  if (CERT_GetCertTimes(cert.get(), &mNotBefore, &mNotAfter) == SECSuccess) {
+    mTimesInitialized = true;
+  }
+}
+
+nsX509CertValidity::~nsX509CertValidity()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBefore(PRTime* aNotBefore)
+{
+  NS_ENSURE_ARG(aNotBefore);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotBefore = mNotBefore;
+  return NS_OK;
+}
+
+nsresult
+nsX509CertValidity::FormatTime(const PRTime& aTimeDate,
+                               PRTimeParamFn aParamFn,
+                               const nsTimeFormatSelector aTimeFormatSelector,
+                               nsAString& aFormattedTimeDate)
+{
+  if (!mTimesInitialized)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIDateTimeFormat> dateFormatter = nsIDateTimeFormat::Create();
+  if (!dateFormatter) {
+    return NS_ERROR_FAILURE;
+  }
+
+  PRExplodedTime explodedTime;
+  PR_ExplodeTime(const_cast<PRTime&>(aTimeDate), aParamFn, &explodedTime);
+  return dateFormatter->FormatPRExplodedTime(nullptr, kDateFormatLong,
+					     aTimeFormatSelector,
+					     &explodedTime, aFormattedTimeDate);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeLocalTime(nsAString& aNotBeforeLocalTime)
+{
+  return FormatTime(mNotBefore, PR_LocalTimeParameters,
+                    kTimeFormatSeconds, aNotBeforeLocalTime);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeLocalDay(nsAString& aNotBeforeLocalDay)
+{
+  return FormatTime(mNotBefore, PR_LocalTimeParameters,
+                    kTimeFormatNone, aNotBeforeLocalDay);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotBeforeGMT(nsAString& aNotBeforeGMT)
+{
+  return FormatTime(mNotBefore, PR_GMTParameters,
+                    kTimeFormatSeconds, aNotBeforeGMT);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfter(PRTime* aNotAfter)
+{
+  NS_ENSURE_ARG(aNotAfter);
+
+  if (!mTimesInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aNotAfter = mNotAfter;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterLocalTime(nsAString& aNotAfterLocaltime)
+{
+  return FormatTime(mNotAfter, PR_LocalTimeParameters,
+                    kTimeFormatSeconds, aNotAfterLocaltime);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterLocalDay(nsAString& aNotAfterLocalDay)
+{
+  return FormatTime(mNotAfter, PR_LocalTimeParameters,
+                    kTimeFormatNone, aNotAfterLocalDay);
+}
+
+NS_IMETHODIMP
+nsX509CertValidity::GetNotAfterGMT(nsAString& aNotAfterGMT)
+{
+  return FormatTime(mNotAfter, PR_GMTParameters,
+                    kTimeFormatSeconds, aNotAfterGMT);
+}
diff --git a/security/manager/ssl/nsNSSCertValidity.h b/security/manager/ssl/nsNSSCertValidity.h
new file mode 100644
index 000000000..79c95e383
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertValidity.h
@@ -0,0 +1,42 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertValidity_h
+#define nsNSSCertValidity_h
+
+#include "ScopedNSSTypes.h"
+#include "nsIDateTimeFormat.h"
+#include "nsIX509CertValidity.h"
+#include "nsNSSShutDown.h"
+
+class nsX509CertValidity : public nsIX509CertValidity
+                         , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTVALIDITY
+
+  explicit nsX509CertValidity(const mozilla::UniqueCERTCertificate& cert);
+
+protected:
+  virtual ~nsX509CertValidity();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+private:
+  nsresult FormatTime(const PRTime& aTime,
+                      PRTimeParamFn aParamFn,
+                      const nsTimeFormatSelector aTimeFormatSelector,
+                      nsAString& aFormattedTimeDate);
+
+  PRTime mNotBefore;
+  PRTime mNotAfter;
+  bool mTimesInitialized;
+
+  nsX509CertValidity(const nsX509CertValidity& x) = delete;
+  nsX509CertValidity& operator=(const nsX509CertValidity& x) = delete;
+};
+
+#endif // nsNSSCertValidity_h
diff --git a/security/manager/ssl/nsNSSCertificate.cpp b/security/manager/ssl/nsNSSCertificate.cpp
new file mode 100644
index 000000000..12fca5065
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -0,0 +1,1635 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificate.h"
+
+#include "CertVerifier.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "certdb.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/Unused.h"
+#include "nsArray.h"
+#include "nsCOMPtr.h"
+#include "nsCRT.h"
+#include "nsICertificateDialogs.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsISupportsPrimitives.h"
+#include "nsIURI.h"
+#include "nsIX509Cert.h"
+#include "nsNSSASN1Object.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertValidity.h"
+#include "nsNSSComponent.h" // for PIPNSS string bundle calls.
+#include "nsPK11TokenDB.h"
+#include "nsPKCS12Blob.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "nsUnicharUtils.h"
+#include "nsXULAppAPI.h"
+#include "nspr.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "pkix/Result.h"
+#include "prerror.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#include <winsock.h> // for htonl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+extern LazyLogModule gPIPNSSLog;
+
+// This is being stored in an uint32_t that can otherwise
+// only take values from nsIX509Cert's list of cert types.
+// As nsIX509Cert is frozen, we choose a value not contained
+// in the list to mean not yet initialized.
+#define CERT_TYPE_NOT_YET_INITIALIZED (1 << 30)
+
+NS_IMPL_ISUPPORTS(nsNSSCertificate,
+                  nsIX509Cert,
+                  nsISerializable,
+                  nsIClassInfo)
+
+static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+/*static*/ nsNSSCertificate*
+nsNSSCertificate::Create(CERTCertificate* cert)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType()) {
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+    return nullptr;
+  }
+  if (cert)
+    return new nsNSSCertificate(cert);
+  else
+    return new nsNSSCertificate();
+}
+
+nsNSSCertificate*
+nsNSSCertificate::ConstructFromDER(char* certDER, int derLen)
+{
+  // On non-chrome process prevent instantiation
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    return nullptr;
+
+  nsNSSCertificate* newObject = nsNSSCertificate::Create();
+  if (newObject && !newObject->InitFromDER(certDER, derLen)) {
+    delete newObject;
+    newObject = nullptr;
+  }
+
+  return newObject;
+}
+
+bool
+nsNSSCertificate::InitFromDER(char* certDER, int derLen)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return false;
+
+  if (!certDER || !derLen)
+    return false;
+
+  CERTCertificate* aCert = CERT_DecodeCertFromPackage(certDER, derLen);
+
+  if (!aCert)
+    return false;
+
+  if (!aCert->dbhandle)
+  {
+    aCert->dbhandle = CERT_GetDefaultCertDB();
+  }
+
+  mCert.reset(aCert);
+  return true;
+}
+
+nsNSSCertificate::nsNSSCertificate(CERTCertificate* cert)
+  : mCert(nullptr)
+  , mPermDelete(false)
+  , mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
+{
+#if defined(DEBUG)
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+#endif
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  if (cert) {
+    mCert.reset(CERT_DupCertificate(cert));
+  }
+}
+
+nsNSSCertificate::nsNSSCertificate()
+  : mCert(nullptr)
+  , mPermDelete(false)
+  , mCertType(CERT_TYPE_NOT_YET_INITIALIZED)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+    NS_ERROR("Trying to initialize nsNSSCertificate in a non-chrome process!");
+}
+
+nsNSSCertificate::~nsNSSCertificate()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertificate::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertificate::destructorSafeDestroyNSSReference()
+{
+  if (mPermDelete) {
+    if (mCertType == nsNSSCertificate::USER_CERT) {
+      nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+      PK11_DeleteTokenCertAndKey(mCert.get(), cxt);
+    } else if (mCert->slot && !PK11_IsReadOnly(mCert->slot)) {
+      // If the list of built-ins does contain a non-removable
+      // copy of this certificate, our call will not remove
+      // the certificate permanently, but rather remove all trust.
+      SEC_DeletePermCertificate(mCert.get());
+    }
+  }
+
+  mCert = nullptr;
+}
+
+nsresult
+nsNSSCertificate::GetCertType(uint32_t* aCertType)
+{
+  if (mCertType == CERT_TYPE_NOT_YET_INITIALIZED) {
+     // only determine cert type once and cache it
+     mCertType = getCertType(mCert.get());
+  }
+  *aCertType = mCertType;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIsSelfSigned(bool* aIsSelfSigned)
+{
+  NS_ENSURE_ARG(aIsSelfSigned);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aIsSelfSigned = mCert->isRoot;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
+{
+  NS_ENSURE_ARG(aIsBuiltInRoot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  pkix::Result rv = IsCertBuiltInRoot(mCert.get(), *aIsBuiltInRoot);
+  if (rv != pkix::Result::Success) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificate::MarkForPermDeletion()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // make sure user is logged in to the token
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+
+  if (mCert->slot && PK11_NeedLogin(mCert->slot) &&
+      !PK11_NeedUserInit(mCert->slot) && !PK11_IsInternal(mCert->slot)) {
+    if (SECSuccess != PK11_Authenticate(mCert->slot, true, ctx)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  mPermDelete = true;
+  return NS_OK;
+}
+
+/**
+ * Appends a pipnss bundle string to the given string.
+ *
+ * @param nssComponent For accessing the string bundle.
+ * @param bundleKey Key for the string to append.
+ * @param currentText The text to append to, using commas as separators.
+ */
+template<size_t N>
+void
+AppendBundleString(const NotNull<nsCOMPtr<nsINSSComponent>>& nssComponent,
+                   const char (&bundleKey)[N],
+        /*in/out*/ nsAString& currentText)
+{
+  nsAutoString bundleString;
+  nsresult rv = nssComponent->GetPIPNSSBundleString(bundleKey, bundleString);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  if (!currentText.IsEmpty()) {
+    currentText.Append(',');
+  }
+  currentText.Append(bundleString);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetKeyUsages(nsAString& text)
+{
+  text.Truncate();
+
+  nsCOMPtr<nsINSSComponent> nssComponent = do_GetService(kNSSComponentCID);
+  if (!nssComponent) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCert->extensions) {
+    return NS_OK;
+  }
+
+  ScopedAutoSECItem keyUsageItem;
+  if (CERT_FindKeyUsageExtension(mCert.get(), &keyUsageItem) != SECSuccess) {
+    return PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND ? NS_OK
+                                                            : NS_ERROR_FAILURE;
+  }
+
+  unsigned char keyUsage = 0;
+  if (keyUsageItem.len) {
+    keyUsage = keyUsageItem.data[0];
+  }
+
+  NotNull<nsCOMPtr<nsINSSComponent>> wrappedNSSComponent =
+    WrapNotNull(nssComponent);
+  if (keyUsage & KU_DIGITAL_SIGNATURE) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUSign", text);
+  }
+  if (keyUsage & KU_NON_REPUDIATION) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUNonRep", text);
+  }
+  if (keyUsage & KU_KEY_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUEnc", text);
+  }
+  if (keyUsage & KU_DATA_ENCIPHERMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUDEnc", text);
+  }
+  if (keyUsage & KU_KEY_AGREEMENT) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUKA", text);
+  }
+  if (keyUsage & KU_KEY_CERT_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCertSign", text);
+  }
+  if (keyUsage & KU_CRL_SIGN) {
+    AppendBundleString(wrappedNSSComponent, "CertDumpKUCRLSign", text);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetDbKey(nsACString& aDbKey)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  return GetDbKey(mCert, aDbKey);
+}
+
+nsresult
+nsNSSCertificate::GetDbKey(const UniqueCERTCertificate& cert, nsACString& aDbKey)
+{
+  static_assert(sizeof(uint64_t) == 8, "type size sanity check");
+  static_assert(sizeof(uint32_t) == 4, "type size sanity check");
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString buf;
+  const char leadingZeroes[] = {0, 0, 0, 0, 0, 0, 0, 0};
+  buf.Append(leadingZeroes, sizeof(leadingZeroes));
+  uint32_t serialNumberLen = htonl(cert->serialNumber.len);
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&serialNumberLen),
+             sizeof(uint32_t));
+  uint32_t issuerLen = htonl(cert->derIssuer.len);
+  buf.Append(BitwiseCast<const char*, const uint32_t*>(&issuerLen),
+             sizeof(uint32_t));
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->serialNumber.data),
+             cert->serialNumber.len);
+  buf.Append(BitwiseCast<char*, unsigned char*>(cert->derIssuer.data),
+             cert->derIssuer.len);
+
+  return Base64Encode(buf, aDbKey);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetWindowTitle(nsAString& aWindowTitle)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aWindowTitle.Truncate();
+
+  if (!mCert) {
+    NS_ERROR("Somehow got nullptr for mCert in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePORTString commonName(CERT_GetCommonName(&mCert->subject));
+
+  const char* titleOptions[] = {
+    mCert->nickname,
+    commonName.get(),
+    mCert->subjectName,
+    mCert->emailAddr
+  };
+
+  nsAutoCString titleOption;
+  for (size_t i = 0; i < ArrayLength(titleOptions); i++) {
+    titleOption = titleOptions[i];
+    if (titleOption.Length() > 0 && IsUTF8(titleOption)) {
+      CopyUTF8toUTF16(titleOption, aWindowTitle);
+      return NS_OK;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetNickname(nsAString& aNickname)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert->nickname) {
+    CopyUTF8toUTF16(mCert->nickname, aNickname);
+  } else {
+    nsresult rv;
+    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+    if (NS_FAILED(rv) || !nssComponent) {
+      return NS_ERROR_FAILURE;
+    }
+    nssComponent->GetPIPNSSBundleString("CertNoNickname", aNickname);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddress(nsAString& aEmailAddress)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert->emailAddr) {
+    CopyUTF8toUTF16(mCert->emailAddr, aEmailAddress);
+  } else {
+    nsresult rv;
+    nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+    if (NS_FAILED(rv) || !nssComponent) {
+      return NS_ERROR_FAILURE;
+    }
+    nssComponent->GetPIPNSSBundleString("CertNoEmailAddress", aEmailAddress);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetEmailAddresses(uint32_t* aLength, char16_t*** aAddresses)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aAddresses);
+
+  *aLength = 0;
+
+  const char* aAddr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get())
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr))
+  {
+    ++(*aLength);
+  }
+
+  *aAddresses = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength));
+  if (!*aAddresses)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  uint32_t iAddr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get()), iAddr = 0
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr), ++iAddr)
+  {
+    (*aAddresses)[iAddr] = ToNewUnicode(NS_ConvertUTF8toUTF16(aAddr));
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::ContainsEmailAddress(const nsAString& aEmailAddress,
+                                       bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(result);
+  *result = false;
+
+  const char* aAddr = nullptr;
+  for (aAddr = CERT_GetFirstEmailAddress(mCert.get())
+       ;
+       aAddr
+       ;
+       aAddr = CERT_GetNextEmailAddress(mCert.get(), aAddr))
+  {
+    NS_ConvertUTF8toUTF16 certAddr(aAddr);
+    ToLowerCase(certAddr);
+
+    nsAutoString testAddr(aEmailAddress);
+    ToLowerCase(testAddr);
+
+    if (certAddr == testAddr)
+    {
+      *result = true;
+      break;
+    }
+
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetCommonName(nsAString& aCommonName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aCommonName.Truncate();
+  if (mCert) {
+    UniquePORTString commonName(CERT_GetCommonName(&mCert->subject));
+    if (commonName) {
+      aCommonName = NS_ConvertUTF8toUTF16(commonName.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganization(nsAString& aOrganization)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganization.Truncate();
+  if (mCert) {
+    UniquePORTString organization(CERT_GetOrgName(&mCert->subject));
+    if (organization) {
+      aOrganization = NS_ConvertUTF8toUTF16(organization.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerCommonName(nsAString& aCommonName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aCommonName.Truncate();
+  if (mCert) {
+    UniquePORTString commonName(CERT_GetCommonName(&mCert->issuer));
+    if (commonName) {
+      aCommonName = NS_ConvertUTF8toUTF16(commonName.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganization(nsAString& aOrganization)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganization.Truncate();
+  if (mCert) {
+    UniquePORTString organization(CERT_GetOrgName(&mCert->issuer));
+    if (organization) {
+      aOrganization = NS_ConvertUTF8toUTF16(organization.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerOrganizationUnit(nsAString& aOrganizationUnit)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganizationUnit.Truncate();
+  if (mCert) {
+    UniquePORTString organizationUnit(CERT_GetOrgUnitName(&mCert->issuer));
+    if (organizationUnit) {
+      aOrganizationUnit = NS_ConvertUTF8toUTF16(organizationUnit.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuer(nsIX509Cert** aIssuer)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aIssuer);
+  *aIssuer = nullptr;
+
+  nsCOMPtr<nsIArray> chain;
+  nsresult rv;
+  rv = GetChain(getter_AddRefs(chain));
+  NS_ENSURE_SUCCESS(rv, rv);
+  uint32_t length;
+  if (!chain || NS_FAILED(chain->GetLength(&length)) || length == 0) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  if (length == 1) { // No known issuer
+    return NS_OK;
+  }
+  nsCOMPtr<nsIX509Cert> cert;
+  chain->QueryElementAt(1, NS_GET_IID(nsIX509Cert), getter_AddRefs(cert));
+  if (!cert) {
+    return NS_ERROR_UNEXPECTED;
+  }
+  cert.forget(aIssuer);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetOrganizationalUnit(nsAString& aOrganizationalUnit)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aOrganizationalUnit.Truncate();
+  if (mCert) {
+    UniquePORTString orgunit(CERT_GetOrgUnitName(&mCert->subject));
+    if (orgunit) {
+      aOrganizationalUnit = NS_ConvertUTF8toUTF16(orgunit.get());
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetChain(nsIArray** _rvChain)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(_rvChain);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting chain for \"%s\"\n", mCert->nickname));
+
+  mozilla::pkix::Time now(mozilla::pkix::Now());
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  UniqueCERTCertList nssChain;
+  // We want to test all usages, but we start with server because most of the
+  // time Firefox users care about server certs.
+  if (certVerifier->VerifyCert(mCert.get(), certificateUsageSSLServer, now,
+                               nullptr, /*XXX fixme*/
+                               nullptr, /* hostname */
+                               nssChain,
+                               CertVerifier::FLAG_LOCAL_ONLY)
+        != mozilla::pkix::Success) {
+    nssChain = nullptr;
+    // keep going
+  }
+
+  // This is the whitelist of all non-SSLServer usages that are supported by
+  // verifycert.
+  const int otherUsagesToTest = certificateUsageSSLClient |
+                                certificateUsageSSLCA |
+                                certificateUsageEmailSigner |
+                                certificateUsageEmailRecipient |
+                                certificateUsageObjectSigner |
+                                certificateUsageStatusResponder;
+  for (int usage = certificateUsageSSLClient;
+       usage < certificateUsageAnyCA && !nssChain;
+       usage = usage << 1) {
+    if ((usage & otherUsagesToTest) == 0) {
+      continue;
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("pipnss: PKIX attempting chain(%d) for '%s'\n",
+            usage, mCert->nickname));
+    if (certVerifier->VerifyCert(mCert.get(), usage, now,
+                                 nullptr, /*XXX fixme*/
+                                 nullptr, /*hostname*/
+                                 nssChain,
+                                 CertVerifier::FLAG_LOCAL_ONLY)
+          != mozilla::pkix::Success) {
+      nssChain = nullptr;
+      // keep going
+    }
+  }
+
+  if (!nssChain) {
+    // There is not verified path for the chain, however we still want to
+    // present to the user as much of a possible chain as possible, in the case
+    // where there was a problem with the cert or the issuers.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("pipnss: getchain :CertVerify failed to get chain for '%s'\n",
+            mCert->nickname));
+    nssChain = UniqueCERTCertList(
+      CERT_GetCertChainFromCert(mCert.get(), PR_Now(), certUsageSSLClient));
+  }
+  if (!nssChain) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // enumerate the chain for scripting purposes
+  nsCOMPtr<nsIMutableArray> array = nsArrayBase::Create();
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+  CERTCertListNode* node;
+  for (node = CERT_LIST_HEAD(nssChain.get());
+       !CERT_LIST_END(node, nssChain.get());
+       node = CERT_LIST_NEXT(node)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("adding %s to chain\n", node->cert->nickname));
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(node->cert);
+    array->AppendElement(cert, false);
+  }
+  *_rvChain = array;
+  NS_IF_ADDREF(*_rvChain);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetAllTokenNames(uint32_t* aLength, char16_t*** aTokenNames)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aTokenNames);
+  *aLength = 0;
+  *aTokenNames = nullptr;
+
+  // Get the slots from NSS
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting slots for \"%s\"\n", mCert->nickname));
+  UniquePK11SlotList slots(PK11_GetAllSlotsForCert(mCert.get(), nullptr));
+  if (!slots) {
+    if (PORT_GetError() == SEC_ERROR_NO_TOKEN) {
+      return NS_OK; // List of slots is empty, return empty array
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // read the token names from slots
+  PK11SlotListElement* le;
+
+  for (le = slots->head; le; le = le->next) {
+    ++(*aLength);
+  }
+
+  *aTokenNames = (char16_t**) moz_xmalloc(sizeof(char16_t*) * (*aLength));
+  if (!*aTokenNames) {
+    *aLength = 0;
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  uint32_t iToken;
+  for (le = slots->head, iToken = 0; le; le = le->next, ++iToken) {
+    char* token = PK11_GetTokenName(le->slot);
+    (*aTokenNames)[iToken] = ToNewUnicode(NS_ConvertUTF8toUTF16(token));
+    if (!(*aTokenNames)[iToken]) {
+      NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(iToken, *aTokenNames);
+      *aLength = 0;
+      *aTokenNames = nullptr;
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSubjectName(nsAString& _subjectName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _subjectName.Truncate();
+  if (mCert->subjectName) {
+    _subjectName = NS_ConvertUTF8toUTF16(mCert->subjectName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetIssuerName(nsAString& _issuerName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _issuerName.Truncate();
+  if (mCert->issuerName) {
+    _issuerName = NS_ConvertUTF8toUTF16(mCert->issuerName);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSerialNumber(nsAString& _serialNumber)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  _serialNumber.Truncate();
+  UniquePORTString tmpstr(CERT_Hexify(&mCert->serialNumber, 1));
+  if (tmpstr) {
+    _serialNumber = NS_ConvertASCIItoUTF16(tmpstr.get());
+    return NS_OK;
+  }
+  return NS_ERROR_FAILURE;
+}
+
+nsresult
+nsNSSCertificate::GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aFingerprint.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(aHashAlg, mCert->derCert.data,
+                                 mCert->derCert.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // CERT_Hexify's second argument is an int that is interpreted as a boolean
+  UniquePORTString fpStr(CERT_Hexify(const_cast<SECItem*>(&digest.get()), 1));
+  if (!fpStr) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aFingerprint.AssignASCII(fpStr.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256Fingerprint(nsAString& aSha256Fingerprint)
+{
+  return GetCertificateHash(aSha256Fingerprint, SEC_OID_SHA256);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha1Fingerprint(nsAString& _sha1Fingerprint)
+{
+  return GetCertificateHash(_sha1Fingerprint, SEC_OID_SHA1);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetTokenName(nsAString& aTokenName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  aTokenName.Truncate();
+  if (mCert) {
+    // HACK alert
+    // When the trust of a builtin cert is modified, NSS copies it into the
+    // cert db.  At this point, it is now "managed" by the user, and should
+    // not be listed with the builtins.  However, in the collection code
+    // used by PK11_ListCerts, the cert is found in the temp db, where it
+    // has been loaded from the token.  Though the trust is correct (grabbed
+    // from the cert db), the source is wrong.  I believe this is a safe
+    // way to work around this.
+    if (mCert->slot) {
+      char* token = PK11_GetTokenName(mCert->slot);
+      if (token) {
+        aTokenName = NS_ConvertUTF8toUTF16(token);
+      }
+    } else {
+      nsresult rv;
+      nsAutoString tok;
+      nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+      if (NS_FAILED(rv)) return rv;
+      rv = nssComponent->GetPIPNSSBundleString("InternalToken", tok);
+      if (NS_SUCCEEDED(rv))
+        aTokenName = tok;
+    }
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetSha256SubjectPublicKeyInfoDigest(nsACString& aSha256SPKIDigest)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aSha256SPKIDigest.Truncate();
+  Digest digest;
+  nsresult rv = digest.DigestBuf(SEC_OID_SHA256, mCert->derPublicKey.data,
+                                 mCert->derPublicKey.len);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  rv = Base64Encode(nsDependentCSubstring(
+                      BitwiseCast<char*, unsigned char*>(digest.get().data),
+                      digest.get().len),
+                    aSha256SPKIDigest);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetRawDER(uint32_t* aLength, uint8_t** aArray)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mCert) {
+    *aArray = (uint8_t*)moz_xmalloc(mCert->derCert.len);
+    if (*aArray) {
+      memcpy(*aArray, mCert->derCert.data, mCert->derCert.len);
+      *aLength = mCert->derCert.len;
+      return NS_OK;
+    }
+  }
+  *aLength = 0;
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::ExportAsCMS(uint32_t chainMode,
+                              uint32_t* aLength, uint8_t** aArray)
+{
+  NS_ENSURE_ARG(aLength);
+  NS_ENSURE_ARG(aArray);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (!mCert)
+    return NS_ERROR_FAILURE;
+
+  switch (chainMode) {
+    case nsIX509Cert::CMS_CHAIN_MODE_CertOnly:
+    case nsIX509Cert::CMS_CHAIN_MODE_CertChain:
+    case nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot:
+      break;
+    default:
+      return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueNSSCMSMessage cmsg(NSS_CMSMessage_Create(nullptr));
+  if (!cmsg) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create CMS message\n"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // first, create SignedData with the certificate only (no chain)
+  UniqueNSSCMSSignedData sigd(
+    NSS_CMSSignedData_CreateCertsOnly(cmsg.get(), mCert.get(), false));
+  if (!sigd) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create SignedData\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Calling NSS_CMSSignedData_CreateCertsOnly() will not allow us
+  // to specify the inclusion of the root, but CERT_CertChainFromCert() does.
+  // Since CERT_CertChainFromCert() also includes the certificate itself,
+  // we have to start at the issuing cert (to avoid duplicate certs
+  // in the SignedData).
+  if (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChain ||
+      chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot) {
+    UniqueCERTCertificate issuerCert(
+      CERT_FindCertIssuer(mCert.get(), PR_Now(), certUsageAnyCA));
+    // the issuerCert of a self signed root is the cert itself,
+    // so make sure we're not adding duplicates, again
+    if (issuerCert && issuerCert != mCert) {
+      bool includeRoot =
+        (chainMode == nsIX509Cert::CMS_CHAIN_MODE_CertChainWithRoot);
+      UniqueCERTCertificateList certChain(
+        CERT_CertChainFromCert(issuerCert.get(), certUsageAnyCA, includeRoot));
+      if (certChain) {
+        if (NSS_CMSSignedData_AddCertList(sigd.get(), certChain.get())
+              == SECSuccess) {
+          Unused << certChain.release();
+        }
+        else {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                 ("nsNSSCertificate::ExportAsCMS - can't add chain\n"));
+          return NS_ERROR_FAILURE;
+        }
+      }
+      else {
+        // try to add the issuerCert, at least
+        if (NSS_CMSSignedData_AddCertificate(sigd.get(), issuerCert.get())
+              == SECSuccess) {
+          Unused << issuerCert.release();
+        }
+        else {
+          MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+                 ("nsNSSCertificate::ExportAsCMS - can't add issuer cert\n"));
+          return NS_ERROR_FAILURE;
+        }
+      }
+    }
+  }
+
+  NSSCMSContentInfo* cinfo = NSS_CMSMessage_GetContentInfo(cmsg.get());
+  if (NSS_CMSContentInfo_SetContent_SignedData(cmsg.get(), cinfo, sigd.get())
+       == SECSuccess) {
+    Unused << sigd.release();
+  }
+  else {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't attach SignedData\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - out of memory\n"));
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECItem certP7 = { siBuffer, nullptr, 0 };
+  NSSCMSEncoderContext* ecx = NSS_CMSEncoder_Start(cmsg.get(), nullptr, nullptr,
+                                                   &certP7, arena.get(), nullptr,
+                                                   nullptr, nullptr, nullptr,
+                                                   nullptr, nullptr);
+  if (!ecx) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - can't create encoder context\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (NSS_CMSEncoder_Finish(ecx) != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("nsNSSCertificate::ExportAsCMS - failed to add encoded data\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  *aArray = (uint8_t*)moz_xmalloc(certP7.len);
+  if (!*aArray)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  memcpy(*aArray, certP7.data, certP7.len);
+  *aLength = certP7.len;
+  return NS_OK;
+}
+
+CERTCertificate*
+nsNSSCertificate::GetCert()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return nullptr;
+
+  return (mCert) ? CERT_DupCertificate(mCert.get()) : nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetValidity(nsIX509CertValidity** aValidity)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(aValidity);
+
+  if (!mCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509CertValidity> validity = new nsX509CertValidity(mCert);
+  validity.forget(aValidity);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetASN1Structure(nsIASN1Object** aASN1Structure)
+{
+  NS_ENSURE_ARG_POINTER(aASN1Structure);
+  return CreateASN1Struct(aASN1Structure);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::Equals(nsIX509Cert* other, bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  NS_ENSURE_ARG(other);
+  NS_ENSURE_ARG(result);
+
+  UniqueCERTCertificate cert(other->GetCert());
+  *result = (mCert.get() == cert.get());
+  return NS_OK;
+}
+
+namespace mozilla {
+
+// TODO(bug 1036065): It seems like we only construct CERTCertLists for the
+// purpose of constructing nsNSSCertLists, so maybe we should change this
+// function to output an nsNSSCertList instead.
+SECStatus
+ConstructCERTCertListFromReversedDERArray(
+  const mozilla::pkix::DERArray& certArray,
+  /*out*/ UniqueCERTCertList& certList)
+{
+  certList = UniqueCERTCertList(CERT_NewCertList());
+  if (!certList) {
+    return SECFailure;
+  }
+
+  CERTCertDBHandle* certDB(CERT_GetDefaultCertDB()); // non-owning
+
+  size_t numCerts = certArray.GetLength();
+  for (size_t i = 0; i < numCerts; ++i) {
+    SECItem certDER(UnsafeMapInputToSECItem(*certArray.GetDER(i)));
+    UniqueCERTCertificate cert(CERT_NewTempCertificate(certDB, &certDER,
+                                                       nullptr, false, true));
+    if (!cert) {
+      return SECFailure;
+    }
+    // certArray is ordered with the root first, but we want the resulting
+    // certList to have the root last.
+    if (CERT_AddCertToListHead(certList.get(), cert.get()) != SECSuccess) {
+      return SECFailure;
+    }
+    Unused << cert.release(); // cert is now owned by certList.
+  }
+
+  return SECSuccess;
+}
+
+} // namespace mozilla
+
+NS_IMPL_CLASSINFO(nsNSSCertList,
+                  nullptr,
+                  // inferred from nsIX509Cert
+                  nsIClassInfo::THREADSAFE,
+                  NS_X509CERTLIST_CID)
+
+NS_IMPL_ISUPPORTS_CI(nsNSSCertList,
+                     nsIX509CertList,
+                     nsISerializable)
+
+nsNSSCertList::nsNSSCertList(UniqueCERTCertList certList,
+                             const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  if (certList) {
+    mCertList = Move(certList);
+  } else {
+    mCertList = UniqueCERTCertList(CERT_NewCertList());
+  }
+}
+
+nsNSSCertList::nsNSSCertList()
+{
+  mCertList = UniqueCERTCertList(CERT_NewCertList());
+}
+
+nsNSSCertList::~nsNSSCertList()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertList::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertList::destructorSafeDestroyNSSReference()
+{
+  mCertList = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::AddCert(nsIX509Cert* aCert)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  CERTCertificate* cert = aCert->GetCert();
+  if (!cert) {
+    NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCertList) {
+    NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
+    return NS_ERROR_FAILURE;
+  }
+  // XXX: check return value!
+  CERT_AddCertToListTail(mCertList.get(), cert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::DeleteCert(nsIX509Cert* aCert)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  CERTCertificate* cert = aCert->GetCert();
+  CERTCertListNode* node;
+
+  if (!cert) {
+    NS_ERROR("Somehow got nullptr for mCertificate in nsNSSCertificate.");
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!mCertList) {
+    NS_ERROR("Somehow got nullptr for mCertList in nsNSSCertList.");
+    return NS_ERROR_FAILURE;
+  }
+
+  for (node = CERT_LIST_HEAD(mCertList.get());
+       !CERT_LIST_END(node, mCertList.get()); node = CERT_LIST_NEXT(node)) {
+    if (node->cert == cert) {
+	CERT_RemoveCertListNode(node);
+        return NS_OK;
+    }
+  }
+  return NS_OK; // XXX Should we fail if we couldn't find it?
+}
+
+UniqueCERTCertList
+nsNSSCertList::DupCertList(const UniqueCERTCertList& certList,
+                           const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!certList) {
+    return nullptr;
+  }
+
+  UniqueCERTCertList newList(CERT_NewCertList());
+  if (!newList) {
+    return nullptr;
+  }
+
+  for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+       !CERT_LIST_END(node, certList);
+       node = CERT_LIST_NEXT(node)) {
+    UniqueCERTCertificate cert(CERT_DupCertificate(node->cert));
+    if (!cert) {
+      return nullptr;
+    }
+
+    if (CERT_AddCertToListTail(newList.get(), cert.get()) != SECSuccess) {
+      return nullptr;
+    }
+
+    Unused << cert.release(); // Ownership transferred to the cert list.
+  }
+  return newList;
+}
+
+CERTCertList*
+nsNSSCertList::GetRawCertList()
+{
+  // This function should only be called after acquiring a
+  // nsNSSShutDownPreventionLock. It's difficult to enforce this in code since
+  // this is an implementation of an XPCOM interface function (albeit a
+  // C++-only one), so we acquire the (reentrant) lock and check for shutdown
+  // ourselves here. At the moment it appears that only nsCertTree uses this
+  // function. When that gets removed and replaced by a more reasonable
+  // implementation of the certificate manager, this function can be removed.
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return nullptr;
+  }
+  return mCertList.get();
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Write(nsIObjectOutputStream* aStream)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_STATE(mCertList);
+  nsresult rv = NS_OK;
+
+  // First, enumerate the certs to get the length of the list
+  uint32_t certListLen = 0;
+  CERTCertListNode* node = nullptr;
+  for (node = CERT_LIST_HEAD(mCertList);
+       !CERT_LIST_END(node, mCertList);
+       node = CERT_LIST_NEXT(node), ++certListLen) {
+  }
+
+  // Write the length of the list
+  rv = aStream->Write32(certListLen);
+
+  // Repeat the loop, and serialize each certificate
+  node = nullptr;
+  for (node = CERT_LIST_HEAD(mCertList);
+       !CERT_LIST_END(node, mCertList);
+       node = CERT_LIST_NEXT(node))
+  {
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::Create(node->cert);
+    if (!cert) {
+      rv = NS_ERROR_OUT_OF_MEMORY;
+      break;
+    }
+
+    nsCOMPtr<nsISerializable> serializableCert = do_QueryInterface(cert);
+    rv = aStream->WriteCompoundObject(serializableCert, NS_GET_IID(nsIX509Cert), true);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Read(nsIObjectInputStream* aStream)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_STATE(mCertList);
+  nsresult rv = NS_OK;
+
+  uint32_t certListLen;
+  rv = aStream->Read32(&certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for(uint32_t i = 0; i < certListLen; ++i) {
+    nsCOMPtr<nsISupports> certSupports;
+    rv = aStream->ReadObject(true, getter_AddRefs(certSupports));
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(certSupports);
+    rv = AddCert(cert);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::GetEnumerator(nsISimpleEnumerator** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (!mCertList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsISimpleEnumerator> enumerator =
+    new nsNSSCertListEnumerator(mCertList, locker);
+
+  enumerator.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertList::Equals(nsIX509CertList* other, bool* result)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(result);
+  *result = true;
+
+  nsresult rv;
+
+  nsCOMPtr<nsISimpleEnumerator> selfEnumerator;
+  rv = GetEnumerator(getter_AddRefs(selfEnumerator));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISimpleEnumerator> otherEnumerator;
+  rv = other->GetEnumerator(getter_AddRefs(otherEnumerator));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISupports> selfSupports;
+  nsCOMPtr<nsISupports> otherSupports;
+  while (NS_SUCCEEDED(selfEnumerator->GetNext(getter_AddRefs(selfSupports)))) {
+    if (NS_SUCCEEDED(otherEnumerator->GetNext(getter_AddRefs(otherSupports)))) {
+      nsCOMPtr<nsIX509Cert> selfCert = do_QueryInterface(selfSupports);
+      nsCOMPtr<nsIX509Cert> otherCert = do_QueryInterface(otherSupports);
+
+      bool certsEqual = false;
+      rv = selfCert->Equals(otherCert, &certsEqual);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+      if (!certsEqual) {
+        *result = false;
+        break;
+      }
+    } else {
+      // other is shorter than self
+      *result = false;
+      break;
+    }
+  }
+
+  // Make sure self is the same length as other
+  bool otherHasMore = false;
+  rv = otherEnumerator->HasMoreElements(&otherHasMore);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (otherHasMore) {
+    *result = false;
+  }
+
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsNSSCertListEnumerator, nsISimpleEnumerator)
+
+nsNSSCertListEnumerator::nsNSSCertListEnumerator(
+  const UniqueCERTCertList& certList,
+  const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  MOZ_ASSERT(certList);
+  mCertList = nsNSSCertList::DupCertList(certList, proofOfLock);
+}
+
+nsNSSCertListEnumerator::~nsNSSCertListEnumerator()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void nsNSSCertListEnumerator::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void nsNSSCertListEnumerator::destructorSafeDestroyNSSReference()
+{
+  mCertList = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertListEnumerator::HasMoreElements(bool* _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
+
+  *_retval = !CERT_LIST_EMPTY(mCertList);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertListEnumerator::GetNext(nsISupports** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_TRUE(mCertList, NS_ERROR_FAILURE);
+
+  CERTCertListNode* node = CERT_LIST_HEAD(mCertList);
+  if (CERT_LIST_END(node, mCertList)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(node->cert);
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  nssCert.forget(_retval);
+
+  CERT_RemoveCertListNode(node);
+  return NS_OK;
+}
+
+// NB: This serialization must match that of nsNSSCertificateFakeTransport.
+NS_IMETHODIMP
+nsNSSCertificate::Write(nsIObjectOutputStream* aStream)
+{
+  NS_ENSURE_STATE(mCert);
+  // This field used to be the cached EV status, but it is no longer necessary.
+  nsresult rv = aStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  rv = aStream->Write32(mCert->derCert.len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  return aStream->WriteByteArray(mCert->derCert.data, mCert->derCert.len);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::Read(nsIObjectInputStream* aStream)
+{
+  NS_ENSURE_STATE(!mCert);
+
+  // This field is no longer used.
+  uint32_t unusedCachedEVStatus;
+  nsresult rv = aStream->Read32(&unusedCachedEVStatus);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint32_t len;
+  rv = aStream->Read32(&len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsXPIDLCString str;
+  rv = aStream->ReadBytes(len, getter_Copies(str));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (!InitFromDER(const_cast<char*>(str.get()), len)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetInterfaces(uint32_t* count, nsIID*** array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetScriptableHelper(nsIXPCScriptable** _retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = nsIClassInfo::THREADSAFE;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificate::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
+  *aClassIDNoAlloc = kNSSCertificateCID;
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificate.h b/security/manager/ssl/nsNSSCertificate.h
new file mode 100644
index 000000000..b62c6c7ac
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificate.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificate_h
+#define nsNSSCertificate_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "nsCOMPtr.h"
+#include "nsIASN1Object.h"
+#include "nsIClassInfo.h"
+#include "nsISerializable.h"
+#include "nsISimpleEnumerator.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertList.h"
+#include "nsNSSShutDown.h"
+
+namespace mozilla { namespace pkix { class DERArray; } }
+
+class nsAutoString;
+class nsINSSComponent;
+class nsIASN1Sequence;
+
+class nsNSSCertificate final : public nsIX509Cert,
+                               public nsISerializable,
+                               public nsIClassInfo,
+                               public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERT
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  friend class nsNSSCertificateFakeTransport;
+
+  explicit nsNSSCertificate(CERTCertificate* cert);
+  nsNSSCertificate();
+  static nsNSSCertificate* Create(CERTCertificate* cert = nullptr);
+  static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen);
+
+  // This is a separate static method so nsNSSComponent can use it during NSS
+  // initialization. Other code should probably not use it.
+  static nsresult GetDbKey(const mozilla::UniqueCERTCertificate& cert,
+                           nsACString& aDbKey);
+
+private:
+  virtual ~nsNSSCertificate();
+
+  mozilla::UniqueCERTCertificate mCert;
+  bool             mPermDelete;
+  uint32_t         mCertType;
+  nsresult CreateASN1Struct(nsIASN1Object** aRetVal);
+  nsresult CreateTBSCertificateASN1Struct(nsIASN1Sequence** retSequence,
+                                          nsINSSComponent* nssComponent);
+  nsresult GetSortableDate(PRTime aTime, nsAString& _aSortableDate);
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  bool InitFromDER(char* certDER, int derLen);  // return false on failure
+
+  nsresult GetCertificateHash(nsAString& aFingerprint, SECOidTag aHashAlg);
+};
+
+namespace mozilla {
+
+SECStatus ConstructCERTCertListFromReversedDERArray(
+            const mozilla::pkix::DERArray& certArray,
+            /*out*/ mozilla::UniqueCERTCertList& certList);
+
+} // namespace mozilla
+
+class nsNSSCertList: public nsIX509CertList,
+                     public nsISerializable,
+                     public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTLIST
+  NS_DECL_NSISERIALIZABLE
+
+  // certList is adopted
+  nsNSSCertList(mozilla::UniqueCERTCertList certList,
+                const nsNSSShutDownPreventionLock& proofOfLock);
+
+  nsNSSCertList();
+
+  static mozilla::UniqueCERTCertList DupCertList(
+    const mozilla::UniqueCERTCertList& certList,
+    const nsNSSShutDownPreventionLock& proofOfLock);
+
+private:
+   virtual ~nsNSSCertList();
+   virtual void virtualDestroyNSSReference() override;
+   void destructorSafeDestroyNSSReference();
+
+   mozilla::UniqueCERTCertList mCertList;
+
+   nsNSSCertList(const nsNSSCertList&) = delete;
+   void operator=(const nsNSSCertList&) = delete;
+};
+
+class nsNSSCertListEnumerator: public nsISimpleEnumerator,
+                               public nsNSSShutDownObject
+{
+public:
+   NS_DECL_THREADSAFE_ISUPPORTS
+   NS_DECL_NSISIMPLEENUMERATOR
+
+   nsNSSCertListEnumerator(const mozilla::UniqueCERTCertList& certList,
+                           const nsNSSShutDownPreventionLock& proofOfLock);
+private:
+   virtual ~nsNSSCertListEnumerator();
+   virtual void virtualDestroyNSSReference() override;
+   void destructorSafeDestroyNSSReference();
+
+   mozilla::UniqueCERTCertList mCertList;
+
+   nsNSSCertListEnumerator(const nsNSSCertListEnumerator&) = delete;
+   void operator=(const nsNSSCertListEnumerator&) = delete;
+};
+
+#define NS_X509CERT_CID { /* 660a3226-915c-4ffb-bb20-8985a632df05 */   \
+    0x660a3226,                                                        \
+    0x915c,                                                            \
+    0x4ffb,                                                            \
+    { 0xbb, 0x20, 0x89, 0x85, 0xa6, 0x32, 0xdf, 0x05 }                 \
+  }
+
+#endif // nsNSSCertificate_h
diff --git a/security/manager/ssl/nsNSSCertificateDB.cpp b/security/manager/ssl/nsNSSCertificateDB.cpp
new file mode 100644
index 000000000..3d7c7eec4
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -0,0 +1,1658 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateDB.h"
+
+#include "CertVerifier.h"
+#include "CryptoTask.h"
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "SharedSSLState.h"
+#include "certdb.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCOMPtr.h"
+#include "nsCRT.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICertificateDialogs.h"
+#include "nsIFile.h"
+#include "nsIMutableArray.h"
+#include "nsIObserverService.h"
+#include "nsIPrefBranch.h"
+#include "nsIPrefService.h"
+#include "nsIPrompt.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSCertTrust.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsPK11TokenDB.h"
+#include "nsPKCS12Blob.h"
+#include "nsPromiseFlatString.h"
+#include "nsProxyRelease.h"
+#include "nsReadableUtils.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "pkix/Time.h"
+#include "pkix/pkixnss.h"
+#include "pkix/pkixtypes.h"
+#include "secasn1.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+
+#ifdef XP_WIN
+#include <winsock.h> // for ntohl
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+using mozilla::psm::SharedSSLState;
+
+extern LazyLogModule gPIPNSSLog;
+
+static nsresult
+attemptToLogInWithDefaultPassword()
+{
+#ifdef NSS_DISABLE_DBM
+  // The SQL NSS DB requires the user to be authenticated to set certificate
+  // trust settings, even if the user's password is empty. To maintain
+  // compatibility with the DBM-based database, try to log in with the
+  // default empty password. This will allow, at least, tests that need to
+  // change certificate trust to pass on all platforms. TODO(bug 978120): Do
+  // proper testing and/or implement a better solution so that we are confident
+  // that this does the correct thing outside of xpcshell tests too.
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return MapSECStatus(SECFailure);
+  }
+  if (PK11_NeedUserInit(slot.get())) {
+    // Ignore the return value. Presumably PK11_InitPin will fail if the user
+    // has a non-default password.
+    Unused << PK11_InitPin(slot.get(), nullptr, nullptr);
+  }
+#endif
+
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsNSSCertificateDB, nsIX509CertDB)
+
+nsNSSCertificateDB::~nsNSSCertificateDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByNickname(const nsAString& nickname,
+                                       nsIX509Cert** _rvCert)
+{
+  NS_ENSURE_ARG_POINTER(_rvCert);
+  *_rvCert = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(nickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"\n", asciiname));
+  UniqueCERTCertificate cert(PK11_FindCertFromNickname(asciiname, nullptr));
+  if (!cert) {
+    cert.reset(CERT_FindCertByNickname(CERT_GetDefaultCertDB(), asciiname));
+  }
+  if (cert) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("got it\n"));
+    nsCOMPtr<nsIX509Cert> pCert = nsNSSCertificate::Create(cert.get());
+    if (pCert) {
+      pCert.forget(_rvCert);
+      return NS_OK;
+    }
+  }
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,nsIX509Cert** _cert)
+{
+  NS_ENSURE_ARG_POINTER(aDBKey);
+  NS_ENSURE_ARG(aDBKey[0]);
+  NS_ENSURE_ARG_POINTER(_cert);
+  *_cert = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueCERTCertificate cert;
+  nsresult rv = FindCertByDBKey(aDBKey, cert);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  // If we can't find the certificate, that's not an error. Just return null.
+  if (!cert) {
+    return NS_OK;
+  }
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_cert);
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificateDB::FindCertByDBKey(const char* aDBKey,
+                                    UniqueCERTCertificate& cert)
+{
+  static_assert(sizeof(uint64_t) == 8, "type size sanity check");
+  static_assert(sizeof(uint32_t) == 4, "type size sanity check");
+  // (From nsNSSCertificate::GetDbKey)
+  // The format of the key is the base64 encoding of the following:
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the module ID, but it was
+  //                        never implemented)
+  // 4 bytes: {0, 0, 0, 0} (this was intended to be the slot ID, but it was
+  //                        never implemented)
+  // 4 bytes: <serial number length in big-endian order>
+  // 4 bytes: <DER-encoded issuer distinguished name length in big-endian order>
+  // n bytes: <bytes of serial number>
+  // m bytes: <DER-encoded issuer distinguished name>
+  nsAutoCString decoded;
+  nsAutoCString tmpDBKey(aDBKey);
+  // Filter out any whitespace for backwards compatibility.
+  tmpDBKey.StripWhitespace();
+  nsresult rv = Base64Decode(tmpDBKey, decoded);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (decoded.Length() < 16) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  const char* reader = decoded.BeginReading();
+  uint64_t zeroes = *BitwiseCast<const uint64_t*, const char*>(reader);
+  if (zeroes != 0) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  reader += sizeof(uint64_t);
+  // Note: We surround the ntohl() argument with parentheses to stop the macro
+  //       from thinking two arguments were passed.
+  uint32_t serialNumberLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  uint32_t issuerLen = ntohl(
+    (*BitwiseCast<const uint32_t*, const char*>(reader)));
+  reader += sizeof(uint32_t);
+  if (decoded.Length() != 16ULL + serialNumberLen + issuerLen) {
+    return NS_ERROR_ILLEGAL_INPUT;
+  }
+  CERTIssuerAndSN issuerSN;
+  issuerSN.serialNumber.len = serialNumberLen;
+  issuerSN.serialNumber.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += serialNumberLen;
+  issuerSN.derIssuer.len = issuerLen;
+  issuerSN.derIssuer.data = BitwiseCast<unsigned char*, const char*>(reader);
+  reader += issuerLen;
+  MOZ_ASSERT(reader == decoded.EndReading());
+
+  cert.reset(CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerSN));
+  return NS_OK;
+}
+
+SECStatus
+collect_certs(void *arg, SECItem **certs, int numcerts)
+{
+  CERTDERCerts *collectArgs;
+  SECItem *cert;
+  SECStatus rv;
+
+  collectArgs = (CERTDERCerts *)arg;
+
+  collectArgs->numcerts = numcerts;
+  collectArgs->rawCerts = (SECItem *) PORT_ArenaZAlloc(collectArgs->arena,
+                                           sizeof(SECItem) * numcerts);
+  if (!collectArgs->rawCerts)
+    return(SECFailure);
+
+  cert = collectArgs->rawCerts;
+
+  while ( numcerts-- ) {
+    rv = SECITEM_CopyItem(collectArgs->arena, cert, *certs);
+    if ( rv == SECFailure )
+      return(SECFailure);
+    cert++;
+    certs++;
+  }
+
+  return (SECSuccess);
+}
+
+CERTDERCerts*
+nsNSSCertificateDB::getCertsFromPackage(const UniquePLArenaPool& arena,
+                                        uint8_t* data, uint32_t length,
+                                        const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  CERTDERCerts* collectArgs = PORT_ArenaZNew(arena.get(), CERTDERCerts);
+  if (!collectArgs) {
+    return nullptr;
+  }
+
+  collectArgs->arena = arena.get();
+  if (CERT_DecodeCertPackage(BitwiseCast<char*, uint8_t*>(data), length,
+                             collect_certs, collectArgs) != SECSuccess) {
+    return nullptr;
+  }
+
+  return collectArgs;
+}
+
+nsresult
+nsNSSCertificateDB::handleCACertDownload(NotNull<nsIArray*> x509Certs,
+                                         nsIInterfaceRequestor *ctx,
+                                         const nsNSSShutDownPreventionLock &proofOfLock)
+{
+  // First thing we have to do is figure out which certificate we're 
+  // gonna present to the user.  The CA may have sent down a list of 
+  // certs which may or may not be a chained list of certs.  Until
+  // the day we can design some solid UI for the general case, we'll
+  // code to the > 90% case.  That case is where a CA sends down a
+  // list that is a hierarchy whose root is either the first or 
+  // the last cert.  What we're gonna do is compare the first 
+  // 2 entries, if the second was signed by the first, we assume
+  // the root cert is the first cert and display it.  Otherwise,
+  // we compare the last 2 entries, if the second to last cert was
+  // signed by the last cert, then we assume the last cert is the
+  // root and display it.
+
+  uint32_t numCerts;
+
+  x509Certs->GetLength(&numCerts);
+  NS_ASSERTION(numCerts > 0, "Didn't get any certs to import.");
+  if (numCerts == 0)
+    return NS_OK; // Nothing to import, so nothing to do.
+
+  nsCOMPtr<nsIX509Cert> certToShow;
+  uint32_t selCertIndex;
+  if (numCerts == 1) {
+    // There's only one cert, so let's show it.
+    selCertIndex = 0;
+    certToShow = do_QueryElementAt(x509Certs, selCertIndex);
+  } else {
+    nsCOMPtr<nsIX509Cert> cert0;    // first cert
+    nsCOMPtr<nsIX509Cert> cert1;    // second cert
+    nsCOMPtr<nsIX509Cert> certn_2;  // second to last cert
+    nsCOMPtr<nsIX509Cert> certn_1;  // last cert
+
+    cert0 = do_QueryElementAt(x509Certs, 0);
+    cert1 = do_QueryElementAt(x509Certs, 1);
+    certn_2 = do_QueryElementAt(x509Certs, numCerts-2);
+    certn_1 = do_QueryElementAt(x509Certs, numCerts-1);
+
+    nsXPIDLString cert0SubjectName;
+    nsXPIDLString cert1IssuerName;
+    nsXPIDLString certn_2IssuerName;
+    nsXPIDLString certn_1SubjectName;
+
+    cert0->GetSubjectName(cert0SubjectName);
+    cert1->GetIssuerName(cert1IssuerName);
+    certn_2->GetIssuerName(certn_2IssuerName);
+    certn_1->GetSubjectName(certn_1SubjectName);
+
+    if (cert1IssuerName.Equals(cert0SubjectName)) {
+      // In this case, the first cert in the list signed the second,
+      // so the first cert is the root.  Let's display it. 
+      selCertIndex = 0;
+      certToShow = cert0;
+    } else 
+    if (certn_2IssuerName.Equals(certn_1SubjectName)) { 
+      // In this case the last cert has signed the second to last cert.
+      // The last cert is the root, so let's display it.
+      selCertIndex = numCerts-1;
+      certToShow = certn_1;
+    } else {
+      // It's not a chain, so let's just show the first one in the 
+      // downloaded list.
+      selCertIndex = 0;
+      certToShow = cert0;
+    }
+  }
+
+  if (!certToShow)
+    return NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsICertificateDialogs> dialogs;
+  nsresult rv = ::getNSSDialogs(getter_AddRefs(dialogs), 
+                                NS_GET_IID(nsICertificateDialogs),
+                                NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(certToShow->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!CERT_IsCACert(tmpCert.get(), nullptr)) {
+    DisplayCertificateAlert(ctx, "NotACACert", certToShow, proofOfLock);
+    return NS_ERROR_FAILURE;
+  }
+
+  if (tmpCert->isperm) {
+    DisplayCertificateAlert(ctx, "CaCertExists", certToShow, proofOfLock);
+    return NS_ERROR_FAILURE;
+  }
+
+  uint32_t trustBits;
+  bool allows;
+  rv = dialogs->ConfirmDownloadCACert(ctx, certToShow, &trustBits, &allows);
+  if (NS_FAILED(rv))
+    return rv;
+
+  if (!allows)
+    return NS_ERROR_NOT_AVAILABLE;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("trust is %d\n", trustBits));
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
+
+  nsNSSCertTrust trust;
+  trust.SetValidCA();
+  trust.AddCATrust(!!(trustBits & nsIX509CertDB::TRUSTED_SSL),
+                   !!(trustBits & nsIX509CertDB::TRUSTED_EMAIL),
+                   !!(trustBits & nsIX509CertDB::TRUSTED_OBJSIGN));
+
+  if (CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
+                             trust.GetTrust()) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Import additional delivered certificates that can be verified.
+
+  // build a CertList for filtering
+  UniqueCERTCertList certList(CERT_NewCertList());
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // get all remaining certs into temp store
+
+  for (uint32_t i=0; i<numCerts; i++) {
+    if (i == selCertIndex) {
+      // we already processed that one
+      continue;
+    }
+
+    nsCOMPtr<nsIX509Cert> remainingCert = do_QueryElementAt(x509Certs, i);
+    if (!remainingCert) {
+      continue;
+    }
+
+    UniqueCERTCertificate tmpCert2(remainingCert->GetCert());
+    if (!tmpCert2) {
+      continue;  // Let's try to import the rest of 'em
+    }
+
+    if (CERT_AddCertToListTail(certList.get(), tmpCert2.get()) != SECSuccess) {
+      continue;
+    }
+
+    Unused << tmpCert2.release();
+  }
+
+  return ImportValidCACertsInList(certList, ctx, proofOfLock);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertificates(uint8_t* data, uint32_t length,
+                                       uint32_t type,
+                                       nsIInterfaceRequestor* ctx)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // We currently only handle CA certificates.
+  if (type != nsIX509Cert::CA_CERT) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts* certCollection = getCertsFromPackage(arena, data, length,
+                                                     locker);
+  if (!certCollection) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = nsArrayBase::Create();
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Now let's create some certs to work with
+  for (int i = 0; i < certCollection->numcerts; i++) {
+    SECItem* currItem = &certCollection->rawCerts[i];
+    nsCOMPtr<nsIX509Cert> cert = nsNSSCertificate::ConstructFromDER(
+      BitwiseCast<char*, unsigned char*>(currItem->data), currItem->len);
+    if (!cert) {
+      return NS_ERROR_FAILURE;
+    }
+    nsresult rv = array->AppendElement(cert, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return handleCACertDownload(WrapNotNull(array), ctx, locker);
+}
+
+/**
+ * Filters an array of certs by usage and imports them into temporary storage.
+ *
+ * @param numcerts
+ *        Size of the |certs| array.
+ * @param certs
+ *        Pointer to array of certs to import.
+ * @param usage
+ *        Usage the certs should be filtered on.
+ * @param caOnly
+ *        Whether to import only CA certs.
+ * @param filteredCerts
+ *        List of certs that weren't filtered out and were successfully imported.
+ */
+static nsresult
+ImportCertsIntoTempStorage(int numcerts, SECItem* certs,
+                           const SECCertUsage usage, const bool caOnly,
+                           const nsNSSShutDownPreventionLock& /*proofOfLock*/,
+                   /*out*/ const UniqueCERTCertList& filteredCerts)
+{
+  NS_ENSURE_ARG_MIN(numcerts, 1);
+  NS_ENSURE_ARG_POINTER(certs);
+  NS_ENSURE_ARG_POINTER(filteredCerts.get());
+
+  // CERT_ImportCerts() expects an array of *pointers* to SECItems, so we have
+  // to convert |certs| to such a format first.
+  SECItem** ptrArray =
+    static_cast<SECItem**>(PORT_Alloc(sizeof(SECItem*) * numcerts));
+  if (!ptrArray) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  for (int i = 0; i < numcerts; i++) {
+    ptrArray[i] = &certs[i];
+  }
+
+  CERTCertificate** importedCerts = nullptr;
+  SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage,
+                                   numcerts, ptrArray, &importedCerts, false,
+                                   caOnly, nullptr);
+  PORT_Free(ptrArray);
+  ptrArray = nullptr;
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (int i = 0; i < numcerts; i++) {
+    if (!importedCerts[i]) {
+      continue;
+    }
+
+    UniqueCERTCertificate cert(CERT_DupCertificate(importedCerts[i]));
+    if (!cert) {
+      continue;
+    }
+
+    if (CERT_AddCertToListTail(filteredCerts.get(), cert.get()) == SECSuccess) {
+      Unused << cert.release();
+    }
+  }
+
+  CERT_DestroyCertArray(importedCerts, numcerts);
+
+  // CERT_ImportCerts() ignores its |usage| parameter, so we have to manually
+  // filter out unwanted certs.
+  if (CERT_FilterCertListByUsage(filteredCerts.get(), usage, caOnly)
+        != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+static SECStatus
+ImportCertsIntoPermanentStorage(const UniqueCERTCertList& certChain,
+                                const SECCertUsage usage, const bool caOnly)
+{
+  int chainLen = 0;
+  for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
+       !CERT_LIST_END(chainNode, certChain);
+       chainNode = CERT_LIST_NEXT(chainNode)) {
+    chainLen++;
+  }
+
+  SECItem **rawArray;
+  rawArray = (SECItem **) PORT_Alloc(chainLen * sizeof(SECItem *));
+  if (!rawArray) {
+    return SECFailure;
+  }
+
+  int i = 0;
+  for (CERTCertListNode *chainNode = CERT_LIST_HEAD(certChain);
+       !CERT_LIST_END(chainNode, certChain);
+       chainNode = CERT_LIST_NEXT(chainNode), i++) {
+    rawArray[i] = &chainNode->cert->derCert;
+  }
+  SECStatus srv = CERT_ImportCerts(CERT_GetDefaultCertDB(), usage, chainLen,
+                                   rawArray, nullptr, true, caOnly, nullptr);
+
+  PORT_Free(rawArray);
+  return srv;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportEmailCertificate(uint8_t* data, uint32_t length,
+                                           nsIInterfaceRequestor* ctx)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts *certCollection = getCertsFromPackage(arena, data, length, locker);
+  if (!certCollection) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertList filteredCerts(CERT_NewCertList());
+  if (!filteredCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = ImportCertsIntoTempStorage(certCollection->numcerts,
+                                           certCollection->rawCerts,
+                                           certUsageEmailRecipient,
+                                           false, locker, filteredCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Iterate through the filtered cert list and import verified certs into
+  // permanent storage.
+  // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004.
+  for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get());
+       !CERT_LIST_END(node, filteredCerts.get());
+       node = CERT_LIST_NEXT(node)) {
+    if (!node->cert) {
+      continue;
+    }
+
+    UniqueCERTCertList certChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient,
+                               mozilla::pkix::Now(), ctx, nullptr, certChain);
+    if (result != mozilla::pkix::Success) {
+      nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(node->cert);
+      DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, locker);
+      continue;
+    }
+    SECStatus srv = ImportCertsIntoPermanentStorage(certChain,
+                                                    certUsageEmailRecipient,
+                                                    false);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+    CERT_SaveSMimeProfile(node->cert, nullptr, nullptr);
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSCertificateDB::ImportValidCACerts(int numCACerts, SECItem* caCerts,
+                                       nsIInterfaceRequestor* ctx,
+                                       const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  UniqueCERTCertList filteredCerts(CERT_NewCertList());
+  if (!filteredCerts) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsresult rv = ImportCertsIntoTempStorage(numCACerts, caCerts, certUsageAnyCA,
+                                           true, proofOfLock, filteredCerts);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ImportValidCACertsInList(filteredCerts, ctx, proofOfLock);
+}
+
+nsresult
+nsNSSCertificateDB::ImportValidCACertsInList(const UniqueCERTCertList& filteredCerts,
+                                             nsIInterfaceRequestor* ctx,
+                                             const nsNSSShutDownPreventionLock& proofOfLock)
+{
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  // Iterate through the filtered cert list and import verified certs into
+  // permanent storage.
+  // Note: We verify the certs in order to prevent DoS attacks. See Bug 249004.
+  for (CERTCertListNode* node = CERT_LIST_HEAD(filteredCerts.get());
+       !CERT_LIST_END(node, filteredCerts.get());
+       node = CERT_LIST_NEXT(node)) {
+    UniqueCERTCertList certChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageVerifyCA,
+                               mozilla::pkix::Now(), ctx, nullptr, certChain);
+    if (result != mozilla::pkix::Success) {
+      nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(node->cert);
+      DisplayCertificateAlert(ctx, "NotImportingUnverifiedCert", certToShow, proofOfLock);
+      continue;
+    }
+
+    SECStatus srv = ImportCertsIntoPermanentStorage(certChain, certUsageAnyCA,
+                                                    true);
+    if (srv != SECSuccess) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  return NS_OK;
+}
+
+void nsNSSCertificateDB::DisplayCertificateAlert(nsIInterfaceRequestor *ctx, 
+                                                 const char *stringID, 
+                                                 nsIX509Cert *certToShow,
+                                                 const nsNSSShutDownPreventionLock &/*proofOfLock*/)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSCertificateDB::DisplayCertificateAlert called off the main thread");
+    return;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> my_ctx = ctx;
+  if (!my_ctx) {
+    my_ctx = new PipUIContext();
+  }
+
+  // This shall be replaced by embedding ovverridable prompts
+  // as discussed in bug 310446, and should make use of certToShow.
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_SUCCEEDED(rv)) {
+    nsAutoString tmpMessage;
+    nssComponent->GetPIPNSSBundleString(stringID, tmpMessage);
+
+    nsCOMPtr<nsIPrompt> prompt (do_GetInterface(my_ctx));
+    if (!prompt) {
+      return;
+    }
+
+    prompt->Alert(nullptr, tmpMessage.get());
+  }
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportUserCertificate(uint8_t* data, uint32_t length,
+                                          nsIInterfaceRequestor* ctx)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSCertificateDB::ImportUserCertificate called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  CERTDERCerts* collectArgs = getCertsFromPackage(arena, data, length, locker);
+  if (!collectArgs) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertificate cert(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), collectArgs->rawCerts,
+                            nullptr, false, true));
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert.get(), nullptr, ctx));
+  if (!slot) {
+    nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertIgnoredNoPrivateKey", certToShow, locker);
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  /* pick a nickname for the cert */
+  nsAutoCString nickname;
+  if (cert->nickname) {
+    nickname = cert->nickname;
+  } else {
+    get_default_nickname(cert.get(), ctx, nickname, locker);
+  }
+
+  /* user wants to import the cert */
+  slot.reset(PK11_ImportCertForKey(cert.get(), nickname.get(), ctx));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+  slot = nullptr;
+
+  {
+    nsCOMPtr<nsIX509Cert> certToShow = nsNSSCertificate::Create(cert.get());
+    DisplayCertificateAlert(ctx, "UserCertImported", certToShow, locker);
+  }
+
+  int numCACerts = collectArgs->numcerts - 1;
+  if (numCACerts) {
+    SECItem* caCerts = collectArgs->rawCerts + 1;
+    return ImportValidCACerts(numCACerts, caCerts, ctx, locker);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::DeleteCertificate(nsIX509Cert *aCert)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  UniqueCERTCertificate cert(aCert->GetCert());
+  if (!cert) {
+    return NS_ERROR_FAILURE;
+  }
+  SECStatus srv = SECSuccess;
+
+  uint32_t certType;
+  aCert->GetCertType(&certType);
+  if (NS_FAILED(aCert->MarkForPermDeletion()))
+  {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (cert->slot && certType != nsIX509Cert::USER_CERT) {
+    // To delete a cert of a slot (builtin, most likely), mark it as
+    // completely untrusted.  This way we keep a copy cached in the
+    // local database, and next time we try to load it off of the 
+    // external token/slot, we'll know not to trust it.  We don't 
+    // want to do that with user certs, because a user may  re-store
+    // the cert onto the card again at which point we *will* want to 
+    // trust that cert if it chains up properly.
+    nsNSSCertTrust trust(0, 0, 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               cert.get(), trust.GetTrust());
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("cert deleted: %d", srv));
+  return (srv) ? NS_ERROR_FAILURE : NS_OK;
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::SetCertTrust(nsIX509Cert *cert, 
+                                 uint32_t type,
+                                 uint32_t trusted)
+{
+  NS_ENSURE_ARG_POINTER(cert);
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  nsNSSCertTrust trust;
+  nsresult rv;
+  UniqueCERTCertificate nsscert(cert->GetCert());
+
+  rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  SECStatus srv;
+  if (type == nsIX509Cert::CA_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidCA();
+    trust.AddCATrust(!!(trusted & nsIX509CertDB::TRUSTED_SSL),
+                     !!(trusted & nsIX509CertDB::TRUSTED_EMAIL),
+                     !!(trusted & nsIX509CertDB::TRUSTED_OBJSIGN));
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else if (type == nsIX509Cert::SERVER_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidPeer();
+    trust.AddPeerTrust(trusted & nsIX509CertDB::TRUSTED_SSL, 0, 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else if (type == nsIX509Cert::EMAIL_CERT) {
+    // always start with untrusted and move up
+    trust.SetValidPeer();
+    trust.AddPeerTrust(0, !!(trusted & nsIX509CertDB::TRUSTED_EMAIL), 0);
+    srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), 
+                               nsscert.get(),
+                               trust.GetTrust());
+  } else {
+    // ignore user certs
+    return NS_OK;
+  }
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::IsCertTrusted(nsIX509Cert *cert, 
+                                  uint32_t certType,
+                                  uint32_t trustType,
+                                  bool *_isTrusted)
+{
+  NS_ENSURE_ARG_POINTER(_isTrusted);
+  *_isTrusted = false;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SECStatus srv;
+  UniqueCERTCertificate nsscert(cert->GetCert());
+  CERTCertTrust nsstrust;
+  srv = CERT_GetCertTrust(nsscert.get(), &nsstrust);
+  if (srv != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  nsNSSCertTrust trust(&nsstrust);
+  if (certType == nsIX509Cert::CA_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedCA(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedCA(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedCA(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::SERVER_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedPeer(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } else if (certType == nsIX509Cert::EMAIL_CERT) {
+    if (trustType & nsIX509CertDB::TRUSTED_SSL) {
+      *_isTrusted = trust.HasTrustedPeer(true, false, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_EMAIL) {
+      *_isTrusted = trust.HasTrustedPeer(false, true, false);
+    } else if (trustType & nsIX509CertDB::TRUSTED_OBJSIGN) {
+      *_isTrusted = trust.HasTrustedPeer(false, false, true);
+    } else {
+      return NS_ERROR_FAILURE;
+    }
+  } /* user: ignore */
+  return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportCertsFromFile(nsIFile* aFile, uint32_t aType)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+    case nsIX509Cert::EMAIL_CERT:
+      // good
+      break;
+
+    default:
+      // not supported (yet)
+      return NS_ERROR_FAILURE;
+  }
+
+  PRFileDesc* fd = nullptr;
+  nsresult rv = aFile->OpenNSPRFileDesc(PR_RDONLY, 0, &fd);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!fd) {
+    return NS_ERROR_FAILURE;
+  }
+
+  PRFileInfo fileInfo;
+  if (PR_GetOpenFileInfo(fd, &fileInfo) != PR_SUCCESS) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = MakeUnique<unsigned char[]>(fileInfo.size);
+  int32_t bytesObtained = PR_Read(fd, buf.get(), fileInfo.size);
+  PR_Close(fd);
+
+  if (bytesObtained != fileInfo.size) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> cxt = new PipUIContext();
+
+  switch (aType) {
+    case nsIX509Cert::CA_CERT:
+      return ImportCertificates(buf.get(), bytesObtained, aType, cxt);
+    case nsIX509Cert::EMAIL_CERT:
+      return ImportEmailCertificate(buf.get(), bytesObtained, cxt);
+    default:
+      MOZ_ASSERT(false, "Unsupported type should have been filtered out");
+      break;
+  }
+
+  return NS_ERROR_FAILURE;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ImportPKCS12File(nsISupports* aToken, nsIFile* aFile)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  nsPKCS12Blob blob;
+  nsCOMPtr<nsIPK11Token> token = do_QueryInterface(aToken);
+  if (token) {
+    blob.SetToken(token);
+  }
+  return blob.ImportFromFile(aFile);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ExportPKCS12File(nsISupports* aToken,
+                                     nsIFile* aFile,
+                                     uint32_t count,
+                                     nsIX509Cert** certs)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  NS_ENSURE_ARG(aFile);
+  nsPKCS12Blob blob;
+  if (count == 0) return NS_OK;
+  nsCOMPtr<nsIPK11Token> localRef;
+  if (!aToken) {
+    UniquePK11SlotInfo keySlot(PK11_GetInternalKeySlot());
+    if (!keySlot) {
+      return NS_ERROR_FAILURE;
+    }
+    localRef = new nsPK11Token(keySlot.get());
+  } else {
+    localRef = do_QueryInterface(aToken);
+  }
+  blob.SetToken(localRef);
+  return blob.ExportToFile(aFile, certs, count);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindEmailEncryptionCert(const nsAString& aNickname,
+                                            nsIX509Cert** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = nullptr;
+
+  if (aNickname.IsEmpty())
+    return NS_OK;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+
+  /* Find a good cert in the user's database */
+  UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                      asciiname,
+                                                      certUsageEmailRecipient,
+                                                      true, ctx));
+  if (!cert) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindEmailSigningCert(const nsAString& aNickname,
+                                         nsIX509Cert** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+  *_retval = nullptr;
+
+  if (aNickname.IsEmpty())
+    return NS_OK;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  char *asciiname = nullptr;
+  NS_ConvertUTF16toUTF8 aUtf8Nickname(aNickname);
+  asciiname = const_cast<char*>(aUtf8Nickname.get());
+
+  /* Find a good cert in the user's database */
+  UniqueCERTCertificate cert(CERT_FindUserCertByUsage(CERT_GetDefaultCertDB(),
+                                                      asciiname,
+                                                      certUsageEmailSigner,
+                                                      true, ctx));
+  if (!cert) {
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::FindCertByEmailAddress(const char* aEmailAddress,
+                                           nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+
+  UniqueCERTCertList certlist(
+      PK11_FindCertsFromEmailAddress(aEmailAddress, nullptr));
+  if (!certlist)
+    return NS_ERROR_FAILURE;
+
+  // certlist now contains certificates with the right email address,
+  // but they might not have the correct usage or might even be invalid
+
+  if (CERT_LIST_END(CERT_LIST_HEAD(certlist), certlist))
+    return NS_ERROR_FAILURE; // no certs found
+
+  CERTCertListNode *node;
+  // search for a valid certificate
+  for (node = CERT_LIST_HEAD(certlist);
+       !CERT_LIST_END(node, certlist);
+       node = CERT_LIST_NEXT(node)) {
+
+    UniqueCERTCertList unusedCertChain;
+    mozilla::pkix::Result result =
+      certVerifier->VerifyCert(node->cert, certificateUsageEmailRecipient,
+                               mozilla::pkix::Now(),
+                               nullptr /*XXX pinarg*/,
+                               nullptr /*hostname*/,
+                               unusedCertChain);
+    if (result == mozilla::pkix::Success) {
+      break;
+    }
+  }
+
+  if (CERT_LIST_END(node, certlist)) {
+    // no valid cert found
+    return NS_ERROR_FAILURE;
+  }
+
+  // node now contains the first valid certificate with correct usage 
+  RefPtr<nsNSSCertificate> nssCert = nsNSSCertificate::Create(node->cert);
+  if (!nssCert)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509FromBase64(const nsACString& base64,
+                                    /*out*/ nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (!_retval) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  // Base64Decode() doesn't consider a zero length input as an error, and just
+  // returns the empty string. We don't want this behavior, so the below check
+  // catches this case.
+  if (base64.Length() < 1) {
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  nsAutoCString certDER;
+  nsresult rv = Base64Decode(base64, certDER);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return ConstructX509(certDER.get(), certDER.Length(), _retval);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ConstructX509(const char* certDER,
+                                  uint32_t lengthDER,
+                                  nsIX509Cert** _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (NS_WARN_IF(!_retval)) {
+    return NS_ERROR_INVALID_POINTER;
+  }
+
+  SECItem secitem_cert;
+  secitem_cert.type = siDERCertBuffer;
+  secitem_cert.data = (unsigned char*)certDER;
+  secitem_cert.len = lengthDER;
+
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                                     &secitem_cert, nullptr,
+                                                     false, true));
+  if (!cert)
+    return (PORT_GetError() == SEC_ERROR_NO_MEMORY)
+      ? NS_ERROR_OUT_OF_MEMORY : NS_ERROR_FAILURE;
+
+  nsCOMPtr<nsIX509Cert> nssCert = nsNSSCertificate::Create(cert.get());
+  if (!nssCert) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  nssCert.forget(_retval);
+  return NS_OK;
+}
+
+void
+nsNSSCertificateDB::get_default_nickname(CERTCertificate *cert, 
+                                         nsIInterfaceRequestor* ctx,
+                                         nsCString &nickname,
+                                         const nsNSSShutDownPreventionLock &/*proofOfLock*/)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nickname.Truncate();
+
+  nsresult rv;
+  CK_OBJECT_HANDLE keyHandle;
+
+  CERTCertDBHandle *defaultcertdb = CERT_GetDefaultCertDB();
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return;
+
+  nsAutoCString username;
+  UniquePORTString tempCN(CERT_GetCommonName(&cert->subject));
+  if (tempCN) {
+    username = tempCN.get();
+  }
+
+  nsAutoCString caname;
+  UniquePORTString tempIssuerOrg(CERT_GetOrgName(&cert->issuer));
+  if (tempIssuerOrg) {
+    caname = tempIssuerOrg.get();
+  }
+
+  nsAutoString tmpNickFmt;
+  nssComponent->GetPIPNSSBundleString("nick_template", tmpNickFmt);
+  NS_ConvertUTF16toUTF8 nickFmt(tmpNickFmt);
+
+  nsAutoCString baseName;
+  baseName.AppendPrintf(nickFmt.get(), username.get(), caname.get());
+  if (baseName.IsEmpty()) {
+    return;
+  }
+
+  nickname = baseName;
+
+  /*
+   * We need to see if the private key exists on a token, if it does
+   * then we need to check for nicknames that already exist on the smart
+   * card.
+   */
+  UniquePK11SlotInfo slot(PK11_KeyForCertExists(cert, &keyHandle, ctx));
+  if (!slot)
+    return;
+
+  if (!PK11_IsInternal(slot.get())) {
+    nsAutoCString tmp;
+    tmp.AppendPrintf("%s:%s", PK11_GetTokenName(slot.get()), baseName.get());
+    if (tmp.IsEmpty()) {
+      nickname.Truncate();
+      return;
+    }
+    baseName = tmp;
+    nickname = baseName;
+  }
+
+  int count = 1;
+  while (true) {
+    if ( count > 1 ) {
+      nsAutoCString tmp;
+      tmp.AppendPrintf("%s #%d", baseName.get(), count);
+      if (tmp.IsEmpty()) {
+        nickname.Truncate();
+        return;
+      }
+      nickname = tmp;
+    }
+
+    UniqueCERTCertificate dummycert;
+
+    if (PK11_IsInternal(slot.get())) {
+      /* look up the nickname to make sure it isn't in use already */
+      dummycert.reset(CERT_FindCertByNickname(defaultcertdb, nickname.get()));
+    } else {
+      // Check the cert against others that already live on the smart card.
+      dummycert.reset(PK11_FindCertFromNickname(nickname.get(), ctx));
+      if (dummycert) {
+	// Make sure the subject names are different.
+	if (CERT_CompareName(&cert->subject, &dummycert->subject) == SECEqual)
+	{
+	  /*
+	   * There is another certificate with the same nickname and
+	   * the same subject name on the smart card, so let's use this
+	   * nickname.
+	   */
+	  dummycert = nullptr;
+	}
+      }
+    }
+    if (!dummycert) {
+      break;
+    }
+    count++;
+  }
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCertFromBase64(const nsACString& aBase64,
+                                      const nsACString& aTrust,
+                                      const nsACString& /*aName*/)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsNSSCertTrust trust;
+  if (CERT_DecodeTrustString(trust.GetTrust(), PromiseFlatCString(aTrust).get())
+        != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIX509Cert> newCert;
+  nsresult rv = ConstructX509FromBase64(aBase64, getter_AddRefs(newCert));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  UniqueCERTCertificate tmpCert(newCert->GetCert());
+  if (!tmpCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // If there's already a certificate that matches this one in the database, we
+  // still want to set its trust to the given value.
+  if (tmpCert->isperm) {
+    return SetCertTrustFromString(newCert, aTrust);
+  }
+
+  UniquePORTString nickname(CERT_MakeCANickname(tmpCert.get()));
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Created nick \"%s\"\n", nickname.get()));
+
+  rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  SECStatus srv = CERT_AddTempCertToPerm(tmpCert.get(), nickname.get(),
+                                         trust.GetTrust());
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AddCert(const nsACString& aCertDER, const nsACString& aTrust,
+                            const nsACString& aName)
+{
+  nsCString base64;
+  nsresult rv = Base64Encode(aCertDER, base64);
+  NS_ENSURE_SUCCESS(rv, rv);
+  return AddCertFromBase64(base64, aTrust, aName);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::SetCertTrustFromString(nsIX509Cert* cert,
+                                           const nsACString& trustString)
+{
+  NS_ENSURE_ARG(cert);
+
+  CERTCertTrust trust;
+  SECStatus srv = CERT_DecodeTrustString(&trust,
+                                         PromiseFlatCString(trustString).get());
+  if (srv != SECSuccess) {
+    return MapSECStatus(srv);
+  }
+  UniqueCERTCertificate nssCert(cert->GetCert());
+
+  nsresult rv = attemptToLogInWithDefaultPassword();
+  if (NS_WARN_IF(rv != NS_OK)) {
+    return rv;
+  }
+
+  srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), nssCert.get(), &trust);
+  return MapSECStatus(srv);
+}
+
+NS_IMETHODIMP 
+nsNSSCertificateDB::GetCerts(nsIX509CertList **_retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIInterfaceRequestor> ctx = new PipUIContext();
+  nsCOMPtr<nsIX509CertList> nssCertList;
+  UniqueCERTCertList certList(PK11_ListCerts(PK11CertListUnique, ctx));
+
+  // nsNSSCertList 1) adopts certList, and 2) handles the nullptr case fine.
+  // (returns an empty list) 
+  nssCertList = new nsNSSCertList(Move(certList), locker);
+
+  nssCertList.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  NS_ENSURE_ARG_POINTER(enterpriseRoots);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+#ifdef XP_WIN
+  nsCOMPtr<nsINSSComponent> psm(do_GetService(PSM_COMPONENT_CONTRACTID));
+  if (!psm) {
+    return NS_ERROR_FAILURE;
+  }
+  return psm->GetEnterpriseRoots(enterpriseRoots);
+#else
+  return NS_ERROR_NOT_IMPLEMENTED;
+#endif
+}
+
+nsresult
+VerifyCertAtTime(nsIX509Cert* aCert,
+                 int64_t /*SECCertificateUsage*/ aUsage,
+                 uint32_t aFlags,
+                 const char* aHostname,
+                 mozilla::pkix::Time aTime,
+                 nsIX509CertList** aVerifiedChain,
+                 bool* aHasEVPolicy,
+                 int32_t* /*PRErrorCode*/ _retval,
+                 const nsNSSShutDownPreventionLock& locker)
+{
+  NS_ENSURE_ARG_POINTER(aCert);
+  NS_ENSURE_ARG_POINTER(aHasEVPolicy);
+  NS_ENSURE_ARG_POINTER(aVerifiedChain);
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  *aVerifiedChain = nullptr;
+  *aHasEVPolicy = false;
+  *_retval = PR_UNKNOWN_ERROR;
+
+  UniqueCERTCertificate nssCert(aCert->GetCert());
+  if (!nssCert) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+
+  UniqueCERTCertList resultChain;
+  SECOidTag evOidPolicy;
+  mozilla::pkix::Result result;
+
+  if (aHostname && aUsage == certificateUsageSSLServer) {
+    result = certVerifier->VerifySSLServerCert(nssCert,
+                                               nullptr, // stapledOCSPResponse
+                                               nullptr, // sctsFromTLSExtension
+                                               aTime,
+                                               nullptr, // Assume no context
+                                               aHostname,
+                                               resultChain,
+                                               false, // don't save intermediates
+                                               aFlags,
+                                               NeckoOriginAttributes(),
+                                               &evOidPolicy);
+  } else {
+    result = certVerifier->VerifyCert(nssCert.get(), aUsage, aTime,
+                                      nullptr, // Assume no context
+                                      aHostname,
+                                      resultChain,
+                                      aFlags,
+                                      nullptr, // stapledOCSPResponse
+                                      nullptr, // sctsFromTLSExtension
+                                      NeckoOriginAttributes(),
+                                      &evOidPolicy);
+  }
+
+  nsCOMPtr<nsIX509CertList> nssCertList;
+  // This adopts the list
+  nssCertList = new nsNSSCertList(Move(resultChain), locker);
+  NS_ENSURE_TRUE(nssCertList, NS_ERROR_FAILURE);
+
+  *_retval = mozilla::pkix::MapResultToPRErrorCode(result);
+  if (result == mozilla::pkix::Success && evOidPolicy != SEC_OID_UNKNOWN) {
+    *aHasEVPolicy = true;
+  }
+  nssCertList.forget(aVerifiedChain);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::VerifyCertNow(nsIX509Cert* aCert,
+                                  int64_t /*SECCertificateUsage*/ aUsage,
+                                  uint32_t aFlags,
+                                  const char* aHostname,
+                                  nsIX509CertList** aVerifiedChain,
+                                  bool* aHasEVPolicy,
+                                  int32_t* /*PRErrorCode*/ _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
+                            mozilla::pkix::Now(),
+                            aVerifiedChain, aHasEVPolicy, _retval, locker);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::VerifyCertAtTime(nsIX509Cert* aCert,
+                                     int64_t /*SECCertificateUsage*/ aUsage,
+                                     uint32_t aFlags,
+                                     const char* aHostname,
+                                     uint64_t aTime,
+                                     nsIX509CertList** aVerifiedChain,
+                                     bool* aHasEVPolicy,
+                                     int32_t* /*PRErrorCode*/ _retval)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  return ::VerifyCertAtTime(aCert, aUsage, aFlags, aHostname,
+                            mozilla::pkix::TimeFromEpochInSeconds(aTime),
+                            aVerifiedChain, aHasEVPolicy, _retval, locker);
+}
+
+class VerifyCertAtTimeTask final : public CryptoTask
+{
+public:
+  VerifyCertAtTimeTask(nsIX509Cert* aCert, int64_t aUsage, uint32_t aFlags,
+                       const char* aHostname, uint64_t aTime,
+                       nsICertVerificationCallback* aCallback)
+    : mCert(aCert)
+    , mUsage(aUsage)
+    , mFlags(aFlags)
+    , mHostname(aHostname)
+    , mTime(aTime)
+    , mCallback(new nsMainThreadPtrHolder<nsICertVerificationCallback>(aCallback))
+    , mPRErrorCode(SEC_ERROR_LIBRARY_FAILURE)
+    , mVerifiedCertList(nullptr)
+    , mHasEVPolicy(false)
+  {
+  }
+
+private:
+  virtual nsresult CalculateResult() override
+  {
+    nsCOMPtr<nsIX509CertDB> certDB = do_GetService(NS_X509CERTDB_CONTRACTID);
+    if (!certDB) {
+      return NS_ERROR_FAILURE;
+    }
+    // Unfortunately mHostname will have made the empty string out of a null
+    // pointer passed in the constructor. If we pass the empty string on to
+    // VerifyCertAtTime with the usage certificateUsageSSLServer, it will call
+    // VerifySSLServerCert, which expects a non-empty hostname. To avoid this,
+    // check the length and use nullptr if appropriate.
+    const char* hostname = mHostname.Length() > 0 ? mHostname.get() : nullptr;
+    return certDB->VerifyCertAtTime(mCert, mUsage, mFlags, hostname, mTime,
+                                    getter_AddRefs(mVerifiedCertList),
+                                    &mHasEVPolicy, &mPRErrorCode);
+  }
+
+  // No NSS resources are directly held, so there is nothing to release.
+  virtual void ReleaseNSSResources() override { }
+
+  virtual void CallCallback(nsresult rv) override
+  {
+    if (NS_FAILED(rv)) {
+      Unused << mCallback->VerifyCertFinished(SEC_ERROR_LIBRARY_FAILURE,
+                                              nullptr, false);
+    } else {
+      Unused << mCallback->VerifyCertFinished(mPRErrorCode, mVerifiedCertList,
+                                              mHasEVPolicy);
+    }
+  }
+
+  nsCOMPtr<nsIX509Cert> mCert;
+  int64_t mUsage;
+  uint32_t mFlags;
+  nsCString mHostname;
+  uint64_t mTime;
+  nsMainThreadPtrHandle<nsICertVerificationCallback> mCallback;
+  int32_t mPRErrorCode;
+  nsCOMPtr<nsIX509CertList> mVerifiedCertList;
+  bool mHasEVPolicy;
+};
+
+NS_IMETHODIMP
+nsNSSCertificateDB::AsyncVerifyCertAtTime(nsIX509Cert* aCert,
+                                          int64_t /*SECCertificateUsage*/ aUsage,
+                                          uint32_t aFlags,
+                                          const char* aHostname,
+                                          uint64_t aTime,
+                                          nsICertVerificationCallback* aCallback)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  RefPtr<VerifyCertAtTimeTask> task(new VerifyCertAtTimeTask(aCert, aUsage,
+                                                             aFlags, aHostname,
+                                                             aTime, aCallback));
+  return task->Dispatch("VerifyCert");
+}
+
+NS_IMETHODIMP
+nsNSSCertificateDB::ClearOCSPCache()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_FAILURE);
+  certVerifier->ClearOCSPCache();
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSCertificateDB.h b/security/manager/ssl/nsNSSCertificateDB.h
new file mode 100644
index 000000000..06af6739a
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateDB.h
@@ -0,0 +1,77 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificateDB_h
+#define nsNSSCertificateDB_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/NotNull.h"
+#include "mozilla/RefPtr.h"
+#include "mozilla/UniquePtr.h"
+#include "nsIX509CertDB.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+
+class nsCString;
+class nsIArray;
+
+class nsNSSCertificateDB final : public nsIX509CertDB
+                               , public nsNSSShutDownObject
+
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTDB
+
+  // Use this function to generate a default nickname for a user
+  // certificate that is to be imported onto a token.
+  static void
+  get_default_nickname(CERTCertificate *cert, nsIInterfaceRequestor* ctx,
+                       nsCString &nickname,
+                       const nsNSSShutDownPreventionLock &proofOfLock);
+
+  static nsresult 
+  ImportValidCACerts(int numCACerts, SECItem *CACerts, nsIInterfaceRequestor *ctx,
+                     const nsNSSShutDownPreventionLock &proofOfLock);
+
+  // This is a separate static method so nsNSSComponent can use it during NSS
+  // initialization. Other code should probably not use it.
+  static nsresult
+  FindCertByDBKey(const char* aDBKey, mozilla::UniqueCERTCertificate& cert);
+
+protected:
+  virtual ~nsNSSCertificateDB();
+
+private:
+
+  static nsresult
+  ImportValidCACertsInList(const mozilla::UniqueCERTCertList& filteredCerts,
+                           nsIInterfaceRequestor* ctx,
+                           const nsNSSShutDownPreventionLock& proofOfLock);
+
+  static void DisplayCertificateAlert(nsIInterfaceRequestor *ctx, 
+                                      const char *stringID, nsIX509Cert *certToShow,
+                                      const nsNSSShutDownPreventionLock &proofOfLock);
+
+  CERTDERCerts* getCertsFromPackage(const mozilla::UniquePLArenaPool& arena,
+                                    uint8_t* data, uint32_t length,
+                                    const nsNSSShutDownPreventionLock& proofOfLock);
+  nsresult handleCACertDownload(mozilla::NotNull<nsIArray*> x509Certs,
+                                nsIInterfaceRequestor *ctx,
+                                const nsNSSShutDownPreventionLock &proofOfLock);
+
+  // We don't own any NSS objects here, so no need to clean up
+  virtual void virtualDestroyNSSReference() override { };
+};
+
+#define NS_X509CERTDB_CID { /* fb0bbc5c-452e-4783-b32c-80124693d871 */ \
+    0xfb0bbc5c,                                                        \
+    0x452e,                                                            \
+    0x4783,                                                            \
+    {0xb3, 0x2c, 0x80, 0x12, 0x46, 0x93, 0xd8, 0x71}                   \
+  }
+
+#endif // nsNSSCertificateDB_h
diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.cpp b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp
new file mode 100644
index 000000000..088a5c4ed
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateFakeTransport.cpp
@@ -0,0 +1,478 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSCertificateFakeTransport.h"
+
+#include "mozilla/Assertions.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectInputStream.h"
+#include "nsIObjectOutputStream.h"
+#include "nsISupportsPrimitives.h"
+#include "nsNSSCertificate.h"
+#include "nsString.h"
+
+NS_IMPL_ISUPPORTS(nsNSSCertificateFakeTransport,
+                  nsIX509Cert,
+                  nsISerializable,
+                  nsIClassInfo)
+
+nsNSSCertificateFakeTransport::nsNSSCertificateFakeTransport()
+  : mCertSerialization(nullptr)
+{
+}
+
+nsNSSCertificateFakeTransport::~nsNSSCertificateFakeTransport()
+{
+  mCertSerialization = nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetDbKey(nsACString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetWindowTitle(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetNickname(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetEmailAddress(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetEmailAddresses(uint32_t*, char16_t***)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::ContainsEmailAddress(const nsAString&, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetCommonName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetOrganization(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerCommonName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerOrganization(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerOrganizationUnit(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuer(nsIX509Cert**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetOrganizationalUnit(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetChain(nsIArray**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSubjectName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIssuerName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSerialNumber(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha256Fingerprint(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha1Fingerprint(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetTokenName(nsAString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetRawDER(uint32_t*, uint8_t**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetValidity(nsIX509CertValidity**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetKeyUsages(nsAString&)
+{
+  MOZ_ASSERT_UNREACHABLE("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetASN1Structure(nsIASN1Object**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Equals(nsIX509Cert*, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetSha256SubjectPublicKeyInfoDigest(nsACString&)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+// NB: This serialization must match that of nsNSSCertificate.
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Write(nsIObjectOutputStream* aStream)
+{
+  // On a non-chrome process we don't have mCert because we lack
+  // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to
+  // carry the certificate serialization.
+
+  // This serialization has to match that of nsNSSCertificate, so include this
+  // now-unused field.
+  nsresult rv = aStream->Write32(0);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = aStream->Write32(mCertSerialization->len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  return aStream->WriteByteArray(mCertSerialization->data,
+                                 mCertSerialization->len);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::Read(nsIObjectInputStream* aStream)
+{
+  // This serialization has to match that of nsNSSCertificate, so read the (now
+  // unused) cachedEVStatus.
+  uint32_t unusedCachedEVStatus;
+  nsresult rv = aStream->Read32(&unusedCachedEVStatus);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  uint32_t len;
+  rv = aStream->Read32(&len);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsXPIDLCString str;
+  rv = aStream->ReadBytes(len, getter_Copies(str));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // On a non-chrome process we cannot instatiate mCert because we lack
+  // nsNSSComponent. nsNSSCertificateFakeTransport object is used only to
+  // carry the certificate serialization.
+  mCertSerialization =
+    mozilla::UniqueSECItem(SECITEM_AllocItem(nullptr, nullptr, len));
+  if (!mCertSerialization) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  PORT_Memcpy(mCertSerialization->data, str.Data(), len);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetInterfaces(uint32_t* count, nsIID*** array)
+{
+  *count = 0;
+  *array = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetScriptableHelper(nsIXPCScriptable** _retval)
+{
+  *_retval = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID)
+    return NS_ERROR_OUT_OF_MEMORY;
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = nsIClassInfo::THREADSAFE;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  static NS_DEFINE_CID(kNSSCertificateCID, NS_X509CERT_CID);
+
+  *aClassIDNoAlloc = kNSSCertificateCID;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetCertType(unsigned int*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIsSelfSigned(bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetIsBuiltInRoot(bool* aIsBuiltInRoot)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::GetAllTokenNames(unsigned int*, char16_t***)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+CERTCertificate*
+nsNSSCertificateFakeTransport::GetCert()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::ExportAsCMS(unsigned int,
+                                           unsigned int*,
+                                           unsigned char**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertificateFakeTransport::MarkForPermDeletion()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMPL_CLASSINFO(nsNSSCertListFakeTransport,
+                  nullptr,
+                  // inferred from nsIX509Cert
+                  nsIClassInfo::THREADSAFE,
+                  NS_X509CERTLIST_CID)
+
+NS_IMPL_ISUPPORTS_CI(nsNSSCertListFakeTransport,
+                     nsIX509CertList,
+                     nsISerializable)
+
+nsNSSCertListFakeTransport::nsNSSCertListFakeTransport()
+{
+}
+
+nsNSSCertListFakeTransport::~nsNSSCertListFakeTransport()
+{
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::AddCert(nsIX509Cert* aCert)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::DeleteCert(nsIX509Cert* aCert)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+CERTCertList*
+nsNSSCertListFakeTransport::GetRawCertList()
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::GetEnumerator(nsISimpleEnumerator**)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Equals(nsIX509CertList*, bool*)
+{
+  NS_NOTREACHED("Unimplemented on content process");
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+// NB: This serialization must match that of nsNSSCertList.
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Write(nsIObjectOutputStream* aStream)
+{
+  uint32_t certListLen = mFakeCertList.length();
+  // Write the length of the list
+  nsresult rv = aStream->Write32(certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for (size_t i = 0; i < certListLen; i++) {
+    nsCOMPtr<nsIX509Cert> cert = mFakeCertList[i];
+    nsCOMPtr<nsISerializable> serializableCert = do_QueryInterface(cert);
+    rv = aStream->WriteCompoundObject(serializableCert,
+                                      NS_GET_IID(nsIX509Cert), true);
+    if (NS_FAILED(rv)) {
+      break;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSCertListFakeTransport::Read(nsIObjectInputStream* aStream)
+{
+  uint32_t certListLen;
+  nsresult rv = aStream->Read32(&certListLen);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  for (uint32_t i = 0; i < certListLen; i++) {
+    nsCOMPtr<nsISupports> certSupports;
+    rv = aStream->ReadObject(true, getter_AddRefs(certSupports));
+    if (NS_FAILED(rv)) {
+      break;
+    }
+
+    nsCOMPtr<nsIX509Cert> cert = do_QueryInterface(certSupports);
+    if (!mFakeCertList.append(cert)) {
+      return NS_ERROR_OUT_OF_MEMORY;
+    }
+  }
+
+  return rv;
+}
diff --git a/security/manager/ssl/nsNSSCertificateFakeTransport.h b/security/manager/ssl/nsNSSCertificateFakeTransport.h
new file mode 100644
index 000000000..1c57505b4
--- /dev/null
+++ b/security/manager/ssl/nsNSSCertificateFakeTransport.h
@@ -0,0 +1,54 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSCertificateFakeTransport_h
+#define nsNSSCertificateFakeTransport_h
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Vector.h"
+#include "nsCOMPtr.h"
+#include "nsIClassInfo.h"
+#include "nsISerializable.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertList.h"
+#include "secitem.h"
+
+class nsNSSCertificateFakeTransport : public nsIX509Cert,
+                                      public nsISerializable,
+                                      public nsIClassInfo
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERT
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsNSSCertificateFakeTransport();
+
+protected:
+  virtual ~nsNSSCertificateFakeTransport();
+
+private:
+  mozilla::UniqueSECItem mCertSerialization;
+};
+
+class nsNSSCertListFakeTransport : public nsIX509CertList,
+                                   public nsISerializable
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIX509CERTLIST
+  NS_DECL_NSISERIALIZABLE
+
+  nsNSSCertListFakeTransport();
+
+protected:
+  virtual ~nsNSSCertListFakeTransport();
+
+private:
+  mozilla::Vector<nsCOMPtr<nsIX509Cert> > mFakeCertList;
+};
+
+#endif // nsNSSCertificateFakeTransport_h
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
new file mode 100644
index 000000000..d53f846ed
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -0,0 +1,2499 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSComponent.h"
+
+#include "ExtendedValidation.h"
+#include "NSSCertDBTrustDomain.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "cert.h"
+#include "certdb.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/PublicSSL.h"
+#include "mozilla/Services.h"
+#include "mozilla/StaticPtr.h"
+#include "mozilla/SyncRunnable.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsCRT.h"
+#include "nsClientAuthRemember.h"
+#include "nsComponentManagerUtils.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsICertOverrideService.h"
+#include "nsIFile.h"
+#include "nsIObserverService.h"
+#include "nsIPrompt.h"
+#include "nsIProperties.h"
+#include "nsISiteSecurityService.h"
+#include "nsITokenPasswordDialogs.h"
+#include "nsIWindowWatcher.h"
+#include "nsIXULRuntime.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "nss.h"
+#include "p12plcy.h"
+#include "pkix/pkixnss.h"
+#include "secerr.h"
+#include "secmod.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+#ifndef MOZ_NO_SMART_CARDS
+#include "nsSmartCardMonitor.h"
+#endif
+
+#ifdef XP_WIN
+#include "mozilla/WindowsVersion.h"
+#include "nsILocalFileWin.h"
+
+#include "windows.h" // this needs to be before the following includes
+#include "lmcons.h"
+#include "sddl.h"
+#include "wincrypt.h"
+#include "nsIWindowsRegKey.h"
+#endif
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+LazyLogModule gPIPNSSLog("pipnss");
+
+int nsNSSComponent::mInstanceCount = 0;
+
+// This function can be called from chrome or content processes
+// to ensure that NSS is initialized.
+bool EnsureNSSInitializedChromeOrContent()
+{
+  nsresult rv;
+  if (XRE_IsParentProcess()) {
+    nsCOMPtr<nsISupports> nss = do_GetService(PSM_COMPONENT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return false;
+    }
+
+    return true;
+  }
+
+  // If this is a content process and not the main thread (i.e. probably a
+  // worker) then forward this call to the main thread.
+  if (!NS_IsMainThread()) {
+    static Atomic<bool> initialized(false);
+
+    // Cache the result to dispatch to the main thread only once per worker.
+    if (initialized) {
+      return true;
+    }
+
+    nsCOMPtr<nsIThread> mainThread;
+    nsresult rv = NS_GetMainThread(getter_AddRefs(mainThread));
+    if (NS_FAILED(rv)) {
+      return false;
+    }
+
+    // Forward to the main thread synchronously.
+    mozilla::SyncRunnable::DispatchToThread(mainThread,
+      new SyncRunnable(NS_NewRunnableFunction([]() {
+        initialized = EnsureNSSInitializedChromeOrContent();
+      }))
+    );
+
+    return initialized;
+  }
+
+  if (NSS_IsInitialized()) {
+    return true;
+  }
+
+  if (NSS_NoDB_Init(nullptr) != SECSuccess) {
+    return false;
+  }
+
+  if (NS_FAILED(mozilla::psm::InitializeCipherSuite())) {
+    return false;
+  }
+
+  mozilla::psm::DisableMD5();
+  return true;
+}
+
+// We must ensure that the nsNSSComponent has been loaded before
+// creating any other components.
+bool EnsureNSSInitialized(EnsureNSSOperator op)
+{
+  if (GeckoProcessType_Default != XRE_GetProcessType())
+  {
+    if (op == nssEnsureOnChromeOnly)
+    {
+      // If the component needs PSM/NSS initialized only on the chrome process,
+      // pretend we successfully initiated it but in reality we bypass it.
+      // It's up to the programmer to check for process type in such components
+      // and take care not to call anything that needs NSS/PSM initiated.
+      return true;
+    }
+
+    NS_ERROR("Trying to initialize PSM/NSS in a non-chrome process!");
+    return false;
+  }
+
+  static bool loading = false;
+  static int32_t haveLoaded = 0;
+
+  switch (op)
+  {
+    // In following 4 cases we are protected by monitor of XPCOM component
+    // manager - we are inside of do_GetService call for nss component, so it is
+    // safe to move with the flags here.
+  case nssLoadingComponent:
+    if (loading)
+      return false; // We are reentered during nss component creation
+    loading = true;
+    return true;
+
+  case nssInitSucceeded:
+    NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitSucceeded)");
+    loading = false;
+    PR_AtomicSet(&haveLoaded, 1);
+    return true;
+
+  case nssInitFailed:
+    NS_ASSERTION(loading, "Bad call to EnsureNSSInitialized(nssInitFailed)");
+    loading = false;
+    MOZ_FALLTHROUGH;
+
+  case nssShutdown:
+    PR_AtomicSet(&haveLoaded, 0);
+    return false;
+
+    // In this case we are called from a component to ensure nss initilization.
+    // If the component has not yet been loaded and is not currently loading
+    // call do_GetService for nss component to ensure it.
+  case nssEnsure:
+  case nssEnsureOnChromeOnly:
+  case nssEnsureChromeOrContent:
+    // We are reentered during nss component creation or nss component is already up
+    if (PR_AtomicAdd(&haveLoaded, 0) || loading)
+      return true;
+
+    {
+    nsCOMPtr<nsINSSComponent> nssComponent
+      = do_GetService(PSM_COMPONENT_CONTRACTID);
+
+    // Nss component failed to initialize, inform the caller of that fact.
+    // Flags are appropriately set by component constructor itself.
+    if (!nssComponent)
+      return false;
+
+    bool isInitialized;
+    nsresult rv = nssComponent->IsNSSInitialized(&isInitialized);
+    return NS_SUCCEEDED(rv) && isInitialized;
+    }
+
+  default:
+    NS_ASSERTION(false, "Bad operator to EnsureNSSInitialized");
+    return false;
+  }
+}
+
+static void
+GetRevocationBehaviorFromPrefs(/*out*/ CertVerifier::OcspDownloadConfig* odc,
+                               /*out*/ CertVerifier::OcspStrictConfig* osc,
+                               /*out*/ CertVerifier::OcspGetConfig* ogc,
+                               /*out*/ uint32_t* certShortLifetimeInDays,
+                               const MutexAutoLock& /*proofOfLock*/)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(odc);
+  MOZ_ASSERT(osc);
+  MOZ_ASSERT(ogc);
+  MOZ_ASSERT(certShortLifetimeInDays);
+
+  // 0 = disabled
+  // 1 = enabled for everything (default)
+  // 2 = enabled for EV certificates only
+  int32_t ocspLevel = Preferences::GetInt("security.OCSP.enabled", 1);
+  switch (ocspLevel) {
+    case 0: *odc = CertVerifier::ocspOff; break;
+    case 2: *odc = CertVerifier::ocspEVOnly; break;
+    default: *odc = CertVerifier::ocspOn; break;
+  }
+
+  *osc = Preferences::GetBool("security.OCSP.require", false)
+       ? CertVerifier::ocspStrict
+       : CertVerifier::ocspRelaxed;
+
+  // XXX: Always use POST for OCSP; see bug 871954 for undoing this.
+  *ogc = Preferences::GetBool("security.OCSP.GET.enabled", false)
+       ? CertVerifier::ocspGetEnabled
+       : CertVerifier::ocspGetDisabled;
+
+  // If we pass in just 0 as the second argument to Preferences::GetUint, there
+  // are two function signatures that match (given that 0 can be intepreted as
+  // a null pointer). Thus the compiler will complain without the cast.
+  *certShortLifetimeInDays =
+    Preferences::GetUint("security.pki.cert_short_lifetime_in_days",
+                         static_cast<uint32_t>(0));
+
+  SSL_ClearSessionCache();
+}
+
+nsNSSComponent::nsNSSComponent()
+  : mutex("nsNSSComponent.mutex")
+  , mNSSInitialized(false)
+#ifndef MOZ_NO_SMART_CARDS
+  , mThreadList(nullptr)
+#endif
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ctor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
+  ++mInstanceCount;
+}
+
+nsNSSComponent::~nsNSSComponent()
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  // All cleanup code requiring services needs to happen in xpcom_shutdown
+
+  ShutdownNSS();
+  SharedSSLState::GlobalCleanup();
+  RememberCertErrorsTable::Cleanup();
+  --mInstanceCount;
+  nsNSSShutDownList::shutdown();
+
+  // We are being freed, drop the haveLoaded flag to re-enable
+  // potential nss initialization later.
+  EnsureNSSInitialized(nssShutdown);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::dtor finished\n"));
+}
+
+NS_IMETHODIMP
+nsNSSComponent::PIPBundleFormatStringFromName(const char* name,
+                                              const char16_t** params,
+                                              uint32_t numParams,
+                                              nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  if (mPIPNSSBundle && name) {
+    nsXPIDLString result;
+    rv = mPIPNSSBundle->FormatStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                             params, numParams,
+                                             getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+    }
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetPIPNSSBundleString(const char* name, nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  outString.SetLength(0);
+  if (mPIPNSSBundle && name) {
+    nsXPIDLString result;
+    rv = mPIPNSSBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                          getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+      rv = NS_OK;
+    }
+  }
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetNSSBundleString(const char* name, nsAString& outString)
+{
+  nsresult rv = NS_ERROR_FAILURE;
+
+  outString.SetLength(0);
+  if (mNSSErrorsBundle && name) {
+    nsXPIDLString result;
+    rv = mNSSErrorsBundle->GetStringFromName(NS_ConvertASCIItoUTF16(name).get(),
+                                             getter_Copies(result));
+    if (NS_SUCCEEDED(rv)) {
+      outString = result;
+      rv = NS_OK;
+    }
+  }
+
+  return rv;
+}
+
+#ifndef MOZ_NO_SMART_CARDS
+void
+nsNSSComponent::LaunchSmartCardThreads()
+{
+  nsNSSShutDownPreventionLock locker;
+  {
+    SECMODModuleList* list;
+    SECMODListLock* lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+               ("Couldn't get the module list lock, can't launch smart card threads\n"));
+        return;
+    }
+    SECMOD_GetReadLock(lock);
+    list = SECMOD_GetDefaultModuleList();
+
+    while (list) {
+      SECMODModule* module = list->module;
+      LaunchSmartCardThread(module);
+      list = list->next;
+    }
+    SECMOD_ReleaseReadLock(lock);
+  }
+}
+
+NS_IMETHODIMP
+nsNSSComponent::LaunchSmartCardThread(SECMODModule* module)
+{
+  SmartCardMonitoringThread* newThread;
+  if (SECMOD_HasRemovableSlots(module)) {
+    if (!mThreadList) {
+      mThreadList = new SmartCardThreadList();
+    }
+    newThread = new SmartCardMonitoringThread(module);
+    // newThread is adopted by the add.
+    return mThreadList->Add(newThread);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::ShutdownSmartCardThread(SECMODModule* module)
+{
+  if (!mThreadList) {
+    return NS_OK;
+  }
+  mThreadList->Remove(module);
+  return NS_OK;
+}
+
+void
+nsNSSComponent::ShutdownSmartCardThreads()
+{
+  delete mThreadList;
+  mThreadList = nullptr;
+}
+#endif // MOZ_NO_SMART_CARDS
+
+#ifdef XP_WIN
+static bool
+GetUserSid(nsAString& sidString)
+{
+  // UNLEN is the maximum user name length (see Lmcons.h). +1 for the null
+  // terminator.
+  WCHAR lpAccountName[UNLEN + 1];
+  DWORD lcAccountName = sizeof(lpAccountName) / sizeof(lpAccountName[0]);
+  BOOL success = GetUserName(lpAccountName, &lcAccountName);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("GetUserName failed"));
+    return false;
+  }
+  char sid_buffer[SECURITY_MAX_SID_SIZE];
+  SID* sid = BitwiseCast<SID*, char*>(sid_buffer);
+  DWORD cbSid = ArrayLength(sid_buffer);
+  SID_NAME_USE eUse;
+  // There doesn't appear to be a defined maximum length for the domain name
+  // here. To deal with this, we start with a reasonable buffer length and
+  // see if that works. If it fails and the error indicates insufficient length,
+  // we use the indicated required length and try again.
+  DWORD cchReferencedDomainName = 128;
+  auto ReferencedDomainName(MakeUnique<WCHAR[]>(cchReferencedDomainName));
+  success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                              ReferencedDomainName.get(),
+                              &cchReferencedDomainName, &eUse);
+  if (!success && GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  if (!success) {
+    ReferencedDomainName = MakeUnique<WCHAR[]>(cchReferencedDomainName);
+    success = LookupAccountName(nullptr, lpAccountName, sid, &cbSid,
+                                ReferencedDomainName.get(),
+                                &cchReferencedDomainName, &eUse);
+  }
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("LookupAccountName failed"));
+    return false;
+  }
+  LPTSTR StringSid;
+  success = ConvertSidToStringSid(sid, &StringSid);
+  if (!success) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ConvertSidToStringSid failed"));
+    return false;
+  }
+  sidString.Assign(StringSid);
+  LocalFree(StringSid);
+  return true;
+}
+
+// This is a specialized helper function to read the value of a registry key
+// that might not be present. If it is present, returns (via the output
+// parameter) its value. Otherwise, returns the given default value.
+// This function handles one level of nesting. That is, if the desired value
+// is actually in a direct child of the given registry key (where the child
+// and/or the value being sought may not actually be present), this function
+// will handle that. In the normal case, though, optionalChildName will be
+// null.
+static nsresult
+ReadRegKeyValueWithDefault(nsCOMPtr<nsIWindowsRegKey> regKey,
+                           uint32_t flags,
+                           wchar_t* optionalChildName,
+                           wchar_t* valueName,
+                           uint32_t defaultValue,
+                           uint32_t& valueOut)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("ReadRegKeyValueWithDefault"));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("attempting to read '%S%s%S' with default '%u'",
+           optionalChildName ? optionalChildName : L"",
+           optionalChildName ? "\\" : "", valueName, defaultValue));
+  if (optionalChildName) {
+    nsDependentString childNameString(optionalChildName);
+    bool hasChild;
+    nsresult rv = regKey->HasChild(childNameString, &hasChild);
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to determine if child key is present"));
+      return rv;
+    }
+    if (!hasChild) {
+      valueOut = defaultValue;
+      return NS_OK;
+    }
+    nsCOMPtr<nsIWindowsRegKey> childRegKey;
+    rv = regKey->OpenChild(childNameString, flags,
+                           getter_AddRefs(childRegKey));
+    if (NS_FAILED(rv)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open child key"));
+      return rv;
+    }
+    return ReadRegKeyValueWithDefault(childRegKey, flags, nullptr, valueName,
+                                      defaultValue, valueOut);
+  }
+  nsDependentString valueNameString(valueName);
+  bool hasValue;
+  nsresult rv = regKey->HasValue(valueNameString, &hasValue);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to determine if value is present"));
+    return rv;
+  }
+  if (!hasValue) {
+    valueOut = defaultValue;
+    return NS_OK;
+  }
+  rv = regKey->ReadIntValue(valueNameString, &valueOut);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to read value"));
+    return rv;
+  }
+  return NS_OK;
+}
+
+static nsresult
+AccountHasFamilySafetyEnabled(bool& enabled)
+{
+  enabled = false;
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("AccountHasFamilySafetyEnabled?"));
+  nsCOMPtr<nsIWindowsRegKey> parentalControlsKey(
+    do_CreateInstance("@mozilla.org/windows-registry-key;1"));
+  if (!parentalControlsKey) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't create nsIWindowsRegKey"));
+    return NS_ERROR_FAILURE;
+  }
+  uint32_t flags = nsIWindowsRegKey::ACCESS_READ | nsIWindowsRegKey::WOW64_64;
+  NS_NAMED_LITERAL_STRING(familySafetyPath,
+    "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Parental Controls");
+  nsresult rv = parentalControlsKey->Open(
+    nsIWindowsRegKey::ROOT_KEY_LOCAL_MACHINE, familySafetyPath, flags);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open parentalControlsKey"));
+    return rv;
+  }
+  NS_NAMED_LITERAL_STRING(usersString, "Users");
+  bool hasUsers;
+  rv = parentalControlsKey->HasChild(usersString, &hasUsers);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(Users) failed"));
+    return rv;
+  }
+  if (!hasUsers) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("Users subkey not present - Parental Controls not enabled"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> usersKey;
+  rv = parentalControlsKey->OpenChild(usersString, flags,
+                                      getter_AddRefs(usersKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open Users subkey"));
+    return rv;
+  }
+  nsAutoString sid;
+  if (!GetUserSid(sid)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't get sid"));
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("our sid is '%S'", sid.get()));
+  bool hasSid;
+  rv = usersKey->HasChild(sid, &hasSid);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("HasChild(sid) failed"));
+    return rv;
+  }
+  if (!hasSid) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("sid not present in Family Safety Users"));
+    return NS_OK;
+  }
+  nsCOMPtr<nsIWindowsRegKey> sidKey;
+  rv = usersKey->OpenChild(sid, flags, getter_AddRefs(sidKey));
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't open sid key"));
+    return rv;
+  }
+  // There are three keys we're interested in: "Parental Controls On",
+  // "Logging Required", and "Web\\Filter On". These keys will have value 0
+  // or 1, indicating a particular feature is disabled or enabled,
+  // respectively. So, if "Parental Controls On" is not 1, Family Safety is
+  // disabled and we don't care about anything else. If both "Logging
+  // Required" and "Web\\Filter On" are 0, the proxy will not be running,
+  // so for our purposes we can consider Family Safety disabled in that
+  // case.
+  // By default, "Logging Required" is 1 and "Web\\Filter On" is 0,
+  // reflecting the initial settings when Family Safety is enabled for an
+  // account for the first time, However, these sub-keys are not created
+  // unless they are switched away from the default value.
+  uint32_t parentalControlsOn;
+  rv = sidKey->ReadIntValue(NS_LITERAL_STRING("Parental Controls On"),
+                            &parentalControlsOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't read Parental Controls On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Parental Controls On: %u", parentalControlsOn));
+  if (parentalControlsOn != 1) {
+    return NS_OK;
+  }
+  uint32_t loggingRequired;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, nullptr, L"Logging Required",
+                                  1, loggingRequired);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Logging Required"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("Logging Required: %u", loggingRequired));
+  uint32_t webFilterOn;
+  rv = ReadRegKeyValueWithDefault(sidKey, flags, L"Web", L"Filter On", 0,
+                                  webFilterOn);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to read value of Web\\Filter On"));
+    return rv;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Web\\Filter On: %u", webFilterOn));
+  enabled = loggingRequired == 1 || webFilterOn == 1;
+  return NS_OK;
+}
+
+// It would be convenient to just use nsIX509CertDB in the following code.
+// However, since nsIX509CertDB depends on nsNSSComponent initialization (and
+// since this code runs during that initialization), we can't use it. Instead,
+// we can use NSS APIs directly (as long as we're called late enough in
+// nsNSSComponent initialization such that those APIs are safe to use).
+
+// Helper function to convert a PCCERT_CONTEXT (i.e. a certificate obtained via
+// a Windows API) to a temporary CERTCertificate (i.e. a certificate for use
+// with NSS APIs).
+static UniqueCERTCertificate
+PCCERT_CONTEXTToCERTCertificate(PCCERT_CONTEXT pccert)
+{
+  MOZ_ASSERT(pccert);
+  if (!pccert) {
+    return nullptr;
+  }
+
+  SECItem derCert = {
+    siBuffer,
+    pccert->pbCertEncoded,
+    pccert->cbCertEncoded
+  };
+  return UniqueCERTCertificate(
+    CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
+                            nullptr, // nickname unnecessary
+                            false, // not permanent
+                            true)); // copy DER
+}
+
+static const char* kMicrosoftFamilySafetyCN = "Microsoft Family Safety";
+
+nsresult
+nsNSSComponent::MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
+                                            bool& wasFamilySafetyRoot)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("MaybeImportFamilySafetyRoot"));
+  wasFamilySafetyRoot = false;
+
+  UniqueCERTCertificate nssCertificate(
+    PCCERT_CONTEXTToCERTCertificate(certificate));
+  if (!nssCertificate) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
+    return NS_ERROR_FAILURE;
+  }
+  // Looking for a certificate with the common name 'Microsoft Family Safety'
+  UniquePORTString subjectName(CERT_GetCommonName(&nssCertificate->subject));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("subject name is '%s'", subjectName.get()));
+  if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+    wasFamilySafetyRoot = true;
+    CERTCertTrust trust = {
+      CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER,
+      0,
+      0
+    };
+    if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't trust certificate for TLS server auth"));
+      return NS_ERROR_FAILURE;
+    }
+    MOZ_ASSERT(!mFamilySafetyRoot);
+    mFamilySafetyRoot = Move(nssCertificate);
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("added Family Safety root"));
+  }
+  return NS_OK;
+}
+
+// Because HCERTSTORE is just a typedef void*, we can't use any of the nice
+// scoped or unique pointer templates. To elaborate, any attempt would
+// instantiate those templates with T = void. When T gets used in the context
+// of T&, this results in void&, which isn't legal.
+class ScopedCertStore final
+{
+public:
+  explicit ScopedCertStore(HCERTSTORE certstore) : certstore(certstore) {}
+
+  ~ScopedCertStore()
+  {
+    CertCloseStore(certstore, 0);
+  }
+
+  HCERTSTORE get()
+  {
+    return certstore;
+  }
+
+private:
+  ScopedCertStore(const ScopedCertStore&) = delete;
+  ScopedCertStore& operator=(const ScopedCertStore&) = delete;
+  HCERTSTORE certstore;
+};
+
+static const wchar_t* kWindowsDefaultRootStoreName = L"ROOT";
+
+nsresult
+nsNSSComponent::LoadFamilySafetyRoot()
+{
+  ScopedCertStore certstore(
+    CertOpenSystemStore(0, kWindowsDefaultRootStoreName));
+  if (!certstore.get()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't get certstore '%S'", kWindowsDefaultRootStoreName));
+    return NS_ERROR_FAILURE;
+  }
+  // Any resources held by the certificate are released by the next call to
+  // CertFindCertificateInStore.
+  PCCERT_CONTEXT certificate = nullptr;
+  while ((certificate = CertFindCertificateInStore(certstore.get(),
+                                                   X509_ASN_ENCODING, 0,
+                                                   CERT_FIND_ANY, nullptr,
+                                                   certificate))) {
+    bool wasFamilySafetyRoot = false;
+    nsresult rv = MaybeImportFamilySafetyRoot(certificate,
+                                              wasFamilySafetyRoot);
+    if (NS_SUCCEEDED(rv) && wasFamilySafetyRoot) {
+      return NS_OK; // We're done (we're only expecting one root).
+    }
+  }
+  return NS_ERROR_FAILURE;
+}
+
+void
+nsNSSComponent::UnloadFamilySafetyRoot()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadFamilySafetyRoot"));
+  if (!mFamilySafetyRoot) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Family Safety Root wasn't present"));
+    return;
+  }
+  // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this
+  // doesn't work for temporary certificates because CERT_ChangeCertTrust first
+  // looks up the current trust settings in the permanent cert database, finds
+  // that such trust doesn't exist, considers the current trust to be
+  // { 0, 0, 0 }, and decides that it doesn't need to update the trust since
+  // they're the same. To work around this, we set a non-zero flag to ensure
+  // that the trust will get updated.
+  CERTCertTrust trust = { CERTDB_USER, 0, 0 };
+  if (CERT_ChangeCertTrust(nullptr, mFamilySafetyRoot.get(), &trust)
+        != SECSuccess) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("couldn't untrust certificate for TLS server auth"));
+  }
+  mFamilySafetyRoot = nullptr;
+}
+
+#endif // XP_WIN
+
+// The supported values of this pref are:
+// 0: disable detecting Family Safety mode and importing the root
+// 1: only attempt to detect Family Safety mode (don't import the root)
+// 2: detect Family Safety mode and import the root
+const char* kFamilySafetyModePref = "security.family_safety.mode";
+
+// The telemetry gathered by this function is as follows:
+// 0-2: the value of the Family Safety mode pref
+// 3: detecting Family Safety mode failed
+// 4: Family Safety was not enabled
+// 5: Family Safety was enabled
+// 6: failed to import the Family Safety root
+// 7: successfully imported the root
+void
+nsNSSComponent::MaybeEnableFamilySafetyCompatibility()
+{
+#ifdef XP_WIN
+  UnloadFamilySafetyRoot();
+  if (!(IsWin8Point1OrLater() && !IsWin10OrLater())) {
+    return;
+  }
+  // Detect but don't import by default.
+  uint32_t familySafetyMode = Preferences::GetUint(kFamilySafetyModePref, 1);
+  if (familySafetyMode > 2) {
+    familySafetyMode = 0;
+  }
+  Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, familySafetyMode);
+  if (familySafetyMode == 0) {
+    return;
+  }
+  bool familySafetyEnabled;
+  nsresult rv = AccountHasFamilySafetyEnabled(familySafetyEnabled);
+  if (NS_FAILED(rv)) {
+    Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 3);
+    return;
+  }
+  if (!familySafetyEnabled) {
+    Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 4);
+    return;
+  }
+  Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 5);
+  if (familySafetyMode == 2) {
+    rv = LoadFamilySafetyRoot();
+    if (NS_FAILED(rv)) {
+      Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 6);
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to load Family Safety root"));
+    } else {
+      Telemetry::Accumulate(Telemetry::FAMILY_SAFETY, 7);
+    }
+  }
+#endif // XP_WIN
+}
+
+#ifdef XP_WIN
+// Helper function to determine if the OS considers the given certificate to be
+// a trust anchor for TLS server auth certificates. This is to be used in the
+// context of importing what are presumed to be root certificates from the OS.
+// If this function returns true but it turns out that the given certificate is
+// in some way unsuitable to issue certificates, mozilla::pkix will never build
+// a valid chain that includes the certificate, so importing it even if it
+// isn't a valid CA poses no risk.
+static bool
+CertIsTrustAnchorForTLSServerAuth(PCCERT_CONTEXT certificate)
+{
+  MOZ_ASSERT(certificate);
+  if (!certificate) {
+    return false;
+  }
+
+  PCCERT_CHAIN_CONTEXT pChainContext = nullptr;
+  CERT_ENHKEY_USAGE enhkeyUsage;
+  memset(&enhkeyUsage, 0, sizeof(CERT_ENHKEY_USAGE));
+  LPSTR identifiers[] = {
+    "1.3.6.1.5.5.7.3.1", // id-kp-serverAuth
+  };
+  enhkeyUsage.cUsageIdentifier = ArrayLength(identifiers);
+  enhkeyUsage.rgpszUsageIdentifier = identifiers;
+  CERT_USAGE_MATCH certUsage;
+  memset(&certUsage, 0, sizeof(CERT_USAGE_MATCH));
+  certUsage.dwType = USAGE_MATCH_TYPE_AND;
+  certUsage.Usage = enhkeyUsage;
+  CERT_CHAIN_PARA chainPara;
+  memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+  chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+  chainPara.RequestedUsage = certUsage;
+
+  if (!CertGetCertificateChain(nullptr, certificate, nullptr, nullptr,
+                               &chainPara, 0, nullptr, &pChainContext)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("CertGetCertificateChain failed"));
+    return false;
+  }
+  bool trusted = pChainContext->TrustStatus.dwErrorStatus ==
+                 CERT_TRUST_NO_ERROR;
+  bool isRoot = pChainContext->cChain == 1;
+  CertFreeCertificateChain(pChainContext);
+  if (trusted && isRoot) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("certificate is trust anchor for TLS server auth"));
+    return true;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("certificate not trust anchor for TLS server auth"));
+  return false;
+}
+
+void
+nsNSSComponent::UnloadEnterpriseRoots()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("UnloadEnterpriseRoots"));
+  if (!mEnterpriseRoots) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("no enterprise roots were present"));
+    return;
+  }
+  // It would be intuitive to set the trust to { 0, 0, 0 } here. However, this
+  // doesn't work for temporary certificates because CERT_ChangeCertTrust first
+  // looks up the current trust settings in the permanent cert database, finds
+  // that such trust doesn't exist, considers the current trust to be
+  // { 0, 0, 0 }, and decides that it doesn't need to update the trust since
+  // they're the same. To work around this, we set a non-zero flag to ensure
+  // that the trust will get updated.
+  CERTCertTrust trust = { CERTDB_USER, 0, 0 };
+  for (CERTCertListNode* n = CERT_LIST_HEAD(mEnterpriseRoots.get());
+       !CERT_LIST_END(n, mEnterpriseRoots.get()); n = CERT_LIST_NEXT(n)) {
+    if (!n || !n->cert) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("library failure: CERTCertListNode null or lacks cert"));
+      continue;
+    }
+    if (CERT_ChangeCertTrust(nullptr, n->cert, &trust) != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't untrust certificate for TLS server auth"));
+    }
+  }
+  mEnterpriseRoots = nullptr;
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("unloaded enterprise roots"));
+}
+
+NS_IMETHODIMP
+nsNSSComponent::GetEnterpriseRoots(nsIX509CertList** enterpriseRoots)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+  NS_ENSURE_ARG_POINTER(enterpriseRoots);
+
+  nsNSSShutDownPreventionLock lock;
+  // nsNSSComponent isn't a nsNSSShutDownObject, so we can't check
+  // isAlreadyShutDown(). However, since mEnterpriseRoots is cleared when NSS
+  // shuts down, we can use that as a proxy for checking for NSS shutdown.
+  // (Of course, it may also be the case that no enterprise roots were imported,
+  // so we should just return a null list and NS_OK in this case.)
+  if (!mEnterpriseRoots) {
+    *enterpriseRoots = nullptr;
+    return NS_OK;
+  }
+  UniqueCERTCertList enterpriseRootsCopy(
+    nsNSSCertList::DupCertList(mEnterpriseRoots, lock));
+  if (!enterpriseRootsCopy) {
+    return NS_ERROR_FAILURE;
+  }
+  nsCOMPtr<nsIX509CertList> enterpriseRootsCertList(
+    new nsNSSCertList(Move(enterpriseRootsCopy), lock));
+  if (!enterpriseRootsCertList) {
+    return NS_ERROR_FAILURE;
+  }
+  enterpriseRootsCertList.forget(enterpriseRoots);
+  return NS_OK;
+}
+#endif // XP_WIN
+
+static const char* kEnterpriseRootModePref = "security.enterprise_roots.enabled";
+
+void
+nsNSSComponent::MaybeImportEnterpriseRoots()
+{
+#ifdef XP_WIN
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  UnloadEnterpriseRoots();
+  bool importEnterpriseRoots = Preferences::GetBool(kEnterpriseRootModePref,
+                                                    false);
+  if (!importEnterpriseRoots) {
+    return;
+  }
+
+  MOZ_ASSERT(!mEnterpriseRoots);
+  mEnterpriseRoots.reset(CERT_NewCertList());
+  if (!mEnterpriseRoots) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("failed to allocate a new CERTCertList for mEnterpriseRoots"));
+    return;
+  }
+
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE);
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY);
+  ImportEnterpriseRootsForLocation(CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE);
+#endif // XP_WIN
+}
+
+#ifdef XP_WIN
+// Loads the enterprise roots at the registry location corresponding to the
+// given location flag.
+// Supported flags are:
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE
+//     (for HKLM\SOFTWARE\Microsoft\SystemCertificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY
+//     (for HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates)
+//   CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE
+//     (for HKLM\SOFTWARE\Microsoft\EnterpriseCertificates\Root\Certificates)
+void
+nsNSSComponent::ImportEnterpriseRootsForLocation(DWORD locationFlag)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return;
+  }
+  MOZ_ASSERT(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+             locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+             locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE,
+             "unexpected locationFlag for ImportEnterpriseRootsForLocation");
+  if (!(locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY ||
+        locationFlag == CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE)) {
+    return;
+  }
+
+  DWORD flags = locationFlag |
+                CERT_STORE_OPEN_EXISTING_FLAG |
+                CERT_STORE_READONLY_FLAG;
+  // The certificate store being opened should consist only of certificates
+  // added by a user or administrator and not any certificates that are part
+  // of Microsoft's root store program.
+  // The 3rd parameter to CertOpenStore should be NULL according to
+  // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376559%28v=vs.85%29.aspx
+  ScopedCertStore enterpriseRootStore(CertOpenStore(
+    CERT_STORE_PROV_SYSTEM_REGISTRY_W, 0, NULL, flags,
+    kWindowsDefaultRootStoreName));
+  if (!enterpriseRootStore.get()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("failed to open enterprise root store"));
+    return;
+  }
+  CERTCertTrust trust = {
+    CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER,
+    0,
+    0
+  };
+  PCCERT_CONTEXT certificate = nullptr;
+  uint32_t numImported = 0;
+  while ((certificate = CertFindCertificateInStore(enterpriseRootStore.get(),
+                                                   X509_ASN_ENCODING, 0,
+                                                   CERT_FIND_ANY, nullptr,
+                                                   certificate))) {
+    if (!CertIsTrustAnchorForTLSServerAuth(certificate)) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("skipping cert not trust anchor for TLS server auth"));
+      continue;
+    }
+    UniqueCERTCertificate nssCertificate(
+      PCCERT_CONTEXTToCERTCertificate(certificate));
+    if (!nssCertificate) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
+      continue;
+    }
+    // Don't import the Microsoft Family Safety root (this prevents the
+    // Enterprise Roots feature from interacting poorly with the Family
+    // Safety support).
+    UniquePORTString subjectName(
+      CERT_GetCommonName(&nssCertificate->subject));
+    if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("skipping Family Safety Root"));
+      continue;
+    }
+    MOZ_ASSERT(mEnterpriseRoots, "mEnterpriseRoots unexpectedly NULL?");
+    if (!mEnterpriseRoots) {
+      return;
+    }
+    if (CERT_AddCertToListTail(mEnterpriseRoots.get(), nssCertificate.get())
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't add cert to list"));
+      continue;
+    }
+    if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
+          != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("couldn't trust certificate for TLS server auth"));
+    }
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Imported '%s'", subjectName.get()));
+    numImported++;
+    // now owned by mEnterpriseRoots
+    Unused << nssCertificate.release();
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("imported %u roots", numImported));
+}
+#endif // XP_WIN
+
+void
+nsNSSComponent::LoadLoadableRoots()
+{
+  nsNSSShutDownPreventionLock locker;
+  SECMODModule* RootsModule = nullptr;
+
+  // In the past we used SECMOD_AddNewModule to load our module containing
+  // root CA certificates. This caused problems, refer to bug 176501.
+  // On startup, we fix our database and clean any stored module reference,
+  // and will use SECMOD_LoadUserModule to temporarily load it
+  // for the session. (This approach requires to clean up
+  // using SECMOD_UnloadUserModule at the end of the session.)
+
+  {
+    // Find module containing root certs
+
+    SECMODModuleList* list;
+    SECMODListLock* lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+               ("Couldn't get the module list lock, can't install loadable roots\n"));
+        return;
+    }
+    SECMOD_GetReadLock(lock);
+    list = SECMOD_GetDefaultModuleList();
+
+    while (!RootsModule && list) {
+      SECMODModule* module = list->module;
+
+      for (int i=0; i < module->slotCount; i++) {
+        PK11SlotInfo* slot = module->slots[i];
+        if (PK11_IsPresent(slot)) {
+          if (PK11_HasRootCerts(slot)) {
+            RootsModule = SECMOD_ReferenceModule(module);
+            break;
+          }
+        }
+      }
+
+      list = list->next;
+    }
+    SECMOD_ReleaseReadLock(lock);
+  }
+
+  if (RootsModule) {
+    int32_t modType;
+    SECMOD_DeleteModule(RootsModule->commonName, &modType);
+    SECMOD_DestroyModule(RootsModule);
+    RootsModule = nullptr;
+  }
+
+  // Find the best Roots module for our purposes.
+  // Prefer the application's installation directory,
+  // but also ensure the library is at least the version we expect.
+
+  nsAutoString modName;
+  nsresult rv = GetPIPNSSBundleString("RootCertModuleName", modName);
+  if (NS_FAILED(rv)) {
+    // When running Cpp unit tests on Android, this will fail because string
+    // bundles aren't available (see bug 1311077, bug 1228175 comment 12, and
+    // bug 929655). Because the module name is really only for display purposes,
+    // we can just hard-code the value here. Furthermore, if we want to be able
+    // to stop using string bundles in PSM in this way, we'll have to hard-code
+    // the string and only use the localized version when displaying it to the
+    // user, so this is a step in that direction anyway.
+    modName.AssignLiteral("Builtin Roots Module");
+  }
+
+  nsCOMPtr<nsIProperties> directoryService(do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID));
+  if (!directoryService)
+    return;
+
+  static const char nss_lib[] = "nss3";
+  const char* possible_ckbi_locations[] = {
+    nss_lib, // This special value means: search for ckbi in the directory
+             // where nss3 is.
+    NS_XPCOM_CURRENT_PROCESS_DIR,
+    NS_GRE_DIR,
+    0 // This special value means:
+      //   search for ckbi in the directories on the shared
+      //   library/DLL search path
+  };
+
+  for (size_t il = 0; il < sizeof(possible_ckbi_locations)/sizeof(const char*); ++il) {
+    nsAutoCString libDir;
+
+    if (possible_ckbi_locations[il]) {
+      nsCOMPtr<nsIFile> mozFile;
+      if (possible_ckbi_locations[il] == nss_lib) {
+        // Get the location of the nss3 library.
+        char* nss_path = PR_GetLibraryFilePathname(DLL_PREFIX "nss3" DLL_SUFFIX,
+                                                   (PRFuncPtr) NSS_Initialize);
+        if (!nss_path) {
+          continue;
+        }
+        // Get the directory containing the nss3 library.
+        nsCOMPtr<nsIFile> nssLib(do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv));
+        if (NS_SUCCEEDED(rv)) {
+          rv = nssLib->InitWithNativePath(nsDependentCString(nss_path));
+        }
+        PR_Free(nss_path);
+        if (NS_SUCCEEDED(rv)) {
+          nsCOMPtr<nsIFile> file;
+          if (NS_SUCCEEDED(nssLib->GetParent(getter_AddRefs(file)))) {
+            mozFile = do_QueryInterface(file);
+          }
+        }
+      } else {
+        directoryService->Get( possible_ckbi_locations[il],
+                               NS_GET_IID(nsIFile),
+                               getter_AddRefs(mozFile));
+      }
+
+      if (!mozFile) {
+        continue;
+      }
+
+      if (NS_FAILED(mozFile->GetNativePath(libDir))) {
+        continue;
+      }
+    }
+
+    NS_ConvertUTF16toUTF8 modNameUTF8(modName);
+    if (mozilla::psm::LoadLoadableRoots(
+            libDir.Length() > 0 ? libDir.get() : nullptr,
+            modNameUTF8.get()) == SECSuccess) {
+      break;
+    }
+  }
+}
+
+void
+nsNSSComponent::UnloadLoadableRoots()
+{
+  nsresult rv;
+  nsAutoString modName;
+  rv = GetPIPNSSBundleString("RootCertModuleName", modName);
+  if (NS_FAILED(rv)) return;
+
+  NS_ConvertUTF16toUTF8 modNameUTF8(modName);
+  ::mozilla::psm::UnloadLoadableRoots(modNameUTF8.get());
+}
+
+nsresult
+nsNSSComponent::ConfigureInternalPKCS11Token()
+{
+  nsNSSShutDownPreventionLock locker;
+  nsAutoString manufacturerID;
+  nsAutoString libraryDescription;
+  nsAutoString tokenDescription;
+  nsAutoString privateTokenDescription;
+  nsAutoString slotDescription;
+  nsAutoString privateSlotDescription;
+  nsAutoString fips140SlotDescription;
+  nsAutoString fips140TokenDescription;
+
+  nsresult rv;
+  rv = GetPIPNSSBundleString("ManufacturerID", manufacturerID);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("LibraryDescription", libraryDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("TokenDescription", tokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("PrivateTokenDescription", privateTokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("SlotDescription", slotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("PrivateSlotDescription", privateSlotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("Fips140SlotDescription", fips140SlotDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  rv = GetPIPNSSBundleString("Fips140TokenDescription", fips140TokenDescription);
+  if (NS_FAILED(rv)) return rv;
+
+  PK11_ConfigurePKCS11(NS_ConvertUTF16toUTF8(manufacturerID).get(),
+                       NS_ConvertUTF16toUTF8(libraryDescription).get(),
+                       NS_ConvertUTF16toUTF8(tokenDescription).get(),
+                       NS_ConvertUTF16toUTF8(privateTokenDescription).get(),
+                       NS_ConvertUTF16toUTF8(slotDescription).get(),
+                       NS_ConvertUTF16toUTF8(privateSlotDescription).get(),
+                       NS_ConvertUTF16toUTF8(fips140SlotDescription).get(),
+                       NS_ConvertUTF16toUTF8(fips140TokenDescription).get(),
+                       0, 0);
+  return NS_OK;
+}
+
+nsresult
+nsNSSComponent::InitializePIPNSSBundle()
+{
+  // Called during init only, no mutex required.
+
+  nsresult rv;
+  nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+  MOZ_RELEASE_ASSERT(bundleService);
+#endif
+  if (NS_FAILED(rv) || !bundleService)
+    return NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties",
+                              getter_AddRefs(mPIPNSSBundle));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(mPIPNSSBundle);
+#endif
+  if (!mPIPNSSBundle)
+    rv = NS_ERROR_FAILURE;
+
+  bundleService->CreateBundle("chrome://pipnss/locale/nsserrors.properties",
+                              getter_AddRefs(mNSSErrorsBundle));
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(mNSSErrorsBundle);
+#endif
+  if (!mNSSErrorsBundle)
+    rv = NS_ERROR_FAILURE;
+
+  return rv;
+}
+
+// Table of pref names and SSL cipher ID
+typedef struct {
+  const char* pref;
+  long id;
+  bool enabledByDefault;
+  bool weak;
+} CipherPref;
+
+// Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp
+// when you add/remove cipher suites here.
+static const CipherPref sCipherPrefs[] = {
+ { "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
+   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
+   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true },
+
+ { "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, true },
+ { "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, true },
+
+ { "security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384",
+   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true },
+ { "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384",
+   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true },
+
+ { "security.ssl3.ecdhe_rsa_aes_128_sha",
+   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_128_sha",
+   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
+
+ { "security.ssl3.ecdhe_rsa_aes_256_sha",
+   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },
+ { "security.ssl3.ecdhe_ecdsa_aes_256_sha",
+   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true },
+
+ { "security.ssl3.dhe_rsa_aes_128_sha",
+   TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
+
+ { "security.ssl3.dhe_rsa_aes_256_sha",
+   TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true },
+
+ { "security.tls13.aes_128_gcm_sha256",
+   TLS_AES_128_GCM_SHA256, true },
+ { "security.tls13.chacha20_poly1305_sha256",
+   TLS_CHACHA20_POLY1305_SHA256, true },
+ { "security.tls13.aes_256_gcm_sha384",
+   TLS_AES_256_GCM_SHA384, true },
+
+ { "security.ssl3.rsa_aes_128_sha",
+   TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
+ { "security.ssl3.rsa_aes_256_sha",
+   TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange)
+ { "security.ssl3.rsa_des_ede3_sha",
+   TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
+
+ // All the rest are disabled
+
+ { nullptr, 0 } // end marker
+};
+
+// Bit flags indicating what weak ciphers are enabled.
+// The bit index will correspond to the index in sCipherPrefs.
+// Wrtten by the main thread, read from any threads.
+static Atomic<uint32_t> sEnabledWeakCiphers;
+static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT,
+              "too many cipher suites");
+
+/*static*/ bool
+nsNSSComponent::AreAnyWeakCiphersEnabled()
+{
+  return !!sEnabledWeakCiphers;
+}
+
+/*static*/ void
+nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
+{
+  const uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
+  const CipherPref* const cp = sCipherPrefs;
+  for (size_t i = 0; cp[i].pref; ++i) {
+    if (enabledWeakCiphers & ((uint32_t)1 << i)) {
+      SSL_CipherPrefSet(fd, cp[i].id, true);
+    }
+  }
+}
+
+// This function will convert from pref values like 1, 2, ...
+// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
+// SSL_LIBRARY_VERSION_TLS_1_1, ...
+/*static*/ void
+nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                    uint32_t minFromPrefs,
+                                    uint32_t maxFromPrefs,
+                                    SSLVersionRange defaults)
+{
+  rangeOut = defaults;
+  // determine what versions are supported
+  SSLVersionRange supported;
+  if (SSL_VersionRangeGetSupported(ssl_variant_stream, &supported)
+        != SECSuccess) {
+    return;
+  }
+
+  // Clip the defaults by what NSS actually supports to enable
+  // working with a system NSS with different ranges.
+  rangeOut.min = std::max(rangeOut.min, supported.min);
+  rangeOut.max = std::min(rangeOut.max, supported.max);
+
+  // convert min/maxFromPrefs to the internal representation
+  minFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  maxFromPrefs += SSL_LIBRARY_VERSION_3_0;
+  // if min/maxFromPrefs are invalid, use defaults
+  if (minFromPrefs > maxFromPrefs ||
+      minFromPrefs < supported.min || maxFromPrefs > supported.max ||
+      minFromPrefs < SSL_LIBRARY_VERSION_TLS_1_0) {
+    return;
+  }
+
+  // fill out rangeOut
+  rangeOut.min = (uint16_t) minFromPrefs;
+  rangeOut.max = (uint16_t) maxFromPrefs;
+}
+
+static const int32_t OCSP_ENABLED_DEFAULT = 1;
+static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;
+static const bool FALSE_START_ENABLED_DEFAULT = true;
+static const bool NPN_ENABLED_DEFAULT = true;
+static const bool ALPN_ENABLED_DEFAULT = false;
+static const bool ENABLED_0RTT_DATA_DEFAULT = false;
+
+static void
+ConfigureTLSSessionIdentifiers()
+{
+  bool disableSessionIdentifiers =
+    Preferences::GetBool("security.ssl.disable_session_identifiers", false);
+  SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, !disableSessionIdentifiers);
+  SSL_OptionSetDefault(SSL_NO_CACHE, disableSessionIdentifiers);
+}
+
+namespace {
+
+class CipherSuiteChangeObserver : public nsIObserver
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  static nsresult StartObserve();
+
+protected:
+  virtual ~CipherSuiteChangeObserver() {}
+
+private:
+  static StaticRefPtr<CipherSuiteChangeObserver> sObserver;
+  CipherSuiteChangeObserver() {}
+};
+
+NS_IMPL_ISUPPORTS(CipherSuiteChangeObserver, nsIObserver)
+
+// static
+StaticRefPtr<CipherSuiteChangeObserver> CipherSuiteChangeObserver::sObserver;
+
+// static
+nsresult
+CipherSuiteChangeObserver::StartObserve()
+{
+  NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::StartObserve() can only be accessed in main thread");
+  if (!sObserver) {
+    RefPtr<CipherSuiteChangeObserver> observer = new CipherSuiteChangeObserver();
+    nsresult rv = Preferences::AddStrongObserver(observer.get(), "security.");
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+    if (NS_FAILED(rv)) {
+      sObserver = nullptr;
+      return rv;
+    }
+
+    nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+    observerService->AddObserver(observer, NS_XPCOM_SHUTDOWN_OBSERVER_ID,
+                                 false);
+
+    sObserver = observer;
+  }
+  return NS_OK;
+}
+
+nsresult
+CipherSuiteChangeObserver::Observe(nsISupports* aSubject,
+                                   const char* aTopic,
+                                   const char16_t* someData)
+{
+  NS_ASSERTION(NS_IsMainThread(), "CipherSuiteChangeObserver::Observe can only be accessed in main thread");
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8  prefName(someData);
+    // Look through the cipher table and set according to pref setting
+    const CipherPref* const cp = sCipherPrefs;
+    for (size_t i = 0; cp[i].pref; ++i) {
+      if (prefName.Equals(cp[i].pref)) {
+        bool cipherEnabled = Preferences::GetBool(cp[i].pref,
+                                                  cp[i].enabledByDefault);
+        if (cp[i].weak) {
+          // Weak ciphers will not be used by default even if they
+          // are enabled in prefs. They are only used on specific
+          // sockets as a part of a fallback mechanism.
+          // Only the main thread will change sEnabledWeakCiphers.
+          uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
+          if (cipherEnabled) {
+            enabledWeakCiphers |= ((uint32_t)1 << i);
+          } else {
+            enabledWeakCiphers &= ~((uint32_t)1 << i);
+          }
+          sEnabledWeakCiphers = enabledWeakCiphers;
+        } else {
+          SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
+          SSL_ClearSessionCache();
+        }
+        break;
+      }
+    }
+  } else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
+    Preferences::RemoveObserver(this, "security.");
+    MOZ_ASSERT(sObserver.get() == this);
+    sObserver = nullptr;
+    nsCOMPtr<nsIObserverService> observerService =
+      mozilla::services::GetObserverService();
+    observerService->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID);
+  }
+  return NS_OK;
+}
+
+} // namespace
+
+// Caller must hold a lock on nsNSSComponent::mutex when calling this function
+void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+                                          const MutexAutoLock& lock)
+{
+  // This preference controls whether we do OCSP fetching and does not affect
+  // OCSP stapling.
+  // 0 = disabled, 1 = enabled
+  int32_t ocspEnabled = Preferences::GetInt("security.OCSP.enabled",
+                                            OCSP_ENABLED_DEFAULT);
+
+  bool ocspRequired = ocspEnabled &&
+    Preferences::GetBool("security.OCSP.require", false);
+
+  // We measure the setting of the pref at startup only to minimize noise by
+  // addons that may muck with the settings, though it probably doesn't matter.
+  if (isInitialSetting) {
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_ENABLED, ocspEnabled);
+    Telemetry::Accumulate(Telemetry::CERT_OCSP_REQUIRED, ocspRequired);
+  }
+
+  bool ocspStaplingEnabled = Preferences::GetBool("security.ssl.enable_ocsp_stapling",
+                                                  true);
+  PublicSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+  PrivateSSLState()->SetOCSPStaplingEnabled(ocspStaplingEnabled);
+
+  bool ocspMustStapleEnabled = Preferences::GetBool("security.ssl.enable_ocsp_must_staple",
+                                                    true);
+  PublicSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+  PrivateSSLState()->SetOCSPMustStapleEnabled(ocspMustStapleEnabled);
+
+  const CertVerifier::CertificateTransparencyMode defaultCTMode =
+    CertVerifier::CertificateTransparencyMode::TelemetryOnly;
+  CertVerifier::CertificateTransparencyMode ctMode =
+    static_cast<CertVerifier::CertificateTransparencyMode>
+      (Preferences::GetInt("security.pki.certificate_transparency.mode",
+                           static_cast<int32_t>(defaultCTMode)));
+  switch (ctMode) {
+    case CertVerifier::CertificateTransparencyMode::Disabled:
+    case CertVerifier::CertificateTransparencyMode::TelemetryOnly:
+      break;
+    default:
+      ctMode = defaultCTMode;
+      break;
+  }
+  bool sctsEnabled =
+    ctMode != CertVerifier::CertificateTransparencyMode::Disabled;
+  PublicSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+  PrivateSSLState()->SetSignedCertTimestampsEnabled(sctsEnabled);
+
+  CertVerifier::PinningMode pinningMode =
+    static_cast<CertVerifier::PinningMode>
+      (Preferences::GetInt("security.cert_pinning.enforcement_level",
+                           CertVerifier::pinningDisabled));
+  if (pinningMode > CertVerifier::pinningEnforceTestMode) {
+    pinningMode = CertVerifier::pinningDisabled;
+  }
+
+  CertVerifier::SHA1Mode sha1Mode = static_cast<CertVerifier::SHA1Mode>
+      (Preferences::GetInt("security.pki.sha1_enforcement_level",
+                           static_cast<int32_t>(CertVerifier::SHA1Mode::Allowed)));
+  switch (sha1Mode) {
+    case CertVerifier::SHA1Mode::Allowed:
+    case CertVerifier::SHA1Mode::Forbidden:
+    case CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden:
+    case CertVerifier::SHA1Mode::ImportedRoot:
+    case CertVerifier::SHA1Mode::ImportedRootOrBefore2016:
+      break;
+    default:
+      sha1Mode = CertVerifier::SHA1Mode::Allowed;
+      break;
+  }
+
+  // Convert a previously-available setting to a safe one.
+  if (sha1Mode == CertVerifier::SHA1Mode::UsedToBeBefore2016ButNowIsForbidden) {
+    sha1Mode = CertVerifier::SHA1Mode::Forbidden;
+  }
+
+  BRNameMatchingPolicy::Mode nameMatchingMode =
+    static_cast<BRNameMatchingPolicy::Mode>
+      (Preferences::GetInt("security.pki.name_matching_mode",
+                           static_cast<int32_t>(BRNameMatchingPolicy::Mode::DoNotEnforce)));
+  switch (nameMatchingMode) {
+    case BRNameMatchingPolicy::Mode::Enforce:
+    case BRNameMatchingPolicy::Mode::EnforceAfter23August2015:
+    case BRNameMatchingPolicy::Mode::EnforceAfter23August2016:
+    case BRNameMatchingPolicy::Mode::DoNotEnforce:
+      break;
+    default:
+      nameMatchingMode = BRNameMatchingPolicy::Mode::DoNotEnforce;
+      break;
+  }
+
+  NetscapeStepUpPolicy netscapeStepUpPolicy =
+    static_cast<NetscapeStepUpPolicy>
+      (Preferences::GetUint("security.pki.netscape_step_up_policy",
+                            static_cast<uint32_t>(NetscapeStepUpPolicy::AlwaysMatch)));
+  switch (netscapeStepUpPolicy) {
+    case NetscapeStepUpPolicy::AlwaysMatch:
+    case NetscapeStepUpPolicy::MatchBefore23August2016:
+    case NetscapeStepUpPolicy::MatchBefore23August2015:
+    case NetscapeStepUpPolicy::NeverMatch:
+      break;
+    default:
+      netscapeStepUpPolicy = NetscapeStepUpPolicy::AlwaysMatch;
+      break;
+  }
+
+  CertVerifier::OcspDownloadConfig odc;
+  CertVerifier::OcspStrictConfig osc;
+  CertVerifier::OcspGetConfig ogc;
+  uint32_t certShortLifetimeInDays;
+
+  GetRevocationBehaviorFromPrefs(&odc, &osc, &ogc, &certShortLifetimeInDays,
+                                 lock);
+  mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc,
+                                                certShortLifetimeInDays,
+                                                pinningMode, sha1Mode,
+                                                nameMatchingMode,
+                                                netscapeStepUpPolicy,
+                                                ctMode);
+}
+
+// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
+// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+nsresult
+nsNSSComponent::setEnabledTLSVersions()
+{
+  // keep these values in sync with security-prefs.js
+  // 1 means TLS 1.0, 2 means TLS 1.1, etc.
+  static const uint32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+  static const uint32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+  uint32_t minFromPrefs = Preferences::GetUint("security.tls.version.min",
+                                               PSM_DEFAULT_MIN_TLS_VERSION);
+  uint32_t maxFromPrefs = Preferences::GetUint("security.tls.version.max",
+                                               PSM_DEFAULT_MAX_TLS_VERSION);
+
+  SSLVersionRange defaults = {
+    SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MIN_TLS_VERSION,
+    SSL_LIBRARY_VERSION_3_0 + PSM_DEFAULT_MAX_TLS_VERSION
+  };
+  SSLVersionRange filledInRange;
+  FillTLSVersionRange(filledInRange, minFromPrefs, maxFromPrefs, defaults);
+
+  SECStatus srv =
+    SSL_VersionRangeSetDefault(ssl_variant_stream, &filledInRange);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GetNSSProfilePath(nsAutoCString& aProfilePath)
+{
+  aProfilePath.Truncate();
+  const char* dbDirOverride = getenv("MOZPSM_NSSDBDIR_OVERRIDE");
+  if (dbDirOverride && strlen(dbDirOverride) > 0) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("Using specified MOZPSM_NSSDBDIR_OVERRIDE as NSS DB dir: %s\n",
+            dbDirOverride));
+    aProfilePath.Assign(dbDirOverride);
+    return NS_OK;
+  }
+
+  nsCOMPtr<nsIFile> profileFile;
+  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                       getter_AddRefs(profileFile));
+  if (NS_FAILED(rv)) {
+    NS_WARNING("NSS will be initialized without a profile directory. "
+               "Some things may not work as expected.");
+    return NS_OK;
+  }
+
+#if defined(XP_WIN)
+  // Native path will drop Unicode characters that cannot be mapped to system's
+  // codepage, using short (canonical) path as workaround.
+  nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile));
+  if (!profileFileWin) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+           ("Could not get nsILocalFileWin for profile directory.\n"));
+    return NS_ERROR_FAILURE;
+  }
+  rv = profileFileWin->GetNativeCanonicalPath(aProfilePath);
+#else
+  rv = profileFile->GetNativePath(aProfilePath);
+#endif
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+           ("Could not get native path for profile directory.\n"));
+    return rv;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("NSS profile at '%s'\n", aProfilePath.get()));
+  return NS_OK;
+}
+
+nsresult
+nsNSSComponent::InitializeNSS()
+{
+  // Can be called both during init and profile change.
+  // Needs mutex protection.
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::InitializeNSS\n"));
+
+  static_assert(nsINSSErrorsService::NSS_SEC_ERROR_BASE == SEC_ERROR_BASE &&
+                nsINSSErrorsService::NSS_SEC_ERROR_LIMIT == SEC_ERROR_LIMIT &&
+                nsINSSErrorsService::NSS_SSL_ERROR_BASE == SSL_ERROR_BASE &&
+                nsINSSErrorsService::NSS_SSL_ERROR_LIMIT == SSL_ERROR_LIMIT,
+                "You must update the values in nsINSSErrorsService.idl");
+
+  MutexAutoLock lock(mutex);
+
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(!mNSSInitialized);
+#endif
+  if (mNSSInitialized) {
+    // We should never try to initialize NSS more than once in a process.
+    MOZ_ASSERT_UNREACHABLE("Trying to initialize NSS twice");
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization beginning\n"));
+
+  // The call to ConfigureInternalPKCS11Token needs to be done before NSS is initialized,
+  // but affects only static data.
+  // If we could assume i18n will not change between profiles, one call per application
+  // run were sufficient. As I can't predict what happens in the future, let's repeat
+  // this call for every re-init of NSS.
+
+  ConfigureInternalPKCS11Token();
+
+  nsAutoCString profileStr;
+  nsresult rv = GetNSSProfilePath(profileStr);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SECStatus init_rv = SECFailure;
+  bool nocertdb = Preferences::GetBool("security.nocertdb", false);
+  bool inSafeMode = true;
+  nsCOMPtr<nsIXULRuntime> runtime(do_GetService("@mozilla.org/xre/runtime;1"));
+  // There might not be an nsIXULRuntime in embedded situations. This will
+  // default to assuming we are in safe mode (as a result, no external PKCS11
+  // modules will be loaded).
+  if (runtime) {
+    rv = runtime->GetInSafeMode(&inSafeMode);
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("inSafeMode: %u\n", inSafeMode));
+
+  if (!nocertdb && !profileStr.IsEmpty()) {
+    // First try to initialize the NSS DB in read/write mode.
+    // Only load PKCS11 modules if we're not in safe mode.
+    init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), false, !inSafeMode);
+    // If that fails, attempt read-only mode.
+    if (init_rv != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init NSS r/w in %s\n", profileStr.get()));
+      init_rv = ::mozilla::psm::InitializeNSS(profileStr.get(), true, !inSafeMode);
+    }
+    if (init_rv != SECSuccess) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("could not init in r/o either\n"));
+    }
+  }
+  // If we haven't succeeded in initializing the DB in our profile
+  // directory or we don't have a profile at all, or the "security.nocertdb"
+  // pref has been set to "true", attempt to initialize with no DB.
+  if (nocertdb || init_rv != SECSuccess) {
+    init_rv = NSS_NoDB_Init(nullptr);
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(init_rv == SECSuccess);
+#endif
+  }
+  if (init_rv != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n"));
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // ensure we have an initial value for the content signer root
+  mContentSigningRootHash =
+    Preferences::GetString("security.content.signature.root_hash");
+
+  mNSSInitialized = true;
+
+  PK11_SetPasswordFunc(PK11PasswordPrompt);
+
+  SharedSSLState::GlobalInit();
+
+  // Register an observer so we can inform NSS when these prefs change
+  Preferences::AddStrongObserver(this, "security.");
+
+  SSL_OptionSetDefault(SSL_ENABLE_SSL2, false);
+  SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false);
+
+  rv = setEnabledTLSVersions();
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  DisableMD5();
+  LoadLoadableRoots();
+
+  rv = LoadExtendedValidationInfo();
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info"));
+    return rv;
+  }
+
+  MaybeEnableFamilySafetyCompatibility();
+  MaybeImportEnterpriseRoots();
+
+  ConfigureTLSSessionIdentifiers();
+
+  bool requireSafeNegotiation =
+    Preferences::GetBool("security.ssl.require_safe_negotiation",
+                         REQUIRE_SAFE_NEGOTIATION_DEFAULT);
+  SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
+
+  SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
+
+  SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
+
+  SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                       Preferences::GetBool("security.ssl.enable_false_start",
+                                            FALSE_START_ENABLED_DEFAULT));
+
+  // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling
+  // SSL_SetNextProtoNego in order for the extensions to be negotiated.
+  // WebRTC does not do that so it will not use NPN or ALPN even when these
+  // preferences are true.
+  SSL_OptionSetDefault(SSL_ENABLE_NPN,
+                       Preferences::GetBool("security.ssl.enable_npn",
+                                            NPN_ENABLED_DEFAULT));
+  SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                       Preferences::GetBool("security.ssl.enable_alpn",
+                                            ALPN_ENABLED_DEFAULT));
+
+  SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                       Preferences::GetBool("security.tls.enable_0rtt_data",
+                                            ENABLED_0RTT_DATA_DEFAULT));
+
+  if (NS_FAILED(InitializeCipherSuite())) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // TLSServerSocket may be run with the session cache enabled. It is necessary
+  // to call this once before that can happen. This specifies a maximum of 1000
+  // cache entries (the default number of cache entries is 10000, which seems a
+  // little excessive as there probably won't be that many clients connecting to
+  // any TLSServerSockets the browser runs.)
+  // Note that this must occur before any calls to SSL_ClearSessionCache
+  // (otherwise memory will leak).
+  if (SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr) != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    return NS_ERROR_FAILURE;
+  }
+
+  // ensure the CertBlocklist is initialised
+  nsCOMPtr<nsICertBlocklist> certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(certList);
+#endif
+  if (!certList) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // dynamic options from prefs
+  setValidationOptions(true, lock);
+
+#ifndef MOZ_NO_SMART_CARDS
+  LaunchSmartCardThreads();
+#endif
+
+  mozilla::pkix::RegisterErrorTable();
+
+  // Initialize the site security service
+  nsCOMPtr<nsISiteSecurityService> sssService =
+    do_GetService(NS_SSSERVICE_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(sssService);
+#endif
+  if (!sssService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize site security service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Initialize the cert override service
+  nsCOMPtr<nsICertOverrideService> coService =
+    do_GetService(NS_CERTOVERRIDE_CONTRACTID);
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(coService);
+#endif
+  if (!coService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize cert override service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  if (PK11_IsFIPS()) {
+    Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS Initialization done\n"));
+  return NS_OK;
+}
+
+void
+nsNSSComponent::ShutdownNSS()
+{
+  // Can be called both during init and profile change,
+  // needs mutex protection.
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent::ShutdownNSS\n"));
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+
+  MutexAutoLock lock(mutex);
+
+  if (mNSSInitialized) {
+    mNSSInitialized = false;
+
+    PK11_SetPasswordFunc((PK11PasswordFunc)nullptr);
+
+    Preferences::RemoveObserver(this, "security.");
+
+#ifdef XP_WIN
+    mFamilySafetyRoot = nullptr;
+    mEnterpriseRoots = nullptr;
+#endif
+
+#ifndef MOZ_NO_SMART_CARDS
+    ShutdownSmartCardThreads();
+#endif
+    SSL_ClearSessionCache();
+    // TLSServerSocket may be run with the session cache enabled. This ensures
+    // those resources are cleaned up.
+    Unused << SSL_ShutdownServerSessionIDCache();
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("evaporating psm resources"));
+    if (NS_FAILED(nsNSSShutDownList::evaporateAllNSSResources())) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to evaporate resources"));
+      return;
+    }
+    UnloadLoadableRoots();
+    EnsureNSSInitialized(nssShutdown);
+    if (SECSuccess != ::NSS_Shutdown()) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("NSS SHUTDOWN FAILURE"));
+    } else {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("NSS shutdown =====>> OK <<====="));
+    }
+  }
+}
+
+nsresult
+nsNSSComponent::Init()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv = NS_OK;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n"));
+
+  rv = InitializePIPNSSBundle();
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n"));
+    return rv;
+  }
+
+  // Access our string bundles now, this prevents assertions from I/O
+  // - nsStandardURL not thread-safe
+  // - wrong thread: 'NS_IsMainThread()' in nsIOService.cpp
+  // when loading error strings on the SSL threads.
+  {
+    NS_NAMED_LITERAL_STRING(dummy_name, "dummy");
+    nsXPIDLString result;
+    mPIPNSSBundle->GetStringFromName(dummy_name.get(),
+                                     getter_Copies(result));
+    mNSSErrorsBundle->GetStringFromName(dummy_name.get(),
+                                        getter_Copies(result));
+  }
+
+
+  rv = InitializeNSS();
+#ifdef ANDROID
+  MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv));
+#endif
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error,
+            ("nsNSSComponent::InitializeNSS() failed\n"));
+    return rv;
+  }
+
+  RememberCertErrorsTable::Init();
+
+  return RegisterObservers();
+}
+
+// nsISupports Implementation for the class
+NS_IMPL_ISUPPORTS(nsNSSComponent,
+                  nsINSSComponent,
+                  nsIObserver)
+
+static const char* const PROFILE_BEFORE_CHANGE_TOPIC = "profile-before-change";
+
+NS_IMETHODIMP
+nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic,
+                        const char16_t* someData)
+{
+  if (nsCRT::strcmp(aTopic, PROFILE_BEFORE_CHANGE_TOPIC) == 0) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("receiving profile change topic\n"));
+    DoProfileBeforeChange();
+  } else if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    nsNSSShutDownPreventionLock locker;
+    bool clearSessionCache = true;
+    NS_ConvertUTF16toUTF8  prefName(someData);
+
+    if (prefName.EqualsLiteral("security.tls.version.min") ||
+        prefName.EqualsLiteral("security.tls.version.max")) {
+      (void) setEnabledTLSVersions();
+    } else if (prefName.EqualsLiteral("security.ssl.require_safe_negotiation")) {
+      bool requireSafeNegotiation =
+        Preferences::GetBool("security.ssl.require_safe_negotiation",
+                             REQUIRE_SAFE_NEGOTIATION_DEFAULT);
+      SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
+    } else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) {
+      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
+                           Preferences::GetBool("security.ssl.enable_false_start",
+                                                FALSE_START_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) {
+      SSL_OptionSetDefault(SSL_ENABLE_NPN,
+                           Preferences::GetBool("security.ssl.enable_npn",
+                                                NPN_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) {
+      SSL_OptionSetDefault(SSL_ENABLE_ALPN,
+                           Preferences::GetBool("security.ssl.enable_alpn",
+                                                ALPN_ENABLED_DEFAULT));
+    } else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) {
+      SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
+                           Preferences::GetBool("security.tls.enable_0rtt_data",
+                                                ENABLED_0RTT_DATA_DEFAULT));
+    } else if (prefName.Equals("security.ssl.disable_session_identifiers")) {
+      ConfigureTLSSessionIdentifiers();
+    } else if (prefName.EqualsLiteral("security.OCSP.enabled") ||
+               prefName.EqualsLiteral("security.OCSP.require") ||
+               prefName.EqualsLiteral("security.OCSP.GET.enabled") ||
+               prefName.EqualsLiteral("security.pki.cert_short_lifetime_in_days") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_stapling") ||
+               prefName.EqualsLiteral("security.ssl.enable_ocsp_must_staple") ||
+               prefName.EqualsLiteral("security.pki.certificate_transparency.mode") ||
+               prefName.EqualsLiteral("security.cert_pinning.enforcement_level") ||
+               prefName.EqualsLiteral("security.pki.sha1_enforcement_level") ||
+               prefName.EqualsLiteral("security.pki.name_matching_mode") ||
+               prefName.EqualsLiteral("security.pki.netscape_step_up_policy")) {
+      MutexAutoLock lock(mutex);
+      setValidationOptions(false, lock);
+#ifdef DEBUG
+    } else if (prefName.EqualsLiteral("security.test.built_in_root_hash")) {
+      MutexAutoLock lock(mutex);
+      mTestBuiltInRootHash = Preferences::GetString("security.test.built_in_root_hash");
+#endif // DEBUG
+    } else if (prefName.Equals(kFamilySafetyModePref)) {
+      MaybeEnableFamilySafetyCompatibility();
+    } else if (prefName.EqualsLiteral("security.content.signature.root_hash")) {
+      MutexAutoLock lock(mutex);
+      mContentSigningRootHash =
+        Preferences::GetString("security.content.signature.root_hash");
+    } else if (prefName.Equals(kEnterpriseRootModePref)) {
+      MaybeImportEnterpriseRoots();
+    } else {
+      clearSessionCache = false;
+    }
+    if (clearSessionCache)
+      SSL_ClearSessionCache();
+  }
+
+  return NS_OK;
+}
+
+/*static*/ nsresult
+nsNSSComponent::GetNewPrompter(nsIPrompt** result)
+{
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsSDRContext::GetNewPrompter called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+  nsCOMPtr<nsIWindowWatcher> wwatch(do_GetService(NS_WINDOWWATCHER_CONTRACTID, &rv));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = wwatch->GetNewPrompter(0, result);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return rv;
+}
+
+/*static*/ nsresult
+nsNSSComponent::ShowAlertWithConstructedString(const nsString& message)
+{
+  nsCOMPtr<nsIPrompt> prompter;
+  nsresult rv = GetNewPrompter(getter_AddRefs(prompter));
+  if (prompter) {
+    rv = prompter->Alert(nullptr, message.get());
+  }
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNSSComponent::ShowAlertFromStringBundle(const char* messageID)
+{
+  nsString message;
+  nsresult rv;
+
+  rv = GetPIPNSSBundleString(messageID, message);
+  if (NS_FAILED(rv)) {
+    NS_ERROR("GetPIPNSSBundleString failed");
+    return rv;
+  }
+
+  return ShowAlertWithConstructedString(message);
+}
+
+nsresult nsNSSComponent::LogoutAuthenticatedPK11()
+{
+  nsCOMPtr<nsICertOverrideService> icos =
+    do_GetService("@mozilla.org/security/certoverride;1");
+  if (icos) {
+    icos->ClearValidityOverride(
+            NS_LITERAL_CSTRING("all:temporary-certificates"),
+            0);
+  }
+
+  nsClientAuthRememberService::ClearAllRememberedDecisions();
+
+  return nsNSSShutDownList::doPK11Logout();
+}
+
+nsresult
+nsNSSComponent::RegisterObservers()
+{
+  // Happens once during init only, no mutex protection.
+
+  nsCOMPtr<nsIObserverService> observerService(
+    do_GetService("@mozilla.org/observer-service;1"));
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(observerService);
+#endif
+  if (!observerService) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("nsNSSComponent: couldn't get observer service\n"));
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: adding observers\n"));
+  // Using false for the ownsweak parameter means the observer service will
+  // keep a strong reference to this component. As a result, this will live at
+  // least as long as the observer service.
+  observerService->AddObserver(this, PROFILE_BEFORE_CHANGE_TOPIC, false);
+
+  return NS_OK;
+}
+
+void
+nsNSSComponent::DoProfileBeforeChange()
+{
+  bool needsCleanup = true;
+
+  {
+    MutexAutoLock lock(mutex);
+
+    if (!mNSSInitialized) {
+      // Make sure we don't try to cleanup if we have already done so.
+      // This makes sure we behave safely, in case we are notified
+      // multiple times.
+      needsCleanup = false;
+    }
+  }
+
+  if (needsCleanup) {
+    ShutdownNSS();
+  }
+}
+
+NS_IMETHODIMP
+nsNSSComponent::IsNSSInitialized(bool* initialized)
+{
+  MutexAutoLock lock(mutex);
+  *initialized = mNSSInitialized;
+  return NS_OK;
+}
+
+#ifdef DEBUG
+NS_IMETHODIMP
+nsNSSComponent::IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result)
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+
+  result = false;
+
+  if (mTestBuiltInRootHash.IsEmpty()) {
+    return NS_OK;
+  }
+
+  RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert);
+  if (!nsc) {
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoString certHash;
+  nsresult rv = nsc->GetSha256Fingerprint(certHash);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  result = mTestBuiltInRootHash.Equals(certHash);
+  return NS_OK;
+}
+#endif // DEBUG
+
+NS_IMETHODIMP
+nsNSSComponent::IsCertContentSigningRoot(CERTCertificate* cert, bool& result)
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+
+  result = false;
+
+  if (mContentSigningRootHash.IsEmpty()) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("mContentSigningRootHash is empty"));
+    return NS_ERROR_FAILURE;
+  }
+
+  RefPtr<nsNSSCertificate> nsc = nsNSSCertificate::Create(cert);
+  if (!nsc) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("creating nsNSSCertificate failed"));
+    return NS_ERROR_FAILURE;
+  }
+  nsAutoString certHash;
+  nsresult rv = nsc->GetSha256Fingerprint(certHash);
+  if (NS_FAILED(rv)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("getting cert fingerprint failed"));
+    return rv;
+  }
+
+  result = mContentSigningRootHash.Equals(certHash);
+  return NS_OK;
+}
+
+SharedCertVerifier::~SharedCertVerifier() { }
+
+already_AddRefed<SharedCertVerifier>
+nsNSSComponent::GetDefaultCertVerifier()
+{
+  MutexAutoLock lock(mutex);
+  MOZ_ASSERT(mNSSInitialized);
+  RefPtr<SharedCertVerifier> certVerifier(mDefaultCertVerifier);
+  return certVerifier.forget();
+}
+
+namespace mozilla { namespace psm {
+
+already_AddRefed<SharedCertVerifier>
+GetDefaultCertVerifier()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID));
+  if (nssComponent) {
+    return nssComponent->GetDefaultCertVerifier();
+  }
+
+  return nullptr;
+}
+
+} } // namespace mozilla::psm
+
+NS_IMPL_ISUPPORTS(PipUIContext, nsIInterfaceRequestor)
+
+PipUIContext::PipUIContext()
+{
+}
+
+PipUIContext::~PipUIContext()
+{
+}
+
+NS_IMETHODIMP
+PipUIContext::GetInterface(const nsIID& uuid, void** result)
+{
+  NS_ENSURE_ARG_POINTER(result);
+  *result = nullptr;
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("PipUIContext::GetInterface called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (!uuid.Equals(NS_GET_IID(nsIPrompt)))
+    return NS_ERROR_NO_INTERFACE;
+
+  nsIPrompt* prompt = nullptr;
+  nsresult rv = nsNSSComponent::GetNewPrompter(&prompt);
+  *result = prompt;
+  return rv;
+}
+
+nsresult
+getNSSDialogs(void** _result, REFNSIID aIID, const char* contract)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("getNSSDialogs called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsresult rv;
+
+  nsCOMPtr<nsISupports> svc = do_GetService(contract, &rv);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  rv = svc->QueryInterface(aIID, _result);
+
+  return rv;
+}
+
+nsresult
+setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx,
+            nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  MOZ_ASSERT(slot);
+  MOZ_ASSERT(ctx);
+  NS_ENSURE_ARG_POINTER(slot);
+  NS_ENSURE_ARG_POINTER(ctx);
+
+  if (PK11_NeedUserInit(slot)) {
+    nsCOMPtr<nsITokenPasswordDialogs> dialogs;
+    nsresult rv = getNSSDialogs(getter_AddRefs(dialogs),
+                                NS_GET_IID(nsITokenPasswordDialogs),
+                                NS_TOKENPASSWORDSDIALOG_CONTRACTID);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    bool canceled;
+    NS_ConvertUTF8toUTF16 tokenName(PK11_GetTokenName(slot));
+    rv = dialogs->SetPassword(ctx, tokenName.get(), &canceled);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (canceled) {
+      return NS_ERROR_NOT_AVAILABLE;
+    }
+  }
+
+  return NS_OK;
+}
+
+namespace mozilla {
+namespace psm {
+
+nsresult
+InitializeCipherSuite()
+{
+  NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread");
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+#ifdef ANDROID
+    MOZ_RELEASE_ASSERT(false);
+#endif
+    return NS_ERROR_FAILURE;
+  }
+
+  // Disable any ciphers that NSS might have enabled by default
+  for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
+    uint16_t cipher_id = SSL_ImplementedCiphers[i];
+    SSL_CipherPrefSetDefault(cipher_id, false);
+  }
+
+  // Now only set SSL/TLS ciphers we knew about at compile time
+  uint32_t enabledWeakCiphers = 0;
+  const CipherPref* const cp = sCipherPrefs;
+  for (size_t i = 0; cp[i].pref; ++i) {
+    bool cipherEnabled = Preferences::GetBool(cp[i].pref,
+                                              cp[i].enabledByDefault);
+    if (cp[i].weak) {
+      // Weak ciphers are not used by default. See the comment
+      // in CipherSuiteChangeObserver::Observe for details.
+      if (cipherEnabled) {
+        enabledWeakCiphers |= ((uint32_t)1 << i);
+      }
+    } else {
+      SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
+    }
+  }
+  sEnabledWeakCiphers = enabledWeakCiphers;
+
+  // Enable ciphers for PKCS#12
+  SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+  SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+  SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+  SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+  PORT_SetUCS2_ASCIIConversionFunction(pip_ucs2_ascii_conversion_fn);
+
+  // PSM enforces a minimum RSA key size of 1024 bits, which is overridable.
+  // NSS has its own minimum, which is not overridable (the default is 1023
+  // bits). This sets the NSS minimum to 512 bits so users can still connect to
+  // devices like wifi routers with woefully small keys (they would have to add
+  // an override to do so, but they already do for such devices).
+  NSS_OptionSet(NSS_RSA_MIN_KEY_SIZE, 512);
+
+  // Observe preference change around cipher suite setting.
+  return CipherSuiteChangeObserver::StartObserve();
+}
+
+} // namespace psm
+} // namespace mozilla
diff --git a/security/manager/ssl/nsNSSComponent.h b/security/manager/ssl/nsNSSComponent.h
new file mode 100644
index 000000000..e510dd10f
--- /dev/null
+++ b/security/manager/ssl/nsNSSComponent.h
@@ -0,0 +1,234 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _nsNSSComponent_h_
+#define _nsNSSComponent_h_
+
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsIStringBundle.h"
+#include "nsNSSCallbacks.h"
+#include "prerror.h"
+#include "sslt.h"
+
+#ifdef XP_WIN
+#include "windows.h" // this needs to be before the following includes
+#include "wincrypt.h"
+#endif // XP_WIN
+
+class nsIDOMWindow;
+class nsIPrompt;
+class nsIX509CertList;
+class SmartCardThreadList;
+
+namespace mozilla { namespace psm {
+
+MOZ_MUST_USE
+  ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+  GetDefaultCertVerifier();
+
+} } // namespace mozilla::psm
+
+
+#define NS_NSSCOMPONENT_CID \
+{0x4cb64dfd, 0xca98, 0x4e24, {0xbe, 0xfd, 0x0d, 0x92, 0x85, 0xa3, 0x3b, 0xcb}}
+
+#define PSM_COMPONENT_CONTRACTID "@mozilla.org/psm;1"
+
+#define NS_INSSCOMPONENT_IID \
+  { 0xa0a8f52b, 0xea18, 0x4abc, \
+    { 0xa3, 0xca, 0xec, 0xcf, 0x70, 0x4f, 0xfe, 0x63 } }
+
+enum EnsureNSSOperator
+{
+  nssLoadingComponent = 0,
+  nssInitSucceeded = 1,
+  nssInitFailed = 2,
+  nssShutdown = 3,
+  nssEnsure = 100,
+  nssEnsureOnChromeOnly = 101,
+  nssEnsureChromeOrContent = 102,
+};
+
+extern bool EnsureNSSInitializedChromeOrContent();
+
+extern bool EnsureNSSInitialized(EnsureNSSOperator op);
+
+class NS_NO_VTABLE nsINSSComponent : public nsISupports
+{
+public:
+  NS_DECLARE_STATIC_IID_ACCESSOR(NS_INSSCOMPONENT_IID)
+
+  NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) = 0;
+
+  NS_IMETHOD GetPIPNSSBundleString(const char* name,
+                                   nsAString& outString) = 0;
+  NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+                                           const char16_t** params,
+                                           uint32_t numParams,
+                                           nsAString& outString) = 0;
+
+  NS_IMETHOD GetNSSBundleString(const char* name,
+                                nsAString& outString) = 0;
+
+  NS_IMETHOD LogoutAuthenticatedPK11() = 0;
+
+#ifndef MOZ_NO_SMART_CARDS
+  NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) = 0;
+
+  NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) = 0;
+#endif
+
+  NS_IMETHOD IsNSSInitialized(bool* initialized) = 0;
+
+#ifdef DEBUG
+  NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) = 0;
+#endif
+
+  NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) = 0;
+
+#ifdef XP_WIN
+  NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) = 0;
+#endif
+
+  virtual ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+    GetDefaultCertVerifier() = 0;
+};
+
+NS_DEFINE_STATIC_IID_ACCESSOR(nsINSSComponent, NS_INSSCOMPONENT_IID)
+
+class nsNSSShutDownList;
+
+// Implementation of the PSM component interface.
+class nsNSSComponent final : public nsINSSComponent
+                           , public nsIObserver
+{
+public:
+  NS_DEFINE_STATIC_CID_ACCESSOR( NS_NSSCOMPONENT_CID )
+
+  nsNSSComponent();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+
+  nsresult Init();
+
+  static nsresult GetNewPrompter(nsIPrompt** result);
+  static nsresult ShowAlertWithConstructedString(const nsString& message);
+  NS_IMETHOD ShowAlertFromStringBundle(const char* messageID) override;
+
+  NS_IMETHOD GetPIPNSSBundleString(const char* name,
+                                   nsAString& outString) override;
+  NS_IMETHOD PIPBundleFormatStringFromName(const char* name,
+                                           const char16_t** params,
+                                           uint32_t numParams,
+                                           nsAString& outString) override;
+  NS_IMETHOD GetNSSBundleString(const char* name, nsAString& outString) override;
+  NS_IMETHOD LogoutAuthenticatedPK11() override;
+
+#ifndef MOZ_NO_SMART_CARDS
+  NS_IMETHOD LaunchSmartCardThread(SECMODModule* module) override;
+  NS_IMETHOD ShutdownSmartCardThread(SECMODModule* module) override;
+  void LaunchSmartCardThreads();
+  void ShutdownSmartCardThreads();
+  nsresult DispatchEventToWindow(nsIDOMWindow* domWin,
+                                 const nsAString& eventType,
+                                 const nsAString& token);
+#endif
+
+  NS_IMETHOD IsNSSInitialized(bool* initialized) override;
+
+#ifdef DEBUG
+  NS_IMETHOD IsCertTestBuiltInRoot(CERTCertificate* cert, bool& result) override;
+#endif
+
+  NS_IMETHOD IsCertContentSigningRoot(CERTCertificate* cert, bool& result) override;
+
+#ifdef XP_WIN
+  NS_IMETHOD GetEnterpriseRoots(nsIX509CertList** enterpriseRoots) override;
+#endif
+
+  ::already_AddRefed<mozilla::psm::SharedCertVerifier>
+    GetDefaultCertVerifier() override;
+
+  // The following two methods are thread-safe.
+  static bool AreAnyWeakCiphersEnabled();
+  static void UseWeakCiphersOnSocket(PRFileDesc* fd);
+
+  static void FillTLSVersionRange(SSLVersionRange& rangeOut,
+                                  uint32_t minFromPrefs,
+                                  uint32_t maxFromPrefs,
+                                  SSLVersionRange defaults);
+
+protected:
+  virtual ~nsNSSComponent();
+
+private:
+  nsresult InitializeNSS();
+  void ShutdownNSS();
+
+  void LoadLoadableRoots();
+  void UnloadLoadableRoots();
+  void setValidationOptions(bool isInitialSetting,
+                            const mozilla::MutexAutoLock& lock);
+  nsresult setEnabledTLSVersions();
+  nsresult InitializePIPNSSBundle();
+  nsresult ConfigureInternalPKCS11Token();
+  nsresult RegisterObservers();
+
+  void DoProfileBeforeChange();
+
+  void MaybeEnableFamilySafetyCompatibility();
+  void MaybeImportEnterpriseRoots();
+#ifdef XP_WIN
+  void ImportEnterpriseRootsForLocation(DWORD locationFlag);
+  nsresult MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
+                                       bool& wasFamilySafetyRoot);
+  nsresult LoadFamilySafetyRoot();
+  void UnloadFamilySafetyRoot();
+
+  void UnloadEnterpriseRoots();
+
+  mozilla::UniqueCERTCertificate mFamilySafetyRoot;
+  mozilla::UniqueCERTCertList mEnterpriseRoots;
+#endif // XP_WIN
+
+  mozilla::Mutex mutex;
+
+  nsCOMPtr<nsIStringBundle> mPIPNSSBundle;
+  nsCOMPtr<nsIStringBundle> mNSSErrorsBundle;
+  bool mNSSInitialized;
+  static int mInstanceCount;
+#ifndef MOZ_NO_SMART_CARDS
+  SmartCardThreadList* mThreadList;
+#endif
+
+#ifdef DEBUG
+  nsString mTestBuiltInRootHash;
+#endif
+  nsString mContentSigningRootHash;
+
+  nsNSSHttpInterface mHttpForNSS;
+  RefPtr<mozilla::psm::SharedCertVerifier> mDefaultCertVerifier;
+
+  static PRStatus IdentityInfoInit(void);
+};
+
+class nsNSSErrors
+{
+public:
+  static const char* getDefaultErrorStringName(PRErrorCode err);
+  static const char* getOverrideErrorStringName(PRErrorCode aErrorCode);
+  static nsresult getErrorMessageFromCode(PRErrorCode err,
+                                          nsINSSComponent* component,
+                                          nsString& returnedMessage);
+};
+
+#endif // _nsNSSComponent_h_
diff --git a/security/manager/ssl/nsNSSErrors.cpp b/security/manager/ssl/nsNSSErrors.cpp
new file mode 100644
index 000000000..fc8bd3e31
--- /dev/null
+++ b/security/manager/ssl/nsNSSErrors.cpp
@@ -0,0 +1,103 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSComponent.h"
+#include "secerr.h"
+#include "sslerr.h"
+
+const char *
+nsNSSErrors::getDefaultErrorStringName(PRErrorCode err)
+{
+  return PR_ErrorToName(err);
+}
+
+const char *
+nsNSSErrors::getOverrideErrorStringName(PRErrorCode aErrorCode)
+{
+  const char *id_str = nullptr;
+
+  switch (aErrorCode) {
+    case SSL_ERROR_SSL_DISABLED:
+      id_str = "PSMERR_SSL_Disabled";
+      break;
+  
+    case SSL_ERROR_SSL2_DISABLED:
+      id_str = "PSMERR_SSL2_Disabled";
+      break;
+  
+    case SEC_ERROR_REUSED_ISSUER_AND_SERIAL:
+      id_str = "PSMERR_HostReusedIssuerSerial";
+      break;
+  }
+
+  return id_str;
+}
+
+nsresult
+nsNSSErrors::getErrorMessageFromCode(PRErrorCode err,
+                                     nsINSSComponent *component,
+                                     nsString &returnedMessage)
+{
+  NS_ENSURE_ARG_POINTER(component);
+  returnedMessage.Truncate();
+
+  const char *nss_error_id_str = getDefaultErrorStringName(err);
+  const char *id_str = getOverrideErrorStringName(err);
+
+  if (id_str || nss_error_id_str)
+  {
+    nsString defMsg;
+    nsresult rv;
+    if (id_str)
+    {
+      rv = component->GetPIPNSSBundleString(id_str, defMsg);
+    }
+    else
+    {
+      rv = component->GetNSSBundleString(nss_error_id_str, defMsg);
+    }
+
+    if (NS_SUCCEEDED(rv))
+    {
+      returnedMessage.Append(defMsg);
+      returnedMessage.Append('\n');
+    }
+  }
+  
+  if (returnedMessage.IsEmpty())
+  {
+    // no localized string available, use NSS' internal
+    returnedMessage.AppendASCII(PR_ErrorToString(err, PR_LANGUAGE_EN));
+    returnedMessage.Append('\n');
+  }
+  
+  if (nss_error_id_str)
+  {
+    nsresult rv;
+    nsCString error_id(nss_error_id_str);
+    NS_ConvertASCIItoUTF16 idU(error_id);
+
+    const char16_t *params[1];
+    params[0] = idU.get();
+
+    nsString formattedString;
+    rv = component->PIPBundleFormatStringFromName("certErrorCodePrefix2",
+                                                  params, 1, 
+                                                  formattedString);
+    if (NS_SUCCEEDED(rv)) {
+      returnedMessage.Append('\n');
+      returnedMessage.Append(formattedString);
+      returnedMessage.Append('\n');
+    }
+    else {
+      returnedMessage.Append('(');
+      returnedMessage.Append(idU);
+      returnedMessage.Append(')');
+    }
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSHelper.h b/security/manager/ssl/nsNSSHelper.h
new file mode 100644
index 000000000..005076099
--- /dev/null
+++ b/security/manager/ssl/nsNSSHelper.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSS_HELPER_
+#define NSS_HELPER_
+
+#include "nsIInterfaceRequestor.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsNSSShutDown.h"
+#include "pk11func.h"
+
+//
+// Implementation of an nsIInterfaceRequestor for use
+// as context for NSS calls
+//
+class PipUIContext : public nsIInterfaceRequestor
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIINTERFACEREQUESTOR
+
+  PipUIContext();
+
+protected:
+  virtual ~PipUIContext();
+};
+
+//
+// Function to get the implementor for a certain set of NSS
+// specific dialogs.
+//
+
+nsresult 
+getNSSDialogs(void **_result, REFNSIID aIID, const char *contract);
+
+extern "C" {
+// a "fake" unicode conversion function
+PRBool
+pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
+                             unsigned char *inBuf,
+                             unsigned int inBufLen,
+                             unsigned char *outBuf,
+                             unsigned int maxOutBufLen,
+                             unsigned int *outBufLen,
+                             PRBool swapBytes);
+}
+
+//
+// A function that sets the password on an unitialized slot.
+//
+nsresult
+setPassword(PK11SlotInfo* slot, nsIInterfaceRequestor* ctx,
+            nsNSSShutDownPreventionLock& /*proofOfLock*/);
+
+#endif
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
new file mode 100644
index 000000000..8be215308
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -0,0 +1,2731 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+
+#include <algorithm>
+
+#include "NSSCertDBTrustDomain.h"
+#include "NSSErrorsService.h"
+#include "PSMRunnable.h"
+#include "SSLServerCertVerification.h"
+#include "ScopedNSSTypes.h"
+#include "SharedSSLState.h"
+#include "keyhi.h"
+#include "mozilla/Casting.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Move.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Telemetry.h"
+#include "nsArray.h"
+#include "nsArrayUtils.h"
+#include "nsCharSeparatedTokenizer.h"
+#include "nsClientAuthRemember.h"
+#include "nsContentUtils.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIConsoleService.h"
+#include "nsIPrefService.h"
+#include "nsISocketProvider.h"
+#include "nsIWebProgressListener.h"
+#include "nsNSSCertHelper.h"
+#include "nsNSSComponent.h"
+#include "nsPrintfCString.h"
+#include "nsServiceManagerUtils.h"
+#include "pkix/pkixtypes.h"
+#include "prmem.h"
+#include "prnetdb.h"
+#include "secder.h"
+#include "secerr.h"
+#include "ssl.h"
+#include "sslerr.h"
+#include "sslproto.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+//#define DEBUG_SSL_VERBOSE //Enable this define to get minimal
+                            //reports when doing SSL read/write
+
+//#define DUMP_BUFFER  //Enable this define along with
+                       //DEBUG_SSL_VERBOSE to dump SSL
+                       //read/write buffer to a log.
+                       //Uses PR_LOG except on Mac where
+                       //we always write out to our own
+                       //file.
+
+namespace {
+
+#define MAX_ALPN_LENGTH 255
+
+void
+getSiteKey(const nsACString& hostName, uint16_t port,
+           /*out*/ nsCSubstring& key)
+{
+  key = hostName;
+  key.AppendASCII(":");
+  key.AppendInt(port);
+}
+
+// Historically, we have required that the server negotiate ALPN or NPN in
+// order to false start, as a compatibility hack to work around
+// implementations that just stop responding during false start. However, now
+// false start is resricted to modern crypto (TLS 1.2 and AEAD cipher suites)
+// so it is less likely that requring NPN or ALPN is still necessary.
+static const bool FALSE_START_REQUIRE_NPN_DEFAULT = false;
+
+} // unnamed namespace
+
+extern LazyLogModule gPIPNSSLog;
+
+nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags)
+  : mFd(nullptr),
+    mCertVerificationState(before_cert_verification),
+    mSharedState(aState),
+    mForSTARTTLS(false),
+    mHandshakePending(true),
+    mRememberClientAuthCertificate(false),
+    mPreliminaryHandshakeDone(false),
+    mNPNCompleted(false),
+    mEarlyDataAccepted(false),
+    mFalseStartCallbackCalled(false),
+    mFalseStarted(false),
+    mIsFullHandshake(false),
+    mHandshakeCompleted(false),
+    mJoined(false),
+    mSentClientCert(false),
+    mNotedTimeUntilReady(false),
+    mFailedVerification(false),
+    mKEAUsed(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN),
+    mKEAKeyBits(0),
+    mSSLVersionUsed(nsISSLSocketControl::SSL_VERSION_UNKNOWN),
+    mMACAlgorithmUsed(nsISSLSocketControl::SSL_MAC_UNKNOWN),
+    mBypassAuthentication(false),
+    mProviderFlags(providerFlags),
+    mSocketCreationTimestamp(TimeStamp::Now()),
+    mPlaintextBytesRead(0),
+    mClientCert(nullptr)
+{
+  mTLSVersionRange.min = 0;
+  mTLSVersionRange.max = 0;
+}
+
+nsNSSSocketInfo::~nsNSSSocketInfo()
+{
+}
+
+NS_IMPL_ISUPPORTS_INHERITED(nsNSSSocketInfo, TransportSecurityInfo,
+                            nsISSLSocketControl,
+                            nsIClientAuthUserDecision)
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetProviderFlags(uint32_t* aProviderFlags)
+{
+  *aProviderFlags = mProviderFlags;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetKEAUsed(int16_t* aKea)
+{
+  *aKea = mKEAUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetKEAKeyBits(uint32_t* aKeyBits)
+{
+  *aKeyBits = mKEAKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetSSLVersionUsed(int16_t* aSSLVersionUsed)
+{
+  *aSSLVersionUsed = mSSLVersionUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetSSLVersionOffered(int16_t* aSSLVersionOffered)
+{
+  *aSSLVersionOffered = mTLSVersionRange.max;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetMACAlgorithmUsed(int16_t* aMac)
+{
+  *aMac = mMACAlgorithmUsed;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetClientCert(nsIX509Cert** aClientCert)
+{
+  NS_ENSURE_ARG_POINTER(aClientCert);
+  *aClientCert = mClientCert;
+  NS_IF_ADDREF(*aClientCert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetClientCert(nsIX509Cert* aClientCert)
+{
+  mClientCert = aClientCert;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetBypassAuthentication(bool* arg)
+{
+  *arg = mBypassAuthentication;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetFailedVerification(bool* arg)
+{
+  *arg = mFailedVerification;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetRememberClientAuthCertificate(bool* aRemember)
+{
+  NS_ENSURE_ARG_POINTER(aRemember);
+  *aRemember = mRememberClientAuthCertificate;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetRememberClientAuthCertificate(bool aRemember)
+{
+  mRememberClientAuthCertificate = aRemember;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetNotificationCallbacks(nsIInterfaceRequestor** aCallbacks)
+{
+  *aCallbacks = mCallbacks;
+  NS_IF_ADDREF(*aCallbacks);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetNotificationCallbacks(nsIInterfaceRequestor* aCallbacks)
+{
+  if (!aCallbacks) {
+    mCallbacks = nullptr;
+    return NS_OK;
+  }
+
+  mCallbacks = aCallbacks;
+
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::NoteTimeUntilReady()
+{
+  if (mNotedTimeUntilReady)
+    return;
+
+  mNotedTimeUntilReady = true;
+
+  // This will include TCP and proxy tunnel wait time
+  Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_READY,
+                                 mSocketCreationTimestamp, TimeStamp::Now());
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] nsNSSSocketInfo::NoteTimeUntilReady\n", mFd));
+}
+
+void
+nsNSSSocketInfo::SetHandshakeCompleted()
+{
+  if (!mHandshakeCompleted) {
+    enum HandshakeType {
+      Resumption = 1,
+      FalseStarted = 2,
+      ChoseNotToFalseStart = 3,
+      NotAllowedToFalseStart = 4,
+    };
+
+    HandshakeType handshakeType = !IsFullHandshake() ? Resumption
+                                : mFalseStarted ? FalseStarted
+                                : mFalseStartCallbackCalled ? ChoseNotToFalseStart
+                                : NotAllowedToFalseStart;
+
+    // This will include TCP and proxy tunnel wait time
+    Telemetry::AccumulateTimeDelta(Telemetry::SSL_TIME_UNTIL_HANDSHAKE_FINISHED,
+                                   mSocketCreationTimestamp, TimeStamp::Now());
+
+    // If the handshake is completed for the first time from just 1 callback
+    // that means that TLS session resumption must have been used.
+    Telemetry::Accumulate(Telemetry::SSL_RESUMED_SESSION,
+                          handshakeType == Resumption);
+    Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_TYPE, handshakeType);
+  }
+
+
+    // Remove the plain text layer as it is not needed anymore.
+    // The plain text layer is not always present - so its not a fatal error
+    // if it cannot be removed
+    PRFileDesc* poppedPlaintext =
+      PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    if (poppedPlaintext) {
+      PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+      poppedPlaintext->dtor(poppedPlaintext);
+    }
+
+    mHandshakeCompleted = true;
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsNSSSocketInfo::SetHandshakeCompleted\n", (void*) mFd));
+
+    mIsFullHandshake = false; // reset for next handshake on this connection
+}
+
+void
+nsNSSSocketInfo::SetNegotiatedNPN(const char* value, uint32_t length)
+{
+  if (!value) {
+    mNegotiatedNPN.Truncate();
+  } else {
+    mNegotiatedNPN.Assign(value, length);
+  }
+  mNPNCompleted = true;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetNegotiatedNPN(nsACString& aNegotiatedNPN)
+{
+  if (!mNPNCompleted)
+    return NS_ERROR_NOT_CONNECTED;
+
+  aNegotiatedNPN = mNegotiatedNPN;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetAlpnEarlySelection(nsACString& aAlpnSelected)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown() || isPK11LoggedOut()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  SSLNextProtoState alpnState;
+  unsigned char chosenAlpn[MAX_ALPN_LENGTH];
+  unsigned int chosenAlpnLen;
+  SECStatus rv = SSL_GetNextProto(mFd, &alpnState, chosenAlpn, &chosenAlpnLen,
+                                  AssertedCast<unsigned int>(ArrayLength(chosenAlpn)));
+
+  if (rv != SECSuccess || alpnState != SSL_NEXT_PROTO_EARLY_VALUE ||
+      chosenAlpnLen == 0) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  aAlpnSelected.Assign(BitwiseCast<char*, unsigned char*>(chosenAlpn),
+                       chosenAlpnLen);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::GetEarlyDataAccepted(bool* aAccepted)
+{
+  *aAccepted = mEarlyDataAccepted;
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::SetEarlyDataAccepted(bool aAccepted)
+{
+  mEarlyDataAccepted = aAccepted;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::DriveHandshake()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown() || isPK11LoggedOut()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+  if (!mFd) {
+    return NS_ERROR_FAILURE;
+  }
+  PRErrorCode errorCode = GetErrorCode();
+  if (errorCode) {
+    return GetXPCOMFromNSSError(errorCode);
+  }
+
+  SECStatus rv = SSL_ForceHandshake(mFd);
+
+  if (rv != SECSuccess) {
+    errorCode = PR_GetError();
+    if (errorCode == PR_WOULD_BLOCK_ERROR) {
+      return NS_BASE_STREAM_WOULD_BLOCK;
+    }
+
+    SetCanceled(errorCode, PlainErrorMessage);
+    return GetXPCOMFromNSSError(errorCode);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::IsAcceptableForHost(const nsACString& hostname, bool* _retval)
+{
+  NS_ENSURE_ARG(_retval);
+
+  *_retval = false;
+
+  // If this is the same hostname then the certicate status does not
+  // need to be considered. They are joinable.
+  if (hostname.Equals(GetHostName())) {
+    *_retval = true;
+    return NS_OK;
+  }
+
+  // Before checking the server certificate we need to make sure the
+  // handshake has completed.
+  if (!mHandshakeCompleted || !SSLStatus() || !SSLStatus()->HasServerCert()) {
+    return NS_OK;
+  }
+
+  // If the cert has error bits (e.g. it is untrusted) then do not join.
+  // The value of mHaveCertErrorBits is only reliable because we know that
+  // the handshake completed.
+  if (SSLStatus()->mHaveCertErrorBits)
+    return NS_OK;
+
+  // If the connection is using client certificates then do not join
+  // because the user decides on whether to send client certs to hosts on a
+  // per-domain basis.
+  if (mSentClientCert)
+    return NS_OK;
+
+  // Ensure that the server certificate covers the hostname that would
+  // like to join this connection
+
+  UniqueCERTCertificate nssCert;
+
+  nsCOMPtr<nsIX509Cert> cert;
+  if (NS_FAILED(SSLStatus()->GetServerCert(getter_AddRefs(cert)))) {
+    return NS_OK;
+  }
+  if (cert) {
+    nssCert.reset(cert->GetCert());
+  }
+
+  if (!nssCert) {
+    return NS_OK;
+  }
+
+  // Attempt to verify the joinee's certificate using the joining hostname.
+  // This ensures that any hostname-specific verification logic (e.g. key
+  // pinning) is satisfied by the joinee's certificate chain.
+  // This verification only uses local information; since we're on the network
+  // thread, we would be blocking on ourselves if we attempted any network i/o.
+  // TODO(bug 1056935): The certificate chain built by this verification may be
+  // different than the certificate chain originally built during the joined
+  // connection's TLS handshake. Consequently, we may report a wrong and/or
+  // misleading certificate chain for HTTP transactions coalesced onto this
+  // connection. This may become problematic in the future. For example,
+  // if/when we begin relying on intermediate certificates being stored in the
+  // securityInfo of a cached HTTPS response, that cached certificate chain may
+  // actually be the wrong chain. We should consider having JoinConnection
+  // return the certificate chain built here, so that the calling Necko code
+  // can associate the correct certificate chain with the HTTP transactions it
+  // is trying to join onto this connection.
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  if (!certVerifier) {
+    return NS_OK;
+  }
+  nsAutoCString hostnameFlat(PromiseFlatCString(hostname));
+  CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY;
+  UniqueCERTCertList unusedBuiltChain;
+  mozilla::pkix::Result result =
+    certVerifier->VerifySSLServerCert(nssCert,
+                                      nullptr, // stapledOCSPResponse
+                                      nullptr, // sctsFromTLSExtension
+                                      mozilla::pkix::Now(),
+                                      nullptr, // pinarg
+                                      hostnameFlat.get(),
+                                      unusedBuiltChain,
+                                      false, // save intermediates
+                                      flags);
+  if (result != mozilla::pkix::Success) {
+    return NS_OK;
+  }
+
+  // All tests pass
+  *_retval = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::JoinConnection(const nsACString& npnProtocol,
+                                const nsACString& hostname,
+                                int32_t port,
+                                bool* _retval)
+{
+  *_retval = false;
+
+  // Different ports may not be joined together
+  if (port != GetPort())
+    return NS_OK;
+
+  // Make sure NPN has been completed and matches requested npnProtocol
+  if (!mNPNCompleted || !mNegotiatedNPN.Equals(npnProtocol))
+    return NS_OK;
+
+  if (mBypassAuthentication) {
+    // An unauthenticated connection does not know whether or not it
+    // is acceptable for a particular hostname
+    return NS_OK;
+  }
+
+  IsAcceptableForHost(hostname, _retval);
+
+  if (*_retval) {
+    // All tests pass - this is joinable
+    mJoined = true;
+  }
+  return NS_OK;
+}
+
+bool
+nsNSSSocketInfo::GetForSTARTTLS()
+{
+  return mForSTARTTLS;
+}
+
+void
+nsNSSSocketInfo::SetForSTARTTLS(bool aForSTARTTLS)
+{
+  mForSTARTTLS = aForSTARTTLS;
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::ProxyStartSSL()
+{
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::StartTLS()
+{
+  return ActivateSSL();
+}
+
+NS_IMETHODIMP
+nsNSSSocketInfo::SetNPNList(nsTArray<nsCString>& protocolArray)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+  if (!mFd)
+    return NS_ERROR_FAILURE;
+
+  // the npn list is a concatenated list of 8 bit byte strings.
+  nsCString npnList;
+
+  for (uint32_t index = 0; index < protocolArray.Length(); ++index) {
+    if (protocolArray[index].IsEmpty() ||
+        protocolArray[index].Length() > 255)
+      return NS_ERROR_ILLEGAL_VALUE;
+
+    npnList.Append(protocolArray[index].Length());
+    npnList.Append(protocolArray[index]);
+  }
+
+  if (SSL_SetNextProtoNego(
+        mFd,
+        BitwiseCast<const unsigned char*, const char*>(npnList.get()),
+        npnList.Length()) != SECSuccess)
+    return NS_ERROR_FAILURE;
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::ActivateSSL()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (SECSuccess != SSL_OptionSet(mFd, SSL_SECURITY, true))
+    return NS_ERROR_FAILURE;
+  if (SECSuccess != SSL_ResetHandshake(mFd, false))
+    return NS_ERROR_FAILURE;
+
+  mHandshakePending = true;
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::GetFileDescPtr(PRFileDesc** aFilePtr)
+{
+  *aFilePtr = mFd;
+  return NS_OK;
+}
+
+nsresult
+nsNSSSocketInfo::SetFileDescPtr(PRFileDesc* aFilePtr)
+{
+  mFd = aFilePtr;
+  return NS_OK;
+}
+
+void
+nsNSSSocketInfo::SetCertVerificationWaiting()
+{
+  // mCertVerificationState may be before_cert_verification for the first
+  // handshake on the connection, or after_cert_verification for subsequent
+  // renegotiation handshakes.
+  NS_ASSERTION(mCertVerificationState != waiting_for_cert_verification,
+               "Invalid state transition to waiting_for_cert_verification");
+  mCertVerificationState = waiting_for_cert_verification;
+}
+
+// Be careful that SetCertVerificationResult does NOT get called while we are
+// processing a SSL callback function, because SSL_AuthCertificateComplete will
+// attempt to acquire locks that are already held by libssl when it calls
+// callbacks.
+void
+nsNSSSocketInfo::SetCertVerificationResult(PRErrorCode errorCode,
+                                           SSLErrorMessageType errorMessageType)
+{
+  NS_ASSERTION(mCertVerificationState == waiting_for_cert_verification,
+               "Invalid state transition to cert_verification_finished");
+
+  if (mFd) {
+    SECStatus rv = SSL_AuthCertificateComplete(mFd, errorCode);
+    // Only replace errorCode if there was originally no error
+    if (rv != SECSuccess && errorCode == 0) {
+      errorCode = PR_GetError();
+      errorMessageType = PlainErrorMessage;
+      if (errorCode == 0) {
+        NS_ERROR("SSL_AuthCertificateComplete didn't set error code");
+        errorCode = PR_INVALID_STATE_ERROR;
+      }
+    }
+  }
+
+  if (errorCode) {
+    mFailedVerification = true;
+    SetCanceled(errorCode, errorMessageType);
+  }
+
+  if (mPlaintextBytesRead && !errorCode) {
+    Telemetry::Accumulate(Telemetry::SSL_BYTES_BEFORE_CERT_CALLBACK,
+                          AssertedCast<uint32_t>(mPlaintextBytesRead));
+  }
+
+  mCertVerificationState = after_cert_verification;
+}
+
+SharedSSLState&
+nsNSSSocketInfo::SharedState()
+{
+  return mSharedState;
+}
+
+void nsSSLIOLayerHelpers::Cleanup()
+{
+  MutexAutoLock lock(mutex);
+  mTLSIntoleranceInfo.Clear();
+  mInsecureFallbackSites.Clear();
+}
+
+static void
+nsHandleSSLError(nsNSSSocketInfo* socketInfo,
+                 ::mozilla::psm::SSLErrorMessageType errtype,
+                 PRErrorCode err)
+{
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsHandleSSLError called off the main thread");
+    return;
+  }
+
+  // SetCanceled is only called by the main thread or the socket transport
+  // thread. Whenever this function is called on the main thread, the SSL
+  // thread is blocked on it. So, no mutex is necessary for
+  // SetCanceled()/GetError*().
+  if (socketInfo->GetErrorCode()) {
+    // If the socket has been flagged as canceled,
+    // the code who did was responsible for setting the error code.
+    return;
+  }
+
+  // We must cancel first, which sets the error code.
+  socketInfo->SetCanceled(err, PlainErrorMessage);
+  nsXPIDLString errorString;
+  socketInfo->GetErrorLogMessage(err, errtype, errorString);
+
+  if (!errorString.IsEmpty()) {
+    nsContentUtils::LogSimpleConsoleError(errorString, "SSL");
+  }
+}
+
+namespace {
+
+enum Operation { reading, writing, not_reading_or_writing };
+
+int32_t checkHandshake(int32_t bytesTransfered, bool wasReading,
+                       PRFileDesc* ssl_layer_fd,
+                       nsNSSSocketInfo* socketInfo);
+
+nsNSSSocketInfo*
+getSocketInfoIfRunning(PRFileDesc* fd, Operation op,
+                       const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  if (!fd || !fd->lower || !fd->secret ||
+      fd->identity != nsSSLIOLayerHelpers::nsSSLIOLayerIdentity) {
+    NS_ERROR("bad file descriptor passed to getSocketInfoIfRunning");
+    PR_SetError(PR_BAD_DESCRIPTOR_ERROR, 0);
+    return nullptr;
+  }
+
+  nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret;
+
+  if (socketInfo->isAlreadyShutDown() || socketInfo->isPK11LoggedOut()) {
+    PR_SetError(PR_SOCKET_SHUTDOWN_ERROR, 0);
+    return nullptr;
+  }
+
+  if (socketInfo->GetErrorCode()) {
+    PRErrorCode err = socketInfo->GetErrorCode();
+    PR_SetError(err, 0);
+    if (op == reading || op == writing) {
+      // We must do TLS intolerance checks for reads and writes, for timeouts
+      // in particular.
+      (void) checkHandshake(-1, op == reading, fd, socketInfo);
+    }
+
+    // If we get here, it is probably because cert verification failed and this
+    // is the first I/O attempt since that failure.
+    return nullptr;
+  }
+
+  return socketInfo;
+}
+
+} // namespace
+
+static PRStatus
+nsSSLIOLayerConnect(PRFileDesc* fd, const PRNetAddr* addr,
+                    PRIntervalTime timeout)
+{
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] connecting SSL socket\n",
+         (void*) fd));
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  PRStatus status = fd->lower->methods->connect(fd->lower, addr, timeout);
+  if (status != PR_SUCCESS) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("[%p] Lower layer connect error: %d\n",
+                                      (void*) fd, PR_GetError()));
+    return status;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Connect\n", (void*) fd));
+  return status;
+}
+
+void
+nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
+                                               int16_t port, uint16_t tolerant)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    entry.tolerant = std::max(entry.tolerant, tolerant);
+    if (entry.intolerant != 0 && entry.intolerant <= entry.tolerant) {
+      entry.intolerant = entry.tolerant + 1;
+      entry.intoleranceReason = 0; // lose the reason
+    }
+    if (entry.strongCipherStatus == StrongCipherStatusUnknown) {
+      entry.strongCipherStatus = StrongCiphersWorked;
+    }
+  } else {
+    entry.tolerant = tolerant;
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+    entry.strongCipherStatus = StrongCiphersWorked;
+  }
+
+  entry.AssertInvariant();
+
+  mTLSIntoleranceInfo.Put(key, entry);
+}
+
+void
+nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
+                                       int16_t port)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+
+    entry.intolerant = 0;
+    entry.intoleranceReason = 0;
+    if (entry.strongCipherStatus != StrongCiphersWorked) {
+      entry.strongCipherStatus = StrongCipherStatusUnknown;
+    }
+
+    entry.AssertInvariant();
+    mTLSIntoleranceInfo.Put(key, entry);
+  }
+}
+
+bool
+nsSSLIOLayerHelpers::fallbackLimitReached(const nsACString& hostName,
+                                          uint16_t intolerant)
+{
+  if (isInsecureFallbackSite(hostName)) {
+    return intolerant <= SSL_LIBRARY_VERSION_TLS_1_0;
+  }
+  return intolerant <= mVersionFallbackLimit;
+}
+
+// returns true if we should retry the handshake
+bool
+nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
+                                                 int16_t port,
+                                                 uint16_t minVersion,
+                                                 uint16_t intolerant,
+                                                 PRErrorCode intoleranceReason)
+{
+  if (intolerant <= minVersion || fallbackLimitReached(hostName, intolerant)) {
+    // We can't fall back any further. Assume that intolerance isn't the issue.
+    forgetIntolerance(hostName, port);
+    return false;
+  }
+
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    if (intolerant <= entry.tolerant) {
+      // We already know the server is tolerant at an equal or higher version.
+      return false;
+    }
+    if ((entry.intolerant != 0 && intolerant >= entry.intolerant)) {
+      // We already know that the server is intolerant at a lower version.
+      return true;
+    }
+  } else {
+    entry.tolerant = 0;
+    entry.strongCipherStatus = StrongCipherStatusUnknown;
+  }
+
+  entry.intolerant = intolerant;
+  entry.intoleranceReason = intoleranceReason;
+  entry.AssertInvariant();
+  mTLSIntoleranceInfo.Put(key, entry);
+
+  return true;
+}
+
+// returns true if we should retry the handshake
+bool
+nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName,
+                                                 int16_t port,
+                                                 PRErrorCode intoleranceReason)
+{
+  nsCString key;
+  getSiteKey(hostName, port, key);
+
+  MutexAutoLock lock(mutex);
+
+  IntoleranceEntry entry;
+  if (mTLSIntoleranceInfo.Get(key, &entry)) {
+    entry.AssertInvariant();
+    if (entry.strongCipherStatus != StrongCipherStatusUnknown) {
+      // We already know if the server supports a strong cipher.
+      return false;
+    }
+  } else {
+    entry.tolerant = 0;
+    entry.intolerant = 0;
+    entry.intoleranceReason = intoleranceReason;
+  }
+
+  entry.strongCipherStatus = StrongCiphersFailed;
+  entry.AssertInvariant();
+  mTLSIntoleranceInfo.Put(key, entry);
+
+  return true;
+}
+
+void
+nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
+                                             int16_t port,
+                                             /*in/out*/ SSLVersionRange& range,
+                                             /*out*/ StrongCipherStatus& strongCipherStatus)
+{
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return;
+    }
+  }
+
+  entry.AssertInvariant();
+
+  if (entry.intolerant != 0) {
+    // We've tried connecting at a higher range but failed, so try at the
+    // version we haven't tried yet, unless we have reached the minimum.
+    if (range.min < entry.intolerant) {
+      range.max = entry.intolerant - 1;
+    }
+  }
+  strongCipherStatus = entry.strongCipherStatus;
+}
+
+PRErrorCode
+nsSSLIOLayerHelpers::getIntoleranceReason(const nsACString& hostName,
+                                          int16_t port)
+{
+  IntoleranceEntry entry;
+
+  {
+    nsCString key;
+    getSiteKey(hostName, port, key);
+
+    MutexAutoLock lock(mutex);
+    if (!mTLSIntoleranceInfo.Get(key, &entry)) {
+      return 0;
+    }
+  }
+
+  entry.AssertInvariant();
+  return entry.intoleranceReason;
+}
+
+bool nsSSLIOLayerHelpers::nsSSLIOLayerInitialized = false;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLIOLayerIdentity;
+PRDescIdentity nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLIOLayerMethods;
+PRIOMethods nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods;
+
+static PRStatus
+nsSSLIOLayerClose(PRFileDesc* fd)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!fd)
+    return PR_FAILURE;
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Shutting down socket\n",
+         (void*) fd));
+
+  nsNSSSocketInfo* socketInfo = (nsNSSSocketInfo*) fd->secret;
+  NS_ASSERTION(socketInfo,"nsNSSSocketInfo was null for an fd");
+
+  return socketInfo->CloseSocketAndDestroy(locker);
+}
+
+PRStatus
+nsNSSSocketInfo::CloseSocketAndDestroy(
+    const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  PRFileDesc* popped = PR_PopIOLayer(mFd, PR_TOP_IO_LAYER);
+  NS_ASSERTION(popped &&
+               popped->identity == nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+               "SSL Layer not on top of stack");
+
+  // The plain text layer is not always present - so its not a fatal error
+  // if it cannot be removed
+  PRFileDesc* poppedPlaintext =
+    PR_GetIdentitiesLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+  if (poppedPlaintext) {
+    PR_PopIOLayer(mFd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    poppedPlaintext->dtor(poppedPlaintext);
+  }
+
+  PRStatus status = mFd->methods->close(mFd);
+
+  // the nsNSSSocketInfo instance can out-live the connection, so we need some
+  // indication that the connection has been closed. mFd == nullptr is that
+  // indication. This is needed, for example, when the connection is closed
+  // before we have finished validating the server's certificate.
+  mFd = nullptr;
+
+  if (status != PR_SUCCESS) return status;
+
+  popped->identity = PR_INVALID_IO_LAYER;
+  NS_RELEASE_THIS();
+  popped->dtor(popped);
+
+  return PR_SUCCESS;
+}
+
+#if defined(DEBUG_SSL_VERBOSE) && defined(DUMP_BUFFER)
+// Dumps a (potentially binary) buffer using SSM_DEBUG.  (We could have used
+// the version in ssltrace.c, but that's specifically tailored to SSLTRACE.)
+#define DUMPBUF_LINESIZE 24
+static void
+nsDumpBuffer(unsigned char* buf, int len)
+{
+  char hexbuf[DUMPBUF_LINESIZE*3+1];
+  char chrbuf[DUMPBUF_LINESIZE+1];
+  static const char* hex = "0123456789abcdef";
+  int i = 0;
+  int l = 0;
+  char ch;
+  char* c;
+  char* h;
+  if (len == 0)
+    return;
+  hexbuf[DUMPBUF_LINESIZE*3] = '\0';
+  chrbuf[DUMPBUF_LINESIZE] = '\0';
+  (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3);
+  (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+  h = hexbuf;
+  c = chrbuf;
+
+  while (i < len) {
+    ch = buf[i];
+
+    if (l == DUMPBUF_LINESIZE) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+      (void) memset(hexbuf, 0x20, DUMPBUF_LINESIZE*3);
+      (void) memset(chrbuf, 0x20, DUMPBUF_LINESIZE);
+      h = hexbuf;
+      c = chrbuf;
+      l = 0;
+    }
+
+    // Convert a character to hex.
+    *h++ = hex[(ch >> 4) & 0xf];
+    *h++ = hex[ch & 0xf];
+    h++;
+
+    // Put the character (if it's printable) into the character buffer.
+    if ((ch >= 0x20) && (ch <= 0x7e)) {
+      *c++ = ch;
+    } else {
+      *c++ = '.';
+    }
+    i++; l++;
+  }
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("%s%s\n", hexbuf, chrbuf));
+}
+
+#define DEBUG_DUMP_BUFFER(buf,len) nsDumpBuffer(buf,len)
+#else
+#define DEBUG_DUMP_BUFFER(buf,len)
+#endif
+
+class SSLErrorRunnable : public SyncRunnableBase
+{
+ public:
+  SSLErrorRunnable(nsNSSSocketInfo* infoObject,
+                   ::mozilla::psm::SSLErrorMessageType errtype,
+                   PRErrorCode errorCode)
+    : mInfoObject(infoObject)
+    , mErrType(errtype)
+    , mErrorCode(errorCode)
+  {
+  }
+
+  virtual void RunOnTargetThread()
+  {
+    nsHandleSSLError(mInfoObject, mErrType, mErrorCode);
+  }
+
+  RefPtr<nsNSSSocketInfo> mInfoObject;
+  ::mozilla::psm::SSLErrorMessageType mErrType;
+  const PRErrorCode mErrorCode;
+};
+
+namespace {
+
+uint32_t tlsIntoleranceTelemetryBucket(PRErrorCode err)
+{
+  // returns a numeric code for where we track various errors in telemetry
+  // only errors that cause version fallback are tracked,
+  // so this is also used to determine which errors can cause version fallback
+  switch (err) {
+    case SSL_ERROR_BAD_MAC_ALERT: return 1;
+    case SSL_ERROR_BAD_MAC_READ: return 2;
+    case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: return 3;
+    case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: return 4;
+    case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: return 6;
+    case SSL_ERROR_NO_CYPHER_OVERLAP: return 7;
+    case SSL_ERROR_UNSUPPORTED_VERSION: return 10;
+    case SSL_ERROR_PROTOCOL_VERSION_ALERT: return 11;
+    case SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE: return 13;
+    case SSL_ERROR_DECODE_ERROR_ALERT: return 14;
+    case PR_CONNECT_RESET_ERROR: return 16;
+    case PR_END_OF_FILE_ERROR: return 17;
+    case SSL_ERROR_INTERNAL_ERROR_ALERT: return 18;
+    default: return 0;
+  }
+}
+
+bool
+retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
+{
+  // This function is supposed to decide which error codes should
+  // be used to conclude server is TLS intolerant.
+  // Note this only happens during the initial SSL handshake.
+
+  SSLVersionRange range = socketInfo->GetTLSVersionRange();
+  nsSSLIOLayerHelpers& helpers = socketInfo->SharedState().IOLayerHelpers();
+
+  if (err == SSL_ERROR_UNSUPPORTED_VERSION &&
+      range.min == SSL_LIBRARY_VERSION_TLS_1_0) {
+    socketInfo->SetSecurityState(nsIWebProgressListener::STATE_IS_INSECURE |
+                                 nsIWebProgressListener::STATE_USES_SSL_3);
+  }
+
+  // NSS will return SSL_ERROR_RX_MALFORMED_SERVER_HELLO if anti-downgrade
+  // detected the downgrade.
+  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT ||
+      err == SSL_ERROR_RX_MALFORMED_SERVER_HELLO) {
+    // This is a clear signal that we've fallen back too many versions.  Treat
+    // this as a hard failure, but forget any intolerance so that later attempts
+    // don't use this version (i.e., range.max) and trigger the error again.
+
+    // First, track the original cause of the version fallback.  This uses the
+    // same buckets as the telemetry below, except that bucket 0 will include
+    // all cases where there wasn't an original reason.
+    PRErrorCode originalReason =
+      helpers.getIntoleranceReason(socketInfo->GetHostName(),
+                                   socketInfo->GetPort());
+    Telemetry::Accumulate(Telemetry::SSL_VERSION_FALLBACK_INAPPROPRIATE,
+                          tlsIntoleranceTelemetryBucket(originalReason));
+
+    helpers.forgetIntolerance(socketInfo->GetHostName(),
+                              socketInfo->GetPort());
+
+    return false;
+  }
+
+  // Disallow PR_CONNECT_RESET_ERROR if fallback limit reached.
+  bool fallbackLimitReached =
+    helpers.fallbackLimitReached(socketInfo->GetHostName(), range.max);
+  if (err == PR_CONNECT_RESET_ERROR && fallbackLimitReached) {
+    return false;
+  }
+
+  if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
+       err == PR_CONNECT_RESET_ERROR) &&
+       nsNSSComponent::AreAnyWeakCiphersEnabled()) {
+    if (helpers.isInsecureFallbackSite(socketInfo->GetHostName()) ||
+        helpers.mUnrestrictedRC4Fallback) {
+      if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
+                                              socketInfo->GetPort(), err)) {
+        Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
+                              tlsIntoleranceTelemetryBucket(err));
+        return true;
+      }
+      Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
+    }
+  }
+
+  // When not using a proxy we'll see a connection reset error.
+  // When using a proxy, we'll see an end of file error.
+
+  // Don't allow STARTTLS connections to fall back on connection resets or
+  // EOF.
+  if ((err == PR_CONNECT_RESET_ERROR || err == PR_END_OF_FILE_ERROR)
+      && socketInfo->GetForSTARTTLS()) {
+    return false;
+  }
+
+  uint32_t reason = tlsIntoleranceTelemetryBucket(err);
+  if (reason == 0) {
+    return false;
+  }
+
+  Telemetry::ID pre;
+  Telemetry::ID post;
+  switch (range.max) {
+    case SSL_LIBRARY_VERSION_TLS_1_3:
+      pre = Telemetry::SSL_TLS13_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS13_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_2:
+      pre = Telemetry::SSL_TLS12_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS12_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_1:
+      pre = Telemetry::SSL_TLS11_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS11_INTOLERANCE_REASON_POST;
+      break;
+    case SSL_LIBRARY_VERSION_TLS_1_0:
+      pre = Telemetry::SSL_TLS10_INTOLERANCE_REASON_PRE;
+      post = Telemetry::SSL_TLS10_INTOLERANCE_REASON_POST;
+      break;
+    default:
+      MOZ_CRASH("impossible TLS version");
+      return false;
+  }
+
+  // The difference between _PRE and _POST represents how often we avoided
+  // TLS intolerance fallback due to remembered tolerance.
+  Telemetry::Accumulate(pre, reason);
+
+  if (!helpers.rememberIntolerantAtVersion(socketInfo->GetHostName(),
+                                           socketInfo->GetPort(),
+                                           range.min, range.max, err)) {
+    return false;
+  }
+
+  Telemetry::Accumulate(post, reason);
+
+  return true;
+}
+
+// Ensure that we haven't added too many errors to fit.
+static_assert((SSL_ERROR_END_OF_LIST - SSL_ERROR_BASE) <= 256,
+              "too many SSL errors");
+static_assert((SEC_ERROR_END_OF_LIST - SEC_ERROR_BASE) <= 256,
+              "too many SEC errors");
+static_assert((PR_MAX_ERROR - PR_NSPR_ERROR_BASE) <= 128,
+              "too many NSPR errors");
+static_assert((mozilla::pkix::ERROR_BASE - mozilla::pkix::END_OF_LIST) < 31,
+              "too many moz::pkix errors");
+
+static void
+reportHandshakeResult(int32_t bytesTransferred, bool wasReading, PRErrorCode err)
+{
+  uint32_t bucket;
+
+  // A negative bytesTransferred or a 0 read are errors.
+  if (bytesTransferred > 0) {
+    bucket = 0;
+  } else if ((bytesTransferred == 0) && !wasReading) {
+    // PR_Write() is defined to never return 0, but let's make sure.
+    // https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_Write.
+    MOZ_ASSERT(false);
+    bucket = 671;
+  } else if (IS_SSL_ERROR(err)) {
+    bucket = err - SSL_ERROR_BASE;
+    MOZ_ASSERT(bucket > 0);   // SSL_ERROR_EXPORT_ONLY_SERVER isn't used.
+  } else if (IS_SEC_ERROR(err)) {
+    bucket = (err - SEC_ERROR_BASE) + 256;
+  } else if ((err >= PR_NSPR_ERROR_BASE) && (err < PR_MAX_ERROR)) {
+    bucket = (err - PR_NSPR_ERROR_BASE) + 512;
+  } else if ((err >= mozilla::pkix::ERROR_BASE) &&
+             (err < mozilla::pkix::ERROR_LIMIT)) {
+    bucket = (err - mozilla::pkix::ERROR_BASE) + 640;
+  } else {
+    bucket = 671;
+  }
+
+  Telemetry::Accumulate(Telemetry::SSL_HANDSHAKE_RESULT, bucket);
+}
+
+int32_t
+checkHandshake(int32_t bytesTransfered, bool wasReading,
+               PRFileDesc* ssl_layer_fd, nsNSSSocketInfo* socketInfo)
+{
+  const PRErrorCode originalError = PR_GetError();
+  PRErrorCode err = originalError;
+
+  // This is where we work around all of those SSL servers that don't
+  // conform to the SSL spec and shutdown a connection when we request
+  // SSL v3.1 (aka TLS).  The spec says the client says what version
+  // of the protocol we're willing to perform, in our case SSL v3.1
+  // In its response, the server says which version it wants to perform.
+  // Many servers out there only know how to do v3.0.  Next, we're supposed
+  // to send back the version of the protocol we requested (ie v3.1).  At
+  // this point many servers's implementations are broken and they shut
+  // down the connection when they don't see the version they sent back.
+  // This is supposed to prevent a man in the middle from forcing one
+  // side to dumb down to a lower level of the protocol.  Unfortunately,
+  // there are enough broken servers out there that such a gross work-around
+  // is necessary.  :(
+
+  // Do NOT assume TLS intolerance on a closed connection after bad cert ui was shown.
+  // Simply retry.
+  // This depends on the fact that Cert UI will not be shown again,
+  // should the user override the bad cert.
+
+  bool handleHandshakeResultNow = socketInfo->IsHandshakePending();
+
+  bool wantRetry = false;
+
+  if (0 > bytesTransfered) {
+    if (handleHandshakeResultNow) {
+      if (PR_WOULD_BLOCK_ERROR == err) {
+        PR_SetError(err, 0);
+        return bytesTransfered;
+      }
+
+      wantRetry = retryDueToTLSIntolerance(err, socketInfo);
+    }
+
+    // This is the common place where we trigger non-cert-errors on a SSL
+    // socket. This might be reached at any time of the connection.
+    //
+    // The socketInfo->GetErrorCode() check is here to ensure we don't try to
+    // do the synchronous dispatch to the main thread unnecessarily after we've
+    // already handled a certificate error. (SSLErrorRunnable calls
+    // nsHandleSSLError, which has logic to avoid replacing the error message,
+    // so without the !socketInfo->GetErrorCode(), it would just be an
+    // expensive no-op.)
+    if (!wantRetry && mozilla::psm::IsNSSErrorCode(err) &&
+        !socketInfo->GetErrorCode()) {
+      RefPtr<SyncRunnableBase> runnable(new SSLErrorRunnable(socketInfo,
+                                                             PlainErrorMessage,
+                                                             err));
+      (void) runnable->DispatchToMainThreadAndWait();
+    }
+  } else if (wasReading && 0 == bytesTransfered) {
+    // zero bytes on reading, socket closed
+    if (handleHandshakeResultNow) {
+      wantRetry = retryDueToTLSIntolerance(PR_END_OF_FILE_ERROR, socketInfo);
+    }
+  }
+
+  if (wantRetry) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] checkHandshake: will retry with lower max TLS version\n",
+            ssl_layer_fd));
+    // We want to cause the network layer to retry the connection.
+    err = PR_CONNECT_RESET_ERROR;
+    if (wasReading)
+      bytesTransfered = -1;
+  }
+
+  // TLS intolerant servers only cause the first transfer to fail, so let's
+  // set the HandshakePending attribute to false so that we don't try the logic
+  // above again in a subsequent transfer.
+  if (handleHandshakeResultNow) {
+    // Report the result once for each handshake. Note that this does not
+    // get handshakes which are cancelled before any reads or writes
+    // happen.
+    reportHandshakeResult(bytesTransfered, wasReading, originalError);
+    socketInfo->SetHandshakeNotPending();
+  }
+
+  if (bytesTransfered < 0) {
+    // Remember that we encountered an error so that getSocketInfoIfRunning
+    // will correctly cause us to fail if another part of Gecko
+    // (erroneously) calls an I/O function (PR_Send/PR_Recv/etc.) again on
+    // this socket. Note that we use the original error because if we use
+    // PR_CONNECT_RESET_ERROR, we'll repeated try to reconnect.
+    if (originalError != PR_WOULD_BLOCK_ERROR && !socketInfo->GetErrorCode()) {
+      socketInfo->SetCanceled(originalError, PlainErrorMessage);
+    }
+    PR_SetError(err, 0);
+  }
+
+  return bytesTransfered;
+}
+
+} // namespace
+
+static int16_t
+nsSSLIOLayerPoll(PRFileDesc* fd, int16_t in_flags, int16_t* out_flags)
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (!out_flags) {
+    NS_WARNING("nsSSLIOLayerPoll called with null out_flags");
+    return 0;
+  }
+
+  *out_flags = 0;
+
+  nsNSSSocketInfo* socketInfo =
+    getSocketInfoIfRunning(fd, not_reading_or_writing, locker);
+
+  if (!socketInfo) {
+    // If we get here, it is probably because certificate validation failed
+    // and this is the first I/O operation after the failure.
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] polling SSL socket right after certificate verification failed "
+                  "or NSS shutdown or SDR logout %d\n",
+             fd, (int) in_flags));
+
+    NS_ASSERTION(in_flags & PR_POLL_EXCEPT,
+                 "caller did not poll for EXCEPT (canceled)");
+    // Since this poll method cannot return errors, we want the caller to call
+    // PR_Send/PR_Recv right away to get the error, so we tell that we are
+    // ready for whatever I/O they are asking for. (See getSocketInfoIfRunning).
+    *out_flags = in_flags | PR_POLL_EXCEPT; // see also bug 480619
+    return in_flags;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          (socketInfo->IsWaitingForCertVerification()
+             ?  "[%p] polling SSL socket during certificate verification using lower %d\n"
+             :  "[%p] poll SSL socket using lower %d\n",
+           fd, (int) in_flags));
+
+  // We want the handshake to continue during certificate validation, so we
+  // don't need to do anything special here. libssl automatically blocks when
+  // it reaches any point that would be unsafe to send/receive something before
+  // cert validation is complete.
+  int16_t result = fd->lower->methods->poll(fd->lower, in_flags, out_flags);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] poll SSL socket returned %d\n", (void*) fd, (int) result));
+  return result;
+}
+
+nsSSLIOLayerHelpers::nsSSLIOLayerHelpers()
+  : mTreatUnsafeNegotiationAsBroken(false)
+  , mTLSIntoleranceInfo()
+  , mFalseStartRequireNPN(false)
+  , mUnrestrictedRC4Fallback(false)
+  , mVersionFallbackLimit(SSL_LIBRARY_VERSION_TLS_1_0)
+  , mutex("nsSSLIOLayerHelpers.mutex")
+{
+}
+
+static int
+_PSM_InvalidInt(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return -1;
+}
+
+static int64_t
+_PSM_InvalidInt64(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return -1;
+}
+
+static PRStatus
+_PSM_InvalidStatus(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return PR_FAILURE;
+}
+
+static PRFileDesc*
+_PSM_InvalidDesc(void)
+{
+  MOZ_ASSERT_UNREACHABLE("I/O method is invalid");
+  PR_SetError(PR_INVALID_METHOD_ERROR, 0);
+  return nullptr;
+}
+
+static PRStatus
+PSMGetsockname(PRFileDesc* fd, PRNetAddr* addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getsockname(fd->lower, addr);
+}
+
+static PRStatus
+PSMGetpeername(PRFileDesc* fd, PRNetAddr* addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getpeername(fd->lower, addr);
+}
+
+static PRStatus
+PSMGetsocketoption(PRFileDesc* fd, PRSocketOptionData* data)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->getsocketoption(fd, data);
+}
+
+static PRStatus
+PSMSetsocketoption(PRFileDesc* fd, const PRSocketOptionData* data)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->setsocketoption(fd, data);
+}
+
+static int32_t
+PSMRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags,
+        PRIntervalTime timeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, reading, locker);
+  if (!socketInfo)
+    return -1;
+
+  if (flags != PR_MSG_PEEK && flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+  int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags,
+                                               timeout);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] read %d bytes\n", (void*) fd, bytesRead));
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*) buf, bytesRead);
+#endif
+
+  return checkHandshake(bytesRead, true, fd, socketInfo);
+}
+
+static int32_t
+PSMSend(PRFileDesc* fd, const void* buf, int32_t amount, int flags,
+        PRIntervalTime timeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsNSSSocketInfo* socketInfo = getSocketInfoIfRunning(fd, writing, locker);
+  if (!socketInfo)
+    return -1;
+
+  if (flags != 0) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return -1;
+  }
+
+#ifdef DEBUG_SSL_VERBOSE
+  DEBUG_DUMP_BUFFER((unsigned char*) buf, amount);
+#endif
+
+  int32_t bytesWritten = fd->lower->methods->send(fd->lower, buf, amount,
+                                                  flags, timeout);
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Verbose,
+          ("[%p] wrote %d bytes\n", fd, bytesWritten));
+
+  return checkHandshake(bytesWritten, false, fd, socketInfo);
+}
+
+static PRStatus
+PSMBind(PRFileDesc* fd, const PRNetAddr *addr)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker))
+    return PR_FAILURE;
+
+  return fd->lower->methods->bind(fd->lower, addr);
+}
+
+static int32_t
+nsSSLIOLayerRead(PRFileDesc* fd, void* buf, int32_t amount)
+{
+  return PSMRecv(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static int32_t
+nsSSLIOLayerWrite(PRFileDesc* fd, const void* buf, int32_t amount)
+{
+  return PSMSend(fd, buf, amount, 0, PR_INTERVAL_NO_TIMEOUT);
+}
+
+static PRStatus
+PSMConnectcontinue(PRFileDesc* fd, int16_t out_flags)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (!getSocketInfoIfRunning(fd, not_reading_or_writing, locker)) {
+    return PR_FAILURE;
+  }
+
+  return fd->lower->methods->connectcontinue(fd, out_flags);
+}
+
+static int
+PSMAvailable(void)
+{
+  // This is called through PR_Available(), but is not implemented in PSM
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+static int64_t
+PSMAvailable64(void)
+{
+  // This is called through PR_Available(), but is not implemented in PSM
+  PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
+  return -1;
+}
+
+namespace {
+
+class PrefObserver : public nsIObserver {
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  explicit PrefObserver(nsSSLIOLayerHelpers* aOwner) : mOwner(aOwner) {}
+
+protected:
+  virtual ~PrefObserver() {}
+private:
+  nsSSLIOLayerHelpers* mOwner;
+};
+
+} // unnamed namespace
+
+NS_IMPL_ISUPPORTS(PrefObserver, nsIObserver)
+
+NS_IMETHODIMP
+PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
+                      const char16_t* someData)
+{
+  if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    NS_ConvertUTF16toUTF8 prefName(someData);
+
+    if (prefName.EqualsLiteral("security.ssl.treat_unsafe_negotiation_as_broken")) {
+      bool enabled;
+      Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
+      mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
+    } else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) {
+      mOwner->mFalseStartRequireNPN =
+        Preferences::GetBool("security.ssl.false_start.require-npn",
+                             FALSE_START_REQUIRE_NPN_DEFAULT);
+    } else if (prefName.EqualsLiteral("security.tls.version.fallback-limit")) {
+      mOwner->loadVersionFallbackLimit();
+    } else if (prefName.EqualsLiteral("security.tls.insecure_fallback_hosts")) {
+      // Changes to the whitelist on the public side will update the pref.
+      // Don't propagate the changes to the private side.
+      if (mOwner->isPublic()) {
+        mOwner->initInsecureFallbackSites();
+      }
+    } else if (prefName.EqualsLiteral("security.tls.unrestricted_rc4_fallback")) {
+      mOwner->mUnrestrictedRC4Fallback =
+        Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
+    }
+  }
+  return NS_OK;
+}
+
+static int32_t
+PlaintextRecv(PRFileDesc* fd, void* buf, int32_t amount, int flags,
+              PRIntervalTime timeout)
+{
+  // The shutdownlocker is not needed here because it will already be
+  // held higher in the stack
+  nsNSSSocketInfo* socketInfo = nullptr;
+
+  int32_t bytesRead = fd->lower->methods->recv(fd->lower, buf, amount, flags,
+                                               timeout);
+  if (fd->identity == nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity)
+    socketInfo = (nsNSSSocketInfo*) fd->secret;
+
+  if ((bytesRead > 0) && socketInfo)
+    socketInfo->AddPlaintextBytesRead(bytesRead);
+  return bytesRead;
+}
+
+nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
+{
+  // mPrefObserver will only be set if this->Init was called. The GTest tests
+  // do not call Init.
+  if (mPrefObserver) {
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.ssl.treat_unsafe_negotiation_as_broken");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.ssl.false_start.require-npn");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.version.fallback-limit");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.insecure_fallback_hosts");
+    Preferences::RemoveObserver(mPrefObserver,
+        "security.tls.unrestricted_rc4_fallback");
+  }
+}
+
+nsresult
+nsSSLIOLayerHelpers::Init()
+{
+  if (!nsSSLIOLayerInitialized) {
+    nsSSLIOLayerInitialized = true;
+    nsSSLIOLayerIdentity = PR_GetUniqueIdentity("NSS layer");
+    nsSSLIOLayerMethods  = *PR_GetDefaultIOMethods();
+
+    nsSSLIOLayerMethods.available = (PRAvailableFN) PSMAvailable;
+    nsSSLIOLayerMethods.available64 = (PRAvailable64FN) PSMAvailable64;
+    nsSSLIOLayerMethods.fsync = (PRFsyncFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.seek = (PRSeekFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.seek64 = (PRSeek64FN) _PSM_InvalidInt64;
+    nsSSLIOLayerMethods.fileInfo = (PRFileInfoFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.fileInfo64 = (PRFileInfo64FN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.writev = (PRWritevFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.accept = (PRAcceptFN) _PSM_InvalidDesc;
+    nsSSLIOLayerMethods.listen = (PRListenFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.shutdown = (PRShutdownFN) _PSM_InvalidStatus;
+    nsSSLIOLayerMethods.recvfrom = (PRRecvfromFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.sendto = (PRSendtoFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.acceptread = (PRAcceptreadFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.transmitfile = (PRTransmitfileFN) _PSM_InvalidInt;
+    nsSSLIOLayerMethods.sendfile = (PRSendfileFN) _PSM_InvalidInt;
+
+    nsSSLIOLayerMethods.getsockname = PSMGetsockname;
+    nsSSLIOLayerMethods.getpeername = PSMGetpeername;
+    nsSSLIOLayerMethods.getsocketoption = PSMGetsocketoption;
+    nsSSLIOLayerMethods.setsocketoption = PSMSetsocketoption;
+    nsSSLIOLayerMethods.recv = PSMRecv;
+    nsSSLIOLayerMethods.send = PSMSend;
+    nsSSLIOLayerMethods.connectcontinue = PSMConnectcontinue;
+    nsSSLIOLayerMethods.bind = PSMBind;
+
+    nsSSLIOLayerMethods.connect = nsSSLIOLayerConnect;
+    nsSSLIOLayerMethods.close = nsSSLIOLayerClose;
+    nsSSLIOLayerMethods.write = nsSSLIOLayerWrite;
+    nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
+    nsSSLIOLayerMethods.poll = nsSSLIOLayerPoll;
+
+    nsSSLPlaintextLayerIdentity = PR_GetUniqueIdentity("Plaintxext PSM layer");
+    nsSSLPlaintextLayerMethods  = *PR_GetDefaultIOMethods();
+    nsSSLPlaintextLayerMethods.recv = PlaintextRecv;
+  }
+
+  bool enabled = false;
+  Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
+  setTreatUnsafeNegotiationAsBroken(enabled);
+
+  mFalseStartRequireNPN =
+    Preferences::GetBool("security.ssl.false_start.require-npn",
+                         FALSE_START_REQUIRE_NPN_DEFAULT);
+  loadVersionFallbackLimit();
+  initInsecureFallbackSites();
+  mUnrestrictedRC4Fallback =
+    Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
+
+  mPrefObserver = new PrefObserver(this);
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.ssl.treat_unsafe_negotiation_as_broken");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.ssl.false_start.require-npn");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.version.fallback-limit");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.insecure_fallback_hosts");
+  Preferences::AddStrongObserver(mPrefObserver,
+                                 "security.tls.unrestricted_rc4_fallback");
+  return NS_OK;
+}
+
+void
+nsSSLIOLayerHelpers::loadVersionFallbackLimit()
+{
+  // see nsNSSComponent::setEnabledTLSVersions for pref handling rules
+  uint32_t limit = Preferences::GetUint("security.tls.version.fallback-limit",
+                                        3); // 3 = TLS 1.2
+  SSLVersionRange defaults = { SSL_LIBRARY_VERSION_TLS_1_2,
+                               SSL_LIBRARY_VERSION_TLS_1_2 };
+  SSLVersionRange filledInRange;
+  nsNSSComponent::FillTLSVersionRange(filledInRange, limit, limit, defaults);
+  if (filledInRange.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+    filledInRange.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  mVersionFallbackLimit = filledInRange.max;
+}
+
+void
+nsSSLIOLayerHelpers::clearStoredData()
+{
+  MutexAutoLock lock(mutex);
+  mInsecureFallbackSites.Clear();
+  mTLSIntoleranceInfo.Clear();
+}
+
+void
+nsSSLIOLayerHelpers::setInsecureFallbackSites(const nsCString& str)
+{
+  MutexAutoLock lock(mutex);
+
+  mInsecureFallbackSites.Clear();
+
+  if (str.IsEmpty()) {
+    return;
+  }
+
+  nsCCharSeparatedTokenizer toker(str, ',');
+
+  while (toker.hasMoreTokens()) {
+    const nsCSubstring& host = toker.nextToken();
+    if (!host.IsEmpty()) {
+      mInsecureFallbackSites.PutEntry(host);
+    }
+  }
+}
+
+void
+nsSSLIOLayerHelpers::initInsecureFallbackSites()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCString insecureFallbackHosts;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts",
+                          &insecureFallbackHosts);
+  setInsecureFallbackSites(insecureFallbackHosts);
+}
+
+bool
+nsSSLIOLayerHelpers::isPublic() const
+{
+  return this == &PublicSSLState()->IOLayerHelpers();
+}
+
+void
+nsSSLIOLayerHelpers::addInsecureFallbackSite(const nsCString& hostname,
+                                             bool temporary)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  {
+    MutexAutoLock lock(mutex);
+    if (mInsecureFallbackSites.Contains(hostname)) {
+      return;
+    }
+    mInsecureFallbackSites.PutEntry(hostname);
+  }
+  if (!isPublic() || temporary) {
+    return;
+  }
+  nsCString value;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts", &value);
+  if (!value.IsEmpty()) {
+    value.Append(',');
+  }
+  value.Append(hostname);
+  Preferences::SetCString("security.tls.insecure_fallback_hosts", value);
+}
+
+class FallbackPrefRemover final : public Runnable
+{
+public:
+  explicit FallbackPrefRemover(const nsACString& aHost)
+    : mHost(aHost)
+  {}
+  NS_IMETHOD Run() override;
+private:
+  nsCString mHost;
+};
+
+NS_IMETHODIMP
+FallbackPrefRemover::Run()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsCString oldValue;
+  Preferences::GetCString("security.tls.insecure_fallback_hosts", &oldValue);
+  nsCCharSeparatedTokenizer toker(oldValue, ',');
+  nsCString newValue;
+  while (toker.hasMoreTokens()) {
+    const nsCSubstring& host = toker.nextToken();
+    if (host.Equals(mHost)) {
+      continue;
+    }
+    if (!newValue.IsEmpty()) {
+      newValue.Append(',');
+    }
+    newValue.Append(host);
+  }
+  Preferences::SetCString("security.tls.insecure_fallback_hosts", newValue);
+  return NS_OK;
+}
+
+void
+nsSSLIOLayerHelpers::removeInsecureFallbackSite(const nsACString& hostname,
+                                                uint16_t port)
+{
+  forgetIntolerance(hostname, port);
+  {
+    MutexAutoLock lock(mutex);
+    if (!mInsecureFallbackSites.Contains(hostname)) {
+      return;
+    }
+    mInsecureFallbackSites.RemoveEntry(hostname);
+  }
+  if (!isPublic()) {
+    return;
+  }
+  RefPtr<Runnable> runnable = new FallbackPrefRemover(hostname);
+  if (NS_IsMainThread()) {
+    runnable->Run();
+  } else {
+    NS_DispatchToMainThread(runnable);
+  }
+}
+
+bool
+nsSSLIOLayerHelpers::isInsecureFallbackSite(const nsACString& hostname)
+{
+  MutexAutoLock lock(mutex);
+  return mInsecureFallbackSites.Contains(hostname);
+}
+
+void
+nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(bool broken)
+{
+  MutexAutoLock lock(mutex);
+  mTreatUnsafeNegotiationAsBroken = broken;
+}
+
+bool
+nsSSLIOLayerHelpers::treatUnsafeNegotiationAsBroken()
+{
+  MutexAutoLock lock(mutex);
+  return mTreatUnsafeNegotiationAsBroken;
+}
+
+nsresult
+nsSSLIOLayerNewSocket(int32_t family,
+                      const char* host,
+                      int32_t port,
+                      nsIProxyInfo *proxy,
+                      const NeckoOriginAttributes& originAttributes,
+                      PRFileDesc** fd,
+                      nsISupports** info,
+                      bool forSTARTTLS,
+                      uint32_t flags)
+{
+
+  PRFileDesc* sock = PR_OpenTCPSocket(family);
+  if (!sock) return NS_ERROR_OUT_OF_MEMORY;
+
+  nsresult rv = nsSSLIOLayerAddToSocket(family, host, port, proxy,
+                                        originAttributes, sock, info,
+                                        forSTARTTLS, flags);
+  if (NS_FAILED(rv)) {
+    PR_Close(sock);
+    return rv;
+  }
+
+  *fd = sock;
+  return NS_OK;
+}
+
+// Creates CA names strings from (CERTDistNames* caNames)
+//
+// - arena: arena to allocate strings on
+// - caNameStrings: filled with CA names strings on return
+// - caNames: CERTDistNames to extract strings from
+// - return: SECSuccess if successful; error code otherwise
+//
+// Note: copied in its entirety from Nova code
+static SECStatus
+nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
+                          CERTDistNames* caNames)
+{
+    MOZ_ASSERT(arena.get());
+    MOZ_ASSERT(caNameStrings);
+    MOZ_ASSERT(caNames);
+    if (!arena.get() || !caNameStrings || !caNames) {
+        PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+        return SECFailure;
+    }
+
+    SECItem* dername;
+    SECStatus rv;
+    int headerlen;
+    uint32_t contentlen;
+    SECItem newitem;
+    int n;
+    char* namestring;
+
+    for (n = 0; n < caNames->nnames; n++) {
+        newitem.data = nullptr;
+        dername = &caNames->names[n];
+
+        rv = DER_Lengths(dername, &headerlen, &contentlen);
+
+        if (rv != SECSuccess) {
+            goto loser;
+        }
+
+        if (headerlen + contentlen != dername->len) {
+            // This must be from an enterprise 2.x server, which sent
+            // incorrectly formatted der without the outer wrapper of type and
+            // length. Fix it up by adding the top level header.
+            if (dername->len <= 127) {
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 2);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) dername->len;
+                (void) memcpy(&newitem.data[2], dername->data, dername->len);
+            } else if (dername->len <= 255) {
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 3);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) 0x81;
+                newitem.data[2] = (unsigned char) dername->len;
+                (void) memcpy(&newitem.data[3], dername->data, dername->len);
+            } else {
+                // greater than 256, better be less than 64k
+                newitem.data = (unsigned char*) PR_Malloc(dername->len + 4);
+                if (!newitem.data) {
+                    goto loser;
+                }
+                newitem.data[0] = (unsigned char) 0x30;
+                newitem.data[1] = (unsigned char) 0x82;
+                newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff);
+                newitem.data[3] = (unsigned char) (dername->len & 0xff);
+                memcpy(&newitem.data[4], dername->data, dername->len);
+            }
+            dername = &newitem;
+        }
+
+        namestring = CERT_DerNameToAscii(dername);
+        if (!namestring) {
+            // XXX - keep going until we fail to convert the name
+            caNameStrings[n] = const_cast<char*>("");
+        } else {
+            caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring);
+            PR_Free(namestring);
+            if (!caNameStrings[n]) {
+                goto loser;
+            }
+        }
+
+        if (newitem.data) {
+            PR_Free(newitem.data);
+        }
+    }
+
+    return SECSuccess;
+loser:
+    if (newitem.data) {
+        PR_Free(newitem.data);
+    }
+    return SECFailure;
+}
+
+// Possible behaviors for choosing a cert for client auth.
+enum class UserCertChoice {
+  // Ask the user to choose a cert.
+  Ask = 0,
+  // Automatically choose a cert.
+  Auto = 1,
+};
+
+// Returns the most appropriate user cert choice based on the value of the
+// security.default_personal_cert preference.
+UserCertChoice
+nsGetUserCertChoice()
+{
+  nsAutoCString value;
+  nsresult rv = Preferences::GetCString("security.default_personal_cert", &value);
+  if (NS_FAILED(rv)) {
+    return UserCertChoice::Ask;
+  }
+
+  // There are three cases for what the preference could be set to:
+  //   1. "Select Automatically" -> Auto.
+  //   2. "Ask Every Time" -> Ask.
+  //   3. Something else -> Ask. This might be a nickname from a migrated cert,
+  //      but we no longer support this case.
+  return value.EqualsLiteral("Select Automatically") ? UserCertChoice::Auto
+                                                     : UserCertChoice::Ask;
+}
+
+static bool
+hasExplicitKeyUsageNonRepudiation(CERTCertificate* cert)
+{
+  // There is no extension, v1 or v2 certificate
+  if (!cert->extensions)
+    return false;
+
+  SECStatus srv;
+  SECItem keyUsageItem;
+  keyUsageItem.data = nullptr;
+
+  srv = CERT_FindKeyUsageExtension(cert, &keyUsageItem);
+  if (srv == SECFailure)
+    return false;
+
+  unsigned char keyUsage = keyUsageItem.data[0];
+  PORT_Free (keyUsageItem.data);
+
+  return !!(keyUsage & KU_NON_REPUDIATION);
+}
+
+class ClientAuthDataRunnable : public SyncRunnableBase
+{
+public:
+  ClientAuthDataRunnable(CERTDistNames* caNames,
+                         CERTCertificate** pRetCert,
+                         SECKEYPrivateKey** pRetKey,
+                         nsNSSSocketInfo* info,
+                         const UniqueCERTCertificate& serverCert)
+    : mRV(SECFailure)
+    , mErrorCodeToReport(SEC_ERROR_NO_MEMORY)
+    , mPRetCert(pRetCert)
+    , mPRetKey(pRetKey)
+    , mCANames(caNames)
+    , mSocketInfo(info)
+    , mServerCert(serverCert.get())
+  {
+  }
+
+  SECStatus mRV;                        // out
+  PRErrorCode mErrorCodeToReport;       // out
+  CERTCertificate** const mPRetCert;    // in/out
+  SECKEYPrivateKey** const mPRetKey;    // in/out
+protected:
+  virtual void RunOnTargetThread();
+private:
+  CERTDistNames* const mCANames;        // in
+  nsNSSSocketInfo* const mSocketInfo;   // in
+  CERTCertificate* const mServerCert;   // in
+};
+
+// This callback function is used to pull client certificate
+// information upon server request
+//
+// - arg: SSL data connection
+// - socket: SSL socket we're dealing with
+// - caNames: list of CA names
+// - pRetCert: returns a pointer to a pointer to a valid certificate if
+//             successful; otherwise nullptr
+// - pRetKey: returns a pointer to a pointer to the corresponding key if
+//            successful; otherwise nullptr
+SECStatus
+nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
+                           CERTDistNames* caNames, CERTCertificate** pRetCert,
+                           SECKEYPrivateKey** pRetKey)
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (!socket || !caNames || !pRetCert || !pRetKey) {
+    PR_SetError(PR_INVALID_ARGUMENT_ERROR, 0);
+    return SECFailure;
+  }
+
+  RefPtr<nsNSSSocketInfo> info(
+    BitwiseCast<nsNSSSocketInfo*, PRFilePrivate*>(socket->higher->secret));
+
+  UniqueCERTCertificate serverCert(SSL_PeerCertificate(socket));
+  if (!serverCert) {
+    NS_NOTREACHED("Missing server certificate should have been detected during "
+                  "server cert authentication.");
+    PR_SetError(SSL_ERROR_NO_CERTIFICATE, 0);
+    return SECFailure;
+  }
+
+  if (info->GetJoined()) {
+    // We refuse to send a client certificate when there are multiple hostnames
+    // joined on this connection, because we only show the user one hostname
+    // (mHostName) in the client certificate UI.
+
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] Not returning client cert due to previous join\n", socket));
+    *pRetCert = nullptr;
+    *pRetKey = nullptr;
+    return SECSuccess;
+  }
+
+  // XXX: This should be done asynchronously; see bug 696976
+  RefPtr<ClientAuthDataRunnable> runnable(
+    new ClientAuthDataRunnable(caNames, pRetCert, pRetKey, info, serverCert));
+  nsresult rv = runnable->DispatchToMainThreadAndWait();
+  if (NS_FAILED(rv)) {
+    PR_SetError(SEC_ERROR_NO_MEMORY, 0);
+    return SECFailure;
+  }
+
+  if (runnable->mRV != SECSuccess) {
+    PR_SetError(runnable->mErrorCodeToReport, 0);
+  } else if (*runnable->mPRetCert || *runnable->mPRetKey) {
+    // Make joinConnection prohibit joining after we've sent a client cert
+    info->SetSentClientCert();
+  }
+
+  return runnable->mRV;
+}
+
+void
+ClientAuthDataRunnable::RunOnTargetThread()
+{
+  // We check the value of a pref in this runnable, so this runnable should only
+  // be run on the main thread.
+  MOZ_ASSERT(NS_IsMainThread());
+
+  UniquePLArenaPool arena;
+  char** caNameStrings;
+  UniqueCERTCertificate cert;
+  UniqueSECKEYPrivateKey privKey;
+  void* wincx = mSocketInfo;
+  nsresult rv;
+
+  nsCOMPtr<nsIX509Cert> socketClientCert;
+  mSocketInfo->GetClientCert(getter_AddRefs(socketClientCert));
+
+  // If a client cert preference was set on the socket info, use that and skip
+  // the client cert UI and/or search of the user's past cert decisions.
+  if (socketClientCert) {
+    cert.reset(socketClientCert->GetCert());
+    if (!cert) {
+      goto loser;
+    }
+
+    // Get the private key
+    privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    if (!privKey) {
+      goto loser;
+    }
+
+    *mPRetCert = cert.release();
+    *mPRetKey = privKey.release();
+    mRV = SECSuccess;
+    return;
+  }
+
+  // create caNameStrings
+  arena.reset(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    goto loser;
+  }
+
+  caNameStrings = static_cast<char**>(
+    PORT_ArenaAlloc(arena.get(), sizeof(char*) * mCANames->nnames));
+  if (!caNameStrings) {
+    goto loser;
+  }
+
+  mRV = nsConvertCANamesToStrings(arena, caNameStrings, mCANames);
+  if (mRV != SECSuccess) {
+    goto loser;
+  }
+
+  // find valid user cert and key pair
+  if (nsGetUserCertChoice() == UserCertChoice::Auto) {
+    // automatically find the right cert
+
+    // find all user certs that are valid and for SSL
+    UniqueCERTCertList certList(
+      CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
+                                false, true, wincx));
+    if (!certList) {
+      goto loser;
+    }
+
+    // filter the list to those issued by CAs supported by the server
+    mRV = CERT_FilterCertListByCANames(certList.get(), mCANames->nnames,
+                                       caNameStrings, certUsageSSLClient);
+    if (mRV != SECSuccess) {
+      goto loser;
+    }
+
+    // make sure the list is not empty
+    if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+      goto loser;
+    }
+
+    UniqueCERTCertificate lowPrioNonrepCert;
+
+    // loop through the list until we find a cert with a key
+    for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+         !CERT_LIST_END(node, certList);
+         node = CERT_LIST_NEXT(node)) {
+      // if the certificate has restriction and we do not satisfy it we do not
+      // use it
+      privKey.reset(PK11_FindKeyByAnyCert(node->cert, wincx));
+      if (privKey) {
+        if (hasExplicitKeyUsageNonRepudiation(node->cert)) {
+          privKey = nullptr;
+          // Not a preferred cert
+          if (!lowPrioNonrepCert) { // did not yet find a low prio cert
+            lowPrioNonrepCert.reset(CERT_DupCertificate(node->cert));
+          }
+        } else {
+          // this is a good cert to present
+          cert.reset(CERT_DupCertificate(node->cert));
+          break;
+        }
+      }
+      if (PR_GetError() == SEC_ERROR_BAD_PASSWORD) {
+        // problem with password: bail
+        goto loser;
+      }
+    }
+
+    if (!cert && lowPrioNonrepCert) {
+      cert = Move(lowPrioNonrepCert);
+      privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    }
+
+    if (!cert) {
+      goto loser;
+    }
+  } else { // Not Auto => ask
+    // Get the SSL Certificate
+
+    nsXPIDLCString hostname;
+    mSocketInfo->GetHostName(getter_Copies(hostname));
+
+    RefPtr<nsClientAuthRememberService> cars =
+      mSocketInfo->SharedState().GetClientAuthRememberService();
+
+    bool hasRemembered = false;
+    nsCString rememberedDBKey;
+    if (cars) {
+      bool found;
+      rv = cars->HasRememberedDecision(hostname,
+                                       mSocketInfo->GetOriginAttributes(),
+                                       mServerCert, rememberedDBKey, &found);
+      if (NS_SUCCEEDED(rv) && found) {
+        hasRemembered = true;
+      }
+    }
+
+    if (hasRemembered && !rememberedDBKey.IsEmpty()) {
+      nsCOMPtr<nsIX509CertDB> certdb = do_GetService(NS_X509CERTDB_CONTRACTID);
+      if (certdb) {
+        nsCOMPtr<nsIX509Cert> foundCert;
+        rv = certdb->FindCertByDBKey(rememberedDBKey.get(),
+                                     getter_AddRefs(foundCert));
+        if (NS_SUCCEEDED(rv) && foundCert) {
+          nsNSSCertificate* objCert =
+            BitwiseCast<nsNSSCertificate*, nsIX509Cert*>(foundCert.get());
+          if (objCert) {
+            cert.reset(objCert->GetCert());
+          }
+        }
+
+        if (!cert) {
+          hasRemembered = false;
+        }
+      }
+    }
+
+    if (!hasRemembered) {
+      // user selects a cert to present
+      nsCOMPtr<nsIClientAuthDialogs> dialogs;
+
+      // find all user certs that are for SSL
+      // note that we are allowing expired certs in this list
+      UniqueCERTCertList certList(
+        CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(), certUsageSSLClient,
+                                  false, false, wincx));
+      if (!certList) {
+        goto loser;
+      }
+
+      if (mCANames->nnames != 0) {
+        // filter the list to those issued by CAs supported by the server
+        mRV = CERT_FilterCertListByCANames(certList.get(),
+                                           mCANames->nnames,
+                                           caNameStrings,
+                                           certUsageSSLClient);
+        if (mRV != SECSuccess) {
+          goto loser;
+        }
+      }
+
+      if (CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+        // list is empty - no matching certs
+        goto loser;
+      }
+
+      int32_t port;
+      mSocketInfo->GetPort(&port);
+
+      UniquePORTString corg(CERT_GetOrgName(&mServerCert->subject));
+      nsAutoCString org(corg.get());
+
+      UniquePORTString cissuer(CERT_GetOrgName(&mServerCert->issuer));
+      nsAutoCString issuer(cissuer.get());
+
+      nsCOMPtr<nsIMutableArray> certArray = nsArrayBase::Create();
+      if (!certArray) {
+        goto loser;
+      }
+
+      for (CERTCertListNode* node = CERT_LIST_HEAD(certList);
+           !CERT_LIST_END(node, certList);
+           node = CERT_LIST_NEXT(node)) {
+        nsCOMPtr<nsIX509Cert> tempCert = nsNSSCertificate::Create(node->cert);
+        if (!tempCert) {
+          goto loser;
+        }
+
+        rv = certArray->AppendElement(tempCert, false);
+        if (NS_FAILED(rv)) {
+          goto loser;
+        }
+      }
+
+      // Throw up the client auth dialog and get back the index of the selected cert
+      rv = getNSSDialogs(getter_AddRefs(dialogs),
+                         NS_GET_IID(nsIClientAuthDialogs),
+                         NS_CLIENTAUTHDIALOGS_CONTRACTID);
+
+      if (NS_FAILED(rv)) {
+        goto loser;
+      }
+
+      uint32_t selectedIndex = 0;
+      bool certChosen = false;
+      rv = dialogs->ChooseCertificate(mSocketInfo, hostname, port, org, issuer,
+                                      certArray, &selectedIndex, &certChosen);
+      if (NS_FAILED(rv)) {
+        goto loser;
+      }
+
+      // even if the user has canceled, we want to remember that, to avoid repeating prompts
+      bool wantRemember = false;
+      mSocketInfo->GetRememberClientAuthCertificate(&wantRemember);
+
+      if (certChosen) {
+        nsCOMPtr<nsIX509Cert> selectedCert = do_QueryElementAt(certArray,
+                                                               selectedIndex);
+        if (!selectedCert) {
+          goto loser;
+        }
+        cert.reset(selectedCert->GetCert());
+      }
+
+      if (cars && wantRemember) {
+        cars->RememberDecision(hostname, mSocketInfo->GetOriginAttributes(),
+                               mServerCert, certChosen ? cert.get() : nullptr);
+      }
+    }
+
+    if (!cert) {
+      goto loser;
+    }
+
+    // go get the private key
+    privKey.reset(PK11_FindKeyByAnyCert(cert.get(), wincx));
+    if (!privKey) {
+      goto loser;
+    }
+  }
+  goto done;
+
+loser:
+  if (mRV == SECSuccess) {
+    mRV = SECFailure;
+  }
+done:
+  int error = PR_GetError();
+
+  *mPRetCert = cert.release();
+  *mPRetKey = privKey.release();
+
+  if (mRV == SECFailure) {
+    mErrorCodeToReport = error;
+  }
+}
+
+static PRFileDesc*
+nsSSLIOLayerImportFD(PRFileDesc* fd,
+                     nsNSSSocketInfo* infoObject,
+                     const char* host)
+{
+  nsNSSShutDownPreventionLock locker;
+  PRFileDesc* sslSock = SSL_ImportFD(nullptr, fd);
+  if (!sslSock) {
+    NS_ASSERTION(false, "NSS: Error importing socket");
+    return nullptr;
+  }
+  SSL_SetPKCS11PinArg(sslSock, (nsIInterfaceRequestor*) infoObject);
+  SSL_HandshakeCallback(sslSock, HandshakeCallback, infoObject);
+  SSL_SetCanFalseStartCallback(sslSock, CanFalseStartCallback, infoObject);
+
+  // Disable this hook if we connect anonymously. See bug 466080.
+  uint32_t flags = 0;
+  infoObject->GetProviderFlags(&flags);
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) {
+      SSL_GetClientAuthDataHook(sslSock, nullptr, infoObject);
+  } else {
+      SSL_GetClientAuthDataHook(sslSock,
+                            (SSLGetClientAuthData) nsNSS_SSLGetClientAuthData,
+                            infoObject);
+  }
+  if (flags & nsISocketProvider::MITM_OK) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsSSLIOLayerImportFD: bypass authentication flag\n", fd));
+    infoObject->SetBypassAuthentication(true);
+  }
+  if (SECSuccess != SSL_AuthCertificateHook(sslSock, AuthCertificateHook,
+                                            infoObject)) {
+    NS_NOTREACHED("failed to configure AuthCertificateHook");
+    goto loser;
+  }
+
+  if (SECSuccess != SSL_SetURL(sslSock, host)) {
+    NS_NOTREACHED("SSL_SetURL failed");
+    goto loser;
+  }
+
+  return sslSock;
+loser:
+  if (sslSock) {
+    PR_Close(sslSock);
+  }
+  return nullptr;
+}
+
+static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
+  ssl_sig_ecdsa_secp256r1_sha256,
+  ssl_sig_ecdsa_secp384r1_sha384,
+  ssl_sig_ecdsa_secp521r1_sha512,
+  ssl_sig_rsa_pss_sha256,
+  ssl_sig_rsa_pss_sha384,
+  ssl_sig_rsa_pss_sha512,
+  ssl_sig_rsa_pkcs1_sha256,
+  ssl_sig_rsa_pkcs1_sha384,
+  ssl_sig_rsa_pkcs1_sha512,
+  ssl_sig_ecdsa_sha1,
+  ssl_sig_rsa_pkcs1_sha1,
+};
+
+static nsresult
+nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
+                       bool haveProxy, const char* host, int32_t port,
+                       nsNSSSocketInfo* infoObject)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (forSTARTTLS || haveProxy) {
+    if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  SSLVersionRange range;
+  if (SSL_VersionRangeGet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if ((infoObject->GetProviderFlags() & nsISocketProvider::BE_CONSERVATIVE) &&
+      (range.max > SSL_LIBRARY_VERSION_TLS_1_2)) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+            ("[%p] nsSSLIOLayerSetOptions: range.max limited to 1.2 due to BE_CONSERVATIVE flag\n",
+             fd));
+    range.max = SSL_LIBRARY_VERSION_TLS_1_2;
+  }
+
+  uint16_t maxEnabledVersion = range.max;
+  StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown;
+  infoObject->SharedState().IOLayerHelpers()
+    .adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(),
+                             range, strongCiphersStatus);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+         ("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)%s\n",
+          fd, static_cast<unsigned int>(range.min),
+              static_cast<unsigned int>(range.max),
+          strongCiphersStatus == StrongCiphersFailed ? " with weak ciphers" : ""));
+
+  if (SSL_VersionRangeSet(fd, &range) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  infoObject->SetTLSVersionRange(range);
+
+  if (strongCiphersStatus == StrongCiphersFailed) {
+    nsNSSComponent::UseWeakCiphersOnSocket(fd);
+  }
+
+  // when adjustForTLSIntolerance tweaks the maximum version downward,
+  // we tell the server using this SCSV so they can detect a downgrade attack
+  if (range.max < maxEnabledVersion) {
+    MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+           ("[%p] nsSSLIOLayerSetOptions: enabling TLS_FALLBACK_SCSV\n", fd));
+    // Some servers will choke if we send the fallback SCSV with TLS 1.2.
+    if (range.max < SSL_LIBRARY_VERSION_TLS_1_2) {
+      if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, true)) {
+        return NS_ERROR_FAILURE;
+      }
+    }
+    // tell NSS the max enabled version to make anti-downgrade effective
+    if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  // Include a modest set of named groups.
+  const SSLNamedGroup namedGroups[] = {
+    ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+    ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
+  };
+  if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
+                                         mozilla::ArrayLength(namedGroups))) {
+    return NS_ERROR_FAILURE;
+  }
+  // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
+  // that servers are less likely to use HelloRetryRequest.
+  if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECSuccess != SSL_SignatureSchemePrefSet(fd, sEnabledSignatureSchemes,
+                      mozilla::ArrayLength(sEnabledSignatureSchemes))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled();
+  if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+      sctsEnabled)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Set the Peer ID so that SSL proxy connections work properly and to
+  // separate anonymous and/or private browsing connections.
+  uint32_t flags = infoObject->GetProviderFlags();
+  nsAutoCString peerId;
+  if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
+    peerId.AppendLiteral("anon:");
+  }
+  if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
+    peerId.AppendLiteral("private:");
+  }
+  if (flags & nsISocketProvider::MITM_OK) {
+    peerId.AppendLiteral("bypassAuth:");
+  }
+  if (flags & nsISocketProvider::BE_CONSERVATIVE) {
+    peerId.AppendLiteral("beConservative:");
+  }
+  peerId.Append(host);
+  peerId.Append(':');
+  peerId.AppendInt(port);
+  nsAutoCString suffix;
+  infoObject->GetOriginAttributes().CreateSuffix(suffix);
+  peerId.Append(suffix);
+  if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsSSLIOLayerAddToSocket(int32_t family,
+                        const char* host,
+                        int32_t port,
+                        nsIProxyInfo* proxy,
+                        const NeckoOriginAttributes& originAttributes,
+                        PRFileDesc* fd,
+                        nsISupports** info,
+                        bool forSTARTTLS,
+                        uint32_t providerFlags)
+{
+  nsNSSShutDownPreventionLock locker;
+  PRFileDesc* layer = nullptr;
+  PRFileDesc* plaintextLayer = nullptr;
+  nsresult rv;
+  PRStatus stat;
+
+  SharedSSLState* sharedState =
+    providerFlags & nsISocketProvider::NO_PERMANENT_STORAGE ? PrivateSSLState() : PublicSSLState();
+  nsNSSSocketInfo* infoObject = new nsNSSSocketInfo(*sharedState, providerFlags);
+  if (!infoObject) return NS_ERROR_FAILURE;
+
+  NS_ADDREF(infoObject);
+  infoObject->SetForSTARTTLS(forSTARTTLS);
+  infoObject->SetHostName(host);
+  infoObject->SetPort(port);
+  infoObject->SetOriginAttributes(originAttributes);
+
+  bool haveProxy = false;
+  if (proxy) {
+    nsCString proxyHost;
+    proxy->GetHost(proxyHost);
+    haveProxy = !proxyHost.IsEmpty();
+  }
+
+  // A plaintext observer shim is inserted so we can observe some protocol
+  // details without modifying nss
+  plaintextLayer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity,
+                                        &nsSSLIOLayerHelpers::nsSSLPlaintextLayerMethods);
+  if (plaintextLayer) {
+    plaintextLayer->secret = (PRFilePrivate*) infoObject;
+    stat = PR_PushIOLayer(fd, PR_TOP_IO_LAYER, plaintextLayer);
+    if (stat == PR_FAILURE) {
+      plaintextLayer->dtor(plaintextLayer);
+      plaintextLayer = nullptr;
+    }
+  }
+
+  PRFileDesc* sslSock = nsSSLIOLayerImportFD(fd, infoObject, host);
+  if (!sslSock) {
+    NS_ASSERTION(false, "NSS: Error importing socket");
+    goto loser;
+  }
+
+  infoObject->SetFileDescPtr(sslSock);
+
+  rv = nsSSLIOLayerSetOptions(sslSock, forSTARTTLS, haveProxy, host, port,
+                              infoObject);
+
+  if (NS_FAILED(rv))
+    goto loser;
+
+  // Now, layer ourselves on top of the SSL socket...
+  layer = PR_CreateIOLayerStub(nsSSLIOLayerHelpers::nsSSLIOLayerIdentity,
+                               &nsSSLIOLayerHelpers::nsSSLIOLayerMethods);
+  if (!layer)
+    goto loser;
+
+  layer->secret = (PRFilePrivate*) infoObject;
+  stat = PR_PushIOLayer(sslSock, PR_GetLayersIdentity(sslSock), layer);
+
+  if (stat == PR_FAILURE) {
+    goto loser;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("[%p] Socket set up\n", (void*) sslSock));
+  infoObject->QueryInterface(NS_GET_IID(nsISupports), (void**) (info));
+
+  // We are going use a clear connection first //
+  if (forSTARTTLS || haveProxy) {
+    infoObject->SetHandshakeNotPending();
+  }
+
+  infoObject->SharedState().NoteSocketCreated();
+
+  return NS_OK;
+ loser:
+  NS_IF_RELEASE(infoObject);
+  if (layer) {
+    layer->dtor(layer);
+  }
+  if (plaintextLayer) {
+    PR_PopIOLayer(fd, nsSSLIOLayerHelpers::nsSSLPlaintextLayerIdentity);
+    plaintextLayer->dtor(plaintextLayer);
+  }
+  return NS_ERROR_FAILURE;
+}
diff --git a/security/manager/ssl/nsNSSIOLayer.h b/security/manager/ssl/nsNSSIOLayer.h
new file mode 100644
index 000000000..b0b6281a8
--- /dev/null
+++ b/security/manager/ssl/nsNSSIOLayer.h
@@ -0,0 +1,263 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSIOLayer_h
+#define nsNSSIOLayer_h
+
+#include "TransportSecurityInfo.h"
+#include "mozilla/TimeStamp.h"
+#include "nsCOMPtr.h"
+#include "nsDataHashtable.h"
+#include "nsIClientAuthDialogs.h"
+#include "nsIProxyInfo.h"
+#include "nsISSLSocketControl.h"
+#include "nsNSSCertificate.h"
+#include "nsTHashtable.h"
+#include "sslt.h"
+
+namespace mozilla {
+class NeckoOriginAttributes;
+namespace psm {
+class SharedSSLState;
+} // namespace psm
+} // namespace mozilla
+
+using mozilla::NeckoOriginAttributes;
+
+class nsIObserver;
+
+class nsNSSSocketInfo final : public mozilla::psm::TransportSecurityInfo,
+                              public nsISSLSocketControl,
+                              public nsIClientAuthUserDecision
+{
+public:
+  nsNSSSocketInfo(mozilla::psm::SharedSSLState& aState, uint32_t providerFlags);
+
+  NS_DECL_ISUPPORTS_INHERITED
+  NS_DECL_NSISSLSOCKETCONTROL
+  NS_DECL_NSICLIENTAUTHUSERDECISION
+
+  void SetForSTARTTLS(bool aForSTARTTLS);
+  bool GetForSTARTTLS();
+
+  nsresult GetFileDescPtr(PRFileDesc** aFilePtr);
+  nsresult SetFileDescPtr(PRFileDesc* aFilePtr);
+
+  bool IsHandshakePending() const { return mHandshakePending; }
+  void SetHandshakeNotPending() { mHandshakePending = false; }
+
+  void SetTLSVersionRange(SSLVersionRange range) { mTLSVersionRange = range; }
+  SSLVersionRange GetTLSVersionRange() const { return mTLSVersionRange; };
+
+  PRStatus CloseSocketAndDestroy(
+                const nsNSSShutDownPreventionLock& proofOfLock);
+
+  void SetNegotiatedNPN(const char* value, uint32_t length);
+  void SetEarlyDataAccepted(bool aAccepted);
+
+  void SetHandshakeCompleted();
+  void NoteTimeUntilReady();
+
+
+  void SetFalseStartCallbackCalled() { mFalseStartCallbackCalled = true; }
+  void SetFalseStarted() { mFalseStarted = true; }
+
+  // Note that this is only valid *during* a handshake; at the end of the handshake,
+  // it gets reset back to false.
+  void SetFullHandshake() { mIsFullHandshake = true; }
+  bool IsFullHandshake() const { return mIsFullHandshake; }
+
+  bool GetJoined() { return mJoined; }
+  void SetSentClientCert() { mSentClientCert = true; }
+
+  uint32_t GetProviderFlags() const { return mProviderFlags; }
+
+  mozilla::psm::SharedSSLState& SharedState();
+
+  // XXX: These are only used on for diagnostic purposes
+  enum CertVerificationState {
+    before_cert_verification,
+    waiting_for_cert_verification,
+    after_cert_verification
+  };
+  void SetCertVerificationWaiting();
+  // Use errorCode == 0 to indicate success; in that case, errorMessageType is
+  // ignored.
+  void SetCertVerificationResult(PRErrorCode errorCode,
+              ::mozilla::psm::SSLErrorMessageType errorMessageType);
+
+  // for logging only
+  PRBool IsWaitingForCertVerification() const
+  {
+    return mCertVerificationState == waiting_for_cert_verification;
+  }
+  void AddPlaintextBytesRead(uint64_t val) { mPlaintextBytesRead += val; }
+
+  bool IsPreliminaryHandshakeDone() const { return mPreliminaryHandshakeDone; }
+  void SetPreliminaryHandshakeDone() { mPreliminaryHandshakeDone = true; }
+
+  void SetKEAUsed(uint16_t kea) { mKEAUsed = kea; }
+
+  void SetKEAKeyBits(uint32_t keaBits) { mKEAKeyBits = keaBits; }
+
+  void SetBypassAuthentication(bool val)
+  {
+    if (!mHandshakeCompleted) {
+      mBypassAuthentication = val;
+    }
+  }
+
+  void SetSSLVersionUsed(int16_t version)
+  {
+    mSSLVersionUsed = version;
+  }
+
+  void SetMACAlgorithmUsed(int16_t mac) { mMACAlgorithmUsed = mac; }
+
+protected:
+  virtual ~nsNSSSocketInfo();
+
+private:
+  PRFileDesc* mFd;
+
+  CertVerificationState mCertVerificationState;
+
+  mozilla::psm::SharedSSLState& mSharedState;
+  bool mForSTARTTLS;
+  SSLVersionRange mTLSVersionRange;
+  bool mHandshakePending;
+  bool mRememberClientAuthCertificate;
+  bool mPreliminaryHandshakeDone; // after false start items are complete
+
+  nsresult ActivateSSL();
+
+  nsCString mNegotiatedNPN;
+  bool      mNPNCompleted;
+  bool      mEarlyDataAccepted;
+  bool      mFalseStartCallbackCalled;
+  bool      mFalseStarted;
+  bool      mIsFullHandshake;
+  bool      mHandshakeCompleted;
+  bool      mJoined;
+  bool      mSentClientCert;
+  bool      mNotedTimeUntilReady;
+  bool      mFailedVerification;
+
+  // mKEA* are used in false start and http/2 detetermination
+  // Values are from nsISSLSocketControl
+  int16_t mKEAUsed;
+  uint32_t mKEAKeyBits;
+  int16_t mSSLVersionUsed;
+  int16_t mMACAlgorithmUsed;
+  bool    mBypassAuthentication;
+
+  uint32_t mProviderFlags;
+  mozilla::TimeStamp mSocketCreationTimestamp;
+  uint64_t mPlaintextBytesRead;
+
+  nsCOMPtr<nsIX509Cert> mClientCert;
+};
+
+enum StrongCipherStatus {
+  StrongCipherStatusUnknown,
+  StrongCiphersWorked,
+  StrongCiphersFailed
+};
+
+class nsSSLIOLayerHelpers
+{
+public:
+  nsSSLIOLayerHelpers();
+  ~nsSSLIOLayerHelpers();
+
+  nsresult Init();
+  void Cleanup();
+
+  static bool nsSSLIOLayerInitialized;
+  static PRDescIdentity nsSSLIOLayerIdentity;
+  static PRDescIdentity nsSSLPlaintextLayerIdentity;
+  static PRIOMethods nsSSLIOLayerMethods;
+  static PRIOMethods nsSSLPlaintextLayerMethods;
+
+  bool mTreatUnsafeNegotiationAsBroken;
+
+  void setTreatUnsafeNegotiationAsBroken(bool broken);
+  bool treatUnsafeNegotiationAsBroken();
+
+private:
+  struct IntoleranceEntry
+  {
+    uint16_t tolerant;
+    uint16_t intolerant;
+    PRErrorCode intoleranceReason;
+    StrongCipherStatus strongCipherStatus;
+
+    void AssertInvariant() const
+    {
+      MOZ_ASSERT(intolerant == 0 || tolerant < intolerant);
+    }
+  };
+  nsDataHashtable<nsCStringHashKey, IntoleranceEntry> mTLSIntoleranceInfo;
+  // Sites that require insecure fallback to TLS 1.0, set by the pref
+  // security.tls.insecure_fallback_hosts, which is a comma-delimited
+  // list of domain names.
+  nsTHashtable<nsCStringHashKey> mInsecureFallbackSites;
+public:
+  void rememberTolerantAtVersion(const nsACString& hostname, int16_t port,
+                                 uint16_t tolerant);
+  bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant);
+  bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
+                                   uint16_t intolerant, uint16_t minVersion,
+                                   PRErrorCode intoleranceReason);
+  bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
+                                   PRErrorCode intoleranceReason);
+  void forgetIntolerance(const nsACString& hostname, int16_t port);
+  void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
+                               /*in/out*/ SSLVersionRange& range,
+                               /*out*/ StrongCipherStatus& strongCipherStatus);
+  PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
+
+  void clearStoredData();
+  void loadVersionFallbackLimit();
+  void setInsecureFallbackSites(const nsCString& str);
+  void initInsecureFallbackSites();
+  bool isPublic() const;
+  void addInsecureFallbackSite(const nsCString& hostname, bool temporary);
+  void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port);
+  bool isInsecureFallbackSite(const nsACString& hostname);
+
+  bool mFalseStartRequireNPN;
+  bool mUnrestrictedRC4Fallback;
+  uint16_t mVersionFallbackLimit;
+private:
+  mozilla::Mutex mutex;
+  nsCOMPtr<nsIObserver> mPrefObserver;
+};
+
+nsresult nsSSLIOLayerNewSocket(int32_t family,
+                               const char* host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes& originAttributes,
+                               PRFileDesc** fd,
+                               nsISupports** securityInfo,
+                               bool forSTARTTLS,
+                               uint32_t flags);
+
+nsresult nsSSLIOLayerAddToSocket(int32_t family,
+                                 const char* host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes& originAttributes,
+                                 PRFileDesc* fd,
+                                 nsISupports** securityInfo,
+                                 bool forSTARTTLS,
+                                 uint32_t flags);
+
+nsresult nsSSLIOLayerFreeTLSIntolerantSites();
+nsresult displayUnknownCertErrorAlert(nsNSSSocketInfo* infoObject, int error);
+
+#endif // nsNSSIOLayer_h
diff --git a/security/manager/ssl/nsNSSModule.cpp b/security/manager/ssl/nsNSSModule.cpp
new file mode 100644
index 000000000..e43d7d23d
--- /dev/null
+++ b/security/manager/ssl/nsNSSModule.cpp
@@ -0,0 +1,348 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertBlocklist.h"
+#include "ContentSignatureVerifier.h"
+#include "NSSErrorsService.h"
+#include "PSMContentListener.h"
+#include "SecretDecoderRing.h"
+#include "TransportSecurityInfo.h"
+#include "WeakCryptoOverride.h"
+#include "mozilla/ModuleUtils.h"
+#include "nsCURILoader.h"
+#include "nsCertOverrideService.h"
+#include "nsCrypto.h"
+#include "nsCryptoHash.h"
+#include "nsDOMCID.h" // For the NS_CRYPTO_CONTRACTID define
+#include "nsDataSignatureVerifier.h"
+#include "nsICategoryManager.h"
+#include "nsKeyModule.h"
+#include "nsKeygenHandler.h"
+#include "nsNSSCertificate.h"
+#include "nsNSSCertificateDB.h"
+#include "nsNSSCertificateFakeTransport.h"
+#include "nsNSSComponent.h"
+#include "nsNSSU2FToken.h"
+#include "nsNSSVersion.h"
+#include "nsNTLMAuthModule.h"
+#include "nsNetCID.h"
+#include "nsPK11TokenDB.h"
+#include "nsPKCS11Slot.h"
+#include "nsRandomGenerator.h"
+#include "nsSSLSocketProvider.h"
+#include "nsSSLStatus.h"
+#include "nsSecureBrowserUIImpl.h"
+#include "nsSiteSecurityService.h"
+#include "nsTLSSocketProvider.h"
+#include "nsXULAppAPI.h"
+
+#ifdef MOZ_XUL
+#include "nsCertTree.h"
+#endif
+
+#define NS_IS_PROCESS_DEFAULT                                                 \
+    (GeckoProcessType_Default == XRE_GetProcessType())
+
+#define NS_NSS_INSTANTIATE(ensureOperator, _InstanceClass)                    \
+    PR_BEGIN_MACRO                                                            \
+        _InstanceClass * inst;                                                \
+        inst = new _InstanceClass();                                          \
+        NS_ADDREF(inst);                                                      \
+        rv = inst->QueryInterface(aIID, aResult);                             \
+        NS_RELEASE(inst);                                                     \
+    PR_END_MACRO
+
+#define NS_NSS_INSTANTIATE_INIT(ensureOperator, _InstanceClass, _InitMethod)  \
+    PR_BEGIN_MACRO                                                            \
+        _InstanceClass * inst;                                                \
+        inst = new _InstanceClass();                                          \
+        NS_ADDREF(inst);                                                      \
+        rv = inst->_InitMethod();                                             \
+        if(NS_SUCCEEDED(rv)) {                                                \
+            rv = inst->QueryInterface(aIID, aResult);                         \
+        }                                                                     \
+        NS_RELEASE(inst);                                                     \
+   PR_END_MACRO
+
+
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(ensureOperator,                    \
+                                           _InstanceClass)                    \
+   NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator,               \
+                                                _InstanceClass,               \
+                                                _InstanceClass)
+
+// These two macros are ripped off from nsIGenericFactory.h and slightly
+// modified.
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(ensureOperator,          \
+                                                     _InstanceClassChrome,    \
+                                                     _InstanceClassContent)   \
+static nsresult                                                               \
+_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
+                                  void **aResult)                             \
+{                                                                             \
+    nsresult rv;                                                              \
+                                                                              \
+    *aResult = nullptr;                                                          \
+    if (nullptr != aOuter) {                                                     \
+        rv = NS_ERROR_NO_AGGREGATION;                                         \
+        return rv;                                                            \
+    }                                                                         \
+                                                                              \
+    if (!NS_IS_PROCESS_DEFAULT &&                                             \
+        ensureOperator == nssEnsureChromeOrContent) {                         \
+        if (!EnsureNSSInitializedChromeOrContent()) {                         \
+            return NS_ERROR_FAILURE;                                          \
+        }                                                                     \
+    } else if (!EnsureNSSInitialized(ensureOperator)) {                       \
+        return NS_ERROR_FAILURE;                                              \
+    }                                                                         \
+                                                                              \
+    if (NS_IS_PROCESS_DEFAULT)                                                \
+        NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassChrome);             \
+    else                                                                      \
+        NS_NSS_INSTANTIATE(ensureOperator, _InstanceClassContent);            \
+                                                                              \
+    if (ensureOperator == nssLoadingComponent)                                \
+    {                                                                         \
+        if (NS_SUCCEEDED(rv))                                                 \
+            EnsureNSSInitialized(nssInitSucceeded);                           \
+        else                                                                  \
+            EnsureNSSInitialized(nssInitFailed);                              \
+    }                                                                         \
+                                                                              \
+    return rv;                                                                \
+}
+
+ 
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(ensureOperator,               \
+                                                _InstanceClass,               \
+                                                _InitMethod)                  \
+    NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator,         \
+                                                      _InstanceClass,         \
+                                                      _InstanceClass,         \
+                                                      _InitMethod)
+
+#define NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT_BYPROCESS(ensureOperator,     \
+                                                _InstanceClassChrome,         \
+                                                _InstanceClassContent,        \
+                                                _InitMethod)                  \
+static nsresult                                                               \
+_InstanceClassChrome##Constructor(nsISupports *aOuter, REFNSIID aIID,         \
+                                  void **aResult)                             \
+{                                                                             \
+    nsresult rv;                                                              \
+                                                                              \
+    *aResult = nullptr;                                                       \
+    if (nullptr != aOuter) {                                                  \
+        rv = NS_ERROR_NO_AGGREGATION;                                         \
+        return rv;                                                            \
+    }                                                                         \
+                                                                              \
+    if (!NS_IS_PROCESS_DEFAULT &&                                             \
+        ensureOperator == nssEnsureChromeOrContent) {                         \
+        if (!EnsureNSSInitializedChromeOrContent()) {                         \
+            return NS_ERROR_FAILURE;                                          \
+        }                                                                     \
+    } else if (!EnsureNSSInitialized(ensureOperator)) {                       \
+        return NS_ERROR_FAILURE;                                              \
+    }                                                                         \
+                                                                              \
+    if (NS_IS_PROCESS_DEFAULT)                                                \
+        NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
+                                _InstanceClassChrome,                         \
+                                _InitMethod);                                 \
+    else                                                                      \
+        NS_NSS_INSTANTIATE_INIT(ensureOperator,                               \
+                                _InstanceClassContent,                        \
+                                _InitMethod);                                 \
+                                                                              \
+    if (ensureOperator == nssLoadingComponent)                                \
+    {                                                                         \
+        if (NS_SUCCEEDED(rv))                                                 \
+            EnsureNSSInitialized(nssInitSucceeded);                           \
+        else                                                                  \
+            EnsureNSSInitialized(nssInitFailed);                              \
+    }                                                                         \
+                                                                              \
+    return rv;                                                                \
+}
+
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssLoadingComponent, nsNSSComponent,
+                                        Init)
+
+using namespace mozilla::psm;
+
+namespace {
+
+// Use the special factory constructor for everything this module implements,
+// because all code could potentially require the NSS library.
+// Our factory constructor takes an additional boolean parameter.
+// Only for the nsNSSComponent, set this to true.
+// All other classes must have this set to false.
+
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsSSLSocketProvider)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsTLSSocketProvider)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, SecretDecoderRing)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPK11TokenDB)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPKCS11ModuleDB)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(PSMContentListener, init)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
+                                             nsNSSCertificate,
+                                             nsNSSCertificateFakeTransport)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNSSCertificateDB)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_BYPROCESS(nssEnsureOnChromeOnly,
+                                             nsNSSCertList,
+                                             nsNSSCertListFakeTransport)
+#ifdef MOZ_XUL
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsCertTree)
+#endif
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsPkcs11)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNTLMAuthModule, InitTest)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHash)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsCryptoHMAC)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObject)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsKeyObjectFactory)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, ContentSignatureVerifier)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureChromeOrContent, nsRandomGenerator)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsNSSU2FToken, Init)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus)
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, TransportSecurityInfo)
+
+typedef mozilla::psm::NSSErrorsService NSSErrorsService;
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(NSSErrorsService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsNSSVersion)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
+NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride)
+
+NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID);
+NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID);
+NS_DEFINE_NAMED_CID(NS_STARTTLSSOCKETPROVIDER_CID);
+NS_DEFINE_NAMED_CID(NS_SECRETDECODERRING_CID);
+NS_DEFINE_NAMED_CID(NS_PK11TOKENDB_CID);
+NS_DEFINE_NAMED_CID(NS_PKCS11MODULEDB_CID);
+NS_DEFINE_NAMED_CID(NS_PSMCONTENTLISTEN_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERT_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERTDB_CID);
+NS_DEFINE_NAMED_CID(NS_X509CERTLIST_CID);
+NS_DEFINE_NAMED_CID(NS_FORMPROCESSOR_CID);
+#ifdef MOZ_XUL
+NS_DEFINE_NAMED_CID(NS_CERTTREE_CID);
+#endif
+NS_DEFINE_NAMED_CID(NS_PKCS11_CID);
+NS_DEFINE_NAMED_CID(NS_CRYPTO_HASH_CID);
+NS_DEFINE_NAMED_CID(NS_CRYPTO_HMAC_CID);
+NS_DEFINE_NAMED_CID(NS_NTLMAUTHMODULE_CID);
+NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECT_CID);
+NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID);
+NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID);
+NS_DEFINE_NAMED_CID(NS_CONTENTSIGNATUREVERIFIER_CID);
+NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID);
+NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID);
+NS_DEFINE_NAMED_CID(NS_NSSU2FTOKEN_CID);
+NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID);
+NS_DEFINE_NAMED_CID(TRANSPORTSECURITYINFO_CID);
+NS_DEFINE_NAMED_CID(NS_NSSERRORSSERVICE_CID);
+NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
+NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
+NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
+NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
+NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID);
+
+static const mozilla::Module::CIDEntry kNSSCIDs[] = {
+  { &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
+  { &kNS_SSLSOCKETPROVIDER_CID, false, nullptr, nsSSLSocketProviderConstructor },
+  { &kNS_STARTTLSSOCKETPROVIDER_CID, false, nullptr, nsTLSSocketProviderConstructor },
+  { &kNS_SECRETDECODERRING_CID, false, nullptr, SecretDecoderRingConstructor },
+  { &kNS_PK11TOKENDB_CID, false, nullptr, nsPK11TokenDBConstructor },
+  { &kNS_PKCS11MODULEDB_CID, false, nullptr, nsPKCS11ModuleDBConstructor },
+  { &kNS_PSMCONTENTLISTEN_CID, false, nullptr, PSMContentListenerConstructor },
+  { &kNS_X509CERT_CID, false, nullptr, nsNSSCertificateConstructor },
+  { &kNS_X509CERTDB_CID, false, nullptr, nsNSSCertificateDBConstructor },
+  { &kNS_X509CERTLIST_CID, false, nullptr, nsNSSCertListConstructor },
+  { &kNS_FORMPROCESSOR_CID, false, nullptr, nsKeygenFormProcessor::Create },
+#ifdef MOZ_XUL
+  { &kNS_CERTTREE_CID, false, nullptr, nsCertTreeConstructor },
+#endif
+  { &kNS_PKCS11_CID, false, nullptr, nsPkcs11Constructor },
+  { &kNS_CRYPTO_HASH_CID, false, nullptr, nsCryptoHashConstructor },
+  { &kNS_CRYPTO_HMAC_CID, false, nullptr, nsCryptoHMACConstructor },
+  { &kNS_NTLMAUTHMODULE_CID, false, nullptr, nsNTLMAuthModuleConstructor },
+  { &kNS_KEYMODULEOBJECT_CID, false, nullptr, nsKeyObjectConstructor },
+  { &kNS_KEYMODULEOBJECTFACTORY_CID, false, nullptr, nsKeyObjectFactoryConstructor },
+  { &kNS_DATASIGNATUREVERIFIER_CID, false, nullptr, nsDataSignatureVerifierConstructor },
+  { &kNS_CONTENTSIGNATUREVERIFIER_CID, false, nullptr, ContentSignatureVerifierConstructor },
+  { &kNS_CERTOVERRIDE_CID, false, nullptr, nsCertOverrideServiceConstructor },
+  { &kNS_RANDOMGENERATOR_CID, false, nullptr, nsRandomGeneratorConstructor },
+  { &kNS_NSSU2FTOKEN_CID, false, nullptr, nsNSSU2FTokenConstructor },
+  { &kNS_SSLSTATUS_CID, false, nullptr, nsSSLStatusConstructor },
+  { &kTRANSPORTSECURITYINFO_CID, false, nullptr, TransportSecurityInfoConstructor },
+  { &kNS_NSSERRORSSERVICE_CID, false, nullptr, NSSErrorsServiceConstructor },
+  { &kNS_NSSVERSION_CID, false, nullptr, nsNSSVersionConstructor },
+  { &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
+  { &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
+  { &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
+  { &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor },
+  { nullptr }
+};
+
+static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
+  { PSM_COMPONENT_CONTRACTID, &kNS_NSSCOMPONENT_CID },
+  { NS_NSS_ERRORS_SERVICE_CONTRACTID, &kNS_NSSERRORSSERVICE_CID },
+  { NS_NSSVERSION_CONTRACTID, &kNS_NSSVERSION_CID },
+  { NS_SSLSOCKETPROVIDER_CONTRACTID, &kNS_SSLSOCKETPROVIDER_CID },
+  { NS_STARTTLSSOCKETPROVIDER_CONTRACTID, &kNS_STARTTLSSOCKETPROVIDER_CID },
+  { NS_SECRETDECODERRING_CONTRACTID, &kNS_SECRETDECODERRING_CID },
+  { NS_PK11TOKENDB_CONTRACTID, &kNS_PK11TOKENDB_CID },
+  { NS_PKCS11MODULEDB_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
+  { NS_PSMCONTENTLISTEN_CONTRACTID, &kNS_PSMCONTENTLISTEN_CID },
+  { NS_X509CERTDB_CONTRACTID, &kNS_X509CERTDB_CID },
+  { NS_X509CERTLIST_CONTRACTID, &kNS_X509CERTLIST_CID },
+  { NS_FORMPROCESSOR_CONTRACTID, &kNS_FORMPROCESSOR_CID },
+#ifdef MOZ_XUL
+  { NS_CERTTREE_CONTRACTID, &kNS_CERTTREE_CID },
+#endif
+  { NS_PKCS11_CONTRACTID, &kNS_PKCS11_CID },
+  { NS_CRYPTO_HASH_CONTRACTID, &kNS_CRYPTO_HASH_CID },
+  { NS_CRYPTO_HMAC_CONTRACTID, &kNS_CRYPTO_HMAC_CID },
+  { "@mozilla.org/uriloader/psm-external-content-listener;1", &kNS_PSMCONTENTLISTEN_CID },
+  { NS_CRYPTO_FIPSINFO_SERVICE_CONTRACTID, &kNS_PKCS11MODULEDB_CID },
+  { NS_NTLMAUTHMODULE_CONTRACTID, &kNS_NTLMAUTHMODULE_CID },
+  { NS_KEYMODULEOBJECT_CONTRACTID, &kNS_KEYMODULEOBJECT_CID },
+  { NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &kNS_KEYMODULEOBJECTFACTORY_CID },
+  { NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID },
+  { NS_CONTENTSIGNATUREVERIFIER_CONTRACTID, &kNS_CONTENTSIGNATUREVERIFIER_CID },
+  { NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID },
+  { NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID },
+  { NS_NSSU2FTOKEN_CONTRACTID, &kNS_NSSU2FTOKEN_CID },
+  { NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
+  { NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
+  { NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
+  { NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID },
+  { nullptr }
+};
+
+static const mozilla::Module::CategoryEntry kNSSCategories[] = {
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-ca-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-server-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-user-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { NS_CONTENT_LISTENER_CATEGORYMANAGER_ENTRY, "application/x-x509-email-cert", "@mozilla.org/uriloader/psm-external-content-listener;1" },
+  { nullptr }
+};
+
+static const mozilla::Module kNSSModule = {
+  mozilla::Module::kVersion,
+  kNSSCIDs,
+  kNSSContracts,
+  kNSSCategories
+};
+
+} // unnamed namespace
+
+NSMODULE_DEFN(NSS) = &kNSSModule;
diff --git a/security/manager/ssl/nsNSSShutDown.cpp b/security/manager/ssl/nsNSSShutDown.cpp
new file mode 100644
index 000000000..cffebac1e
--- /dev/null
+++ b/security/manager/ssl/nsNSSShutDown.cpp
@@ -0,0 +1,288 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSShutDown.h"
+
+#include "mozilla/Casting.h"
+#include "nsCOMPtr.h"
+
+using namespace mozilla;
+
+extern LazyLogModule gPIPNSSLog;
+
+struct ObjectHashEntry : PLDHashEntryHdr {
+  nsNSSShutDownObject *obj;
+};
+
+static bool
+ObjectSetMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const ObjectHashEntry *entry = static_cast<const ObjectHashEntry*>(hdr);
+  return entry->obj == static_cast<const nsNSSShutDownObject*>(key);
+}
+
+static void
+ObjectSetInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  ObjectHashEntry *entry = static_cast<ObjectHashEntry*>(hdr);
+  entry->obj = const_cast<nsNSSShutDownObject*>(static_cast<const nsNSSShutDownObject*>(key));
+}
+
+static const PLDHashTableOps gSetOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  ObjectSetMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  PLDHashTable::ClearEntryStub,
+  ObjectSetInitEntry
+};
+
+StaticMutex sListLock;
+Atomic<bool> sInShutdown(false);
+nsNSSShutDownList *singleton = nullptr;
+
+nsNSSShutDownList::nsNSSShutDownList()
+  : mObjects(&gSetOps, sizeof(ObjectHashEntry))
+  , mPK11LogoutCancelObjects(&gSetOps, sizeof(ObjectHashEntry))
+{
+}
+
+nsNSSShutDownList::~nsNSSShutDownList()
+{
+  PR_ASSERT(this == singleton);
+  singleton = nullptr;
+}
+
+void nsNSSShutDownList::remember(nsNSSShutDownObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!nsNSSShutDownList::construct(lock)) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mObjects.Add(o, fallible);
+}
+
+void nsNSSShutDownList::forget(nsNSSShutDownObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mObjects.Remove(o);
+}
+
+void nsNSSShutDownList::remember(nsOnPK11LogoutCancelObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!nsNSSShutDownList::construct(lock)) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mPK11LogoutCancelObjects.Add(o, fallible);
+}
+
+void nsNSSShutDownList::forget(nsOnPK11LogoutCancelObject *o)
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return;
+  }
+
+  PR_ASSERT(o);
+  singleton->mPK11LogoutCancelObjects.Remove(o);
+}
+
+nsresult nsNSSShutDownList::doPK11Logout()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (!singleton) {
+    return NS_OK;
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+          ("canceling all open SSL sockets to disallow future IO\n"));
+
+  // During our iteration we will set a bunch of PRBools to true.
+  // Nobody else ever modifies that bool, only we do.
+  // We only must ensure that our objects do not go away.
+  // This is guaranteed by holding the list lock.
+
+  for (auto iter = singleton->mPK11LogoutCancelObjects.Iter();
+       !iter.Done();
+       iter.Next()) {
+    auto entry = static_cast<ObjectHashEntry*>(iter.Get());
+    nsOnPK11LogoutCancelObject* pklco =
+      BitwiseCast<nsOnPK11LogoutCancelObject*, nsNSSShutDownObject*>(entry->obj);
+    if (pklco) {
+      pklco->logout();
+    }
+  }
+
+  return NS_OK;
+}
+
+nsresult nsNSSShutDownList::evaporateAllNSSResources()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  if (!NS_IsMainThread()) {
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  StaticMutexAutoLock lock(sListLock);
+  // Other threads can acquire an nsNSSShutDownPreventionLock and cause this
+  // thread to block when it calls restructActivityToCurrentThread, below. If
+  // those other threads then attempt to create an object that must be
+  // remembered by the shut down list, they will call
+  // nsNSSShutDownList::remember, which attempts to acquire sListLock.
+  // Consequently, holding sListLock while we're in
+  // restrictActivityToCurrentThread would result in deadlock. sListLock
+  // protects the singleton, so if we enforce that the singleton only be created
+  // and destroyed on the main thread, and if we similarly enforce that this
+  // function is only called on the main thread, what we can do is check that
+  // the singleton hasn't already gone away and then we don't actually have to
+  // hold sListLock while calling restrictActivityToCurrentThread.
+  if (!singleton) {
+    return NS_OK;
+  }
+
+  {
+    StaticMutexAutoUnlock unlock(sListLock);
+    PRStatus rv = singleton->mActivityState.restrictActivityToCurrentThread();
+    if (rv != PR_SUCCESS) {
+      MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
+              ("failed to restrict activity to current thread"));
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("now evaporating NSS resources"));
+
+  // Never free more than one entry, because other threads might be calling
+  // us and remove themselves while we are iterating over the list,
+  // and the behaviour of changing the list while iterating is undefined.
+  while (singleton) {
+    auto iter = singleton->mObjects.Iter();
+    if (iter.Done()) {
+      break;
+    }
+    auto entry = static_cast<ObjectHashEntry*>(iter.Get());
+    {
+      StaticMutexAutoUnlock unlock(sListLock);
+      entry->obj->shutdown(nsNSSShutDownObject::ShutdownCalledFrom::List);
+    }
+    iter.Remove();
+  }
+
+  if (!singleton) {
+    return NS_ERROR_FAILURE;
+  }
+
+  singleton->mActivityState.releaseCurrentThreadActivityRestriction();
+  return NS_OK;
+}
+
+void nsNSSShutDownList::enterActivityState()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (nsNSSShutDownList::construct(lock)) {
+    singleton->mActivityState.enter();
+  }
+}
+
+void nsNSSShutDownList::leaveActivityState()
+{
+  StaticMutexAutoLock lock(sListLock);
+  if (singleton) {
+    singleton->mActivityState.leave();
+  }
+}
+
+bool nsNSSShutDownList::construct(const StaticMutexAutoLock& /*proofOfLock*/)
+{
+  if (!singleton && !sInShutdown && XRE_IsParentProcess()) {
+    singleton = new nsNSSShutDownList();
+  }
+
+  return !!singleton;
+}
+
+void nsNSSShutDownList::shutdown()
+{
+  MOZ_RELEASE_ASSERT(NS_IsMainThread());
+  StaticMutexAutoLock lock(sListLock);
+  sInShutdown = true;
+
+  if (singleton) {
+    delete singleton;
+  }
+}
+
+nsNSSActivityState::nsNSSActivityState()
+:mNSSActivityStateLock("nsNSSActivityState.mNSSActivityStateLock"), 
+ mNSSActivityChanged(mNSSActivityStateLock,
+                     "nsNSSActivityState.mNSSActivityStateLock"),
+ mNSSActivityCounter(0),
+ mNSSRestrictedThread(nullptr)
+{
+}
+
+nsNSSActivityState::~nsNSSActivityState()
+{
+}
+
+void nsNSSActivityState::enter()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  while (mNSSRestrictedThread && mNSSRestrictedThread != PR_GetCurrentThread()) {
+    mNSSActivityChanged.Wait();
+  }
+
+  ++mNSSActivityCounter;
+}
+
+void nsNSSActivityState::leave()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  --mNSSActivityCounter;
+
+  mNSSActivityChanged.NotifyAll();
+}
+
+PRStatus nsNSSActivityState::restrictActivityToCurrentThread()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  while (mNSSActivityCounter > 0) {
+    mNSSActivityChanged.Wait(PR_TicksPerSecond());
+  }
+
+  mNSSRestrictedThread = PR_GetCurrentThread();
+
+  return PR_SUCCESS;
+}
+
+void nsNSSActivityState::releaseCurrentThreadActivityRestriction()
+{
+  MutexAutoLock lock(mNSSActivityStateLock);
+
+  mNSSRestrictedThread = nullptr;
+
+  mNSSActivityChanged.NotifyAll();
+}
+
+nsNSSShutDownPreventionLock::nsNSSShutDownPreventionLock()
+{
+  nsNSSShutDownList::enterActivityState();
+}
+
+nsNSSShutDownPreventionLock::~nsNSSShutDownPreventionLock()
+{
+  nsNSSShutDownList::leaveActivityState();
+}
diff --git a/security/manager/ssl/nsNSSShutDown.h b/security/manager/ssl/nsNSSShutDown.h
new file mode 100644
index 000000000..00d017239
--- /dev/null
+++ b/security/manager/ssl/nsNSSShutDown.h
@@ -0,0 +1,271 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSShutDown_h
+#define nsNSSShutDown_h
+
+#include "PLDHashTable.h"
+#include "mozilla/Assertions.h"
+#include "mozilla/CondVar.h"
+#include "mozilla/Mutex.h"
+#include "mozilla/StaticMutex.h"
+#include "nscore.h"
+#include "nspr.h"
+
+class nsNSSShutDownObject;
+class nsOnPK11LogoutCancelObject;
+
+// Singleton, owned by nsNSSShutDownList
+class nsNSSActivityState
+{
+public:
+  nsNSSActivityState();
+  ~nsNSSActivityState();
+
+  // Call enter/leave when PSM enters a scope during which
+  // shutting down NSS is prohibited.
+  void enter();
+  void leave();
+  // Wait for all activity to stop, and block any other thread on entering
+  // relevant PSM code.
+  PRStatus restrictActivityToCurrentThread();
+
+  // Go back to normal state.
+  void releaseCurrentThreadActivityRestriction();
+
+private:
+  // The lock protecting all our member variables.
+  mozilla::Mutex mNSSActivityStateLock;
+
+  // The activity variable, bound to our lock,
+  // used either to signal the activity counter reaches zero,
+  // or a thread restriction has been released.
+  mozilla::CondVar mNSSActivityChanged;
+
+  // The number of active scopes holding resources.
+  int mNSSActivityCounter;
+
+  // nullptr means "no restriction"
+  // if not null, activity is only allowed on that thread
+  PRThread* mNSSRestrictedThread;
+};
+
+// Helper class that automatically enters/leaves the global activity state
+class nsNSSShutDownPreventionLock
+{
+public:
+  nsNSSShutDownPreventionLock();
+  ~nsNSSShutDownPreventionLock();
+};
+
+// Singleton, used by nsNSSComponent to track the list of PSM objects,
+// which hold NSS resources and support the "early cleanup mechanism".
+class nsNSSShutDownList
+{
+public:
+  static void shutdown();
+
+  // track instances that support early cleanup
+  static void remember(nsNSSShutDownObject *o);
+  static void forget(nsNSSShutDownObject *o);
+
+  // track instances that would like notification when
+  // a PK11 logout operation is performed.
+  static void remember(nsOnPK11LogoutCancelObject *o);
+  static void forget(nsOnPK11LogoutCancelObject *o);
+
+  // Do the "early cleanup", if possible.
+  static nsresult evaporateAllNSSResources();
+
+  // PSM has been asked to log out of a token.
+  // Notify all registered instances that want to react to that event.
+  static nsresult doPK11Logout();
+
+  // Signal entering/leaving a scope where shutting down NSS is prohibited.
+  static void enterActivityState();
+  static void leaveActivityState();
+
+private:
+  static bool construct(const mozilla::StaticMutexAutoLock& /*proofOfLock*/);
+
+  nsNSSShutDownList();
+  ~nsNSSShutDownList();
+
+protected:
+  PLDHashTable mObjects;
+  PLDHashTable mPK11LogoutCancelObjects;
+  nsNSSActivityState mActivityState;
+};
+
+/*
+  A class deriving from nsNSSShutDownObject will have its instances
+  automatically tracked in a list. However, it must follow some rules
+  to assure correct behaviour.
+
+  The tricky part is that it is not possible to call virtual
+  functions from a destructor.
+
+  The deriving class must override virtualDestroyNSSReference().
+  Within this function, it should clean up all resources held to NSS.
+  The function will be called by the global list, if it is time to
+  shut down NSS before all references have been freed.
+
+  The same code that goes into virtualDestroyNSSReference must
+  also be called from the destructor of the deriving class,
+  which is the standard cleanup (not called from the tracking list).
+
+  Because of that duplication, it is suggested to implement a
+  function destructorSafeDestroyNSSReference() in the deriving
+  class, and make the implementation of virtualDestroyNSSReference()
+  call destructorSafeDestroyNSSReference().
+
+  The destructor of the derived class must prevent NSS shutdown on
+  another thread by acquiring an nsNSSShutDownPreventionLock. It must
+  then check to see if NSS has already been shut down by calling
+  isAlreadyShutDown(). If NSS has not been shut down, the destructor
+  must then call destructorSafeDestroyNSSReference() and then
+  shutdown(ShutdownCalledFrom::Object). The second call will deregister with
+  the tracking list, to ensure no additional attempt to free the resources
+  will be made.
+
+  ----------------------------------------------------------------------------
+  IMPORTANT NOTE REGARDING CLASSES THAT IMPLEMENT nsNSSShutDownObject BUT DO
+  NOT DIRECTLY HOLD NSS RESOURCES:
+  ----------------------------------------------------------------------------
+  Currently, classes that do not hold NSS resources but do call NSS functions
+  inherit from nsNSSShutDownObject (and use the lock/isAlreadyShutDown
+  mechanism) as a way of ensuring it is safe to call those functions. Because
+  these classes do not hold any resources, however, it is tempting to skip the
+  destructor component of this interface. This MUST NOT be done, because
+  if an object of such a class is destructed before the nsNSSShutDownList
+  processes all of its entries, this essentially causes a use-after-free when
+  nsNSSShutDownList reaches the entry that has been destroyed. The safe way to
+  do this is to implement the destructor as usual but omit the call to
+  destructorSafeDestroyNSSReference() as it is unnecessary and probably isn't
+  defined for that class.
+
+  destructorSafeDestroyNSSReference() does not need to acquire an
+  nsNSSShutDownPreventionLock or check isAlreadyShutDown() as long as it
+  is only called by the destructor that has already acquired the lock and
+  checked for shutdown or by the NSS shutdown code itself (which acquires
+  the same lock and checks if objects it cleans up have already cleaned
+  up themselves).
+
+  destructorSafeDestroyNSSReference() MUST NOT cause any other
+  nsNSSShutDownObject to be deconstructed. Doing so can cause
+  unsupported concurrent operations on the hash table in the
+  nsNSSShutDownList.
+
+  class derivedClass : public nsISomeInterface,
+                       public nsNSSShutDownObject
+  {
+    virtual void virtualDestroyNSSReference()
+    {
+      destructorSafeDestroyNSSReference();
+    }
+
+    void destructorSafeDestroyNSSReference()
+    {
+      // clean up all NSS resources here
+    }
+
+    virtual ~derivedClass()
+    {
+      nsNSSShutDownPreventionLock locker;
+      if (isAlreadyShutDown()) {
+        return;
+      }
+      destructorSafeDestroyNSSReference();
+      shutdown(ShutdownCalledFrom::Object);
+    }
+
+    NS_IMETHODIMP doSomething()
+    {
+      if (isAlreadyShutDown())
+        return NS_ERROR_NOT_AVAILABLE;
+
+      // use the NSS resources and do something
+    }
+  };
+*/
+
+class nsNSSShutDownObject
+{
+public:
+  enum class ShutdownCalledFrom {
+    List,
+    Object,
+  };
+
+  nsNSSShutDownObject()
+  {
+    mAlreadyShutDown = false;
+    nsNSSShutDownList::remember(this);
+  }
+
+  virtual ~nsNSSShutDownObject()
+  {
+    // The derived class must call
+    //   shutdown(ShutdownCalledFrom::Object);
+    // in its destructor
+  }
+
+  void shutdown(ShutdownCalledFrom calledFrom)
+  {
+    if (!mAlreadyShutDown) {
+      switch (calledFrom) {
+        case ShutdownCalledFrom::Object:
+          nsNSSShutDownList::forget(this);
+          break;
+        case ShutdownCalledFrom::List:
+          virtualDestroyNSSReference();
+          break;
+        default:
+          MOZ_CRASH("shutdown() called from an unknown source");
+      }
+      mAlreadyShutDown = true;
+    }
+  }
+
+  bool isAlreadyShutDown() const { return mAlreadyShutDown; }
+
+protected:
+  virtual void virtualDestroyNSSReference() = 0;
+private:
+  volatile bool mAlreadyShutDown;
+};
+
+class nsOnPK11LogoutCancelObject
+{
+public:
+  nsOnPK11LogoutCancelObject()
+    : mIsLoggedOut(false)
+  {
+    nsNSSShutDownList::remember(this);
+  }
+
+  virtual ~nsOnPK11LogoutCancelObject()
+  {
+    nsNSSShutDownList::forget(this);
+  }
+
+  void logout()
+  {
+    // We do not care for a race condition.
+    // Once the bool arrived at false,
+    // later calls to isPK11LoggedOut() will see it.
+    // This is a one-time change from 0 to 1.
+    mIsLoggedOut = true;
+  }
+
+  bool isPK11LoggedOut()
+  {
+    return mIsLoggedOut;
+  }
+
+private:
+  volatile bool mIsLoggedOut;
+};
+
+#endif // nsNSSShutDown_h
diff --git a/security/manager/ssl/nsNSSU2FToken.cpp b/security/manager/ssl/nsNSSU2FToken.cpp
new file mode 100644
index 000000000..f8492df02
--- /dev/null
+++ b/security/manager/ssl/nsNSSU2FToken.cpp
@@ -0,0 +1,752 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSU2FToken.h"
+
+#include "CryptoBuffer.h"
+#include "mozilla/Casting.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+#include "WebCryptoCommon.h"
+
+using namespace mozilla;
+using mozilla::dom::CreateECParamsForCurve;
+
+NS_IMPL_ISUPPORTS(nsNSSU2FToken, nsIU2FToken, nsINSSU2FToken)
+
+// Not named "security.webauth.u2f_softtoken_counter" because setting that
+// name causes the window.u2f object to disappear until preferences get
+// reloaded, as its' pref is a substring!
+#define PREF_U2F_NSSTOKEN_COUNTER "security.webauth.softtoken_counter"
+
+const nsCString nsNSSU2FToken::mSecretNickname =
+  NS_LITERAL_CSTRING("U2F_NSSTOKEN");
+const nsString nsNSSU2FToken::mVersion =
+  NS_LITERAL_STRING("U2F_V2");
+NS_NAMED_LITERAL_CSTRING(kAttestCertSubjectName, "CN=Firefox U2F Soft Token");
+
+// This U2F-compatible soft token uses FIDO U2F-compatible ECDSA keypairs
+// on the SEC_OID_SECG_EC_SECP256R1 curve. When asked to Register, it will
+// generate and return a new keypair KP, where the private component is wrapped
+// using AES-KW with the 128-bit mWrappingKey to make an opaque "key handle".
+// In other words, Register yields { KP_pub, AES-KW(KP_priv, key=mWrappingKey) }
+//
+// The value mWrappingKey is long-lived; it is persisted as part of the NSS DB
+// for the current profile. The attestation certificates that are produced are
+// ephemeral to counteract profiling. They have little use for a soft-token
+// at any rate, but are required by the specification.
+
+const uint32_t kParamLen = 32;
+const uint32_t kPublicKeyLen = 65;
+const uint32_t kWrappedKeyBufLen = 256;
+const uint32_t kWrappingKeyByteLen = 128/8;
+NS_NAMED_LITERAL_STRING(kEcAlgorithm, WEBCRYPTO_NAMED_CURVE_P256);
+
+const PRTime kOneDay = PRTime(PR_USEC_PER_SEC)
+                     * PRTime(60)  // sec
+                     * PRTime(60)  // min
+                     * PRTime(24); // hours
+const PRTime kExpirationSlack = kOneDay; // Pre-date for clock skew
+const PRTime kExpirationLife = kOneDay;
+
+static mozilla::LazyLogModule gNSSTokenLog("webauth_u2f");
+
+nsNSSU2FToken::nsNSSU2FToken()
+  : mInitialized(false)
+{}
+
+nsNSSU2FToken::~nsNSSU2FToken()
+{
+  nsNSSShutDownPreventionLock locker;
+
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsNSSU2FToken::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsNSSU2FToken::destructorSafeDestroyNSSReference()
+{
+  mWrappingKey = nullptr;
+}
+
+/**
+ * Gets the first key with the given nickname from the given slot. Any other
+ * keys found are not returned.
+ * PK11_GetNextSymKey() should not be called on the returned key.
+ *
+ * @param aSlot Slot to search.
+ * @param aNickname Nickname the key should have.
+ * @return The first key found. nullptr if no key could be found.
+ */
+static UniquePK11SymKey
+GetSymKeyByNickname(const UniquePK11SlotInfo& aSlot,
+                    const nsCString& aNickname,
+                    const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return nullptr;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("Searching for a symmetric key named %s", aNickname.get()));
+
+  UniquePK11SymKey keyListHead(
+    PK11_ListFixedKeysInSlot(aSlot.get(), const_cast<char*>(aNickname.get()),
+                             /* wincx */ nullptr));
+  if (!keyListHead) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key not found."));
+    return nullptr;
+  }
+
+  // Sanity check PK11_ListFixedKeysInSlot() only returns keys with the correct
+  // nickname.
+  MOZ_ASSERT(aNickname ==
+               UniquePORTString(PK11_GetSymKeyNickname(keyListHead.get())).get());
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("Symmetric key found!"));
+
+  // Free any remaining keys in the key list.
+  UniquePK11SymKey freeKey(PK11_GetNextSymKey(keyListHead.get()));
+  while (freeKey) {
+    freeKey = UniquePK11SymKey(PK11_GetNextSymKey(freeKey.get()));
+  }
+
+  return keyListHead;
+}
+
+static nsresult
+GenEcKeypair(const UniquePK11SlotInfo& aSlot,
+     /*out*/ UniqueSECKEYPrivateKey& aPrivKey,
+     /*out*/ UniqueSECKEYPublicKey& aPubKey,
+             const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+  if (!arena) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Set the curve parameters; keyParams belongs to the arena memory space
+  SECItem* keyParams = CreateECParamsForCurve(kEcAlgorithm, arena.get());
+  if (!keyParams) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // Generate a key pair
+  CK_MECHANISM_TYPE mechanism = CKM_EC_KEY_PAIR_GEN;
+
+  SECKEYPublicKey* pubKeyRaw;
+  aPrivKey = UniqueSECKEYPrivateKey(
+    PK11_GenerateKeyPair(aSlot.get(), mechanism, keyParams, &pubKeyRaw,
+                         /* ephemeral */ false, false,
+                         /* wincx */ nullptr));
+  aPubKey = UniqueSECKEYPublicKey(pubKeyRaw);
+  pubKeyRaw = nullptr;
+  if (!aPrivKey.get() || !aPubKey.get()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Check that the public key has the correct length
+  if (aPubKey->u.ec.publicValue.len != kPublicKeyLen) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsNSSU2FToken::GetOrCreateWrappingKey(const UniquePK11SlotInfo& aSlot,
+                                      const nsNSSShutDownPreventionLock& locker)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  // Search for an existing wrapping key. If we find it,
+  // store it for later and mark ourselves initialized.
+  mWrappingKey = GetSymKeyByNickname(aSlot, mSecretNickname, locker);
+  if (mWrappingKey) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token Key found."));
+    mInitialized = true;
+    return NS_OK;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Info,
+          ("No keys found. Generating new U2F Soft Token wrapping key."));
+
+  // We did not find an existing wrapping key, so we generate one in the
+  // persistent database (e.g, Token).
+  mWrappingKey = UniquePK11SymKey(
+    PK11_TokenKeyGenWithFlags(aSlot.get(), CKM_AES_KEY_GEN,
+                              /* default params */ nullptr,
+                              kWrappingKeyByteLen,
+                              /* empty keyid */ nullptr,
+                              /* flags */ CKF_WRAP | CKF_UNWRAP,
+                              /* attributes */ PK11_ATTR_TOKEN |
+                                               PK11_ATTR_PRIVATE,
+                              /* wincx */ nullptr));
+
+  if (!mWrappingKey) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to store wrapping key, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  SECStatus srv = PK11_SetSymKeyNickname(mWrappingKey.get(),
+                                         mSecretNickname.get());
+  if (srv != SECSuccess) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to set nickname, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("Key stored, nickname set to %s.", mSecretNickname.get()));
+
+  Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, 0);
+  return NS_OK;
+}
+
+static nsresult
+GetAttestationCertificate(const UniquePK11SlotInfo& aSlot,
+                  /*out*/ UniqueSECKEYPrivateKey& aAttestPrivKey,
+                  /*out*/ UniqueCERTCertificate& aAttestCert,
+                          const nsNSSShutDownPreventionLock& locker)
+{
+  MOZ_ASSERT(aSlot);
+  if (!aSlot) {
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  UniqueSECKEYPublicKey pubKey;
+
+  // Construct an ephemeral keypair for this Attestation Certificate
+  nsresult rv = GenEcKeypair(aSlot, aAttestPrivKey, pubKey, locker);
+  if (NS_FAILED(rv) || !aAttestPrivKey || !pubKey) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen keypair, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Construct the Attestation Certificate itself
+  UniqueCERTName subjectName(CERT_AsciiToName(kAttestCertSubjectName.get()));
+  if (!subjectName) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to set subject name, NSS error #%d", PORT_GetError()));
+      return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTSubjectPublicKeyInfo spki(
+    SECKEY_CreateSubjectPublicKeyInfo(pubKey.get()));
+  if (!spki) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to set SPKI, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  UniqueCERTCertificateRequest certreq(
+    CERT_CreateCertificateRequest(subjectName.get(), spki.get(), nullptr));
+  if (!certreq) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen CSR, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  PRTime now = PR_Now();
+  PRTime notBefore = now - kExpirationSlack;
+  PRTime notAfter = now + kExpirationLife;
+
+  UniqueCERTValidity validity(CERT_CreateValidity(notBefore, notAfter));
+  if (!validity) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen validity, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  unsigned long serial;
+  unsigned char* serialBytes =
+    mozilla::BitwiseCast<unsigned char*, unsigned long*>(&serial);
+  SECStatus srv = PK11_GenerateRandomOnSlot(aSlot.get(), serialBytes,
+                                            sizeof(serial));
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen serial, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+  // Ensure that the most significant bit isn't set (which would
+  // indicate a negative number, which isn't valid for serial
+  // numbers).
+  serialBytes[0] &= 0x7f;
+  // Also ensure that the least significant bit on the most
+  // significant byte is set (to prevent a leading zero byte,
+  // which also wouldn't be valid).
+  serialBytes[0] |= 0x01;
+
+  aAttestCert = UniqueCERTCertificate(
+    CERT_CreateCertificate(serial, subjectName.get(), validity.get(),
+                           certreq.get()));
+  if (!aAttestCert) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Failed to gen certificate, NSS error #%d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  PLArenaPool* arena = aAttestCert->arena;
+
+  srv = SECOID_SetAlgorithmID(arena, &aAttestCert->signature,
+                              SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE,
+                              /* wincx */ nullptr);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Set version to X509v3.
+  *(aAttestCert->version.data) = SEC_CERTIFICATE_VERSION_3;
+  aAttestCert->version.len = 1;
+
+  SECItem innerDER = { siBuffer, nullptr, 0 };
+  if (!SEC_ASN1EncodeItem(arena, &innerDER, aAttestCert.get(),
+                          SEC_ASN1_GET(CERT_CertificateTemplate))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  SECItem* signedCert = PORT_ArenaZNew(arena, SECItem);
+  if (!signedCert) {
+    return NS_ERROR_FAILURE;
+  }
+
+  srv = SEC_DerSignData(arena, signedCert, innerDER.data, innerDER.len,
+                        aAttestPrivKey.get(),
+                        SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+  aAttestCert->derCert = *signedCert;
+
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+          ("U2F Soft Token attestation certificate generated."));
+  return NS_OK;
+}
+
+// Set up the context for the soft U2F Token. This is called by NSS
+// initialization.
+NS_IMETHODIMP
+nsNSSU2FToken::Init()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  MOZ_ASSERT(!mInitialized);
+  if (mInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  MOZ_ASSERT(slot.get());
+
+  // Search for an existing wrapping key, or create one.
+  nsresult rv = GetOrCreateWrappingKey(slot, locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+
+  mInitialized = true;
+  MOZ_LOG(gNSSTokenLog, LogLevel::Debug, ("U2F Soft Token initialized."));
+  return NS_OK;
+}
+
+// Convert a Private Key object into an opaque key handle, using AES Key Wrap
+// and aWrappingKey to convert aPrivKey.
+static UniqueSECItem
+KeyHandleFromPrivateKey(const UniquePK11SlotInfo& aSlot,
+                        const UniquePK11SymKey& aWrappingKey,
+                        const UniqueSECKEYPrivateKey& aPrivKey,
+                        const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  MOZ_ASSERT(aWrappingKey);
+  MOZ_ASSERT(aPrivKey);
+  if (!aSlot || !aWrappingKey || !aPrivKey) {
+    return nullptr;
+  }
+
+  UniqueSECItem wrappedKey(SECITEM_AllocItem(/* default arena */ nullptr,
+                                             /* no buffer */ nullptr,
+                                             kWrappedKeyBufLen));
+  if (!wrappedKey) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to allocate memory, NSS error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD,
+                                       /* default IV */ nullptr ));
+
+  SECStatus srv = PK11_WrapPrivKey(aSlot.get(), aWrappingKey.get(),
+                                   aPrivKey.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+                                   param.get(), wrappedKey.get(),
+                                   /* wincx */ nullptr);
+  if (srv != SECSuccess) {
+      MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+              ("Failed to wrap U2F key, NSS error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  return wrappedKey;
+}
+
+// Convert an opaque key handle aKeyHandle back into a Private Key object, using
+// aWrappingKey and the AES Key Wrap algorithm.
+static UniqueSECKEYPrivateKey
+PrivateKeyFromKeyHandle(const UniquePK11SlotInfo& aSlot,
+                        const UniquePK11SymKey& aWrappingKey,
+                        uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                        const nsNSSShutDownPreventionLock&)
+{
+  MOZ_ASSERT(aSlot);
+  MOZ_ASSERT(aWrappingKey);
+  MOZ_ASSERT(aKeyHandle);
+  if (!aSlot || !aWrappingKey || !aKeyHandle) {
+    return nullptr;
+  }
+
+  ScopedAutoSECItem pubKey(kPublicKeyLen);
+
+  ScopedAutoSECItem keyHandleItem(aKeyHandleLen);
+  memcpy(keyHandleItem.data, aKeyHandle, keyHandleItem.len);
+
+  UniqueSECItem param(PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP_PAD,
+                                       /* default IV */ nullptr ));
+
+  CK_ATTRIBUTE_TYPE usages[] = { CKA_SIGN };
+  int usageCount = 1;
+
+  UniqueSECKEYPrivateKey unwrappedKey(
+    PK11_UnwrapPrivKey(aSlot.get(), aWrappingKey.get(), CKM_NSS_AES_KEY_WRAP_PAD,
+                       param.get(), &keyHandleItem,
+                       /* no nickname */ nullptr,
+                       /* discard pubkey */ &pubKey,
+                       /* not permanent */ false,
+                       /* non-exportable */ true,
+                       CKK_EC, usages, usageCount,
+                       /* wincx */ nullptr));
+  if (!unwrappedKey) {
+    // Not our key.
+    MOZ_LOG(gNSSTokenLog, LogLevel::Debug,
+            ("Could not unwrap key handle, NSS Error #%d", PORT_GetError()));
+    return nullptr;
+  }
+
+  return unwrappedKey;
+}
+
+// Return whether the provided version is supported by this token.
+NS_IMETHODIMP
+nsNSSU2FToken::IsCompatibleVersion(const nsAString& aVersion, bool* aResult)
+{
+  NS_ENSURE_ARG_POINTER(aResult);
+  MOZ_ASSERT(mInitialized);
+  *aResult = (mVersion == aVersion);
+  return NS_OK;
+}
+
+// IsRegistered determines if the provided key handle is usable by this token.
+NS_IMETHODIMP
+nsNSSU2FToken::IsRegistered(uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                            bool* aResult)
+{
+  NS_ENSURE_ARG_POINTER(aKeyHandle);
+  NS_ENSURE_ARG_POINTER(aResult);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::IsRegistered called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_FAILURE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  // Decode the key handle
+  UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey,
+                                                           aKeyHandle,
+                                                           aKeyHandleLen,
+                                                           locker);
+  *aResult = (privKey.get() != nullptr);
+  return NS_OK;
+}
+
+// A U2F Register operation causes a new key pair to be generated by the token.
+// The token then returns the public key of the key pair, and a handle to the
+// private key, which is a fancy way of saying "key wrapped private key", as
+// well as the generated attestation certificate and a signature using that
+// certificate's private key.
+//
+// The KeyHandleFromPrivateKey and PrivateKeyFromKeyHandle methods perform
+// the actual key wrap/unwrap operations.
+//
+// The format of the return registration data is as follows:
+//
+// Bytes  Value
+// 1      0x05
+// 65     public key
+// 1      key handle length
+// *      key handle
+// ASN.1  attestation certificate
+// *      attestation signature
+//
+NS_IMETHODIMP
+nsNSSU2FToken::Register(uint8_t* aApplication,
+                        uint32_t aApplicationLen,
+                        uint8_t* aChallenge,
+                        uint32_t aChallengeLen,
+                        uint8_t** aRegistration,
+                        uint32_t* aRegistrationLen)
+{
+  NS_ENSURE_ARG_POINTER(aApplication);
+  NS_ENSURE_ARG_POINTER(aChallenge);
+  NS_ENSURE_ARG_POINTER(aRegistration);
+  NS_ENSURE_ARG_POINTER(aRegistrationLen);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::Register called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  // We should already have a wrapping key
+  MOZ_ASSERT(mWrappingKey);
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  // Construct a one-time-use Attestation Certificate
+  UniqueSECKEYPrivateKey attestPrivKey;
+  UniqueCERTCertificate attestCert;
+  nsresult rv = GetAttestationCertificate(slot, attestPrivKey, attestCert,
+                                          locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return NS_ERROR_FAILURE;
+  }
+  MOZ_ASSERT(attestCert);
+  MOZ_ASSERT(attestPrivKey);
+
+  // Generate a new keypair; the private will be wrapped into a Key Handle
+  UniqueSECKEYPrivateKey privKey;
+  UniqueSECKEYPublicKey pubKey;
+  rv = GenEcKeypair(slot, privKey, pubKey, locker);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // The key handle will be the result of keywrap(privKey, key=mWrappingKey)
+  UniqueSECItem keyHandleItem = KeyHandleFromPrivateKey(slot, mWrappingKey,
+                                                        privKey, locker);
+  if (!keyHandleItem.get()) {
+    return NS_ERROR_FAILURE;
+  }
+
+  // Sign the challenge using the Attestation privkey (from attestCert)
+  mozilla::dom::CryptoBuffer signedDataBuf;
+  if (!signedDataBuf.SetCapacity(1 + aApplicationLen + aChallengeLen +
+                                 keyHandleItem->len + kPublicKeyLen,
+                                 mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signedDataBuf.AppendElement(0x00, mozilla::fallible);
+  signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible);
+  signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible);
+  signedDataBuf.AppendSECItem(keyHandleItem.get());
+  signedDataBuf.AppendSECItem(pubKey->u.ec.publicValue);
+
+  ScopedAutoSECItem signatureItem;
+  SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(),
+                               signedDataBuf.Length(), attestPrivKey.get(),
+                               SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Signature failure: %d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Serialize the registration data
+  mozilla::dom::CryptoBuffer registrationBuf;
+  if (!registrationBuf.SetCapacity(1 + kPublicKeyLen + 1 + keyHandleItem->len +
+                                   attestCert.get()->derCert.len +
+                                   signatureItem.len, mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  registrationBuf.AppendElement(0x05, mozilla::fallible);
+  registrationBuf.AppendSECItem(pubKey->u.ec.publicValue);
+  registrationBuf.AppendElement(keyHandleItem->len, mozilla::fallible);
+  registrationBuf.AppendSECItem(keyHandleItem.get());
+  registrationBuf.AppendSECItem(attestCert.get()->derCert);
+  registrationBuf.AppendSECItem(signatureItem);
+  if (!registrationBuf.ToNewUnsignedBuffer(aRegistration, aRegistrationLen)) {
+    return NS_ERROR_FAILURE;
+  }
+
+  return NS_OK;
+}
+
+// A U2F Sign operation creates a signature over the "param" arguments (plus
+// some other stuff) using the private key indicated in the key handle argument.
+//
+// The format of the signed data is as follows:
+//
+//  32    Application parameter
+//  1     User presence (0x01)
+//  4     Counter
+//  32    Challenge parameter
+//
+// The format of the signature data is as follows:
+//
+//  1     User presence
+//  4     Counter
+//  *     Signature
+//
+NS_IMETHODIMP
+nsNSSU2FToken::Sign(uint8_t* aApplication, uint32_t aApplicationLen,
+                    uint8_t* aChallenge, uint32_t aChallengeLen,
+                    uint8_t* aKeyHandle, uint32_t aKeyHandleLen,
+                    uint8_t** aSignature, uint32_t* aSignatureLen)
+{
+  NS_ENSURE_ARG_POINTER(aApplication);
+  NS_ENSURE_ARG_POINTER(aChallenge);
+  NS_ENSURE_ARG_POINTER(aKeyHandle);
+  NS_ENSURE_ARG_POINTER(aKeyHandleLen);
+  NS_ENSURE_ARG_POINTER(aSignature);
+  NS_ENSURE_ARG_POINTER(aSignatureLen);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsNSSU2FToken::Sign called off the main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  MOZ_ASSERT(mInitialized);
+  if (!mInitialized) {
+    return NS_ERROR_NOT_INITIALIZED;
+  }
+
+  MOZ_ASSERT(mWrappingKey);
+
+  UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  MOZ_ASSERT(slot.get());
+
+  if ((aChallengeLen != kParamLen) || (aApplicationLen != kParamLen)) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Parameter lengths are wrong! challenge=%d app=%d expected=%d",
+            aChallengeLen, aApplicationLen, kParamLen));
+
+    return NS_ERROR_ILLEGAL_VALUE;
+  }
+
+  // Decode the key handle
+  UniqueSECKEYPrivateKey privKey = PrivateKeyFromKeyHandle(slot, mWrappingKey,
+                                                           aKeyHandle,
+                                                           aKeyHandleLen,
+                                                           locker);
+  if (!privKey.get()) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning, ("Couldn't get the priv key!"));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Increment the counter and turn it into a SECItem
+  uint32_t counter = Preferences::GetUint(PREF_U2F_NSSTOKEN_COUNTER) + 1;
+  Preferences::SetUint(PREF_U2F_NSSTOKEN_COUNTER, counter);
+  ScopedAutoSECItem counterItem(4);
+  counterItem.data[0] = (counter >> 24) & 0xFF;
+  counterItem.data[1] = (counter >> 16) & 0xFF;
+  counterItem.data[2] = (counter >>  8) & 0xFF;
+  counterItem.data[3] = (counter >>  0) & 0xFF;
+
+  // Compute the signature
+  mozilla::dom::CryptoBuffer signedDataBuf;
+  if (!signedDataBuf.SetCapacity(1 + 4 + (2 * kParamLen), mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signedDataBuf.AppendElements(aApplication, aApplicationLen, mozilla::fallible);
+  signedDataBuf.AppendElement(0x01, mozilla::fallible);
+  signedDataBuf.AppendSECItem(counterItem);
+  signedDataBuf.AppendElements(aChallenge, aChallengeLen, mozilla::fallible);
+
+  ScopedAutoSECItem signatureItem;
+  SECStatus srv = SEC_SignData(&signatureItem, signedDataBuf.Elements(),
+                               signedDataBuf.Length(), privKey.get(),
+                               SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE);
+  if (srv != SECSuccess) {
+    MOZ_LOG(gNSSTokenLog, LogLevel::Warning,
+            ("Signature failure: %d", PORT_GetError()));
+    return NS_ERROR_FAILURE;
+  }
+
+  // Assemble the signature data into a buffer for return
+  mozilla::dom::CryptoBuffer signatureBuf;
+  if (!signatureBuf.SetCapacity(1 + counterItem.len + signatureItem.len,
+                                mozilla::fallible)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  // It's OK to ignore the return values here because we're writing into
+  // pre-allocated space
+  signatureBuf.AppendElement(0x01, mozilla::fallible);
+  signatureBuf.AppendSECItem(counterItem);
+  signatureBuf.AppendSECItem(signatureItem);
+
+  if (!signatureBuf.ToNewUnsignedBuffer(aSignature, aSignatureLen)) {
+    return NS_ERROR_FAILURE;
+  }
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSU2FToken.h b/security/manager/ssl/nsNSSU2FToken.h
new file mode 100644
index 000000000..818e19a50
--- /dev/null
+++ b/security/manager/ssl/nsNSSU2FToken.h
@@ -0,0 +1,44 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNSSU2FToken_h
+#define nsNSSU2FToken_h
+
+#include "nsINSSU2FToken.h"
+
+#include "nsNSSShutDown.h"
+#include "ScopedNSSTypes.h"
+
+#define NS_NSSU2FTOKEN_CID \
+  {0x79f95a6c, 0xd0f7, 0x4d7d, {0xae, 0xaa, 0xcd, 0x0a, 0x04, 0xb6, 0x50, 0x89}}
+
+class nsNSSU2FToken : public nsINSSU2FToken,
+                      public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIU2FTOKEN
+  NS_DECL_NSINSSU2FTOKEN
+
+  nsNSSU2FToken();
+
+  // For nsNSSShutDownObject
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+
+private:
+  bool mInitialized;
+  mozilla::UniquePK11SymKey mWrappingKey;
+
+  static const nsCString mSecretNickname;
+  static const nsString mVersion;
+
+  ~nsNSSU2FToken();
+  nsresult GetOrCreateWrappingKey(const mozilla::UniquePK11SlotInfo& aSlot,
+                                  const nsNSSShutDownPreventionLock&);
+};
+
+#endif // nsNSSU2FToken_h
diff --git a/security/manager/ssl/nsNSSVersion.cpp b/security/manager/ssl/nsNSSVersion.cpp
new file mode 100644
index 000000000..854f7fb57
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.cpp
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSVersion.h"
+#include "nsString.h"
+#include "prinit.h"
+#include "nss.h"
+#include "nssutil.h"
+#include "ssl.h"
+#include "smime.h"
+
+NS_IMPL_ISUPPORTS(nsNSSVersion, nsINSSVersion)
+
+nsNSSVersion::nsNSSVersion()
+{
+}
+
+nsNSSVersion::~nsNSSVersion()
+{
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(PR_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSUTIL_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSSSL_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_Version(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSSMIME_GetVersion(), v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSPR_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(PR_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSS_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSUTIL_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSSUTIL_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSSL_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNSSVersion::GetNSSSMIME_MinVersion(nsAString & v)
+{
+    CopyUTF8toUTF16(NSS_VERSION, v);
+    return NS_OK;
+}
diff --git a/security/manager/ssl/nsNSSVersion.h b/security/manager/ssl/nsNSSVersion.h
new file mode 100644
index 000000000..277a552e0
--- /dev/null
+++ b/security/manager/ssl/nsNSSVersion.h
@@ -0,0 +1,27 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NS_NSSVERSION_H_
+#define _NS_NSSVERSION_H_
+
+#include "nsINSSVersion.h"
+#include "mozilla/Attributes.h"
+
+class nsNSSVersion final : public nsINSSVersion
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSINSSVERSION
+  
+  nsNSSVersion();
+
+private:
+  ~nsNSSVersion();
+};
+
+#define NS_NSSVERSION_CID \
+  { 0x23ad3531, 0x11d2, 0x4e8e, { 0x80, 0x5a, 0x6a, 0x75, 0x2e, 0x91, 0x68, 0x1a } }
+
+#endif
diff --git a/security/manager/ssl/nsNTLMAuthModule.cpp b/security/manager/ssl/nsNTLMAuthModule.cpp
new file mode 100644
index 000000000..a0564118a
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.cpp
@@ -0,0 +1,1179 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNTLMAuthModule.h"
+
+#include <time.h>
+
+#include "ScopedNSSTypes.h"
+#include "md4.h"
+#include "mozilla/Base64.h"
+#include "mozilla/Casting.h"
+#include "mozilla/CheckedInt.h"
+#include "mozilla/EndianUtils.h"
+#include "mozilla/Likely.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Sprintf.h"
+#include "mozilla/Telemetry.h"
+#include "nsCOMPtr.h"
+#include "nsComponentManagerUtils.h"
+#include "nsICryptoHMAC.h"
+#include "nsICryptoHash.h"
+#include "nsIKeyModule.h"
+#include "nsKeyModule.h"
+#include "nsNSSShutDown.h"
+#include "nsNativeCharsetUtils.h"
+#include "nsNetCID.h"
+#include "nsUnicharUtils.h"
+#include "pk11pub.h"
+#include "prsystem.h"
+
+static bool sNTLMv1Forced = false;
+static mozilla::LazyLogModule sNTLMLog("NTLM");
+
+#define LOG(x) MOZ_LOG(sNTLMLog, mozilla::LogLevel::Debug, x)
+#define LOG_ENABLED() MOZ_LOG_TEST(sNTLMLog, mozilla::LogLevel::Debug)
+
+static void des_makekey(const uint8_t *raw, uint8_t *key);
+static void des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash);
+
+//-----------------------------------------------------------------------------
+// this file contains a cross-platform NTLM authentication implementation. it
+// is based on documentation from: http://davenport.sourceforge.net/ntlm.html
+//-----------------------------------------------------------------------------
+
+#define NTLM_NegotiateUnicode               0x00000001
+#define NTLM_NegotiateOEM                   0x00000002
+#define NTLM_RequestTarget                  0x00000004
+#define NTLM_Unknown1                       0x00000008
+#define NTLM_NegotiateSign                  0x00000010
+#define NTLM_NegotiateSeal                  0x00000020
+#define NTLM_NegotiateDatagramStyle         0x00000040
+#define NTLM_NegotiateLanManagerKey         0x00000080
+#define NTLM_NegotiateNetware               0x00000100
+#define NTLM_NegotiateNTLMKey               0x00000200
+#define NTLM_Unknown2                       0x00000400
+#define NTLM_Unknown3                       0x00000800
+#define NTLM_NegotiateDomainSupplied        0x00001000
+#define NTLM_NegotiateWorkstationSupplied   0x00002000
+#define NTLM_NegotiateLocalCall             0x00004000
+#define NTLM_NegotiateAlwaysSign            0x00008000
+#define NTLM_TargetTypeDomain               0x00010000
+#define NTLM_TargetTypeServer               0x00020000
+#define NTLM_TargetTypeShare                0x00040000
+#define NTLM_NegotiateNTLM2Key              0x00080000
+#define NTLM_RequestInitResponse            0x00100000
+#define NTLM_RequestAcceptResponse          0x00200000
+#define NTLM_RequestNonNTSessionKey         0x00400000
+#define NTLM_NegotiateTargetInfo            0x00800000
+#define NTLM_Unknown4                       0x01000000
+#define NTLM_Unknown5                       0x02000000
+#define NTLM_Unknown6                       0x04000000
+#define NTLM_Unknown7                       0x08000000
+#define NTLM_Unknown8                       0x10000000
+#define NTLM_Negotiate128                   0x20000000
+#define NTLM_NegotiateKeyExchange           0x40000000
+#define NTLM_Negotiate56                    0x80000000
+
+// we send these flags with our type 1 message
+#define NTLM_TYPE1_FLAGS      \
+  (NTLM_NegotiateUnicode |    \
+   NTLM_NegotiateOEM |        \
+   NTLM_RequestTarget |       \
+   NTLM_NegotiateNTLMKey |    \
+   NTLM_NegotiateAlwaysSign | \
+   NTLM_NegotiateNTLM2Key)
+
+static const char NTLM_SIGNATURE[] = "NTLMSSP";
+static const char NTLM_TYPE1_MARKER[] = { 0x01, 0x00, 0x00, 0x00 };
+static const char NTLM_TYPE2_MARKER[] = { 0x02, 0x00, 0x00, 0x00 };
+static const char NTLM_TYPE3_MARKER[] = { 0x03, 0x00, 0x00, 0x00 };
+
+#define NTLM_TYPE1_HEADER_LEN 32
+#define NTLM_TYPE2_HEADER_LEN 48
+#define NTLM_TYPE3_HEADER_LEN 64
+
+/**
+ * We don't actually send a LM response, but we still have to send something in this spot
+ */
+#define LM_RESP_LEN 24
+
+#define NTLM_CHAL_LEN 8
+
+#define NTLM_HASH_LEN 16
+#define NTLMv2_HASH_LEN 16
+#define NTLM_RESP_LEN 24
+#define NTLMv2_RESP_LEN 16
+#define NTLMv2_BLOB1_LEN 28
+
+//-----------------------------------------------------------------------------
+
+/**
+ * Prints a description of flags to the NSPR Log, if enabled.
+ */
+static void LogFlags(uint32_t flags)
+{
+  if (!LOG_ENABLED())
+    return;
+#define TEST(_flag) \
+  if (flags & NTLM_ ## _flag) \
+    PR_LogPrint("    0x%08x (" # _flag ")\n", NTLM_ ## _flag)
+
+  TEST(NegotiateUnicode);
+  TEST(NegotiateOEM);
+  TEST(RequestTarget);
+  TEST(Unknown1);
+  TEST(NegotiateSign);
+  TEST(NegotiateSeal);
+  TEST(NegotiateDatagramStyle);
+  TEST(NegotiateLanManagerKey);
+  TEST(NegotiateNetware);
+  TEST(NegotiateNTLMKey);
+  TEST(Unknown2);
+  TEST(Unknown3);
+  TEST(NegotiateDomainSupplied);
+  TEST(NegotiateWorkstationSupplied);
+  TEST(NegotiateLocalCall);
+  TEST(NegotiateAlwaysSign);
+  TEST(TargetTypeDomain);
+  TEST(TargetTypeServer);
+  TEST(TargetTypeShare);
+  TEST(NegotiateNTLM2Key);
+  TEST(RequestInitResponse);
+  TEST(RequestAcceptResponse);
+  TEST(RequestNonNTSessionKey);
+  TEST(NegotiateTargetInfo);
+  TEST(Unknown4);
+  TEST(Unknown5);
+  TEST(Unknown6);
+  TEST(Unknown7);
+  TEST(Unknown8);
+  TEST(Negotiate128);
+  TEST(NegotiateKeyExchange);
+  TEST(Negotiate56);
+
+#undef TEST
+}
+
+/**
+ * Prints a hexdump of buf to the NSPR Log, if enabled.
+ * @param tag Description of the data, will be printed in front of the data
+ * @param buf the data to print
+ * @param bufLen length of the data
+ */
+static void
+LogBuf(const char *tag, const uint8_t *buf, uint32_t bufLen)
+{
+  int i;
+
+  if (!LOG_ENABLED())
+    return;
+
+  PR_LogPrint("%s =\n", tag);
+  char line[80];
+  while (bufLen > 0)
+  {
+    int count = bufLen;
+    if (count > 8)
+      count = 8;
+
+    strcpy(line, "    ");
+    for (i=0; i<count; ++i)
+    {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "0x%02x ", int(buf[i]));
+    }
+    for (; i<8; ++i)
+    {
+      int len = strlen(line);
+      snprintf(line + len, sizeof(line) - len, "     ");
+    }
+
+    int len = strlen(line);
+    snprintf(line + len, sizeof(line) - len, "   ");
+    for (i=0; i<count; ++i)
+    {
+      len = strlen(line);
+      if (isprint(buf[i]))
+        snprintf(line + len, sizeof(line) - len, "%c", buf[i]);
+      else
+        snprintf(line + len, sizeof(line) - len, ".");
+    }
+    PR_LogPrint("%s\n", line);
+
+    bufLen -= count;
+    buf += count;
+  }
+}
+
+/**
+ * Print base64-encoded token to the NSPR Log.
+ * @param name Description of the token, will be printed in front
+ * @param token The token to print
+ * @param tokenLen length of the data in token
+ */
+static void
+LogToken(const char* name, const void* token, uint32_t tokenLen)
+{
+  if (!LOG_ENABLED()) {
+    return;
+  }
+
+  nsDependentCSubstring tokenString(static_cast<const char*>(token), tokenLen);
+  nsAutoCString base64Token;
+  nsresult rv = mozilla::Base64Encode(tokenString, base64Token);
+  if (NS_FAILED(rv)) {
+    return;
+  }
+
+  PR_LogPrint("%s: %s\n", name, base64Token.get());
+}
+
+//-----------------------------------------------------------------------------
+
+// byte order swapping
+#define SWAP16(x) ((((x) & 0xff) << 8) | (((x) >> 8) & 0xff))
+#define SWAP32(x) ((SWAP16((x) & 0xffff) << 16) | (SWAP16((x) >> 16)))
+
+static void *
+WriteBytes(void *buf, const void *data, uint32_t dataLen)
+{
+  memcpy(buf, data, dataLen);
+  return (uint8_t *) buf + dataLen;
+}
+
+static void *
+WriteDWORD(void *buf, uint32_t dword)
+{
+#ifdef IS_BIG_ENDIAN 
+  // NTLM uses little endian on the wire
+  dword = SWAP32(dword);
+#endif
+  return WriteBytes(buf, &dword, sizeof(dword));
+}
+
+static void *
+WriteSecBuf(void *buf, uint16_t length, uint32_t offset)
+{
+#ifdef IS_BIG_ENDIAN
+  length = SWAP16(length);
+  offset = SWAP32(offset);
+#endif
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &length, sizeof(length));
+  buf = WriteBytes(buf, &offset, sizeof(offset));
+  return buf;
+}
+
+#ifdef IS_BIG_ENDIAN
+/**
+ * WriteUnicodeLE copies a unicode string from one buffer to another.  The
+ * resulting unicode string is in little-endian format.  The input string is
+ * assumed to be in the native endianness of the local machine.  It is safe
+ * to pass the same buffer as both input and output, which is a handy way to
+ * convert the unicode buffer to little-endian on big-endian platforms.
+ */
+static void *
+WriteUnicodeLE(void *buf, const char16_t *str, uint32_t strLen)
+{
+  // convert input string from BE to LE
+  uint8_t *cursor = (uint8_t *) buf,
+          *input  = (uint8_t *) str;
+  for (uint32_t i=0; i<strLen; ++i, input+=2, cursor+=2)
+  {
+    // allow for the case where |buf == str|
+    uint8_t temp = input[0];
+    cursor[0] = input[1];
+    cursor[1] = temp;
+  }
+  return buf;
+}
+#endif
+
+static uint16_t
+ReadUint16(const uint8_t *&buf)
+{
+  uint16_t x = ((uint16_t) buf[0]) | ((uint16_t) buf[1] << 8);
+  buf += sizeof(x);
+  return x;
+}
+
+static uint32_t
+ReadUint32(const uint8_t *&buf)
+{
+  uint32_t x = ( (uint32_t) buf[0])        |
+               (((uint32_t) buf[1]) << 8)  |
+               (((uint32_t) buf[2]) << 16) |
+               (((uint32_t) buf[3]) << 24);
+  buf += sizeof(x);
+  return x;
+}
+
+//-----------------------------------------------------------------------------
+
+static void
+ZapBuf(void *buf, size_t bufLen)
+{
+  memset(buf, 0, bufLen);
+}
+
+static void
+ZapString(nsString &s)
+{
+  ZapBuf(s.BeginWriting(), s.Length() * 2);
+}
+
+/**
+ * NTLM_Hash computes the NTLM hash of the given password.
+ *
+ * @param password
+ *        null-terminated unicode password.
+ * @param hash
+ *        16-byte result buffer
+ */
+static void
+NTLM_Hash(const nsString &password, unsigned char *hash)
+{
+  uint32_t len = password.Length();
+  uint8_t *passbuf;
+  
+#ifdef IS_BIG_ENDIAN
+  passbuf = (uint8_t *) malloc(len * 2);
+  WriteUnicodeLE(passbuf, password.get(), len);
+#else
+  passbuf = (uint8_t *) password.get();
+#endif
+
+  md4sum(passbuf, len * 2, hash);
+
+#ifdef IS_BIG_ENDIAN
+  ZapBuf(passbuf, len * 2);
+  free(passbuf);
+#endif
+}
+
+//-----------------------------------------------------------------------------
+
+/** 
+ * LM_Response generates the LM response given a 16-byte password hash and the
+ * challenge from the Type-2 message.
+ *
+ * @param hash
+ *        16-byte password hash
+ * @param challenge
+ *        8-byte challenge from Type-2 message
+ * @param response
+ *        24-byte buffer to contain the LM response upon return
+ */
+static void
+LM_Response(const uint8_t *hash, const uint8_t *challenge, uint8_t *response)
+{
+  uint8_t keybytes[21], k1[8], k2[8], k3[8];
+
+  memcpy(keybytes, hash, 16);
+  ZapBuf(keybytes + 16, 5);
+
+  des_makekey(keybytes     , k1);
+  des_makekey(keybytes +  7, k2);
+  des_makekey(keybytes + 14, k3);
+
+  des_encrypt(k1, challenge, response);
+  des_encrypt(k2, challenge, response + 8);
+  des_encrypt(k3, challenge, response + 16);
+}
+
+//-----------------------------------------------------------------------------
+
+static nsresult
+GenerateType1Msg(void **outBuf, uint32_t *outLen)
+{
+  //
+  // verify that bufLen is sufficient
+  //
+  *outLen = NTLM_TYPE1_HEADER_LEN;
+  *outBuf = moz_xmalloc(*outLen);
+  if (!*outBuf)
+    return NS_ERROR_OUT_OF_MEMORY;
+
+  //
+  // write out type 1 msg
+  //
+  void *cursor = *outBuf;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE1_MARKER, sizeof(NTLM_TYPE1_MARKER));
+
+  // 12 : flags
+  cursor = WriteDWORD(cursor, NTLM_TYPE1_FLAGS);
+
+  //
+  // NOTE: it is common for the domain and workstation fields to be empty.
+  //       this is true of Win2k clients, and my guess is that there is
+  //       little utility to sending these strings before the charset has
+  //       been negotiated.  we follow suite -- anyways, it doesn't hurt
+  //       to save some bytes on the wire ;-)
+  //
+
+  // 16 : supplied domain security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 24 : supplied workstation security buffer (empty)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  return NS_OK;
+}
+
+struct Type2Msg
+{
+  uint32_t    flags;                    // NTLM_Xxx bitwise combination
+  uint8_t     challenge[NTLM_CHAL_LEN]; // 8 byte challenge
+  const uint8_t *target;                // target string (type depends on flags)
+  uint32_t    targetLen;                // target length in bytes
+  const uint8_t *targetInfo;            // target Attribute-Value pairs (DNS domain, et al)
+  uint32_t    targetInfoLen;            // target AV pairs length in bytes
+};
+
+static nsresult
+ParseType2Msg(const void *inBuf, uint32_t inLen, Type2Msg *msg)
+{
+  // make sure inBuf is long enough to contain a meaningful type2 msg.
+  //
+  // 0  NTLMSSP Signature
+  // 8  NTLM Message Type
+  // 12 Target Name
+  // 20 Flags
+  // 24 Challenge
+  // 32 targetInfo
+  // 48 start of optional data blocks
+  //
+  if (inLen < NTLM_TYPE2_HEADER_LEN)
+    return NS_ERROR_UNEXPECTED;
+
+  auto cursor = static_cast<const uint8_t*>(inBuf);
+
+  // verify NTLMSSP signature
+  if (memcmp(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE)) != 0)
+    return NS_ERROR_UNEXPECTED;
+
+  cursor += sizeof(NTLM_SIGNATURE);
+
+  // verify Type-2 marker
+  if (memcmp(cursor, NTLM_TYPE2_MARKER, sizeof(NTLM_TYPE2_MARKER)) != 0)
+    return NS_ERROR_UNEXPECTED;
+
+  cursor += sizeof(NTLM_TYPE2_MARKER);
+
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  uint32_t offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetEnd = offset;
+  targetEnd += targetLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetEnd.isValid() && targetEnd.value() <= inLen)) {
+    msg->targetLen = targetLen;
+    msg->target = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    // Do not error out, for (conservative) backward compatibility.
+    msg->targetLen = 0;
+    msg->target = nullptr;
+  }
+
+  // read flags
+  msg->flags = ReadUint32(cursor);
+
+  // read challenge
+  memcpy(msg->challenge, cursor, sizeof(msg->challenge));
+  cursor += sizeof(msg->challenge);
+
+  LOG(("NTLM type 2 message:\n"));
+  LogBuf("target", msg->target, msg->targetLen);
+  LogBuf("flags",
+         mozilla::BitwiseCast<const uint8_t*, const uint32_t*>(&msg->flags), 4);
+  LogFlags(msg->flags);
+  LogBuf("challenge", msg->challenge, sizeof(msg->challenge));
+
+  // Read (and skip) the reserved field
+  ReadUint32(cursor);
+  ReadUint32(cursor);
+  // Read target name security buffer: ...
+  // ... read target length.
+  uint32_t targetInfoLen = ReadUint16(cursor);
+  // ... skip next 16-bit "allocated space" value.
+  ReadUint16(cursor);
+  // ... read offset from inBuf.
+  offset = ReadUint32(cursor);
+  mozilla::CheckedInt<uint32_t> targetInfoEnd = offset;
+  targetInfoEnd += targetInfoLen;
+  // Check the offset / length combo is in range of the input buffer, including
+  // integer overflow checking.
+  if (MOZ_LIKELY(targetInfoEnd.isValid() && targetInfoEnd.value() <= inLen)) {
+    msg->targetInfoLen = targetInfoLen;
+    msg->targetInfo = static_cast<const uint8_t*>(inBuf) + offset;
+  } else {
+    NS_ERROR("failed to get NTLMv2 target info");
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static nsresult
+GenerateType3Msg(const nsString &domain,
+                 const nsString &username,
+                 const nsString &password,
+                 const void     *inBuf,
+                 uint32_t        inLen,
+                 void          **outBuf,
+                 uint32_t       *outLen)
+{
+  // inBuf contains Type-2 msg (the challenge) from server
+  MOZ_ASSERT(NS_IsMainThread());
+  nsresult rv;
+  Type2Msg msg;
+
+  rv = ParseType2Msg(inBuf, inLen, &msg);
+  if (NS_FAILED(rv))
+    return rv;
+
+  bool unicode = (msg.flags & NTLM_NegotiateUnicode);
+
+  // There is no negotiation for NTLMv2, so we just do it unless we are forced
+  // by explict user configuration to use the older DES-based cryptography.
+  bool ntlmv2 = (sNTLMv1Forced == false);
+
+  // temporary buffers for unicode strings
+#ifdef IS_BIG_ENDIAN
+  nsAutoString ucsDomainBuf, ucsUserBuf;
+#endif
+  nsAutoCString hostBuf;
+  nsAutoString ucsHostBuf; 
+  // temporary buffers for oem strings
+  nsAutoCString oemDomainBuf, oemUserBuf, oemHostBuf;
+  // pointers and lengths for the string buffers; encoding is unicode if
+  // the "negotiate unicode" flag was set in the Type-2 message.
+  const void *domainPtr, *userPtr, *hostPtr;
+  uint32_t domainLen, userLen, hostLen;
+
+  // This is for NTLM, for NTLMv2 we set the new full length once we know it
+  mozilla::CheckedInt<uint16_t> ntlmRespLen = NTLM_RESP_LEN;
+
+  //
+  // get domain name
+  //
+  if (unicode)
+  {
+#ifdef IS_BIG_ENDIAN
+    ucsDomainBuf = domain;
+    domainPtr = ucsDomainBuf.get();
+    domainLen = ucsDomainBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(domainPtr),
+                   static_cast<const char16_t*>(domainPtr),
+                   ucsDomainBuf.Length());
+#else
+    domainPtr = domain.get();
+    domainLen = domain.Length() * 2;
+#endif
+  }
+  else
+  {
+    NS_CopyUnicodeToNative(domain, oemDomainBuf);
+    domainPtr = oemDomainBuf.get();
+    domainLen = oemDomainBuf.Length();
+  }
+
+  //
+  // get user name
+  //
+  if (unicode)
+  {
+#ifdef IS_BIG_ENDIAN
+    ucsUserBuf = username;
+    userPtr = ucsUserBuf.get();
+    userLen = ucsUserBuf.Length() * 2;
+    WriteUnicodeLE(const_cast<void*>(userPtr),
+                   static_cast<const char16_t*>(userPtr),
+                   ucsUserBuf.Length());
+#else
+    userPtr = username.get();
+    userLen = username.Length() * 2;
+#endif
+  }
+  else
+  {
+    NS_CopyUnicodeToNative(username, oemUserBuf);
+    userPtr = oemUserBuf.get();
+    userLen = oemUserBuf.Length();
+  }
+
+  //
+  // get workstation name
+  // (do not use local machine's hostname after bug 1046421)
+  //
+  rv = mozilla::Preferences::GetCString("network.generic-ntlm-auth.workstation",
+                                        &hostBuf);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  if (unicode)
+  {
+    ucsHostBuf = NS_ConvertUTF8toUTF16(hostBuf);
+    hostPtr = ucsHostBuf.get();
+    hostLen = ucsHostBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(hostPtr),
+                   static_cast<const char16_t*>(hostPtr),
+                   ucsHostBuf.Length());
+#endif
+  }
+  else
+  {
+    hostPtr = hostBuf.get();
+    hostLen = hostBuf.Length();
+  }
+
+  //
+  // now that we have generated all of the strings, we can allocate outBuf.
+  //
+  //
+  // next, we compute the NTLM or NTLM2 responses.
+  //
+  uint8_t lmResp[LM_RESP_LEN];
+  uint8_t ntlmResp[NTLM_RESP_LEN];
+  uint8_t ntlmv2Resp[NTLMv2_RESP_LEN];
+  uint8_t ntlmHash[NTLM_HASH_LEN];
+  uint8_t ntlmv2_blob1[NTLMv2_BLOB1_LEN];
+  if (ntlmv2) {
+    // NTLMv2 mode, the default
+    nsString userUpper, domainUpper;
+    nsAutoCString ntlmHashStr;
+    nsAutoCString ntlmv2HashStr;
+    nsAutoCString lmv2ResponseStr;
+    nsAutoCString ntlmv2ResponseStr;
+
+    // temporary buffers for unicode strings
+    nsAutoString ucsDomainUpperBuf;
+    nsAutoString ucsUserUpperBuf;
+    const void *domainUpperPtr;
+    const void *userUpperPtr;
+    uint32_t domainUpperLen;
+    uint32_t userUpperLen;
+
+    if (msg.targetInfoLen == 0) {
+      NS_ERROR("failed to get NTLMv2 target info, can not do NTLMv2");
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    ToUpperCase(username, ucsUserUpperBuf);
+    userUpperPtr = ucsUserUpperBuf.get();
+    userUpperLen = ucsUserUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(userUpperPtr),
+                   static_cast<const char16_t*>(userUpperPtr),
+                   ucsUserUpperBuf.Length());
+#endif
+    ToUpperCase(domain, ucsDomainUpperBuf);
+    domainUpperPtr = ucsDomainUpperBuf.get();
+    domainUpperLen = ucsDomainUpperBuf.Length() * 2;
+#ifdef IS_BIG_ENDIAN
+    WriteUnicodeLE(const_cast<void*>(domainUpperPtr),
+                   static_cast<const char16_t*>(domainUpperPtr),
+                   ucsDomainUpperBuf.Length());
+#endif
+
+    NTLM_Hash(password, ntlmHash);
+    ntlmHashStr = nsAutoCString(
+      mozilla::BitwiseCast<const char*, const uint8_t*>(ntlmHash), NTLM_HASH_LEN);
+
+    nsCOMPtr<nsIKeyObjectFactory> keyFactory =
+        do_CreateInstance(NS_KEYMODULEOBJECTFACTORY_CONTRACTID, &rv);
+
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    nsCOMPtr<nsIKeyObject> ntlmKey =
+        do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmHashStr, getter_AddRefs(ntlmKey));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    nsCOMPtr<nsICryptoHMAC> hasher =
+        do_CreateInstance(NS_CRYPTO_HMAC_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmKey);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(static_cast<const uint8_t*>(userUpperPtr), userUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(static_cast<const uint8_t*>(domainUpperPtr),
+                        domainUpperLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, ntlmv2HashStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    uint8_t client_random[NTLM_CHAL_LEN];
+    PK11_GenerateRandom(client_random, NTLM_CHAL_LEN);
+
+    nsCOMPtr<nsIKeyObject> ntlmv2Key =
+        do_CreateInstance(NS_KEYMODULEOBJECT_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    // Prepare the LMv2 response
+    rv = keyFactory->KeyFromString(nsIKeyObject::HMAC, ntlmv2HashStr, getter_AddRefs(ntlmv2Key));
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(client_random, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, lmv2ResponseStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (lmv2ResponseStr.Length() != NTLMv2_HASH_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(lmResp, lmv2ResponseStr.get(), NTLMv2_HASH_LEN);
+    memcpy(lmResp + NTLMv2_HASH_LEN, client_random, NTLM_CHAL_LEN);
+
+    memset(ntlmv2_blob1, 0, NTLMv2_BLOB1_LEN);
+
+    time_t unix_time;
+    uint64_t nt_time = time(&unix_time);
+    nt_time += 11644473600LL;    // Number of seconds betwen 1601 and 1970
+    nt_time *= 1000 * 1000 * 10; // Convert seconds to 100 ns units
+
+    ntlmv2_blob1[0] = 1;
+    ntlmv2_blob1[1] = 1;
+    mozilla::LittleEndian::writeUint64(&ntlmv2_blob1[8], nt_time);
+    PK11_GenerateRandom(&ntlmv2_blob1[16], NTLM_CHAL_LEN);
+
+    rv = hasher->Init(nsICryptoHMAC::MD5, ntlmv2Key);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(ntlmv2_blob1, NTLMv2_BLOB1_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.targetInfo, msg.targetInfoLen);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, ntlmv2ResponseStr);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    if (ntlmv2ResponseStr.Length() != NTLMv2_RESP_LEN) {
+      return NS_ERROR_UNEXPECTED;
+    }
+
+    memcpy(ntlmv2Resp, ntlmv2ResponseStr.get(), NTLMv2_RESP_LEN);
+    ntlmRespLen = NTLMv2_RESP_LEN + NTLMv2_BLOB1_LEN;
+    ntlmRespLen += msg.targetInfoLen;
+    if (!ntlmRespLen.isValid()) {
+      NS_ERROR("failed to do NTLMv2: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+  } else if (msg.flags & NTLM_NegotiateNTLM2Key) {
+    // compute NTLM2 session response
+    nsCString sessionHashString;
+
+    PK11_GenerateRandom(lmResp, NTLM_CHAL_LEN);
+    memset(lmResp + NTLM_CHAL_LEN, 0, LM_RESP_LEN - NTLM_CHAL_LEN);
+
+    nsCOMPtr<nsICryptoHash> hasher =
+        do_CreateInstance(NS_CRYPTO_HASH_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Init(nsICryptoHash::MD5);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(msg.challenge, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Update(lmResp, NTLM_CHAL_LEN);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    rv = hasher->Finish(false, sessionHashString);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+
+    auto sessionHash = mozilla::BitwiseCast<const uint8_t*, const char*>(
+      sessionHashString.get());
+
+    LogBuf("NTLM2 effective key: ", sessionHash, 8);
+
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, sessionHash, ntlmResp);
+  } else {
+    NTLM_Hash(password, ntlmHash);
+    LM_Response(ntlmHash, msg.challenge, ntlmResp);
+
+    // According to http://davenport.sourceforge.net/ntlm.html#ntlmVersion2,
+    // the correct way to not send the LM hash is to send the NTLM hash twice
+    // in both the LM and NTLM response fields.
+    LM_Response(ntlmHash, msg.challenge, lmResp);
+  }
+
+  mozilla::CheckedInt<uint32_t> totalLen = NTLM_TYPE3_HEADER_LEN + LM_RESP_LEN;
+  totalLen += hostLen;
+  totalLen += domainLen;
+  totalLen += userLen;
+  totalLen += ntlmRespLen.value();
+
+  if (!totalLen.isValid()) {
+    NS_ERROR("failed preparing to allocate NTLM response: integer overflow?!?");
+    return NS_ERROR_FAILURE;
+  }
+  *outBuf = moz_xmalloc(totalLen.value());
+  *outLen = totalLen.value();
+  if (!*outBuf) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  //
+  // finally, we assemble the Type-3 msg :-)
+  //
+  void *cursor = *outBuf;
+  mozilla::CheckedInt<uint32_t> offset;
+
+  // 0 : signature
+  cursor = WriteBytes(cursor, NTLM_SIGNATURE, sizeof(NTLM_SIGNATURE));
+
+  // 8 : marker
+  cursor = WriteBytes(cursor, NTLM_TYPE3_MARKER, sizeof(NTLM_TYPE3_MARKER));
+
+  // 12 : LM response sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  offset += domainLen;
+  offset += userLen;
+  offset += hostLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, LM_RESP_LEN, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), lmResp, LM_RESP_LEN);
+
+  // 20 : NTLM or NTLMv2 response sec buf
+  offset += LM_RESP_LEN;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, ntlmRespLen.value(), offset.value());
+  if (ntlmv2) {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2Resp,
+           NTLMv2_RESP_LEN);
+    offset += NTLMv2_RESP_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmv2_blob1,
+           NTLMv2_BLOB1_LEN);
+    offset += NTLMv2_BLOB1_LEN;
+    if (!offset.isValid()) {
+      NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+      return NS_ERROR_UNEXPECTED;
+    }
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), msg.targetInfo,
+           msg.targetInfoLen);
+  } else {
+    memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), ntlmResp,
+           NTLM_RESP_LEN);
+  }
+  // 28 : domain name sec buf
+  offset = NTLM_TYPE3_HEADER_LEN;
+  cursor = WriteSecBuf(cursor, domainLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), domainPtr, domainLen);
+
+  // 36 : user name sec buf
+  offset += domainLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, userLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), userPtr, userLen);
+
+  // 44 : workstation (host) name sec buf
+  offset += userLen;
+  if (!offset.isValid()) {
+    NS_ERROR("failed preparing to write NTLM response: integer overflow?!?");
+    return NS_ERROR_UNEXPECTED;
+  }
+  cursor = WriteSecBuf(cursor, hostLen, offset.value());
+  memcpy(static_cast<uint8_t*>(*outBuf) + offset.value(), hostPtr, hostLen);
+
+  // 52 : session key sec buf (not used)
+  cursor = WriteSecBuf(cursor, 0, 0);
+
+  // 60 : negotiated flags
+  cursor = WriteDWORD(cursor, msg.flags & NTLM_TYPE1_FLAGS);
+
+  return NS_OK;
+}
+
+//-----------------------------------------------------------------------------
+
+NS_IMPL_ISUPPORTS(nsNTLMAuthModule, nsIAuthModule)
+
+nsNTLMAuthModule::~nsNTLMAuthModule()
+{
+  ZapString(mPassword);
+}
+
+nsresult
+nsNTLMAuthModule::InitTest()
+{
+  static bool prefObserved = false;
+  if (!prefObserved) {
+    mozilla::Preferences::AddBoolVarCache(
+      &sNTLMv1Forced, "network.auth.force-generic-ntlm-v1", sNTLMv1Forced);
+    prefObserved = true;
+  }
+
+  nsNSSShutDownPreventionLock locker;
+  //
+  // disable NTLM authentication when FIPS mode is enabled.
+  //
+  return PK11_IsFIPS() ? NS_ERROR_NOT_AVAILABLE : NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Init(const char      *serviceName,
+                       uint32_t         serviceFlags,
+                       const char16_t *domain,
+                       const char16_t *username,
+                       const char16_t *password)
+{
+  NS_ASSERTION((serviceFlags & ~nsIAuthModule::REQ_PROXY_AUTH) == nsIAuthModule::REQ_DEFAULT,
+      "unexpected service flags");
+
+  mDomain = domain;
+  mUsername = username;
+  mPassword = password;
+  mNTLMNegotiateSent = false;
+
+  static bool sTelemetrySent = false;
+  if (!sTelemetrySent) {
+      mozilla::Telemetry::Accumulate(
+          mozilla::Telemetry::NTLM_MODULE_USED_2,
+          serviceFlags & nsIAuthModule::REQ_PROXY_AUTH
+              ? NTLM_MODULE_GENERIC_PROXY
+              : NTLM_MODULE_GENERIC_DIRECT);
+      sTelemetrySent = true;
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::GetNextToken(const void *inToken,
+                               uint32_t    inTokenLen,
+                               void      **outToken,
+                               uint32_t   *outTokenLen)
+{
+  nsresult rv;
+  nsNSSShutDownPreventionLock locker;
+  //
+  // disable NTLM authentication when FIPS mode is enabled.
+  //
+  if (PK11_IsFIPS())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mNTLMNegotiateSent) {
+    // if inToken is non-null, and we have sent the NTLMSSP_NEGOTIATE (type 1),
+    // then the NTLMSSP_CHALLENGE (type 2) is expected
+    if (inToken) {
+      LogToken("in-token", inToken, inTokenLen);
+      // Now generate the NTLMSSP_AUTH (type 3)
+      rv = GenerateType3Msg(mDomain, mUsername, mPassword, inToken,
+			    inTokenLen, outToken, outTokenLen);
+    } else {
+      LOG(("NTLMSSP_NEGOTIATE already sent and presumably "
+	   "rejected by the server, refusing to send another"));
+      rv = NS_ERROR_UNEXPECTED;
+    }
+  } else {
+    if (inToken) {
+      LOG(("NTLMSSP_NEGOTIATE not sent but NTLM reply already received?!?"));
+      rv = NS_ERROR_UNEXPECTED;
+    } else {
+      rv = GenerateType1Msg(outToken, outTokenLen);
+      if (NS_SUCCEEDED(rv)) {
+	mNTLMNegotiateSent = true;
+      }
+    }
+  }
+
+  if (NS_SUCCEEDED(rv))
+    LogToken("out-token", *outToken, *outTokenLen);
+
+  return rv;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Unwrap(const void *inToken,
+                        uint32_t    inTokenLen,
+                        void      **outToken,
+                        uint32_t   *outTokenLen)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+NS_IMETHODIMP
+nsNTLMAuthModule::Wrap(const void *inToken,
+                       uint32_t    inTokenLen,
+                       bool        confidential,
+                       void      **outToken,
+                       uint32_t   *outTokenLen)
+{
+  return NS_ERROR_NOT_IMPLEMENTED;
+}
+
+//-----------------------------------------------------------------------------
+// DES support code
+
+// set odd parity bit (in least significant bit position)
+static uint8_t
+des_setkeyparity(uint8_t x)
+{
+  if ((((x >> 7) ^ (x >> 6) ^ (x >> 5) ^
+        (x >> 4) ^ (x >> 3) ^ (x >> 2) ^
+        (x >> 1)) & 0x01) == 0)
+    x |= 0x01;
+  else
+    x &= 0xfe;
+  return x;
+}
+
+// build 64-bit des key from 56-bit raw key
+static void
+des_makekey(const uint8_t *raw, uint8_t *key)
+{
+  key[0] = des_setkeyparity(raw[0]);
+  key[1] = des_setkeyparity((raw[0] << 7) | (raw[1] >> 1));
+  key[2] = des_setkeyparity((raw[1] << 6) | (raw[2] >> 2));
+  key[3] = des_setkeyparity((raw[2] << 5) | (raw[3] >> 3));
+  key[4] = des_setkeyparity((raw[3] << 4) | (raw[4] >> 4));
+  key[5] = des_setkeyparity((raw[4] << 3) | (raw[5] >> 5));
+  key[6] = des_setkeyparity((raw[5] << 2) | (raw[6] >> 6));
+  key[7] = des_setkeyparity((raw[6] << 1));
+}
+
+// run des encryption algorithm (using NSS)
+static void
+des_encrypt(const uint8_t *key, const uint8_t *src, uint8_t *hash)
+{
+  CK_MECHANISM_TYPE cipherMech = CKM_DES_ECB;
+  PK11SymKey *symkey = nullptr;
+  PK11Context *ctxt = nullptr;
+  SECItem keyItem;
+  mozilla::UniqueSECItem param;
+  SECStatus rv;
+  unsigned int n;
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetBestSlot(cipherMech, nullptr));
+  if (!slot)
+  {
+    NS_ERROR("no slot");
+    goto done;
+  }
+
+  keyItem.data = const_cast<uint8_t*>(key);
+  keyItem.len = 8;
+  symkey = PK11_ImportSymKey(slot.get(), cipherMech,
+                             PK11_OriginUnwrap, CKA_ENCRYPT,
+                             &keyItem, nullptr);
+  if (!symkey)
+  {
+    NS_ERROR("no symkey");
+    goto done;
+  }
+
+  // no initialization vector required
+  param = mozilla::UniqueSECItem(PK11_ParamFromIV(cipherMech, nullptr));
+  if (!param)
+  {
+    NS_ERROR("no param");
+    goto done;
+  }
+
+  ctxt = PK11_CreateContextBySymKey(cipherMech, CKA_ENCRYPT,
+                                    symkey, param.get());
+  if (!ctxt) {
+    NS_ERROR("no context");
+    goto done;
+  }
+
+  rv = PK11_CipherOp(ctxt, hash, (int *) &n, 8, (uint8_t *) src, 8);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+  rv = PK11_DigestFinal(ctxt, hash+8, &n, 0);
+  if (rv != SECSuccess) {
+    NS_ERROR("des failure");
+    goto done;
+  }
+
+done:
+  if (ctxt)
+    PK11_DestroyContext(ctxt, true);
+  if (symkey)
+    PK11_FreeSymKey(symkey);
+}
diff --git a/security/manager/ssl/nsNTLMAuthModule.h b/security/manager/ssl/nsNTLMAuthModule.h
new file mode 100644
index 000000000..27bf2999f
--- /dev/null
+++ b/security/manager/ssl/nsNTLMAuthModule.h
@@ -0,0 +1,44 @@
+/* vim:set ts=2 sw=2 et cindent: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsNTLMAuthModule_h__
+#define nsNTLMAuthModule_h__
+
+#include "nsIAuthModule.h"
+#include "nsString.h"
+
+class nsNTLMAuthModule : public nsIAuthModule
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIAUTHMODULE
+
+  nsNTLMAuthModule() {}
+
+  nsresult InitTest();
+
+  static void SetSendLM(bool sendLM);
+
+protected:
+  virtual ~nsNTLMAuthModule();
+
+private:
+  nsString mDomain;
+  nsString mUsername;
+  nsString mPassword;
+  bool mNTLMNegotiateSent;
+};
+
+#define NS_NTLMAUTHMODULE_CONTRACTID \
+  NS_AUTH_MODULE_CONTRACTID_PREFIX "ntlm"
+#define NS_NTLMAUTHMODULE_CID \
+{ /* a4e5888f-4fe4-4632-8e7e-745196ea7c70 */       \
+  0xa4e5888f,                                      \
+  0x4fe4,                                          \
+  0x4632,                                          \
+  {0x8e, 0x7e, 0x74, 0x51, 0x96, 0xea, 0x7c, 0x70} \
+}
+
+#endif // nsNTLMAuthModule_h__
diff --git a/security/manager/ssl/nsPK11TokenDB.cpp b/security/manager/ssl/nsPK11TokenDB.cpp
new file mode 100644
index 000000000..7743b7d5d
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -0,0 +1,498 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "nsPK11TokenDB.h"
+
+#include <string.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Unused.h"
+#include "nsIMutableArray.h"
+#include "nsISupports.h"
+#include "nsNSSComponent.h"
+#include "nsPromiseFlatString.h"
+#include "nsReadableUtils.h"
+#include "nsServiceManagerUtils.h"
+#include "prerror.h"
+#include "secerr.h"
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPK11Token, nsIPK11Token)
+
+nsPK11Token::nsPK11Token(PK11SlotInfo* slot)
+  : mUIContext(new PipUIContext())
+{
+  MOZ_ASSERT(slot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mSeries = PK11_GetSlotSeries(slot);
+
+  Unused << refreshTokenInfo(locker);
+}
+
+nsresult
+nsPK11Token::refreshTokenInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  mTokenName = PK11_GetTokenName(mSlot.get());
+
+  CK_TOKEN_INFO tokInfo;
+  nsresult rv = MapSECStatus(PK11_GetTokenInfo(mSlot.get(), &tokInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Label field
+  const char* ccLabel = mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.label);
+  mTokenLabel.Assign(ccLabel, strnlen(ccLabel, sizeof(tokInfo.label)));
+  mTokenLabel.Trim(" ", false, true);
+
+  // Set the Manufacturer field
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(tokInfo.manufacturerID);
+  mTokenManufacturerID.Assign(
+    ccManID,
+    strnlen(ccManID, sizeof(tokInfo.manufacturerID)));
+  mTokenManufacturerID.Trim(" ", false, true);
+
+  // Set the Hardware Version field
+  mTokenHWVersion.Truncate();
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.major);
+  mTokenHWVersion.Append('.');
+  mTokenHWVersion.AppendInt(tokInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mTokenFWVersion.Truncate();
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.major);
+  mTokenFWVersion.Append('.');
+  mTokenFWVersion.AppendInt(tokInfo.firmwareVersion.minor);
+
+  // Set the Serial Number field
+  const char* ccSerial =
+    mozilla::BitwiseCast<char*, CK_CHAR*>(tokInfo.serialNumber);
+  mTokenSerialNum.Assign(ccSerial,
+                         strnlen(ccSerial, sizeof(tokInfo.serialNumber)));
+  mTokenSerialNum.Trim(" ", false, true);
+
+  return NS_OK;
+}
+
+nsPK11Token::~nsPK11Token()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPK11Token::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPK11Token::destructorSafeDestroyNSSReference()
+{
+  mSlot = nullptr;
+}
+
+nsresult
+nsPK11Token::GetAttributeHelper(const nsACString& attribute,
+                        /*out*/ nsACString& xpcomOutParam)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // Handle removals/insertions.
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshTokenInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenName(/*out*/ nsACString& tokenName)
+{
+  return GetAttributeHelper(mTokenName, tokenName);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenLabel(/*out*/ nsACString& tokenLabel)
+{
+  return GetAttributeHelper(mTokenLabel, tokenLabel);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenManID(/*out*/ nsACString& tokenManufacturerID)
+{
+  return GetAttributeHelper(mTokenManufacturerID, tokenManufacturerID);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenHWVersion(/*out*/ nsACString& tokenHWVersion)
+{
+  return GetAttributeHelper(mTokenHWVersion, tokenHWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenFWVersion(/*out*/ nsACString& tokenFWVersion)
+{
+  return GetAttributeHelper(mTokenFWVersion, tokenFWVersion);
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetTokenSerialNumber(/*out*/ nsACString& tokenSerialNum)
+{
+  return GetAttributeHelper(mTokenSerialNum, tokenSerialNum);
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsLoggedIn(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsLoggedIn(mSlot.get(), 0);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::Login(bool force)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsresult rv;
+  bool test;
+  rv = this->NeedsLogin(&test);
+  if (NS_FAILED(rv)) return rv;
+  if (test && force) {
+    rv = this->LogoutSimple();
+    if (NS_FAILED(rv)) return rv;
+  }
+  rv = setPassword(mSlot.get(), mUIContext, locker);
+  if (NS_FAILED(rv)) return rv;
+
+  return MapSECStatus(PK11_Authenticate(mSlot.get(), true, mUIContext));
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutSimple()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // PK11_Logout() can fail if the user wasn't logged in beforehand. We want
+  // this method to succeed even in this case, so we ignore the return value.
+  Unused << PK11_Logout(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::LogoutAndDropAuthenticatedResources()
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsresult rv = LogoutSimple();
+
+  if (NS_FAILED(rv))
+    return rv;
+
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv))
+    return rv;
+
+  return nssComponent->LogoutAuthenticatedPK11();
+}
+
+NS_IMETHODIMP
+nsPK11Token::Reset()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  return MapSECStatus(PK11_ResetToken(mSlot.get(), nullptr));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetMinimumPasswordLength(int32_t* aMinimumPasswordLength)
+{
+  NS_ENSURE_ARG_POINTER(aMinimumPasswordLength);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aMinimumPasswordLength = PK11_GetMinimumPwdLength(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetNeedsUserInit(bool* aNeedsUserInit)
+{
+  NS_ENSURE_ARG_POINTER(aNeedsUserInit);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *aNeedsUserInit = PK11_NeedUserInit(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::CheckPassword(const nsACString& password, bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  SECStatus srv =
+    PK11_CheckUserPassword(mSlot.get(), PromiseFlatCString(password).get());
+  if (srv != SECSuccess) {
+    *_retval =  false;
+    PRErrorCode error = PR_GetError();
+    if (error != SEC_ERROR_BAD_PASSWORD) {
+      /* something really bad happened - throw an exception */
+      return mozilla::psm::GetXPCOMFromNSSError(error);
+    }
+  } else {
+    *_retval =  true;
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::InitPassword(const nsACString& initialPassword)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  return MapSECStatus(
+    PK11_InitPin(mSlot.get(), "", PromiseFlatCString(initialPassword).get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetAskPasswordTimes(int32_t* askTimes)
+{
+  NS_ENSURE_ARG_POINTER(askTimes);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  int askTimeout;
+  PK11_GetSlotPWValues(mSlot.get(), askTimes, &askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::GetAskPasswordTimeout(int32_t* askTimeout)
+{
+  NS_ENSURE_ARG_POINTER(askTimeout);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  int askTimes;
+  PK11_GetSlotPWValues(mSlot.get(), &askTimes, askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::SetAskPasswordDefaults(const int32_t askTimes,
+                                    const int32_t askTimeout)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  PK11_SetSlotPWValues(mSlot.get(), askTimes, askTimeout);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::ChangePassword(const nsACString& oldPassword,
+                            const nsACString& newPassword)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // PK11_ChangePW() has different semantics for the empty string and for
+  // nullptr. In order to support this difference, we need to check IsVoid() to
+  // find out if our caller supplied null/undefined args or just empty strings.
+  // See Bug 447589.
+  return MapSECStatus(PK11_ChangePW(
+    mSlot.get(),
+    oldPassword.IsVoid() ? nullptr : PromiseFlatCString(oldPassword).get(),
+    newPassword.IsVoid() ? nullptr : PromiseFlatCString(newPassword).get()));
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsHardwareToken(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsHW(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::NeedsLogin(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_NeedLogin(mSlot.get());
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11Token::IsFriendly(bool* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  *_retval = PK11_IsFriendly(mSlot.get());
+
+  return NS_OK;
+}
+
+/*=========================================================*/
+
+NS_IMPL_ISUPPORTS(nsPK11TokenDB, nsIPK11TokenDB)
+
+nsPK11TokenDB::nsPK11TokenDB()
+{
+}
+
+nsPK11TokenDB::~nsPK11TokenDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::GetInternalKeyToken(nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+  token.forget(_retval);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::FindTokenByName(const nsACString& tokenName,
+                       /*out*/ nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slot(
+    PK11_FindSlotByName(PromiseFlatCString(tokenName).get()));
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
+  token.forget(_retval);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPK11TokenDB::ListTokens(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *_retval = nullptr;
+
+  UniquePK11SlotList list(
+    PK11_GetAllTokens(CKM_INVALID_MECHANISM, false, false, 0));
+  if (!list) {
+    return NS_ERROR_FAILURE;
+  }
+
+  for (PK11SlotListElement* le = PK11_GetFirstSafe(list.get()); le;
+       le = PK11_GetNextSafe(list.get(), le, false)) {
+    nsCOMPtr<nsIPK11Token> token = new nsPK11Token(le->slot);
+    nsresult rv = array->AppendElement(token, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
diff --git a/security/manager/ssl/nsPK11TokenDB.h b/security/manager/ssl/nsPK11TokenDB.h
new file mode 100644
index 000000000..1d29e592f
--- /dev/null
+++ b/security/manager/ssl/nsPK11TokenDB.h
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPK11TokenDB_h
+#define nsPK11TokenDB_h
+
+#include "nsCOMPtr.h"
+#include "nsIPK11Token.h"
+#include "nsIPK11TokenDB.h"
+#include "nsISupports.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+#include "pk11func.h"
+#include "ScopedNSSTypes.h"
+
+class nsPK11Token : public nsIPK11Token,
+                    public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKEN
+
+  explicit nsPK11Token(PK11SlotInfo *slot);
+
+protected:
+  virtual ~nsPK11Token();
+
+private:
+  friend class nsPK11TokenDB;
+  nsresult refreshTokenInfo(const nsNSSShutDownPreventionLock& proofOfLock);
+
+  nsCString mTokenName;
+  nsCString mTokenLabel;
+  nsCString mTokenManufacturerID;
+  nsCString mTokenHWVersion;
+  nsCString mTokenFWVersion;
+  nsCString mTokenSerialNum;
+  mozilla::UniquePK11SlotInfo mSlot;
+  int mSeries;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                      /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPK11TokenDB : public nsIPK11TokenDB
+                    , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPK11TOKENDB
+
+  nsPK11TokenDB();
+
+protected:
+  virtual ~nsPK11TokenDB();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#define NS_PK11TOKENDB_CID \
+{ 0xb084a2ce, 0x1dd1, 0x11b2, \
+  { 0xbf, 0x10, 0x83, 0x24, 0xf8, 0xe0, 0x65, 0xcc }}
+
+#endif // nsPK11TokenDB_h
diff --git a/security/manager/ssl/nsPKCS11Slot.cpp b/security/manager/ssl/nsPKCS11Slot.cpp
new file mode 100644
index 000000000..780a7c4b2
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.cpp
@@ -0,0 +1,569 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS11Slot.h"
+
+#include <string.h>
+
+#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
+#include "mozilla/Telemetry.h"
+#include "mozilla/Unused.h"
+#include "nsCOMPtr.h"
+#include "nsIMutableArray.h"
+#include "nsPK11TokenDB.h"
+#include "nsPromiseFlatString.h"
+#include "secmod.h"
+
+using mozilla::LogLevel;
+
+extern mozilla::LazyLogModule gPIPNSSLog;
+
+NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
+
+nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo* slot)
+{
+  MOZ_ASSERT(slot);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mSlot.reset(PK11_ReferenceSlot(slot));
+  mSeries = PK11_GetSlotSeries(slot);
+  Unused << refreshSlotInfo(locker);
+}
+
+nsresult
+nsPKCS11Slot::refreshSlotInfo(const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+  CK_SLOT_INFO slotInfo;
+  nsresult rv = MapSECStatus(PK11_GetSlotInfo(mSlot.get(), &slotInfo));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  // Set the Description field
+  const char* ccDesc =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.slotDescription);
+  mSlotDesc.Assign(ccDesc, strnlen(ccDesc, sizeof(slotInfo.slotDescription)));
+  mSlotDesc.Trim(" ", false, true);
+
+  // Set the Manufacturer field
+  const char* ccManID =
+    mozilla::BitwiseCast<char*, CK_UTF8CHAR*>(slotInfo.manufacturerID);
+  mSlotManufacturerID.Assign(
+    ccManID,
+    strnlen(ccManID, sizeof(slotInfo.manufacturerID)));
+  mSlotManufacturerID.Trim(" ", false, true);
+
+  // Set the Hardware Version field
+  mSlotHWVersion.Truncate();
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.major);
+  mSlotHWVersion.Append('.');
+  mSlotHWVersion.AppendInt(slotInfo.hardwareVersion.minor);
+
+  // Set the Firmware Version field
+  mSlotFWVersion.Truncate();
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.major);
+  mSlotFWVersion.Append('.');
+  mSlotFWVersion.AppendInt(slotInfo.firmwareVersion.minor);
+
+  return NS_OK;
+}
+
+nsPKCS11Slot::~nsPKCS11Slot()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPKCS11Slot::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPKCS11Slot::destructorSafeDestroyNSSReference()
+{
+  mSlot = nullptr;
+}
+
+nsresult
+nsPKCS11Slot::GetAttributeHelper(const nsACString& attribute,
+                         /*out*/ nsACString& xpcomOutParam)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  xpcomOutParam = attribute;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetName(/*out*/ nsACString& name)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  // |csn| is non-owning.
+  char* csn = PK11_GetSlotName(mSlot.get());
+  if (csn && *csn) {
+    name = csn;
+  } else if (PK11_HasRootCerts(mSlot.get())) {
+    // This is a workaround to an Root Module bug - the root certs module has
+    // no slot name.  Not bothering to localize, because this is a workaround
+    // and for now all the slot names returned by NSS are char * anyway.
+    name = NS_LITERAL_CSTRING("Root Certificates");
+  } else {
+    // same as above, this is a catch-all
+    name = NS_LITERAL_CSTRING("Unnamed Slot");
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetDesc(/*out*/ nsACString& desc)
+{
+  return GetAttributeHelper(mSlotDesc, desc);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetManID(/*out*/ nsACString& manufacturerID)
+{
+  return GetAttributeHelper(mSlotManufacturerID, manufacturerID);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetHWVersion(/*out*/ nsACString& hwVersion)
+{
+  return GetAttributeHelper(mSlotHWVersion, hwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetFWVersion(/*out*/ nsACString& fwVersion)
+{
+  return GetAttributeHelper(mSlotFWVersion, fwVersion);
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetToken(nsIPK11Token** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot.get());
+  token.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetTokenName(/*out*/ nsACString& tokenName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (!PK11_IsPresent(mSlot.get())) {
+    tokenName.SetIsVoid(true);
+    return NS_OK;
+  }
+
+  if (PK11_GetSlotSeries(mSlot.get()) != mSeries) {
+    nsresult rv = refreshSlotInfo(locker);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  tokenName = PK11_GetTokenName(mSlot.get());
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Slot::GetStatus(uint32_t* _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (PK11_IsDisabled(mSlot.get())) {
+    *_retval = SLOT_DISABLED;
+  } else if (!PK11_IsPresent(mSlot.get())) {
+    *_retval = SLOT_NOT_PRESENT;
+  } else if (PK11_NeedLogin(mSlot.get()) && PK11_NeedUserInit(mSlot.get())) {
+    *_retval = SLOT_UNINITIALIZED;
+  } else if (PK11_NeedLogin(mSlot.get()) &&
+             !PK11_IsLoggedIn(mSlot.get(), nullptr)) {
+    *_retval = SLOT_NOT_LOGGED_IN;
+  } else if (PK11_NeedLogin(mSlot.get())) {
+    *_retval = SLOT_LOGGED_IN;
+  } else {
+    *_retval = SLOT_READY;
+  }
+  return NS_OK;
+}
+
+NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
+
+nsPKCS11Module::nsPKCS11Module(SECMODModule* module)
+{
+  MOZ_ASSERT(module);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return;
+
+  mModule.reset(SECMOD_ReferenceModule(module));
+}
+
+nsPKCS11Module::~nsPKCS11Module()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  destructorSafeDestroyNSSReference();
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+void
+nsPKCS11Module::virtualDestroyNSSReference()
+{
+  destructorSafeDestroyNSSReference();
+}
+
+void
+nsPKCS11Module::destructorSafeDestroyNSSReference()
+{
+  mModule = nullptr;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetName(/*out*/ nsACString& name)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  name = mModule->commonName;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::GetLibName(/*out*/ nsACString& libName)
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  if (mModule->dllName) {
+    libName = mModule->dllName;
+  } else {
+    libName.SetIsVoid(true);
+  }
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::FindSlotByName(const nsACString& name,
+                       /*out*/ nsIPKCS11Slot** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown())
+    return NS_ERROR_NOT_AVAILABLE;
+
+  const nsCString& flatName = PromiseFlatCString(name);
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Getting \"%s\"", flatName.get()));
+  UniquePK11SlotInfo slotInfo;
+  UniquePK11SlotList slotList(PK11_FindSlotsByNames(mModule->dllName,
+                                                    flatName.get() /*slotName*/,
+                                                    nullptr /*tokenName*/,
+                                                    false));
+  if (!slotList) {
+    /* name must be the token name */
+    slotList.reset(PK11_FindSlotsByNames(mModule->dllName, nullptr /*slotName*/,
+                                         flatName.get() /*tokenName*/, false));
+  }
+  if (slotList && slotList->head && slotList->head->slot) {
+    slotInfo.reset(PK11_ReferenceSlot(slotList->head->slot));
+  }
+  if (!slotInfo) {
+    // workaround - the builtin module has no name
+    if (!flatName.EqualsLiteral("Root Certificates")) {
+      // Give up.
+      return NS_ERROR_FAILURE;
+    }
+
+    slotInfo.reset(PK11_ReferenceSlot(mModule->slots[0]));
+  }
+
+  nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotInfo.get());
+  slot.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11Module::ListSlots(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* applications which allow new slot creation (which Firefox now does
+   * since it uses the WaitForSlotEvent call) need to hold the
+   * ModuleList Read lock to prevent the slot array from changing out
+   * from under it. */
+  AutoSECMODListReadLock lock;
+  for (int i = 0; i < mModule->slotCount; i++) {
+    if (mModule->slots[i]) {
+      nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
+      nsresult rv = array->AppendElement(slot, false);
+      if (NS_FAILED(rv)) {
+        return rv;
+      }
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
+
+NS_IMPL_ISUPPORTS(nsPKCS11ModuleDB, nsIPKCS11ModuleDB, nsICryptoFIPSInfo)
+
+nsPKCS11ModuleDB::nsPKCS11ModuleDB()
+{
+}
+
+nsPKCS11ModuleDB::~nsPKCS11ModuleDB()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule nssMod(
+    SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS));
+  if (!nssMod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule nssMod(
+    SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS));
+  if (!nssMod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::FindModuleByName(const nsACString& name,
+                           /*out*/ nsIPKCS11Module** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniqueSECMODModule mod(SECMOD_FindModule(PromiseFlatCString(name).get()));
+  if (!mod) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod.get());
+  module.forget(_retval);
+  return NS_OK;
+}
+
+/* This is essentially the same as nsIPK11Token::findTokenByName, except
+ * that it returns an nsIPKCS11Slot, which may be desired.
+ */
+NS_IMETHODIMP
+nsPKCS11ModuleDB::FindSlotByName(const nsACString& name,
+                         /*out*/ nsIPKCS11Slot** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  UniquePK11SlotInfo slotInfo(
+    PK11_FindSlotByName(PromiseFlatCString(name).get()));
+  if (!slotInfo) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotInfo.get());
+  slot.forget(_retval);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::ListModules(nsISimpleEnumerator** _retval)
+{
+  NS_ENSURE_ARG_POINTER(_retval);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  nsCOMPtr<nsIMutableArray> array = do_CreateInstance(NS_ARRAY_CONTRACTID);
+  if (!array) {
+    return NS_ERROR_FAILURE;
+  }
+
+  /* lock down the list for reading */
+  AutoSECMODListReadLock lock;
+  for (SECMODModuleList* list = SECMOD_GetDefaultModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  /* Get the modules in the database that didn't load */
+  for (SECMODModuleList* list = SECMOD_GetDeadModuleList(); list;
+       list = list->next) {
+    nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
+    nsresult rv = array->AppendElement(module, false);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+  }
+
+  return array->Enumerate(_retval);
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetCanToggleFIPS(bool* aCanToggleFIPS)
+{
+  NS_ENSURE_ARG_POINTER(aCanToggleFIPS);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
+  return NS_OK;
+}
+
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::ToggleFIPSMode()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // The way to toggle FIPS mode in NSS is extremely obscure. Basically, we
+  // delete the internal module, and it gets replaced with the opposite module
+  // (i.e. if it was FIPS before, then it becomes non-FIPS next).
+  // SECMOD_GetInternalModule() returns a pointer to a local copy of the
+  // internal module stashed in NSS.  We don't want to delete it since it will
+  // cause much pain in NSS.
+  SECMODModule* internal = SECMOD_GetInternalModule();
+  if (!internal) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (SECMOD_DeleteInternalModule(internal->commonName) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (PK11_IsFIPS()) {
+    Telemetry::Accumulate(Telemetry::FIPS_ENABLED, true);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetIsFIPSEnabled(bool* aIsFIPSEnabled)
+{
+  NS_ENSURE_ARG_POINTER(aIsFIPSEnabled);
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aIsFIPSEnabled = PK11_IsFIPS();
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsPKCS11ModuleDB::GetIsFIPSModeActive(bool* aIsFIPSModeActive)
+{
+  return GetIsFIPSEnabled(aIsFIPSModeActive);
+}
diff --git a/security/manager/ssl/nsPKCS11Slot.h b/security/manager/ssl/nsPKCS11Slot.h
new file mode 100644
index 000000000..978df377c
--- /dev/null
+++ b/security/manager/ssl/nsPKCS11Slot.h
@@ -0,0 +1,88 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsPKCS11Slot_h
+#define nsPKCS11Slot_h
+
+#include "ScopedNSSTypes.h"
+#include "nsICryptoFIPSInfo.h"
+#include "nsIPKCS11Module.h"
+#include "nsIPKCS11ModuleDB.h"
+#include "nsIPKCS11Slot.h"
+#include "nsISupports.h"
+#include "nsNSSShutDown.h"
+#include "nsString.h"
+#include "pk11func.h"
+
+class nsPKCS11Slot : public nsIPKCS11Slot,
+                     public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11SLOT
+
+  explicit nsPKCS11Slot(PK11SlotInfo* slot);
+
+protected:
+  virtual ~nsPKCS11Slot();
+
+private:
+  mozilla::UniquePK11SlotInfo mSlot;
+  nsCString mSlotDesc;
+  nsCString mSlotManufacturerID;
+  nsCString mSlotHWVersion;
+  nsCString mSlotFWVersion;
+  int mSeries;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+  nsresult refreshSlotInfo(const nsNSSShutDownPreventionLock& proofOfLock);
+  nsresult GetAttributeHelper(const nsACString& attribute,
+                      /*out*/ nsACString& xpcomOutParam);
+};
+
+class nsPKCS11Module : public nsIPKCS11Module,
+                       public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULE
+
+  explicit nsPKCS11Module(SECMODModule* module);
+
+protected:
+  virtual ~nsPKCS11Module();
+
+private:
+  mozilla::UniqueSECMODModule mModule;
+
+  virtual void virtualDestroyNSSReference() override;
+  void destructorSafeDestroyNSSReference();
+};
+
+class nsPKCS11ModuleDB : public nsIPKCS11ModuleDB
+                       , public nsICryptoFIPSInfo
+                       , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIPKCS11MODULEDB
+  NS_DECL_NSICRYPTOFIPSINFO
+
+  nsPKCS11ModuleDB();
+
+protected:
+  virtual ~nsPKCS11ModuleDB();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#define NS_PKCS11MODULEDB_CID \
+{ 0xff9fbcd7, 0x9517, 0x4334, \
+  { 0xb9, 0x7a, 0xce, 0xed, 0x78, 0x90, 0x99, 0x74 }}
+
+#endif // nsPKCS11Slot_h
diff --git a/security/manager/ssl/nsPKCS12Blob.cpp b/security/manager/ssl/nsPKCS12Blob.cpp
new file mode 100644
index 000000000..e3d80a398
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -0,0 +1,644 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsPKCS12Blob.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "nsCRT.h"
+#include "nsCRTGlue.h"
+#include "nsDirectoryServiceDefs.h"
+#include "nsICertificateDialogs.h"
+#include "nsIDirectoryService.h"
+#include "nsIFile.h"
+#include "nsIInputStream.h"
+#include "nsKeygenHandler.h" // For GetSlotWithMechanism
+#include "nsNSSCertificate.h"
+#include "nsNSSComponent.h"
+#include "nsNSSHelper.h"
+#include "nsNSSShutDown.h"
+#include "nsNetUtil.h"
+#include "nsPK11TokenDB.h"
+#include "nsReadableUtils.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "pkix/pkixtypes.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "secerr.h"
+
+using namespace mozilla;
+extern LazyLogModule gPIPNSSLog;
+
+#define PIP_PKCS12_TMPFILENAME   NS_LITERAL_CSTRING(".pip_p12tmp")
+#define PIP_PKCS12_BUFFER_SIZE   2048
+#define PIP_PKCS12_RESTORE_OK          1
+#define PIP_PKCS12_BACKUP_OK           2
+#define PIP_PKCS12_USER_CANCELED       3
+#define PIP_PKCS12_NOSMARTCARD_EXPORT  4
+#define PIP_PKCS12_RESTORE_FAILED      5
+#define PIP_PKCS12_BACKUP_FAILED       6
+#define PIP_PKCS12_NSS_ERROR           7
+
+// constructor
+nsPKCS12Blob::nsPKCS12Blob():mCertArray(nullptr),
+                             mTmpFile(nullptr),
+                             mTokenSet(false)
+{
+  mUIContext = new PipUIContext();
+}
+
+// destructor
+nsPKCS12Blob::~nsPKCS12Blob()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+
+  shutdown(ShutdownCalledFrom::Object);
+}
+
+// nsPKCS12Blob::SetToken
+//
+// Set the token to use for import/export
+nsresult
+nsPKCS12Blob::SetToken(nsIPK11Token *token)
+{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+  return NS_ERROR_NOT_AVAILABLE;
+ }
+ nsresult rv = NS_OK;
+ if (token) {
+   mToken = token;
+ } else {
+   PK11SlotInfo *slot;
+   rv = GetSlotWithMechanism(CKM_RSA_PKCS, mUIContext, &slot, locker);
+   if (NS_FAILED(rv)) {
+      mToken = nullptr;
+   } else {
+     mToken = new nsPK11Token(slot);
+     PK11_FreeSlot(slot);
+   }
+ }
+ mTokenSet = true;
+ return rv;
+}
+
+// nsPKCS12Blob::ImportFromFile
+//
+// Given a file handle, read a PKCS#12 blob from that file, decode it,
+// and import the results into the token.
+nsresult
+nsPKCS12Blob::ImportFromFile(nsIFile *file)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv = NS_OK;
+
+  if (!mToken) {
+    if (!mTokenSet) {
+      rv = SetToken(nullptr); // Ask the user to pick a slot
+      if (NS_FAILED(rv)) {
+        handleError(PIP_PKCS12_USER_CANCELED);
+        return rv;
+      }
+    }
+  }
+
+  if (!mToken) {
+    handleError(PIP_PKCS12_RESTORE_FAILED);
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  // init slot
+  rv = mToken->Login(true);
+  if (NS_FAILED(rv)) return rv;
+  
+  RetryReason wantRetry;
+  
+  do {
+    rv = ImportFromFileHelper(file, im_standard_prompt, wantRetry);
+    
+    if (NS_SUCCEEDED(rv) && wantRetry == rr_auto_retry_empty_password_flavors)
+    {
+      rv = ImportFromFileHelper(file, im_try_zero_length_secitem, wantRetry);
+    }
+  }
+  while (NS_SUCCEEDED(rv) && (wantRetry != rr_do_not_retry));
+  
+  return rv;
+}
+
+nsresult
+nsPKCS12Blob::ImportFromFileHelper(nsIFile *file, 
+                                   nsPKCS12Blob::ImportMode aImportMode,
+                                   nsPKCS12Blob::RetryReason &aWantRetry)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv = NS_OK;
+  SECStatus srv = SECSuccess;
+  SEC_PKCS12DecoderContext *dcx = nullptr;
+  SECItem unicodePw;
+
+  UniquePK11SlotInfo slot;
+  nsAutoCString tokenName;
+  unicodePw.data = nullptr;
+
+  aWantRetry = rr_do_not_retry;
+
+  if (aImportMode == im_try_zero_length_secitem)
+  {
+    unicodePw.len = 0;
+  }
+  else
+  {
+    // get file password (unicode)
+    rv = getPKCS12FilePassword(&unicodePw);
+    if (NS_FAILED(rv)) goto finish;
+    if (!unicodePw.data) {
+      handleError(PIP_PKCS12_USER_CANCELED);
+      return NS_OK;
+    }
+  }
+
+  rv = mToken->GetTokenName(tokenName);
+  if (NS_FAILED(rv)) {
+    goto finish;
+  }
+  slot = UniquePK11SlotInfo(PK11_FindSlotByName(tokenName.get()));
+  if (!slot) {
+    srv = SECFailure;
+    goto finish;
+  }
+
+  // initialize the decoder
+  dcx = SEC_PKCS12DecoderStart(&unicodePw, slot.get(), nullptr, nullptr,
+                               nullptr, nullptr, nullptr, nullptr);
+  if (!dcx) {
+    srv = SECFailure;
+    goto finish;
+  }
+  // read input file and feed it to the decoder
+  rv = inputToDecoder(dcx, file);
+  if (NS_FAILED(rv)) {
+    if (NS_ERROR_ABORT == rv) {
+      // inputToDecoder indicated a NSS error
+      srv = SECFailure;
+    }
+    goto finish;
+  }
+  // verify the blob
+  srv = SEC_PKCS12DecoderVerify(dcx);
+  if (srv) goto finish;
+  // validate bags
+  srv = SEC_PKCS12DecoderValidateBags(dcx, nickname_collision);
+  if (srv) goto finish;
+  // import cert and key
+  srv = SEC_PKCS12DecoderImportBags(dcx);
+  if (srv) goto finish;
+  // Later - check to see if this should become default email cert
+  handleError(PIP_PKCS12_RESTORE_OK);
+finish:
+  // If srv != SECSuccess, NSS probably set a specific error code.
+  // We should use that error code instead of inventing a new one
+  // for every error possible.
+  if (srv != SECSuccess) {
+    if (SEC_ERROR_BAD_PASSWORD == PORT_GetError()) {
+      if (unicodePw.len == sizeof(char16_t))
+      {
+        // no password chars available, 
+        // unicodeToItem allocated space for the trailing zero character only.
+        aWantRetry = rr_auto_retry_empty_password_flavors;
+      }
+      else
+      {
+        aWantRetry = rr_bad_password;
+        handleError(PIP_PKCS12_NSS_ERROR);
+      }
+    }
+    else
+    {
+      handleError(PIP_PKCS12_NSS_ERROR);
+    }
+  } else if (NS_FAILED(rv)) {
+    handleError(PIP_PKCS12_RESTORE_FAILED);
+  }
+  // finish the decoder
+  if (dcx)
+    SEC_PKCS12DecoderFinish(dcx);
+  SECITEM_ZfreeItem(&unicodePw, false);
+  return NS_OK;
+}
+
+static bool
+isExtractable(SECKEYPrivateKey *privKey)
+{
+  ScopedAutoSECItem value;
+  SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, privKey,
+                                       CKA_EXTRACTABLE, &value);
+  if (rv != SECSuccess) {
+    return false;
+  }
+
+  bool isExtractable = false;
+  if ((value.len == 1) && value.data) {
+    isExtractable = !!(*(CK_BBOOL*)value.data);
+  }
+  return isExtractable;
+}
+
+// nsPKCS12Blob::ExportToFile
+//
+// Having already loaded the certs, form them into a blob (loading the keys
+// also), encode the blob, and stuff it into the file.
+//
+// TODO: handle slots correctly
+//       mirror "slotToUse" behavior from PSM 1.x
+//       verify the cert array to start off with?
+//       open output file as nsIFileStream object?
+//       set appropriate error codes
+nsresult
+nsPKCS12Blob::ExportToFile(nsIFile *file, 
+                           nsIX509Cert **certs, int numCerts)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv;
+  SECStatus srv = SECSuccess;
+  SEC_PKCS12ExportContext *ecx = nullptr;
+  SEC_PKCS12SafeInfo *certSafe = nullptr, *keySafe = nullptr;
+  SECItem unicodePw;
+  nsAutoString filePath;
+  int i;
+  nsCOMPtr<nsIFile> localFileRef;
+  NS_ASSERTION(mToken, "Need to set the token before exporting");
+  // init slot
+
+  bool InformedUserNoSmartcardBackup = false;
+  int numCertsExported = 0;
+
+  rv = mToken->Login(true);
+  if (NS_FAILED(rv)) goto finish;
+  // get file password (unicode)
+  unicodePw.data = nullptr;
+  rv = newPKCS12FilePassword(&unicodePw);
+  if (NS_FAILED(rv)) goto finish;
+  if (!unicodePw.data) {
+    handleError(PIP_PKCS12_USER_CANCELED);
+    return NS_OK;
+  }
+  // what about slotToUse in psm 1.x ???
+  // create export context
+  ecx = SEC_PKCS12CreateExportContext(nullptr, nullptr, nullptr /*slot*/, nullptr);
+  if (!ecx) {
+    srv = SECFailure;
+    goto finish;
+  }
+  // add password integrity
+  srv = SEC_PKCS12AddPasswordIntegrity(ecx, &unicodePw, SEC_OID_SHA1);
+  if (srv) goto finish;
+  for (i=0; i<numCerts; i++) {
+    nsNSSCertificate *cert = (nsNSSCertificate *)certs[i];
+    // get it as a CERTCertificate XXX
+    UniqueCERTCertificate nssCert(cert->GetCert());
+    if (!nssCert) {
+      rv = NS_ERROR_FAILURE;
+      goto finish;
+    }
+    // We can only successfully export certs that are on 
+    // internal token.  Most, if not all, smart card vendors
+    // won't let you extract the private key (in any way
+    // shape or form) from the card.  So let's punt if 
+    // the cert is not in the internal db.
+    if (nssCert->slot && !PK11_IsInternal(nssCert->slot)) {
+      // we aren't the internal token, see if the key is extractable.
+      SECKEYPrivateKey *privKey=PK11_FindKeyByDERCert(nssCert->slot,
+                                                      nssCert.get(), this);
+
+      if (privKey) {
+        bool privKeyIsExtractable = isExtractable(privKey);
+
+        SECKEY_DestroyPrivateKey(privKey);
+
+        if (!privKeyIsExtractable) {
+          if (!InformedUserNoSmartcardBackup) {
+            InformedUserNoSmartcardBackup = true;
+            handleError(PIP_PKCS12_NOSMARTCARD_EXPORT);
+          }
+          continue;
+        }
+      }
+    }
+
+    // XXX this is why, to verify the slot is the same
+    // PK11_FindObjectForCert(nssCert, nullptr, slot);
+    // create the cert and key safes
+    keySafe = SEC_PKCS12CreateUnencryptedSafe(ecx);
+    if (!SEC_PKCS12IsEncryptionAllowed() || PK11_IsFIPS()) {
+      certSafe = keySafe;
+    } else {
+      certSafe = SEC_PKCS12CreatePasswordPrivSafe(ecx, &unicodePw,
+                           SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC);
+    }
+    if (!certSafe || !keySafe) {
+      rv = NS_ERROR_FAILURE;
+      goto finish;
+    }
+    // add the cert and key to the blob
+    srv = SEC_PKCS12AddCertAndKey(ecx, certSafe, nullptr, nssCert.get(),
+                                  CERT_GetDefaultCertDB(), // XXX
+                                  keySafe, nullptr, true, &unicodePw,
+                      SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC);
+    if (srv) goto finish;
+    // cert was dup'ed, so release it
+    ++numCertsExported;
+  }
+  
+  if (!numCertsExported) goto finish;
+  
+  // prepare the instance to write to an export file
+  this->mTmpFile = nullptr;
+  file->GetPath(filePath);
+  // Use the nsCOMPtr var localFileRef so that
+  // the reference to the nsIFile we create gets released as soon as
+  // we're out of scope, ie when this function exits.
+  if (filePath.RFind(".p12", true, -1, 4) < 0) {
+    // We're going to add the .p12 extension to the file name just like
+    // Communicator used to.  We create a new nsIFile and initialize
+    // it with the new patch.
+    filePath.AppendLiteral(".p12");
+    localFileRef = do_CreateInstance(NS_LOCAL_FILE_CONTRACTID, &rv);
+    if (NS_FAILED(rv)) goto finish;
+    localFileRef->InitWithPath(filePath);
+    file = localFileRef;
+  }
+  rv = file->OpenNSPRFileDesc(PR_RDWR|PR_CREATE_FILE|PR_TRUNCATE, 0664, 
+                              &mTmpFile);
+  if (NS_FAILED(rv) || !this->mTmpFile) goto finish;
+  // encode and write
+  srv = SEC_PKCS12Encode(ecx, write_export_file, this);
+  if (srv) goto finish;
+  handleError(PIP_PKCS12_BACKUP_OK);
+finish:
+  if (NS_FAILED(rv) || srv != SECSuccess) {
+    handleError(PIP_PKCS12_BACKUP_FAILED);
+  }
+  if (ecx)
+    SEC_PKCS12DestroyExportContext(ecx);
+  if (this->mTmpFile) {
+    PR_Close(this->mTmpFile);
+    this->mTmpFile = nullptr;
+  }
+  SECITEM_ZfreeItem(&unicodePw, false);
+  return rv;
+}
+
+///////////////////////////////////////////////////////////////////////
+//
+//  private members
+//
+///////////////////////////////////////////////////////////////////////
+
+// unicodeToItem
+//
+// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to
+// a buffer of octets.  Must handle byte order correctly.
+nsresult
+nsPKCS12Blob::unicodeToItem(const char16_t *uni, SECItem *item)
+{
+  uint32_t len = NS_strlen(uni) + 1;
+  if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  mozilla::NativeEndian::copyAndSwapToBigEndian(item->data, uni, len);
+
+  return NS_OK;
+}
+
+// newPKCS12FilePassword
+//
+// Launch a dialog requesting the user for a new PKCS#12 file passowrd.
+// Handle user canceled by returning null password (caller must catch).
+nsresult
+nsPKCS12Blob::newPKCS12FilePassword(SECItem *unicodePw)
+{
+  nsresult rv = NS_OK;
+  nsAutoString password;
+  nsCOMPtr<nsICertificateDialogs> certDialogs;
+  rv = ::getNSSDialogs(getter_AddRefs(certDialogs), 
+                       NS_GET_IID(nsICertificateDialogs),
+                       NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) return rv;
+  bool pressedOK;
+  rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
+  if (NS_FAILED(rv) || !pressedOK) return rv;
+  return unicodeToItem(password.get(), unicodePw);
+}
+
+// getPKCS12FilePassword
+//
+// Launch a dialog requesting the user for the password to a PKCS#12 file.
+// Handle user canceled by returning null password (caller must catch).
+nsresult
+nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
+{
+  nsresult rv = NS_OK;
+  nsAutoString password;
+  nsCOMPtr<nsICertificateDialogs> certDialogs;
+  rv = ::getNSSDialogs(getter_AddRefs(certDialogs), 
+                       NS_GET_IID(nsICertificateDialogs),
+                       NS_CERTIFICATEDIALOGS_CONTRACTID);
+  if (NS_FAILED(rv)) return rv;
+  bool pressedOK;
+  rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
+  if (NS_FAILED(rv) || !pressedOK) return rv;
+  return unicodeToItem(password.get(), unicodePw);
+}
+
+// inputToDecoder
+//
+// Given a decoder, read bytes from file and input them to the decoder.
+nsresult
+nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file)
+{
+  nsNSSShutDownPreventionLock locker;
+  nsresult rv;
+  SECStatus srv;
+  uint32_t amount;
+  char buf[PIP_PKCS12_BUFFER_SIZE];
+
+  nsCOMPtr<nsIInputStream> fileStream;
+  rv = NS_NewLocalFileInputStream(getter_AddRefs(fileStream), file);
+  
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  while (true) {
+    rv = fileStream->Read(buf, PIP_PKCS12_BUFFER_SIZE, &amount);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    // feed the file data into the decoder
+    srv = SEC_PKCS12DecoderUpdate(dcx, 
+				  (unsigned char*) buf, 
+				  amount);
+    if (srv) {
+      // don't allow the close call to overwrite our precious error code
+      int pr_err = PORT_GetError();
+      PORT_SetError(pr_err);
+      return NS_ERROR_ABORT;
+    }
+    if (amount < PIP_PKCS12_BUFFER_SIZE)
+      break;
+  }
+  return NS_OK;
+}
+
+// nickname_collision
+// what to do when the nickname collides with one already in the db.
+// TODO: not handled, throw a dialog allowing the nick to be changed?
+SECItem *
+nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  nsNSSShutDownPreventionLock locker;
+  *cancel = false;
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_FAILED(rv)) return nullptr;
+  int count = 1;
+  nsCString nickname;
+  nsAutoString nickFromProp;
+  nssComponent->GetPIPNSSBundleString("P12DefaultNickname", nickFromProp);
+  NS_ConvertUTF16toUTF8 nickFromPropC(nickFromProp);
+  // The user is trying to import a PKCS#12 file that doesn't have the
+  // attribute we use to set the nickname.  So in order to reduce the
+  // number of interactions we require with the user, we'll build a nickname
+  // for the user.  The nickname isn't prominently displayed in the UI, 
+  // so it's OK if we generate one on our own here.
+  //   XXX If the NSS API were smarter and actually passed a pointer to
+  //       the CERTCertificate* we're importing we could actually just
+  //       call default_nickname (which is what the issuance code path
+  //       does) and come up with a reasonable nickname.  Alas, the NSS
+  //       API limits our ability to produce a useful nickname without
+  //       bugging the user.  :(
+  while (1) {
+    // If we've gotten this far, that means there isn't a certificate
+    // in the database that has the same subject name as the cert we're
+    // trying to import.  So we need to come up with a "nickname" to 
+    // satisfy the NSS requirement or fail in trying to import.  
+    // Basically we use a default nickname from a properties file and 
+    // see if a certificate exists with that nickname.  If there isn't, then
+    // create update the count by one and append the string '#1' Or 
+    // whatever the count currently is, and look for a cert with 
+    // that nickname.  Keep updating the count until we find a nickname
+    // without a corresponding cert.
+    //  XXX If a user imports *many* certs without the 'friendly name'
+    //      attribute, then this may take a long time.  :(
+    nickname = nickFromPropC;
+    if (count > 1) {
+      nickname.AppendPrintf(" #%d", count);
+    }
+    UniqueCERTCertificate cert(CERT_FindCertByNickname(CERT_GetDefaultCertDB(),
+                                                       nickname.get()));
+    if (!cert) {
+      break;
+    }
+    count++;
+  }
+  SECItem *newNick = new SECItem;
+  if (!newNick)
+    return nullptr;
+
+  newNick->type = siAsciiString;
+  newNick->data = (unsigned char*) strdup(nickname.get());
+  newNick->len  = strlen((char*)newNick->data);
+  return newNick;
+}
+
+// write_export_file
+// write bytes to the exported PKCS#12 file
+void
+nsPKCS12Blob::write_export_file(void *arg, const char *buf, unsigned long len)
+{
+  nsPKCS12Blob *cx = (nsPKCS12Blob *)arg;
+  PR_Write(cx->mTmpFile, buf, len);
+}
+
+// pip_ucs2_ascii_conversion_fn
+// required to be set by NSS (to do PKCS#12), but since we've already got
+// unicode make this a no-op.
+PRBool
+pip_ucs2_ascii_conversion_fn(PRBool toUnicode,
+                             unsigned char *inBuf,
+                             unsigned int inBufLen,
+                             unsigned char *outBuf,
+                             unsigned int maxOutBufLen,
+                             unsigned int *outBufLen,
+                             PRBool swapBytes)
+{
+  // do a no-op, since I've already got unicode.  Hah!
+  *outBufLen = inBufLen;
+  memcpy(outBuf, inBuf, inBufLen);
+  return true;
+}
+
+void
+nsPKCS12Blob::handleError(int myerr)
+{
+  static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
+
+  if (!NS_IsMainThread()) {
+    NS_ERROR("nsPKCS12Blob::handleError called off the mai nthread.");
+    return;
+  }
+
+  int prerr = PORT_GetError();
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: NSS/NSPR error(%d)", prerr));
+  MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PKCS12: I called(%d)", myerr));
+
+  const char * msgID = nullptr;
+
+  switch (myerr) {
+  case PIP_PKCS12_RESTORE_OK:       msgID = "SuccessfulP12Restore"; break;
+  case PIP_PKCS12_BACKUP_OK:        msgID = "SuccessfulP12Backup";  break;
+  case PIP_PKCS12_USER_CANCELED:
+    return;  /* Just ignore it for now */
+  case PIP_PKCS12_NOSMARTCARD_EXPORT: msgID = "PKCS12InfoNoSmartcardBackup"; break;
+  case PIP_PKCS12_RESTORE_FAILED:   msgID = "PKCS12UnknownErrRestore"; break;
+  case PIP_PKCS12_BACKUP_FAILED:    msgID = "PKCS12UnknownErrBackup"; break;
+  case PIP_PKCS12_NSS_ERROR:
+    switch (prerr) {
+    // The following errors have the potential to be "handled", by asking
+    // the user (via a dialog) whether s/he wishes to continue
+    case 0: break;
+    case SEC_ERROR_PKCS12_CERT_COLLISION:
+      /* pop a dialog saying the cert is already in the database */
+      /* ask to keep going?  what happens if one collision but others ok? */
+      // The following errors cannot be "handled", notify the user (via an alert)
+      // that the operation failed.
+    case SEC_ERROR_BAD_PASSWORD: msgID = "PK11BadPassword"; break;
+
+    case SEC_ERROR_BAD_DER:
+    case SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE:
+    case SEC_ERROR_PKCS12_INVALID_MAC:
+      msgID = "PKCS12DecodeErr";
+      break;
+
+    case SEC_ERROR_PKCS12_DUPLICATE_DATA: msgID = "PKCS12DupData"; break;
+    }
+    break;
+  }
+
+  if (!msgID)
+    msgID = "PKCS12UnknownErr";
+
+  nsresult rv;
+  nsCOMPtr<nsINSSComponent> nssComponent = do_GetService(kNSSComponentCID, &rv);
+  if (NS_SUCCEEDED(rv))
+    (void) nssComponent->ShowAlertFromStringBundle(msgID);
+}
diff --git a/security/manager/ssl/nsPKCS12Blob.h b/security/manager/ssl/nsPKCS12Blob.h
new file mode 100644
index 000000000..35891182c
--- /dev/null
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -0,0 +1,87 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */
+
+#ifndef _NS_PKCS12BLOB_H_
+#define _NS_PKCS12BLOB_H_
+
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsIFile.h"
+#include "nsIPK11TokenDB.h"
+#include "nsNSSHelper.h"
+#include "nsIPK11Token.h"
+#include "nsIMutableArray.h"
+
+#include "nss.h"
+
+#include "pkcs12.h"
+#include "p12plcy.h"
+
+class nsIX509Cert;
+
+//
+// nsPKCS12Blob
+//
+// Class for importing/exporting PKCS#12 blobs
+//
+class nsPKCS12Blob : public nsNSSShutDownObject
+{
+public:
+  nsPKCS12Blob();
+  virtual ~nsPKCS12Blob();
+
+  // Nothing to release.
+  virtual void virtualDestroyNSSReference() override {}
+
+  // Set the token to use (default is internal)
+  nsresult SetToken(nsIPK11Token *token);
+
+  // PKCS#12 Import
+  nsresult ImportFromFile(nsIFile *file);
+
+  // PKCS#12 Export
+  nsresult ExportToFile(nsIFile *file, nsIX509Cert **certs, int numCerts);
+
+private:
+
+  nsCOMPtr<nsIPK11Token>          mToken;
+  nsCOMPtr<nsIMutableArray>       mCertArray;
+  nsCOMPtr<nsIInterfaceRequestor> mUIContext;
+
+  // local helper functions
+  nsresult getPKCS12FilePassword(SECItem *);
+  nsresult newPKCS12FilePassword(SECItem *);
+  nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
+  nsresult unicodeToItem(const char16_t *, SECItem *);
+  void handleError(int myerr = 0);
+
+  // RetryReason and ImportMode are used when importing a PKCS12 file.
+  // There are two reasons that cause us to retry:
+  // - When the password entered by the user is incorrect.
+  //   The user will be prompted to try again.
+  // - When the user entered a zero length password.
+  //   An empty password should be represented as an empty
+  //   string (a SECItem that contains a single terminating
+  //   null UTF16 character), but some applications use a
+  //   zero length SECItem.
+  //   We try both variations, zero length item and empty string,
+  //   without giving a user prompt when trying the different empty password flavors.
+  
+  enum RetryReason { rr_do_not_retry, rr_bad_password, rr_auto_retry_empty_password_flavors };
+  enum ImportMode { im_standard_prompt, im_try_zero_length_secitem };
+  
+  nsresult ImportFromFileHelper(nsIFile *file, ImportMode aImportMode, RetryReason &aWantRetry);
+
+  // NSPR file I/O for export file
+  PRFileDesc *mTmpFile;
+
+  bool        mTokenSet;
+
+  static SECItem * nickname_collision(SECItem *, PRBool *, void *);
+  static void write_export_file(void *arg, const char *buf, unsigned long len);
+
+};
+
+#endif /* _NS_PKCS12BLOB_H_ */
diff --git a/security/manager/ssl/nsProtectedAuthThread.cpp b/security/manager/ssl/nsProtectedAuthThread.cpp
new file mode 100644
index 000000000..ea511b24a
--- /dev/null
+++ b/security/manager/ssl/nsProtectedAuthThread.cpp
@@ -0,0 +1,146 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "pk11func.h"
+#include "mozilla/DebugOnly.h"
+#include "mozilla/RefPtr.h"
+#include "nsCOMPtr.h"
+#include "PSMRunnable.h"
+#include "nsString.h"
+#include "nsReadableUtils.h"
+#include "nsPKCS11Slot.h"
+#include "nsProtectedAuthThread.h"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+NS_IMPL_ISUPPORTS(nsProtectedAuthThread, nsIProtectedAuthThread)
+
+static void nsProtectedAuthThreadRunner(void *arg)
+{
+    PR_SetCurrentThreadName("Protected Auth");
+
+    nsProtectedAuthThread *self = static_cast<nsProtectedAuthThread *>(arg);
+    self->Run();
+}
+
+nsProtectedAuthThread::nsProtectedAuthThread()
+: mMutex("nsProtectedAuthThread.mMutex")
+, mIAmRunning(false)
+, mLoginReady(false)
+, mThreadHandle(nullptr)
+, mSlot(0)
+, mLoginResult(SECFailure)
+{
+}
+
+nsProtectedAuthThread::~nsProtectedAuthThread()
+{
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::Login(nsIObserver *aObserver)
+{
+    NS_ENSURE_ARG(aObserver);
+    
+    if (!mSlot)
+        // We need pointer to the slot
+        return NS_ERROR_FAILURE;
+
+    MutexAutoLock lock(mMutex);
+    
+    if (mIAmRunning || mLoginReady) {
+        return NS_OK;
+    }
+
+    if (aObserver) {
+      // We must AddRef aObserver here on the main thread, because it probably
+      // does not implement a thread-safe AddRef.
+      mNotifyObserver = new NotifyObserverRunnable(aObserver,
+                                                   "operation-completed");
+    }
+
+    mIAmRunning = true;
+    
+    mThreadHandle = PR_CreateThread(PR_USER_THREAD, nsProtectedAuthThreadRunner, static_cast<void*>(this), 
+        PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD, PR_JOINABLE_THREAD, 0);
+    
+    // bool thread_started_ok = (threadHandle != nullptr);
+    // we might want to return "thread started ok" to caller in the future
+    NS_ASSERTION(mThreadHandle, "Could not create nsProtectedAuthThreadRunner thread\n");
+    
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::GetTokenName(nsAString &_retval)
+{
+    MutexAutoLock lock(mMutex);
+
+    // Get token name
+    CopyUTF8toUTF16(nsDependentCString(PK11_GetTokenName(mSlot)), _retval);
+
+    return NS_OK;
+}
+
+NS_IMETHODIMP nsProtectedAuthThread::GetSlot(nsIPKCS11Slot **_retval)
+{
+    RefPtr<nsPKCS11Slot> slot;
+    {
+        MutexAutoLock lock(mMutex);
+        slot = new nsPKCS11Slot(mSlot);
+    }
+
+    slot.forget(_retval);
+    return NS_OK;
+}
+
+void nsProtectedAuthThread::SetParams(PK11SlotInfo* aSlot)
+{
+    MutexAutoLock lock(mMutex);
+
+    mSlot = (aSlot) ? PK11_ReferenceSlot(aSlot) : 0;
+}
+
+SECStatus nsProtectedAuthThread::GetResult()
+{
+    return mLoginResult;
+}
+
+void nsProtectedAuthThread::Run(void)
+{
+    // Login with null password. This call will also do C_Logout() but 
+    // it is harmless here
+    mLoginResult = PK11_CheckUserPassword(mSlot, 0);
+
+    nsCOMPtr<nsIRunnable> notifyObserver;
+    {
+        MutexAutoLock lock(mMutex);
+
+        mLoginReady = true;
+        mIAmRunning = false;
+
+        // Forget the slot
+        if (mSlot)
+        {
+            PK11_FreeSlot(mSlot);
+            mSlot = 0;
+        }
+
+        notifyObserver.swap(mNotifyObserver);
+    }
+    
+    if (notifyObserver) {
+        DebugOnly<nsresult> rv = NS_DispatchToMainThread(notifyObserver);
+	NS_ASSERTION(NS_SUCCEEDED(rv),
+		     "failed to dispatch protected auth observer to main thread");
+    }
+}
+
+void nsProtectedAuthThread::Join()
+{
+    if (!mThreadHandle)
+        return;
+    
+    PR_JoinThread(mThreadHandle);
+    mThreadHandle = nullptr;
+}
diff --git a/security/manager/ssl/nsProtectedAuthThread.h b/security/manager/ssl/nsProtectedAuthThread.h
new file mode 100644
index 000000000..d6bea8e13
--- /dev/null
+++ b/security/manager/ssl/nsProtectedAuthThread.h
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef NSPROTECTEDAUTHTHREAD_H_
+#define NSPROTECTEDAUTHTHREAD_H_
+
+#include <nsCOMPtr.h>
+#include "keyhi.h"
+#include "nspr.h"
+
+#include "mozilla/Mutex.h"
+#include "nsIProtectedAuthThread.h"
+
+class nsIRunnable;
+
+class nsProtectedAuthThread : public nsIProtectedAuthThread
+{
+private:
+    mozilla::Mutex mMutex;
+
+    nsCOMPtr<nsIRunnable> mNotifyObserver;
+
+    bool        mIAmRunning;
+    bool        mLoginReady;
+
+    PRThread    *mThreadHandle;
+
+    // Slot to do authentication on
+    PK11SlotInfo*   mSlot;
+
+    // Result of the authentication
+    SECStatus       mLoginResult;
+
+public:
+
+    nsProtectedAuthThread();
+
+    NS_DECL_THREADSAFE_ISUPPORTS
+    NS_DECL_NSIPROTECTEDAUTHTHREAD
+
+    // Sets parameters for the thread
+    void SetParams(PK11SlotInfo *slot);
+
+    // Gets result of the protected authentication operation
+    SECStatus GetResult();
+
+    void Join(void);
+
+    void Run(void);
+
+protected:
+    virtual ~nsProtectedAuthThread();
+};
+
+#endif // NSPROTECTEDAUTHTHREAD_H_
diff --git a/security/manager/ssl/nsRandomGenerator.cpp b/security/manager/ssl/nsRandomGenerator.cpp
new file mode 100644
index 000000000..6e41fae60
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.cpp
@@ -0,0 +1,55 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsRandomGenerator.h"
+
+#include "ScopedNSSTypes.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+#include "prerror.h"
+#include "secerr.h"
+
+NS_IMPL_ISUPPORTS(nsRandomGenerator, nsIRandomGenerator)
+
+NS_IMETHODIMP
+nsRandomGenerator::GenerateRandomBytes(uint32_t aLength,
+                                       uint8_t** aBuffer)
+{
+  NS_ENSURE_ARG_POINTER(aBuffer);
+  *aBuffer = nullptr;
+
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  mozilla::UniquePK11SlotInfo slot(PK11_GetInternalSlot());
+  if (!slot) {
+    return NS_ERROR_FAILURE;
+  }
+
+  auto buf = static_cast<uint8_t*>(moz_xmalloc(aLength));
+  if (!buf) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+
+  SECStatus srv = PK11_GenerateRandomOnSlot(slot.get(), buf, aLength);
+  if (srv != SECSuccess) {
+    free(buf);
+    return NS_ERROR_FAILURE;
+  }
+
+  *aBuffer = buf;
+
+  return NS_OK;
+}
+
+nsRandomGenerator::~nsRandomGenerator()
+{
+  nsNSSShutDownPreventionLock locker;
+  if (isAlreadyShutDown()) {
+    return;
+  }
+  shutdown(ShutdownCalledFrom::Object);
+}
diff --git a/security/manager/ssl/nsRandomGenerator.h b/security/manager/ssl/nsRandomGenerator.h
new file mode 100644
index 000000000..197f2d747
--- /dev/null
+++ b/security/manager/ssl/nsRandomGenerator.h
@@ -0,0 +1,30 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsRandomGenerator_h
+#define nsRandomGenerator_h
+
+#include "mozilla/Attributes.h"
+#include "nsIRandomGenerator.h"
+#include "nsNSSShutDown.h"
+
+#define NS_RANDOMGENERATOR_CID \
+  {0xbe65e2b7, 0xfe46, 0x4e0f, {0x88, 0xe0, 0x4b, 0x38, 0x5d, 0xb4, 0xd6, 0x8a}}
+
+#define NS_RANDOMGENERATOR_CONTRACTID \
+  "@mozilla.org/security/random-generator;1"
+
+class nsRandomGenerator final : public nsIRandomGenerator
+                              , public nsNSSShutDownObject
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIRANDOMGENERATOR
+
+private:
+  ~nsRandomGenerator();
+  virtual void virtualDestroyNSSReference() override {}
+};
+
+#endif // nsRandomGenerator_h
diff --git a/security/manager/ssl/nsSSLSocketProvider.cpp b/security/manager/ssl/nsSSLSocketProvider.cpp
new file mode 100644
index 000000000..c0fe8586f
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.cpp
@@ -0,0 +1,68 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsSSLSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::NeckoOriginAttributes;
+
+nsSSLSocketProvider::nsSSLSocketProvider()
+{
+}
+
+nsSSLSocketProvider::~nsSSLSocketProvider()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSSLSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsSSLSocketProvider::NewSocket(int32_t family,
+                               const char *host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes &originAttributes,
+                               uint32_t flags,
+                               PRFileDesc **_result,
+                               nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(family,
+                                      host,
+                                      port,
+                                      proxy,
+                                      originAttributes,
+                                      _result,
+                                      securityInfo,
+                                      false,
+                                      flags);
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsSSLSocketProvider::AddToSocket(int32_t family,
+                                 const char *host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes &originAttributes,
+                                 uint32_t flags,
+                                 PRFileDesc *aSocket,
+                                 nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerAddToSocket(family,
+                                        host,
+                                        port,
+                                        proxy,
+                                        originAttributes,
+                                        aSocket,
+                                        securityInfo,
+                                        false,
+                                        flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsSSLSocketProvider.h b/security/manager/ssl/nsSSLSocketProvider.h
new file mode 100644
index 000000000..95132f204
--- /dev/null
+++ b/security/manager/ssl/nsSSLSocketProvider.h
@@ -0,0 +1,29 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSSLSOCKETPROVIDER_H_
+#define _NSSSLSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+/* 217d014a-1dd2-11b2-999c-b0c4df79b324 */
+#define NS_SSLSOCKETPROVIDER_CID   \
+{ 0x217d014a, 0x1dd2, 0x11b2, {0x99, 0x9c, 0xb0, 0xc4, 0xdf, 0x79, 0xb3, 0x24}}
+
+
+class nsSSLSocketProvider : public nsISocketProvider
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsSSLSocketProvider methods:
+  nsSSLSocketProvider();
+protected:
+  virtual ~nsSSLSocketProvider();
+};
+
+#endif /* _NSSSLSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsSSLStatus.cpp b/security/manager/ssl/nsSSLStatus.cpp
new file mode 100644
index 000000000..1538b2aa7
--- /dev/null
+++ b/security/manager/ssl/nsSSLStatus.cpp
@@ -0,0 +1,379 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/Casting.h"
+#include "nsSSLStatus.h"
+#include "nsIClassInfoImpl.h"
+#include "nsIObjectOutputStream.h"
+#include "nsIObjectInputStream.h"
+#include "nsNSSCertificate.h"
+#include "SignedCertificateTimestamp.h"
+#include "ssl.h"
+
+NS_IMETHODIMP
+nsSSLStatus::GetServerCert(nsIX509Cert** aServerCert)
+{
+  NS_ENSURE_ARG_POINTER(aServerCert);
+
+  nsCOMPtr<nsIX509Cert> cert = mServerCert;
+  cert.forget(aServerCert);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetKeyLength(uint32_t* aKeyLength)
+{
+  NS_ENSURE_ARG_POINTER(aKeyLength);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aKeyLength = cipherInfo.symKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetSecretKeyLength(uint32_t* aSecretKeyLength)
+{
+  NS_ENSURE_ARG_POINTER(aSecretKeyLength);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  *aSecretKeyLength = cipherInfo.effectiveKeyBits;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCipherName(nsACString& aCipherName)
+{
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  SSLCipherSuiteInfo cipherInfo;
+  if (SSL_GetCipherSuiteInfo(mCipherSuite, &cipherInfo,
+                             sizeof(cipherInfo)) != SECSuccess) {
+    return NS_ERROR_FAILURE;
+  }
+
+  aCipherName.Assign(cipherInfo.cipherSuiteName);
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetProtocolVersion(uint16_t* aProtocolVersion)
+{
+  NS_ENSURE_ARG_POINTER(aProtocolVersion);
+  if (!mHaveCipherSuiteAndProtocol) {
+    return NS_ERROR_NOT_AVAILABLE;
+  }
+
+  *aProtocolVersion = mProtocolVersion;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetCertificateTransparencyStatus(
+  uint16_t* aCertificateTransparencyStatus)
+{
+  NS_ENSURE_ARG_POINTER(aCertificateTransparencyStatus);
+
+  *aCertificateTransparencyStatus = mCertificateTransparencyStatus;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsDomainMismatch(bool* aIsDomainMismatch)
+{
+  NS_ENSURE_ARG_POINTER(aIsDomainMismatch);
+
+  *aIsDomainMismatch = mHaveCertErrorBits && mIsDomainMismatch;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsNotValidAtThisTime(bool* aIsNotValidAtThisTime)
+{
+  NS_ENSURE_ARG_POINTER(aIsNotValidAtThisTime);
+
+  *aIsNotValidAtThisTime = mHaveCertErrorBits && mIsNotValidAtThisTime;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsUntrusted(bool* aIsUntrusted)
+{
+  NS_ENSURE_ARG_POINTER(aIsUntrusted);
+
+  *aIsUntrusted = mHaveCertErrorBits && mIsUntrusted;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetIsExtendedValidation(bool* aIsEV)
+{
+  NS_ENSURE_ARG_POINTER(aIsEV);
+  *aIsEV = false;
+
+  // Never allow bad certs for EV, regardless of overrides.
+  if (mHaveCertErrorBits) {
+    return NS_OK;
+  }
+
+  if (mHasIsEVStatus) {
+    *aIsEV = mIsEV;
+    return NS_OK;
+  }
+
+  return NS_ERROR_NOT_AVAILABLE;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::Read(nsIObjectInputStream* aStream)
+{
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = aStream->ReadObject(true, getter_AddRefs(cert));
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  mServerCert = do_QueryInterface(cert);
+  if (!mServerCert) {
+    return NS_NOINTERFACE;
+  }
+
+  rv = aStream->Read16(&mCipherSuite);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // The code below is a workaround to allow serializing new fields
+  // while preserving binary compatibility with older streams. For more details
+  // on the binary compatibility requirement, refer to bug 1248628.
+  // Here, we take advantage of the fact that mProtocolVersion was originally
+  // stored as a 16 bits integer, but the highest 8 bits were never used.
+  // These bits are now used for stream versioning.
+  uint16_t protocolVersionAndStreamFormatVersion;
+  rv = aStream->Read16(&protocolVersionAndStreamFormatVersion);
+  NS_ENSURE_SUCCESS(rv, rv);
+  mProtocolVersion = protocolVersionAndStreamFormatVersion & 0xFF;
+  const uint8_t streamFormatVersion =
+    (protocolVersionAndStreamFormatVersion >> 8) & 0xFF;
+
+  rv = aStream->ReadBoolean(&mIsDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mIsEV);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->ReadBoolean(&mHasIsEVStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mHaveCipherSuiteAndProtocol);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->ReadBoolean(&mHaveCertErrorBits);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Added in version 1 (see bug 1305289).
+  if (streamFormatVersion >= 1) {
+    rv = aStream->Read16(&mCertificateTransparencyStatus);
+    NS_ENSURE_SUCCESS(rv, rv);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::Write(nsIObjectOutputStream* aStream)
+{
+  // The current version of the binary stream format.
+  const uint8_t STREAM_FORMAT_VERSION = 1;
+
+  nsresult rv = aStream->WriteCompoundObject(mServerCert,
+                                             NS_GET_IID(nsIX509Cert),
+                                             true);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->Write16(mCipherSuite);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  uint16_t protocolVersionAndStreamFormatVersion =
+    mozilla::AssertedCast<uint8_t>(mProtocolVersion) |
+    (STREAM_FORMAT_VERSION << 8);
+  rv = aStream->Write16(protocolVersionAndStreamFormatVersion);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->WriteBoolean(mIsDomainMismatch);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsNotValidAtThisTime);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsUntrusted);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mIsEV);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  rv = aStream->WriteBoolean(mHasIsEVStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mHaveCipherSuiteAndProtocol);
+  NS_ENSURE_SUCCESS(rv, rv);
+  rv = aStream->WriteBoolean(mHaveCertErrorBits);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  // Added in version 1.
+  rv = aStream->Write16(mCertificateTransparencyStatus);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetInterfaces(uint32_t* aCount, nsIID*** aArray)
+{
+  *aCount = 0;
+  *aArray = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetScriptableHelper(nsIXPCScriptable** aHelper)
+{
+  *aHelper = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetContractID(char** aContractID)
+{
+  *aContractID = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassDescription(char** aClassDescription)
+{
+  *aClassDescription = nullptr;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassID(nsCID** aClassID)
+{
+  *aClassID = (nsCID*) moz_xmalloc(sizeof(nsCID));
+  if (!*aClassID) {
+    return NS_ERROR_OUT_OF_MEMORY;
+  }
+  return GetClassIDNoAlloc(*aClassID);
+}
+
+NS_IMETHODIMP
+nsSSLStatus::GetFlags(uint32_t* aFlags)
+{
+  *aFlags = 0;
+  return NS_OK;
+}
+
+static NS_DEFINE_CID(kSSLStatusCID, NS_SSLSTATUS_CID);
+
+NS_IMETHODIMP
+nsSSLStatus::GetClassIDNoAlloc(nsCID* aClassIDNoAlloc)
+{
+  *aClassIDNoAlloc = kSSLStatusCID;
+  return NS_OK;
+}
+
+nsSSLStatus::nsSSLStatus()
+: mCipherSuite(0)
+, mProtocolVersion(0)
+, mCertificateTransparencyStatus(nsISSLStatus::
+    CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE)
+, mIsDomainMismatch(false)
+, mIsNotValidAtThisTime(false)
+, mIsUntrusted(false)
+, mIsEV(false)
+, mHasIsEVStatus(false)
+, mHaveCipherSuiteAndProtocol(false)
+, mHaveCertErrorBits(false)
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSSLStatus, nsISSLStatus, nsISerializable, nsIClassInfo)
+
+nsSSLStatus::~nsSSLStatus()
+{
+}
+
+void
+nsSSLStatus::SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus)
+{
+  MOZ_ASSERT(aServerCert);
+
+  mServerCert = aServerCert;
+  mIsEV = (aEVStatus == EVStatus::EV);
+  mHasIsEVStatus = true;
+}
+
+void
+nsSSLStatus::SetCertificateTransparencyInfo(
+  const mozilla::psm::CertificateTransparencyInfo& info)
+{
+  using mozilla::ct::SignedCertificateTimestamp;
+
+  if (!info.enabled) {
+    // CT disabled.
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NOT_APPLICABLE;
+    return;
+  }
+
+  if (!info.processedSCTs) {
+    // No SCTs processed on the connection.
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_NONE;
+    return;
+  }
+
+  bool hasOKSCTs = false;
+  bool hasUnknownLogSCTs = false;
+  bool hasInvalidSCTs = false;
+  for (const SignedCertificateTimestamp& sct : info.verifyResult.scts) {
+    switch (sct.verificationStatus) {
+      case SignedCertificateTimestamp::VerificationStatus::OK:
+        hasOKSCTs = true;
+        break;
+      case SignedCertificateTimestamp::VerificationStatus::UnknownLog:
+        hasUnknownLogSCTs = true;
+        break;
+      case SignedCertificateTimestamp::VerificationStatus::InvalidSignature:
+      case SignedCertificateTimestamp::VerificationStatus::InvalidTimestamp:
+        hasInvalidSCTs = true;
+        break;
+      default:
+        MOZ_ASSERT_UNREACHABLE("Unexpected SCT::VerificationStatus type");
+    }
+  }
+
+  if (hasOKSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_OK;
+  } else if (hasUnknownLogSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_UNKNOWN_LOG;
+  } else if (hasInvalidSCTs) {
+    mCertificateTransparencyStatus =
+      nsISSLStatus::CERTIFICATE_TRANSPARENCY_INVALID;
+  }
+}
diff --git a/security/manager/ssl/nsSSLStatus.h b/security/manager/ssl/nsSSLStatus.h
new file mode 100644
index 000000000..2a8343407
--- /dev/null
+++ b/security/manager/ssl/nsSSLStatus.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSSSLSTATUS_H
+#define _NSSSLSTATUS_H
+
+#include "CertVerifier.h" // For CertificateTransparencyInfo
+#include "nsISSLStatus.h"
+#include "nsCOMPtr.h"
+#include "nsXPIDLString.h"
+#include "nsIX509Cert.h"
+#include "nsISerializable.h"
+#include "nsIClassInfo.h"
+
+class nsNSSCertificate;
+
+enum class EVStatus {
+  NotEV = 0,
+  EV = 1,
+};
+
+class nsSSLStatus final
+  : public nsISSLStatus
+  , public nsISerializable
+  , public nsIClassInfo
+{
+protected:
+  virtual ~nsSSLStatus();
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISSLSTATUS
+  NS_DECL_NSISERIALIZABLE
+  NS_DECL_NSICLASSINFO
+
+  nsSSLStatus();
+
+  void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);
+
+  bool HasServerCert() {
+    return mServerCert != nullptr;
+  }
+
+  void SetCertificateTransparencyInfo(
+    const mozilla::psm::CertificateTransparencyInfo& info);
+
+  /* public for initilization in this file */
+  uint16_t mCipherSuite;
+  uint16_t mProtocolVersion;
+  uint16_t mCertificateTransparencyStatus;
+
+  bool mIsDomainMismatch;
+  bool mIsNotValidAtThisTime;
+  bool mIsUntrusted;
+  bool mIsEV;
+
+  bool mHasIsEVStatus;
+  bool mHaveCipherSuiteAndProtocol;
+
+  /* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
+     connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
+  bool mHaveCertErrorBits;
+
+private:
+  nsCOMPtr<nsIX509Cert> mServerCert;
+};
+
+#define NS_SSLSTATUS_CID \
+{ 0xe2f14826, 0x9e70, 0x4647, \
+  { 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
+
+#endif
diff --git a/security/manager/ssl/nsSTSPreloadList.errors b/security/manager/ssl/nsSTSPreloadList.errors
new file mode 100644
index 000000000..647f31527
--- /dev/null
+++ b/security/manager/ssl/nsSTSPreloadList.errors
@@ -0,0 +1,10853 @@
+0-1.party: did not receive HSTS header
+00001.am: did not receive HSTS header
+00002.am: did not receive HSTS header
+0005.com: could not connect to host
+0005aa.com: could not connect to host
+00220022.net: could not connect to host
+007sascha.de: did not receive HSTS header
+01100010011001010111001101110100.com: could not connect to host
+020wifi.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+0222aa.com: did not receive HSTS header
+040fit.nl: did not receive HSTS header
+048.ag: could not connect to host
+050508.com: could not connect to host
+070709.net: could not connect to host
+07733.win: could not connect to host
+0day.su: could not connect to host
+0f.io: could not connect to host
+0fl.com: did not receive HSTS header
+0g.org.uk: could not connect to host
+0i0.nl: could not connect to host
+0o0.ooo: could not connect to host
+0p.no: did not receive HSTS header
+0vi.org: could not connect to host
+0w0.vc: could not connect to host
+0x0a.net: could not connect to host
+0x1337.eu: could not connect to host
+0x44.net: did not receive HSTS header
+0x4b0c131e.pub: could not connect to host
+0x52.org: could not connect to host
+0x539.pw: could not connect to host
+0x90.fi: could not connect to host
+0xa.in: could not connect to host
+0xb612.org: could not connect to host
+1017scribes.com: could not connect to host
+1018hosting.nl: did not receive HSTS header
+1022996493.rsc.cdn77.org: could not connect to host
+1091.jp: could not connect to host
+10gb.io: could not connect to host
+10ppm.com: did not receive HSTS header
+10seos.com: did not receive HSTS header
+10tacle.io: could not connect to host
+12.net: did not receive HSTS header
+120dayweightloss.com: could not connect to host
+123.gg: could not connect to host
+123share.org: could not connect to host
+123test.de: did not receive HSTS header
+123test.es: did not receive HSTS header
+123test.fr: did not receive HSTS header
+126ium.moe: could not connect to host
+127011-networks.ch: did not receive HSTS header
+12vpn.org: could not connect to host
+12vpnchina.com: could not connect to host
+135vv.com: could not connect to host
+13826145000.com: could not connect to host
+1391kj.com: did not receive HSTS header
+1396.cc: did not receive HSTS header
+1536.cf: could not connect to host
+163pwd.com: could not connect to host
+166166.com: could not connect to host
+16deza.com: did not receive HSTS header
+16packets.com: could not connect to host
+173vpn.cn: could not connect to host
+173vpns.com: did not receive HSTS header
+173vpnv.com: could not connect to host
+188betwarriors.co.uk: could not connect to host
+188trafalgar.ca: did not receive HSTS header
+195gm.com: could not connect to host
+1a-jva.de: could not connect to host
+1atic.com: could not connect to host
+1co-jp.net: did not receive HSTS header
+1cover.com: could not connect to host
+1k8b.com: could not connect to host
+1ll.uk: did not receive HSTS header
+1nian.vip: could not connect to host
+1q365a.com: could not connect to host
+1s.tn: did not receive HSTS header
+1stcapital.com.sg: did not receive HSTS header
+1three1.net: did not receive HSTS header
+1xcess.com: did not receive HSTS header
+1years.cc: could not connect to host
+2-cpu.de: did not receive HSTS header
+206rc.net: max-age too low: 2592000
+20hs.cn: did not receive HSTS header
+21lg.co: could not connect to host
+247quickbooks.com: did not receive HSTS header
+2488.ch: did not receive HSTS header
+24hourpaint.com: could not connect to host
+24hrs.shopping: could not connect to host
+24sihu.com: could not connect to host
+25daysof.io: could not connect to host
+2859cc.com: could not connect to host
+28spots.net: could not connect to host
+2acbi-asso.fr: did not receive HSTS header
+2bizi.ru: could not connect to host
+2brokegirls.org: could not connect to host
+2carpros.com: did not receive HSTS header
+2intermediate.co.uk: did not receive HSTS header
+2or3.tk: could not connect to host
+2smart4food.com: did not receive HSTS header
+2ss.jp: could not connect to host
+300651.ru: did not receive HSTS header
+300mbmovie24.com: could not connect to host
+300mbmovies4u.cc: could not connect to host
+301.website: could not connect to host
+302.nyc: could not connect to host
+314166.com: could not connect to host
+314chan.org: could not connect to host
+32ph.com: could not connect to host
+33836.com: did not receive HSTS header
+33drugstore.com: did not receive HSTS header
+341.mg: could not connect to host
+3555aa.com: could not connect to host
+35792.de: could not connect to host
+360gradus.com: did not receive HSTS header
+365.or.jp: could not connect to host
+368mibn.com: could not connect to host
+3778xl.com: did not receive HSTS header
+38sihu.com: could not connect to host
+39sihu.com: could not connect to host
+3bigking.com: could not connect to host
+3chit.cf: could not connect to host
+3click-loan.com: could not connect to host
+3d-bastler.de: could not connect to host
+3dcart.com: did not receive HSTS header
+3delivered.com: could not connect to host
+3dproteinimaging.com: did not receive HSTS header
+3fl.com: did not receive HSTS header
+3sreporting.com: did not receive HSTS header
+3vlnaeet.cz: could not connect to host
+3wecommerce.com.br: could not connect to host
+404.sh: could not connect to host
+404404.info: could not connect to host
+411film.com: could not connect to host
+41844.de: could not connect to host
+420dongstorm.com: could not connect to host
+42ms.org: could not connect to host
+439191.com: could not connect to host
+440hz-radio.de: did not receive HSTS header
+4455software.com: could not connect to host
+44957.com: could not connect to host
+4679.space: could not connect to host
+47tech.com: could not connect to host
+4azino777.ru: did not receive HSTS header
+4cclothing.com: could not connect to host
+4d2.xyz: could not connect to host
+4eyes.ch: did not receive HSTS header
+4loc.us: could not connect to host
+4miners.net: could not connect to host
+4mybaby.ch: did not receive HSTS header
+4ourty2.org: did not receive HSTS header
+4sqsu.eu: could not connect to host
+4w-performers.link: could not connect to host
+4web-hosting.com: could not connect to host
+4x4.lk: could not connect to host
+5000yz.com: could not connect to host
+50millionablaze.org: could not connect to host
+513vpn.net: did not receive HSTS header
+517vpn.cn: could not connect to host
+518maicai.com: did not receive HSTS header
+52kb1.com: could not connect to host
+52neptune.com: could not connect to host
+540.co: did not receive HSTS header
+54bf.com: could not connect to host
+555fl.com: did not receive HSTS header
+56ct.com: could not connect to host
+5ece.de: could not connect to host
+5piecesofadvice.com: could not connect to host
+605508.cc: did not receive HSTS header
+605508.com: did not receive HSTS header
+60ych.net: did not receive HSTS header
+6120.eu: did not receive HSTS header
+64616e.xyz: could not connect to host
+660011.com: max-age too low: 0
+68277.me: could not connect to host
+69mentor.com: could not connect to host
+69square.com: could not connect to host
+721av.com: max-age too low: 2592000
+7261696e626f77.net: could not connect to host
+7777av.co: did not receive HSTS header
+7f-wgg.cf: could not connect to host
+7kovrikov.ru: did not receive HSTS header
+7thheavenrestaurant.com: could not connect to host
+7trade8.com: could not connect to host
+8.net.co: could not connect to host
+808.lv: did not receive HSTS header
+83i.net: could not connect to host
+8522.am: could not connect to host
+8522cn.com: did not receive HSTS header
+8560.be: could not connect to host
+87577.com: could not connect to host
+88.to: could not connect to host
+8887999.com: could not connect to host
+8888av.co: did not receive HSTS header
+888azino.com: did not receive HSTS header
+888lu.co: could not connect to host
+88laohu.cc: could not connect to host
+88laohu.com: could not connect to host
+89955.com: could not connect to host
+899699.com: did not receive HSTS header
+8ballbombom.uk: could not connect to host
+8mpay.com: did not receive HSTS header
+8t88.biz: could not connect to host
+90smthng.com: could not connect to host
+91-freedom.com: could not connect to host
+9118b.com: could not connect to host
+911911.pw: could not connect to host
+915ers.com: did not receive HSTS header
+922.be: could not connect to host
+92bmh.com: did not receive HSTS header
+960news.ca: could not connect to host
+9651678.ru: could not connect to host
+99511.fi: did not receive HSTS header
+9iwan.net: did not receive HSTS header
+9jadirect.com: could not connect to host
+9point6.com: could not connect to host
+9ss6.com: could not connect to host
+9tolife.be: did not receive HSTS header
+a-plus.space: could not connect to host
+a-rickroll-n.pw: could not connect to host
+a-theme.com: could not connect to host
+a1-autopartsglasgow.com: did not receive HSTS header
+a200k.xyz: did not receive HSTS header
+a3workshop.swiss: could not connect to host
+a9c.co: could not connect to host
+aa7733.com: did not receive HSTS header
+aaeblog.com: did not receive HSTS header
+aaeblog.net: did not receive HSTS header
+aaeblog.org: did not receive HSTS header
+aaoo.net: could not connect to host
+aapp.space: could not connect to host
+aaron-gustafson.com: did not receive HSTS header
+aaronkimmig.de: did not receive HSTS header
+abareplace.com: did not receive HSTS header
+abcdentalcare.com: did not receive HSTS header
+abearofsoap.com: could not connect to host
+aberdeenalmeras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+abilitylist.org: did not receive HSTS header
+abioniere.de: could not connect to host
+ablogagency.net: could not connect to host
+abloop.com: could not connect to host
+abmahnhelfer.de: did not receive HSTS header
+abnarnro.com: could not connect to host
+abolition.co: could not connect to host
+abona24.pl: max-age too low: 0
+about.ge: did not receive HSTS header
+aboutmyip.info: did not receive HSTS header
+aboutmyproperty.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+aboutyou-deals.de: could not connect to host
+absinthium.ch: could not connect to host
+abt.de: did not receive HSTS header
+abtom.de: did not receive HSTS header
+abury.fr: did not receive HSTS header
+abury.me: did not receive HSTS header
+abyssproject.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ac0g.dyndns.org: could not connect to host
+acabadosboston.com: could not connect to host
+academialowcost.com.br: did not receive HSTS header
+academicenterprise.org: could not connect to host
+acai51.net: could not connect to host
+acbc.ie: max-age too low: 0
+accelerole.com: did not receive HSTS header
+accelight.co.jp: did not receive HSTS header
+accelight.jp: did not receive HSTS header
+access-sofia.org: did not receive HSTS header
+accommodation-berry.com.au: max-age too low: 300
+accountradar.com: max-age too low: 86400
+accounts-p.com: could not connect to host
+accuritpresence.com: did not receive HSTS header
+accwing.com: could not connect to host
+acg.sb: could not connect to host
+acgaudio.com: could not connect to host
+acgmoon.org: did not receive HSTS header
+acheirj.com.br: could not connect to host
+acheritage.co.uk: did not receive HSTS header
+achterhoekseveiligheidsbeurs.nl: could not connect to host
+acisonline.net: did not receive HSTS header
+acoffeeshops.com: could not connect to host
+acpinformatique.fr: could not connect to host
+acr.im: could not connect to host
+acrepairdrippingsprings.com: could not connect to host
+acritelli.com: did not receive HSTS header
+acrossgw.com: could not connect to host
+acslimited.co.uk: did not receive HSTS header
+activateplay.com: max-age too low: 86400
+active-escape.com: did not receive HSTS header
+activeclearweb.com: could not connect to host
+activeweb.top: could not connect to host
+activiti.alfresco.com: did not receive HSTS header
+actu-medias.com: could not connect to host
+actualite-videos.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+acuve.jp: could not connect to host
+ada.is: max-age too low: 2592000
+adajwells.me: could not connect to host
+adambryant.ca: could not connect to host
+adamdixon.co.uk: could not connect to host
+adamricheimer.com: could not connect to host
+adamwk.com: did not receive HSTS header
+adastra.re: could not connect to host
+adboos.com: could not connect to host
+addaxpetroleum.com: could not connect to host
+addvocate.com: could not connect to host
+adec-emsa.ae: could not connect to host
+adelevie.com: could not connect to host
+adelinlydia-coach.com: did not receive HSTS header
+adequatetechnology.com: could not connect to host
+aderal.io: could not connect to host
+adesa-asesoria.com: did not receive HSTS header
+adfa-1.com: could not connect to host
+adhosting.nl: did not receive HSTS header
+adhs-chaoten.net: did not receive HSTS header
+adindexr.com: could not connect to host
+admin.google.com: did not receive HSTS header (error ignored - included regardless)
+admiral.dp.ua: did not receive HSTS header
+admitcard.co.in: did not receive HSTS header
+admsel.ec: could not connect to host
+adoge.me: could not connect to host
+adonairelogios.com.br: could not connect to host
+adopteunsiteflash.com: could not connect to host
+adquisitio.de: could not connect to host
+adquisitio.in: could not connect to host
+adriancohea.ninja: did not receive HSTS header
+adrianseo.ro: did not receive HSTS header
+adrl.ca: could not connect to host
+adsfund.org: could not connect to host
+aduedu.de: did not receive HSTS header
+adult.properties: could not connect to host
+adunanza.net: did not receive HSTS header
+advancedstudio.ro: did not receive HSTS header
+advantagemechanicalinc.com: did not receive HSTS header
+adventures.is: did not receive HSTS header
+adver.top: did not receive HSTS header
+adviespuntklokkenluiders.nl: could not connect to host
+adzuna.co.uk: did not receive HSTS header
+aemoria.com: could not connect to host
+aerialmediapro.net: could not connect to host
+aerolog.co: did not receive HSTS header
+aerotheque.fr: did not receive HSTS header
+aes256.ru: could not connect to host
+aether.pw: could not connect to host
+aevpn.net: could not connect to host
+aevpn.org: could not connect to host
+aeyoun.com: did not receive HSTS header
+af-fotografie.net: did not receive HSTS header
+afdkompakt.de: max-age too low: 86400
+affily.io: could not connect to host
+aficotroceni.ro: did not receive HSTS header
+afiru.net: could not connect to host
+afmchandler.com: did not receive HSTS header
+afp548.tk: could not connect to host
+africantourer.com: did not receive HSTS header
+after.im: did not receive HSTS header
+afterstack.net: could not connect to host
+afvallendoeje.nu: could not connect to host
+afyou.co.kr: could not connect to host
+afzco.asia: did not receive HSTS header
+agalaxyfarfaraway.co.uk: could not connect to host
+agatheetraphael.fr: could not connect to host
+agbremen.de: did not receive HSTS header
+agentseeker.ca: could not connect to host
+agevio.com: could not connect to host
+agonswim.com: could not connect to host
+agrias.com.br: did not receive HSTS header
+agrimap.com: did not receive HSTS header
+agro-id.gov.ua: did not receive HSTS header
+agtv.com.br: did not receive HSTS header
+ahabingo.com: did not receive HSTS header
+ahfazahmed.net: did not receive HSTS header
+ahoynetwork.com: did not receive HSTS header
+ahri.ovh: could not connect to host
+ahwah.net: could not connect to host
+ahwatukeefoothillsmontessori.com: did not receive HSTS header
+aicial.com.au: could not connect to host
+aidanmontare.net: could not connect to host
+aidanwoods.com: did not receive HSTS header
+aidikofflaw.com: did not receive HSTS header
+aids.gov: did not receive HSTS header
+aifreeze.ru: could not connect to host
+aify.eu: could not connect to host
+aiicy.org: could not connect to host
+aim-consultants.com: could not connect to host
+ainrb.com: could not connect to host
+aip-marine.com: could not connect to host
+aiponne.com: could not connect to host
+airlea.com: could not connect to host
+airlinecheckins.com: did not receive HSTS header
+airmazinginflatables.com: did not receive HSTS header
+airproto.com: did not receive HSTS header
+aishnair.com: could not connect to host
+aisle3.space: could not connect to host
+aiticon.de: did not receive HSTS header
+aiw-thkoeln.online: could not connect to host
+ajmahal.com: could not connect to host
+ajouin.com: could not connect to host
+aka.my: did not receive HSTS header
+akboy.pw: could not connect to host
+akclinics.org: did not receive HSTS header
+akerek.hu: could not connect to host
+akgundemirbas.com: could not connect to host
+akiba-server.info: could not connect to host
+akita-stream.com: could not connect to host
+akkadia.cc: could not connect to host
+akombakom.net: could not connect to host
+akoww.de: could not connect to host
+akselimedia.fi: did not receive HSTS header
+akstudentsfirst.org: did not receive HSTS header
+aktivist.in: did not receive HSTS header
+akul.co.in: could not connect to host
+al-f.net: could not connect to host
+al-shami.net: could not connect to host
+aladdin.ie: did not receive HSTS header
+alair.cn: did not receive HSTS header
+alanlee.net: could not connect to host
+alanrickmanflipstable.com: could not connect to host
+alariel.de: did not receive HSTS header
+alarme-gps.ch: could not connect to host
+alarmegps.ch: could not connect to host
+alarmsystemreviews.com: did not receive HSTS header
+alasta.info: could not connect to host
+alauda-home.de: could not connect to host
+albanien.guide: could not connect to host
+alberguecimballa.es: could not connect to host
+albertbogdanowicz.pl: did not receive HSTS header
+albertopimienta.com: did not receive HSTS header
+alcantarafleuriste.com: did not receive HSTS header
+alcatraz.online: could not connect to host
+alcazaar.com: could not connect to host
+alcnutrition.com: could not connect to host
+aldorr.net: could not connect to host
+alecvannoten.be: did not receive HSTS header
+alenan.org: could not connect to host
+alessandro.pw: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+alessandroz.pro: could not connect to host
+alethearose.com: did not receive HSTS header
+alexandernorth.ch: could not connect to host
+alexandre.sh: did not receive HSTS header
+alexdodge.ca: could not connect to host
+alexei.su: could not connect to host
+alexkidd.de: did not receive HSTS header
+alexmol.tk: could not connect to host
+alexperry.io: could not connect to host
+alfa24.pro: could not connect to host
+alfredxing.com: did not receive HSTS header
+alilialili.ga: could not connect to host
+alistairpialek.com: max-age too low: 86400
+alittlebitcheeky.com: did not receive HSTS header
+aljaspod.net: did not receive HSTS header
+aljmz.com: did not receive HSTS header
+alkami.com: could not connect to host
+alkamitech.com: did not receive HSTS header
+all-subtitles.com: could not connect to host
+all.tf: could not connect to host
+all4os.com: did not receive HSTS header
+alldaymonitoring.com: could not connect to host
+alldm.ru: could not connect to host
+allegro-inc.com: did not receive HSTS header
+allinnote.com: could not connect to host
+allmbw.com: could not connect to host
+allmystery.de: did not receive HSTS header
+allo-symo.fr: did not receive HSTS header
+allods-zone.ru: could not connect to host
+alloffice.com.ua: did not receive HSTS header
+alloinformatique.net: could not connect to host
+allrealty.co.za: could not connect to host
+allscammers.exposed: could not connect to host
+allsortscastles.co.uk: did not receive HSTS header
+allstarswithus.com: could not connect to host
+aloalabs.com: did not receive HSTS header
+alpha.irccloud.com: could not connect to host
+alphabit-secure.com: could not connect to host
+alphabuild.io: could not connect to host
+alphagamers.net: did not receive HSTS header
+alphalabs.xyz: could not connect to host
+alphasall.com: could not connect to host
+als-hardware.co.za: did not receive HSTS header
+alspolska.pl: could not connect to host
+alt33c3.org: could not connect to host
+altahrim.net: could not connect to host
+altailife.ru: did not receive HSTS header
+altamarea.se: could not connect to host
+alteqnia.com: could not connect to host
+altfire.ca: could not connect to host
+altmv.com: max-age too low: 7776000
+aluminium-scaffolding.co.uk: could not connect to host
+alunjam.es: did not receive HSTS header
+alusta.co: could not connect to host
+am8888.top: could not connect to host
+amandaonishi.com: could not connect to host
+amateurvoicetalent.com: could not connect to host
+amavis.org: did not receive HSTS header
+amazing-gaming.fr: could not connect to host
+amcvega.com: did not receive HSTS header
+amdouglas.uk: could not connect to host
+amerhd.com: could not connect to host
+american-truck-simulator.de: could not connect to host
+american-truck-simulator.net: could not connect to host
+americandistribuidora.com: could not connect to host
+americansportsinstitute.org: did not receive HSTS header
+americanworkwear.nl: did not receive HSTS header
+amigogeek.net: could not connect to host
+amilx.com: could not connect to host
+amilx.org: could not connect to host
+amimoto-ami.com: max-age too low: 3153600
+amishsecurity.com: could not connect to host
+amitse.com: did not receive HSTS header
+amitube.com: did not receive HSTS header
+amlvfs.net: could not connect to host
+ammoulianiapartments.com: did not receive HSTS header
+amo-entreprise-et-commerce.fr: could not connect to host
+amoory.com: could not connect to host
+amorimendes.com.br: could not connect to host
+amri.nl: did not receive HSTS header
+amua.fr: could not connect to host
+amunoz.org: could not connect to host
+anabol.nl: could not connect to host
+anacruz.es: did not receive HSTS header
+anadoluefessporkulubu.org: could not connect to host
+anagra.ms: could not connect to host
+analytic-s.ml: could not connect to host
+analyticsinmotion.net: could not connect to host
+analyzemyfriends.com: could not connect to host
+ancientcraft.eu: did not receive HSTS header
+ancientkarma.com: could not connect to host
+andere-gedanken.net: max-age too low: 10
+anderslind.dk: could not connect to host
+andiplusben.com: could not connect to host
+andre-ballensiefen.de: did not receive HSTS header
+andreas-kluge.eu: could not connect to host
+andreasanti.net: did not receive HSTS header
+andreasbreitenlohner.de: max-age too low: 600000
+andreasfritz-fotografie.de: could not connect to host
+andreaskluge.eu: could not connect to host
+andreastoneman.com: could not connect to host
+andrei-coman.com: could not connect to host
+andreigec.net: did not receive HSTS header
+andrerose.ca: did not receive HSTS header
+andrew.fi: did not receive HSTS header
+andrew.london: did not receive HSTS header
+andrewbroekman.com: did not receive HSTS header
+andrewdaws.co: could not connect to host
+andrewdaws.info: could not connect to host
+andrewdaws.me: could not connect to host
+andrewdaws.tv: could not connect to host
+andrewmichaud.beer: could not connect to host
+andrewrdaws.com: could not connect to host
+andrewregan.me: could not connect to host
+andrewvoce.com: did not receive HSTS header
+andrewx.net: could not connect to host
+andrewyg.net: could not connect to host
+andreypopp.com: did not receive HSTS header
+androidprosmart.com: could not connect to host
+androled.fr: max-age too low: 5184000
+androoz.se: could not connect to host
+anduril.de: could not connect to host
+anduril.eu: could not connect to host
+andyclark.io: could not connect to host
+andymartin.cc: could not connect to host
+andyuk.org: did not receive HSTS header
+anfsanchezo.co: could not connect to host
+anfsanchezo.me: could not connect to host
+angeloroberto.ch: did not receive HSTS header
+anghami.com: did not receive HSTS header
+anglesya.win: did not receive HSTS header
+anglictinatabor.cz: could not connect to host
+angrydragonproductions.com: could not connect to host
+angryroute.com: could not connect to host
+animal-nature-human.com: did not receive HSTS header
+anime1video.tk: could not connect to host
+animeday.ml: could not connect to host
+animesfusion.com.br: could not connect to host
+animurecs.com: did not receive HSTS header
+aniplus.cf: could not connect to host
+aniplus.gq: could not connect to host
+aniplus.ml: could not connect to host
+anisekai.com: max-age too low: 2592000
+anitklib.ml: could not connect to host
+ankakaak.com: could not connect to host
+ankaraprofesyonelnakliyat.com: did not receive HSTS header
+ankaraprofesyonelnakliyat.com.tr: did not receive HSTS header
+ankarayilmaznakliyat.com: did not receive HSTS header
+ankarayucelnakliyat.com: did not receive HSTS header
+annabellaw.com: did not receive HSTS header
+annahmeschluss.de: did not receive HSTS header
+annetaan.fi: could not connect to host
+annonasoftware.com: could not connect to host
+anomaly.ws: did not receive HSTS header
+anonymo.co.uk: could not connect to host
+anonymo.uk: could not connect to host
+anonymousstatecollegelulzsec.com: could not connect to host
+anook.com: max-age too low: 0
+anoxinon.de: did not receive HSTS header
+ansdell.info: could not connect to host
+anshuman-chatterjee.com: did not receive HSTS header
+ansibeast.net: could not connect to host
+anstoncs.com.au: max-age too low: 86400
+answers-online.ru: could not connect to host
+ant.land: could not connect to host
+anthenor.co.uk: could not connect to host
+anthonyavon.com: could not connect to host
+antimatiere.space: could not connect to host
+antimine.kr: could not connect to host
+antoine-roux.fr: could not connect to host
+antoined.fr: did not receive HSTS header
+antoinemary.io: could not connect to host
+antoineschaller.ch: did not receive HSTS header
+antoniomarques.eu: did not receive HSTS header
+antoniorequena.com.ve: could not connect to host
+antscript.com: did not receive HSTS header
+anttitenhunen.com: could not connect to host
+anycoin.me: could not connect to host
+anymetrix.io: did not receive HSTS header
+anyways.at: could not connect to host
+aocast.info: could not connect to host
+aojf.fr: could not connect to host
+aopedeure.nl: could not connect to host
+aov.io: could not connect to host
+aozora.moe: could not connect to host
+apachelounge.com: did not receive HSTS header
+apadrinaunolivo.org: did not receive HSTS header
+apaginastore.com.br: could not connect to host
+apeasternpower.com: could not connect to host
+aperture-laboratories.science: did not receive HSTS header
+api.mega.co.nz: could not connect to host
+apibot.de: could not connect to host
+apis.google.com: did not receive HSTS header (error ignored - included regardless)
+apis.world: could not connect to host
+apkoyunlar.club: could not connect to host
+apm.com.tw: did not receive HSTS header
+apmg-certified.com: did not receive HSTS header
+apmg-cyber.com: did not receive HSTS header
+apnakliyat.com: did not receive HSTS header
+apolloyl.com: could not connect to host
+aponkral.site: could not connect to host
+aponkralsunucu.com: could not connect to host
+aponow.de: did not receive HSTS header
+app: could not connect to host
+app-arena.com: did not receive HSTS header
+app.lookout.com: did not receive HSTS header
+app.manilla.com: could not connect to host
+apparels24.com: could not connect to host
+appart.ninja: could not connect to host
+appdb.cc: did not receive HSTS header
+appdrinks.com: could not connect to host
+appengine.google.com: did not receive HSTS header (error ignored - included regardless)
+apple.ax: could not connect to host
+applez.xyz: could not connect to host
+applic8.com: did not receive HSTS header
+appraisal-comps.com: could not connect to host
+appreciationkards.com: did not receive HSTS header
+approlys.fr: did not receive HSTS header
+apps-for-fishing.com: could not connect to host
+appsbystudio.co.uk: did not receive HSTS header
+appsdash.io: could not connect to host
+appuro.com: did not receive HSTS header
+aquapoint.kiev.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+aquariumaccessories.shop: did not receive HSTS header
+aquilalab.com: could not connect to host
+arabdigitalexpression.org: did not receive HSTS header
+aradulconteaza.ro: could not connect to host
+aran.me.uk: could not connect to host
+arboineuropa.nl: did not receive HSTS header
+arboleda-hurtado.com: could not connect to host
+arbu.eu: max-age too low: 2419200
+ardao.me: did not receive HSTS header
+ardorlabs.se: could not connect to host
+area3.org: could not connect to host
+arenlor.com: could not connect to host
+arenlor.info: could not connect to host
+arenns.com: could not connect to host
+arent.kz: could not connect to host
+arewedubstepyet.com: did not receive HSTS header
+areyouever.me: did not receive HSTS header
+argennon.xyz: could not connect to host
+argh.io: could not connect to host
+arguggi.co.uk: could not connect to host
+ariacreations.net: did not receive HSTS header
+arislight.com: could not connect to host
+arkadiyt.com: did not receive HSTS header
+arlen.io: could not connect to host
+arlen.se: could not connect to host
+armenians.online: could not connect to host
+armingrodon.de: max-age too low: 0
+armor.com: did not receive HSTS header
+armored.ninja: could not connect to host
+armory.consulting: could not connect to host
+armory.supplies: could not connect to host
+armsday.com: could not connect to host
+armytricka.cz: did not receive HSTS header
+arne-petersen.net: could not connect to host
+arod.tk: could not connect to host
+aromaclub.nl: did not receive HSTS header
+aroundme.org: did not receive HSTS header
+arpa.ph: did not receive HSTS header
+arpr.co: did not receive HSTS header
+arrayify.com: could not connect to host
+arresttracker.com: could not connect to host
+arrow-cloud.nl: could not connect to host
+arrowfunction.com: could not connect to host
+ars-design.net: could not connect to host
+art2web.net: could not connect to host
+artartefatos.com.br: could not connect to host
+artegusto.ru: did not receive HSTS header
+artesupra.com: did not receive HSTS header
+arthan.me: could not connect to host
+articaexports.com: could not connect to host
+artifex21.com: could not connect to host
+artifex21.fr: could not connect to host
+artiming.com: could not connect to host
+artisanhd.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+artisavotins.com: could not connect to host
+artisense.de: could not connect to host
+artisticedgegranite.net: could not connect to host
+artistnetwork.nl: did not receive HSTS header
+arto.bg: did not receive HSTS header
+arturkohut.com: could not connect to host
+artyland.ru: did not receive HSTS header
+arvamus.eu: could not connect to host
+arzaroth.com: did not receive HSTS header
+as.se: could not connect to host
+as9178.net: could not connect to host
+asahikoji.net: could not connect to host
+asasuou.pw: could not connect to host
+asc16.com: could not connect to host
+ascamso.com: could not connect to host
+aschaefer.net: could not connect to host
+asdpress.cn: could not connect to host
+ashlane-cottages.com: could not connect to host
+ashleyadum.com: could not connect to host
+ashleymedway.com: did not receive HSTS header
+asianodor.com: could not connect to host
+ask.pe: did not receive HSTS header
+askfit.cz: did not receive HSTS header
+askmagicconch.com: could not connect to host
+asmui.ga: could not connect to host
+asmui.ml: could not connect to host
+asphaltfruehling.de: could not connect to host
+asral7.com: could not connect to host
+ass.org.au: could not connect to host
+assdecoeur.org: could not connect to host
+assekuranzjobs.de: could not connect to host
+asset-alive.com: did not receive HSTS header
+asset-alive.net: did not receive HSTS header
+assindia.nl: could not connect to host
+asthon.cn: could not connect to host
+astral.gq: could not connect to host
+astrea-voetbal-groningen.nl: could not connect to host
+astrolpost.com: could not connect to host
+astromelody.com: did not receive HSTS header
+asuhe.xyz: could not connect to host
+at-one.ca: could not connect to host
+at1.co: could not connect to host
+atavio.at: could not connect to host
+atavio.ch: could not connect to host
+atavio.de: did not receive HSTS header
+atbeckett.com: did not receive HSTS header
+atcreform.gov: did not receive HSTS header
+atelier-rk.com: did not receive HSTS header
+atencionbimbo.com: max-age too low: 86400
+athaliasoft.com: could not connect to host
+athenelive.com: could not connect to host
+athensbusinessresources.us: did not receive HSTS header
+athi.pl: could not connect to host
+athul.xyz: could not connect to host
+atigerseye.com: could not connect to host
+atlex.nl: did not receive HSTS header
+atlseccon.com: did not receive HSTS header
+atomic.menu: could not connect to host
+atomik.pro: could not connect to host
+atop.io: could not connect to host
+attic118.com: could not connect to host
+attimidesigns.com: did not receive HSTS header
+attogproductions.com: could not connect to host
+au-pair24.de: did not receive HSTS header
+au.search.yahoo.com: max-age too low: 172800
+au2pb.net: could not connect to host
+aubiosales.com: could not connect to host
+aucubin.moe: could not connect to host
+audiovisualdevices.com.au: did not receive HSTS header
+auditmatrix.com: did not receive HSTS header
+aufmerksamkeitsstudie.com: could not connect to host
+augias.org: could not connect to host
+augrandinquisiteur.com: did not receive HSTS header
+aujapan.ru: could not connect to host
+aurainfosec.com: did not receive HSTS header
+aurainfosec.com.au: did not receive HSTS header
+auraredeye.com: could not connect to host
+auraredshield.com: could not connect to host
+aurora-terraria.org: did not receive HSTS header
+auroratownshipfd.org: could not connect to host
+aurugs.com: did not receive HSTS header
+ausec.ch: could not connect to host
+ausnah.me: could not connect to host
+ausoptic.com.au: max-age too low: 2592000
+aussiecable.org: did not receive HSTS header
+austinsutphin.com: could not connect to host
+australiancattle.dog: could not connect to host
+auth.mail.ru: did not receive HSTS header
+authentication.io: could not connect to host
+authint.com: could not connect to host
+authland.com: could not connect to host
+author24.ru: did not receive HSTS header
+authoritynutrition.com: did not receive HSTS header
+authsrv.nl.eu.org: could not connect to host
+auto-serwis.zgorzelec.pl: did not receive HSTS header
+auto3d.cn: could not connect to host
+auto4trade.nl: could not connect to host
+autobedarf.net: did not receive HSTS header
+autodeploy.it: could not connect to host
+autoecolebudget.ch: did not receive HSTS header
+autoeet.cz: did not receive HSTS header
+autoepc.ro: did not receive HSTS header
+autojuhos.sk: could not connect to host
+autokovrik-diskont.ru: did not receive HSTS header
+automobiles5.com: could not connect to host
+autosearch.me: could not connect to host
+autosiero.nl: did not receive HSTS header
+autostop-occasions.be: could not connect to host
+autotsum.com: could not connect to host
+autumnwindsagility.com: could not connect to host
+auverbox.ovh: could not connect to host
+aux-arts-de-la-table.com: did not receive HSTS header
+auxetek.se: could not connect to host
+auxiliumincrementum.co.uk: could not connect to host
+av.de: did not receive HSTS header
+avadatravel.com: did not receive HSTS header
+avantmfg.com: did not receive HSTS header
+avdelivers.com: could not connect to host
+avec-ou-sans-ordonnance.fr: could not connect to host
+aveling-adventure.co.uk: did not receive HSTS header
+avepol.cz: did not receive HSTS header
+avepol.eu: did not receive HSTS header
+aviacao.pt: did not receive HSTS header
+avidcruiser.com: did not receive HSTS header
+aviodeals.com: could not connect to host
+avonlearningcampus.com: could not connect to host
+avqueen.cn: could not connect to host
+avus-automobile.com: did not receive HSTS header
+awan.tech: could not connect to host
+awanderlustadventure.com: did not receive HSTS header
+awf0.xyz: could not connect to host
+awg-mode.de: did not receive HSTS header
+aww.moe: did not receive HSTS header
+axado.com.br: did not receive HSTS header
+axel-fischer.science: could not connect to host
+axelchv.fr: did not receive HSTS header
+axeny.com: did not receive HSTS header
+axg.io: did not receive HSTS header
+axolsoft.com: max-age too low: 10540800
+ayahuascaadvisor.com: could not connect to host
+ayor.jp: could not connect to host
+ayor.tech: could not connect to host
+ayuru.info: could not connect to host
+azamra.com: did not receive HSTS header
+azazy.net: max-age too low: 2592000
+azirevpn.com: did not receive HSTS header
+azlo.com: did not receive HSTS header
+azprep.us: could not connect to host
+b-landia.net: did not receive HSTS header
+b-rickroll-e.pw: could not connect to host
+b-space.de: did not receive HSTS header
+b2bpromoteit.com: did not receive HSTS header
+b303.me: did not receive HSTS header
+b3orion.com: max-age too low: 0
+b8a.me: could not connect to host
+babelfisch.eu: could not connect to host
+baby-click.de: did not receive HSTS header
+babybee.ie: could not connect to host
+babybic.hu: did not receive HSTS header
+babycs.house: could not connect to host
+babyhouse.xyz: could not connect to host
+babymasaze.cz: did not receive HSTS header
+babysaying.me: could not connect to host
+bacchanallia.com: could not connect to host
+back-bone.nl: did not receive HSTS header
+backgroundchecks.online: did not receive HSTS header
+backintomotionphysiotherapy.com: did not receive HSTS header
+backyardbbqbash.com: did not receive HSTS header
+bad.pet: could not connect to host
+bad.show: could not connect to host
+badcronjob.com: could not connect to host
+badenhard.eu: could not connect to host
+badkamergigant.com: could not connect to host
+badlink.org: could not connect to host
+baff.lu: could not connect to host
+bageez.us: could not connect to host
+bagiobella.com: max-age too low: 0
+baiduaccount.com: could not connect to host
+bailbondsaffordable.com: did not receive HSTS header
+bair.io: could not connect to host
+baito-j.jp: did not receive HSTS header
+baiyangliu.com: could not connect to host
+baka.network: could not connect to host
+bakaweb.fr: could not connect to host
+bakhansen.com: did not receive HSTS header
+bakingstone.com: could not connect to host
+bakkerdesignandbuild.com: did not receive HSTS header
+balatoni-nyar.hu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+balcan-underground.net: could not connect to host
+baldwinkoo.com: could not connect to host
+baleares.party: could not connect to host
+balihai.com: did not receive HSTS header
+balloonphp.com: could not connect to host
+ballparkbuns.com: max-age too low: 86400
+balnearionaturaspa.com: did not receive HSTS header
+balonmano.co: could not connect to host
+bambooforest.nl: could not connect to host
+bambumania.com.br: could not connect to host
+bananabandy.com: could not connect to host
+bananium.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+banbanchs.com: could not connect to host
+banchethai.com: could not connect to host
+bandally.net: could not connect to host
+bandarifamily.com: could not connect to host
+bandb.xyz: could not connect to host
+bandrcrafts.com: did not receive HSTS header
+bangzafran.com: did not receive HSTS header
+bank: could not connect to host
+bankmilhas.com.br: did not receive HSTS header
+banksaround.com: did not receive HSTS header
+bannisbierblog.de: could not connect to host
+banqingdiao.com: could not connect to host
+baobaobooks.net: did not receive HSTS header
+baobeiglass.com: did not receive HSTS header
+barcel.com.mx: max-age too low: 86400
+barely.sexy: did not receive HSTS header
+barracuda.blog: could not connect to host
+barreaudenice.com: could not connect to host
+barrelhead.org: could not connect to host
+barrut.me: did not receive HSTS header
+barshout.co.uk: could not connect to host
+bartbania.com: did not receive HSTS header
+bartlamboo.nl: could not connect to host
+barunisystems.com: could not connect to host
+bashcode.ninja: could not connect to host
+basicsolutionsus.com: did not receive HSTS header
+basilisk.io: could not connect to host
+bassh.net: did not receive HSTS header
+batfoundry.com: could not connect to host
+baud.ninja: could not connect to host
+baudairenergyservices.com: did not receive HSTS header
+baum.ga: could not connect to host
+baumstark.ca: could not connect to host
+baysse.eu: could not connect to host
+bazarstupava.sk: could not connect to host
+bazisszoftver.hu: did not receive HSTS header
+bb-shiokaze.jp: did not receive HSTS header
+bbb1991.me: could not connect to host
+bbdos.ru: could not connect to host
+bbka.org.uk: could not connect to host
+bblovess.cn: could not connect to host
+bbnx.net: could not connect to host
+bbrinck.eu: could not connect to host
+bbuio.com: max-age too low: 86400
+bbwdom.xyz: could not connect to host
+bbwfacesitting.xyz: could not connect to host
+bbwfight.xyz: could not connect to host
+bbwteens.org: could not connect to host
+bcbsmagentprofile.com: could not connect to host
+bcchack.com: could not connect to host
+bccx.com: could not connect to host
+bcheng.cf: did not receive HSTS header
+bchep.com: could not connect to host
+bckp.de: could not connect to host
+bcm.com.au: did not receive HSTS header
+bcnx.de: max-age too low: 0
+bcradio.org: could not connect to host
+bcsytv.com: could not connect to host
+bcvps.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bcweightlifting.ca: could not connect to host
+bddemir.com: could not connect to host
+bde-epitech.fr: could not connect to host
+bdsmxxxpics.com: could not connect to host
+bdvg.org: could not connect to host
+be-real.life: did not receive HSTS header
+beach-inspector.com: did not receive HSTS header
+beachi.es: could not connect to host
+beaglewatch.com: could not connect to host
+beamitapp.com: could not connect to host
+bearden.io: could not connect to host
+beardydave.com: did not receive HSTS header
+beasel.biz: could not connect to host
+beastlog.tk: could not connect to host
+beastowner.com: did not receive HSTS header
+beautyconcept.co: did not receive HSTS header
+beavers.io: could not connect to host
+bebeefy.uk: could not connect to host
+bebesurdoue.com: could not connect to host
+bedabox.com: max-age too low: 0
+bedeta.de: could not connect to host
+bedreid.dk: did not receive HSTS header
+bedrijvenadministratie.nl: could not connect to host
+beerboutique.com.br: could not connect to host
+beetleroadstories.com: could not connect to host
+befundup.com: could not connect to host
+behere.be: could not connect to host
+beholdthehurricane.com: could not connect to host
+beier.io: did not receive HSTS header
+beikeil.de: max-age too low: 86400
+belairsewvac.com: could not connect to host
+belewpictures.com: could not connect to host
+belgien.guide: could not connect to host
+belize-firmengruendung.com: could not connect to host
+bellavistaoutdoor.com: could not connect to host
+belliash.eu.org: did not receive HSTS header
+belltower.io: could not connect to host
+belmontprom.com: could not connect to host
+belpbleibtbelp.ch: could not connect to host
+belwederczykow.eu: could not connect to host
+bemyvictim.com: max-age too low: 2678400
+bendechrai.com: did not receive HSTS header
+beneffy.com: did not receive HSTS header
+benjakesjohnson.com: could not connect to host
+benjamin-horvath.com: could not connect to host
+benjamin-suess.de: could not connect to host
+benk.press: could not connect to host
+benny003.de: could not connect to host
+benohead.com: did not receive HSTS header
+bentphotos.se: could not connect to host
+benwattie.com: could not connect to host
+benzkosmetik.de: did not receive HSTS header
+benzou-space.com: could not connect to host
+beourvictim.com: max-age too low: 2678400
+bep362.vn: could not connect to host
+beraru.tk: could not connect to host
+berduri.com: could not connect to host
+berger.work: could not connect to host
+bergland-seefeld.at: did not receive HSTS header
+berlatih.com: did not receive HSTS header
+berlinleaks.com: could not connect to host
+bermytraq.bm: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bernexskiclub.ch: did not receive HSTS header
+bernieware.de: could not connect to host
+berrymark.be: max-age too low: 0
+berthelier.me: could not connect to host
+besixdouze.world: could not connect to host
+beslider.com: could not connect to host
+besnik.de: could not connect to host
+besola.de: did not receive HSTS header
+bestbeards.ca: could not connect to host
+bestcellular.com: did not receive HSTS header
+bestellipticalmachinereview.info: could not connect to host
+bestfitnesswatchreview.info: could not connect to host
+besthost.cz: did not receive HSTS header
+besthotsales.com: could not connect to host
+bestof1001.de: did not receive HSTS header
+bestorangeseo.com: could not connect to host
+betaclean.fr: did not receive HSTS header
+betafive.net: could not connect to host
+betakah.net: could not connect to host
+betcafearena.ro: did not receive HSTS header
+bethanyduke.com: did not receive HSTS header
+bethditto.com: did not receive HSTS header
+betnet.fr: could not connect to host
+betobaccofree.gov: could not connect to host
+betplanning.it: did not receive HSTS header
+bets.de: did not receive HSTS header
+betterlifemakers.com: max-age too low: 200
+bettween.com: did not receive HSTS header
+betz.ro: did not receive HSTS header
+beulahtabernacle.com: could not connect to host
+bevapehappy.com: did not receive HSTS header
+bewerbungsfibel.de: did not receive HSTS header
+bey.io: could not connect to host
+beyond-edge.com: could not connect to host
+beyuna.co.uk: did not receive HSTS header
+beyuna.eu: did not receive HSTS header
+beyuna.nl: did not receive HSTS header
+bezorg.ninja: could not connect to host
+bezprawnik.pl: did not receive HSTS header
+bf.am: max-age too low: 0
+bfd.vodka: did not receive HSTS header
+bfear.com: could not connect to host
+bfelob.gov: could not connect to host
+bffm.biz: could not connect to host
+bfrailwayclub.cf: could not connect to host
+bgcparkstad.nl: did not receive HSTS header
+bgmn.net: could not connect to host
+bhatia.at: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+biapinheiro.com.br: max-age too low: 5184000
+bible-maroc.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+biblerhymes.com: did not receive HSTS header
+bidon.ca: did not receive HSTS header
+bie.edu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bieberium.de: could not connect to host
+biego.cn: did not receive HSTS header
+bielsa.me: could not connect to host
+bienenblog.cc: could not connect to host
+bierbringer.at: could not connect to host
+big-black.de: did not receive HSTS header
+bigbbqbrush.bid: could not connect to host
+bigbounceentertainment.co.uk: did not receive HSTS header
+bigbrownpromotions.com.au: did not receive HSTS header
+bigerbio.com: could not connect to host
+biglou.com: max-age too low: 3153600
+bigshinylock.minazo.net: could not connect to host
+biguixhe.net: did not receive HSTS header
+bijouxdegriffe.com.br: could not connect to host
+bijugeral.com.br: could not connect to host
+bikermusic.net: could not connect to host
+bildiri.ci: did not receive HSTS header
+biletua.de: could not connect to host
+billin.net: did not receive HSTS header
+billkiss.com: could not connect to host
+billninja.com: did not receive HSTS header
+billrusling.com: could not connect to host
+bimbo.com: did not receive HSTS header
+bimbo.com.ar: max-age too low: 86400
+bimbobakeriesusa.com: max-age too low: 86400
+binam.center: could not connect to host
+binaryfigments.com: max-age too low: 86400
+binderapp.net: could not connect to host
+bingcheung.com: could not connect to host
+binimo.com: could not connect to host
+binsp.net: could not connect to host
+bioespuna.eu: did not receive HSTS header
+biofam.ru: did not receive HSTS header
+bioknowme.com: did not receive HSTS header
+bionicspirit.com: could not connect to host
+biophysik-ssl.de: did not receive HSTS header
+bip.gov.sa: could not connect to host
+birkman.com: did not receive HSTS header
+birminghamsunset.com: could not connect to host
+biscuits-rec.com: could not connect to host
+biscuits-shop.com: could not connect to host
+bismarck.moe: did not receive HSTS header
+bisterfeldt.com: could not connect to host
+bitbit.org: did not receive HSTS header
+bitbr.net: did not receive HSTS header
+bitcantor.com: did not receive HSTS header
+bitchan.it: could not connect to host
+bitcoin-class.com: could not connect to host
+bitcoin-daijin.com: could not connect to host
+bitcoinjpn.com: could not connect to host
+bitcoinprivacy.net: did not receive HSTS header
+bitcoinworld.me: did not receive HSTS header
+bitconcepts.co.uk: could not connect to host
+biteoftech.com: did not receive HSTS header
+bitf.ly: could not connect to host
+bitfactory.ws: could not connect to host
+bitfarm-archiv.com: did not receive HSTS header
+bitfarm-archiv.de: did not receive HSTS header
+bitheus.com: could not connect to host
+bithosting.io: did not receive HSTS header
+bitlish.com: max-age too low: 86400
+bitmaincare.com.ua: could not connect to host
+bitmaincare.ru: could not connect to host
+bitnet.io: did not receive HSTS header
+bitrage.de: could not connect to host
+bitraum.io: could not connect to host
+bitsafe.systems: did not receive HSTS header
+bitvigor.com: did not receive HSTS header
+bitwrought.net: could not connect to host
+bityes.org: could not connect to host
+bivsi.com: could not connect to host
+bizcms.com: did not receive HSTS header
+bizon.sk: did not receive HSTS header
+bizpare.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bizzartech.com: did not receive HSTS header
+bizzybeebouncers.co.uk: did not receive HSTS header
+bjgongyi.com: could not connect to host
+bjs.gov: did not receive HSTS header
+bjtxl.cn: could not connect to host
+bkb-skandal.ch: could not connect to host
+black-armada.com: could not connect to host
+black-armada.com.pl: could not connect to host
+black-armada.pl: could not connect to host
+black-octopus.ru: could not connect to host
+black-raven.fr: did not receive HSTS header
+blackburn.link: could not connect to host
+blackdiam.net: could not connect to host
+blacklane.com: did not receive HSTS header
+blackly.uk: max-age too low: 0
+blackpayment.ru: could not connect to host
+blackunicorn.wtf: could not connect to host
+bladesmith.io: did not receive HSTS header
+blakerandall.xyz: could not connect to host
+blantik.net: could not connect to host
+blauwwit.be: did not receive HSTS header
+blazeit.io: could not connect to host
+blazor.nl: did not receive HSTS header
+blendlecdn.com: could not connect to host
+blenheimchalcot.com: did not receive HSTS header
+blessnet.jp: did not receive HSTS header
+blha303.com.au: could not connect to host
+blindaryproduction.tk: could not connect to host
+blindsexdate.nl: did not receive HSTS header
+blinkenlight.co.uk: could not connect to host
+blinkenlight.com.au: could not connect to host
+blitzprog.org: could not connect to host
+blmiller.com: could not connect to host
+blocksatz-medien.de: could not connect to host
+blog-ritaline.com: could not connect to host
+blog.coffee: could not connect to host
+blog.cyveillance.com: did not receive HSTS header
+blog.gparent.org: could not connect to host
+blog.torproject.org: max-age too low: 1000
+bloglife-bb.com: did not receive HSTS header
+bloglikepro.com: could not connect to host
+blognone.com: did not receive HSTS header
+blogonblogspot.com: did not receive HSTS header
+blokuhaka.fr: could not connect to host
+bloomnbud.com: did not receive HSTS header
+bloomzoomy.ru: max-age too low: 172800
+blowjs.com: could not connect to host
+bltc.co: could not connect to host
+blubbablasen.de: could not connect to host
+blucas.org: did not receive HSTS header
+blue17.co.uk: did not receive HSTS header
+bluebill.net: did not receive HSTS header
+bluecon.eu: did not receive HSTS header
+bluefrag.com: did not receive HSTS header
+blueglobalmedia.com: did not receive HSTS header
+blueliv.com: did not receive HSTS header
+bluepearl.tk: could not connect to host
+bluescloud.xyz: could not connect to host
+bluetenmeer.com: did not receive HSTS header
+bluketing.com: did not receive HSTS header
+blumen-garage.de: could not connect to host
+bluserv.net: could not connect to host
+bluteklab.com: did not receive HSTS header
+blutroyal.de: could not connect to host
+bm-i.ch: could not connect to host
+bm-trading.nl: did not receive HSTS header
+bngsecure.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+bnhlibrary.com: did not receive HSTS header
+board-buy.ru: could not connect to host
+bodo-wolff.de: could not connect to host
+bodrumfarm.com: could not connect to host
+bodyblog.nl: did not receive HSTS header
+bodybuilding-legends.com: could not connect to host
+bodyweightsolution.com: could not connect to host
+boensou.com: did not receive HSTS header
+bogosity.se: could not connect to host
+bohaishibei.com: did not receive HSTS header
+bohan.life: could not connect to host
+bohramt.de: did not receive HSTS header
+boiadeirodeberna.com: could not connect to host
+boltdata.io: could not connect to host
+bolwerk.com.br: could not connect to host
+bomberus.de: could not connect to host
+bonapp.restaurant: could not connect to host
+boneko.de: could not connect to host
+bonitabrazilian.co.nz: did not receive HSTS header
+bonobo.cz: could not connect to host
+bonop.com: did not receive HSTS header
+bonta.one: did not receive HSTS header
+book-of-ra.de: did not receive HSTS header
+bookcelerator.com: did not receive HSTS header
+booked.holiday: could not connect to host
+bookofraonlinecasinos.com: did not receive HSTS header
+bookshopofindia.com: could not connect to host
+boomerang.com: did not receive HSTS header
+boosterlearnpro.com: did not receive HSTS header
+booth.in.th: could not connect to host
+bootikexpress.fr: did not receive HSTS header
+boozinyan.com: could not connect to host
+borchers-media.de: could not connect to host
+borderlinegroup.com: could not connect to host
+boringsecurity.net: could not connect to host
+boris.one: did not receive HSTS header
+boris64.net: did not receive HSTS header
+borisbesemer.com: could not connect to host
+borrelioz.com: did not receive HSTS header
+borscheid-wenig.com: did not receive HSTS header
+bosabosa.org: could not connect to host
+boschee.net: could not connect to host
+botox.bz: did not receive HSTS header
+botstack.host: did not receive HSTS header
+bounceboxspc.com: did not receive HSTS header
+bouncecoffee.com: did not receive HSTS header
+bouncelanduk.co.uk: did not receive HSTS header
+bouncing-bugs.co.uk: could not connect to host
+bouwbedrijfpurmerend.nl: did not receive HSTS header
+bowlroll.net: max-age too low: 0
+boxcryptor.com: did not receive HSTS header
+boxing-austria.eu: did not receive HSTS header
+boxintense.com: did not receive HSTS header
+boxlitepackaging.com: did not receive HSTS header
+boyan.in: did not receive HSTS header
+boyfriendhusband.men: did not receive HSTS header
+bp-wahl.at: did not receive HSTS header
+bqcp.net: could not connect to host
+bqtoolbox.com: could not connect to host
+bragasoft.com.br: did not receive HSTS header
+brage.info: could not connect to host
+braineet.com: did not receive HSTS header
+brainfork.ml: could not connect to host
+brainfpv.com: did not receive HSTS header
+braintensive.com: could not connect to host
+braintm.com: could not connect to host
+braintreebouncycastles.com: did not receive HSTS header
+braintreegateway.com: did not receive HSTS header
+braintreepayments.com: did not receive HSTS header
+brainvation.de: did not receive HSTS header
+brambogaerts.nl: did not receive HSTS header
+bran.cc: could not connect to host
+branchtrack.com: did not receive HSTS header
+branchzero.com: did not receive HSTS header
+brandnewdays.nl: could not connect to host
+brandon.so: could not connect to host
+brandons.site: did not receive HSTS header
+brandontaylor-black.com: could not connect to host
+brandred.net: could not connect to host
+brandspray.com: could not connect to host
+brasilien.guide: could not connect to host
+brasilmorar.com: could not connect to host
+bravz.de: could not connect to host
+breathingblanket.com: could not connect to host
+brenden.net.au: could not connect to host
+bress.cloud: could not connect to host
+brettpemberton.xyz: did not receive HSTS header
+briangarcia.ga: could not connect to host
+brianpcurran.com: could not connect to host
+brickoo.com: could not connect to host
+brickyardbuffalo.com: did not receive HSTS header
+bridholm.se: could not connect to host
+brightonchilli.org.uk: could not connect to host
+brightstarkids.co.uk: did not receive HSTS header
+brightstarkids.com.au: did not receive HSTS header
+brightstarkids.net: did not receive HSTS header
+brightstarkids.sg: did not receive HSTS header
+brilliantbuilders.co.uk: did not receive HSTS header
+brio-ukraine.store: could not connect to host
+britzer-toner.de: did not receive HSTS header
+brix.ninja: did not receive HSTS header
+brks.xyz: could not connect to host
+broken-oak.com: could not connect to host
+brookechase.com: did not receive HSTS header
+brookframework.org: could not connect to host
+browserid.org: could not connect to host
+brrd.io: did not receive HSTS header
+brrr.fr: could not connect to host
+brunix.net: did not receive HSTS header
+brunohenc.from.hr: could not connect to host
+brunoonline.co.uk: could not connect to host
+bryn.xyz: could not connect to host
+brynnan.nl: could not connect to host
+bs12v.ru: did not receive HSTS header
+bsalyzer.com: could not connect to host
+bsdtips.com: could not connect to host
+bsklabels.com: did not receive HSTS header
+bsktweetup.info: could not connect to host
+bslim-e-boutique.com: could not connect to host
+bsuess.de: could not connect to host
+btc-e.com: did not receive HSTS header
+btcdlc.com: could not connect to host
+btcpot.ltd: did not receive HSTS header
+btxiaobai.com: did not receive HSTS header
+buben.tech: did not receive HSTS header
+bubulazi.com: did not receive HSTS header
+bubulazy.com: did not receive HSTS header
+buch-cuber.de: max-age too low: 0
+buchheld.at: did not receive HSTS header
+bucket.tk: could not connect to host
+budgetthostels.nl: did not receive HSTS header
+budskap.eu: could not connect to host
+buenosairesestetica.com.ar: could not connect to host
+bugginslab.co.uk: could not connect to host
+bugsmashed.com: could not connect to host
+bugtrack.io: could not connect to host
+buhler.pro: did not receive HSTS header
+build.chromium.org: did not receive HSTS header (error ignored - included regardless)
+buildci.asia: could not connect to host
+buildify.co.za: could not connect to host
+buildingclouds.at: could not connect to host
+buildingclouds.ch: could not connect to host
+buildingclouds.de: did not receive HSTS header
+buildingclouds.es: could not connect to host
+buildingclouds.eu: could not connect to host
+buildingclouds.fr: could not connect to host
+buildsaver.co.za: did not receive HSTS header
+builmaker.com: did not receive HSTS header
+built.by: did not receive HSTS header
+bukatv.cz: could not connect to host
+bulgarien.guide: could not connect to host
+bulkbuy.tech: could not connect to host
+bullbits.com: max-age too low: 0
+bulletbabu.com: could not connect to host
+bulletpoint.cz: could not connect to host
+bullterrier.me: could not connect to host
+bulmafox.com: could not connect to host
+bumarkamoda.com: did not receive HSTS header
+bunaken.asia: did not receive HSTS header
+bunbomenu.de: could not connect to host
+bunsenlabs.org: max-age too low: 2592000
+bupu.ml: did not receive HSTS header
+bureaubolster.nl: did not receive HSTS header
+bureaugravity.com: did not receive HSTS header
+burian-server.cz: could not connect to host
+burlesquemakeup.com: did not receive HSTS header
+burningcrash.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+burpsuite.site: could not connect to host
+burrow.ovh: could not connect to host
+burrowingsec.com: could not connect to host
+burtrum.top: could not connect to host
+buryat-mongol.cf: could not connect to host
+bush41.org: did not receive HSTS header
+business.lookout.com: could not connect to host
+business.medbank.com.mt: did not receive HSTS header
+businessfurs.info: could not connect to host
+businesshosting.nl: did not receive HSTS header
+businesshub.cz: could not connect to host
+businessloanconnection.org: did not receive HSTS header
+businessmodeler.se: could not connect to host
+busold.ws: could not connect to host
+bustimes.org.uk: did not receive HSTS header
+butchersworkshop.com: did not receive HSTS header
+butian518.com: did not receive HSTS header
+buttercoin.com: could not connect to host
+butterfieldstraining.com: did not receive HSTS header
+buvinghausen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+buybaby.eu: did not receive HSTS header
+buyfox.de: did not receive HSTS header
+buyingsellingflorida.com: could not connect to host
+buynowdepot.com: did not receive HSTS header
+buyshoe.org: could not connect to host
+buzzconcert.com: could not connect to host
+buzztelco.com.au: did not receive HSTS header
+bvexplained.co.uk: could not connect to host
+bw81.xyz: could not connect to host
+bwear4all.de: could not connect to host
+by1898.com: could not connect to host
+by4cqb.cn: could not connect to host
+bydisk.com: could not connect to host
+byji.com: could not connect to host
+bynet.cz: could not connect to host
+bynumlaw.net: did not receive HSTS header
+bypass.kr: could not connect to host
+bypassed.bid: could not connect to host
+bypassed.cc: could not connect to host
+bypassed.club: could not connect to host
+bypassed.date: could not connect to host
+bypassed.download: could not connect to host
+bypassed.faith: could not connect to host
+bypassed.host: could not connect to host
+bypassed.me: could not connect to host
+bypassed.online: could not connect to host
+bypassed.org: did not receive HSTS header
+bypassed.party: could not connect to host
+bypassed.press: could not connect to host
+bypassed.pw: could not connect to host
+bypassed.rocks: did not receive HSTS header
+bypassed.site: could not connect to host
+bypassed.st: did not receive HSTS header
+bypassed.today: could not connect to host
+bypassed.works: could not connect to host
+bypassed.world: could not connect to host
+bypro.xyz: could not connect to host
+bysymphony.com: max-age too low: 0
+byte.chat: did not receive HSTS header
+byte.wtf: did not receive HSTS header
+bytepark.de: did not receive HSTS header
+bytesatwork.eu: could not connect to host
+byteshift.ca: could not connect to host
+bytesund.biz: could not connect to host
+byurudraw.pics: could not connect to host
+c-rickroll-v.pw: could not connect to host
+c0rn3j.com: did not receive HSTS header
+c16t.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+c1yd3i.me: could not connect to host
+c2lab.net: did not receive HSTS header
+c3-compose.com: could not connect to host
+c3b.info: could not connect to host
+cabsites.com: could not connect to host
+cabusar.fr: did not receive HSTS header
+caconnect.org: could not connect to host
+cadao.me: did not receive HSTS header
+caesreon.com: could not connect to host
+cafe-murr.de: could not connect to host
+cafe-scientifique.org.ec: could not connect to host
+cafe-service.ru: did not receive HSTS header
+cafesg.net: could not connect to host
+caim.cz: did not receive HSTS header
+caipai.fm: could not connect to host
+cajapopcorn.com: did not receive HSTS header
+cake.care: could not connect to host
+calcularpagerank.com.br: could not connect to host
+calculatoaresecondhand.xyz: could not connect to host
+calgaryconstructionjobs.com: did not receive HSTS header
+calix.com: max-age too low: 0
+callabs.net: could not connect to host
+callsigns.ca: could not connect to host
+calltrackingreports.com: could not connect to host
+calomel.org: max-age too low: 2764800
+caltonnutrition.com: did not receive HSTS header
+calvin.me: max-age too low: 2592000
+calvinallen.net: did not receive HSTS header
+calypsogames.net: did not receive HSTS header
+camashop.de: did not receive HSTS header
+cambridgeanalytica.net: could not connect to host
+cambridgeanalytica.org: did not receive HSTS header
+camda.online: could not connect to host
+camelservers.com: did not receive HSTS header
+camisadotorcedor.com.br: could not connect to host
+camjackson.net: did not receive HSTS header
+cammarkets.com: could not connect to host
+camolist.com: could not connect to host
+campaignelves.com: did not receive HSTS header
+campbellsoftware.co.uk: could not connect to host
+campfire.co.il: did not receive HSTS header
+campingcarlovers.com: could not connect to host
+campusdrugprevention.gov: did not receive HSTS header
+camsanalytics.com: could not connect to host
+canadabread.com: max-age too low: 86400
+canadiangamblingchoice.com: did not receive HSTS header
+cancelmyprofile.com: could not connect to host
+cancreate.nl: did not receive HSTS header
+candicontrols.com: did not receive HSTS header
+candratech.com: could not connect to host
+candygirl.shop: could not connect to host
+canyonshoa.com: did not receive HSTS header
+capecycles.co.za: did not receive HSTS header
+capeyorkfire.com.au: did not receive HSTS header
+capogna.com: did not receive HSTS header
+caps.is: could not connect to host
+capsogusto.com: did not receive HSTS header
+captchatheprize.com: could not connect to host
+captianseb.de: could not connect to host
+captivatedbytabrett.com: could not connect to host
+capturethepen.co.uk: could not connect to host
+car-navi.ph: did not receive HSTS header
+carano-service.de: did not receive HSTS header
+caraudio69.cz: could not connect to host
+carboneselectricosnettosl.info: max-age too low: 0
+card-toka.jp: did not receive HSTS header
+cardloan-manual.net: could not connect to host
+cardoni.net: did not receive HSTS header
+cardse.net: could not connect to host
+cardstream.com: did not receive HSTS header
+cardurl.com: did not receive HSTS header
+careerstuds.com: could not connect to host
+caringladies.org: could not connect to host
+carlo.mx: did not receive HSTS header
+carlolly.co.uk: could not connect to host
+carlosalves.info: did not receive HSTS header
+carloshmm.stream: could not connect to host
+carlovanwyk.com: could not connect to host
+carpliyz.com: could not connect to host
+carroarmato0.be: did not receive HSTS header
+carsforbackpackers.com: could not connect to host
+carstenfeuls.de: did not receive HSTS header
+cartesunicef.be: did not receive HSTS header
+cartoonhd.cc: did not receive HSTS header
+carwashvapeur.be: could not connect to host
+casashopp.com.br: could not connect to host
+casc.cz: did not receive HSTS header
+casedi.org: max-age too low: 0
+casefall.com: could not connect to host
+cash-pos.com: could not connect to host
+cashmyphone.ch: could not connect to host
+casino-cashflow.ru: did not receive HSTS header
+casinoreal.com: could not connect to host
+casinostest.com: could not connect to host
+casioshop.eu: did not receive HSTS header
+casovi.cf: could not connect to host
+castagnonavocats.com: did not receive HSTS header
+cata.ga: could not connect to host
+catalin.pw: could not connect to host
+catarsisvr.com: could not connect to host
+catinmay.com: did not receive HSTS header
+catnapstudios.com: could not connect to host
+catsmagic.pp.ua: could not connect to host
+caughtredhanded.co.nz: could not connect to host
+cavaleria.ro: did not receive HSTS header
+caveclan.org: did not receive HSTS header
+cavedevs.de: could not connect to host
+cavedroid.xyz: could not connect to host
+cavern.tv: did not receive HSTS header
+cayafashion.de: did not receive HSTS header
+cbengineeringinc.com: could not connect to host
+cbhq.net: could not connect to host
+ccblog.de: did not receive HSTS header
+ccretreatandfarm.com: did not receive HSTS header
+ccsys.com: could not connect to host
+cctech.ph: could not connect to host
+cctld.com: could not connect to host
+cd0.us: could not connect to host
+cdcpartners.gov: could not connect to host
+cdeck.net: could not connect to host
+cdnb.co: could not connect to host
+cdndepo.com: could not connect to host
+cdnk39.com: could not connect to host
+cdreporting.co.uk: did not receive HSTS header
+cdt.org: did not receive HSTS header
+ce-agentur.de: did not receive HSTS header
+cee.io: could not connect to host
+cegfw.com: could not connect to host
+celebphotos.blog: did not receive HSTS header
+celeirorural.com.br: did not receive HSTS header
+celina-reads.de: did not receive HSTS header
+cellsites.nz: could not connect to host
+celuliteonline.com: could not connect to host
+cencalvia.org: could not connect to host
+centennialrewards.com: did not receive HSTS header
+centos.pub: could not connect to host
+centrallead.net: could not connect to host
+centralpoint.be: did not receive HSTS header
+centralpoint.nl: did not receive HSTS header
+centralvacsunlimited.net: did not receive HSTS header
+centralync.com: could not connect to host
+centrepoint-community.com: could not connect to host
+centsforchange.net: could not connect to host
+ceresia.ch: could not connect to host
+ceritamalam.net: could not connect to host
+cerize.love: could not connect to host
+cernega.ro: did not receive HSTS header
+cert.se: max-age too low: 2628001
+certifi.io: could not connect to host
+certmgr.org: could not connect to host
+cesal.net: could not connect to host
+cesidianroot.eu: could not connect to host
+cevrimici.com: could not connect to host
+cfcnexus.org: could not connect to host
+cfcproperties.com: did not receive HSTS header
+cfetengineering.com: could not connect to host
+cfoitplaybook.com: could not connect to host
+cganx.org: could not connect to host
+cgerstner.eu: did not receive HSTS header
+cgsshelper.tk: could not connect to host
+cgtx.us: could not connect to host
+chadklass.com: could not connect to host
+chahub.com: could not connect to host
+chainmonitor.com: could not connect to host
+challengeskins.com: could not connect to host
+champ.dog: did not receive HSTS header
+championnat-romand-cuisiniers-amateurs.ch: could not connect to host
+championsofregnum.com: did not receive HSTS header
+champserver.net: could not connect to host
+chandlerredding.com: did not receive HSTS header
+changelab.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+changetip.com: did not receive HSTS header
+channellife.asia: could not connect to host
+chanshiyu.com: did not receive HSTS header
+chaos.fail: could not connect to host
+chaoswebs.net: did not receive HSTS header
+chaouby.com: could not connect to host
+charbonnel.eu: could not connect to host
+chargejuice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+charityclear.com: did not receive HSTS header
+charitystreet.co.uk: could not connect to host
+charlenevondell.com: could not connect to host
+charliemcneive.com: did not receive HSTS header
+charlipopkids.com.au: could not connect to host
+charnleyhouse.co.uk: did not receive HSTS header
+charonsecurity.com: could not connect to host
+charp.eu: could not connect to host
+chartstoffarm.de: max-age too low: 10
+chaska.co.za: did not receive HSTS header
+chat-porc.eu: did not receive HSTS header
+chatbot.me: did not receive HSTS header
+chateauconstellation.ch: did not receive HSTS header
+chatup.cf: could not connect to host
+chaulootz.com: did not receive HSTS header
+chcemvediet.sk: max-age too low: 1555200
+cheapdns.org: could not connect to host
+cheapwritingservice.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cheatturnitin.com: did not receive HSTS header
+cheazey.net: did not receive HSTS header
+chebedara.com: could not connect to host
+checkout.google.com: did not receive HSTS header (error ignored - included regardless)
+cheerflow.com: could not connect to host
+cheesefusion.com: could not connect to host
+cheesetart.my: could not connect to host
+cheetah85.de: could not connect to host
+chefgalles.com.br: could not connect to host
+chejianer.cn: could not connect to host
+chelema.xyz: could not connect to host
+chenfengyi.com: could not connect to host
+chensir.net: could not connect to host
+chepaofen.com: did not receive HSTS header
+cherekerry.com: could not connect to host
+cherysunzhang.com: did not receive HSTS header
+chesterbrass.uk: did not receive HSTS header
+chiamata-aiuto.ch: could not connect to host
+chib.chat: could not connect to host
+chihiro.xyz: did not receive HSTS header
+chijiokeindustries.co.uk: could not connect to host
+childcaresolutionscny.org: did not receive HSTS header
+childrendeservebetter.org: could not connect to host
+china-line.org: could not connect to host
+chinternet.xyz: could not connect to host
+chiphell.com: did not receive HSTS header
+chirgui.eu: could not connect to host
+chiropracticwpb.com: could not connect to host
+chloe.re: could not connect to host
+chlouis.net: could not connect to host
+chm.vn: did not receive HSTS header
+chodobien.com: could not connect to host
+choiralberta.ca: could not connect to host
+chontalpa.pw: could not connect to host
+chordso.com: could not connect to host
+choruscrowd.com: could not connect to host
+chotu.net: could not connect to host
+chris-web.info: could not connect to host
+chrisandsarahinasia.com: did not receive HSTS header
+chrisbrakebill.com: could not connect to host
+chrisbrown.id.au: could not connect to host
+chrisfaber.com: could not connect to host
+chriskirchner.de: did not receive HSTS header
+chriskyrouac.com: could not connect to host
+chrisopperwall.com: did not receive HSTS header
+chrisself.xyz: did not receive HSTS header
+christiaandruif.nl: could not connect to host
+christianbro.gq: could not connect to host
+christianhoffmann.info: could not connect to host
+christina-quast.de: did not receive HSTS header
+christophercolumbusfoundation.gov: could not connect to host
+christophersole.com: could not connect to host
+christophheich.me: did not receive HSTS header
+chrisupjohn.com: could not connect to host
+chrisvicmall.com: did not receive HSTS header
+chromaryu.net: could not connect to host
+chrome: could not connect to host
+chrome-devtools-frontend.appspot.com: did not receive HSTS header (error ignored - included regardless)
+chrome.google.com: did not receive HSTS header (error ignored - included regardless)
+chrst.ph: could not connect to host
+chs.us: did not receive HSTS header
+chua.cf: could not connect to host
+chuckame.fr: did not receive HSTS header
+chulado.com: did not receive HSTS header
+churchux.co: did not receive HSTS header
+churrasqueirafacil.com.br: could not connect to host
+chziyue.com: could not connect to host
+ci-labo.com.tw: max-age too low: 7889238
+cidr.ml: could not connect to host
+cienbeaute-lidl.fr: did not receive HSTS header
+cigarblogs.net: could not connect to host
+cigi.site: could not connect to host
+ciicutini.ro: did not receive HSTS header
+cim2b.de: could not connect to host
+cimalando.eu: could not connect to host
+cinartelorgu.com: did not receive HSTS header
+cintdirect.com: could not connect to host
+cioconference.co.nz: could not connect to host
+cipher.land: could not connect to host
+ciplanutrition.com: did not receive HSTS header
+circ-logic.com: did not receive HSTS header
+ciscohomeanalytics.com: could not connect to host
+ciscommerce.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+citiagent.cz: could not connect to host
+citimarinestore.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cityoflaurel.org: did not receive HSTS header
+citywalkr.com: could not connect to host
+cium.ru: could not connect to host
+cjcaron.org: could not connect to host
+cjr.host: could not connect to host
+cjtkfan.club: could not connect to host
+claimit.ml: could not connect to host
+clan-ww.com: did not receive HSTS header
+clara-baumert.de: could not connect to host
+claralabs.com: did not receive HSTS header
+clarity-c2ced.appspot.com: did not receive HSTS header
+classicday.nl: could not connect to host
+classicsandexotics.com: could not connect to host
+classicshop.ua: did not receive HSTS header
+classicspublishing.com: could not connect to host
+classifiedssa.co.za: could not connect to host
+clcleaningco.com: could not connect to host
+cleanexperts.co.uk: could not connect to host
+cleaningsquad.ca: could not connect to host
+cleanmta.com: could not connect to host
+clearc.tk: could not connect to host
+clearchatsandbox.com: could not connect to host
+clearsky.me: did not receive HSTS header
+clearviewwealthprojector.com.au: could not connect to host
+clerkendweller.uk: did not receive HSTS header
+clickandgo.com: did not receive HSTS header
+clickandshoot.nl: did not receive HSTS header
+clickclickphish.com: did not receive HSTS header
+clickgram.biz: could not connect to host
+clicn.bio: could not connect to host
+clicnbio.com: did not receive HSTS header
+cliftons.com: did not receive HSTS header
+clinicaferrusbratos.com: did not receive HSTS header
+clintonbloodworth.com: could not connect to host
+clintonbloodworth.io: could not connect to host
+clintwilson.technology: max-age too low: 2592000
+clip.ovh: did not receive HSTS header
+clipped4u.com: could not connect to host
+closient.com: did not receive HSTS header
+cloud-crowd.com.au: did not receive HSTS header
+cloud-project.com: could not connect to host
+cloud.wtf: could not connect to host
+cloud42.ch: did not receive HSTS header
+cloudapi.vc: could not connect to host
+cloudbasedsite.com: did not receive HSTS header
+cloudbleed.info: could not connect to host
+cloudcert.org: did not receive HSTS header
+cloudcy.net: could not connect to host
+clouddesktop.co.nz: could not connect to host
+cloudey.net: did not receive HSTS header
+cloudfren.com: did not receive HSTS header
+cloudimag.es: could not connect to host
+cloudimproved.com: could not connect to host
+cloudimprovedtest.com: could not connect to host
+cloudlink.club: could not connect to host
+cloudns.com.au: could not connect to host
+cloudopt.net: did not receive HSTS header
+clouds.webcam: could not connect to host
+cloudspotterapp.com: did not receive HSTS header
+cloudstoragemaus.com: could not connect to host
+cloudstorm.me: could not connect to host
+cloudstrike.co: could not connect to host
+cloudwalk.io: did not receive HSTS header
+clounix.online: could not connect to host
+clovissantos.com: did not receive HSTS header
+clowde.in: could not connect to host
+clownaroundbouncycastles.co.uk: did not receive HSTS header
+clownish.co.il: could not connect to host
+club-adulti.ro: did not receive HSTS header
+clubalfa.it: did not receive HSTS header
+clubmix.co.kr: could not connect to host
+cluster.id: did not receive HSTS header
+clvrwebdesign.com: did not receive HSTS header
+clycat.ru: could not connect to host
+clywedogmaths.co.uk: could not connect to host
+cmc-versand.de: did not receive HSTS header
+cmci.dk: did not receive HSTS header
+cms-weble.jp: could not connect to host
+cmsbattle.com: could not connect to host
+cmscafe.ru: did not receive HSTS header
+cmso-cal.com: could not connect to host
+cncn.us: did not receive HSTS header
+cnlic.com: could not connect to host
+cnwage.com: could not connect to host
+cnwarn.com: could not connect to host
+co-driversphoto.se: could not connect to host
+co-yutaka.com: could not connect to host
+coach-sportif.paris: did not receive HSTS header
+cobaltlp.com: could not connect to host
+cobrax.net: could not connect to host
+coccolebenessere.it: could not connect to host
+cocktailfuture.fr: could not connect to host
+cocolovesdaddy.com: could not connect to host
+codabix.com: did not receive HSTS header
+codabix.de: could not connect to host
+codabix.net: could not connect to host
+code-35.com: could not connect to host
+code-digsite.com: could not connect to host
+code-judge.tk: did not receive HSTS header
+code.google.com: did not receive HSTS header (error ignored - included regardless)
+codealkemy.co: max-age too low: 43200
+codeco.pw: could not connect to host
+codecontrollers.de: could not connect to host
+codeforce.io: could not connect to host
+codeforhakodate.org: did not receive HSTS header
+codejunkie.de: did not receive HSTS header
+codelayer.ca: could not connect to host
+codelitmus.com: did not receive HSTS header
+codelove.de: did not receive HSTS header
+codemonkeyrawks.net: could not connect to host
+codenlife.xyz: could not connect to host
+codepoet.de: did not receive HSTS header
+codepx.com: did not receive HSTS header
+codercross.com: could not connect to host
+codes.pk: did not receive HSTS header
+codewiththepros.org: could not connect to host
+codewiz.xyz: could not connect to host
+codigosddd.com.br: did not receive HSTS header
+coffeeetc.co.uk: max-age too low: 7889238
+coffeestrategies.com: max-age too low: 5184000
+cogniflex.com: did not receive HSTS header
+cogumelosmagicos.org: could not connect to host
+cohesive.io: did not receive HSTS header
+coin.dance: did not receive HSTS header
+coinbit.trade: did not receive HSTS header
+coindam.com: could not connect to host
+colasjourdain.fr: did not receive HSTS header
+coldlostsick.net: could not connect to host
+colearnr.com: could not connect to host
+collabra.email: did not receive HSTS header
+collard.tk: did not receive HSTS header
+collectosaurus.com: did not receive HSTS header
+colleencornez.com: could not connect to host
+collegepulse.org: could not connect to host
+collies.eu: max-age too low: 3
+collins.kg: could not connect to host
+collins.press: did not receive HSTS header
+collinsartworks.com: did not receive HSTS header
+collision.fyi: could not connect to host
+colmexpro.com: did not receive HSTS header
+colognegaming.net: could not connect to host
+coloradocomputernetworking.net: could not connect to host
+colorlib.com: did not receive HSTS header
+colorunhas.com.br: could not connect to host
+comalia.com: could not connect to host
+combatshield.cz: could not connect to host
+comeoncolleen.com: did not receive HSTS header
+comfortdom.ua: did not receive HSTS header
+comfortticket.de: did not receive HSTS header
+comfy.cafe: did not receive HSTS header
+comfy.moe: did not receive HSTS header
+comico.info: did not receive HSTS header
+comicspines.com: could not connect to host
+comitesaustria.at: could not connect to host
+comiteshopping.com: could not connect to host
+commerciallocker.com: did not receive HSTS header
+commercialplanet.eu: could not connect to host
+commune-preuilly.fr: did not receive HSTS header
+comocurarlashemorroides.org: could not connect to host
+comocurarlashemorroidesya.com: did not receive HSTS header
+comotalk.com: could not connect to host
+compalytics.com: could not connect to host
+comparamejor.com: did not receive HSTS header
+compareandrecycle.co.uk: did not receive HSTS header
+comparejewelleryprices.co.uk: could not connect to host
+comparetravelinsurance.com.au: did not receive HSTS header
+compassionate-biology.com: could not connect to host
+compiledworks.com: could not connect to host
+completesportperformance.com: did not receive HSTS header
+completionist.audio: could not connect to host
+complt.xyz: could not connect to host
+complymd.com: did not receive HSTS header
+comprehensiveihc.com: could not connect to host
+compsmag.com: did not receive HSTS header
+compucorner.com.mx: could not connect to host
+computertal.de: could not connect to host
+comyuno.com: did not receive HSTS header
+concentrade.de: did not receive HSTS header
+conception.sk: could not connect to host
+concord-group.co.jp: did not receive HSTS header
+confirm365.com: could not connect to host
+conflux.tw: did not receive HSTS header
+conformal.com: could not connect to host
+confucio.cl: did not receive HSTS header
+congz.me: could not connect to host
+conjugacao.com.br: did not receive HSTS header
+connect.ua: could not connect to host
+connected-verhuurservice.nl: did not receive HSTS header
+connectfss.com: could not connect to host
+connectingconcepts.com: did not receive HSTS header
+conniesacademy.com: could not connect to host
+conrad.am: could not connect to host
+consciousandglamorous.com: could not connect to host
+consciousbrand.org.au: could not connect to host
+consciousbranding.org.au: could not connect to host
+consciousbrands.net.au: could not connect to host
+console.python.org: did not receive HSTS header
+console.support: did not receive HSTS header
+construct-trust.com: could not connect to host
+consultcelerity.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+contactbig.com: did not receive HSTS header
+contactsingapore.sg: did not receive HSTS header
+contaimo.com: did not receive HSTS header
+container-lion.com: did not receive HSTS header
+containerstatistics.com: could not connect to host
+contarkos.xyz: could not connect to host
+content-design.de: did not receive HSTS header
+continuumgaming.com: could not connect to host
+controlcenter.gigahost.dk: did not receive HSTS header
+controleer-maar-een-ander.nl: did not receive HSTS header
+convert.zone: did not receive HSTS header
+cooink.net: could not connect to host
+coolaj86.com: did not receive HSTS header
+coolbutbroken.com: did not receive HSTS header
+coolchevy.org.ua: did not receive HSTS header
+coole-meister.de: could not connect to host
+coolrc.me: could not connect to host
+coolvox.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+cooxa.com: did not receive HSTS header
+copshop.com.br: could not connect to host
+cor-ser.es: could not connect to host
+coralproject.net: did not receive HSTS header
+coralrosado.com.br: did not receive HSTS header
+coramcdaniel.com: did not receive HSTS header
+corderoscleaning.com: did not receive HSTS header
+cordial-restaurant.com: did not receive HSTS header
+core.mx: could not connect to host
+core4system.de: could not connect to host
+corecdn.org: could not connect to host
+corenetworking.de: could not connect to host
+corex.io: did not receive HSTS header
+corgicloud.com: could not connect to host
+corinnanese.de: could not connect to host
+corkyoga.site: could not connect to host
+cormactagging.ie: could not connect to host
+cormilu.com.br: did not receive HSTS header
+cornishcamels.com: did not receive HSTS header
+coroasdefloresonline.com.br: could not connect to host
+corozanu.ro: did not receive HSTS header
+corpoatletico.com.br: could not connect to host
+corporateencryption.com: could not connect to host
+corporatesubscriptions.com.au: did not receive HSTS header
+correct.horse: could not connect to host
+correctpaardbatterijnietje.nl: did not receive HSTS header
+corruption-mc.net: could not connect to host
+corruption-rsps.net: could not connect to host
+corruption-server.net: could not connect to host
+cosmeticosdelivery.com.br: could not connect to host
+cosplayer.com: could not connect to host
+costow.club: could not connect to host
+coughlan.de: did not receive HSTS header
+count.sh: could not connect to host
+couponcodeq.com: could not connect to host
+couragewhispers.ca: could not connect to host
+coursdeprogrammation.com: could not connect to host
+coursella.com: did not receive HSTS header
+covenantbank.net: could not connect to host
+coverdat.com: did not receive HSTS header
+coverduck.ru: could not connect to host
+cpaneltips.com: could not connect to host
+cpuvinf.eu.org: could not connect to host
+cracking.org: did not receive HSTS header
+crackingking.com: did not receive HSTS header
+crackpfer.de: could not connect to host
+crackslut.eu: could not connect to host
+craftbeerbarn.co.uk: could not connect to host
+craftedge.xyz: could not connect to host
+craftmain.eu: could not connect to host
+cranems.com.ua: did not receive HSTS header
+cranioschule.com: did not receive HSTS header
+crate.io: did not receive HSTS header
+cravelyrics.com: could not connect to host
+crazifyngers.com: could not connect to host
+crazy-crawler.de: did not receive HSTS header
+crazycen.com: did not receive HSTS header
+crazycraftland.de: could not connect to host
+crazycraftland.net: did not receive HSTS header
+crazyhotseeds.com: did not receive HSTS header
+crazyker.com: did not receive HSTS header
+crbug.com: did not receive HSTS header (error ignored - included regardless)
+creaescola.com: did not receive HSTS header
+create-test-publish.co.uk: could not connect to host
+creative-wave.fr: could not connect to host
+creativeapple.ltd: did not receive HSTS header
+creativeartifice.com: did not receive HSTS header
+creativecommonscatpictures.com: could not connect to host
+creativephysics.ml: could not connect to host
+creativeplayuk.com: did not receive HSTS header
+crecket.me: could not connect to host
+creditclear.com.au: did not receive HSTS header
+crendontech.com: could not connect to host
+crestoncottage.com: could not connect to host
+crimewatch.net.za: could not connect to host
+crisissurvivalspecialists.com: could not connect to host
+cristiandeluxe.com: did not receive HSTS header
+cristianhares.com: could not connect to host
+criticalaim.com: could not connect to host
+crizk.com: could not connect to host
+crmdemo.website: did not receive HSTS header
+crockett.io: did not receive HSTS header
+croco.vision: did not receive HSTS header
+croome.no-ip.org: could not connect to host
+crosbug.com: did not receive HSTS header (error ignored - included regardless)
+crosssec.com: did not receive HSTS header
+crowd.supply: did not receive HSTS header
+crowdcloud.be: could not connect to host
+crowdcurity.com: did not receive HSTS header
+crowdjuris.com: could not connect to host
+crownruler.com: did not receive HSTS header
+crows.io: max-age too low: 60
+crox.co: could not connect to host
+crrev.com: did not receive HSTS header (error ignored - included regardless)
+crtvmgmt.com: could not connect to host
+crudysql.com: could not connect to host
+crufad.org: did not receive HSTS header
+cruikshank.com.au: could not connect to host
+cruzr.xyz: could not connect to host
+crypt.guru: did not receive HSTS header
+crypticshell.co.uk: could not connect to host
+cryptify.eu: could not connect to host
+cryptobin.org: could not connect to host
+cryptodash.net: could not connect to host
+cryptojar.io: did not receive HSTS header
+cryptolab.pro: could not connect to host
+cryptolab.tk: could not connect to host
+cryptopartyatx.org: could not connect to host
+cryptopartynewcastle.org: could not connect to host
+cryptopush.com: did not receive HSTS header
+crysadm.com: could not connect to host
+crystalclassics.co.uk: did not receive HSTS header
+crystalmate.eu: did not receive HSTS header
+cs-ubladego.pl: could not connect to host
+csapak.com: did not receive HSTS header
+csawctf.poly.edu: could not connect to host
+cselzer.com: could not connect to host
+csfs.org.uk: could not connect to host
+csgf.ru: did not receive HSTS header
+csgo77.com: could not connect to host
+csgodicegame.com: did not receive HSTS header
+csgoelemental.com: did not receive HSTS header
+csgokings.eu: could not connect to host
+csgoshifter.com: could not connect to host
+csinfo.us: could not connect to host
+csohack.tk: could not connect to host
+cspbuilder.info: could not connect to host
+cspeti.hu: could not connect to host
+cssps.org: could not connect to host
+cssu.in: did not receive HSTS header
+csuw.net: could not connect to host
+csvalpha.nl: did not receive HSTS header
+csvape.com: did not receive HSTS header
+ct-status.org: could not connect to host
+ct-watches.dk: did not receive HSTS header
+cthulhuden.com: could not connect to host
+ctj.im: could not connect to host
+ctrl.blog: did not receive HSTS header
+cu247secure.ie: did not receive HSTS header
+cuanhua3s.com: did not receive HSTS header
+cubecart-demo.co.uk: did not receive HSTS header
+cubecart-hosting.co.uk: did not receive HSTS header
+cubecart.net: did not receive HSTS header
+cubeserver.eu: could not connect to host
+cubewano.com: could not connect to host
+cucc.date: did not receive HSTS header
+cuecamania.com.br: did not receive HSTS header
+cujanovic.com: did not receive HSTS header
+cujba.com: could not connect to host
+culinae.nl: could not connect to host
+cumshots-video.ru: could not connect to host
+cunha.be: could not connect to host
+cuntflaps.me: could not connect to host
+cuongquach.com: did not receive HSTS header
+cuonic.com: could not connect to host
+curacao-license.com: could not connect to host
+curlyroots.com: did not receive HSTS header
+currentobserver.com: could not connect to host
+curroapp.com: could not connect to host
+curveweb.co.uk: did not receive HSTS header
+cusfit.com: did not receive HSTS header
+custe.rs: could not connect to host
+customadesign.com: did not receive HSTS header
+customfilmworks.com: could not connect to host
+cutorrent.com: could not connect to host
+cuvva.insure: did not receive HSTS header
+cvjm-memmingen.de: did not receive HSTS header
+cvtparking.co.uk: did not receive HSTS header
+cwage.com: could not connect to host
+cyanogenmod.xxx: could not connect to host
+cyber-computer.club: could not connect to host
+cybercecurity.com: did not receive HSTS header
+cyberfrancais.ro: did not receive HSTS header
+cyberlab.kiev.ua: did not receive HSTS header
+cyberlab.team: did not receive HSTS header
+cyberpeace.nl: could not connect to host
+cyberpunk.ca: could not connect to host
+cybersafesolutions.com: did not receive HSTS header
+cybershambles.com: could not connect to host
+cybersmart.co.uk: did not receive HSTS header
+cyberstatus.de: could not connect to host
+cycleluxembourg.lu: did not receive HSTS header
+cyclingjunkies.com: could not connect to host
+cydia-search.io: could not connect to host
+cymtech.net: did not receive HSTS header
+cynoshair.com: could not connect to host
+cyoda.com: did not receive HSTS header
+cypherpunk.ws: could not connect to host
+cyphertite.com: could not connect to host
+cytadel.fr: did not receive HSTS header
+cyyzaid.cn: could not connect to host
+czlx.co: could not connect to host
+d-rickroll-e.pw: could not connect to host
+d1ves.io: did not receive HSTS header
+d4rkdeagle.tk: could not connect to host
+d8studio.net: could not connect to host
+dabbot.org: did not receive HSTS header
+dad256.tk: could not connect to host
+dadtheimpaler.com: could not connect to host
+dah5.com: did not receive HSTS header
+dahl-pind.dk: did not receive HSTS header
+dai-rin.co.jp: could not connect to host
+dailybits.be: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dailystormerpodcasts.com: could not connect to host
+daimadi.com: could not connect to host
+daisuki.pw: did not receive HSTS header
+dakerealestate.com: did not receive HSTS header
+dakl-shop.de: did not receive HSTS header
+dakrib.net: could not connect to host
+daku.gdn: could not connect to host
+dalingk.co: could not connect to host
+daltonedwards.me: could not connect to host
+dam74.com.ar: could not connect to host
+damianuv-blog.cz: did not receive HSTS header
+danbarrett.com.au: did not receive HSTS header
+dancerdates.net: could not connect to host
+dane-bre.net: did not receive HSTS header
+daniel-mosquera.com: could not connect to host
+daniel-stahl.net: could not connect to host
+daniel-steuer.de: could not connect to host
+danielcowie.me: could not connect to host
+danieldk.eu: did not receive HSTS header
+danielheal.net: could not connect to host
+danieliancu.com: could not connect to host
+danielthompson.info: could not connect to host
+danielworthy.com: did not receive HSTS header
+danijobs.com: could not connect to host
+danishenanigans.com: could not connect to host
+dankeblog.com: could not connect to host
+danmark.guide: could not connect to host
+dannycrichton.com: did not receive HSTS header
+danpiel.net: could not connect to host
+danrl.de: could not connect to host
+danwillenberg.com: did not receive HSTS header
+daolerp.xyz: could not connect to host
+dargasia.is: could not connect to host
+dario.im: could not connect to host
+dariosirangelo.me: did not receive HSTS header
+dark-x.cf: could not connect to host
+darkag.ovh: could not connect to host
+darkanzali.pl: max-age too low: 0
+darkfriday.ddns.net: could not connect to host
+darkhole.cn: did not receive HSTS header
+darkkeepers.dk: max-age too low: 172800
+darknebula.space: could not connect to host
+darkpony.ru: could not connect to host
+darksideof.it: could not connect to host
+darkstance.org: could not connect to host
+darktree.in: could not connect to host
+darlo.co.uk: could not connect to host
+darrenellis.xyz: did not receive HSTS header
+dash-board.jp: did not receive HSTS header
+dash.rocks: did not receive HSTS header
+dashburst.com: did not receive HSTS header
+dashnimorad.com: did not receive HSTS header
+data-abundance.com: could not connect to host
+data-detox.com: could not connect to host
+data.haus: could not connect to host
+data.qld.gov.au: did not receive HSTS header
+datacool.tk: could not connect to host
+datarank.com: max-age too low: 0
+dataretention.solutions: could not connect to host
+datascience.cafe: did not receive HSTS header
+datasnitch.co.uk: could not connect to host
+datatekniikka.com: could not connect to host
+datedeposit.com: could not connect to host
+datengrab.ws: could not connect to host
+datenkeks.de: did not receive HSTS header
+datenreiter.cf: did not receive HSTS header
+datenreiter.gq: did not receive HSTS header
+datenreiter.ml: did not receive HSTS header
+datenreiter.tk: did not receive HSTS header
+datorb.com: could not connect to host
+datortipsen.se: did not receive HSTS header
+davidandkailey.com: could not connect to host
+davidglidden.eu: did not receive HSTS header
+davidgrudl.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+davidhunter.scot: did not receive HSTS header
+davidnoren.com: did not receive HSTS header
+davidreinhardt.de: could not connect to host
+davidscherzer.at: could not connect to host
+davros.eu: could not connect to host
+davros.ru: could not connect to host
+dawnson.is: could not connect to host
+dawnsonb.com: could not connect to host
+day.vip: did not receive HSTS header
+daylightcompany.com: did not receive HSTS header
+days.one: could not connect to host
+daytonaseaside.com: did not receive HSTS header
+db.gy: could not connect to host
+dbcom.ru: could not connect to host
+dbox.ga: could not connect to host
+dbx.ovh: could not connect to host
+dcaracing.nl: could not connect to host
+dcc.moe: could not connect to host
+dccode.gov: could not connect to host
+dccoffeeproducts.com: did not receive HSTS header
+dccraft.net: could not connect to host
+dcl.re: did not receive HSTS header
+dcpower.eu: max-age too low: 600
+dctxf.com: did not receive HSTS header
+dcuofriends.net: could not connect to host
+dcurt.is: did not receive HSTS header
+dcw.io: did not receive HSTS header
+ddatsh.com: could not connect to host
+dden.website: could not connect to host
+dden.xyz: could not connect to host
+ddepot.us: did not receive HSTS header
+de-gucci.com: could not connect to host
+de-servers.de: could not connect to host
+deadsoul.net: max-age too low: 0
+debank.tv: did not receive HSTS header
+debatch.se: could not connect to host
+debian-vhost.de: could not connect to host
+debiton.dk: could not connect to host
+debtkit.co.uk: did not receive HSTS header
+debtprotectionreporting.com: did not receive HSTS header
+decafu.co: could not connect to host
+decesus.com: could not connect to host
+decibelios.li: could not connect to host
+decloverly.com: did not receive HSTS header
+deco.me: could not connect to host
+decoboutique.com: did not receive HSTS header
+decofire.pl: did not receive HSTS header
+deconsolutions.com: did not receive HSTS header
+decorland.com.ua: did not receive HSTS header
+decoyrouting.com: could not connect to host
+dedeo.tk: did not receive HSTS header
+dedicatutiempo.es: could not connect to host
+dedietrich-asia.com: could not connect to host
+deepcovelabs.net: could not connect to host
+deepcreampie.com: could not connect to host
+deepearth.uk: could not connect to host
+deeprecce.com: did not receive HSTS header
+deeprecce.link: could not connect to host
+deeprecce.tech: could not connect to host
+deepspace.dedyn.io: could not connect to host
+deepvision.com.ua: did not receive HSTS header
+deetz.nl: did not receive HSTS header
+deetzen.de: did not receive HSTS header
+defiler.tk: could not connect to host
+deflumeri.com: did not receive HSTS header
+degroetenvanrosaline.nl: did not receive HSTS header
+deight.co: could not connect to host
+deinserverhost.de: did not receive HSTS header
+dekasan.ru: could not connect to host
+delayrefunds.co.uk: could not connect to host
+deliverance.co.uk: could not connect to host
+deloittequant.com: could not connect to host
+deltaconcepts.de: did not receive HSTS header
+delvj.org: could not connect to host
+demdis.org: could not connect to host
+demilitarized.ninja: could not connect to host
+demo-server.us: could not connect to host
+demomanca.com: did not receive HSTS header
+demotops.com: could not connect to host
+dempsters.ca: max-age too low: 86400
+denh.am: could not connect to host
+denisjean.fr: could not connect to host
+dentaldomain.org: did not receive HSTS header
+dentaldomain.ph: could not connect to host
+denvercybersecurity.com: did not receive HSTS header
+denverprophit.us: did not receive HSTS header
+deped.blog: could not connect to host
+depedtayo.com: did not receive HSTS header
+depijl-mz.nl: did not receive HSTS header
+depixion.agency: could not connect to host
+depo.space: could not connect to host
+dequehablamos.es: could not connect to host
+derbyshiredotnet.co.uk: did not receive HSTS header
+derchris.me: could not connect to host
+derevtsov.com: did not receive HSTS header
+derivativeshub.pro: could not connect to host
+dermacarecomplex.com: could not connect to host
+derpumpkinfuhrer.com: could not connect to host
+derrickemery.com: could not connect to host
+derwaldschrat.net: did not receive HSTS header
+derwolfe.net: did not receive HSTS header
+desiccantpackets.com: did not receive HSTS header
+designandmore.it: did not receive HSTS header
+designgears.com: did not receive HSTS header
+designthinking.or.jp: did not receive HSTS header
+despora.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+desserteagleselvenar.tk: could not connect to host
+destinationbijoux.fr: could not connect to host
+destom.be: could not connect to host
+detecte-fuite.ch: could not connect to host
+detecte.ch: could not connect to host
+detectefuite.ch: could not connect to host
+detector.exposed: could not connect to host
+detest.org: could not connect to host
+detteflies.com: max-age too low: 7889238
+detutorial.com: max-age too low: 36000
+deuxvia.com: could not connect to host
+dev: could not connect to host
+dev-aegon.azurewebsites.net: did not receive HSTS header
+dev-bluep.pantheonsite.io: did not receive HSTS header
+dev-talk.eu: could not connect to host
+devcu.net: could not connect to host
+develop.fitness: could not connect to host
+developersclub.website: could not connect to host
+developyourelement.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+deviltraxxx.de: could not connect to host
+devincrow.me: could not connect to host
+devisonline.ch: could not connect to host
+devistravaux.org: did not receive HSTS header
+devkid.net: could not connect to host
+devmsg.com: did not receive HSTS header
+devnsec.com: could not connect to host
+devnull.team: could not connect to host
+devopps.me: did not receive HSTS header
+devops.moe: could not connect to host
+devopsconnected.com: could not connect to host
+devtub.com: did not receive HSTS header
+devuan.org: did not receive HSTS header
+dewebwerf.nl: did not receive HSTS header
+dewin.io: could not connect to host
+dfnet.ml: did not receive HSTS header
+dfrance.com.br: could not connect to host
+dfviana.com.br: max-age too low: 2592000
+dhaynes.xyz: max-age too low: 2592000
+dhl-smart.ch: could not connect to host
+dhpcs.com: did not receive HSTS header
+dhpiggott.net: did not receive HSTS header
+dhub.xyz: could not connect to host
+dhuy.net: could not connect to host
+diablotine.rocks: could not connect to host
+diagnosia.com: did not receive HSTS header
+diagonale-deco.fr: did not receive HSTS header
+diamondcare.com.br: could not connect to host
+dianlujitao.com: did not receive HSTS header
+diannaobos.com: did not receive HSTS header
+diasp.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dicando.com: could not connect to host
+diceduels.com: could not connect to host
+dicelab.co.uk: could not connect to host
+dicgaming.net: could not connect to host
+dicionariofinanceiro.com: did not receive HSTS header
+dicionariopopular.com: did not receive HSTS header
+dick.red: could not connect to host
+didierlaumen.be: could not connect to host
+dieb.photo: could not connect to host
+diejanssens.net: did not receive HSTS header
+diemogebhardt.com: could not connect to host
+dierenkruiden.nl: could not connect to host
+dieser.me: could not connect to host
+diewebstube.de: could not connect to host
+diezel.com: could not connect to host
+diferenca.com: did not receive HSTS header
+diggable.co: did not receive HSTS header
+digihyp.ch: could not connect to host
+digioccumss.ddns.net: could not connect to host
+digired.xyz: could not connect to host
+digitalbank.kz: could not connect to host
+digitaldaddy.net: could not connect to host
+digitalero.rip: did not receive HSTS header
+digitalhurricane.io: could not connect to host
+digitaljungle.net: could not connect to host
+digitallocker.com: did not receive HSTS header
+digitalnonplus.com: could not connect to host
+digitalquery.com: did not receive HSTS header
+digitalriver.tk: did not receive HSTS header
+digitalskillswap.com: could not connect to host
+diguass.us: could not connect to host
+dijks.com: could not connect to host
+dikshant.net: did not receive HSTS header
+diletec.com.br: did not receive HSTS header
+dim.lighting: could not connect to host
+dimitrisotiropoulosbooks.com: max-age too low: 7889238
+dimonb.com: could not connect to host
+din-tools.com: did not receive HSTS header
+dinamoelektrik.com: could not connect to host
+dingcc.me: could not connect to host
+dingcc.org: could not connect to host
+dingcc.xyz: could not connect to host
+dinkum.online: could not connect to host
+dipconsultants.com: could not connect to host
+directhskincream.com: could not connect to host
+directorinegocis.cat: could not connect to host
+direnv.net: did not receive HSTS header
+dirk-weise.de: did not receive HSTS header
+dirtycat.ru: could not connect to host
+disability.gov: could not connect to host
+disadattamentolavorativo.it: could not connect to host
+disclosure.io: did not receive HSTS header
+disco-crazy-world.de: could not connect to host
+discovery.lookout.com: did not receive HSTS header
+discoveryballoon.org: could not connect to host
+discoveryottawa.ca: could not connect to host
+dise-online.de: did not receive HSTS header
+disking.co.uk: did not receive HSTS header
+dislocated.de: did not receive HSTS header
+disorderboutique.com: did not receive HSTS header
+disruptivelabs.net: could not connect to host
+disruptivelabs.org: could not connect to host
+dissimulo.me: could not connect to host
+distinctivephotography.com.au: could not connect to host
+distractionco.de: did not receive HSTS header
+ditch.ch: could not connect to host
+ditrutoancau.vn: could not connect to host
+dittvertshus.no: could not connect to host
+diva-ey.com: could not connect to host
+divvymonkey.com: did not receive HSTS header
+divvyradio.com: did not receive HSTS header
+dixiediner.com: did not receive HSTS header
+dixmag.com: could not connect to host
+diyvideoeditor.com: did not receive HSTS header
+dizihocasi.com: could not connect to host
+dizorg.net: could not connect to host
+dj4et.de: could not connect to host
+djieno.com: did not receive HSTS header
+djxmmx.net: did not receive HSTS header
+djz4music.com: did not receive HSTS header
+dkniss.de: could not connect to host
+dl.google.com: did not receive HSTS header (error ignored - included regardless)
+dlc.viasinc.com: could not connect to host
+dlemper.de: did not receive HSTS header
+dlitz.net: could not connect to host
+dlouwrink.nl: could not connect to host
+dlyl888.com: could not connect to host
+dmcibulldog.com: did not receive HSTS header
+dmix.ca: could not connect to host
+dmtry.me: did not receive HSTS header
+dmwall.cn: could not connect to host
+dmz.ninja: could not connect to host
+dns.google.com: did not receive HSTS header (error ignored - included regardless)
+dnsbird.net: could not connect to host
+dnscrypt.org: could not connect to host
+dnsknowledge.com: did not receive HSTS header
+do-do.tk: could not connect to host
+doak.io: could not connect to host
+dobet.in: could not connect to host
+dobrisan.ro: could not connect to host
+docid.io: could not connect to host
+docket.news: could not connect to host
+doclot.io: did not receive HSTS header
+docset.io: could not connect to host
+docufiel.com: could not connect to host
+doculus.io: did not receive HSTS header
+docxtemplater.com: did not receive HSTS header
+doeswindowssuckforeveryoneorjustme.com: could not connect to host
+dogbox.se: could not connect to host
+dogcratereview.info: could not connect to host
+dogespeed.ga: could not connect to host
+dogfi.sh: did not receive HSTS header
+doggieholic.net: could not connect to host
+dognlife.com: could not connect to host
+dogoodbehappyllc.com: did not receive HSTS header
+dohosting.ru: could not connect to host
+dojifish.space: could not connect to host
+dojin.nagoya: did not receive HSTS header
+dokan.online: did not receive HSTS header
+doked.io: could not connect to host
+dolevik.com: could not connect to host
+dollarstore24.com: could not connect to host
+dollywiki.co.uk: could not connect to host
+dolphin-cloud.com: could not connect to host
+dolphincorp.co.uk: did not receive HSTS header
+dolphinswithlasers.com: could not connect to host
+domaine-aigoual-cevennes.com: did not receive HSTS header
+domainelaremejeanne.com: did not receive HSTS header
+domaris.de: could not connect to host
+domengrad.ru: could not connect to host
+domenicocatelli.com: did not receive HSTS header
+domfee.com: could not connect to host
+dominikanskarepubliken.guide: could not connect to host
+dominioanimal.com: could not connect to host
+dominique-mueller.de: did not receive HSTS header
+don.yokohama: could not connect to host
+donmez.uk: could not connect to host
+donmez.ws: could not connect to host
+donttrustrobots.nl: could not connect to host
+donzelot.co.uk: did not receive HSTS header
+doobydude.us: could not connect to host
+doodledraw.ninja: did not receive HSTS header
+dooku.cz: could not connect to host
+doomleika.com: could not connect to host
+doooonoooob.com: could not connect to host
+doop.im: could not connect to host
+doopdidoop.com: could not connect to host
+dopost.it: could not connect to host
+doridian.com: could not connect to host
+doridian.de: could not connect to host
+doridian.net: did not receive HSTS header
+doridian.org: could not connect to host
+doriginal.es: did not receive HSTS header
+dorkfarm.com: did not receive HSTS header
+dosenbierrepublik.com: did not receive HSTS header
+dostavkakurierom.ru: could not connect to host
+dot42.no: could not connect to host
+dotadata.me: could not connect to host
+dotspaperie.com: could not connect to host
+doublethink.online: could not connect to host
+doubleyummy.uk: did not receive HSTS header
+doujin.nagoya: did not receive HSTS header
+dovecotadmin.org: could not connect to host
+doveholesband.co.uk: did not receive HSTS header
+dovetailnow.com: could not connect to host
+download.jitsi.org: did not receive HSTS header
+downsouthweddings.com.au: could not connect to host
+doxcelerate.com: max-age too low: 69
+doyoulyft.com: could not connect to host
+doze-cloud.tech: could not connect to host
+dpsg-roden.de: could not connect to host
+dr-becarelli-philippe.chirurgiens-dentistes.fr: did not receive HSTS header
+dr2dr.ca: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+drach.xyz: did not receive HSTS header
+dragonisles.net: could not connect to host
+dragons-of-highlands.cz: did not receive HSTS header
+dragonsmoke.cloud: could not connect to host
+dragonstower.net: could not connect to host
+dragonteam.ninja: could not connect to host
+drainagebuizen.nl: did not receive HSTS header
+drakefortreasurer.sexy: could not connect to host
+drakenson.de: did not receive HSTS header
+dralexjimenez.com: did not receive HSTS header
+drastosasports.com.br: could not connect to host
+drawvesly.ovh: did not receive HSTS header
+drdevil.ru: could not connect to host
+dreadbyte.com: could not connect to host
+dreamcatcherblog.de: could not connect to host
+dreaming.solutions: could not connect to host
+dreamlighteyeserum.com: could not connect to host
+dreamsforabetterworld.com.au: did not receive HSTS header
+dredgepress.com: did not receive HSTS header
+drewgle.net: could not connect to host
+drhopeson.com: could not connect to host
+driesjtuver.nl: could not connect to host
+drinknaturespower.com: could not connect to host
+drinkvabeer.com: could not connect to host
+drishti.guru: could not connect to host
+drivercopilot.com: could not connect to host
+driving-lessons.co.uk: could not connect to host
+drivinghorror.com: could not connect to host
+drixn.cn: could not connect to host
+drixn.info: could not connect to host
+drixn.net: could not connect to host
+drizz.com.br: could not connect to host
+drogoz.moe: could not connect to host
+droidboss.com: did not receive HSTS header
+droncentrum.pl: could not connect to host
+dronexpertos.com: could not connect to host
+droomhuis-in-brielle-kopen.nl: could not connect to host
+droomhuis-in-de-friese-meren-kopen.nl: could not connect to host
+droomhuis-in-delfzijl-kopen.nl: could not connect to host
+droomhuis-in-friesland-kopen.nl: could not connect to host
+droomhuis-in-laren-kopen.nl: could not connect to host
+droomhuis-in-pekela-kopen.nl: could not connect to host
+droomhuis-in-rijnwaarden-kopen.nl: could not connect to host
+droomhuis-in-sudwest-fryslan-kopen.nl: could not connect to host
+droomhuis-in-veendam-kopen.nl: could not connect to host
+droomhuis-in-zeeland-kopen.nl: could not connect to host
+droomhuis-in-zuid-holland-kopen.nl: could not connect to host
+droomhuisindestadverkopen.nl: could not connect to host
+droomhuisophetplattelandverkopen.nl: could not connect to host
+dropcam.com: did not receive HSTS header
+drostschocolates.com: did not receive HSTS header
+drtroyhendrickson.com: could not connect to host
+drtti.io: could not connect to host
+drumbandesperanto.nl: did not receive HSTS header
+drunkscifi.com: could not connect to host
+drupal123.com: could not connect to host
+dryan.com: did not receive HSTS header
+drycreekapiary.com: could not connect to host
+ds-christiansen.de: could not connect to host
+dshiv.io: could not connect to host
+dtub.co: could not connect to host
+dubik.su: did not receive HSTS header
+dubrovskiy.net: could not connect to host
+dubrovskiy.pro: could not connect to host
+duch.cloud: could not connect to host
+ducohosting.com: max-age too low: 2592000
+dudesunderwear.com.br: could not connect to host
+duelsow.eu: could not connect to host
+duelysthub.com: could not connect to host
+duerls.de: did not receive HSTS header
+dukec.me: did not receive HSTS header
+duks.com.br: could not connect to host
+dullsir.com: could not connect to host
+dune.io: did not receive HSTS header
+dunea.nl: did not receive HSTS header
+dungi.org: could not connect to host
+duo.money: could not connect to host
+duole30.com: did not receive HSTS header
+duongpho.com: did not receive HSTS header
+durangoenergyllc.com: could not connect to host
+duskopy.top: could not connect to host
+dutchessuganda.com: did not receive HSTS header
+dutchrank.com: did not receive HSTS header
+dutchwanderers.nl: could not connect to host
+duuu.ch: could not connect to host
+dwhd.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+dwnld.me: could not connect to host
+dycem-ns.com: did not receive HSTS header
+dycoa.com: could not connect to host
+dycontrol.de: could not connect to host
+dylanscott.com.au: did not receive HSTS header
+dymersion.com: did not receive HSTS header
+dynamic-innovations.net: could not connect to host
+dynamize.solutions: did not receive HSTS header
+dzimejl.sk: did not receive HSTS header
+dzlibs.io: could not connect to host
+dznn.nl: could not connect to host
+e-aut.net: could not connect to host
+e-biografias.net: did not receive HSTS header
+e-deca2.org: did not receive HSTS header
+e-isfa.eu: did not receive HSTS header
+e-mak.eu: could not connect to host
+e-newshub.com: could not connect to host
+e-pokupki.eu: did not receive HSTS header
+e-rickroll-r.pw: could not connect to host
+e-sa.com: did not receive HSTS header
+e-verify.gov: did not receive HSTS header
+e-wishlist.net: could not connect to host
+e30gruppe.com: did not receive HSTS header
+e3amn2l.com: could not connect to host
+eagle-aluminum.com: did not receive HSTS header
+eam-gmbh.com: did not receive HSTS header
+earga.sm: could not connect to host
+earlybirdsnacks.com: could not connect to host
+earthrise16.com: could not connect to host
+earthsystemprediction.gov: did not receive HSTS header
+easez.net: did not receive HSTS header
+easthokkaido-5airport.jp: did not receive HSTS header
+easychiller.org: could not connect to host
+easykonto.de: could not connect to host
+easyplane.it: did not receive HSTS header
+eatfitoutlet.com.br: could not connect to host
+eatry.io: could not connect to host
+eatvisor.co.uk: could not connect to host
+eauclairecommerce.com: could not connect to host
+eaucube.com: did not receive HSTS header
+ebankcbt.com: could not connect to host
+ebcs-solutions.com: did not receive HSTS header
+ebecs.com: did not receive HSTS header
+ebertek.com: did not receive HSTS header
+ebiografia.com: did not receive HSTS header
+ebiografias.com.br: could not connect to host
+ebolsa.com.br: did not receive HSTS header
+ebolsas.com.br: did not receive HSTS header
+ebonyriddle.com: could not connect to host
+ebooksgratuits.org: did not receive HSTS header
+ebp2p.com: did not receive HSTS header
+ebpglobal.com: did not receive HSTS header
+ebraph.com: could not connect to host
+ecake.in: could not connect to host
+ecc-kaufbeuren.de: could not connect to host
+ecdn.cz: could not connect to host
+ecfs.link: could not connect to host
+ecg.fr: could not connect to host
+echipstore.com: did not receive HSTS header
+eckro.com: did not receive HSTS header
+ecole-en-danger.fr: could not connect to host
+ecole-maternelle-saint-joseph.be: could not connect to host
+ecology-21.ru: did not receive HSTS header
+ecomlane.com: could not connect to host
+ecomparemo.com: did not receive HSTS header
+ecorus.eu: did not receive HSTS header
+ecrimex.net: did not receive HSTS header
+ectora.com: could not connect to host
+edanni.io: did not receive HSTS header
+edati.lv: could not connect to host
+edcphenix.tk: could not connect to host
+eddmixpanel.com: could not connect to host
+eddyn.net: did not receive HSTS header
+edelblack.ch: could not connect to host
+edelsteincosmetic.com: did not receive HSTS header
+eden-mobility.co.uk: did not receive HSTS header
+eden-noel.at: could not connect to host
+edenaya.com: did not receive HSTS header
+edgecustomersportal.com: could not connect to host
+edgereinvent.com: did not receive HSTS header
+ediscomp.sk: did not receive HSTS header
+edissecurity.sk: did not receive HSTS header
+edited.de: did not receive HSTS header
+edix.ru: could not connect to host
+edk.com.tr: did not receive HSTS header
+edmodo.com: did not receive HSTS header
+edpubs.gov: did not receive HSTS header
+edsh.de: did not receive HSTS header
+eduardnikolenko.ru: could not connect to host
+educatio.tech: could not connect to host
+educourse.ga: could not connect to host
+eduif.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+edusantorini.com: could not connect to host
+eduvance.in: did not receive HSTS header
+eeb98.com: could not connect to host
+eengezinswoning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+eengezinswoning-in-de-friese-meren-kopen.nl: could not connect to host
+eengezinswoning-in-friesland-kopen.nl: could not connect to host
+eengezinswoning-in-leeuwarden-kopen.nl: could not connect to host
+eengezinswoning-in-pekela-kopen.nl: could not connect to host
+eengezinswoning-in-rijnwaarden-kopen.nl: could not connect to host
+eengezinswoning-in-sudwest-fryslan-kopen.nl: could not connect to host
+eengezinswoning-in-zeeland-kopen.nl: could not connect to host
+eengezinswoning-in-zuid-holland-kopen.nl: could not connect to host
+eengezinswoning-in-zuidplas-kopen.nl: could not connect to host
+eengezinswoning-in-zwartewaterland-kopen.nl: could not connect to host
+eengezinswoningverkopen.nl: could not connect to host
+eenhoorn.ga: could not connect to host
+eesistumine2017.ee: could not connect to host
+efficienthealth.com: did not receive HSTS header
+effortlesshr.com: did not receive HSTS header
+eftcorp.biz: max-age too low: 0
+egge.com: max-age too low: 0
+egit.co: could not connect to host
+ego-world.org: could not connect to host
+ehealthcounselor.com: could not connect to host
+ehipaadev.com: could not connect to host
+ehito.ovh: could not connect to host
+ehrenamt-skpfcw.de: could not connect to host
+ehuber.info: could not connect to host
+eicfood.com: could not connect to host
+eidolonhost.com: did not receive HSTS header
+eifelindex.de: did not receive HSTS header
+eigo.work: could not connect to host
+einhorn.space: could not connect to host
+einsatzstiefel.info: could not connect to host
+ekbanden.nl: could not connect to host
+ekobudisantoso.net: could not connect to host
+eksik.com: did not receive HSTS header
+el-soul.com: did not receive HSTS header
+elaintehtaat.fi: could not connect to host
+elan-organics.com: did not receive HSTS header
+elanguest.pl: could not connect to host
+elanguest.ro: could not connect to host
+elanguest.ru: could not connect to host
+elastic7.uk: could not connect to host
+elbetech.net: could not connect to host
+elblein.de: did not receive HSTS header
+electricant.com: did not receive HSTS header
+electricant.nl: did not receive HSTS header
+electricianforum.co.uk: did not receive HSTS header
+electricoperaduo.com: did not receive HSTS header
+electromc.com: could not connect to host
+electrostatics.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+eleicoes2016.com.br: did not receive HSTS header
+elektronring.com: could not connect to host
+element-43.com: did not receive HSTS header
+elemenx.com: could not connect to host
+elemprendedor.com.ve: could not connect to host
+elenag.ga: could not connect to host
+elenagherta.ga: could not connect to host
+elenoon.ir: did not receive HSTS header
+elenorsmadness.org: could not connect to host
+elgacien.de: could not connect to host
+elglobo.com.mx: max-age too low: 86400
+elia.cloud: could not connect to host
+elimdengelen.com: did not receive HSTS header
+eliolita.com: could not connect to host
+elite-porno.ru: could not connect to host
+elitecovering.fr: did not receive HSTS header
+elitefishtank.com: could not connect to host
+ellen-skye.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+elmar-kraamzorg.nl: did not receive HSTS header
+elnutricionista.es: could not connect to host
+elohna.ch: did not receive HSTS header
+elonbase.com: could not connect to host
+eloxt.com: did not receive HSTS header
+elpay.kz: did not receive HSTS header
+elpo.xyz: could not connect to host
+elsamakhin.com: could not connect to host
+elsemanario.com: did not receive HSTS header
+elsitar.com: could not connect to host
+elsword.moe: could not connect to host
+eltransportquevolem.org: could not connect to host
+email.lookout.com: could not connect to host
+email2rss.net: could not connect to host
+emanatepixels.com: could not connect to host
+emanga.su: did not receive HSTS header
+embellir-aroma.com: could not connect to host
+embellir-kyujin.com: could not connect to host
+embracethedarkness.co.uk: could not connect to host
+embroidered-stuff.com: could not connect to host
+emeldi-commerce.com: max-age too low: 0
+emesolutions.net: did not receive HSTS header
+emiele.com.br: could not connect to host
+emilyhorsman.com: did not receive HSTS header
+emilyjohnson.ga: could not connect to host
+eminovic.me: could not connect to host
+emjainteractive.com: did not receive HSTS header
+emjimadhu.com: could not connect to host
+emkei.cz: could not connect to host
+emmable.com: could not connect to host
+emnitech.com: could not connect to host
+empleosentorreon.mx: could not connect to host
+empleostampico.com: did not receive HSTS header
+employeestore.org: did not receive HSTS header
+employer.gov: could not connect to host
+empty-r.com: could not connect to host
+emptypath.com: did not receive HSTS header
+enaah.de: did not receive HSTS header
+enaia.fr: did not receive HSTS header
+encode.space: could not connect to host
+encode.uk.com: did not receive HSTS header
+encoder.pw: could not connect to host
+encontrebarato.com.br: did not receive HSTS header
+encrypted.google.com: did not receive HSTS header (error ignored - included regardless)
+encryptio.com: could not connect to host
+end.pp.ua: could not connect to host
+endlessdark.net: max-age too low: 600
+endlesshorizon.net: could not connect to host
+endlesstone.com: could not connect to host
+endohaus.ca: could not connect to host
+endohaus.com: could not connect to host
+endohaus.eu: could not connect to host
+endspamwith.us: could not connect to host
+enecoshop.nl: did not receive HSTS header
+enefan.jp: could not connect to host
+engelwerbung.com: did not receive HSTS header
+enginsight.com: did not receive HSTS header
+englishyamal.ru: did not receive HSTS header
+enigmacpt.com: did not receive HSTS header
+enigmail.net: did not receive HSTS header
+enjen.net: did not receive HSTS header
+enjoymayfield.com: max-age too low: 0
+enpalmademallorca.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+enteente.club: could not connect to host
+enteente.space: could not connect to host
+enteente.xyz: could not connect to host
+enterdev.co: did not receive HSTS header
+enterprisecarclub.co.uk: did not receive HSTS header
+entersynapse.com: did not receive HSTS header
+entourneebeetle.com: could not connect to host
+entrepreneur.or.id: did not receive HSTS header
+enum.eu.org: could not connect to host
+enumify.com: could not connect to host
+enviapresentes.com.br: could not connect to host
+envygeeks.com: could not connect to host
+envygeeks.io: could not connect to host
+eol34.com: could not connect to host
+eoldb.org: could not connect to host
+epanurse.com: could not connect to host
+ephry.com: could not connect to host
+epicmc.games: could not connect to host
+epoxate.com: could not connect to host
+eq8.net.au: could not connect to host
+eqib.nl: did not receive HSTS header
+eqim.me: could not connect to host
+equate.net.au: did not receive HSTS header
+equatetechnologies.com.au: did not receive HSTS header
+equilibre-yoga-jennifer-will.com: could not connect to host
+equitee.co: did not receive HSTS header
+equityflows.com: did not receive HSTS header
+er-music.com: could not connect to host
+erawanarifnugroho.com: did not receive HSTS header
+eressea.xyz: could not connect to host
+ergorium.com: max-age too low: 0
+ergorium.eu: max-age too low: 0
+ericbond.net: could not connect to host
+erichalv.com: could not connect to host
+ericorporation.com: did not receive HSTS header
+ericyl.com: could not connect to host
+eridanus.uk: could not connect to host
+eriel.com.br: could not connect to host
+erikwalther.eu: could not connect to host
+eriser.fr: did not receive HSTS header
+ernaehrungsberatung-rapperswil.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ernaehrungsberatung-zurich.ch: could not connect to host
+ernesto.at: could not connect to host
+eromixx.com: did not receive HSTS header
+erotalia.es: could not connect to host
+eroticen.com: did not receive HSTS header
+eroticforce.com: did not receive HSTS header
+erotische-aanbiedingen.nl: could not connect to host
+errolz.com: could not connect to host
+errors.zenpayroll.com: could not connect to host
+ersindemirtas.com: did not receive HSTS header
+erspro.net: could not connect to host
+eru.me: did not receive HSTS header
+erwinvanlonden.net: did not receive HSTS header
+erwinwensveen.nl: could not connect to host
+escalate.eu: could not connect to host
+escolaengenharia.com.br: did not receive HSTS header
+escotour.com: could not connect to host
+esec.rs: did not receive HSTS header
+esko.bar: could not connect to host
+esln.org: did not receive HSTS header
+esn-ypci.com: could not connect to host
+esocweb.com: could not connect to host
+esp8285.store: could not connect to host
+espace-gestion.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+espacemontmorency.com: did not receive HSTS header
+especificosba.com.mx: could not connect to host
+espo.com.ua: did not receive HSTS header
+espra.com: could not connect to host
+esquonic.com: could not connect to host
+essenzialeenxovais.com.br: could not connect to host
+essexghosthunters.co.uk: did not receive HSTS header
+estaciona.guru: could not connect to host
+estebanborges.com: did not receive HSTS header
+estilosapeca.com: could not connect to host
+estland.guide: could not connect to host
+et-buchholz.de: could not connect to host
+et180.com: could not connect to host
+etangs-magazine.com: could not connect to host
+etaoinwu.tk: could not connect to host
+etdonline.co.uk: could not connect to host
+eternitylove.us: could not connect to host
+eth9.net: could not connect to host
+etheria-software.tk: did not receive HSTS header
+etherpad.fr: did not receive HSTS header
+ethicalexploiting.com: did not receive HSTS header
+ethicall.org.uk: did not receive HSTS header
+ethil-faer.fr: could not connect to host
+ethiobaba.com: could not connect to host
+etk2000.com: did not receive HSTS header
+etmirror.top: could not connect to host
+etmirror.xyz: could not connect to host
+etoto.pl: did not receive HSTS header
+etproxy.tech: could not connect to host
+etrker.com: did not receive HSTS header
+ets2mp.de: did not receive HSTS header
+etsysecure.com: could not connect to host
+ettebiz.com: did not receive HSTS header
+etula.ga: could not connect to host
+etula.me: could not connect to host
+euanbaines.com: did not receive HSTS header
+eucl3d.com: did not receive HSTS header
+euclideanpostulates.xyz: could not connect to host
+eucollegetours.com: could not connect to host
+euexia.fr: could not connect to host
+eulerpi.io: could not connect to host
+eupho.me: could not connect to host
+euren.se: could not connect to host
+eurocamping.se: could not connect to host
+europeancupinline.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+euroshop24.net: could not connect to host
+eurospecautowerks.com: did not receive HSTS header
+eurostrategy.vn.ua: could not connect to host
+ev-zertifikate.de: could not connect to host
+evafojtova.cz: did not receive HSTS header
+evanhandgraaf.nl: did not receive HSTS header
+evankurniawan.com: could not connect to host
+evdenevenakliyatankara.pw: could not connect to host
+evecalm.com: did not receive HSTS header
+events12.com: did not receive HSTS header
+eventsafrica.net: did not receive HSTS header
+everpcpc.com: did not receive HSTS header
+everybooks.com: could not connect to host
+everydaytherich.com: max-age too low: 7776000
+everygayporn.xyz: did not receive HSTS header
+everylab.org: could not connect to host
+everything.place: did not receive HSTS header
+everytrycounts.gov: could not connect to host
+eveseat.net: could not connect to host
+eveshaiwu.com: could not connect to host
+evi.be: did not receive HSTS header
+evileden.com: could not connect to host
+evilnerd.de: did not receive HSTS header
+evilsay.com: could not connect to host
+evin.ml: could not connect to host
+evites.me: could not connect to host
+evoludis.net: did not receive HSTS header
+evomon.com: could not connect to host
+evossd.tk: could not connect to host
+evowl.com: could not connect to host
+ewallet-optimizer.com: did not receive HSTS header
+ewex.org: could not connect to host
+excelgum.ca: did not receive HSTS header
+exceptionalservices.us: could not connect to host
+exfiles.cz: did not receive HSTS header
+exgravitus.com: could not connect to host
+exno.co: could not connect to host
+exo.do: could not connect to host
+exousiakaidunamis.xyz: could not connect to host
+expertmile.com: did not receive HSTS header
+exploit-db.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+expo-designers.com: did not receive HSTS header
+expressfinance.co.za: did not receive HSTS header
+exteriorservices.io: could not connect to host
+extrathemeshowcase.net: could not connect to host
+extratorrentlive.xyz: could not connect to host
+extratorrents.tech: could not connect to host
+extreemhost.nl: did not receive HSTS header
+extremenetworking.net: could not connect to host
+exy.pw: could not connect to host
+eyasc.nl: could not connect to host
+eye-carat.com: did not receive HSTS header
+eyedarts.com: did not receive HSTS header
+eyeglassuniverse.com: did not receive HSTS header
+eyes-of-universe.eu: did not receive HSTS header
+eyesoccer-didikh.rhcloud.com: could not connect to host
+eyesonly.cc: did not receive HSTS header
+eytosh.net: could not connect to host
+ez.fi: could not connect to host
+ezimoeko.net: could not connect to host
+ezmod.org: could not connect to host
+ezrefurb.co.uk: did not receive HSTS header
+eztv.ch: did not receive HSTS header
+f-rickroll-g.pw: could not connect to host
+f-s-u.co.uk: could not connect to host
+f00.ca: did not receive HSTS header
+f2f.cash: could not connect to host
+f8842.com: could not connect to host
+faber.io: could not connect to host
+fabhub.io: could not connect to host
+fabian-kluge.de: could not connect to host
+fabianfischer.de: did not receive HSTS header
+fabled.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fabriko.fr: did not receive HSTS header
+facebook.ax: could not connect to host
+facilitrak.com: could not connect to host
+factorable.net: did not receive HSTS header
+factorygw.com: did not receive HSTS header
+factureenlinea.com: could not connect to host
+fadilus.com: did not receive HSTS header
+faesser.com: did not receive HSTS header
+fafatiger.com: could not connect to host
+fahmed.de: did not receive HSTS header
+faidanoi.it: did not receive HSTS header
+fail4free.de: did not receive HSTS header
+failproof.be: max-age too low: 604800
+faircom.co.za: did not receive HSTS header
+fairkey.dk: did not receive HSTS header
+fairlyoddtreasures.com: did not receive HSTS header
+faithwatch.org: could not connect to host
+faizan.xyz: did not receive HSTS header
+fakeletters.org: did not receive HSTS header
+faktura.pl: did not receive HSTS header
+falconfrag.com: could not connect to host
+falconwiz.com: did not receive HSTS header
+falkhusemann.de: did not receive HSTS header
+falkp.no: did not receive HSTS header
+falkus.net: could not connect to host
+fallenangeldrinks.eu: could not connect to host
+fallenangelspirits.uk: could not connect to host
+fallofthecitadel.com: did not receive HSTS header
+faluninfo.ba: did not receive HSTS header
+fam-weyer.de: did not receive HSTS header
+fame-agency.net: could not connect to host
+famep.gov: could not connect to host
+famer.me: could not connect to host
+fameuxhosting.co.uk: could not connect to host
+familie-sander.rocks: could not connect to host
+familie-sprink.de: could not connect to host
+familie-zimmermann.at: could not connect to host
+famio.cn: did not receive HSTS header
+fancy-bridge.com: could not connect to host
+fanflow.com: did not receive HSTS header
+fant.dk: did not receive HSTS header
+fantasticgardenersmelbourne.com.au: did not receive HSTS header
+fantasyfootballpundit.com: did not receive HSTS header
+fanyl.cn: could not connect to host
+farces.com: did not receive HSTS header
+faretravel.co.uk: could not connect to host
+farm24.co.uk: could not connect to host
+farmaciaformula.com.br: could not connect to host
+farwat.ru: did not receive HSTS header
+fashion.net: did not receive HSTS header
+fashioncare.cz: did not receive HSTS header
+fashionholic.my: did not receive HSTS header
+fashionoutfits24.com: did not receive HSTS header
+fasset.jp: could not connect to host
+fastaim.de: could not connect to host
+fastbackmbg.be: could not connect to host
+fastcomcorp.com: did not receive HSTS header
+fastcomcorp.net: did not receive HSTS header
+fastograph.com: could not connect to host
+fastopen.ml: could not connect to host
+fastworx.com: could not connect to host
+fatdoge.cn: did not receive HSTS header
+fatgeekflix.net: could not connect to host
+fatherhood.gov: did not receive HSTS header
+fatlossguide.xyz: could not connect to host
+fator25.com.br: could not connect to host
+fatwin.pw: could not connect to host
+fatzebra.com.au: max-age too low: 0
+faxreader.net: could not connect to host
+fayolle.info: did not receive HSTS header
+fbox.li: could not connect to host
+fcsic.gov: max-age too low: 2592000
+fdj.im: could not connect to host
+fdt.name: did not receive HSTS header
+feard.space: could not connect to host
+fed51.com: could not connect to host
+federalregister.gov: did not receive HSTS header
+fedn.it: could not connect to host
+fedo.moe: could not connect to host
+feedstringer.com: could not connect to host
+feedthebot.com: did not receive HSTS header
+feedthefuture.gov: did not receive HSTS header
+feezmodo.com: did not receive HSTS header
+fefore.com: did not receive HSTS header
+fegans.org.uk: did not receive HSTS header
+feirlane.org: could not connect to host
+feist.io: could not connect to host
+felisslovakia.sk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+feliwyn.fr: did not receive HSTS header
+felixrr.pro: could not connect to host
+femaledom.xyz: could not connect to host
+feminists.co: could not connect to host
+fengyadi.com: could not connect to host
+fenno.net: could not connect to host
+fensdorf.de: did not receive HSTS header
+fensterbau-mutscheller.de: did not receive HSTS header
+fenteo.com: could not connect to host
+feragon.net: did not receive HSTS header
+feras-alhajjaji.com: could not connect to host
+feriahuamantla.com: could not connect to host
+fermanacuratampaparts.com: could not connect to host
+fernangp.com: did not receive HSTS header
+fernseher-kauf.de: could not connect to host
+ferrolatino.com: could not connect to host
+feschiyan.com: did not receive HSTS header
+festember.com: did not receive HSTS header
+festrip.com: could not connect to host
+fetch.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fetclips.se: could not connect to host
+fettbrot.tk: did not receive HSTS header
+feuerwehr-heiligenberg.de: did not receive HSTS header
+fexmen.com: could not connect to host
+ff-getzersdorf.at: did not receive HSTS header
+ffb.gov: could not connect to host
+ficklenote.net: could not connect to host
+fics-twosigma.com: could not connect to host
+fideleslaici.com: did not receive HSTS header
+fiendishmasterplan.com: did not receive HSTS header
+fierman.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fierman.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fierman.us: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fifieldtech.com: could not connect to host
+fiftyshadesofluca.ml: could not connect to host
+fig.co: did not receive HSTS header
+fightr.co: could not connect to host
+figuurzagers.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+fiksel.info: did not receive HSTS header
+fikt.space: could not connect to host
+filebox.moe: could not connect to host
+fileio.io: could not connect to host
+filemeal.com: did not receive HSTS header
+filey.co.uk: did not receive HSTS header
+filmesubtitrate2017.online: could not connect to host
+filo.xyz: did not receive HSTS header
+filoitoupediou.gr: did not receive HSTS header
+finalgear.com: did not receive HSTS header
+finalvpn.com: could not connect to host
+financieringsportaal.nl: did not receive HSTS header
+finanzkontor.net: could not connect to host
+findigo.fish: could not connect to host
+findingmyname.com: did not receive HSTS header
+findmybottleshop.com.au: could not connect to host
+findtutorsnearme.com: did not receive HSTS header
+fingent.com: did not receive HSTS header
+finiteheap.com: did not receive HSTS header
+finpt.com: did not receive HSTS header
+finstererlebnis.de: could not connect to host
+finsterlebnis.de: did not receive HSTS header
+fintechnics.com: did not receive HSTS header
+fiodental.com.br: did not receive HSTS header
+firebaseio-demo.com: could not connect to host
+firebaseio.com: could not connect to host (error ignored - included regardless)
+firebird.io: could not connect to host
+firefall.rocks: could not connect to host
+fireinthedeep.com: could not connect to host
+firemail.io: could not connect to host
+firemudfm.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+firenza.org: did not receive HSTS header
+fireorbit.de: did not receive HSTS header
+firexarxa.de: could not connect to host
+firmament.space: could not connect to host
+firmenverzeichnis.nu: could not connect to host
+firstdogonthemoon.com.au: did not receive HSTS header
+firstforex.co.uk: did not receive HSTS header
+firstlook.org: did not receive HSTS header
+fit4medien.de: did not receive HSTS header
+fitbylo.com: did not receive HSTS header
+fitea.cz: did not receive HSTS header
+fitiapp.com: could not connect to host
+fitnesswerk.de: could not connect to host
+fitshop.com.br: could not connect to host
+fitsw.com: did not receive HSTS header
+five.vn: did not receive HSTS header
+fivestarsitters.com: did not receive HSTS header
+fivestepfunnels.com: could not connect to host
+fivezerocreative.com: did not receive HSTS header
+fix-the-timeline.com: could not connect to host
+fix-the-timeline.org: could not connect to host
+fixico-staging.nl: could not connect to host
+fixingdns.com: could not connect to host
+fixmyglitch.com: could not connect to host
+fixtectools.co.za: could not connect to host
+fixthetimeline.com: could not connect to host
+fixthetimeline.org: could not connect to host
+fjruiz.es: did not receive HSTS header
+fkcovering.be: could not connect to host
+fl0000.com: did not receive HSTS header
+fl010.com: did not receive HSTS header
+fl0111.com: did not receive HSTS header
+fl0222.com: did not receive HSTS header
+fl0333.com: did not receive HSTS header
+fl0555.com: did not receive HSTS header
+fl0666.com: did not receive HSTS header
+fl0777.com: did not receive HSTS header
+fl0888.com: did not receive HSTS header
+fl0999.com: did not receive HSTS header
+flags.ninja: could not connect to host
+flairbros.at: could not connect to host
+flajshans.cz: did not receive HSTS header
+flamewall.net: could not connect to host
+flamingkeys.com.au: could not connect to host
+flareon.net: could not connect to host
+flatbellyreview.com: max-age too low: 2592000
+flawcheck.com: could not connect to host
+flc111.com: did not receive HSTS header
+flc999.com: did not receive HSTS header
+fliexer.com: could not connect to host
+flipkey.com: did not receive HSTS header
+flirchi.com: could not connect to host
+flixtor.net: could not connect to host
+floless.co.uk: did not receive HSTS header
+floorball-haunwoehr.de: did not receive HSTS header
+florafiora.com.br: did not receive HSTS header
+florian-lillpopp.de: max-age too low: 10
+florianlillpopp.de: max-age too low: 10
+floridaescapes.co.uk: did not receive HSTS header
+flouartistique.ch: could not connect to host
+flow.pe: could not connect to host
+flow.su: could not connect to host
+flowersandclouds.com: could not connect to host
+floweslawncare.com: did not receive HSTS header
+flowlo.me: could not connect to host
+flugplatz-edvc.de: could not connect to host
+fluidojobs.com: could not connect to host
+flukethoughts.com: could not connect to host
+flurrybridge.com: did not receive HSTS header
+flushstudios.com: did not receive HSTS header
+fly.moe: could not connect to host
+flyaces.com: could not connect to host
+flygpost.com: could not connect to host
+flyingdoggy.net: could not connect to host
+fm83.nl: could not connect to host
+fm992.com: did not receive HSTS header
+fnvsecurity.com: could not connect to host
+fobc-usa.org: did not receive HSTS header
+focalforest.com: could not connect to host
+fojtova.cz: did not receive HSTS header
+fojtovi.cz: did not receive HSTS header
+fokan.ch: did not receive HSTS header
+folioapp.io: could not connect to host
+followback.net: did not receive HSTS header
+fonetiq.io: could not connect to host
+foo: could not connect to host
+food4health.guide: could not connect to host
+foodbuddy.ch: could not connect to host
+foodiebox.no: did not receive HSTS header
+foodies.my: did not receive HSTS header
+foodievenues.com: could not connect to host
+foodplantengineering.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+foodsafetyworkinggroup.gov: could not connect to host
+footballmapped.com: could not connect to host
+footlegende.fr: did not receive HSTS header
+forafifty.co.za: could not connect to host
+foraje-profesionale.ro: did not receive HSTS header
+forbook.net: could not connect to host
+forcamp.ga: could not connect to host
+fordbydesign.com: could not connect to host
+fordshop.by: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+foreignexchangeresource.com: did not receive HSTS header
+forestfinance.fr: did not receive HSTS header
+foreveralone.io: could not connect to host
+forewordreviews.com: did not receive HSTS header
+forex-dan.com: did not receive HSTS header
+forgix.com: could not connect to host
+formazioneopen.it: could not connect to host
+formersessalaries.com: did not receive HSTS header
+formula.cf: could not connect to host
+forplanetsake.com: could not connect to host
+forschbach-janssen.de: could not connect to host
+forsyththeatre.com: could not connect to host
+fortuna-loessnitz.de: could not connect to host
+forty2.eu: did not receive HSTS header
+forus.be: could not connect to host
+foshanshequ.com: could not connect to host
+fossewayflowers.co.uk: could not connect to host
+fossewayflowers.com: could not connect to host
+fossewaygardencentre.co.uk: did not receive HSTS header
+fotiu.com: could not connect to host
+fotocerita.net: could not connect to host
+fotofaerie.net: could not connect to host
+fotogiraffe.ru: could not connect to host
+fotografosexpertos.com: did not receive HSTS header
+fotopasja.info: could not connect to host
+fourchin.net: could not connect to host
+fourwheelpartloanssimple.com: did not receive HSTS header
+foxdev.io: did not receive HSTS header
+foxelbox.com: did not receive HSTS header
+foxley-farm.co.uk: did not receive HSTS header
+foxley-seeds.co.uk: did not receive HSTS header
+foxleyseeds.co.uk: could not connect to host
+foxtrot.pw: could not connect to host
+foxyslut.com: could not connect to host
+fr33d0m.link: could not connect to host
+fragilesolar.cf: could not connect to host
+fragnic.com: could not connect to host
+fralef.me: did not receive HSTS header
+francevpn.xyz: could not connect to host
+franckyz.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+francois-vidit.com: did not receive HSTS header
+frangor.info: did not receive HSTS header
+frankierprofi.de: did not receive HSTS header
+fransallen.com: could not connect to host
+franta.biz: did not receive HSTS header
+franta.email: did not receive HSTS header
+franzt.de: could not connect to host
+franzt.ovh: could not connect to host
+frasesdeamizade.pt: could not connect to host
+frasys.io: did not receive HSTS header
+fraudempire.com: could not connect to host
+frebib.net: could not connect to host
+fredliang.cn: could not connect to host
+fredtec.ru: could not connect to host
+freeboson.org: could not connect to host
+freeflow.tv: could not connect to host
+freejidi.com: could not connect to host
+freekdevries.nl: did not receive HSTS header
+freelanced.co.za: could not connect to host
+freelansir.com: could not connect to host
+freelo.cz: did not receive HSTS header
+freematthale.net: did not receive HSTS header
+freeshkre.li: could not connect to host
+freesoftwaredriver.com: could not connect to host
+freethought.org.au: could not connect to host
+freeutopia.org: did not receive HSTS header
+freqlabs.com: did not receive HSTS header
+freshfind.xyz: could not connect to host
+freshlymind.com: did not receive HSTS header
+frezbo.com: could not connect to host
+frforms.com: did not receive HSTS header
+frickenate.com: could not connect to host
+fridaperfumaria.com.br: could not connect to host
+fridolinka.cz: could not connect to host
+friedhelm-wolf.de: could not connect to host
+friendica.ch: could not connect to host
+friendlyfiregameshow.com: could not connect to host
+frimons.com: could not connect to host
+frodriguez.xyz: could not connect to host
+froggstack.de: could not connect to host
+frolov.net: could not connect to host
+fromlemaytoz.com: could not connect to host
+fromthesoutherncross.com: could not connect to host
+front-end.dog: could not connect to host
+frontisme.nl: did not receive HSTS header
+frontmin.com: did not receive HSTS header
+frost-ci.xyz: could not connect to host
+frosty-gaming.xyz: could not connect to host
+froxlor.support: could not connect to host
+frp-roleplay.de: could not connect to host
+frsis2017.com: could not connect to host
+fruitusers.com: could not connect to host
+frumious.fyi: could not connect to host
+frusky.net: could not connect to host
+fs-gamenet.de: could not connect to host
+fsapubs.gov: did not receive HSTS header
+fsfi.is: could not connect to host
+fsinf.at: did not receive HSTS header
+fspphoto.com: could not connect to host
+fsradio.eu: could not connect to host
+fstfy.de: could not connect to host
+ftctele.com: could not connect to host
+fteproxy.org: did not receive HSTS header
+ftpi.ml: could not connect to host
+fuckbilibili.com: could not connect to host
+fuckcf.cf: could not connect to host
+fuckgfw233.org: could not connect to host
+fugle.de: could not connect to host
+fuitedeau.ch: could not connect to host
+fukuko.biz: could not connect to host
+fukuko.xyz: could not connect to host
+fukushima-web.com: did not receive HSTS header
+fuli.am: did not receive HSTS header
+fulilingyu.info: could not connect to host
+fuliydys.com: did not receive HSTS header
+fullytrained.co.uk: did not receive HSTS header
+fumiware.com: could not connect to host
+fun9.cc: could not connect to host
+fun99.cc: could not connect to host
+fundacionhijosdelsol.org: could not connect to host
+fungame.eu: did not receive HSTS header
+funkes-ferien.de: did not receive HSTS header
+funkyweddingideas.com.au: could not connect to host
+funnyang.com: could not connect to host
+funrun.com: did not receive HSTS header
+funspins.com: could not connect to host
+funtastic-event-hire.co.uk: did not receive HSTS header
+fuorifuocogenova.it: did not receive HSTS header
+furiffic.com: did not receive HSTS header
+furnation.com: could not connect to host
+furnishedproperty.com.au: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+furry.be: did not receive HSTS header
+fusedrops.com: could not connect to host
+fusionmate.com: did not receive HSTS header
+futbol11.com: did not receive HSTS header
+futos.de: could not connect to host
+futurefundapp.com: did not receive HSTS header
+futurestarsusa.org: did not receive HSTS header
+futuretechnologi.es: could not connect to host
+futureyouhealth.com: did not receive HSTS header
+fuvpn.com: could not connect to host
+fuzoku-sodan.com: could not connect to host
+fws.gov: did not receive HSTS header
+fx-rk.com: did not receive HSTS header
+fyfywka.com: max-age too low: 86400
+fyodorpi.com: did not receive HSTS header
+fyol.pw: could not connect to host
+fysiohaenraets.nl: did not receive HSTS header
+fzn.io: did not receive HSTS header
+fzslm.me: could not connect to host
+g-i-s.vn: did not receive HSTS header
+g-marketing.ro: did not receive HSTS header
+g-rickroll-o.pw: could not connect to host
+g1jeu.com: could not connect to host
+g2a.co: did not receive HSTS header
+g2g.com: did not receive HSTS header
+g4w.co: could not connect to host (error ignored - included regardless)
+g5led.nl: could not connect to host
+g77.ca: could not connect to host
+gaasuper6.com: could not connect to host
+gabber.scot: could not connect to host
+gabi.com.es: could not connect to host
+gabi.soy: did not receive HSTS header
+gabi.uno: could not connect to host
+gablaxian.com: max-age too low: 2592000
+gabriel.to: could not connect to host
+gabriele-kluge.de: could not connect to host
+gaelleetarnaud.com: did not receive HSTS header
+gafachi.com: could not connect to host
+gainesvillegoneaustin.org: did not receive HSTS header
+gaiserik.com: could not connect to host
+gaite.me: did not receive HSTS header
+gakkainavi-epsilon.net: did not receive HSTS header
+gakkainavi.jp: did not receive HSTS header
+gakkainavi4.com: could not connect to host
+gakkainavi4.net: did not receive HSTS header
+gala.kiev.ua: could not connect to host
+galardi.org: could not connect to host
+galena.io: could not connect to host
+galenskap.eu: could not connect to host
+galeriadobimba.com.br: could not connect to host
+gali.review: could not connect to host
+gallery44.org: did not receive HSTS header
+galletasgabi.com.mx: max-age too low: 86400
+galoisvpn.xyz: could not connect to host
+gam3rs.de: could not connect to host
+gambitcloud.net: could not connect to host
+game-gentle.com: could not connect to host
+game.yt: could not connect to host
+gamecave.de: could not connect to host
+gamechasm.com: could not connect to host
+gamefund.me: did not receive HSTS header
+gamehacks.me: could not connect to host
+gameink.net: max-age too low: 0
+gamek.es: could not connect to host
+gamenected.com: could not connect to host
+gamenected.de: could not connect to host
+gamepad.vg: could not connect to host
+gamepader.com: could not connect to host
+gameparade.de: could not connect to host
+gamepiece.com: could not connect to host
+gamerpoets.com: did not receive HSTS header
+gamers-life.fr: could not connect to host
+gamerslair.org: did not receive HSTS header
+gamerz-point.de: could not connect to host
+gamesdepartment.co.uk: did not receive HSTS header
+gameserver-sponsor.de: did not receive HSTS header
+gamesurferapp.com: could not connect to host
+gameswitchers.uk: could not connect to host
+gametium.com: could not connect to host
+gametium.es: could not connect to host
+gamingmedia.eu: did not receive HSTS header
+gamoice.com: did not receive HSTS header
+gampenhof.de: did not receive HSTS header
+garageon.net: did not receive HSTS header
+garciamartin.me: could not connect to host
+garcinia--cambogia.com: could not connect to host
+garden.trade: could not connect to host
+gasbarkenora.com: could not connect to host
+gasnews.net: could not connect to host
+gasser-daniel.ch: did not receive HSTS header
+gatapro.net: could not connect to host
+gatorsa.es: did not receive HSTS header
+gaussorgues.me: could not connect to host
+gautham.it: could not connect to host
+gautham.pro: could not connect to host
+gaygeeks.de: could not connect to host
+gc.net: could not connect to host
+gchoic.com: could not connect to host
+gdegem.org: did not receive HSTS header
+gdevpenze.ru: could not connect to host
+gdhzcgs.com: could not connect to host
+gdz-otvety.com: could not connect to host
+gebn.co.uk: did not receive HSTS header
+gebn.uk: could not connect to host
+gedankenbude.info: could not connect to host
+geekbaba.com: could not connect to host
+geekcast.co.uk: did not receive HSTS header
+geekmind.org: max-age too low: 172800
+geeks.berlin: could not connect to host
+geeks.lgbt: could not connect to host
+geeky.software: could not connect to host
+geemo.top: could not connect to host
+gehrke.nrw: could not connect to host
+geigr.de: could not connect to host
+geli-graphics.com: did not receive HSTS header
+gemsoftheworld.org: could not connect to host
+gemuplay.com: could not connect to host
+generationnext.pl: could not connect to host
+genesischangelog.com: did not receive HSTS header
+geneve.guide: could not connect to host
+genossen.ru: could not connect to host
+genshiken.org: could not connect to host
+genuu.com: could not connect to host
+genuxation.com: could not connect to host
+genyaa.com: could not connect to host
+genyhitch.com: did not receive HSTS header
+geoffdev.com: could not connect to host
+geoffreyrichard.com: did not receive HSTS header
+geopals.net: did not receive HSTS header
+geoponika.gr: did not receive HSTS header
+george-brighton.co.uk: could not connect to host
+georgebrighton.co.uk: could not connect to host
+georgescarryout.com: could not connect to host
+georgesonarthurs.com.au: did not receive HSTS header
+gereja.ga: could not connect to host
+gerencianet.com.br: did not receive HSTS header
+gereon.ch: could not connect to host
+geri.be: could not connect to host
+geschenkly.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+gesiwista.net: could not connect to host
+gesunde-smoothies.de: did not receive HSTS header
+get-cctv.com: could not connect to host
+get.zenpayroll.com: did not receive HSTS header
+geta.pub: did not receive HSTS header
+getable.com: did not receive HSTS header
+getblys.com.au: did not receive HSTS header
+getbooks.co.il: did not receive HSTS header
+getcarefirst.com: could not connect to host
+getcarina.com: could not connect to host
+getcleartouch.com: did not receive HSTS header
+getcolor.com: did not receive HSTS header
+getfestify.com: did not receive HSTS header
+getfilterlive.org: could not connect to host
+getfirepress.com: could not connect to host
+getgeek.dk: could not connect to host
+getgeek.ee: could not connect to host
+getgeek.es: could not connect to host
+getgeek.eu: did not receive HSTS header
+getgeek.fi: could not connect to host
+getgeek.fr: could not connect to host
+getgeek.io: could not connect to host
+getgeek.no: could not connect to host
+getgeek.nu: could not connect to host
+getgeek.pl: could not connect to host
+getgeek.se: did not receive HSTS header
+getinternet.de: did not receive HSTS header
+getkai.co.nz: did not receive HSTS header
+getlantern.org: did not receive HSTS header
+getlifti.com: could not connect to host
+getlittleapps.com: could not connect to host
+getlolaccount.com: did not receive HSTS header
+getmassage.com.ng: could not connect to host
+getmondo.co.uk: could not connect to host
+getpake.com: could not connect to host
+getpop.org: did not receive HSTS header
+getpublii.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+getremembrall.com: could not connect to host
+getronics.care: could not connect to host
+getsello.com: could not connect to host
+getspeaker.com: did not receive HSTS header
+getwarden.net: could not connect to host
+getwashdaddy.com: could not connect to host
+gevaulug.fr: could not connect to host
+gfbouncycastles.co.uk: could not connect to host
+gfhgiro.nl: max-age too low: 0
+gfm.tech: could not connect to host
+gfoss.gr: could not connect to host
+gfwsb.ml: could not connect to host
+gglks.com: could not connect to host
+ggrks-asano.com: could not connect to host
+ggss.cf: could not connect to host
+ggss.ml: could not connect to host
+gheorghe-sarcov.ga: could not connect to host
+gheorghesarcov.ga: could not connect to host
+gheorghesarcov.tk: could not connect to host
+ghi.gov: could not connect to host
+ghkim.net: could not connect to host
+ghuntley.com: max-age too low: 0
+giakki.eu: could not connect to host
+gianlucapartengo.photography: did not receive HSTS header
+gibraltar-firma.com: did not receive HSTS header
+gidea.nu: could not connect to host
+gietvloergarant.nl: did not receive HSTS header
+giftgofers.com: did not receive HSTS header
+giftservices.nl: could not connect to host
+gifzilla.net: could not connect to host
+gigacloud.org: max-age too low: 0
+gigacog.com: could not connect to host
+gigin.me: did not receive HSTS header
+gilcloud.com: could not connect to host
+gilgaz.com: did not receive HSTS header
+gillet-cros.fr: could not connect to host
+gilly.berlin: did not receive HSTS header
+gilroywestwood.org: did not receive HSTS header
+gina-architektur.design: could not connect to host
+gincher.net: did not receive HSTS header
+gingali.de: did not receive HSTS header
+ginijony.com: did not receive HSTS header
+gintenreiter-photography.com: did not receive HSTS header
+giogadesign.com: did not receive HSTS header
+gipsamsfashion.com: could not connect to host
+gipsic.com: did not receive HSTS header
+gis3m.org: did not receive HSTS header
+gistfy.com: could not connect to host
+git-stuff.tk: could not connect to host
+git.co: could not connect to host
+givemyanswer.com: could not connect to host
+gizzo.sk: could not connect to host
+glasner.photo: could not connect to host
+glass.google.com: did not receive HSTS header (error ignored - included regardless)
+glasslikes.com: did not receive HSTS header
+glbg.eu: did not receive HSTS header
+glentakahashi.com: could not connect to host
+glittersjabloon.nl: did not receive HSTS header
+glitzmirror.com: could not connect to host
+global-adult-webcams.com: did not receive HSTS header
+globalado.com: could not connect to host
+globalbridge-japan.com: did not receive HSTS header
+globalcomix.com: did not receive HSTS header
+globalexpert.co.nz: could not connect to host
+globalinsights.xyz: could not connect to host
+globalittech.com: could not connect to host
+globalmusic.ga: could not connect to host
+globalsites.nl: did not receive HSTS header
+glotter.com: did not receive HSTS header
+gloucesterphotographer.com: did not receive HSTS header
+glubbforum.de: did not receive HSTS header
+glutenfreelife.co.nz: could not connect to host
+glws.org: did not receive HSTS header
+gm-assicurazioni.it: could not connect to host
+gmail.com: did not receive HSTS header (error ignored - included regardless)
+gmantra.org: could not connect to host
+gmanukyan.com: could not connect to host
+gmat.ovh: could not connect to host
+gmoes.at: max-age too low: 600000
+gnom.me: could not connect to host
+gnosticjade.net: could not connect to host
+go.ax: did not receive HSTS header
+go2sh.de: did not receive HSTS header
+go4it.solutions: did not receive HSTS header
+goabonga.com: could not connect to host
+goalsetup.com: did not receive HSTS header
+goaltree.ch: did not receive HSTS header
+goarmy.eu: could not connect to host
+goat.chat: did not receive HSTS header
+goat.xyz: did not receive HSTS header
+goben.ch: could not connect to host
+goblins.net: did not receive HSTS header
+godrealms.com: could not connect to host
+goedeke.ml: could not connect to host
+goerner.me: did not receive HSTS header
+goge.site: could not connect to host
+gogenenglish.com: could not connect to host
+gogetssl.com: did not receive HSTS header
+goggs.eu: could not connect to host
+gogold-g.com: could not connect to host
+goiaspropaganda.com.br: could not connect to host
+gold24.in: did not receive HSTS header
+goldegg-training.com: did not receive HSTS header
+goldendata.io: could not connect to host
+goldminer.ga: could not connect to host
+goldpros.com: did not receive HSTS header
+golocal-media.de: could not connect to host
+gong8.win: could not connect to host
+gongjuhao.com: could not connect to host
+gonzalosanchez.mx: did not receive HSTS header
+goodfurday.ca: did not receive HSTS header
+goodtech.com.br: could not connect to host
+goodwin43.ru: could not connect to host
+google: could not connect to host (error ignored - included regardless)
+google.ax: could not connect to host
+googlemail.com: did not receive HSTS header (error ignored - included regardless)
+googleplex.com: did not receive HSTS header (error ignored - included regardless)
+googley.fr: max-age too low: 0
+goolok.com: could not connect to host
+gootlijsten.nl: did not receive HSTS header
+goozz.nl: did not receive HSTS header
+gopay.cz: did not receive HSTS header
+gopokego.cz: could not connect to host
+goranrango.ch: could not connect to host
+gorgiaxx.com: could not connect to host
+gorilla-gym.site: could not connect to host
+gorillow.com: could not connect to host
+gosharewood.com: did not receive HSTS header
+goshop.cz: did not receive HSTS header
+gostream.asia: did not receive HSTS header
+gotgenes.com: could not connect to host
+goto.google.com: did not receive HSTS header (error ignored - included regardless)
+goto.msk.ru: did not receive HSTS header
+gotobrno.cz: did not receive HSTS header
+gotocloud.ru: did not receive HSTS header
+gotowned.org: max-age too low: 0
+gotspot.com: could not connect to host
+gottcode.org: did not receive HSTS header
+gottfridsberg.org: could not connect to host
+gottfriedfeyen.com: did not receive HSTS header
+gourmettia.com: did not receive HSTS header
+gouv.ovh: did not receive HSTS header
+gov.ax: could not connect to host
+goverage.org: did not receive HSTS header
+govillemo.ca: did not receive HSTS header
+gozadentro.com: could not connect to host
+gozel.com.tr: did not receive HSTS header
+gparent.org: did not receive HSTS header
+gpo.gov: did not receive HSTS header
+gpstuner.com: did not receive HSTS header
+graavaapi.elasticbeanstalk.com: could not connect to host
+gracebaking.com: max-age too low: 86400
+gracechurchpc.net: max-age too low: 2592000
+gracesofgrief.com: could not connect to host
+grachtenpandverkopen.nl: could not connect to host
+gradsm-ci.net: could not connect to host
+grafitec.ru: did not receive HSTS header
+grana.com: did not receive HSTS header
+grandlinecsk.ru: did not receive HSTS header
+grandmascookieblog.com: did not receive HSTS header
+grantedby.me: max-age too low: 0
+granth.io: could not connect to host
+graph.no: did not receive HSTS header
+graphire.io: could not connect to host
+graphsearchengine.com: could not connect to host
+gratis-app.com: did not receive HSTS header
+gratisonlinesex.com: could not connect to host
+gravitation.pro: could not connect to host
+gravito.nl: did not receive HSTS header
+gravity-net.de: could not connect to host
+graycell.net: could not connect to host
+grazetech.com: did not receive HSTS header
+grcnode.co.uk: could not connect to host
+great.nagoya: did not receive HSTS header
+greatestwebsiteonearth.com: could not connect to host
+greatideahub.com: did not receive HSTS header
+greatnet.de: did not receive HSTS header
+greatsong.net: did not receive HSTS header
+greencardtalent.com: could not connect to host
+greenesting.ch: could not connect to host
+greenesting.com: could not connect to host
+greenhillantiques.co.uk: did not receive HSTS header
+greensolid.biz: could not connect to host
+greenvines.com.tw: did not receive HSTS header
+greenvpn.ltd: could not connect to host
+greenvpn.pro: did not receive HSTS header
+greggsfoundation.org.uk: could not connect to host
+gregmartyn.com: could not connect to host
+gregmilton.org: could not connect to host
+gregorytlee.me: could not connect to host
+grekland.guide: could not connect to host
+gremots.com: could not connect to host
+greplin.com: could not connect to host
+gresb.com: did not receive HSTS header
+gretchelizartistry.com: did not receive HSTS header
+greuel.online: could not connect to host
+grevesgarten.de: could not connect to host
+greyline.se: could not connect to host
+gribani.com: could not connect to host
+grid2osm.org: could not connect to host
+grigalanzsoftware.com: could not connect to host
+grillinfools.com: did not receive HSTS header
+gripopgriep.net: could not connect to host
+gritte.net: could not connect to host
+groenewoud.run: could not connect to host
+groetzner.net: did not receive HSTS header
+groseb.net: did not receive HSTS header
+grossell.ru: could not connect to host
+grossmann.gr: could not connect to host
+grossmisconduct.news: could not connect to host
+groupe-cassous.com: did not receive HSTS header
+groups.google.com: did not receive HSTS header (error ignored - included regardless)
+grow-shop.ee: could not connect to host
+grow-shop.lt: could not connect to host
+grow-shop.lv: could not connect to host
+grozip.com: did not receive HSTS header
+grunex.com: did not receive HSTS header
+grupopgn.com.br: could not connect to host
+gryffin.ga: could not connect to host
+gryffin.ml: could not connect to host
+gryffin.tk: could not connect to host
+gsm-map.com: could not connect to host
+gsnort.com: did not receive HSTS header
+gtamodshop.org: could not connect to host
+gtanda.tk: could not connect to host
+gtech.work: did not receive HSTS header
+gtldna.com: could not connect to host
+gtlfsonlinepay.com: did not receive HSTS header
+gtraxapp.com: could not connect to host
+gts-schulsoftware.de: did not receive HSTS header
+guarajubaimoveis.com.br: did not receive HSTS header
+guava.studio: did not receive HSTS header
+guentherhouse.com: did not receive HSTS header
+guenthernoack.de: could not connect to host
+guffrits.com: could not connect to host
+gugaltika-ipb.org: could not connect to host
+guge.gq: could not connect to host
+gugga.dk: could not connect to host
+guguke.net: did not receive HSTS header
+guilde-vindicta.fr: did not receive HSTS header
+guillaume-leduc.fr: did not receive HSTS header
+guillaumematheron.fr: did not receive HSTS header
+guinea-pig.co: could not connect to host
+guineafruitcorp.com: could not connect to host
+gulch.in.ua: did not receive HSTS header
+gulenet.com: could not connect to host
+gulfcoast-sandbox.com: could not connect to host
+gunnarhafdal.com: did not receive HSTS header
+gunnaro.com: could not connect to host
+guntbert.net: could not connect to host
+guoqiang.info: did not receive HSTS header
+gurom.lv: could not connect to host
+gurusupe.com: could not connect to host
+gus.moe: could not connect to host
+guso.gq: could not connect to host
+guso.ml: could not connect to host
+guso.site: could not connect to host
+guso.tech: could not connect to host
+gussi.is: did not receive HSTS header
+gvchannel.xyz: could not connect to host
+gvpt.sk: did not receive HSTS header
+gvt2.com: could not connect to host (error ignored - included regardless)
+gvt3.com: could not connect to host (error ignored - included regardless)
+gw2oracle.com: could not connect to host
+gw2reload.eu: could not connect to host
+gwijaya.com: could not connect to host
+gwtest.us: could not connect to host
+gxlrx.net: could not connect to host
+gyboche.com: could not connect to host
+gyboche.science: could not connect to host
+gycis.me: could not connect to host
+gylauto.fr: could not connect to host
+gym-old.de: max-age too low: 0
+gypthecat.com: did not receive HSTS header
+gyz.io: could not connect to host
+h-og.com: could not connect to host
+h-rickroll-n.pw: could not connect to host
+h2cdn.cloud: could not connect to host
+h2check.org: did not receive HSTS header
+h3artbl33d.nl: could not connect to host
+haarkliniek.com: did not receive HSTS header
+habbo.life: did not receive HSTS header
+habbotalk.nl: could not connect to host
+habeo.si: could not connect to host
+hablemosdetecnologia.com.ve: could not connect to host
+hac30.com: could not connect to host
+hack.cz: could not connect to host
+hack.li: could not connect to host
+hacker8.cn: did not receive HSTS header
+hackercat.ninja: did not receive HSTS header
+hackerforever.com: did not receive HSTS header
+hackerone-ext-adroll.com: could not connect to host
+hackerspace-ntnu.no: did not receive HSTS header
+hackest.org: did not receive HSTS header
+hackit.im: could not connect to host
+hackroyale.xyz: did not receive HSTS header
+hacksnack.io: could not connect to host
+hadaf.pro: could not connect to host
+hadzic.co: could not connect to host
+haeckdesign.com: did not receive HSTS header
+haeckl.eu: did not receive HSTS header
+haemmerle.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+haf.gr: could not connect to host
+hafoda.com: did not receive HSTS header
+hahayidu.org: could not connect to host
+hainoni.com: did not receive HSTS header
+hairlossstop.net: did not receive HSTS header
+haitschi.com: could not connect to host
+haitschi.de: did not receive HSTS header
+haitschi.net: could not connect to host
+haitschi.org: could not connect to host
+haku.moe: could not connect to host
+hakugin.me: could not connect to host
+hakugin.org: could not connect to host
+halcyonsbastion.com: could not connect to host
+halkyon.net: could not connect to host
+halletienne.fr: could not connect to host
+halo.red: could not connect to host
+halyul.cc: did not receive HSTS header
+halyul.com: did not receive HSTS header
+haman.nl: could not connect to host
+hamu.blue: could not connect to host
+hancc.net: could not connect to host
+handenafvanhetmedischdossier.nl: could not connect to host
+handicapindeles.nl: did not receive HSTS header
+handiworker.com: could not connect to host
+handleidingkwijt.com: did not receive HSTS header
+handsandall.com: did not receive HSTS header
+hanfu.la: could not connect to host
+hang333.pw: could not connect to host
+hangar18-modelismo.com.br: could not connect to host
+hanimalis.fr: could not connect to host
+hans-natur.de: did not receive HSTS header
+hao2taiwan.com: max-age too low: 0
+haobo111.com: could not connect to host
+haobo1111.com: could not connect to host
+haobo222.com: could not connect to host
+haobo2222.com: could not connect to host
+haobo4444.com: could not connect to host
+haobo5555.com: could not connect to host
+haobo6666.com: could not connect to host
+haobo7777.com: could not connect to host
+haomwei.com: could not connect to host
+haoyugao.com: could not connect to host
+hapijs.cn: could not connect to host
+happist.com: did not receive HSTS header
+happix.nl: did not receive HSTS header
+happyfabric.me: did not receive HSTS header
+happygastro.com: could not connect to host
+harambe.site: could not connect to host
+harbourweb.net: did not receive HSTS header
+hardline.xyz: could not connect to host
+haribosupermix.com: could not connect to host
+harisht.me: could not connect to host
+harlentimberproducts.co.uk: did not receive HSTS header
+harmonycosmetic.com: max-age too low: 300
+harristony.com: could not connect to host
+harrypottereditor.net: could not connect to host
+hartlep.eu: could not connect to host
+hartmancpa.com: did not receive HSTS header
+harvestrenewal.org: did not receive HSTS header
+harz.cloud: could not connect to host
+has.vision: could not connect to host
+hasabig.wang: could not connect to host
+hasalittle.wang: could not connect to host
+hash-list.com: could not connect to host
+hashidays.com: did not receive HSTS header
+hashnode.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hashplex.com: could not connect to host
+hasilocke.de: did not receive HSTS header
+hasinase.de: could not connect to host
+haste.ch: could not connect to host
+hastherebeenamassshooting.today: could not connect to host
+hatoko.net: could not connect to host
+haufschild.de: could not connect to host
+haurumcraft.net: could not connect to host
+hausarzt-stader-str.de: did not receive HSTS header
+haveeruexaminer.com: could not connect to host
+havenmoon.com: could not connect to host
+havenswift-hosting.co.uk: did not receive HSTS header
+hawthornharpist.com: could not connect to host
+haxoff.com: could not connect to host
+haxon.me: could not connect to host
+haxx.hu: could not connect to host
+haydenhill.us: could not connect to host
+hazcod.com: could not connect to host
+haze-productions.com: could not connect to host
+haze.network: could not connect to host
+haze.sucks: could not connect to host
+hazyrom.net: could not connect to host
+hb1111.com: could not connect to host
+hb3333.com: could not connect to host
+hb4444.com: could not connect to host
+hbbet.com: could not connect to host
+hbvip.com: could not connect to host
+hbvip01.com: could not connect to host
+hbvip02.com: could not connect to host
+hbvip03.com: could not connect to host
+hbvip04.com: could not connect to host
+hbvip05.com: could not connect to host
+hbvip06.com: could not connect to host
+hbvip07.com: could not connect to host
+hbvip08.com: could not connect to host
+hcie.pl: could not connect to host
+hcr.io: did not receive HSTS header
+hcs-company.com: did not receive HSTS header
+hcs-company.nl: did not receive HSTS header
+hcstr.com: could not connect to host
+hdm.io: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hdrboundless.com: could not connect to host
+hdserver.info: did not receive HSTS header
+hdsmigrationtool.com: could not connect to host
+hduin.xyz: could not connect to host
+hdwallpapers.net: did not receive HSTS header
+head-shop.lt: could not connect to host
+head-shop.lv: could not connect to host
+headmates.xyz: could not connect to host
+healthjoy.com: did not receive HSTS header
+healthyandnaturalliving.com: could not connect to host
+healthycod.in: could not connect to host
+healtious.com: could not connect to host
+hearingshofar.com: could not connect to host
+heart.ge: could not connect to host
+heartlandrentals.com: did not receive HSTS header
+hearty.ink: could not connect to host
+hearty.space: could not connect to host
+hearty.tw: did not receive HSTS header
+heartyme.net: could not connect to host
+heathmanners.com: could not connect to host
+heavenlysmokenc.com: could not connect to host
+heavystresser.com: could not connect to host
+hebaus.com: could not connect to host
+heidilein.info: did not receive HSTS header
+heijblok.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+heimnetze.org: could not connect to host
+heisenberg.co: could not connect to host
+hejahanif.se: could not connect to host
+hejsupport.se: could not connect to host
+helencrump.co.uk: did not receive HSTS header
+helgakristoffer.com: could not connect to host
+helgakristoffer.wedding: could not connect to host
+hellofilters.com: could not connect to host
+hellomouse.tk: could not connect to host
+helloworldhost.com: did not receive HSTS header
+hellscanyonraft.com: did not receive HSTS header
+helpadmin.net: could not connect to host
+helpantiaging.com: could not connect to host
+helpekwendenihospital.com: could not connect to host
+helpium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+helpmebuild.com: did not receive HSTS header
+helsingfors.guide: could not connect to host
+hemlockhillscabinrentals.com: did not receive HSTS header
+hencagon.com: could not connect to host
+hendersonrealestatepros.com: did not receive HSTS header
+henriknoerr.com: could not connect to host
+hentai.design: could not connect to host
+hentaimaster.net: could not connect to host
+herbandpat.org: could not connect to host
+herbertmouwen.nl: could not connect to host
+here.ml: could not connect to host
+here4funpartysolutions.ie: did not receive HSTS header
+heribe-maruo.com: could not connect to host
+heritagedentistry.ca: did not receive HSTS header
+heroin.org.uk: could not connect to host
+herpaderp.net: could not connect to host
+herrenfahrt.com: did not receive HSTS header
+herzbotschaft.de: did not receive HSTS header
+hetmeisjeachterpauw.nl: could not connect to host
+hetmer.com: did not receive HSTS header
+hetmer.cz: did not receive HSTS header
+hetmer.net: did not receive HSTS header
+heutger.net: did not receive HSTS header
+hex2013.com: did not receive HSTS header
+hexhu.com: could not connect to host
+hexobind.com: could not connect to host
+heyfringe.com: could not connect to host
+heyguevara.com: could not connect to host
+heywoodtown.co.uk: did not receive HSTS header
+hfcbank.com.gh: did not receive HSTS header
+hfi.me: could not connect to host
+hfu.io: could not connect to host
+hg881.com: could not connect to host
+hibilog.com: could not connect to host
+hicn.gq: could not connect to host
+hiddendepth.ie: max-age too low: 0
+hiddenmail.xyz: could not connect to host
+hiddenrefuge.eu.org: could not connect to host
+hideftv.deals: could not connect to host
+hiexmerida-mailing.com: did not receive HSTS header
+higherpress.org: could not connect to host
+highgrove.org.uk: could not connect to host
+highseer.com: did not receive HSTS header
+highsurf-miyazaki.com: could not connect to host
+hightower.eu: could not connect to host
+highvelocitydesign.com: could not connect to host
+hiisukun.com: could not connect to host
+hiitcentre.com: did not receive HSTS header
+hikariempire.com: could not connect to host
+hilinemerchandising.com: did not receive HSTS header
+hill.selfip.net: could not connect to host
+hillcity.org.nz: did not receive HSTS header
+hilnu.tk: could not connect to host
+hinkel-sohn.de: did not receive HSTS header
+hintergedanken.com: did not receive HSTS header
+hintermeier-rae.at: could not connect to host
+hipercultura.com: did not receive HSTS header
+hiphopconvention.nl: could not connect to host
+hipnos.net: did not receive HSTS header
+hiqhub.co.uk: could not connect to host
+hirefitness.co.uk: did not receive HSTS header
+hirevets.gov: did not receive HSTS header
+hirokilog.com: could not connect to host
+hirte-digital.de: could not connect to host
+hitchunion.org: could not connect to host
+hititgunesi-tr.com: did not receive HSTS header
+hitoy.org: did not receive HSTS header
+hitrek.ml: could not connect to host
+hittipps.com: did not receive HSTS header
+hiv.gov: did not receive HSTS header
+hlyue.com: did not receive HSTS header
+hm1ch.ovh: could not connect to host
+hmksq.ae: max-age too low: 7776000
+hmm.nyc: could not connect to host
+hmsseahawk.com: did not receive HSTS header
+hoast.xyz: could not connect to host
+hobaugh.social: did not receive HSTS header
+hodamakade.com: did not receive HSTS header
+hodne.io: could not connect to host
+hoekwoningverkopen.nl: could not connect to host
+hoerbuecher-und-hoerspiele.de: could not connect to host
+hofiprojekt.cz: did not receive HSTS header
+hogar123.es: could not connect to host
+hohm.in: could not connect to host
+hoiku-map.tokyo: could not connect to host
+hoiku-navi.com: did not receive HSTS header
+holgerlehner.com: could not connect to host
+holidayincotswolds.co.uk: could not connect to host
+holifestival-freyung.de: could not connect to host
+holymoly.lu: could not connect to host
+homa.website: could not connect to host
+homads.com: did not receive HSTS header
+homeandyarddetailing.com: could not connect to host
+homeclouding.de: could not connect to host
+homedna.com: did not receive HSTS header
+homeexx.com: did not receive HSTS header
+homeownersassociationmanagementla.com: could not connect to host
+homeseller.co.uk: could not connect to host
+hometownmall.com: max-age too low: 0
+homeyantra.com: did not receive HSTS header
+homoglyph.net: could not connect to host
+honeytracks.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+hongyd.online: could not connect to host
+hongzhaxiaofendui.com: could not connect to host
+honoo.com: could not connect to host
+hoodoo.io: could not connect to host
+hoodoo.tech: could not connect to host
+hookandloom.com: did not receive HSTS header
+hoopsacademyusa.com: could not connect to host
+hoovism.com: did not receive HSTS header
+hopesb.org: could not connect to host
+horizonshypnosis.ca: did not receive HSTS header
+horning.co: did not receive HSTS header
+horosho.in: could not connect to host
+horseboners.xxx: did not receive HSTS header
+hortifarm.ro: did not receive HSTS header
+horvathtom.com: could not connect to host
+hosteasy.nl: did not receive HSTS header
+hosted-oswa.org: could not connect to host
+hostedtalkgadget.google.com: did not receive HSTS header (error ignored - included regardless)
+hostelite.com: did not receive HSTS header
+hostfuture.co.in: did not receive HSTS header
+hostgarou.com: did not receive HSTS header
+hostinaus.com.au: did not receive HSTS header
+hostingfj.com: could not connect to host
+hostisan.com: could not connect to host
+hostworkz.com: did not receive HSTS header
+hotartup.com: could not connect to host
+hotchoc.io: did not receive HSTS header
+hotel-tongruben.de: max-age too low: 0
+hotelaustria-wien.at: did not receive HSTS header
+hotelmadhuwanvihar.com: could not connect to host
+hotelvictoriaoax-mailing.com: did not receive HSTS header
+hotelvillahermosa-mailing.com: did not receive HSTS header
+hotelvue.nl: could not connect to host
+houkago-step.com: did not receive HSTS header
+housemaadiah.org: did not receive HSTS header
+housingstudents.org.uk: could not connect to host
+howardtyson.com: could not connect to host
+howfargames.com: could not connect to host
+howrandom.org: could not connect to host
+howtocuremysciatica.com: could not connect to host
+hozinga.de: could not connect to host
+hp-work.net: could not connect to host
+hpepub.asia: could not connect to host
+hpepub.com: could not connect to host
+hpepub.org: could not connect to host
+hppub.info: could not connect to host
+hppub.org: could not connect to host
+hppub.site: could not connect to host
+hqhost.net: did not receive HSTS header
+hr-intranet.com: could not connect to host
+hr98.tk: could not connect to host
+hrackydomino.cz: did not receive HSTS header
+hrk.io: could not connect to host
+hserver.top: could not connect to host
+hsir.me: could not connect to host
+hsts.com.br: could not connect to host
+hsts.date: could not connect to host
+hszhyy120.com: could not connect to host
+html-lab.tk: could not connect to host
+http418.xyz: could not connect to host
+httphacker.com: could not connect to host
+https.ps: could not connect to host
+httpstatuscode418.xyz: could not connect to host
+huangh.com: could not connect to host
+huarongdao.com: could not connect to host
+hubert.systems: did not receive HSTS header
+hugocollignon.fr: could not connect to host
+huiser.nl: could not connect to host
+hukkatavara.com: could not connect to host
+humankode.com: did not receive HSTS header
+humblefinances.com: did not receive HSTS header
+humeurs.net: could not connect to host
+humortuga.pt: could not connect to host
+hump.dk: did not receive HSTS header
+humpi.at: could not connect to host
+humpteedumptee.in: did not receive HSTS header
+hunger.im: could not connect to host
+huntshomeinspections.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+huodongweb.com: could not connect to host
+hup.blue: could not connect to host
+huskybutt.dog: could not connect to host
+huwjones.me: could not connect to host
+huzu.com: did not receive HSTS header
+huzurmetal.net: could not connect to host
+hyakumachi.com: did not receive HSTS header
+hyatt.com: did not receive HSTS header
+hydra.ws: could not connect to host
+hydrante.ch: could not connect to host
+hydrodipcenter.nl: did not receive HSTS header
+hydronium.cf: could not connect to host
+hydronium.ga: could not connect to host
+hydronium.me: could not connect to host
+hydronium.ml: could not connect to host
+hydronium.tk: could not connect to host
+hypa.net.au: did not receive HSTS header
+hyper69.com: did not receive HSTS header
+hypnoresults.com.au: did not receive HSTS header
+hypnos.hu: did not receive HSTS header
+hypotheques24.ch: could not connect to host
+hysg.me: could not connect to host
+hzh.pub: could not connect to host
+i-jp.net: could not connect to host
+i-partners.sk: did not receive HSTS header
+i-rickroll-n.pw: could not connect to host
+i10z.com: could not connect to host
+iacono.com.br: did not receive HSTS header
+iadttaveras.com: could not connect to host
+iamjoshellis.com: could not connect to host
+iamokay.nl: did not receive HSTS header
+iamreubin.co.uk: did not receive HSTS header
+iamveto.com: could not connect to host
+iapws.com: did not receive HSTS header
+iban.is: could not connect to host
+ibarf.nl: did not receive HSTS header
+ibase.com: did not receive HSTS header
+ibenchu.com: did not receive HSTS header
+ibestreview.com: did not receive HSTS header
+ibnuwebhost.com: could not connect to host
+icabanken.se: did not receive HSTS header
+icaforsakring.se: did not receive HSTS header
+ice.yt: could not connect to host
+icebound.cc: could not connect to host
+iceloch.com: could not connect to host
+icepink.com.br: could not connect to host
+icewoman.net: did not receive HSTS header
+icfl.com.br: could not connect to host
+ich-find-den-g.net: could not connect to host
+ich-mach-druck.eu: did not receive HSTS header
+ichnichtskaufmann.de: could not connect to host
+ichoosebtec.com: did not receive HSTS header
+icity.ly: did not receive HSTS header
+icloud.net: could not connect to host
+icntorrent.download: could not connect to host
+icreative.nl: could not connect to host
+ictpro.info: could not connect to host
+icusignature.com: could not connect to host
+id-co.in: could not connect to host
+id-conf.com: did not receive HSTS header
+id.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+idcrane.com: could not connect to host
+ideadozz.hu: could not connect to host
+ideal-envelopes.co.uk: did not receive HSTS header
+idealmoto.com: did not receive HSTS header
+idealmykonos.com: did not receive HSTS header
+ideaman924.com: did not receive HSTS header
+ideaplus.me: could not connect to host
+ideasmeetingpoint.com: could not connect to host
+ideation-inc.co.jp: could not connect to host
+idedr.com: could not connect to host
+idemo.in: could not connect to host
+identitylabs.uk: could not connect to host
+identitysandbox.gov: could not connect to host
+idgsupply.com: did not receive HSTS header
+idinby.dk: did not receive HSTS header
+idisplay.es: did not receive HSTS header
+idlekernel.com: could not connect to host
+idol-bikes.ru: could not connect to host
+idontexist.me: did not receive HSTS header
+iemb.cf: could not connect to host
+iemb.tk: did not receive HSTS header
+ierna.com: did not receive HSTS header
+ies-italia.it: did not receive HSTS header
+ies.id.lv: could not connect to host
+ievgenialehner.com: could not connect to host
+ifad.org: did not receive HSTS header
+ifastuniversity.com: did not receive HSTS header
+ifengge.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ifleurs.com: could not connect to host
+ifoss.me: could not connect to host
+ifx.ee: could not connect to host
+ifxnet.com: could not connect to host
+igforums.com: could not connect to host
+igi.codes: did not receive HSTS header
+igiftcards.nl: did not receive HSTS header
+ignatisd.gr: did not receive HSTS header
+igule.net: could not connect to host
+ihotel.io: did not receive HSTS header
+ihrlotto.de: could not connect to host
+ihrnationalrat.ch: could not connect to host
+ihsbsd.me: could not connect to host
+ihsbsd.tk: could not connect to host
+iispeed.com: did not receive HSTS header
+ijn-dd.nl: could not connect to host
+ijoda.com: could not connect to host
+ikenmeyer.com: could not connect to host
+ikenmeyer.eu: could not connect to host
+ikocik.sk: did not receive HSTS header
+ikon.name: did not receive HSTS header
+ikwilguidobellen.nl: could not connect to host
+ikzoekeengoedkopeauto.nl: could not connect to host
+ikzoekjeugdhulp.nl: did not receive HSTS header
+ilbuongiorno.it: did not receive HSTS header
+ileat.com: could not connect to host
+ilgi.work: could not connect to host
+ilhansubasi.com: did not receive HSTS header
+ilikerainbows.co: could not connect to host
+ilikerainbows.co.uk: could not connect to host
+ilikfreshweedstores.com: did not receive HSTS header
+illegalpornography.me: could not connect to host
+ilmconpm.de: could not connect to host
+ilona.graphics: did not receive HSTS header
+iluvscotland.co.uk: max-age too low: 7889238
+imakepoems.net: could not connect to host
+ime.moe: could not connect to host
+imed.com.pt: did not receive HSTS header
+imed.pt: did not receive HSTS header
+img.ovh: could not connect to host
+imgencrypt.com: could not connect to host
+imgup.co: did not receive HSTS header
+imim.pw: could not connect to host
+imjiangtao.com: did not receive HSTS header
+imlinan.cn: could not connect to host
+imlinan.info: could not connect to host
+imlinan.net: could not connect to host
+immaterium.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+immersion-pictures.com: did not receive HSTS header
+immersionwealth.com: could not connect to host
+immoprotect.ca: did not receive HSTS header
+immortals-co.com: did not receive HSTS header
+immoverkauf24.at: did not receive HSTS header
+immoverkauf24.de: did not receive HSTS header
+immunicity.cc: could not connect to host
+immunicity.date: did not receive HSTS header
+immunicity.eu: did not receive HSTS header
+immunicity.host: could not connect to host
+immunicity.info: could not connect to host
+immunicity.online: could not connect to host
+immunicity.press: could not connect to host
+immunicity.rocks: could not connect to host
+immunicity.st: did not receive HSTS header
+immunicity.today: could not connect to host
+immunicity.top: could not connect to host
+immunicity.win: could not connect to host
+immunicity.works: could not connect to host
+immunicity.world: could not connect to host
+imolug.org: did not receive HSTS header
+imoni-blog.net: could not connect to host
+imoto.me: could not connect to host
+imouto.my: max-age too low: 5184000
+imperdintechnologies.com: could not connect to host
+imperialwebsolutions.com: did not receive HSTS header
+implicitdenial.com: could not connect to host
+imu.li: did not receive HSTS header
+imusic.dk: did not receive HSTS header
+inb4.us: could not connect to host
+inbox.li: did not receive HSTS header
+incendiary-arts.com: could not connect to host
+inche-ali.com: did not receive HSTS header
+inchomatic.com: did not receive HSTS header
+increasetestosteronelevels.org: could not connect to host
+indicateurs-flash.fr: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+indiecert.net: could not connect to host
+indiemods.com: could not connect to host
+indien.guide: could not connect to host
+indochina.io: could not connect to host
+indoorskiassen.nl: did not receive HSTS header
+indredouglas.me: could not connect to host
+industreiler.com: could not connect to host
+industreiler.com.br: could not connect to host
+industrybazar.com: did not receive HSTS header
+ineed.com.mt: could not connect to host
+inexpensivecomputers.net: could not connect to host
+infcof.com: did not receive HSTS header
+infilock.com: could not connect to host
+infinitude.me.uk: could not connect to host
+infinitude.xyz: could not connect to host
+infinitudecloud.com: could not connect to host
+infinitusgaming.eu: could not connect to host
+infinity-freedom.com: could not connect to host
+infinity-freedom.de: could not connect to host
+infinity-lifestyle.de: could not connect to host
+inflatadays.co.uk: could not connect to host
+inflation.ml: could not connect to host
+info-sys.tk: could not connect to host
+infoduv.fr: did not receive HSTS header
+infogrfx.com: did not receive HSTS header
+inforichjapan.com: did not receive HSTS header
+informaticapremium.com: did not receive HSTS header
+informatik.zone: could not connect to host
+infosec.rip: could not connect to host
+infosoph.org: could not connect to host
+infotics.es: did not receive HSTS header
+infoworm.org: could not connect to host
+infranix.eu: max-age too low: 7360000
+infura.co.th: could not connect to host
+ingesol.fr: did not receive HSTS header
+inhelix.com: could not connect to host
+injertoshorticolas.com: did not receive HSTS header
+injigo.com: did not receive HSTS header
+injust.cf: could not connect to host
+injust.ga: could not connect to host
+injust.gq: could not connect to host
+injust.me: could not connect to host
+injust.ml: could not connect to host
+injust.tk: could not connect to host
+inked-guy.de: could not connect to host
+inkedguy.de: could not connect to host
+inkstory.gr: did not receive HSTS header
+inksupply.com: did not receive HSTS header
+inkvisual.tk: could not connect to host
+inleaked.com: could not connect to host
+inmyarea.com: max-age too low: 0
+innolabfribourg.ch: could not connect to host
+innophate-security.nl: could not connect to host
+inondation.ch: could not connect to host
+inplacers.ru: did not receive HSTS header
+inquisitive.io: did not receive HSTS header
+insane-bullets.com: could not connect to host
+inscript.pl: could not connect to host
+insite-feedback.com: could not connect to host
+insouciant.org: could not connect to host
+inspire-av.com: did not receive HSTS header
+inspiroinc.com: could not connect to host
+instacart.com: did not receive HSTS header
+instant-hack.com: did not receive HSTS header
+instantdev.io: could not connect to host
+instaquiz.ru: could not connect to host
+instasex.ch: could not connect to host
+institutoflordelavida.com: could not connect to host
+institutolancaster.com: did not receive HSTS header
+instruktor.io: could not connect to host
+insurance: could not connect to host
+insurance321.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+intel.gov: did not receive HSTS header
+intel.li: could not connect to host
+intelldynamics.com: could not connect to host
+interboursegeneva.ch: did not receive HSTS header
+interference.io: could not connect to host
+interhosts.co.za: could not connect to host
+interim-cto.de: could not connect to host
+interleucina.org: did not receive HSTS header
+interlocal.co.uk: could not connect to host
+interlun.com: could not connect to host
+intermezzo-emmerich.de: did not receive HSTS header
+intermezzo-emmerich.nl: did not receive HSTS header
+internaldh.com: could not connect to host
+internet-pornografie.de: did not receive HSTS header
+internetcasinos.de: could not connect to host
+internetcensus.org: could not connect to host
+internetdentalalliance.com: did not receive HSTS header
+internetpro.me: could not connect to host
+internetradiocharts.de: did not receive HSTS header
+internshipandwork.com: did not receive HSTS header
+internshipandwork.ru: did not receive HSTS header
+intersectraven.net: did not receive HSTS header
+interserved.com: did not receive HSTS header
+interviewpipeline.co.uk: could not connect to host
+intervisteperstrada.com: could not connect to host
+intexplore.org: could not connect to host
+intim-uslugi-kazan.net: could not connect to host
+intimateperrierjouet.com: could not connect to host
+intimici.com.br: could not connect to host
+intimtoy.com.ua: could not connect to host
+intocities.de: did not receive HSTS header
+intranetsec.fr: could not connect to host
+intrp.net: did not receive HSTS header
+inverselink-user-content.com: could not connect to host
+inverselink.com: could not connect to host
+investnext.com: max-age too low: 43200
+investor.gov: did not receive HSTS header
+investorloanshub.com: could not connect to host
+invictusmc.uk: could not connect to host
+invinsec.cloud: did not receive HSTS header
+inviosolutions.com: max-age too low: 0
+invite24.pro: could not connect to host
+iolife.dk: could not connect to host
+ionas-law.ro: did not receive HSTS header
+iop.intuit.com: max-age too low: 86400
+iora.fr: could not connect to host
+iosmods.com: did not receive HSTS header
+iostips.ru: could not connect to host
+ip.or.at: could not connect to host
+ip6.im: did not receive HSTS header
+ipbill.org.uk: could not connect to host
+iphonechina.net: could not connect to host
+iplife.cn: could not connect to host
+ipmimagazine.com: did not receive HSTS header
+ipnetworking.net: could not connect to host
+iprice.co.id: did not receive HSTS header
+iprice.hk: did not receive HSTS header
+iprice.my: did not receive HSTS header
+iprice.ph: did not receive HSTS header
+iprice.sg: did not receive HSTS header
+iprice.vn: did not receive HSTS header
+ipricethailand.com: did not receive HSTS header
+iprody.com: max-age too low: 7889238
+iptel.ro: could not connect to host
+ipuservicedesign.com: could not connect to host
+ipv6.watch: did not receive HSTS header
+ipv6cloud.club: could not connect to host
+ipv6only.network: could not connect to host
+ipvsec.nl: could not connect to host
+iqcn.co: could not connect to host
+iqualtech.com: max-age too low: 7889238
+ir-saitama.com: could not connect to host
+iranianlawschool.com: could not connect to host
+iraqidinar.org: did not receive HSTS header
+irazimina.ru: did not receive HSTS header
+irccloud.com: did not receive HSTS header
+irelandesign.com: could not connect to host
+irinkeby.nu: could not connect to host
+irland.guide: could not connect to host
+irmtrudjurke.de: did not receive HSTS header
+irugs.ch: did not receive HSTS header
+irugs.co.uk: did not receive HSTS header
+irugs.com.sg: did not receive HSTS header
+irukandjilabs.com: could not connect to host
+irvinepa.org: max-age too low: 10540800
+is-a-furry.org: did not receive HSTS header
+isabellehogarth.co.uk: could not connect to host
+isamiok.com: could not connect to host
+ischool.co.jp: did not receive HSTS header
+isdf.me: could not connect to host
+isef-eg.com: did not receive HSTS header
+iseulde.com: did not receive HSTS header
+ishadowsocks.ltd: could not connect to host
+ishangirdhar.com: could not connect to host
+ishillaryclintoninprisonyet.com: could not connect to host
+isitamor.pm: could not connect to host
+iskai.net: did not receive HSTS header
+iskaz.rs: did not receive HSTS header
+islandzero.net: did not receive HSTS header
+islief.com: did not receive HSTS header
+ismetroonfiretoday.com: could not connect to host
+isoface33.fr: did not receive HSTS header
+isogen5.com: could not connect to host
+isogram.nl: could not connect to host
+istanbul.systems: did not receive HSTS header
+istanbultravelguide.info: could not connect to host
+istaspirtslietas.lv: did not receive HSTS header
+isz.no: could not connect to host
+it-cave.com: could not connect to host
+it-go.net: did not receive HSTS header
+it-schwerin.de: could not connect to host
+itad.top: could not connect to host
+itechgeek.com: max-age too low: 0
+items.lv: did not receive HSTS header
+itemton.com: could not connect to host
+itfaq.nl: did not receive HSTS header
+ithakama.com: did not receive HSTS header
+ithakama.cz: did not receive HSTS header
+itinsight.hu: did not receive HSTS header
+itos.asia: did not receive HSTS header
+itos.pl: did not receive HSTS header
+itpol.dk: did not receive HSTS header
+itpro-mg.de: could not connect to host
+itproject.guru: did not receive HSTS header
+itrack.in.th: did not receive HSTS header
+itriskltd.com: did not receive HSTS header
+its-schindler.de: could not connect to host
+itsadog.co.uk: did not receive HSTS header
+itsagadget.com: did not receive HSTS header
+itsamurai.ru: max-age too low: 2592000
+itsatrap.nl: could not connect to host
+itsecurityassurance.pw: could not connect to host
+itsg-faq.de: could not connect to host
+itshost.ru: could not connect to host
+itspawned.com: max-age too low: 200
+itu2015.de: could not connect to host
+ius.io: did not receive HSTS header
+iuscommunity.org: did not receive HSTS header
+ivanilla.org: could not connect to host
+ivanpolchenko.com: could not connect to host
+ivi-co.com: max-age too low: 0
+ivi-fertility.com: max-age too low: 0
+ivi.es: max-age too low: 0
+ivk.website: could not connect to host
+ivklombard.ru: did not receive HSTS header
+iwannarefill.com: could not connect to host
+iwilcox.me.uk: could not connect to host
+iwpbk.com: could not connect to host
+ix8.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+ixec2.tk: could not connect to host
+ixh.me: did not receive HSTS header
+izdiwho.com: could not connect to host
+izolight.ch: could not connect to host
+izoox.com: did not receive HSTS header
+izzzorgconcerten.nl: could not connect to host
+j-lsolutions.com: could not connect to host
+j-rickroll-a.pw: could not connect to host
+j0ng.xyz: could not connect to host
+ja-publications.com: did not receive HSTS header
+jaan.su: could not connect to host
+jackalworks.com: could not connect to host
+jackdoan.com: did not receive HSTS header
+jackfahnestock.com: could not connect to host
+jacobdevans.com: could not connect to host
+jacobparry.ca: did not receive HSTS header
+jacobsenarquitetura.com: max-age too low: 5184000
+jagido.de: did not receive HSTS header
+jahliveradio.com: could not connect to host
+jaimechanaga.com: could not connect to host
+jaion.ml: could not connect to host
+jakerullman.com: could not connect to host
+jakincode.army: could not connect to host
+jaksel.id: could not connect to host
+jamanji.com.ng: could not connect to host
+james-parker.com: did not receive HSTS header
+james.je: could not connect to host
+jamesandanneke.com: did not receive HSTS header
+jamesandpame.la: could not connect to host
+jamesburton.london: could not connect to host
+jamesbywater.co.uk: could not connect to host
+jamesbywater.com: could not connect to host
+jamesbywater.me: could not connect to host
+jamesbywater.me.uk: could not connect to host
+jamesbywater.uk: could not connect to host
+jamesconroyfinn.com: did not receive HSTS header
+jamescostian.com: did not receive HSTS header
+jamesdoell.com: could not connect to host
+jamesdoylephoto.com: did not receive HSTS header
+jamesf.xyz: could not connect to host
+jamesforman.co.nz: did not receive HSTS header
+jameshale.me: did not receive HSTS header
+jamesheald.com: could not connect to host
+jamesmaurer.com: did not receive HSTS header
+jami.am: did not receive HSTS header
+jamourtney.com: could not connect to host
+jan-and-maaret.de: could not connect to host
+jan-cermak.cz: did not receive HSTS header
+jan-daniels.de: did not receive HSTS header
+jan-roenspies.de: could not connect to host
+jan27.org: did not receive HSTS header
+janario.me: could not connect to host
+janbrodda.de: max-age too low: 2592000
+jangho.me: could not connect to host
+janking.de: did not receive HSTS header
+jannyrijneveld.nl: did not receive HSTS header
+janssen.fm: could not connect to host
+janus-engineering.de: did not receive HSTS header
+japaripark.com: could not connect to host
+japlex.com: could not connect to host
+jaqen.ch: could not connect to host
+jardins-utopie.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+jaredbates.net: did not receive HSTS header
+jaredfraser.com: could not connect to host
+jarivisual.com: did not receive HSTS header
+jarnail.ca: did not receive HSTS header
+jaroslavtrsek.cz: did not receive HSTS header
+jarsater.com: could not connect to host
+jartza.org: could not connect to host
+jasmineconseil.com: did not receive HSTS header
+jasoncosper.com: did not receive HSTS header
+jasonrobinson.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+jasonroe.me: could not connect to host
+jasperespejo.com: could not connect to host
+jastoria.pl: did not receive HSTS header
+jav-collective.com: could not connect to host
+java-board.com: could not connect to host
+javachip.win: could not connect to host
+javan.ga: could not connect to host
+javascriptlab.fr: could not connect to host
+javelinsms.com: could not connect to host
+javilacat.info: could not connect to host
+jayblock.com: did not receive HSTS header
+jaylen.com.ar: did not receive HSTS header
+jayna.design: did not receive HSTS header
+jayschulman.com: did not receive HSTS header
+jayscoaching.com: could not connect to host
+jayshao.com: did not receive HSTS header
+jballelectronics.com: did not receive HSTS header
+jbelien.be: did not receive HSTS header
+jbelien.photography: did not receive HSTS header
+jbfp.dk: did not receive HSTS header
+jbj.co.uk: did not receive HSTS header
+jbn.mx: could not connect to host
+jbrowndesign.me: did not receive HSTS header
+jccars-occasions.be: could not connect to host
+jcch.de: could not connect to host
+jccrew.org: could not connect to host
+jcf-office.com: did not receive HSTS header
+jcor.me: did not receive HSTS header
+jcoscia.com: could not connect to host
+jcraft.us: could not connect to host
+jctf.io: could not connect to host
+jdav-leipzig.de: could not connect to host
+jebengotai.com: did not receive HSTS header
+jecho.cn: did not receive HSTS header
+jeff393.com: could not connect to host
+jeffersonregan.org: could not connect to host
+jeffreymagee.com: could not connect to host
+jeil-makes.co.kr: could not connect to host
+jellow.nl: did not receive HSTS header
+jenjoit.de: could not connect to host
+jennifercherniack.com: did not receive HSTS header
+jens-prangenberg.de: did not receive HSTS header
+jens.hk: could not connect to host
+jensenbanden.no: could not connect to host
+jeremyc.ca: could not connect to host
+jeremye77.com: did not receive HSTS header
+jeroenseegers.com: could not connect to host
+jesorsenville.com: did not receive HSTS header
+jessicabenedictus.nl: could not connect to host
+jessicah.org: could not connect to host
+jesuisformidable.nl: could not connect to host
+jet-code.com: could not connect to host
+jetaprices.com: max-age too low: 0
+jetflex.de: did not receive HSTS header
+jetlagphotography.com: could not connect to host
+jeton.com: did not receive HSTS header
+jetsetcharge.com: could not connect to host
+jetsetpay.com: could not connect to host
+jettlarue.com: could not connect to host
+jettshome.org: could not connect to host
+jewellerydesignstore.com: could not connect to host
+jfmel.com: did not receive HSTS header
+jfnllc.com: did not receive HSTS header
+jfx.space: did not receive HSTS header
+jh-media.eu: could not connect to host
+jhburton.co.uk: could not connect to host
+jhburton.uk: could not connect to host
+jhejderup.me: could not connect to host
+jia1hao.com: could not connect to host
+jiaidu.com: could not connect to host
+jiangzequn.com: could not connect to host
+jiangzm.com: could not connect to host
+jianjiantv.com: did not receive HSTS header
+jiaqiang.vip: could not connect to host
+jichi.me: could not connect to host
+jief.me: did not receive HSTS header
+jikken.de: could not connect to host
+jimas.eu: did not receive HSTS header
+jimenacocina.com: did not receive HSTS header
+jimgao.tk: did not receive HSTS header
+jimmehcai.com: could not connect to host
+jimmycai.org: could not connect to host
+jingyuesi.com: could not connect to host
+jinmaguoji.com: did not receive HSTS header
+jinshavip.com: did not receive HSTS header
+jirav.io: could not connect to host
+jisaku-homepage.com: did not receive HSTS header
+jitsi.org: did not receive HSTS header
+jiyue.com: did not receive HSTS header
+jjf.org.au: did not receive HSTS header
+jka.io: did not receive HSTS header
+jkb.pics: could not connect to host
+jkbuster.com: could not connect to host
+jko.works: could not connect to host
+jm06.com: did not receive HSTS header
+jm22.com: did not receive HSTS header
+jmbelloteau.com: did not receive HSTS header
+jmdekker.it: could not connect to host
+jmoreau.ddns.net: could not connect to host
+jn1.me: did not receive HSTS header
+joakimalgroy.com: could not connect to host
+jobflyapp.com: could not connect to host
+jobmedic.com: could not connect to host
+jobshq.com: did not receive HSTS header
+jobss.co.uk: did not receive HSTS header
+joecod.es: could not connect to host
+joelgonewild.com: did not receive HSTS header
+joetyson.io: could not connect to host
+johannes-sprink.de: could not connect to host
+johnbrownphotography.ch: did not receive HSTS header
+johncardell.com: did not receive HSTS header
+johners.me: could not connect to host
+johngaltgroup.com: did not receive HSTS header
+johngo.tk: could not connect to host
+johnhgaunt.com: did not receive HSTS header
+johnmcgovern.com: max-age too low: 43200
+johnrom.com: did not receive HSTS header
+johnverkerk.com: could not connect to host
+jointoweb.com: could not connect to host
+jonas-keidel.de: did not receive HSTS header
+jonasgroth.se: did not receive HSTS header
+jonathan.ir: could not connect to host
+jonathanreyes.com: did not receive HSTS header
+jonathansanchez.pro: could not connect to host
+jongha.me: could not connect to host
+jonn.me: could not connect to host
+jonnichols.info: did not receive HSTS header
+jonsno.ws: could not connect to host
+joostbovee.nl: could not connect to host
+jooto.com: could not connect to host
+jordanhamilton.me: could not connect to host
+jordanstrustcompany.cn: could not connect to host
+jordanstrustcompany.ru: could not connect to host
+jordikroon.nl: did not receive HSTS header
+joretapo.fr: could not connect to host
+jorgemesa.me: could not connect to host
+josahrens.me: could not connect to host
+josecage.com: could not connect to host
+joshi.su: could not connect to host
+joshplant.co.uk: did not receive HSTS header
+joshstroup.me: could not connect to host
+jotpics.com: could not connect to host
+jottit.com: could not connect to host
+joyceclerkx.com: could not connect to host
+joyjohnston.ca: did not receive HSTS header
+joyqi.com: did not receive HSTS header
+jpaglier.com: could not connect to host
+jpbike.cz: did not receive HSTS header
+jpeaches.xyz: could not connect to host
+jptun.com: could not connect to host
+jrgold.me: could not connect to host
+jrmd.io: could not connect to host
+jrvar.com: could not connect to host
+js88.sg: could not connect to host
+jsanders.us: did not receive HSTS header
+jsbentertainment.nl: did not receive HSTS header
+jsc7776.com: could not connect to host
+jsg-technologies.de: did not receive HSTS header
+jsjyhzy.cc: could not connect to host
+jualautoclave.com: did not receive HSTS header
+jualssh.com: could not connect to host
+juandesouza.com: did not receive HSTS header
+judosaintdenis.fr: did not receive HSTS header
+juka.pp.ua: did not receive HSTS header
+juliamweber.de: could not connect to host
+julian-kipka.de: did not receive HSTS header
+julian-witusch.de: could not connect to host
+juliaoantiguidades.com.br: could not connect to host
+juliawebber.co.za: could not connect to host
+julido.de: did not receive HSTS header
+jumbopan.com: could not connect to host
+jumbopan.net: could not connect to host
+jumbox.xyz: could not connect to host
+jumbster.com: max-age too low: 2592000
+jumping-duck.com: could not connect to host
+junaos.com: did not receive HSTS header
+junaos.xyz: did not receive HSTS header
+jundimax.com.br: could not connect to host
+junge-selbsthilfe.info: could not connect to host
+junglegoat.xyz: did not receive HSTS header
+junjung.me: could not connect to host
+junqtion.com: could not connect to host
+jupp0r.de: did not receive HSTS header
+juristas.com.br: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+just-pools.co.za: could not connect to host
+justiceforfathers.com: could not connect to host
+justinharrison.ca: could not connect to host
+justinlemay.com: could not connect to host
+justlikethat.hosting: did not receive HSTS header
+justmy.website: did not receive HSTS header
+justnaw.co.uk: could not connect to host
+justudin.com: did not receive HSTS header
+justwood.cz: did not receive HSTS header
+justzz.xyz: could not connect to host
+jutella.de: did not receive HSTS header
+juvenex.co: could not connect to host
+juventusmania1897.com: could not connect to host
+juwairen.cn: could not connect to host
+jvoice.net: could not connect to host
+jwilsson.me: could not connect to host
+jxm.in: could not connect to host
+jym.fit: did not receive HSTS header
+jysperm.me: did not receive HSTS header
+jznet.org: could not connect to host
+k-dev.de: could not connect to host
+k-rickroll-g.pw: could not connect to host
+k-wallet.com: did not receive HSTS header
+k1cp.com: could not connect to host
+k33k00.com: could not connect to host
+k3nny.fr: did not receive HSTS header
+ka-clan.com: could not connect to host
+kaasbijwijn.nl: could not connect to host
+kaashosting.nl: did not receive HSTS header
+kabinapp.com: could not connect to host
+kabuabc.com: could not connect to host
+kackscharf.de: could not connect to host
+kadioglumakina.com.tr: did not receive HSTS header
+kaela.design: could not connect to host
+kahopoon.net: could not connect to host
+kaibol.com: could not connect to host
+kaika-facilitymanagement.de: could not connect to host
+kaisers.de: did not receive HSTS header
+kaiyuewu.com: could not connect to host
+kaketalk.com: did not receive HSTS header
+kalami.nl: could not connect to host
+kaleidomarketing.com: did not receive HSTS header
+kaloix.de: could not connect to host
+kambodja.guide: could not connect to host
+kamcvicit.sk: could not connect to host
+kamikano.com: could not connect to host
+kamitech.ch: could not connect to host
+kanaanonline.org: max-age too low: 86400
+kanada.guide: could not connect to host
+kaneo-gmbh.de: did not receive HSTS header
+kanganer.com: could not connect to host
+kangzaber.com: could not connect to host
+kaniklani.co.za: could not connect to host
+kanscooking.org: could not connect to host
+kany.me: did not receive HSTS header
+kanzlei-wirtschaftsrecht.berlin: max-age too low: 600000
+kaohub.com: could not connect to host
+kaplatz.is: could not connect to host
+kapo.info: could not connect to host
+kapucini.si: max-age too low: 0
+kaputt.com: did not receive HSTS header
+kapverde.guide: could not connect to host
+karamna.com: could not connect to host
+karanlyons.com: could not connect to host
+karaoketonight.com: could not connect to host
+karenledger.ca: could not connect to host
+karlic.net: could not connect to host
+karloskontana.tk: could not connect to host
+karsofsystems.com: could not connect to host
+karting34.com: did not receive HSTS header
+karuneshjohri.com: could not connect to host
+kashdash.ca: could not connect to host
+katalogakci.cz: did not receive HSTS header
+katiaetdavid.fr: could not connect to host
+katoju.co.jp: could not connect to host
+katproxy.al: could not connect to host
+katproxy.online: could not connect to host
+katproxy.site: could not connect to host
+katproxy.tech: could not connect to host
+katproxy.top: did not receive HSTS header
+katrinjanke.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+katyusha.net: did not receive HSTS header
+katzen.me: could not connect to host
+kaufkraftkiel.de: could not connect to host
+kauplusprofesional.com: did not receive HSTS header
+kausch.at: could not connect to host
+kavinvin.me: could not connect to host
+kawaii.io: could not connect to host
+kawaiiku.com: could not connect to host
+kawaiiku.de: could not connect to host
+kcluster.io: could not connect to host
+kd-plus.pp.ua: could not connect to host
+kdata.it: did not receive HSTS header
+kdbx.online: could not connect to host
+kdm-online.de: did not receive HSTS header
+keeley.gq: could not connect to host
+keeley.ml: could not connect to host
+keeleysam.me: could not connect to host
+keepaa.com: could not connect to host
+keepassa.co: could not connect to host
+keepclean.me: could not connect to host
+keepcoalintheground.org: could not connect to host
+keepflow.io: could not connect to host
+kefaloniatoday.com: did not receive HSTS header
+kelm.me: could not connect to host
+kenkoelectric.com: did not receive HSTS header
+kentacademiestrust.org.uk: did not receive HSTS header
+kenvix.com: could not connect to host
+kenyons.info: could not connect to host
+kepkonyvtar.hu: could not connect to host
+kerangalam.com: did not receive HSTS header
+kerksanders.nl: did not receive HSTS header
+kermadec.blog: could not connect to host
+kermadec.net: did not receive HSTS header
+kernl.us: did not receive HSTS header
+keskeces.com: did not receive HSTS header
+kevinbowers.me: could not connect to host
+kevindekoninck.com: could not connect to host
+keymaster.lookout.com: did not receive HSTS header
+keyserver.sexy: could not connect to host
+kfbrussels.be: could not connect to host
+kg-rating.com: could not connect to host
+kgb.us: could not connect to host
+kgm-irm.be: could not connect to host
+kgxtech.com: max-age too low: 2592000
+khaganat.net: did not receive HSTS header
+ki-on.net: did not receive HSTS header
+kialo.com: did not receive HSTS header
+kickass-proxies.org: could not connect to host
+kickass.al: could not connect to host
+kickasstorrents.gq: did not receive HSTS header
+kickstart.com.pk: did not receive HSTS header
+kid-dachau.de: did not receive HSTS header
+kidbacker.com: could not connect to host
+kidkat.cn: could not connect to host
+kids2day.in: did not receive HSTS header
+kiedys.net: could not connect to host
+kiel-media.de: did not receive HSTS header
+kieranjones.uk: did not receive HSTS header
+kieranweightman.me: could not connect to host
+kievradio.com: could not connect to host
+kimana.pe: could not connect to host
+kimberg.co.uk: did not receive HSTS header
+kimpost.org: could not connect to host
+kina.guide: could not connect to host
+kinderly.co.uk: did not receive HSTS header
+kinderwagen-test24.de: could not connect to host
+kindlyfire.com: could not connect to host
+kindof.ninja: could not connect to host
+kinepolis-studio.ga: could not connect to host
+kingbird.me: could not connect to host
+kingclass.cn: could not connect to host
+kingmanhall.org: could not connect to host
+kingopen.cn: max-age too low: 0
+kinkdr.com: could not connect to host
+kinniyaonlus.com: could not connect to host
+kinnon.enterprises: could not connect to host
+kintoandar.com: max-age too low: 0
+kintrip.com: did not receive HSTS header
+kionetworks.com: did not receive HSTS header
+kipin.fr: did not receive HSTS header
+kipira.com: could not connect to host
+kirainmoe.com: max-age too low: 233000
+kirara.eu: could not connect to host
+kirill.ws: could not connect to host
+kirkforcongress.com: could not connect to host
+kirkforsenate.com: could not connect to host
+kirkpatrickdavis.com: could not connect to host
+kisa.io: could not connect to host
+kisalt.im: did not receive HSTS header
+kiss-register.org: did not receive HSTS header
+kissart.net: could not connect to host
+kisstyle.ru: did not receive HSTS header
+kisun.co.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kita.id: did not receive HSTS header
+kitabgaul.com: did not receive HSTS header
+kitakemon.com: could not connect to host
+kitashop.com.br: did not receive HSTS header
+kitatec.com.br: could not connect to host
+kitchen-profi.kz: could not connect to host
+kitchenaccessories.pro: did not receive HSTS header
+kitchenchaos.de: could not connect to host
+kitchenpunx.com: could not connect to host
+kitestar.co.uk: did not receive HSTS header
+kitk.at: could not connect to host
+kitsostech.com: could not connect to host
+kitsta.com: could not connect to host
+kiwiirc.com: max-age too low: 5256000
+kiyo.space: could not connect to host
+kizil.net: could not connect to host
+kj1391.com: did not receive HSTS header
+kj1396.net: could not connect to host
+kj1397.com: did not receive HSTS header
+kjaermaxi.me: did not receive HSTS header
+kjchernov.info: could not connect to host
+kjg-bachrain.de: could not connect to host
+kjoglum.me: could not connect to host
+klas.or.id: did not receive HSTS header
+klauwd.com: could not connect to host
+klaxn.org: could not connect to host
+klean-ritekc.com: did not receive HSTS header
+kleertjesvoordelig.nl: could not connect to host
+kleinblogje.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kleinerarchitekturfuehrer.de: could not connect to host
+klempnershop.eu: did not receive HSTS header
+kleppe.co: could not connect to host
+kletterkater.com: did not receive HSTS header
+klicktojob.de: could not connect to host
+klingeletest.de: could not connect to host
+kloentrup.de: did not receive HSTS header
+klunkergarten.org: could not connect to host
+knapen.io: max-age too low: 604800
+knccloud.com: could not connect to host
+knigadel.com: did not receive HSTS header
+knightsbridgegroup.org: could not connect to host
+knightsweep.com: could not connect to host
+knowdebt.org: did not receive HSTS header
+knowledgesnap.com: could not connect to host
+knowledgesnapsites.com: could not connect to host
+knownsec.cf: could not connect to host
+kodakit.com: max-age too low: 0
+koddsson.com: did not receive HSTS header
+kodexplorer.ml: could not connect to host
+kodiaklabs.org: could not connect to host
+kodokushi.fr: could not connect to host
+koen.io: max-age too low: 86400
+koenrouwhorst.nl: did not receive HSTS header
+koenvdheuvel.me: did not receive HSTS header
+koerperimpuls.ch: did not receive HSTS header
+koez-mangal.ch: could not connect to host
+koezmangal.ch: could not connect to host
+koik.io: could not connect to host
+kojima-life.co.jp: max-age too low: 0
+kojipkgs.fedoraproject.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kokenmetaanbiedingen.nl: could not connect to host
+kola-entertainments.de: did not receive HSTS header
+kolaykaydet.com: did not receive HSTS header
+kollawat.me: could not connect to host
+kolozsvaricsuhe.hu: did not receive HSTS header
+komikito.com: could not connect to host
+komiksbaza.pl: could not connect to host
+kompetenzwerft.de: did not receive HSTS header
+konata.us: could not connect to host
+kongbaofang.com: could not connect to host
+konicaprinterdriver.com: could not connect to host
+kontaxis.network: could not connect to host
+konventseliten.se: could not connect to host
+koop-bremen.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+koopjesnel.nl: did not receive HSTS header
+koordinate.net: could not connect to host
+kori.ml: did not receive HSTS header
+koriyoukai.net: did not receive HSTS header
+kornersafe.com: did not receive HSTS header
+korni22.org: did not receive HSTS header
+korsanparti.org: could not connect to host
+kostuumstore.nl: could not connect to host
+kotois.com: could not connect to host
+kotonehoko.net: could not connect to host
+kotorimusic.ga: could not connect to host
+kotovstyle.ru: could not connect to host
+koukni.cz: did not receive HSTS header
+kourpe.online: could not connect to host
+kousaku.jp: did not receive HSTS header
+kozmik.co: could not connect to host
+kpdyer.com: did not receive HSTS header
+kprog.net: could not connect to host
+kraftfleisch.de: did not receive HSTS header
+kraigwalker.com: could not connect to host
+kralik.xyz: could not connect to host
+krampus-fischamend.at: could not connect to host
+kravelindo-adventure.com: could not connect to host
+krayx.com: max-age too low: 0
+kream.io: did not receive HSTS header
+kreavis.com: did not receive HSTS header
+kreb.io: could not connect to host
+kredietpaspoort.nl: did not receive HSTS header
+kredite.sale: could not connect to host
+krestanskydarek.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kriegt.es: did not receive HSTS header
+kriptosec.com: could not connect to host
+kristjanrang.eu: did not receive HSTS header
+kristofferkoch.com: could not connect to host
+krizevackapajdasija.hr: could not connect to host
+krmela.com: did not receive HSTS header
+kroetenfuchs.de: could not connect to host
+kroodle.nl: did not receive HSTS header
+krouzkyliduska.cz: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kruegerrand-wert.de: did not receive HSTS header
+krunut.com: did not receive HSTS header
+krypteia.org: could not connect to host
+kryptomech.com: could not connect to host
+ksero.center: could not connect to host
+ksfh-mail.de: could not connect to host
+kstan.me: could not connect to host
+ksukelife.com: did not receive HSTS header
+kswriter.com: could not connect to host
+kteen.info: could not connect to host
+ktube.yt: could not connect to host
+kuba.guide: could not connect to host
+kubusadvocaten.nl: could not connect to host
+kucom.it: could not connect to host
+kudo.co.id: did not receive HSTS header
+kuechenplan.online: could not connect to host
+kueulangtahunanak.net: could not connect to host
+kuko-crews.org: could not connect to host
+kultmobil.se: did not receive HSTS header
+kum.com: could not connect to host
+kummerlaender.eu: did not receive HSTS header
+kupelne-ptacek.sk: did not receive HSTS header
+kuppingercole.com: did not receive HSTS header
+kura.io: could not connect to host
+kurehun.org: could not connect to host
+kuro346.moe: could not connect to host
+kurtmclester.com: did not receive HSTS header
+kurz.pw: could not connect to host
+kurzonline.com.br: could not connect to host
+kvt.berlin: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+kweddingplanning.com: did not receive HSTS header
+kwikmed.eu: could not connect to host
+kwok.tv: did not receive HSTS header
+kwondratsch.com: could not connect to host
+kxind.cn: could not connect to host
+kyanite.co: could not connect to host
+kylapps.com: did not receive HSTS header
+kyle.place: could not connect to host
+kylebaldw.in: could not connect to host
+kylling.io: could not connect to host
+kyochon.fr: could not connect to host
+kyujin-office.net: could not connect to host
+kzjnet.com: could not connect to host
+l-rickroll-i.pw: could not connect to host
+l18.io: could not connect to host
+l2guru.ru: could not connect to host
+la-flora-negra.de: could not connect to host
+la-grande-jaugue.fr: did not receive HSTS header
+la-retraite-info.com: did not receive HSTS header
+la-serendipite.fr: did not receive HSTS header
+labaia.info: could not connect to host
+labella-umbrella.com: did not receive HSTS header
+labina.com.tr: did not receive HSTS header
+laboiteapc.fr: did not receive HSTS header
+labordata.io: could not connect to host
+laborie.io: could not connect to host
+laboutiquemarocaineduconvoyeur.com: could not connect to host
+laboutiquemarocaineduconvoyeur.ma: could not connect to host
+labrador-retrievers.com.au: did not receive HSTS header
+labrasaq8.com: did not receive HSTS header
+labs.directory: could not connect to host
+labs.moscow: did not receive HSTS header
+lacarpesaintaubinoise.fr: did not receive HSTS header
+lacasa.fr: could not connect to host
+lacasseroy.com: could not connect to host
+lacaverne.nl: could not connect to host
+lacentral.com: did not receive HSTS header
+lachlankidson.net: did not receive HSTS header
+lacledeslan.ninja: could not connect to host
+lacocinadelila.com: did not receive HSTS header
+ladylikeit.com: could not connect to host
+ladylucks.co.uk: did not receive HSTS header
+laemen.com: did not receive HSTS header
+laemen.nl: could not connect to host
+laf.in.net: could not connect to host
+lafr4nc3.xyz: could not connect to host
+lagalerievirtuelle.fr: did not receive HSTS header
+lagier.xyz: could not connect to host
+lagoza.name: could not connect to host
+lainchan.org: did not receive HSTS header
+laisashop.com.br: could not connect to host
+lakarwebb.se: did not receive HSTS header
+lakewoodcomputerservices.com: could not connect to host
+lamaland.ru: did not receive HSTS header
+lambda-complex.org: could not connect to host
+lambdafive.co.uk: could not connect to host
+lamboo.be: could not connect to host
+lamomebijou.paris: did not receive HSTS header
+lampl.info: did not receive HSTS header
+lanauzedesigns.com: did not receive HSTS header
+lanboll.com: could not connect to host
+lancehoteis.com: did not receive HSTS header
+lancehoteis.com.br: did not receive HSTS header
+land-links.org: did not receive HSTS header
+landbetweenthelakes.us: did not receive HSTS header
+landell.ml: could not connect to host
+landgoedverkopen.nl: could not connect to host
+landhuisverkopen.nl: could not connect to host
+landscape.canonical.com: max-age too low: 2592000
+landscapingmedic.com: did not receive HSTS header
+langenbach.rocks: could not connect to host
+langendries.eu: could not connect to host
+langhun.me: did not receive HSTS header
+laniakean.com: could not connect to host
+lanonfire.com: could not connect to host
+lanseyujie.com: max-age too low: 2592000
+lansinoh.co.uk: did not receive HSTS header
+lanzainc.xyz: did not receive HSTS header
+laobox.fr: could not connect to host
+laplaceduvillage.net: could not connect to host
+laquack.com: could not connect to host
+laredsemanario.com: could not connect to host
+lasepiataca.com: did not receive HSTS header
+lasercloud.ml: could not connect to host
+laserfuchs.de: did not receive HSTS header
+lashstuff.com: did not receive HSTS header
+latelierdekathy.com: could not connect to host
+latg.com: max-age too low: 300
+lathamlabs.com: could not connect to host
+lathamlabs.net: could not connect to host
+lathamlabs.org: could not connect to host
+latinred.com: could not connect to host
+latus.xyz: could not connect to host
+launchkey.com: did not receive HSTS header
+laurel4th.org: did not receive HSTS header
+laureltv.org: did not receive HSTS header
+lausitzer-widerstand.de: did not receive HSTS header
+lavapot.com: could not connect to host
+laventainnhotel-mailing.com: could not connect to host
+lavine.ch: did not receive HSTS header
+lavito.cz: could not connect to host
+lavoiepharmd.com: could not connect to host
+lawly.org: could not connect to host
+laxatus.com: could not connect to host
+laxiongames.es: could not connect to host
+layer8.tk: could not connect to host
+lazulu.com: could not connect to host
+lbarrios.es: could not connect to host
+lbrls.tk: could not connect to host
+lbrt.xyz: could not connect to host
+lcti.biz: could not connect to host
+ldarby.me.uk: could not connect to host
+ldcraft.pw: could not connect to host
+leadbook.ru: max-age too low: 604800
+leadership9.com: could not connect to host
+leardev.de: did not receive HSTS header
+learnedovo.com: did not receive HSTS header
+learnfrenchfluently.com: could not connect to host
+learningorder.com: could not connect to host
+lebal.se: could not connect to host
+lebrun.org: could not connect to host
+lecourtier.fr: did not receive HSTS header
+leddruckalarm.de: did not receive HSTS header
+ledgerscope.net: could not connect to host
+leebiblestudycentre.net: could not connect to host
+leebiblestudycentre.org: could not connect to host
+leefindlow.com: could not connect to host
+leen.io: did not receive HSTS header
+legal.farm: could not connect to host
+legarage.org: could not connect to host
+legavenue.com.br: did not receive HSTS header
+legioniv.org: could not connect to host
+legitaxi.com: could not connect to host
+legymnase.eu: did not receive HSTS header
+lehtinen.xyz: did not receive HSTS header
+leighneithardt.com: could not connect to host
+leinir.dk: did not receive HSTS header
+leitner.com.au: did not receive HSTS header
+leiyun.me: did not receive HSTS header
+lellyboi.ml: could not connect to host
+lelongbank.com: did not receive HSTS header
+lemp.io: did not receive HSTS header
+lenders.direct: could not connect to host
+lenn1.de: did not receive HSTS header
+lennarth.com: could not connect to host
+lennartheinrich.de: could not connect to host
+lenovogaming.com: could not connect to host
+lentri.com: did not receive HSTS header
+leob.in: could not connect to host
+leolana.com: could not connect to host
+leon-jaekel.com: could not connect to host
+leonardcamacho.me: could not connect to host
+leonhooijer.nl: could not connect to host
+leonmahler.consulting: did not receive HSTS header
+leopold.email: could not connect to host
+leopotamgroup.com: could not connect to host
+leovanna.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+lepont.pl: could not connect to host
+leppis-it.de: did not receive HSTS header
+lerasenglish.com: max-age too low: 0
+lerlivros.online: could not connect to host
+lerner.moscow: did not receive HSTS header
+les-corsaires.net: could not connect to host
+les-voitures-electriques.com: did not receive HSTS header
+lescomptoirsdepierrot.com: could not connect to host
+lesdouceursdeliyana.com: could not connect to host
+lesecuadors.com: did not receive HSTS header
+lesharris.com: could not connect to host
+lesliekearney.com: did not receive HSTS header
+lesperlesdunet.fr: could not connect to host
+lesquerda.cat: did not receive HSTS header
+lessets-graphiques.com: could not connect to host
+letitfly.me: did not receive HSTS header
+letras.mus.br: did not receive HSTS header
+letsmultiplayerplay.com: did not receive HSTS header
+letstox.com: could not connect to host
+letustravel.tk: could not connect to host
+levatc.tk: did not receive HSTS header
+level-10.net: did not receive HSTS header
+levelcheat.com: did not receive HSTS header
+levelum.com: did not receive HSTS header
+leveredge.net: could not connect to host
+levert.ch: could not connect to host
+lewisjuggins.co.uk: did not receive HSTS header
+lexpierce.social: could not connect to host
+lez-cuties.com: could not connect to host
+lezdomsm.com: could not connect to host
+lfaz.org: could not connect to host
+lfullerdesign.com: could not connect to host
+lg21.co: could not connect to host
+lgiswa.com.au: did not receive HSTS header
+lgrs.com.au: did not receive HSTS header
+lgts.se: could not connect to host
+lheinrich.org: could not connect to host
+lhsj28.com: could not connect to host
+lhsj68.com: could not connect to host
+lhsj78.com: could not connect to host
+liaillustr.at: did not receive HSTS header
+liam-w.com: did not receive HSTS header
+liamjack.fr: could not connect to host
+lianye.in: could not connect to host
+lianyexiuchang.in: could not connect to host
+liaoshuma.com: could not connect to host
+liautard.fr: could not connect to host
+libanco.com: could not connect to host
+libertas-tech.com: could not connect to host
+libertyrp.org: did not receive HSTS header
+libfte.org: did not receive HSTS header
+libnull.com: could not connect to host
+library.linode.com: did not receive HSTS header
+librechan.net: could not connect to host
+libreduca.com: could not connect to host
+lichess4545.com: did not receive HSTS header
+lichess4545.tv: did not receive HSTS header
+liebach.me: did not receive HSTS header
+liebestarot.at: did not receive HSTS header
+liemen.net: did not receive HSTS header
+life-time.nl: did not receive HSTS header
+lifecoach.tw: did not receive HSTS header
+lifecoachproviders.com: did not receive HSTS header
+lifeguard.aecom.com: did not receive HSTS header
+lifeinitsownway.com: could not connect to host
+lifeng.us: did not receive HSTS header
+lifeskillsdirect.com: did not receive HSTS header
+lifestyler.me: could not connect to host
+lifetimemoneymachine.com: did not receive HSTS header
+lightarmory.com: could not connect to host
+lightning-ashe.com: did not receive HSTS header
+lightnovelsekai.com: did not receive HSTS header
+lightpaste.com: could not connect to host
+lightworkerandempathsupport.com: max-age too low: 300
+lightworx.io: did not receive HSTS header
+likenosis.com: could not connect to host
+lila.pink: did not receive HSTS header
+lillepuu.com: did not receive HSTS header
+lillpopp.eu: did not receive HSTS header
+lilpwny.com: could not connect to host
+lilycms.com: could not connect to host
+lim-light.com: did not receive HSTS header
+limalama.eu: max-age too low: 1
+limeyeti.com: could not connect to host
+limiteddata.co.uk: did not receive HSTS header
+limodo-shop.de: did not receive HSTS header
+limpens.net: did not receive HSTS header
+limpido.it: could not connect to host
+lincolnwayflorist.com: could not connect to host
+lindberg.io: did not receive HSTS header
+lingerie.net.br: did not receive HSTS header
+lingerieonline.com.br: did not receive HSTS header
+lingolia.com: did not receive HSTS header
+lingros-test.tk: could not connect to host
+linguaquote.com: did not receive HSTS header
+linguatrip.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+linhaoyi.com: did not receive HSTS header
+link.ba: could not connect to host
+link2serve.com: did not receive HSTS header
+linkage.ph: did not receive HSTS header
+linkages.org: could not connect to host
+linksanitizer.com: could not connect to host
+linksextremist.at: could not connect to host
+linley.de: could not connect to host
+linmi.cc: did not receive HSTS header
+linno.me: could not connect to host
+linorman1997.me: could not connect to host
+linux-admin-california.com: could not connect to host
+linux-mint.cz: could not connect to host
+linux.sb: could not connect to host
+linuxandstuff.de: could not connect to host
+linuxcode.net: could not connect to host
+linuxeyecandy.com: could not connect to host
+linuxfixed.it: could not connect to host
+linuxforyou.com: could not connect to host
+linuxgeek.ro: could not connect to host
+linuxmint.cz: could not connect to host
+linuxmonitoring.net: did not receive HSTS header
+liquid.solutions: did not receive HSTS header
+liquidcomm.net: could not connect to host
+liquorsanthe.in: could not connect to host
+lisaco.de: could not connect to host
+lisbongold.com: did not receive HSTS header
+lisgade.dk: could not connect to host
+lisieuxarquitetura.com.br: could not connect to host
+lissabon.guide: could not connect to host
+listafirmelor.com: could not connect to host
+listage.ovh: did not receive HSTS header
+litespeed.io: could not connect to host
+little.pw: did not receive HSTS header
+littlefreelibrary.org: did not receive HSTS header
+littleqiu.net: could not connect to host
+littleservice.cn: could not connect to host
+liujunyang.com: did not receive HSTS header
+liukang.tech: could not connect to host
+livedemo.io: could not connect to host
+livej.am: could not connect to host
+liverewrite.com: could not connect to host
+liviababynet.com.br: could not connect to host
+livrariahugodesaovitor.com.br: did not receive HSTS header
+lixiang.one: could not connect to host
+lixingcong.com: could not connect to host
+lkp111138.me: could not connect to host
+llamasweet.tech: could not connect to host
+llvm.us: could not connect to host
+lmkts.com: max-age too low: 0
+loacg.com: did not receive HSTS header
+loadingdeck.com: did not receive HSTS header
+loadso.me: could not connect to host
+loafbox.com: could not connect to host
+loansonline.today: could not connect to host
+loanstreet.be: could not connect to host
+lobosdomain.no-ip.info: could not connect to host
+lobste.rs: did not receive HSTS header
+localchum.com: could not connect to host
+localdrive.me: could not connect to host
+localnetwork.nz: could not connect to host
+locker3.com: could not connect to host
+locksmithrandburg24-7.co.za: could not connect to host
+locktheirphone.com: could not connect to host
+lockyourcomputer.pw: did not receive HSTS header
+locomotive.ca: did not receive HSTS header
+locvis.ru: did not receive HSTS header
+loforo.com: did not receive HSTS header
+loftboard.eu: could not connect to host
+log2n.uk: could not connect to host
+logario.com.br: could not connect to host
+logcat.info: could not connect to host
+logic8.ml: could not connect to host
+logicaladvertising.com: could not connect to host
+logimagine.com: could not connect to host
+login.corp.google.com: max-age too low: 7776000 (error ignored - included regardless)
+login.persona.org: could not connect to host
+loginseite.com: could not connect to host
+logistify.com.mx: did not receive HSTS header
+lognot.net: could not connect to host
+logue.be: could not connect to host
+logymedia.com: could not connect to host
+loisircreatif.net: did not receive HSTS header
+lojadocristaozinho.com.br: did not receive HSTS header
+lojashowdecozinha.com.br: could not connect to host
+lojasviavento.com.br: could not connect to host
+lojavalcapelli.com.br: could not connect to host
+loli.bz: did not receive HSTS header
+lolicore.ch: could not connect to host
+lolidunno.com: could not connect to host
+london-transfers.com: did not receive HSTS header
+londoncalling.co: did not receive HSTS header
+londonlanguageexchange.com: could not connect to host
+lonerwolf.com: did not receive HSTS header
+longboarding-ulm.de: could not connect to host
+look-at-my.site: could not connect to host
+lookatmysco.re: did not receive HSTS header
+lookout.com: did not receive HSTS header
+looktothestars.org: did not receive HSTS header
+lookupclose.com: did not receive HSTS header
+lookzook.com: did not receive HSTS header
+loongsg.xyz: could not connect to host
+loothole.com: could not connect to host
+loqyu.co: could not connect to host
+lordjevington.co.uk: did not receive HSTS header
+losebellyfat.pro: could not connect to host
+lostg.com: did not receive HSTS header
+lostinsecurity.com: could not connect to host
+lostinweb.eu: could not connect to host
+lothai.re: did not receive HSTS header
+lothuytinhsi.com: could not connect to host
+lotos-ag.ch: did not receive HSTS header
+lotsencafe.de: did not receive HSTS header
+lotuscloud.org: could not connect to host
+louduniverse.net: did not receive HSTS header
+louiewatch.com: could not connect to host
+loveable.de: could not connect to host
+loveandloyalty.se: could not connect to host
+lovelifelovelive.com: could not connect to host
+lovelivewiki.com: did not receive HSTS header
+lovelyblogacademy.com: did not receive HSTS header
+lovelycorral.com: did not receive HSTS header
+lovelyfriends.org: did not receive HSTS header
+lovelytimes.net: did not receive HSTS header
+loveto.at: could not connect to host
+lovingearth.net: max-age too low: 0
+lowhangingfruitgrabber.com: could not connect to host
+lowt.us: could not connect to host
+lowtherpavilion.co.uk: did not receive HSTS header
+loxis.be: did not receive HSTS header
+loyaltech.ch: could not connect to host
+lpak.nl: could not connect to host
+lpgram.ga: could not connect to host
+lrhsclubs.com: could not connect to host
+lrhstsa.com: could not connect to host
+ls-a.org: did not receive HSTS header
+ls-reallife.de: did not receive HSTS header
+lsky.cn: could not connect to host
+lsp-sports.de: did not receive HSTS header
+ltbytes.com: could not connect to host
+ltechnologygroup.com: did not receive HSTS header
+ltransferts.com: could not connect to host
+ltu.social: could not connect to host
+lucas-garte.com: did not receive HSTS header
+lucascodes.com: could not connect to host
+lucaterzini.com: could not connect to host
+luclu7.pw: could not connect to host
+lucyparsonslabs.com: did not receive HSTS header
+ludwig.click: did not receive HSTS header
+lufthansaexperts.com: max-age too low: 2592000
+luis-checa.com: could not connect to host
+lukasunger.cz: could not connect to host
+lukasunger.net: could not connect to host
+lukaszdolan.com: did not receive HSTS header
+lukasztkacz.com: could not connect to host
+lukeng.me: could not connect to host
+lukonet.com: did not receive HSTS header
+luludapomerania.com: could not connect to host
+lumd.me: could not connect to host
+lumi.do: did not receive HSTS header
+lumi.pw: could not connect to host
+lunarift.com: could not connect to host
+lunarlog.com: could not connect to host
+lunarrift.net: could not connect to host
+luneta.nearbuysystems.com: could not connect to host
+luno.io: could not connect to host
+luody.info: could not connect to host
+luoe.ml: could not connect to host
+luom.net: could not connect to host
+luoxiao.im: could not connect to host
+luripump.se: could not connect to host
+lusis.fr: did not receive HSTS header
+lusis.net: did not receive HSTS header
+lustrumxi.nl: could not connect to host
+luther.fi: did not receive HSTS header
+luxinmo.com: did not receive HSTS header
+luxonetwork.com: could not connect to host
+luxus-russen.de: did not receive HSTS header
+luzeshomologadas.com.br: could not connect to host
+luzfaltex.com: did not receive HSTS header
+lvmoo.com: did not receive HSTS header
+lycly.top: could not connect to host
+lydia-und-simon.de: could not connect to host
+lydiagorstein.com: could not connect to host
+lymia.moe: could not connect to host
+lyonelkaufmann.ch: did not receive HSTS header
+lyuba.fr: could not connect to host
+lzahq.tech: did not receive HSTS header
+lzh.one: could not connect to host
+lzkill.com: did not receive HSTS header
+lzzr.me: did not receive HSTS header
+m-ali.xyz: did not receive HSTS header
+m-rickroll-v.pw: could not connect to host
+m.gparent.org: could not connect to host
+m.nu: did not receive HSTS header
+m0wef.uk: could not connect to host
+m2tc.fr: could not connect to host
+m3-gmbh.de: did not receive HSTS header
+m4570.xyz: could not connect to host
+m4g.ru: could not connect to host
+m82labs.com: did not receive HSTS header
+ma-musique.fr: did not receive HSTS header
+maarten.nyc: could not connect to host
+maartenterpstra.xyz: could not connect to host
+mac-torrents.me: did not receive HSTS header
+macbolo.com: could not connect to host
+macchaberrycream.com: could not connect to host
+macchedil.com: did not receive HSTS header
+macdj.tk: could not connect to host
+macedopesca.com.br: did not receive HSTS header
+macgeneral.de: did not receive HSTS header
+mach1club.com: did not receive HSTS header
+macinyasha.net: could not connect to host
+macleodnc.com: did not receive HSTS header
+macsandcheesedreams.com: could not connect to host
+macustar.eu: could not connect to host
+madars.org: did not receive HSTS header
+maddin.ga: could not connect to host
+madebyfalcon.co.uk: did not receive HSTS header
+madebymagnitude.com: did not receive HSTS header
+madeinorder.com: did not receive HSTS header
+madeintucson.org: could not connect to host
+mademoiselle-emma.be: did not receive HSTS header
+mademoiselle-emma.fr: did not receive HSTS header
+maderwin.com: did not receive HSTS header
+madesoftware.com.br: could not connect to host
+madusecurity.com: could not connect to host
+mafamane.com: could not connect to host
+mafiareturns.com: max-age too low: 2592000
+magazin3513.com: could not connect to host
+magenx.com: did not receive HSTS header
+magia360.com: did not receive HSTS header
+magicbroccoli.de: did not receive HSTS header
+magnacumlaude.co: could not connect to host
+magneticanvil.com: did not receive HSTS header
+magyarokegyhelyen.hu: did not receive HSTS header
+mahamed91.pw: could not connect to host
+mahfouzadedimeji.com: did not receive HSTS header
+maidofhonorcleaning.net: max-age too low: 200
+maik-mahlow.de: could not connect to host
+mail-settings.google.com: did not receive HSTS header (error ignored - included regardless)
+mail.google.com: did not receive HSTS header (error ignored - included regardless)
+mailchuck.com: could not connect to host
+maildragon.com: could not connect to host
+mailgarant.nl: could not connect to host
+mailhost.it: could not connect to host
+mailing-femprendedores.com: did not receive HSTS header
+mailing-jbgg.com: did not receive HSTS header
+mailon.ga: could not connect to host
+main-street-seo.com: did not receive HSTS header
+mainlywrenches.co: max-age too low: 0
+maintainerheaven.ch: could not connect to host
+maisalto.ind.br: could not connect to host
+majesnix.org: did not receive HSTS header
+majncloud.tk: could not connect to host
+make-pizza.info: could not connect to host
+makedonien.guide: could not connect to host
+makeitdynamic.com: could not connect to host
+makerstuff.net: did not receive HSTS header
+makeshiftco.de: did not receive HSTS header
+makeyourank.com: max-age too low: 200
+maldiverna.guide: could not connect to host
+maleexcel.com: did not receive HSTS header
+malena.com.ua: did not receive HSTS header
+malerversand.de: did not receive HSTS header
+malesbdsm.com: could not connect to host
+malfait.nl: could not connect to host
+malgraph.net: could not connect to host
+malibubeachrecoverycenter.com: did not receive HSTS header
+maljaars-media.nl: could not connect to host
+malmstroms-co.se: could not connect to host
+maltes.website: could not connect to host
+malwaretips.com: did not receive HSTS header
+malwre.io: could not connect to host
+malya.fr: could not connect to host
+mamaison.io: could not connect to host
+mamaxi.org: did not receive HSTS header
+mammothmail.com: could not connect to host
+mammothmail.net: could not connect to host
+mammothmail.org: could not connect to host
+mammut.space: could not connect to host
+mamochka.org.ua: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+manaboutahor.se: did not receive HSTS header
+manage.zenpayroll.com: did not receive HSTS header
+manage4all.com: could not connect to host
+manageall.de: could not connect to host
+manageforall.com: could not connect to host
+manageforall.de: could not connect to host
+managemynetsuite.com: did not receive HSTS header
+manantial.mx: did not receive HSTS header
+mandpress.com: did not receive HSTS header
+mangazuki.co: did not receive HSTS header
+maniadeprazer.com.br: could not connect to host
+manifestbin.com: did not receive HSTS header
+manipulatedtme.com: could not connect to host
+manitasicily.com: did not receive HSTS header
+manningbrothers.com: did not receive HSTS header
+manns-solutions.com: did not receive HSTS header
+manns-solutions.ru: did not receive HSTS header
+mannsolutions.co.uk: did not receive HSTS header
+mansfieldplacevt.com: did not receive HSTS header
+manshop24.com: could not connect to host
+mansion-note.com: did not receive HSTS header
+manududu.com.br: did not receive HSTS header
+maomaofuli.vip: could not connect to host
+maosi.xin: did not receive HSTS header
+maple5.com: did not receive HSTS header
+mapresidentielle.fr: could not connect to host
+marbinvest.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+marcelmarnitz.com: could not connect to host
+marcelparra.com: could not connect to host
+marchagen.nl: did not receive HSTS header
+marche-nordic-jorat.ch: could not connect to host
+marco01809.net: could not connect to host
+marcoececilia.it: did not receive HSTS header
+marcofinke.de: could not connect to host
+marcontrol.com: did not receive HSTS header
+marcosteixeira.tk: could not connect to host
+marcschlagenhauf.de: could not connect to host
+marcus-scheffler.com: did not receive HSTS header
+marcush.de: could not connect to host
+mardelcupon.com: could not connect to host
+mare92.cz: could not connect to host
+margaretrosefashions.co.uk: could not connect to host
+marialempke.com: max-age too low: 0
+mariannematthew.com: could not connect to host
+marie-curie.fr: could not connect to host
+marie-elisabeth.dk: did not receive HSTS header
+marie-en-provence.com: did not receive HSTS header
+marienschule-sundern.de: did not receive HSTS header
+marilsnijders.nl: could not connect to host
+marinela.com.mx: max-age too low: 86400
+marinelausa.com: max-age too low: 86400
+markaconnor.com: did not receive HSTS header
+markayapilandirma.com: could not connect to host
+markcp.me: could not connect to host
+market.android.com: did not receive HSTS header (error ignored - included regardless)
+marketespace.fr: did not receive HSTS header
+marketingdesignu.cz: could not connect to host
+markllego.com: could not connect to host
+marko-fenster24.de: could not connect to host
+markorszulak.com: did not receive HSTS header
+markrobin.de: did not receive HSTS header
+marksill.com: could not connect to host
+marktboten.de: did not receive HSTS header
+markusabraham.com: did not receive HSTS header
+markusweimar.de: did not receive HSTS header
+marleyresort.com: did not receive HSTS header
+marriottvetcareers.com: could not connect to host
+marshut.net: could not connect to host
+martensson.io: did not receive HSTS header
+martialc.be: could not connect to host
+martiert.com: could not connect to host
+martijnvhoof.nl: could not connect to host
+martinec.co.uk: could not connect to host
+martinestyle.com: could not connect to host
+martineve.com: did not receive HSTS header
+martinp.no: could not connect to host
+martinreed.net: did not receive HSTS header
+martinrogalla.com: did not receive HSTS header
+martynhare.co.uk: could not connect to host
+martynhare.uk: could not connect to host
+marumagic.com: did not receive HSTS header
+marxist.party: could not connect to host
+marykshoup.com: did not receive HSTS header
+masa-yoga.com: did not receive HSTS header
+masa.li: could not connect to host
+mashnew.com: could not connect to host
+masjidtawheed.net: did not receive HSTS header
+maskt.pw: could not connect to host
+massivum.de: did not receive HSTS header
+massot.eu: did not receive HSTS header
+masterapi.ninja: did not receive HSTS header
+masteringtheterminal.com: did not receive HSTS header
+masterofbytes.ch: did not receive HSTS header
+mastichor.info: could not connect to host
+mastimtibetano.com: could not connect to host
+mastod.life: could not connect to host
+mastodon.direct: could not connect to host
+mastodon.engineering: could not connect to host
+mastodon.expert: could not connect to host
+mastodon.my: could not connect to host
+mastodon.pl: could not connect to host
+mastodones.club: could not connect to host
+masty.nl: could not connect to host
+matarrosabierzo.com: could not connect to host
+matatall.com: could not connect to host
+matchneedle.com: could not connect to host
+maternalsafety.org: did not receive HSTS header
+mateusmeyer.com.br: could not connect to host
+mathers.ovh: did not receive HSTS header
+mathijskingma.nl: could not connect to host
+matillat.ovh: did not receive HSTS header
+matomeplus.co: could not connect to host
+matrict.com: could not connect to host
+matrip.de: could not connect to host
+matrixcheats.net: could not connect to host
+matsuz.com: could not connect to host
+matt.tf: did not receive HSTS header
+mattandreko.com: did not receive HSTS header
+mattberryman.com: max-age too low: 43200
+matterconcern.com: could not connect to host
+matthewprenger.com: could not connect to host
+matthewtester.com: could not connect to host
+matthiassteen.be: max-age too low: 0
+matthiasweiler.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mattia98.org: could not connect to host
+mattli.us: could not connect to host
+mattressinsider.com: max-age too low: 3153600
+mattsvensson.com: max-age too low: 0
+mattwb65.com: could not connect to host
+matty.digital: did not receive HSTS header
+matze.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+maultrom.ml: could not connect to host
+maupiknik.com: did not receive HSTS header
+maur.cz: did not receive HSTS header
+maurus-automation.de: did not receive HSTS header
+mausi.co: did not receive HSTS header
+mavisang.cf: could not connect to host
+mawe.red: could not connect to host
+maximov.space: could not connect to host
+maxmachine.ind.br: could not connect to host
+maxr1998.de: did not receive HSTS header
+maxserver.com: did not receive HSTS header
+maya.mg: could not connect to host
+maynardnetworks.com: could not connect to host
+mazurlabs.tk: could not connect to host
+mazyun.com: max-age too low: 3600
+mazz-tech.com: could not connect to host
+mb-is.info: could not connect to host
+mbconsultancy.nu: did not receive HSTS header
+mbdrogenbos-usedcars.be: could not connect to host
+mbsec.net: could not connect to host
+mbwemmel-usedcars.be: could not connect to host
+mc81.com: did not receive HSTS header
+mca2017.org: did not receive HSTS header
+mcard.vn: did not receive HSTS header
+mcb-bank.com: did not receive HSTS header
+mcc.re: could not connect to host
+mccarty.io: could not connect to host
+mcdanieldevelopmentservices.com: could not connect to host
+mcdonalds.ru: did not receive HSTS header
+mcga.media: could not connect to host
+mckinley1.com: could not connect to host
+mclab.su: max-age too low: 2592000
+mclist.it: could not connect to host
+mclyr.com: did not receive HSTS header
+mcmillansedationdentistry.com: did not receive HSTS header
+mcooperlaw.com: did not receive HSTS header
+mcsa-usa.org: could not connect to host
+mcsnovatamabayan.com: could not connect to host
+mctherealm.net: could not connect to host
+mcuexchange.com: did not receive HSTS header
+mdfnet.se: did not receive HSTS header
+mdkr.nl: did not receive HSTS header
+mdscomp.net: did not receive HSTS header
+me-dc.com: could not connect to host
+meadowfen.farm: could not connect to host
+meadowfenfarm.com: could not connect to host
+meamod.com: max-age too low: 0
+meanevo.com: could not connect to host
+meat-education.com: could not connect to host
+meathealth.com: could not connect to host
+mebio.us: could not connect to host
+mecanicadom.com: could not connect to host
+mecenat-cassous.com: did not receive HSTS header
+mechmk1.me: did not receive HSTS header
+medallia.io: could not connect to host
+mediacru.sh: could not connect to host
+mediadandy.com: could not connect to host
+mediafinancelab.org: did not receive HSTS header
+mediamag.am: max-age too low: 0
+mediawikicn.org: could not connect to host
+medicinskavranje.edu.rs: could not connect to host
+medienservice-fritz.de: did not receive HSTS header
+medirich.co: could not connect to host
+meditek-dv.ru: did not receive HSTS header
+mediterenopmaandag.nl: did not receive HSTS header
+mediweed.tk: could not connect to host
+medm-test.com: could not connect to host
+medy-me.com: could not connect to host
+medzinenews.com: did not receive HSTS header
+meedoennoordkop.nl: did not receive HSTS header
+meedoenzaanstad.nl: did not receive HSTS header
+meeko.cc: could not connect to host
+meetfinch.com: could not connect to host
+meetscompany.jp: did not receive HSTS header
+megaflowers.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+megakiste.de: could not connect to host
+megashur.se: did not receive HSTS header
+meghudson.com: could not connect to host
+meifrench.com: could not connect to host
+mein-gesundheitsmanager.com: max-age too low: 0
+meincloudspeicher.de: could not connect to host
+meinebo.it: could not connect to host
+mekatrotekno.com: did not receive HSTS header
+melangebrasil.com: could not connect to host
+melaniebilodeau.com: did not receive HSTS header
+melcher.it: did not receive HSTS header
+melhoresdominios.net: could not connect to host
+melhorproduto.com.br: could not connect to host
+melonstudios.net: could not connect to host
+melpomene.me: could not connect to host
+melted.pw: could not connect to host
+melvinlow.com: could not connect to host
+memberpress.com: did not receive HSTS header
+members.mayfirst.org: did not receive HSTS header
+memeblast.ninja: could not connect to host
+memory-plus-180.com: could not connect to host
+memorytrace.space: could not connect to host
+menchez.me: could not connect to host
+menkyo-blog.com: did not receive HSTS header
+mensmaximus.de: did not receive HSTS header
+mentax.net: did not receive HSTS header
+menthix.net: could not connect to host
+menudrivetest.com: could not connect to host
+menzaijia.com: could not connect to host
+meow.cloud: could not connect to host
+meozcraft.com: could not connect to host
+mercanix.co.uk: could not connect to host
+merccorp.de: did not receive HSTS header
+mercedes-benz-usedcars.be: could not connect to host
+mereckas.com: could not connect to host
+meredithkm.info: did not receive HSTS header
+meritz.rocks: could not connect to host
+mersinunivercity.com: could not connect to host
+merson.me: could not connect to host
+meshlab.co: could not connect to host
+meskdeals.com: could not connect to host
+mesmoque.com: could not connect to host
+metadistribution.com: did not receive HSTS header
+metagrader.com: could not connect to host
+metasyntactic.xyz: could not connect to host
+metebalci.com: did not receive HSTS header
+meteosherbrooke.com: could not connect to host
+meteosky.net: could not connect to host
+meter.md: could not connect to host
+metin2blog.de: did not receive HSTS header
+metis.pw: could not connect to host
+metrans-spedition.de: could not connect to host
+metricaid.com: did not receive HSTS header
+metrix-money-ptc.com: could not connect to host
+metrix.design: could not connect to host
+metzgerei-birkenhof.de: could not connect to host
+meucosmetico.com.br: could not connect to host
+meuemail.pro: could not connect to host
+mexbt.com: could not connect to host
+mexicanbusinessweb.mx: did not receive HSTS header
+mexicansbook.ru: did not receive HSTS header
+mexior.nl: could not connect to host
+meyeraviation.com: could not connect to host
+mfcatalin.com: could not connect to host
+mfedderke.com: could not connect to host
+mfiles.pl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mgdigital.fr: did not receive HSTS header
+mgiay.com: did not receive HSTS header
+mh-bloemen.co.jp: could not connect to host
+mhdsyarif.com: did not receive HSTS header
+mhealthdemocamp.com: could not connect to host
+mhertel.com: did not receive HSTS header
+mhict.nl: could not connect to host
+mhjuma.com: could not connect to host
+mht-travel.com: could not connect to host
+mhx.pw: could not connect to host
+mianfei-vpn.com: did not receive HSTS header
+michaeldemuth.com: could not connect to host
+michaelfitzpatrickruth.com: could not connect to host
+michaelmorpurgo.com: did not receive HSTS header
+michaeln.net: did not receive HSTS header
+michaelscrivo.com: did not receive HSTS header
+michaelsulzer.com: could not connect to host
+michaelsulzer.eu: could not connect to host
+michaelwaite.org: could not connect to host
+michal-kral.cz: could not connect to host
+michalborka.cz: could not connect to host
+michiganmetalartwork.com: max-age too low: 7889238
+miconware.de: could not connect to host
+micro-dv.ru: could not connect to host
+micro-rain-systems.com: did not receive HSTS header
+microme.ga: could not connect to host
+micropple.net: could not connect to host
+microtalk.org: could not connect to host
+midirs.org: did not receive HSTS header
+midonet.org: did not receive HSTS header
+midriversmotorsllc.com: could not connect to host
+midwestwomenworkers.org: could not connect to host
+miegl.cz: could not connect to host
+miemie.jp: could not connect to host
+migeeks.de: did not receive HSTS header
+mightydicks.io: could not connect to host
+mightydicks.tech: could not connect to host
+mightysounds.cz: max-age too low: 0
+migrator.co: could not connect to host
+miguksaram.com: could not connect to host
+mijcorijneveld.nl: did not receive HSTS header
+mijn-email.org: could not connect to host
+mijnetickets.nl: did not receive HSTS header
+mijnkredietpaspoort.nl: could not connect to host
+mikadesign.se: did not receive HSTS header
+mikaelemilsson.net: did not receive HSTS header
+mikeburns.com: could not connect to host
+mikedugan.org: did not receive HSTS header
+mikeg.de: did not receive HSTS header
+mikek.work: did not receive HSTS header
+mikeology.org: could not connect to host
+mikepair.net: could not connect to host
+mikeybot.com: could not connect to host
+mikii.club: could not connect to host
+mikk.cz: could not connect to host
+miku.be: could not connect to host
+miku.hatsune.my: max-age too low: 5184000
+mikusinec.com: could not connect to host
+milang.xyz: could not connect to host
+milanpala.cz: did not receive HSTS header
+milatrans.pl: did not receive HSTS header
+milcoresonline.com: could not connect to host
+milesgeek.com: did not receive HSTS header
+military-portal.cz: did not receive HSTS header
+militarycarlot.com: did not receive HSTS header
+millenniumweb.com: max-age too low: 86400
+mimeit.de: could not connect to host
+mimoderoupa.pt: could not connect to host
+mind.sh: did not receive HSTS header
+mindcraft.ga: could not connect to host
+mine.world: could not connect to host
+minecraft-forum.cf: could not connect to host
+minecraft-forum.ga: could not connect to host
+minecraft-forum.gq: could not connect to host
+minecraft-forum.ml: could not connect to host
+minecraft-forums.cf: could not connect to host
+minecraft-forums.ga: could not connect to host
+minecraft-forums.gq: could not connect to host
+minecraftforum.ch: could not connect to host
+minecraftforums.cf: could not connect to host
+minecraftforums.gq: could not connect to host
+minecraftforums.ml: could not connect to host
+minecraftserverz.com: could not connect to host
+minecraftvoter.com: could not connect to host
+mineover.es: could not connect to host
+mingming.info: did not receive HSTS header
+mingo.nl: max-age too low: 2592000
+mingy.ddns.net: could not connect to host
+mingyueli.com: could not connect to host
+minh.at: could not connect to host
+mini-piraten.de: did not receive HSTS header
+minikneet.nl: could not connect to host
+minimaliston.com: did not receive HSTS header
+minimoo.se: could not connect to host
+minis-hip.de: max-age too low: 172800
+minitruckin.net: could not connect to host
+minkondom.nu: could not connect to host
+minnesotadata.com: could not connect to host
+minobar.com: could not connect to host
+minora.io: could not connect to host
+minoris.se: could not connect to host
+mintea-noua.ro: did not receive HSTS header
+miragrow.com: could not connect to host
+mirindadomo.ru: did not receive HSTS header
+mironized.com: did not receive HSTS header
+mirrorx.com: did not receive HSTS header
+misgluteosperfectos.com: did not receive HSTS header
+misiondelosangeles-mailing.com: did not receive HSTS header
+missrain.tw: could not connect to host
+mist.ink: could not connect to host
+mister.hosting: did not receive HSTS header
+misterl.net: did not receive HSTS header
+mitarbeiter-pc.de: did not receive HSTS header
+mitchellrenouf.ca: could not connect to host
+mitm-software.badssl.com: could not connect to host
+mittenhacks.com: could not connect to host
+mivcon.net: could not connect to host
+miweb.cr: did not receive HSTS header
+mizd.at: could not connect to host
+mizi.name: could not connect to host
+mjcaffarattilaw.com: did not receive HSTS header
+mjhsc.nl: could not connect to host
+mk-dizajn.com: did not receive HSTS header
+mkfs.be: could not connect to host
+mkfs.fr: could not connect to host
+mlcdn.co: could not connect to host
+mlp.ee: did not receive HSTS header
+mlpchan.net: could not connect to host
+mlpepilepsy.org: could not connect to host
+mlpvc-rr.ml: did not receive HSTS header
+mmgazhomeloans.com: could not connect to host
+mmmm.com: could not connect to host
+mmstick.tk: could not connect to host
+mnemotiv.com: could not connect to host
+mnetworkingsolutions.co.uk: could not connect to host
+mnmt.no: did not receive HSTS header
+mnwt.nl: could not connect to host
+moar.so: did not receive HSTS header
+mobaircon.com: did not receive HSTS header
+mobile-gesundheit.org: did not receive HSTS header
+mobile.eti.br: could not connect to host
+mobilebay.top: could not connect to host
+mobilecoach.com: did not receive HSTS header
+mobilekey.co: could not connect to host
+mobilemedics.com: did not receive HSTS header
+mobilethreat.net: could not connect to host
+mobilethreatnetwork.net: could not connect to host
+mobilpass.no: could not connect to host
+mobiwalk.com: could not connect to host
+mobix5.com: did not receive HSTS header
+mockmyapp.com: could not connect to host
+mocloud.eu: could not connect to host
+mocsuite.club: could not connect to host
+mocurio.com: could not connect to host
+modaperuimport.com: could not connect to host
+modded-minecraft-server-list.com: could not connect to host
+moddedark.com: could not connect to host
+mode-marine.com: could not connect to host
+model9.io: did not receive HSTS header
+modeldimension.com: did not receive HSTS header
+modelsclub.org.ua: did not receive HSTS header
+modemagazines.co.uk: could not connect to host
+moderatortv.de: did not receive HSTS header
+moderntld.net: could not connect to host
+modx.by: max-age too low: 31536
+modx.io: could not connect to host
+modydev.club: could not connect to host
+moe-max.jp: could not connect to host
+moe4sale.in: could not connect to host
+moebel-nagel.de: did not receive HSTS header
+moegirl.org: did not receive HSTS header
+moellers.it: could not connect to host
+moeloli.pw: could not connect to host
+moelord.org: could not connect to host
+moen.io: could not connect to host
+moevenpick-cafe.com: did not receive HSTS header
+mogry.net: did not receive HSTS header
+moho.kr: could not connect to host
+mohs.es: could not connect to host
+moitur.com: could not connect to host
+mojizuri.jp: max-age too low: 86400
+mols.me: did not receive HSTS header
+molun.net: did not receive HSTS header
+mommel.com: could not connect to host
+mommelonline.de: could not connect to host
+momoka.moe: could not connect to host
+mon-a-lisa.com: did not receive HSTS header
+mona.lu: could not connect to host
+monarca.systems: could not connect to host
+monasterialis.eu: could not connect to host
+monautoneuve.fr: did not receive HSTS header
+mondar.io: could not connect to host
+mondopoint.com: did not receive HSTS header
+mondwandler.de: could not connect to host
+moneromerchant.com: could not connect to host
+moneycrownmedia.com: could not connect to host
+mongla168.net: could not connect to host
+mongla88.net: could not connect to host
+monika-sokol.de: did not receive HSTS header
+monitaure.io: could not connect to host
+monitman.com: did not receive HSTS header
+monitori.ng: could not connect to host
+montanacures.org: could not connect to host
+montanwerk.de: did not receive HSTS header
+montonicms.com: could not connect to host
+moobo.xyz: could not connect to host
+moon.lc: could not connect to host
+moonless.net: could not connect to host
+moonloupe.com: could not connect to host
+moonysbouncycastles.co.uk: did not receive HSTS header
+moosemanstudios.com: could not connect to host
+moov.is: could not connect to host
+moparcraft.com: could not connect to host
+moparcraft.org: could not connect to host
+moparisthebest.biz: could not connect to host
+moparisthebest.info: could not connect to host
+moparscape.org: did not receive HSTS header
+mopsuite.club: could not connect to host
+mor.cloud: could not connect to host
+mor.gl: could not connect to host
+mordrum.com: could not connect to host
+morethanadream.lv: could not connect to host
+morethandigital.info: did not receive HSTS header
+morfitronik.pl: could not connect to host
+morganestes.com: max-age too low: 0
+morningcalculation.com: could not connect to host
+morninglory.com: max-age too low: 2592000
+mornings.com: did not receive HSTS header
+morotech.com.br: could not connect to host
+morpheusx.at: could not connect to host
+morpheusxaut.net: could not connect to host
+morpork.xyz: could not connect to host
+mortgagecentersmo.com: did not receive HSTS header
+morz.org: could not connect to host
+mosaique-lachenaie.fr: could not connect to host
+moskva.guide: could not connect to host
+mostwuat.com: could not connect to host
+motherbase.io: could not connect to host
+motionfreight.com: could not connect to host
+motionpicturesolutions.com: did not receive HSTS header
+motocyklovedily.cz: did not receive HSTS header
+motomorgen.com: could not connect to host
+motorbiketourhanoi.com: could not connect to host
+mottvd.com: could not connect to host
+moudicat.com: max-age too low: 6307200
+moula.com.au: did not receive HSTS header
+mountainadventureseminars.com: could not connect to host
+mountainmusicpromotions.com: did not receive HSTS header
+movabletype.net: max-age too low: 3600
+moviedollars.com: did not receive HSTS header
+moviesabout.net: could not connect to host
+moving-pixtures.de: could not connect to host
+movio.ga: did not receive HSTS header
+mowalls.net: could not connect to host
+moy-gorod.od.ua: did not receive HSTS header
+moy.cat: did not receive HSTS header
+mozart-game.cz: did not receive HSTS header
+mozartgame.cz: did not receive HSTS header
+mozoa.net: could not connect to host
+mozzilla.cz: could not connect to host
+mp3donusturucu.com: did not receive HSTS header
+mp3donusturucu.net: did not receive HSTS header
+mp3juices.is: could not connect to host
+mpkossen.com: did not receive HSTS header
+mpserver12.org: could not connect to host
+mqas.net: could not connect to host
+mr-hosting.com: could not connect to host
+mrafrohead.com: could not connect to host
+mrawe.com: could not connect to host
+mrdani.net: could not connect to host
+mredsanders.net: did not receive HSTS header
+mremallin.ca: could not connect to host
+mrettich.org: did not receive HSTS header
+mrhee.com: did not receive HSTS header
+mrizzio.com: could not connect to host
+mrjooz.com: could not connect to host
+mrksk.com: did not receive HSTS header
+mrliu.me: could not connect to host
+mrning.com: did not receive HSTS header
+mrnonz.com: max-age too low: 0
+mrpopat.in: did not receive HSTS header
+mrs-shop.com: did not receive HSTS header
+mrsbairds.com: max-age too low: 86400
+msc-seereisen.net: max-age too low: 0
+msgallery.tk: could not connect to host
+mstd.tokyo: did not receive HSTS header
+mstdn-tech.jp: could not connect to host
+mszaki.com: did not receive HSTS header
+mt.me.uk: could not connect to host
+mtamaki.com: could not connect to host
+mtcgf.com: did not receive HSTS header
+mtdn.jp: could not connect to host
+mtg-esport.de: did not receive HSTS header
+mtn.cc: could not connect to host
+muevetumundo.com.mx: max-age too low: 86400
+muj-svet.cz: could not connect to host
+mujadin.se: did not receive HSTS header
+mullen.net.au: did not receive HSTS header
+multimarques.com: max-age too low: 86400
+munch.me: could not connect to host
+mundodapoesia.com: did not receive HSTS header
+munduch.cz: could not connect to host
+munecoscabezones.com: did not receive HSTS header
+munich-rage.de: could not connect to host
+munkiepus.com: did not receive HSTS header
+munuc.org: did not receive HSTS header
+munzee.com: did not receive HSTS header
+muonium.ch: could not connect to host
+muriburi.land: could not connect to host
+muriburiland.com: could not connect to host
+murodese.org: could not connect to host
+murraycolin.org: could not connect to host
+murrayrun.com: did not receive HSTS header
+murz.tv: could not connect to host
+museminder2.com: did not receive HSTS header
+musewearflipflops.com: could not connect to host
+mushroomandfern.com: could not connect to host
+musi.cx: could not connect to host
+musicalbim.com.br: could not connect to host
+musikkfondene.no: did not receive HSTS header
+musikzug-bookholzberg.de: did not receive HSTS header
+muslimbanter.co.za: could not connect to host
+mustardking.me: did not receive HSTS header
+mustika.cf: could not connect to host
+mutamatic.com: could not connect to host
+mutuelle-obligatoire-pme.fr: did not receive HSTS header
+muzeumkomiksu.eu: could not connect to host
+muzgra.in: did not receive HSTS header
+muzykaprzeszladoplay.pl: could not connect to host
+mvanmarketing.nl: did not receive HSTS header
+mvnet.com.br: did not receive HSTS header
+mvsecurity.nl: could not connect to host
+mwohlfarth.de: did not receive HSTS header
+my-demo.co: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+my-owncloud.com: could not connect to host
+my.alfresco.com: did not receive HSTS header
+my.swedbank.se: did not receive HSTS header
+myairshop.gr: could not connect to host
+myandroid.tools: could not connect to host
+myandroidtools.cc: could not connect to host
+myandroidtools.pro: could not connect to host
+mybeautyjobs.de: could not connect to host
+mybudget.xyz: could not connect to host
+mybuilderinlondon.co.uk: did not receive HSTS header
+mybusiness.cm: did not receive HSTS header
+mycamda.com: could not connect to host
+mychocolateweightloss.com: could not connect to host
+myclientsplus.com: did not receive HSTS header
+mycollab.net: could not connect to host
+mycoted.com: did not receive HSTS header
+mydeos.com: could not connect to host
+mydigipass.com: did not receive HSTS header
+mydmdi.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mydnaresults.com: could not connect to host
+mydnatest.com: did not receive HSTS header
+mydriversedge.com: did not receive HSTS header
+myfappening.org: could not connect to host
+myfdic.gov: could not connect to host
+mygate.at: could not connect to host
+mygivingcircle.org: did not receive HSTS header
+mygooder.com: did not receive HSTS header
+mygov.scot: did not receive HSTS header
+myhair.asia: did not receive HSTS header
+myicare.org: did not receive HSTS header
+myiocc.org: could not connect to host
+myip.tech: max-age too low: 2592000
+myjumpsuit.de: did not receive HSTS header
+mykolab.com: did not receive HSTS header
+mykreuzfahrt.de: could not connect to host
+mymp3singer.site: did not receive HSTS header
+mynetblog.com: did not receive HSTS header
+mynetworkingbuddy.com: could not connect to host
+mynewleaf.co: did not receive HSTS header
+mynewselfbariatrics.com: did not receive HSTS header
+myni.io: could not connect to host
+mynigma.org: did not receive HSTS header
+mypagella.com: could not connect to host
+mypagella.eu: could not connect to host
+mypagella.it: could not connect to host
+mypension.ca: could not connect to host
+myphonebox.de: could not connect to host
+myraytech.net: did not receive HSTS header
+myrepublic.co.id: max-age too low: 0
+myrig.net: could not connect to host
+myrsa.in: did not receive HSTS header
+mysecretcase.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+mysecretrewards.com: could not connect to host
+myshirtsize.com: could not connect to host
+myspa.asia: did not receive HSTS header
+mystery-science-theater-3000.de: did not receive HSTS header
+mysteryblog.de: did not receive HSTS header
+mythlogic.com: did not receive HSTS header
+mythslegendscollection.com: did not receive HSTS header
+mytravelblog.de: could not connect to host
+mytweeps.com: did not receive HSTS header
+myweb360.de: did not receive HSTS header
+myzone.com: did not receive HSTS header
+mzlog.win: could not connect to host
+n-rickroll-e.pw: could not connect to host
+n0099.cf: could not connect to host
+n0psled.nl: could not connect to host
+n2x.in: could not connect to host
+n4l.pw: could not connect to host
+n8ch.net: could not connect to host
+naano.org: could not connect to host
+nabru.co.uk: did not receive HSTS header
+nabu-bad-nauheim.de: did not receive HSTS header
+nabytko.cz: could not connect to host
+nacktetatsachen.at: did not receive HSTS header
+nadia.pt: could not connect to host
+nagios.by: did not receive HSTS header
+nagoya-kyuyo.com: could not connect to host
+naiharngym.com: did not receive HSTS header
+najedlo.sk: could not connect to host
+nakamastreamingcommunity.com: could not connect to host
+nakliyatsirketi.biz: could not connect to host
+nakuro.de: could not connect to host
+nalifornia.com: did not receive HSTS header
+nalinux.cz: did not receive HSTS header
+nallon.com.br: could not connect to host
+namacindia.com: did not receive HSTS header
+namaho.com: could not connect to host
+named.ga: could not connect to host
+nametaken-cloud.duckdns.org: could not connect to host
+namethatbone.com: could not connect to host
+namorico.me: could not connect to host
+nan.ci: did not receive HSTS header
+nan.zone: could not connect to host
+nandex.org: could not connect to host
+naniki.co.uk: did not receive HSTS header
+nanogeneinc.com: could not connect to host
+nanokamo.com: did not receive HSTS header
+nanrenba.net: could not connect to host
+nansay.cn: could not connect to host
+nanto.eu: could not connect to host
+naphex.rocks: could not connect to host
+narodniki.com: did not receive HSTS header
+narodsovety.ru: could not connect to host
+narrenverein-wolkenschieber.de: did not receive HSTS header
+narviz.com: did not receive HSTS header
+nashira.cz: did not receive HSTS header
+nasralmabrooka.com: did not receive HSTS header
+natalia-fadeeva.ru: could not connect to host
+natalia.io: could not connect to host
+natalieandjoshua.com: could not connect to host
+natalt.org: did not receive HSTS header
+nathanmfarrugia.com: did not receive HSTS header
+nationalmall.gov: could not connect to host
+nationwidevehiclecontracts.co.uk: did not receive HSTS header
+natural-progesterone.net: could not connect to host
+naturecoaster.com: did not receive HSTS header
+naturesharvestbread.com: max-age too low: 86400
+natuurbehangnederland.nl: could not connect to host
+nauck.org: did not receive HSTS header
+naudles.me: could not connect to host
+nav.jobs: could not connect to host
+naval.tf: could not connect to host
+navjobs.com: did not receive HSTS header
+nbb.io: could not connect to host
+nbg-ha.de: could not connect to host
+ncc60205.info: could not connect to host
+ncdesigns-studio.com: could not connect to host
+ncpc.gov: could not connect to host
+nct.org.uk: did not receive HSTS header
+nctx.co.uk: did not receive HSTS header
+ndtmarket.place: could not connect to host
+near.st: did not receive HSTS header
+nearbiwa.com: did not receive HSTS header
+neavision.de: did not receive HSTS header
+nebulousenhanced.com: could not connect to host
+nedcf.org.uk: did not receive HSTS header
+nedwave.com: did not receive HSTS header
+nedzad.me: could not connect to host
+neels.ch: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+neer.io: could not connect to host
+neftaly.com: did not receive HSTS header
+negativecurvature.net: could not connect to host
+negativzinsen.info: did not receive HSTS header
+neilgreen.net: did not receive HSTS header
+nejnamc.org: could not connect to host
+neko-life.com: did not receive HSTS header
+neko-system.com: did not receive HSTS header
+nemno.de: could not connect to host
+nemovement.org: could not connect to host
+neoani.me: did not receive HSTS header
+neofelhz.space: could not connect to host
+neonisi.com: could not connect to host
+neonnuke.tech: could not connect to host
+neosolution.ca: did not receive HSTS header
+nephy.jp: could not connect to host
+nepustil.net: did not receive HSTS header
+nerd42.de: could not connect to host
+nerdhouse.io: could not connect to host
+nerfroute.com: could not connect to host
+neris.io: could not connect to host
+nerpa-club.ru: did not receive HSTS header
+nestedquotes.ca: could not connect to host
+nestone.ru: could not connect to host
+net-navi.cc: did not receive HSTS header
+net2o.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net2o.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net2o.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+net4it.de: did not receive HSTS header
+netbox.cc: could not connect to host
+netbrief.ml: did not receive HSTS header
+netherwind.eu: did not receive HSTS header
+netlilo.com: could not connect to host
+netloanusa.com: could not connect to host
+netmagik.com: did not receive HSTS header
+netprofile.com.au: could not connect to host
+netraising.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+netresourcedesign.com: could not connect to host
+netsparkercloud.com: did not receive HSTS header
+nettefoundation.com: could not connect to host
+networx-online.de: could not connect to host
+netzbit.de: could not connect to host
+netzpolitik.org: max-age too low: 2592000
+netztest.at: did not receive HSTS header
+netzvieh.de: did not receive HSTS header
+netzzwerg4u.de: could not connect to host
+neueonlinecasino2016.com: could not connect to host
+neuralgic.net: could not connect to host
+neuro-plus-100.com: could not connect to host
+neuronfactor.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nevadafiber.net: could not connect to host
+never-afk.de: did not receive HSTS header
+never.pet: did not receive HSTS header
+neveta.com: could not connect to host
+newbieboss.com: did not receive HSTS header
+newcityinfo.info: could not connect to host
+newedivideo.it: could not connect to host
+newgenerationplus.org: could not connect to host
+newhdmovies.io: could not connect to host
+newkaliningrad.ru: did not receive HSTS header
+newlooknow.com: did not receive HSTS header
+newmelalife.com: did not receive HSTS header
+newparadigmventures.net: did not receive HSTS header
+newportpropertygroup.com: could not connect to host
+newstarnootropics.com: max-age too low: 7889238
+newtonwarp.com: could not connect to host
+nexgeneration-solutions.com: could not connect to host
+next176.sk: did not receive HSTS header
+next47.com: did not receive HSTS header
+nextcloud.org: could not connect to host
+nextgenthemes.com: did not receive HSTS header
+nexth.de: could not connect to host
+nexth.net: could not connect to host
+nexth.us: could not connect to host
+nextpages.de: could not connect to host
+nextproject.us: could not connect to host
+nexusbyte.de: could not connect to host
+nexuscorporation.in: could not connect to host
+nfluence.org: could not connect to host
+nfo.so: could not connect to host
+ng-security.com: could not connect to host
+ngine.ch: did not receive HSTS header
+nginxnudes.com: could not connect to host
+nglr.org: could not connect to host
+ngt-service.ru: did not receive HSTS header
+ngtoys.com.br: could not connect to host
+nibiisclaim.com: could not connect to host
+nicesco.re: did not receive HSTS header
+nicestresser.fr: could not connect to host
+nicky.io: did not receive HSTS header
+nico.one: could not connect to host
+nico.st: could not connect to host
+nicoborghuis.nl: could not connect to host
+nicolas-simond.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nicolasbettag.me: did not receive HSTS header
+nicolasdutour.com: did not receive HSTS header
+niconiconi.xyz: could not connect to host
+niconode.com: could not connect to host
+nidux.com: did not receive HSTS header
+niduxcomercial.com: could not connect to host
+nien.chat: could not connect to host
+nienfun.com: could not connect to host
+nifpnet.nl: did not receive HSTS header
+nightsnack.cf: could not connect to host
+niho.jp: did not receive HSTS header
+nikcub.com: could not connect to host
+nikklassen.ca: did not receive HSTS header
+nikksno.io: could not connect to host
+niklaslindblad.se: did not receive HSTS header
+nikolaichik.photo: did not receive HSTS header
+nikolasbradshaw.com: could not connect to host
+nil2.org: did not receive HSTS header
+niloxy.com: did not receive HSTS header
+ninchisho-online.com: did not receive HSTS header
+ninhs.org: could not connect to host
+ninjan.co: did not receive HSTS header
+ninjaspiders.com: did not receive HSTS header
+niouininon.eu: could not connect to host
+nippler.org: could not connect to host
+nippombashi.net: did not receive HSTS header
+nipponcareers.com: did not receive HSTS header
+nirada.info: could not connect to host
+nishikino-maki.com: could not connect to host
+niva.synology.me: could not connect to host
+nixien.fr: could not connect to host
+nixmag.net: could not connect to host
+nkadvertising.online: could not connect to host
+nkautoservice.nl: did not receive HSTS header
+nkb.in.th: could not connect to host
+nll.fi: could not connect to host
+nmadda.com: could not connect to host
+nmctest.net: could not connect to host
+nmueller.at: could not connect to host
+nnote.net: did not receive HSTS header
+nnya.cat: could not connect to host
+no-ip.cz: did not receive HSTS header
+no17sifangjie.cc: could not connect to host
+nocallaghan.com: could not connect to host
+noclegi-online.pl: did not receive HSTS header
+noctinus.tk: could not connect to host
+node-core-app.com: could not connect to host
+nodebrewery.com: could not connect to host
+nodelab-it.de: did not receive HSTS header
+nodepanel.net: could not connect to host
+nodeselect.com: could not connect to host
+nodespin.com: could not connect to host
+nodetemple.com: could not connect to host
+nodi.at: did not receive HSTS header
+noexpect.org: could not connect to host
+noima.com: did not receive HSTS header
+nolag.host: could not connect to host
+nolatepayments.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nolberg.net: did not receive HSTS header
+nolimitsbook.de: did not receive HSTS header
+nolte.work: could not connect to host
+nomorebytes.de: could not connect to host
+nonemu.ninja: could not connect to host
+noodlesandwich.com: did not receive HSTS header
+noodplan.co.za: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nootropicsource.com: did not receive HSTS header
+nope.website: could not connect to host
+nopex.no: could not connect to host
+nopol.de: could not connect to host
+norad.sytes.net: could not connect to host
+norandom.com: could not connect to host
+norb.at: could not connect to host
+nordlicht.photography: did not receive HSTS header
+nordseeblicke.de: could not connect to host
+norge.guide: could not connect to host
+northcutt.com: did not receive HSTS header
+northwest-events.co.uk: did not receive HSTS header
+nosbenevolesontdutalent.com: could not connect to host
+nosecretshop.com: could not connect to host
+nostraspace.com: did not receive HSTS header
+notadd.io: could not connect to host
+notarankastojkovic.me: could not connect to host
+notarobot.fr: could not connect to host
+note7forever.com: could not connect to host
+notenoughtime.de: could not connect to host
+notesforpebble.com: could not connect to host
+notevencode.com: could not connect to host
+nothing.net.nz: max-age too low: 7776000
+nothing.org.uk: could not connect to host
+noticia.do: did not receive HSTS header
+notjustbitchy.com: did not receive HSTS header
+nottheonion.net: did not receive HSTS header
+nou.si: could not connect to host
+nouvelle-vague-saint-cast.fr: did not receive HSTS header
+nova-elearning.com: could not connect to host
+novaco.in: max-age too low: 3600
+novacraft.me: did not receive HSTS header
+novascan.net: could not connect to host
+novatrucking.de: could not connect to host
+novavoidhowl.com: did not receive HSTS header
+novelabs.de: could not connect to host
+novelabs.eu: could not connect to host
+novelshouse.com: did not receive HSTS header
+novtest.ru: did not receive HSTS header
+novurania.com: did not receive HSTS header
+nowak.ninja: did not receive HSTS header
+noworrywp.com: could not connect to host
+nowprotein.com: did not receive HSTS header
+nowremindme.com: could not connect to host
+nozoe.jp: could not connect to host
+npol.de: could not connect to host
+nq7.pl: could not connect to host
+nrechn.de: could not connect to host
+nrizzio.me: could not connect to host
+nrnjn.xyz: did not receive HSTS header
+nsbfalconacademy.org: could not connect to host
+nsdev.cn: could not connect to host
+nsmail.cn: could not connect to host
+nsweb.solutions: could not connect to host
+ntbs.pro: could not connect to host
+ntse.xyz: could not connect to host
+nu3.at: did not receive HSTS header
+nu3.ch: did not receive HSTS header
+nu3.co.uk: could not connect to host
+nu3.com: did not receive HSTS header
+nu3.de: did not receive HSTS header
+nu3.dk: did not receive HSTS header
+nu3.fi: did not receive HSTS header
+nu3.fr: did not receive HSTS header
+nu3.no: did not receive HSTS header
+nu3.se: did not receive HSTS header
+nube.ninja: did not receive HSTS header
+nudel.ninja: could not connect to host
+nufla.de: could not connect to host
+nuiguru.me: could not connect to host
+nukenet.se: could not connect to host
+nukute.com: did not receive HSTS header
+null-pointer.eu: did not receive HSTS header
+null-sec.ru: could not connect to host
+null.cat: did not receive HSTS header
+null.tips: could not connect to host
+nullpoint.at: did not receive HSTS header
+nullpro.com: could not connect to host
+numericacu.com: did not receive HSTS header
+numero-di-telefono.it: could not connect to host
+numista.com: did not receive HSTS header
+nunnun.jp: could not connect to host
+nuovamoda.al: did not receive HSTS header
+nup.pw: could not connect to host
+nuriacamaras.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+nurserybook.co: did not receive HSTS header
+nurture.be: did not receive HSTS header
+nusatrip-api.com: did not receive HSTS header
+nutricuerpo.com: did not receive HSTS header
+nutritionculture.com: could not connect to host
+nutsandboltsmedia.com: did not receive HSTS header
+nuttyveg.com: did not receive HSTS header
+nwa.xyz: could not connect to host
+nweb.co.nz: could not connect to host
+nwork.media: could not connect to host
+nyanpasu.tv: could not connect to host
+nyazeeland.guide: could not connect to host
+nycroth.com: could not connect to host
+nyesider.org: could not connect to host
+nyored.com: did not receive HSTS header
+nyphox.net: could not connect to host
+nysepho.pw: could not connect to host
+nysifclaimcentral.com: did not receive HSTS header
+nystart.no: did not receive HSTS header
+nyxi.eu: could not connect to host
+nz.search.yahoo.com: max-age too low: 172800
+nzbs.io: could not connect to host
+nzmk.cz: did not receive HSTS header
+nzquakes.maori.nz: could not connect to host
+o-rickroll-y.pw: could not connect to host
+o0o.one: could not connect to host
+oasis.mobi: could not connect to host
+oasisim.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+obdolbacca.ru: could not connect to host
+oben.pl: did not receive HSTS header
+oberam.de: could not connect to host
+oberhof.co: could not connect to host
+obscuredfiles.com: could not connect to host
+obsydian.org: could not connect to host
+occupymedia.org: did not receive HSTS header
+ochaken.cf: could not connect to host
+ocmeulebeke.be: did not receive HSTS header
+ocrami.us: did not receive HSTS header
+octocat.ninja: could not connect to host
+oddmouse.com: could not connect to host
+odin.xxx: could not connect to host
+odinkapital.no: did not receive HSTS header
+odinoffice.no: did not receive HSTS header
+odysseyandco.com: could not connect to host
+oe8.bet: could not connect to host
+ofcourselanguages.com: could not connect to host
+ofer.site: did not receive HSTS header
+off-the-clock.us: could not connect to host
+offenedialoge.de: max-age too low: 2592000
+offgames.pro: could not connect to host
+office-ruru.com: could not connect to host
+officeclub.com.mx: did not receive HSTS header
+offshore-firma.org: could not connect to host
+offshore-unternehmen.com: could not connect to host
+offshorefirma-gruenden.com: could not connect to host
+offshoremarineparts.com: did not receive HSTS header
+oficinadocelular.com.br: could not connect to host
+ofo2.com: did not receive HSTS header
+oganek.ie: could not connect to host
+oganime.com: could not connect to host
+ogogoshop.com: could not connect to host
+ohm2013.org: could not connect to host
+ohsocool.org: did not receive HSTS header
+ohyooo.com: could not connect to host
+oiepoie.nl: could not connect to host
+oishioffice.com: did not receive HSTS header
+ojls.co: could not connect to host
+okane.love: could not connect to host
+okok-rent.com: could not connect to host
+okok.rent: could not connect to host
+okutama.in.th: could not connect to host
+olafnorge.de: did not receive HSTS header
+olanderflorist.com: could not connect to host
+olcso-vps-szerver.hu: could not connect to host
+oldnews.news: could not connect to host
+oldoakflorist.com: could not connect to host
+oliverdunk.com: did not receive HSTS header
+oliverspringer.eu: could not connect to host
+ollehbizev.co.kr: could not connect to host
+ols.io: did not receive HSTS header
+olswangtrainees.com: could not connect to host
+omacostudio.com: could not connect to host
+omgaanmetidealen.com: could not connect to host
+ominto.com: did not receive HSTS header
+omnibot.tv: could not connect to host
+omniti.com: max-age too low: 1
+omquote.gq: could not connect to host
+omskit.ru: did not receive HSTS header
+one---line.com: could not connect to host
+one-pe.com: did not receive HSTS header
+onearth.one: did not receive HSTS header
+oneb4nk.com: could not connect to host
+onecycling.my: could not connect to host
+onecycling.world: could not connect to host
+onefour.co: could not connect to host
+onehourloan.com: could not connect to host
+onehourloan.sg: did not receive HSTS header
+oneiros.cc: could not connect to host
+oneminute.io: did not receive HSTS header
+oneminutefilm.tv: could not connect to host
+onepathnetwork.com: max-age too low: 7776000
+onepluscamps.com: could not connect to host
+onepopstore.com: could not connect to host
+onespiritinc.com: did not receive HSTS header
+onet.space: could not connect to host
+onetwentyseven001.com: did not receive HSTS header
+onewebdev.info: could not connect to host
+oneworldbank.com: did not receive HSTS header
+onewpst.com: did not receive HSTS header
+oniichan.us: did not receive HSTS header
+onioncloud.org: could not connect to host
+onionsburg.com: could not connect to host
+online-casino.eu: did not receive HSTS header
+online-pr.at: did not receive HSTS header
+online-wetten.de: did not receive HSTS header
+onlinebiller.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+onlinebillingform.com: did not receive HSTS header
+onlinecompliance.org: did not receive HSTS header
+onlinedemo.hu: could not connect to host
+onlinedeposit.us: could not connect to host
+onlinekasino.de: did not receive HSTS header
+onlinepollsph.com: could not connect to host
+onlineschadestaat.nl: did not receive HSTS header
+onlinespielothek.com: did not receive HSTS header
+onlinewetten.de: could not connect to host
+only-roses.co.uk: did not receive HSTS header
+only-roses.com: did not receive HSTS header
+onlyshopstation.com: did not receive HSTS header
+onlyzero.net: could not connect to host
+onmuvo.com: did not receive HSTS header
+onovlena.dn.ua: could not connect to host
+onpatient.com: did not receive HSTS header
+onsitemassageco.com: did not receive HSTS header
+onstud.com: could not connect to host
+ontimestamp.com: did not receive HSTS header
+ontras.com: could not connect to host
+onwie.fr: could not connect to host
+onyxwall.com: could not connect to host
+onyxwall.link: could not connect to host
+onyxwall.net: could not connect to host
+oo.edu.rs: did not receive HSTS header
+ooeste.com: could not connect to host
+oogami.name: could not connect to host
+ookjesprookje.nl: could not connect to host
+ooooush.co.uk: could not connect to host
+oopsmycase.com: could not connect to host
+oopsorup.com: could not connect to host
+oost.io: could not connect to host
+open-mx.de: could not connect to host
+open-to-repair.fr: max-age too low: 86400
+openas.org: could not connect to host
+openconcept.no: did not receive HSTS header
+opendesk.cc: did not receive HSTS header
+opengateway.fr: did not receive HSTS header
+openmind-shop.de: did not receive HSTS header
+openmtbmap.org: did not receive HSTS header
+openpriv.pw: could not connect to host
+openprovider.nl: did not receive HSTS header
+openshift.redhat.com: did not receive HSTS header
+opensourcehouse.net: could not connect to host
+openspace.xxx: did not receive HSTS header
+opensrd.com: could not connect to host
+openssf.org: did not receive HSTS header
+openxmpp.com: could not connect to host
+opim.ca: did not receive HSTS header
+opioids.gov: could not connect to host
+opium.io: could not connect to host
+opoleo.com: could not connect to host
+opperwall.net: could not connect to host
+opsafewinter.net: could not connect to host
+opsbears.com: did not receive HSTS header
+opstacks.com: did not receive HSTS header
+optenhoefel.de: could not connect to host
+optimal-e.com: did not receive HSTS header
+optimista.soy: could not connect to host
+optometriepunt.nl: did not receive HSTS header
+optumrxhealthstore.com: could not connect to host
+oracaodocredo.com.br: could not connect to host
+orbiosales.com: could not connect to host
+orbitcom.de: did not receive HSTS header
+orbograph-hrcm.com: could not connect to host
+order.one: could not connect to host
+ordereat.fr: could not connect to host
+orderlounge.de: did not receive HSTS header
+organic-superfood.net: could not connect to host
+organisationsberatung-jacobi.de: did not receive HSTS header
+originalmockups.com: did not receive HSTS header
+originpc.com: did not receive HSTS header
+orioncustompcs.com: could not connect to host
+orionfcu.com: did not receive HSTS header
+orionrebellion.com: did not receive HSTS header
+orleika.ml: could not connect to host
+oroweatorganic.com: could not connect to host
+orthodoxy.lt: did not receive HSTS header
+osaiyuwu.com: could not connect to host
+oscarmashauri.com: could not connect to host
+oscloud.com: could not connect to host
+oscloud.com.ua: could not connect to host
+oscreen.me: could not connect to host
+oscreen.org: could not connect to host
+oscsdp.cz: could not connect to host
+osdls.gov: could not connect to host
+oslfoundation.org: could not connect to host
+osmanlitorunu.com: could not connect to host
+osp.cx: could not connect to host
+ossan-kobe-gourmet.com: did not receive HSTS header
+ossbinaries.com: could not connect to host
+osteammate.com: could not connect to host
+ostendorf.com: did not receive HSTS header
+osticketawesome.com: did not receive HSTS header
+oswaldmattgroup.com: did not receive HSTS header
+otakuworld.de: could not connect to host
+othercode.nl: could not connect to host
+othermedia.cc: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+otherstuff.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+otichi.com: did not receive HSTS header
+otinane.eu: could not connect to host
+otokonna.com: did not receive HSTS header
+otrsdemo.hu: did not receive HSTS header
+ottospora.nl: could not connect to host
+ourbank.com: did not receive HSTS header
+ourchoice2016.com: could not connect to host
+outdooradventures.pro: did not receive HSTS header
+outdoorproducts.com: did not receive HSTS header
+outetc.com: could not connect to host
+outreachbuddy.com: could not connect to host
+outsider.im: could not connect to host
+outurnate.com: did not receive HSTS header
+ouvirmusica.com.br: did not receive HSTS header
+ovenapp.io: did not receive HSTS header
+over25tips.com: did not receive HSTS header
+override.io: could not connect to host
+oversight.io: could not connect to host
+ovuscloud.de: could not connect to host
+ovvy.net: did not receive HSTS header
+owennelson.me: could not connect to host
+owlscrap.ru: could not connect to host
+owncloud.help: could not connect to host
+ownmovies.fr: could not connect to host
+oxro.co: could not connect to host
+oxygaming.com: did not receive HSTS header
+oxygenabsorbers.com: did not receive HSTS header
+oxymc.com: did not receive HSTS header
+oxynux.fr: could not connect to host
+oxynux.xyz: could not connect to host
+oyste.in: could not connect to host
+ozoz.cc: could not connect to host
+p-rickroll-o.pw: could not connect to host
+p.linode.com: could not connect to host
+p1c.pw: could not connect to host
+p3.marketing: did not receive HSTS header
+p3in.com: could not connect to host
+p8r.de: could not connect to host
+paavolastudio.com: could not connect to host
+pablocamino.tk: could not connect to host
+packlane.com: did not receive HSTS header
+pactocore.org: could not connect to host
+pader-deko.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+paestbin.com: could not connect to host
+page: could not connect to host
+pagerate.io: did not receive HSTS header
+pagetoimage.com: could not connect to host
+pahlawanpulsa.com: did not receive HSTS header
+paichai.space: could not connect to host
+paigeglass.com: did not receive HSTS header
+paino.cloud: could not connect to host
+paintingat.com: could not connect to host
+paio2-rec.com: could not connect to host
+paio2.com: could not connect to host
+paisaone.com: did not receive HSTS header
+pajonzeck.de: could not connect to host
+paket.io: did not receive HSTS header
+pakho.xyz: could not connect to host
+paku.me: could not connect to host
+palmer.im: could not connect to host
+pammbook.com: did not receive HSTS header
+pamplona.tv: could not connect to host
+pamsoft.pl: max-age too low: 0
+pan.tips: could not connect to host
+panaceallc.net: could not connect to host
+panama-gbs.com: did not receive HSTS header
+panamaequity.com: did not receive HSTS header
+panamateakforestry.com: did not receive HSTS header
+panasca.is: could not connect to host
+panascais.co: could not connect to host
+panascais.com: could not connect to host
+panascais.de: could not connect to host
+panascais.eu: could not connect to host
+panascais.host: could not connect to host
+panascais.io: could not connect to host
+panascais.me: could not connect to host
+panascais.net: did not receive HSTS header
+panascais.pw: could not connect to host
+panascais.site: could not connect to host
+panascais.tech: could not connect to host
+panascais.us: could not connect to host
+pandapsy.com: could not connect to host
+panelomix.net: did not receive HSTS header
+panicparts.com: max-age too low: 10540800
+panni.me: could not connect to host
+panoranordic.net: could not connect to host
+pansu.space: could not connect to host
+pants-off.xyz: could not connect to host
+pantsu.cat: did not receive HSTS header
+papalytics.com: could not connect to host
+papeda.net: could not connect to host
+papelariadante.com.br: could not connect to host
+papercard.co.uk: did not receive HSTS header
+papercrunch.io: could not connect to host
+paperwallets.io: did not receive HSTS header
+papierniak.net: could not connect to host
+papygeek.com: could not connect to host
+parabhairavayoga.com: max-age too low: 0
+pardnoy.com: could not connect to host
+parent5446.us: could not connect to host
+parentmail.co.uk: did not receive HSTS header
+parfum-baza.ru: could not connect to host
+paris-cyber.fr: did not receive HSTS header
+parisvox.info: did not receive HSTS header
+parithy.net: could not connect to host
+parkingplus.co.il: could not connect to host
+parkrocker.com: max-age too low: 604800
+parkwithark.com: could not connect to host
+parodybit.net: did not receive HSTS header
+parpaing-paillette.net: could not connect to host
+particonpsplus.it: could not connect to host
+partiono.com: did not receive HSTS header
+partirkyoto.jp: did not receive HSTS header
+partnercardservices.com: did not receive HSTS header
+partnersfcu.org: did not receive HSTS header
+partyhaus.ovh: could not connect to host
+partyhireformby.co.uk: did not receive HSTS header
+partyvan.eu: could not connect to host
+partyvan.it: could not connect to host
+partyvan.moe: could not connect to host
+partyvan.nl: could not connect to host
+partyvan.se: could not connect to host
+pascalchristen.ch: did not receive HSTS header
+passrhce.com: could not connect to host
+passrhcsa.com: could not connect to host
+passumpsicbank.com: did not receive HSTS header
+passwd.io: could not connect to host
+passwordbox.com: did not receive HSTS header
+passwordrevelator.net: did not receive HSTS header
+pastaf.com: could not connect to host
+pastdream.xyz: could not connect to host
+paste.linode.com: could not connect to host
+pastebin.linode.com: could not connect to host
+pastenib.com: could not connect to host
+paster.li: did not receive HSTS header
+pastie.se: could not connect to host
+pataua.kiwi: did not receive HSTS header
+paternitydnatest.com: could not connect to host
+patfs.com: did not receive HSTS header
+patientinsight.net: did not receive HSTS header
+patrickbusch.net: could not connect to host
+patrickneuro.de: could not connect to host
+patt.us: did not receive HSTS header
+patterson.mp: could not connect to host
+paul-kerebel.pro: could not connect to host
+paulbramhall.uk: could not connect to host
+paulbunyanmls.com: did not receive HSTS header
+paulewen.ca: could not connect to host
+paulproell.at: could not connect to host
+paulrudge.codes: could not connect to host
+paulshir.com: could not connect to host
+paulshir.is: could not connect to host
+paulyang.cn: did not receive HSTS header
+pavelfojt.cz: did not receive HSTS header
+pavelkahouseforcisco.com: did not receive HSTS header
+paxdei.com.br: could not connect to host
+paxwinkel.nl: did not receive HSTS header
+pay.gigahost.dk: did not receive HSTS header
+payfreez.com: could not connect to host
+payments-reference.org: could not connect to host
+payments.google.com: did not receive HSTS header (error ignored - included regardless)
+paymon.tj: could not connect to host
+paypod.org: could not connect to host
+payroll.ch: could not connect to host
+paytwopay.com: could not connect to host
+pbapp.net: did not receive HSTS header
+pbbr.com: did not receive HSTS header
+pbprint.ru: did not receive HSTS header
+pc-nf.de: did not receive HSTS header
+pcat.io: could not connect to host
+pcfun.net: could not connect to host
+pchax.net: could not connect to host
+pchospital.cc: could not connect to host
+pcmr.info: did not receive HSTS header
+pcvirusclear.com: could not connect to host
+pdamsidoarjo.co.id: could not connect to host
+pdevio.com: could not connect to host
+pdf.yt: could not connect to host
+pe-bank.co.jp: max-age too low: 604800
+pe-kyousai.jp: did not receive HSTS header
+peaceandwool.com: did not receive HSTS header
+peakapp.nl: could not connect to host
+pear2pear.de: could not connect to host
+pebblesdemo.com: could not connect to host
+peekops.com: could not connect to host
+peerherrmann.de: could not connect to host
+peirong.me: could not connect to host
+peissen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pekkapikkarainen.fi: did not receive HSTS header
+pekkarik.ru: could not connect to host
+peliculasaudiolatinoonline.com: could not connect to host
+peliseries24.com: did not receive HSTS header
+pemberton.at: did not receive HSTS header
+penablog.com: did not receive HSTS header
+pengisatelier.net: could not connect to host
+pengui.uk: could not connect to host
+penguinclientsystem.com: did not receive HSTS header
+pennylane.me.uk: did not receive HSTS header
+pensanisso.com: max-age too low: 2592000
+pentagram.me: max-age too low: 2592000
+pentano.net: could not connect to host
+people-mozilla.org: could not connect to host
+peperiot.com: did not receive HSTS header
+pepperhead.com: did not receive HSTS header
+pepperworldhotshop.de: did not receive HSTS header
+pepsicoemployeepreferencesurvey.com: could not connect to host
+perdel.cn: did not receive HSTS header
+perfect-radiant-wrinkles.com: could not connect to host
+perfectionis.me: could not connect to host
+perfectseourl.com: did not receive HSTS header
+performaterm.ro: could not connect to host
+performous.org: could not connect to host
+perfumista.vn: did not receive HSTS header
+periscopeliveweb.com: could not connect to host
+perlwork.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pernatie.ru: could not connect to host
+perplex.nl: did not receive HSTS header
+perroud.pro: did not receive HSTS header
+persjrp.ca: could not connect to host
+persoform.ch: could not connect to host
+personalcommunicationsecurity.com: could not connect to host
+personaldatabasen.no: could not connect to host
+personalinjurylist.com: could not connect to host
+personalizedtouch.co: could not connect to host
+perthdevicelab.com: did not receive HSTS header
+pestalozzishop.com.br: could not connect to host
+pet-nsk.ru: could not connect to host
+petbooking.it: did not receive HSTS header
+petchart.net: could not connect to host
+peterkshultz.com: did not receive HSTS header
+petersmark.com: did not receive HSTS header
+pethub.com: did not receive HSTS header
+petit.site: could not connect to host
+petlife.od.ua: could not connect to host
+petplum.com: could not connect to host
+petravdbos.nl: did not receive HSTS header
+petrkrapek.cz: could not connect to host
+petrolplus.ru: max-age too low: 7776000
+petrovsky.pro: could not connect to host
+petsittersservices.com: could not connect to host
+pettsy.com: could not connect to host
+peuf.shop: could not connect to host
+pewboards.com: could not connect to host
+pexieapp.com: did not receive HSTS header
+peykezamin.ir: could not connect to host
+peytonfarrar.com: did not receive HSTS header
+pfgshop.com.br: could not connect to host
+pflegedienst-gratia.de: max-age too low: 300
+pgcpbc.com: could not connect to host
+pgmsource.com: could not connect to host
+pgpm.io: could not connect to host
+pgtb.be: did not receive HSTS header
+phalconist.com: could not connect to host
+pharmgkb.org: could not connect to host
+phdsupply.com: could not connect to host
+phdwuda.com: could not connect to host
+phil.tw: could not connect to host
+philadelphiacandies.com: did not receive HSTS header
+philippa.cool: could not connect to host
+phillmoore.com: did not receive HSTS header
+philpropertygroup.com: could not connect to host
+phoebe.co.nz: did not receive HSTS header
+phoenicis.com.ua: did not receive HSTS header
+phonenumberinfo.co.uk: could not connect to host
+phongmay24h.com: could not connect to host
+photoblogverona.com: could not connect to host
+photoboothpartyhire.co.uk: did not receive HSTS header
+photops.fr: could not connect to host
+phototag.org: did not receive HSTS header
+php-bach.org: could not connect to host
+phperformances.fr: did not receive HSTS header
+phpfashion.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+phrasing.me: could not connect to host
+physicaltherapist.com: did not receive HSTS header
+pi-eng.fr: did not receive HSTS header
+pianetaottica.eu: could not connect to host
+pianetaottica.net: could not connect to host
+pianetaottica.org: could not connect to host
+picallo.es: could not connect to host
+picardiascr.com: did not receive HSTS header
+pickersurvey.org: could not connect to host
+pickr.co: did not receive HSTS header
+picotronic.biz: could not connect to host
+picscare.co.uk: did not receive HSTS header
+pidatacenters.com: did not receive HSTS header
+pidomex.com: did not receive HSTS header
+pierrejeansuau.fr: could not connect to host
+pieterhordijk.com: could not connect to host
+pieterjangeeroms.me: could not connect to host
+piggott.me.uk: did not receive HSTS header
+pilgermaske.org: did not receive HSTS header
+piligrimname.com: could not connect to host
+pillowandpepper.com: did not receive HSTS header
+pilotcrowd.nl: did not receive HSTS header
+pimpmymac.ru: did not receive HSTS header
+pims.global: did not receive HSTS header
+pimspage.nl: could not connect to host
+pinebaylibrary.org: could not connect to host
+pinkyf.com: could not connect to host
+pioche.ovh: did not receive HSTS header
+pippen.io: could not connect to host
+pips.rocks: did not receive HSTS header
+pir9.com: did not receive HSTS header
+pirata.ga: did not receive HSTS header
+piratebit.tech: could not connect to host
+piratedb.com: could not connect to host
+piratedot.com: could not connect to host
+piratelist.online: could not connect to host
+piratenlogin.de: could not connect to host
+pirateproxy.pe: could not connect to host
+pirateproxy.sx: did not receive HSTS header
+pirateproxy.vip: could not connect to host
+pirati.cz: did not receive HSTS header
+piratte.net: did not receive HSTS header
+pirlitu.com: did not receive HSTS header
+pisexy.me: did not receive HSTS header
+pisidia.de: could not connect to host
+pitchup.com: did not receive HSTS header
+pitonarms.com: could not connect to host
+pittonpreschool.com: did not receive HSTS header
+piwko.co: could not connect to host
+pixdigital.net: did not receive HSTS header
+pixeame.com: did not receive HSTS header
+pixel.google.com: did not receive HSTS header (error ignored - included regardless)
+pixelcode.com.au: could not connect to host
+pixelgliders.de: could not connect to host
+pixelhero.co.uk: did not receive HSTS header
+pixi.chat: could not connect to host
+pixi.me: did not receive HSTS header
+pizzadoc.ch: could not connect to host
+pizzahut.ru: did not receive HSTS header
+pj83.duckdns.org: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+pjbet.mg: did not receive HSTS header
+pkautodesign.com: did not receive HSTS header
+pkschat.com: could not connect to host
+plaasprodukte.com: could not connect to host
+placollection.org: could not connect to host
+plaettliaktion.ch: did not receive HSTS header
+planbox.info: could not connect to host
+planpharmacy.com: could not connect to host
+plant.ml: did not receive HSTS header
+plass.hamburg: could not connect to host
+plasvilledescartaveis.com.br: could not connect to host
+plataformadeinformacion.es: max-age too low: 30000
+platform.lookout.com: could not connect to host
+platomania.eu: did not receive HSTS header
+play.google.com: did not receive HSTS header (error ignored - included regardless)
+playerhunter.com: did not receive HSTS header
+playerscout.net: did not receive HSTS header
+playflick.com: did not receive HSTS header
+playmaker.io: could not connect to host
+playmaza.live: did not receive HSTS header
+playnation.io: did not receive HSTS header
+playsharp.com: could not connect to host
+pleasure.forsale: could not connect to host
+pleier-it.de: did not receive HSTS header
+pleier.it: did not receive HSTS header
+plfgr.eu.org: could not connect to host
+plhdb.org: did not receive HSTS header
+plirt.ru: could not connect to host
+plixer.com: did not receive HSTS header
+plogable.co: could not connect to host
+plombirator.kz: did not receive HSTS header
+plothost.com: did not receive HSTS header
+ploup.net: could not connect to host
+ploxel.com: did not receive HSTS header
+pluff.nl: did not receive HSTS header
+plur.com.au: did not receive HSTS header
+plus-digital.net: did not receive HSTS header
+plus-u.com.au: did not receive HSTS header
+plus.sandbox.google.com: did not receive HSTS header (error ignored - included regardless)
+plussizereviews.com: could not connect to host
+plut.org: did not receive HSTS header
+plymouthsoftplay.co.uk: could not connect to host
+pm13-media.cz: could not connect to host
+pmac.pt: could not connect to host
+pmbremer.de: could not connect to host
+pmemanager.fr: did not receive HSTS header
+pmnts.io: could not connect to host
+pnsc.is: could not connect to host
+pnukee.com: did not receive HSTS header
+pnyxnet.com: did not receive HSTS header
+po.gl: did not receive HSTS header
+pocketsix.com: could not connect to host
+pocloud.homelinux.net: could not connect to host
+podiumsdiskussion.org: did not receive HSTS header
+pogs.us: could not connect to host
+poiema.com.sg: did not receive HSTS header
+poinsot.beer: could not connect to host
+pointeringles.com: could not connect to host
+pointpro.de: did not receive HSTS header
+pokeduel.me: did not receive HSTS header
+pokomichi.com: did not receive HSTS header
+pol-expo.ru: did not receive HSTS header
+pol.in.th: could not connect to host
+polarityschule.com: did not receive HSTS header
+pole.net.nz: could not connect to host
+polen.guide: could not connect to host
+policeiwitness.sg: could not connect to host
+polimat.org: could not connect to host
+polit.im: could not connect to host
+politic.org.ua: could not connect to host
+politically-incorrect.xyz: could not connect to host
+politiewervingshop.nl: did not receive HSTS header
+politologos.org: did not receive HSTS header
+polycoise.com: could not connect to host
+polycrypt.us: could not connect to host
+polypho.nyc: could not connect to host
+pomardaserra.com: could not connect to host
+pompefunebrilariviera.it: could not connect to host
+pompompoes.com: could not connect to host
+ponteencima.com: could not connect to host
+pontokay.com.br: could not connect to host
+pontualcomp.com: could not connect to host
+pony.today: could not connect to host
+ponythread.com: did not receive HSTS header
+poolinstallers.co.za: could not connect to host
+poolsandstuff.com: did not receive HSTS header
+poon.tech: could not connect to host
+popi.se: did not receive HSTS header
+popkins.ml: could not connect to host
+poris.web.id: could not connect to host
+porno-gif.ru: did not receive HSTS header
+pornstars.me: did not receive HSTS header
+portalm.tk: could not connect to host
+portalplatform.net: could not connect to host
+portaluniversalista.org: could not connect to host
+portalzine.de: did not receive HSTS header
+poshpak.com: max-age too low: 86400
+posoiu.net: could not connect to host
+postcodewise.co.uk: did not receive HSTS header
+postscheduler.org: could not connect to host
+posylka.de: did not receive HSTS header
+potatoheads.net: could not connect to host
+potbar.com: could not connect to host
+potlytics.com: could not connect to host
+potsky.com: did not receive HSTS header
+pouets.ovh: could not connect to host
+pourmesloisirs.com: did not receive HSTS header
+poussinooz.fr: could not connect to host
+povitria.net: could not connect to host
+power-l.ch: did not receive HSTS header
+power-of-interest.com: did not receive HSTS header
+power99press.com: did not receive HSTS header
+powerentertainment.tv: could not connect to host
+poweroff.win: could not connect to host
+powerplannerapp.com: could not connect to host
+powershift.ne.jp: did not receive HSTS header
+powerxequality.com: could not connect to host
+poy-tech.com: could not connect to host
+pozniak.at: did not receive HSTS header
+pozyczka-bez-zaswiadczen.pl: did not receive HSTS header
+ppr-truby.ru: could not connect to host
+ppro.com: did not receive HSTS header
+ppuu.org: did not receive HSTS header
+ppy3.com: could not connect to host
+practicallabs.com: could not connect to host
+practodev.com: could not connect to host
+pratinav.xyz: could not connect to host
+prattpokemon.com: could not connect to host
+praxis-research.info: could not connect to host
+precisionaeroimaging.com: did not receive HSTS header
+prediksisydney.com: could not connect to host
+preezzie.com: could not connect to host
+prefis.com: did not receive HSTS header
+prefontaine.name: could not connect to host
+prego-shop.de: did not receive HSTS header
+preissler.co.uk: could not connect to host
+prelist.org: did not receive HSTS header
+prelogica.com.br: did not receive HSTS header
+prepandgo-euro.com: could not connect to host
+preppertactics.com: did not receive HSTS header
+presidentials2016.com: could not connect to host
+press-anime-nenkan.com: did not receive HSTS header
+pressenews.net: did not receive HSTS header
+pressfreedomfoundation.org: did not receive HSTS header
+prettygrouse.com: did not receive HSTS header
+prettyphotoart.de: did not receive HSTS header
+pretzlaff.info: did not receive HSTS header
+preworkout.me: could not connect to host
+prezola.com: max-age too low: 0
+prgslab.net: could not connect to host
+pridoc.se: did not receive HSTS header
+prilock.com: did not receive HSTS header
+primecaplending.com: did not receive HSTS header
+prinbanat.ngo: did not receive HSTS header
+princessbackpack.de: could not connect to host
+printerest.io: could not connect to host
+printersonline.be: did not receive HSTS header
+printery.be: could not connect to host
+printfn.com: could not connect to host
+priolkar.com: did not receive HSTS header
+prism-communication.com: could not connect to host
+privacylabs.io: did not receive HSTS header
+privacymanatee.com: could not connect to host
+privacyrup.net: could not connect to host
+privcloud.org: could not connect to host
+privilegevisa.fr: could not connect to host
+privytime.com: could not connect to host
+prnt.li: did not receive HSTS header
+pro-zone.com: could not connect to host
+proactive.run: could not connect to host
+probas.de: max-age too low: 0
+procode.gq: could not connect to host
+prodpad.com: did not receive HSTS header
+production.vn: did not receive HSTS header
+producto8.com: did not receive HSTS header
+profhome-shop.com: did not receive HSTS header
+profi-durchgangsmelder.de: did not receive HSTS header
+profivps.com: could not connect to host
+profloorstl.com: did not receive HSTS header
+profpay.com: could not connect to host
+profundr.com: could not connect to host
+profusion.io: did not receive HSTS header
+progblog.net: could not connect to host
+progress-technologies.com: could not connect to host
+progressivecfo.co.nz: could not connect to host
+prohostonline.fi: could not connect to host
+proitconsulting.com.au: could not connect to host
+project-sparks.eu: did not receive HSTS header
+projectascension.io: could not connect to host
+projectasterk.com: could not connect to host
+projectdp.net: could not connect to host
+projectmercury.space: could not connect to host
+projectvault.ovh: did not receive HSTS header
+projectx.top: could not connect to host
+projektik.cz: did not receive HSTS header
+projetoresecia.com: could not connect to host
+prokop.ovh: could not connect to host
+prolan.pw: did not receive HSTS header
+promarketer.net: did not receive HSTS header
+promecon-gmbh.de: did not receive HSTS header
+prontocleaners.co.uk: did not receive HSTS header
+prontolight.com: did not receive HSTS header
+prontomovers.co.uk: could not connect to host
+propactrading.com: could not connect to host
+propmag.co: could not connect to host
+prosoft.sk: did not receive HSTS header
+prosperident.com: did not receive HSTS header
+protoyou.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+provitacare.com: could not connect to host
+prowhisky.de: did not receive HSTS header
+proximato.com: could not connect to host
+proxybay.al: could not connect to host
+proxybay.club: could not connect to host
+proxybay.info: did not receive HSTS header
+proxybay.top: did not receive HSTS header
+proxydesk.eu: could not connect to host
+proxydesk.net: could not connect to host
+proxyowl.pw: could not connect to host
+proxyrox.com: could not connect to host
+proxyweb.us: did not receive HSTS header
+prpsss.com: could not connect to host
+pruikshop.nl: could not connect to host
+prxio.date: could not connect to host
+prxio.site: could not connect to host
+prytkov.com: could not connect to host
+pscleaningsolutions.co.uk: could not connect to host
+pshostpk.com: did not receive HSTS header
+psicologia.co.ve: could not connect to host
+psncardplus.be: could not connect to host
+psncardplus.com: could not connect to host
+psncardplus.dk: could not connect to host
+psncardplus.nl: could not connect to host
+psncardplus.se: could not connect to host
+pstudio.me: did not receive HSTS header
+psw.academy: could not connect to host
+psw.consulting: could not connect to host
+psychoco.net: could not connect to host
+ptn.moscow: could not connect to host
+ptonet.com: could not connect to host
+pubkey.is: could not connect to host
+publications.qld.gov.au: did not receive HSTS header
+publicidadnovagrass.com.mx: did not receive HSTS header
+publicspeakingcamps.com: could not connect to host
+publimepa.it: could not connect to host
+puentes.info: did not receive HSTS header
+pugilares.com.pl: could not connect to host
+pugliese.fr: could not connect to host
+puhe.se: could not connect to host
+puiterwijk.org: could not connect to host
+pulsar.guru: did not receive HSTS header
+pult.co: could not connect to host
+pumpgames.net: could not connect to host
+punchkickinteractive.com: did not receive HSTS header
+punchr-kamikazee.rhcloud.com: did not receive HSTS header
+puppydns.com: did not receive HSTS header
+purewebmasters.com: could not connect to host
+purplebricks.com: did not receive HSTS header
+purplemoon.mobi: did not receive HSTS header
+purplestar.mobi: did not receive HSTS header
+purpoz.com.br: could not connect to host
+push.world: did not receive HSTS header
+pushapp.org: did not receive HSTS header
+pushstar.com: max-age too low: 0
+pvagner.tk: did not receive HSTS header
+pwd.ovh: could not connect to host
+pwm.jp: could not connect to host
+pwnsdx.pw: could not connect to host
+pycrypto.org: could not connect to host
+pyol.org: could not connect to host
+pypi-mirrors.org: could not connect to host
+pypi-status.org: could not connect to host
+pyplo.org: did not receive HSTS header
+pypt.lt: did not receive HSTS header
+pyrrhonism.org: could not connect to host
+pysays.net: did not receive HSTS header
+pythia.nz: could not connect to host
+pythonic.guru: could not connect to host
+pythonic.training: could not connect to host
+pzgreni.ch: did not receive HSTS header
+pzme.me: could not connect to host
+q-rickroll-u.pw: could not connect to host
+q2.si: did not receive HSTS header
+q8mp3.me: did not receive HSTS header
+qa.fedoraproject.org: could not connect to host
+qbik.de: did not receive HSTS header
+qbnt.ca: could not connect to host
+qccqld.org.au: could not connect to host
+qforum.org: could not connect to host
+qiannews.net: could not connect to host
+qikan.net: could not connect to host
+qiliang.wang: did not receive HSTS header
+qingxuan.info: could not connect to host
+qinxi1992.com: could not connect to host
+qionglu.pw: could not connect to host
+qipp.com: did not receive HSTS header
+qixxit.de: did not receive HSTS header
+qldconservation.org: could not connect to host
+qldformulaford.org: could not connect to host
+qnatek.org: could not connect to host
+qonqa.de: did not receive HSTS header
+qop.io: could not connect to host
+qoqo.us: could not connect to host
+qorm.co.uk: did not receive HSTS header
+qqq.gg: could not connect to host
+qr-city.org: did not receive HSTS header
+qrara.net: did not receive HSTS header
+qredo.com: did not receive HSTS header
+qrforex.com: did not receive HSTS header
+qrlending.com: could not connect to host
+qrlfinancial.com: could not connect to host
+qscloud.de: could not connect to host
+qswoo.org: could not connect to host
+qto.net: could not connect to host
+quail.solutions: could not connect to host
+quakerlens.com: did not receive HSTS header
+quality1.com.br: did not receive HSTS header
+qualityology.com: did not receive HSTS header
+quanglepro.com: could not connect to host
+quantacloud.ch: could not connect to host
+quantenteranik.eu: could not connect to host
+quantum-cloud.xyz: could not connect to host
+quantum-ethics.com: could not connect to host
+quantumcourse.org: did not receive HSTS header
+quay.net: could not connect to host
+quebecmailbox.com: could not connect to host
+queenbrownie.com.br: could not connect to host
+quelmandataire.fr: did not receive HSTS header
+queryplayground.com: could not connect to host
+questsandrewards.com: could not connect to host
+quickandroid.tools: could not connect to host
+quickpayservice.com: could not connect to host
+quizionic.com: could not connect to host
+quizmemes.org: could not connect to host
+quotehex.com: could not connect to host
+quotemaster.co.za: could not connect to host
+quranserver.net: could not connect to host
+qwilink.me: did not receive HSTS header
+r-ay.club: did not receive HSTS header
+r-ay.cn: could not connect to host
+r-core.ru: could not connect to host
+r-rickroll-u.pw: could not connect to host
+r10n.com: did not receive HSTS header
+r15.me: did not receive HSTS header
+r3bl.me: did not receive HSTS header
+ra-schaal.de: did not receive HSTS header
+raajheshkannaa.com: could not connect to host
+rabota-x.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rackblue.com: could not connect to host
+radeticlaw.com: max-age too low: 0
+radicaleducation.net: could not connect to host
+radioheteroglossia.com: did not receive HSTS header
+radishmoon.com: max-age too low: 0
+rafaelcz.de: could not connect to host
+ragingserenity.com: did not receive HSTS header
+raiblockscommunity.net: could not connect to host
+raidensnakesden.co.uk: could not connect to host
+raidensnakesden.com: could not connect to host
+raidensnakesden.net: could not connect to host
+raidstone.com: could not connect to host
+raidstone.net: could not connect to host
+raidstone.rocks: could not connect to host
+rainbin.com: could not connect to host
+rainbowbarracuda.com: could not connect to host
+ramarka.de: could not connect to host
+ramon-c.nl: could not connect to host
+ramonj.nl: could not connect to host
+randomcage.com: did not receive HSTS header
+randomcloud.net: could not connect to host
+randomhero.cloud: could not connect to host
+randomwinpicker.de: could not connect to host
+randy.pw: could not connect to host
+ranegroup.hosting: could not connect to host
+rankthespot.com: could not connect to host
+ranktopay.com: did not receive HSTS header
+rannseier.org: could not connect to host
+ranos.org: could not connect to host
+rany.duckdns.org: could not connect to host
+rany.io: could not connect to host
+rany.pw: could not connect to host
+rapdogg.com: could not connect to host
+rapidresearch.me: could not connect to host
+rapidthunder.io: could not connect to host
+rasing.me: could not connect to host
+rastreador.com.es: did not receive HSTS header
+ratajczak.fr: could not connect to host
+rate-esport.de: could not connect to host
+rationem.nl: did not receive HSTS header
+ratuseks.com: could not connect to host
+ratuseks.net: could not connect to host
+ratuseks.us: could not connect to host
+rauchenwald.net: did not receive HSTS header
+raulfraile.net: could not connect to host
+ravage.fm: did not receive HSTS header
+raven.lipetsk.ru: could not connect to host
+ravengergaming.ga: did not receive HSTS header
+ravengergaming.net: could not connect to host
+ravkr.duckdns.org: max-age too low: 360000
+ravse.dk: could not connect to host
+raw-diets.com: did not receive HSTS header
+rawet.se: could not connect to host
+rawoil.com: could not connect to host
+rawstorieslondon.com: could not connect to host
+raycarruthersphotography.co.uk: could not connect to host
+raydan.space: could not connect to host
+raydobe.me: could not connect to host
+raytron.org: could not connect to host
+razeencheng.com: could not connect to host
+razlaw.name: did not receive HSTS header
+razzolini.com.br: could not connect to host
+rbhighinc.org: could not connect to host
+rbose.org: could not connect to host
+rbqcloud.com: did not receive HSTS header
+rbti.me: could not connect to host
+rc-rp.com: could not connect to host
+rc4.io: could not connect to host
+rcafox.com: could not connect to host
+rcoliveira.com: could not connect to host
+rcorporation.be: did not receive HSTS header
+rcpcbd.com: could not connect to host
+rcraigmurphy.net: did not receive HSTS header
+rcvd.io: did not receive HSTS header
+rdfz.tech: could not connect to host
+rdns.im: did not receive HSTS header
+rdyrda.fr: could not connect to host
+re-customer.net: did not receive HSTS header
+reachr.com: could not connect to host
+reader.ga: could not connect to host
+readify.com.au: did not receive HSTS header
+readityourself.net: could not connect to host
+readmeeatmedrinkme.com: did not receive HSTS header
+readr.pw: could not connect to host
+readydok.com: did not receive HSTS header
+reagir43.fr: did not receive HSTS header
+reaiaer.com: could not connect to host
+real-compare.com: could not connect to host
+realcli.com: could not connect to host
+realmic.net: could not connect to host
+realmofespionage.com: could not connect to host
+realraghavgupta.com: could not connect to host
+realwoo.com: could not connect to host
+reapdrive.net: did not receive HSTS header
+reaper.rip: could not connect to host
+reardenporn.com: could not connect to host
+rebekaesgabor.online: could not connect to host
+rebootmc.com: could not connect to host
+redable.nl: did not receive HSTS header
+redair.es: did not receive HSTS header
+redar.xyz: could not connect to host
+reddiseals.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+reddit.com: did not receive HSTS header
+rede.ca: did not receive HSTS header
+redhorsemountainranch.com: did not receive HSTS header
+redicabo.de: could not connect to host
+redirectman.com: did not receive HSTS header
+redlatam.org: did not receive HSTS header
+redmbk.com: did not receive HSTS header
+redner.cc: did not receive HSTS header
+rednertv.de: did not receive HSTS header
+redoakmedia.net: did not receive HSTS header
+redports.org: could not connect to host
+redra.ws: did not receive HSTS header
+redy.host: did not receive HSTS header
+reevu.net: could not connect to host
+referenten.org: did not receive HSTS header
+refitplanner.com: did not receive HSTS header
+reflecton.io: could not connect to host
+reg.ru: did not receive HSTS header
+regaloaks.com: did not receive HSTS header
+regalpalms.com: did not receive HSTS header
+regenbogenwald.de: did not receive HSTS header
+regendevices.eu: could not connect to host
+regenerescence.com: did not receive HSTS header
+reggae-cdmx.com: could not connect to host
+regio-salland.nl: could not connect to host
+regionale.org: did not receive HSTS header
+registertovoteflorida.gov: did not receive HSTS header
+rehabthailand.nl: could not connect to host
+reic.me: could not connect to host
+reidascuecas.com.br: did not receive HSTS header
+reignsphere.net: could not connect to host
+reikiqueen.uk: could not connect to host
+reismil.ch: could not connect to host
+reisyukaku.org: did not receive HSTS header
+reithguard-it.de: did not receive HSTS header
+rejo.in: could not connect to host
+rejuvemedspa.com: did not receive HSTS header
+relayawards.com: could not connect to host
+reldoc.com.mx: did not receive HSTS header
+reliable-mail.de: could not connect to host
+relisten.nl: did not receive HSTS header
+relvan.com: did not receive HSTS header
+rem.pe: did not receive HSTS header
+rema.site: could not connect to host
+remaimodern.org: did not receive HSTS header
+remedica.fr: did not receive HSTS header
+remedioskaseros.com: did not receive HSTS header
+remedium.de: did not receive HSTS header
+rememberthis.co.za: could not connect to host
+remitatm.com: could not connect to host
+remodela.com.ve: could not connect to host
+remonttitekniikka.fi: could not connect to host
+remoteham.com: could not connect to host
+remotestance.com: did not receive HSTS header
+rencaijia.com: did not receive HSTS header
+renemayrhofer.com: could not connect to host
+rengarenkblog.com: could not connect to host
+renideo.fr: could not connect to host
+renkhosting.com: did not receive HSTS header
+renlong.org: did not receive HSTS header
+renrenss.com: could not connect to host
+renscreations.com: did not receive HSTS header
+rentacarcluj.xyz: could not connect to host
+rentbrowser.com: could not connect to host
+rentbrowsertrain.me: could not connect to host
+rentcarassist.com: could not connect to host
+renteater.com: could not connect to host
+rentex.com: did not receive HSTS header
+renyiyou.com: could not connect to host
+replacemychina.com: could not connect to host
+report-incident.de: could not connect to host
+report-to.com: did not receive HSTS header
+report-to.io: did not receive HSTS header
+report-uri.io: did not receive HSTS header
+report-url.com: did not receive HSTS header
+report-url.io: did not receive HSTS header
+reported.ly: did not receive HSTS header
+reporturl.com: did not receive HSTS header
+reporturl.io: did not receive HSTS header
+reprolife.co.uk: could not connect to host
+reqognize.com: could not connect to host
+res-rheingau.de: did not receive HSTS header
+res42.com: could not connect to host
+research.md: could not connect to host
+reserve-online.net: did not receive HSTS header
+residentsinsurance.co.uk: did not receive HSTS header
+resl20.servehttp.com: could not connect to host
+respice.xyz: could not connect to host
+ressl.ch: could not connect to host
+restaurace-klokocka.cz: did not receive HSTS header
+restchart.com: did not receive HSTS header
+reth.ch: could not connect to host
+retroarms.com: did not receive HSTS header
+retroarms.cz: did not receive HSTS header
+retube.ga: could not connect to host
+returnofwar.com: could not connect to host
+revapost.ch: could not connect to host
+revealdata.com: did not receive HSTS header
+revelaciones.tv: could not connect to host
+revello.org: did not receive HSTS header
+reverie.pw: could not connect to host
+review.info: did not receive HSTS header
+reviewbestseller.com: did not receive HSTS header
+reviewjust.com: did not receive HSTS header
+reviews.anime.my: max-age too low: 5184000
+revtut.net: could not connect to host
+rewardstock.com: max-age too low: 0
+rewopit.net: did not receive HSTS header
+reykjavik.guide: could not connect to host
+rezept-planer.de: could not connect to host
+rhapsodhy.hu: could not connect to host
+rhdigital.pro: could not connect to host
+rhering.de: could not connect to host
+rhodosdreef.nl: could not connect to host
+riaucybersolution.net: did not receive HSTS header
+ribopierre.fr: could not connect to host
+riceglue.com: could not connect to host
+richeza.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+richiemail.net: could not connect to host
+richmondsunlight.com: did not receive HSTS header
+richmtdriver.com: could not connect to host
+richsiciliano.com: could not connect to host
+richterphilipp.com: could not connect to host
+rid-wan.com: could not connect to host
+rideaudiscount.com: did not receive HSTS header
+rideforwade.com: could not connect to host
+rideforwade.net: could not connect to host
+rideforwade.org: could not connect to host
+rideworks.com: did not receive HSTS header
+ridwan.co: could not connect to host
+right-to-love.name: did not receive HSTS header
+right2.org: could not connect to host
+righttoknow.ie: did not receive HSTS header
+rigolitch.fr: did not receive HSTS header
+riiconnect24.net: max-age too low: 0
+rijndael.xyz: could not connect to host
+rijnmondeg.nl: did not receive HSTS header
+rika.me: could not connect to host
+ring0.xyz: did not receive HSTS header
+ringh.am: could not connect to host
+rionewyork.com.br: could not connect to host
+ripa.io: did not receive HSTS header
+rippleunion.com: could not connect to host
+riskmgt.com.au: could not connect to host
+rithm.ch: could not connect to host
+rivercruiseadvisor.com: did not receive HSTS header
+rivlo.com: could not connect to host
+rizon.me: could not connect to host
+rj.gg: could not connect to host
+rk6.cz: could not connect to host
+rkkhok.hu: did not receive HSTS header
+rkmantpur.org: did not receive HSTS header
+rmaqequipamentos.com.br: did not receive HSTS header
+rme.li: did not receive HSTS header
+roadfeast.com: could not connect to host
+roan24.pl: did not receive HSTS header
+robi-net.it: could not connect to host
+robigalia.org: did not receive HSTS header
+robomonkey.org: could not connect to host
+robteix.com: did not receive HSTS header
+robtex.com: did not receive HSTS header
+robtex.net: did not receive HSTS header
+robtex.org: did not receive HSTS header
+robust.ga: could not connect to host
+rochman.id: could not connect to host
+rocket-wars.de: did not receive HSTS header
+rocketgnomes.com: could not connect to host
+rocketnet.ml: could not connect to host
+rockeyscrivo.com: did not receive HSTS header
+rocksberg.net: could not connect to host
+rockz.io: did not receive HSTS header
+roddis.net: did not receive HSTS header
+rodehutskors.net: could not connect to host
+rodney.id.au: did not receive HSTS header
+rodneybrooksjr.com: did not receive HSTS header
+rodosto.com: did not receive HSTS header
+roeper.party: could not connect to host
+roesemann.email: could not connect to host
+rofrank.space: could not connect to host
+roguelikecenter.fr: did not receive HSTS header
+rohanbassett.com: could not connect to host
+rohlik.cz: did not receive HSTS header
+roketix.co.uk: did not receive HSTS header
+rolandslate.com: did not receive HSTS header
+rolemaster.net: could not connect to host
+roleplayhome.com: could not connect to host
+rolroer.co.za: could not connect to host
+romaimperator.com: did not receive HSTS header
+romainmuller.xyz: did not receive HSTS header
+romans-place.me.uk: could not connect to host
+romanticschemer.com: could not connect to host
+romanticvillas.com.au: could not connect to host
+romeoferraris.com: did not receive HSTS header
+romulusapp.com: could not connect to host
+ron2k.za.net: could not connect to host
+ronanrbr.com: did not receive HSTS header
+rondoniatec.com.br: did not receive HSTS header
+ronghexx.com: could not connect to host
+ronvandordt.info: could not connect to host
+ronwo.de: max-age too low: 1
+roolevoi.ru: could not connect to host
+room-checkin24.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rootbsd.at: could not connect to host
+rootforum.org: did not receive HSTS header
+rootservice.org: did not receive HSTS header
+rootwpn.com: could not connect to host
+rop.io: could not connect to host
+roquecenter.org: did not receive HSTS header
+rorymcdaniel.com: did not receive HSTS header
+rospa100.com: could not connect to host
+rossen.be: did not receive HSTS header
+rotex1840.de: did not receive HSTS header
+rotozen.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+rotter-dam.nl: did not receive HSTS header
+rotterdamjazz.info: could not connect to host
+rough.nu: could not connect to host
+roundtheme.com: did not receive HSTS header
+rous.se: could not connect to host
+rouvray.org: could not connect to host
+royal-forest.org: max-age too low: 0
+royalhop.co: could not connect to host
+royalpub.net: did not receive HSTS header
+royalsignaturecruise.com: could not connect to host
+roychan.org: max-age too low: 0
+royzez.com: could not connect to host
+rozalisbengal.ro: did not receive HSTS header
+rozalynne-dawn.ga: could not connect to host
+rozeapp.nl: could not connect to host
+rpasafrica.com: could not connect to host
+rr.in.th: could not connect to host
+rrke.cc: did not receive HSTS header
+rs-devdemo.host: could not connect to host
+rsajeey.info: could not connect to host
+rsampaio.info: did not receive HSTS header
+rsblake.net: could not connect to host
+rsf.io: could not connect to host
+rsldb.com: could not connect to host
+rsmaps.org: could not connect to host
+rtc.fun: could not connect to host
+rubbereggs.ca: could not connect to host
+rubecodeberg.com: could not connect to host
+rubendv.be: could not connect to host
+rubenschulz.nl: could not connect to host
+rubi-ka.net: max-age too low: 0
+ruborr.se: did not receive HSTS header
+rubysecurity.org: did not receive HSTS header
+rubyshop.nl: max-age too low: 604800
+rudeotter.com: did not receive HSTS header
+rue-de-la-vieille.fr: max-age too low: 0
+rugirlfriend.com: could not connect to host
+rugs.ca: did not receive HSTS header
+rugstorene.co.uk: did not receive HSTS header
+ruhr3.de: could not connect to host
+ruig.jp: could not connect to host
+ruitershoponline.nl: did not receive HSTS header
+rumoterra.com.br: could not connect to host
+runawebinar.nl: could not connect to host
+runcarina.com: could not connect to host
+rundumcolumn.xyz: could not connect to host
+runementors.com: could not connect to host
+runhardt.eu: did not receive HSTS header
+runtl.com: did not receive HSTS header
+runtondev.com: did not receive HSTS header
+ruqu.nl: could not connect to host
+rusadmin.biz: did not receive HSTS header
+ruska-modra.cz: did not receive HSTS header
+ruskamodra.cz: did not receive HSTS header
+rusl.me: could not connect to host
+russmarshall.com: could not connect to host
+rustfanatic.com: did not receive HSTS header
+ruudkoot.nl: could not connect to host
+ruxit.com: did not receive HSTS header
+rw-solutions.tech: could not connect to host
+rww.name: could not connect to host
+rxprep.com: did not receive HSTS header
+rxt.social: could not connect to host
+rxv.cc: could not connect to host
+ryansmithphotography.com: did not receive HSTS header
+ryanteck.uk: did not receive HSTS header
+rylin.net: did not receive HSTS header
+ryssland.guide: could not connect to host
+rzegroup.com: could not connect to host
+s-d-v.ch: could not connect to host
+s-rickroll-p.pw: could not connect to host
+s.how: could not connect to host
+s0923.com: could not connect to host
+s1mplescripts.de: did not receive HSTS header
+s3n.se: could not connect to host
+sa.net: could not connect to host
+saabwa.org: did not receive HSTS header
+sabine-forschbach.de: could not connect to host
+sabineforschbach.de: could not connect to host
+sadsu.com: did not receive HSTS header
+safeex.com: did not receive HSTS header
+safejourney.education: could not connect to host
+safelist.eu: did not receive HSTS header
+safematix.com: could not connect to host
+safemovescheme.co.uk: could not connect to host
+saferedirectlink.com: could not connect to host
+safersurfing.eu: did not receive HSTS header
+safetyrisk.net: did not receive HSTS header
+safewings-nh.nl: could not connect to host
+safing.me: did not receive HSTS header
+sagarhandicraft.com: could not connect to host
+sageth.com: max-age too low: 0
+sah3.net: could not connect to host
+saharalondon.com: max-age too low: 0
+saharmassachi.com: could not connect to host
+saigonstar.de: did not receive HSTS header
+sail-nyc.com: did not receive HSTS header
+saint-astier-triathlon.com: did not receive HSTS header
+saintjohnlutheran.church: did not receive HSTS header
+sairai.bid: did not receive HSTS header
+sajdowski.de: could not connect to host
+sakaki.anime.my: max-age too low: 5184000
+sakaserver.com: did not receive HSTS header
+sakib.ninja: did not receive HSTS header
+sakurabuff.com: could not connect to host
+saleslift.pl: did not receive HSTS header
+sallysubs.com: could not connect to host
+salserocafe.com: did not receive HSTS header
+salserototal.com: could not connect to host
+saltedskies.com: could not connect to host
+saltra.online: did not receive HSTS header
+salzamt.tk: could not connect to host
+samaritan.tech: could not connect to host
+samegoal.org: did not receive HSTS header
+sametovymesic.cz: could not connect to host
+saml2.com: could not connect to host
+sampcup.com: could not connect to host
+sampoznay.ru: did not receive HSTS header
+samraskauskas.com: could not connect to host
+samsen.club: could not connect to host
+samsungmobile.it: did not receive HSTS header
+sanael.net: could not connect to host
+sanasalud.org: could not connect to host
+sanatfilan.com: did not receive HSTS header
+sanatrans.com: could not connect to host
+sandviks.com: did not receive HSTS header
+sanguoxiu.com: could not connect to host
+sanhei.ch: did not receive HSTS header
+sanik.my: did not receive HSTS header
+sanissimo.com.mx: max-age too low: 86400
+sanmuding.com: could not connect to host
+sansage.com.br: could not connect to host
+sansdev.com: could not connect to host
+sansemea.com: did not receive HSTS header
+santi.eu: did not receive HSTS header
+santing.net: did not receive HSTS header
+santouri.be: could not connect to host
+saotn.org: did not receive HSTS header
+sarah-beckett-harpist.com: did not receive HSTS header
+sarahsweetlife.com: could not connect to host
+sarahsweger.com: could not connect to host
+sarakas.com: could not connect to host
+saraleebread.com: max-age too low: 86400
+sarangsemutbandung.com: could not connect to host
+sarindia.com: could not connect to host
+sarindia.de: could not connect to host
+sarisonproductions.com: did not receive HSTS header
+sarkarischeme.in: could not connect to host
+sarndipity.com: could not connect to host
+saruwebshop.co.za: could not connect to host
+sat.rent: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sat7a-riyadh.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satanichia.moe: could not connect to host
+satmep.com: did not receive HSTS header
+satoshicrypt.com: did not receive HSTS header
+satragreen.com: did not receive HSTS header
+satrent.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satrent.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+satriyowibowo.my.id: did not receive HSTS header
+satsukii.moe: did not receive HSTS header
+saturne.tk: could not connect to host
+saturngames.co.uk: did not receive HSTS header
+saucyfox.net: did not receive HSTS header
+saudeeconforto.com.br: did not receive HSTS header
+sauerbrey.eu: could not connect to host
+saumon.xyz: could not connect to host
+saunasandstuff.ca: did not receive HSTS header
+saunasandstuff.com: did not receive HSTS header
+sauvagebridge.nl: could not connect to host
+save.gov: could not connect to host
+saveaward.gov: could not connect to host
+savecashindia.com: could not connect to host
+savethedogfishfoundation.org: could not connect to host
+saveyour.biz: could not connect to host
+savingrecipe.com: did not receive HSTS header
+savvysuit.com: did not receive HSTS header
+sawamura-rental.com: did not receive HSTS header
+say-hanabi.com: could not connect to host
+sayhanabi.com: could not connect to host
+sazima.ru: did not receive HSTS header
+sbm.cloud: could not connect to host
+sbobetfun.com: did not receive HSTS header
+sbox-archives.com: could not connect to host
+sby.de: could not connect to host
+sc4le.com: could not connect to host
+scala.click: did not receive HSTS header
+scannabi.com: could not connect to host
+schaafenstrasse.koeln: could not connect to host
+schachburg.de: did not receive HSTS header
+schadegarant.net: could not connect to host
+schatmeester.be: could not connect to host
+schau-rein.co.at: max-age too low: 0
+schauer.so: could not connect to host
+schermreparatierotterdam.nl: did not receive HSTS header
+schmitt.ovh: could not connect to host
+schmitt.ws: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+schnapke.name: could not connect to host
+schnell-abnehmen.tips: did not receive HSTS header
+schnell-gold.com: could not connect to host
+scholl.io: did not receive HSTS header
+schooltrends.co.uk: did not receive HSTS header
+schoop.me: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+schreiber-netzwerk.eu: did not receive HSTS header
+schrikdraad.net: did not receive HSTS header
+schrodinger.io: could not connect to host
+schroepfglas-versand.de: did not receive HSTS header
+schroettle.com: did not receive HSTS header
+schulterglatzen-altenwalde.de: could not connect to host
+schultzflorists.com: could not connect to host
+schuppentier.org: did not receive HSTS header
+schwarzkopfforyou.de: did not receive HSTS header
+schweiz.guide: could not connect to host
+schweizerbolzonello.net: could not connect to host
+schwetz.net: could not connect to host
+scicasts.com: max-age too low: 7776000
+scienceathome.org: did not receive HSTS header
+sciencebase.gov: did not receive HSTS header
+sciencemonster.co.uk: could not connect to host
+scivillage.com: did not receive HSTS header
+sclgroup.cc: did not receive HSTS header
+scooshonline.co.uk: did not receive HSTS header
+score-savers.com: max-age too low: 10540800
+scores4schools.com: could not connect to host
+scotbirchfield.com: did not receive HSTS header
+scottainslie.me.uk: could not connect to host
+scottdial.com: did not receive HSTS header
+scottferguson.com.au: did not receive HSTS header
+scottnicol.co.uk: could not connect to host
+scourt.info: could not connect to host
+scourt.org.ua: could not connect to host
+scrambl.is: could not connect to host
+scramble.io: did not receive HSTS header
+scrambler.in: could not connect to host
+scrapings.net: could not connect to host
+screencaster.io: did not receive HSTS header
+screenresolution.space: could not connect to host
+screensaversplanet.com: did not receive HSTS header
+scribbleserver.com: could not connect to host
+scribe.systems: could not connect to host
+scrion.com: could not connect to host
+script.google.com: did not receive HSTS header (error ignored - included regardless)
+scriptenforcer.net: could not connect to host
+scripthost.org: could not connect to host
+scriptict.nl: could not connect to host
+scriptjunkie.us: could not connect to host
+scrollstory.com: did not receive HSTS header
+sctm.at: could not connect to host
+sdhmanagementgroup.com: could not connect to host
+sdia.ru: could not connect to host
+sdmoscow.ru: could not connect to host
+sdrobs.com: did not receive HSTS header
+sdsl-speedtest.de: could not connect to host
+se7ensins.com: did not receive HSTS header
+seans.cc: did not receive HSTS header
+seatshare.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+seavancouver.com: could not connect to host
+sebastian-bair.de: could not connect to host
+sebastianhampl.de: could not connect to host
+sebastiensenechal.com: did not receive HSTS header
+sebster.com: did not receive HSTS header
+secandtech.com: could not connect to host
+seceye.cn: could not connect to host
+secitem.de: could not connect to host
+secnet.ga: could not connect to host
+secondary-survivor.com: could not connect to host
+secondary-survivor.help: could not connect to host
+secondary-survivor.net: could not connect to host
+secondarysurvivor.help: could not connect to host
+secondarysurvivorportal.com: could not connect to host
+secondarysurvivorportal.help: could not connect to host
+secondbyte.nl: could not connect to host
+secondpay.nl: could not connect to host
+secondspace.ca: could not connect to host
+secretnation.net: did not receive HSTS header
+sectest.ml: could not connect to host
+sectia22.ro: did not receive HSTS header
+sectun.com: did not receive HSTS header
+secur3.us: did not receive HSTS header
+secure-automotive-cloud.com: could not connect to host
+secure-automotive-cloud.org: could not connect to host
+secure-games.us: could not connect to host
+secure.link: did not receive HSTS header
+securechat4.me: could not connect to host
+securedevelop.net: could not connect to host
+securefuture.nl: did not receive HSTS header
+secureindia.co: could not connect to host
+secureobscure.com: could not connect to host
+secureradio.net: could not connect to host
+securesuisse.ch: could not connect to host
+securita.eu: did not receive HSTS header
+security-carpet.com: could not connect to host
+security-thoughts.org: could not connect to host
+security.google.com: did not receive HSTS header (error ignored - included regardless)
+security.xn--q9jyb4c: could not connect to host
+securityarena.com: could not connect to host
+securitybsides.pl: did not receive HSTS header
+securityglance.com: could not connect to host
+securityinet.biz: did not receive HSTS header
+securityinet.net: did not receive HSTS header
+securityinet.org.il: could not connect to host
+securitysoapbox.com: could not connect to host
+securiviera.ch: did not receive HSTS header
+securon.io: could not connect to host
+securoswiss.ch: could not connect to host
+sedoexpert.nl: could not connect to host
+sedoexperts.nl: could not connect to host
+sedrubal.de: could not connect to host
+sedziapilkarski.pl: did not receive HSTS header
+seedboxers.net: could not connect to host
+seefirm.com: could not connect to host
+seefunk.net: did not receive HSTS header
+seele.ca: could not connect to host
+seen.life: could not connect to host
+sehenderson.com: did not receive HSTS header
+seiko-dojo.com: could not connect to host
+seiler-bad.de: did not receive HSTS header
+seizoushokoyuubangou.com: did not receive HSTS header
+sektor.team: could not connect to host
+selcusters.nl: could not connect to host
+selecadm.name: could not connect to host
+selectary.com: could not connect to host
+selectcertifiedautos.com: did not receive HSTS header
+selectruckscalltrackingreports.com: could not connect to host
+seleondar.ru: could not connect to host
+selfdefenserx.com: did not receive HSTS header
+selfie-france.fr: could not connect to host
+selfserverx.com: could not connect to host
+selldorado.com: could not connect to host
+sellercritic.com: did not receive HSTS header
+sellmoretires.com: could not connect to host
+sello.com: did not receive HSTS header
+sellocdn.com: could not connect to host
+sellservs.co.za: could not connect to host
+semaf.at: max-age too low: 86400
+semantheme.fr: did not receive HSTS header
+semen3325.xyz: could not connect to host
+semenkovich.com: did not receive HSTS header
+semenov.su: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+semps-servers.de: could not connect to host
+semps.de: did not receive HSTS header
+sendash.com: could not connect to host
+sendmeback.de: did not receive HSTS header
+senedirect.com: could not connect to host
+sens2lavie.com: did not receive HSTS header
+senseofnumber.co.uk: did not receive HSTS header
+sensiblemn.org: could not connect to host
+sensibus.com: did not receive HSTS header
+seo-lagniappe.com: did not receive HSTS header
+seobot.com.au: could not connect to host
+seomobo.com: could not connect to host
+seosanantonioinc.com: did not receive HSTS header
+seoscribe.net: could not connect to host
+seowarp.net: did not receive HSTS header
+sep23.ru: did not receive HSTS header
+seq.tf: did not receive HSTS header
+serathius.ovh: could not connect to host
+serbien.guide: could not connect to host
+serenitycreams.com: did not receive HSTS header
+serfdom.io: did not receive HSTS header
+serized.pw: could not connect to host
+servecrypt.com: could not connect to host
+server-essentials.com: could not connect to host
+serverangels.co.uk: did not receive HSTS header
+servercode.ca: did not receive HSTS header
+serverdensity.io: did not receive HSTS header
+servergno.me: did not receive HSTS header
+serverlauget.no: could not connect to host
+servermonkey.nl: could not connect to host
+serverpedia.de: could not connect to host
+servfefe.com: could not connect to host
+servicevie.com: did not receive HSTS header
+servu.de: did not receive HSTS header
+seryo.moe: could not connect to host
+seryo.net: could not connect to host
+seryovpn.com: could not connect to host
+sesha.co.za: could not connect to host
+sessionslogning.dk: could not connect to host
+setphaserstostun.org: could not connect to host
+setuid.de: could not connect to host
+setuid.io: did not receive HSTS header
+sexplicit.co.uk: could not connect to host
+seyahatsagliksigortalari.com: could not connect to host
+seydaozcan.com: did not receive HSTS header
+sfashion.si: did not receive HSTS header
+sfhobbies.com.br: could not connect to host
+sfsltd.com: did not receive HSTS header
+sgcaccounts.co.uk: did not receive HSTS header
+sgovaard.nl: did not receive HSTS header
+sh11.pp.ua: did not receive HSTS header
+sha2017.org: did not receive HSTS header
+shadex.net: could not connect to host
+shadiku.com: could not connect to host
+shadoom.com: did not receive HSTS header
+shadow-socks.net: did not receive HSTS header
+shadow-socks.org: did not receive HSTS header
+shadow-socks.pro: did not receive HSTS header
+shadowguardian507-irl.tk: did not receive HSTS header
+shadowguardian507.tk: did not receive HSTS header
+shadowmorph.info: did not receive HSTS header
+shadowplus.net: could not connect to host
+shadowrocket.net: could not connect to host
+shadowroket.com: did not receive HSTS header
+shadowshocks.net: did not receive HSTS header
+shadowsocks.gift: did not receive HSTS header
+shadowsocks.net: could not connect to host
+shadowsocks.vc: did not receive HSTS header
+shadowsocks.wiki: did not receive HSTS header
+shadowsocksvpn.com: did not receive HSTS header
+shadowsoks.com: could not connect to host
+shadowsu.info: did not receive HSTS header
+shadowsu.top: did not receive HSTS header
+shagi29.ru: did not receive HSTS header
+shahbeat.com: did not receive HSTS header
+shakebox.de: could not connect to host
+shanekoster.net: could not connect to host
+shanesage.com: could not connect to host
+shang-yu.cn: could not connect to host
+shanxiapark.com: could not connect to host
+shaobin.wang: could not connect to host
+shapesedinburgh.co.uk: did not receive HSTS header
+shardsoft.com: could not connect to host
+shareimg.xyz: could not connect to host
+sharejoy.cn: did not receive HSTS header
+sharekey.com: did not receive HSTS header
+sharepass.pw: could not connect to host
+sharepic.xyz: could not connect to host
+sharezen.de: could not connect to host
+sharingcode.com: did not receive HSTS header
+shauncrowley.co.uk: could not connect to host
+shaunwheelhou.se: could not connect to host
+shavegazette.com: did not receive HSTS header
+shavingks.com: could not connect to host
+shawnbsmith.me: did not receive HSTS header
+shawnh.net: could not connect to host
+shellsec.pw: did not receive HSTS header
+shep.co.il: did not receive HSTS header
+sheratan.web.id: max-age too low: 2592000
+shereallyheals.com: did not receive HSTS header
+shervik.ga: could not connect to host
+sheying.tm: could not connect to host
+shg-pornographieabhaengigkeit.de: did not receive HSTS header
+shiatsu-institut.ch: did not receive HSTS header
+shibe.club: could not connect to host
+shiftins.com: could not connect to host
+shiftnrg.org: did not receive HSTS header
+shiftplanning.com: did not receive HSTS header
+shiinko.com: could not connect to host
+shindorei.fr: could not connect to host
+shinebijoux.com.br: could not connect to host
+shinju.moe: could not connect to host
+shiona.xyz: could not connect to host
+shipinsight.com: did not receive HSTS header
+shipmile.com: did not receive HSTS header
+shipping24h.com: did not receive HSTS header
+shirakaba-cc.com: could not connect to host
+shirosaki.org: could not connect to host
+shitfest.info: did not receive HSTS header
+shitposting.life: could not connect to host
+shm-forum.org.uk: could not connect to host
+shocksrv.com: did not receive HSTS header
+shooshosha.com: could not connect to host
+shopherbal.co.za: did not receive HSTS header
+shopods.com: did not receive HSTS header
+shopontarget.com: did not receive HSTS header
+shoppeno5.com: did not receive HSTS header
+shoppingreview.org: could not connect to host
+shoprose.ru: could not connect to host
+shops.neonisi.com: could not connect to host
+short-biography.com: did not receive HSTS header
+shorten.ninja: could not connect to host
+shortr.li: could not connect to host
+shota.party: could not connect to host
+showkeeper.tv: did not receive HSTS header
+showmethemoney.ru: did not receive HSTS header
+shoxmusic.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+shred.ch: could not connect to host
+shredoptics.ch: could not connect to host
+shukatsu-note.com: could not connect to host
+shurita.org: could not connect to host
+shuzicai.cn: could not connect to host
+shv25.se: could not connect to host
+shwongacc.com: could not connect to host
+shymeck.pw: could not connect to host
+shypp.it: could not connect to host
+shyrydan.es: could not connect to host
+siamega.com: could not connect to host
+siammedia.co: could not connect to host
+sianimacion.com: could not connect to host
+sichere-kartenakzeptanz.de: could not connect to host
+siciliadigitale.pro: could not connect to host
+sickfile.com: could not connect to host
+siddhant.me: max-age too low: 0
+siebens.net: could not connect to host
+sifls.com: could not connect to host
+sifreuret.com: could not connect to host
+signoracle.com: could not connect to host
+signosquecombinam.com.br: could not connect to host
+sigterm.no: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sijimi.cn: could not connect to host
+sikatehtaat.fi: could not connect to host
+sikayetvar.com: did not receive HSTS header
+siku.pro: could not connect to host
+silaslova-ekb.ru: did not receive HSTS header
+silent.live: could not connect to host
+silentcircle.com: did not receive HSTS header
+silentcircle.org: could not connect to host
+silentlink.io: could not connect to host
+silicagelpackets.ca: did not receive HSTS header
+silver-drachenkrieger.de: did not receive HSTS header
+silverhome.ninja: could not connect to host
+silverpvp.com: could not connect to host
+silvistefi.com: could not connect to host
+simbast.com: could not connect to host
+simbihaiti.com: max-age too low: 7889238
+simccorp.com: did not receive HSTS header
+simeon.us: max-age too low: 2592000
+simfri.com: did not receive HSTS header
+simnovo.net: did not receive HSTS header
+simobilklub.si: could not connect to host
+simod.org: could not connect to host
+simon-pokorny.com: did not receive HSTS header
+simon.butcher.name: max-age too low: 2629743
+simongong.net: did not receive HSTS header
+simonsaxon.com: did not receive HSTS header
+simpan.id: did not receive HSTS header
+simpleai.net: max-age too low: 600
+simplefraud.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+simplelearner.com: could not connect to host
+simplepractice.com: did not receive HSTS header
+simplerses.com: could not connect to host
+simplexsupport.com: did not receive HSTS header
+simplixos.org: could not connect to host
+simplyenak.com: did not receive HSTS header
+sims4hub.ga: could not connect to host
+simtin-net.de: did not receive HSTS header
+simyo.nl: did not receive HSTS header
+sin30.net: could not connect to host
+sincai666.com: could not connect to host
+sincron.org: could not connect to host
+sinful.pw: could not connect to host
+sinfulforums.net: could not connect to host
+singul4rity.com: could not connect to host
+sinneserweiterung.de: could not connect to host
+sinosky.org: did not receive HSTS header
+sinsojb.me: did not receive HSTS header
+sinusbot.online: did not receive HSTS header
+sipc.org: did not receive HSTS header
+siqi.wang: could not connect to host
+siriad.com: could not connect to host
+sirius-lee.net: could not connect to host
+siro.gq: did not receive HSTS header
+sistemasespecializados.com: did not receive HSTS header
+sitehost.io: did not receive HSTS header
+sitemaxiphilippe.ch: could not connect to host
+sitennisclub.com: did not receive HSTS header
+siterip.org: could not connect to host
+sites.google.com: did not receive HSTS header (error ignored - included regardless)
+sitesforward.com: did not receive HSTS header
+sitesten.com: did not receive HSTS header
+sittinginoblivion.com: did not receive HSTS header
+sizingservers.be: did not receive HSTS header
+sizzle.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+skandiabanken.no: did not receive HSTS header
+skaraborgsassistans.com: did not receive HSTS header
+skarox.ru: could not connect to host
+ski-insurance.com.au: did not receive HSTS header
+skidstresser.com: could not connect to host
+skiinstructor.services: did not receive HSTS header
+skillproxy.com: could not connect to host
+skillproxy.net: could not connect to host
+skillproxy.org: could not connect to host
+skk.io: could not connect to host
+skoda-clever-lead.de: could not connect to host
+skoda-nurdiebesten.de: did not receive HSTS header
+skoda-service-team-cup.de: did not receive HSTS header
+skotty.io: did not receive HSTS header
+skpdev.net: could not connect to host
+skullhouse.nyc: did not receive HSTS header
+sky-aroma.com: could not connect to host
+skyasker.cn: could not connect to host
+skyasker.com: did not receive HSTS header
+skyflix.me: could not connect to host
+skyline.link: could not connect to host
+skyline.tw: did not receive HSTS header
+skylocker.net: could not connect to host
+skylocker.nl: could not connect to host
+skynethk.com: did not receive HSTS header
+skyoy.com: did not receive HSTS header
+skyrunners.ch: could not connect to host
+skyveo.ml: did not receive HSTS header
+skyway.capital: did not receive HSTS header
+sl1pkn07.wtf: could not connect to host
+slanterns.net: could not connect to host
+slaps.be: could not connect to host
+slash-dev.de: did not receive HSTS header
+slashand.co: could not connect to host
+slashdesign.it: did not receive HSTS header
+slashem.me: did not receive HSTS header
+slattery.co: could not connect to host
+slauber.de: did not receive HSTS header
+sleeklounge.com: did not receive HSTS header
+sleep10.com: could not connect to host
+sleepstar.com.mt: did not receive HSTS header
+slicketl.com: did not receive HSTS header
+slightfuture.click: could not connect to host
+slightfuture.com: did not receive HSTS header
+slix.io: could not connect to host
+slope.haus: could not connect to host
+slovakiana.sk: did not receive HSTS header
+slovoice.org: could not connect to host
+sluplift.com: did not receive HSTS header
+slycurity.de: did not receive HSTS header
+slytech.ch: could not connect to host
+smablo.com: did not receive HSTS header
+smallcdn.rocks: could not connect to host
+smallchat.nl: could not connect to host
+smalldata.tech: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+smallshopit.com: did not receive HSTS header
+smart-mirror.de: did not receive HSTS header
+smart-ov.nl: could not connect to host
+smartbuyelectric.com: could not connect to host
+smartcleaningcenter.nl: did not receive HSTS header
+smartcoin.com.br: could not connect to host
+smarterskies.gov: did not receive HSTS header
+smartfon4you.ru: max-age too low: 0
+smarthomedna.com: did not receive HSTS header
+smartofficesandsmarthomes.com: did not receive HSTS header
+smartphone.continental.com: could not connect to host
+smartrak.co.nz: did not receive HSTS header
+smdev.fr: could not connect to host
+smet.us: could not connect to host
+smexpt.com: did not receive HSTS header
+smileawei.com: did not receive HSTS header
+smimea.com: could not connect to host
+smirkingwhorefromhighgarden.pro: could not connect to host
+smith.is: could not connect to host
+smittix.co.uk: did not receive HSTS header
+smkn1lengkong.sch.id: did not receive HSTS header
+smksi2.com: could not connect to host
+smksultanismail2.com: did not receive HSTS header
+sml.lc: could not connect to host
+smol.cat: did not receive HSTS header
+smove.sg: did not receive HSTS header
+smplix.com: could not connect to host
+smspodmena.ru: did not receive HSTS header
+smtp.bz: did not receive HSTS header
+smuhelper.cn: could not connect to host
+smusg.com: did not receive HSTS header
+smzsq.com: did not receive HSTS header
+snailing.org: could not connect to host
+snakehosting.dk: did not receive HSTS header
+snapworks.net: did not receive HSTS header
+snekchat.moe: could not connect to host
+snelwerk.be: could not connect to host
+sng.my: could not connect to host
+snip.host: could not connect to host
+snippet.host: could not connect to host
+snoozedds.com: max-age too low: 600
+snoqualmiefiber.org: could not connect to host
+snowdy.eu: could not connect to host
+sobabox.ru: could not connect to host
+soboleva-pr.com.ua: could not connect to host
+soccergif.com: could not connect to host
+social-journey.com: could not connect to host
+socialbillboard.com: could not connect to host
+socialcs.xyz: could not connect to host
+socialgrowing.cl: did not receive HSTS header
+socialhead.io: could not connect to host
+socialhub.com: did not receive HSTS header
+socializam.com: did not receive HSTS header
+socialprize.com: could not connect to host
+socialspirit.com.br: did not receive HSTS header
+socialworkout.com: could not connect to host
+socialworkout.net: could not connect to host
+socialworkout.org: could not connect to host
+socialworkout.tv: could not connect to host
+socketize.com: could not connect to host
+sockeye.cc: could not connect to host
+socomponents.co.uk: could not connect to host
+sodacore.com: could not connect to host
+softballsavings.com: did not receive HSTS header
+sogeek.me: could not connect to host
+sogravatas.net.br: could not connect to host
+sohamroy.me: could not connect to host
+sojingle.net: could not connect to host
+sokolka.tv: did not receive HSTS header
+sol-3.de: did not receive HSTS header
+sol.works: did not receive HSTS header
+solarcom.com.br: could not connect to host
+soldbygold.net: did not receive HSTS header
+solentes.com.br: could not connect to host
+solidfuelappliancespares.co.uk: did not receive HSTS header
+solidtuesday.com: could not connect to host
+solidus.systems: did not receive HSTS header
+solinter.com.br: did not receive HSTS header
+soljem.com: did not receive HSTS header
+soll-i.ch: did not receive HSTS header
+solosmusic.xyz: could not connect to host
+solsystems.ru: could not connect to host
+solutive.fi: did not receive HSTS header
+solymar.co: could not connect to host
+some.rip: max-age too low: 6307200
+someshit.xyz: could not connect to host
+something-else.cf: could not connect to host
+somethingnew.xyz: could not connect to host
+sonafe.info: could not connect to host
+sonerezh.bzh: did not receive HSTS header
+sonic.network: did not receive HSTS header
+sonicrainboom.rocks: could not connect to host
+sonyforum.no: did not receive HSTS header
+soobi.org: did not receive HSTS header
+soondy.com: did not receive HSTS header
+soply.com: did not receive HSTS header
+soporte.cc: could not connect to host
+sorensen-online.com: could not connect to host
+sortaweird.net: could not connect to host
+sosaka.ml: could not connect to host
+sosiolog.com: did not receive HSTS header
+sotor.de: did not receive HSTS header
+soucorneteiro.com.br: could not connect to host
+soulema.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+soulfulglamour.uk: could not connect to host
+soundforsound.co.uk: did not receive HSTS header
+sourcelair.com: did not receive HSTS header
+sourcitec.com: did not receive HSTS header
+southcoastswords.com: did not receive HSTS header
+southernjamusa.com: did not receive HSTS header
+southgale.condos: could not connect to host
+southside-crew.club: could not connect to host
+southworcestershiregpservices.co.uk: could not connect to host
+souvik.me: did not receive HSTS header
+souyar.de: could not connect to host
+souyar.net: could not connect to host
+souyar.us: could not connect to host
+sovereignshare.com: could not connect to host
+sown.dyndns.org: could not connect to host
+sowncloud.de: could not connect to host
+soz6.com: did not receive HSTS header
+sp.rw: could not connect to host
+spacedust.xyz: could not connect to host
+spacefish.biz: could not connect to host
+spacehq.org: could not connect to host
+spacemo.com: did not receive HSTS header
+spacountryexplorer.org.au: did not receive HSTS header
+spaggel.nl: did not receive HSTS header
+spamloco.net: did not receive HSTS header
+spangehlassociates.com: did not receive HSTS header
+spanien.guide: could not connect to host
+sparelib.com: max-age too low: 3650
+spark.team: could not connect to host
+sparklingsparklers.com: did not receive HSTS header
+sparmedo.de: did not receive HSTS header
+sparsa.army: could not connect to host
+sparta-trade.com: could not connect to host
+spauted.com: could not connect to host
+spdysync.com: could not connect to host
+specialedesigns.com: could not connect to host
+speculor.net: could not connect to host
+spedition-transport-umzug.de: did not receive HSTS header
+speed-mailer.com: could not connect to host
+speedcounter.net: did not receive HSTS header
+speedy.lt: max-age too low: 0
+speedyprep.com: did not receive HSTS header
+speidel.com.tr: did not receive HSTS header
+spencerbaer.com: could not connect to host
+sperohub.io: could not connect to host
+spha.info: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+sphinx.network: could not connect to host
+spicywombat.com: could not connect to host
+spiegels.nl: could not connect to host
+spielcasinos.com: did not receive HSTS header
+spikeykc.me: did not receive HSTS header
+spillmaker.no: did not receive HSTS header
+spilsbury.io: could not connect to host
+spineandscoliosis.com: did not receive HSTS header
+spirit-dev.net: max-age too low: 0
+spiritfanfics.com: did not receive HSTS header
+spisoggrin.dk: did not receive HSTS header
+spitefultowel.com: did not receive HSTS header
+spititout.it: could not connect to host
+spittersberger.recipes: did not receive HSTS header
+split.is: could not connect to host
+spokonline.com: could not connect to host
+sponsortobias.com: could not connect to host
+sportchirp-internal.azurewebsites.net: did not receive HSTS header
+sporthit.ru: did not receive HSTS header
+sportifik.com: did not receive HSTS header
+sportingoods.com.br: could not connect to host
+sportscollection.com.br: could not connect to host
+sportsmanadvisor.com: could not connect to host
+sportwette.eu: did not receive HSTS header
+spot-events.com: could not connect to host
+spotifyripper.tk: could not connect to host
+spotlightsrule.ddns.net: could not connect to host
+spr.id.au: did not receive HSTS header
+spreadsheets.google.com: did not receive HSTS header (error ignored - included regardless)
+spresso.me: did not receive HSTS header
+sprint.ml: did not receive HSTS header
+sprk.fitness: did not receive HSTS header
+sproutconnections.com: could not connect to host
+sprutech.de: could not connect to host
+spyroszarzonis.com: could not connect to host
+squaddraft.com: could not connect to host
+square.gs: could not connect to host
+squatldf.org: did not receive HSTS header
+squids.space: could not connect to host
+squirtlesbians.net: could not connect to host
+sqzryang.com: could not connect to host
+srcc.fr: could not connect to host
+srevilak.net: did not receive HSTS header
+sritest.io: could not connect to host
+srmaximo.com: could not connect to host
+srna.sk: did not receive HSTS header
+srpdb.com: did not receive HSTS header
+srrr.ca: could not connect to host
+srvonfire.com: could not connect to host
+ss-free.net: could not connect to host
+ss.wtf: could not connect to host
+ssl.panoramio.com: did not receive HSTS header
+ssl.rip: could not connect to host
+ssmato.me: could not connect to host
+ssn1.ru: did not receive HSTS header
+sspanda.com: could not connect to host
+ssworld.ga: could not connect to host
+staack.com: could not connect to host
+stabletoken.com: could not connect to host
+stackfiles.io: could not connect to host
+stadionmanager.com: could not connect to host
+stadjerspasonline.nl: could not connect to host
+stadtbauwerk.at: did not receive HSTS header
+stadtgartenla.com: could not connect to host
+staffjoy.com: did not receive HSTS header
+staffjoystaging.com: could not connect to host
+stahl.xyz: could not connect to host
+stalkerhispano.com: max-age too low: 0
+stalkerteam.pl: did not receive HSTS header
+stalkthe.net: could not connect to host
+stalschermer.nl: could not connect to host
+stamonicatourandtravel.com: could not connect to host
+stamparmakarije.me: could not connect to host
+stanandjerre.org: could not connect to host
+standardssuck.org: did not receive HSTS header
+standingmist.com: did not receive HSTS header
+stannahtrapliften.nl: did not receive HSTS header
+starandshield.com: did not receive HSTS header
+starapple.nl: did not receive HSTS header
+starfeeling.net: could not connect to host
+stargatepartners.com: did not receive HSTS header
+starmusic.ga: did not receive HSTS header
+startuponcloud.com: max-age too low: 2678400
+startupsort.com: did not receive HSTS header
+stash.ai: did not receive HSTS header
+state-sponsored-actors.net: could not connect to host
+statementinsertsforless.com: did not receive HSTS header
+stateofexception.io: could not connect to host
+statgram.me: could not connect to host
+static-assets.io: could not connect to host
+static.hosting: could not connect to host
+static.or.at: did not receive HSTS header
+staticanime.net: could not connect to host
+staticisnoise.com: could not connect to host
+stationaryjourney.com: did not receive HSTS header
+stationcharlie.com: could not connect to host
+stationnementdenuit.ca: did not receive HSTS header
+status-sprueche.de: did not receive HSTS header
+statusbot.io: could not connect to host
+statuschecks.net: could not connect to host
+stavebnice.net: did not receive HSTS header
+stayokhotelscdc-mailing.com: could not connect to host
+stcable.net: did not receive HSTS header
+stcomex.com: did not receive HSTS header
+steampunkrobot.com: did not receive HSTS header
+steelbea.ms: could not connect to host
+steem.io: did not receive HSTS header
+stefanweiser.de: did not receive HSTS header
+steffi-in-australien.com: could not connect to host
+stepbystep3d.com: did not receive HSTS header
+steph-autoecole.ch: did not receive HSTS header
+stephanierxo.com: did not receive HSTS header
+stephanos.me: could not connect to host
+stephenandburns.com: did not receive HSTS header
+stevechekblain.win: could not connect to host
+steven-bennett.com: could not connect to host
+stevenroddis.com: did not receive HSTS header
+stevensheffey.me: did not receive HSTS header
+stevensononthe.net: did not receive HSTS header
+stevenz.net: did not receive HSTS header
+stewartremodelingadvantage.com: could not connect to host
+sticklerjs.org: could not connect to host
+stickswag.cf: could not connect to host
+stig.io: could not connect to host
+stigroom.com: could not connect to host
+stilettomoda.com.br: could not connect to host
+stillblackhat.id: could not connect to host
+stinkytrashhound.com: could not connect to host
+stirlingpoon.net: could not connect to host
+stirlingpoon.xyz: could not connect to host
+stkbn.com: did not receive HSTS header
+stkeverneparishcouncil.org.uk: did not receive HSTS header
+stl.news: did not receive HSTS header
+stmbgr.com: could not connect to host
+stn.me.uk: did not receive HSTS header
+stockseyeserum.com: could not connect to host
+stocktrade.de: could not connect to host
+stoffe-monster.de: did not receive HSTS header
+stoick.me: could not connect to host
+stole-my.bike: could not connect to host
+stole-my.tv: could not connect to host
+stomt.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+stonecutterscommunity.com: could not connect to host
+stonemanbrasil.com.br: could not connect to host
+stopbreakupnow.org: did not receive HSTS header
+stopwoodfin.org: could not connect to host
+storbritannien.guide: could not connect to host
+store-host.com: did not receive HSTS header
+storecove.com: did not receive HSTS header
+storeden.com: did not receive HSTS header
+storefrontify.com: did not receive HSTS header
+storiesofhealth.org: did not receive HSTS header
+storillo.com: did not receive HSTS header
+stormhub.org: could not connect to host
+stormyyd.com: did not receive HSTS header
+stqry.com: did not receive HSTS header
+str0.at: did not receive HSTS header
+strasweb.fr: did not receive HSTS header
+strbt.de: could not connect to host
+strchr.com: did not receive HSTS header
+stream.pub: could not connect to host
+streamingmagazin.de: could not connect to host
+streams.dyndns.org: could not connect to host
+strictlysudo.com: could not connect to host
+strife.tk: could not connect to host
+strila.me: could not connect to host
+strivephysmed.com: did not receive HSTS header
+stroeercrm.de: could not connect to host
+strongest-privacy.com: could not connect to host
+stuartbaxter.co: could not connect to host
+student-scientist.org: did not receive HSTS header
+studentrdh.com: did not receive HSTS header
+studentresearcher.org: did not receive HSTS header
+studentshare.net: max-age too low: 0
+studentskydenik.cz: could not connect to host
+studenttravel.cz: did not receive HSTS header
+studinf.xyz: could not connect to host
+studio-panic.com: did not receive HSTS header
+studiozelden.com: did not receive HSTS header
+studybay.com: did not receive HSTS header
+studydrive.net: did not receive HSTS header
+studyhub.cf: did not receive HSTS header
+stugb.de: did not receive HSTS header
+stupendous.net: could not connect to host
+sturbock.me: did not receive HSTS header
+sturdio.com.br: could not connect to host
+stylenda.com: could not connect to host
+stylle.me: could not connect to host
+subbing.work: could not connect to host
+subdimension.org: did not receive HSTS header
+subeesu.com: could not connect to host
+subhacker.net: did not receive HSTS header
+subsys.no: did not receive HSTS header
+subtitle.rip: could not connect to host
+subwayz.de: did not receive HSTS header
+sudo.im: could not connect to host
+sudo.li: did not receive HSTS header
+sudokian.io: did not receive HSTS header
+sudosu.fr: could not connect to host
+sugarsweetorsour.com: did not receive HSTS header
+suian.or.jp: max-age too low: 86400
+suite73.org: could not connect to host
+suitocracy.com: could not connect to host
+sulek.eu: could not connect to host
+summer.ga: could not connect to host
+summitbankofkc.com: did not receive HSTS header
+sumoatm.com: did not receive HSTS header
+sumoscout.de: could not connect to host
+sun-wellness-online.com.vn: did not receive HSTS header
+suncountrymarine.com: did not receive HSTS header
+suneilpatel.com: could not connect to host
+sunfireshop.com.br: could not connect to host
+sunflyer.cn: did not receive HSTS header
+sungo.wtf: did not receive HSTS header
+sunlandsg.vn: did not receive HSTS header
+sunnyfruit.ru: could not connect to host
+sunshinepress.org: could not connect to host
+sunxchina.com: could not connect to host
+sunyanzi.tk: could not connect to host
+suos.io: could not connect to host
+supcro.com: could not connect to host
+super-erotica.ru: could not connect to host
+super-garciniaslim.com: could not connect to host
+super-radiant-skin.com: could not connect to host
+super-ripped-power.com: could not connect to host
+super-slim-coffee.com: could not connect to host
+superbabysitting.ch: could not connect to host
+superbart.nl: could not connect to host
+superbdistribute.com: could not connect to host
+superbike.tw: could not connect to host
+supercreepsvideo.com: could not connect to host
+supereight.net: did not receive HSTS header
+superiorfloridavacation.com: did not receive HSTS header
+superklima.ro: did not receive HSTS header
+superlandnetwork.de: did not receive HSTS header
+superlentes.com.br: could not connect to host
+supernovabrasil.com.br: did not receive HSTS header
+superpase.com: could not connect to host
+supersalescontest.nl: did not receive HSTS header
+superschnappchen.de: could not connect to host
+supersecurefancydomain.com: could not connect to host
+supertramp-dafonseca.com: did not receive HSTS header
+superuser.fi: could not connect to host
+superwally.org: could not connect to host
+supes.io: did not receive HSTS header
+support4server.de: did not receive HSTS header
+suprlink.net: could not connect to host
+supweb.ovh: did not receive HSTS header
+surasak.io: could not connect to host
+surasak.org: could not connect to host
+surasak.xyz: could not connect to host
+surdam.casa: could not connect to host
+surfeasy.com: did not receive HSTS header
+surfone-leucate.com: did not receive HSTS header
+survivalistplanet.com: could not connect to host
+susconam.org: could not connect to host
+suspiciousdarknet.xyz: could not connect to host
+sussexwebdesigns.com: did not receive HSTS header
+sussexwebdesigns.info: did not receive HSTS header
+sustainability.gov: did not receive HSTS header
+suzukikenichi.com: did not receive HSTS header
+svatba-frantovi.cz: could not connect to host
+svenluijten.com: did not receive HSTS header
+svenskacasino.com: did not receive HSTS header
+svenskaservern.se: could not connect to host
+svetjakonadlani.cz: did not receive HSTS header
+swaggerdile.com: could not connect to host
+swaleacademiestrust.org.uk: max-age too low: 2592000
+swanseapartyhire.co.uk: did not receive HSTS header
+swdatlantico.pt: could not connect to host
+sweetlegs.jp: could not connect to host
+sweetstreats.ca: could not connect to host
+swiggy.com: did not receive HSTS header
+swimming.ca: did not receive HSTS header
+swisstranslate.ch: did not receive HSTS header
+swisstranslate.fr: did not receive HSTS header
+swite.com: did not receive HSTS header
+swmd5c.org: could not connect to host
+swu.party: could not connect to host
+sx3.no: could not connect to host
+sxbk.pw: could not connect to host
+sy-anduril.de: could not connect to host
+syam.cc: could not connect to host
+sydgrabber.tk: could not connect to host
+sykl.us: could not connect to host
+sylvangarden.org: could not connect to host
+sylvanorder.com: could not connect to host
+synackr.com: could not connect to host
+synapticconsulting.co.uk: could not connect to host
+syncappate.com: could not connect to host
+syncclinicalstudy.com: could not connect to host
+syncer.jp: did not receive HSTS header
+syncserve.net: did not receive HSTS header
+syneic.com: did not receive HSTS header
+synergisticsoccer.com: could not connect to host
+syno.gq: could not connect to host
+syntaxoff.com: could not connect to host
+syrocon.ch: could not connect to host
+sysadminstory.com: could not connect to host
+sysdb.io: could not connect to host
+sysgeek.cn: could not connect to host
+syso.name: could not connect to host
+syspen.space: did not receive HSTS header
+sysrq.tech: could not connect to host
+syss.de: did not receive HSTS header
+systemd.me: could not connect to host
+syy.hk: could not connect to host
+szaszm.tk: max-age too low: 0
+t-complex.space: could not connect to host
+t-ken.xyz: could not connect to host
+t-tz.com: could not connect to host
+t0dd.eu: could not connect to host
+t3rror.net: could not connect to host
+t4c-rebirth.com: could not connect to host
+t4x.org: could not connect to host
+taabe.xyz: could not connect to host
+tabelfirme.ro: did not receive HSTS header
+tadigitalstore.com: could not connect to host
+tafoma.com: did not receive HSTS header
+tageau.com: could not connect to host
+taglondon.org: did not receive HSTS header
+tahakomat.cz: could not connect to host
+taichi-jade.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tailify.com: did not receive HSTS header
+tails.com.ar: did not receive HSTS header
+takumi-s.net: did not receive HSTS header
+takusan.ru: could not connect to host
+talentuar.com: did not receive HSTS header
+tales-of-interia.de: could not connect to host
+talheim-records.ca: could not connect to host
+talk.google.com: did not receive HSTS header (error ignored - included regardless)
+talkitup.mx: could not connect to host
+talkitup.online: did not receive HSTS header
+talklifestyle.nl: could not connect to host
+talktwincities.com: could not connect to host
+tallr.se: could not connect to host
+tallshoe.com: could not connect to host
+tamex.xyz: could not connect to host
+tandarts-haarlem.nl: did not receive HSTS header
+tandem-trade.ru: could not connect to host
+tangel.me: could not connect to host
+tangibilizing.com: could not connect to host
+tangyue.date: could not connect to host
+tangzhao.net: could not connect to host
+taniesianie.pl: did not receive HSTS header
+tankfreunde.de: did not receive HSTS header
+tante-bugil.net: could not connect to host
+tantotiempo.de: could not connect to host
+tanze-jetzt.de: could not connect to host
+taotuba.net: did not receive HSTS header
+taozj.org: did not receive HSTS header
+tapfinder.ca: could not connect to host
+tapka.cz: did not receive HSTS header
+tappublisher.com: did not receive HSTS header
+targaryen.house: could not connect to host
+tarhauskielto.fi: could not connect to host
+tartaros.fi: could not connect to host
+tas2580.net: could not connect to host
+taskstats.com: could not connect to host
+taskulu.ir: could not connect to host
+tasmansecurity.com: could not connect to host
+tassup.com: could not connect to host
+tastyyy.co: could not connect to host
+tatilbus.com: did not receive HSTS header
+tatt.io: could not connect to host
+tattvaayoga.com: did not receive HSTS header
+tauchkater.de: could not connect to host
+tavoittaja.fi: did not receive HSTS header
+tavopica.lt: did not receive HSTS header
+taxbench.com: could not connect to host
+taxsnaps.co.nz: did not receive HSTS header
+tazj.in: did not receive HSTS header
+tazz.in: could not connect to host
+tbspace.de: did not receive HSTS header
+tc-bonito.de: did not receive HSTS header
+tcao.info: could not connect to host
+tcby45.xyz: could not connect to host
+tcdw.net: did not receive HSTS header
+tcl.ath.cx: did not receive HSTS header
+tcomms.org: max-age too low: 0
+tcp.expert: did not receive HSTS header
+tcpweb.net: could not connect to host
+tcwebvn.com: could not connect to host
+tdelmas.eu: could not connect to host
+tdelmas.ovh: could not connect to host
+tdsb.cf: could not connect to host
+tdsb.ga: could not connect to host
+tdsb.gq: could not connect to host
+tdsb.ml: could not connect to host
+tdsbhack.cf: could not connect to host
+tdsbhack.ga: could not connect to host
+tdsbhack.gq: could not connect to host
+tdsbhack.ml: could not connect to host
+tdsbhack.tk: could not connect to host
+teachforcanada.ca: did not receive HSTS header
+tealdrones.com: did not receive HSTS header
+team-teasers.com: could not connect to host
+teambeoplay.co.uk: did not receive HSTS header
+teamblueridge.org: could not connect to host
+teamhood.io: did not receive HSTS header
+teampoint.cz: could not connect to host
+teamsocial.co: did not receive HSTS header
+teamup.rocks: did not receive HSTS header
+teamzeus.cz: could not connect to host
+tearoy.faith: could not connect to host
+tebieer.com: could not connect to host
+tech-blog.fr: did not receive HSTS header
+tech-finder.fr: could not connect to host
+tech55i.com: could not connect to host
+techandtux.de: could not connect to host
+techask.it: could not connect to host
+techassist.io: did not receive HSTS header
+techcavern.ml: did not receive HSTS header
+techelements.co: did not receive HSTS header
+techfactslive.com: did not receive HSTS header
+techhipster.net: could not connect to host
+techhub.ml: could not connect to host
+techiehall.com: could not connect to host
+techllage.com: could not connect to host
+techloaner.com: could not connect to host
+techmasters.andover.edu: could not connect to host
+techmatehq.com: could not connect to host
+technogroup.cz: did not receive HSTS header
+technosavvyport.com: did not receive HSTS header
+technotonic.com.au: did not receive HSTS header
+techpit.us: could not connect to host
+techpointed.com: could not connect to host
+techproud.com: did not receive HSTS header
+techreview.link: could not connect to host
+techtoy.store: did not receive HSTS header
+techtraveller.com.au: did not receive HSTS header
+techview.link: did not receive HSTS header
+tecnimotos.com: did not receive HSTS header
+tecnogaming.com: did not receive HSTS header
+tecture.de: did not receive HSTS header
+tedovo.com: did not receive HSTS header
+tedxkmitl.com: could not connect to host
+teehaus-shila.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tefl.io: could not connect to host
+tegelsensanitaironline.nl: did not receive HSTS header
+tehotuotanto.net: did not receive HSTS header
+teknologi.or.id: max-age too low: 36000
+teknotes.co.uk: could not connect to host
+tekshrek.com: did not receive HSTS header
+tektoria.de: could not connect to host
+tel-dithmarschen.de: did not receive HSTS header
+teleallarme.ch: could not connect to host
+telefisk.org: did not receive HSTS header
+telefonnummer.online: could not connect to host
+telefoonnummerinfo.nl: could not connect to host
+telekollektiv.org: could not connect to host
+telescam.com: could not connect to host
+teletechnology.in: did not receive HSTS header
+teletra.ru: could not connect to host
+tellingua.com: did not receive HSTS header
+temasa.net: did not receive HSTS header
+temehu.com: did not receive HSTS header
+tempcraft.net: could not connect to host
+tempo.co: did not receive HSTS header
+tempodecolheita.com.br: could not connect to host
+tendertool.nl: could not connect to host
+tendoryu-aikido.org: did not receive HSTS header
+tenerife-villas.com: did not receive HSTS header
+tengroup.com: max-age too low: 0
+tenispopular.com: could not connect to host
+tenni.xyz: could not connect to host
+tensei-slime.com: did not receive HSTS header
+tensionup.com: could not connect to host
+tentins.com: could not connect to host
+teoleonie.com: did not receive HSTS header
+teos.online: could not connect to host
+terra-x.net: could not connect to host
+terra.by: did not receive HSTS header
+terrax.berlin: could not connect to host
+terrax.info: could not connect to host
+terrax.net: could not connect to host
+teru.com.br: could not connect to host
+test02.dk: did not receive HSTS header
+testandroid.xyz: could not connect to host
+testovaci.ml: could not connect to host
+tetramax.eu: did not receive HSTS header
+tetsai.com: could not connect to host
+teufelsystem.de: could not connect to host
+teulon.eu: could not connect to host
+texte-zur-taufe.de: did not receive HSTS header
+texter.at: did not receive HSTS header
+textoplano.xyz: could not connect to host
+textracer.dk: could not connect to host
+tf2stadium.com: did not receive HSTS header
+tfcoms-sp-tracker-client.azurewebsites.net: could not connect to host
+tffans.com: could not connect to host
+tfl.lu: did not receive HSTS header
+tgr.re: could not connect to host
+th-bl.de: did not receive HSTS header
+th3nd.com: did not receive HSTS header
+thagki9.com: did not receive HSTS header
+thaigirls.xyz: could not connect to host
+thaihostcool.com: did not receive HSTS header
+thailandpropertylisting.com: did not receive HSTS header
+thailandpropertylistings.com: did not receive HSTS header
+thalmann.fr: did not receive HSTS header
+thatvizsla.life: did not receive HSTS header
+the-construct.com: could not connect to host
+the-delta.net.eu.org: could not connect to host
+the-digitale.com: could not connect to host
+the-finance-blog.com: could not connect to host
+the-gist.io: could not connect to host
+the-sky-of-valkyries.com: could not connect to host
+the.ie: did not receive HSTS header
+theamateurs.net: did not receive HSTS header
+theamp.com: did not receive HSTS header
+theater.cf: could not connect to host
+theavenuegallery.com: did not receive HSTS header
+thebakingclass.com: did not receive HSTS header
+thebasementguys.com: could not connect to host
+thebeautifulmusic.net: did not receive HSTS header
+thebeginningisnye.com: could not connect to host
+theberkshirescompany.com: could not connect to host
+thebigfail.net: could not connect to host
+thebrightons.co.uk: did not receive HSTS header
+thebrightons.uk: could not connect to host
+thebrotherswarde.com: could not connect to host
+thecapitalbank.com: did not receive HSTS header
+thecharlestonwaldorf.com: did not receive HSTS header
+thechunk.net: could not connect to host
+theclementinebutchers.com: could not connect to host
+theclubjersey.com: did not receive HSTS header
+thecodeninja.net: did not receive HSTS header
+thecoffeehouse.xyz: could not connect to host
+thecuriousdev.com: did not receive HSTS header
+thedarkartsandcrafts.com: could not connect to host
+thedrop.pw: did not receive HSTS header
+thedystance.com: could not connect to host
+theelitebuzz.com: did not receive HSTS header
+theendofzion.com: did not receive HSTS header
+theepankar.com: could not connect to host
+theescapistswiki.com: could not connect to host
+theeyeopener.com: did not receive HSTS header
+thefarbeyond.com: could not connect to host
+theflowerbasketonline.com: could not connect to host
+thefootballanalyst.com: did not receive HSTS header
+thefox.co: could not connect to host
+thefreebirds.in: could not connect to host
+thefrk.xyz: could not connect to host
+thefrozenfire.com: did not receive HSTS header
+thefutureharrills.com: could not connect to host
+thegamerscamp.com: max-age too low: 0
+thego2swatking.com: could not connect to host
+thegoldregister.co.uk: could not connect to host
+thegreenvpn.com: did not receive HSTS header
+thehiddenbay.eu: could not connect to host
+thehiddenbay.me: could not connect to host
+thehiddenbay.net: could not connect to host
+thehighersideclothing.com: did not receive HSTS header
+thehistory.me: could not connect to host
+thehonorguard.org: did not receive HSTS header
+thehoopsarchive.com: could not connect to host
+thehotfix.net: could not connect to host
+theimagesalon.com: max-age too low: 43200
+theinvisibletrailer.com: could not connect to host
+theitsage.com: did not receive HSTS header
+thejobauction.com: did not receive HSTS header
+thejserver.de: could not connect to host
+thelapine.ca: did not receive HSTS header
+thelostyankee.com: could not connect to host
+themadmechanic.net: could not connect to host
+themanufacturingmarketingagency.com: could not connect to host
+themarble.co: could not connect to host
+themathbehindthe.science: could not connect to host
+themathematician.uk: could not connect to host
+themerchandiser.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+themicrocapital.com: could not connect to host
+themimitoof.fr: did not receive HSTS header
+themoderate.xyz: could not connect to host
+thenextstep.events: could not connect to host
+thenorthschool.org.uk: did not receive HSTS header
+thenrdhrd.nl: could not connect to host
+theodorejones.info: could not connect to host
+thepartywarehouse.co.uk: did not receive HSTS header
+thepcweb.tk: could not connect to host
+thepiratebay.al: could not connect to host
+thepiratebay.poker: could not connect to host
+thepiratebay.tech: could not connect to host
+theprincegame.com: could not connect to host
+theprivacysolution.com: could not connect to host
+thequillmagazine.org: could not connect to host
+therise.ca: max-age too low: 300
+thermique.ch: could not connect to host
+therockawaysny.com: did not receive HSTS header
+thescientists.nl: could not connect to host
+thesearchnerds.co.uk: did not receive HSTS header
+thesecurityteam.net: could not connect to host
+thesehighsandlows.com: could not connect to host
+theserver201.tk: could not connect to host
+theshopally.com: did not receive HSTS header
+theskingym.co.uk: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+thesplit.is: could not connect to host
+thestack.xyz: could not connect to host
+thestagchorleywood.co.uk: did not receive HSTS header
+thesteins.org: could not connect to host
+thetechnical.me: did not receive HSTS header
+thethirdroad.com: could not connect to host
+thetradinghall.com: could not connect to host
+theurbanyoga.com: did not receive HSTS header
+thevintagenews.com: did not receive HSTS header
+thewallset.com: did not receive HSTS header
+thewebfellas.com: did not receive HSTS header
+theweilai.com: did not receive HSTS header
+theworkingeye.nl: could not connect to host
+thewp.pro: could not connect to host
+thezonders.com: did not receive HSTS header
+thgros.fr: could not connect to host
+thierfreund.de: could not connect to host
+thierryhayoz.ch: could not connect to host
+thinkcash.nl: could not connect to host
+thinkcoding.de: could not connect to host
+thinkcoding.org: could not connect to host
+thinkdo.jp: could not connect to host
+thinkheaddesign.com: did not receive HSTS header
+thinlyveiledcontempt.com: could not connect to host
+thirdpartytrade.com: did not receive HSTS header
+thirty5.net: did not receive HSTS header
+thisisacompletetest.ga: could not connect to host
+thisisforager.com: could not connect to host
+thiswasalreadymyusername.tk: could not connect to host
+thiswebhost.com: did not receive HSTS header
+thkb.net: could not connect to host
+thomas-ferney.fr: did not receive HSTS header
+thomas-gibertie.fr: did not receive HSTS header
+thomasbreads.com: max-age too low: 86400
+thomascloud.ddns.net: could not connect to host
+thomasharvey.me: did not receive HSTS header
+thomaskliszowski.fr: did not receive HSTS header
+thomasmeester.nl: did not receive HSTS header
+thomasnet.fr: could not connect to host
+thomasschweizer.net: could not connect to host
+thompsonfamily.cloud: could not connect to host
+thorncreek.net: did not receive HSTS header
+threv.net: could not connect to host
+thriveapproach.co.uk: did not receive HSTS header
+thrivewellnesshub.co.za: did not receive HSTS header
+throughthelookingglasslens.co.uk: could not connect to host
+thumbtack.com: did not receive HSTS header
+thundercampaign.com: could not connect to host
+ti.blog.br: could not connect to host
+tianxicaipiao.win: could not connect to host
+tianxicp.com: could not connect to host
+tianxing.pro: did not receive HSTS header
+tianxingvpn.pro: could not connect to host
+ticketoplichting.nl: did not receive HSTS header
+tickopa.co.uk: could not connect to host
+tickreport.com: did not receive HSTS header
+ticktock.today: did not receive HSTS header
+tictactux.de: could not connect to host
+tidmore.us: could not connect to host
+tidycustoms.net: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tiendschuurstraat.nl: could not connect to host
+tiensnet.com: could not connect to host
+tierrarp.com: could not connect to host
+tiffnix.com: could not connect to host
+tightlineproductions.com: did not receive HSTS header
+tikutiku.pl: could not connect to host
+tildebot.com: could not connect to host
+tilient.eu: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tilikum.io: did not receive HSTS header
+tilkah.com.au: did not receive HSTS header
+tillcraft.com: could not connect to host
+timbeilby.com: could not connect to host
+timbuktutimber.com: did not receive HSTS header
+timcamara.com: could not connect to host
+time-river.xyz: could not connect to host
+timeatlas.com: did not receive HSTS header
+timesavingplugins.com: could not connect to host
+timesavingplugins.net: could not connect to host
+timeserver0.de: could not connect to host
+timeserver1.de: could not connect to host
+timeserver2.de: could not connect to host
+timeserver3.de: could not connect to host
+timestamp.io: did not receive HSTS header
+timhjalpen.se: could not connect to host
+timnash.co.uk: max-age too low: 2592000
+timotrans.de: did not receive HSTS header
+timotrans.eu: did not receive HSTS header
+timowi.de: could not connect to host
+timowi.net: could not connect to host
+timschubert.net: max-age too low: 172800
+timvandekamp.nl: did not receive HSTS header
+timwittenberg.com: could not connect to host
+tinchbear.xyz: could not connect to host
+tindewen.net: could not connect to host
+tink.network: could not connect to host
+tintenprofi.de: max-age too low: 6307200
+tipsyk.ru: could not connect to host
+tiredofeating.com: could not connect to host
+tiremoni.ch: did not receive HSTS header
+tirex.media: did not receive HSTS header
+titanlab.de: could not connect to host
+titanleaf.com: could not connect to host
+titouan.co: did not receive HSTS header
+tittarpuls.se: could not connect to host
+titties.ml: could not connect to host
+tjc.wiki: could not connect to host
+tjeckien.guide: could not connect to host
+tkappertjedemetamorfose.nl: could not connect to host
+tkarstens.de: did not receive HSTS header
+tkn.tokyo: could not connect to host
+tkonstantopoulos.tk: could not connect to host
+tlcdn.net: could not connect to host
+tlo.hosting: could not connect to host
+tlo.link: could not connect to host
+tlo.network: could not connect to host
+tls.li: could not connect to host
+tlsbv.nl: did not receive HSTS header
+tlshost.net: could not connect to host
+tm-solutions.eu: could not connect to host
+tmaward.net: could not connect to host
+tmhlive.com: could not connect to host
+tmitchell.io: could not connect to host
+tmprod.com: did not receive HSTS header
+tmtradingmorocco.ma: did not receive HSTS header
+tnb-plattform.de: could not connect to host
+tncnanet.com.br: could not connect to host
+tno.io: could not connect to host
+tnrsca.jp: did not receive HSTS header
+tobaby.com.br: could not connect to host
+tobaccore.eu: could not connect to host
+tobaccore.sk: could not connect to host
+tobias-bielefeld.de: did not receive HSTS header
+tobiasmathes.com: could not connect to host
+tobiasmathes.name: could not connect to host
+tobiasofficial.at: could not connect to host
+tobiassachs.cf: could not connect to host
+tobiassachs.tk: could not connect to host
+todapolitica.com: did not receive HSTS header
+todesschaf.org: could not connect to host
+todo.is: did not receive HSTS header
+todobazar.es: could not connect to host
+todoscomciro.com: did not receive HSTS header
+todosrv.com: could not connect to host
+tofu.im: could not connect to host
+togelonlinecommunity.com: did not receive HSTS header
+toka.sg: did not receive HSTS header
+tokenloan.com: could not connect to host
+tokkee.org: could not connect to host
+tokoindo.top: could not connect to host
+tokoone.com: did not receive HSTS header
+tokotamz.net: could not connect to host
+tokotimbangandigitalmurah.web.id: did not receive HSTS header
+tokoyo.biz: could not connect to host
+tollmanz.com: did not receive HSTS header
+tollsjekk.no: could not connect to host
+tolud.com: did not receive HSTS header
+tom.run: did not receive HSTS header
+tomeara.net: could not connect to host
+tomevans.io: did not receive HSTS header
+tomlankhorst.nl: did not receive HSTS header
+tomli.me: could not connect to host
+tomm.yt: could not connect to host
+tommounsey.com: could not connect to host
+tommsy.com: did not receive HSTS header
+tommyads.com: could not connect to host
+tommyweber.de: did not receive HSTS header
+tomphill.co.uk: could not connect to host
+tonburi.jp: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+toncusters.nl: could not connect to host
+tongmu.me: did not receive HSTS header
+tonyfantjr.com: could not connect to host
+toomanypillows.com: could not connect to host
+tooolroc.org: could not connect to host
+top-stage.net: could not connect to host
+topbestsellerproduct.com: did not receive HSTS header
+topdeskdev.net: could not connect to host
+topdetoxcleanse.com: could not connect to host
+topmarine.se: could not connect to host
+topnewstoday.org: could not connect to host
+topnotchendings.com: could not connect to host
+topnovini.com: did not receive HSTS header
+toppik.com.br: could not connect to host
+topshelfguild.com: could not connect to host
+toptenthebest.com: did not receive HSTS header
+toptranslation.com: did not receive HSTS header
+topyx.com: did not receive HSTS header
+tor2web.org: could not connect to host
+torahanytime.com: did not receive HSTS header
+torchl.it: could not connect to host
+torlock.download: could not connect to host
+torproject.org.uk: could not connect to host
+torrentdownloads.bid: did not receive HSTS header
+torrenttop100.net: did not receive HSTS header
+torrentz.website: could not connect to host
+tortugalife.de: could not connect to host
+torv.rocks: did not receive HSTS header
+tosecure.link: could not connect to host
+toshnix.com: could not connect to host
+toshub.com: could not connect to host
+totalle.com.br: could not connect to host
+totallynotaserver.com: could not connect to host
+totalsystemcare.com: did not receive HSTS header
+totalworkout.fitness: did not receive HSTS header
+totch.de: could not connect to host
+totem-eshop.cz: could not connect to host
+totoro.pub: did not receive HSTS header
+totot.net: could not connect to host
+toucedo.de: could not connect to host
+touch-up-net.com: could not connect to host
+touchbasemail.com: did not receive HSTS header
+touchpointidg.us: could not connect to host
+touchscreen-handy.de: did not receive HSTS header
+touchstonefms.co.uk: did not receive HSTS header
+touchtable.nl: did not receive HSTS header
+touchwoodtrees.com.au: did not receive HSTS header
+tourpeer.com: did not receive HSTS header
+toursandtransfers.it: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+toxicip.com: could not connect to host
+toxme.se: did not receive HSTS header
+toyotamotala.se: could not connect to host
+tpbcdn.com: could not connect to host
+tpblist.xyz: could not connect to host
+tpe-edu.com: could not connect to host
+tpms4u.at: did not receive HSTS header
+tppdebate.org: did not receive HSTS header
+tracetracker.com: did not receive HSTS header
+track.plus: could not connect to host
+trackdays4fun.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tracker-gps.ch: could not connect to host
+tracktivity.com.au: could not connect to host
+trade-smart.ru: could not connect to host
+tradingcentre.com.au: did not receive HSTS header
+tradinghope.com: could not connect to host
+traditional-knowledge.tk: did not receive HSTS header
+trafficquality.org: could not connect to host
+traffictigers.com: max-age too low: 2592000
+traforet.win: could not connect to host
+traindb.nl: did not receive HSTS header
+training4girls.ru: could not connect to host
+traininglist.org: did not receive HSTS header
+trainingproviderresults.gov: could not connect to host
+trainut.com: could not connect to host
+trakfusion.com: could not connect to host
+trance-heal.com: did not receive HSTS header
+trance-heal.de: did not receive HSTS header
+trance-heal.me: did not receive HSTS header
+tranceheal.com: did not receive HSTS header
+tranceheal.de: did not receive HSTS header
+tranceheal.me: did not receive HSTS header
+tranos.de: did not receive HSTS header
+transcendmotor.sg: could not connect to host
+transcriptionwave.com: did not receive HSTS header
+transdirect.com.au: did not receive HSTS header
+transformify.org: did not receive HSTS header
+transl8.eu: did not receive HSTS header
+translate.googleapis.com: did not receive HSTS header (error ignored - included regardless)
+transportal.sk: did not receive HSTS header
+traumhuetten.de: did not receive HSTS header
+travality.ru: could not connect to host
+travel-kuban.ru: did not receive HSTS header
+travelinsightswriter.com: could not connect to host
+travelinsurance.co.nz: did not receive HSTS header
+travotion.com: could not connect to host
+trazosdearte.com: did not receive HSTS header
+treasuredinheritanceministry.com: max-age too low: 2592000
+treatprostatewithhifu.com: could not connect to host
+treeby.net: could not connect to host
+treeremovaljohannesburg.co.za: could not connect to host
+treino.blog.br: could not connect to host
+treker.us: could not connect to host
+trell.co.in: did not receive HSTS header
+trendberry.ru: could not connect to host
+triadwars.com: did not receive HSTS header
+trialmock.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tridimage.com: did not receive HSTS header
+trileg.net: could not connect to host
+trinityaffirmations.com: max-age too low: 0
+trinitycore.org: max-age too low: 2592000
+tripdelta.com: did not receive HSTS header
+tripinsider.club: did not receive HSTS header
+tristanfarkas.one: could not connect to host
+trixies-wish.nz: could not connect to host
+trixy.com.br: could not connect to host
+troi.de: did not receive HSTS header
+trollme.me: could not connect to host
+trollscave.xyz: could not connect to host
+troo.ly: could not connect to host
+true.ink: did not receive HSTS header
+truebred-labradors.com: did not receive HSTS header
+trunkjunk.co: did not receive HSTS header
+trustedinnovators.com: did not receive HSTS header
+trusteecar.com: did not receive HSTS header
+trustmeimfancy.com: could not connect to host
+trybind.com: could not connect to host
+trynowrinkleseyeserum.com: could not connect to host
+tryoneday.co: did not receive HSTS header
+ts2.se: could not connect to host
+ts3.consulting: could not connect to host
+tsaro.io: could not connect to host
+tsdom.net: could not connect to host
+tsecy.com: could not connect to host
+tsgoc.com: did not receive HSTS header
+tsrstore.gq: could not connect to host
+tssouthernpower.com: max-age too low: 0
+tsumegumi.net: could not connect to host
+tsurezurematome.ga: could not connect to host
+tsurimap.com: could not connect to host
+tsutsumi-kogyo.jp: could not connect to host
+ttackmedical.com.br: could not connect to host
+tts.co.nz: did not receive HSTS header
+tuamoronline.com: could not connect to host
+tubbutec.de: did not receive HSTS header
+tubepro.de: did not receive HSTS header
+tubetoon.com: did not receive HSTS header
+tubetooncartoons.com: did not receive HSTS header
+tubex.ga: could not connect to host
+tucidi.net: could not connect to host
+tucker.wales: could not connect to host
+tucnak.eu: could not connect to host
+tunai.id: could not connect to host
+tunca.it: did not receive HSTS header
+tunebitfm.de: could not connect to host
+tupizm.com: could not connect to host
+turkiet.guide: could not connect to host
+turkrock.com: did not receive HSTS header
+turn-sticks.com: could not connect to host
+turnik-67.ru: could not connect to host
+turniker.ru: could not connect to host
+turnsticks.com: could not connect to host
+turtlementors.com: could not connect to host
+tusb.ml: did not receive HSTS header
+tussengelegenwoningverkopen.nl: could not connect to host
+tuthowto.com: did not receive HSTS header
+tutiendaroja.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tutiendarosa.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+tuturulianda.com: did not receive HSTS header
+tuvalie.com: could not connect to host
+tuxcall.de: could not connect to host
+tuxhound.org: could not connect to host
+tuxz.net: could not connect to host
+tv.search.yahoo.com: could not connect to host
+tverdohleb.com: could not connect to host
+tvtubeflix.com: did not receive HSTS header
+tvz-materijali.com: could not connect to host
+tw2-tools.ga: could not connect to host
+twarog.cc: could not connect to host
+twee-onder-een-kap-woning-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-brielle-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-de-friese-meren-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-delfzijl-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-leeuwarden-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-pekela-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-rijnwaarden-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-sudwest-fryslan-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-veendam-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-zuidplas-kopen.nl: could not connect to host
+twee-onder-een-kap-woning-in-zwartewaterland-kopen.nl: could not connect to host
+tweeondereenkapverkopen.nl: could not connect to host
+tweeondereenkapwoningverkopen.nl: could not connect to host
+tweetify.io: could not connect to host
+twelverocks.com: did not receive HSTS header
+twillionmas.com: could not connect to host
+twinkieman.com: could not connect to host
+twinkseason.ca: could not connect to host
+twinkseason.co: could not connect to host
+twinkseason.co.uk: could not connect to host
+twinkseason.net: could not connect to host
+twinkseason.org: could not connect to host
+twinkseason.xyz: could not connect to host
+twiri.net: could not connect to host
+twist.party: could not connect to host
+twittelzie.nl: could not connect to host
+twitter.ax: could not connect to host
+twogo.com: did not receive HSTS header
+twolinepassbrewing.com: could not connect to host
+twolivelife.com: could not connect to host
+twotube.ie: could not connect to host
+tx041cap.org: did not receive HSTS header
+txclimbers.com: could not connect to host
+txcp01.com: did not receive HSTS header
+txcp02.com: did not receive HSTS header
+txf.pw: could not connect to host
+ty2u.com: did not receive HSTS header
+tykoon.com: could not connect to host
+tylerharcourt.com: could not connect to host
+tylian.net: max-age too low: 0
+typeofweb.com: did not receive HSTS header
+typingrevolution.com: did not receive HSTS header
+tyreis.com: did not receive HSTS header
+tyrelius.com: could not connect to host
+tyroproducts.eu: did not receive HSTS header
+tyroremotes.eu: did not receive HSTS header
+tyroremotes.no: did not receive HSTS header
+tyskland.guide: could not connect to host
+tysye.ca: could not connect to host
+tzappa.net: could not connect to host
+tzwe.com: could not connect to host
+u-blox.com: max-age too low: 0
+uadp.pw: did not receive HSTS header
+uber.com.au: did not receive HSTS header
+uberfunction.com: did not receive HSTS header
+ubi.gg: could not connect to host
+ubicloud.de: did not receive HSTS header
+ubicv.com: could not connect to host
+ublox.com: did not receive HSTS header
+uborcare.com: could not connect to host
+ubuntuhot.com: did not receive HSTS header
+uddi.ng: did not receive HSTS header
+uefeng.com: did not receive HSTS header
+uega.net: did not receive HSTS header
+ueu.me: could not connect to host
+ufgaming.com: did not receive HSTS header
+ufotable.uk: could not connect to host
+ugisgutless.com: did not receive HSTS header
+ugo.ninja: could not connect to host
+ugosadventures.com: could not connect to host
+uhm.io: could not connect to host
+ukas.com: did not receive HSTS header
+ukdropshipment.co.uk: did not receive HSTS header
+ukdropshipment.com: did not receive HSTS header
+ukk.dk: did not receive HSTS header
+ukrgadget.com: could not connect to host
+ulabox.cat: did not receive HSTS header
+ulabox.es: did not receive HSTS header
+ullamodaintima.com.br: could not connect to host
+ulmer-schneesport.de: did not receive HSTS header
+ulmo.dk: could not connect to host
+ulti.gq: could not connect to host
+ultimate-garcinia-plus.com: could not connect to host
+ultimate-glow-skin.com: could not connect to host
+ultimate-memoryplus.com: could not connect to host
+ultimate-neuroplus.com: could not connect to host
+ultros.io: did not receive HSTS header
+umaimise.info: did not receive HSTS header
+umgardi.ca: could not connect to host
+umidev.com: did not receive HSTS header
+umie.cc: did not receive HSTS header
+umsapi.com: could not connect to host
+umwandeln-online.de: did not receive HSTS header
+unart.info: could not connect to host
+unbanthe.net: could not connect to host
+unblockat.tk: could not connect to host
+unblocked-networks.org: could not connect to host
+unblocked.date: could not connect to host
+unblocked.faith: could not connect to host
+unblocked.host: could not connect to host
+unblocked.party: could not connect to host
+unblocked.st: did not receive HSTS header
+unblocked.today: could not connect to host
+unblocked.win: did not receive HSTS header
+unblocked.works: could not connect to host
+unblocked.world: could not connect to host
+unblockedall.site: could not connect to host
+unblockerproxy.site: could not connect to host
+unblockerproxy.top: could not connect to host
+unblockmy.party: could not connect to host
+unblockmy.tech: did not receive HSTS header
+unblockmy.xyz: did not receive HSTS header
+unblockmyproxy.site: could not connect to host
+unblockthe.site: did not receive HSTS header
+unblockthe.top: could not connect to host
+unccdesign.club: could not connect to host
+unclegen.xyz: could not connect to host
+under30stravelinsurance.com.au: did not receive HSTS header
+underkin.com: could not connect to host
+unefuite.ch: could not connect to host
+unexpected.nu: could not connect to host
+unfiltered.nyc: could not connect to host
+ungern.guide: could not connect to host
+unhu.fr: could not connect to host
+uni-games.com: could not connect to host
+uni2share.com: could not connect to host
+unicefkaarten.be: did not receive HSTS header
+unicooo.com: could not connect to host
+unicorn.li: could not connect to host
+unifei.edu.br: did not receive HSTS header
+uniformecomgas.com.br: could not connect to host
+uniformehumboldt.com.br: did not receive HSTS header
+unikitty-on-tour.com: could not connect to host
+unionstationapp.com: could not connect to host
+unison.com: did not receive HSTS header
+unisyssecurity.com: did not receive HSTS header
+uniteasia.org: did not receive HSTS header
+unitedcyberdevelopment.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+unitlabs.net: could not connect to host
+unitrade-425.co.za: did not receive HSTS header
+university4industry.com: did not receive HSTS header
+univz.com: could not connect to host
+unixtime.pro: could not connect to host
+unknownbreakup.com: did not receive HSTS header
+unknownphenomena.net: could not connect to host
+unplugg3r.dk: could not connect to host
+unravel.ie: could not connect to host
+unsupervised.ca: did not receive HSTS header
+unsystem.net: could not connect to host
+unwiredbrain.com: could not connect to host
+unwomen.is: did not receive HSTS header
+unyq.me: did not receive HSTS header
+uonstaffhub.com: could not connect to host
+uow.ninja: could not connect to host
+up1.ca: could not connect to host
+upaknship.com: did not receive HSTS header
+upboard.jp: could not connect to host
+upldr.pw: could not connect to host
+uploadbro.com: could not connect to host
+uporoops.com: could not connect to host
+uprotect.it: could not connect to host
+upstats.eu: could not connect to host
+uptic.net: did not receive HSTS header
+ur-lauber.de: did not receive HSTS header
+urandom.eu.org: did not receive HSTS header
+urban-garden.lt: could not connect to host
+urban-garden.lv: could not connect to host
+urbanstylestaging.com: did not receive HSTS header
+urbpic.com: could not connect to host
+urcentral.org: could not connect to host
+urlchomp.com: did not receive HSTS header
+urown.net: could not connect to host
+urphp.com: could not connect to host
+us-immigration.com: did not receive HSTS header
+usaab.org: did not receive HSTS header
+usbirthcertificate.com: could not connect to host
+usbtypeccompliant.com: could not connect to host
+uscitizenship.info: did not receive HSTS header
+uscntalk.com: could not connect to host
+uscp8.com: could not connect to host
+uscurrency.gov: did not receive HSTS header
+used-in.jp: could not connect to host
+user-new.com: did not receive HSTS header
+usercare.com: did not receive HSTS header
+userify.com: max-age too low: 0
+uslab.io: could not connect to host
+usportsgo.com: could not connect to host
+usr.nz: did not receive HSTS header
+ustr.gov: max-age too low: 86400
+utdscanner.com: did not receive HSTS header
+utilitronium-shockwave.com: could not connect to host
+utleieplassen.no: could not connect to host
+utopiagalaxy.space: could not connect to host
+utopian-surgery.com: could not connect to host
+utopianconcept.com: did not receive HSTS header
+utopianhomespa.com: did not receive HSTS header
+utopianrealms.org: did not receive HSTS header
+utopians.dk: did not receive HSTS header
+uttnetgroup.fr: did not receive HSTS header
+utumno.ch: could not connect to host
+utvbloggen.se: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+uvarov.pw: did not receive HSTS header
+uwesander.de: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+uwstartups.com: could not connect to host
+uxux.pl: could not connect to host
+uygindir.ml: could not connect to host
+uyym.com: could not connect to host
+uzmandroid.com: did not receive HSTS header
+uzmandroid.net: could not connect to host
+uzmandroid.top: could not connect to host
+v-desk.ga: did not receive HSTS header
+v0rtex.xyz: could not connect to host
+v0tti.com: could not connect to host
+v12.co.uk: did not receive HSTS header
+v2.pw: did not receive HSTS header
+v2ex.us: could not connect to host
+v4s.ro: did not receive HSTS header
+v4veedu.com: could not connect to host
+v7.cl: could not connect to host
+v789xl.com: did not receive HSTS header
+vaaddress.co: could not connect to host
+vaalmarketplace.co.za: did not receive HSTS header
+vacationality.com: could not connect to host
+vacationfund.co: could not connect to host
+vackerbetong.se: could not connect to host
+vacuumreviewcenter.com: did not receive HSTS header
+vaddder.com: could not connect to host
+vadik.me: could not connect to host
+vadodesign.nl: did not receive HSTS header
+vaeplatform.com: could not connect to host
+vaioswolke.xyz: could not connect to host
+valaeris.de: could not connect to host
+valecnatechnika.cz: could not connect to host
+valenhub.com: could not connect to host
+valenhub.es: could not connect to host
+valenscaelum.com: could not connect to host
+valethound.com: could not connect to host
+valhalla-agency.com: max-age too low: 0
+valhallacostarica.com: could not connect to host
+valhallamovement.com: did not receive HSTS header
+valitron.se: did not receive HSTS header
+valkyrja.xyz: could not connect to host
+valleyridgepta.org: could not connect to host
+vallis.net: did not receive HSTS header
+valmagus.com: could not connect to host
+vamoaeturismo.com.br: could not connect to host
+vampirism.eu: could not connect to host
+vanacht.co.za: did not receive HSTS header
+vanajahosting.com: did not receive HSTS header
+vanderkley.it: could not connect to host
+vanderstraeten.dynv6.net: could not connect to host
+vanestack.com: could not connect to host
+vanitas.xyz: could not connect to host
+vanitynailworkz.com: could not connect to host
+vansieleghem.com: could not connect to host
+vapecraftinc.com: did not receive HSTS header
+vapeshopsupply.com: could not connect to host
+varela-electricite.fr: could not connect to host
+vasa-webstranka.sk: did not receive HSTS header
+vasanth.org: could not connect to host
+vayaport.com: could not connect to host
+vbest.net: could not connect to host
+vbhelp.org: did not receive HSTS header
+vbulletin-russia.com: could not connect to host
+vbulletinrussia.com: could not connect to host
+vcdove.com: could not connect to host
+vcr.re: could not connect to host
+vdhco.be: did not receive HSTS header
+veblen.com: did not receive HSTS header
+vechkasov.ru: did not receive HSTS header
+vedatkamer.com: did not receive HSTS header
+vega.dyndns.info: could not connect to host
+veganosonline.com: could not connect to host
+veggiefasting.com: could not connect to host
+veggiesbourg.fr: did not receive HSTS header
+vegis.ro: did not receive HSTS header
+vehent.org: did not receive HSTS header
+vehicleuplift.co.uk: did not receive HSTS header
+velen.io: could not connect to host
+vemokin.net: could not connect to host
+venixplays-stream.ml: could not connect to host
+venmos.com: did not receive HSTS header
+vennet.fr: max-age too low: 0
+venoom.eu: did not receive HSTS header
+venturavwparts.com: could not connect to host
+venturepro.com: did not receive HSTS header
+ventzke.com: did not receive HSTS header
+venzocrm.com: did not receive HSTS header
+verdeandco.co.uk: could not connect to host
+verifiedinvesting.com: did not receive HSTS header
+verifikatorindonesia.com: could not connect to host
+veristor.com: did not receive HSTS header
+vermontcareergateway.org: could not connect to host
+versfin.net: could not connect to host
+versia.ru: did not receive HSTS header
+veryhax.de: could not connect to host
+veryyounglesbians.com: could not connect to host
+vestacp.top: could not connect to host
+vetdnacenter.com: did not receive HSTS header
+veterinaire-cazeres-foucault.fr: could not connect to host
+vethouse.com.ua: did not receive HSTS header
+vetmgmt.com: could not connect to host
+veto.fish: could not connect to host
+vfree.org: could not connect to host
+vgatest.nl: could not connect to host
+vglimg.com: could not connect to host
+vh.net: could not connect to host
+vhost.co.id: could not connect to host
+viabemestar.com.br: could not connect to host
+viadeux.com: did not receive HSTS header
+viasinc.com: did not receive HSTS header
+vicenage.com: could not connect to host
+viceversa.xyz: did not receive HSTS header
+vicianovi.cz: could not connect to host
+victorenxovais.com.br: could not connect to host
+victoriapemberton.com: did not receive HSTS header
+vid.me: did not receive HSTS header
+vidbuchanan.co.uk: did not receive HSTS header
+viddiaz.com: did not receive HSTS header
+videomail.io: did not receive HSTS header
+videomuz.com: could not connect to host
+videorullen.se: could not connect to host
+videotogel.net: did not receive HSTS header
+videoueberwachung-set.de: did not receive HSTS header
+vider.ga: could not connect to host
+vidid.net: did not receive HSTS header
+vidz.ga: could not connect to host
+vietnamchevrolet.net: did not receive HSTS header
+vietnamphotographytours.com: could not connect to host
+vigilo.cf: could not connect to host
+vigilo.ga: could not connect to host
+vijos.org: did not receive HSTS header
+vikasbabyworld.de: could not connect to host
+viktor-machnik.de: could not connect to host
+viktorsvantesson.net: did not receive HSTS header
+vilaydin.com: could not connect to host
+vilight.com.br: could not connect to host
+villacarmela.com.br: did not receive HSTS header
+villenvinkit.com: did not receive HSTS header
+vimeosucks.nyc: could not connect to host
+vinasec.se: could not connect to host
+vinbet.org: could not connect to host
+vinbet000.com: could not connect to host
+vinbet111.com: could not connect to host
+vinbet222.com: could not connect to host
+vinbet333.com: could not connect to host
+vinbet444.com: could not connect to host
+vinbet555.com: could not connect to host
+vinbet666.com: could not connect to host
+vinbet888.com: could not connect to host
+vincentkooijman.at: did not receive HSTS header
+vincentkooijman.nl: could not connect to host
+vinciconps4.it: could not connect to host
+vinesauce.info: could not connect to host
+vinetalk.net: could not connect to host
+viniferawineclub.com: did not receive HSTS header
+vinsetchampagne.fr: did not receive HSTS header
+vintageheartcoffee.com: max-age too low: 0
+vio.no: did not receive HSTS header
+violenceinterrupted.org: did not receive HSTS header
+viosey.com: could not connect to host
+viperdns.com: could not connect to host
+viphospitality.se: could not connect to host
+viplentes.com.br: did not receive HSTS header
+vipmusic.ga: could not connect to host
+viral8.jp: could not connect to host
+virginiacrimeanalysisnetwork.org: did not receive HSTS header
+virtualstrongbox.ca: could not connect to host
+visanhigia.com: could not connect to host
+viserproject.com: did not receive HSTS header
+vision-painting.com: did not receive HSTS header
+visiongamestudios.com: could not connect to host
+visionthroughknowledge.com: could not connect to host
+visiontree.eu: could not connect to host
+visitbroadstairs.com: could not connect to host
+vissanum.com: did not receive HSTS header
+vissersgrootboek.nl: did not receive HSTS header
+vistarait.com: could not connect to host
+visualvotes.co.uk: could not connect to host
+vitagenda.nl: could not connect to host
+vitalita.cz: did not receive HSTS header
+vitalorange.com: max-age too low: 7889238
+vitamaxxi.com.br: could not connect to host
+vitta.me: did not receive HSTS header
+viva-french.com: did not receive HSTS header
+vivasports.com.br: could not connect to host
+vivocloud.com: could not connect to host
+vivremoinscher.fr: did not receive HSTS header
+vizeat.com: did not receive HSTS header
+vlastimilburian.cz: did not receive HSTS header
+vlogge.com: could not connect to host
+vlora.city: could not connect to host
+vm0.eu: could not connect to host
+vmrdev.com: could not connect to host
+voceinveste.com: did not receive HSTS header
+voeux.io: could not connect to host
+vogt.tech: could not connect to host
+voicesuk.co.uk: did not receive HSTS header
+voidi.ca: could not connect to host
+voidserv.net: could not connect to host
+volcain.io: could not connect to host
+volcrado.com: did not receive HSTS header
+volkden.com: could not connect to host
+vomitb.in: did not receive HSTS header
+vonavy-cukor.sk: could not connect to host
+vonavycukor.sk: could not connect to host
+vonterra.us: did not receive HSTS header
+vooreenveiligthuis.nl: did not receive HSTS header
+voorjou.com: did not receive HSTS header
+vorangerie.com: could not connect to host
+vorderklier.de: could not connect to host
+vorlif.org: could not connect to host
+vorodevops.com: could not connect to host
+vortexhobbies.com: did not receive HSTS header
+vosjesweb.nl: could not connect to host
+votresiteweb.ch: could not connect to host
+vowsy.club: did not receive HSTS header
+vox.vg: did not receive HSTS header
+vpip.net: could not connect to host
+vpl.me: did not receive HSTS header
+vpls.co.th: max-age too low: 0
+vpls.com: did not receive HSTS header
+vpls.net: max-age too low: 0
+vplssolutions.com: did not receive HSTS header
+vpn-byen.dk: did not receive HSTS header
+vpn.pics: did not receive HSTS header
+vpnhot.com: could not connect to host
+vps-szerver-berles.hu: could not connect to host
+vpsmojo.com: could not connect to host
+vratny.space: could not connect to host
+vriendenvoordeel.com: did not receive HSTS header
+vrijstaandhuis-in-alphen-aan-den-rijn-kopen.nl: could not connect to host
+vrijstaandhuis-in-brielle-kopen.nl: could not connect to host
+vrijstaandhuis-in-delfzijl-kopen.nl: could not connect to host
+vrijstaandhuis-in-friesland-kopen.nl: could not connect to host
+vrijstaandhuis-in-laren-kopen.nl: could not connect to host
+vrijstaandhuis-in-leeuwarden-kopen.nl: could not connect to host
+vrijstaandhuis-in-veendam-kopen.nl: could not connect to host
+vrijstaandhuis-in-zeeland-kopen.nl: could not connect to host
+vrijstaandhuis-in-zuid-holland-kopen.nl: could not connect to host
+vrijstaandhuis-in-zuidplas-kopen.nl: could not connect to host
+vrijstaandhuis-in-zwartewaterland-kopen.nl: could not connect to host
+vrijstaandhuisverkopen.nl: could not connect to host
+vrobert.fr: could not connect to host
+vrtouring.org: could not connect to host
+vsc-don-stocksport.de: did not receive HSTS header
+vsestiralnie.com: did not receive HSTS header
+vvl.me: did not receive HSTS header
+vxapps.com: could not connect to host
+vxml.club: could not connect to host
+vxstream-sandbox.com: did not receive HSTS header
+vyncke.org: max-age too low: 2678400
+vyvybean.cf: could not connect to host
+vyvygen.com: did not receive HSTS header
+vzk.io: could not connect to host
+w2gshop.com.br: could not connect to host
+w4a.fr: could not connect to host
+w4nvu.org: could not connect to host
+w4xzr.top: could not connect to host
+w4xzr.xyz: could not connect to host
+wabifoggynuts.com: could not connect to host
+wachtwoordencheck.nl: could not connect to host
+wahhoi.net: did not receive HSTS header
+wait.moe: could not connect to host
+waixingrenfuli7.vip: could not connect to host
+wakapp.de: could not connect to host
+wakened.net: did not receive HSTS header
+walkeryoung.ca: could not connect to host
+wallabag.it: did not receive HSTS header
+wallabag.org: did not receive HSTS header
+wallet.google.com: did not receive HSTS header (error ignored - included regardless)
+wallpapers.pub: could not connect to host
+wallsblog.dk: could not connect to host
+walnutgaming.co.uk: could not connect to host
+walterlynnmosley.com: did not receive HSTS header
+wanashi.com: could not connect to host
+wanban.io: could not connect to host
+wanda76.com: could not connect to host
+wanda78.com: could not connect to host
+wanda79.com: could not connect to host
+wanda96.com: could not connect to host
+wanda97.com: could not connect to host
+wanda98.com: could not connect to host
+wangjun.me: did not receive HSTS header
+wangkezun.com: could not connect to host
+wangqiliang.cn: did not receive HSTS header
+wangqiliang.org: did not receive HSTS header
+wangqiliang.xn--fiqs8s: could not connect to host
+wangzuan168.cc: could not connect to host
+wapjt.cn: could not connect to host
+wapt.fr: did not receive HSTS header
+warandpeace.xyz: could not connect to host
+wardsegers.be: did not receive HSTS header
+warehost.de: did not receive HSTS header
+warhistoryonline.com: did not receive HSTS header
+warlions.info: could not connect to host
+warp-radio.com: could not connect to host
+warp-radio.tv: could not connect to host
+warped.com: could not connect to host
+warrencreative.com: did not receive HSTS header
+warsentech.com: could not connect to host
+warsh.moe: did not receive HSTS header
+warumsuchen.at: max-age too low: 0
+watchium.com: did not receive HSTS header
+watchweasel.com: could not connect to host
+waterforlife.net.au: did not receive HSTS header
+waterpoint.com.br: could not connect to host
+watersportmarkt.net: did not receive HSTS header
+watsonhall.uk: could not connect to host
+wave.is: could not connect to host
+wavefloatrooms.com: did not receive HSTS header
+wavefrontsystemstech.com: could not connect to host
+wavesboardshop.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+waxdramatic.com: could not connect to host
+we.serveftp.net: could not connect to host
+wear2work.nl: did not receive HSTS header
+weareincognito.org: could not connect to host
+weaverhairextensions.nl: could not connect to host
+web-industry.fr: could not connect to host
+web-insider.net: could not connect to host
+web-vision.de: did not receive HSTS header
+web4all.fr: did not receive HSTS header
+web4pro.fr: could not connect to host
+webandwords.com.au: could not connect to host
+webanker.sh: did not receive HSTS header
+webapps.directory: could not connect to host
+webart-factory.de: could not connect to host
+webassadors.com: could not connect to host
+webbson.net: could not connect to host
+webbx.se: max-age too low: 2592000
+webcatechism.com: could not connect to host
+webchat.domains: did not receive HSTS header
+webdeflect.com: did not receive HSTS header
+webdesign-kronberg.de: did not receive HSTS header
+webdev.mobi: could not connect to host
+webeau.com: could not connect to host
+webeconomia.it: did not receive HSTS header
+webelement.sk: did not receive HSTS header
+weberjulia.com: could not connect to host
+webfronten.dk: did not receive HSTS header
+webhackspro.com: could not connect to host
+webhosting4.net: did not receive HSTS header
+webhostingpros.ml: could not connect to host
+webies.ro: did not receive HSTS header
+webm.to: could not connect to host
+webmail.mayfirst.org: did not receive HSTS header
+webmaniabr.com: did not receive HSTS header
+webmarketingfestival.it: did not receive HSTS header
+webninja.work: could not connect to host
+webnosql.com: could not connect to host
+webperformance.ru: could not connect to host
+webproject.rocks: could not connect to host
+webproshosting.tk: could not connect to host
+webpublica.pt: could not connect to host
+webrebels.org: could not connect to host
+websandbox.uk: did not receive HSTS header
+websitedesign.bg: did not receive HSTS header
+webspotter.nl: could not connect to host
+webstationservice.fr: could not connect to host
+webstellung.com: did not receive HSTS header
+webstory.xyz: did not receive HSTS header
+webswitch.io: could not connect to host
+webtar.info: could not connect to host
+webtech.com.br: could not connect to host
+webtechgadgetry.com: could not connect to host
+webthings.com.br: could not connect to host
+webtiles.co.uk: could not connect to host
+webuni.hu: did not receive HSTS header
+webveloper.com: max-age too low: 0
+webwork.pw: could not connect to host
+webypass.xyz: could not connect to host
+wecanfindit.co.za: could not connect to host
+wecanvisit.com: could not connect to host
+weddingenvelopes.co.uk: did not receive HSTS header
+weddingibiza.nl: could not connect to host
+weebsr.us: could not connect to host
+weed.ren: could not connect to host
+weekly.fyi: could not connect to host
+wegenaer.nl: could not connect to host
+weiji.ga: could not connect to host
+weiler.xyz: could not connect to host
+weiyuz.com: max-age too low: 6585555
+wejumall.com: could not connect to host
+wekibe.de: could not connect to host
+welby.cat: could not connect to host
+welkers.org: could not connect to host
+wellastore.ru: could not connect to host
+wellcomp.com.br: did not receive HSTS header
+wellies.com.au: max-age too low: 7889238
+wellness.so: could not connect to host
+wellproducedwines.com: did not receive HSTS header
+wellsolveit.com: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+welpy.com: could not connect to host
+weltentreff.com: could not connect to host
+weltmeisterschaft.net: could not connect to host
+weme.eu: could not connect to host
+wendalyncheng.com: did not receive HSTS header
+wenz.io: did not receive HSTS header
+werdeeintimo.de: did not receive HSTS header
+wereldplanner.nl: could not connect to host
+werhatunsverraten.eu: could not connect to host
+werkenbijkfc.nl: did not receive HSTS header
+werkplaatsoost.nl: did not receive HSTS header
+werkruimtebottendaal.nl: did not receive HSTS header
+wesleyharris.ca: did not receive HSTS header
+wespeakgeek.co.za: could not connect to host
+westendzone.com: max-age too low: 0
+westerhoud.nl: did not receive HSTS header
+westlinwinds.com: did not receive HSTS header
+westsussexconnecttosupport.org: could not connect to host
+wetoxic.com: did not receive HSTS header
+wettbonus.info: did not receive HSTS header
+wettbuero.de: did not receive HSTS header
+wetten.eu: did not receive HSTS header
+wettertoertchen.com: could not connect to host
+wetthost.com: could not connect to host
+wetttipps.com: could not connect to host
+wetttipps.de: could not connect to host
+wevahoo.com: could not connect to host
+wevg.org: could not connect to host
+wevolver.com: did not receive HSTS header
+wewillgo.com: could not connect to host
+wewillgo.org: did not receive HSTS header
+wewlad.me: did not receive HSTS header
+wftda.com: did not receive HSTS header
+wg-tools.de: could not connect to host
+whatnext.limited: did not receive HSTS header
+whats.io: could not connect to host
+whatsstalk.me: could not connect to host
+whatsyouroffer.co.uk: did not receive HSTS header
+when-release.ru: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+whereisjason.com: could not connect to host
+whereismyorigin.cf: could not connect to host
+wheresben.today: could not connect to host
+whilsttraveling.com: could not connect to host
+whisker.network: could not connect to host
+whiskyglazen.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+whitehat.id: could not connect to host
+whiterabbit.org: did not receive HSTS header
+whiterabbitcakery.com: could not connect to host
+whitestagforge.com: did not receive HSTS header
+whitewinterwolf.com: could not connect to host
+whitworth.nyc: could not connect to host
+whoclicks.net: could not connect to host
+whoisapi.online: could not connect to host
+wholebites.com: max-age too low: 7889238
+wholesomeharvestbread.com: max-age too low: 86400
+whoshotya.de: did not receive HSTS header
+whysuck.com: could not connect to host
+wibuw.com: could not connect to host
+wienholding.at: max-age too low: 0
+wieninternational.at: did not receive HSTS header
+wificafehosting.com: did not receive HSTS header
+wifimapa.cz: could not connect to host
+wiiforum.no: did not receive HSTS header
+wiire.me: could not connect to host
+wikiclash.info: could not connect to host
+wikipeter.nl: did not receive HSTS header
+wikisports.eu: could not connect to host
+wildbee.org: could not connect to host
+wilddog.com: did not receive HSTS header
+wildewood.ca: could not connect to host
+wilf1rst.com: could not connect to host
+wilhelm-nathan.de: could not connect to host
+willcipriano.com: could not connect to host
+william.si: did not receive HSTS header
+williamsapiens.com: could not connect to host
+willkommen-fuerstenberg.de: could not connect to host
+willosagiede.com: did not receive HSTS header
+winaes.com: did not receive HSTS header
+winclient.cn: could not connect to host
+windowsforum.com: max-age too low: 0
+winds.cf: could not connect to host
+winecodeavocado.com: could not connect to host
+winfield.me.uk: did not receive HSTS header
+winged.io: could not connect to host
+wingos.net: could not connect to host
+wingumd.net: could not connect to host
+winnersports.co: could not connect to host
+winpack.cf: could not connect to host
+winpack.eu.org: could not connect to host
+winsec.nl: could not connect to host
+winshiplending.com: did not receive HSTS header
+winsufi.biz: could not connect to host
+wintercircle.co: did not receive HSTS header
+wipc.net: could not connect to host
+wipply.com: did not receive HSTS header
+wirc.gr: could not connect to host
+wireframesoftware.com: could not connect to host
+wisak.eu: could not connect to host
+wiseloan.com: did not receive HSTS header
+wishcert.com: could not connect to host
+wishesbee.com: could not connect to host
+wispapp.com: did not receive HSTS header
+wissl.org: could not connect to host
+withgoogle.com: did not receive HSTS header (error ignored - included regardless)
+withmy.beer: could not connect to host
+withustrading.com: could not connect to host
+withyoutube.com: did not receive HSTS header (error ignored - included regardless)
+wittcher.com: could not connect to host
+wittydonut.com: could not connect to host
+witzemaschine.com: did not receive HSTS header
+wiz.biz: could not connect to host
+wizznab.tk: could not connect to host
+wk-cpm.com: could not connect to host
+wlzhiyin.cn: could not connect to host
+wmawri.com: could not connect to host
+wmcuk.net: could not connect to host
+wmfinanz.com: could not connect to host
+wmoda.com.br: could not connect to host
+wnmm.nl: could not connect to host
+wnnc.co.uk: did not receive HSTS header
+wobblylang.org: could not connect to host
+wochenentwicklung.com: did not receive HSTS header
+wodice.com: could not connect to host
+wohnungsbau-ludwigsburg.de: did not receive HSTS header
+woima.fi: max-age too low: 604800
+wolfemg.com: could not connect to host
+wolfenland.net: could not connect to host
+wolfesden.com: could not connect to host
+wolfwings.us: could not connect to host
+womf.org: did not receive HSTS header
+womosale.de: could not connect to host
+wonder.com.mx: max-age too low: 86400
+wonderbooks.club: could not connect to host
+wonderfall.xyz: could not connect to host
+wondy.com: could not connect to host
+woodlandschurch.net: max-age too low: 43200
+woodmafia.com.au: could not connect to host
+woodworkertip.com: did not receive HSTS header
+woomu.me: could not connect to host
+woording.com: could not connect to host
+wootton95.com: could not connect to host
+wooviet.com: could not connect to host
+work-and-jockel.de: did not receive HSTS header
+workemy.com: could not connect to host
+workfone.io: did not receive HSTS header
+workgrouptech.org: could not connect to host
+workingclassmedia.com: did not receive HSTS header
+workpermit.com.vn: could not connect to host
+worldfree4.org: could not connect to host
+worldlist.org: could not connect to host
+worldpeacetechnology.com: could not connect to host
+worldsbeststory.com: did not receive HSTS header
+worldwhisperer.net: could not connect to host
+worshapp.com: could not connect to host
+wow-foederation.de: could not connect to host
+wowapi.org: could not connect to host
+wowinvasion.com: did not receive HSTS header
+wp-fastsearch.de: could not connect to host
+wp-rescue.com.au: did not receive HSTS header
+wp-stack.pro: could not connect to host
+wp6.pw: could not connect to host
+wpblog.com.tw: could not connect to host
+wpcarer.pro: could not connect to host
+wpdublin.com: did not receive HSTS header
+wpfortify.com: did not receive HSTS header
+wphome.org: could not connect to host
+wphostingspot.com: did not receive HSTS header
+wplatin.com: did not receive HSTS header
+wpmetadatastandardsproject.org: could not connect to host
+wpruby.com: did not receive HSTS header
+wpturnedup.com: did not receive HSTS header
+wpunpacked.com: could not connect to host
+wpyecom.es: did not receive HSTS header
+wpzhiku.com: did not receive HSTS header
+wql.zj.cn: did not receive HSTS header
+wrbunderwriting.com: did not receive HSTS header
+wrightdoumawedding.com: could not connect to host
+writeapp.me: did not receive HSTS header
+wrldevelopment.com: did not receive HSTS header
+wrwg.ca: could not connect to host
+wscbiolo.id: did not receive HSTS header
+wsdcap.com: could not connect to host
+wsscompany.com.ve: could not connect to host
+wsup.social: could not connect to host
+wubocong.com: could not connect to host
+wubthecaptain.eu: could not connect to host
+wuchipc.com: could not connect to host
+wuetix.de: max-age too low: 0
+wuhengmin.com: could not connect to host
+wulpi.it: did not receive HSTS header
+wundtherapie-schulung.de: could not connect to host
+wurzelzwerg.net: could not connect to host
+wusx.club: could not connect to host
+wvr-law.de: did not receive HSTS header
+ww2onlineshop.com: did not receive HSTS header
+www-001133.com: could not connect to host
+www-0385.com: could not connect to host
+www-1116.com: did not receive HSTS header
+www-1117.com: could not connect to host
+www-39988.com: did not receive HSTS header
+www-507.net: could not connect to host
+www-68277.com: could not connect to host
+www-746.com: could not connect to host
+www-771122.com: did not receive HSTS header
+www-8003.com: did not receive HSTS header
+www-88599.com: did not receive HSTS header
+www-8887999.com: could not connect to host
+www-9995.com: did not receive HSTS header
+www-djbet.com: did not receive HSTS header
+www-jinshavip.com: could not connect to host
+www.cueup.com: could not connect to host
+www.cyveillance.com: did not receive HSTS header
+www.developer.mydigipass.com: could not connect to host
+www.elanex.biz: did not receive HSTS header
+www.gamesdepartment.co.uk: did not receive HSTS header
+www.gmail.com: did not receive HSTS header (error ignored - included regardless)
+www.googlemail.com: did not receive HSTS header (error ignored - included regardless)
+www.gpo.gov: did not receive HSTS header
+www.greplin.com: could not connect to host
+www.honeybadger.io: did not receive HSTS header
+www.jitsi.org: did not receive HSTS header
+www.ledgerscope.net: could not connect to host
+www.logentries.com: did not receive HSTS header
+www.moneybookers.com: did not receive HSTS header
+www.neonisi.com: could not connect to host
+www.paycheckrecords.com: did not receive HSTS header
+www.re: could not connect to host
+www.rme.li: did not receive HSTS header
+www.sandbox.mydigipass.com: could not connect to host
+www.sb: could not connect to host
+www.surfeasy.com: did not receive HSTS header
+www.viasinc.com: did not receive HSTS header
+www.zenpayroll.com: did not receive HSTS header
+www3.info: did not receive HSTS header
+wxukang.cn: could not connect to host
+wybmabiity.com: could not connect to host
+wygluszanie.eu: did not receive HSTS header
+wyzphoto.nl: did not receive HSTS header
+x-power-detox.com: could not connect to host
+x-ripped-hd.com: could not connect to host
+x23.eu: could not connect to host
+x2c0.net: did not receive HSTS header
+x2w.io: could not connect to host
+x3led.com: could not connect to host
+x509.pub: could not connect to host
+x509.pw: could not connect to host
+xanderweaver.com: did not receive HSTS header
+xandocs.com: could not connect to host
+xat.re: could not connect to host
+xavierbarroso.com: could not connect to host
+xbc.nz: could not connect to host
+xbind.io: could not connect to host
+xchating.com: could not connect to host
+xcoop.me: could not connect to host
+xdd.io: could not connect to host
+xehoivn.vn: did not receive HSTS header
+xellos.ga: could not connect to host
+xellos.ml: could not connect to host
+xenesisziarovky.sk: could not connect to host
+xeonlab.com: could not connect to host
+xeonlab.de: could not connect to host
+xett.com: did not receive HSTS header
+xf-liam.com: did not receive HSTS header
+xfd3.de: did not receive HSTS header
+xfive.de: could not connect to host
+xgusto.com: did not receive HSTS header
+xia100.xyz: could not connect to host
+xiangqiushi.com: did not receive HSTS header
+xianguocy.com: could not connect to host
+xiaody.me: could not connect to host
+xiaolvmu.com: could not connect to host
+xiaolvmu.me: could not connect to host
+xiaoxiao.im: could not connect to host
+ximens.me: could not connect to host
+xinbiji.cn: could not connect to host
+xing.ml: could not connect to host
+xisa.it: could not connect to host
+xivpn.com: could not connect to host
+xiyu.moe: could not connect to host
+xmr.my: could not connect to host
+xmv.cz: could not connect to host
+xn--3lqp21gwna.xn--fiqs8s: could not connect to host
+xn--3lqp21gwna.xn--fiqz9s: could not connect to host
+xn--3lqt7ir4md4tzwa.cn: did not receive HSTS header
+xn--3lqt7ir4md4tzwa.xn--fiqs8s: did not receive HSTS header
+xn--3px.jp: could not connect to host
+xn--4dbjwf8c.cf: could not connect to host
+xn--4dbjwf8c.ga: could not connect to host
+xn--4dbjwf8c.gq: could not connect to host
+xn--4dbjwf8c.ml: could not connect to host
+xn--4dbjwf8c.tk: could not connect to host
+xn--6cv66l79sp0n0ibo7s9ne.xyz: could not connect to host
+xn--7rvz7ku3ppnr.jp: could not connect to host
+xn--7v8h.cf: could not connect to host
+xn--80aaihqncaejjobbu6v.xn--p1ai: did not receive HSTS header
+xn--80ablh1c.online: could not connect to host
+xn--80aocgsfei.xn--p1ai: could not connect to host
+xn--98jm6m.jp: did not receive HSTS header
+xn--9pr52k0p5a.com: did not receive HSTS header
+xn--bstlinser-v2a.com: could not connect to host
+xn--c5w27q.ml: could not connect to host
+xn--datenrettung-mnchen-jbc.com: did not receive HSTS header
+xn--ekr87w7se89ay98ezcs.biz: did not receive HSTS header
+xn--gmq92k.nagoya: did not receive HSTS header
+xn--jobbrse-d1a.de: max-age too low: 0
+xn--jp-6l5cs1yf3ivjsglphyv.net: could not connect to host
+xn--l8j9d2b.jp: did not receive HSTS header
+xn--lgb3a8bcpn.cf: could not connect to host
+xn--lgb3a8bcpn.ga: could not connect to host
+xn--lgb3a8bcpn.gq: could not connect to host
+xn--lgb3a8bcpn.ml: could not connect to host
+xn--ls8hi7a.tk: could not connect to host
+xn--milchaufschumer-test-lzb.de: could not connect to host
+xn--neb-tma3u8u.xyz: could not connect to host
+xn--p8jskj.jp: did not receive HSTS header
+xn--pck4e3a2ex597b4ml.xyz: did not receive HSTS header
+xn--qckqc0nxbyc4cdb4527err7c.biz: did not receive HSTS header
+xn--srenpind-54a.dk: could not connect to host
+xn--t8j2a3042d.xyz: could not connect to host
+xn--u9jy16ncfao19mo8i.nagoya: did not receive HSTS header
+xn--uist1idrju3i.jp: did not receive HSTS header
+xn--w22a.jp: did not receive HSTS header
+xn--wmq.jp: did not receive HSTS header
+xn--xdtx3pfzbiw3ar8e7yedqrhui.com: could not connect to host
+xn--yj8h0m.ws: could not connect to host
+xn--ykrp42k.com: could not connect to host
+xn--yoamomisuasbcn-ynb.com: could not connect to host
+xn--zck9a4b352yuua.jp: did not receive HSTS header
+xobox.me: could not connect to host
+xoda.pw: did not receive HSTS header
+xoffy.com: did not receive HSTS header
+xom.party: could not connect to host
+xombra.com: did not receive HSTS header
+xor-a.net: could not connect to host
+xperiacodes.com: could not connect to host
+xpi.fr: could not connect to host
+xpj.sx: could not connect to host
+xpwn.cz: could not connect to host
+xrp.pw: could not connect to host
+xtom.email: could not connect to host
+xtream-hosting.com: could not connect to host
+xtream-hosting.de: could not connect to host
+xtream-hosting.eu: could not connect to host
+xtreamhosting.eu: could not connect to host
+xtrim.ru: did not receive HSTS header
+xuexb.com: did not receive HSTS header
+xunn.io: did not receive HSTS header
+xuntaosms.com: could not connect to host
+xuwei.de: max-age too low: 0
+xuyh0120.win: did not receive HSTS header
+xwaretech.info: could not connect to host
+xxbase.com: could not connect to host
+xynex.us: could not connect to host
+y-o-w.com: did not receive HSTS header
+y-s.pw: could not connect to host
+y3451.com: could not connect to host
+yabrt.cn: could not connect to host
+yachts-magazine.com: did not receive HSTS header
+yagi2.com: could not connect to host
+yahoo.ax: could not connect to host
+yamamo10.com: could not connect to host
+yameveo.com: did not receive HSTS header
+yanwh.xyz: did not receive HSTS header
+yaporn.tv: did not receive HSTS header
+yarchives.jp: could not connect to host
+yard-fu.com: could not connect to host
+yardbird.us: could not connect to host
+yarnhookup.com: did not receive HSTS header
+yasinaydin.net: did not receive HSTS header
+yasutomonodokoiko.com: did not receive HSTS header
+yaucy.win: could not connect to host
+ycc.wtf: could not connect to host
+ycm2.wtf: could not connect to host
+yd.io: could not connect to host
+ydy.jp: could not connect to host
+yecl.net: did not receive HSTS header
+yello.website: could not connect to host
+yellowcar.website: could not connect to host
+yemekbaz.az: could not connect to host
+yenniferallulli.com: could not connect to host
+yenniferallulli.de: could not connect to host
+yenniferallulli.es: did not receive HSTS header
+yenniferallulli.moda: could not connect to host
+yenniferallulli.nl: could not connect to host
+yesdevnull.net: did not receive HSTS header
+yesfone.com.br: could not connect to host
+yestees.com: did not receive HSTS header
+yetcore.io: could not connect to host
+yffengshi.ml: could not connect to host
+yggdar.ga: could not connect to host
+yhori.xyz: could not connect to host
+yhrd.org: did not receive HSTS header
+yibin0831.com: could not connect to host
+yikzu.cn: could not connect to host
+yin.roma.it: did not receive HSTS header
+ying299.com: could not connect to host
+ying299.net: could not connect to host
+yingsuo.ltd: could not connect to host
+yingyj.com: did not receive HSTS header
+yinhe12.net: did not receive HSTS header
+yippie.nl: could not connect to host
+yizhu.com: could not connect to host
+ylk.io: could not connect to host
+ynode.co: did not receive HSTS header
+ynsn.nl: could not connect to host
+yntongji.com: could not connect to host
+yob.vn: could not connect to host
+yobst.tk: could not connect to host
+yoga-in-aying.de: did not receive HSTS header
+yoga.is-an-engineer.com: could not connect to host
+yogeshbeniwal.com: did not receive HSTS header
+yohanesmario.com: did not receive HSTS header
+yoiyado.info: did not receive HSTS header
+yokeepo.com: max-age too low: 0
+yoloboatrentals.com: did not receive HSTS header
+yoloprod.fr: could not connect to host
+yoloseo.com: could not connect to host
+yomepre.com: could not connect to host
+yopers.com: did not receive HSTS header
+yoru.me: did not receive HSTS header
+yotilabs.com: could not connect to host
+youcaitian.com: did not receive HSTS header
+youcontrol.ru: could not connect to host
+youfencun.com: did not receive HSTS header
+youlog.net: could not connect to host
+youngandunited.nl: did not receive HSTS header
+youon.tokyo: could not connect to host
+yourbapp.ch: could not connect to host
+yourcomputer.expert: did not receive HSTS header
+yourgame.co.il: did not receive HSTS header
+yourhair.net: max-age too low: 518400
+yoursecondphone.co: could not connect to host
+yourstrongbox.com: could not connect to host
+yourznc.com: could not connect to host
+yousite.by: could not connect to host
+youyoulemon.com: did not receive HSTS header
+ypiresia.fr: could not connect to host
+ytcuber.xyz: could not connect to host
+ytvwld.de: did not receive HSTS header
+yu7.jp: did not receive HSTS header
+yudan.com.br: could not connect to host
+yude.ml: could not connect to host
+yufan.me: did not receive HSTS header
+yuhen.ru: did not receive HSTS header
+yukiminami.net: could not connect to host
+yuko.moe: could not connect to host
+yukonrefugees.com: could not connect to host
+yum.beer: could not connect to host
+yum0.cn: could not connect to host
+yummyfamilyrecipes.com: could not connect to host
+yunpan.blue: did not receive HSTS header
+yuntama.xyz: could not connect to host
+yunzhan.io: did not receive HSTS header
+yunzhu.li: did not receive HSTS header
+yunzhu.org: could not connect to host
+yuriykuzmin.com: did not receive HSTS header
+yutabon.com: could not connect to host
+yuushou.com: could not connect to host
+yux.fr: could not connect to host
+yux.io: did not receive HSTS header
+ywei.org: could not connect to host
+ywyz.tech: could not connect to host
+yzal.io: could not connect to host
+z3liff.com: could not connect to host
+z3liff.net: could not connect to host
+zachbolinger.com: could not connect to host
+zadieheimlich.com: did not receive HSTS header
+zakoncontrol.com: did not receive HSTS header
+zamorano.edu: could not connect to host
+zamos.ru: max-age too low: 0
+zaneweb.org: could not connect to host
+zao.fi: could not connect to host
+zaoext.com: could not connect to host
+zaoshanghao-dajia.rhcloud.com: could not connect to host
+zap.yt: did not receive HSTS header
+zarooba.com: could not connect to host
+zavca.com: did not receive HSTS header
+zbasenem.pl: did not receive HSTS header
+zbchen.com: could not connect to host
+zbigniewgalucki.eu: did not receive HSTS header
+zdravotnickasluzba.eu: could not connect to host
+zdrowiepaleo.pl: did not receive HSTS header
+zebbra.ro: did not receive HSTS header
+zebrababy.cn: could not connect to host
+zebry.nl: could not connect to host
+zecrypto.com: could not connect to host
+zeedroom.be: did not receive HSTS header
+zefiris.org: did not receive HSTS header
+zefu.ca: could not connect to host
+zehntner.ch: could not connect to host
+zeitzer-turngala.de: could not connect to host
+zelfmoord.ga: could not connect to host
+zelfstandigemakelaars.net: could not connect to host
+zenghx.tk: could not connect to host
+zenhaiku.com: did not receive HSTS header
+zenpayroll.com: did not receive HSTS header
+zentience.dk: did not receive HSTS header
+zentience.net: did not receive HSTS header
+zentience.org: could not connect to host
+zentraler-kreditausschuss.de: did not receive HSTS header
+zentralwolke.de: did not receive HSTS header
+zenwears.com: could not connect to host
+zera.com.au: could not connect to host
+zerekin.net: did not receive HSTS header
+zero-x-baadf00d.com: could not connect to host
+zeroday.sk: did not receive HSTS header
+zerofox.gq: could not connect to host
+zerolab.org: could not connect to host
+zeroml.ml: could not connect to host
+zerosource.net: could not connect to host
+zerudi.com: did not receive HSTS header
+zeto365.pl: did not receive HSTS header
+zett4.me: did not receive HSTS header
+zeytin.pro: could not connect to host
+zh1.li: could not connect to host
+zhang.wtf: could not connect to host
+zhangfangzhou.com: could not connect to host
+zhangge.net: did not receive HSTS header
+zhangruilin.com: did not receive HSTS header
+zhangsir.net: could not connect to host
+zhaochen.xyz: could not connect to host
+zhaojin97.cn: could not connect to host
+zhendingresources.com: did not receive HSTS header
+zhenmeish.com: could not connect to host
+zhh.in: could not connect to host
+zhihua-lai.com: did not receive HSTS header
+zhiin.net: could not connect to host
+zhikin.com: could not connect to host
+zhoujiashu.com: could not connect to host
+zhuji.com.cn: could not connect to host
+zi0r.com: did not receive HSTS header
+zian.online: could not connect to host
+zicklam.com: could not connect to host
+zifb.in: did not receive HSTS header
+zigcore.com.br: could not connect to host
+zihao.me: did not receive HSTS header
+zikirakhirzaman.com: could not connect to host
+zinc-x.com: did not receive HSTS header
+zinenapse.info: could not connect to host
+zippy-download.com: could not connect to host
+zippy-download.de: could not connect to host
+zirtue.io: could not connect to host
+zivagold.com: did not receive HSTS header
+zivy-ruzenec.cz: did not receive HSTS header
+ziyuanabc.xyz: could not connect to host
+zizoo.com: did not receive HSTS header
+zju.tv: could not connect to host
+zjubtv.com: could not connect to host
+zjutv.com: could not connect to host
+zkillboard.com: did not receive HSTS header
+zking.ga: could not connect to host
+zlcp.com: could not connect to host
+zmsastro.co.za: could not connect to host
+zmy.im: could not connect to host
+znacite.com: did not receive HSTS header
+znd.jp: did not receive HSTS header
+zobraz.cz: could not connect to host
+zocken.com: did not receive HSTS header
+zoe.vc: could not connect to host
+zohar.link: could not connect to host
+zokster.net: could not connect to host
+zolotoy-standart.com.ua: did not receive HSTS header
+zomiac.pp.ua: could not connect to host
+zoneminder.com: did not receive HSTS header
+zoners.si: did not receive HSTS header
+zonky.io: could not connect to host
+zoo24.de: did not receive HSTS header
+zoofaeth.de: did not receive HSTS header
+zoomingin.net: max-age too low: 5184000
+zoommailing.com: did not receive HSTS header
+zoorigin.com: did not receive HSTS header
+zorasvobodova.cz: did not receive HSTS header
+zortium.report: could not connect to host
+zoznamrealit.sk: did not receive HSTS header
+zqhong.com: could not connect to host
+zqjs.tk: could not connect to host
+zqwqz.com: max-age too low: 0
+zrt.io: did not receive HSTS header
+ztan.tk: could not connect to host
+ztcaoll222.cn: did not receive HSTS header
+ztytian.com: did not receive HSTS header
+zubel.it: did not receive HSTS header
+zudomc.me: could not connect to host
+zuehlcke.de: could not connect to host
+zunftmarke.de: did not receive HSTS header
+zuram.net: could not connect to host
+zuviel.space: could not connect to host
+zvncloud.com: did not receive HSTS header
+zwembadheeten.nl: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsISiteSecurityService.processHeader]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: /builds/slave/m-esr52-l64-periodicupdate-000/getHSTSPreloadList.js :: processStsHeader :: line 121"  data: no]
+zwollemagazine.nl: did not receive HSTS header
+zyf.pw: could not connect to host
+zymbit.com: did not receive HSTS header
+zync.ca: did not receive HSTS header
+zypgr.com: could not connect to host
+zyso.org: could not connect to host
+zzb510.com: did not receive HSTS header
+zzb6688.com: did not receive HSTS header
+zzb8899.com: did not receive HSTS header
+zzw.ca: could not connect to host
diff --git a/security/manager/ssl/nsSTSPreloadList.inc b/security/manager/ssl/nsSTSPreloadList.inc
new file mode 100644
index 000000000..ec59ba0dc
--- /dev/null
+++ b/security/manager/ssl/nsSTSPreloadList.inc
@@ -0,0 +1,62431 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/*****************************************************************************/
+/* This is an automatically generated file. If you're not                    */
+/* nsSiteSecurityService.cpp, you shouldn't be #including it.     */
+/*****************************************************************************/
+
+#include <stdint.h>
+const PRTime gPreloadListExpirationTime = INT64_C(1527192147845000);
+
+static const char kSTSHostTable[] = {
+  /* "0.me.uk", true */ '0', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "0005pay.com", true */ '0', '0', '0', '5', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "0010100.net", true */ '0', '0', '1', '0', '1', '0', '0', '.', 'n', 'e', 't', '\0',
+  /* "007-preisvergleich.de", true */ '0', '0', '7', '-', 'p', 'r', 'e', 'i', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "00881919.com", true */ '0', '0', '8', '8', '1', '9', '1', '9', '.', 'c', 'o', 'm', '\0',
+  /* "00f.net", true */ '0', '0', 'f', '.', 'n', 'e', 't', '\0',
+  /* "00wbf.com", true */ '0', '0', 'w', 'b', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "0100dev.com", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "0100dev.nl", true */ '0', '1', '0', '0', 'd', 'e', 'v', '.', 'n', 'l', '\0',
+  /* "01electronica.com.ar", true */ '0', '1', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "01seguridad.com.ar", true */ '0', '1', 's', 'e', 'g', 'u', 'r', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "0222.mg", true */ '0', '2', '2', '2', '.', 'm', 'g', '\0',
+  /* "023838.com", true */ '0', '2', '3', '8', '3', '8', '.', 'c', 'o', 'm', '\0',
+  /* "023sec.com", true */ '0', '2', '3', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "03-09-2016.wedding", true */ '0', '3', '-', '0', '9', '-', '2', '0', '1', '6', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "040fitvitality.nl", true */ '0', '4', '0', 'f', 'i', 't', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "046569.com", true */ '0', '4', '6', '5', '6', '9', '.', 'c', 'o', 'm', '\0',
+  /* "04sun.com", true */ '0', '4', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "050media.nl", true */ '0', '5', '0', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "0513c.com", true */ '0', '5', '1', '3', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "0573wk.com", true */ '0', '5', '7', '3', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "06se.com", true */ '0', '6', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "0au.de", true */ '0', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "0c.eu", true */ '0', 'c', '.', 'e', 'u', '\0',
+  /* "0c3.de", true */ '0', 'c', '3', '.', 'd', 'e', '\0',
+  /* "0cdn.ga", true */ '0', 'c', 'd', 'n', '.', 'g', 'a', '\0',
+  /* "0day.agency", true */ '0', 'd', 'a', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "0ik.de", true */ '0', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "0iz.net", true */ '0', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "0knowledge.de", true */ '0', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "0paste.com", true */ '0', 'p', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "0wx.cat", true */ '0', 'w', 'x', '.', 'c', 'a', 't', '\0',
+  /* "0wx.es", true */ '0', 'w', 'x', '.', 'e', 's', '\0',
+  /* "0wx.eu", true */ '0', 'w', 'x', '.', 'e', 'u', '\0',
+  /* "0wx.org", true */ '0', 'w', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "0x.cx", true */ '0', 'x', '.', 'c', 'x', '\0',
+  /* "0x.sk", true */ '0', 'x', '.', 's', 'k', '\0',
+  /* "0x00ff00ff.com", true */ '0', 'x', '0', '0', 'f', 'f', '0', '0', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "0x17.de", true */ '0', 'x', '1', '7', '.', 'd', 'e', '\0',
+  /* "0x52.net", true */ '0', 'x', '5', '2', '.', 'n', 'e', 't', '\0',
+  /* "0x539.be", true */ '0', 'x', '5', '3', '9', '.', 'b', 'e', '\0',
+  /* "0x65.net", true */ '0', 'x', '6', '5', '.', 'n', 'e', 't', '\0',
+  /* "0x7d.com", true */ '0', 'x', '7', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "0x7fffffff.net", true */ '0', 'x', '7', 'f', 'f', 'f', 'f', 'f', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "0x90.in", true */ '0', 'x', '9', '0', '.', 'i', 'n', '\0',
+  /* "0x90.io", true */ '0', 'x', '9', '0', '.', 'i', 'o', '\0',
+  /* "0xaa55.me", true */ '0', 'x', 'a', 'a', '5', '5', '.', 'm', 'e', '\0',
+  /* "0xabe.io", true */ '0', 'x', 'a', 'b', 'e', '.', 'i', 'o', '\0',
+  /* "0xacab.org", true */ '0', 'x', 'a', 'c', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "0xcafec0.de", true */ '0', 'x', 'c', 'a', 'f', 'e', 'c', '0', '.', 'd', 'e', '\0',
+  /* "0xda.de", true */ '0', 'x', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "0xdc.io", false */ '0', 'x', 'd', 'c', '.', 'i', 'o', '\0',
+  /* "0xdefaced.de", true */ '0', 'x', 'd', 'e', 'f', 'a', 'c', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "0xee.eu", true */ '0', 'x', 'e', 'e', '.', 'e', 'u', '\0',
+  /* "0xf00.ch", true */ '0', 'x', 'f', '0', '0', '.', 'c', 'h', '\0',
+  /* "0xfc.de", true */ '0', 'x', 'f', 'c', '.', 'd', 'e', '\0',
+  /* "0xn.de", true */ '0', 'x', 'n', '.', 'd', 'e', '\0',
+  /* "0yen.org", true */ '0', 'y', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "1-2-3bounce.co.uk", true */ '1', '-', '2', '-', '3', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "100-downloads.com", true */ '1', '0', '0', '-', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "10000v.ru", true */ '1', '0', '0', '0', '0', 'v', '.', 'r', 'u', '\0',
+  /* "1000hats.com", true */ '1', '0', '0', '0', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1000minds.com", true */ '1', '0', '0', '0', 'm', 'i', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1000serien.com", true */ '1', '0', '0', '0', 's', 'e', 'r', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "1001.best", true */ '1', '0', '0', '1', '.', 'b', 'e', 's', 't', '\0',
+  /* "1001kerstpakketten.com", false */ '1', '0', '0', '1', 'k', 'e', 'r', 's', 't', 'p', 'a', 'k', 'k', 'e', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "100and1.jp", true */ '1', '0', '0', 'a', 'n', 'd', '1', '.', 'j', 'p', '\0',
+  /* "100kredite.de", true */ '1', '0', '0', 'k', 'r', 'e', 'd', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "100mani.it", true */ '1', '0', '0', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0',
+  /* "100onrainkajino.com", true */ '1', '0', '0', 'o', 'n', 'r', 'a', 'i', 'n', 'k', 'a', 'j', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "100pounds.co.uk", true */ '1', '0', '0', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "100rembourse.be", true */ '1', '0', '0', 'r', 'e', 'm', 'b', 'o', 'u', 'r', 's', 'e', '.', 'b', 'e', '\0',
+  /* "1011100.com", true */ '1', '0', '1', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "101sauna.kz", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'k', 'z', '\0',
+  /* "101sauna.ru", true */ '1', '0', '1', 's', 'a', 'u', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "1041263497.rsc.cdn77.org", true */ '1', '0', '4', '1', '2', '6', '3', '4', '9', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1066.io", true */ '1', '0', '6', '6', '.', 'i', 'o', '\0',
+  /* "10gbit.ovh", true */ '1', '0', 'g', 'b', 'i', 't', '.', 'o', 'v', 'h', '\0',
+  /* "10hz.de", true */ '1', '0', 'h', 'z', '.', 'd', 'e', '\0',
+  /* "10og.de", true */ '1', '0', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "10x.ooo", true */ '1', '0', 'x', '.', 'o', 'o', 'o', '\0',
+  /* "1100.so", true */ '1', '1', '0', '0', '.', 's', 'o', '\0',
+  /* "1116pay.com", true */ '1', '1', '1', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "112app.nl", true */ '1', '1', '2', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "112hz.com", true */ '1', '1', '2', 'h', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "11loc.de", true */ '1', '1', 'l', 'o', 'c', '.', 'd', 'e', '\0',
+  /* "11scc.com", true */ '1', '1', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "11thstreetcoffee.com", true */ '1', '1', 't', 'h', 's', 't', 'r', 'e', 'e', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "11urss.com", true */ '1', '1', 'u', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1212873467.rsc.cdn77.org", true */ '1', '2', '1', '2', '8', '7', '3', '4', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1218641649.rsc.cdn77.org", true */ '1', '2', '1', '8', '6', '4', '1', '6', '4', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "123comparer.fr", true */ '1', '2', '3', 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "123djdrop.com", true */ '1', '2', '3', 'd', 'j', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "123midterm.com", true */ '1', '2', '3', 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "123movies.fyi", true */ '1', '2', '3', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "123pay.ir", true */ '1', '2', '3', 'p', 'a', 'y', '.', 'i', 'r', '\0',
+  /* "123plons.nl", true */ '1', '2', '3', 'p', 'l', 'o', 'n', 's', '.', 'n', 'l', '\0',
+  /* "123termpapers.com", true */ '1', '2', '3', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "123test.com", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "123test.nl", true */ '1', '2', '3', 't', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "125m125.de", true */ '1', '2', '5', 'm', '1', '2', '5', '.', 'd', 'e', '\0',
+  /* "12vpn.net", true */ '1', '2', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "130.ua", true */ '1', '3', '0', '.', 'u', 'a', '\0',
+  /* "132kv.ch", true */ '1', '3', '2', 'k', 'v', '.', 'c', 'h', '\0',
+  /* "13318522.com", true */ '1', '3', '3', '1', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "1359826938.rsc.cdn77.org", true */ '1', '3', '5', '9', '8', '2', '6', '9', '3', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1395kj.com", true */ '1', '3', '9', '5', 'k', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "1396.net", true */ '1', '3', '9', '6', '.', 'n', 'e', 't', '\0',
+  /* "13th-dover.uk", true */ '1', '3', 't', 'h', '-', 'd', 'o', 'v', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "1453914078.rsc.cdn77.org", true */ '1', '4', '5', '3', '9', '1', '4', '0', '7', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1464424382.rsc.cdn77.org", true */ '1', '4', '6', '4', '4', '2', '4', '3', '8', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "14it.de", true */ '1', '4', 'i', 't', '.', 'd', 'e', '\0',
+  /* "14x3.de", true */ '1', '4', 'x', '3', '.', 'd', 'e', '\0',
+  /* "15-10.com", true */ '1', '5', '-', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "1511774230.rsc.cdn77.org", true */ '1', '5', '1', '1', '7', '7', '4', '2', '3', '0', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1590284872.rsc.cdn77.org", true */ '1', '5', '9', '0', '2', '8', '4', '8', '7', '2', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1600esplanade.com", true */ '1', '6', '0', '0', 'e', 's', 'p', 'l', 'a', 'n', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "16164f.com", true */ '1', '6', '1', '6', '4', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "1644091933.rsc.cdn77.org", true */ '1', '6', '4', '4', '0', '9', '1', '9', '3', '3', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "174.net.nz", true */ '1', '7', '4', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "1750studios.com", false */ '1', '7', '5', '0', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "17hats.com", true */ '1', '7', 'h', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "1844329061.rsc.cdn77.org", true */ '1', '8', '4', '4', '3', '2', '9', '0', '6', '1', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "188522.com", false */ '1', '8', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "18888msc.com", true */ '1', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "1888zr.com", true */ '1', '8', '8', '8', 'z', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "188dv.com", true */ '1', '8', '8', 'd', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "189dv.com", true */ '1', '8', '9', 'd', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "18f.gov", true */ '1', '8', 'f', '.', 'g', 'o', 'v', '\0',
+  /* "18f.gsa.gov", false */ '1', '8', 'f', '.', 'g', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "1912x.com", true */ '1', '9', '1', '2', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "19216811.online", true */ '1', '9', '2', '1', '6', '8', '1', '1', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "1921958389.rsc.cdn77.org", true */ '1', '9', '2', '1', '9', '5', '8', '3', '8', '9', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1972969867.rsc.cdn77.org", true */ '1', '9', '7', '2', '9', '6', '9', '8', '6', '7', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "1981612088.rsc.cdn77.org", true */ '1', '9', '8', '1', '6', '1', '2', '0', '8', '8', '.', 'r', 's', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "19hundert84.de", true */ '1', '9', 'h', 'u', 'n', 'd', 'e', 'r', 't', '8', '4', '.', 'd', 'e', '\0',
+  /* "1a-diamantscheiben.de", true */ '1', 'a', '-', 'd', 'i', 'a', 'm', 'a', 'n', 't', 's', 'c', 'h', 'e', 'i', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "1a-vermessung.at", true */ '1', 'a', '-', 'v', 'e', 'r', 'm', 'e', 's', 's', 'u', 'n', 'g', '.', 'a', 't', '\0',
+  /* "1a-werkstattgeraete.de", true */ '1', 'a', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'g', 'e', 'r', 'a', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "1cover.co.nz", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "1cover.com.au", true */ '1', 'c', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "1e9.nl", true */ '1', 'e', '9', '.', 'n', 'l', '\0',
+  /* "1er-secours.ch", true */ '1', 'e', 'r', '-', 's', 'e', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "1gsoft.com", true */ '1', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "1hourproofreading.com", true */ '1', 'h', 'o', 'u', 'r', 'p', 'r', 'o', 'o', 'f', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "1it.click", true */ '1', 'i', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "1item.co.il", true */ '1', 'i', 't', 'e', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "1js.de", true */ '1', 'j', 's', '.', 'd', 'e', '\0',
+  /* "1kando.com", false */ '1', 'k', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "1km.ro", true */ '1', 'k', 'm', '.', 'r', 'o', '\0',
+  /* "1kmi.co", true */ '1', 'k', 'm', 'i', '.', 'c', 'o', '\0',
+  /* "1morebounce.co.uk", true */ '1', 'm', 'o', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1nfr.com", false */ '1', 'n', 'f', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "1of16.de", true */ '1', 'o', 'f', '1', '6', '.', 'd', 'e', '\0',
+  /* "1on1on1.de", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 'd', 'e', '\0',
+  /* "1on1on1.tv", true */ '1', 'o', 'n', '1', 'o', 'n', '1', '.', 't', 'v', '\0',
+  /* "1p.ro", false */ '1', 'p', '.', 'r', 'o', '\0',
+  /* "1panorama.ru", true */ '1', 'p', 'a', 'n', 'o', 'r', 'a', 'm', 'a', '.', 'r', 'u', '\0',
+  /* "1para.net", true */ '1', 'p', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "1password.com", true */ '1', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "1pw.ca", true */ '1', 'p', 'w', '.', 'c', 'a', '\0',
+  /* "1px.tv", true */ '1', 'p', 'x', '.', 't', 'v', '\0',
+  /* "1rs.nl", true */ '1', 'r', 's', '.', 'n', 'l', '\0',
+  /* "1scope.com", true */ '1', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "1se2or3.com", true */ '1', 's', 'e', '2', 'o', 'r', '3', '.', 'c', 'o', 'm', '\0',
+  /* "1st-bounce.co.uk", true */ '1', 's', 't', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1st-community.de", true */ '1', 's', 't', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "1st4abounce.co.uk", true */ '1', 's', 't', '4', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stchoicefun.co.uk", true */ '1', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stclassbouncycastles.co.uk", true */ '1', 's', 't', 'c', 'l', 'a', 's', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stforfun.co.uk", true */ '1', 's', 't', 'f', 'o', 'r', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1stpeninsulabouncers.co.uk", true */ '1', 's', 't', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1ststop.co.uk", true */ '1', 's', 't', 's', 't', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1whw.co.uk", true */ '1', 'w', 'h', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "1wirelog.de", true */ '1', 'w', 'i', 'r', 'e', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "1wl.uk", true */ '1', 'w', 'l', '.', 'u', 'k', '\0',
+  /* "2.wtf", true */ '2', '.', 'w', 't', 'f', '\0',
+  /* "2048-spiel.de", true */ '2', '0', '4', '8', '-', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "2048game.co.uk", true */ '2', '0', '4', '8', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "208.es", true */ '2', '0', '8', '.', 'e', 's', '\0',
+  /* "20denier.com", true */ '2', '0', 'd', 'e', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "21.co.uk", true */ '2', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "21stnc.com", true */ '2', '1', 's', 't', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "21x9.org", true */ '2', '1', 'x', '9', '.', 'o', 'r', 'g', '\0',
+  /* "22scc.com", true */ '2', '2', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "2333.press", true */ '2', '3', '3', '3', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "2333666.xyz", true */ '2', '3', '3', '3', '6', '6', '6', '.', 'x', 'y', 'z', '\0',
+  /* "233abc.com", true */ '2', '3', '3', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "233blog.com", true */ '2', '3', '3', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "24-7.jp", true */ '2', '4', '-', '7', '.', 'j', 'p', '\0',
+  /* "246060.ru", true */ '2', '4', '6', '0', '6', '0', '.', 'r', 'u', '\0',
+  /* "247a.co.uk", true */ '2', '4', '7', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "247healthshop.com", true */ '2', '4', '7', 'h', 'e', 'a', 'l', 't', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "247medplan.com", true */ '2', '4', '7', 'm', 'e', 'd', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "24ip.com", true */ '2', '4', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "24ip.de", true */ '2', '4', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "24ip.fr", true */ '2', '4', 'i', 'p', '.', 'f', 'r', '\0',
+  /* "24kbet.com", true */ '2', '4', 'k', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "256k.me", true */ '2', '5', '6', 'k', '.', 'm', 'e', '\0',
+  /* "256pages.com", true */ '2', '5', '6', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "25reinyan25.net", true */ '2', '5', 'r', 'e', 'i', 'n', 'y', 'a', 'n', '2', '5', '.', 'n', 'e', 't', '\0',
+  /* "2600edinburgh.org", true */ '2', '6', '0', '0', 'e', 'd', 'i', 'n', 'b', 'u', 'r', 'g', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "2600hq.com", true */ '2', '6', '0', '0', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "263.info", true */ '2', '6', '3', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "27728522.com", true */ '2', '7', '7', '2', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "281180.de", true */ '2', '8', '1', '1', '8', '0', '.', 'd', 'e', '\0',
+  /* "29227.com", true */ '2', '9', '2', '2', '7', '.', 'c', 'o', 'm', '\0',
+  /* "2b3b.com", true */ '2', 'b', '3', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "2bas.nl", true */ '2', 'b', 'a', 's', '.', 'n', 'l', '\0',
+  /* "2bcompany.ch", true */ '2', 'b', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "2bis10.de", true */ '2', 'b', 'i', 's', '1', '0', '.', 'd', 'e', '\0',
+  /* "2bitout.com", true */ '2', 'b', 'i', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "2bouncy.com", true */ '2', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "2c-b.com", true */ '2', 'c', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "2c-d.com", true */ '2', 'c', '-', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "2c-e.com", true */ '2', 'c', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-2.com", true */ '2', 'c', '-', 't', '-', '2', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-7.com", true */ '2', 'c', '-', 't', '-', '7', '.', 'c', 'o', 'm', '\0',
+  /* "2c-t-8.com", true */ '2', 'c', '-', 't', '-', '8', '.', 'c', 'o', 'm', '\0',
+  /* "2cash.ru", true */ '2', 'c', 'a', 's', 'h', '.', 'r', 'u', '\0',
+  /* "2cv-fahrer.de", true */ '2', 'c', 'v', '-', 'f', 'a', 'h', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "2fm.ie", true */ '2', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "2fraud.pro", true */ '2', 'f', 'r', 'a', 'u', 'd', '.', 'p', 'r', 'o', '\0',
+  /* "2gen.com", true */ '2', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "2heartsbookings.co.uk", true */ '2', 'h', 'e', 'a', 'r', 't', 's', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "2hypeenterprises.com", true */ '2', 'h', 'y', 'p', 'e', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "2kgwf.fi", true */ '2', 'k', 'g', 'w', 'f', '.', 'f', 'i', '\0',
+  /* "2krueger.de", true */ '2', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "2mb.solutions", true */ '2', 'm', 'b', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "2nains.ch", true */ '2', 'n', 'a', 'i', 'n', 's', '.', 'c', 'h', '\0',
+  /* "2nerds1bit.com", true */ '2', 'n', 'e', 'r', 'd', 's', '1', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "2pay.fr", true */ '2', 'p', 'a', 'y', '.', 'f', 'r', '\0',
+  /* "2programmers.net", true */ '2', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "2stv.net", true */ '2', 's', 't', 'v', '.', 'n', 'e', 't', '\0',
+  /* "2ulcceria.nl", true */ '2', 'u', 'l', 'c', 'c', 'e', 'r', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "300m.com", false */ '3', '0', '0', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "30hzcollective.com", true */ '3', '0', 'h', 'z', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "3133780x.com", true */ '3', '1', '3', '3', '7', '8', '0', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "31klabs.com", true */ '3', '1', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "31tv.ru", true */ '3', '1', 't', 'v', '.', 'r', 'u', '\0',
+  /* "321live.nl", true */ '3', '2', '1', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "32h.de", true */ '3', '2', 'h', '.', 'd', 'e', '\0',
+  /* "33-km.ru", true */ '3', '3', '-', 'k', 'm', '.', 'r', 'u', '\0',
+  /* "330.net", true */ '3', '3', '0', '.', 'n', 'e', 't', '\0',
+  /* "33445.com", true */ '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "33scc.com", true */ '3', '3', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "3473-wiki.de", true */ '3', '4', '7', '3', '-', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "360live.fr", true */ '3', '6', '0', 'l', 'i', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "360woodworking.com", true */ '3', '6', '0', 'w', 'o', 'o', 'd', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "365365.com", true */ '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "365beautyworld.com", true */ '3', '6', '5', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "365daysreview.com", true */ '3', '6', '5', 'd', 'a', 'y', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "365healthworld.com", true */ '3', '6', '5', 'h', 'e', 'a', 'l', 't', 'h', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "365maya.com", true */ '3', '6', '5', 'm', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "365skulls.com", true */ '3', '6', '5', 's', 'k', 'u', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3778vip.com", true */ '3', '7', '7', '8', 'v', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "379700.com", true */ '3', '7', '9', '7', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "38888msc.com", true */ '3', '8', '8', '8', '8', 'm', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "38blog.com", true */ '3', '8', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "393335.ml", true */ '3', '9', '3', '3', '3', '5', '.', 'm', 'l', '\0',
+  /* "398.info", true */ '3', '9', '8', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "3ags.de", true */ '3', 'a', 'g', 's', '.', 'd', 'e', '\0',
+  /* "3bakayottu.com", true */ '3', 'b', 'a', 'k', 'a', 'y', 'o', 't', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "3c-d.de", true */ '3', 'c', '-', 'd', '.', 'd', 'e', '\0',
+  /* "3chat.org", true */ '3', 'c', 'h', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3circlefunding.ch", true */ '3', 'c', 'i', 'r', 'c', 'l', 'e', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "3countiescastlehire.co.uk", true */ '3', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "3cs.ch", true */ '3', 'c', 's', '.', 'c', 'h', '\0',
+  /* "3dm.audio", true */ '3', 'd', 'm', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "3dmedium.de", true */ '3', 'd', 'm', 'e', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "3dmusiclab.nl", true */ '3', 'd', 'm', 'u', 's', 'i', 'c', 'l', 'a', 'b', '.', 'n', 'l', '\0',
+  /* "3do3dont.com", true */ '3', 'd', 'o', '3', 'd', 'o', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "3dprintsondemand.eu", true */ '3', 'd', 'p', 'r', 'i', 'n', 't', 's', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "3drenaline.com", true */ '3', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "3haeuserprojekt.org", true */ '3', 'h', 'a', 'e', 'u', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3haueserprojekt.org", true */ '3', 'h', 'a', 'u', 'e', 's', 'e', 'r', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'o', 'r', 'g', '\0',
+  /* "3hl0.net", true */ '3', 'h', 'l', '0', '.', 'n', 'e', 't', '\0',
+  /* "3james.com", true */ '3', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3logic.ru", true */ '3', 'l', 'o', 'g', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "3mbo.de", true */ '3', 'm', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "3phase.pw", true */ '3', 'p', 'h', 'a', 's', 'e', '.', 'p', 'w', '\0',
+  /* "3plusdesign.gr", true */ '3', 'p', 'l', 'u', 's', 'd', 'e', 's', 'i', 'g', 'n', '.', 'g', 'r', '\0',
+  /* "3queens.cz", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'z', '\0',
+  /* "3queens.io", true */ '3', 'q', 'u', 'e', 'e', 'n', 's', '.', 'i', 'o', '\0',
+  /* "3r.org.uk", true */ '3', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "3s-hosting.de", true */ '3', 's', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "3timegear.com", true */ '3', 't', 'i', 'm', 'e', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "3trees.tk", true */ '3', 't', 'r', 'e', 'e', 's', '.', 't', 'k', '\0',
+  /* "3v4l.org", true */ '3', 'v', '4', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "3weekdietworks.com", true */ '3', 'w', 'e', 'e', 'k', 'd', 'i', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "3xx.link", true */ '3', 'x', 'x', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "4-1-where.com", true */ '4', '-', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "4-it.de", true */ '4', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "403.ch", true */ '4', '0', '3', '.', 'c', 'h', '\0',
+  /* "404forest.com", true */ '4', '0', '4', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "404notfound.com.br", true */ '4', '0', '4', 'n', 'o', 't', 'f', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4096bit.de", true */ '4', '0', '9', '6', 'b', 'i', 't', '.', 'd', 'e', '\0',
+  /* "41-where.com", true */ '4', '1', '-', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "41199.com", true */ '4', '1', '1', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "411movie.com", true */ '4', '1', '1', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "41where.com", true */ '4', '1', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "420java.com", true */ '4', '2', '0', 'j', 'a', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "42day.info", true */ '4', '2', 'd', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "42entrepreneurs.fr", true */ '4', '2', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "42t.ru", true */ '4', '2', 't', '.', 'r', 'u', '\0',
+  /* "441jj.com", false */ '4', '4', '1', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "44scc.com", true */ '4', '4', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "4500.co.il", true */ '4', '5', '0', '0', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "491mhz.net", true */ '4', '9', '1', 'm', 'h', 'z', '.', 'n', 'e', 't', '\0',
+  /* "49889.com", true */ '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "49948522.com", true */ '4', '9', '9', '4', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "49dollaridahoregisteredagent.com", true */ '4', '9', 'd', 'o', 'l', 'l', 'a', 'r', 'i', 'd', 'a', 'h', 'o', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "4baby.com.br", true */ '4', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4bike.eu", true */ '4', 'b', 'i', 'k', 'e', '.', 'e', 'u', '\0',
+  /* "4dbygg.se", true */ '4', 'd', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0',
+  /* "4decor.org", true */ '4', 'd', 'e', 'c', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "4elements.com", true */ '4', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "4freepress.com", true */ '4', 'f', 'r', 'e', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "4g-server.eu", false */ '4', 'g', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "4garage.com.br", true */ '4', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "4host.ch", true */ '4', 'h', 'o', 's', 't', '.', 'c', 'h', '\0',
+  /* "4hvac.com", true */ '4', 'h', 'v', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "4mm.org", true */ '4', 'm', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "4plebs.moe", true */ '4', 'p', 'l', 'e', 'b', 's', '.', 'm', 'o', 'e', '\0',
+  /* "4project.co.il", true */ '4', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "4share.tv", true */ '4', 's', 'h', 'a', 'r', 'e', '.', 't', 'v', '\0',
+  /* "4sics.se", true */ '4', 's', 'i', 'c', 's', '.', 's', 'e', '\0',
+  /* "4th-ave-studio.com", true */ '4', 't', 'h', '-', 'a', 'v', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "4u.services", true */ '4', 'u', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "4u2ore.net", true */ '4', 'u', '2', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "4vector.com", true */ '4', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "4vf.de", true */ '4', 'v', 'f', '.', 'd', 'e', '\0',
+  /* "4winds.pt", true */ '4', 'w', 'i', 'n', 'd', 's', '.', 'p', 't', '\0',
+  /* "4x.fi", true */ '4', 'x', '.', 'f', 'i', '\0',
+  /* "4xlabs.co", true */ '4', 'x', 'l', 'a', 'b', 's', '.', 'c', 'o', '\0',
+  /* "500k.nl", true */ '5', '0', '0', 'k', '.', 'n', 'l', '\0',
+  /* "500p.xyz", true */ '5', '0', '0', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "506pay.com", true */ '5', '0', '6', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "50lakeshore.com", true */ '5', '0', 'l', 'a', 'k', 'e', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "50ma.xyz", true */ '5', '0', 'm', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "50north.de", true */ '5', '0', 'n', 'o', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "50plusnet.nl", true */ '5', '0', 'p', 'l', 'u', 's', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "525.info", true */ '5', '2', '5', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "52kb365.com", true */ '5', '2', 'k', 'b', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "52sykb.com", true */ '5', '2', 's', 'y', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "5432.cc", true */ '5', '4', '3', '2', '.', 'c', 'c', '\0',
+  /* "54below.com", true */ '5', '4', 'b', 'e', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "5533445.com", true */ '5', '5', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "555xl.com", true */ '5', '5', '5', 'x', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "55scc.com", true */ '5', '5', 's', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "57aromas.com", true */ '5', '7', 'a', 'r', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5apps.com", true */ '5', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5c1fd0f31022cbc40af9f785847baaf9.space", true */ '5', 'c', '1', 'f', 'd', '0', 'f', '3', '1', '0', '2', '2', 'c', 'b', 'c', '4', '0', 'a', 'f', '9', 'f', '7', '8', '5', '8', '4', '7', 'b', 'a', 'a', 'f', '9', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "5chat.it", true */ '5', 'c', 'h', 'a', 't', '.', 'i', 't', '\0',
+  /* "5crowd.com", true */ '5', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "5francs.com", true */ '5', 'f', 'r', 'a', 'n', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5gb.space", true */ '5', 'g', 'b', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "5h0r7.com", true */ '5', 'h', '0', 'r', '7', '.', 'c', 'o', 'm', '\0',
+  /* "5kraceforals.com", true */ '5', 'k', 'r', 'a', 'c', 'e', 'f', 'o', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "5starbouncycastlehire.co.uk", true */ '5', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "5w5.la", true */ '5', 'w', '5', '.', 'l', 'a', '\0',
+  /* "5y.fi", true */ '5', 'y', '.', 'f', 'i', '\0',
+  /* "62755.com", true */ '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "646.io", false */ '6', '4', '6', '.', 'i', 'o', '\0',
+  /* "64bitgaming.de", true */ '6', '4', 'b', 'i', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "6541166.com", true */ '6', '5', '4', '1', '1', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "6542277.com", true */ '6', '5', '4', '2', '2', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "6543399.com", true */ '6', '5', '4', '3', '3', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "6548855.com", true */ '6', '5', '4', '8', '8', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "6548877.com", true */ '6', '5', '4', '8', '8', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "6633445.com", true */ '6', '6', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "6660111.ru", true */ '6', '6', '6', '0', '1', '1', '1', '.', 'r', 'u', '\0',
+  /* "686848.com", true */ '6', '8', '6', '8', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "692b8c32.de", true */ '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0',
+  /* "6969.us", true */ '6', '9', '6', '9', '.', 'u', 's', '\0',
+  /* "69butterfly.com", true */ '6', '9', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "6lo.zgora.pl", true */ '6', 'l', 'o', '.', 'z', 'g', 'o', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "6t-montjoye.org", true */ '6', 't', '-', 'm', 'o', 'n', 't', 'j', 'o', 'y', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "6w6.la", true */ '6', 'w', '6', '.', 'l', 'a', '\0',
+  /* "700.az", true */ '7', '0', '0', '.', 'a', 'z', '\0',
+  /* "7183.org", true */ '7', '1', '8', '3', '.', 'o', 'r', 'g', '\0',
+  /* "724go.com", true */ '7', '2', '4', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "762.ch", true */ '7', '6', '2', '.', 'c', 'h', '\0',
+  /* "771122.tv", true */ '7', '7', '1', '1', '2', '2', '.', 't', 'v', '\0',
+  /* "7733445.com", true */ '7', '7', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "776573.net", true */ '7', '7', '6', '5', '7', '3', '.', 'n', 'e', 't', '\0',
+  /* "777coin.com", true */ '7', '7', '7', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "7careconnect.com", true */ '7', 'c', 'a', 'r', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "7delights.com", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7delights.in", true */ '7', 'd', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'i', 'n', '\0',
+  /* "7kicks.com", true */ '7', 'k', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7links.com.br", true */ '7', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "7nw.eu", false */ '7', 'n', 'w', '.', 'e', 'u', '\0',
+  /* "7sons.de", true */ '7', 's', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "7thcircledesigns.com", true */ '7', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "7x24servis.com", true */ '7', 'x', '2', '4', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "8003pay.com", true */ '8', '0', '0', '3', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "8522.com", true */ '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "8522club.com", true */ '8', '5', '2', '2', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "8522top.com", true */ '8', '5', '2', '2', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "86metro.ru", true */ '8', '6', 'm', 'e', 't', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "8833445.com", true */ '8', '8', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "888msc.vip", true */ '8', '8', '8', 'm', 's', 'c', '.', 'v', 'i', 'p', '\0',
+  /* "8ack.de", true */ '8', 'a', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "8ackprotect.com", true */ '8', 'a', 'c', 'k', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "8azino777.ru", true */ '8', 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0',
+  /* "8pecxstudios.com", true */ '8', 'p', 'e', 'c', 'x', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "8svn.com", true */ '8', 's', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "8t8.eu", true */ '8', 't', '8', '.', 'e', 'u', '\0',
+  /* "8tech.com.hk", true */ '8', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "8thportsmouth.org.uk", true */ '8', 't', 'h', 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "8tuffbeers.com", true */ '8', 't', 'u', 'f', 'f', 'b', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "9118.com", true */ '9', '1', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "91dh.cc", true */ '9', '1', 'd', 'h', '.', 'c', 'c', '\0',
+  /* "91lt.info", true */ '9', '1', 'l', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "91tianmi.com", false */ '9', '1', 't', 'i', 'a', 'n', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "91travel.info", true */ '9', '1', 't', 'r', 'a', 'v', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "92url.com", true */ '9', '2', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "9449-27a1-22a1-e0d9-4237-dd99-e75e-ac85-2f47-9d34.de", true */ '9', '4', '4', '9', '-', '2', '7', 'a', '1', '-', '2', '2', 'a', '1', '-', 'e', '0', 'd', '9', '-', '4', '2', '3', '7', '-', 'd', 'd', '9', '9', '-', 'e', '7', '5', 'e', '-', 'a', 'c', '8', '5', '-', '2', 'f', '4', '7', '-', '9', 'd', '3', '4', '.', 'd', 'e', '\0',
+  /* "94cs.cn", false */ '9', '4', 'c', 's', '.', 'c', 'n', '\0',
+  /* "9500years.com", true */ '9', '5', '0', '0', 'y', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "987987.com", true */ '9', '8', '7', '9', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "98laba.com", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "98laba.net", true */ '9', '8', 'l', 'a', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "9906753.net", true */ '9', '9', '0', '6', '7', '5', '3', '.', 'n', 'e', 't', '\0',
+  /* "9933445.com", true */ '9', '9', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "99599.fi", true */ '9', '9', '5', '9', '9', '.', 'f', 'i', '\0',
+  /* "99599.net", true */ '9', '9', '5', '9', '9', '.', 'n', 'e', 't', '\0',
+  /* "99998522.com", true */ '9', '9', '9', '9', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "99buffets.com", true */ '9', '9', 'b', 'u', 'f', 'f', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "99rst.org", true */ '9', '9', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "9uelle.jp", true */ '9', 'u', 'e', 'l', 'l', 'e', '.', 'j', 'p', '\0',
+  /* "9vx.org", true */ '9', 'v', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "9yw.me", true */ '9', 'y', 'w', '.', 'm', 'e', '\0',
+  /* "a-1indianawaterproofing.com", true */ 'a', '-', '1', 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "a-allard.be", true */ 'a', '-', 'a', 'l', 'l', 'a', 'r', 'd', '.', 'b', 'e', '\0',
+  /* "a-classinflatables.co.uk", true */ 'a', '-', 'c', 'l', 'a', 's', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a-intel.com", true */ 'a', '-', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "a-ix.net", true */ 'a', '-', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "a-little-linux-box.at", true */ 'a', '-', 'l', 'i', 't', 't', 'l', 'e', '-', 'l', 'i', 'n', 'u', 'x', '-', 'b', 'o', 'x', '.', 'a', 't', '\0',
+  /* "a-oben.org", true */ 'a', '-', 'o', 'b', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "a-starbouncycastles.co.uk", true */ 'a', '-', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a1798.com", true */ 'a', '1', '7', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "a1bouncycastlehire.com", true */ 'a', '1', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "a1jumpandbounce.co.uk", true */ 'a', '1', 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "a1scuba.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "a1scubastore.com", true */ 'a', '1', 's', 'c', 'u', 'b', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "a2a.net", true */ 'a', '2', 'a', '.', 'n', 'e', 't', '\0',
+  /* "a2c-co.net", true */ 'a', '2', 'c', '-', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "a2it.gr", true */ 'a', '2', 'i', 't', '.', 'g', 'r', '\0',
+  /* "a2nutrition.com.au", true */ 'a', '2', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "a7m2.me", true */ 'a', '7', 'm', '2', '.', 'm', 'e', '\0',
+  /* "aa-tour.ru", true */ 'a', 'a', '-', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0',
+  /* "aaapl.com", true */ 'a', 'a', 'a', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aabanet.com.br", true */ 'a', 'a', 'b', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aagetransport.no", true */ 'a', 'a', 'g', 'e', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'o', '\0',
+  /* "aalalbayt.com", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aalalbayt.net", true */ 'a', 'a', 'l', 'a', 'l', 'b', 'a', 'y', 't', '.', 'n', 'e', 't', '\0',
+  /* "aalstmotors-usedcars.be", true */ 'a', 'a', 'l', 's', 't', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "aaltocapital.com", true */ 'a', 'a', 'l', 't', 'o', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aamwa.com", true */ 'a', 'a', 'm', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aandeautobody.com", true */ 'a', 'a', 'n', 'd', 'e', 'a', 'u', 't', 'o', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aandkevents.co.uk", true */ 'a', 'a', 'n', 'd', 'k', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aanmpc.com", true */ 'a', 'a', 'n', 'm', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aaomidi.com", true */ 'a', 'a', 'o', 'm', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "aapas.org.ar", true */ 'a', 'a', 'p', 'a', 's', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0',
+  /* "aardvarksolutions.co.za", true */ 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "aariefhaafiz.com", true */ 'a', 'a', 'r', 'i', 'e', 'f', 'h', 'a', 'a', 'f', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "aarkue.eu", true */ 'a', 'a', 'r', 'k', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "aaron.xin", true */ 'a', 'a', 'r', 'o', 'n', '.', 'x', 'i', 'n', '\0',
+  /* "aaronhorler.com", true */ 'a', 'a', 'r', 'o', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "aaronmcguire.me", false */ 'a', 'a', 'r', 'o', 'n', 'm', 'c', 'g', 'u', 'i', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "aaronroyle.com", true */ 'a', 'a', 'r', 'o', 'n', 'r', 'o', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aaronsilber.me", true */ 'a', 'a', 'r', 'o', 'n', 's', 'i', 'l', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "aatf.us", true */ 'a', 'a', 't', 'f', '.', 'u', 's', '\0',
+  /* "aati.info", false */ 'a', 'a', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "abaapplianceservice.com", true */ 'a', 'b', 'a', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abacus-events.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abacusbouncycastle.co.uk", true */ 'a', 'b', 'a', 'c', 'u', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abacustech.co.jp", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "abacustech.net", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "abacustech.org", true */ 'a', 'b', 'a', 'c', 'u', 's', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "abandonedmines.gov", true */ 'a', 'b', 'a', 'n', 'd', 'o', 'n', 'e', 'd', 'm', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "abasky.net", true */ 'a', 'b', 'a', 's', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "abbadabbabouncycastles.co.uk", true */ 'a', 'b', 'b', 'a', 'd', 'a', 'b', 'b', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbas.ch", true */ 'a', 'b', 'b', 'a', 's', '.', 'c', 'h', '\0',
+  /* "abborsjo.fi", true */ 'a', 'b', 'b', 'o', 'r', 's', 'j', 'o', '.', 'f', 'i', '\0',
+  /* "abbotsparties.co.uk", true */ 'a', 'b', 'b', 'o', 't', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbottscastles.co.uk", true */ 'a', 'b', 'b', 'o', 't', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abbradar.net", true */ 'a', 'b', 'b', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "abbruch-star.de", true */ 'a', 'b', 'b', 'r', 'u', 'c', 'h', '-', 's', 't', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "abc-rz.de", true */ 'a', 'b', 'c', '-', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "abc.li", true */ 'a', 'b', 'c', '.', 'l', 'i', '\0',
+  /* "abcbouncycastlessurrey.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abcbouncyfactory.co.uk", true */ 'a', 'b', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abcdef.be", true */ 'a', 'b', 'c', 'd', 'e', 'f', '.', 'b', 'e', '\0',
+  /* "abcdobebe.com", true */ 'a', 'b', 'c', 'd', 'o', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abcheck.se", true */ 'a', 'b', 'c', 'h', 'e', 'c', 'k', '.', 's', 'e', '\0',
+  /* "abcpartyhire.com", true */ 'a', 'b', 'c', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abdullah.pw", true */ 'a', 'b', 'd', 'u', 'l', 'l', 'a', 'h', '.', 'p', 'w', '\0',
+  /* "abe-elektro.de", true */ 'a', 'b', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "abe.cloud", false */ 'a', 'b', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "abecodes.net", true */ 'a', 'b', 'e', 'c', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "abeestrada.com", false */ 'a', 'b', 'e', 'e', 's', 't', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abeilles-idapi.fr", true */ 'a', 'b', 'e', 'i', 'l', 'l', 'e', 's', '-', 'i', 'd', 'a', 'p', 'i', '.', 'f', 'r', '\0',
+  /* "abenteuer-ahnenforschung.de", true */ 'a', 'b', 'e', 'n', 't', 'e', 'u', 'e', 'r', '-', 'a', 'h', 'n', 'e', 'n', 'f', 'o', 'r', 's', 'c', 'h', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "abeontech.com", true */ 'a', 'b', 'e', 'o', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "aberdeencastles.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aberdeenjudo.co.uk", true */ 'a', 'b', 'e', 'r', 'd', 'e', 'e', 'n', 'j', 'u', 'd', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abeus.com", true */ 'a', 'b', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abhisharma.me", true */ 'a', 'b', 'h', 'i', 's', 'h', 'a', 'r', 'm', 'a', '.', 'm', 'e', '\0',
+  /* "abi-2017.tk", true */ 'a', 'b', 'i', '-', '2', '0', '1', '7', '.', 't', 'k', '\0',
+  /* "abi-fvs.de", true */ 'a', 'b', 'i', '-', 'f', 'v', 's', '.', 'd', 'e', '\0',
+  /* "abiapp.net", true */ 'a', 'b', 'i', 'a', 'p', 'p', '.', 'n', 'e', 't', '\0',
+  /* "abibruce.co.uk", true */ 'a', 'b', 'i', 'b', 'r', 'u', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abidinginhesed.com", true */ 'a', 'b', 'i', 'd', 'i', 'n', 'g', 'i', 'n', 'h', 'e', 's', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "abigisp.com", true */ 'a', 'b', 'i', 'g', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "abilitycaresoftware.com", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'c', 'a', 'r', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abilitynet.org.uk", true */ 'a', 'b', 'i', 'l', 'i', 't', 'y', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "abilma.com", true */ 'a', 'b', 'i', 'l', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abilymp06.net", true */ 'a', 'b', 'i', 'l', 'y', 'm', 'p', '0', '6', '.', 'n', 'e', 't', '\0',
+  /* "abimelec.com", true */ 'a', 'b', 'i', 'm', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "abinyah.com", true */ 'a', 'b', 'i', 'n', 'y', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "abiturma.de", true */ 'a', 'b', 'i', 't', 'u', 'r', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "ablak-nyilaszaro.info", true */ 'a', 'b', 'l', 'a', 'k', '-', 'n', 'y', 'i', 'l', 'a', 's', 'z', 'a', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "abmc.gov", true */ 'a', 'b', 'm', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "abmgood.com", false */ 'a', 'b', 'm', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "abmledger.ca", true */ 'a', 'b', 'm', 'l', 'e', 'd', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "abmtax.ca", true */ 'a', 'b', 'm', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "abn-consultants.ie", true */ 'a', 'b', 'n', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'i', 'e', '\0',
+  /* "abnehmen.com", true */ 'a', 'b', 'n', 'e', 'h', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "abnerchou.me", true */ 'a', 'b', 'n', 'e', 'r', 'c', 'h', 'o', 'u', '.', 'm', 'e', '\0',
+  /* "abobuch.de", true */ 'a', 'b', 'o', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "aboces.org", true */ 'a', 'b', 'o', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aboderenovation.co.uk", true */ 'a', 'b', 'o', 'd', 'e', 'r', 'e', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolicionistas.com", true */ 'a', 'b', 'o', 'l', 'i', 'c', 'i', 'o', 'n', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abolition.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "abolitionism.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'a', '\0',
+  /* "abolitionism.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolitionism.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionism.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'i', 'n', '\0',
+  /* "abolitionism.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "abolitionism.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 'm', '.', 'u', 's', '\0',
+  /* "abolitionist-project.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist-society.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '-', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist.ca", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'a', '\0',
+  /* "abolitionist.co.uk", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "abolitionist.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionist.in", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'i', 'n', '\0',
+  /* "abolitionist.net", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "abolitionist.us", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'u', 's', '\0',
+  /* "abolitionistparty.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionistproject.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionistsociety.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 's', 't', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "abolitionniste.com", true */ 'a', 'b', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'n', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abolizionista.com", true */ 'a', 'b', 'o', 'l', 'i', 'z', 'i', 'o', 'n', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "abosav.com", true */ 'a', 'b', 'o', 's', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "abou.to", false */ 'a', 'b', 'o', 'u', '.', 't', 'o', '\0',
+  /* "abouncycastleman.co.uk", true */ 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aboutassistedliving.org", true */ 'a', 'b', 'o', 'u', 't', 'a', 's', 's', 'i', 's', 't', 'e', 'd', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "abouthrm.nl", true */ 'a', 'b', 'o', 'u', 't', 'h', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "aboutict.nl", true */ 'a', 'b', 'o', 'u', 't', 'i', 'c', 't', '.', 'n', 'l', '\0',
+  /* "aboutlegal.nl", true */ 'a', 'b', 'o', 'u', 't', 'l', 'e', 'g', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "aboutmedia.nl", true */ 'a', 'b', 'o', 'u', 't', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "aboutspice.com", true */ 'a', 'b', 'o', 'u', 't', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "abox-kb.com", true */ 'a', 'b', 'o', 'x', '-', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "abrakidabra.com.br", true */ 'a', 'b', 'r', 'a', 'k', 'i', 'd', 'a', 'b', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "abrilect.com", true */ 'a', 'b', 'r', 'i', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abseits.org", true */ 'a', 'b', 's', 'e', 'i', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "absolem.cc", true */ 'a', 'b', 's', 'o', 'l', 'e', 'm', '.', 'c', 'c', '\0',
+  /* "absolutelyinflatables.co.uk", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'l', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "absoluterush.net", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'r', 'u', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "absolutewaterproofingsolutions.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "absolutewebdesigns.com", true */ 'a', 'b', 's', 'o', 'l', 'u', 't', 'e', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "abstraction21.com", true */ 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "absynthe-inquisition.fr", true */ 'a', 'b', 's', 'y', 'n', 't', 'h', 'e', '-', 'i', 'n', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "abthorpe.org", true */ 'a', 'b', 't', 'h', 'o', 'r', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "abulanov.com", true */ 'a', 'b', 'u', 'l', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "abundent.com", true */ 'a', 'b', 'u', 'n', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "abuse.fi", true */ 'a', 'b', 'u', 's', 'e', '.', 'f', 'i', '\0',
+  /* "abuse.io", true */ 'a', 'b', 'u', 's', 'e', '.', 'i', 'o', '\0',
+  /* "abvent.net", true */ 'a', 'b', 'v', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "abvlbasketviganello.ch", true */ 'a', 'b', 'v', 'l', 'b', 'a', 's', 'k', 'e', 't', 'v', 'i', 'g', 'a', 'n', 'e', 'l', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "abyssgaming.eu", true */ 'a', 'b', 'y', 's', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "ac-admin.pl", true */ 'a', 'c', '-', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'l', '\0',
+  /* "ac-epmservices.com", true */ 'a', 'c', '-', 'e', 'p', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ac-town.com", true */ 'a', 'c', '-', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ac.milan.it", true */ 'a', 'c', '.', 'm', 'i', 'l', 'a', 'n', '.', 'i', 't', '\0',
+  /* "academicexperts.us", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'u', 's', '\0',
+  /* "academie-de-police.ch", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '-', 'd', 'e', '-', 'p', 'o', 'l', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "academy4.net", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', '4', '.', 'n', 'e', 't', '\0',
+  /* "academytv.com.au", true */ 'a', 'c', 'a', 'd', 'e', 'm', 'y', 't', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "acadianapatios.com", true */ 'a', 'c', 'a', 'd', 'i', 'a', 'n', 'a', 'p', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acampar.com.br", true */ 'a', 'c', 'a', 'm', 'p', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acaonegocios.com.br", true */ 'a', 'c', 'a', 'o', 'n', 'e', 'g', 'o', 'c', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acara-yoga.de", true */ 'a', 'c', 'a', 'r', 'a', '-', 'y', 'o', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "acat.io", true */ 'a', 'c', 'a', 't', '.', 'i', 'o', '\0',
+  /* "acbrussels-used.be", true */ 'a', 'c', 'b', 'r', 'u', 's', 's', 'e', 'l', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "accbay.com", true */ 'a', 'c', 'c', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "accelaway.com", true */ 'a', 'c', 'c', 'e', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "accelerate.network", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "acceleratenetworks.com", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accelerateyourworld.org", true */ 'a', 'c', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'e', 'y', 'o', 'u', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "accentthailand.com", true */ 'a', 'c', 'c', 'e', 'n', 't', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "accesloges.com", true */ 'a', 'c', 'c', 'e', 's', 'l', 'o', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accessacab.co.uk", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'c', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "accessauto-occasions.be", true */ 'a', 'c', 'c', 'e', 's', 's', 'a', 'u', 't', 'o', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "accessmy.net", true */ 'a', 'c', 'c', 'e', 's', 's', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "accessoripersmartphone.it", true */ 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "accolade.com.br", true */ 'a', 'c', 'c', 'o', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "accordiondoor.com", true */ 'a', 'c', 'c', 'o', 'r', 'd', 'i', 'o', 'n', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "accoun.technology", true */ 'a', 'c', 'c', 'o', 'u', 'n', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "accounts.firefox.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'f', 'i', 'r', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "accounts.google.com", true */ 'a', 'c', 'c', 'o', 'u', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "accudraftpaintbooths.com", true */ 'a', 'c', 'c', 'u', 'd', 'r', 'a', 'f', 't', 'p', 'a', 'i', 'n', 't', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "accuritconsulting.com", true */ 'a', 'c', 'c', 'u', 'r', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aceadvisory.biz", true */ 'a', 'c', 'e', 'a', 'd', 'v', 'i', 's', 'o', 'r', 'y', '.', 'b', 'i', 'z', '\0',
+  /* "acecerts.co.uk", true */ 'a', 'c', 'e', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acecolleges.edu.au", true */ 'a', 'c', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "aceinflatables.com", true */ 'a', 'c', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aceinstituteonline.com", true */ 'a', 'c', 'e', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "acelpb.com", true */ 'a', 'c', 'e', 'l', 'p', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "acemobileforce.com", true */ 'a', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "acemypaper.com", true */ 'a', 'c', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "acendealuz.com.br", true */ 'a', 'c', 'e', 'n', 'd', 'e', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "acerislaw.com", true */ 'a', 'c', 'e', 'r', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "acessoeducacao.com", true */ 'a', 'c', 'e', 's', 's', 'o', 'e', 'd', 'u', 'c', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "acevik.de", true */ 'a', 'c', 'e', 'v', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "acg.mn", true */ 'a', 'c', 'g', '.', 'm', 'n', '\0',
+  /* "acg18.us", false */ 'a', 'c', 'g', '1', '8', '.', 'u', 's', '\0',
+  /* "achalay.org", true */ 'a', 'c', 'h', 'a', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "acheconcursos.com.br", true */ 'a', 'c', 'h', 'e', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "achenar.net", true */ 'a', 'c', 'h', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "achow101.com", true */ 'a', 'c', 'h', 'o', 'w', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "achromatisch.de", true */ 'a', 'c', 'h', 'r', 'o', 'm', 'a', 't', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "achterblog.de", true */ 'a', 'c', 'h', 't', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "achterstieg.dedyn.io", true */ 'a', 'c', 'h', 't', 'e', 'r', 's', 't', 'i', 'e', 'g', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "achtzehn.eu", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', '.', 'e', 'u', '\0',
+  /* "achtzehnterachter.de", true */ 'a', 'c', 'h', 't', 'z', 'e', 'h', 'n', 't', 'e', 'r', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "acidbin.co", true */ 'a', 'c', 'i', 'd', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "aciety.com", true */ 'a', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aciksite.com", true */ 'a', 'c', 'i', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ackis.duckdns.org", true */ 'a', 'c', 'k', 'i', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "acksoft.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', '.', 'f', 'r', '\0',
+  /* "acksoftdemo.fr", true */ 'a', 'c', 'k', 's', 'o', 'f', 't', 'd', 'e', 'm', 'o', '.', 'f', 'r', '\0',
+  /* "aclu.org", false */ 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "acluva.org", false */ 'a', 'c', 'l', 'u', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "acme.beer", true */ 'a', 'c', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "acmexyz123.info", true */ 'a', 'c', 'm', 'e', 'x', 'y', 'z', '1', '2', '3', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "acnpacific.com", true */ 'a', 'c', 'n', 'p', 'a', 'c', 'i', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aconnor.xyz", true */ 'a', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "acordes.online", true */ 'a', 'c', 'o', 'r', 'd', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "acorncastles.co.uk", true */ 'a', 'c', 'o', 'r', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acorns.com", true */ 'a', 'c', 'o', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acourse.io", true */ 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'i', 'o', '\0',
+  /* "acousti-tech.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "acoustique-tardy.com", true */ 'a', 'c', 'o', 'u', 's', 't', 'i', 'q', 'u', 'e', '-', 't', 'a', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "acperu.ch", true */ 'a', 'c', 'p', 'e', 'r', 'u', '.', 'c', 'h', '\0',
+  /* "acrevalue.com", true */ 'a', 'c', 'r', 'e', 'v', 'a', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "across.ml", true */ 'a', 'c', 'r', 'o', 's', 's', '.', 'm', 'l', '\0',
+  /* "acrylicwifi.com", true */ 'a', 'c', 'r', 'y', 'l', 'i', 'c', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "acs-chantal.com", true */ 'a', 'c', 's', '-', 'c', 'h', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "acsc.gov.au", true */ 'a', 'c', 's', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "acsemb.org", true */ 'a', 'c', 's', 'e', 'm', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "acsihostingsolutions.com", true */ 'a', 'c', 's', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "acsports.ca", true */ 'a', 'c', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'a', '\0',
+  /* "actc81.fr", true */ 'a', 'c', 't', 'c', '8', '1', '.', 'f', 'r', '\0',
+  /* "actgruppe.de", true */ 'a', 'c', 't', 'g', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "actilove.ch", true */ 'a', 'c', 't', 'i', 'l', 'o', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "actionlabs.net", true */ 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "actionmadagascar.ch", true */ 'a', 'c', 't', 'i', 'o', 'n', 'm', 'a', 'd', 'a', 'g', 'a', 's', 'c', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "actionsack.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "actiontowingroundrock.com", true */ 'a', 'c', 't', 'i', 'o', 'n', 't', 'o', 'w', 'i', 'n', 'g', 'r', 'o', 'u', 'n', 'd', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "activatemyiphone.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'm', 'y', 'i', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "activateudid.com", true */ 'a', 'c', 't', 'i', 'v', 'a', 't', 'e', 'u', 'd', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "active.hu", false */ 'a', 'c', 't', 'i', 'v', 'e', '.', 'h', 'u', '\0',
+  /* "activehire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "activeleisure.ie", true */ 'a', 'c', 't', 'i', 'v', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'i', 'e', '\0',
+  /* "activeworld.net", true */ 'a', 'c', 't', 'i', 'v', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "activitesaintnicaise.org", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'e', 's', 'a', 'i', 'n', 't', 'n', 'i', 'c', 'a', 'i', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "activityeventhire.co.uk", true */ 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "actorsroom.com", true */ 'a', 'c', 't', 'o', 'r', 's', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "actserv.co.ke", true */ 'a', 'c', 't', 's', 'e', 'r', 'v', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "actu-film.com", true */ 'a', 'c', 't', 'u', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "acuica.co.uk", false */ 'a', 'c', 'u', 'i', 'c', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acul.me", true */ 'a', 'c', 'u', 'l', '.', 'm', 'e', '\0',
+  /* "acus.gov", true */ 'a', 'c', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "acwcerts.co.uk", true */ 'a', 'c', 'w', 'c', 'e', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "acwi.gov", true */ 'a', 'c', 'w', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "ad-disruptio.fr", false */ 'a', 'd', '-', 'd', 'i', 's', 'r', 'u', 'p', 't', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "ad-notam.asia", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'a', 's', 'i', 'a', '\0',
+  /* "ad-notam.ch", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "ad-notam.co.uk", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ad-notam.com", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ad-notam.de", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "ad-notam.fr", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "ad-notam.it", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'i', 't', '\0',
+  /* "ad-notam.pt", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'p', 't', '\0',
+  /* "ad-notam.us", true */ 'a', 'd', '-', 'n', 'o', 't', 'a', 'm', '.', 'u', 's', '\0',
+  /* "ada.gov", true */ 'a', 'd', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "adalis.org", true */ 'a', 'd', 'a', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "adam-kostecki.de", true */ 'a', 'd', 'a', 'm', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "adam-wilson.me", true */ 'a', 'd', 'a', 'm', '-', 'w', 'i', 'l', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "adamas-magicus.ru", true */ 'a', 'd', 'a', 'm', 'a', 's', '-', 'm', 'a', 'g', 'i', 'c', 'u', 's', '.', 'r', 'u', '\0',
+  /* "adambalogh.net", true */ 'a', 'd', 'a', 'm', 'b', 'a', 'l', 'o', 'g', 'h', '.', 'n', 'e', 't', '\0',
+  /* "adambyers.com", true */ 'a', 'd', 'a', 'm', 'b', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adamek.online", true */ 'a', 'd', 'a', 'm', 'e', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "adamfontenot.com", true */ 'a', 'd', 'a', 'm', 'f', 'o', 'n', 't', 'e', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adamh.us", true */ 'a', 'd', 'a', 'm', 'h', '.', 'u', 's', '\0',
+  /* "adamkaminski.com", true */ 'a', 'd', 'a', 'm', 'k', 'a', 'm', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "adamkostecki.de", true */ 'a', 'd', 'a', 'm', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "adamoutler.com", true */ 'a', 'd', 'a', 'm', 'o', 'u', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "adamradocz.com", true */ 'a', 'd', 'a', 'm', 'r', 'a', 'd', 'o', 'c', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "adams.dk", true */ 'a', 'd', 'a', 'm', 's', '.', 'd', 'k', '\0',
+  /* "adamsbouncycastles.co.uk", true */ 'a', 'd', 'a', 'm', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adamstas.com", true */ 'a', 'd', 'a', 'm', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adamwallington.co.uk", true */ 'a', 'd', 'a', 'm', 'w', 'a', 'l', 'l', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adamwilcox.org", true */ 'a', 'd', 'a', 'm', 'w', 'i', 'l', 'c', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "adapt-elektronik.com", true */ 'a', 'd', 'a', 'p', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "adapt.de", true */ 'a', 'd', 'a', 'p', 't', '.', 'd', 'e', '\0',
+  /* "adapti.de", true */ 'a', 'd', 'a', 'p', 't', 'i', '.', 'd', 'e', '\0',
+  /* "adaptivemechanics.edu.au", true */ 'a', 'd', 'a', 'p', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "adawolfa.cz", true */ 'a', 'd', 'a', 'w', 'o', 'l', 'f', 'a', '.', 'c', 'z', '\0',
+  /* "adayinthelifeof.nl", true */ 'a', 'd', 'a', 'y', 'i', 'n', 't', 'h', 'e', 'l', 'i', 'f', 'e', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "adblock.ovh", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "adblockextreme.com", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adblockextreme.net", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "adblockextreme.org", true */ 'a', 'd', 'b', 'l', 'o', 'c', 'k', 'e', 'x', 't', 'r', 'e', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "addcrazy.com", true */ 'a', 'd', 'd', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "addeekt.com", true */ 'a', 'd', 'd', 'e', 'e', 'k', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adderall.space", true */ 'a', 'd', 'd', 'e', 'r', 'a', 'l', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "addicional.com", true */ 'a', 'd', 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "addictively.com", true */ 'a', 'd', 'd', 'i', 'c', 't', 'i', 'v', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "addiko.net", true */ 'a', 'd', 'd', 'i', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "addones.net", true */ 'a', 'd', 'd', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "addstar.jp", false */ 'a', 'd', 'd', 's', 't', 'a', 'r', '.', 'j', 'p', '\0',
+  /* "addtoany.com", true */ 'a', 'd', 'd', 't', 'o', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "adduono.com", true */ 'a', 'd', 'd', 'u', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "adelaides.com", true */ 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adelebeals.com", true */ 'a', 'd', 'e', 'l', 'e', 'b', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adelightfulglow.com", true */ 'a', 'd', 'e', 'l', 'i', 'g', 'h', 't', 'f', 'u', 'l', 'g', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "adeline.mobi", true */ 'a', 'd', 'e', 'l', 'i', 'n', 'e', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "adentalsolution.com", true */ 'a', 'd', 'e', 'n', 't', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adevel.eu", true */ 'a', 'd', 'e', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "adhesivelaundry.co.uk", true */ 'a', 'd', 'h', 'e', 's', 'i', 'v', 'e', 'l', 'a', 'u', 'n', 'd', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adhigamindia.com", true */ 'a', 'd', 'h', 'i', 'g', 'a', 'm', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adhoc.is", true */ 'a', 'd', 'h', 'o', 'c', '.', 'i', 's', '\0',
+  /* "adigitali.biz", true */ 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "adimaja.com", true */ 'a', 'd', 'i', 'm', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adinariversloveschool.com", true */ 'a', 'd', 'i', 'n', 'a', 'r', 'i', 'v', 'e', 'r', 's', 'l', 'o', 'v', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "adiponectinsupplement.info", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "adiponectinsupplement.net", true */ 'a', 'd', 'i', 'p', 'o', 'n', 'e', 'c', 't', 'i', 'n', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "adjagu.org", true */ 'a', 'd', 'j', 'a', 'g', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "adlershop.ch", true */ 'a', 'd', 'l', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "adlerweb.info", true */ 'a', 'd', 'l', 'e', 'r', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "adm-sarov.ru", true */ 'a', 'd', 'm', '-', 's', 'a', 'r', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "adme.co.il", true */ 'a', 'd', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "admin-serv.net", true */ 'a', 'd', 'm', 'i', 'n', '-', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0',
+  /* "admin.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "admin.google.com", true */ 'a', 'd', 'm', 'i', 'n', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "admin.stg.fedoraproject.org", true */ 'a', 'd', 'm', 'i', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "adminforge.de", false */ 'a', 'd', 'm', 'i', 'n', 'f', 'o', 'r', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "administratorserwera.pl", true */ 'a', 'd', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 's', 'e', 'r', 'w', 'e', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "admino.cz", true */ 'a', 'd', 'm', 'i', 'n', 'o', '.', 'c', 'z', '\0',
+  /* "admins.tech", true */ 'a', 'd', 'm', 'i', 'n', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "adminton.eu", true */ 'a', 'd', 'm', 'i', 'n', 't', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "admody.com", true */ 'a', 'd', 'm', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "admongo.gov", true */ 'a', 'd', 'm', 'o', 'n', 'g', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "adnot.am", true */ 'a', 'd', 'n', 'o', 't', '.', 'a', 'm', '\0',
+  /* "adnseguros.es", true */ 'a', 'd', 'n', 's', 'e', 'g', 'u', 'r', 'o', 's', '.', 'e', 's', '\0',
+  /* "adoal.net", true */ 'a', 'd', 'o', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "adonnante.com", true */ 'a', 'd', 'o', 'n', 'n', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adoptionlink.co.uk", true */ 'a', 'd', 'o', 'p', 't', 'i', 'o', 'n', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adora-illustrations.fr", true */ 'a', 'd', 'o', 'r', 'a', '-', 'i', 'l', 'l', 'u', 's', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "adorade.ro", true */ 'a', 'd', 'o', 'r', 'a', 'd', 'e', '.', 'r', 'o', '\0',
+  /* "adorai.tk", true */ 'a', 'd', 'o', 'r', 'a', 'i', '.', 't', 'k', '\0',
+  /* "adorecricket.com", true */ 'a', 'd', 'o', 'r', 'e', 'c', 'r', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adorewe.com", true */ 'a', 'd', 'o', 'r', 'e', 'w', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adoriasoft.com", false */ 'a', 'd', 'o', 'r', 'i', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "adprospb.com", true */ 'a', 'd', 'p', 'r', 'o', 's', 'p', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "adquisitio.co.uk", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adquisitio.es", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'e', 's', '\0',
+  /* "adquisitio.fr", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "adquisitio.it", true */ 'a', 'd', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', '.', 'i', 't', '\0',
+  /* "adr.gov", true */ 'a', 'd', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "adrafinil.wiki", true */ 'a', 'd', 'r', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "adrenaline-gaming.ru", true */ 'a', 'd', 'r', 'e', 'n', 'a', 'l', 'i', 'n', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "adrianajewelry.my", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'a', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'm', 'y', '\0',
+  /* "adrianbechtold.de", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'b', 'e', 'c', 'h', 't', 'o', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "adriancitu.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'i', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "adriancostin.ro", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'c', 'o', 's', 't', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "adrianjensen.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'j', 'e', 'n', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adrianmejias.com", true */ 'a', 'd', 'r', 'i', 'a', 'n', 'm', 'e', 'j', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adrienkohlbecker.com", true */ 'a', 'd', 'r', 'i', 'e', 'n', 'k', 'o', 'h', 'l', 'b', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "adrinet.tk", true */ 'a', 'd', 'r', 'i', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "adsbouncycastles.co.uk", true */ 'a', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "adtgroup.com", true */ 'a', 'd', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "adurra.com", true */ 'a', 'd', 'u', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aduvi.de", true */ 'a', 'd', 'u', 'v', 'i', '.', 'd', 'e', '\0',
+  /* "advaithnikhi.ml", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 'm', 'l', '\0',
+  /* "advaithnikhi.tk", true */ 'a', 'd', 'v', 'a', 'i', 't', 'h', 'n', 'i', 'k', 'h', 'i', '.', 't', 'k', '\0',
+  /* "advanced-online.eu", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "advanced-scribes.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '-', 's', 'c', 'r', 'i', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advanced.info", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "advancedoneroofing.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'o', 'n', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "advancedplasticsurgerycenter.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "advancedprotectionkey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "advancedprotectionsecuritykey.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "advancedseotool.it", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 's', 'e', 'o', 't', 'o', 'o', 'l', '.', 'i', 't', '\0',
+  /* "advancedwriters.com", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'd', 'w', 'r', 'i', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advancis.net", true */ 'a', 'd', 'v', 'a', 'n', 'c', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "advantagehomeexteriors.com", true */ 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'h', 'o', 'm', 'e', 'e', 'x', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "advara.com", true */ 'a', 'd', 'v', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "advelty.cz", true */ 'a', 'd', 'v', 'e', 'l', 't', 'y', '.', 'c', 'z', '\0',
+  /* "adventistdeploy.org", true */ 'a', 'd', 'v', 'e', 'n', 't', 'i', 's', 't', 'd', 'e', 'p', 'l', 'o', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "advento.bg", true */ 'a', 'd', 'v', 'e', 'n', 't', 'o', '.', 'b', 'g', '\0',
+  /* "adventure-inn.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "adventureally.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "adventureforest.co.nz", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "adventureforest.de", false */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "adventuregamers.com", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "adventures.de", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "adventureswithlillie.ca", true */ 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', 'w', 'i', 't', 'h', 'l', 'i', 'l', 'l', 'i', 'e', '.', 'c', 'a', '\0',
+  /* "advocate-europe.eu", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "advocaten-avocats.be", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '-', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'b', 'e', '\0',
+  /* "advocatenalkmaar.org", true */ 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', 'a', 'l', 'k', 'm', 'a', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "advokat-romanov.com", true */ 'a', 'd', 'v', 'o', 'k', 'a', 't', '-', 'r', 'o', 'm', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "adware.pl", true */ 'a', 'd', 'w', 'a', 'r', 'e', '.', 'p', 'l', '\0',
+  /* "adws.io", true */ 'a', 'd', 'w', 's', '.', 'i', 'o', '\0',
+  /* "adxperience.com", true */ 'a', 'd', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "adzie.xyz", true */ 'a', 'd', 'z', 'i', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "adzuna.at", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'a', 't', '\0',
+  /* "adzuna.ca", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'a', '\0',
+  /* "adzuna.co.nz", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "adzuna.co.za", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "adzuna.com", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "adzuna.com.au", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "adzuna.com.br", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "adzuna.de", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "adzuna.fr", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "adzuna.in", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 'n', '\0',
+  /* "adzuna.it", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'i', 't', '\0',
+  /* "adzuna.nl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "adzuna.pl", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "adzuna.ru", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "adzuna.sg", true */ 'a', 'd', 'z', 'u', 'n', 'a', '.', 's', 'g', '\0',
+  /* "aebian.org", true */ 'a', 'e', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "aegee-utrecht.nl", true */ 'a', 'e', 'g', 'e', 'e', '-', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "aegisalarm.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aegisalarm.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "aegisalarms.co.uk", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aegisalarms.com", true */ 'a', 'e', 'g', 'i', 's', 'a', 'l', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aegrel.ee", true */ 'a', 'e', 'g', 'r', 'e', 'l', '.', 'e', 'e', '\0',
+  /* "aehe.us", true */ 'a', 'e', 'h', 'e', '.', 'u', 's', '\0',
+  /* "aelurus.com", true */ 'a', 'e', 'l', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aeon.co", true */ 'a', 'e', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "aeon.wiki", true */ 'a', 'e', 'o', 'n', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "aeradesign.com", true */ 'a', 'e', 'r', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aerandir.fr", true */ 'a', 'e', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'f', 'r', '\0',
+  /* "aerelon.de", false */ 'a', 'e', 'r', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "aergia.eu", true */ 'a', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "aerisnetwork.com", true */ 'a', 'e', 'r', 'i', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aero-pioneer.com", true */ 'a', 'e', 'r', 'o', '-', 'p', 'i', 'o', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "aerobotz.com", true */ 'a', 'e', 'r', 'o', 'b', 'o', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "aertel.ie", true */ 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0',
+  /* "aessencia.com.br", true */ 'a', 'e', 's', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aestheticdr.org", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 'd', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "aesthetics-blog.com", true */ 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aestore.by", true */ 'a', 'e', 's', 't', 'o', 'r', 'e', '.', 'b', 'y', '\0',
+  /* "aesym.de", true */ 'a', 'e', 's', 'y', 'm', '.', 'd', 'e', '\0',
+  /* "aetherc0r3.eu", true */ 'a', 'e', 't', 'h', 'e', 'r', 'c', '0', 'r', '3', '.', 'e', 'u', '\0',
+  /* "aetoscg.com", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aetoscg.com.au", true */ 'a', 'e', 't', 'o', 's', 'c', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aextron.com", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aextron.de", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "aextron.org", true */ 'a', 'e', 'x', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "af-internet.nl", true */ 'a', 'f', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "afavre.io", true */ 'a', 'f', 'a', 'v', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "afb24.de", true */ 'a', 'f', 'b', '2', '4', '.', 'd', 'e', '\0',
+  /* "afbeelding.im", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', '.', 'i', 'm', '\0',
+  /* "afbeeldinguploaden.nl", true */ 'a', 'f', 'b', 'e', 'e', 'l', 'd', 'i', 'n', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "affichagepub3.com", true */ 'a', 'f', 'f', 'i', 'c', 'h', 'a', 'g', 'e', 'p', 'u', 'b', '3', '.', 'c', 'o', 'm', '\0',
+  /* "affiliateroyale.com", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 'r', 'o', 'y', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "affiliatetest.azurewebsites.net", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 't', 'e', 's', 't', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "affilie.de", true */ 'a', 'f', 'f', 'i', 'l', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "affinity.vc", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', '.', 'v', 'c', '\0',
+  /* "affinitysync.com", true */ 'a', 'f', 'f', 'i', 'n', 'i', 't', 'y', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "affordableazdivorce.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'a', 'z', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "affordablebouncycastle.co.uk", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "affordablemudjacking.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'm', 'u', 'd', 'j', 'a', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "affordablepapers.com", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "affordableracingparts.com.au", true */ 'a', 'f', 'f', 'o', 'r', 'd', 'a', 'b', 'l', 'e', 'r', 'a', 'c', 'i', 'n', 'g', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "afghan.dating", true */ 'a', 'f', 'g', 'h', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "afi-business-consulting.com", true */ 'a', 'f', 'i', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aficionados.com.br", true */ 'a', 'f', 'i', 'c', 'i', 'o', 'n', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "afinadoronline.com.br", true */ 'a', 'f', 'i', 'n', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aflamtorrent.com", true */ 'a', 'f', 'l', 'a', 'm', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aflfreebets.com", true */ 'a', 'f', 'l', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aflowershop.ca", true */ 'a', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0',
+  /* "afmt.fr", true */ 'a', 'f', 'm', 't', '.', 'f', 'r', '\0',
+  /* "afmtevents.com", true */ 'a', 'f', 'm', 't', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "afonso.io", true */ 'a', 'f', 'o', 'n', 's', 'o', '.', 'i', 'o', '\0',
+  /* "afp548.com", true */ 'a', 'f', 'p', '5', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "afri.cc", true */ 'a', 'f', 'r', 'i', '.', 'c', 'c', '\0',
+  /* "africa.dating", true */ 'a', 'f', 'r', 'i', 'c', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "africanexponent.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "africanimpact.com", true */ 'a', 'f', 'r', 'i', 'c', 'a', 'n', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "africatravel.de", true */ 'a', 'f', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'v', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "afrikarl.de", true */ 'a', 'f', 'r', 'i', 'k', 'a', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "afrodigital.uk", true */ 'a', 'f', 'r', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'u', 'k', '\0',
+  /* "after.digital", true */ 'a', 'f', 't', 'e', 'r', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "afterhate.fr", true */ 'a', 'f', 't', 'e', 'r', 'h', 'a', 't', 'e', '.', 'f', 'r', '\0',
+  /* "afuh.de", true */ 'a', 'f', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "afva.net", true */ 'a', 'f', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ag-websolutions.de", true */ 'a', 'g', '-', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "agalliasis.ch", true */ 'a', 'g', 'a', 'l', 'l', 'i', 'a', 's', 'i', 's', '.', 'c', 'h', '\0',
+  /* "agamsecurity.ch", true */ 'a', 'g', 'a', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'h', '\0',
+  /* "agate.pw", true */ 'a', 'g', 'a', 't', 'e', '.', 'p', 'w', '\0',
+  /* "agdalieso.com.ba", true */ 'a', 'g', 'd', 'a', 'l', 'i', 'e', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'a', '\0',
+  /* "ageg.ca", true */ 'a', 'g', 'e', 'g', '.', 'c', 'a', '\0',
+  /* "agenciadeempregosdourados.com.br", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'e', 'm', 'p', 'r', 'e', 'g', 'o', 's', 'd', 'o', 'u', 'r', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agenciafiscal.pe", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'f', 'i', 's', 'c', 'a', 'l', '.', 'p', 'e', '\0',
+  /* "agenciagriff.com", true */ 'a', 'g', 'e', 'n', 'c', 'i', 'a', 'g', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "agencymanager.be", true */ 'a', 'g', 'e', 'n', 'c', 'y', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "agenda-loto.net", false */ 'a', 'g', 'e', 'n', 'd', 'a', '-', 'l', 'o', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "agenda21senden.de", true */ 'a', 'g', 'e', 'n', 'd', 'a', '2', '1', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "agent-grow.com", true */ 'a', 'g', 'e', 'n', 't', '-', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "agent6.com.au", true */ 'a', 'g', 'e', 'n', 't', '6', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "agentprocessing.com", true */ 'a', 'g', 'e', 'n', 't', 'p', 'r', 'o', 'c', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "agfmedia.com", true */ 'a', 'g', 'f', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "agglo-sion.ch", true */ 'a', 'g', 'g', 'l', 'o', '-', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "aggr.pw", true */ 'a', 'g', 'g', 'r', '.', 'p', 'w', '\0',
+  /* "agia.ad", true */ 'a', 'g', 'i', 'a', '.', 'a', 'd', '\0',
+  /* "agiairini.cz", true */ 'a', 'g', 'i', 'a', 'i', 'r', 'i', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "agilebits.com", true */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "agilebits.net", false */ 'a', 'g', 'i', 'l', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "agileecommerce.com.br", true */ 'a', 'g', 'i', 'l', 'e', 'e', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agileui.com", true */ 'a', 'g', 'i', 'l', 'e', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "agiley.se", true */ 'a', 'g', 'i', 'l', 'e', 'y', '.', 's', 'e', '\0',
+  /* "agilob.net", true */ 'a', 'g', 'i', 'l', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "aging.gov", true */ 'a', 'g', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "agingstop.net", true */ 'a', 'g', 'i', 'n', 'g', 's', 't', 'o', 'p', '.', 'n', 'e', 't', '\0',
+  /* "agoodmind.com", true */ 'a', 'g', 'o', 'o', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "agoravox.fr", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "agoravox.it", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 'i', 't', '\0',
+  /* "agoravox.tv", true */ 'a', 'g', 'o', 'r', 'a', 'v', 'o', 'x', '.', 't', 'v', '\0',
+  /* "agotnes.com", true */ 'a', 'g', 'o', 't', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "agouraelectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "agourahillselectrical.com", true */ 'a', 'g', 'o', 'u', 'r', 'a', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "agowa.eu", true */ 'a', 'g', 'o', 'w', 'a', '.', 'e', 'u', '\0',
+  /* "agowa338.de", true */ 'a', 'g', 'o', 'w', 'a', '3', '3', '8', '.', 'd', 'e', '\0',
+  /* "agr.asia", true */ 'a', 'g', 'r', '.', 'a', 's', 'i', 'a', '\0',
+  /* "agrarking.com", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "agrarking.de", true */ 'a', 'g', 'r', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "agrarshop4u.de", true */ 'a', 'g', 'r', 'a', 'r', 's', 'h', 'o', 'p', '4', 'u', '.', 'd', 'e', '\0',
+  /* "agrekov.ru", true */ 'a', 'g', 'r', 'e', 'k', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "agreor.com", true */ 'a', 'g', 'r', 'e', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "agricolo.ch", true */ 'a', 'g', 'r', 'i', 'c', 'o', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "agridir.site", true */ 'a', 'g', 'r', 'i', 'd', 'i', 'r', '.', 's', 'i', 't', 'e', '\0',
+  /* "agrikulturchic.com", true */ 'a', 'g', 'r', 'i', 'k', 'u', 'l', 't', 'u', 'r', 'c', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "agrilinks.org", true */ 'a', 'g', 'r', 'i', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "agrios.de", true */ 'a', 'g', 'r', 'i', 'o', 's', '.', 'd', 'e', '\0',
+  /* "agroglass.com.br", true */ 'a', 'g', 'r', 'o', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "agroline.by", true */ 'a', 'g', 'r', 'o', 'l', 'i', 'n', 'e', '.', 'b', 'y', '\0',
+  /* "agroyard.com.ua", true */ 'a', 'g', 'r', 'o', 'y', 'a', 'r', 'd', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "agsb.ch", true */ 'a', 'g', 's', 'b', '.', 'c', 'h', '\0',
+  /* "agung-furniture.com", true */ 'a', 'g', 'u', 'n', 'g', '-', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "agwa.name", true */ 'a', 'g', 'w', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ahcpr.gov", false */ 'a', 'h', 'c', 'p', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ahd.com", false */ 'a', 'h', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ahelos.tk", true */ 'a', 'h', 'e', 'l', 'o', 's', '.', 't', 'k', '\0',
+  /* "aheng.me", true */ 'a', 'h', 'e', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "ahero4all.org", true */ 'a', 'h', 'e', 'r', 'o', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "ahiru3.com", true */ 'a', 'h', 'i', 'r', 'u', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ahkubiak.ovh", true */ 'a', 'h', 'k', 'u', 'b', 'i', 'a', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "ahlaejaba.com", true */ 'a', 'h', 'l', 'a', 'e', 'j', 'a', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ahlz.sk", true */ 'a', 'h', 'l', 'z', '.', 's', 'k', '\0',
+  /* "ahmad.works", true */ 'a', 'h', 'm', 'a', 'd', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "ahmadly.com", true */ 'a', 'h', 'm', 'a', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ahmedabadflowermall.com", true */ 'a', 'h', 'm', 'e', 'd', 'a', 'b', 'a', 'd', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ahmedcharles.com", true */ 'a', 'h', 'm', 'e', 'd', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ahmerjamilkhan.org", true */ 'a', 'h', 'm', 'e', 'r', 'j', 'a', 'm', 'i', 'l', 'k', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "aholic.co", true */ 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '\0',
+  /* "ahoy.travel", true */ 'a', 'h', 'o', 'y', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0',
+  /* "ahoyconference.com", true */ 'a', 'h', 'o', 'y', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ahrq.gov", false */ 'a', 'h', 'r', 'q', '.', 'g', 'o', 'v', '\0',
+  /* "ahughes03.com", true */ 'a', 'h', 'u', 'g', 'h', 'e', 's', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ahxxm.com", true */ 'a', 'h', 'x', 'x', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ai-english.jp", true */ 'a', 'i', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'j', 'p', '\0',
+  /* "aia.de", true */ 'a', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "aibenzi.com", true */ 'a', 'i', 'b', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "aicial.co.uk", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aicial.com", true */ 'a', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aid-web.ch", true */ 'a', 'i', 'd', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "aide-valais.ch", true */ 'a', 'i', 'd', 'e', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "aiden.link", true */ 'a', 'i', 'd', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "aidhan.net", true */ 'a', 'i', 'd', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "aie.de", true */ 'a', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "aiesecarad.ro", true */ 'a', 'i', 'e', 's', 'e', 'c', 'a', 'r', 'a', 'd', '.', 'r', 'o', '\0',
+  /* "aiforsocialmedia.com", true */ 'a', 'i', 'f', 'o', 'r', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aigcev.org", true */ 'a', 'i', 'g', 'c', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "aigenpul.se", true */ 'a', 'i', 'g', 'e', 'n', 'p', 'u', 'l', '.', 's', 'e', '\0',
+  /* "aiida.se", true */ 'a', 'i', 'i', 'd', 'a', '.', 's', 'e', '\0',
+  /* "aijsk.com", true */ 'a', 'i', 'j', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aikenorganics.com", true */ 'a', 'i', 'k', 'e', 'n', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aikenpromotions.com", true */ 'a', 'i', 'k', 'e', 'n', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aikido-club-limburg.de", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'c', 'l', 'u', 'b', '-', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "aikido-linz.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "aikido-wels.at", true */ 'a', 'i', 'k', 'i', 'd', 'o', '-', 'w', 'e', 'l', 's', '.', 'a', 't', '\0',
+  /* "aimeeandalec.com", true */ 'a', 'i', 'm', 'e', 'e', 'a', 'n', 'd', 'a', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aimgroup.co.tz", true */ 'a', 'i', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 't', 'z', '\0',
+  /* "aimotive.com", true */ 'a', 'i', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aintevenmad.ch", true */ 'a', 'i', 'n', 't', 'e', 'v', 'e', 'n', 'm', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "aioboot.com", true */ 'a', 'i', 'o', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aiois.com", true */ 'a', 'i', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aiphyron.com", true */ 'a', 'i', 'p', 'h', 'y', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "air-craftglass.com", true */ 'a', 'i', 'r', '-', 'c', 'r', 'a', 'f', 't', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "air-shots.ch", true */ 'a', 'i', 'r', '-', 's', 'h', 'o', 't', 's', '.', 'c', 'h', '\0',
+  /* "air-we-go.co.uk", true */ 'a', 'i', 'r', '-', 'w', 'e', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airbly.com", true */ 'a', 'i', 'r', 'b', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "airbnb.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "airbnbopen.com", true */ 'a', 'i', 'r', 'b', 'n', 'b', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "airborne-inflatables.co.uk", true */ 'a', 'i', 'r', 'b', 'o', 'r', 'n', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airclass.com", true */ 'a', 'i', 'r', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aircomms.com", true */ 'a', 'i', 'r', 'c', 'o', 'm', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "airductclean.com", false */ 'a', 'i', 'r', 'd', 'u', 'c', 't', 'c', 'l', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "airdur.eu", true */ 'a', 'i', 'r', 'd', 'u', 'r', '.', 'e', 'u', '\0',
+  /* "airedaleterrier.com.br", true */ 'a', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "airetvie.com", true */ 'a', 'i', 'r', 'e', 't', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airfax.io", true */ 'a', 'i', 'r', 'f', 'a', 'x', '.', 'i', 'o', '\0',
+  /* "airhart.me", true */ 'a', 'i', 'r', 'h', 'a', 'r', 't', '.', 'm', 'e', '\0',
+  /* "airhelp.com", true */ 'a', 'i', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "airicy.com", true */ 'a', 'i', 'r', 'i', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "airmail.cc", true */ 'a', 'i', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0',
+  /* "airmaxinflatables.com", true */ 'a', 'i', 'r', 'm', 'a', 'x', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "airnow.gov", true */ 'a', 'i', 'r', 'n', 'o', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "airpbx.com", true */ 'a', 'i', 'r', 'p', 'b', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "airplay-inflatable-hire.co.uk", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "airplayradio.nl", true */ 'a', 'i', 'r', 'p', 'l', 'a', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "airportlimototoronto.com", true */ 'a', 'i', 'r', 'p', 'o', 'r', 't', 'l', 'i', 'm', 'o', 't', 'o', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "airpurifierproductsonline.com", true */ 'a', 'i', 'r', 'p', 'u', 'r', 'i', 'f', 'i', 'e', 'r', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airsoft.ch", true */ 'a', 'i', 'r', 's', 'o', 'f', 't', '.', 'c', 'h', '\0',
+  /* "airtimefranchise.com", true */ 'a', 'i', 'r', 't', 'i', 'm', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "airvpn.org", true */ 'a', 'i', 'r', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "airvuz.com", true */ 'a', 'i', 'r', 'v', 'u', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "airwegobouncycastles.co.uk", true */ 'a', 'i', 'r', 'w', 'e', 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ais.fashion", true */ 'a', 'i', 's', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0',
+  /* "aistockcharts.com", true */ 'a', 'i', 's', 't', 'o', 'c', 'k', 'c', 'h', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ait.com.ar", true */ 'a', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "aiticon.com", true */ 'a', 'i', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aitosoftware.com", true */ 'a', 'i', 't', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aiutodomestico.ch", true */ 'a', 'i', 'u', 't', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "aivd.lol", true */ 'a', 'i', 'v', 'd', '.', 'l', 'o', 'l', '\0',
+  /* "aiwdirect.com", true */ 'a', 'i', 'w', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aixxe.net", true */ 'a', 'i', 'x', 'x', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ajapaik.ee", true */ 'a', 'j', 'a', 'p', 'a', 'i', 'k', '.', 'e', 'e', '\0',
+  /* "ajarope.com", true */ 'a', 'j', 'a', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ajbouncycastles.co.uk", true */ 'a', 'j', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ajces.com", true */ 'a', 'j', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ajdiaz.me", true */ 'a', 'j', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0',
+  /* "ajetaci.cz", true */ 'a', 'j', 'e', 't', 'a', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "ajeventhire.co.uk", true */ 'a', 'j', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ajibot.com", true */ 'a', 'j', 'i', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ajnasz.hu", true */ 'a', 'j', 'n', 'a', 's', 'z', '.', 'h', 'u', '\0',
+  /* "ak-varazdin.hr", true */ 'a', 'k', '-', 'v', 'a', 'r', 'a', 'z', 'd', 'i', 'n', '.', 'h', 'r', '\0',
+  /* "akachanikuji.com", true */ 'a', 'k', 'a', 'c', 'h', 'a', 'n', 'i', 'k', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "akalashnikov.ru", true */ 'a', 'k', 'a', 'l', 'a', 's', 'h', 'n', 'i', 'k', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "akamon.ac.jp", true */ 'a', 'k', 'a', 'm', 'o', 'n', '.', 'a', 'c', '.', 'j', 'p', '\0',
+  /* "akaoma.com", true */ 'a', 'k', 'a', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "akazakov.info", true */ 'a', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "akdigitalegesellschaft.de", false */ 'a', 'k', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'g', 'e', 's', 'e', 'l', 'l', 's', 'c', 'h', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "akelius.de", false */ 'a', 'k', 'e', 'l', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "akhilindurti.com", false */ 'a', 'k', 'h', 'i', 'l', 'i', 'n', 'd', 'u', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "akhras.at", true */ 'a', 'k', 'h', 'r', 'a', 's', '.', 'a', 't', '\0',
+  /* "akihito.com", true */ 'a', 'k', 'i', 'h', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "akijo.de", true */ 'a', 'k', 'i', 'j', 'o', '.', 'd', 'e', '\0',
+  /* "akita-boutique.com", true */ 'a', 'k', 'i', 't', 'a', '-', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "akkbouncycastles.co.uk", true */ 'a', 'k', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "akoch.net", true */ 'a', 'k', 'o', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "akostecki.de", true */ 'a', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "akovana.com", true */ 'a', 'k', 'o', 'v', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "akoya.fi", true */ 'a', 'k', 'o', 'y', 'a', '.', 'f', 'i', '\0',
+  /* "akpwebdesign.com", true */ 'a', 'k', 'p', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "akr.io", true */ 'a', 'k', 'r', '.', 'i', 'o', '\0',
+  /* "akritikos.info", true */ 'a', 'k', 'r', 'i', 't', 'i', 'k', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "akropolis-ravensburg.de", true */ 'a', 'k', 'r', 'o', 'p', 'o', 'l', 'i', 's', '-', 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "akselinurmio.fi", true */ 'a', 'k', 's', 'e', 'l', 'i', 'n', 'u', 'r', 'm', 'i', 'o', '.', 'f', 'i', '\0',
+  /* "aktiv-naturheilmittel.at", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'a', 't', '\0',
+  /* "aktiv-naturheilmittel.ch", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "aktiv-naturheilmittel.de", true */ 'a', 'k', 't', 'i', 'v', '-', 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "aktivace.eu", true */ 'a', 'k', 't', 'i', 'v', 'a', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "aktivierungscenter.de", true */ 'a', 'k', 't', 'i', 'v', 'i', 'e', 'r', 'u', 'n', 'g', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "akutun.cl", true */ 'a', 'k', 'u', 't', 'u', 'n', '.', 'c', 'l', '\0',
+  /* "akvorrat.at", true */ 'a', 'k', 'v', 'o', 'r', 'r', 'a', 't', '.', 'a', 't', '\0',
+  /* "al3xpro.com", true */ 'a', 'l', '3', 'x', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alaboard.com", true */ 'a', 'l', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aladdinschools.appspot.com", true */ 'a', 'l', 'a', 'd', 'd', 'i', 'n', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alainbaechlerphotography.ch", true */ 'a', 'l', 'a', 'i', 'n', 'b', 'a', 'e', 'c', 'h', 'l', 'e', 'r', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "alainmargot.ch", true */ 'a', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'g', 'o', 't', '.', 'c', 'h', '\0',
+  /* "alainwolf.ch", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'c', 'h', '\0',
+  /* "alainwolf.net", true */ 'a', 'l', 'a', 'i', 'n', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0',
+  /* "alamgir.works", true */ 'a', 'l', 'a', 'm', 'g', 'i', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "alanhuang.name", true */ 'a', 'l', 'a', 'n', 'h', 'u', 'a', 'n', 'g', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "alaninkenya.org", true */ 'a', 'l', 'a', 'n', 'i', 'n', 'k', 'e', 'n', 'y', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alaricfavier.eu", false */ 'a', 'l', 'a', 'r', 'i', 'c', 'f', 'a', 'v', 'i', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "alarmcomplete.co.uk", true */ 'a', 'l', 'a', 'r', 'm', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alastairs-place.net", true */ 'a', 'l', 'a', 's', 't', 'a', 'i', 'r', 's', '-', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alaundeil.xyz", true */ 'a', 'l', 'a', 'u', 'n', 'd', 'e', 'i', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "alaxyjewellers.co.za", true */ 'a', 'l', 'a', 'x', 'y', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "alb-flirt.de", true */ 'a', 'l', 'b', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "albbounce.co.uk", true */ 'a', 'l', 'b', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "albersdruck.de", true */ 'a', 'l', 'b', 'e', 'r', 's', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "albertathome.org", true */ 'a', 'l', 'b', 'e', 'r', 't', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "albertify.xyz", true */ 'a', 'l', 'b', 'e', 'r', 't', 'i', 'f', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "albion2.org", true */ 'a', 'l', 'b', 'i', 'o', 'n', '2', '.', 'o', 'r', 'g', '\0',
+  /* "alboweb.nl", true */ 'a', 'l', 'b', 'o', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "albuic.tk", true */ 'a', 'l', 'b', 'u', 'i', 'c', '.', 't', 'k', '\0',
+  /* "alca31.com", true */ 'a', 'l', 'c', 'a', '3', '1', '.', 'c', 'o', 'm', '\0',
+  /* "alcatelonetouch.us", true */ 'a', 'l', 'c', 'a', 't', 'e', 'l', 'o', 'n', 'e', 't', 'o', 'u', 'c', 'h', '.', 'u', 's', '\0',
+  /* "alchemia.co.il", true */ 'a', 'l', 'c', 'h', 'e', 'm', 'i', 'a', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "alchimic.ch", true */ 'a', 'l', 'c', 'h', 'i', 'm', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "alcorao.org", true */ 'a', 'l', 'c', 'o', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "aldes.co.za", true */ 'a', 'l', 'd', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "aldien.com.br", true */ 'a', 'l', 'd', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aldous-huxley.com", true */ 'a', 'l', 'd', 'o', 'u', 's', '-', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "aleax.me", true */ 'a', 'l', 'e', 'a', 'x', '.', 'm', 'e', '\0',
+  /* "alecpap.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "alecpapierniak.com", true */ 'a', 'l', 'e', 'c', 'p', 'a', 'p', 'i', 'e', 'r', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "alecrust.com", true */ 'a', 'l', 'e', 'c', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aleksejjocic.tk", true */ 'a', 'l', 'e', 'k', 's', 'e', 'j', 'j', 'o', 'c', 'i', 'c', '.', 't', 'k', '\0',
+  /* "aleksib.fi", true */ 'a', 'l', 'e', 'k', 's', 'i', 'b', '.', 'f', 'i', '\0',
+  /* "alela.fr", true */ 'a', 'l', 'e', 'l', 'a', '.', 'f', 'r', '\0',
+  /* "aleph.land", true */ 'a', 'l', 'e', 'p', 'h', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "alertaenlinea.gov", true */ 'a', 'l', 'e', 'r', 't', 'a', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "alertboxx.com", true */ 'a', 'l', 'e', 'r', 't', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "alertonline.nl", true */ 'a', 'l', 'e', 'r', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "alerts.sg", true */ 'a', 'l', 'e', 'r', 't', 's', '.', 's', 'g', '\0',
+  /* "alertwire.com", true */ 'a', 'l', 'e', 'r', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alessandroonline.com.br", true */ 'a', 'l', 'e', 's', 's', 'a', 'n', 'd', 'r', 'o', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "aletm.it", true */ 'a', 'l', 'e', 't', 'm', '.', 'i', 't', '\0',
+  /* "alex-ross.co.uk", true */ 'a', 'l', 'e', 'x', '-', 'r', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alex97000.de", true */ 'a', 'l', 'e', 'x', '9', '7', '0', '0', '0', '.', 'd', 'e', '\0',
+  /* "alexander-beck.eu", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', '-', 'b', 'e', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "alexandermuetzel.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 'm', 'u', 'e', 't', 'z', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "alexanderschimpf.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'p', 'f', '.', 'd', 'e', '\0',
+  /* "alexandra-schulze.de", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'a', '-', 's', 'c', 'h', 'u', 'l', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "alexandre-blond.fr", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'e', '-', 'b', 'l', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "alexandros.io", true */ 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'o', 's', '.', 'i', 'o', '\0',
+  /* "alexbaker.org", true */ 'a', 'l', 'e', 'x', 'b', 'a', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "alexberts.ch", true */ 'a', 'l', 'e', 'x', 'b', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "alexcoman.com", true */ 'a', 'l', 'e', 'x', 'c', 'o', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alexdaniel.org", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'n', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "alexdaulby.com", true */ 'a', 'l', 'e', 'x', 'd', 'a', 'u', 'l', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "alexey-shamara.ru", true */ 'a', 'l', 'e', 'x', 'e', 'y', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "alexeykopytko.com", true */ 'a', 'l', 'e', 'x', 'e', 'y', 'k', 'o', 'p', 'y', 't', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alexfisherhealth.com.au", true */ 'a', 'l', 'e', 'x', 'f', 'i', 's', 'h', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "alexgaynor.net", true */ 'a', 'l', 'e', 'x', 'g', 'a', 'y', 'n', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "alexhaydock.co.uk", true */ 'a', 'l', 'e', 'x', 'h', 'a', 'y', 'd', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alexhd.de", true */ 'a', 'l', 'e', 'x', 'h', 'd', '.', 'd', 'e', '\0',
+  /* "alexisabarca.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'a', 'b', 'a', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "alexischaussy.xyz", true */ 'a', 'l', 'e', 'x', 'i', 's', 'c', 'h', 'a', 'u', 's', 's', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "alexismeza.com", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "alexismeza.com.mx", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "alexismeza.dk", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'd', 'k', '\0',
+  /* "alexismeza.es", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'e', 's', '\0',
+  /* "alexismeza.nl", true */ 'a', 'l', 'e', 'x', 'i', 's', 'm', 'e', 'z', 'a', '.', 'n', 'l', '\0',
+  /* "alexkott.com", true */ 'a', 'l', 'e', 'x', 'k', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alexmak.net", true */ 'a', 'l', 'e', 'x', 'm', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "alexmerkel.com", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alexmerkel.me", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "alexmerkel.xyz", true */ 'a', 'l', 'e', 'x', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "alexn.org", true */ 'a', 'l', 'e', 'x', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "alexpavel.com", true */ 'a', 'l', 'e', 'x', 'p', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alexpotter.net", false */ 'a', 'l', 'e', 'x', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "alexs.de", true */ 'a', 'l', 'e', 'x', 's', '.', 'd', 'e', '\0',
+  /* "alexsergeyev.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'r', 'g', 'e', 'y', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "alexsexton.com", true */ 'a', 'l', 'e', 'x', 's', 'e', 'x', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alextaffe.com", true */ 'a', 'l', 'e', 'x', 't', 'a', 'f', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alextsang.net", true */ 'a', 'l', 'e', 'x', 't', 's', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "alexvdveen.nl", true */ 'a', 'l', 'e', 'x', 'v', 'd', 'v', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "alexvetter.de", true */ 'a', 'l', 'e', 'x', 'v', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "alexwardweb.com", true */ 'a', 'l', 'e', 'x', 'w', 'a', 'r', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "alexyang.me", true */ 'a', 'l', 'e', 'x', 'y', 'a', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "alfa-tech.su", true */ 'a', 'l', 'f', 'a', '-', 't', 'e', 'c', 'h', '.', 's', 'u', '\0',
+  /* "alfaperfumes.com.br", true */ 'a', 'l', 'f', 'a', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alfaponny.se", true */ 'a', 'l', 'f', 'a', 'p', 'o', 'n', 'n', 'y', '.', 's', 'e', '\0',
+  /* "alfirous.com", true */ 'a', 'l', 'f', 'i', 'r', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "algarmatic-automatismos.pt", true */ 'a', 'l', 'g', 'a', 'r', 'm', 'a', 't', 'i', 'c', '-', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 's', 'm', 'o', 's', '.', 'p', 't', '\0',
+  /* "algebraaec.com", true */ 'a', 'l', 'g', 'e', 'b', 'r', 'a', 'a', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "alghanimcatering.com", true */ 'a', 'l', 'g', 'h', 'a', 'n', 'i', 'm', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "algoentremanos.com", true */ 'a', 'l', 'g', 'o', 'e', 'n', 't', 'r', 'e', 'm', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "algolia.com", true */ 'a', 'l', 'g', 'o', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aliacraft.net", true */ 'a', 'l', 'i', 'a', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "aliantsoft.pl", true */ 'a', 'l', 'i', 'a', 'n', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "aliaswp.com", true */ 'a', 'l', 'i', 'a', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "alibangash.com", true */ 'a', 'l', 'i', 'b', 'a', 'n', 'g', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "alibip.de", true */ 'a', 'l', 'i', 'b', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "alice-noutore.com", true */ 'a', 'l', 'i', 'c', 'e', '-', 'n', 'o', 'u', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alice.tw", true */ 'a', 'l', 'i', 'c', 'e', '.', 't', 'w', '\0',
+  /* "alicestudio.it", true */ 'a', 'l', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'i', 't', '\0',
+  /* "alicetone.net", true */ 'a', 'l', 'i', 'c', 'e', 't', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alicialab.org", true */ 'a', 'l', 'i', 'c', 'i', 'a', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "alien.bz", true */ 'a', 'l', 'i', 'e', 'n', '.', 'b', 'z', '\0',
+  /* "alienation.biz", true */ 'a', 'l', 'i', 'e', 'n', 'a', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "alienstat.com", true */ 'a', 'l', 'i', 'e', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alignrs.com", true */ 'a', 'l', 'i', 'g', 'n', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alinasmusicstudio.com", true */ 'a', 'l', 'i', 'n', 'a', 's', 'm', 'u', 's', 'i', 'c', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alinode.com", true */ 'a', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alisonisrealestate.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'i', 's', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alisonlitchfield.com", true */ 'a', 'l', 'i', 's', 'o', 'n', 'l', 'i', 't', 'c', 'h', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "alistairstowing.com", true */ 'a', 'l', 'i', 's', 't', 'a', 'i', 'r', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "alisync.com", true */ 'a', 'l', 'i', 's', 'y', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "aliwebstore.com", true */ 'a', 'l', 'i', 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alix-board.de", true */ 'a', 'l', 'i', 'x', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "alize-theatre.ch", true */ 'a', 'l', 'i', 'z', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "aljammaz.holdings", true */ 'a', 'l', 'j', 'a', 'm', 'm', 'a', 'z', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0',
+  /* "aljaspod.com", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aljaspod.hu", true */ 'a', 'l', 'j', 'a', 's', 'p', 'o', 'd', '.', 'h', 'u', '\0',
+  /* "aljweb.com", true */ 'a', 'l', 'j', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "alkel.info", true */ 'a', 'l', 'k', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "all-connect.net", false */ 'a', 'l', 'l', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "all-markup-news.com", true */ 'a', 'l', 'l', '-', 'm', 'a', 'r', 'k', 'u', 'p', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "all4hardware4u.de", true */ 'a', 'l', 'l', '4', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "allaboutbelgaum.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'b', 'e', 'l', 'g', 'a', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "allaboutfunuk.com", true */ 'a', 'l', 'l', 'a', 'b', 'o', 'u', 't', 'f', 'u', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "allactioneventhire.co.uk", true */ 'a', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allamericanmuslim.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'u', 's', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "allamericatrans.com", true */ 'a', 'l', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allangirvan.net", true */ 'a', 'l', 'l', 'a', 'n', 'g', 'i', 'r', 'v', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "allbenjoy.de", true */ 'a', 'l', 'l', 'b', 'e', 'n', 'j', 'o', 'y', '.', 'd', 'e', '\0',
+  /* "allbounceandplay.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allbouncesurrey.co.uk", true */ 'a', 'l', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "allbusiness.com", true */ 'a', 'l', 'l', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allcapa.org", true */ 'a', 'l', 'l', 'c', 'a', 'p', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "allcarepharmacy.com", true */ 'a', 'l', 'l', 'c', 'a', 'r', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "allcloud.com", true */ 'a', 'l', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "allcovered.nl", true */ 'a', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "alldewall.de", true */ 'a', 'l', 'l', 'd', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "alle.bg", true */ 'a', 'l', 'l', 'e', '.', 'b', 'g', '\0',
+  /* "allemobieleproviders.nl", true */ 'a', 'l', 'l', 'e', 'm', 'o', 'b', 'i', 'e', 'l', 'e', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "allensun.org", true */ 'a', 'l', 'l', 'e', 'n', 's', 'u', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "allesisonline.nl", true */ 'a', 'l', 'l', 'e', 's', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "alleskomtgoed.org", true */ 'a', 'l', 'l', 'e', 's', 'k', 'o', 'm', 't', 'g', 'o', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "allesrocknroll.de", true */ 'a', 'l', 'l', 'e', 's', 'r', 'o', 'c', 'k', 'n', 'r', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "allforyou.at", true */ 'a', 'l', 'l', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'a', 't', '\0',
+  /* "allfreelancers.su", true */ 'a', 'l', 'l', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'r', 's', '.', 's', 'u', '\0',
+  /* "alliance-compacts.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alliances-faq.de", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0',
+  /* "alliances-globalsolutions.com", true */ 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 's', '-', 'g', 'l', 'o', 'b', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alliedfrozenstorage.com", true */ 'a', 'l', 'l', 'i', 'e', 'd', 'f', 'r', 'o', 'z', 'e', 'n', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "allinagency.com", true */ 'a', 'l', 'l', 'i', 'n', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "allinone-ranking150.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', '-', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '1', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "allinonecyprus.com", true */ 'a', 'l', 'l', 'i', 'n', 'o', 'n', 'e', 'c', 'y', 'p', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allis.studio", true */ 'a', 'l', 'l', 'i', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "allladyboys.com", true */ 'a', 'l', 'l', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allmebel.ru", true */ 'a', 'l', 'l', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "allmend-ru.de", true */ 'a', 'l', 'l', 'm', 'e', 'n', 'd', '-', 'r', 'u', '.', 'd', 'e', '\0',
+  /* "allns.fr", true */ 'a', 'l', 'l', 'n', 's', '.', 'f', 'r', '\0',
+  /* "allo-credit.ch", true */ 'a', 'l', 'l', 'o', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'h', '\0',
+  /* "alloutatl.com", true */ 'a', 'l', 'l', 'o', 'u', 't', 'a', 't', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "alloydevil.nl", true */ 'a', 'l', 'l', 'o', 'y', 'd', 'e', 'v', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "allplayer.tk", true */ 'a', 'l', 'l', 'p', 'l', 'a', 'y', 'e', 'r', '.', 't', 'k', '\0',
+  /* "allpointsblog.com", true */ 'a', 'l', 'l', 'p', 'o', 'i', 'n', 't', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "allproptonline.com", true */ 'a', 'l', 'l', 'p', 'r', 'o', 'p', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "allroundpvp.net", true */ 'a', 'l', 'l', 'r', 'o', 'u', 'n', 'd', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0',
+  /* "allsearch.io", true */ 'a', 'l', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "allshousedesigns.com", true */ 'a', 'l', 'l', 's', 'h', 'o', 'u', 's', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allstarautokiaparts.com", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'a', 'u', 't', 'o', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allstarpartyinflatables.co.uk", true */ 'a', 'l', 'l', 's', 't', 'a', 'r', 'p', 'a', 'r', 't', 'y', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alltheducks.com", true */ 'a', 'l', 'l', 't', 'h', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "allthethings.co.nz", true */ 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "allthings.me", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0',
+  /* "allthingsblogging.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "allthingsfpl.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'f', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "allthingssquared.com", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "allthingswild.co.uk", true */ 'a', 'l', 'l', 't', 'h', 'i', 'n', 'g', 's', 'w', 'i', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alltubedownload.net", true */ 'a', 'l', 'l', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "allurescarves.com", true */ 'a', 'l', 'l', 'u', 'r', 'e', 's', 'c', 'a', 'r', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alluvion.studio", true */ 'a', 'l', 'l', 'u', 'v', 'i', 'o', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "almaatlantica.com", true */ 'a', 'l', 'm', 'a', 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "almatinki.com", true */ 'a', 'l', 'm', 'a', 't', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "almavios.com", true */ 'a', 'l', 'm', 'a', 'v', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "almstrom.org", true */ 'a', 'l', 'm', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "alnitech.com", false */ 'a', 'l', 'n', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "alocato.com", true */ 'a', 'l', 'o', 'c', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alohapartyevents.co.uk", true */ 'a', 'l', 'o', 'h', 'a', 'p', 'a', 'r', 't', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alpca.org", true */ 'a', 'l', 'p', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alpe-d-or.dyn-o-saur.com", true */ 'a', 'l', 'p', 'e', '-', 'd', '-', 'o', 'r', '.', 'd', 'y', 'n', '-', 'o', '-', 's', 'a', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "alpencam.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "alpencams.com", true */ 'a', 'l', 'p', 'e', 'n', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alpengreis.ch", true */ 'a', 'l', 'p', 'e', 'n', 'g', 'r', 'e', 'i', 's', '.', 'c', 'h', '\0',
+  /* "alpenjuice.com", true */ 'a', 'l', 'p', 'e', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alpertron.com.ar", true */ 'a', 'l', 'p', 'e', 'r', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "alpha-assistant.com", true */ 'a', 'l', 'p', 'h', 'a', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alpha-force.net", false */ 'a', 'l', 'p', 'h', 'a', '-', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "alpha.ch", true */ 'a', 'l', 'p', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "alpha88uat.com", true */ 'a', 'l', 'p', 'h', 'a', '8', '8', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alphabetsigns.com", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'e', 't', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alphabouncycastles.co.uk", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alphabrock.cn", true */ 'a', 'l', 'p', 'h', 'a', 'b', 'r', 'o', 'c', 'k', '.', 'c', 'n', '\0',
+  /* "alphachat.net", true */ 'a', 'l', 'p', 'h', 'a', 'c', 'h', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "alphafiduciaryservices.ch", true */ 'a', 'l', 'p', 'h', 'a', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "alphahunks.com", true */ 'a', 'l', 'p', 'h', 'a', 'h', 'u', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alphainflatablehire.com", true */ 'a', 'l', 'p', 'h', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alphapengu.in", true */ 'a', 'l', 'p', 'h', 'a', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0',
+  /* "alpharotary.com", true */ 'a', 'l', 'p', 'h', 'a', 'r', 'o', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "alphassl.de", true */ 'a', 'l', 'p', 'h', 'a', 's', 's', 'l', '.', 'd', 'e', '\0',
+  /* "alphatrash.de", true */ 'a', 'l', 'p', 'h', 'a', 't', 'r', 'a', 's', 'h', '.', 'd', 'e', '\0',
+  /* "alphera.nl", true */ 'a', 'l', 'p', 'h', 'e', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "alphie.me", true */ 'a', 'l', 'p', 'h', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "alphipneux.fr", true */ 'a', 'l', 'p', 'h', 'i', 'p', 'n', 'e', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "alpineplanet.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alpinepubliclibrary.org", true */ 'a', 'l', 'p', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "alpinestarmassage.com", true */ 'a', 'l', 'p', 'i', 'n', 'e', 's', 't', 'a', 'r', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alqassam.net", true */ 'a', 'l', 'q', 'a', 's', 's', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "alrait.com", true */ 'a', 'l', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alroniks.com", true */ 'a', 'l', 'r', 'o', 'n', 'i', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "als-japan.com", true */ 'a', 'l', 's', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "alstroemeria.org", true */ 'a', 'l', 's', 't', 'r', 'o', 'e', 'm', 'e', 'r', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "alt-three.com", true */ 'a', 'l', 't', '-', 't', 'h', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "alt.org", true */ 'a', 'l', 't', '.', 'o', 'r', 'g', '\0',
+  /* "altaide.com", true */ 'a', 'l', 't', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "altbinaries.com", true */ 'a', 'l', 't', 'b', 'i', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "altedirect.com", true */ 'a', 'l', 't', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alter-news.fr", true */ 'a', 'l', 't', 'e', 'r', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "alterbaum.net", true */ 'a', 'l', 't', 'e', 'r', 'b', 'a', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "altercpa.ru", true */ 'a', 'l', 't', 'e', 'r', 'c', 'p', 'a', '.', 'r', 'u', '\0',
+  /* "alternador.com.br", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alternative.bike", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "alternativebit.fr", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', '.', 'f', 'r', '\0',
+  /* "alternativedev.ca", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 'd', 'e', 'v', '.', 'c', 'a', '\0',
+  /* "alternativet.party", true */ 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'e', 't', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "alterspalter.de", true */ 'a', 'l', 't', 'e', 'r', 's', 'p', 'a', 'l', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "altesses.eu", true */ 'a', 'l', 't', 'e', 's', 's', 'e', 's', '.', 'e', 'u', '\0',
+  /* "altestore.com", true */ 'a', 'l', 't', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "altkremsmuensterer.at", true */ 'a', 'l', 't', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', 'e', 'r', '.', 'a', 't', '\0',
+  /* "altonblom.com", true */ 'a', 'l', 't', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "altopartners.com", true */ 'a', 'l', 't', 'o', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "altopia.com", true */ 'a', 'l', 't', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "altporn.xyz", true */ 'a', 'l', 't', 'p', 'o', 'r', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "altstipendiaten.de", true */ 'a', 'l', 't', 's', 't', 'i', 'p', 'e', 'n', 'd', 'i', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "alttrackr.com", true */ 'a', 'l', 't', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "altunbas.info", true */ 'a', 'l', 't', 'u', 'n', 'b', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "alumni-kusa.jp", true */ 'a', 'l', 'u', 'm', 'n', 'i', '-', 'k', 'u', 's', 'a', '.', 'j', 'p', '\0',
+  /* "alunonaescola.com.br", true */ 'a', 'l', 'u', 'n', 'o', 'n', 'a', 'e', 's', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "alupferd.de", true */ 'a', 'l', 'u', 'p', 'f', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "aluroof.eu", true */ 'a', 'l', 'u', 'r', 'o', 'o', 'f', '.', 'e', 'u', '\0',
+  /* "alvcs.com", true */ 'a', 'l', 'v', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "alviano.com", true */ 'a', 'l', 'v', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "alvicom.hu", true */ 'a', 'l', 'v', 'i', 'c', 'o', 'm', '.', 'h', 'u', '\0',
+  /* "alvosec.com", true */ 'a', 'l', 'v', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "alwaysdry.com.au", true */ 'a', 'l', 'w', 'a', 'y', 's', 'd', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "alwayslookingyourbest.com", true */ 'a', 'l', 'w', 'a', 'y', 's', 'l', 'o', 'o', 'k', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "alwaysmine.fi", true */ 'a', 'l', 'w', 'a', 'y', 's', 'm', 'i', 'n', 'e', '.', 'f', 'i', '\0',
+  /* "alyoung.com", true */ 'a', 'l', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "alza.at", true */ 'a', 'l', 'z', 'a', '.', 'a', 't', '\0',
+  /* "alza.co.uk", true */ 'a', 'l', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "alza.cz", true */ 'a', 'l', 'z', 'a', '.', 'c', 'z', '\0',
+  /* "alza.de", true */ 'a', 'l', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "alza.hu", true */ 'a', 'l', 'z', 'a', '.', 'h', 'u', '\0',
+  /* "alza.sk", true */ 'a', 'l', 'z', 'a', '.', 's', 'k', '\0',
+  /* "alzashop.com", true */ 'a', 'l', 'z', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "am2s.fr", true */ 'a', 'm', '2', 's', '.', 'f', 'r', '\0',
+  /* "am3.se", true */ 'a', 'm', '3', '.', 's', 'e', '\0',
+  /* "ama.ne.jp", true */ 'a', 'm', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "amadilo.de", true */ 'a', 'm', 'a', 'd', 'i', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "amadoraslindas.com", true */ 'a', 'm', 'a', 'd', 'o', 'r', 'a', 's', 'l', 'i', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amadvice.com", true */ 'a', 'm', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amaforro.com", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "amaforums.org", true */ 'a', 'm', 'a', 'f', 'o', 'r', 'u', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "amagdic.com", true */ 'a', 'm', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "amagical.net", true */ 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "amalfirock.it", true */ 'a', 'm', 'a', 'l', 'f', 'i', 'r', 'o', 'c', 'k', '.', 'i', 't', '\0',
+  /* "amandasage.ca", true */ 'a', 'm', 'a', 'n', 'd', 'a', 's', 'a', 'g', 'e', '.', 'c', 'a', '\0',
+  /* "amani-kinderdorf.de", true */ 'a', 'm', 'a', 'n', 'i', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "amaranthus.com.ph", true */ 'a', 'm', 'a', 'r', 'a', 'n', 't', 'h', 'u', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "amartinz.at", true */ 'a', 'm', 'a', 'r', 't', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "amateri.com", true */ 'a', 'm', 'a', 't', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "amato.tk", true */ 'a', 'm', 'a', 't', 'o', '.', 't', 'k', '\0',
+  /* "amazili-communication.com", true */ 'a', 'm', 'a', 'z', 'i', 'l', 'i', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amazing-castles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amazingbouncycastles.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amazingfloridagulfhomes.com", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'g', 'u', 'l', 'f', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amazinginflatables.co.uk", true */ 'a', 'm', 'a', 'z', 'i', 'n', 'g', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amb.tf", true */ 'a', 'm', 'b', '.', 't', 'f', '\0',
+  /* "amberalert.gov", true */ 'a', 'm', 'b', 'e', 'r', 'a', 'l', 'e', 'r', 't', '.', 'g', 'o', 'v', '\0',
+  /* "amberglowleisure.co.uk", true */ 'a', 'm', 'b', 'e', 'r', 'g', 'l', 'o', 'w', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amberlightleisure.com", true */ 'a', 'm', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ambholding-usedcars.be", true */ 'a', 'm', 'b', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "ambiancestudio.ro", true */ 'a', 'm', 'b', 'i', 'a', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0',
+  /* "ambiente.one", true */ 'a', 'm', 'b', 'i', 'e', 'n', 't', 'e', '.', 'o', 'n', 'e', '\0',
+  /* "ambiq.nl", true */ 'a', 'm', 'b', 'i', 'q', '.', 'n', 'l', '\0',
+  /* "ambouncyhire.com", true */ 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ambrosius.io", true */ 'a', 'm', 'b', 'r', 'o', 's', 'i', 'u', 's', '.', 'i', 'o', '\0',
+  /* "amcchemical.com", true */ 'a', 'm', 'c', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "amcfirst.com", true */ 'a', 'm', 'c', 'f', 'i', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "amdouglas.com", true */ 'a', 'm', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ameego.com", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ameego.it", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'i', 't', '\0',
+  /* "ameego.net", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'e', 't', '\0',
+  /* "ameego.nl", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "ameego.org", true */ 'a', 'm', 'e', 'e', 'g', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "amees.me", true */ 'a', 'm', 'e', 'e', 's', '.', 'm', 'e', '\0',
+  /* "amelandadventure.nl", true */ 'a', 'm', 'e', 'l', 'a', 'n', 'd', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "americafamilylawcenter.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "american.dating", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "americanbio.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "americanfoundationbr.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'b', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "americanmediainstitute.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'm', 'e', 'd', 'i', 'a', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "americanoutlawjeepparts.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', 'u', 't', 'l', 'a', 'w', 'j', 'e', 'e', 'p', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "americansforcommunitydevelopment.org", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 's', 'f', 'o', 'r', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "americasbasementcontractor.com", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "americkykongres.cz", true */ 'a', 'm', 'e', 'r', 'i', 'c', 'k', 'y', 'k', 'o', 'n', 'g', 'r', 'e', 's', '.', 'c', 'z', '\0',
+  /* "amerigroup.com", true */ 'a', 'm', 'e', 'r', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "amerimarkdirect.com", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'a', 'r', 'k', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "amerimex.cc", true */ 'a', 'm', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'c', '\0',
+  /* "amesvacuumrepair.com", true */ 'a', 'm', 'e', 's', 'v', 'a', 'c', 'u', 'u', 'm', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "amethystcards.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amethystdevelopment.co.uk", true */ 'a', 'm', 'e', 't', 'h', 'y', 's', 't', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ameza.co.uk", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ameza.com.mx", true */ 'a', 'm', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "ameza.io", true */ 'a', 'm', 'e', 'z', 'a', '.', 'i', 'o', '\0',
+  /* "ameza.me", true */ 'a', 'm', 'e', 'z', 'a', '.', 'm', 'e', '\0',
+  /* "ameza.net", true */ 'a', 'm', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "amf.to", true */ 'a', 'm', 'f', '.', 't', 'o', '\0',
+  /* "amg-microwave.com", true */ 'a', 'm', 'g', '-', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amh-entertainments.co.uk", true */ 'a', 'm', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ami-de-bastanes.fr", true */ 'a', 'm', 'i', '-', 'd', 'e', '-', 'b', 'a', 's', 't', 'a', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "amicalecanyon.ch", true */ 'a', 'm', 'i', 'c', 'a', 'l', 'e', 'c', 'a', 'n', 'y', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "amiciidogrescue.org.uk", true */ 'a', 'm', 'i', 'c', 'i', 'i', 'd', 'o', 'g', 'r', 'e', 's', 'c', 'u', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "amicsdelbus.com", true */ 'a', 'm', 'i', 'c', 's', 'd', 'e', 'l', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amihub.com", true */ 'a', 'm', 'i', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "amilum.org", true */ 'a', 'm', 'i', 'l', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "amin.one", true */ 'a', 'm', 'i', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "aminafrance.com", true */ 'a', 'm', 'i', 'n', 'a', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amineptine.com", true */ 'a', 'm', 'i', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amisharingstuff.com", true */ 'a', 'm', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "amministratore.biz", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "amministratorecondominio.roma.it", true */ 'a', 'm', 'm', 'i', 'n', 'i', 's', 't', 'r', 'a', 't', 'o', 'r', 'e', 'c', 'o', 'n', 'd', 'o', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "amnesy.fr", true */ 'a', 'm', 'n', 'e', 's', 'y', '.', 'f', 'r', '\0',
+  /* "amoozesh98.com", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "amoozesh98.ir", true */ 'a', 'm', 'o', 'o', 'z', 'e', 's', 'h', '9', '8', '.', 'i', 'r', '\0',
+  /* "amorgos-aegialis.com", true */ 'a', 'm', 'o', 'r', 'g', 'o', 's', '-', 'a', 'e', 'g', 'i', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "amorim.ca", true */ 'a', 'm', 'o', 'r', 'i', 'm', '.', 'c', 'a', '\0',
+  /* "ampersandnbspsemicolon.com", true */ 'a', 'm', 'p', 'e', 'r', 's', 'a', 'n', 'd', 'n', 'b', 's', 'p', 's', 'e', 'm', 'i', 'c', 'o', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amphetamines.org", true */ 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "amphibo.ly", true */ 'a', 'm', 'p', 'h', 'i', 'b', 'o', '.', 'l', 'y', '\0',
+  /* "ampledesigners.com", true */ 'a', 'm', 'p', 'l', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ampleinfographics.com", true */ 'a', 'm', 'p', 'l', 'e', 'i', 'n', 'f', 'o', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ams.co.rs", true */ 'a', 'm', 's', '.', 'c', 'o', '.', 'r', 's', '\0',
+  /* "amsportuk.com", true */ 'a', 'm', 's', 'p', 'o', 'r', 't', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "amsterdamian.com", true */ 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "amtentertainments.co.uk", true */ 'a', 'm', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "amuq.net", true */ 'a', 'm', 'u', 'q', '.', 'n', 'e', 't', '\0',
+  /* "amv-crm.ru", true */ 'a', 'm', 'v', '-', 'c', 'r', 'm', '.', 'r', 'u', '\0',
+  /* "amyharrisonline.com", true */ 'a', 'm', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "amyrussellhair.com", true */ 'a', 'm', 'y', 'r', 'u', 's', 's', 'e', 'l', 'l', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "amyyeung.com", true */ 'a', 'm', 'y', 'y', 'e', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "amzn.rocks", true */ 'a', 'm', 'z', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "anacreon.de", true */ 'a', 'n', 'a', 'c', 'r', 'e', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "anadoluefessk.org", true */ 'a', 'n', 'a', 'd', 'o', 'l', 'u', 'e', 'f', 'e', 's', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "anaethelion.fr", true */ 'a', 'n', 'a', 'e', 't', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "anaiscoachpersonal.es", true */ 'a', 'n', 'a', 'i', 's', 'c', 'o', 'a', 'c', 'h', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '.', 'e', 's', '\0',
+  /* "anaisypirueta.es", true */ 'a', 'n', 'a', 'i', 's', 'y', 'p', 'i', 'r', 'u', 'e', 't', 'a', '.', 'e', 's', '\0',
+  /* "anajianu.ro", true */ 'a', 'n', 'a', 'j', 'i', 'a', 'n', 'u', '.', 'r', 'o', '\0',
+  /* "anakros.me", false */ 'a', 'n', 'a', 'k', 'r', 'o', 's', '.', 'm', 'e', '\0',
+  /* "analangelsteen.com", true */ 'a', 'n', 'a', 'l', 'a', 'n', 'g', 'e', 'l', 's', 't', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "analgesia.net", true */ 'a', 'n', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "analpantyhose.org", true */ 'a', 'n', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "analteengirls.net", true */ 'a', 'n', 'a', 'l', 't', 'e', 'e', 'n', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "analytics-shop.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "analyticsinmotion.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "analyticum.at", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'a', 't', '\0',
+  /* "analyticum.com", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "analyticum.de", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "analyticum.eu", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "analyticum.net", true */ 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "ananke.io", true */ 'a', 'n', 'a', 'n', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "anankecosmetics.com", true */ 'a', 'n', 'a', 'n', 'k', 'e', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anantshri.info", true */ 'a', 'n', 'a', 'n', 't', 's', 'h', 'r', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "anarchistischegroepnijmegen.nl", false */ 'a', 'n', 'a', 'r', 'c', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', 'g', 'r', 'o', 'e', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anarka.org", true */ 'a', 'n', 'a', 'r', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "anassiriphotography.com", false */ 'a', 'n', 'a', 's', 's', 'i', 'r', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "anastasia-shamara.ru", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '-', 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "anastasiafond.com", true */ 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', 'f', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ancestramil.fr", true */ 'a', 'n', 'c', 'e', 's', 't', 'r', 'a', 'm', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "anchev.net", true */ 'a', 'n', 'c', 'h', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "anchorgrounds.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'g', 'r', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anchorinmarinainc.com", true */ 'a', 'n', 'c', 'h', 'o', 'r', 'i', 'n', 'm', 'a', 'r', 'i', 'n', 'a', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "anchovy.nz", false */ 'a', 'n', 'c', 'h', 'o', 'v', 'y', '.', 'n', 'z', '\0',
+  /* "ancient-gates.de", true */ 'a', 'n', 'c', 'i', 'e', 'n', 't', '-', 'g', 'a', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "ancolies-andre.com", true */ 'a', 'n', 'c', 'o', 'l', 'i', 'e', 's', '-', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anconaswine.com", true */ 'a', 'n', 'c', 'o', 'n', 'a', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "and-stuff.nl", true */ 'a', 'n', 'd', '-', 's', 't', 'u', 'f', 'f', '.', 'n', 'l', '\0',
+  /* "and.com", true */ 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andarpersassi.it", true */ 'a', 'n', 'd', 'a', 'r', 'p', 'e', 'r', 's', 'a', 's', 's', 'i', '.', 'i', 't', '\0',
+  /* "andbraiz.com", true */ 'a', 'n', 'd', 'b', 'r', 'a', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "andel.info", true */ 'a', 'n', 'd', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "anders.hamburg", true */ 'a', 'n', 'd', 'e', 'r', 's', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "anderskp.dk", true */ 'a', 'n', 'd', 'e', 'r', 's', 'k', 'p', '.', 'd', 'k', '\0',
+  /* "andersonshatch.com", true */ 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', 's', 'h', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "andisadhdspot.com", true */ 'a', 'n', 'd', 'i', 's', 'a', 'd', 'h', 'd', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anditi.com", true */ 'a', 'n', 'd', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "andoms.fi", true */ 'a', 'n', 'd', 'o', 'm', 's', '.', 'f', 'i', '\0',
+  /* "andre-otto.com", true */ 'a', 'n', 'd', 'r', 'e', '-', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "andrea-kiaora.de", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'k', 'i', 'a', 'o', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "andrea-m.me", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'm', '.', 'm', 'e', '\0',
+  /* "andrea-wirthensohn.at", true */ 'a', 'n', 'd', 'r', 'e', 'a', '-', 'w', 'i', 'r', 't', 'h', 'e', 'n', 's', 'o', 'h', 'n', '.', 'a', 't', '\0',
+  /* "andreaboero.it", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'b', 'o', 'e', 'r', 'o', '.', 'i', 't', '\0',
+  /* "andreamcnett.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 'm', 'c', 'n', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andreaseracleous.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'e', 'r', 'a', 'c', 'l', 'e', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andreasfeusi.ch", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'f', 'e', 'u', 's', 'i', '.', 'c', 'h', '\0',
+  /* "andreaskrasa.com", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'k', 'r', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "andreasolsson.se", true */ 'a', 'n', 'd', 'r', 'e', 'a', 's', 'o', 'l', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "andrefaber.nl", true */ 'a', 'n', 'd', 'r', 'e', 'f', 'a', 'b', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "andrehansen.de", true */ 'a', 'n', 'd', 'r', 'e', 'h', 'a', 'n', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "andrepicard.de", true */ 'a', 'n', 'd', 'r', 'e', 'p', 'i', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "andrespaz.com", true */ 'a', 'n', 'd', 'r', 'e', 's', 'p', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "andreundnina.de", true */ 'a', 'n', 'd', 'r', 'e', 'u', 'n', 'd', 'n', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "andrewdavidwong.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'v', 'i', 'd', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "andrewdaws.io", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'd', 'a', 'w', 's', '.', 'i', 'o', '\0',
+  /* "andrewensley.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'e', 'n', 's', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "andrewhowden.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'h', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewimeson.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'm', 'e', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewin.ru", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "andrewmichaud.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andrewmichaud.me", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'm', 'i', 'c', 'h', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "andrewpeng.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "andrewprokos.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'p', 'r', 'o', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andrewrgoss.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'g', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "andrewryno.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 'r', 'y', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "andrewsun.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "andrewtebert.com", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andrewthelott.net", true */ 'a', 'n', 'd', 'r', 'e', 'w', 't', 'h', 'e', 'l', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "andrezadnik.com", true */ 'a', 'n', 'd', 'r', 'e', 'z', 'a', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "andro2id.com", true */ 'a', 'n', 'd', 'r', 'o', '2', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "andro4all.com", true */ 'a', 'n', 'd', 'r', 'o', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "android.re", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'r', 'e', '\0',
+  /* "androide.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "androidhry.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'h', 'r', 'y', '.', 'c', 'z', '\0',
+  /* "androidkatalog.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'z', '\0',
+  /* "androidnovinky.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'n', 'o', 'v', 'i', 'n', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "androidtamer.com", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "androidtelefony.cz", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 't', 'e', 'l', 'e', 'f', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "androidzone.me", true */ 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'z', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "andromedacenter.com", true */ 'a', 'n', 'd', 'r', 'o', 'm', 'e', 'd', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "andronika.net", true */ 'a', 'n', 'd', 'r', 'o', 'n', 'i', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "androticsdirect.com", true */ 'a', 'n', 'd', 'r', 'o', 't', 'i', 'c', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andruvision.cz", true */ 'a', 'n', 'd', 'r', 'u', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "andsat.org", true */ 'a', 'n', 'd', 's', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "andschwa.com", true */ 'a', 'n', 'd', 's', 'c', 'h', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "andybrett.com", true */ 'a', 'n', 'd', 'y', 'b', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "andycrockett.io", true */ 'a', 'n', 'd', 'y', 'c', 'r', 'o', 'c', 'k', 'e', 't', 't', '.', 'i', 'o', '\0',
+  /* "andymoore.info", true */ 'a', 'n', 'd', 'y', 'm', 'o', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "andyt.eu", true */ 'a', 'n', 'd', 'y', 't', '.', 'e', 'u', '\0',
+  /* "andzia.art.pl", true */ 'a', 'n', 'd', 'z', 'i', 'a', '.', 'a', 'r', 't', '.', 'p', 'l', '\0',
+  /* "anecuni-club.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "anecuni-rec.com", true */ 'a', 'n', 'e', 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "anedot-sandbox.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "anedot.com", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anedot.space", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "anedot.xyz", true */ 'a', 'n', 'e', 'd', 'o', 't', '.', 'x', 'y', 'z', '\0',
+  /* "anekdotes.com", true */ 'a', 'n', 'e', 'k', 'd', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anendlesssupply.co.uk", true */ 'a', 'n', 'e', 'n', 'd', 'l', 'e', 's', 's', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "anetaben.nl", true */ 'a', 'n', 'e', 't', 'a', 'b', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anextraordinaryday.net", true */ 'a', 'n', 'e', 'x', 't', 'r', 'a', 'o', 'r', 'd', 'i', 'n', 'a', 'r', 'y', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "anfenglish.com", true */ 'a', 'n', 'f', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "angel-body.com", true */ 'a', 'n', 'g', 'e', 'l', '-', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "angelic47.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'c', '4', '7', '.', 'c', 'o', 'm', '\0',
+  /* "angelinahair.com", true */ 'a', 'n', 'g', 'e', 'l', 'i', 'n', 'a', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "angeloventuri.com", true */ 'a', 'n', 'g', 'e', 'l', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "anginf.de", true */ 'a', 'n', 'g', 'i', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "anglertanke.de", true */ 'a', 'n', 'g', 'l', 'e', 'r', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "anglictina-sojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', '-', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "anglictinasojcak.cz", true */ 'a', 'n', 'g', 'l', 'i', 'c', 't', 'i', 'n', 'a', 's', 'o', 'j', 'c', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "anglingactive.co.uk", true */ 'a', 'n', 'g', 'l', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "angrapa.ru", true */ 'a', 'n', 'g', 'r', 'a', 'p', 'a', '.', 'r', 'u', '\0',
+  /* "angristan.fr", true */ 'a', 'n', 'g', 'r', 'i', 's', 't', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "angrut.com", true */ 'a', 'n', 'g', 'r', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "angry.im", true */ 'a', 'n', 'g', 'r', 'y', '.', 'i', 'm', '\0',
+  /* "angrysnarl.com", true */ 'a', 'n', 'g', 'r', 'y', 's', 'n', 'a', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "angryteeth.net", true */ 'a', 'n', 'g', 'r', 'y', 't', 'e', 'e', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "angularjs.org", true */ 'a', 'n', 'g', 'u', 'l', 'a', 'r', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "angusmak.com", true */ 'a', 'n', 'g', 'u', 's', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "anhaffen.lu", true */ 'a', 'n', 'h', 'a', 'f', 'f', 'e', 'n', '.', 'l', 'u', '\0',
+  /* "anim.ee", true */ 'a', 'n', 'i', 'm', '.', 'e', 'e', '\0',
+  /* "animacurse.moe", true */ 'a', 'n', 'i', 'm', 'a', 'c', 'u', 'r', 's', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "animaemundi.be", true */ 'a', 'n', 'i', 'm', 'a', 'e', 'm', 'u', 'n', 'd', 'i', '.', 'b', 'e', '\0',
+  /* "animal-liberation.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "animal-rights.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', '-', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "animalistic.io", true */ 'a', 'n', 'i', 'm', 'a', 'l', 'i', 's', 't', 'i', 'c', '.', 'i', 'o', '\0',
+  /* "animalnet.de", false */ 'a', 'n', 'i', 'm', 'a', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "animalstropic.com", true */ 'a', 'n', 'i', 'm', 'a', 'l', 's', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "animaltesting.fr", true */ 'a', 'n', 'i', 'm', 'a', 'l', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "animationsmusicales.ch", true */ 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', 's', 'm', 'u', 's', 'i', 'c', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "anime-culture.com", true */ 'a', 'n', 'i', 'm', 'e', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anime.my", false */ 'a', 'n', 'i', 'm', 'e', '.', 'm', 'y', '\0',
+  /* "anime1.me", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'e', '\0',
+  /* "anime1.moe", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'm', 'o', 'e', '\0',
+  /* "anime1.pw", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 'p', 'w', '\0',
+  /* "anime1.top", true */ 'a', 'n', 'i', 'm', 'e', '1', '.', 't', 'o', 'p', '\0',
+  /* "animeai.com", true */ 'a', 'n', 'i', 'm', 'e', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "animefluxxx.com", true */ 'a', 'n', 'i', 'm', 'e', 'f', 'l', 'u', 'x', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "animesharp.com", true */ 'a', 'n', 'i', 'm', 'e', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "animorphsfanforum.com", true */ 'a', 'n', 'i', 'm', 'o', 'r', 'p', 'h', 's', 'f', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "anipassion.com", true */ 'a', 'n', 'i', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anita-mukorom.hu", true */ 'a', 'n', 'i', 't', 'a', '-', 'm', 'u', 'k', 'o', 'r', 'o', 'm', '.', 'h', 'u', '\0',
+  /* "anitaalbersen.nl", true */ 'a', 'n', 'i', 't', 'a', 'a', 'l', 'b', 'e', 'r', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "anitube-nocookie.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '-', 'n', 'o', 'c', 'o', 'o', 'k', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "anitube.ch", true */ 'a', 'n', 'i', 't', 'u', 'b', 'e', '.', 'c', 'h', '\0',
+  /* "anivar.net", true */ 'a', 'n', 'i', 'v', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ankarakart.com.tr", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'k', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "ankaraprofesyonelwebtasarim.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'p', 'r', 'o', 'f', 'e', 's', 'y', 'o', 'n', 'e', 'l', 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ankarauzmanlarnakliyat.com", true */ 'a', 'n', 'k', 'a', 'r', 'a', 'u', 'z', 'm', 'a', 'n', 'l', 'a', 'r', 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ankenbrand.me", true */ 'a', 'n', 'k', 'e', 'n', 'b', 'r', 'a', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "ankitha.in", true */ 'a', 'n', 'k', 'i', 't', 'h', 'a', '.', 'i', 'n', '\0',
+  /* "ankiuser.net", true */ 'a', 'n', 'k', 'i', 'u', 's', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ankiweb.net", true */ 'a', 'n', 'k', 'i', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "ankwanoma.com", true */ 'a', 'n', 'k', 'w', 'a', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "anna.info", true */ 'a', 'n', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "annaenemma.nl", true */ 'a', 'n', 'n', 'a', 'e', 'n', 'e', 'm', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "annangela.moe", true */ 'a', 'n', 'n', 'a', 'n', 'g', 'e', 'l', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "annarokina.com", true */ 'a', 'n', 'n', 'a', 'r', 'o', 'k', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "annasvapor.se", true */ 'a', 'n', 'n', 'a', 's', 'v', 'a', 'p', 'o', 'r', '.', 's', 'e', '\0',
+  /* "annedaniels.co.uk", true */ 'a', 'n', 'n', 'e', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "annejan.com", true */ 'a', 'n', 'n', 'e', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "annemakeslovelycandles.co.uk", true */ 'a', 'n', 'n', 'e', 'm', 'a', 'k', 'e', 's', 'l', 'o', 'v', 'e', 'l', 'y', 'c', 'a', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "annetta.com", true */ 'a', 'n', 'n', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "annettewindlin.ch", true */ 'a', 'n', 'n', 'e', 't', 't', 'e', 'w', 'i', 'n', 'd', 'l', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "annevankesteren.com", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "annevankesteren.nl", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "annevankesteren.org", true */ 'a', 'n', 'n', 'e', 'v', 'a', 'n', 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "annicascakes.nl", true */ 'a', 'n', 'n', 'i', 'c', 'a', 's', 'c', 'a', 'k', 'e', 's', '.', 'n', 'l', '\0',
+  /* "anniversary-cruise.com", true */ 'a', 'n', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'y', '-', 'c', 'r', 'u', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "annotate.software", true */ 'a', 'n', 'n', 'o', 't', 'a', 't', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "annoyingasfuk.com", true */ 'a', 'n', 'n', 'o', 'y', 'i', 'n', 'g', 'a', 's', 'f', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "annrusnak.com", true */ 'a', 'n', 'n', 'r', 'u', 's', 'n', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "annsbouncycastles.com", true */ 'a', 'n', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "annuaire-jcb.com", true */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'j', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "annuaire-photographe.fr", false */ 'a', 'n', 'n', 'u', 'a', 'i', 'r', 'e', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "anohana.org", true */ 'a', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "anojan.com", true */ 'a', 'n', 'o', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anon-next.de", true */ 'a', 'n', 'o', 'n', '-', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "anonboards.com", true */ 'a', 'n', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anoncom.net", true */ 'a', 'n', 'o', 'n', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "anoneko.com", true */ 'a', 'n', 'o', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "anongoth.pl", true */ 'a', 'n', 'o', 'n', 'g', 'o', 't', 'h', '.', 'p', 'l', '\0',
+  /* "anonrea.ch", true */ 'a', 'n', 'o', 'n', 'r', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "anons.fr", true */ 'a', 'n', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "anonukradio.org", true */ 'a', 'n', 'o', 'n', 'u', 'k', 'r', 'a', 'd', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "anonym-surfen.de", true */ 'a', 'n', 'o', 'n', 'y', 'm', '-', 's', 'u', 'r', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "anonyme-spieler.at", true */ 'a', 'n', 'o', 'n', 'y', 'm', 'e', '-', 's', 'p', 'i', 'e', 'l', 'e', 'r', '.', 'a', 't', '\0',
+  /* "another.ch", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "anotherchef.com", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "anotherfatgeek.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'f', 'a', 't', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "anothermanfilm.co.uk", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'a', 'n', 'f', 'i', 'l', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "anothermilan.net", true */ 'a', 'n', 'o', 't', 'h', 'e', 'r', 'm', 'i', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "anowicki.pl", true */ 'a', 'n', 'o', 'w', 'i', 'c', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "ans-delft.nl", true */ 'a', 'n', 's', '-', 'd', 'e', 'l', 'f', 't', '.', 'n', 'l', '\0',
+  /* "ans-ge.ch", true */ 'a', 'n', 's', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "ansas.eu", true */ 'a', 'n', 's', 'a', 's', '.', 'e', 'u', '\0',
+  /* "ansas.net", true */ 'a', 'n', 's', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ansdell.net", true */ 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "anseo.ninja", true */ 'a', 'n', 's', 'e', 'o', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ansermet.net", true */ 'a', 'n', 's', 'e', 'r', 'm', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "ansgar-sonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', '-', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "ansgarsonntag.de", true */ 'a', 'n', 's', 'g', 'a', 'r', 's', 'o', 'n', 'n', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "anshumanbiswas.com", true */ 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'b', 'i', 's', 'w', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ansichtssache.at", true */ 'a', 'n', 's', 'i', 'c', 'h', 't', 's', 's', 'a', 'c', 'h', 'e', '.', 'a', 't', '\0',
+  /* "ansogning-sg.dk", true */ 'a', 'n', 's', 'o', 'g', 'n', 'i', 'n', 'g', '-', 's', 'g', '.', 'd', 'k', '\0',
+  /* "anstaskforce.gov", true */ 'a', 'n', 's', 't', 'a', 's', 'k', 'f', 'o', 'r', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "antama.eu", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "antama.nl", true */ 'a', 'n', 't', 'a', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "antarcti.co", true */ 'a', 'n', 't', 'a', 'r', 'c', 't', 'i', '.', 'c', 'o', '\0',
+  /* "antcas.com", true */ 'a', 'n', 't', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "antecim.fr", true */ 'a', 'n', 't', 'e', 'c', 'i', 'm', '.', 'f', 'r', '\0',
+  /* "antenasmundosat.com.br", true */ 'a', 'n', 't', 'e', 'n', 'a', 's', 'm', 'u', 'n', 'd', 'o', 's', 'a', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "antennista.milano.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "antennista.pavia.it", true */ 'a', 'n', 't', 'e', 'n', 'n', 'i', 's', 't', 'a', '.', 'p', 'a', 'v', 'i', 'a', '.', 'i', 't', '\0',
+  /* "anthedesign.fr", true */ 'a', 'n', 't', 'h', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0',
+  /* "anthony-rouanet.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', '-', 'r', 'o', 'u', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "anthonyaires.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "anthonycarbonaro.com", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'c', 'a', 'r', 'b', 'o', 'n', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "anthonygaidot.fr", true */ 'a', 'n', 't', 'h', 'o', 'n', 'y', 'g', 'a', 'i', 'd', 'o', 't', '.', 'f', 'r', '\0',
+  /* "anthro.id", true */ 'a', 'n', 't', 'h', 'r', 'o', '.', 'i', 'd', '\0',
+  /* "anthropoid.ca", true */ 'a', 'n', 't', 'h', 'r', 'o', 'p', 'o', 'i', 'd', '.', 'c', 'a', '\0',
+  /* "anti-bible.com", true */ 'a', 'n', 't', 'i', '-', 'b', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anti-radar.org", true */ 'a', 'n', 't', 'i', '-', 'r', 'a', 'd', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "anticopyright.com", true */ 'a', 'n', 't', 'i', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "antihype.space", true */ 'a', 'n', 't', 'i', 'h', 'y', 'p', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "antikvariat.ru", true */ 'a', 'n', 't', 'i', 'k', 'v', 'a', 'r', 'i', 'a', 't', '.', 'r', 'u', '\0',
+  /* "antiled.by", true */ 'a', 'n', 't', 'i', 'l', 'e', 'd', '.', 'b', 'y', '\0',
+  /* "antimine.me", true */ 'a', 'n', 't', 'i', 'm', 'i', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "antipa.ch", true */ 'a', 'n', 't', 'i', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "antipolygraph.org", true */ 'a', 'n', 't', 'i', 'p', 'o', 'l', 'y', 'g', 'r', 'a', 'p', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "antique-pedalcars.ch", true */ 'a', 'n', 't', 'i', 'q', 'u', 'e', '-', 'p', 'e', 'd', 'a', 'l', 'c', 'a', 'r', 's', '.', 'c', 'h', '\0',
+  /* "antirepressionbayarea.com", true */ 'a', 'n', 't', 'i', 'r', 'e', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 'b', 'a', 'y', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "antispeciesism.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "antispeciesist.com", true */ 'a', 'n', 't', 'i', 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "antivirusprotection.reviews", true */ 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "antocom.com", true */ 'a', 'n', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "antoinebetas.be", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'b', 'e', 't', 'a', 's', '.', 'b', 'e', '\0',
+  /* "antoinedeschenes.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'd', 'e', 's', 'c', 'h', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "antoinemary.com", true */ 'a', 'n', 't', 'o', 'i', 'n', 'e', 'm', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "antonchen.com", true */ 'a', 'n', 't', 'o', 'n', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "antonellabb.eu", true */ 'a', 'n', 't', 'o', 'n', 'e', 'l', 'l', 'a', 'b', 'b', '.', 'e', 'u', '\0',
+  /* "antons.io", true */ 'a', 'n', 't', 'o', 'n', 's', '.', 'i', 'o', '\0',
+  /* "antragsgruen.de", true */ 'a', 'n', 't', 'r', 'a', 'g', 's', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "anulowano.pl", true */ 'a', 'n', 'u', 'l', 'o', 'w', 'a', 'n', 'o', '.', 'p', 'l', '\0',
+  /* "anvartay.com", true */ 'a', 'n', 'v', 'a', 'r', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "anwaltsindex.com", true */ 'a', 'n', 'w', 'a', 'l', 't', 's', 'i', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "anxietyspace.com", true */ 'a', 'n', 'x', 'i', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "anxiolytics.com", true */ 'a', 'n', 'x', 'i', 'o', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "any.pm", false */ 'a', 'n', 'y', '.', 'p', 'm', '\0',
+  /* "anyfood.fi", true */ 'a', 'n', 'y', 'f', 'o', 'o', 'd', '.', 'f', 'i', '\0',
+  /* "anynode.net", true */ 'a', 'n', 'y', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "anyon.com", true */ 'a', 'n', 'y', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "anypeer.net", true */ 'a', 'n', 'y', 'p', 'e', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "anyprime.net", true */ 'a', 'n', 'y', 'p', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "anystack.xyz", true */ 'a', 'n', 'y', 's', 't', 'a', 'c', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "anytonetech.com", true */ 'a', 'n', 'y', 't', 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "anzeiger.ag", true */ 'a', 'n', 'z', 'e', 'i', 'g', 'e', 'r', '.', 'a', 'g', '\0',
+  /* "ao-dev.com", true */ 'a', 'o', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "ao2.it", true */ 'a', 'o', '2', '.', 'i', 't', '\0',
+  /* "aoku3d.com", true */ 'a', 'o', 'k', 'u', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aolabs.nz", true */ 'a', 'o', 'l', 'a', 'b', 's', '.', 'n', 'z', '\0',
+  /* "aomberg.com", true */ 'a', 'o', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "aomonk.com", true */ 'a', 'o', 'm', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aooobo.com", true */ 'a', 'o', 'o', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aosc.io", false */ 'a', 'o', 's', 'c', '.', 'i', 'o', '\0',
+  /* "aosus.org", true */ 'a', 'o', 's', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aotearoaleaks.org", true */ 'a', 'o', 't', 'e', 'a', 'r', 'o', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aovcentrum.nl", true */ 'a', 'o', 'v', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "ap-swiss.ch", true */ 'a', 'p', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "apac-tech.com", true */ 'a', 'p', 'a', 'c', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "apachehaus.de", false */ 'a', 'p', 'a', 'c', 'h', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "apadvantage.com", true */ 'a', 'p', 'a', 'd', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aparaatti.org", true */ 'a', 'p', 'a', 'r', 'a', 'a', 't', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "apartmanicg.me", true */ 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', 'i', 'c', 'g', '.', 'm', 'e', '\0',
+  /* "apartment-natik.fr", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '-', 'n', 'a', 't', 'i', 'k', '.', 'f', 'r', '\0',
+  /* "apartmentkroatien.at", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'k', 'r', 'o', 'a', 't', 'i', 'e', 'n', '.', 'a', 't', '\0',
+  /* "apartmentregister.com.au", true */ 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "apbox.de", true */ 'a', 'p', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "apcemporium.co.uk", true */ 'a', 'p', 'c', 'e', 'm', 'p', 'o', 'r', 'i', 'u', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "apcube.com", true */ 'a', 'p', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apef.ch", true */ 'a', 'p', 'e', 'f', '.', 'c', 'h', '\0',
+  /* "apertis.org", true */ 'a', 'p', 'e', 'r', 't', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aperturesciencelabs.de", true */ 'a', 'p', 'e', 'r', 't', 'u', 'r', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "apervita.net", true */ 'a', 'p', 'e', 'r', 'v', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "apexitsolutions.ca", true */ 'a', 'p', 'e', 'x', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "aphelionentertainment.com", true */ 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "aphotrax.eu", true */ 'a', 'p', 'h', 'o', 't', 'r', 'a', 'x', '.', 'e', 'u', '\0',
+  /* "api-connect.com", true */ 'a', 'p', 'i', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "api-geek.com", true */ 'a', 'p', 'i', '-', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "api.intercom.io", true */ 'a', 'p', 'i', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "api.lookout.com", false */ 'a', 'p', 'i', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "api.recurly.com", true */ 'a', 'p', 'i', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "api.simple.com", false */ 'a', 'p', 'i', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "api.xero.com", false */ 'a', 'p', 'i', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "apiary.blog", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "apiary.clothing", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "apiary.shop", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'h', 'o', 'p', '\0',
+  /* "apiary.store", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "apiary.supplies", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0',
+  /* "apiary.supply", true */ 'a', 'p', 'i', 'a', 'r', 'y', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "apience.com", true */ 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apila.care", true */ 'a', 'p', 'i', 'l', 'a', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "apila.us", true */ 'a', 'p', 'i', 'l', 'a', '.', 'u', 's', '\0',
+  /* "apiled.io", true */ 'a', 'p', 'i', 'l', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "apio.systems", true */ 'a', 'p', 'i', 'o', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "apis.blue", true */ 'a', 'p', 'i', 's', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "apis.google.com", true */ 'a', 'p', 'i', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apis.moe", true */ 'a', 'p', 'i', 's', '.', 'm', 'o', 'e', '\0',
+  /* "apisyouwonthate.com", true */ 'a', 'p', 'i', 's', 'y', 'o', 'u', 'w', 'o', 'n', 't', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apk.li", true */ 'a', 'p', 'k', '.', 'l', 'i', '\0',
+  /* "apk4fun.com", true */ 'a', 'p', 'k', '4', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "apl2bits.net", true */ 'a', 'p', 'l', '2', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "aplikaceproandroid.cz", true */ 'a', 'p', 'l', 'i', 'k', 'a', 'c', 'e', 'p', 'r', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "aplis-online.de", false */ 'a', 'p', 'l', 'i', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "aplpackaging.co.uk", true */ 'a', 'p', 'l', 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aplu.fr", true */ 'a', 'p', 'l', 'u', '.', 'f', 'r', '\0',
+  /* "apmpproject.org", true */ 'a', 'p', 'm', 'p', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apn-dz.org", true */ 'a', 'p', 'n', '-', 'd', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "apn-einstellungen.de", true */ 'a', 'p', 'n', '-', 'e', 'i', 'n', 's', 't', 'e', 'l', 'l', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "apoil.org", true */ 'a', 'p', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "apollyon.work", true */ 'a', 'p', 'o', 'l', 'l', 'y', 'o', 'n', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "apoly.de", true */ 'a', 'p', 'o', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "aporia.io", true */ 'a', 'p', 'o', 'r', 'i', 'a', '.', 'i', 'o', '\0',
+  /* "aposke.com", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aposke.net", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "aposke.org", true */ 'a', 'p', 'o', 's', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "apothes.is", true */ 'a', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0',
+  /* "app-at.work", true */ 'a', 'p', 'p', '-', 'a', 't', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "app.recurly.com", true */ 'a', 'p', 'p', '.', 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "app.simpletax.ca", true */ 'a', 'p', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "app.yinxiang.com", false */ 'a', 'p', 'p', '.', 'y', 'i', 'n', 'x', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "appartement-andrea.at", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'a', 'n', 'd', 'r', 'e', 'a', '.', 'a', 't', '\0',
+  /* "appartement-evolene.net", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', '-', 'e', 'v', 'o', 'l', 'e', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "appartementhaus-badria.de", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'h', 'a', 'u', 's', '-', 'b', 'a', 'd', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "appartementmarsum.nl", true */ 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 'm', 'a', 'r', 's', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "appchive.net", true */ 'a', 'p', 'p', 'c', 'h', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "appcoins.io", true */ 'a', 'p', 'p', 'c', 'o', 'i', 'n', 's', '.', 'i', 'o', '\0',
+  /* "appel-aide.ch", true */ 'a', 'p', 'p', 'e', 'l', '-', 'a', 'i', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "appelboomdefilm.nl", true */ 'a', 'p', 'p', 'e', 'l', 'b', 'o', 'o', 'm', 'd', 'e', 'f', 'i', 'l', 'm', '.', 'n', 'l', '\0',
+  /* "appengine.google.com", true */ 'a', 'p', 'p', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apperio.com", true */ 'a', 'p', 'p', 'e', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "appharbor.com", true */ 'a', 'p', 'p', 'h', 'a', 'r', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "apple-watch-zubehoer.de", true */ 'a', 'p', 'p', 'l', 'e', '-', 'w', 'a', 't', 'c', 'h', '-', 'z', 'u', 'b', 'e', 'h', 'o', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "applejacks-bouncy-castles.co.uk", true */ 'a', 'p', 'p', 'l', 'e', 'j', 'a', 'c', 'k', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "applelife.ru", true */ 'a', 'p', 'p', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'r', 'u', '\0',
+  /* "applemon.com", true */ 'a', 'p', 'p', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "appleoosa.com", true */ 'a', 'p', 'p', 'l', 'e', 'o', 'o', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "appleranch.com", true */ 'a', 'p', 'p', 'l', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "applesana.es", true */ 'a', 'p', 'p', 'l', 'e', 's', 'a', 'n', 'a', '.', 'e', 's', '\0',
+  /* "applesencia.com", true */ 'a', 'p', 'p', 'l', 'e', 's', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "applewatch.co.nz", true */ 'a', 'p', 'p', 'l', 'e', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "applian.jp", true */ 'a', 'p', 'p', 'l', 'i', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "apply.eu", true */ 'a', 'p', 'p', 'l', 'y', '.', 'e', 'u', '\0',
+  /* "appmeas.co.uk", true */ 'a', 'p', 'p', 'm', 'e', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "appmobile.io", true */ 'a', 'p', 'p', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "appninjas.com", true */ 'a', 'p', 'p', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appointed.at", true */ 'a', 'p', 'p', 'o', 'i', 'n', 't', 'e', 'd', '.', 'a', 't', '\0',
+  /* "apponic.com", true */ 'a', 'p', 'p', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "apponline.com", true */ 'a', 'p', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "approbo.com", true */ 'a', 'p', 'p', 'r', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "approvedtreecare.com", true */ 'a', 'p', 'p', 'r', 'o', 'v', 'e', 'd', 't', 'r', 'e', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "apps.co", true */ 'a', 'p', 'p', 's', '.', 'c', 'o', '\0',
+  /* "apps.facebook.com", false */ 'a', 'p', 'p', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "apps.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apps.stg.fedoraproject.org", true */ 'a', 'p', 'p', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "apps4inter.net", true */ 'a', 'p', 'p', 's', '4', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "appscloudplus.com", true */ 'a', 'p', 'p', 's', 'c', 'l', 'o', 'u', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appseccalifornia.org", false */ 'a', 'p', 'p', 's', 'e', 'c', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "appson.co.uk", false */ 'a', 'p', 'p', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "appt.ch", true */ 'a', 'p', 'p', 't', '.', 'c', 'h', '\0',
+  /* "apptomics.com", true */ 'a', 'p', 'p', 't', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "apptoutou.com", true */ 'a', 'p', 'p', 't', 'o', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "appuals.com", true */ 'a', 'p', 'p', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "appui-de-fenetre.fr", true */ 'a', 'p', 'p', 'u', 'i', '-', 'd', 'e', '-', 'f', 'e', 'n', 'e', 't', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "appveyor.com", true */ 'a', 'p', 'p', 'v', 'e', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "appzoojoo.be", true */ 'a', 'p', 'p', 'z', 'o', 'o', 'j', 'o', 'o', '.', 'b', 'e', '\0',
+  /* "aprefix.com", true */ 'a', 'p', 'r', 'e', 'f', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "apretatuercas.es", true */ 'a', 'p', 'r', 'e', 't', 'a', 't', 'u', 'e', 'r', 'c', 'a', 's', '.', 'e', 's', '\0',
+  /* "aprovpn.com", true */ 'a', 'p', 'r', 'o', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aprpullmanportermuseum.org", true */ 'a', 'p', 'r', 'p', 'u', 'l', 'l', 'm', 'a', 'n', 'p', 'o', 'r', 't', 'e', 'r', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "aprr.org", true */ 'a', 'p', 'r', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "aprsdroid.org", true */ 'a', 'p', 'r', 's', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "aprz.de", true */ 'a', 'p', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "apstudynotes.org", true */ 'a', 'p', 's', 't', 'u', 'd', 'y', 'n', 'o', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "aptive.co.uk", true */ 'a', 'p', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "apu-board.de", true */ 'a', 'p', 'u', '-', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "apv-ollon.ch", true */ 'a', 'p', 'v', '-', 'o', 'l', 'l', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "aqilacademy.com.au", true */ 'a', 'q', 'i', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aqqrate.com", true */ 'a', 'q', 'q', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "aqsiq.net", true */ 'a', 'q', 's', 'i', 'q', '.', 'n', 'e', 't', '\0',
+  /* "aqua-fitness-nacht.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "aqua-fotowelt.de", true */ 'a', 'q', 'u', 'a', '-', 'f', 'o', 't', 'o', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "aquabar.co.il", true */ 'a', 'q', 'u', 'a', 'b', 'a', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "aquabio.ch", true */ 'a', 'q', 'u', 'a', 'b', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "aquadonis.ch", true */ 'a', 'q', 'u', 'a', 'd', 'o', 'n', 'i', 's', '.', 'c', 'h', '\0',
+  /* "aquahomo.com", true */ 'a', 'q', 'u', 'a', 'h', 'o', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aqualife.com.gr", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "aqualifeprojects.com", true */ 'a', 'q', 'u', 'a', 'l', 'i', 'f', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aquarium-supplement.net", true */ 'a', 'q', 'u', 'a', 'r', 'i', 'u', 'm', '-', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "aquaron.com", true */ 'a', 'q', 'u', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aquaselect.eu", true */ 'a', 'q', 'u', 'a', 's', 'e', 'l', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "aquatechnologygroup.com", true */ 'a', 'q', 'u', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "aquaundine.net", true */ 'a', 'q', 'u', 'a', 'u', 'n', 'd', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "aquavitaedayspa.com.au", true */ 'a', 'q', 'u', 'a', 'v', 'i', 't', 'a', 'e', 'd', 'a', 'y', 's', 'p', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aquila.co.uk", true */ 'a', 'q', 'u', 'i', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aquilaguild.com", false */ 'a', 'q', 'u', 'i', 'l', 'a', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "aquireceitas.com", true */ 'a', 'q', 'u', 'i', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aquitainebrasserie.com.au", true */ 'a', 'q', 'u', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aquitroc.com", true */ 'a', 'q', 'u', 'i', 't', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ar-informatique.ch", true */ 'a', 'r', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "ar.al", true */ 'a', 'r', '.', 'a', 'l', '\0',
+  /* "arab.dating", true */ 'a', 'r', 'a', 'b', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "arabsexi.info", true */ 'a', 'r', 'a', 'b', 's', 'e', 'x', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "arachina.com", true */ 'a', 'r', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arados.de", true */ 'a', 'r', 'a', 'd', 'o', 's', '.', 'd', 'e', '\0',
+  /* "arai21.net", true */ 'a', 'r', 'a', 'i', '2', '1', '.', 'n', 'e', 't', '\0',
+  /* "araleeniken.com", true */ 'a', 'r', 'a', 'l', 'e', 'e', 'n', 'i', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aramado.com", true */ 'a', 'r', 'a', 'm', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "aramido.de", true */ 'a', 'r', 'a', 'm', 'i', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "aranel.me", true */ 'a', 'r', 'a', 'n', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "aranycsillag.net", true */ 'a', 'r', 'a', 'n', 'y', 'c', 's', 'i', 'l', 'l', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "araratour.com", true */ 'a', 'r', 'a', 'r', 'a', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "araro.ch", true */ 'a', 'r', 'a', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "araseifudousan.com", true */ 'a', 'r', 'a', 's', 'e', 'i', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arawaza.biz", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "arawaza.com", false */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arawaza.info", true */ 'a', 'r', 'a', 'w', 'a', 'z', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "araxis.com", true */ 'a', 'r', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arbeitskreis-asyl-eningen.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'k', 'r', 'e', 'i', 's', '-', 'a', 's', 'y', 'l', '-', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "arbeitslosenverwaltung.de", true */ 'a', 'r', 'b', 'e', 'i', 't', 's', 'l', 'o', 's', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "arbitrarion.com", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arbitrary.ch", true */ 'a', 'r', 'b', 'i', 't', 'r', 'a', 'r', 'y', '.', 'c', 'h', '\0',
+  /* "arboworks.com", true */ 'a', 'r', 'b', 'o', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arcadiaeng.com", true */ 'a', 'r', 'c', 'a', 'd', 'i', 'a', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arcaik.net", true */ 'a', 'r', 'c', 'a', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "arcbit.io", true */ 'a', 'r', 'c', 'b', 'i', 't', '.', 'i', 'o', '\0',
+  /* "arcbouncycastles.co.uk", true */ 'a', 'r', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arcenergy.co.uk", true */ 'a', 'r', 'c', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "archii.ca", true */ 'a', 'r', 'c', 'h', 'i', 'i', '.', 'c', 'a', '\0',
+  /* "archimedicx.com", true */ 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'i', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "archined.nl", true */ 'a', 'r', 'c', 'h', 'i', 'n', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "architectdirect.nl", false */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'd', 'i', 'r', 'e', 'c', 't', '.', 'n', 'l', '\0',
+  /* "architecte-interieur.be", true */ 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'b', 'e', '\0',
+  /* "archivesdelavieordinaire.ch", true */ 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', 'd', 'e', 'l', 'a', 'v', 'i', 'e', 'o', 'r', 'd', 'i', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "archlinux.de", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "archlinux.org", true */ 'a', 'r', 'c', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "archoit.org", false */ 'a', 'r', 'c', 'h', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "archsec.info", true */ 'a', 'r', 'c', 'h', 's', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "arckr.com", true */ 'a', 'r', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "arcobalabs.ca", true */ 'a', 'r', 'c', 'o', 'b', 'a', 'l', 'a', 'b', 's', '.', 'c', 'a', '\0',
+  /* "arctic.gov", true */ 'a', 'r', 'c', 't', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "arcueil-cachan.fr", true */ 'a', 'r', 'c', 'u', 'e', 'i', 'l', '-', 'c', 'a', 'c', 'h', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "arcusnova.de", true */ 'a', 'r', 'c', 'u', 's', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "ardor.noip.me", true */ 'a', 'r', 'd', 'o', 'r', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "ardtrade.ru", true */ 'a', 'r', 'd', 't', 'r', 'a', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "area536.com", true */ 'a', 'r', 'e', 'a', '5', '3', '6', '.', 'c', 'o', 'm', '\0',
+  /* "areaclienti.net", true */ 'a', 'r', 'e', 'a', 'c', 'l', 'i', 'e', 'n', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "areafiftylan.nl", true */ 'a', 'r', 'e', 'a', 'f', 'i', 'f', 't', 'y', 'l', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "areallyneatwebsite.com", true */ 'a', 'r', 'e', 'a', 'l', 'l', 'y', 'n', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "areatrend.com", true */ 'a', 'r', 'e', 'a', 't', 'r', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "arendburgers.nl", true */ 'a', 'r', 'e', 'n', 'd', 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "arenzanaphotography.com", true */ 'a', 'r', 'e', 'n', 'z', 'a', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ares-trading.de", false */ 'a', 'r', 'e', 's', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "arethsu.se", true */ 'a', 'r', 'e', 't', 'h', 's', 'u', '.', 's', 'e', '\0',
+  /* "arfad.ch", true */ 'a', 'r', 'f', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "arg.zone", true */ 'a', 'r', 'g', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "arganaderm.ch", true */ 'a', 'r', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "argb.de", true */ 'a', 'r', 'g', 'b', '.', 'd', 'e', '\0',
+  /* "argekultur.at", true */ 'a', 'r', 'g', 'e', 'k', 'u', 'l', 't', 'u', 'r', '.', 'a', 't', '\0',
+  /* "argot.com", true */ 'a', 'r', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "argovpay.com", true */ 'a', 'r', 'g', 'o', 'v', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "arian.io", true */ 'a', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "ariba.info", true */ 'a', 'r', 'i', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ariege-pyrenees.net", true */ 'a', 'r', 'i', 'e', 'g', 'e', '-', 'p', 'y', 'r', 'e', 'n', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "arieswdd.com", true */ 'a', 'r', 'i', 'e', 's', 'w', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "arifp.me", true */ 'a', 'r', 'i', 'f', 'p', '.', 'm', 'e', '\0',
+  /* "arigato-java.download", true */ 'a', 'r', 'i', 'g', 'a', 't', 'o', '-', 'j', 'a', 'v', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "arijitdg.net", true */ 'a', 'r', 'i', 'j', 'i', 't', 'd', 'g', '.', 'n', 'e', 't', '\0',
+  /* "arikar.eu", true */ 'a', 'r', 'i', 'k', 'a', 'r', '.', 'e', 'u', '\0',
+  /* "arima.co.ke", true */ 'a', 'r', 'i', 'm', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "arinflatablefun.co.uk", true */ 'a', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aristilabs.com", true */ 'a', 'r', 'i', 's', 't', 'i', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aristocrates.co", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', '\0',
+  /* "aristocratps.com", true */ 'a', 'r', 'i', 's', 't', 'o', 'c', 'r', 'a', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aritec-la.com", true */ 'a', 'r', 'i', 't', 'e', 'c', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "arithxu.com", true */ 'a', 'r', 'i', 't', 'h', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "arivo.com.br", true */ 'a', 'r', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "arizonaautomobileclub.com", true */ 'a', 'r', 'i', 'z', 'o', 'n', 'a', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "arjandejong.eu", true */ 'a', 'r', 'j', 'a', 'n', 'd', 'e', 'j', 'o', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "arjanvaartjes.net", true */ 'a', 'r', 'j', 'a', 'n', 'v', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "arjunasdaughter.pub", true */ 'a', 'r', 'j', 'u', 'n', 'a', 's', 'd', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "arjweb.co.uk", true */ 'a', 'r', 'j', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arkacrao.org", true */ 'a', 'r', 'k', 'a', 'c', 'r', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "arkaic.dyndns.org", true */ 'a', 'r', 'k', 'a', 'i', 'c', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "arkbyte.com", true */ 'a', 'r', 'k', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "arknodejs.com", true */ 'a', 'r', 'k', 'n', 'o', 'd', 'e', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arlatools.com", true */ 'a', 'r', 'l', 'a', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arlen.tv", true */ 'a', 'r', 'l', 'e', 'n', '.', 't', 'v', '\0',
+  /* "arlenarmageddon.com", true */ 'a', 'r', 'l', 'e', 'n', 'a', 'r', 'm', 'a', 'g', 'e', 'd', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arlet.click", true */ 'a', 'r', 'l', 'e', 't', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "armadaquadrat.com", true */ 'a', 'r', 'm', 'a', 'd', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "armandsdiscount.com", true */ 'a', 'r', 'm', 'a', 'n', 'd', 's', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "armarinhovirtual.com.br", true */ 'a', 'r', 'm', 'a', 'r', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "armazemdaminiatura.com.br", true */ 'a', 'r', 'm', 'a', 'z', 'e', 'm', 'd', 'a', 'm', 'i', 'n', 'i', 'a', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "armeni-jewellery.gr", true */ 'a', 'r', 'm', 'e', 'n', 'i', '-', 'j', 'e', 'w', 'e', 'l', 'l', 'e', 'r', 'y', '.', 'g', 'r', '\0',
+  /* "armil.it", true */ 'a', 'r', 'm', 'i', 'l', '.', 'i', 't', '\0',
+  /* "arminc.tk", true */ 'a', 'r', 'm', 'i', 'n', 'c', '.', 't', 'k', '\0',
+  /* "arminpech.de", true */ 'a', 'r', 'm', 'i', 'n', 'p', 'e', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "armleads.com", true */ 'a', 'r', 'm', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "armodec.com", true */ 'a', 'r', 'm', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "armstrongsengineering.com", true */ 'a', 'r', 'm', 's', 't', 'r', 'o', 'n', 'g', 's', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "army24.cz", true */ 'a', 'r', 'm', 'y', '2', '4', '.', 'c', 'z', '\0',
+  /* "armyofbane.com", true */ 'a', 'r', 'm', 'y', 'o', 'f', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "armyprodej.cz", true */ 'a', 'r', 'm', 'y', 'p', 'r', 'o', 'd', 'e', 'j', '.', 'c', 'z', '\0',
+  /* "arnaudb.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "arnaudfeld.de", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "arnaudminable.net", true */ 'a', 'r', 'n', 'a', 'u', 'd', 'm', 'i', 'n', 'a', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "arnesolutions.com", true */ 'a', 'r', 'n', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "arniescastles.co.uk", true */ 'a', 'r', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "arnoldkontz-occasions.lu", true */ 'a', 'r', 'n', 'o', 'l', 'd', 'k', 'o', 'n', 't', 'z', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'l', 'u', '\0',
+  /* "arnor.org", true */ 'a', 'r', 'n', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "arnoudraeven.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "arnoudvandalen.nl", true */ 'a', 'r', 'n', 'o', 'u', 'd', 'v', 'a', 'n', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "arokha.com", true */ 'a', 'r', 'o', 'k', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "aroonchande.com", true */ 'a', 'r', 'o', 'o', 'n', 'c', 'h', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "around-the-blog.com", true */ 'a', 'r', 'o', 'u', 'n', 'd', '-', 't', 'h', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arox.eu", true */ 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0',
+  /* "arqueo-ecuatoriana.ec", true */ 'a', 'r', 'q', 'u', 'e', 'o', '-', 'e', 'c', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'n', 'a', '.', 'e', 'c', '\0',
+  /* "arquitetura.pt", true */ 'a', 'r', 'q', 'u', 'i', 't', 'e', 't', 'u', 'r', 'a', '.', 'p', 't', '\0',
+  /* "arrakis.se", true */ 'a', 'r', 'r', 'a', 'k', 'i', 's', '.', 's', 'e', '\0',
+  /* "arrive.by", true */ 'a', 'r', 'r', 'i', 'v', 'e', '.', 'b', 'y', '\0',
+  /* "arrivedconsulting.com", true */ 'a', 'r', 'r', 'i', 'v', 'e', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "arrmaforum.com", true */ 'a', 'r', 'r', 'm', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "arrow-analytics.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "arrow-api.nl", true */ 'a', 'r', 'r', 'o', 'w', '-', 'a', 'p', 'i', '.', 'n', 'l', '\0',
+  /* "arrowgrove.com", false */ 'a', 'r', 'r', 'o', 'w', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "arrowwebprojects.nl", true */ 'a', 'r', 'r', 'o', 'w', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'n', 'l', '\0',
+  /* "arsenal.ru", true */ 'a', 'r', 's', 'e', 'n', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "arsk1.com", true */ 'a', 'r', 's', 'k', '1', '.', 'c', 'o', 'm', '\0',
+  /* "art-et-culture.ch", true */ 'a', 'r', 't', '-', 'e', 't', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "artansoft.com", true */ 'a', 'r', 't', 'a', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "artbytik.ru", true */ 'a', 'r', 't', 'b', 'y', 't', 'i', 'k', '.', 'r', 'u', '\0',
+  /* "artdeco-photo.com", true */ 'a', 'r', 't', 'd', 'e', 'c', 'o', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artea.ga", true */ 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0',
+  /* "arteaga.me", true */ 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "artemicroway.com.br", true */ 'a', 'r', 't', 'e', 'm', 'i', 'c', 'r', 'o', 'w', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "artemis.re", true */ 'a', 'r', 't', 'e', 'm', 'i', 's', '.', 'r', 'e', '\0',
+  /* "arterienundvenen.ch", true */ 'a', 'r', 't', 'e', 'r', 'i', 'e', 'n', 'u', 'n', 'd', 'v', 'e', 'n', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "arteseideias.com.pt", true */ 'a', 'r', 't', 'e', 's', 'e', 'i', 'd', 'e', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "arteshow.ch", true */ 'a', 'r', 't', 'e', 's', 'h', 'o', 'w', '.', 'c', 'h', '\0',
+  /* "arteszr.com", true */ 'a', 'r', 't', 'e', 's', 'z', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "artetrama.com", false */ 'a', 'r', 't', 'e', 't', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "artforum.sk", true */ 'a', 'r', 't', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0',
+  /* "arthermitage.org", true */ 'a', 'r', 't', 'h', 'e', 'r', 'm', 'i', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "arthur.cn", true */ 'a', 'r', 't', 'h', 'u', 'r', '.', 'c', 'n', '\0',
+  /* "arthurlaw.ca", true */ 'a', 'r', 't', 'h', 'u', 'r', 'l', 'a', 'w', '.', 'c', 'a', '\0',
+  /* "arthurmelo.com", false */ 'a', 'r', 't', 'h', 'u', 'r', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artik.cloud", true */ 'a', 'r', 't', 'i', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "artimpact.ch", true */ 'a', 'r', 't', 'i', 'm', 'p', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "artioml.net", true */ 'a', 'r', 't', 'i', 'o', 'm', 'l', '.', 'n', 'e', 't', '\0',
+  /* "artionet.ch", true */ 'a', 'r', 't', 'i', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "artisans-libres.com", true */ 'a', 'r', 't', 'i', 's', 'a', 'n', 's', '-', 'l', 'i', 'b', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "artisphere.ch", true */ 'a', 'r', 't', 'i', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "artlantis.nl", true */ 'a', 'r', 't', 'l', 'a', 'n', 't', 'i', 's', '.', 'n', 'l', '\0',
+  /* "artleading.ru", true */ 'a', 'r', 't', 'l', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "artlego.com", true */ 'a', 'r', 't', 'l', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "artlifeisgood.com", true */ 'a', 'r', 't', 'l', 'i', 'f', 'e', 'i', 's', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "artlogo.biz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "artlogo.cz", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 'c', 'z', '\0',
+  /* "artlogo.sk", true */ 'a', 'r', 't', 'l', 'o', 'g', 'o', '.', 's', 'k', '\0',
+  /* "artmaxi.eu", true */ 'a', 'r', 't', 'm', 'a', 'x', 'i', '.', 'e', 'u', '\0',
+  /* "artmoney.com", true */ 'a', 'r', 't', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "artofeyes.nl", true */ 'a', 'r', 't', 'o', 'f', 'e', 'y', 'e', 's', '.', 'n', 'l', '\0',
+  /* "artofwhere.com", true */ 'a', 'r', 't', 'o', 'f', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "artratio.net", true */ 'a', 'r', 't', 'r', 'a', 't', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "artroot.jp", true */ 'a', 'r', 't', 'r', 'o', 'o', 't', '.', 'j', 'p', '\0',
+  /* "artschmidtoptical.com", true */ 'a', 'r', 't', 's', 'c', 'h', 'm', 'i', 'd', 't', 'o', 'p', 't', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "artsinthevalley.net.au", true */ 'a', 'r', 't', 's', 'i', 'n', 't', 'h', 'e', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "artspac.es", true */ 'a', 'r', 't', 's', 'p', 'a', 'c', '.', 'e', 's', '\0',
+  /* "artstopinc.com", true */ 'a', 'r', 't', 's', 't', 'o', 'p', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "arturrossa.de", true */ 'a', 'r', 't', 'u', 'r', 'r', 'o', 's', 's', 'a', '.', 'd', 'e', '\0',
+  /* "arturszalak.com", true */ 'a', 'r', 't', 'u', 'r', 's', 'z', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "artweby.cz", true */ 'a', 'r', 't', 'w', 'e', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "arty.name", true */ 'a', 'r', 't', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "arubasunsetbeach.com", true */ 'a', 'r', 'u', 'b', 'a', 's', 'u', 'n', 's', 'e', 't', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "arveron.ch", true */ 'a', 'r', 'v', 'e', 'r', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "arvid.io", true */ 'a', 'r', 'v', 'i', 'd', '.', 'i', 'o', '\0',
+  /* "arvindhariharan.com", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "arvindhariharan.me", true */ 'a', 'r', 'v', 'i', 'n', 'd', 'h', 'a', 'r', 'i', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "arvutiladu.ee", true */ 'a', 'r', 'v', 'u', 't', 'i', 'l', 'a', 'd', 'u', '.', 'e', 'e', '\0',
+  /* "arw.me", true */ 'a', 'r', 'w', '.', 'm', 'e', '\0',
+  /* "arxell.com", true */ 'a', 'r', 'x', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aryan-nation.com", true */ 'a', 'r', 'y', 'a', 'n', '-', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "aryasenna.net", true */ 'a', 'r', 'y', 'a', 's', 'e', 'n', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "arzid.com", true */ 'a', 'r', 'z', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "as200753.com", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'c', 'o', 'm', '\0',
+  /* "as200753.net", true */ 'a', 's', '2', '0', '0', '7', '5', '3', '.', 'n', 'e', 't', '\0',
+  /* "as44222.net", true */ 'a', 's', '4', '4', '2', '2', '2', '.', 'n', 'e', 't', '\0',
+  /* "asadatec.de", true */ 'a', 's', 'a', 'd', 'a', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "asadzulfahri.com", true */ 'a', 's', 'a', 'd', 'z', 'u', 'l', 'f', 'a', 'h', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "asafilm.co", true */ 'a', 's', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', '\0',
+  /* "asafomba.com", true */ 'a', 's', 'a', 'f', 'o', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asana.studio", true */ 'a', 's', 'a', 'n', 'a', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "asandu.eu", true */ 'a', 's', 'a', 'n', 'd', 'u', '.', 'e', 'u', '\0',
+  /* "asanger.biz", true */ 'a', 's', 'a', 'n', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "asato-jewelry.com", true */ 'a', 's', 'a', 't', 'o', '-', 'j', 'e', 'w', 'e', 'l', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "asbito.de", true */ 'a', 's', 'b', 'i', 't', 'o', '.', 'd', 'e', '\0',
+  /* "ascension.run", true */ 'a', 's', 'c', 'e', 'n', 's', 'i', 'o', 'n', '.', 'r', 'u', 'n', '\0',
+  /* "ascgathering.com", true */ 'a', 's', 'c', 'g', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ascii.moe", true */ 'a', 's', 'c', 'i', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "asciitable.tips", true */ 'a', 's', 'c', 'i', 'i', 't', 'a', 'b', 'l', 'e', '.', 't', 'i', 'p', 's', '\0',
+  /* "asd.gov.au", true */ 'a', 's', 'd', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "asdyx.de", true */ 'a', 's', 'd', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "asec01.net", true */ 'a', 's', 'e', 'c', '0', '1', '.', 'n', 'e', 't', '\0',
+  /* "aseith.com", true */ 'a', 's', 'e', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "asepms.com", true */ 'a', 's', 'e', 'p', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aserver.co", true */ 'a', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "asgapps.co.za", true */ 'a', 's', 'g', 'a', 'p', 'p', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "asge-handel.de", true */ 'a', 's', 'g', 'e', '-', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "ashleakunowski.com", true */ 'a', 's', 'h', 'l', 'e', 'a', 'k', 'u', 'n', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ashleyfoley.photography", true */ 'a', 's', 'h', 'l', 'e', 'y', 'f', 'o', 'l', 'e', 'y', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "ashmportfolio.com", true */ 'a', 's', 'h', 'm', 'p', 'o', 'r', 't', 'f', 'o', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ashutoshmishra.org", true */ 'a', 's', 'h', 'u', 't', 'o', 's', 'h', 'm', 'i', 's', 'h', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "asia-gazette.com", true */ 'a', 's', 'i', 'a', '-', 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "asia.dating", true */ 'a', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "asialeonding.at", true */ 'a', 's', 'i', 'a', 'l', 'e', 'o', 'n', 'd', 'i', 'n', 'g', '.', 'a', 't', '\0',
+  /* "asianbet77.net", true */ 'a', 's', 'i', 'a', 'n', 'b', 'e', 't', '7', '7', '.', 'n', 'e', 't', '\0',
+  /* "asianshops.net", true */ 'a', 's', 'i', 'a', 'n', 's', 'h', 'o', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "asiesvenezuela.com", true */ 'a', 's', 'i', 'e', 's', 'v', 'e', 'n', 'e', 'z', 'u', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asinetasima.com", true */ 'a', 's', 'i', 'n', 'e', 't', 'a', 's', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asisee.co.il", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "asisee.photography", true */ 'a', 's', 'i', 's', 'e', 'e', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "ask.fedoraproject.org", true */ 'a', 's', 'k', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ask.stg.fedoraproject.org", true */ 'a', 's', 'k', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "askizzy.org.au", true */ 'a', 's', 'k', 'i', 'z', 'z', 'y', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "askkaren.gov", true */ 'a', 's', 'k', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "askme24.de", true */ 'a', 's', 'k', 'm', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "askv6.net", true */ 'a', 's', 'k', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "askwhy.cz", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "askwhy.eu", true */ 'a', 's', 'k', 'w', 'h', 'y', '.', 'e', 'u', '\0',
+  /* "asm-x.com", false */ 'a', 's', 'm', '-', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "asmbsurvey.com", true */ 'a', 's', 'm', 'b', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "asmdz.com", true */ 'a', 's', 'm', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "asoul.tw", true */ 'a', 's', 'o', 'u', 'l', '.', 't', 'w', '\0',
+  /* "aspargesgaarden.no", true */ 'a', 's', 'p', 'a', 'r', 'g', 'e', 's', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "aspatrimoine.com", true */ 'a', 's', 'p', 'a', 't', 'r', 'i', 'm', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "asperti.com", true */ 'a', 's', 'p', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "asphyxia.su", true */ 'a', 's', 'p', 'h', 'y', 'x', 'i', 'a', '.', 's', 'u', '\0',
+  /* "aspiescentral.com", true */ 'a', 's', 'p', 'i', 'e', 's', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "aspires.co.jp", true */ 'a', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "aspisdata.com", true */ 'a', 's', 'p', 'i', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "asr.cloud", true */ 'a', 's', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "asr.li", true */ 'a', 's', 'r', '.', 'l', 'i', '\0',
+  /* "asr.rocks", true */ 'a', 's', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "asr.solar", true */ 'a', 's', 'r', '.', 's', 'o', 'l', 'a', 'r', '\0',
+  /* "asra.gr", true */ 'a', 's', 'r', 'a', '.', 'g', 'r', '\0',
+  /* "asrob.eu", false */ 'a', 's', 'r', 'o', 'b', '.', 'e', 'u', '\0',
+  /* "asryflorist.com", true */ 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assadrivesloirecher.com", true */ 'a', 's', 's', 'a', 'd', 'r', 'i', 'v', 'e', 's', 'l', 'o', 'i', 'r', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "asseenfromthesidecar.org", true */ 'a', 's', 's', 'e', 'e', 'n', 'f', 'r', 'o', 'm', 't', 'h', 'e', 's', 'i', 'd', 'e', 'c', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "assemble-together.org", true */ 'a', 's', 's', 'e', 'm', 'b', 'l', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "assempsaibiza.com", true */ 'a', 's', 's', 'e', 'm', 'p', 's', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "assertion.de", true */ 'a', 's', 's', 'e', 'r', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "assessoriati.com.br", true */ 'a', 's', 's', 'e', 's', 's', 'o', 'r', 'i', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "assetict.com", true */ 'a', 's', 's', 'e', 't', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assetsupervision.com", true */ 'a', 's', 's', 'e', 't', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "assetvault.co.za", true */ 'a', 's', 's', 'e', 't', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "assguidesporrentruy.ch", true */ 'a', 's', 's', 'g', 'u', 'i', 'd', 'e', 's', 'p', 'o', 'r', 'r', 'e', 'n', 't', 'r', 'u', 'y', '.', 'c', 'h', '\0',
+  /* "assistance-personnes-agees.ch", true */ 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 's', '-', 'a', 'g', 'e', 'e', 's', '.', 'c', 'h', '\0',
+  /* "assistcart.com", true */ 'a', 's', 's', 'i', 's', 't', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "assistenzamicroonde.org", true */ 'a', 's', 's', 'i', 's', 't', 'e', 'n', 'z', 'a', 'm', 'i', 'c', 'r', 'o', 'o', 'n', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "assodigitale.it", true */ 'a', 's', 's', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "assumptionpj.org", true */ 'a', 's', 's', 'u', 'm', 'p', 't', 'i', 'o', 'n', 'p', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "assurancesmons.be", true */ 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', 'm', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "astaninki.com", true */ 'a', 's', 't', 'a', 'n', 'i', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "astarbouncycastles.co.uk", true */ 'a', 's', 't', 'a', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "astarmathsandphysics.com", true */ 'a', 's', 't', 'a', 'r', 'm', 'a', 't', 'h', 's', 'a', 'n', 'd', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "astec-informatica.com", true */ 'a', 's', 't', 'e', 'c', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "astengox.com", true */ 'a', 's', 't', 'e', 'n', 'g', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "astenotarili.online", true */ 'a', 's', 't', 'e', 'n', 'o', 't', 'a', 'r', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "astenretail.com", true */ 'a', 's', 't', 'e', 'n', 'r', 'e', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "astraalivankila.net", true */ 'a', 's', 't', 'r', 'a', 'a', 'l', 'i', 'v', 'a', 'n', 'k', 'i', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "astrath.net", true */ 'a', 's', 't', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "astronomie-fulda.de", true */ 'a', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '-', 'f', 'u', 'l', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "astroscopy.ch", true */ 'a', 's', 't', 'r', 'o', 's', 'c', 'o', 'p', 'y', '.', 'c', 'h', '\0',
+  /* "astrosnail.pt.eu.org", true */ 'a', 's', 't', 'r', 'o', 's', 'n', 'a', 'i', 'l', '.', 'p', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "astural.org", true */ 'a', 's', 't', 'u', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "astutikhonda.com", true */ 'a', 's', 't', 'u', 't', 'i', 'k', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "astutr.co", true */ 'a', 's', 't', 'u', 't', 'r', '.', 'c', 'o', '\0',
+  /* "asucrews.com", true */ 'a', 's', 'u', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "asuhe.cc", true */ 'a', 's', 'u', 'h', 'e', '.', 'c', 'c', '\0',
+  /* "asuhe.win", true */ 'a', 's', 'u', 'h', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "asuka.io", true */ 'a', 's', 'u', 'k', 'a', '.', 'i', 'o', '\0',
+  /* "asun.co", true */ 'a', 's', 'u', 'n', '.', 'c', 'o', '\0',
+  /* "asurepay.cc", true */ 'a', 's', 'u', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "asustreiber.de", true */ 'a', 's', 'u', 's', 't', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "asvsa.ch", true */ 'a', 's', 'v', 's', 'a', '.', 'c', 'h', '\0',
+  /* "async.be", false */ 'a', 's', 'y', 'n', 'c', '.', 'b', 'e', '\0',
+  /* "at.search.yahoo.com", false */ 'a', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "atacadooptico.com.br", true */ 'a', 't', 'a', 'c', 'a', 'd', 'o', 'o', 'p', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ataton.ch", true */ 'a', 't', 'a', 't', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "atc.io", true */ 'a', 't', 'c', '.', 'i', 'o', '\0',
+  /* "atchleyjazz.com", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "atchleyjazz.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "atchleylab.org", true */ 'a', 't', 'c', 'h', 'l', 'e', 'y', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "atcom.cl", true */ 'a', 't', 'c', 'o', 'm', '.', 'c', 'l', '\0',
+  /* "atds.ch", true */ 'a', 't', 'd', 's', '.', 'c', 'h', '\0',
+  /* "atease-salon.jp", true */ 'a', 't', 'e', 'a', 's', 'e', '-', 's', 'a', 'l', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "ateli.com", true */ 'a', 't', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "atelier-coiffure.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'c', 'o', 'i', 'f', 'f', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "atelier-naruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "atelier-viennois-cannes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', '-', 'v', 'i', 'e', 'n', 'n', 'o', 'i', 's', '-', 'c', 'a', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "atelieraphelion.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'a', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atelierbw.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'b', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "atelierdefrancais.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "atelierdesflammesnoires.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'd', 'e', 's', 'f', 'l', 'a', 'm', 'm', 'e', 's', 'n', 'o', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "atelierhupsakee.nl", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'h', 'u', 'p', 's', 'a', 'k', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "ateliernaruby.cz", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'a', 'r', 'u', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "ateliernihongo.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 'n', 'i', 'h', 'o', 'n', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "ateliers-veronese-nantes.fr", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'v', 'e', 'r', 'o', 'n', 'e', 's', 'e', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "ateliersantgervasi.com", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 'a', 'n', 't', 'g', 'e', 'r', 'v', 'a', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "atelierssud.ch", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 'c', 'h', '\0',
+  /* "atelierssud.swiss", true */ 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', 's', 'u', 'd', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "atg.soy", true */ 'a', 't', 'g', '.', 's', 'o', 'y', '\0',
+  /* "atgoetschel.ch", true */ 'a', 't', 'g', 'o', 'e', 't', 's', 'c', 'h', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "atgseed.co.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atgseed.uk", true */ 'a', 't', 'g', 's', 'e', 'e', 'd', '.', 'u', 'k', '\0',
+  /* "ath0.org", true */ 'a', 't', 'h', '0', '.', 'o', 'r', 'g', '\0',
+  /* "athena-bartholdi.com", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'b', 'a', 'r', 't', 'h', 'o', 'l', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "athena-garage.co.uk", true */ 'a', 't', 'h', 'e', 'n', 'a', '-', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atheoryofchange.com", true */ 'a', 't', 'h', 'e', 'o', 'r', 'y', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "athlin.de", true */ 'a', 't', 'h', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "atishchenko.com", true */ 'a', 't', 'i', 's', 'h', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "atisoft.biz", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "atisoft.com.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "atisoft.net", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "atisoft.net.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '.', 't', 'r', '\0',
+  /* "atisoft.web.tr", true */ 'a', 't', 'i', 's', 'o', 'f', 't', '.', 'w', 'e', 'b', '.', 't', 'r', '\0',
+  /* "atitude.com", true */ 'a', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ativapsicologia.com.br", true */ 'a', 't', 'i', 'v', 'a', 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atk.me", true */ 'a', 't', 'k', '.', 'm', 'e', '\0',
+  /* "atkdesign.pt", true */ 'a', 't', 'k', 'd', 'e', 's', 'i', 'g', 'n', '.', 'p', 't', '\0',
+  /* "atl-paas.net", true */ 'a', 't', 'l', '-', 'p', 'a', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "atlantahairsurgeon.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'h', 'a', 'i', 'r', 's', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atlantareroof.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 'r', 'e', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "atlantaspringroll.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'a', 's', 'p', 'r', 'i', 'n', 'g', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "atlantichomes.com.au", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 'c', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "atlantis-kh.noip.me", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', '-', 'k', 'h', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "atlantischild.hu", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'c', 'h', 'i', 'l', 'd', '.', 'h', 'u', '\0',
+  /* "atlantiswaterproofing.com", true */ 'a', 't', 'l', 'a', 'n', 't', 'i', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "atlas-5.site", true */ 'a', 't', 'l', 'a', 's', '-', '5', '.', 's', 'i', 't', 'e', '\0',
+  /* "atlas-staging.ml", true */ 'a', 't', 'l', 'a', 's', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'm', 'l', '\0',
+  /* "atlas.co", true */ 'a', 't', 'l', 'a', 's', '.', 'c', 'o', '\0',
+  /* "atlaschiropractic.org", true */ 'a', 't', 'l', 'a', 's', 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 'c', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "atlascultural.com", true */ 'a', 't', 'l', 'a', 's', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "atlasone.us", true */ 'a', 't', 'l', 'a', 's', 'o', 'n', 'e', '.', 'u', 's', '\0',
+  /* "atlassian.io", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "atlassian.net", true */ 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "atletika.hu", true */ 'a', 't', 'l', 'e', 't', 'i', 'k', 'a', '.', 'h', 'u', '\0',
+  /* "atmocdn.com", true */ 'a', 't', 'm', 'o', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "atnis.com", true */ 'a', 't', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ato4sound.com", true */ 'a', 't', 'o', '4', 's', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "atolm.net", true */ 'a', 't', 'o', 'l', 'm', '.', 'n', 'e', 't', '\0',
+  /* "atom-china.org", true */ 'a', 't', 'o', 'm', '-', 'c', 'h', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "atom.solutions", true */ 'a', 't', 'o', 'm', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "atom86.net", true */ 'a', 't', 'o', 'm', '8', '6', '.', 'n', 'e', 't', '\0',
+  /* "atombase.org", true */ 'a', 't', 'o', 'm', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "atomic-bounce.com", true */ 'a', 't', 'o', 'm', 'i', 'c', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "atomicbounce.co.uk", true */ 'a', 't', 'o', 'm', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "atomism.com", true */ 'a', 't', 'o', 'm', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "atorcidabrasileira.com.br", true */ 'a', 't', 'o', 'r', 'c', 'i', 'd', 'a', 'b', 'r', 'a', 's', 'i', 'l', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atplonline.co", true */ 'a', 't', 'p', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "atracaosexshop.com.br", true */ 'a', 't', 'r', 'a', 'c', 'a', 'o', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "atraining.ru", true */ 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "atraverscugy.ch", true */ 'a', 't', 'r', 'a', 'v', 'e', 'r', 's', 'c', 'u', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "atrevillot.com", true */ 'a', 't', 'r', 'e', 'v', 'i', 'l', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "atrinik.org", true */ 'a', 't', 'r', 'i', 'n', 'i', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "atte.fi", true */ 'a', 't', 't', 'e', '.', 'f', 'i', '\0',
+  /* "attendantdesign.com", true */ 'a', 't', 't', 'e', 'n', 'd', 'a', 'n', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "attilagyorffy.com", true */ 'a', 't', 't', 'i', 'l', 'a', 'g', 'y', 'o', 'r', 'f', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "attilavandervelde.nl", true */ 'a', 't', 't', 'i', 'l', 'a', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "attitudes-bureaux.fr", true */ 'a', 't', 't', 'i', 't', 'u', 'd', 'e', 's', '-', 'b', 'u', 'r', 'e', 'a', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "attogtech.com", true */ 'a', 't', 't', 'o', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "attorney.org.il", true */ 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0',
+  /* "attwood.org", true */ 'a', 't', 't', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "atulhost.com", true */ 'a', 't', 'u', 'l', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "atviras.lt", false */ 'a', 't', 'v', 'i', 'r', 'a', 's', '.', 'l', 't', '\0',
+  /* "atwonline.org", true */ 'a', 't', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "atypicom.es", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "atypicom.fr", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "atypicom.it", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'i', 't', '\0',
+  /* "atypicom.pt", true */ 'a', 't', 'y', 'p', 'i', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "atzenchefin.de", true */ 'a', 't', 'z', 'e', 'n', 'c', 'h', 'e', 'f', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "au-be.net", true */ 'a', 'u', '-', 'b', 'e', '.', 'n', 'e', 't', '\0',
+  /* "au2pb.org", true */ 'a', 'u', '2', 'p', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "aubergegilly.ch", true */ 'a', 'u', 'b', 'e', 'r', 'g', 'e', 'g', 'i', 'l', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "aubg.org", true */ 'a', 'u', 'b', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "aubio.org", true */ 'a', 'u', 'b', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "aubonmanger.fr", true */ 'a', 'u', 'b', 'o', 'n', 'm', 'a', 'n', 'g', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "aucklandcastles.co.uk", true */ 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aucubin.de", true */ 'a', 'u', 'c', 'u', 'b', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "audialbuquerqueparts.com", true */ 'a', 'u', 'd', 'i', 'a', 'l', 'b', 'u', 'q', 'u', 'e', 'r', 'q', 'u', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "audiblox.co.za", true */ 'a', 'u', 'd', 'i', 'b', 'l', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "audiense.com", true */ 'a', 'u', 'd', 'i', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "audio-detector.com", true */ 'a', 'u', 'd', 'i', 'o', '-', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "audiolibri.org", true */ 'a', 'u', 'd', 'i', 'o', 'l', 'i', 'b', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "audiophile.ch", true */ 'a', 'u', 'd', 'i', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "audiorental.net", true */ 'a', 'u', 'd', 'i', 'o', 'r', 'e', 'n', 't', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "audisto.com", true */ 'a', 'u', 'd', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "auditos.com", true */ 'a', 'u', 'd', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "auditsquare.com", true */ 'a', 'u', 'd', 'i', 't', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auerbach-verlag.de", true */ 'a', 'u', 'e', 'r', 'b', 'a', 'c', 'h', '-', 'v', 'e', 'r', 'l', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "auf-feindgebiet.de", true */ 'a', 'u', 'f', '-', 'f', 'e', 'i', 'n', 'd', 'g', 'e', 'b', 'i', 'e', 't', '.', 'd', 'e', '\0',
+  /* "aufprise.de", true */ 'a', 'u', 'f', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "augaware.org", true */ 'a', 'u', 'g', 'a', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "augen-seite.de", true */ 'a', 'u', 'g', 'e', 'n', '-', 's', 'e', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "augenblicke-blog.de", true */ 'a', 'u', 'g', 'e', 'n', 'b', 'l', 'i', 'c', 'k', 'e', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "augiero.it", true */ 'a', 'u', 'g', 'i', 'e', 'r', 'o', '.', 'i', 't', '\0',
+  /* "augmentable.de", true */ 'a', 'u', 'g', 'm', 'e', 'n', 't', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "august.black", true */ 'a', 'u', 'g', 'u', 's', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "augustian-life.cz", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'f', 'e', '.', 'c', 'z', '\0',
+  /* "augustiner-kantorei-erfurt.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '-', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "augustiner-kantorei.de", true */ 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', 'e', 'r', '-', 'k', 'a', 'n', 't', 'o', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "aukaraoke.su", true */ 'a', 'u', 'k', 'a', 'r', 'a', 'o', 'k', 'e', '.', 's', 'u', '\0',
+  /* "aulaschrank.gq", true */ 'a', 'u', 'l', 'a', 's', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'g', 'q', '\0',
+  /* "aulo.in", false */ 'a', 'u', 'l', 'o', '.', 'i', 'n', '\0',
+  /* "aunali1.com", true */ 'a', 'u', 'n', 'a', 'l', 'i', '1', '.', 'c', 'o', 'm', '\0',
+  /* "auntie-eileens.com.au", true */ 'a', 'u', 'n', 't', 'i', 'e', '-', 'e', 'i', 'l', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "auplidespages.fr", true */ 'a', 'u', 'p', 'l', 'i', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "aur.rocks", true */ 'a', 'u', 'r', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "aureus.pw", true */ 'a', 'u', 'r', 'e', 'u', 's', '.', 'p', 'w', '\0',
+  /* "auri.ga", true */ 'a', 'u', 'r', 'i', '.', 'g', 'a', '\0',
+  /* "auricblue.com", true */ 'a', 'u', 'r', 'i', 'c', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auriko-games.de", true */ 'a', 'u', 'r', 'i', 'k', 'o', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "aurora-multimedia.co.uk", true */ 'a', 'u', 'r', 'o', 'r', 'a', '-', 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "auroraassociationofrealtors.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aurorarecordings.com", true */ 'a', 'u', 'r', 'o', 'r', 'a', 'r', 'e', 'c', 'o', 'r', 'd', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "aurosa.cz", true */ 'a', 'u', 'r', 'o', 's', 'a', '.', 'c', 'z', '\0',
+  /* "aus-ryugaku.info", true */ 'a', 'u', 's', '-', 'r', 'y', 'u', 'g', 'a', 'k', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "auskunftsbegehren.at", true */ 'a', 'u', 's', 'k', 'u', 'n', 'f', 't', 's', 'b', 'e', 'g', 'e', 'h', 'r', 'e', 'n', '.', 'a', 't', '\0',
+  /* "auslandsjahr-usa.de", false */ 'a', 'u', 's', 'l', 'a', 'n', 'd', 's', 'j', 'a', 'h', 'r', '-', 'u', 's', 'a', '.', 'd', 'e', '\0',
+  /* "ausschreibungen-suedtirol.it", true */ 'a', 'u', 's', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'u', 'n', 'g', 'e', 'n', '-', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'i', 't', '\0',
+  /* "aussiehq.com.au", true */ 'a', 'u', 's', 's', 'i', 'e', 'h', 'q', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "aussieservicedown.com", true */ 'a', 'u', 's', 's', 'i', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "austincardiac.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'c', 'a', 'r', 'd', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "austinheap.com", true */ 'a', 'u', 's', 't', 'i', 'n', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "austinmobilemechanics.net", true */ 'a', 'u', 's', 't', 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "austinstore.com.br", true */ 'a', 'u', 's', 't', 'i', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "australian.dating", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "australianfreebets.com.au", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', 'n', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "australien-tipps.info", true */ 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'e', 'n', '-', 't', 'i', 'p', 'p', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "austromorph.space", true */ 'a', 'u', 's', 't', 'r', 'o', 'm', 'o', 'r', 'p', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "auszeit-lanzarote.com", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '-', 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auszeit.bio", true */ 'a', 'u', 's', 'z', 'e', 'i', 't', '.', 'b', 'i', 'o', '\0',
+  /* "auth.adult", true */ 'a', 'u', 't', 'h', '.', 'a', 'd', 'u', 'l', 't', '\0',
+  /* "authinfo-bestellen.de", true */ 'a', 'u', 't', 'h', 'i', 'n', 'f', 'o', '-', 'b', 'e', 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "author24.biz", true */ 'a', 'u', 't', 'h', 'o', 'r', '2', '4', '.', 'b', 'i', 'z', '\0',
+  /* "authorsguild.in", true */ 'a', 'u', 't', 'h', 'o', 'r', 's', 'g', 'u', 'i', 'l', 'd', '.', 'i', 'n', '\0',
+  /* "autimatisering.nl", true */ 'a', 'u', 't', 'i', 'm', 'a', 't', 'i', 's', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "autism-osaka.org", true */ 'a', 'u', 't', 'i', 's', 'm', '-', 'o', 's', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "auto-anleitung.de", true */ 'a', 'u', 't', 'o', '-', 'a', 'n', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "auto-plus.tn", true */ 'a', 'u', 't', 'o', '-', 'p', 'l', 'u', 's', '.', 't', 'n', '\0',
+  /* "autoauctionsohio.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'o', 'h', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "autoauctionsvirginia.com", true */ 'a', 'u', 't', 'o', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'v', 'i', 'r', 'g', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "autobedrijfschalkoort.nl", true */ 'a', 'u', 't', 'o', 'b', 'e', 'd', 'r', 'i', 'j', 'f', 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "autoclean-plus.ch", true */ 'a', 'u', 't', 'o', 'c', 'l', 'e', 'a', 'n', '-', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0',
+  /* "autocmall.com", true */ 'a', 'u', 't', 'o', 'c', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "autocorner.com", true */ 'a', 'u', 't', 'o', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "autodalmacija.com", true */ 'a', 'u', 't', 'o', 'd', 'a', 'l', 'm', 'a', 'c', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "autoecoledumontblanc.com", true */ 'a', 'u', 't', 'o', 'e', 'c', 'o', 'l', 'e', 'd', 'u', 'm', 'o', 'n', 't', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "autoentrepreneurinfo.com", true */ 'a', 'u', 't', 'o', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "autoinsurancehavasu.com", true */ 'a', 'u', 't', 'o', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'h', 'a', 'v', 'a', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "autoledky.sk", true */ 'a', 'u', 't', 'o', 'l', 'e', 'd', 'k', 'y', '.', 's', 'k', '\0',
+  /* "automacity.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "automatethis.com.au", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "automatic.com", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "automationpro.me", true */ 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', 'p', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "automotivegroup-usedcars.be", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'g', 'r', 'o', 'u', 'p', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "automotivemechanic.org", true */ 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "autoosijek.com", true */ 'a', 'u', 't', 'o', 'o', 's', 'i', 'j', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "autoparts.im", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'i', 'm', '\0',
+  /* "autoparts.sh", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 's', 'h', '\0',
+  /* "autoparts.wf", true */ 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'w', 'f', '\0',
+  /* "autos-retro-plaisir.com", true */ 'a', 'u', 't', 'o', 's', '-', 'r', 'e', 't', 'r', 'o', '-', 'p', 'l', 'a', 'i', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "autoscuola.roma.it", true */ 'a', 'u', 't', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "autoshinka72.ru", true */ 'a', 'u', 't', 'o', 's', 'h', 'i', 'n', 'k', 'a', '7', '2', '.', 'r', 'u', '\0',
+  /* "autoskola.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'a', '.', 'h', 'r', '\0',
+  /* "autoskole.hr", true */ 'a', 'u', 't', 'o', 's', 'k', 'o', 'l', 'e', '.', 'h', 'r', '\0',
+  /* "autostodulky.cz", true */ 'a', 'u', 't', 'o', 's', 't', 'o', 'd', 'u', 'l', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "autotechschool.com", true */ 'a', 'u', 't', 'o', 't', 'e', 'c', 'h', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "autoterminus-used.be", true */ 'a', 'u', 't', 'o', 't', 'e', 'r', 'm', 'i', 'n', 'u', 's', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "autoverzekeringafsluiten.com", true */ 'a', 'u', 't', 'o', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'i', 'n', 'g', 'a', 'f', 's', 'l', 'u', 'i', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "autoxy.it", true */ 'a', 'u', 't', 'o', 'x', 'y', '.', 'i', 't', '\0',
+  /* "autozane.com", true */ 'a', 'u', 't', 'o', 'z', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "auvernet.org", true */ 'a', 'u', 'v', 'e', 'r', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "auvious.com", true */ 'a', 'u', 'v', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "auxquatrevents.ch", true */ 'a', 'u', 'x', 'q', 'u', 'a', 't', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "av01.tv", true */ 'a', 'v', '0', '1', '.', 't', 'v', '\0',
+  /* "av163.cc", true */ 'a', 'v', '1', '6', '3', '.', 'c', 'c', '\0',
+  /* "ava-creative.de", false */ 'a', 'v', 'a', '-', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "ava-software.at", true */ 'a', 'v', 'a', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'a', 't', '\0',
+  /* "avaaz.org", true */ 'a', 'v', 'a', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "avabouncehire.co.uk", true */ 'a', 'v', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "avacariu.me", true */ 'a', 'v', 'a', 'c', 'a', 'r', 'i', 'u', '.', 'm', 'e', '\0',
+  /* "availablecastles.com", true */ 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "avalon-island.ru", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 'i', 's', 'l', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "avalon-studios.de", true */ 'a', 'v', 'a', 'l', 'o', 'n', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'd', 'e', '\0',
+  /* "avanet.ch", true */ 'a', 'v', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "avanovum.de", true */ 'a', 'v', 'a', 'n', 'o', 'v', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "avaq.fr", true */ 'a', 'v', 'a', 'q', '.', 'f', 'r', '\0',
+  /* "avarty.com", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "avarty.net", true */ 'a', 'v', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "avastantivirus.ro", true */ 'a', 'v', 'a', 's', 't', 'a', 'n', 't', 'i', 'v', 'i', 'r', 'u', 's', '.', 'r', 'o', '\0',
+  /* "avcd.cz", true */ 'a', 'v', 'c', 'd', '.', 'c', 'z', '\0',
+  /* "avdagic.net", true */ 'a', 'v', 'd', 'a', 'g', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "avdh.top", true */ 'a', 'v', 'd', 'h', '.', 't', 'o', 'p', '\0',
+  /* "ave.zone", true */ 'a', 'v', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "aveapps.com", false */ 'a', 'v', 'e', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "avedesk.org", false */ 'a', 'v', 'e', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "aventurische-allianz.de", true */ 'a', 'v', 'e', 'n', 't', 'u', 'r', 'i', 's', 'c', 'h', 'e', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "avenueeyecare.com", true */ 'a', 'v', 'e', 'n', 'u', 'e', 'e', 'y', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "averageinspired.com", true */ 'a', 'v', 'e', 'r', 'a', 'g', 'e', 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "averam.net", true */ 'a', 'v', 'e', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "averen.co.uk", true */ 'a', 'v', 'e', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "avg.club", true */ 'a', 'v', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "avi9526.pp.ua", true */ 'a', 'v', 'i', '9', '5', '2', '6', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "aviationstrategy.aero", true */ 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "avid.blue", true */ 'a', 'v', 'i', 'd', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "aviv.nyc", true */ 'a', 'v', 'i', 'v', '.', 'n', 'y', 'c', '\0',
+  /* "avmemo.com", true */ 'a', 'v', 'm', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "avmo.pw", true */ 'a', 'v', 'm', 'o', '.', 'p', 'w', '\0',
+  /* "avmoo.com", true */ 'a', 'v', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "avnet.ws", true */ 'a', 'v', 'n', 'e', 't', '.', 'w', 's', '\0',
+  /* "avocode.com", true */ 'a', 'v', 'o', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "avotoma.com", true */ 'a', 'v', 'o', 't', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "avova.de", true */ 'a', 'v', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "avpres.net", true */ 'a', 'v', 'p', 'r', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "avso.pw", true */ 'a', 'v', 's', 'o', '.', 'p', 'w', '\0',
+  /* "avsox.com", true */ 'a', 'v', 's', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "avspot.net", true */ 'a', 'v', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "avticket.ru", false */ 'a', 'v', 't', 'i', 'c', 'k', 'e', 't', '.', 'r', 'u', '\0',
+  /* "avtoforex.ru", true */ 'a', 'v', 't', 'o', 'f', 'o', 'r', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "avtogara-isperih.com", true */ 'a', 'v', 't', 'o', 'g', 'a', 'r', 'a', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "avtosept.by", true */ 'a', 'v', 't', 'o', 's', 'e', 'p', 't', '.', 'b', 'y', '\0',
+  /* "avtovokzaly.ru", true */ 'a', 'v', 't', 'o', 'v', 'o', 'k', 'z', 'a', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "avvcorda.com", true */ 'a', 'v', 'v', 'c', 'o', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "avxo.pw", true */ 'a', 'v', 'x', 'o', '.', 'p', 'w', '\0',
+  /* "awaremi-tai.com", true */ 'a', 'w', 'a', 'r', 'e', 'm', 'i', '-', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "awaro.net", false */ 'a', 'w', 'a', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "awbouncycastlehire.com", true */ 'a', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "awccanadianpharmacy.com", true */ 'a', 'w', 'c', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "awei.pub", true */ 'a', 'w', 'e', 'i', '.', 'p', 'u', 'b', '\0',
+  /* "awen.me", true */ 'a', 'w', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "awesomebouncycastles.co.uk", true */ 'a', 'w', 'e', 's', 'o', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "awin.la", true */ 'a', 'w', 'i', 'n', '.', 'l', 'a', '\0',
+  /* "awk.tw", true */ 'a', 'w', 'k', '.', 't', 'w', '\0',
+  /* "awksolutions.com", true */ 'a', 'w', 'k', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "awningsaboveus.com", true */ 'a', 'w', 'n', 'i', 'n', 'g', 's', 'a', 'b', 'o', 'v', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "awomaninherprime.com", true */ 'a', 'w', 'o', 'm', 'a', 'n', 'i', 'n', 'h', 'e', 'r', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "awsmdev.de", true */ 'a', 'w', 's', 'm', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "awxg.com", true */ 'a', 'w', 'x', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ax25.org", true */ 'a', 'x', '2', '5', '.', 'o', 'r', 'g', '\0',
+  /* "axel-fischer.net", true */ 'a', 'x', 'e', 'l', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "axelteichmann.net", true */ 'a', 'x', 'e', 'l', 't', 'e', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "axem.co.jp", true */ 'a', 'x', 'e', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "axialsports.com", true */ 'a', 'x', 'i', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "axiomer.com", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "axiomer.es", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 's', '\0',
+  /* "axiomer.eu", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "axiomer.me", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "axiomer.net", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "axiomer.org", true */ 'a', 'x', 'i', 'o', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "axka.com", false */ 'a', 'x', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "axolotlfarm.org", true */ 'a', 'x', 'o', 'l', 'o', 't', 'l', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "axrec.de", true */ 'a', 'x', 'r', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "axtux.tk", true */ 'a', 'x', 't', 'u', 'x', '.', 't', 'k', '\0',
+  /* "axxial.tk", true */ 'a', 'x', 'x', 'i', 'a', 'l', '.', 't', 'k', '\0',
+  /* "ayatk.com", true */ 'a', 'y', 'a', 't', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aycomba.de", true */ 'a', 'y', 'c', 'o', 'm', 'b', 'a', '.', 'd', 'e', '\0',
+  /* "ayesh.me", true */ 'a', 'y', 'e', 's', 'h', '.', 'm', 'e', '\0',
+  /* "ayesh.win", true */ 'a', 'y', 'e', 's', 'h', '.', 'w', 'i', 'n', '\0',
+  /* "aykutcevik.com", true */ 'a', 'y', 'k', 'u', 't', 'c', 'e', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aylak.com", true */ 'a', 'y', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "aylesburycastlehire.co.uk", true */ 'a', 'y', 'l', 'e', 's', 'b', 'u', 'r', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "aymerick.fr", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'k', '.', 'f', 'r', '\0',
+  /* "aymericlagier.com", true */ 'a', 'y', 'm', 'e', 'r', 'i', 'c', 'l', 'a', 'g', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ayothemes.com", true */ 'a', 'y', 'o', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ayrohq.com", true */ 'a', 'y', 'r', 'o', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "ayrshirebouncycastlehire.co.uk", true */ 'a', 'y', 'r', 's', 'h', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ayurveda-mantry.com", true */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '-', 'm', 'a', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ayurveda101.com", false */ 'a', 'y', 'u', 'r', 'v', 'e', 'd', 'a', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "az-vinyl-boden.de", true */ 'a', 'z', '-', 'v', 'i', 'n', 'y', 'l', '-', 'b', 'o', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "az.search.yahoo.com", false */ 'a', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "azabani.com", true */ 'a', 'z', 'a', 'b', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "azia.info", true */ 'a', 'z', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "azimut.fr", true */ 'a', 'z', 'i', 'm', 'u', 't', '.', 'f', 'r', '\0',
+  /* "azino777.ru", true */ 'a', 'z', 'i', 'n', 'o', '7', '7', '7', '.', 'r', 'u', '\0',
+  /* "azlk-team.ru", true */ 'a', 'z', 'l', 'k', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "azort.com", true */ 'a', 'z', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "azrazalea.net", true */ 'a', 'z', 'r', 'a', 'z', 'a', 'l', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "azso.pro", true */ 'a', 'z', 's', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "aztrix.me", true */ 'a', 'z', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0',
+  /* "azu-l.com", true */ 'a', 'z', 'u', '-', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "azu-l.jp", true */ 'a', 'z', 'u', '-', 'l', '.', 'j', 'p', '\0',
+  /* "azun.pl", true */ 'a', 'z', 'u', 'n', '.', 'p', 'l', '\0',
+  /* "azuxul.fr", true */ 'a', 'z', 'u', 'x', 'u', 'l', '.', 'f', 'r', '\0',
+  /* "azzag.co.uk", true */ 'a', 'z', 'z', 'a', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "azzorti.com", true */ 'a', 'z', 'z', 'o', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "b-b-law.com", true */ 'b', '-', 'b', '-', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "b-boom.nl", true */ 'b', '-', 'b', 'o', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "b-cyclesshop.ch", true */ 'b', '-', 'c', 'y', 'c', 'l', 'e', 's', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "b-entropy.com", true */ 'b', '-', 'e', 'n', 't', 'r', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "b-pi.duckdns.org", true */ 'b', '-', 'p', 'i', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "b-root-force.de", true */ 'b', '-', 'r', 'o', 'o', 't', '-', 'f', 'o', 'r', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "b-services.net", true */ 'b', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "b-ticket.ch", true */ 'b', '-', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'h', '\0',
+  /* "b1.work", true */ 'b', '1', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "b1c1l1.com", true */ 'b', '1', 'c', '1', 'l', '1', '.', 'c', 'o', 'm', '\0',
+  /* "b2and.com", false */ 'b', '2', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "b2bmuzikbank.com", true */ 'b', '2', 'b', 'm', 'u', 'z', 'i', 'k', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "b422edu.com", true */ 'b', '4', '2', '2', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "b4bouncycastles.co.uk", true */ 'b', '4', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "b4z.eu", true */ 'b', '4', 'z', '.', 'e', 'u', '\0',
+  /* "b64.club", true */ 'b', '6', '4', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "b72.net", true */ 'b', '7', '2', '.', 'n', 'e', 't', '\0',
+  /* "b9110.com", true */ 'b', '9', '1', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "baalsworld.de", true */ 'b', 'a', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "baas-becking.biology.utah.edu", true */ 'b', 'a', 'a', 's', '-', 'b', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'u', 't', 'a', 'h', '.', 'e', 'd', 'u', '\0',
+  /* "babacasino.net", true */ 'b', 'a', 'b', 'a', 'c', 'a', 's', 'i', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "babai.ru", true */ 'b', 'a', 'b', 'a', 'i', '.', 'r', 'u', '\0',
+  /* "babarkata.com", true */ 'b', 'a', 'b', 'a', 'r', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "babeleo.com", true */ 'b', 'a', 'b', 'e', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "babettelandmesser.de", true */ 'b', 'a', 'b', 'e', 't', 't', 'e', 'l', 'a', 'n', 'd', 'm', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "baby-digne.com", true */ 'b', 'a', 'b', 'y', '-', 'd', 'i', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "babyboom.pl", true */ 'b', 'a', 'b', 'y', 'b', 'o', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "babycamapp.com", true */ 'b', 'a', 'b', 'y', 'c', 'a', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "babyfotograf-schweiz.ch", true */ 'b', 'a', 'b', 'y', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0',
+  /* "babyliss-pro.com", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "babyliss-pro.net", true */ 'b', 'a', 'b', 'y', 'l', 'i', 's', 's', '-', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "babyphototime.com", true */ 'b', 'a', 'b', 'y', 'p', 'h', 'o', 't', 'o', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "babypibu.com", true */ 'b', 'a', 'b', 'y', 'p', 'i', 'b', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "babystep.tv", true */ 'b', 'a', 'b', 'y', 's', 't', 'e', 'p', '.', 't', 'v', '\0',
+  /* "bacgrouppublishing.com", true */ 'b', 'a', 'c', 'g', 'r', 'o', 'u', 'p', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bacimg.com", true */ 'b', 'a', 'c', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "baciu.ch", true */ 'b', 'a', 'c', 'i', 'u', '.', 'c', 'h', '\0',
+  /* "backeby.eu", true */ 'b', 'a', 'c', 'k', 'e', 'b', 'y', '.', 'e', 'u', '\0',
+  /* "backenmachtgluecklich.de", true */ 'b', 'a', 'c', 'k', 'e', 'n', 'm', 'a', 'c', 'h', 't', 'g', 'l', 'u', 'e', 'c', 'k', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "backgroundz.net", true */ 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', 'z', '.', 'n', 'e', 't', '\0',
+  /* "backlogapp.io", true */ 'b', 'a', 'c', 'k', 'l', 'o', 'g', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "backmountaingas.com", true */ 'b', 'a', 'c', 'k', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "backpacken.org", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "backpacker.dating", true */ 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "backscattering.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'a', 't', 't', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "backschues.com", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "backschues.de", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'd', 'e', '\0',
+  /* "backschues.net", true */ 'b', 'a', 'c', 'k', 's', 'c', 'h', 'u', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "backsideverbier.ch", true */ 'b', 'a', 'c', 'k', 's', 'i', 'd', 'e', 'v', 'e', 'r', 'b', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "backterris.com", true */ 'b', 'a', 'c', 'k', 't', 'e', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bacon-monitoring.org", true */ 'b', 'a', 'c', 'o', 'n', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "baconate.com", true */ 'b', 'a', 'c', 'o', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baconismagic.ca", true */ 'b', 'a', 'c', 'o', 'n', 'i', 's', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "bacontreeconsulting.com", true */ 'b', 'a', 'c', 'o', 'n', 't', 'r', 'e', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bacula.jp", true */ 'b', 'a', 'c', 'u', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "bad.horse", true */ 'b', 'a', 'd', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "badai.at", true */ 'b', 'a', 'd', 'a', 'i', '.', 'a', 't', '\0',
+  /* "badam.co", true */ 'b', 'a', 'd', 'a', 'm', '.', 'c', 'o', '\0',
+  /* "badbee.cc", true */ 'b', 'a', 'd', 'b', 'e', 'e', '.', 'c', 'c', '\0',
+  /* "badf00d.de", true */ 'b', 'a', 'd', 'f', '0', '0', 'd', '.', 'd', 'e', '\0',
+  /* "badges.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "badges.stg.fedoraproject.org", true */ 'b', 'a', 'd', 'g', 'e', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "badhusky.com", true */ 'b', 'a', 'd', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "badoo.com", true */ 'b', 'a', 'd', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "badpackets.net", true */ 'b', 'a', 'd', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "badrequest.me", true */ 'b', 'a', 'd', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'm', 'e', '\0',
+  /* "badseacoffee.com", true */ 'b', 'a', 'd', 's', 'e', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baer.im", false */ 'b', 'a', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "baer.one", false */ 'b', 'a', 'e', 'r', '.', 'o', 'n', 'e', '\0',
+  /* "baffinlee.com", true */ 'b', 'a', 'f', 'f', 'i', 'n', 'l', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bag.bg", true */ 'b', 'a', 'g', '.', 'b', 'g', '\0',
+  /* "bagelsbakery.com", false */ 'b', 'a', 'g', 'e', 'l', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bageluncle.com", true */ 'b', 'a', 'g', 'e', 'l', 'u', 'n', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baggy.me.uk", true */ 'b', 'a', 'g', 'g', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "bagheera.me.uk", true */ 'b', 'a', 'g', 'h', 'e', 'e', 'r', 'a', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "baglu.com", true */ 'b', 'a', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "bagsofbounce.co.uk", true */ 'b', 'a', 'g', 's', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bagspecialist.nl", true */ 'b', 'a', 'g', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', '.', 'n', 'l', '\0',
+  /* "bagstage.de", true */ 'b', 'a', 'g', 's', 't', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "bah.im", false */ 'b', 'a', 'h', '.', 'i', 'm', '\0',
+  /* "bahnbonus-praemienwelt.de", true */ 'b', 'a', 'h', 'n', 'b', 'o', 'n', 'u', 's', '-', 'p', 'r', 'a', 'e', 'm', 'i', 'e', 'n', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "baifubao.com", true */ 'b', 'a', 'i', 'f', 'u', 'b', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "baiker.info", true */ 'b', 'a', 'i', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bailakomigo.com.br", true */ 'b', 'a', 'i', 'l', 'a', 'k', 'o', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "baildonbouncycastles.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "baildonhottubs.co.uk", true */ 'b', 'a', 'i', 'l', 'd', 'o', 'n', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "baileebee.com", true */ 'b', 'a', 'i', 'l', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bairdzhang.com", true */ 'b', 'a', 'i', 'r', 'd', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "baitulongbaycruises.com", true */ 'b', 'a', 'i', 't', 'u', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'c', 'r', 'u', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bajic.ch", true */ 'b', 'a', 'j', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "baka.org.cn", true */ 'b', 'a', 'k', 'a', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "bakabt.info", true */ 'b', 'a', 'k', 'a', 'b', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bakaproxy.moe", true */ 'b', 'a', 'k', 'a', 'p', 'r', 'o', 'x', 'y', '.', 'm', 'o', 'e', '\0',
+  /* "bakersafari.co", true */ 'b', 'a', 'k', 'e', 'r', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "bakibal.com", true */ 'b', 'a', 'k', 'i', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bakim.li", true */ 'b', 'a', 'k', 'i', 'm', '.', 'l', 'i', '\0',
+  /* "bakkerinjebuurt.be", true */ 'b', 'a', 'k', 'k', 'e', 'r', 'i', 'n', 'j', 'e', 'b', 'u', 'u', 'r', 't', '.', 'b', 'e', '\0',
+  /* "bakongcondo.com", true */ 'b', 'a', 'k', 'o', 'n', 'g', 'c', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "balade-commune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "baladecommune.ch", true */ 'b', 'a', 'l', 'a', 'd', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "balancascia.com.br", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'a', 's', 'c', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balancenaturalhealthclinic.ca", true */ 'b', 'a', 'l', 'a', 'n', 'c', 'e', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "balboa.io", true */ 'b', 'a', 'l', 'b', 'o', 'a', '.', 'i', 'o', '\0',
+  /* "balcaonet.com.br", true */ 'b', 'a', 'l', 'c', 'a', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balconnr.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "balconsverdun.com", true */ 'b', 'a', 'l', 'c', 'o', 'n', 's', 'v', 'e', 'r', 'd', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "baldur.cc", true */ 'b', 'a', 'l', 'd', 'u', 'r', '.', 'c', 'c', '\0',
+  /* "balicekzdravi.cz", true */ 'b', 'a', 'l', 'i', 'c', 'e', 'k', 'z', 'd', 'r', 'a', 'v', 'i', '.', 'c', 'z', '\0',
+  /* "balidesignshop.com.br", true */ 'b', 'a', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "balikonos.cz", true */ 'b', 'a', 'l', 'i', 'k', 'o', 'n', 'o', 's', '.', 'c', 'z', '\0',
+  /* "balinese.dating", true */ 'b', 'a', 'l', 'i', 'n', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "balist.es", true */ 'b', 'a', 'l', 'i', 's', 't', '.', 'e', 's', '\0',
+  /* "baliyano.com", true */ 'b', 'a', 'l', 'i', 'y', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "balkonien.org", true */ 'b', 'a', 'l', 'k', 'o', 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ball.holdings", true */ 'b', 'a', 'l', 'l', '.', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', '\0',
+  /* "ballarin.cc", true */ 'b', 'a', 'l', 'l', 'a', 'r', 'i', 'n', '.', 'c', 'c', '\0',
+  /* "ballbusting-cbt.com", true */ 'b', 'a', 'l', 'l', 'b', 'u', 's', 't', 'i', 'n', 'g', '-', 'c', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ballejaune.com", true */ 'b', 'a', 'l', 'l', 'e', 'j', 'a', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ballmerpeak.org", true */ 'b', 'a', 'l', 'l', 'm', 'e', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ballonsportclub-erlangen.de", true */ 'b', 'a', 'l', 'l', 'o', 'n', 's', 'p', 'o', 'r', 't', 'c', 'l', 'u', 'b', '-', 'e', 'r', 'l', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ballotapi.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ballothero.com", true */ 'b', 'a', 'l', 'l', 'o', 't', 'h', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ballroom.info", true */ 'b', 'a', 'l', 'l', 'r', 'o', 'o', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bals.org", true */ 'b', 'a', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "balslev.io", true */ 'b', 'a', 'l', 's', 'l', 'e', 'v', '.', 'i', 'o', '\0',
+  /* "bambambaby.com.br", true */ 'b', 'a', 'm', 'b', 'a', 'm', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bananensap.nl", true */ 'b', 'a', 'n', 'a', 'n', 'e', 'n', 's', 'a', 'p', '.', 'n', 'l', '\0',
+  /* "banburybid.com", true */ 'b', 'a', 'n', 'b', 'u', 'r', 'y', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bancacrs.it", true */ 'b', 'a', 'n', 'c', 'a', 'c', 'r', 's', '.', 'i', 't', '\0',
+  /* "bancoctt.pt", true */ 'b', 'a', 'n', 'c', 'o', 'c', 't', 't', '.', 'p', 't', '\0',
+  /* "bandar303.win", true */ 'b', 'a', 'n', 'd', 'a', 'r', '3', '0', '3', '.', 'w', 'i', 'n', '\0',
+  /* "bandeira1.com.br", true */ 'b', 'a', 'n', 'd', 'e', 'i', 'r', 'a', '1', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bandgap.io", true */ 'b', 'a', 'n', 'd', 'g', 'a', 'p', '.', 'i', 'o', '\0',
+  /* "bandiga.it", true */ 'b', 'a', 'n', 'd', 'i', 'g', 'a', '.', 'i', 't', '\0',
+  /* "bandito.re", true */ 'b', 'a', 'n', 'd', 'i', 't', 'o', '.', 'r', 'e', '\0',
+  /* "bangdream.ga", true */ 'b', 'a', 'n', 'g', 'd', 'r', 'e', 'a', 'm', '.', 'g', 'a', '\0',
+  /* "bangkok-dark-night.com", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '-', 'd', 'a', 'r', 'k', '-', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bangkok.dating", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bangkokcity.de", true */ 'b', 'a', 'n', 'g', 'k', 'o', 'k', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "bank.simple.com", false */ 'b', 'a', 'n', 'k', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bankbranchlocator.com", true */ 'b', 'a', 'n', 'k', 'b', 'r', 'a', 'n', 'c', 'h', 'l', 'o', 'c', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bankcardoffer.com", true */ 'b', 'a', 'n', 'k', 'c', 'a', 'r', 'd', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bankcircle.co.in", true */ 'b', 'a', 'n', 'k', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "bankersonline.com", true */ 'b', 'a', 'n', 'k', 'e', 'r', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bankfreeoffers.com", true */ 'b', 'a', 'n', 'k', 'f', 'r', 'e', 'e', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bankin.com", true */ 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bankinter.pt", true */ 'b', 'a', 'n', 'k', 'i', 'n', 't', 'e', 'r', '.', 'p', 't', '\0',
+  /* "bankofdenton.com", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'd', 'e', 'n', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bankofrealty.review", true */ 'b', 'a', 'n', 'k', 'o', 'f', 'r', 'e', 'a', 'l', 't', 'y', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "banksiaparkcottages.com.au", true */ 'b', 'a', 'n', 'k', 's', 'i', 'a', 'p', 'a', 'r', 'k', 'c', 'o', 't', 't', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bankstownapartments.com.au", true */ 'b', 'a', 'n', 'k', 's', 't', 'o', 'w', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "banned-bitches.tk", true */ 'b', 'a', 'n', 'n', 'e', 'd', '-', 'b', 'i', 't', 'c', 'h', 'e', 's', '.', 't', 'k', '\0',
+  /* "bannermarquees.ie", true */ 'b', 'a', 'n', 'n', 'e', 'r', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0',
+  /* "banoviny.sk", true */ 'b', 'a', 'n', 'o', 'v', 'i', 'n', 'y', '.', 's', 'k', '\0',
+  /* "banri.me", true */ 'b', 'a', 'n', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "banxehoi.com", true */ 'b', 'a', 'n', 'x', 'e', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "baofengtech.com", true */ 'b', 'a', 'o', 'f', 'e', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "baosuckhoedoisong.net", true */ 'b', 'a', 'o', 's', 'u', 'c', 'k', 'h', 'o', 'e', 'd', 'o', 'i', 's', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "baptistboard.com", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "baptiste-destombes.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'd', 'e', 's', 't', 'o', 'm', 'b', 'e', 's', '.', 'f', 'r', '\0',
+  /* "baptiste-peugnez.fr", true */ 'b', 'a', 'p', 't', 'i', 's', 't', 'e', '-', 'p', 'e', 'u', 'g', 'n', 'e', 'z', '.', 'f', 'r', '\0',
+  /* "bar-harcourt.com", true */ 'b', 'a', 'r', '-', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "barans2239.com", true */ 'b', 'a', 'r', 'a', 'n', 's', '2', '2', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "barbarafeldman.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'a', 'f', 'e', 'l', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "barbarians.com", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "barbaros.info", true */ 'b', 'a', 'r', 'b', 'a', 'r', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "barbate.fr", true */ 'b', 'a', 'r', 'b', 'a', 't', 'e', '.', 'f', 'r', '\0',
+  /* "barbershop-harmony.org", true */ 'b', 'a', 'r', 'b', 'e', 'r', 's', 'h', 'o', 'p', '-', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "barbosha.ru", true */ 'b', 'a', 'r', 'b', 'o', 's', 'h', 'a', '.', 'r', 'u', '\0',
+  /* "barbu.family", true */ 'b', 'a', 'r', 'b', 'u', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "barburas.com", true */ 'b', 'a', 'r', 'b', 'u', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "barclays.net", true */ 'b', 'a', 'r', 'c', 'l', 'a', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "barcodeberlin.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "barcoderealty.com", true */ 'b', 'a', 'r', 'c', 'o', 'd', 'e', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bardiharborow.com", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "bardiharborow.tk", true */ 'b', 'a', 'r', 'd', 'i', 'h', 'a', 'r', 'b', 'o', 'r', 'o', 'w', '.', 't', 'k', '\0',
+  /* "bargainmovingcompany.com", true */ 'b', 'a', 'r', 'g', 'a', 'i', 'n', 'm', 'o', 'v', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bariller.fr", true */ 'b', 'a', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "baripedia.org", true */ 'b', 'a', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "baris-sagdic.com", true */ 'b', 'a', 'r', 'i', 's', '-', 's', 'a', 'g', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bariseau-mottrie.be", true */ 'b', 'a', 'r', 'i', 's', 'e', 'a', 'u', '-', 'm', 'o', 't', 't', 'r', 'i', 'e', '.', 'b', 'e', '\0',
+  /* "barisi.me", true */ 'b', 'a', 'r', 'i', 's', 'i', '.', 'm', 'e', '\0',
+  /* "bariskaragoz.nl", true */ 'b', 'a', 'r', 'i', 's', 'k', 'a', 'r', 'a', 'g', 'o', 'z', '.', 'n', 'l', '\0',
+  /* "barkerjr.xyz", true */ 'b', 'a', 'r', 'k', 'e', 'r', 'j', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "barlotta.net", true */ 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "barnabycolby.io", true */ 'b', 'a', 'r', 'n', 'a', 'b', 'y', 'c', 'o', 'l', 'b', 'y', '.', 'i', 'o', '\0',
+  /* "barnrats.com", true */ 'b', 'a', 'r', 'n', 'r', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baropkamp.be", true */ 'b', 'a', 'r', 'o', 'p', 'k', 'a', 'm', 'p', '.', 'b', 'e', '\0',
+  /* "barprive.com", true */ 'b', 'a', 'r', 'p', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "barqo.co", true */ 'b', 'a', 'r', 'q', 'o', '.', 'c', 'o', '\0',
+  /* "barracuda.com.tr", true */ 'b', 'a', 'r', 'r', 'a', 'c', 'u', 'd', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "barrera.io", true */ 'b', 'a', 'r', 'r', 'e', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "barrett.ag", true */ 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'a', 'g', '\0',
+  /* "barriofut.com", true */ 'b', 'a', 'r', 'r', 'i', 'o', 'f', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bars.kh.ua", true */ 'b', 'a', 'r', 's', '.', 'k', 'h', '.', 'u', 'a', '\0',
+  /* "barsashop.com.br", true */ 'b', 'a', 'r', 's', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "barsil.de", true */ 'b', 'a', 'r', 's', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "barslecht.com", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "barslecht.nl", true */ 'b', 'a', 'r', 's', 'l', 'e', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "barss.io", true */ 'b', 'a', 'r', 's', 's', '.', 'i', 'o', '\0',
+  /* "barta.me", true */ 'b', 'a', 'r', 't', 'a', '.', 'm', 'e', '\0',
+  /* "bartel.ws", true */ 'b', 'a', 'r', 't', 'e', 'l', '.', 'w', 's', '\0',
+  /* "bartelt.name", true */ 'b', 'a', 'r', 't', 'e', 'l', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "bartula.de", true */ 'b', 'a', 'r', 't', 'u', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "bartzutow.xyz", true */ 'b', 'a', 'r', 't', 'z', 'u', 't', 'o', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "baruch.me", true */ 'b', 'a', 'r', 'u', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "bas.co.jp", true */ 'b', 'a', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "bascht.com", true */ 'b', 'a', 's', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "basculasconfiables.com", true */ 'b', 'a', 's', 'c', 'u', 'l', 'a', 's', 'c', 'o', 'n', 'f', 'i', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "base-autonome-durable.com", true */ 'b', 'a', 's', 'e', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'd', 'u', 'r', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baseballrampage.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baseballsavings.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baseballwarehouse.com", true */ 'b', 'a', 's', 'e', 'b', 'a', 'l', 'l', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "basedonline.nl", true */ 'b', 'a', 's', 'e', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "baselang.com", true */ 'b', 'a', 's', 'e', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "basementdoctor.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "basementdoctornorthwest.com", true */ 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'd', 'o', 'c', 't', 'o', 'r', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bashc.at", true */ 'b', 'a', 's', 'h', 'c', '.', 'a', 't', '\0',
+  /* "bashstreetband.co.uk", true */ 'b', 'a', 's', 'h', 's', 't', 'r', 'e', 'e', 't', 'b', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "basilicaknights.org", true */ 'b', 'a', 's', 'i', 'l', 'i', 'c', 'a', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "basilm.co", true */ 'b', 'a', 's', 'i', 'l', 'm', '.', 'c', 'o', '\0',
+  /* "basketball-brannenburg.de", true */ 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '-', 'b', 'r', 'a', 'n', 'n', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "basketsbymaurice.com", true */ 'b', 'a', 's', 'k', 'e', 't', 's', 'b', 'y', 'm', 'a', 'u', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "baskettemple.com", true */ 'b', 'a', 's', 'k', 'e', 't', 't', 'e', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "basnieuwenhuizen.nl", true */ 'b', 'a', 's', 'n', 'i', 'e', 'u', 'w', 'e', 'n', 'h', 'u', 'i', 'z', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "basnoslovno.com.ua", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "basnoslovno.ru", true */ 'b', 'a', 's', 'n', 'o', 's', 'l', 'o', 'v', 'n', 'o', '.', 'r', 'u', '\0',
+  /* "bass-pro.ru", true */ 'b', 'a', 's', 's', '-', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "bassblog.net", true */ 'b', 'a', 's', 's', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "bassment.ph", true */ 'b', 'a', 's', 's', 'm', 'e', 'n', 't', '.', 'p', 'h', '\0',
+  /* "bastelzauberwelt.de", true */ 'b', 'a', 's', 't', 'e', 'l', 'z', 'a', 'u', 'b', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "bastianstalder.ch", true */ 'b', 'a', 's', 't', 'i', 'a', 'n', 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "bastiv.com", true */ 'b', 'a', 's', 't', 'i', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "bastivmobile.com", true */ 'b', 'a', 's', 't', 'i', 'v', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bastolino.de", true */ 'b', 'a', 's', 't', 'o', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "basyspro.net", true */ 'b', 'a', 's', 'y', 's', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "bat909.com", true */ 'b', 'a', 't', '9', '0', '9', '.', 'c', 'o', 'm', '\0',
+  /* "batcave.tech", true */ 'b', 'a', 't', 'c', 'a', 'v', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "bati-alu.fr", true */ 'b', 'a', 't', 'i', '-', 'a', 'l', 'u', '.', 'f', 'r', '\0',
+  /* "batiburrillo.net", true */ 'b', 'a', 't', 'i', 'b', 'u', 'r', 'r', 'i', 'l', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "batipresta.ch", true */ 'b', 'a', 't', 'i', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'h', '\0',
+  /* "batistareisfloresonline.com.br", true */ 'b', 'a', 't', 'i', 's', 't', 'a', 'r', 'e', 'i', 's', 'f', 'l', 'o', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "batlab.ch", true */ 'b', 'a', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0',
+  /* "batolis.com", true */ 'b', 'a', 't', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "batonger.com", true */ 'b', 'a', 't', 'o', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "batook.org", true */ 'b', 'a', 't', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "batschu.de", true */ 'b', 'a', 't', 's', 'c', 'h', 'u', '.', 'd', 'e', '\0',
+  /* "batten.eu.org", true */ 'b', 'a', 't', 't', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "batteryservice.ru", false */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "batterystaple.pw", true */ 'b', 'a', 't', 't', 'e', 'r', 'y', 's', 't', 'a', 'p', 'l', 'e', '.', 'p', 'w', '\0',
+  /* "battle-game.com", true */ 'b', 'a', 't', 't', 'l', 'e', '-', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "battleboxx.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'b', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "battleofthegridiron.com", true */ 'b', 'a', 't', 't', 'l', 'e', 'o', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', 'i', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "baugeldspezi.de", true */ 'b', 'a', 'u', 'g', 'e', 'l', 'd', 's', 'p', 'e', 'z', 'i', '.', 'd', 'e', '\0',
+  /* "baugemeinschaftbernstein.de", true */ 'b', 'a', 'u', 'g', 'e', 'm', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'f', 't', 'b', 'e', 'r', 'n', 's', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "baumannfabrice.com", true */ 'b', 'a', 'u', 'm', 'a', 'n', 'n', 'f', 'a', 'b', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bausep.de", true */ 'b', 'a', 'u', 's', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "baustils.com", true */ 'b', 'a', 'u', 's', 't', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bauthier-occasions.be", true */ 'b', 'a', 'u', 't', 'h', 'i', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "bautied.de", true */ 'b', 'a', 'u', 't', 'i', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "bauunternehmen-herr.de", true */ 'b', 'a', 'u', 'u', 'n', 't', 'e', 'r', 'n', 'e', 'h', 'm', 'e', 'n', '-', 'h', 'e', 'r', 'r', '.', 'd', 'e', '\0',
+  /* "bayareaenergyevents.com", true */ 'b', 'a', 'y', 'a', 'r', 'e', 'a', 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baychimo.com", true */ 'b', 'a', 'y', 'c', 'h', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bayden.com", true */ 'b', 'a', 'y', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayer-stefan.com", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayer-stefan.de", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "bayer-stefan.eu", true */ 'b', 'a', 'y', 'e', 'r', '-', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "bayerhazard.de", true */ 'b', 'a', 'y', 'e', 'r', 'h', 'a', 'z', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "bayerstefan.com", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bayerstefan.de", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "bayerstefan.eu", true */ 'b', 'a', 'y', 'e', 'r', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "bayherbalist.com", true */ 'b', 'a', 'y', 'h', 'e', 'r', 'b', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bayinstruments.com", true */ 'b', 'a', 'y', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "baymard.com", true */ 'b', 'a', 'y', 'm', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bayrisch-fuer-anfaenger.de", true */ 'b', 'a', 'y', 'r', 'i', 's', 'c', 'h', '-', 'f', 'u', 'e', 'r', '-', 'a', 'n', 'f', 'a', 'e', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "baywatch.io", true */ 'b', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "bazaarcompass.com", true */ 'b', 'a', 'z', 'a', 'a', 'r', 'c', 'o', 'm', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bazdell.com", false */ 'b', 'a', 'z', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bazos.at", true */ 'b', 'a', 'z', 'o', 's', '.', 'a', 't', '\0',
+  /* "bazos.cz", true */ 'b', 'a', 'z', 'o', 's', '.', 'c', 'z', '\0',
+  /* "bazos.sk", true */ 'b', 'a', 'z', 'o', 's', '.', 's', 'k', '\0',
+  /* "bazziergraphik.com", true */ 'b', 'a', 'z', 'z', 'i', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bb37roma.it", true */ 'b', 'b', '3', '7', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "bbcastles.com", true */ 'b', 'b', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bbgeschenke.ch", true */ 'b', 'b', 'g', 'e', 's', 'c', 'h', 'e', 'n', 'k', 'e', '.', 'c', 'h', '\0',
+  /* "bbimarketing.com", true */ 'b', 'b', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bbkworldwide.jp", true */ 'b', 'b', 'k', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "bblove.me", true */ 'b', 'b', 'l', 'o', 'v', 'e', '.', 'm', 'e', '\0',
+  /* "bblsa.ch", true */ 'b', 'b', 'l', 's', 'a', '.', 'c', 'h', '\0',
+  /* "bbw-wrestling.com", true */ 'b', 'b', 'w', '-', 'w', 'r', 'e', 's', 't', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bbw.dating", true */ 'b', 'b', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bbwcs.co.uk", true */ 'b', 'b', 'w', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bbwf.de", true */ 'b', 'b', 'w', 'f', '.', 'd', 'e', '\0',
+  /* "bbwfacesitting.us", true */ 'b', 'b', 'w', 'f', 'a', 'c', 'e', 's', 'i', 't', 't', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "bc-bd.org", true */ 'b', 'c', '-', 'b', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bc-diffusion.com", true */ 'b', 'c', '-', 'd', 'i', 'f', 'f', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bcbulle.ch", true */ 'b', 'c', 'b', 'u', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "bcdonadio.com", true */ 'b', 'c', 'd', 'o', 'n', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bceventhire.co.uk", true */ 'b', 'c', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bch7al.ma", true */ 'b', 'c', 'h', '7', 'a', 'l', '.', 'm', 'a', '\0',
+  /* "bck.me", true */ 'b', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "bclogandtimberbuilders.com", true */ 'b', 'c', 'l', 'o', 'g', 'a', 'n', 'd', 't', 'i', 'm', 'b', 'e', 'r', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bclrk.us", true */ 'b', 'c', 'l', 'r', 'k', '.', 'u', 's', '\0',
+  /* "bcmainland.ca", true */ 'b', 'c', 'm', 'a', 'i', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'a', '\0',
+  /* "bcmguide.com", true */ 'b', 'c', 'm', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bcmhire.co.uk", true */ 'b', 'c', 'm', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bcmlu.org", true */ 'b', 'c', 'm', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "bcnet.com.hk", true */ 'b', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "bcpc-ccgpfcheminots.com", true */ 'b', 'c', 'p', 'c', '-', 'c', 'c', 'g', 'p', 'f', 'c', 'h', 'e', 'm', 'i', 'n', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bcrook.com", false */ 'b', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bcswampcabins.com", true */ 'b', 'c', 's', 'w', 'a', 'm', 'p', 'c', 'a', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bda-boulevarddesairs.com", true */ 'b', 'd', 'a', '-', 'b', 'o', 'u', 'l', 'e', 'v', 'a', 'r', 'd', 'd', 'e', 's', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bdd.fi", true */ 'b', 'd', 'd', '.', 'f', 'i', '\0',
+  /* "bdenzer.com", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bdenzer.xyz", true */ 'b', 'd', 'e', 'n', 'z', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "bdikaros-network.net", true */ 'b', 'd', 'i', 'k', 'a', 'r', 'o', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "be-ka-tec.de", true */ 'b', 'e', '-', 'k', 'a', '-', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "be-webdesign.com", true */ 'b', 'e', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "be.search.yahoo.com", false */ 'b', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "be2cloud.de", true */ 'b', 'e', '2', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "beacinsight.com", true */ 'b', 'e', 'a', 'c', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beadare.com", true */ 'b', 'e', 'a', 'd', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beagreenbean.co.uk", true */ 'b', 'e', 'a', 'g', 'r', 'e', 'e', 'n', 'b', 'e', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beanjuice.me", true */ 'b', 'e', 'a', 'n', 'j', 'u', 'i', 'c', 'e', '.', 'm', 'e', '\0',
+  /* "beans-one.com", false */ 'b', 'e', 'a', 'n', 's', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beanworks.ca", true */ 'b', 'e', 'a', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'a', '\0',
+  /* "bearcosports.com.br", true */ 'b', 'e', 'a', 'r', 'c', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bearded.sexy", true */ 'b', 'e', 'a', 'r', 'd', 'e', 'd', '.', 's', 'e', 'x', 'y', '\0',
+  /* "bearingworks.com", true */ 'b', 'e', 'a', 'r', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beastowner.li", true */ 'b', 'e', 'a', 's', 't', 'o', 'w', 'n', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "beatnikbreaks.com", true */ 'b', 'e', 'a', 't', 'n', 'i', 'k', 'b', 'r', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beatrizaebischer.ch", true */ 'b', 'e', 'a', 't', 'r', 'i', 'z', 'a', 'e', 'b', 'i', 's', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "beaute-eternelle.ch", true */ 'b', 'e', 'a', 'u', 't', 'e', '-', 'e', 't', 'e', 'r', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "beauty-italy.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', '-', 'i', 't', 'a', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "beauty24.de", true */ 'b', 'e', 'a', 'u', 't', 'y', '2', '4', '.', 'd', 'e', '\0',
+  /* "beautybear.dk", true */ 'b', 'e', 'a', 'u', 't', 'y', 'b', 'e', 'a', 'r', '.', 'd', 'k', '\0',
+  /* "beautyevent.fr", true */ 'b', 'e', 'a', 'u', 't', 'y', 'e', 'v', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "beautykat.ru", true */ 'b', 'e', 'a', 'u', 't', 'y', 'k', 'a', 't', '.', 'r', 'u', '\0',
+  /* "bebef.de", true */ 'b', 'e', 'b', 'e', 'f', '.', 'd', 'e', '\0',
+  /* "bebefofuxo.com.br", true */ 'b', 'e', 'b', 'e', 'f', 'o', 'f', 'u', 'x', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bebes.uno", true */ 'b', 'e', 'b', 'e', 's', '.', 'u', 'n', 'o', '\0',
+  /* "bebetrotteur.com", true */ 'b', 'e', 'b', 'e', 't', 'r', 'o', 't', 't', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beccajoshwedding.com", true */ 'b', 'e', 'c', 'c', 'a', 'j', 'o', 's', 'h', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "beckenhamcastles.co.uk", true */ 'b', 'e', 'c', 'k', 'e', 'n', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beckerantiques.com", false */ 'b', 'e', 'c', 'k', 'e', 'r', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "becoast.fr", true */ 'b', 'e', 'c', 'o', 'a', 's', 't', '.', 'f', 'r', '\0',
+  /* "becs.ch", true */ 'b', 'e', 'c', 's', '.', 'c', 'h', '\0',
+  /* "becubed.co", true */ 'b', 'e', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', '\0',
+  /* "bedamedia.com", true */ 'b', 'e', 'd', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bedandbreakfast.dk", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', '.', 'd', 'k', '\0',
+  /* "bedandbreakfasteuropa.com", true */ 'b', 'e', 'd', 'a', 'n', 'd', 'b', 'r', 'e', 'a', 'k', 'f', 'a', 's', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bedfordnissanparts.com", true */ 'b', 'e', 'd', 'f', 'o', 'r', 'd', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bedlingtonterrier.com.br", true */ 'b', 'e', 'd', 'l', 'i', 'n', 'g', 't', 'o', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bedouille.com", true */ 'b', 'e', 'd', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bedrocklinux.org", true */ 'b', 'e', 'd', 'r', 'o', 'c', 'k', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "bee-line.org.uk", true */ 'b', 'e', 'e', '-', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "bee.clothing", true */ 'b', 'e', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "bee.supply", true */ 'b', 'e', 'e', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "bee.tools", true */ 'b', 'e', 'e', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beehive.govt.nz", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "beehive42.com", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'c', 'o', 'm', '\0',
+  /* "beehive42.eu", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'e', 'u', '\0',
+  /* "beehive42.net", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "beehive42.nl", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'n', 'l', '\0',
+  /* "beehive42.org", true */ 'b', 'e', 'e', 'h', 'i', 'v', 'e', '4', '2', '.', 'o', 'r', 'g', '\0',
+  /* "beehosting.pro", true */ 'b', 'e', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'p', 'r', 'o', '\0',
+  /* "beekbier.nl", true */ 'b', 'e', 'e', 'k', 'b', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "beekeeper.blog", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "beekeeper.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "beekeeper.supplies", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '\0',
+  /* "beekeeper.supply", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "beekeeper.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'e', 'r', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beekeeping.clothing", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "beekeeping.tools", true */ 'b', 'e', 'e', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "beeksnetwork.nl", true */ 'b', 'e', 'e', 'k', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "beelen.fr", true */ 'b', 'e', 'e', 'l', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "beercandle.com", true */ 'b', 'e', 'e', 'r', 'c', 'a', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beergazetteer.com", true */ 'b', 'e', 'e', 'r', 'g', 'a', 'z', 'e', 't', 't', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beerians.com", true */ 'b', 'e', 'e', 'r', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beermedlar.com", true */ 'b', 'e', 'e', 'r', 'm', 'e', 'd', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beerradar.no", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'o', '\0',
+  /* "beerradar.party", true */ 'b', 'e', 'e', 'r', 'r', 'a', 'd', 'a', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "beersandco.ch", true */ 'b', 'e', 'e', 'r', 's', 'a', 'n', 'd', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "beersconf.com", true */ 'b', 'e', 'e', 'r', 's', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "beeswax-orgone.com", true */ 'b', 'e', 'e', 's', 'w', 'a', 'x', '-', 'o', 'r', 'g', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beetgroup.id", true */ 'b', 'e', 'e', 't', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'd', '\0',
+  /* "beethoveninlove.com", true */ 'b', 'e', 'e', 't', 'h', 'o', 'v', 'e', 'n', 'i', 'n', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beetman.net", true */ 'b', 'e', 'e', 't', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "beeutifulparties.co.uk", true */ 'b', 'e', 'e', 'u', 't', 'i', 'f', 'u', 'l', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beexfit.com", true */ 'b', 'e', 'e', 'x', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beezkneezcastles.co.uk", true */ 'b', 'e', 'e', 'z', 'k', 'n', 'e', 'e', 'z', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beeznest.com", true */ 'b', 'e', 'e', 'z', 'n', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "befoodsafe.gov", true */ 'b', 'e', 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "beforesunrise.de", true */ 'b', 'e', 'f', 'o', 'r', 'e', 's', 'u', 'n', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "beframed.ch", true */ 'b', 'e', 'f', 'r', 'a', 'm', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "befundonline.de", true */ 'b', 'e', 'f', 'u', 'n', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "begabungsfoerderung.info", true */ 'b', 'e', 'g', 'a', 'b', 'u', 'n', 'g', 's', 'f', 'o', 'e', 'r', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "begbie.com", true */ 'b', 'e', 'g', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beginner.nl", true */ 'b', 'e', 'g', 'i', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "behamzdarma.cz", true */ 'b', 'e', 'h', 'a', 'm', 'z', 'd', 'a', 'r', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "behoerden-online-dienste.de", true */ 'b', 'e', 'h', 'o', 'e', 'r', 'd', 'e', 'n', '-', 'o', 'n', 'l', 'i', 'n', 'e', '-', 'd', 'i', 'e', 'n', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "beichtgenerator.de", false */ 'b', 'e', 'i', 'c', 'h', 't', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "beijing.dating", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "beijinglug.club", true */ 'b', 'e', 'i', 'j', 'i', 'n', 'g', 'l', 'u', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "beinad.com", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "beinad.ru", true */ 'b', 'e', 'i', 'n', 'a', 'd', '.', 'r', 'u', '\0',
+  /* "beingmad.org", true */ 'b', 'e', 'i', 'n', 'g', 'm', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "belacapa.com.br", true */ 'b', 'e', 'l', 'a', 'c', 'a', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "belanglos.de", true */ 'b', 'e', 'l', 'a', 'n', 'g', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "belani.eu", true */ 'b', 'e', 'l', 'a', 'n', 'i', '.', 'e', 'u', '\0',
+  /* "belarto.be", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'b', 'e', '\0',
+  /* "belarto.de", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'd', 'e', '\0',
+  /* "belarto.es", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'e', 's', '\0',
+  /* "belarto.fr", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'f', 'r', '\0',
+  /* "belarto.it", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'i', 't', '\0',
+  /* "belarto.nl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'n', 'l', '\0',
+  /* "belarto.pl", true */ 'b', 'e', 'l', 'a', 'r', 't', 'o', '.', 'p', 'l', '\0',
+  /* "belastingdienst-in-beeld.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'd', 'i', 'e', 'n', 's', 't', '-', 'i', 'n', '-', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "belastingmiddeling.nl", true */ 'b', 'e', 'l', 'a', 's', 't', 'i', 'n', 'g', 'm', 'i', 'd', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "belcompany.nl", false */ 'b', 'e', 'l', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'l', '\0',
+  /* "belegit.org", true */ 'b', 'e', 'l', 'e', 'g', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "belfastbounce.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "belfastlocks.com", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belfasttechservices.co.uk", true */ 'b', 'e', 'l', 'f', 'a', 's', 't', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "belge.rs", true */ 'b', 'e', 'l', 'g', 'e', '.', 'r', 's', '\0',
+  /* "belgers.com", true */ 'b', 'e', 'l', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belhopro.be", true */ 'b', 'e', 'l', 'h', 'o', 'p', 'r', 'o', '.', 'b', 'e', '\0',
+  /* "belics.com", true */ 'b', 'e', 'l', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belien-tweedehandswagens.be", true */ 'b', 'e', 'l', 'i', 'e', 'n', '-', 't', 'w', 'e', 'e', 'd', 'e', 'h', 'a', 'n', 'd', 's', 'w', 'a', 'g', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "believablebook.com", false */ 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bella.network", true */ 'b', 'e', 'l', 'l', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "belloy.ch", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'c', 'h', '\0',
+  /* "belloy.net", true */ 'b', 'e', 'l', 'l', 'o', 'y', '.', 'n', 'e', 't', '\0',
+  /* "belly-button-piercings.com", true */ 'b', 'e', 'l', 'l', 'y', '-', 'b', 'u', 't', 't', 'o', 'n', '-', 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "belmontgoessolar.org", true */ 'b', 'e', 'l', 'm', 'o', 'n', 't', 'g', 'o', 'e', 's', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "belt.black", true */ 'b', 'e', 'l', 't', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "belua.com", true */ 'b', 'e', 'l', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "belvoirbouncycastles.co.uk", true */ 'b', 'e', 'l', 'v', 'o', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bely-mishka.by", true */ 'b', 'e', 'l', 'y', '-', 'm', 'i', 's', 'h', 'k', 'a', '.', 'b', 'y', '\0',
+  /* "belyvly.com", true */ 'b', 'e', 'l', 'y', 'v', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bemsoft.pl", true */ 'b', 'e', 'm', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "bemvindoaolar.com.br", true */ 'b', 'e', 'm', 'v', 'i', 'n', 'd', 'o', 'a', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ben-energy.com", false */ 'b', 'e', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ben-stock.de", true */ 'b', 'e', 'n', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ben.ninja", true */ 'b', 'e', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ben2.co.il", true */ 'b', 'e', 'n', '2', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "benabrams.it", true */ 'b', 'e', 'n', 'a', 'b', 'r', 'a', 'm', 's', '.', 'i', 't', '\0',
+  /* "benary.org", true */ 'b', 'e', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "benbozsa.ca", true */ 'b', 'e', 'n', 'b', 'o', 'z', 's', 'a', '.', 'c', 'a', '\0',
+  /* "benburwell.com", true */ 'b', 'e', 'n', 'b', 'u', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "benchcast.com", true */ 'b', 'e', 'n', 'c', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "benchling.com", true */ 'b', 'e', 'n', 'c', 'h', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "benchmarkmonument.com", true */ 'b', 'e', 'n', 'c', 'h', 'm', 'a', 'r', 'k', 'm', 'o', 'n', 'u', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bencorby.com", true */ 'b', 'e', 'n', 'c', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bendemaree.com", true */ 'b', 'e', 'n', 'd', 'e', 'm', 'a', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bendigoland.com.au", true */ 'b', 'e', 'n', 'd', 'i', 'g', 'o', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bendingtheending.com", true */ 'b', 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bendix.co", true */ 'b', 'e', 'n', 'd', 'i', 'x', '.', 'c', 'o', '\0',
+  /* "beneathvt.com", true */ 'b', 'e', 'n', 'e', 'a', 't', 'h', 'v', 't', '.', 'c', 'o', 'm', '\0',
+  /* "benediktdichgans.de", true */ 'b', 'e', 'n', 'e', 'd', 'i', 'k', 't', 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "benepiscinas.com.br", true */ 'b', 'e', 'n', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "beneri.se", true */ 'b', 'e', 'n', 'e', 'r', 'i', '.', 's', 'e', '\0',
+  /* "benevita.bio", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'b', 'i', 'o', '\0',
+  /* "benevita.life", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "benevita.live", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "benevita.organic", true */ 'b', 'e', 'n', 'e', 'v', 'i', 't', 'a', '.', 'o', 'r', 'g', 'a', 'n', 'i', 'c', '\0',
+  /* "benfairclough.com", true */ 'b', 'e', 'n', 'f', 'a', 'i', 'r', 'c', 'l', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bengalurugifts.com", true */ 'b', 'e', 'n', 'g', 'a', 'l', 'u', 'r', 'u', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "benhaney.com", true */ 'b', 'e', 'n', 'h', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "benhartmann.de", true */ 'b', 'e', 'n', 'h', 'a', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "benhavenarchives.org", true */ 'b', 'e', 'n', 'h', 'a', 'v', 'e', 'n', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "benjamin.pe", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', '.', 'p', 'e', '\0',
+  /* "benjaminblack.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'b', 'l', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "benjamindietrich.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "benjamindietrich.de", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "benjaminjurke.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "benjaminjurke.net", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'j', 'u', 'r', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "benjaminpiquet.fr", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 'p', 'i', 'q', 'u', 'e', 't', '.', 'f', 'r', '\0',
+  /* "benjamins.com", true */ 'b', 'e', 'n', 'j', 'a', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "benleemd.com", true */ 'b', 'e', 'n', 'l', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "benmatthews.com.au", true */ 'b', 'e', 'n', 'm', 'a', 't', 't', 'h', 'e', 'w', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "benmillett.us", false */ 'b', 'e', 'n', 'm', 'i', 'l', 'l', 'e', 't', 't', '.', 'u', 's', '\0',
+  /* "bennettsbouncycastlehire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bennettshire.co.uk", true */ 'b', 'e', 'n', 'n', 'e', 't', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "benni1.eu", true */ 'b', 'e', 'n', 'n', 'i', '1', '.', 'e', 'u', '\0',
+  /* "bennierobinson.com", true */ 'b', 'e', 'n', 'n', 'i', 'e', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bennink.me", true */ 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'm', 'e', '\0',
+  /* "benno.frl", true */ 'b', 'e', 'n', 'n', 'o', '.', 'f', 'r', 'l', '\0',
+  /* "bennygommers.nl", true */ 'b', 'e', 'n', 'n', 'y', 'g', 'o', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "bennythink.com", true */ 'b', 'e', 'n', 'n', 'y', 't', 'h', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bensbouncycastles.co.uk", true */ 'b', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "benschnarr.com", true */ 'b', 'e', 'n', 's', 'c', 'h', 'n', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "benscobie.com", true */ 'b', 'e', 'n', 's', 'c', 'o', 'b', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bensinflatables.co.uk", true */ 'b', 'e', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bentertain.de", true */ 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "bentley.blog", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "bentley.link", true */ 'b', 'e', 'n', 't', 'l', 'e', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "bentrask.com", true */ 'b', 'e', 'n', 't', 'r', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "beoordelingen.be", true */ 'b', 'e', 'o', 'o', 'r', 'd', 'e', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "beranovi.com", true */ 'b', 'e', 'r', 'a', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "berasavocate.com", true */ 'b', 'e', 'r', 'a', 's', 'a', 'v', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "beraten-entwickeln-steuern.de", true */ 'b', 'e', 'r', 'a', 't', 'e', 'n', '-', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'e', 'l', 'n', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "berdaguermontes.eu", true */ 'b', 'e', 'r', 'd', 'a', 'g', 'u', 'e', 'r', 'm', 'o', 'n', 't', 'e', 's', '.', 'e', 'u', '\0',
+  /* "berdu.id", true */ 'b', 'e', 'r', 'd', 'u', '.', 'i', 'd', '\0',
+  /* "bergenhave.nl", true */ 'b', 'e', 'r', 'g', 'e', 'n', 'h', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "bergevoet-fa.nl", true */ 'b', 'e', 'r', 'g', 'e', 'v', 'o', 'e', 't', '-', 'f', 'a', '.', 'n', 'l', '\0',
+  /* "bergfex.at", true */ 'b', 'e', 'r', 'g', 'f', 'e', 'x', '.', 'a', 't', '\0',
+  /* "bergstoneware.com", true */ 'b', 'e', 'r', 'g', 's', 't', 'o', 'n', 'e', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "berlin-flirt.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "berlin-kohlefrei.de", true */ 'b', 'e', 'r', 'l', 'i', 'n', '-', 'k', 'o', 'h', 'l', 'e', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "berlin.dating", true */ 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bermeitinger.eu", true */ 'b', 'e', 'r', 'm', 'e', 'i', 't', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "berna.fr", true */ 'b', 'e', 'r', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "bernadetteanderes.ch", true */ 'b', 'e', 'r', 'n', 'a', 'd', 'e', 't', 't', 'e', 'a', 'n', 'd', 'e', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bernardcontainers.be", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "bernardfischer.fr", true */ 'b', 'e', 'r', 'n', 'a', 'r', 'd', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bernat.im", true */ 'b', 'e', 'r', 'n', 'a', 't', '.', 'i', 'm', '\0',
+  /* "bernd-leitner-fotodesign.com", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bernd-leitner-fotodesign.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '-', 'f', 'o', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "bernd-leitner.de", true */ 'b', 'e', 'r', 'n', 'd', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bernhard-seidenspinner.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', '-', 's', 'e', 'i', 'd', 'e', 'n', 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bernhardkau.de", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'k', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "bernhardluginbuehl.ch", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "bernhardluginbuehl.com", true */ 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "berr.yt", true */ 'b', 'e', 'r', 'r', '.', 'y', 't', '\0',
+  /* "berra.se", true */ 'b', 'e', 'r', 'r', 'a', '.', 's', 'e', '\0',
+  /* "berrus.com", true */ 'b', 'e', 'r', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "berry.cat", true */ 'b', 'e', 'r', 'r', 'y', '.', 'c', 'a', 't', '\0',
+  /* "berrypay.com", true */ 'b', 'e', 'r', 'r', 'y', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "berseb.se", true */ 'b', 'e', 'r', 's', 'e', 'b', '.', 's', 'e', '\0',
+  /* "bersierservices.ch", true */ 'b', 'e', 'r', 's', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bersotavocats.fr", true */ 'b', 'e', 'r', 's', 'o', 't', 'a', 'v', 'o', 'c', 'a', 't', 's', '.', 'f', 'r', '\0',
+  /* "berst.cz", true */ 'b', 'e', 'r', 's', 't', '.', 'c', 'z', '\0',
+  /* "berthabailey.com", true */ 'b', 'e', 'r', 't', 'h', 'a', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bertholdsson.com", true */ 'b', 'e', 'r', 't', 'h', 'o', 'l', 'd', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bertoliniodontoiatria.it", true */ 'b', 'e', 'r', 't', 'o', 'l', 'i', 'n', 'i', 'o', 'd', 'o', 'n', 't', 'o', 'i', 'a', 't', 'r', 'i', 'a', '.', 'i', 't', '\0',
+  /* "bertrand.bio", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', '.', 'b', 'i', 'o', '\0',
+  /* "bertrandkeller.info", true */ 'b', 'e', 'r', 't', 'r', 'a', 'n', 'd', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bertsmithvwparts.com", true */ 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 'h', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "beryl.net", true */ 'b', 'e', 'r', 'y', 'l', '.', 'n', 'e', 't', '\0',
+  /* "besb66.club", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "besb66.com", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "besb66.me", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'm', 'e', '\0',
+  /* "besb66.ninja", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "besb66.rocks", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "besb66.us", true */ 'b', 'e', 's', 'b', '6', '6', '.', 'u', 's', '\0',
+  /* "beschriftung-metz.de", true */ 'b', 'e', 's', 'c', 'h', 'r', 'i', 'f', 't', 'u', 'n', 'g', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "beserberg.tk", true */ 'b', 'e', 's', 'e', 'r', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0',
+  /* "bespokestraps.com", true */ 'b', 'e', 's', 'p', 'o', 'k', 'e', 's', 't', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "best-of-bounce.co.uk", true */ 'b', 'e', 's', 't', '-', 'o', 'f', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "best-wallpaper.net", true */ 'b', 'e', 's', 't', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "best-wedding-quotes.com", true */ 'b', 'e', 's', 't', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "best10websitebuilders.com", true */ 'b', 'e', 's', 't', '1', '0', 'w', 'e', 'b', 's', 'i', 't', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestbestbitcoin.com", true */ 'b', 'e', 's', 't', 'b', 'e', 's', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bestbonuses.co.uk", true */ 'b', 'e', 's', 't', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bestbrakes.com", true */ 'b', 'e', 's', 't', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestbridal.top", true */ 'b', 'e', 's', 't', 'b', 'r', 'i', 'd', 'a', 'l', '.', 't', 'o', 'p', '\0',
+  /* "bestbyte.com.br", true */ 'b', 'e', 's', 't', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bestessaycheap.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bestessayhelp.com", true */ 'b', 'e', 's', 't', 'e', 's', 's', 'a', 'y', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bestgiftever.ca", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 'e', 'v', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "bestgifts4you.com", true */ 'b', 'e', 's', 't', 'g', 'i', 'f', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "bestlashesandbrows.com", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestlashesandbrows.hu", true */ 'b', 'e', 's', 't', 'l', 'a', 's', 'h', 'e', 's', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 's', '.', 'h', 'u', '\0',
+  /* "bestleftwild.com", true */ 'b', 'e', 's', 't', 'l', 'e', 'f', 't', 'w', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bestmodels.su", true */ 'b', 'e', 's', 't', 'm', 'o', 'd', 'e', 'l', 's', '.', 's', 'u', '\0',
+  /* "bestmotherfucking.website", true */ 'b', 'e', 's', 't', 'm', 'o', 't', 'h', 'e', 'r', 'f', 'u', 'c', 'k', 'i', 'n', 'g', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "bestoliveoils.com", true */ 'b', 'e', 's', 't', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestpartyhire.com", true */ 'b', 'e', 's', 't', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bestperfumebrands.com", true */ 'b', 'e', 's', 't', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bestschools.top", true */ 'b', 'e', 's', 't', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 't', 'o', 'p', '\0',
+  /* "bestseries.tv", true */ 'b', 'e', 's', 't', 's', 'e', 'r', 'i', 'e', 's', '.', 't', 'v', '\0',
+  /* "bestwarezone.com", true */ 'b', 'e', 's', 't', 'w', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bestwebsite.gallery", true */ 'b', 'e', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "bet-99.com", true */ 'b', 'e', 't', '-', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "betamint.org", true */ 'b', 'e', 't', 'a', 'm', 'i', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "betaworx.de", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0',
+  /* "betaworx.eu", true */ 'b', 'e', 't', 'a', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0',
+  /* "betecnet.de", true */ 'b', 'e', 't', 'e', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "betformular.com", true */ 'b', 'e', 't', 'f', 'o', 'r', 'm', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "betkoo.com", true */ 'b', 'e', 't', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "betonmoney.com", true */ 'b', 'e', 't', 'o', 'n', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "betpamm.com", true */ 'b', 'e', 't', 'p', 'a', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "bets.gg", true */ 'b', 'e', 't', 's', '.', 'g', 'g', '\0',
+  /* "betseybuckheit.com", true */ 'b', 'e', 't', 's', 'e', 'y', 'b', 'u', 'c', 'k', 'h', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "betshoot.com", true */ 'b', 'e', 't', 's', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "betsonlinefree.com.au", true */ 'b', 'e', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "betsyshilling.com", true */ 'b', 'e', 't', 's', 'y', 's', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bett1.de", true */ 'b', 'e', 't', 't', '1', '.', 'd', 'e', '\0',
+  /* "better-bounce.co.uk", true */ 'b', 'e', 't', 't', 'e', 'r', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "better.fyi", true */ 'b', 'e', 't', 't', 'e', 'r', '.', 'f', 'y', 'i', '\0',
+  /* "betterbabyshop.com.au", true */ 'b', 'e', 't', 't', 'e', 'r', 'b', 'a', 'b', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bettercrypto.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "betterhelp.com", true */ 'b', 'e', 't', 't', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "betterna.me", true */ 'b', 'e', 't', 't', 'e', 'r', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "betterscience.org", true */ 'b', 'e', 't', 't', 'e', 'r', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bettertest.it", true */ 'b', 'e', 't', 't', 'e', 'r', 't', 'e', 's', 't', '.', 'i', 't', '\0',
+  /* "betterworldinternational.org", true */ 'b', 'e', 't', 't', 'e', 'r', 'w', 'o', 'r', 'l', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "bettflaschen.ch", true */ 'b', 'e', 't', 't', 'f', 'l', 'a', 's', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "bettingbusiness.ru", true */ 'b', 'e', 't', 't', 'i', 'n', 'g', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'r', 'u', '\0',
+  /* "bettolinokitchen.com", true */ 'b', 'e', 't', 't', 'o', 'l', 'i', 'n', 'o', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bettrlifeapp.com", true */ 'b', 'e', 't', 't', 'r', 'l', 'i', 'f', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "betulashop.ch", true */ 'b', 'e', 't', 'u', 'l', 'a', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "betwalker.com", true */ 'b', 'e', 't', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "beulen.email", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "beulen.link", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "beulen.pro", true */ 'b', 'e', 'u', 'l', 'e', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "bevedo.cz", true */ 'b', 'e', 'v', 'e', 'd', 'o', '.', 'c', 'z', '\0',
+  /* "beveiligingscamerawestland.nl", true */ 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', 's', 'c', 'a', 'm', 'e', 'r', 'a', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "beverlyinternational.com", false */ 'b', 'e', 'v', 'e', 'r', 'l', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bevinco2020.com", true */ 'b', 'e', 'v', 'i', 'n', 'c', 'o', '2', '0', '2', '0', '.', 'c', 'o', 'm', '\0',
+  /* "bevinsco.org", true */ 'b', 'e', 'v', 'i', 'n', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "bevnut.com", true */ 'b', 'e', 'v', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bewegungsfluss.com", true */ 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', 's', 'f', 'l', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bewerbungsfoto-deinfoto.ch", true */ 'b', 'e', 'w', 'e', 'r', 'b', 'u', 'n', 'g', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "bewertet.de", true */ 'b', 'e', 'w', 'e', 'r', 't', 'e', 't', '.', 'd', 'e', '\0',
+  /* "bewonderen.com", true */ 'b', 'e', 'w', 'o', 'n', 'd', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bexit-hosting.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "bexit-security.eu", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'e', 'u', '\0',
+  /* "bexit-security.nl", true */ 'b', 'e', 'x', 'i', 't', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "bexit.nl", true */ 'b', 'e', 'x', 'i', 't', '.', 'n', 'l', '\0',
+  /* "bexithosting.nl", true */ 'b', 'e', 'x', 'i', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "bexleycastles.co.uk", true */ 'b', 'e', 'x', 'l', 'e', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beybiz.com", true */ 'b', 'e', 'y', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "beyond-infinity.org", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "beyond-rational.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', '-', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "beyondalderaan.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'a', 'l', 'd', 'e', 'r', 'a', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "beyondbounce.co.uk", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "beyondpricing.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'p', 'r', 'i', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "beyondthecode.io", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'h', 'e', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "beyondtodaymediagroup.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'o', 'd', 'a', 'y', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "beyondtrust.com", true */ 'b', 'e', 'y', 'o', 'n', 'd', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "beyondweb.net", true */ 'b', 'e', 'y', 'o', 'n', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "beyonic.com", true */ 'b', 'e', 'y', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "beyours.be", true */ 'b', 'e', 'y', 'o', 'u', 'r', 's', '.', 'b', 'e', '\0',
+  /* "bez-energie.de", true */ 'b', 'e', 'z', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "bezemkast.nl", true */ 'b', 'e', 'z', 'e', 'm', 'k', 'a', 's', 't', '.', 'n', 'l', '\0',
+  /* "bezoomnyville.com", true */ 'b', 'e', 'z', 'o', 'o', 'm', 'n', 'y', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bezpecnostsiti.cf", true */ 'b', 'e', 'z', 'p', 'e', 'c', 'n', 'o', 's', 't', 's', 'i', 't', 'i', '.', 'c', 'f', '\0',
+  /* "bfam.tv", true */ 'b', 'f', 'a', 'm', '.', 't', 'v', '\0',
+  /* "bfi.wien", false */ 'b', 'f', 'i', '.', 'w', 'i', 'e', 'n', '\0',
+  /* "bft-media.com", true */ 'b', 'f', 't', '-', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bftbradio.com", true */ 'b', 'f', 't', 'b', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bfw-online.de", true */ 'b', 'f', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "bg-sexologia.com", true */ 'b', 'g', '-', 's', 'e', 'x', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bgdaddy.com", true */ 'b', 'g', 'd', 'a', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bgenlisted.com", true */ 'b', 'g', 'e', 'n', 'l', 'i', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bgeo.io", true */ 'b', 'g', 'e', 'o', '.', 'i', 'o', '\0',
+  /* "bgfashion.net", true */ 'b', 'g', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "bghost.xyz", true */ 'b', 'g', 'h', 'o', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "bgkoleda.bg", true */ 'b', 'g', 'k', 'o', 'l', 'e', 'd', 'a', '.', 'b', 'g', '\0',
+  /* "bglsingles.de", true */ 'b', 'g', 'l', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "bgneuesheim.de", true */ 'b', 'g', 'n', 'e', 'u', 'e', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "bgp.space", true */ 'b', 'g', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "bgr34.cz", true */ 'b', 'g', 'r', '3', '4', '.', 'c', 'z', '\0',
+  /* "bgtgames.com", true */ 'b', 'g', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bharath-g.in", true */ 'b', 'h', 'a', 'r', 'a', 't', 'h', '-', 'g', '.', 'i', 'n', '\0',
+  /* "bhodisoft.com", true */ 'b', 'h', 'o', 'd', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bhost.net", true */ 'b', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "bhtelecom.ba", true */ 'b', 'h', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'b', 'a', '\0',
+  /* "bhuntr.com", true */ 'b', 'h', 'u', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bi.search.yahoo.com", false */ 'b', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biaggeo.com", true */ 'b', 'i', 'a', 'g', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bianinapiccanovias.com", true */ 'b', 'i', 'a', 'n', 'i', 'n', 'a', 'p', 'i', 'c', 'c', 'a', 'n', 'o', 'v', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biaoqingfuhao.net", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'n', 'e', 't', '\0',
+  /* "biaoqingfuhao.org", true */ 'b', 'i', 'a', 'o', 'q', 'i', 'n', 'g', 'f', 'u', 'h', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "biasmath.es", true */ 'b', 'i', 'a', 's', 'm', 'a', 't', 'h', '.', 'e', 's', '\0',
+  /* "biathloncup.ru", true */ 'b', 'i', 'a', 't', 'h', 'l', 'o', 'n', 'c', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "bible.ru", true */ 'b', 'i', 'b', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "bibleonline.ru", true */ 'b', 'i', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0',
+  /* "bibliaon.com", true */ 'b', 'i', 'b', 'l', 'i', 'a', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "biblio.wiki", true */ 'b', 'i', 'b', 'l', 'i', 'o', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "biblioblog.fr", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'b', 'l', 'o', 'g', '.', 'f', 'r', '\0',
+  /* "bibliomarkt.ch", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'm', 'a', 'r', 'k', 't', '.', 'c', 'h', '\0',
+  /* "biblionaut.net", true */ 'b', 'i', 'b', 'l', 'i', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "bibliotekarien.se", true */ 'b', 'i', 'b', 'l', 'i', 'o', 't', 'e', 'k', 'a', 'r', 'i', 'e', 'n', '.', 's', 'e', '\0',
+  /* "biboumail.fr", true */ 'b', 'i', 'b', 'o', 'u', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "bibuch.com", true */ 'b', 'i', 'b', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bicha.net", true */ 'b', 'i', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bichines.es", true */ 'b', 'i', 'c', 'h', 'i', 'n', 'e', 's', '.', 'e', 's', '\0',
+  /* "bichonfrise.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'f', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bichonmaltes.com.br", true */ 'b', 'i', 'c', 'h', 'o', 'n', 'm', 'a', 'l', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bicranial.io", true */ 'b', 'i', 'c', 'r', 'a', 'n', 'i', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "bicycle-events.com", true */ 'b', 'i', 'c', 'y', 'c', 'l', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biddl.com", true */ 'b', 'i', 'd', 'd', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bidorbuy.co.ke", true */ 'b', 'i', 'd', 'o', 'r', 'b', 'u', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "biegner-technik.de", true */ 'b', 'i', 'e', 'g', 'n', 'e', 'r', '-', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "bien-etre-sante.info", true */ 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bienici.com", true */ 'b', 'i', 'e', 'n', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bienoubien.org", true */ 'b', 'i', 'e', 'n', 'o', 'u', 'b', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "biensenvue.com", true */ 'b', 'i', 'e', 'n', 's', 'e', 'n', 'v', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bier.jp", true */ 'b', 'i', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "bierbaumer.net", true */ 'b', 'i', 'e', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "biergaizi.info", true */ 'b', 'i', 'e', 'r', 'g', 'a', 'i', 'z', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bierochs.org", true */ 'b', 'i', 'e', 'r', 'o', 'c', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bieser.ch", true */ 'b', 'i', 'e', 's', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "biester.pro", true */ 'b', 'i', 'e', 's', 't', 'e', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "big-andy.co.uk", true */ 'b', 'i', 'g', '-', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "big-bounce.co.uk", true */ 'b', 'i', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "big-fluglaerm-hamburg.de", true */ 'b', 'i', 'g', '-', 'f', 'l', 'u', 'g', 'l', 'a', 'e', 'r', 'm', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "bigbluedoor.net", true */ 'b', 'i', 'g', 'b', 'l', 'u', 'e', 'd', 'o', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bigbouncebouncycastles.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bigbouncetheory.co.uk", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bigbounceuk.com", true */ 'b', 'i', 'g', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bigclassaction.com", true */ 'b', 'i', 'g', 'c', 'l', 'a', 's', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bigcorporateevents.com", true */ 'b', 'i', 'g', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bigdinosaur.org", true */ 'b', 'i', 'g', 'd', 'i', 'n', 'o', 's', 'a', 'u', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "bigfunbouncycastles.com", true */ 'b', 'i', 'g', 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biggreenexchange.com", true */ 'b', 'i', 'g', 'g', 'r', 'e', 'e', 'n', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bight.ca", true */ 'b', 'i', 'g', 'h', 't', '.', 'c', 'a', '\0',
+  /* "bigio.com.br", true */ 'b', 'i', 'g', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "biglagoonrentals.com", true */ 'b', 'i', 'g', 'l', 'a', 'g', 'o', 'o', 'n', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bigsisterchannel.com", true */ 'b', 'i', 'g', 's', 'i', 's', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bigskymontanalandforsale.com", true */ 'b', 'i', 'g', 's', 'k', 'y', 'm', 'o', 'n', 't', 'a', 'n', 'a', 'l', 'a', 'n', 'd', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biilo.com", true */ 'b', 'i', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bijoux.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bijouxbrasil.com.br", true */ 'b', 'i', 'j', 'o', 'u', 'x', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bijuteriicualint.ro", true */ 'b', 'i', 'j', 'u', 't', 'e', 'r', 'i', 'i', 'c', 'u', 'a', 'l', 'i', 'n', 't', '.', 'r', 'o', '\0',
+  /* "bike-discount.de", true */ 'b', 'i', 'k', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'd', 'e', '\0',
+  /* "bike-kurse.ch", true */ 'b', 'i', 'k', 'e', '-', 'k', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0',
+  /* "bike-shack.com", true */ 'b', 'i', 'k', 'e', '-', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bikebay.it", true */ 'b', 'i', 'k', 'e', 'b', 'a', 'y', '.', 'i', 't', '\0',
+  /* "bikehistory.org", true */ 'b', 'i', 'k', 'e', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "bikelifetvkidsquads.co.uk", true */ 'b', 'i', 'k', 'e', 'l', 'i', 'f', 'e', 't', 'v', 'k', 'i', 'd', 's', 'q', 'u', 'a', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "biker.dating", true */ 'b', 'i', 'k', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "bikerebel.com", true */ 'b', 'i', 'k', 'e', 'r', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bikeshopitalia.com", true */ 'b', 'i', 'k', 'e', 's', 'h', 'o', 'p', 'i', 't', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bikiniseli.com", true */ 'b', 'i', 'k', 'i', 'n', 'i', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bikkelbroeders.com", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bikkelbroeders.nl", false */ 'b', 'i', 'k', 'k', 'e', 'l', 'b', 'r', 'o', 'e', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "bilalic.com", true */ 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bilalkilic.de", true */ 'b', 'i', 'l', 'a', 'l', 'k', 'i', 'l', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "bilbayt.com", true */ 'b', 'i', 'l', 'b', 'a', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bilder-designs.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', '-', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0',
+  /* "bildermachr.de", true */ 'b', 'i', 'l', 'd', 'e', 'r', 'm', 'a', 'c', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "bildschirmflackern.de", true */ 'b', 'i', 'l', 'd', 's', 'c', 'h', 'i', 'r', 'm', 'f', 'l', 'a', 'c', 'k', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "biletru.net", true */ 'b', 'i', 'l', 'e', 't', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "bilgo.com", true */ 'b', 'i', 'l', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bilimoe.com", true */ 'b', 'i', 'l', 'i', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bilke.org", true */ 'b', 'i', 'l', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "billaud.eu.org", true */ 'b', 'i', 'l', 'l', 'a', 'u', 'd', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "billdestler.com", true */ 'b', 'i', 'l', 'l', 'd', 'e', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "billgoldstein.name", true */ 'b', 'i', 'l', 'l', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "billiger-mietwagen.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '-', 'm', 'i', 'e', 't', 'w', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "billigerfinder.de", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "billigpoker.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 'p', 'o', 'k', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "billigssl.dk", true */ 'b', 'i', 'l', 'l', 'i', 'g', 's', 's', 'l', '.', 'd', 'k', '\0',
+  /* "billionairemailinglist.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 'm', 'a', 'i', 'l', 'i', 'n', 'g', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "billionkiaparts.com", true */ 'b', 'i', 'l', 'l', 'i', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "billogram.com", true */ 'b', 'i', 'l', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "billpro.com", false */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "billpro.com.au", true */ 'b', 'i', 'l', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "billrhodesbakery.com", true */ 'b', 'i', 'l', 'l', 'r', 'h', 'o', 'd', 'e', 's', 'b', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "billrobinson.io", true */ 'b', 'i', 'l', 'l', 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "billy.pictures", true */ 'b', 'i', 'l', 'l', 'y', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "billyoh.com", true */ 'b', 'i', 'l', 'l', 'y', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "billysbouncycastlehire.co.uk", true */ 'b', 'i', 'l', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bilsho.com", true */ 'b', 'i', 'l', 's', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biltullen.com", true */ 'b', 'i', 'l', 't', 'u', 'l', 'l', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bimmerlabs.com", true */ 'b', 'i', 'm', 'm', 'e', 'r', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bin95.com", true */ 'b', 'i', 'n', '9', '5', '.', 'c', 'o', 'm', '\0',
+  /* "bina.az", true */ 'b', 'i', 'n', 'a', '.', 'a', 'z', '\0',
+  /* "binarization.com", true */ 'b', 'i', 'n', 'a', 'r', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "binaryabstraction.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "binaryapparatus.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'a', 'r', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "binaryappdev.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'a', 'p', 'p', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "binaryevolved.com", true */ 'b', 'i', 'n', 'a', 'r', 'y', 'e', 'v', 'o', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "binarystud.io", true */ 'b', 'i', 'n', 'a', 'r', 'y', 's', 't', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "binding-problem.com", true */ 'b', 'i', 'n', 'd', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'b', 'l', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "binfind.com", true */ 'b', 'i', 'n', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bing.com", true */ 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bingcheung.org", true */ 'b', 'i', 'n', 'g', 'c', 'h', 'e', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "bingo-wear.com", true */ 'b', 'i', 'n', 'g', 'o', '-', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bingobank.org", true */ 'b', 'i', 'n', 'g', 'o', 'b', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bingofriends.com", true */ 'b', 'i', 'n', 'g', 'o', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bingostars.com", true */ 'b', 'i', 'n', 'g', 'o', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "binhex.net", true */ 'b', 'i', 'n', 'h', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "binkconsulting.be", true */ 'b', 'i', 'n', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "binti.com", true */ 'b', 'i', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bio-disinfestazione.it", true */ 'b', 'i', 'o', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "biobuttons.ch", true */ 'b', 'i', 'o', 'b', 'u', 't', 't', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "biocrafting.net", true */ 'b', 'i', 'o', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "biodiagnostiki.clinic", true */ 'b', 'i', 'o', 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'k', 'i', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "biodieseldata.com", true */ 'b', 'i', 'o', 'd', 'i', 'e', 's', 'e', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bioemsan.cz", true */ 'b', 'i', 'o', 'e', 'm', 's', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "bioetco.ch", true */ 'b', 'i', 'o', 'e', 't', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "biogecho.ch", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 'c', 'h', '\0',
+  /* "biogecho.swiss", true */ 'b', 'i', 'o', 'g', 'e', 'c', 'h', 'o', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "biogeniq.ca", true */ 'b', 'i', 'o', 'g', 'e', 'n', 'i', 'q', '.', 'c', 'a', '\0',
+  /* "biohappiness.com", true */ 'b', 'i', 'o', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bioharmony.ca", true */ 'b', 'i', 'o', 'h', 'a', 'r', 'm', 'o', 'n', 'y', '.', 'c', 'a', '\0',
+  /* "biointelligence-explosion.com", true */ 'b', 'i', 'o', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bioligo.ch", true */ 'b', 'i', 'o', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "biolindo.com", false */ 'b', 'i', 'o', 'l', 'i', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "biologis.ch", true */ 'b', 'i', 'o', 'l', 'o', 'g', 'i', 's', '.', 'c', 'h', '\0',
+  /* "biomax-mep.com.br", true */ 'b', 'i', 'o', 'm', 'a', 'x', '-', 'm', 'e', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "biometrics.es", true */ 'b', 'i', 'o', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'e', 's', '\0',
+  /* "biomodra.cz", true */ 'b', 'i', 'o', 'm', 'o', 'd', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "biopreferred.gov", true */ 'b', 'i', 'o', 'p', 'r', 'e', 'f', 'e', 'r', 'r', 'e', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "biopsychiatry.com", true */ 'b', 'i', 'o', 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "biosafe.ch", true */ 'b', 'i', 'o', 's', 'a', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "biosbits.org", true */ 'b', 'i', 'o', 's', 'b', 'i', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bioshine.com.sg", true */ 'b', 'i', 'o', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "bioshome.de", true */ 'b', 'i', 'o', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "biosignalanalytics.com", true */ 'b', 'i', 'o', 's', 'i', 'g', 'n', 'a', 'l', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "biospeak.solutions", true */ 'b', 'i', 'o', 's', 'p', 'e', 'a', 'k', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "biosphere.cc", true */ 'b', 'i', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'c', '\0',
+  /* "biotechware.com", true */ 'b', 'i', 'o', 't', 'e', 'c', 'h', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biou.me", true */ 'b', 'i', 'o', 'u', '.', 'm', 'e', '\0',
+  /* "biovalue.eu", true */ 'b', 'i', 'o', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "bipyo.com", true */ 'b', 'i', 'p', 'y', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "birbaumer.li", true */ 'b', 'i', 'r', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "birchbarkfurniture.ch", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "birchbarkfurniture.com", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "birchbarkfurniture.fr", true */ 'b', 'i', 'r', 'c', 'h', 'b', 'a', 'r', 'k', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "birdbrowser.com", true */ 'b', 'i', 'r', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "birdfeeder.online", true */ 'b', 'i', 'r', 'd', 'f', 'e', 'e', 'd', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "birdiehosting.nl", true */ 'b', 'i', 'r', 'd', 'i', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "birdymanbestreviews.com", true */ 'b', 'i', 'r', 'd', 'y', 'm', 'a', 'n', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "birgit-rydlewski.de", true */ 'b', 'i', 'r', 'g', 'i', 't', '-', 'r', 'y', 'd', 'l', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "birkengarten.ch", true */ 'b', 'i', 'r', 'k', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "birkhoff.me", true */ 'b', 'i', 'r', 'k', 'h', 'o', 'f', 'f', '.', 'm', 'e', '\0',
+  /* "birminghamcastlehire.co.uk", true */ 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "birthdaytip.com", true */ 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "birthmatters.us", true */ 'b', 'i', 'r', 't', 'h', 'm', 'a', 't', 't', 'e', 'r', 's', '.', 'u', 's', '\0',
+  /* "birzan.org", true */ 'b', 'i', 'r', 'z', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "biscoint.io", true */ 'b', 'i', 's', 'c', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0',
+  /* "bismarck-tb.de", true */ 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', '-', 't', 'b', '.', 'd', 'e', '\0',
+  /* "bison.co", true */ 'b', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "bissalama.org", true */ 'b', 'i', 's', 's', 'a', 'l', 'a', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bistrocean.com", true */ 'b', 'i', 's', 't', 'r', 'o', 'c', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "biswas.me", true */ 'b', 'i', 's', 'w', 'a', 's', '.', 'm', 'e', '\0',
+  /* "bit-cloud.de", true */ 'b', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "bit-rapid.com", true */ 'b', 'i', 't', '-', 'r', 'a', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bit-sentinel.com", true */ 'b', 'i', 't', '-', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bit.voyage", true */ 'b', 'i', 't', '.', 'v', 'o', 'y', 'a', 'g', 'e', '\0',
+  /* "bit8.com", true */ 'b', 'i', 't', '8', '.', 'c', 'o', 'm', '\0',
+  /* "bitace.com", true */ 'b', 'i', 't', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitbeans.de", true */ 'b', 'i', 't', 'b', 'e', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "bitbucket.com", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bitbucket.io", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'i', 'o', '\0',
+  /* "bitbucket.org", true */ 'b', 'i', 't', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bitburner.de", true */ 'b', 'i', 't', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bitcoin-india.net", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bitcoin-india.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '-', 'i', 'n', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoin.asia", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'a', 's', 'i', 'a', '\0',
+  /* "bitcoin.ch", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "bitcoin.co.nz", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoin.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "bitcoin.im", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'm', '\0',
+  /* "bitcoin.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bitcoin.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoin.us", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'u', 's', '\0',
+  /* "bitcoinbitcoin.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinclashic.ninja", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'l', 'a', 's', 'h', 'i', 'c', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "bitcoincore.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoinec.info", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'e', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bitcoinhk.org", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'h', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bitcoinindia.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinkarlsruhe.de", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "bitcoinrealestate.com.au", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bitcointhefts.com", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 't', 'h', 'e', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bitcoinx.gr", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'g', 'r', '\0',
+  /* "bitcoinx.ro", true */ 'b', 'i', 't', 'c', 'o', 'i', 'n', 'x', '.', 'r', 'o', '\0',
+  /* "bitedge.com", true */ 'b', 'i', 't', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitenose.com", true */ 'b', 'i', 't', 'e', 'n', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitex.la", true */ 'b', 'i', 't', 'e', 'x', '.', 'l', 'a', '\0',
+  /* "bitfasching.de", true */ 'b', 'i', 't', 'f', 'a', 's', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "bitfehler.net", true */ 'b', 'i', 't', 'f', 'e', 'h', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bitfinder.nl", true */ 'b', 'i', 't', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bitfuse.net", true */ 'b', 'i', 't', 'f', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bitgo.com", true */ 'b', 'i', 't', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bititrain.com", true */ 'b', 'i', 't', 'i', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bitmain.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "bitmainwarranty.com", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bitmainwarranty.com.ua", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "bitmainwarranty.ru", true */ 'b', 'i', 't', 'm', 'a', 'i', 'n', 'w', 'a', 'r', 'r', 'a', 'n', 't', 'y', '.', 'r', 'u', '\0',
+  /* "bitmessage.ch", true */ 'b', 'i', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "bitmex.com", true */ 'b', 'i', 't', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bitminter.com", true */ 'b', 'i', 't', 'm', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bitmoe.com", true */ 'b', 'i', 't', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bitmon.net", true */ 'b', 'i', 't', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "bitok.com", true */ 'b', 'i', 't', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bitplay.space", true */ 'b', 'i', 't', 'p', 'l', 'a', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "bitpod.de", true */ 'b', 'i', 't', 'p', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "bitpoll.de", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "bitpoll.org", true */ 'b', 'i', 't', 'p', 'o', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "bitpumpe.net", true */ 'b', 'i', 't', 'p', 'u', 'm', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bitref.com", true */ 'b', 'i', 't', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bitroll.com", true */ 'b', 'i', 't', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bitrush.nl", true */ 'b', 'i', 't', 'r', 'u', 's', 'h', '.', 'n', 'l', '\0',
+  /* "bitsafe.com.my", true */ 'b', 'i', 't', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0',
+  /* "bitsburg.ru", true */ 'b', 'i', 't', 's', 'b', 'u', 'r', 'g', '.', 'r', 'u', '\0',
+  /* "bitsensor.io", true */ 'b', 'i', 't', 's', 'e', 'n', 's', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "bitshaker.net", true */ 'b', 'i', 't', 's', 'h', 'a', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bitskins.co", true */ 'b', 'i', 't', 's', 'k', 'i', 'n', 's', '.', 'c', 'o', '\0',
+  /* "bitskrieg.net", true */ 'b', 'i', 't', 's', 'k', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0',
+  /* "bitstorm.nl", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "bitstorm.org", true */ 'b', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "bitsum.com", true */ 'b', 'i', 't', 's', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "bitsync.nl", true */ 'b', 'i', 't', 's', 'y', 'n', 'c', '.', 'n', 'l', '\0',
+  /* "bittersweetcandybowl.com", true */ 'b', 'i', 't', 't', 'e', 'r', 's', 'w', 'e', 'e', 't', 'c', 'a', 'n', 'd', 'y', 'b', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bittervault.xyz", true */ 'b', 'i', 't', 't', 'e', 'r', 'v', 'a', 'u', 'l', 't', '.', 'x', 'y', 'z', '\0',
+  /* "bittmann.me", false */ 'b', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "bittylicious.com", true */ 'b', 'i', 't', 't', 'y', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bituptick.com", true */ 'b', 'i', 't', 'u', 'p', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bitvegas.com", true */ 'b', 'i', 't', 'v', 'e', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bitvest.io", true */ 'b', 'i', 't', 'v', 'e', 's', 't', '.', 'i', 'o', '\0',
+  /* "bitwolk.nl", true */ 'b', 'i', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "biurokarier.edu.pl", true */ 'b', 'i', 'u', 'r', 'o', 'k', 'a', 'r', 'i', 'e', 'r', '.', 'e', 'd', 'u', '.', 'p', 'l', '\0',
+  /* "bixservice.com", true */ 'b', 'i', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biyori.moe", true */ 'b', 'i', 'y', 'o', 'r', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "biyou-homme.com", true */ 'b', 'i', 'y', 'o', 'u', '-', 'h', 'o', 'm', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "biz4x.com", true */ 'b', 'i', 'z', '4', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bizeau.ch", true */ 'b', 'i', 'z', 'e', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "bizedge.co.nz", true */ 'b', 'i', 'z', 'e', 'd', 'g', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bizniskatalog.mk", true */ 'b', 'i', 'z', 'n', 'i', 's', 'k', 'a', 't', 'a', 'l', 'o', 'g', '.', 'm', 'k', '\0',
+  /* "biznpro.ru", true */ 'b', 'i', 'z', 'n', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "bizstarter.cz", true */ 'b', 'i', 'z', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "biztera.com", true */ 'b', 'i', 'z', 't', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "biztok.eu", true */ 'b', 'i', 'z', 't', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "bizzi.tv", true */ 'b', 'i', 'z', 'z', 'i', '.', 't', 'v', '\0',
+  /* "bjarnerest.de", true */ 'b', 'j', 'a', 'r', 'n', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "bjornhelmersson.se", true */ 'b', 'j', 'o', 'r', 'n', 'h', 'e', 'l', 'm', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "bjornjohansen.no", true */ 'b', 'j', 'o', 'r', 'n', 'j', 'o', 'h', 'a', 'n', 's', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "bjsbouncycastles.com", true */ 'b', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bkentertainments.co.uk", true */ 'b', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bkhpilates.co.uk", true */ 'b', 'k', 'h', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bkositspartytime.co.uk", true */ 'b', 'k', 'o', 's', 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bl4ckb0x.biz", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "bl4ckb0x.com", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bl4ckb0x.de", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'd', 'e', '\0',
+  /* "bl4ckb0x.eu", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'e', 'u', '\0',
+  /* "bl4ckb0x.info", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bl4ckb0x.net", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'n', 'e', 't', '\0',
+  /* "bl4ckb0x.org", true */ 'b', 'l', '4', 'c', 'k', 'b', '0', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "blablacar.co.uk", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blablacar.com", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blablacar.com.tr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "blablacar.com.ua", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "blablacar.de", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "blablacar.es", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'e', 's', '\0',
+  /* "blablacar.fr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "blablacar.hr", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'r', '\0',
+  /* "blablacar.hu", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'h', 'u', '\0',
+  /* "blablacar.in", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "blablacar.it", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'i', 't', '\0',
+  /* "blablacar.mx", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'm', 'x', '\0',
+  /* "blablacar.nl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "blablacar.pl", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 'l', '\0',
+  /* "blablacar.pt", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'p', 't', '\0',
+  /* "blablacar.ro", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'o', '\0',
+  /* "blablacar.rs", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 's', '\0',
+  /* "blablacar.ru", true */ 'b', 'l', 'a', 'b', 'l', 'a', 'c', 'a', 'r', '.', 'r', 'u', '\0',
+  /* "black-gay-porn.biz", true */ 'b', 'l', 'a', 'c', 'k', '-', 'g', 'a', 'y', '-', 'p', 'o', 'r', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "black-khat.com", true */ 'b', 'l', 'a', 'c', 'k', '-', 'k', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "black-mail.nl", true */ 'b', 'l', 'a', 'c', 'k', '-', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "black.dating", true */ 'b', 'l', 'a', 'c', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "black.host", true */ 'b', 'l', 'a', 'c', 'k', '.', 'h', 'o', 's', 't', '\0',
+  /* "blackandpony.de", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'n', 'd', 'p', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "blackapron.com.br", true */ 'b', 'l', 'a', 'c', 'k', 'a', 'p', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "blackbag.nl", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "blackbase.de", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "blackberrycentral.com", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "blackberryforums.be", true */ 'b', 'l', 'a', 'c', 'k', 'b', 'e', 'r', 'r', 'y', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'e', '\0',
+  /* "blackcat.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', '.', 'c', 'a', '\0',
+  /* "blackcatinformatics.ca", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'a', '\0',
+  /* "blackcatinformatics.com", true */ 'b', 'l', 'a', 'c', 'k', 'c', 'a', 't', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blackdesertsp.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'e', 's', 'e', 'r', 't', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "blackdotbrewery.com", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 't', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blackdown.de", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0',
+  /* "blackdragoninc.org", true */ 'b', 'l', 'a', 'c', 'k', 'd', 'r', 'a', 'g', 'o', 'n', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "blackedbyte.com", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'd', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blackevent.be", true */ 'b', 'l', 'a', 'c', 'k', 'e', 'v', 'e', 'n', 't', '.', 'b', 'e', '\0',
+  /* "blackgamelp.de", true */ 'b', 'l', 'a', 'c', 'k', 'g', 'a', 'm', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "blackhelicopters.net", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'e', 'l', 'i', 'c', 'o', 'p', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "blackhillsinfosec.com", true */ 'b', 'l', 'a', 'c', 'k', 'h', 'i', 'l', 'l', 's', 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "blackkeg.ca", true */ 'b', 'l', 'a', 'c', 'k', 'k', 'e', 'g', '.', 'c', 'a', '\0',
+  /* "blackl.net", true */ 'b', 'l', 'a', 'c', 'k', 'l', '.', 'n', 'e', 't', '\0',
+  /* "blacklightparty.be", true */ 'b', 'l', 'a', 'c', 'k', 'l', 'i', 'g', 'h', 't', 'p', 'a', 'r', 't', 'y', '.', 'b', 'e', '\0',
+  /* "blackmirror.com.au", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blackmonday.gr", true */ 'b', 'l', 'a', 'c', 'k', 'm', 'o', 'n', 'd', 'a', 'y', '.', 'g', 'r', '\0',
+  /* "blacknetwork.eu", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "blacknova.io", true */ 'b', 'l', 'a', 'c', 'k', 'n', 'o', 'v', 'a', '.', 'i', 'o', '\0',
+  /* "blackonion.com", true */ 'b', 'l', 'a', 'c', 'k', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blackpapermoon.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'a', 'p', 'e', 'r', 'm', 'o', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "blackphantom.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'a', 'n', 't', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "blackphoenix.de", true */ 'b', 'l', 'a', 'c', 'k', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "blackscytheconsulting.com", true */ 'b', 'l', 'a', 'c', 'k', 's', 'c', 'y', 't', 'h', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "blackseals.net", true */ 'b', 'l', 'a', 'c', 'k', 's', 'e', 'a', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "blackys-chamber.de", true */ 'b', 'l', 'a', 'c', 'k', 'y', 's', '-', 'c', 'h', 'a', 'm', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "blaise.io", true */ 'b', 'l', 'a', 'i', 's', 'e', '.', 'i', 'o', '\0',
+  /* "blakecoin.org", true */ 'b', 'l', 'a', 'k', 'e', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "blameomar.com", true */ 'b', 'l', 'a', 'm', 'e', 'o', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blancodent.com", true */ 'b', 'l', 'a', 'n', 'c', 'o', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blankersfamily.com", true */ 'b', 'l', 'a', 'n', 'k', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blarg.co", true */ 'b', 'l', 'a', 'r', 'g', '.', 'c', 'o', '\0',
+  /* "blastentertainment.com.au", true */ 'b', 'l', 'a', 's', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blastersklan.com", true */ 'b', 'l', 'a', 's', 't', 'e', 'r', 's', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blastzoneentertainments.co.uk", true */ 'b', 'l', 'a', 's', 't', 'z', 'o', 'n', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blaudev.es", true */ 'b', 'l', 'a', 'u', 'd', 'e', 'v', '.', 'e', 's', '\0',
+  /* "blauerhunger.de", true */ 'b', 'l', 'a', 'u', 'e', 'r', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "blayne.me", true */ 'b', 'l', 'a', 'y', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "blayneallan.com", true */ 'b', 'l', 'a', 'y', 'n', 'e', 'a', 'l', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bleaching-tipps.de", true */ 'b', 'l', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '-', 't', 'i', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "bleche-onlineshop.de", true */ 'b', 'l', 'e', 'c', 'h', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "blechinger.io", true */ 'b', 'l', 'e', 'c', 'h', 'i', 'n', 'g', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "blechpirat.name", true */ 'b', 'l', 'e', 'c', 'h', 'p', 'i', 'r', 'a', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "blechschmidt.saarland", true */ 'b', 'l', 'e', 'c', 'h', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "bleep.zone", true */ 'b', 'l', 'e', 'e', 'p', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "blenderrecipereviews.com", true */ 'b', 'l', 'e', 'n', 'd', 'e', 'r', 'r', 'e', 'c', 'i', 'p', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blendle.com", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blendle.nl", true */ 'b', 'l', 'e', 'n', 'd', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "blendr.com", true */ 'b', 'l', 'e', 'n', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blenneros.net", true */ 'b', 'l', 'e', 'n', 'n', 'e', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "blessedearth.com.au", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "blessedguy.com", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blessedguy.net", true */ 'b', 'l', 'e', 's', 's', 'e', 'd', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0',
+  /* "blewebprojects.com", true */ 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "blichmann.eu", true */ 'b', 'l', 'i', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "blidz.com", true */ 'b', 'l', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "blieque.co.uk", true */ 'b', 'l', 'i', 'e', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blikund.swedbank.se", true */ 'b', 'l', 'i', 'k', 'u', 'n', 'd', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "blingsparkleshine.com", true */ 'b', 'l', 'i', 'n', 'g', 's', 'p', 'a', 'r', 'k', 'l', 'e', 's', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blink-security.com", true */ 'b', 'l', 'i', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blinking.link", true */ 'b', 'l', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "blinkspeed.eu", true */ 'b', 'l', 'i', 'n', 'k', 's', 'p', 'e', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "blio.tk", true */ 'b', 'l', 'i', 'o', '.', 't', 'k', '\0',
+  /* "blissjoe.com", true */ 'b', 'l', 'i', 's', 's', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blissplan.com", true */ 'b', 'l', 'i', 's', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "blivawesome.dk", true */ 'b', 'l', 'i', 'v', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'd', 'k', '\0',
+  /* "blivvektor.dk", true */ 'b', 'l', 'i', 'v', 'v', 'e', 'k', 't', 'o', 'r', '.', 'd', 'k', '\0',
+  /* "blizhost.com", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blizhost.com.br", true */ 'b', 'l', 'i', 'z', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "blizz.news", true */ 'b', 'l', 'i', 'z', 'z', '.', 'n', 'e', 'w', 's', '\0',
+  /* "blkbx.eu", true */ 'b', 'l', 'k', 'b', 'x', '.', 'e', 'u', '\0',
+  /* "blm.gov", true */ 'b', 'l', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "block-this.com", true */ 'b', 'l', 'o', 'c', 'k', '-', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "block65.com", true */ 'b', 'l', 'o', 'c', 'k', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "blockchain.info", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "blockchaindaigakko.jp", true */ 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', 'd', 'a', 'i', 'g', 'a', 'k', 'k', 'o', '.', 'j', 'p', '\0',
+  /* "blockified.io", true */ 'b', 'l', 'o', 'c', 'k', 'i', 'f', 'i', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "blockmetry.com", true */ 'b', 'l', 'o', 'c', 'k', 'm', 'e', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "blockstream.com", true */ 'b', 'l', 'o', 'c', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "blockxit.de", true */ 'b', 'l', 'o', 'c', 'k', 'x', 'i', 't', '.', 'd', 'e', '\0',
+  /* "bloemendal.me", true */ 'b', 'l', 'o', 'e', 'm', 'e', 'n', 'd', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "blog-grupom2.es", true */ 'b', 'l', 'o', 'g', '-', 'g', 'r', 'u', 'p', 'o', 'm', '2', '.', 'e', 's', '\0',
+  /* "blog.gov.uk", true */ 'b', 'l', 'o', 'g', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "blog.linode.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "blog.lookout.com", false */ 'b', 'l', 'o', 'g', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blogabout.ru", true */ 'b', 'l', 'o', 'g', 'a', 'b', 'o', 'u', 't', '.', 'r', 'u', '\0',
+  /* "blogaid.net", true */ 'b', 'l', 'o', 'g', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "blogarts.net", true */ 'b', 'l', 'o', 'g', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "blogbooker.com", true */ 'b', 'l', 'o', 'g', 'b', 'o', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "blogconcours.net", true */ 'b', 'l', 'o', 'g', 'c', 'o', 'n', 'c', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "blogcuaviet.com", true */ 'b', 'l', 'o', 'g', 'c', 'u', 'a', 'v', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blogdieconomia.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', '.', 'i', 't', '\0',
+  /* "blogdimoda.com", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "blogdimotori.it", true */ 'b', 'l', 'o', 'g', 'd', 'i', 'm', 'o', 't', 'o', 'r', 'i', '.', 'i', 't', '\0',
+  /* "blogexpert.ca", true */ 'b', 'l', 'o', 'g', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'a', '\0',
+  /* "blogging-life.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bloggingwithchildren.com", true */ 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bloggytalky.com", true */ 'b', 'l', 'o', 'g', 'g', 'y', 't', 'a', 'l', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bloginbeeld.nl", true */ 'b', 'l', 'o', 'g', 'i', 'n', 'b', 'e', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "blogom.at", true */ 'b', 'l', 'o', 'g', 'o', 'm', '.', 'a', 't', '\0',
+  /* "blogpentrusuflet.ro", true */ 'b', 'l', 'o', 'g', 'p', 'e', 'n', 't', 'r', 'u', 's', 'u', 'f', 'l', 'e', 't', '.', 'r', 'o', '\0',
+  /* "blogreen.org", true */ 'b', 'l', 'o', 'g', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "blogtroterzy.pl", true */ 'b', 'l', 'o', 'g', 't', 'r', 'o', 't', 'e', 'r', 'z', 'y', '.', 'p', 'l', '\0',
+  /* "bloodsports.org", true */ 'b', 'l', 'o', 'o', 'd', 's', 'p', 'o', 'r', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bloodyexcellent.com", true */ 'b', 'l', 'o', 'o', 'd', 'y', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bloom-avenue.com", true */ 'b', 'l', 'o', 'o', 'm', '-', 'a', 'v', 'e', 'n', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bls-fiduciaire.be", true */ 'b', 'l', 's', '-', 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "bltc.co.uk", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bltc.com", true */ 'b', 'l', 't', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bltc.net", true */ 'b', 'l', 't', 'c', '.', 'n', 'e', 't', '\0',
+  /* "bltc.org", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "bltc.org.uk", true */ 'b', 'l', 't', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "blubberladen.de", true */ 'b', 'l', 'u', 'b', 'b', 'e', 'r', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "blue-leaf81.net", true */ 'b', 'l', 'u', 'e', '-', 'l', 'e', 'a', 'f', '8', '1', '.', 'n', 'e', 't', '\0',
+  /* "blue42.net", true */ 'b', 'l', 'u', 'e', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "bluecards.eu", true */ 'b', 'l', 'u', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "bluechilli.com", true */ 'b', 'l', 'u', 'e', 'c', 'h', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bluecon.ninja", true */ 'b', 'l', 'u', 'e', 'c', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "blued.moe", true */ 'b', 'l', 'u', 'e', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "bluefinger.nl", true */ 'b', 'l', 'u', 'e', 'f', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "blueflare.org", true */ 'b', 'l', 'u', 'e', 'f', 'l', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bluefuzz.nl", true */ 'b', 'l', 'u', 'e', 'f', 'u', 'z', 'z', '.', 'n', 'l', '\0',
+  /* "blueimp.net", true */ 'b', 'l', 'u', 'e', 'i', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "blueliquiddesigns.com.au", true */ 'b', 'l', 'u', 'e', 'l', 'i', 'q', 'u', 'i', 'd', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bluemeda.web.id", true */ 'b', 'l', 'u', 'e', 'm', 'e', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "bluemoonroleplaying.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 'o', 'n', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bluemosh.com", true */ 'b', 'l', 'u', 'e', 'm', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bluenote9.com", true */ 'b', 'l', 'u', 'e', 'n', 'o', 't', 'e', '9', '.', 'c', 'o', 'm', '\0',
+  /* "blueperil.de", true */ 'b', 'l', 'u', 'e', 'p', 'e', 'r', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "bluepoint.foundation", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "bluepoint.institute", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "bluepoint.one", true */ 'b', 'l', 'u', 'e', 'p', 'o', 'i', 'n', 't', '.', 'o', 'n', 'e', '\0',
+  /* "bluepostbox.de", true */ 'b', 'l', 'u', 'e', 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "blues-and-pictures.com", true */ 'b', 'l', 'u', 'e', 's', '-', 'a', 'n', 'd', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bluesecure.com.br", true */ 'b', 'l', 'u', 'e', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bluex.im", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'm', '\0',
+  /* "bluex.info", true */ 'b', 'l', 'u', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bluex.net", true */ 'b', 'l', 'u', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "bluex.org", true */ 'b', 'l', 'u', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "blueyed.eu", true */ 'b', 'l', 'u', 'e', 'y', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "bluezonehealth.co.uk", true */ 'b', 'l', 'u', 'e', 'z', 'o', 'n', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "blumen-binder.ch", true */ 'b', 'l', 'u', 'm', 'e', 'n', '-', 'b', 'i', 'n', 'd', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "blumenfeldart.com", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'f', 'e', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "blumenwiese.xyz", true */ 'b', 'l', 'u', 'm', 'e', 'n', 'w', 'i', 'e', 's', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "blumiges-fischbachtal.de", true */ 'b', 'l', 'u', 'm', 'i', 'g', 'e', 's', '-', 'f', 'i', 's', 'c', 'h', 'b', 'a', 'c', 'h', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "blurringexistence.net", true */ 'b', 'l', 'u', 'r', 'r', 'i', 'n', 'g', 'e', 'x', 'i', 's', 't', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "blusmurf.net", true */ 'b', 'l', 'u', 's', 'm', 'u', 'r', 'f', '.', 'n', 'e', 't', '\0',
+  /* "blutopia.xyz", true */ 'b', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "blvdmb.com", true */ 'b', 'l', 'v', 'd', 'm', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "bm-immo.ch", true */ 'b', 'm', '-', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "bmet.de", true */ 'b', 'm', 'e', 't', '.', 'd', 'e', '\0',
+  /* "bmoattachments.org", true */ 'b', 'm', 'o', 'a', 't', 't', 'a', 'c', 'h', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bmone.net", true */ 'b', 'm', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bmros.com.ar", true */ 'b', 'm', 'r', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "bmw-motorradclub-seefeld.de", true */ 'b', 'm', 'w', '-', 'm', 'o', 't', 'o', 'r', 'r', 'a', 'd', 'c', 'l', 'u', 'b', '-', 's', 'e', 'e', 'f', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "bn1digital.co.uk", true */ 'b', 'n', '1', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bnb-buddy.nl", true */ 'b', 'n', 'b', '-', 'b', 'u', 'd', 'd', 'y', '.', 'n', 'l', '\0',
+  /* "bnbsinflatablehire.co.uk", true */ 'b', 'n', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bngs.pl", true */ 'b', 'n', 'g', 's', '.', 'p', 'l', '\0',
+  /* "bnin.org", true */ 'b', 'n', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "bnjscastles.co.uk", true */ 'b', 'n', 'j', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bnstree.com", true */ 'b', 'n', 's', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bnty.net", true */ 'b', 'n', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "boardgamegeeks.de", true */ 'b', 'o', 'a', 'r', 'd', 'g', 'a', 'm', 'e', 'g', 'e', 'e', 'k', 's', '.', 'd', 'e', '\0',
+  /* "boatme.de", true */ 'b', 'o', 'a', 't', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "bobancoamigo.com", true */ 'b', 'o', 'b', 'a', 'n', 'c', 'o', 'a', 'm', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bobaobei.net", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'n', 'e', 't', '\0',
+  /* "bobaobei.org", true */ 'b', 'o', 'b', 'a', 'o', 'b', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "bobazar.com", true */ 'b', 'o', 'b', 'a', 'z', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bobcopeland.com", true */ 'b', 'o', 'b', 'c', 'o', 'p', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bobep.ru", true */ 'b', 'o', 'b', 'e', 'p', '.', 'r', 'u', '\0',
+  /* "bobiji.com", true */ 'b', 'o', 'b', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bobisec.cz", true */ 'b', 'o', 'b', 'i', 's', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "bobkoetsier.nl", true */ 'b', 'o', 'b', 'k', 'o', 'e', 't', 's', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bobnbouncedublin.ie", true */ 'b', 'o', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'u', 'b', 'l', 'i', 'n', '.', 'i', 'e', '\0',
+  /* "boboates.com", true */ 'b', 'o', 'b', 'o', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bobobox.net", true */ 'b', 'o', 'b', 'o', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "boboolo.com", true */ 'b', 'o', 'b', 'o', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bobstronomie.fr", true */ 'b', 'o', 'b', 's', 't', 'r', 'o', 'n', 'o', 'm', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "bocamo.it", true */ 'b', 'o', 'c', 'a', 'm', 'o', '.', 'i', 't', '\0',
+  /* "bochs.info", true */ 'b', 'o', 'c', 'h', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bockenauer.at", true */ 'b', 'o', 'c', 'k', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'a', 't', '\0',
+  /* "bocreation.fr", true */ 'b', 'o', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "bodhi.fedoraproject.org", true */ 'b', 'o', 'd', 'h', 'i', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bodixite.com", true */ 'b', 'o', 'd', 'i', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bodsch.com", true */ 'b', 'o', 'd', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bodybuilding.events", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'e', 'v', 'e', 'n', 't', 's', '\0',
+  /* "bodybuildingworld.com", true */ 'b', 'o', 'd', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bodyconshop.com", true */ 'b', 'o', 'd', 'y', 'c', 'o', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bodygearguide.com", true */ 'b', 'o', 'd', 'y', 'g', 'e', 'a', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bodymusclejournal.com", true */ 'b', 'o', 'd', 'y', 'm', 'u', 's', 'c', 'l', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bodyworkbymichael.com", true */ 'b', 'o', 'd', 'y', 'w', 'o', 'r', 'k', 'b', 'y', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "boeddhashop.nl", true */ 'b', 'o', 'e', 'd', 'd', 'h', 'a', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "boekenlegger.nl", true */ 'b', 'o', 'e', 'k', 'e', 'n', 'l', 'e', 'g', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "boel073.nl", true */ 'b', 'o', 'e', 'l', '0', '7', '3', '.', 'n', 'l', '\0',
+  /* "boernecancerfonden.dk", true */ 'b', 'o', 'e', 'r', 'n', 'e', 'c', 'a', 'n', 'c', 'e', 'r', 'f', 'o', 'n', 'd', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "bogdanepureanu.ro", true */ 'b', 'o', 'g', 'd', 'a', 'n', 'e', 'p', 'u', 'r', 'e', 'a', 'n', 'u', '.', 'r', 'o', '\0',
+  /* "bogner.sh", true */ 'b', 'o', 'g', 'n', 'e', 'r', '.', 's', 'h', '\0',
+  /* "bogobeats.com", true */ 'b', 'o', 'g', 'o', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bohan.co", true */ 'b', 'o', 'h', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "bohyn.cz", true */ 'b', 'o', 'h', 'y', 'n', '.', 'c', 'z', '\0',
+  /* "boilesen.com", true */ 'b', 'o', 'i', 'l', 'e', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "boimmobilier.ch", true */ 'b', 'o', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "boincstats.com", true */ 'b', 'o', 'i', 'n', 'c', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "boiseonlinemall.com", true */ 'b', 'o', 'i', 's', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "boisewaldorf.org", true */ 'b', 'o', 'i', 's', 'e', 'w', 'a', 'l', 'd', 'o', 'r', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "bokeyy.com", true */ 'b', 'o', 'k', 'e', 'y', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "boldmediagroup.com", true */ 'b', 'o', 'l', 'd', 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "boldt-metallbau.de", true */ 'b', 'o', 'l', 'd', 't', '-', 'm', 'e', 't', 'a', 'l', 'l', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "bolektro.de", true */ 'b', 'o', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "bolivarfm.com.ve", true */ 'b', 'o', 'l', 'i', 'v', 'a', 'r', 'f', 'm', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "bollywood.uno", true */ 'b', 'o', 'l', 'l', 'y', 'w', 'o', 'o', 'd', '.', 'u', 'n', 'o', '\0',
+  /* "bologna-disinfestazioni.it", true */ 'b', 'o', 'l', 'o', 'g', 'n', 'a', '-', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0',
+  /* "bolovegna.it", true */ 'b', 'o', 'l', 'o', 'v', 'e', 'g', 'n', 'a', '.', 'i', 't', '\0',
+  /* "bolt.cm", false */ 'b', 'o', 'l', 't', '.', 'c', 'm', '\0',
+  /* "bolte.org", true */ 'b', 'o', 'l', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bomb.codes", true */ 'b', 'o', 'm', 'b', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "bombsquad.studio", true */ 'b', 'o', 'm', 'b', 's', 'q', 'u', 'a', 'd', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "bonaccorso.eu", true */ 'b', 'o', 'n', 'a', 'c', 'c', 'o', 'r', 's', 'o', '.', 'e', 'u', '\0',
+  /* "bonami.cz", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'c', 'z', '\0',
+  /* "bonami.pl", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'p', 'l', '\0',
+  /* "bonami.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 'r', 'o', '\0',
+  /* "bonami.sk", true */ 'b', 'o', 'n', 'a', 'm', 'i', '.', 's', 'k', '\0',
+  /* "bonamihome.ro", true */ 'b', 'o', 'n', 'a', 'm', 'i', 'h', 'o', 'm', 'e', '.', 'r', 'o', '\0',
+  /* "bonbonmania.com", true */ 'b', 'o', 'n', 'b', 'o', 'n', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bondagefetishstore.com", true */ 'b', 'o', 'n', 'd', 'a', 'g', 'e', 'f', 'e', 't', 'i', 's', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bondarenko.dn.ua", true */ 'b', 'o', 'n', 'd', 'a', 'r', 'e', 'n', 'k', 'o', '.', 'd', 'n', '.', 'u', 'a', '\0',
+  /* "bondoer.fr", true */ 'b', 'o', 'n', 'd', 'o', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bondpro.gov", true */ 'b', 'o', 'n', 'd', 'p', 'r', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "bondskampeerder.nl", true */ 'b', 'o', 'n', 'd', 's', 'k', 'a', 'm', 'p', 'e', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "bonesserver.com", true */ 'b', 'o', 'n', 'e', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bonfi.net", true */ 'b', 'o', 'n', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "bonifacius.be", true */ 'b', 'o', 'n', 'i', 'f', 'a', 'c', 'i', 'u', 's', '.', 'b', 'e', '\0',
+  /* "bonigo.de", true */ 'b', 'o', 'n', 'i', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "bonita.com.br", true */ 'b', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bonnant-associes.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'a', 's', 's', 'o', 'c', 'i', 'e', 's', '.', 'c', 'h', '\0',
+  /* "bonnant-partners.ch", true */ 'b', 'o', 'n', 'n', 'a', 'n', 't', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "bonnebouffe.fr", true */ 'b', 'o', 'n', 'n', 'e', 'b', 'o', 'u', 'f', 'f', 'e', '.', 'f', 'r', '\0',
+  /* "bonnieradvocaten.nl", true */ 'b', 'o', 'n', 'n', 'i', 'e', 'r', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "bonnin.fr", true */ 'b', 'o', 'n', 'n', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "bonnsustainabilityportal.de", true */ 'b', 'o', 'n', 'n', 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "bonnyprints.at", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'a', 't', '\0',
+  /* "bonnyprints.ch", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "bonnyprints.es", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'e', 's', '\0',
+  /* "bonnyprints.fr", true */ 'b', 'o', 'n', 'n', 'y', 'p', 'r', 'i', 'n', 't', 's', '.', 'f', 'r', '\0',
+  /* "bonprix.co.uk", true */ 'b', 'o', 'n', 'p', 'r', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bonqoeur.ca", true */ 'b', 'o', 'n', 'q', 'o', 'e', 'u', 'r', '.', 'c', 'a', '\0',
+  /* "bonus-flexi.com", true */ 'b', 'o', 'n', 'u', 's', '-', 'f', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "boobox.xyz", true */ 'b', 'o', 'o', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "boodaah.com", true */ 'b', 'o', 'o', 'd', 'a', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "boodmo.com", true */ 'b', 'o', 'o', 'd', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "boogiebouncecastles.co.uk", true */ 'b', 'o', 'o', 'g', 'i', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "book-in-hotel.com", true */ 'b', 'o', 'o', 'k', '-', 'i', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bookingapp.be", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'b', 'e', '\0',
+  /* "bookingapp.nl", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "bookingdeluxesp.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'd', 'e', 'l', 'u', 'x', 'e', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bookingready.com", true */ 'b', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bookluk.com", true */ 'b', 'o', 'o', 'k', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bookmakersfreebets.com.au", true */ 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'f', 'r', 'e', 'e', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bookmein.in", true */ 'b', 'o', 'o', 'k', 'm', 'e', 'i', 'n', '.', 'i', 'n', '\0',
+  /* "bookourdjs.com", true */ 'b', 'o', 'o', 'k', 'o', 'u', 'r', 'd', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bookreport.ga", true */ 'b', 'o', 'o', 'k', 'r', 'e', 'p', 'o', 'r', 't', '.', 'g', 'a', '\0',
+  /* "booktracker-org.appspot.com", true */ 'b', 'o', 'o', 'k', 't', 'r', 'a', 'c', 'k', 'e', 'r', '-', 'o', 'r', 'g', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bookwitty.social", true */ 'b', 'o', 'o', 'k', 'w', 'i', 't', 't', 'y', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "bool.be", true */ 'b', 'o', 'o', 'l', '.', 'b', 'e', '\0',
+  /* "boomersurf.com", true */ 'b', 'o', 'o', 'm', 'e', 'r', 's', 'u', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "boomsaki.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "boomsakis.com", true */ 'b', 'o', 'o', 'm', 's', 'a', 'k', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "boomshelf.com", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "boomshelf.org", true */ 'b', 'o', 'o', 'm', 's', 'h', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "boonbox.com", true */ 'b', 'o', 'o', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "booox.biz", true */ 'b', 'o', 'o', 'o', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "booox.cc", true */ 'b', 'o', 'o', 'o', 'x', '.', 'c', 'c', '\0',
+  /* "booox.info", true */ 'b', 'o', 'o', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "booox.net", true */ 'b', 'o', 'o', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "booox.org", true */ 'b', 'o', 'o', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "booox.pw", true */ 'b', 'o', 'o', 'o', 'x', '.', 'p', 'w', '\0',
+  /* "booq.org", true */ 'b', 'o', 'o', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "booquiz.com", true */ 'b', 'o', 'o', 'q', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "boosinflatablegames.co.uk", true */ 'b', 'o', 'o', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "booter.es", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'e', 's', '\0',
+  /* "booter.pw", true */ 'b', 'o', 'o', 't', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "bootjp.me", false */ 'b', 'o', 'o', 't', 'j', 'p', '.', 'm', 'e', '\0',
+  /* "bopera.co.uk", true */ 'b', 'o', 'p', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bopp.org", true */ 'b', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "borahan.net", true */ 'b', 'o', 'r', 'a', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "borg.cloud", true */ 'b', 'o', 'r', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "boringsmith.com", true */ 'b', 'o', 'r', 'i', 'n', 'g', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "borisavstankovic.rs", true */ 'b', 'o', 'r', 'i', 's', 'a', 'v', 's', 't', 'a', 'n', 'k', 'o', 'v', 'i', 'c', '.', 'r', 's', '\0',
+  /* "borisschapira.com", true */ 'b', 'o', 'r', 'i', 's', 's', 'c', 'h', 'a', 'p', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "born-to-learn.com", true */ 'b', 'o', 'r', 'n', '-', 't', 'o', '-', 'l', 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "born2bounce.co.uk", true */ 'b', 'o', 'r', 'n', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bornandgrazed.com", true */ 'b', 'o', 'r', 'n', 'a', 'n', 'd', 'g', 'r', 'a', 'z', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bornfiber.dk", true */ 'b', 'o', 'r', 'n', 'f', 'i', 'b', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "bornhack.dk", true */ 'b', 'o', 'r', 'n', 'h', 'a', 'c', 'k', '.', 'd', 'k', '\0',
+  /* "borowski.pw", true */ 'b', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'p', 'w', '\0',
+  /* "borrelpartybus.nl", true */ 'b', 'o', 'r', 'r', 'e', 'l', 'p', 'a', 'r', 't', 'y', 'b', 'u', 's', '.', 'n', 'l', '\0',
+  /* "borysek.net", true */ 'b', 'o', 'r', 'y', 's', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "borzoi.com.br", true */ 'b', 'o', 'r', 'z', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boscoyacht.ch", true */ 'b', 'o', 's', 'c', 'o', 'y', 'a', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "boss.az", true */ 'b', 'o', 's', 's', '.', 'a', 'z', '\0',
+  /* "bostadsportal.se", true */ 'b', 'o', 's', 't', 'a', 'd', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 's', 'e', '\0',
+  /* "bosufitness.cz", true */ 'b', 'o', 's', 'u', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'z', '\0',
+  /* "bosun.io", true */ 'b', 'o', 's', 'u', 'n', '.', 'i', 'o', '\0',
+  /* "bosworthdental.co.uk", true */ 'b', 'o', 's', 'w', 'o', 'r', 't', 'h', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "botlab.ch", true */ 'b', 'o', 't', 'l', 'a', 'b', '.', 'c', 'h', '\0',
+  /* "botmanager.pl", true */ 'b', 'o', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "botserver.de", true */ 'b', 'o', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bottaerisposta.net", true */ 'b', 'o', 't', 't', 'a', 'e', 'r', 'i', 's', 'p', 'o', 's', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "bottineauneighborhood.org", true */ 'b', 'o', 't', 't', 'i', 'n', 'e', 'a', 'u', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bottke.berlin", true */ 'b', 'o', 't', 't', 'k', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "bou.lt", true */ 'b', 'o', 'u', '.', 'l', 't', '\0',
+  /* "bouah.net", true */ 'b', 'o', 'u', 'a', 'h', '.', 'n', 'e', 't', '\0',
+  /* "bouchard-mathieux.com", true */ 'b', 'o', 'u', 'c', 'h', 'a', 'r', 'd', '-', 'm', 'a', 't', 'h', 'i', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bouchonville-knifemaker.com", true */ 'b', 'o', 'u', 'c', 'h', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '-', 'k', 'n', 'i', 'f', 'e', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bouckaert-usedcars.be", true */ 'b', 'o', 'u', 'c', 'k', 'a', 'e', 'r', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "boudah.pl", true */ 'b', 'o', 'u', 'd', 'a', 'h', '.', 'p', 'l', '\0',
+  /* "boueki.jp", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "boueki.org", true */ 'b', 'o', 'u', 'e', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "bougeret.fr", true */ 'b', 'o', 'u', 'g', 'e', 'r', 'e', 't', '.', 'f', 'r', '\0',
+  /* "bouk.co", true */ 'b', 'o', 'u', 'k', '.', 'c', 'o', '\0',
+  /* "boukoubengo.com", true */ 'b', 'o', 'u', 'k', 'o', 'u', 'b', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "boulzicourt.fr", true */ 'b', 'o', 'u', 'l', 'z', 'i', 'c', 'o', 'u', 'r', 't', '.', 'f', 'r', '\0',
+  /* "bounce-a-mania.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-a-roo.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', '-', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-abouts.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'a', 'b', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bounce-n-go.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'n', '-', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-on.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-r-us.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'r', '-', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce-xtreme.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '-', 'x', 't', 'r', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce4fun.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounce4fun.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'f', 'u', 'n', '.', 'i', 'e', '\0',
+  /* "bounce4kidz.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "bounce4less.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', '4', 'l', 'e', 's', 's', '.', 'i', 'e', '\0',
+  /* "bouncea-bout.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', '-', 'b', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bounceaboutandplay.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'a', 'n', 'd', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceaboutnewark.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 'n', 'e', 'w', 'a', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceaboutsussex.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'b', 'o', 'u', 't', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncealotcastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncealotnorthwest.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'n', 'o', 'r', 't', 'h', 'w', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceandwobble.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'n', 'd', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceapp.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "bouncearoundevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncearoundsheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'r', 'o', 'u', 'n', 'd', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceawaycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncebackcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'a', 'c', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncebeyondcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'e', 'y', 'o', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncebookings.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'o', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bouncecrazy.ie", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'i', 'e', '\0',
+  /* "bouncehighpeak.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'h', 'i', 'g', 'h', 'p', 'e', 'a', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncejumpboston.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'j', 'u', 'm', 'p', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncekingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemania.org", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bouncemaniaevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemaniainflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 'n', 'i', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemasters.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncemonkeys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenpaint.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncenslidenortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'n', 's', 'l', 'i', 'd', 'e', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncepartycastles.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bounceroosevents.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 'o', 'o', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncers-bouncycastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncesouthwales.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncesquad.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 's', 'q', 'u', 'a', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncetasticuk.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'a', 's', 't', 'i', 'c', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncetheparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bounceunlimited.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncewithbovells.com", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'i', 't', 'h', 'b', 'o', 'v', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncewrightcastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'e', 'w', 'r', 'i', 'g', 'h', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncincastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncing4joy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', '4', 'j', 'o', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbairnsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'a', 'i', 'r', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbeansinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbobsinflatables.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'o', 'b', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbuddiesleicester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'd', 'd', 'i', 'e', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingbuzzybees.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'b', 'u', 'z', 'z', 'y', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncinghigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncingscotland.com", true */ 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bouncourseplanner.net", true */ 'b', 'o', 'u', 'n', 'c', 'o', 'u', 'r', 's', 'e', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bouncy-castles-surrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '-', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncy-tots.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', '-', 't', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncybaileys.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'i', 'l', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyball.eu", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', '.', 'e', 'u', '\0',
+  /* "bouncyballs.org", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bouncyballscastles.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncybouncyboocastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'b', 'o', 'o', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastle.net.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "bouncycastleandparty.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehire-norwich.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlehire-sheffield.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehireauckland.co.nz", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'a', 'u', 'c', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "bouncycastlehirebarnstaple.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'a', 'r', 'n', 's', 't', 'a', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirebexley.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'b', 'e', 'x', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirechelmsford.org.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'c', 'h', 'e', 'l', 'm', 's', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirehull.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehireinglasgow.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'i', 'n', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirelouth.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiremalvern.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'a', 'l', 'v', 'e', 'r', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiremedway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'm', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlehireoldham.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'o', 'l', 'd', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirestroud.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 't', 'r', 'o', 'u', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiresurrey.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehiretameside.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 't', 'a', 'm', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlehirewinchester.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'w', 'i', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleman.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlemangloucestershire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'm', 'a', 'n', 'g', 'l', 'o', 'u', 'c', 'e', 's', 't', 'e', 'r', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleparade.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastles.me", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'm', 'e', '\0',
+  /* "bouncycastlesgalway.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'g', 'a', 'l', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastleshire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastleshireleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesin.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesinderby.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'd', 'e', 'r', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesinleeds.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 'n', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesisleofwight.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncycastlesmonaghan.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'o', 'n', 'a', 'g', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bouncycastlesperth.net", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'p', 'e', 'r', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "bouncycastlessheerness.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'h', 'e', 'e', 'r', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncydays.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyfeet.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncygiggles.com.au", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'g', 'i', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bouncyhigher.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyhousecastlehire.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncyhouses.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykingdom.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 'd', 'o', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykings.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncykingsnortheast.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'k', 'i', 'n', 'g', 's', 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncymacs.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncymadness.com", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bouncyrainbows.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncytime.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncytown.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bouncywouncy.co.uk", true */ 'b', 'o', 'u', 'n', 'c', 'y', 'w', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bound2bounce.co.uk", true */ 'b', 'o', 'u', 'n', 'd', '2', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bountyfactory.io", true */ 'b', 'o', 'u', 'n', 't', 'y', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "bourasse.fr", true */ 'b', 'o', 'u', 'r', 'a', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "bourdon.fr.eu.org", true */ 'b', 'o', 'u', 'r', 'd', 'o', 'n', '.', 'f', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "bourhis.info", true */ 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "bournefun.co.uk", true */ 'b', 'o', 'u', 'r', 'n', 'e', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bourqu.in", true */ 'b', 'o', 'u', 'r', 'q', 'u', '.', 'i', 'n', '\0',
+  /* "bourse-aux-jouets.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'j', 'o', 'u', 'e', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bourse-aux-vetements.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'a', 'u', 'x', '-', 'v', 'e', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bourse-puericulture.org", false */ 'b', 'o', 'u', 'r', 's', 'e', '-', 'p', 'u', 'e', 'r', 'i', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "boutiquedecanetas.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'd', 'e', 'c', 'a', 'n', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boutiquefutebol.com.br", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'f', 'u', 't', 'e', 'b', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "boutiqueguenaelleverdin.com", true */ 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', 'g', 'u', 'e', 'n', 'a', 'e', 'l', 'l', 'e', 'v', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bouw.live", true */ 'b', 'o', 'u', 'w', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "bouzouks.net", true */ 'b', 'o', 'u', 'z', 'o', 'u', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "bowedwallcrackrepair.com", true */ 'b', 'o', 'w', 'e', 'd', 'w', 'a', 'l', 'l', 'c', 'r', 'a', 'c', 'k', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "boweryandvine.com", true */ 'b', 'o', 'w', 'e', 'r', 'y', 'a', 'n', 'd', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bowling.com", true */ 'b', 'o', 'w', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bowlsheet.com", false */ 'b', 'o', 'w', 'l', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bownty.be", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'b', 'e', '\0',
+  /* "bownty.co.uk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bownty.de", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'e', '\0',
+  /* "bownty.dk", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'd', 'k', '\0',
+  /* "bownty.es", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'e', 's', '\0',
+  /* "bownty.fr", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'f', 'r', '\0',
+  /* "bownty.it", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'i', 't', '\0',
+  /* "bownty.nl", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'n', 'l', '\0',
+  /* "bownty.pt", true */ 'b', 'o', 'w', 'n', 't', 'y', '.', 'p', 't', '\0',
+  /* "bowntycdn.net", true */ 'b', 'o', 'w', 'n', 't', 'y', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0',
+  /* "boxdevigneron.fr", true */ 'b', 'o', 'x', 'd', 'e', 'v', 'i', 'g', 'n', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "boxit.es", true */ 'b', 'o', 'x', 'i', 't', '.', 'e', 's', '\0',
+  /* "boxpirates.to", true */ 'b', 'o', 'x', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 't', 'o', '\0',
+  /* "boxvergelijker.nl", true */ 'b', 'o', 'x', 'v', 'e', 'r', 'g', 'e', 'l', 'i', 'j', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "boxview.com", true */ 'b', 'o', 'x', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "boyhost.cn", true */ 'b', 'o', 'y', 'h', 'o', 's', 't', '.', 'c', 'n', '\0',
+  /* "boypoint.de", true */ 'b', 'o', 'y', 'p', 'o', 'i', 'n', 't', '.', 'd', 'e', '\0',
+  /* "boz.nl", true */ 'b', 'o', 'z', '.', 'n', 'l', '\0',
+  /* "bozemancarpetcleaningservices.com", true */ 'b', 'o', 'z', 'e', 'm', 'a', 'n', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bozosbouncycastles.co.uk", true */ 'b', 'o', 'z', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bpadvisors.eu", true */ 'b', 'p', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'e', 'u', '\0',
+  /* "bpaste.net", true */ 'b', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "bpastudies.org", true */ 'b', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bpo.ovh", true */ 'b', 'p', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "bpol-forum.de", true */ 'b', 'p', 'o', 'l', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "bqp.io", true */ 'b', 'q', 'p', '.', 'i', 'o', '\0',
+  /* "bqr.ch", true */ 'b', 'q', 'r', '.', 'c', 'h', '\0',
+  /* "br.search.yahoo.com", false */ 'b', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "br3in.nl", false */ 'b', 'r', '3', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "braams.nl", true */ 'b', 'r', 'a', 'a', 'm', 's', '.', 'n', 'l', '\0',
+  /* "bracho.xyz", true */ 'b', 'r', 'a', 'c', 'h', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "bracoitaliano.com.br", true */ 'b', 'r', 'a', 'c', 'o', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bradbrockmeyer.com", true */ 'b', 'r', 'a', 'd', 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bradfordhottubhire.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bradfordmascots.co.uk", true */ 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bradkovach.com", true */ 'b', 'r', 'a', 'd', 'k', 'o', 'v', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bradler.net", true */ 'b', 'r', 'a', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "bradlinder.org", true */ 'b', 'r', 'a', 'd', 'l', 'i', 'n', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "bradypatterson.com", true */ 'b', 'r', 'a', 'd', 'y', 'p', 'a', 't', 't', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "braemer-it-consulting.de", true */ 'b', 'r', 'a', 'e', 'm', 'e', 'r', '-', 'i', 't', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "braeunlich-gmbh.com", true */ 'b', 'r', 'a', 'e', 'u', 'n', 'l', 'i', 'c', 'h', '-', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "bragaweb.com.br", true */ 'b', 'r', 'a', 'g', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "brahmins.com", true */ 'b', 'r', 'a', 'h', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brahmstaedt.de", true */ 'b', 'r', 'a', 'h', 'm', 's', 't', 'a', 'e', 'd', 't', '.', 'd', 'e', '\0',
+  /* "braiampeguero.xyz", true */ 'b', 'r', 'a', 'i', 'a', 'm', 'p', 'e', 'g', 'u', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "brailsford.xyz", true */ 'b', 'r', 'a', 'i', 'l', 's', 'f', 'o', 'r', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "brain-e.co", true */ 'b', 'r', 'a', 'i', 'n', '-', 'e', '.', 'c', 'o', '\0',
+  /* "brain-force.ch", true */ 'b', 'r', 'a', 'i', 'n', '-', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "brainball.fr", true */ 'b', 'r', 'a', 'i', 'n', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "brainfork.org", true */ 'b', 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "brainhub.nl", true */ 'b', 'r', 'a', 'i', 'n', 'h', 'u', 'b', '.', 'n', 'l', '\0',
+  /* "brainlag.org", true */ 'b', 'r', 'a', 'i', 'n', 'l', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "brainserve.ch", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "brainserve.com", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brainserve.swiss", true */ 'b', 'r', 'a', 'i', 'n', 's', 'e', 'r', 'v', 'e', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "brainster.co", true */ 'b', 'r', 'a', 'i', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "brainvoyagermusic.com", true */ 'b', 'r', 'a', 'i', 'n', 'v', 'o', 'y', 'a', 'g', 'e', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "brainwork.space", true */ 'b', 'r', 'a', 'i', 'n', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "brakemanpro.com", true */ 'b', 'r', 'a', 'k', 'e', 'm', 'a', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "brakstad.org", true */ 'b', 'r', 'a', 'k', 's', 't', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bralnik.com", true */ 'b', 'r', 'a', 'l', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bramhallsamusements.com", true */ 'b', 'r', 'a', 'm', 'h', 'a', 'l', 'l', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brammingfys.dk", true */ 'b', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'f', 'y', 's', '.', 'd', 'k', '\0',
+  /* "bramvanaken.be", true */ 'b', 'r', 'a', 'm', 'v', 'a', 'n', 'a', 'k', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "bran.land", true */ 'b', 'r', 'a', 'n', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "bran.soy", true */ 'b', 'r', 'a', 'n', '.', 's', 'o', 'y', '\0',
+  /* "branch-bookkeeper.com", true */ 'b', 'r', 'a', 'n', 'c', 'h', '-', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brandbil.dk", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'i', 'l', '.', 'd', 'k', '\0',
+  /* "brandbuilderwebsites.com", true */ 'b', 'r', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brandcodeconsulting.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brandcodestyle.com", true */ 'b', 'r', 'a', 'n', 'd', 'c', 'o', 'd', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brando753.xyz", true */ 'b', 'r', 'a', 'n', 'd', 'o', '7', '5', '3', '.', 'x', 'y', 'z', '\0',
+  /* "brandongomez.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'g', 'o', 'm', 'e', 'z', '.', 'm', 'e', '\0',
+  /* "brandonhubbard.com", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'h', 'u', 'b', 'b', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "brandonwalker.me", true */ 'b', 'r', 'a', 'n', 'd', 'o', 'n', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "brandstead.com", true */ 'b', 'r', 'a', 'n', 'd', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "brandtrapselfie.nl", true */ 'b', 'r', 'a', 'n', 'd', 't', 'r', 'a', 'p', 's', 'e', 'l', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "brandweertrainingen.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "brandweeruitgeest.nl", true */ 'b', 'r', 'a', 'n', 'd', 'w', 'e', 'e', 'r', 'u', 'i', 't', 'g', 'e', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "branw.xyz", true */ 'b', 'r', 'a', 'n', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "brasal.ma", true */ 'b', 'r', 'a', 's', 'a', 'l', '.', 'm', 'a', '\0',
+  /* "brasalcosmetics.com", true */ 'b', 'r', 'a', 's', 'a', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brashear.me", true */ 'b', 'r', 'a', 's', 'h', 'e', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "brasilbombas.com.br", true */ 'b', 'r', 'a', 's', 'i', 'l', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "brasserie-mino.fr", true */ 'b', 'r', 'a', 's', 's', 'e', 'r', 'i', 'e', '-', 'm', 'i', 'n', 'o', '.', 'f', 'r', '\0',
+  /* "brasspipedreams.org", true */ 'b', 'r', 'a', 's', 's', 'p', 'i', 'p', 'e', 'd', 'r', 'e', 'a', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bratislava-airport-taxi.com", true */ 'b', 'r', 'a', 't', 'i', 's', 'l', 'a', 'v', 'a', '-', 'a', 'i', 'r', 'p', 'o', 'r', 't', '-', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "bratteng.xyz", false */ 'b', 'r', 'a', 't', 't', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "bratvanov.com", true */ 'b', 'r', 'a', 't', 'v', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "brau-ingenieur.de", true */ 'b', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "braudoktor.de", true */ 'b', 'r', 'a', 'u', 'd', 'o', 'k', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "brauingenieur.de", true */ 'b', 'r', 'a', 'u', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "braunsteinpc.com", true */ 'b', 'r', 'a', 'u', 'n', 's', 't', 'e', 'i', 'n', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "braunwarth.info", true */ 'b', 'r', 'a', 'u', 'n', 'w', 'a', 'r', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "brava.bg", true */ 'b', 'r', 'a', 'v', 'a', '.', 'b', 'g', '\0',
+  /* "brave-foods.ch", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'h', '\0',
+  /* "brave-foods.com", true */ 'b', 'r', 'a', 'v', 'e', '-', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brave.com", true */ 'b', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bravehearts.org.au", true */ 'b', 'r', 'a', 'v', 'e', 'h', 'e', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "braviskindenjeugd.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'k', 'i', 'n', 'd', 'e', 'n', 'j', 'e', 'u', 'g', 'd', '.', 'n', 'l', '\0',
+  /* "bravisziekenhuis.nl", true */ 'b', 'r', 'a', 'v', 'i', 's', 'z', 'i', 'e', 'k', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "brazilian.dating", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "brazillens.com", true */ 'b', 'r', 'a', 'z', 'i', 'l', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brb.city", true */ 'b', 'r', 'b', '.', 'c', 'i', 't', 'y', '\0',
+  /* "brck.nl", true */ 'b', 'r', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "brd.ro", true */ 'b', 'r', 'd', '.', 'r', 'o', '\0',
+  /* "breadandlife.org", true */ 'b', 'r', 'e', 'a', 'd', 'a', 'n', 'd', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "breakingtech.it", true */ 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "breathedreamgo.com", true */ 'b', 'r', 'e', 'a', 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "brecht.ch", true */ 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "breckle.com.ua", true */ 'b', 'r', 'e', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "brecknell.biz", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "brecknell.com", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brecknell.info", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "brecknell.name", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "brecknell.net", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "brecknell.org", true */ 'b', 'r', 'e', 'c', 'k', 'n', 'e', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "breda.computer", true */ 'b', 'r', 'e', 'd', 'a', '.', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '\0',
+  /* "bredvid.no", true */ 'b', 'r', 'e', 'd', 'v', 'i', 'd', '.', 'n', 'o', '\0',
+  /* "breechdepot.com", false */ 'b', 'r', 'e', 'e', 'c', 'h', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "breeethretail.ru", false */ 'b', 'r', 'e', 'e', 'e', 't', 'h', 'r', 'e', 't', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "breest.net", true */ 'b', 'r', 'e', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "breeswish.org", true */ 'b', 'r', 'e', 'e', 's', 'w', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "breeyn.com", true */ 'b', 'r', 'e', 'e', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brefy.com", true */ 'b', 'r', 'e', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brege.org", true */ 'b', 'r', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "bregnedalsystems.dk", true */ 'b', 'r', 'e', 'g', 'n', 'e', 'd', 'a', 'l', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'k', '\0',
+  /* "breitbild-beamer.de", true */ 'b', 'r', 'e', 'i', 't', 'b', 'i', 'l', 'd', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "brejoc.com", true */ 'b', 'r', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "bremensaki.com", true */ 'b', 'r', 'e', 'm', 'e', 'n', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "brendanscherer.com", true */ 'b', 'r', 'e', 'n', 'd', 'a', 'n', 's', 'c', 'h', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brentacampbell.com", true */ 'b', 'r', 'e', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brentnewbury.com", true */ 'b', 'r', 'e', 'n', 't', 'n', 'e', 'w', 'b', 'u', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bressier.fr", true */ 'b', 'r', 'e', 's', 's', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "bretcarmichael.com", true */ 'b', 'r', 'e', 't', 'c', 'a', 'r', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettabel.com", true */ 'b', 'r', 'e', 't', 't', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettcornwall.com", true */ 'b', 'r', 'e', 't', 't', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "brettelliff.com", true */ 'b', 'r', 'e', 't', 't', 'e', 'l', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bretz-hufer.de", true */ 'b', 'r', 'e', 't', 'z', '-', 'h', 'u', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "bretzner.fr", true */ 'b', 'r', 'e', 't', 'z', 'n', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "brevboxar.se", true */ 'b', 'r', 'e', 'v', 'b', 'o', 'x', 'a', 'r', '.', 's', 'e', '\0',
+  /* "brewsouth.com", true */ 'b', 'r', 'e', 'w', 's', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "brewtrackr.com", true */ 'b', 'r', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "brfvh24.se", true */ 'b', 'r', 'f', 'v', 'h', '2', '4', '.', 's', 'e', '\0',
+  /* "brgins.com", true */ 'b', 'r', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brianalaway.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brianalawayconsulting.com", true */ 'b', 'r', 'i', 'a', 'n', 'a', 'l', 'a', 'w', 'a', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brianfoshee.com", true */ 'b', 'r', 'i', 'a', 'n', 'f', 'o', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brianlanders.us", true */ 'b', 'r', 'i', 'a', 'n', 'l', 'a', 'n', 'd', 'e', 'r', 's', '.', 'u', 's', '\0',
+  /* "brianmwaters.net", true */ 'b', 'r', 'i', 'a', 'n', 'm', 'w', 'a', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "brianroadifer.com", true */ 'b', 'r', 'i', 'a', 'n', 'r', 'o', 'a', 'd', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "briansmith.org", true */ 'b', 'r', 'i', 'a', 'n', 's', 'm', 'i', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "briantkatch.com", true */ 'b', 'r', 'i', 'a', 'n', 't', 'k', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "brianwesaala.com", true */ 'b', 'r', 'i', 'a', 'n', 'w', 'e', 's', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "brickftp.com", true */ 'b', 'r', 'i', 'c', 'k', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "brickheroes.com", true */ 'b', 'r', 'i', 'c', 'k', 'h', 'e', 'r', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brickvortex.com", true */ 'b', 'r', 'i', 'c', 'k', 'v', 'o', 'r', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "brickwerks.io", true */ 'b', 'r', 'i', 'c', 'k', 'w', 'e', 'r', 'k', 's', '.', 'i', 'o', '\0',
+  /* "bricolajeux.ch", true */ 'b', 'r', 'i', 'c', 'o', 'l', 'a', 'j', 'e', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "brid.gy", false */ 'b', 'r', 'i', 'd', '.', 'g', 'y', '\0',
+  /* "brideandgroomdirect.ie", true */ 'b', 'r', 'i', 'd', 'e', 'a', 'n', 'd', 'g', 'r', 'o', 'o', 'm', 'd', 'i', 'r', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "bridgeglobalmarketing.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bridgeout.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bridgevest.com", true */ 'b', 'r', 'i', 'd', 'g', 'e', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bridgingdirectory.com", true */ 'b', 'r', 'i', 'd', 'g', 'i', 'n', 'g', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brie.tech", true */ 'b', 'r', 'i', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "briefhansa.de", true */ 'b', 'r', 'i', 'e', 'f', 'h', 'a', 'n', 's', 'a', '.', 'd', 'e', '\0',
+  /* "brighouse-leisure.co.uk", true */ 'b', 'r', 'i', 'g', 'h', 'o', 'u', 's', 'e', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "brightday.bz", true */ 'b', 'r', 'i', 'g', 'h', 't', 'd', 'a', 'y', '.', 'b', 'z', '\0',
+  /* "brightfuturemadebyme.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'f', 'u', 't', 'u', 'r', 'e', 'm', 'a', 'd', 'e', 'b', 'y', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brightonbank.com", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "brightonbouncycastles.net", true */ 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "brigidaarie.com", true */ 'b', 'r', 'i', 'g', 'i', 'd', 'a', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "brilliantbouncyfun.co.uk", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "brilliantdecisionmaking.com", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'd', 'e', 'c', 'i', 's', 'i', 'o', 'n', 'm', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brilliantproductions.co.nz", true */ 'b', 'r', 'i', 'l', 'l', 'i', 'a', 'n', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "brinkhu.is", true */ 'b', 'r', 'i', 'n', 'k', 'h', 'u', '.', 'i', 's', '\0',
+  /* "brinkmann.one", true */ 'b', 'r', 'i', 'n', 'k', 'm', 'a', 'n', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "brinquedoseducativos.art.br", true */ 'b', 'r', 'i', 'n', 'q', 'u', 'e', 'd', 'o', 's', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'v', 'o', 's', '.', 'a', 'r', 't', '.', 'b', 'r', '\0',
+  /* "brio-shop.ch", true */ 'b', 'r', 'i', 'o', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "brisbanelogistics.com.au", true */ 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "bristebein.com", true */ 'b', 'r', 'i', 's', 't', 'e', 'b', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bristolandwestonsuperbounce.com", true */ 'b', 'r', 'i', 's', 't', 'o', 'l', 'a', 'n', 'd', 'w', 'e', 's', 't', 'o', 'n', 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britelocate.com", true */ 'b', 'r', 'i', 't', 'e', 'l', 'o', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britishbeef.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "britishbookmakers.co.uk", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "britishgroupsg.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'g', 'r', 'o', 'u', 'p', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "britishmeat.com", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 'm', 'e', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "britishsciencefestival.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "britishscienceweek.org", true */ 'b', 'r', 'i', 't', 'i', 's', 'h', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'w', 'e', 'e', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "britneyclause.com", true */ 'b', 'r', 'i', 't', 'n', 'e', 'y', 'c', 'l', 'a', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "britton-photography.com", true */ 'b', 'r', 'i', 't', 't', 'o', 'n', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brivadois.ovh", true */ 'b', 'r', 'i', 'v', 'a', 'd', 'o', 'i', 's', '.', 'o', 'v', 'h', '\0',
+  /* "brmascots.com", true */ 'b', 'r', 'm', 'a', 's', 'c', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brmsalescommunity.com", true */ 'b', 'r', 'm', 's', 'a', 'l', 'e', 's', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "brn.by", true */ 'b', 'r', 'n', '.', 'b', 'y', '\0',
+  /* "bro.hk", true */ 'b', 'r', 'o', '.', 'h', 'k', '\0',
+  /* "broadsheet.com.au", true */ 'b', 'r', 'o', 'a', 'd', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "brockmeyer.net", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "brockmeyer.org", true */ 'b', 'r', 'o', 'c', 'k', 'm', 'e', 'y', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "brodowski.cc", true */ 'b', 'r', 'o', 'd', 'o', 'w', 's', 'k', 'i', '.', 'c', 'c', '\0',
+  /* "broersma.com", true */ 'b', 'r', 'o', 'e', 'r', 's', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "broerweb.nl", true */ 'b', 'r', 'o', 'e', 'r', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "broeselei.at", true */ 'b', 'r', 'o', 'e', 's', 'e', 'l', 'e', 'i', '.', 'a', 't', '\0',
+  /* "brokenhands.io", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'h', 'a', 'n', 'd', 's', '.', 'i', 'o', '\0',
+  /* "brokenjoysticks.net", true */ 'b', 'r', 'o', 'k', 'e', 'n', 'j', 'o', 'y', 's', 't', 'i', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "brokervalues.com", true */ 'b', 'r', 'o', 'k', 'e', 'r', 'v', 'a', 'l', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brompton-cocktail.com", true */ 'b', 'r', 'o', 'm', 'p', 't', 'o', 'n', '-', 'c', 'o', 'c', 'k', 't', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bronetb2b.com.br", true */ 'b', 'r', 'o', 'n', 'e', 't', 'b', '2', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bronevichok.ru", true */ 'b', 'r', 'o', 'n', 'e', 'v', 'i', 'c', 'h', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "bronwynlewis.com", false */ 'b', 'r', 'o', 'n', 'w', 'y', 'n', 'l', 'e', 'w', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brooke-fan.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', '-', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brookehatton.com", true */ 'b', 'r', 'o', 'o', 'k', 'e', 'h', 'a', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "brooklynrealestateblog.com", true */ 'b', 'r', 'o', 'o', 'k', 'l', 'y', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "brossman.it", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'i', 't', '\0',
+  /* "brossmanit.com", true */ 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "brother-printsmart.nl", true */ 'b', 'r', 'o', 't', 'h', 'e', 'r', '-', 'p', 'r', 'i', 'n', 't', 's', 'm', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "brouillard.ch", true */ 'b', 'r', 'o', 'u', 'i', 'l', 'l', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "brownfieldstsc.org", true */ 'b', 'r', 'o', 'w', 'n', 'f', 'i', 'e', 'l', 'd', 's', 't', 's', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "brownlawoffice.us", true */ 'b', 'r', 'o', 'w', 'n', 'l', 'a', 'w', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'u', 's', '\0',
+  /* "browsedns.net", true */ 'b', 'r', 'o', 'w', 's', 'e', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "bru6.de", true */ 'b', 'r', 'u', '6', '.', 'd', 'e', '\0',
+  /* "brucemartin.net", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "brucemobile.de", true */ 'b', 'r', 'u', 'c', 'e', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "bruck.me", true */ 'b', 'r', 'u', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "bruckner.li", true */ 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'l', 'i', '\0',
+  /* "bruna-cdn.nl", true */ 'b', 'r', 'u', 'n', 'a', '-', 'c', 'd', 'n', '.', 'n', 'l', '\0',
+  /* "brunn.email", true */ 'b', 'r', 'u', 'n', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "brunner.ninja", true */ 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "brunoramos.com", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "brunoramos.org", true */ 'b', 'r', 'u', 'n', 'o', 'r', 'a', 'm', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "brunosouza.org", true */ 'b', 'r', 'u', 'n', 'o', 's', 'o', 'u', 'z', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "bruun.co", true */ 'b', 'r', 'u', 'u', 'n', '.', 'c', 'o', '\0',
+  /* "bryankaplan.com", true */ 'b', 'r', 'y', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "bryanquigley.com", true */ 'b', 'r', 'y', 'a', 'n', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bryanshearer.accountant", true */ 'b', 'r', 'y', 'a', 'n', 's', 'h', 'e', 'a', 'r', 'e', 'r', '.', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'a', 'n', 't', '\0',
+  /* "bs-network.net", true */ 'b', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "bs-security.com", true */ 'b', 's', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bs.sb", true */ 'b', 's', '.', 's', 'b', '\0',
+  /* "bs.to", true */ 'b', 's', '.', 't', 'o', '\0',
+  /* "bsagan.fr", true */ 'b', 's', 'a', 'g', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "bsc-rietz.at", true */ 'b', 's', 'c', '-', 'r', 'i', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "bsc01.dyndns.org", true */ 'b', 's', 'c', '0', '1', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bsdfreak.dk", true */ 'b', 's', 'd', 'f', 'r', 'e', 'a', 'k', '.', 'd', 'k', '\0',
+  /* "bsdracing.ca", true */ 'b', 's', 'd', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "bsdug.org", true */ 'b', 's', 'd', 'u', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "bsdunix.xyz", true */ 'b', 's', 'd', 'u', 'n', 'i', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "bsg-aok-muenchen.de", true */ 'b', 's', 'g', '-', 'a', 'o', 'k', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "bsidesf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bsidesf.org", true */ 'b', 's', 'i', 'd', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "bsidessf.com", true */ 'b', 's', 'i', 'd', 'e', 's', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "bsociabl.com", true */ 'b', 's', 'o', 'c', 'i', 'a', 'b', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bsohoekvanholland.nl", true */ 'b', 's', 'o', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "bsquared.org", true */ 'b', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bstoked.net", true */ 'b', 's', 't', 'o', 'k', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "bsw-solution.de", true */ 'b', 's', 'w', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "bt123.xyz", true */ 'b', 't', '1', '2', '3', '.', 'x', 'y', 'z', '\0',
+  /* "bta.lv", false */ 'b', 't', 'a', '.', 'l', 'v', '\0',
+  /* "btc2secure.com", true */ 'b', 't', 'c', '2', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "btcarmory.com", true */ 'b', 't', 'c', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "btcgo.nl", true */ 'b', 't', 'c', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "btcontract.com", true */ 'b', 't', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "btcpop.co", true */ 'b', 't', 'c', 'p', 'o', 'p', '.', 'c', 'o', '\0',
+  /* "btcycle.org", true */ 'b', 't', 'c', 'y', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "btio.pw", true */ 'b', 't', 'i', 'o', '.', 'p', 'w', '\0',
+  /* "btku.org", true */ 'b', 't', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "btnissanparts.com", true */ 'b', 't', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "btorrent.xyz", true */ 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'x', 'y', 'z', '\0',
+  /* "btrb.ml", true */ 'b', 't', 'r', 'b', '.', 'm', 'l', '\0',
+  /* "btserv.de", true */ 'b', 't', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "btsoft.eu", true */ 'b', 't', 's', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "btsow.com", true */ 'b', 't', 's', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "btth.pl", true */ 'b', 't', 't', 'h', '.', 'p', 'l', '\0',
+  /* "btth.tv", true */ 'b', 't', 't', 'h', '.', 't', 'v', '\0',
+  /* "btth.xyz", true */ 'b', 't', 't', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "bubba.cc", true */ 'b', 'u', 'b', 'b', 'a', '.', 'c', 'c', '\0',
+  /* "bubblegumblog.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 'g', 'u', 'm', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bubblespetspa.com", true */ 'b', 'u', 'b', 'b', 'l', 'e', 's', 'p', 'e', 't', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "bubblinghottubs.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'i', 'n', 'g', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bubblybouncers.co.uk", true */ 'b', 'u', 'b', 'b', 'l', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bubhub.io", true */ 'b', 'u', 'b', 'h', 'u', 'b', '.', 'i', 'o', '\0',
+  /* "buch-angucken.de", true */ 'b', 'u', 'c', 'h', '-', 'a', 'n', 'g', 'u', 'c', 'k', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "buck.com", true */ 'b', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buckmulligans.com", true */ 'b', 'u', 'c', 'k', 'm', 'u', 'l', 'l', 'i', 'g', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buckypaper.com", true */ 'b', 'u', 'c', 'k', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "budaev-shop.ru", true */ 'b', 'u', 'd', 'a', 'e', 'v', '-', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "buddhistische-weisheiten.org", true */ 'b', 'u', 'd', 'd', 'h', 'i', 's', 't', 'i', 's', 'c', 'h', 'e', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "buddie5.com", true */ 'b', 'u', 'd', 'd', 'i', 'e', '5', '.', 'c', 'o', 'm', '\0',
+  /* "buddlycrafts.com", true */ 'b', 'u', 'd', 'd', 'l', 'y', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buddyworks.net", true */ 'b', 'u', 'd', 'd', 'y', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "budeanu.com", true */ 'b', 'u', 'd', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "buderus-family.be", true */ 'b', 'u', 'd', 'e', 'r', 'u', 's', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'b', 'e', '\0',
+  /* "budger.nl", true */ 'b', 'u', 'd', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "budgetalk.com", true */ 'b', 'u', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "budgetcastlehire.co.uk", true */ 'b', 'u', 'd', 'g', 'e', 't', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "budgetenergievriendenvoordeel.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'v', 'r', 'i', 'e', 'n', 'd', 'e', 'n', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "budgetlob.gov", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "budgetlovers.nl", true */ 'b', 'u', 'd', 'g', 'e', 't', 'l', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "budgiesballoons.com", true */ 'b', 'u', 'd', 'g', 'i', 'e', 's', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "budntod.com", true */ 'b', 'u', 'd', 'n', 't', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "budolfs.de", true */ 'b', 'u', 'd', 'o', 'l', 'f', 's', '.', 'd', 'e', '\0',
+  /* "buehnenbande.ch", false */ 'b', 'u', 'e', 'h', 'n', 'e', 'n', 'b', 'a', 'n', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "bueltge.de", true */ 'b', 'u', 'e', 'l', 't', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "buenotour.ru", true */ 'b', 'u', 'e', 'n', 'o', 't', 'o', 'u', 'r', '.', 'r', 'u', '\0',
+  /* "buergerdialog.net", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "buergerhaushalt.com", true */ 'b', 'u', 'e', 'r', 'g', 'e', 'r', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "buettgens.net", true */ 'b', 'u', 'e', 't', 't', 'g', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "buffaloautomation.com", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'a', 'u', 't', 'o', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "buffalodrinkinggame.beer", true */ 'b', 'u', 'f', 'f', 'a', 'l', 'o', 'd', 'r', 'i', 'n', 'k', 'i', 'n', 'g', 'g', 'a', 'm', 'e', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "buffhack.com", false */ 'b', 'u', 'f', 'f', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "bug.blue", true */ 'b', 'u', 'g', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "bugcrowd.com", true */ 'b', 'u', 'g', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bugs.chromium.org", true */ 'b', 'u', 'g', 's', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "bugtrack.co.uk", true */ 'b', 'u', 'g', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bugwie.com", true */ 'b', 'u', 'g', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bugzil.la", true */ 'b', 'u', 'g', 'z', 'i', 'l', '.', 'l', 'a', '\0',
+  /* "bugzilla.mozilla.org", true */ 'b', 'u', 'g', 'z', 'i', 'l', 'l', 'a', '.', 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "buiko.com", true */ 'b', 'u', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "build.chromium.org", true */ 'b', 'u', 'i', 'l', 'd', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "buildbox.io", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "buildbytes.com", true */ 'b', 'u', 'i', 'l', 'd', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "building-cost-estimators.com", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '-', 'c', 'o', 's', 't', '-', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buildingcostestimators.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 's', 't', 'e', 's', 't', 'i', 'm', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "builditsolutions.net", true */ 'b', 'u', 'i', 'l', 'd', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "buildkite.com", true */ 'b', 'u', 'i', 'l', 'd', 'k', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buildplease.com", true */ 'b', 'u', 'i', 'l', 'd', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buildrightbuildingservicesltd.co.uk", true */ 'b', 'u', 'i', 'l', 'd', 'r', 'i', 'g', 'h', 't', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "builtvisible.com", true */ 'b', 'u', 'i', 'l', 't', 'v', 'i', 's', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "builtwith.com", true */ 'b', 'u', 'i', 'l', 't', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "buka.jp", true */ 'b', 'u', 'k', 'a', '.', 'j', 'p', '\0',
+  /* "bukkenfan.jp", true */ 'b', 'u', 'k', 'k', 'e', 'n', 'f', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "bul3seas.eu", true */ 'b', 'u', 'l', '3', 's', 'e', 'a', 's', '.', 'e', 'u', '\0',
+  /* "bulario.com", true */ 'b', 'u', 'l', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "bulbcompare.com", true */ 'b', 'u', 'l', 'b', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulbgenie.com", true */ 'b', 'u', 'l', 'b', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "buldogueingles.com.br", true */ 'b', 'u', 'l', 'd', 'o', 'g', 'u', 'e', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bulkcandystore.com", true */ 'b', 'u', 'l', 'k', 'c', 'a', 'n', 'd', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulkingtime.com", true */ 'b', 'u', 'l', 'k', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bulktrade.de", true */ 'b', 'u', 'l', 'k', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "bulkwholesalesweets.co.uk", true */ 'b', 'u', 'l', 'k', 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 's', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bulldog-hosting.de", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "bulldoghire.co.uk", true */ 'b', 'u', 'l', 'l', 'd', 'o', 'g', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bulledair-savons.ch", true */ 'b', 'u', 'l', 'l', 'e', 'd', 'a', 'i', 'r', '-', 's', 'a', 'v', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "bullettags.com", true */ 'b', 'u', 'l', 'l', 'e', 't', 't', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bullterrier.nu", true */ 'b', 'u', 'l', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'u', '\0',
+  /* "bulmastife.com.br", true */ 'b', 'u', 'l', 'm', 'a', 's', 't', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bulwarkhost.com", true */ 'b', 'u', 'l', 'w', 'a', 'r', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "bumshow.ru", true */ 'b', 'u', 'm', 's', 'h', 'o', 'w', '.', 'r', 'u', '\0',
+  /* "bunadarbankinn.is", true */ 'b', 'u', 'n', 'a', 'd', 'a', 'r', 'b', 'a', 'n', 'k', 'i', 'n', 'n', '.', 'i', 's', '\0',
+  /* "bunbun.be", false */ 'b', 'u', 'n', 'b', 'u', 'n', '.', 'b', 'e', '\0',
+  /* "bund-von-theramore.de", true */ 'b', 'u', 'n', 'd', '-', 'v', 'o', 'n', '-', 't', 'h', 'e', 'r', 'a', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "bundaberg.com", true */ 'b', 'u', 'n', 'd', 'a', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "bundespolizei-forum.de", true */ 'b', 'u', 'n', 'd', 'e', 's', 'p', 'o', 'l', 'i', 'z', 'e', 'i', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "bunkyo-life.com", true */ 'b', 'u', 'n', 'k', 'y', 'o', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bunny-rabbits.com", true */ 'b', 'u', 'n', 'n', 'y', '-', 'r', 'a', 'b', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bunnyvishal.com", true */ 'b', 'u', 'n', 'n', 'y', 'v', 'i', 's', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bunzy.ca", true */ 'b', 'u', 'n', 'z', 'y', '.', 'c', 'a', '\0',
+  /* "buonventosbt.eu", true */ 'b', 'u', 'o', 'n', 'v', 'e', 'n', 't', 'o', 's', 'b', 't', '.', 'e', 'u', '\0',
+  /* "bupropion.com", true */ 'b', 'u', 'p', 'r', 'o', 'p', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "burcevo.info", true */ 'b', 'u', 'r', 'c', 'e', 'v', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "burckardtnet.de", true */ 'b', 'u', 'r', 'c', 'k', 'a', 'r', 'd', 't', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "burgers.io", true */ 'b', 'u', 'r', 'g', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "burghardt.pl", true */ 'b', 'u', 'r', 'g', 'h', 'a', 'r', 'd', 't', '.', 'p', 'l', '\0',
+  /* "buri.be", false */ 'b', 'u', 'r', 'i', '.', 'b', 'e', '\0',
+  /* "buricloud.fr", true */ 'b', 'u', 'r', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0',
+  /* "burke.services", true */ 'b', 'u', 'r', 'k', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "burlapsac.ca", true */ 'b', 'u', 'r', 'l', 'a', 'p', 's', 'a', 'c', '.', 'c', 'a', '\0',
+  /* "burnerfitness.com", true */ 'b', 'u', 'r', 'n', 'e', 'r', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "burnhamonseabouncycastles.co.uk", true */ 'b', 'u', 'r', 'n', 'h', 'a', 'm', 'o', 'n', 's', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "burningbird.net", true */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'b', 'i', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "burningflipside.com", false */ 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'f', 'l', 'i', 'p', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "burntfish.com", true */ 'b', 'u', 'r', 'n', 't', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "burnworks.com", true */ 'b', 'u', 'r', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buronwater.com", true */ 'b', 'u', 'r', 'o', 'n', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "burr.is", true */ 'b', 'u', 'r', 'r', '.', 'i', 's', '\0',
+  /* "burroughsid.com", true */ 'b', 'u', 'r', 'r', 'o', 'u', 'g', 'h', 's', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bursaries-southafrica.co.za", true */ 'b', 'u', 'r', 's', 'a', 'r', 'i', 'e', 's', '-', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "burtrum.family", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "burtrum.me", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'm', 'e', '\0',
+  /* "burtrum.name", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "burtrum.org", true */ 'b', 'u', 'r', 't', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "burzmali.com", true */ 'b', 'u', 'r', 'z', 'm', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "buserror.cn", true */ 'b', 'u', 's', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'n', '\0',
+  /* "bushbaby.com", true */ 'b', 'u', 's', 'h', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "bushcraftfriends.com", true */ 'b', 'u', 's', 'h', 'c', 'r', 'a', 'f', 't', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "busindre.com", true */ 'b', 'u', 's', 'i', 'n', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "business-garden.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "business.facebook.com", false */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "businessadviceperth.com.au", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'd', 'v', 'i', 'c', 'e', 'p', 'e', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "businessamongus.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'a', 'm', 'o', 'n', 'g', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "businesscentermarin.ch", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "businessesdirectory.eu", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 's', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0',
+  /* "businessetmarketing.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "businessimmigration-eu.com", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "businessimmigration-eu.ru", true */ 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '-', 'e', 'u', '.', 'r', 'u', '\0',
+  /* "bustadice.com", true */ 'b', 'u', 's', 't', 'a', 'd', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bustimes.org", true */ 'b', 'u', 's', 't', 'i', 'm', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "bustup-tips.com", true */ 'b', 'u', 's', 't', 'u', 'p', '-', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "butarque.es", true */ 'b', 'u', 't', 'a', 'r', 'q', 'u', 'e', '.', 'e', 's', '\0',
+  /* "buthowdoyoubuygroceries.com", true */ 'b', 'u', 't', 'h', 'o', 'w', 'd', 'o', 'y', 'o', 'u', 'b', 'u', 'y', 'g', 'r', 'o', 'c', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "butikvip.ru", true */ 'b', 'u', 't', 'i', 'k', 'v', 'i', 'p', '.', 'r', 'u', '\0',
+  /* "butt.repair", true */ 'b', 'u', 't', 't', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0',
+  /* "buttercupstraining.co.uk", true */ 'b', 'u', 't', 't', 'e', 'r', 'c', 'u', 'p', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "buttermilk.cf", true */ 'b', 'u', 't', 't', 'e', 'r', 'm', 'i', 'l', 'k', '.', 'c', 'f', '\0',
+  /* "buttonline.ch", true */ 'b', 'u', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "buturyu.net", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'n', 'e', 't', '\0',
+  /* "buturyu.org", true */ 'b', 'u', 't', 'u', 'r', 'y', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "buxum-communication.ch", true */ 'b', 'u', 'x', 'u', 'm', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "buy-thing.com", true */ 'b', 'u', 'y', '-', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "buyaccessible.gov", true */ 'b', 'u', 'y', 'a', 'c', 'c', 'e', 's', 's', 'i', 'b', 'l', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "buydesired.com", true */ 'b', 'u', 'y', 'd', 'e', 's', 'i', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "buydissertations.com", true */ 'b', 'u', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buyerdocs.com", true */ 'b', 'u', 'y', 'e', 'r', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "buyessay.org", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "buyessays.net", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "buyessayscheap.com", true */ 'b', 'u', 'y', 'e', 's', 's', 'a', 'y', 's', 'c', 'h', 'e', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "buyharpoon.com", true */ 'b', 'u', 'y', 'h', 'a', 'r', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "buyinginvestmentproperty.com", true */ 'b', 'u', 'y', 'i', 'n', 'g', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "buymindhack.com", true */ 'b', 'u', 'y', 'm', 'i', 'n', 'd', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buypapercheap.net", true */ 'b', 'u', 'y', 'p', 'a', 'p', 'e', 'r', 'c', 'h', 'e', 'a', 'p', '.', 'n', 'e', 't', '\0',
+  /* "buyseo.store", true */ 'b', 'u', 'y', 's', 'e', 'o', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "buytheway.co.za", true */ 'b', 'u', 'y', 't', 'h', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "buzz.tools", true */ 'b', 'u', 'z', 'z', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "buzzconf.io", true */ 'b', 'u', 'z', 'z', 'c', 'o', 'n', 'f', '.', 'i', 'o', '\0',
+  /* "buzzdeck.com", true */ 'b', 'u', 'z', 'z', 'd', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "buzzprint.it", true */ 'b', 'u', 'z', 'z', 'p', 'r', 'i', 'n', 't', '.', 'i', 't', '\0',
+  /* "bvalle.com", true */ 'b', 'v', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bvionline.eu", true */ 'b', 'v', 'i', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "bvl.aero", true */ 'b', 'v', 'l', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "bvv-europe.eu", true */ 'b', 'v', 'v', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "bw.codes", true */ 'b', 'w', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "bwcscorecard.org", true */ 'b', 'w', 'c', 's', 'c', 'o', 'r', 'e', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "bwh1.net", true */ 'b', 'w', 'h', '1', '.', 'n', 'e', 't', '\0',
+  /* "bwilkinson.co.uk", true */ 'b', 'w', 'i', 'l', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "bws16.de", true */ 'b', 'w', 's', '1', '6', '.', 'd', 'e', '\0',
+  /* "bwwb.nu", true */ 'b', 'w', 'w', 'b', '.', 'n', 'u', '\0',
+  /* "bx-n.de", true */ 'b', 'x', '-', 'n', '.', 'd', 'e', '\0',
+  /* "bxdev.me", true */ 'b', 'x', 'd', 'e', 'v', '.', 'm', 'e', '\0',
+  /* "bxp40.at", true */ 'b', 'x', 'p', '4', '0', '.', 'a', 't', '\0',
+  /* "by1896.com", true */ 'b', 'y', '1', '8', '9', '6', '.', 'c', 'o', 'm', '\0',
+  /* "by1899.com", true */ 'b', 'y', '1', '8', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "by77.com", true */ 'b', 'y', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "by777.com", true */ 'b', 'y', '7', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "byatte.com", true */ 'b', 'y', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byeskille.no", true */ 'b', 'y', 'e', 's', 'k', 'i', 'l', 'l', 'e', '.', 'n', 'o', '\0',
+  /* "bygningsregistrering.dk", true */ 'b', 'y', 'g', 'n', 'i', 'n', 'g', 's', 'r', 'e', 'g', 'i', 's', 't', 'r', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'k', '\0',
+  /* "byiu.info", true */ 'b', 'y', 'i', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "byken.cn", true */ 'b', 'y', 'k', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "bymark.co", true */ 'b', 'y', 'm', 'a', 'r', 'k', '.', 'c', 'o', '\0',
+  /* "bymike.co", true */ 'b', 'y', 'm', 'i', 'k', 'e', '.', 'c', 'o', '\0',
+  /* "bynder.com", true */ 'b', 'y', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "bypass.sh", true */ 'b', 'y', 'p', 'a', 's', 's', '.', 's', 'h', '\0',
+  /* "byrko.cz", true */ 'b', 'y', 'r', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "byrko.sk", true */ 'b', 'y', 'r', 'k', 'o', '.', 's', 'k', '\0',
+  /* "byronr.com", true */ 'b', 'y', 'r', 'o', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "byronwade.com", true */ 'b', 'y', 'r', 'o', 'n', 'w', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byrtz.de", true */ 'b', 'y', 'r', 't', 'z', '.', 'd', 'e', '\0',
+  /* "byte-time.com", true */ 'b', 'y', 't', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bytearts.net", true */ 'b', 'y', 't', 'e', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "bytebucket.org", true */ 'b', 'y', 't', 'e', 'b', 'u', 'c', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "bytecode.no", true */ 'b', 'y', 't', 'e', 'c', 'o', 'd', 'e', '.', 'n', 'o', '\0',
+  /* "bytejail.com", true */ 'b', 'y', 't', 'e', 'j', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "bytema.cz", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "bytema.re", true */ 'b', 'y', 't', 'e', 'm', 'a', '.', 'r', 'e', '\0',
+  /* "byteowls.com", false */ 'b', 'y', 't', 'e', 'o', 'w', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bytes.fyi", true */ 'b', 'y', 't', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "bytesatwork.de", true */ 'b', 'y', 't', 'e', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "byteshark.org", true */ 'b', 'y', 't', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "bytesizedalex.com", true */ 'b', 'y', 't', 'e', 's', 'i', 'z', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "bytesofcode.de", true */ 'b', 'y', 't', 'e', 's', 'o', 'f', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "bytesunlimited.com", true */ 'b', 'y', 't', 'e', 's', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "bytesystems.com", true */ 'b', 'y', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "byteturtle.eu", true */ 'b', 'y', 't', 'e', 't', 'u', 'r', 't', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "bythisverse.com", true */ 'b', 'y', 't', 'h', 'i', 's', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "byvshie.com", true */ 'b', 'y', 'v', 's', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "bziaks.xyz", true */ 'b', 'z', 'i', 'a', 'k', 's', '.', 'x', 'y', 'z', '\0',
+  /* "bzsparks.com", true */ 'b', 'z', 's', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "bztech.com.br", true */ 'b', 'z', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "bzv-fr.eu", true */ 'b', 'z', 'v', '-', 'f', 'r', '.', 'e', 'u', '\0',
+  /* "c-aeroconsult.com", true */ 'c', '-', 'a', 'e', 'r', 'o', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "c-path.org", true */ 'c', '-', 'p', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "c-rom.fr", true */ 'c', '-', 'r', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "c-rtx.com", true */ 'c', '-', 'r', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "c-shock.org", true */ 'c', '-', 's', 'h', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "c-webdesign.net", true */ 'c', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'n', 'e', 't', '\0',
+  /* "c-world.co.uk", true */ 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "c.cc", true */ 'c', '.', 'c', 'c', '\0',
+  /* "c2design.it", true */ 'c', '2', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0',
+  /* "c2o-library.net", true */ 'c', '2', 'o', '-', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "c2o2.xyz", true */ 'c', '2', 'o', '2', '.', 'x', 'y', 'z', '\0',
+  /* "c3ie.com", true */ 'c', '3', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "c3vo.de", true */ 'c', '3', 'v', 'o', '.', 'd', 'e', '\0',
+  /* "c3w.at", true */ 'c', '3', 'w', '.', 'a', 't', '\0',
+  /* "c4.hk", true */ 'c', '4', '.', 'h', 'k', '\0',
+  /* "c4539.com", true */ 'c', '4', '5', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "c4k3.net", true */ 'c', '4', 'k', '3', '.', 'n', 'e', 't', '\0',
+  /* "c7dn.com", true */ 'c', '7', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ca-key.de", true */ 'c', 'a', '-', 'k', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "ca-terminal-multiservices.fr", true */ 'c', 'a', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '-', 'm', 'u', 'l', 't', 'i', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "ca.gparent.org", true */ 'c', 'a', '.', 'g', 'p', 'a', 'r', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ca.search.yahoo.com", false */ 'c', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ca5.de", true */ 'c', 'a', '5', '.', 'd', 'e', '\0',
+  /* "caasd.org", true */ 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "cabaladada.org", true */ 'c', 'a', 'b', 'a', 'l', 'a', 'd', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cabarave.com", true */ 'c', 'a', 'b', 'a', 'r', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cabforum.org", true */ 'c', 'a', 'b', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "cablemod.com", true */ 'c', 'a', 'b', 'l', 'e', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cablesandkits.com", true */ 'c', 'a', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'k', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cabotfinancial.co.uk", true */ 'c', 'a', 'b', 'o', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cacao-chocolate.com", true */ 'c', 'a', 'c', 'a', 'o', '-', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cacao.supply", true */ 'c', 'a', 'c', 'a', 'o', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "cacaolalina.com", true */ 'c', 'a', 'c', 'a', 'o', 'l', 'a', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cacaumidade.com.br", true */ 'c', 'a', 'c', 'a', 'u', 'm', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caceis.bank", true */ 'c', 'a', 'c', 'e', 'i', 's', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "cachetagalong.com", true */ 'c', 'a', 'c', 'h', 'e', 't', 'a', 'g', 'a', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cachethq.io", true */ 'c', 'a', 'c', 'h', 'e', 't', 'h', 'q', '.', 'i', 'o', '\0',
+  /* "cackette.com", true */ 'c', 'a', 'c', 'k', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cadenadg.gr", true */ 'c', 'a', 'd', 'e', 'n', 'a', 'd', 'g', '.', 'g', 'r', '\0',
+  /* "cadetsge.ch", true */ 'c', 'a', 'd', 'e', 't', 's', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "cadmail.nl", true */ 'c', 'a', 'd', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "cadman.pw", true */ 'c', 'a', 'd', 'm', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "cadooz.com", true */ 'c', 'a', 'd', 'o', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "cadorama.fr", true */ 'c', 'a', 'd', 'o', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "cadoth.net", true */ 'c', 'a', 'd', 'o', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "cadsys.net", true */ 'c', 'a', 'd', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "cadusilva.com", true */ 'c', 'a', 'd', 'u', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "caerostris.com", true */ 'c', 'a', 'e', 'r', 'o', 's', 't', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caesarkabalan.com", true */ 'c', 'a', 'e', 's', 'a', 'r', 'k', 'a', 'b', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cafechesscourt.com", true */ 'c', 'a', 'f', 'e', 'c', 'h', 'e', 's', 's', 'c', 'o', 'u', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cafefresco.pe", true */ 'c', 'a', 'f', 'e', 'f', 'r', 'e', 's', 'c', 'o', '.', 'p', 'e', '\0',
+  /* "cafelandia.net", true */ 'c', 'a', 'f', 'e', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cafeobscura.nl", true */ 'c', 'a', 'f', 'e', 'o', 'b', 's', 'c', 'u', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "caferagazzi.de", true */ 'c', 'a', 'f', 'e', 'r', 'a', 'g', 'a', 'z', 'z', 'i', '.', 'd', 'e', '\0',
+  /* "caffeinatedcode.com", true */ 'c', 'a', 'f', 'f', 'e', 'i', 'n', 'a', 't', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cainhosting.com", false */ 'c', 'a', 'i', 'n', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cairnterrier.com.br", true */ 'c', 'a', 'i', 'r', 'n', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cais.de", true */ 'c', 'a', 'i', 's', '.', 'd', 'e', '\0',
+  /* "caitcs.com", true */ 'c', 'a', 'i', 't', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caizx.com", false */ 'c', 'a', 'i', 'z', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "caja-pdf.es", true */ 'c', 'a', 'j', 'a', '-', 'p', 'd', 'f', '.', 'e', 's', '\0',
+  /* "cajunuk.co.uk", true */ 'c', 'a', 'j', 'u', 'n', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cake-time.co.uk", true */ 'c', 'a', 'k', 'e', '-', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cakestart.net", true */ 'c', 'a', 'k', 'e', 's', 't', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "caketoindia.com", true */ 'c', 'a', 'k', 'e', 't', 'o', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cakingandbaking.com", true */ 'c', 'a', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cal.goip.de", true */ 'c', 'a', 'l', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "cal9000.com", true */ 'c', 'a', 'l', '9', '0', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "calaad.net", true */ 'c', 'a', 'l', 'a', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "calabasaselectrical.com", true */ 'c', 'a', 'l', 'a', 'b', 'a', 's', 'a', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "calaborlawnews.com", true */ 'c', 'a', 'l', 'a', 'b', 'o', 'r', 'l', 'a', 'w', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calafont.cat", true */ 'c', 'a', 'l', 'a', 'f', 'o', 'n', 't', '.', 'c', 'a', 't', '\0',
+  /* "calc.pw", true */ 'c', 'a', 'l', 'c', '.', 'p', 'w', '\0',
+  /* "calculator-imt.com", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '-', 'i', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "calculator.tf", true */ 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 't', 'f', '\0',
+  /* "calcworkshop.com", true */ 'c', 'a', 'l', 'c', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "caldecotevillagehall.co.uk", true */ 'c', 'a', 'l', 'd', 'e', 'c', 'o', 't', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'h', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "calebmorris.com", false */ 'c', 'a', 'l', 'e', 'b', 'm', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calendarr.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "calendarsnow.com", true */ 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "caletka.cz", true */ 'c', 'a', 'l', 'e', 't', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "calgoty.com", true */ 'c', 'a', 'l', 'g', 'o', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "calibreapp.com", true */ 'c', 'a', 'l', 'i', 'b', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "calibso.net", true */ 'c', 'a', 'l', 'i', 'b', 's', 'o', '.', 'n', 'e', 't', '\0',
+  /* "caliderumba.com", true */ 'c', 'a', 'l', 'i', 'd', 'e', 'r', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "calidoinvierno.com", true */ 'c', 'a', 'l', 'i', 'd', 'o', 'i', 'n', 'v', 'i', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "calixte-concept.fr", true */ 'c', 'a', 'l', 'i', 'x', 't', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'f', 'r', '\0',
+  /* "call.me", true */ 'c', 'a', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "callear.org", true */ 'c', 'a', 'l', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "calleveryday.com", true */ 'c', 'a', 'l', 'l', 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "callhub.io", true */ 'c', 'a', 'l', 'l', 'h', 'u', 'b', '.', 'i', 'o', '\0',
+  /* "callision.com", true */ 'c', 'a', 'l', 'l', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "calltoar.ms", true */ 'c', 'a', 'l', 'l', 't', 'o', 'a', 'r', '.', 'm', 's', '\0',
+  /* "calmtech.com", true */ 'c', 'a', 'l', 'm', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "calories.org", true */ 'c', 'a', 'l', 'o', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "calotte-academy.com", true */ 'c', 'a', 'l', 'o', 't', 't', 'e', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "calvin.my", true */ 'c', 'a', 'l', 'v', 'i', 'n', '.', 'm', 'y', '\0',
+  /* "calypso-tour.net", true */ 'c', 'a', 'l', 'y', 'p', 's', 'o', '-', 't', 'o', 'u', 'r', '.', 'n', 'e', 't', '\0',
+  /* "calyxengineers.com", true */ 'c', 'a', 'l', 'y', 'x', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "calyxinstitute.org", false */ 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "camaradivisas.com", true */ 'c', 'a', 'm', 'a', 'r', 'a', 'd', 'i', 'v', 'i', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "camaras.uno", true */ 'c', 'a', 'm', 'a', 'r', 'a', 's', '.', 'u', 'n', 'o', '\0',
+  /* "camarilloelectrical.com", true */ 'c', 'a', 'm', 'a', 'r', 'i', 'l', 'l', 'o', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "camaya.net", true */ 'c', 'a', 'm', 'a', 'y', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cambier.org", true */ 'c', 'a', 'm', 'b', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "cambiowatch.ch", true */ 'c', 'a', 'm', 'b', 'i', 'o', 'w', 'a', 't', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "cambodian.dating", true */ 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "cambridgebouncers.co.uk", true */ 'c', 'a', 'm', 'b', 'r', 'i', 'd', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "camconn.cc", true */ 'c', 'a', 'm', 'c', 'o', 'n', 'n', '.', 'c', 'c', '\0',
+  /* "camel2243.com", true */ 'c', 'a', 'm', 'e', 'l', '2', '2', '4', '3', '.', 'c', 'o', 'm', '\0',
+  /* "cameraviva.com.br", true */ 'c', 'a', 'm', 'e', 'r', 'a', 'v', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "camerweb.es", true */ 'c', 'a', 'm', 'e', 'r', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "camilomodzz.net", true */ 'c', 'a', 'm', 'i', 'l', 'o', 'm', 'o', 'd', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "camp-pleinsoleil.ch", true */ 'c', 'a', 'm', 'p', '-', 'p', 'l', 'e', 'i', 'n', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "camp.co.uk", true */ 'c', 'a', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "campaign-ad.com", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '-', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "campaign.gov.uk", true */ 'c', 'a', 'm', 'p', 'a', 'i', 'g', 'n', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "campbrainybunch.com", true */ 'c', 'a', 'm', 'p', 'b', 'r', 'a', 'i', 'n', 'y', 'b', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "campcambodia.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'm', 'b', 'o', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "campcanada.org", true */ 'c', 'a', 'm', 'p', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "campeonatoalemao.com.br", true */ 'c', 'a', 'm', 'p', 'e', 'o', 'n', 'a', 't', 'o', 'a', 'l', 'e', 'm', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "camperdays.de", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'd', 'a', 'y', 's', '.', 'd', 'e', '\0',
+  /* "camperlist.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "campermanaustralia.com", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'm', 'a', 'n', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "campertrailerfinance.com.au", true */ 'c', 'a', 'm', 'p', 'e', 'r', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "camperverzekerd.nl", true */ 'c', 'a', 'm', 'p', 'e', 'r', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "campfiretails.org", true */ 'c', 'a', 'm', 'p', 'f', 'i', 'r', 'e', 't', 'a', 'i', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "campfourpaws.com", true */ 'c', 'a', 'm', 'p', 'f', 'o', 'u', 'r', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "campingdreams.com", true */ 'c', 'a', 'm', 'p', 'i', 'n', 'g', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "campistry.net", true */ 'c', 'a', 'm', 'p', 'i', 's', 't', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "campula.cz", true */ 'c', 'a', 'm', 'p', 'u', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "campus-cybersecurity.team", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 't', 'e', 'a', 'm', '\0',
+  /* "campus-finance.com", true */ 'c', 'a', 'm', 'p', 'u', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "campuswire.com", true */ 'c', 'a', 'm', 'p', 'u', 's', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "campwabashi.org", true */ 'c', 'a', 'm', 'p', 'w', 'a', 'b', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "camsky.de", true */ 'c', 'a', 'm', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "canada-tourisme.ch", true */ 'c', 'a', 'n', 'a', 'd', 'a', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "canadalife.de", true */ 'c', 'a', 'n', 'a', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "canadasmotorcycle.ca", true */ 'c', 'a', 'n', 'a', 'd', 'a', 's', 'm', 'o', 't', 'o', 'r', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "canadian.dating", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "canadianchristianity.com", false */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "canadiantouristboard.com", true */ 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 't', 'o', 'u', 'r', 'i', 's', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "canalsidehouse.be", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'b', 'e', '\0',
+  /* "canalsidehouse.com", true */ 'c', 'a', 'n', 'a', 'l', 's', 'i', 'd', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "canarianlegalalliance.com", true */ 'c', 'a', 'n', 'a', 'r', 'i', 'a', 'n', 'l', 'e', 'g', 'a', 'l', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "canarymod.net", false */ 'c', 'a', 'n', 'a', 'r', 'y', 'm', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "cancerdata.nhs.uk", true */ 'c', 'a', 'n', 'c', 'e', 'r', 'd', 'a', 't', 'a', '.', 'n', 'h', 's', '.', 'u', 'k', '\0',
+  /* "candicecity.com", true */ 'c', 'a', 'n', 'd', 'i', 'c', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "candidasa.com", true */ 'c', 'a', 'n', 'd', 'i', 'd', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "candlcastles.co.uk", true */ 'c', 'a', 'n', 'd', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cando.eu", true */ 'c', 'a', 'n', 'd', 'o', '.', 'e', 'u', '\0',
+  /* "candy-it.de", true */ 'c', 'a', 'n', 'd', 'y', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "candykidsentertainment.co.uk", true */ 'c', 'a', 'n', 'd', 'y', 'k', 'i', 'd', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "candylion.rocks", true */ 'c', 'a', 'n', 'd', 'y', 'l', 'i', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "candyout.com", true */ 'c', 'a', 'n', 'd', 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "canerkorkmaz.com", true */ 'c', 'a', 'n', 'e', 'r', 'k', 'o', 'r', 'k', 'm', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "canhazip.com", true */ 'c', 'a', 'n', 'h', 'a', 'z', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "canifis.net", true */ 'c', 'a', 'n', 'i', 'f', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "canihavesome.coffee", true */ 'c', 'a', 'n', 'i', 'h', 'a', 'v', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "canlidoviz.com", true */ 'c', 'a', 'n', 'l', 'i', 'd', 'o', 'v', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "canmipai.com", true */ 'c', 'a', 'n', 'm', 'i', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cannabis-marijuana.com", true */ 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '-', 'm', 'a', 'r', 'i', 'j', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cannarobotics.com", true */ 'c', 'a', 'n', 'n', 'a', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cannyfoxx.me", true */ 'c', 'a', 'n', 'n', 'y', 'f', 'o', 'x', 'x', '.', 'm', 'e', '\0',
+  /* "canoonic.se", true */ 'c', 'a', 'n', 'o', 'o', 'n', 'i', 'c', '.', 's', 'e', '\0',
+  /* "cantatio.ch", true */ 'c', 'a', 'n', 't', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "canterberry.cc", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'c', '\0',
+  /* "canterburybouncycastlehire.co.uk", true */ 'c', 'a', 'n', 't', 'e', 'r', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cantrack.com", true */ 'c', 'a', 'n', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "canva-dev.com", true */ 'c', 'a', 'n', 'v', 'a', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "canva.com", true */ 'c', 'a', 'n', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "canyoupwn.me", true */ 'c', 'a', 'n', 'y', 'o', 'u', 'p', 'w', 'n', '.', 'm', 'e', '\0',
+  /* "cao.gov", true */ 'c', 'a', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cao.la", true */ 'c', 'a', 'o', '.', 'l', 'a', '\0',
+  /* "caodecristachines.com.br", true */ 'c', 'a', 'o', 'd', 'e', 'c', 'r', 'i', 's', 't', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caodesantohumberto.com.br", true */ 'c', 'a', 'o', 'd', 'e', 's', 'a', 'n', 't', 'o', 'h', 'u', 'm', 'b', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caoyu.info", true */ 'c', 'a', 'o', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "capacent.is", true */ 'c', 'a', 'p', 'a', 'c', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "capachitos.cl", true */ 'c', 'a', 'p', 'a', 'c', 'h', 'i', 't', 'o', 's', '.', 'c', 'l', '\0',
+  /* "capacitacionyautoempleo.com", true */ 'c', 'a', 'p', 'a', 'c', 'i', 't', 'a', 'c', 'i', 'o', 'n', 'y', 'a', 'u', 't', 'o', 'e', 'm', 'p', 'l', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "capekeen.com", true */ 'c', 'a', 'p', 'e', 'k', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "capellidipremoli.com", true */ 'c', 'a', 'p', 'e', 'l', 'l', 'i', 'd', 'i', 'p', 'r', 'e', 'm', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "caphane.com", true */ 'c', 'a', 'p', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capimlimaoflores.com.br", true */ 'c', 'a', 'p', 'i', 'm', 'l', 'i', 'm', 'a', 'o', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "capitainebaggy.ch", true */ 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 'b', 'a', 'g', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "capital-match.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "capitalcap.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "capitalcollections.org.uk", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "capitalibre.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capitalism.party", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'i', 's', 'm', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "capitalonecardservice.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'o', 'n', 'e', 'c', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capitalp.jp", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'p', '.', 'j', 'p', '\0',
+  /* "capitalquadatv.org.nz", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 'q', 'u', 'a', 'd', 'a', 't', 'v', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "capitaltg.com", true */ 'c', 'a', 'p', 'i', 't', 'a', 'l', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "capitolpathways.org", true */ 'c', 'a', 'p', 'i', 't', 'o', 'l', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "caplinbouncycastles.co.uk", true */ 'c', 'a', 'p', 'l', 'i', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "capper.de", true */ 'c', 'a', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "capriccio.to", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'c', 'i', 'o', '.', 't', 'o', '\0',
+  /* "caprichosdevicky.com", true */ 'c', 'a', 'p', 'r', 'i', 'c', 'h', 'o', 's', 'd', 'e', 'v', 'i', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "capstansecurity.co.uk", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "capstansecurity.com", true */ 'c', 'a', 'p', 's', 't', 'a', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "captalize.com", true */ 'c', 'a', 'p', 't', 'a', 'l', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "capturapp.com", false */ 'c', 'a', 'p', 't', 'u', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "capture-app.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "captured-symphonies.com", true */ 'c', 'a', 'p', 't', 'u', 'r', 'e', 'd', '-', 's', 'y', 'm', 'p', 'h', 'o', 'n', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "capuchinox.com", true */ 'c', 'a', 'p', 'u', 'c', 'h', 'i', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "caputo.com", true */ 'c', 'a', 'p', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "caputodesign.com", true */ 'c', 'a', 'p', 'u', 't', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "car-shop.top", true */ 'c', 'a', 'r', '-', 's', 'h', 'o', 'p', '.', 't', 'o', 'p', '\0',
+  /* "car.info", true */ 'c', 'a', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "car24.de", true */ 'c', 'a', 'r', '2', '4', '.', 'd', 'e', '\0',
+  /* "car24portal.de", true */ 'c', 'a', 'r', '2', '4', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "carauctionnetwork.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsalabama.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'a', 'l', 'a', 'b', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionscarolina.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsgeorgia.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carauctionsillinois.com", true */ 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'i', 'l', 'l', 'i', 'n', 'o', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carbon-designz.com", true */ 'c', 'a', 'r', 'b', 'o', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "carbon12.org", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 'o', 'r', 'g', '\0',
+  /* "carbon12.software", true */ 'c', 'a', 'r', 'b', 'o', 'n', '1', '2', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "carbonmade.com", false */ 'c', 'a', 'r', 'b', 'o', 'n', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "carbono.uy", true */ 'c', 'a', 'r', 'b', 'o', 'n', 'o', '.', 'u', 'y', '\0',
+  /* "carck.co.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carck.uk", true */ 'c', 'a', 'r', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "card-cashing.com", true */ 'c', 'a', 'r', 'd', '-', 'c', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "carddreams.be", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'b', 'e', '\0',
+  /* "carddreams.de", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'd', 'e', '\0',
+  /* "carddreams.es", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'e', 's', '\0',
+  /* "carddreams.nl", true */ 'c', 'a', 'r', 'd', 'd', 'r', 'e', 'a', 'm', 's', '.', 'n', 'l', '\0',
+  /* "cardelmar.com", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cardelmar.de", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "cardelmar.es", true */ 'c', 'a', 'r', 'd', 'e', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0',
+  /* "cardranking.jp", true */ 'c', 'a', 'r', 'd', 'r', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "cardrecovery.fr", true */ 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'f', 'r', '\0',
+  /* "cardxl.be", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'b', 'e', '\0',
+  /* "cardxl.de", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'd', 'e', '\0',
+  /* "cardxl.fr", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'f', 'r', '\0',
+  /* "cardxl.nl", true */ 'c', 'a', 'r', 'd', 'x', 'l', '.', 'n', 'l', '\0',
+  /* "care4all.com", true */ 'c', 'a', 'r', 'e', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "careeapp.com", true */ 'c', 'a', 'r', 'e', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "careeroptionscoach.com", true */ 'c', 'a', 'r', 'e', 'e', 'r', 'o', 'p', 't', 'i', 'o', 'n', 's', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "carefour.nl", true */ 'c', 'a', 'r', 'e', 'f', 'o', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "caremad.io", true */ 'c', 'a', 'r', 'e', 'm', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "careplasticsurgery.com", true */ 'c', 'a', 'r', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "caretta.co.uk", true */ 'c', 'a', 'r', 'e', 't', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carey.bio", true */ 'c', 'a', 'r', 'e', 'y', '.', 'b', 'i', 'o', '\0',
+  /* "carey.li", true */ 'c', 'a', 'r', 'e', 'y', '.', 'l', 'i', '\0',
+  /* "careyshop.cn", true */ 'c', 'a', 'r', 'e', 'y', 's', 'h', 'o', 'p', '.', 'c', 'n', '\0',
+  /* "carezone.com", false */ 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cargobay.net", true */ 'c', 'a', 'r', 'g', 'o', 'b', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "caribbean.dating", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "caribbeanarthritisfoundation.org", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'a', 'r', 't', 'h', 'r', 'i', 't', 'i', 's', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "caribbeanexams.com", true */ 'c', 'a', 'r', 'i', 'b', 'b', 'e', 'a', 'n', 'e', 'x', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carif-idf.net", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "carif-idf.org", true */ 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "carigami.fr", true */ 'c', 'a', 'r', 'i', 'g', 'a', 'm', 'i', '.', 'f', 'r', '\0',
+  /* "carinsurance.es", true */ 'c', 'a', 'r', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'e', 's', '\0',
+  /* "cariocacooking.com", true */ 'c', 'a', 'r', 'i', 'o', 'c', 'a', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "carisenda.com", true */ 'c', 'a', 'r', 'i', 's', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carlandfaith.com", true */ 'c', 'a', 'r', 'l', 'a', 'n', 'd', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "carlgo11.com", true */ 'c', 'a', 'r', 'l', 'g', 'o', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "carlife-at.jp", true */ 'c', 'a', 'r', 'l', 'i', 'f', 'e', '-', 'a', 't', '.', 'j', 'p', '\0',
+  /* "carlili.fr", true */ 'c', 'a', 'r', 'l', 'i', 'l', 'i', '.', 'f', 'r', '\0',
+  /* "carlingfordapartments.com.au", true */ 'c', 'a', 'r', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "carlmjohnson.net", true */ 'c', 'a', 'r', 'l', 'm', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "carloshmm.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'h', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "carlosjeurissen.com", true */ 'c', 'a', 'r', 'l', 'o', 's', 'j', 'e', 'u', 'r', 'i', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carlsbouncycastlesandhottubs.co.uk", true */ 'c', 'a', 'r', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'n', 'd', 'h', 'o', 't', 't', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "carnaticalifornia.com", true */ 'c', 'a', 'r', 'n', 'a', 't', 'i', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "carnet-du-voyageur.com", true */ 'c', 'a', 'r', 'n', 'e', 't', '-', 'd', 'u', '-', 'v', 'o', 'y', 'a', 'g', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "carnildo.com", true */ 'c', 'a', 'r', 'n', 'i', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "caroes.be", true */ 'c', 'a', 'r', 'o', 'e', 's', '.', 'b', 'e', '\0',
+  /* "carol-lambert.com", true */ 'c', 'a', 'r', 'o', 'l', '-', 'l', 'a', 'm', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "carolcappelletti.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'a', 'p', 'p', 'e', 'l', 'l', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "carolcestas.com", true */ 'c', 'a', 'r', 'o', 'l', 'c', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "caroli.biz", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "caroli.com", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "caroli.info", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "caroli.name", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "caroli.net", true */ 'c', 'a', 'r', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "carolynjoyce.com.au", true */ 'c', 'a', 'r', 'o', 'l', 'y', 'n', 'j', 'o', 'y', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "carrando.com", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "carrando.de", true */ 'c', 'a', 'r', 'r', 'a', 'n', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "carre-lutz.com", true */ 'c', 'a', 'r', 'r', 'e', '-', 'l', 'u', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "carredejardin.com", true */ 'c', 'a', 'r', 'r', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carriedin.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "carrierplatform.com", true */ 'c', 'a', 'r', 'r', 'i', 'e', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "carringtonrealtygroup.com", true */ 'c', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "carson-aviation-adventures.com", true */ 'c', 'a', 'r', 's', 'o', 'n', '-', 'a', 'v', 'i', 'a', 't', 'i', 'o', 'n', '-', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "carsten.pw", true */ 'c', 'a', 'r', 's', 't', 'e', 'n', '.', 'p', 'w', '\0',
+  /* "carteirasedistintivos.com.br", true */ 'c', 'a', 'r', 't', 'e', 'i', 'r', 'a', 's', 'e', 'd', 'i', 's', 't', 'i', 'n', 't', 'i', 'v', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cartelcircuit.com", true */ 'c', 'a', 'r', 't', 'e', 'l', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "carterorland.com", true */ 'c', 'a', 'r', 't', 'e', 'r', 'o', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cartertonscouts.org.nz", true */ 'c', 'a', 'r', 't', 'e', 'r', 't', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "cartesentreprises-unicef.fr", true */ 'c', 'a', 'r', 't', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '-', 'u', 'n', 'i', 'c', 'e', 'f', '.', 'f', 'r', '\0',
+  /* "carthedral.com", true */ 'c', 'a', 'r', 't', 'h', 'e', 'd', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "carto.la", true */ 'c', 'a', 'r', 't', 'o', '.', 'l', 'a', '\0',
+  /* "cartooncastles.ie", true */ 'c', 'a', 'r', 't', 'o', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "cartouche24.eu", true */ 'c', 'a', 'r', 't', 'o', 'u', 'c', 'h', 'e', '2', '4', '.', 'e', 'u', '\0',
+  /* "cartucce24.it", true */ 'c', 'a', 'r', 't', 'u', 'c', 'c', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "carusorealestate.com", true */ 'c', 'a', 'r', 'u', 's', 'o', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "casa-due-pur.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "casa-due-pur.de", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '-', 'p', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "casa-due.com", true */ 'c', 'a', 's', 'a', '-', 'd', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "casa-mea-inteligenta.ro", true */ 'c', 'a', 's', 'a', '-', 'm', 'e', 'a', '-', 'i', 'n', 't', 'e', 'l', 'i', 'g', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0',
+  /* "casa-su.casa", true */ 'c', 'a', 's', 'a', '-', 's', 'u', '.', 'c', 'a', 's', 'a', '\0',
+  /* "casadoarbitro.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'a', 'r', 'b', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casadowifi.com.br", true */ 'c', 'a', 's', 'a', 'd', 'o', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casajardininsecticidas.com", true */ 'c', 'a', 's', 'a', 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'n', 's', 'e', 'c', 't', 'i', 'c', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casalindamex.com", true */ 'c', 'a', 's', 'a', 'l', 'i', 'n', 'd', 'a', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "casamariposaspi.com", true */ 'c', 'a', 's', 'a', 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 's', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "casamorelli.com.br", true */ 'c', 'a', 's', 'a', 'm', 'o', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casapalla.com.br", true */ 'c', 'a', 's', 'a', 'p', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casasuara.com", true */ 'c', 'a', 's', 'a', 's', 'u', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "casasuleletrodomesticos.com.br", true */ 'c', 'a', 's', 'a', 's', 'u', 'l', 'e', 'l', 'e', 't', 'r', 'o', 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "casbia.info", true */ 'c', 'a', 's', 'b', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "casbuijs.nl", true */ 'c', 'a', 's', 'b', 'u', 'i', 'j', 's', '.', 'n', 'l', '\0',
+  /* "casburggraaf.com", true */ 'c', 'a', 's', 'b', 'u', 'r', 'g', 'g', 'r', 'a', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "casecurity.org", true */ 'c', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cash-4x4.com", true */ 'c', 'a', 's', 'h', '-', '4', 'x', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cashati.com", true */ 'c', 'a', 's', 'h', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cashew3d.com", true */ 'c', 'a', 's', 'h', 'e', 'w', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cashfortulsahouses.com", true */ 'c', 'a', 's', 'h', 'f', 'o', 'r', 't', 'u', 'l', 's', 'a', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cashless.fr", true */ 'c', 'a', 's', 'h', 'l', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "cashlink.de", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "cashlink.io", true */ 'c', 'a', 's', 'h', 'l', 'i', 'n', 'k', '.', 'i', 'o', '\0',
+  /* "cashlogic.ch", true */ 'c', 'a', 's', 'h', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "cashmaxtexas.com", true */ 'c', 'a', 's', 'h', 'm', 'a', 'x', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cashplk.com", true */ 'c', 'a', 's', 'h', 'p', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "casinolegal.pt", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'e', 'g', 'a', 'l', '.', 'p', 't', '\0',
+  /* "casinolistings.com", true */ 'c', 'a', 's', 'i', 'n', 'o', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casjay.cloud", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "casjay.com", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "casjay.info", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "casjay.us", true */ 'c', 'a', 's', 'j', 'a', 'y', '.', 'u', 's', '\0',
+  /* "casjaygames.com", true */ 'c', 'a', 's', 'j', 'a', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "casperpanel.com", true */ 'c', 'a', 's', 'p', 'e', 'r', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "caspicards.com", true */ 'c', 'a', 's', 'p', 'i', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cassimo.com", true */ 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "castible.de", true */ 'c', 'a', 's', 't', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "castlecapers.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "castlecms.io", true */ 'c', 'a', 's', 't', 'l', 'e', 'c', 'm', 's', '.', 'i', 'o', '\0',
+  /* "castlejackpot.com", true */ 'c', 'a', 's', 't', 'l', 'e', 'j', 'a', 'c', 'k', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "castleking.net", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "castlekingdomstockport.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'd', 'o', 'm', 's', 't', 'o', 'c', 'k', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castlekingkent.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castleparty.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castles-in-the-sky.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '-', 'i', 'n', '-', 't', 'h', 'e', '-', 's', 'k', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castles4kidz.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'k', 'i', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "castles4rascalsiow.co.uk", true */ 'c', 'a', 's', 't', 'l', 'e', 's', '4', 'r', 'a', 's', 'c', 'a', 'l', 's', 'i', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "castlesrus-kent.com", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'u', 's', '-', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "castleswa.com.au", true */ 'c', 'a', 's', 't', 'l', 'e', 's', 'w', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cat-blum.com", true */ 'c', 'a', 't', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cat-box.de", true */ 'c', 'a', 't', '-', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "cat.net", true */ 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "catalog.beer", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "catalogoreina.com", true */ 'c', 'a', 't', 'a', 'l', 'o', 'g', 'o', 'r', 'e', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "catbold.space", true */ 'c', 'a', 't', 'b', 'o', 'l', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "catbull.com", true */ 'c', 'a', 't', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "catburton.co.uk", true */ 'c', 'a', 't', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "catchersgear.com", true */ 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "catchfotografie.nl", true */ 'c', 'a', 't', 'c', 'h', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "catchief.com", true */ 'c', 'a', 't', 'c', 'h', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "catcontent.cloud", true */ 'c', 'a', 't', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "catdecor.ru", true */ 'c', 'a', 't', 'd', 'e', 'c', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "catenacondos.com", true */ 'c', 'a', 't', 'e', 'n', 'a', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "catgirl.me", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'm', 'e', '\0',
+  /* "catgirl.pics", true */ 'c', 'a', 't', 'g', 'i', 'r', 'l', '.', 'p', 'i', 'c', 's', '\0',
+  /* "catharinesomerville.com", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 'n', 'e', 's', 'o', 'm', 'e', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "catharisme.eu", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'e', 'u', '\0',
+  /* "catharisme.net", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "catharisme.org", true */ 'c', 'a', 't', 'h', 'a', 'r', 'i', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "catherineidylle.com", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 'i', 'd', 'y', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "catherinescastles.co.uk", true */ 'c', 'a', 't', 'h', 'e', 'r', 'i', 'n', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "catholics.dating", true */ 'c', 'a', 't', 'h', 'o', 'l', 'i', 'c', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "cathosa.nl", true */ 'c', 'a', 't', 'h', 'o', 's', 'a', '.', 'n', 'l', '\0',
+  /* "cativa.net", true */ 'c', 'a', 't', 'i', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "catmoose.ca", true */ 'c', 'a', 't', 'm', 'o', 'o', 's', 'e', '.', 'c', 'a', '\0',
+  /* "catnet.dk", false */ 'c', 'a', 't', 'n', 'e', 't', '.', 'd', 'k', '\0',
+  /* "catnmeow.com", true */ 'c', 'a', 't', 'n', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cattivo.nl", false */ 'c', 'a', 't', 't', 'i', 'v', 'o', '.', 'n', 'l', '\0',
+  /* "catuniverse.org", true */ 'c', 'a', 't', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "catveteran.com", true */ 'c', 'a', 't', 'v', 'e', 't', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "caulfieldeastapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'e', 'a', 's', 't', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "caulfieldracecourseapartments.com.au", true */ 'c', 'a', 'u', 'l', 'f', 'i', 'e', 'l', 'd', 'r', 'a', 'c', 'e', 'c', 'o', 'u', 'r', 's', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "caulong-ao.net", true */ 'c', 'a', 'u', 'l', 'o', 'n', 'g', '-', 'a', 'o', '.', 'n', 'e', 't', '\0',
+  /* "causae-fincas.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '-', 'f', 'i', 'n', 'c', 'a', 's', '.', 'e', 's', '\0',
+  /* "causae.es", true */ 'c', 'a', 'u', 's', 'a', 'e', '.', 'e', 's', '\0',
+  /* "cav.ac", true */ 'c', 'a', 'v', '.', 'a', 'c', '\0',
+  /* "cavac.at", true */ 'c', 'a', 'v', 'a', 'c', '.', 'a', 't', '\0',
+  /* "cavalierkingcharlesspaniel.com.br", true */ 'c', 'a', 'v', 'a', 'l', 'i', 'e', 'r', 'k', 'i', 'n', 'g', 'c', 'h', 'a', 'r', 'l', 'e', 's', 's', 'p', 'a', 'n', 'i', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cave-reynard.ch", true */ 'c', 'a', 'v', 'e', '-', 'r', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "cavevinsdefrance.fr", true */ 'c', 'a', 'v', 'e', 'v', 'i', 'n', 's', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "cavzodiaco.com.br", true */ 'c', 'a', 'v', 'z', 'o', 'd', 'i', 'a', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "caylercapital.com", true */ 'c', 'a', 'y', 'l', 'e', 'r', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cazaviajes.es", true */ 'c', 'a', 'z', 'a', 'v', 'i', 'a', 'j', 'e', 's', '.', 'e', 's', '\0',
+  /* "cazes.info", true */ 'c', 'a', 'z', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cbamo.org", true */ 'c', 'b', 'a', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cbbank.com", true */ 'c', 'b', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cbc-hire.co.uk", true */ 'c', 'b', 'c', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cbd.supply", true */ 'c', 'b', 'd', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "cbdev.de", true */ 'c', 'b', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "cbecrft.net", true */ 'c', 'b', 'e', 'c', 'r', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "cbintermountainrealty.com", true */ 'c', 'b', 'i', 'n', 't', 'e', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cbr-xml-daily.ru", true */ 'c', 'b', 'r', '-', 'x', 'm', 'l', '-', 'd', 'a', 'i', 'l', 'y', '.', 'r', 'u', '\0',
+  /* "cbw.sh", true */ 'c', 'b', 'w', '.', 's', 'h', '\0',
+  /* "cc-brantomois.fr", true */ 'c', 'c', '-', 'b', 'r', 'a', 'n', 't', 'o', 'm', 'o', 'i', 's', '.', 'f', 'r', '\0',
+  /* "ccac.gov", true */ 'c', 'c', 'a', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ccayearbook.com", true */ 'c', 'c', 'a', 'y', 'e', 'a', 'r', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ccgn.co", true */ 'c', 'c', 'g', 'n', '.', 'c', 'o', '\0',
+  /* "ccgx.de", true */ 'c', 'c', 'g', 'x', '.', 'd', 'e', '\0',
+  /* "ccja.ro", false */ 'c', 'c', 'j', 'a', '.', 'r', 'o', '\0',
+  /* "ccl-sti.ch", true */ 'c', 'c', 'l', '-', 's', 't', 'i', '.', 'c', 'h', '\0',
+  /* "cctvview.info", true */ 'c', 'c', 't', 'v', 'v', 'i', 'e', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ccu.io", true */ 'c', 'c', 'u', '.', 'i', 'o', '\0',
+  /* "ccu.plus", true */ 'c', 'c', 'u', '.', 'p', 'l', 'u', 's', '\0',
+  /* "ccv-deutschland.de", true */ 'c', 'c', 'v', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ccv.ch", true */ 'c', 'c', 'v', '.', 'c', 'h', '\0',
+  /* "ccv.eu", true */ 'c', 'c', 'v', '.', 'e', 'u', '\0',
+  /* "ccv.nl", true */ 'c', 'c', 'v', '.', 'n', 'l', '\0',
+  /* "cd-sport.com", true */ 'c', 'd', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cd.search.yahoo.com", false */ 'c', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cda-aigle.ch", true */ 'c', 'd', 'a', '-', 'a', 'i', 'g', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "cda-nw.co.uk", true */ 'c', 'd', 'a', '-', 'n', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cdasiaonline.com", true */ 'c', 'd', 'a', 's', 'i', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cdbf.ch", true */ 'c', 'd', 'b', 'f', '.', 'c', 'h', '\0',
+  /* "cdburnerxp.se", true */ 'c', 'd', 'b', 'u', 'r', 'n', 'e', 'r', 'x', 'p', '.', 's', 'e', '\0',
+  /* "cdda.ch", true */ 'c', 'd', 'd', 'a', '.', 'c', 'h', '\0',
+  /* "cdepot.eu", true */ 'c', 'd', 'e', 'p', 'o', 't', '.', 'e', 'u', '\0',
+  /* "cdkeykopen.com", true */ 'c', 'd', 'k', 'e', 'y', 'k', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cdkeyworld.de", true */ 'c', 'd', 'k', 'e', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "cdlcenter.com", true */ 'c', 'd', 'l', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cdmhp.org.nz", true */ 'c', 'd', 'm', 'h', 'p', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "cdmon.tech", true */ 'c', 'd', 'm', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "cdn6.de", true */ 'c', 'd', 'n', '6', '.', 'd', 'e', '\0',
+  /* "cdnjs.com", true */ 'c', 'd', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cdns.cloud", true */ 'c', 'd', 'n', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "cdu-wilgersdorf.de", true */ 'c', 'd', 'u', '-', 'w', 'i', 'l', 'g', 'e', 'r', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "ce-pimkie.fr", true */ 'c', 'e', '-', 'p', 'i', 'm', 'k', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "cebz.org", true */ 'c', 'e', 'b', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "ceciliacolombara.com", true */ 'c', 'e', 'c', 'i', 'l', 'i', 'a', 'c', 'o', 'l', 'o', 'm', 'b', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cecilwalker.com.au", true */ 'c', 'e', 'c', 'i', 'l', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cecipu.gob.cl", true */ 'c', 'e', 'c', 'i', 'p', 'u', '.', 'g', 'o', 'b', '.', 'c', 'l', '\0',
+  /* "ced-services.nl", true */ 'c', 'e', 'd', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "cedriccassimo.ch", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "cedriccassimo.com", true */ 'c', 'e', 'd', 'r', 'i', 'c', 'c', 'a', 's', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ceebee.com", true */ 'c', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cefak.org.br", true */ 'c', 'e', 'f', 'a', 'k', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "ceilingpac.org", true */ 'c', 'e', 'i', 'l', 'i', 'n', 'g', 'p', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "cejhon.cz", false */ 'c', 'e', 'j', 'h', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "cekaja.com", true */ 'c', 'e', 'k', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "celebrityscope.net", true */ 'c', 'e', 'l', 'e', 'b', 'r', 'i', 't', 'y', 's', 'c', 'o', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "celec.gob.ec", false */ 'c', 'e', 'l', 'e', 'c', '.', 'g', 'o', 'b', '.', 'e', 'c', '\0',
+  /* "celiendev.ch", true */ 'c', 'e', 'l', 'i', 'e', 'n', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "celigo.com", true */ 'c', 'e', 'l', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "celltek-server.de", true */ 'c', 'e', 'l', 'l', 't', 'e', 'k', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "celti.ie.eu.org", true */ 'c', 'e', 'l', 't', 'i', '.', 'i', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "celti.name", true */ 'c', 'e', 'l', 't', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "cementscience.com", true */ 'c', 'e', 'm', 'e', 'n', 't', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ceml.ch", true */ 'c', 'e', 'm', 'l', '.', 'c', 'h', '\0',
+  /* "cenatorium.pl", true */ 'c', 'e', 'n', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "censurfridns.dk", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'd', 'k', '\0',
+  /* "censurfridns.nu", true */ 'c', 'e', 'n', 's', 'u', 'r', 'f', 'r', 'i', 'd', 'n', 's', '.', 'n', 'u', '\0',
+  /* "censys.io", true */ 'c', 'e', 'n', 's', 'y', 's', '.', 'i', 'o', '\0',
+  /* "centaur.de", true */ 'c', 'e', 'n', 't', 'a', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "centennialradon.com", true */ 'c', 'e', 'n', 't', 'e', 'n', 'n', 'i', 'a', 'l', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "centerforpolicy.org", true */ 'c', 'e', 'n', 't', 'e', 'r', 'f', 'o', 'r', 'p', 'o', 'l', 'i', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "centerpereezd.ru", false */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'e', 'r', 'e', 'e', 'z', 'd', '.', 'r', 'u', '\0',
+  /* "centerpoint.ovh", true */ 'c', 'e', 'n', 't', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'o', 'v', 'h', '\0',
+  /* "centillien.com", false */ 'c', 'e', 'n', 't', 'i', 'l', 'l', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "centio.bg", true */ 'c', 'e', 'n', 't', 'i', 'o', '.', 'b', 'g', '\0',
+  /* "centos.tips", true */ 'c', 'e', 'n', 't', 'o', 's', '.', 't', 'i', 'p', 's', '\0',
+  /* "central4.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', '4', '.', 'm', 'e', '\0',
+  /* "centralcountiesservices.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'i', 'e', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "centralfor.me", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'f', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "centralstatecu.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 's', 't', 'a', 't', 'e', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "centralvoice.org", true */ 'c', 'e', 'n', 't', 'r', 'a', 'l', 'v', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "centrationgame.com", true */ 'c', 'e', 'n', 't', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "centredaccueil.fr", true */ 'c', 'e', 'n', 't', 'r', 'e', 'd', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "centreoeil.ch", true */ 'c', 'e', 'n', 't', 'r', 'e', 'o', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "centricweb.com", true */ 'c', 'e', 'n', 't', 'r', 'i', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "centrobill.com", true */ 'c', 'e', 'n', 't', 'r', 'o', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "centrojovencuenca.es", true */ 'c', 'e', 'n', 't', 'r', 'o', 'j', 'o', 'v', 'e', 'n', 'c', 'u', 'e', 'n', 'c', 'a', '.', 'e', 's', '\0',
+  /* "centrolavoro.org", true */ 'c', 'e', 'n', 't', 'r', 'o', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "centrumhodinek.cz", true */ 'c', 'e', 'n', 't', 'r', 'u', 'm', 'h', 'o', 'd', 'i', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "centruvechisv.ro", true */ 'c', 'e', 'n', 't', 'r', 'u', 'v', 'e', 'c', 'h', 'i', 's', 'v', '.', 'r', 'o', '\0',
+  /* "centurialeonina.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'a', 'l', 'e', 'o', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "centurionunderground.com", true */ 'c', 'e', 'n', 't', 'u', 'r', 'i', 'o', 'n', 'u', 'n', 'd', 'e', 'r', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ceoimon.com", true */ 'c', 'e', 'o', 'i', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ceopedia.org", true */ 'c', 'e', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ceramiya.com", true */ 'c', 'e', 'r', 'a', 'm', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cerastar.com", true */ 'c', 'e', 'r', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cerber.us", true */ 'c', 'e', 'r', 'b', 'e', 'r', '.', 'u', 's', '\0',
+  /* "cerebelo.info", true */ 'c', 'e', 'r', 'e', 'b', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ceres-corp.org", true */ 'c', 'e', 'r', 'e', 's', '-', 'c', 'o', 'r', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "ceres1.space", true */ 'c', 'e', 'r', 'e', 's', '1', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cermak.photos", true */ 'c', 'e', 'r', 'm', 'a', 'k', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "cerpa.com.br", true */ 'c', 'e', 'r', 'p', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cerpus-course.com", true */ 'c', 'e', 'r', 'p', 'u', 's', '-', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cerstve-korenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', '-', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0',
+  /* "cerstvekorenie.sk", true */ 'c', 'e', 'r', 's', 't', 'v', 'e', 'k', 'o', 'r', 'e', 'n', 'i', 'e', '.', 's', 'k', '\0',
+  /* "cert.or.id", true */ 'c', 'e', 'r', 't', '.', 'o', 'r', '.', 'i', 'd', '\0',
+  /* "certcenter.ch", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "certcenter.co.uk", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "certcenter.com", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "certcenter.de", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "certcenter.fr", true */ 'c', 'e', 'r', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "certible.com", true */ 'c', 'e', 'r', 't', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "certificatedetails.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'd', 'e', 't', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "certificatetools.com", true */ 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "certly.io", true */ 'c', 'e', 'r', 't', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "certmonitor.com.au", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "certmonitor.net", true */ 'c', 'e', 'r', 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "certnazionale.it", true */ 'c', 'e', 'r', 't', 'n', 'a', 'z', 'i', 'o', 'n', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "certspotter.com", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "certspotter.org", true */ 'c', 'e', 'r', 't', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ceruleanmainbeach.com.au", true */ 'c', 'e', 'r', 'u', 'l', 'e', 'a', 'n', 'm', 'a', 'i', 'n', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cervejista.com", true */ 'c', 'e', 'r', 'v', 'e', 'j', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cesdb.com", true */ 'c', 'e', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cesipagano.com", true */ 'c', 'e', 's', 'i', 'p', 'a', 'g', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ceso-saco.com", true */ 'c', 'e', 's', 'o', '-', 's', 'a', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cesobaly.cz", true */ 'c', 'e', 's', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "cestasedelicias.com.br", true */ 'c', 'e', 's', 't', 'a', 's', 'e', 'd', 'e', 'l', 'i', 'c', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cestlav.it", true */ 'c', 'e', 's', 't', 'l', 'a', 'v', '.', 'i', 't', '\0',
+  /* "cestunmetier.ch", true */ 'c', 'e', 's', 't', 'u', 'n', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "cetamol.com", true */ 'c', 'e', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ceu.edu", false */ 'c', 'e', 'u', '.', 'e', 'd', 'u', '\0',
+  /* "cevo.com.hr", true */ 'c', 'e', 'v', 'o', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0',
+  /* "ceyizlikelisleri.com", true */ 'c', 'e', 'y', 'i', 'z', 'l', 'i', 'k', 'e', 'l', 'i', 's', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cf-ide.de", true */ 'c', 'f', '-', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "cfa.gov", true */ 'c', 'f', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "cfan.space", true */ 'c', 'f', 'a', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cfh.com", true */ 'c', 'f', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cfneia.org", true */ 'c', 'f', 'n', 'e', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cfno.org", true */ 'c', 'f', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cfo.gov", true */ 'c', 'f', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cfsh.tk", true */ 'c', 'f', 's', 'h', '.', 't', 'k', '\0',
+  /* "cftcarouge.com", true */ 'c', 'f', 't', 'c', 'a', 'r', 'o', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cfxdesign.com", true */ 'c', 'f', 'x', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cg-systems.hu", true */ 'c', 'g', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'h', 'u', '\0',
+  /* "cg.search.yahoo.com", false */ 'c', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cgan.de", true */ 'c', 'g', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "cgan.pw", true */ 'c', 'g', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "cgbassurances.ch", true */ 'c', 'g', 'b', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', 's', '.', 'c', 'h', '\0',
+  /* "cgbilling.com", true */ 'c', 'g', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cgcookiemarkets.com", true */ 'c', 'g', 'c', 'o', 'o', 'k', 'i', 'e', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cgsmart.com", true */ 'c', 'g', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ch-laborit.fr", true */ 'c', 'h', '-', 'l', 'a', 'b', 'o', 'r', 'i', 't', '.', 'f', 'r', '\0',
+  /* "ch-sc.de", true */ 'c', 'h', '-', 's', 'c', '.', 'd', 'e', '\0',
+  /* "ch.search.yahoo.com", false */ 'c', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chabaojia.com", true */ 'c', 'h', 'a', 'b', 'a', 'o', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chabaudparfum.com", true */ 'c', 'h', 'a', 'b', 'a', 'u', 'd', 'p', 'a', 'r', 'f', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "chabert-provence.fr", true */ 'c', 'h', 'a', 'b', 'e', 'r', 't', '-', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "chad.ch", true */ 'c', 'h', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "chadstoneapartments.com.au", true */ 'c', 'h', 'a', 'd', 's', 't', 'o', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "chaifeng.com", true */ 'c', 'h', 'a', 'i', 'f', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "chainedunion.info", true */ 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'u', 'n', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "chairinstitute.com", true */ 'c', 'h', 'a', 'i', 'r', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chaisystems.net", true */ 'c', 'h', 'a', 'i', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "chaldeen.pro", true */ 'c', 'h', 'a', 'l', 'd', 'e', 'e', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "chaletdemontagne.org", true */ 'c', 'h', 'a', 'l', 'e', 't', 'd', 'e', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chaletmanager.com", true */ 'c', 'h', 'a', 'l', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chaletpierrot.ch", true */ 'c', 'h', 'a', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'o', 't', '.', 'c', 'h', '\0',
+  /* "chaleur.com", true */ 'c', 'h', 'a', 'l', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chalker.io", true */ 'c', 'h', 'a', 'l', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "chalkfestival.org", false */ 'c', 'h', 'a', 'l', 'k', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "challengeblog.org", true */ 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "chamathellawala.com", true */ 'c', 'h', 'a', 'm', 'a', 't', 'h', 'e', 'l', 'l', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chambion.ch", true */ 'c', 'h', 'a', 'm', 'b', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "chameleon-ents.co.uk", true */ 'c', 'h', 'a', 'm', 'e', 'l', 'e', 'o', 'n', '-', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chameth.com", true */ 'c', 'h', 'a', 'm', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chamilo.org", true */ 'c', 'h', 'a', 'm', 'i', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "champdogs.co.uk", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "champdogs.com", true */ 'c', 'h', 'a', 'm', 'p', 'd', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "champicreuse.fr", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'c', 'r', 'e', 'u', 's', 'e', '.', 'f', 'r', '\0',
+  /* "championcastles.ie", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "champions.co", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "championweb.com.au", true */ 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "champonthis.de", true */ 'c', 'h', 'a', 'm', 'p', 'o', 'n', 't', 'h', 'i', 's', '.', 'd', 'e', '\0',
+  /* "chancat.blog", false */ 'c', 'h', 'a', 'n', 'c', 'a', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "chandr1000.ga", true */ 'c', 'h', 'a', 'n', 'd', 'r', '1', '0', '0', '0', '.', 'g', 'a', '\0',
+  /* "changecopyright.ru", true */ 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'r', 'u', '\0',
+  /* "changesfor.life", true */ 'c', 'h', 'a', 'n', 'g', 'e', 's', 'f', 'o', 'r', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "changethislater.com", true */ 'c', 'h', 'a', 'n', 'g', 'e', 't', 'h', 'i', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chanissue.com", false */ 'c', 'h', 'a', 'n', 'i', 's', 's', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "channeladam.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "channelcards.com", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "channellife.co.nz", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "channellife.com.au", true */ 'c', 'h', 'a', 'n', 'n', 'e', 'l', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "channyc.com", true */ 'c', 'h', 'a', 'n', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "chanoyu-gakkai.jp", true */ 'c', 'h', 'a', 'n', 'o', 'y', 'u', '-', 'g', 'a', 'k', 'k', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "chantalguggenbuhl.ch", true */ 'c', 'h', 'a', 'n', 't', 'a', 'l', 'g', 'u', 'g', 'g', 'e', 'n', 'b', 'u', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "chanz.com", true */ 'c', 'h', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "chaos-inc.de", true */ 'c', 'h', 'a', 'o', 's', '-', 'i', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "chaos.run", true */ 'c', 'h', 'a', 'o', 's', '.', 'r', 'u', 'n', '\0',
+  /* "chaoscastles.co.uk", true */ 'c', 'h', 'a', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chaoschemnitz.de", true */ 'c', 'h', 'a', 'o', 's', 'c', 'h', 'e', 'm', 'n', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "chaosdorf.de", true */ 'c', 'h', 'a', 'o', 's', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "chaosfield.at", true */ 'c', 'h', 'a', 'o', 's', 'f', 'i', 'e', 'l', 'd', '.', 'a', 't', '\0',
+  /* "chaoslab.org", true */ 'c', 'h', 'a', 'o', 's', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "chaospott.de", true */ 'c', 'h', 'a', 'o', 's', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "chaotichive.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chaoticlaw.com", true */ 'c', 'h', 'a', 'o', 't', 'i', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "chapelfordbouncers.co.uk", true */ 'c', 'h', 'a', 'p', 'e', 'l', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chapiteauxduleman.fr", true */ 'c', 'h', 'a', 'p', 'i', 't', 'e', 'a', 'u', 'x', 'd', 'u', 'l', 'e', 'm', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "chaplain.co", true */ 'c', 'h', 'a', 'p', 'l', 'a', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "charakato.com", true */ 'c', 'h', 'a', 'r', 'a', 'k', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "charcoalvenice.com", true */ 'c', 'h', 'a', 'r', 'c', 'o', 'a', 'l', 'v', 'e', 'n', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charge.co", true */ 'c', 'h', 'a', 'r', 'g', 'e', '.', 'c', 'o', '\0',
+  /* "charitylog.co.uk", true */ 'c', 'h', 'a', 'r', 'i', 't', 'y', 'l', 'o', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charl.eu", true */ 'c', 'h', 'a', 'r', 'l', '.', 'e', 'u', '\0',
+  /* "charles-darwin.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', '-', 'd', 'a', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "charlesbwise.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'b', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charlesjay.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'j', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "charlesrogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charlestonfacialplastic.com", true */ 'c', 'h', 'a', 'r', 'l', 'e', 's', 't', 'o', 'n', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "charliedillon.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'd', 'i', 'l', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "charliehr.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "charlierogers.co.uk", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "charlierogers.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'e', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "charlimarie.com", true */ 'c', 'h', 'a', 'r', 'l', 'i', 'm', 'a', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "charlotte-touati.ch", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', '-', 't', 'o', 'u', 'a', 't', 'i', '.', 'c', 'h', '\0',
+  /* "charlottesvillegolfcommunities.com", true */ 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'g', 'o', 'l', 'f', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "charmander.me", true */ 'c', 'h', 'a', 'r', 'm', 'a', 'n', 'd', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "charmingsaul.com", true */ 'c', 'h', 'a', 'r', 'm', 'i', 'n', 'g', 's', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "charmyadesara.com", true */ 'c', 'h', 'a', 'r', 'm', 'y', 'a', 'd', 'e', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "charr.xyz", true */ 'c', 'h', 'a', 'r', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "charta-digitale-vernetzung.de", true */ 'c', 'h', 'a', 'r', 't', 'a', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '-', 'v', 'e', 'r', 'n', 'e', 't', 'z', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "charteroak.org", true */ 'c', 'h', 'a', 'r', 't', 'e', 'r', 'o', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "chartpen.com", true */ 'c', 'h', 'a', 'r', 't', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chartsy.de", true */ 'c', 'h', 'a', 'r', 't', 's', 'y', '.', 'd', 'e', '\0',
+  /* "charuru.moe", true */ 'c', 'h', 'a', 'r', 'u', 'r', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "chasafilli.ch", true */ 'c', 'h', 'a', 's', 'a', 'f', 'i', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "chaseandzoey.de", true */ 'c', 'h', 'a', 's', 'e', 'a', 'n', 'd', 'z', 'o', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "chaseganey.com", true */ 'c', 'h', 'a', 's', 'e', 'g', 'a', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chasing-coins.com", true */ 'c', 'h', 'a', 's', 'i', 'n', 'g', '-', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chat-libera.org", true */ 'c', 'h', 'a', 't', '-', 'l', 'i', 'b', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "chat-senza-registrazione.net", true */ 'c', 'h', 'a', 't', '-', 's', 'e', 'n', 'z', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chat.cz", true */ 'c', 'h', 'a', 't', '.', 'c', 'z', '\0',
+  /* "chat40.net", true */ 'c', 'h', 'a', 't', '4', '0', '.', 'n', 'e', 't', '\0',
+  /* "chatbelgie.eu", true */ 'c', 'h', 'a', 't', 'b', 'e', 'l', 'g', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "chatbotclic.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "chatbotclick.com", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chatbots.email", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "chatbots.systems", true */ 'c', 'h', 'a', 't', 'b', 'o', 't', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "chatear.social", true */ 'c', 'h', 'a', 't', 'e', 'a', 'r', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "chateau-belvoir.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'b', 'e', 'l', 'v', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chateau-de-lisle.fr", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', '-', 'd', 'e', '-', 'l', 'i', 's', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "chateaudestrainchamps.com", true */ 'c', 'h', 'a', 't', 'e', 'a', 'u', 'd', 'e', 's', 't', 'r', 'a', 'i', 'n', 'c', 'h', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chatfacile.org", true */ 'c', 'h', 'a', 't', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chatint.com", true */ 'c', 'h', 'a', 't', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chatitaly.org", true */ 'c', 'h', 'a', 't', 'i', 't', 'a', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "chatme.im", false */ 'c', 'h', 'a', 't', 'm', 'e', '.', 'i', 'm', '\0',
+  /* "chatnbook.com", true */ 'c', 'h', 'a', 't', 'n', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chatnederland.eu", true */ 'c', 'h', 'a', 't', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "chatsworthelectrical.com", true */ 'c', 'h', 'a', 't', 's', 'w', 'o', 'r', 't', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chatt-gratis.net", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "chatt-gratis.org", true */ 'c', 'h', 'a', 't', 't', '-', 'g', 'r', 'a', 't', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "chattergalerie.eu", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "chattergallery.com", true */ 'c', 'h', 'a', 't', 't', 'e', 'r', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chatu.io", true */ 'c', 'h', 'a', 't', 'u', '.', 'i', 'o', '\0',
+  /* "chatu.me", true */ 'c', 'h', 'a', 't', 'u', '.', 'm', 'e', '\0',
+  /* "chatucomputers.com", true */ 'c', 'h', 'a', 't', 'u', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chatxp.com", true */ 'c', 'h', 'a', 't', 'x', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chatxsingle.net", true */ 'c', 'h', 'a', 't', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chatxtutti.com", true */ 'c', 'h', 'a', 't', 'x', 't', 'u', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "chatzimanolis.gr", true */ 'c', 'h', 'a', 't', 'z', 'i', 'm', 'a', 'n', 'o', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "chaurocks.com", true */ 'c', 'h', 'a', 'u', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chaverde.org", true */ 'c', 'h', 'a', 'v', 'e', 'r', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chaz6.com", true */ 'c', 'h', 'a', 'z', '6', '.', 'c', 'o', 'm', '\0',
+  /* "chazalet.fr", true */ 'c', 'h', 'a', 'z', 'a', 'l', 'e', 't', '.', 'f', 'r', '\0',
+  /* "chazay.net", false */ 'c', 'h', 'a', 'z', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "chazgie.se", true */ 'c', 'h', 'a', 'z', 'g', 'i', 'e', '.', 's', 'e', '\0',
+  /* "chbs.me", true */ 'c', 'h', 'b', 's', '.', 'm', 'e', '\0',
+  /* "chch.it", true */ 'c', 'h', 'c', 'h', '.', 'i', 't', '\0',
+  /* "chcsct.com", true */ 'c', 'h', 'c', 's', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chdgaming.xyz", true */ 'c', 'h', 'd', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "cheah.xyz", true */ 'c', 'h', 'e', 'a', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "cheapalarmparts.com.au", true */ 'c', 'h', 'e', 'a', 'p', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cheapessay.net", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "cheapestgamecards.at", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0',
+  /* "cheapestgamecards.be", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0',
+  /* "cheapestgamecards.co.uk", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheapestgamecards.com", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapestgamecards.de", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "cheapestgamecards.fi", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'i', '\0',
+  /* "cheapestgamecards.fr", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'f', 'r', '\0',
+  /* "cheapestgamecards.nl", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0',
+  /* "cheapestgamecards.no", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 'n', 'o', '\0',
+  /* "cheapestgamecards.se", true */ 'c', 'h', 'e', 'a', 'p', 'e', 's', 't', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', 's', '.', 's', 'e', '\0',
+  /* "cheapgeekts.com", false */ 'c', 'h', 'e', 'a', 'p', 'g', 'e', 'e', 'k', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapgoa.com", true */ 'c', 'h', 'e', 'a', 'p', 'g', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cheapiesystems.com", true */ 'c', 'h', 'e', 'a', 'p', 'i', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheapssl.com.tr", true */ 'c', 'h', 'e', 'a', 'p', 's', 's', 'l', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "cheapticket.in", true */ 'c', 'h', 'e', 'a', 'p', 't', 'i', 'c', 'k', 'e', 't', '.', 'i', 'n', '\0',
+  /* "cheapwritinghelp.com", true */ 'c', 'h', 'e', 'a', 'p', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chebwebb.com", true */ 'c', 'h', 'e', 'b', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "check.torproject.org", false */ 'c', 'h', 'e', 'c', 'k', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "checkecert.nl", true */ 'c', 'h', 'e', 'c', 'k', 'e', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "checkmateshoes.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkmatewebsolutions.com", true */ 'c', 'h', 'e', 'c', 'k', 'm', 'a', 't', 'e', 'w', 'e', 'b', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkout.google.com", true */ 'c', 'h', 'e', 'c', 'k', 'o', 'u', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "checkpoint-tshirt.com", true */ 'c', 'h', 'e', 'c', 'k', 'p', 'o', 'i', 'n', 't', '-', 't', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "checktype.com", true */ 'c', 'h', 'e', 'c', 'k', 't', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "checkui.com", true */ 'c', 'h', 'e', 'c', 'k', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourmath.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourmeds.com", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "checkyourprivilege.org", true */ 'c', 'h', 'e', 'c', 'k', 'y', 'o', 'u', 'r', 'p', 'r', 'i', 'v', 'i', 'l', 'e', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "checos.co.uk", true */ 'c', 'h', 'e', 'c', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheddarpayments.com", true */ 'c', 'h', 'e', 'd', 'd', 'a', 'r', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cheekycharliessoftplay.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'c', 'h', 'a', 'r', 'l', 'i', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheekylittlerascals.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'l', 'i', 't', 't', 'l', 'e', 'r', 'a', 's', 'c', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheekymonkeysinflatables.co.uk", true */ 'c', 'h', 'e', 'e', 'k', 'y', 'm', 'o', 'n', 'k', 'e', 'y', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheeseemergency.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'e', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheesypicsbooths.co.uk", true */ 'c', 'h', 'e', 'e', 's', 'y', 'p', 'i', 'c', 's', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheetahwerx.com", true */ 'c', 'h', 'e', 'e', 't', 'a', 'h', 'w', 'e', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cheez.systems", true */ 'c', 'h', 'e', 'e', 'z', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "chehalemgroup.com", true */ 'c', 'h', 'e', 'h', 'a', 'l', 'e', 'm', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chellame.com", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chellame.fr", true */ 'c', 'h', 'e', 'l', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "chelseafs.co.uk", true */ 'c', 'h', 'e', 'l', 's', 'e', 'a', 'f', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltenhambounce.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltenhambouncycastles.co.uk", true */ 'c', 'h', 'e', 'l', 't', 'e', 'n', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cheltik.ru", true */ 'c', 'h', 'e', 'l', 't', 'i', 'k', '.', 'r', 'u', '\0',
+  /* "chemicalguys-ruhrpott.de", true */ 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'g', 'u', 'y', 's', '-', 'r', 'u', 'h', 'r', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "chenapartment.com", true */ 'c', 'h', 'e', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chengl.com", true */ 'c', 'h', 'e', 'n', 'g', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chengtongled.com", true */ 'c', 'h', 'e', 'n', 'g', 't', 'o', 'n', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "chenky.com", true */ 'c', 'h', 'e', 'n', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chennien.com", true */ 'c', 'h', 'e', 'n', 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chentianyi.cn", true */ 'c', 'h', 'e', 'n', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'n', '\0',
+  /* "chenzhekl.me", true */ 'c', 'h', 'e', 'n', 'z', 'h', 'e', 'k', 'l', '.', 'm', 'e', '\0',
+  /* "cherevoiture.com", true */ 'c', 'h', 'e', 'r', 'e', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cherrett.digital", true */ 'c', 'h', 'e', 'r', 'r', 'e', 't', 't', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "cherrydropscandycarts.co.uk", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'd', 'r', 'o', 'p', 's', 'c', 'a', 'n', 'd', 'y', 'c', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cherryonit.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cherrywoodtech.com", true */ 'c', 'h', 'e', 'r', 'r', 'y', 'w', 'o', 'o', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chertseybouncycastles.co.uk", true */ 'c', 'h', 'e', 'r', 't', 's', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chesspoint.ch", true */ 'c', 'h', 'e', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0',
+  /* "chessreporter.nl", true */ 'c', 'h', 'e', 's', 's', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "chestnut.cf", true */ 'c', 'h', 'e', 's', 't', 'n', 'u', 't', '.', 'c', 'f', '\0',
+  /* "chevy37.com", true */ 'c', 'h', 'e', 'v', 'y', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "chevymotor-occasions.be", true */ 'c', 'h', 'e', 'v', 'y', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "chewey.de", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "chewey.org", true */ 'c', 'h', 'e', 'w', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "chez-janine.de", true */ 'c', 'h', 'e', 'z', '-', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "chez-oim.org", true */ 'c', 'h', 'e', 'z', '-', 'o', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "chez.moe", true */ 'c', 'h', 'e', 'z', '.', 'm', 'o', 'e', '\0',
+  /* "chfr.search.yahoo.com", false */ 'c', 'h', 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chhory.com", true */ 'c', 'h', 'h', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chhy.at", true */ 'c', 'h', 'h', 'y', '.', 'a', 't', '\0',
+  /* "chiaraiuola.com", false */ 'c', 'h', 'i', 'a', 'r', 'a', 'i', 'u', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chiaramail.com", true */ 'c', 'h', 'i', 'a', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chiaseeds24.com", true */ 'c', 'h', 'i', 'a', 's', 'e', 'e', 'd', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "chic-leather.com", true */ 'c', 'h', 'i', 'c', '-', 'l', 'e', 'a', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chicisimo.com", true */ 'c', 'h', 'i', 'c', 'i', 's', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chicolawfirm.com", true */ 'c', 'h', 'i', 'c', 'o', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "chicorycom.net", true */ 'c', 'h', 'i', 'c', 'o', 'r', 'y', 'c', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "chiemgauflirt.de", true */ 'c', 'h', 'i', 'e', 'm', 'g', 'a', 'u', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "chikan-beacon.net", true */ 'c', 'h', 'i', 'k', 'a', 'n', '-', 'b', 'e', 'a', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "chikory.com", true */ 'c', 'h', 'i', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "childcounseling.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "childcustodylegalaid.org", true */ 'c', 'h', 'i', 'l', 'd', 'c', 'u', 's', 't', 'o', 'd', 'y', 'l', 'e', 'g', 'a', 'l', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "childno.de", true */ 'c', 'h', 'i', 'l', 'd', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "childrenandmedia.org.au", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'a', 'n', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "childrenfirstalways.org", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'f', 'i', 'r', 's', 't', 'a', 'l', 'w', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "childreninadversity.gov", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 'i', 'n', 'a', 'd', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "childrensentertainmentleicester.co.uk", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "childrenspartiesrus.com", true */ 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "childvisitationassistance.org", true */ 'c', 'h', 'i', 'l', 'd', 'v', 'i', 's', 'i', 't', 'a', 't', 'i', 'o', 'n', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chilihosting.eu", true */ 'c', 'h', 'i', 'l', 'i', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "chillebever.nl", true */ 'c', 'h', 'i', 'l', 'l', 'e', 'b', 'e', 'v', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "chima.net", true */ 'c', 'h', 'i', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "chima.us", true */ 'c', 'h', 'i', 'm', 'a', '.', 'u', 's', '\0',
+  /* "chimeratool.com", true */ 'c', 'h', 'i', 'm', 'e', 'r', 'a', 't', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chimpanzee.net", true */ 'c', 'h', 'i', 'm', 'p', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chinacdn.org", true */ 'c', 'h', 'i', 'n', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "chinahighlights.ru", true */ 'c', 'h', 'i', 'n', 'a', 'h', 'i', 'g', 'h', 'l', 'i', 'g', 'h', 't', 's', '.', 'r', 'u', '\0',
+  /* "chinaspaceflight.com", true */ 'c', 'h', 'i', 'n', 'a', 's', 'p', 'a', 'c', 'e', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chinatrademarkoffice.com", true */ 'c', 'h', 'i', 'n', 'a', 't', 'r', 'a', 'd', 'e', 'm', 'a', 'r', 'k', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chinawhale.com", true */ 'c', 'h', 'i', 'n', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chint.ai", true */ 'c', 'h', 'i', 'n', 't', '.', 'a', 'i', '\0',
+  /* "chinwag.im", true */ 'c', 'h', 'i', 'n', 'w', 'a', 'g', '.', 'i', 'm', '\0',
+  /* "chipcore.com", true */ 'c', 'h', 'i', 'p', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chippy.ch", false */ 'c', 'h', 'i', 'p', 'p', 'y', '.', 'c', 'h', '\0',
+  /* "chiralsoftware.com", true */ 'c', 'h', 'i', 'r', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chireiden.net", true */ 'c', 'h', 'i', 'r', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "chiro-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chiropraticien-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'c', 'i', 'e', 'n', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chiropratique-neuchatel.ch", true */ 'c', 'h', 'i', 'r', 'o', 'p', 'r', 'a', 't', 'i', 'q', 'u', 'e', '-', 'n', 'e', 'u', 'c', 'h', 'a', 't', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "chirosphere.ch", true */ 'c', 'h', 'i', 'r', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "chirpstory.com", true */ 'c', 'h', 'i', 'r', 'p', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chiru.no", true */ 'c', 'h', 'i', 'r', 'u', '.', 'n', 'o', '\0',
+  /* "chisago-isantidfl.com", true */ 'c', 'h', 'i', 's', 'a', 'g', 'o', '-', 'i', 's', 'a', 'n', 't', 'i', 'd', 'f', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chit.search.yahoo.com", false */ 'c', 'h', 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chksite.com", true */ 'c', 'h', 'k', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chloeallison.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 'a', 'l', 'l', 'i', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chloehorler.com", true */ 'c', 'h', 'l', 'o', 'e', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "chloescastles.co.uk", true */ 'c', 'h', 'l', 'o', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chmsoft.com.ua", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "chmsoft.ru", true */ 'c', 'h', 'm', 's', 'o', 'f', 't', '.', 'r', 'u', '\0',
+  /* "chmurakotori.ml", true */ 'c', 'h', 'm', 'u', 'r', 'a', 'k', 'o', 't', 'o', 'r', 'i', '.', 'm', 'l', '\0',
+  /* "choc-o-lush.co.uk", true */ 'c', 'h', 'o', 'c', '-', 'o', '-', 'l', 'u', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chocodecor.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "chocolah.com.au", false */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "chocolat-suisse.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '-', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'h', '\0',
+  /* "chocolate13tilias.com.br", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '1', '3', 't', 'i', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "chocolatesandhealth.com", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', 's', 'a', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "chocolatier-tristan.ch", true */ 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'i', 'e', 'r', '-', 't', 'r', 'i', 's', 't', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "chocotough.nl", false */ 'c', 'h', 'o', 'c', 'o', 't', 'o', 'u', 'g', 'h', '.', 'n', 'l', '\0',
+  /* "chocoweb.net", true */ 'c', 'h', 'o', 'c', 'o', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "chodocu.com", true */ 'c', 'h', 'o', 'd', 'o', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "choe.fi", true */ 'c', 'h', 'o', 'e', '.', 'f', 'i', '\0',
+  /* "choisirmonerp.com", true */ 'c', 'h', 'o', 'i', 's', 'i', 'r', 'm', 'o', 'n', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "chokladfantasi.net", true */ 'c', 'h', 'o', 'k', 'l', 'a', 'd', 'f', 'a', 'n', 't', 'a', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "chon.io", true */ 'c', 'h', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "chonghe.org", true */ 'c', 'h', 'o', 'n', 'g', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "chook.as", true */ 'c', 'h', 'o', 'o', 'k', '.', 'a', 's', '\0',
+  /* "choosemypc.net", true */ 'c', 'h', 'o', 'o', 's', 'e', 'm', 'y', 'p', 'c', '.', 'n', 'e', 't', '\0',
+  /* "chopperforums.com", true */ 'c', 'h', 'o', 'p', 'p', 'e', 'r', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chorkley.co.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chorkley.com", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chorkley.me", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "chorkley.uk", true */ 'c', 'h', 'o', 'r', 'k', 'l', 'e', 'y', '.', 'u', 'k', '\0',
+  /* "chorleiterverband.de", true */ 'c', 'h', 'o', 'r', 'l', 'e', 'i', 't', 'e', 'r', 'v', 'e', 'r', 'b', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "chorpinkpoemps.de", true */ 'c', 'h', 'o', 'r', 'p', 'i', 'n', 'k', 'p', 'o', 'e', 'm', 'p', 's', '.', 'd', 'e', '\0',
+  /* "chosenplaintext.org", true */ 'c', 'h', 'o', 's', 'e', 'n', 'p', 'l', 'a', 'i', 'n', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "chourishi-shigoto.com", true */ 'c', 'h', 'o', 'u', 'r', 'i', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chowii.com", true */ 'c', 'h', 'o', 'w', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "chris-edwards.net", true */ 'c', 'h', 'r', 'i', 's', '-', 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "chrisb.me", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'm', 'e', '\0',
+  /* "chrisb.xyz", true */ 'c', 'h', 'r', 'i', 's', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "chrisburnell.com", true */ 'c', 'h', 'r', 'i', 's', 'b', 'u', 'r', 'n', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "chriscarey.com", true */ 'c', 'h', 'r', 'i', 's', 'c', 'a', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chriscowley.me.uk", true */ 'c', 'h', 'r', 'i', 's', 'c', 'o', 'w', 'l', 'e', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "chrisdecairos.ca", true */ 'c', 'h', 'r', 'i', 's', 'd', 'e', 'c', 'a', 'i', 'r', 'o', 's', '.', 'c', 'a', '\0',
+  /* "chrisebert.net", true */ 'c', 'h', 'r', 'i', 's', 'e', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "chrisfinazzo.com", true */ 'c', 'h', 'r', 'i', 's', 'f', 'i', 'n', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "chrisirwin.ca", true */ 'c', 'h', 'r', 'i', 's', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "chrisjean.com", true */ 'c', 'h', 'r', 'i', 's', 'j', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chrismathys.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'a', 't', 'h', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "chrismcclendon.com", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'c', 'l', 'e', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "chrismckee.co.uk", true */ 'c', 'h', 'r', 'i', 's', 'm', 'c', 'k', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "chrisnekarda.com", true */ 'c', 'h', 'r', 'i', 's', 'n', 'e', 'k', 'a', 'r', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chrisnicholas.io", true */ 'c', 'h', 'r', 'i', 's', 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', '.', 'i', 'o', '\0',
+  /* "chrispstreet.com", true */ 'c', 'h', 'r', 'i', 's', 'p', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chrisshort.net", false */ 'c', 'h', 'r', 'i', 's', 's', 'h', 'o', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "christadelphiananswers.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 'a', 'n', 's', 'w', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "christadelphians.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "christchurchbouncycastles.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christensenplace.us", true */ 'c', 'h', 'r', 'i', 's', 't', 'e', 'n', 's', 'e', 'n', 'p', 'l', 'a', 'c', 'e', '.', 'u', 's', '\0',
+  /* "christiaanconover.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'a', 'n', 'c', 'o', 'n', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christian-gredig.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'd', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "christian-host.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "christian-liebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '-', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christianbargon.de", false */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'b', 'a', 'r', 'g', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "christiancleva.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'c', 'l', 'e', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "christianfaq.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'a', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "christianforums.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christiangehring.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'g', 'e', 'h', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "christianhospitaltank.org", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 't', 'a', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "christianliebel.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'l', 'i', 'e', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christianpusch.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 'p', 'u', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "christians.dating", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "christiansayswords.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'a', 'y', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christianscholz.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "christianscholz.eu", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'c', 'h', 'o', 'l', 'z', '.', 'e', 'u', '\0',
+  /* "christiesantiques.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', 's', 'a', 'n', 't', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "christmascard.be", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'c', 'a', 'r', 'd', '.', 'b', 'e', '\0',
+  /* "christmaspartyhire.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christoph-conrads.name", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', '-', 'c', 'o', 'n', 'r', 'a', 'd', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "christophbartschat.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'b', 'a', 'r', 't', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "christophebarbezat.ch", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'b', 'a', 'r', 'b', 'e', 'z', 'a', 't', '.', 'c', 'h', '\0',
+  /* "christopher-simon.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '-', 's', 'i', 'm', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "christopherburg.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "christopherl.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "christopherpritchard.co.uk", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 'p', 'r', 'i', 't', 'c', 'h', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "christophertruncer.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', 't', 'r', 'u', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christophkreileder.com", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'k', 'r', 'e', 'i', 'l', 'e', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "christophsackl.de", true */ 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 's', 'a', 'c', 'k', 'l', '.', 'd', 'e', '\0',
+  /* "chrisupjohn.xyz", true */ 'c', 'h', 'r', 'i', 's', 'u', 'p', 'j', 'o', 'h', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "chriswarrick.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'a', 'r', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chriswbarry.com", true */ 'c', 'h', 'r', 'i', 's', 'w', 'b', 'a', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "chriswells.io", true */ 'c', 'h', 'r', 'i', 's', 'w', 'e', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "chromaxa.com", true */ 'c', 'h', 'r', 'o', 'm', 'a', 'x', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "chrome-devtools-frontend.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '-', 'd', 'e', 'v', 't', 'o', 'o', 'l', 's', '-', 'f', 'r', 'o', 'n', 't', 'e', 'n', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chrome.com", false */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chrome.google.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chromebookchart.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chromebooksforwork.com", true */ 'c', 'h', 'r', 'o', 'm', 'e', 'b', 'o', 'o', 'k', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "chromiumbugs.appspot.com", true */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'b', 'u', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chromiumcodereview.appspot.com", false */ 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chronic101.xyz", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', '1', '0', '1', '.', 'x', 'y', 'z', '\0',
+  /* "chroniclesofgeorge.com", true */ 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "chronogram.me", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "chronology.no", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'n', 'o', '\0',
+  /* "chronoproject.com", true */ 'c', 'h', 'r', 'o', 'n', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chronoshop.cz", true */ 'c', 'h', 'r', 'o', 'n', 'o', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "chrpaul.de", true */ 'c', 'h', 'r', 'p', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "chrstn.eu", true */ 'c', 'h', 'r', 's', 't', 'n', '.', 'e', 'u', '\0',
+  /* "chsh.moe", true */ 'c', 'h', 's', 'h', '.', 'm', 'o', 'e', '\0',
+  /* "chsterz.de", true */ 'c', 'h', 's', 't', 'e', 'r', 'z', '.', 'd', 'e', '\0',
+  /* "chua.family", true */ 'c', 'h', 'u', 'a', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "chuchote-moi.fr", true */ 'c', 'h', 'u', 'c', 'h', 'o', 't', 'e', '-', 'm', 'o', 'i', '.', 'f', 'r', '\0',
+  /* "chuck.ovh", true */ 'c', 'h', 'u', 'c', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "chun.pro", true */ 'c', 'h', 'u', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "chunche.net", true */ 'c', 'h', 'u', 'n', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "chunk.science", true */ 'c', 'h', 'u', 'n', 'k', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "chupadelfrasco.com", true */ 'c', 'h', 'u', 'p', 'a', 'd', 'e', 'l', 'f', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "churchlinkpro.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'l', 'i', 'n', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "churchthemes.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "churchwebcanada.ca", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'a', '\0',
+  /* "churchwebsupport.com", true */ 'c', 'h', 'u', 'r', 'c', 'h', 'w', 'e', 'b', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "chxdf.net", true */ 'c', 'h', 'x', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "chytraauta.cz", true */ 'c', 'h', 'y', 't', 'r', 'a', 'a', 'u', 't', 'a', '.', 'c', 'z', '\0',
+  /* "ci-fo.org", true */ 'c', 'i', '-', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "ci5.me", true */ 'c', 'i', '5', '.', 'm', 'e', '\0',
+  /* "ciancode.com", true */ 'c', 'i', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cianmawhinney.me", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "cianmawhinney.xyz", true */ 'c', 'i', 'a', 'n', 'm', 'a', 'w', 'h', 'i', 'n', 'n', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "ciansc.com", true */ 'c', 'i', 'a', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ciat.no", false */ 'c', 'i', 'a', 't', '.', 'n', 'o', '\0',
+  /* "cidadedopoker.com.br", true */ 'c', 'i', 'd', 'a', 'd', 'e', 'd', 'o', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cidbot.com", true */ 'c', 'i', 'd', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ciderclub.com", true */ 'c', 'i', 'd', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cie-theatre-montfaucon.ch", true */ 'c', 'i', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '-', 'm', 'o', 'n', 't', 'f', 'a', 'u', 'c', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cielbleu.org", true */ 'c', 'i', 'e', 'l', 'b', 'l', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "cielly.com", true */ 'c', 'i', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cifop-numerique.fr", true */ 'c', 'i', 'f', 'o', 'p', '-', 'n', 'u', 'm', 'e', 'r', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "cig-dem.com", true */ 'c', 'i', 'g', '-', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cigar-cartel.com", true */ 'c', 'i', 'g', 'a', 'r', '-', 'c', 'a', 'r', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cigarterminal.com", false */ 'c', 'i', 'g', 'a', 'r', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cigoteket.se", true */ 'c', 'i', 'g', 'o', 't', 'e', 'k', 'e', 't', '.', 's', 'e', '\0',
+  /* "cima-idf.fr", true */ 'c', 'i', 'm', 'a', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "cimballa.com", true */ 'c', 'i', 'm', 'b', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cimfax.com", true */ 'c', 'i', 'm', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cinafilm.com", true */ 'c', 'i', 'n', 'a', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cine-music.de", true */ 'c', 'i', 'n', 'e', '-', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "cine.to", true */ 'c', 'i', 'n', 'e', '.', 't', 'o', '\0',
+  /* "cinefilia.tk", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'i', 'a', '.', 't', 'k', '\0',
+  /* "cinefilzonen.se", true */ 'c', 'i', 'n', 'e', 'f', 'i', 'l', 'z', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "cinema5.ru", false */ 'c', 'i', 'n', 'e', 'm', 'a', '5', '.', 'r', 'u', '\0',
+  /* "cinemaclub.co", true */ 'c', 'i', 'n', 'e', 'm', 'a', 'c', 'l', 'u', 'b', '.', 'c', 'o', '\0',
+  /* "cinemysticism.com", true */ 'c', 'i', 'n', 'e', 'm', 'y', 's', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ciner.is", true */ 'c', 'i', 'n', 'e', 'r', '.', 'i', 's', '\0',
+  /* "cinerama.com.br", true */ 'c', 'i', 'n', 'e', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cinnabon.com", true */ 'c', 'i', 'n', 'n', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cinq-elements.com", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cinq-elements.fr", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'f', 'r', '\0',
+  /* "cinq-elements.net", true */ 'c', 'i', 'n', 'q', '-', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "cinsects.de", true */ 'c', 'i', 'n', 's', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "cinteo.com", true */ 'c', 'i', 'n', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cinto.cc", true */ 'c', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0',
+  /* "cio.gov", true */ 'c', 'i', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "cioscloud.com", true */ 'c', 'i', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cip.md", true */ 'c', 'i', 'p', '.', 'm', 'd', '\0',
+  /* "cipartyhire.co.uk", true */ 'c', 'i', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cipher.co.th", true */ 'c', 'i', 'p', 'h', 'e', 'r', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "cipherboy.com", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'b', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cipherli.st", true */ 'c', 'i', 'p', 'h', 'e', 'r', 'l', 'i', '.', 's', 't', '\0',
+  /* "ciphersuite.info", true */ 'c', 'i', 'p', 'h', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ciphrex.com", true */ 'c', 'i', 'p', 'h', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cipri.com", true */ 'c', 'i', 'p', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "cir.is", true */ 'c', 'i', 'r', '.', 'i', 's', '\0',
+  /* "cira.email", true */ 'c', 'i', 'r', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "circara.com", true */ 'c', 'i', 'r', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "circlebox.rocks", true */ 'c', 'i', 'r', 'c', 'l', 'e', 'b', 'o', 'x', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "circu.ml", true */ 'c', 'i', 'r', 'c', 'u', '.', 'm', 'l', '\0',
+  /* "cirfi.com", true */ 'c', 'i', 'r', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ciri.com.co", true */ 'c', 'i', 'r', 'i', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "cirope.com", true */ 'c', 'i', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cirrohost.com", true */ 'c', 'i', 'r', 'r', 'o', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cirrus0.de", true */ 'c', 'i', 'r', 'r', 'u', 's', '0', '.', 'd', 'e', '\0',
+  /* "cirugiasplasticas.com.mx", true */ 'c', 'i', 'r', 'u', 'g', 'i', 'a', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "cirujanooral.com", true */ 'c', 'i', 'r', 'u', 'j', 'a', 'n', 'o', 'o', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cirurgicagervasio.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'g', 'e', 'r', 'v', 'a', 's', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cirurgicalucena.com.br", true */ 'c', 'i', 'r', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'u', 'c', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ciscodude.net", true */ 'c', 'i', 's', 'c', 'o', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cisoaid.com", true */ 'c', 'i', 's', 'o', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ciss.ltd", true */ 'c', 'i', 's', 's', '.', 'l', 't', 'd', '\0',
+  /* "cisy.me", true */ 'c', 'i', 's', 'y', '.', 'm', 'e', '\0',
+  /* "citationgurus.com", true */ 'c', 'i', 't', 'a', 't', 'i', 'o', 'n', 'g', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "citcuit.in", true */ 'c', 'i', 't', 'c', 'u', 'i', 't', '.', 'i', 'n', '\0',
+  /* "citizen-cam.de", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', '-', 'c', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "citizensbankal.com", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "citizenscience.gov", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "citizensleague.org", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "citizenspact.eu", true */ 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', 'p', 'a', 'c', 't', '.', 'e', 'u', '\0',
+  /* "citizing.org", true */ 'c', 'i', 't', 'i', 'z', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "citra-emu.org", true */ 'c', 'i', 't', 'r', 'a', '-', 'e', 'm', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "citrusui.me", true */ 'c', 'i', 't', 'r', 'u', 's', 'u', 'i', '.', 'm', 'e', '\0',
+  /* "cittadesign.com", false */ 'c', 'i', 't', 't', 'a', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "citton.com.br", true */ 'c', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "citya.com", true */ 'c', 'i', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "citybusexpress.com", true */ 'c', 'i', 't', 'y', 'b', 'u', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "citylights.eu", true */ 'c', 'i', 't', 'y', 'l', 'i', 'g', 'h', 't', 's', '.', 'e', 'u', '\0',
+  /* "citymoobel.ee", true */ 'c', 'i', 't', 'y', 'm', 'o', 'o', 'b', 'e', 'l', '.', 'e', 'e', '\0',
+  /* "cityoftitans.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cityoftitansmmo.com", true */ 'c', 'i', 't', 'y', 'o', 'f', 't', 'i', 't', 'a', 'n', 's', 'm', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "citysportapp.com", true */ 'c', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cityworksonline.com", true */ 'c', 'i', 't', 'y', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ciubotaru.tk", true */ 'c', 'i', 'u', 'b', 'o', 't', 'a', 'r', 'u', '.', 't', 'k', '\0',
+  /* "ciuciucadou.ro", true */ 'c', 'i', 'u', 'c', 'i', 'u', 'c', 'a', 'd', 'o', 'u', '.', 'r', 'o', '\0',
+  /* "ciurcasdan.eu", true */ 'c', 'i', 'u', 'r', 'c', 'a', 's', 'd', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "civilg20.org", true */ 'c', 'i', 'v', 'i', 'l', 'g', '2', '0', '.', 'o', 'r', 'g', '\0',
+  /* "civillines.nl", true */ 'c', 'i', 'v', 'i', 'l', 'l', 'i', 'n', 'e', 's', '.', 'n', 'l', '\0',
+  /* "cj-espace-vert.fr", true */ 'c', 'j', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'v', 'e', 'r', 't', '.', 'f', 'r', '\0',
+  /* "cj-jackson.com", true */ 'c', 'j', '-', 'j', 'a', 'c', 'k', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cjdpenterprises.com", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cjdpenterprises.com.au", true */ 'c', 'j', 'd', 'p', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cjessett.com", true */ 'c', 'j', 'e', 's', 's', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cjey.me", true */ 'c', 'j', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "ck.cx", true */ 'c', 'k', '.', 'c', 'x', '\0',
+  /* "ckcameron.net", true */ 'c', 'k', 'c', 'a', 'm', 'e', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ckennelly.com", true */ 'c', 'k', 'e', 'n', 'n', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ckleemann.de", true */ 'c', 'k', 'l', 'e', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "cklie.de", true */ 'c', 'k', 'l', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ckliemann.com", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ckliemann.net", true */ 'c', 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ckostecki.de", true */ 'c', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "cktennis.com", true */ 'c', 'k', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cl.search.yahoo.com", false */ 'c', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "claimconnect.com", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "claimconnect.us", true */ 'c', 'l', 'a', 'i', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0',
+  /* "claimnote.com", true */ 'c', 'l', 'a', 'i', 'm', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clairegold.com", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "claireidrac.fr", true */ 'c', 'l', 'a', 'i', 'r', 'e', 'i', 'd', 'r', 'a', 'c', '.', 'f', 'r', '\0',
+  /* "clairescastles.co.uk", true */ 'c', 'l', 'a', 'i', 'r', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clanebouncycastles.com", true */ 'c', 'l', 'a', 'n', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clanrose.org.uk", true */ 'c', 'l', 'a', 'n', 'r', 'o', 's', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "clanthor.com", true */ 'c', 'l', 'a', 'n', 't', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clanwarz.com", true */ 'c', 'l', 'a', 'n', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "clapping-rhymes.com", true */ 'c', 'l', 'a', 'p', 'p', 'i', 'n', 'g', '-', 'r', 'h', 'y', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "claretandbanter.uk", true */ 'c', 'l', 'a', 'r', 'e', 't', 'a', 'n', 'd', 'b', 'a', 'n', 't', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "clarkeaward.com", true */ 'c', 'l', 'a', 'r', 'k', 'e', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "clarksgaragedoorrepair.com", true */ 'c', 'l', 'a', 'r', 'k', 's', 'g', 'a', 'r', 'a', 'g', 'e', 'd', 'o', 'o', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clarkwinkelmann.com", true */ 'c', 'l', 'a', 'r', 'k', 'w', 'i', 'n', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "clashersrepublic.com", true */ 'c', 'l', 'a', 's', 'h', 'e', 'r', 's', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "class.com.au", true */ 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "classdojo.com", true */ 'c', 'l', 'a', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "classicalpilates.ca", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 'a', 'l', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "classics.io", true */ 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'i', 'o', '\0',
+  /* "classpoint.cz", true */ 'c', 'l', 'a', 's', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0',
+  /* "classteaching.com.au", true */ 'c', 'l', 'a', 's', 's', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "claster.it", true */ 'c', 'l', 'a', 's', 't', 'e', 'r', '.', 'i', 't', '\0',
+  /* "claudia-urio.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'a', '-', 'u', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "claudio4.com", true */ 'c', 'l', 'a', 'u', 'd', 'i', 'o', '4', '.', 'c', 'o', 'm', '\0',
+  /* "clauseriksen.net", true */ 'c', 'l', 'a', 'u', 's', 'e', 'r', 'i', 'k', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "clawe.de", true */ 'c', 'l', 'a', 'w', 'e', '.', 'd', 'e', '\0',
+  /* "clayandcottonkirkwood.com", true */ 'c', 'l', 'a', 'y', 'a', 'n', 'd', 'c', 'o', 't', 't', 'o', 'n', 'k', 'i', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "claytoncondon.com", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 'c', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "claytonstowing.com.au", true */ 'c', 'l', 'a', 'y', 't', 'o', 'n', 's', 't', 'o', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cldly.com", true */ 'c', 'l', 'd', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cleanbeautymarket.com.au", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "cleanbrowsing.org", true */ 'c', 'l', 'e', 'a', 'n', 'b', 'r', 'o', 'w', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "cleancode.club", true */ 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "cleanstar.org", true */ 'c', 'l', 'e', 'a', 'n', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "clear.ml", true */ 'c', 'l', 'e', 'a', 'r', '.', 'm', 'l', '\0',
+  /* "clearance365.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'a', 'n', 'c', 'e', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clearblueday.co.uk", true */ 'c', 'l', 'e', 'a', 'r', 'b', 'l', 'u', 'e', 'd', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clearip.com", true */ 'c', 'l', 'e', 'a', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clearkonjac.com", true */ 'c', 'l', 'e', 'a', 'r', 'k', 'o', 'n', 'j', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "clearsettle-admin.com", true */ 'c', 'l', 'e', 'a', 'r', 's', 'e', 't', 't', 'l', 'e', '-', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "clementfevrier.fr", true */ 'c', 'l', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'v', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "clemovementlaw.com", true */ 'c', 'l', 'e', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cles-asso.fr", true */ 'c', 'l', 'e', 's', '-', 'a', 's', 's', 'o', '.', 'f', 'r', '\0',
+  /* "cles.jp", true */ 'c', 'l', 'e', 's', '.', 'j', 'p', '\0',
+  /* "clevelandokla.com", true */ 'c', 'l', 'e', 'v', 'e', 'l', 'a', 'n', 'd', 'o', 'k', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "clevertarget.ru", true */ 'c', 'l', 'e', 'v', 'e', 'r', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0',
+  /* "cleververmarkten.com", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cleververmarkten.de", true */ 'c', 'l', 'e', 'v', 'e', 'r', 'v', 'e', 'r', 'm', 'a', 'r', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "clevisto.com", true */ 'c', 'l', 'e', 'v', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cleysense.com", true */ 'c', 'l', 'e', 'y', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clic-music.com", true */ 'c', 'l', 'i', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "clicecompre.com.br", true */ 'c', 'l', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "clicheshishalounge.co.uk", true */ 'c', 'l', 'i', 'c', 'h', 'e', 's', 'h', 'i', 's', 'h', 'a', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "click-licht.de", true */ 'c', 'l', 'i', 'c', 'k', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "clickclock.cc", true */ 'c', 'l', 'i', 'c', 'k', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'c', '\0',
+  /* "clickenergy.com.au", true */ 'c', 'l', 'i', 'c', 'k', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "clickforclever.com", true */ 'c', 'l', 'i', 'c', 'k', 'f', 'o', 'r', 'c', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clickomobile.com", true */ 'c', 'l', 'i', 'c', 'k', 'o', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clickphish.com", true */ 'c', 'l', 'i', 'c', 'k', 'p', 'h', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "clicks.co.za", true */ 'c', 'l', 'i', 'c', 'k', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "clicktenisdemesa.com.br", true */ 'c', 'l', 'i', 'c', 'k', 't', 'e', 'n', 'i', 's', 'd', 'e', 'm', 'e', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "client.coach", true */ 'c', 'l', 'i', 'e', 'n', 't', '.', 'c', 'o', 'a', 'c', 'h', '\0',
+  /* "clientboss.com", true */ 'c', 'l', 'i', 'e', 'n', 't', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clientsecure.me", true */ 'c', 'l', 'i', 'e', 'n', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "clifflu.net", true */ 'c', 'l', 'i', 'f', 'f', 'l', 'u', '.', 'n', 'e', 't', '\0',
+  /* "climaencusco.com", true */ 'c', 'l', 'i', 'm', 'a', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "climaprecio.es", true */ 'c', 'l', 'i', 'm', 'a', 'p', 'r', 'e', 'c', 'i', 'o', '.', 'e', 's', '\0',
+  /* "climateinteractive.org", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "climatestew.com", true */ 'c', 'l', 'i', 'm', 'a', 't', 'e', 's', 't', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "clindoeilmontagne.com", true */ 'c', 'l', 'i', 'n', 'd', 'o', 'e', 'i', 'l', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clingout.com", true */ 'c', 'l', 'i', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "clinia.ca", true */ 'c', 'l', 'i', 'n', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "clinicadam.com", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "clinicadelogopedia.net", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'd', 'e', 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "clinicaltrials.gov", true */ 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 't', 'r', 'i', 'a', 'l', 's', '.', 'g', 'o', 'v', '\0',
+  /* "cliniko.com", true */ 'c', 'l', 'i', 'n', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cliniquevethuy.be", true */ 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'v', 'e', 't', 'h', 'u', 'y', '.', 'b', 'e', '\0',
+  /* "clintonlibrary.gov", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "clintonplasticsurgery.com", true */ 'c', 'l', 'i', 'n', 't', 'o', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "clip.mx", false */ 'c', 'l', 'i', 'p', '.', 'm', 'x', '\0',
+  /* "clipclip.com", true */ 'c', 'l', 'i', 'p', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clmde.de", true */ 'c', 'l', 'm', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "clnet.com.au", true */ 'c', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "clnnet.ch", true */ 'c', 'l', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "clochix.net", true */ 'c', 'l', 'o', 'c', 'h', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "clockcaster.com", true */ 'c', 'l', 'o', 'c', 'k', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "clockworksms.com", true */ 'c', 'l', 'o', 'c', 'k', 'w', 'o', 'r', 'k', 's', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloghercastles.co.uk", true */ 'c', 'l', 'o', 'g', 'h', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "clojurescript.ru", true */ 'c', 'l', 'o', 'j', 'u', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', '.', 'r', 'u', '\0',
+  /* "cloppenburg-autmobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cloppenburg-automobil.com", true */ 'c', 'l', 'o', 'p', 'p', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "clorik.com", true */ 'c', 'l', 'o', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "close.com", false */ 'c', 'l', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "closeli.cn", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'n', '\0',
+  /* "closeli.com", false */ 'c', 'l', 'o', 's', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "closelinksecurity.co.uk", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "closelinksecurity.com", true */ 'c', 'l', 'o', 's', 'e', 'l', 'i', 'n', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "closetemail.com", true */ 'c', 'l', 'o', 's', 'e', 't', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "closingholding.com", true */ 'c', 'l', 'o', 's', 'i', 'n', 'g', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cloturea.fr", true */ 'c', 'l', 'o', 't', 'u', 'r', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "cloud-surfer.net", true */ 'c', 'l', 'o', 'u', 'd', '-', 's', 'u', 'r', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "cloud.bugatti", true */ 'c', 'l', 'o', 'u', 'd', '.', 'b', 'u', 'g', 'a', 't', 't', 'i', '\0',
+  /* "cloud.fail", true */ 'c', 'l', 'o', 'u', 'd', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "cloud.google.com", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloud.gov", true */ 'c', 'l', 'o', 'u', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "cloud2go.de", false */ 'c', 'l', 'o', 'u', 'd', '2', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "cloud9bouncycastlehire.com", true */ 'c', 'l', 'o', 'u', 'd', '9', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudapps.digital", true */ 'c', 'l', 'o', 'u', 'd', 'a', 'p', 'p', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "cloudbased.info", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'a', 's', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cloudberlin.goip.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "cloudbolin.es", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'o', 'l', 'i', 'n', '.', 'e', 's', '\0',
+  /* "cloudbreaker.de", true */ 'c', 'l', 'o', 'u', 'd', 'b', 'r', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "cloudcaprice.net", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'a', 'p', 'r', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudcloudcloud.cloud", true */ 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "cloudflare.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudflareonazure.com", true */ 'c', 'l', 'o', 'u', 'd', 'f', 'l', 'a', 'r', 'e', 'o', 'n', 'a', 'z', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cloudia.org", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cloudily.com", true */ 'c', 'l', 'o', 'u', 'd', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cloudkit.pro", true */ 'c', 'l', 'o', 'u', 'd', 'k', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "cloudlight.biz", true */ 'c', 'l', 'o', 'u', 'd', 'l', 'i', 'g', 'h', 't', '.', 'b', 'i', 'z', '\0',
+  /* "cloudmigrator365.com", true */ 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "cloudnote.cc", true */ 'c', 'l', 'o', 'u', 'd', 'n', 'o', 't', 'e', '.', 'c', 'c', '\0',
+  /* "cloudoptimizedsmb.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'i', 'z', 'e', 'd', 's', 'm', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cloudoptimus.com", true */ 'c', 'l', 'o', 'u', 'd', 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudpagesforwork.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'a', 'g', 'e', 's', 'f', 'o', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cloudpebble.net", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'b', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudpengu.in", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'e', 'n', 'g', 'u', '.', 'i', 'n', '\0',
+  /* "cloudpipes.com", true */ 'c', 'l', 'o', 'u', 'd', 'p', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudsecurityalliance.org", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cloudservice.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "cloudsocial.io", true */ 'c', 'l', 'o', 'u', 'd', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "cloudspace-analytics.com", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'a', 'c', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cloudspeedy.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'e', 'e', 'd', 'y', '.', 'n', 'e', 't', '\0',
+  /* "cloudspire.net", true */ 'c', 'l', 'o', 'u', 'd', 's', 'p', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cloudteam.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "cloudtropia.de", true */ 'c', 'l', 'o', 'u', 'd', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "cloudtskr.com", true */ 'c', 'l', 'o', 'u', 'd', 't', 's', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cloudup.com", true */ 'c', 'l', 'o', 'u', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cloudwarez.xyz", true */ 'c', 'l', 'o', 'u', 'd', 'w', 'a', 'r', 'e', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "clouz.de", true */ 'c', 'l', 'o', 'u', 'z', '.', 'd', 'e', '\0',
+  /* "cloveros.ga", true */ 'c', 'l', 'o', 'v', 'e', 'r', 'o', 's', '.', 'g', 'a', '\0',
+  /* "clownindeklas.nl", true */ 'c', 'l', 'o', 'w', 'n', 'i', 'n', 'd', 'e', 'k', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "cloxy.com", true */ 'c', 'l', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "clr3.com", true */ 'c', 'l', 'r', '3', '.', 'c', 'o', 'm', '\0',
+  /* "clsimage.com", true */ 'c', 'l', 's', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "clsimplex.com", true */ 'c', 'l', 's', 'i', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "clu-in.org", true */ 'c', 'l', 'u', '-', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "club-is.ru", true */ 'c', 'l', 'u', 'b', '-', 'i', 's', '.', 'r', 'u', '\0',
+  /* "club-reduc.com", true */ 'c', 'l', 'u', 'b', '-', 'r', 'e', 'd', 'u', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "club103.ch", true */ 'c', 'l', 'u', 'b', '1', '0', '3', '.', 'c', 'h', '\0',
+  /* "clubdeslecteurs.net", true */ 'c', 'l', 'u', 'b', 'd', 'e', 's', 'l', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "clubedalutashop.com", true */ 'c', 'l', 'u', 'b', 'e', 'd', 'a', 'l', 'u', 't', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "clubempleos.com", true */ 'c', 'l', 'u', 'b', 'e', 'm', 'p', 'l', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "clubeohara.com", true */ 'c', 'l', 'u', 'b', 'e', 'o', 'h', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "clubfamily.de", true */ 'c', 'l', 'u', 'b', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "clubmate.rocks", true */ 'c', 'l', 'u', 'b', 'm', 'a', 't', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "clubmini.jp", true */ 'c', 'l', 'u', 'b', 'm', 'i', 'n', 'i', '.', 'j', 'p', '\0',
+  /* "clubon.space", true */ 'c', 'l', 'u', 'b', 'o', 'n', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "clubscannan.ie", true */ 'c', 'l', 'u', 'b', 's', 'c', 'a', 'n', 'n', 'a', 'n', '.', 'i', 'e', '\0',
+  /* "clueful.ca", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', '.', 'c', 'a', '\0',
+  /* "cluefulca.com", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cluefulca.net", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cluefulca.org", true */ 'c', 'l', 'u', 'e', 'f', 'u', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cluj.apartments", true */ 'c', 'l', 'u', 'j', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "clusteranalyse.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "clusterfuck.nz", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'f', 'u', 'c', 'k', '.', 'n', 'z', '\0',
+  /* "clustermaze.net", true */ 'c', 'l', 'u', 's', 't', 'e', 'r', 'm', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "clvs7.com", true */ 'c', 'l', 'v', 's', '7', '.', 'c', 'o', 'm', '\0',
+  /* "cmacacias.ch", true */ 'c', 'm', 'a', 'c', 'a', 'c', 'i', 'a', 's', '.', 'c', 'h', '\0',
+  /* "cmahy.be", true */ 'c', 'm', 'a', 'h', 'y', '.', 'b', 'e', '\0',
+  /* "cmangos.net", true */ 'c', 'm', 'a', 'n', 'g', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "cmcressy.ch", true */ 'c', 'm', 'c', 'r', 'e', 's', 's', 'y', '.', 'c', 'h', '\0',
+  /* "cmdline.org", true */ 'c', 'm', 'd', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cmfaccounting.com", true */ 'c', 'm', 'f', 'a', 'c', 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cmitao.com", true */ 'c', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cmlachapelle.ch", true */ 'c', 'm', 'l', 'a', 'c', 'h', 'a', 'p', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "cmlancy.ch", true */ 'c', 'm', 'l', 'a', 'n', 'c', 'y', '.', 'c', 'h', '\0',
+  /* "cmlignon.ch", true */ 'c', 'm', 'l', 'i', 'g', 'n', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cmn-group.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cmn-groupe.com", true */ 'c', 'm', 'n', '-', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cmngroup.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cmngroupe.com", true */ 'c', 'm', 'n', 'g', 'r', 'o', 'u', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cmplainpalais.ch", true */ 'c', 'm', 'p', 'l', 'a', 'i', 'n', 'p', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "cmpr.es", true */ 'c', 'm', 'p', 'r', '.', 'e', 's', '\0',
+  /* "cmskeyholding.co.uk", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cmskeyholding.com", true */ 'c', 'm', 's', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cmskh.co.uk", true */ 'c', 'm', 's', 'k', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cmusical.es", true */ 'c', 'm', 'u', 's', 'i', 'c', 'a', 'l', '.', 'e', 's', '\0',
+  /* "cmweller.com", true */ 'c', 'm', 'w', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cmylife.nl", true */ 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0',
+  /* "cn.search.yahoo.com", false */ 'c', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cnam-idf.fr", true */ 'c', 'n', 'a', 'm', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "cnam.net", true */ 'c', 'n', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "cnbs.ch", true */ 'c', 'n', 'b', 's', '.', 'c', 'h', '\0',
+  /* "cnc-lehrgang.de", true */ 'c', 'n', 'c', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "cncbazar365.com", true */ 'c', 'n', 'c', 'b', 'a', 'z', 'a', 'r', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "cncfraises.fr", true */ 'c', 'n', 'c', 'f', 'r', 'a', 'i', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "cncrans.ch", true */ 'c', 'n', 'c', 'r', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "cnetw.xyz", true */ 'c', 'n', 'e', 't', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "cni-certing.it", true */ 'c', 'n', 'i', '-', 'c', 'e', 'r', 't', 'i', 'n', 'g', '.', 'i', 't', '\0',
+  /* "cnrd.me", true */ 'c', 'n', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "co-factor.ro", true */ 'c', 'o', '-', 'f', 'a', 'c', 't', 'o', 'r', '.', 'r', 'o', '\0',
+  /* "co.search.yahoo.com", false */ 'c', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "co50.com", true */ 'c', 'o', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "coachezmoi.ch", true */ 'c', 'o', 'a', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "coaching-impulse.ch", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '-', 'i', 'm', 'p', 'u', 'l', 's', 'e', '.', 'c', 'h', '\0',
+  /* "coachingconsultancy.com", true */ 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coalitionministries.org", true */ 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "coalpointcottage.com", true */ 'c', 'o', 'a', 'l', 'p', 'o', 'i', 'n', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coam.co", true */ 'c', 'o', 'a', 'm', '.', 'c', 'o', '\0',
+  /* "coastline.net.au", true */ 'c', 'o', 'a', 's', 't', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "coatl-industries.com", true */ 'c', 'o', 'a', 't', 'l', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cobalt.io", true */ 'c', 'o', 'b', 'a', 'l', 't', '.', 'i', 'o', '\0',
+  /* "cobaltgp.com", true */ 'c', 'o', 'b', 'a', 'l', 't', 'g', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cobracastles.co.uk", true */ 'c', 'o', 'b', 'r', 'a', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cocaine-import.agency", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "cocaine.ninja", true */ 'c', 'o', 'c', 'a', 'i', 'n', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "cocalc.com", true */ 'c', 'o', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "coccinellaskitchen.com", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coccinellaskitchen.de", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "coccinellaskitchen.it", true */ 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'a', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'i', 't', '\0',
+  /* "cocinoyo.com", true */ 'c', 'o', 'c', 'i', 'n', 'o', 'y', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cock.li", true */ 'c', 'o', 'c', 'k', '.', 'l', 'i', '\0',
+  /* "cocker.cc", false */ 'c', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "cockerspanielamericano.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cockerspanielingles.com.br", true */ 'c', 'o', 'c', 'k', 'e', 'r', 's', 'p', 'a', 'n', 'i', 'e', 'l', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "coco-cool.fr", true */ 'c', 'o', 'c', 'o', '-', 'c', 'o', 'o', 'l', '.', 'f', 'r', '\0',
+  /* "coco-line.ch", true */ 'c', 'o', 'c', 'o', '-', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "cocoaheads.at", false */ 'c', 'o', 'c', 'o', 'a', 'h', 'e', 'a', 'd', 's', '.', 'a', 't', '\0',
+  /* "cocoamexico.com", true */ 'c', 'o', 'c', 'o', 'a', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cocodemy.com", true */ 'c', 'o', 'c', 'o', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coconutoil24.com", true */ 'c', 'o', 'c', 'o', 'n', 'u', 't', 'o', 'i', 'l', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cocoscastles.co.uk", true */ 'c', 'o', 'c', 'o', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cocquyt-usedcars.be", true */ 'c', 'o', 'c', 'q', 'u', 'y', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "coda.moe", true */ 'c', 'o', 'd', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "coda.today", true */ 'c', 'o', 'd', 'a', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "coda.world", true */ 'c', 'o', 'd', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "code-golf.io", true */ 'c', 'o', 'd', 'e', '-', 'g', 'o', 'l', 'f', '.', 'i', 'o', '\0',
+  /* "code-poets.co.uk", true */ 'c', 'o', 'd', 'e', '-', 'p', 'o', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "code-well.com", true */ 'c', 'o', 'd', 'e', '-', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "code.facebook.com", false */ 'c', 'o', 'd', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "code.fm", true */ 'c', 'o', 'd', 'e', '.', 'f', 'm', '\0',
+  /* "code.google.com", true */ 'c', 'o', 'd', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "code.taxi", true */ 'c', 'o', 'd', 'e', '.', 't', 'a', 'x', 'i', '\0',
+  /* "code67.com", true */ 'c', 'o', 'd', 'e', '6', '7', '.', 'c', 'o', 'm', '\0',
+  /* "codebrahma.com", false */ 'c', 'o', 'd', 'e', 'b', 'r', 'a', 'h', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "codedump.net", true */ 'c', 'o', 'd', 'e', 'd', 'u', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "codeeclipse.com", true */ 'c', 'o', 'd', 'e', 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "codeferm.com", true */ 'c', 'o', 'd', 'e', 'f', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "codefordus.de", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'd', 'e', '\0',
+  /* "codefordus.nrw", true */ 'c', 'o', 'd', 'e', 'f', 'o', 'r', 'd', 'u', 's', '.', 'n', 'r', 'w', '\0',
+  /* "codefoundry.it", false */ 'c', 'o', 'd', 'e', 'f', 'o', 'u', 'n', 'd', 'r', 'y', '.', 'i', 't', '\0',
+  /* "codeine.co.uk", true */ 'c', 'o', 'd', 'e', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "codeit.guru", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "codeit.us", true */ 'c', 'o', 'd', 'e', 'i', 't', '.', 'u', 's', '\0',
+  /* "codenode.io", true */ 'c', 'o', 'd', 'e', 'n', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "codeplay.org", true */ 'c', 'o', 'd', 'e', 'p', 'l', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "codepoints.net", true */ 'c', 'o', 'd', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "codepref.com", true */ 'c', 'o', 'd', 'e', 'p', 'r', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "codepult.com", true */ 'c', 'o', 'd', 'e', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "codera.co.uk", true */ 'c', 'o', 'd', 'e', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "codercy.com", true */ 'c', 'o', 'd', 'e', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "codereview.appspot.com", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "codereview.chromium.org", false */ 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'h', 'r', 'o', 'm', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "coderhangout.com", true */ 'c', 'o', 'd', 'e', 'r', 'h', 'a', 'n', 'g', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coderme.com", true */ 'c', 'o', 'd', 'e', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "codesplain.in", true */ 'c', 'o', 'd', 'e', 's', 'p', 'l', 'a', 'i', 'n', '.', 'i', 'n', '\0',
+  /* "codesport.io", true */ 'c', 'o', 'd', 'e', 's', 'p', 'o', 'r', 't', '.', 'i', 'o', '\0',
+  /* "codespromo.be", true */ 'c', 'o', 'd', 'e', 's', 'p', 'r', 'o', 'm', 'o', '.', 'b', 'e', '\0',
+  /* "codestudies.net", true */ 'c', 'o', 'd', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "codesyncro.com", true */ 'c', 'o', 'd', 'e', 's', 'y', 'n', 'c', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "codetripping.net", true */ 'c', 'o', 'd', 'e', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "codeux.com", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "codeux.info", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "codeux.net", true */ 'c', 'o', 'd', 'e', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "codeventure.de", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "codeversetech.com", true */ 'c', 'o', 'd', 'e', 'v', 'e', 'r', 's', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "codewild.de", true */ 'c', 'o', 'd', 'e', 'w', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "codeyellow.nl", true */ 'c', 'o', 'd', 'e', 'y', 'e', 'l', 'l', 'o', 'w', '.', 'n', 'l', '\0',
+  /* "codific.eu", true */ 'c', 'o', 'd', 'i', 'f', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "coding.lv", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'l', 'v', '\0',
+  /* "coding.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "codingforspeed.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "codingfromhell.net", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'f', 'r', 'o', 'm', 'h', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "codingrobots.com", true */ 'c', 'o', 'd', 'i', 'n', 'g', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "codxg.org", true */ 'c', 'o', 'd', 'x', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "codyevanscomputer.com", true */ 'c', 'o', 'd', 'y', 'e', 'v', 'a', 'n', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "codymoniz.com", true */ 'c', 'o', 'd', 'y', 'm', 'o', 'n', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "coffee-mamenoki.jp", true */ 'c', 'o', 'f', 'f', 'e', 'e', '-', 'm', 'a', 'm', 'e', 'n', 'o', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "coffeedino.com", true */ 'c', 'o', 'f', 'f', 'e', 'e', 'd', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "coffeetocode.me", true */ 'c', 'o', 'f', 'f', 'e', 'e', 't', 'o', 'c', 'o', 'd', 'e', '.', 'm', 'e', '\0',
+  /* "cogala.eu", true */ 'c', 'o', 'g', 'a', 'l', 'a', '.', 'e', 'u', '\0',
+  /* "cogent.cc", true */ 'c', 'o', 'g', 'e', 'n', 't', '.', 'c', 'c', '\0',
+  /* "cogilog.com", true */ 'c', 'o', 'g', 'i', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cogitoltd.com", true */ 'c', 'o', 'g', 'i', 't', 'o', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cognitivecomputingconsortium.com", true */ 'c', 'o', 'g', 'n', 'i', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coi-verify.com", true */ 'c', 'o', 'i', '-', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coiffeurschnittstelle.ch", true */ 'c', 'o', 'i', 'f', 'f', 'e', 'u', 'r', 's', 'c', 'h', 'n', 'i', 't', 't', 's', 't', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "coigach-assynt.org", true */ 'c', 'o', 'i', 'g', 'a', 'c', 'h', '-', 'a', 's', 's', 'y', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "coimmvest.com", true */ 'c', 'o', 'i', 'm', 'm', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinapult.com", true */ 'c', 'o', 'i', 'n', 'a', 'p', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinbase.com", true */ 'c', 'o', 'i', 'n', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coincealed.com", true */ 'c', 'o', 'i', 'n', 'c', 'e', 'a', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "coincoele.com.br", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'e', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "coincoin.eu.org", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "coincolors.co", true */ 'c', 'o', 'i', 'n', 'c', 'o', 'l', 'o', 'r', 's', '.', 'c', 'o', '\0',
+  /* "coindatabase.net", true */ 'c', 'o', 'i', 'n', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "coinessa.com", true */ 'c', 'o', 'i', 'n', 'e', 's', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "coinflux.com", true */ 'c', 'o', 'i', 'n', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coingate.com", true */ 'c', 'o', 'i', 'n', 'g', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coinjar-sandbox.com", true */ 'c', 'o', 'i', 'n', 'j', 'a', 'r', '-', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coinlist.co", false */ 'c', 'o', 'i', 'n', 'l', 'i', 's', 't', '.', 'c', 'o', '\0',
+  /* "coinloan.io", true */ 'c', 'o', 'i', 'n', 'l', 'o', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "coinmewallet.com", true */ 'c', 'o', 'i', 'n', 'm', 'e', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coinpit.io", true */ 'c', 'o', 'i', 'n', 'p', 'i', 't', '.', 'i', 'o', '\0',
+  /* "coisasdaterra.com", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'a', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "coisasdemulher.org", true */ 'c', 'o', 'i', 's', 'a', 's', 'd', 'e', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "cojo.eu", true */ 'c', 'o', 'j', 'o', '.', 'e', 'u', '\0',
+  /* "col.la", true */ 'c', 'o', 'l', '.', 'l', 'a', '\0',
+  /* "colaborativa.tv", true */ 'c', 'o', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'a', '.', 't', 'v', '\0',
+  /* "colapsys.net", true */ 'c', 'o', 'l', 'a', 'p', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "colarelli.ch", true */ 'c', 'o', 'l', 'a', 'r', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "coldawn.com", true */ 'c', 'o', 'l', 'd', 'a', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coldfff.com", false */ 'c', 'o', 'l', 'd', 'f', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "coldhak.ca", true */ 'c', 'o', 'l', 'd', 'h', 'a', 'k', '.', 'c', 'a', '\0',
+  /* "coldwatericecream.com", true */ 'c', 'o', 'l', 'd', 'w', 'a', 't', 'e', 'r', 'i', 'c', 'e', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "colegiocierp.com.br", true */ 'c', 'o', 'l', 'e', 'g', 'i', 'o', 'c', 'i', 'e', 'r', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "colemak.com", true */ 'c', 'o', 'l', 'e', 'm', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "colengo.com", true */ 'c', 'o', 'l', 'e', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "colibris.xyz", true */ 'c', 'o', 'l', 'i', 'b', 'r', 'i', 's', '.', 'x', 'y', 'z', '\0',
+  /* "colincampbell.me", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "colinchartier.com", true */ 'c', 'o', 'l', 'i', 'n', 'c', 'h', 'a', 'r', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "colinstark.ca", true */ 'c', 'o', 'l', 'i', 'n', 's', 't', 'a', 'r', 'k', '.', 'c', 'a', '\0',
+  /* "colisfrais.com", false */ 'c', 'o', 'l', 'i', 's', 'f', 'r', 'a', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collablynk.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'l', 'y', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "collabora-office.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collabora.ca", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'a', '\0',
+  /* "collabora.co.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "collabora.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "collabora.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "collabora.kr", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'k', 'r', '\0',
+  /* "collabora.ninja", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "collabora.social", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "collabora.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'u', 'k', '\0',
+  /* "collaboracloudsuite.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'c', 'l', 'o', 'u', 'd', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collaboraoffice.co.uk", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "collaboraoffice.com", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "collabornation.net", true */ 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "collaction.hk", true */ 'c', 'o', 'l', 'l', 'a', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0',
+  /* "collada.org", true */ 'c', 'o', 'l', 'l', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "collbox.co", true */ 'c', 'o', 'l', 'l', 'b', 'o', 'x', '.', 'c', 'o', '\0',
+  /* "collectdocs.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collectfood.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "collectiblebeans.com", true */ 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'b', 'l', 'e', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "collegepaperworld.com", true */ 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "collinel-hossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "collinelhossari.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "collinghammethodist.org.uk", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "collinmbarrett.com", true */ 'c', 'o', 'l', 'l', 'i', 'n', 'm', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "colo-tech.com", true */ 'c', 'o', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "colombian.dating", true */ 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "coloppe.com", true */ 'c', 'o', 'l', 'o', 'p', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "coloradolottery.com", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'd', 'o', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "coloraid.net", true */ 'c', 'o', 'l', 'o', 'r', 'a', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "colorblindprogramming.com", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'l', 'i', 'n', 'd', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "colorbrush.ru", true */ 'c', 'o', 'l', 'o', 'r', 'b', 'r', 'u', 's', 'h', '.', 'r', 'u', '\0',
+  /* "colorcentertoner.com.br", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'e', 'n', 't', 'e', 'r', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "colorcodedlyrics.com", true */ 'c', 'o', 'l', 'o', 'r', 'c', 'o', 'd', 'e', 'd', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "colorectalcompounding.com", true */ 'c', 'o', 'l', 'o', 'r', 'e', 'c', 't', 'a', 'l', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "coloringnotebook.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 'n', 'g', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "coloristcafe.com", true */ 'c', 'o', 'l', 'o', 'r', 'i', 's', 't', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "colorlifesupport.com", true */ 'c', 'o', 'l', 'o', 'r', 'l', 'i', 'f', 'e', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "colorsbycarin.com", true */ 'c', 'o', 'l', 'o', 'r', 's', 'b', 'y', 'c', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "colossal-events.co.uk", true */ 'c', 'o', 'l', 'o', 's', 's', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "colourfulcastles.co.uk", true */ 'c', 'o', 'l', 'o', 'u', 'r', 'f', 'u', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "colson-occasions.be", true */ 'c', 'o', 'l', 's', 'o', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "columbuswines.com", true */ 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "colyakootees.com", true */ 'c', 'o', 'l', 'y', 'a', 'k', 'o', 'o', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "com-in.de", true */ 'c', 'o', 'm', '-', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "com.cc", true */ 'c', 'o', 'm', '.', 'c', 'c', '\0',
+  /* "comarkinstruments.net", true */ 'c', 'o', 'm', 'a', 'r', 'k', 'i', 'n', 's', 't', 'r', 'u', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "combron.nl", true */ 'c', 'o', 'm', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "comchezmeme.com", true */ 'c', 'o', 'm', 'c', 'h', 'e', 'z', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comcol.nl", true */ 'c', 'o', 'm', 'c', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "comdotgame.com", true */ 'c', 'o', 'm', 'd', 'o', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comdurav.com", true */ 'c', 'o', 'm', 'd', 'u', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "comefollowme2016.com", true */ 'c', 'o', 'm', 'e', 'f', 'o', 'l', 'l', 'o', 'w', 'm', 'e', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "comercialtrading.eu", true */ 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'a', 'l', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "comerford.net", true */ 'c', 'o', 'm', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "comestoarra.com", true */ 'c', 'o', 'm', 'e', 's', 't', 'o', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cometbot.cf", true */ 'c', 'o', 'm', 'e', 't', 'b', 'o', 't', '.', 'c', 'f', '\0',
+  /* "cometcache.com", true */ 'c', 'o', 'm', 'e', 't', 'c', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cometonovascotia.ca", true */ 'c', 'o', 'm', 'e', 't', 'o', 'n', 'o', 'v', 'a', 's', 'c', 'o', 't', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "comff.net", true */ 'c', 'o', 'm', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "comfintouch.com", true */ 'c', 'o', 'm', 'f', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "comflores.com.br", true */ 'c', 'o', 'm', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "comfypc.com", true */ 'c', 'o', 'm', 'f', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "comhack.com", true */ 'c', 'o', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "comicrelief.com", true */ 'c', 'o', 'm', 'i', 'c', 'r', 'e', 'l', 'i', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "comicspornos.com", true */ 'c', 'o', 'm', 'i', 'c', 's', 'p', 'o', 'r', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "comicwiki.dk", true */ 'c', 'o', 'm', 'i', 'c', 'w', 'i', 'k', 'i', '.', 'd', 'k', '\0',
+  /* "comiq.io", true */ 'c', 'o', 'm', 'i', 'q', '.', 'i', 'o', '\0',
+  /* "comiteaintriathlon.fr", true */ 'c', 'o', 'm', 'i', 't', 'e', 'a', 'i', 'n', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "comm.cx", true */ 'c', 'o', 'm', 'm', '.', 'c', 'x', '\0',
+  /* "commania.co.kr", true */ 'c', 'o', 'm', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "commechezvous.ch", true */ 'c', 'o', 'm', 'm', 'e', 'c', 'h', 'e', 'z', 'v', 'o', 'u', 's', '.', 'c', 'h', '\0',
+  /* "commencepayments.com", true */ 'c', 'o', 'm', 'm', 'e', 'n', 'c', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "commitsandrebases.com", true */ 'c', 'o', 'm', 'm', 'i', 't', 's', 'a', 'n', 'd', 'r', 'e', 'b', 'a', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "common.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "commoncode.com.au", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "commoncode.io", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "commoncore4kids.com", true */ 'c', 'o', 'm', 'm', 'o', 'n', 'c', 'o', 'r', 'e', '4', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "community-cupboard.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '-', 'c', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "communityblog.fedoraproject.org", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'b', 'l', 'o', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "communitycodeofconduct.com", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'd', 'e', 'o', 'f', 'c', 'o', 'n', 'd', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "communityflow.info", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 'f', 'l', 'o', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "communote.net", true */ 'c', 'o', 'm', 'm', 'u', 'n', 'o', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "comodesinflamarlashemorroides.org", true */ 'c', 'o', 'm', 'o', 'd', 'e', 's', 'i', 'n', 'f', 'l', 'a', 'm', 'a', 'r', 'l', 'a', 's', 'h', 'e', 'm', 'o', 'r', 'r', 'o', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "comodo.nl", true */ 'c', 'o', 'm', 'o', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "comodormirmasrapido.com", true */ 'c', 'o', 'm', 'o', 'd', 'o', 'r', 'm', 'i', 'r', 'm', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "comogene.com", true */ 'c', 'o', 'm', 'o', 'g', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comohacerelamoraunhombrenet.com", true */ 'c', 'o', 'm', 'o', 'h', 'a', 'c', 'e', 'r', 'e', 'l', 'a', 'm', 'o', 'r', 'a', 'u', 'n', 'h', 'o', 'm', 'b', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "comopuededejardefumar.net", true */ 'c', 'o', 'm', 'o', 'p', 'u', 'e', 'd', 'e', 'd', 'e', 'j', 'a', 'r', 'd', 'e', 'f', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "comoquitarlasestriasrapidamente.com", true */ 'c', 'o', 'm', 'o', 'q', 'u', 'i', 't', 'a', 'r', 'l', 'a', 's', 'e', 's', 't', 'r', 'i', 'a', 's', 'r', 'a', 'p', 'i', 'd', 'a', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "comorecuperaratumujerpdf.com", true */ 'c', 'o', 'm', 'o', 'r', 'e', 'c', 'u', 'p', 'e', 'r', 'a', 'r', 'a', 't', 'u', 'm', 'u', 'j', 'e', 'r', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "comp2go.com.au", true */ 'c', 'o', 'm', 'p', '2', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "compagnia-buffo.de", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'a', '-', 'b', 'u', 'f', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "compagniemartin.com", true */ 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "comparatif-moto.fr", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'a', 't', 'i', 'f', '-', 'm', 'o', 't', 'o', '.', 'f', 'r', '\0',
+  /* "compareandrecycle.com", false */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'a', 'n', 'd', 'r', 'e', 'c', 'y', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "compareinsurance.com.au", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "comparesoft.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "comparexcloudcenter.com", true */ 'c', 'o', 'm', 'p', 'a', 'r', 'e', 'x', 'c', 'l', 'o', 'u', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "compartir.party", true */ 'c', 'o', 'm', 'p', 'a', 'r', 't', 'i', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "compassdirectportal.com", true */ 'c', 'o', 'm', 'p', 'a', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "compeuphoria.com", true */ 'c', 'o', 'm', 'p', 'e', 'u', 'p', 'h', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "comphare.nl", true */ 'c', 'o', 'm', 'p', 'h', 'a', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "compibus.fr", true */ 'c', 'o', 'm', 'p', 'i', 'b', 'u', 's', '.', 'f', 'r', '\0',
+  /* "compilenix.org", true */ 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "completefloorcoverings.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'f', 'l', 'o', 'o', 'r', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "completesecurityessex.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "completesecurityessex.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "completionist.me", true */ 'c', 'o', 'm', 'p', 'l', 'e', 't', 'i', 'o', 'n', 'i', 's', 't', '.', 'm', 'e', '\0',
+  /* "complex-organization.com", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'z', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "complexart.ro", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'a', 'r', 't', '.', 'r', 'o', '\0',
+  /* "complexsystems.fail", true */ 'c', 'o', 'm', 'p', 'l', 'e', 'x', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "compliance-management.ch", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'h', '\0',
+  /* "compliance-systeme.de", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "compliancedictionary.com", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'd', 'i', 'c', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "compliancerisksoftware.co.uk", true */ 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', 'r', 'i', 's', 'k', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "compostatebien.com.ar", true */ 'c', 'o', 'm', 'p', 'o', 's', 't', 'a', 't', 'e', 'b', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "compraneta.com", false */ 'c', 'o', 'm', 'p', 'r', 'a', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "compreautomacao.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "compredietlight.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'd', 'i', 'e', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "comprefitasadere.com.br", true */ 'c', 'o', 'm', 'p', 'r', 'e', 'f', 'i', 't', 'a', 's', 'a', 'd', 'e', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "compubench.com", true */ 'c', 'o', 'm', 'p', 'u', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "compucastell.ch", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'a', 's', 't', 'e', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "compucorner.mx", true */ 'c', 'o', 'm', 'p', 'u', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'm', 'x', '\0',
+  /* "compuplast.cz", true */ 'c', 'o', 'm', 'p', 'u', 'p', 'l', 'a', 's', 't', '.', 'c', 'z', '\0',
+  /* "computehealth.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "computer-acquisti.com", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "computeracademy.co.za", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "computerassistance.co.uk", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "computerbase.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'b', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "computeremergency.com.au", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "computerhilfe-feucht.de", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'h', 'i', 'l', 'f', 'e', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "computernetwerkwestland.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'n', 'e', 't', 'w', 'e', 'r', 'k', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "computerslotopschool.nl", true */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'l', 'o', 't', 'o', 'p', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "computersystems.guru", false */ 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "comssa.org.au", true */ 'c', 'o', 'm', 's', 's', 'a', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "comunidadmontepinar.es", true */ 'c', 'o', 'm', 'u', 'n', 'i', 'd', 'a', 'd', 'm', 'o', 'n', 't', 'e', 'p', 'i', 'n', 'a', 'r', '.', 'e', 's', '\0',
+  /* "comw.cc", true */ 'c', 'o', 'm', 'w', '.', 'c', 'c', '\0',
+  /* "conalcorp.com", true */ 'c', 'o', 'n', 'a', 'l', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "conaudisa.com", false */ 'c', 'o', 'n', 'a', 'u', 'd', 'i', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "concept-web.ch", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', '-', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "conceptatelier.de", true */ 'c', 'o', 'n', 'c', 'e', 'p', 't', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "concertengine.com", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "concerto.amsterdam", true */ 'c', 'o', 'n', 'c', 'e', 'r', 't', 'o', '.', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '\0',
+  /* "conciliumnotaire.ca", true */ 'c', 'o', 'n', 'c', 'i', 'l', 'i', 'u', 'm', 'n', 'o', 't', 'a', 'i', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "conclave.global", true */ 'c', 'o', 'n', 'c', 'l', 'a', 'v', 'e', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "concretehermit.com", true */ 'c', 'o', 'n', 'c', 'r', 'e', 't', 'e', 'h', 'e', 'r', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "concursopublico.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 'p', 'u', 'b', 'l', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "concursos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "concursosabertos.com.br", true */ 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', 'a', 'b', 'e', 'r', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "condecom.com.br", true */ 'c', 'o', 'n', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "condepenalba.com", false */ 'c', 'o', 'n', 'd', 'e', 'p', 'e', 'n', 'a', 'l', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "condesaelectronics.com", true */ 'c', 'o', 'n', 'd', 'e', 's', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "condosforcash.com", true */ 'c', 'o', 'n', 'd', 'o', 's', 'f', 'o', 'r', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "condroz-motors.be", true */ 'c', 'o', 'n', 'd', 'r', 'o', 'z', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'b', 'e', '\0',
+  /* "conectalmeria.com", true */ 'c', 'o', 'n', 'e', 'c', 't', 'a', 'l', 'm', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "conejovalleyelectrical.com", true */ 'c', 'o', 'n', 'e', 'j', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "confiancefoundation.org", true */ 'c', 'o', 'n', 'f', 'i', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "confidential.network", true */ 'c', 'o', 'n', 'f', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "config.schokokeks.org", false */ 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "confiwall.de", true */ 'c', 'o', 'n', 'f', 'i', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "conformax.com.br", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "conformist.jp", true */ 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 's', 't', '.', 'j', 'p', '\0',
+  /* "confuddledpenguin.com", true */ 'c', 'o', 'n', 'f', 'u', 'd', 'd', 'l', 'e', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cong5.net", true */ 'c', 'o', 'n', 'g', '5', '.', 'n', 'e', 't', '\0',
+  /* "congineer.com", true */ 'c', 'o', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "congobunkering.com", true */ 'c', 'o', 'n', 'g', 'o', 'b', 'u', 'n', 'k', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "conkret.ch", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'h', '\0',
+  /* "conkret.co.uk", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "conkret.de", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'd', 'e', '\0',
+  /* "conkret.eu", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'e', 'u', '\0',
+  /* "conkret.in", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'i', 'n', '\0',
+  /* "conkret.mobi", true */ 'c', 'o', 'n', 'k', 'r', 'e', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "conmedapps.com", true */ 'c', 'o', 'n', 'm', 'e', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "connect-ed.network", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'e', 'd', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "connect-me.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '-', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "connect.dating", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "connect.facebook.net", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "connectedcare.md", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'm', 'd', '\0',
+  /* "connectmath.com", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "connectmy.car", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'm', 'y', '.', 'c', 'a', 'r', '\0',
+  /* "connectum.eu", true */ 'c', 'o', 'n', 'n', 'e', 'c', 't', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "connext.de", true */ 'c', 'o', 'n', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "connorsmith.co", true */ 'c', 'o', 'n', 'n', 'o', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '\0',
+  /* "connyduck.at", true */ 'c', 'o', 'n', 'n', 'y', 'd', 'u', 'c', 'k', '.', 'a', 't', '\0',
+  /* "conpins.nl", true */ 'c', 'o', 'n', 'p', 'i', 'n', 's', '.', 'n', 'l', '\0',
+  /* "conrad-kostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "conradkostecki.de", true */ 'c', 'o', 'n', 'r', 'a', 'd', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "consciousbrand.co", true */ 'c', 'o', 'n', 's', 'c', 'i', 'o', 'u', 's', 'b', 'r', 'a', 'n', 'd', '.', 'c', 'o', '\0',
+  /* "consejosdehogar.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'h', 'o', 'g', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "consejosdenutricion.com", true */ 'c', 'o', 'n', 's', 'e', 'j', 'o', 's', 'd', 'e', 'n', 'u', 't', 'r', 'i', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "conservados.com.br", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "conservatoriesincornwall.com", true */ 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'i', 'e', 's', 'i', 'n', 'c', 'o', 'r', 'n', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "consideredgifts.com", true */ 'c', 'o', 'n', 's', 'i', 'd', 'e', 'r', 'e', 'd', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "consilium-vitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', '-', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0',
+  /* "consiliumvitae.ch", true */ 'c', 'o', 'n', 's', 'i', 'l', 'i', 'u', 'm', 'v', 'i', 't', 'a', 'e', '.', 'c', 'h', '\0',
+  /* "consill.com", true */ 'c', 'o', 'n', 's', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "console.ninja", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "console.rest", true */ 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'r', 'e', 's', 't', '\0',
+  /* "consommateuraverti.com", true */ 'c', 'o', 'n', 's', 'o', 'm', 'm', 'a', 't', 'e', 'u', 'r', 'a', 'v', 'e', 'r', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "consonare.de", true */ 'c', 'o', 'n', 's', 'o', 'n', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "constancechen.me", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 'c', 'e', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "constant-rough.de", true */ 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '-', 'r', 'o', 'u', 'g', 'h', '.', 'd', 'e', '\0',
+  /* "constructionjobs.com", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "constructive.men", true */ 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 't', 'i', 'v', 'e', '.', 'm', 'e', 'n', '\0',
+  /* "consul.io", true */ 'c', 'o', 'n', 's', 'u', 'l', '.', 'i', 'o', '\0',
+  /* "consultorcr.net", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'c', 'r', '.', 'n', 'e', 't', '\0',
+  /* "consultpetkov.com", true */ 'c', 'o', 'n', 's', 'u', 'l', 't', 'p', 'e', 't', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "consumer.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "consumeractionlawgroup.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'a', 'c', 't', 'i', 'o', 'n', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "consumerfiles.com", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "consumersentinel.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "consumidor.gov", true */ 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "consuwijzer.nl", true */ 'c', 'o', 'n', 's', 'u', 'w', 'i', 'j', 'z', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "content-api-dev.azurewebsites.net", false */ 'c', 'o', 'n', 't', 'e', 'n', 't', '-', 'a', 'p', 'i', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "contentcoms.co.uk", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'c', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "contentpass.net", true */ 'c', 'o', 'n', 't', 'e', 'n', 't', 'p', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "contessa32experience.com", true */ 'c', 'o', 'n', 't', 'e', 's', 's', 'a', '3', '2', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "contextplatform.com", true */ 'c', 'o', 'n', 't', 'e', 'x', 't', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "continuation.io", true */ 'c', 'o', 'n', 't', 'i', 'n', 'u', 'a', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "contrabass.net", true */ 'c', 'o', 'n', 't', 'r', 'a', 'b', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "contractormountain.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "contraspin.co.nz", true */ 'c', 'o', 'n', 't', 'r', 'a', 's', 'p', 'i', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "contratatupoliza.com", true */ 'c', 'o', 'n', 't', 'r', 'a', 't', 'a', 't', 'u', 'p', 'o', 'l', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "contributor.google.com", false */ 'c', 'o', 'n', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "controlarlaansiedad.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'r', 'l', 'a', 'a', 'n', 's', 'i', 'e', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "controlautocom.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'a', 'u', 't', 'o', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "controlbooth.com", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "controle.net", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "controltickets.com.br", true */ 'c', 'o', 'n', 't', 'r', 'o', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "contxt-agentur.de", true */ 'c', 'o', 'n', 't', 'x', 't', '-', 'a', 'g', 'e', 'n', 't', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "conv2pdf.com", true */ 'c', 'o', 'n', 'v', '2', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "convergemagazine.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "convergence.fi", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'e', 'n', 'c', 'e', '.', 'f', 'i', '\0',
+  /* "convergnce.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 'g', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "conversiones.com", true */ 'c', 'o', 'n', 'v', 'e', 'r', 's', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "convert.im", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'i', 'm', '\0',
+  /* "converter.ml", true */ 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'm', 'l', '\0',
+  /* "convexset.org", true */ 'c', 'o', 'n', 'v', 'e', 'x', 's', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "convocatoriafundacionpepsicomexico.org", false */ 'c', 'o', 'n', 'v', 'o', 'c', 'a', 't', 'o', 'r', 'i', 'a', 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'p', 'e', 'p', 's', 'i', 'c', 'o', 'm', 'e', 'x', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "cooker.fr", true */ 'c', 'o', 'o', 'k', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "cookescastles.co.uk", true */ 'c', 'o', 'o', 'k', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cookicons.co", true */ 'c', 'o', 'o', 'k', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "cookie4.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cookieandkate.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'a', 'n', 'd', 'k', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cookiecrook.com", true */ 'c', 'o', 'o', 'k', 'i', 'e', 'c', 'r', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cookiesoft.de", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "cookiestudies.cf", true */ 'c', 'o', 'o', 'k', 'i', 'e', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'f', '\0',
+  /* "cookingbazart.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'b', 'a', 'z', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cookingcrusade.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'c', 'r', 'u', 's', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cookinglife.nl", false */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'l', '\0',
+  /* "cookingreporter.com", true */ 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cookmedical.com", false */ 'c', 'o', 'o', 'k', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cooko.at", true */ 'c', 'o', 'o', 'k', 'o', '.', 'a', 't', '\0',
+  /* "cool-parties.co.uk", true */ 'c', 'o', 'o', 'l', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cool-wallpapers.jp", true */ 'c', 'o', 'o', 'l', '-', 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 's', '.', 'j', 'p', '\0',
+  /* "cool110.tk", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 't', 'k', '\0',
+  /* "cool110.xyz", true */ 'c', 'o', 'o', 'l', '1', '1', '0', '.', 'x', 'y', 'z', '\0',
+  /* "coolattractions.co.uk", true */ 'c', 'o', 'o', 'l', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cooldan.com", true */ 'c', 'o', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "coole-fete.de", true */ 'c', 'o', 'o', 'l', 'e', '-', 'f', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "coolerssr.space", true */ 'c', 'o', 'o', 'l', 'e', 'r', 's', 's', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "coolgifs.de", true */ 'c', 'o', 'o', 'l', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0',
+  /* "coolkidsbouncycastles.co.uk", true */ 'c', 'o', 'o', 'l', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "coolviewthermostat.com", true */ 'c', 'o', 'o', 'l', 'v', 'i', 'e', 'w', 't', 'h', 'e', 'r', 'm', 'o', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coonelnel.net", true */ 'c', 'o', 'o', 'n', 'e', 'l', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "coopens.com", true */ 'c', 'o', 'o', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coore.jp", true */ 'c', 'o', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "coorpacademy.com", true */ 'c', 'o', 'o', 'r', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "copperhead.co", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', '\0',
+  /* "copperheados.com", true */ 'c', 'o', 'p', 'p', 'e', 'r', 'h', 'e', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coptic-treasures.com", true */ 'c', 'o', 'p', 't', 'i', 'c', '-', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coptkm.cz", true */ 'c', 'o', 'p', 't', 'k', 'm', '.', 'c', 'z', '\0',
+  /* "copycrafter.net", true */ 'c', 'o', 'p', 'y', 'c', 'r', 'a', 'f', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "copypoison.com", true */ 'c', 'o', 'p', 'y', 'p', 'o', 'i', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "copyright-watch.org", true */ 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '-', 'w', 'a', 't', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "copytrack.com", true */ 'c', 'o', 'p', 'y', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "corbinhesse.com", true */ 'c', 'o', 'r', 'b', 'i', 'n', 'h', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cordeydesign.ch", true */ 'c', 'o', 'r', 'd', 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "cordis.io", true */ 'c', 'o', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0',
+  /* "cordlessdog.com", true */ 'c', 'o', 'r', 'd', 'l', 'e', 's', 's', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "core-concepts.de", true */ 'c', 'o', 'r', 'e', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', 's', '.', 'd', 'e', '\0',
+  /* "core-networks.de", true */ 'c', 'o', 'r', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "core.org.pt", false */ 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '.', 'p', 't', '\0',
+  /* "coreapm.com", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coreapm.org", true */ 'c', 'o', 'r', 'e', 'a', 'p', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "corecodec.com", true */ 'c', 'o', 'r', 'e', 'c', 'o', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "coredump.gr", true */ 'c', 'o', 'r', 'e', 'd', 'u', 'm', 'p', '.', 'g', 'r', '\0',
+  /* "coreinfrastructure.org", true */ 'c', 'o', 'r', 'e', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "coreless-stretchfilm.com", true */ 'c', 'o', 'r', 'e', 'l', 'e', 's', 's', '-', 's', 't', 'r', 'e', 't', 'c', 'h', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "corepartners.com.ua", true */ 'c', 'o', 'r', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "coresolutions.ca", true */ 'c', 'o', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "coresos.com", true */ 'c', 'o', 'r', 'e', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "coreum.ca", true */ 'c', 'o', 'r', 'e', 'u', 'm', '.', 'c', 'a', '\0',
+  /* "coreyjmahler.com", true */ 'c', 'o', 'r', 'e', 'y', 'j', 'm', 'a', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "corgi.party", true */ 'c', 'o', 'r', 'g', 'i', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "coribi.com", true */ 'c', 'o', 'r', 'i', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "corisu.co", true */ 'c', 'o', 'r', 'i', 's', 'u', '.', 'c', 'o', '\0',
+  /* "corksoncolumbus.com", true */ 'c', 'o', 'r', 'k', 's', 'o', 'n', 'c', 'o', 'l', 'u', 'm', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corlija.com", true */ 'c', 'o', 'r', 'l', 'i', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "corlinde.nl", true */ 'c', 'o', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "corlitocaffe.de", true */ 'c', 'o', 'r', 'l', 'i', 't', 'o', 'c', 'a', 'f', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "cornercircle.co.uk", true */ 'c', 'o', 'r', 'n', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "corniche.com", true */ 'c', 'o', 'r', 'n', 'i', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "corningcu.org", true */ 'c', 'o', 'r', 'n', 'i', 'n', 'g', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "cornodo.com", true */ 'c', 'o', 'r', 'n', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "corona-academy.com", true */ 'c', 'o', 'r', 'o', 'n', 'a', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "corpfin.net", true */ 'c', 'o', 'r', 'p', 'f', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "corpio.nl", true */ 'c', 'o', 'r', 'p', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "corpkitnw.com", true */ 'c', 'o', 'r', 'p', 'k', 'i', 't', 'n', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "corporatecomputingsolutions.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corporateinfluencers.com", true */ 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "corpulant.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "corpulantcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'a', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "corpulent.coffee", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "corpulentcoffee.com", true */ 'c', 'o', 'r', 'p', 'u', 'l', 'e', 'n', 't', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "correiodovale.com.br", true */ 'c', 'o', 'r', 'r', 'e', 'i', 'o', 'd', 'o', 'v', 'a', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "corrupted.io", true */ 'c', 'o', 'r', 'r', 'u', 'p', 't', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "corsa-b.uk", true */ 'c', 'o', 'r', 's', 'a', '-', 'b', '.', 'u', 'k', '\0',
+  /* "cortexitrecruitment.com", true */ 'c', 'o', 'r', 't', 'e', 'x', 'i', 't', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cortis-consulting.ch", true */ 'c', 'o', 'r', 't', 'i', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "cortisolsupplement.com", true */ 'c', 'o', 'r', 't', 'i', 's', 'o', 'l', 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "corvus.eu.org", true */ 'c', 'o', 'r', 'v', 'u', 's', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "coryadum.com", true */ 'c', 'o', 'r', 'y', 'a', 'd', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "corytyburski.com", true */ 'c', 'o', 'r', 'y', 't', 'y', 'b', 'u', 'r', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "corzntin.fr", true */ 'c', 'o', 'r', 'z', 'n', 't', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "cosirex.com", true */ 'c', 'o', 's', 'i', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "coslinker.com", true */ 'c', 'o', 's', 'l', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticappraisal.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 'p', 'p', 'r', 'a', 'i', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticasimple.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'a', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticos-naturales.com", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '-', 'n', 'a', 't', 'u', 'r', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cosmeticosnet.com.br", true */ 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cosmiatria.pe", true */ 'c', 'o', 's', 'm', 'i', 'a', 't', 'r', 'i', 'a', '.', 'p', 'e', '\0',
+  /* "cosmodacollection.com", true */ 'c', 'o', 's', 'm', 'o', 'd', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cosmofunnel.com", true */ 'c', 'o', 's', 'm', 'o', 'f', 'u', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cosmoluziluminacion.com", true */ 'c', 'o', 's', 'm', 'o', 'l', 'u', 'z', 'i', 'l', 'u', 'm', 'i', 'n', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cosmundi.de", true */ 'c', 'o', 's', 'm', 'u', 'n', 'd', 'i', '.', 'd', 'e', '\0',
+  /* "cosni.co", true */ 'c', 'o', 's', 'n', 'i', '.', 'c', 'o', '\0',
+  /* "cospol.ch", true */ 'c', 'o', 's', 'p', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "costa-rica-reisen.ch", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "costa-rica-reisen.de", true */ 'c', 'o', 's', 't', 'a', '-', 'r', 'i', 'c', 'a', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "costablancavoorjou.com", true */ 'c', 'o', 's', 't', 'a', 'b', 'l', 'a', 'n', 'c', 'a', 'v', 'o', 'o', 'r', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "costinstefan.eu", true */ 'c', 'o', 's', 't', 'i', 'n', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "costreportdata.com", false */ 'c', 'o', 's', 't', 'r', 'e', 'p', 'o', 'r', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "costulessdirect.com", true */ 'c', 'o', 's', 't', 'u', 'l', 'e', 's', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "coteries.com", true */ 'c', 'o', 't', 'e', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cotonea.de", true */ 'c', 'o', 't', 'o', 'n', 'e', 'a', '.', 'd', 'e', '\0',
+  /* "cotonmusic.ch", true */ 'c', 'o', 't', 'o', 'n', 'm', 'u', 's', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "cotta.dk", true */ 'c', 'o', 't', 't', 'a', '.', 'd', 'k', '\0',
+  /* "cotwe-ge.ch", true */ 'c', 'o', 't', 'w', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "cougar.dating", true */ 'c', 'o', 'u', 'g', 'a', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "counselling.network", true */ 'c', 'o', 'u', 'n', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "counstellor.com", true */ 'c', 'o', 'u', 'n', 's', 't', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "counter-team.ch", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "counterglobal.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countermail.com", true */ 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countingto.one", true */ 'c', 'o', 'u', 'n', 't', 'i', 'n', 'g', 't', 'o', '.', 'o', 'n', 'e', '\0',
+  /* "countryattire.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'a', 't', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "countrybrewer.com.au", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'b', 'r', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "countryhouseresort.com", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "countryoutlaws.ca", true */ 'c', 'o', 'u', 'n', 't', 'r', 'y', 'o', 'u', 't', 'l', 'a', 'w', 's', '.', 'c', 'a', '\0',
+  /* "countybankdel.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'b', 'a', 'n', 'k', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "countyjailinmatesearch.com", true */ 'c', 'o', 'u', 'n', 't', 'y', 'j', 'a', 'i', 'l', 'i', 'n', 'm', 'a', 't', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "coup-dun-soir.ch", true */ 'c', 'o', 'u', 'p', '-', 'd', 'u', 'n', '-', 's', 'o', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "coupe-bordure.com", true */ 'c', 'o', 'u', 'p', 'e', '-', 'b', 'o', 'r', 'd', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "couponcodesme.com", true */ 'c', 'o', 'u', 'p', 'o', 'n', 'c', 'o', 'd', 'e', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cour4g3.me", true */ 'c', 'o', 'u', 'r', '4', 'g', '3', '.', 'm', 'e', '\0',
+  /* "couragefound.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'f', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "courageousparentsnetwork.org", true */ 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'o', 'u', 's', 'p', 'a', 'r', 'e', 'n', 't', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "course.pp.ua", true */ 'c', 'o', 'u', 'r', 's', 'e', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "coursera.org", true */ 'c', 'o', 'u', 'r', 's', 'e', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "courses.nl", true */ 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'n', 'l', '\0',
+  /* "courseworkbank.info", true */ 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', 'b', 'a', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "courtlistener.com", true */ 'c', 'o', 'u', 'r', 't', 'l', 'i', 's', 't', 'e', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cousincouples.com", true */ 'c', 'o', 'u', 's', 'i', 'n', 'c', 'o', 'u', 'p', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "covbounce.co.uk", true */ 'c', 'o', 'v', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cove.sh", true */ 'c', 'o', 'v', 'e', '.', 's', 'h', '\0',
+  /* "covenantoftheriver.org", true */ 'c', 'o', 'v', 'e', 'n', 'a', 'n', 't', 'o', 'f', 't', 'h', 'e', 'r', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "covermytrip.com.au", true */ 'c', 'o', 'v', 'e', 'r', 'm', 'y', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "covershousing.nl", true */ 'c', 'o', 'v', 'e', 'r', 's', 'h', 'o', 'u', 's', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "covery.ai", true */ 'c', 'o', 'v', 'e', 'r', 'y', '.', 'a', 'i', '\0',
+  /* "covoiturage.fr", false */ 'c', 'o', 'v', 'o', 'i', 't', 'u', 'r', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "covve.com", true */ 'c', 'o', 'v', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "covybrat.cz", true */ 'c', 'o', 'v', 'y', 'b', 'r', 'a', 't', '.', 'c', 'z', '\0',
+  /* "cowbird.org", true */ 'c', 'o', 'w', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "cowboyim.com", true */ 'c', 'o', 'w', 'b', 'o', 'y', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "coweo.cz", true */ 'c', 'o', 'w', 'e', 'o', '.', 'c', 'z', '\0',
+  /* "coworkingmanifesto.com", true */ 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cozmaadrian.ro", true */ 'c', 'o', 'z', 'm', 'a', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'r', 'o', '\0',
+  /* "cozy.io", true */ 'c', 'o', 'z', 'y', '.', 'i', 'o', '\0',
+  /* "cozycloud.cc", true */ 'c', 'o', 'z', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0',
+  /* "cozyeggdesigns.com", true */ 'c', 'o', 'z', 'y', 'e', 'g', 'g', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cpbanq.com", true */ 'c', 'p', 'b', 'a', 'n', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "cpbapremiocaduceo.com.ar", true */ 'c', 'p', 'b', 'a', 'p', 'r', 'e', 'm', 'i', 'o', 'c', 'a', 'd', 'u', 'c', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "cpcheats.co", true */ 'c', 'p', 'c', 'h', 'e', 'a', 't', 's', '.', 'c', 'o', '\0',
+  /* "cphpvb.net", true */ 'c', 'p', 'h', 'p', 'v', 'b', '.', 'n', 'e', 't', '\0',
+  /* "cplusplus.se", true */ 'c', 'p', 'l', 'u', 's', 'p', 'l', 'u', 's', '.', 's', 'e', '\0',
+  /* "cppan.org", true */ 'c', 'p', 'p', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cppressinc.com", true */ 'c', 'p', 'p', 'r', 'e', 's', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cpqcol.gov.co", true */ 'c', 'p', 'q', 'c', 'o', 'l', '.', 'g', 'o', 'v', '.', 'c', 'o', '\0',
+  /* "cprnearme.com", true */ 'c', 'p', 'r', 'n', 'e', 'a', 'r', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cptoon.com", true */ 'c', 'p', 't', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cpvmatch.eu", true */ 'c', 'p', 'v', 'm', 'a', 't', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "cpy.pt", true */ 'c', 'p', 'y', '.', 'p', 't', '\0',
+  /* "cqchome.com", true */ 'c', 'q', 'c', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cqn.ch", true */ 'c', 'q', 'n', '.', 'c', 'h', '\0',
+  /* "cr.search.yahoo.com", false */ 'c', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "crackcat.de", true */ 'c', 'r', 'a', 'c', 'k', 'c', 'a', 't', '.', 'd', 'e', '\0',
+  /* "cracker.in.th", true */ 'c', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "crackle.io", true */ 'c', 'r', 'a', 'c', 'k', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "crackorsquad.in", true */ 'c', 'r', 'a', 'c', 'k', 'o', 'r', 's', 'q', 'u', 'a', 'd', '.', 'i', 'n', '\0',
+  /* "crackstation.net", true */ 'c', 'r', 'a', 'c', 'k', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "cradlepointecm.com", true */ 'c', 'r', 'a', 'd', 'l', 'e', 'p', 'o', 'i', 'n', 't', 'e', 'c', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "craftandbuild.de", true */ 'c', 'r', 'a', 'f', 't', 'a', 'n', 'd', 'b', 'u', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "craftcms.com", false */ 'c', 'r', 'a', 'f', 't', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "craftcommerce.com", true */ 'c', 'r', 'a', 'f', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "craftination.net", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "craftinginredlipstick.com", true */ 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', 'i', 'n', 'r', 'e', 'd', 'l', 'i', 'p', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "craftmine.cz", true */ 'c', 'r', 'a', 'f', 't', 'm', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "craftwmcp.xyz", true */ 'c', 'r', 'a', 'f', 't', 'w', 'm', 'c', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "craftyguy.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'g', 'u', 'y', '.', 'n', 'e', 't', '\0',
+  /* "craftyphotons.net", true */ 'c', 'r', 'a', 'f', 't', 'y', 'p', 'h', 'o', 't', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "crag.com.tw", true */ 'c', 'r', 'a', 'g', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "craigbates.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'b', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "craigfrancis.co.uk", true */ 'c', 'r', 'a', 'i', 'g', 'f', 'r', 'a', 'n', 'c', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "craigrouse.com", true */ 'c', 'r', 'a', 'i', 'g', 'r', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "craigwfox.com", true */ 'c', 'r', 'a', 'i', 'g', 'w', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cralarm.de", true */ 'c', 'r', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "crandall.io", true */ 'c', 'r', 'a', 'n', 'd', 'a', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "cranesafe.com", true */ 'c', 'r', 'a', 'n', 'e', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cranforddental.com", true */ 'c', 'r', 'a', 'n', 'f', 'o', 'r', 'd', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crapouill.es", true */ 'c', 'r', 'a', 'p', 'o', 'u', 'i', 'l', 'l', '.', 'e', 's', '\0',
+  /* "crashsec.com", true */ 'c', 'r', 'a', 's', 'h', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "crawcial.de", true */ 'c', 'r', 'a', 'w', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "crawfordcountytcc.org", true */ 'c', 'r', 'a', 'w', 'f', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'y', 't', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "crawl.report", true */ 'c', 'r', 'a', 'w', 'l', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "crawleybouncycastles.co.uk", true */ 'c', 'r', 'a', 'w', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crazycastles.ie", true */ 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "crazydomains.ae", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'a', 'e', '\0',
+  /* "crazydomains.co.nz", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "crazydomains.co.uk", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crazydomains.com.au", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "crazydomains.in", true */ 'c', 'r', 'a', 'z', 'y', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'i', 'n', '\0',
+  /* "crazymeeshu.com", true */ 'c', 'r', 'a', 'z', 'y', 'm', 'e', 'e', 's', 'h', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "crazypaul.com", true */ 'c', 'r', 'a', 'z', 'y', 'p', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crbug.com", true */ 'c', 'r', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "crdmendoza.net", true */ 'c', 'r', 'd', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "crea-etc.net", true */ 'c', 'r', 'e', 'a', '-', 'e', 't', 'c', '.', 'n', 'e', 't', '\0',
+  /* "crea-shops.ch", true */ 'c', 'r', 'e', 'a', '-', 's', 'h', 'o', 'p', 's', '.', 'c', 'h', '\0',
+  /* "crea.bg", true */ 'c', 'r', 'e', 'a', '.', 'b', 'g', '\0',
+  /* "crea.me", true */ 'c', 'r', 'e', 'a', '.', 'm', 'e', '\0',
+  /* "creadstudy.com", true */ 'c', 'r', 'e', 'a', 'd', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creamcastles.co.uk", true */ 'c', 'r', 'e', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "create-ls.jp", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 'l', 's', '.', 'j', 'p', '\0',
+  /* "create-together.nl", true */ 'c', 'r', 'e', 'a', 't', 'e', '-', 't', 'o', 'g', 'e', 't', 'h', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "createursdefilms.com", true */ 'c', 'r', 'e', 'a', 't', 'e', 'u', 'r', 's', 'd', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creation-contemporaine.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '-', 'c', 'o', 'n', 't', 'e', 'm', 'p', 'o', 'r', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "creations-edita.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '-', 'e', 'd', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "creative-coder.de", false */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "creativebites.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'b', 'i', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "creativecaptiv.es", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'a', 'p', 't', 'i', 'v', '.', 'e', 's', '\0',
+  /* "creativecommons.cl", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'l', '\0',
+  /* "creativecommons.gr", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'g', 'r', '\0',
+  /* "creativecommons.org", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "creativedigital.co.nz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "creativefreedom.ca", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'c', 'a', '\0',
+  /* "creativeink.de", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "creativekkids.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'k', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creativelaw.eu", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'w', '.', 'e', 'u', '\0',
+  /* "creativeliquid.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "creativesprite.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'p', 'r', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "creativesurvey.com", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creativeweb.biz", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'e', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "creativewolf.net", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'o', 'l', 'f', '.', 'n', 'e', 't', '\0',
+  /* "creativlabor.ch", true */ 'c', 'r', 'e', 'a', 't', 'i', 'v', 'l', 'a', 'b', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "creators-design.com", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "creators.co", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '\0',
+  /* "creators.direct", true */ 'c', 'r', 'e', 'a', 't', 'o', 'r', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', '\0',
+  /* "credential.eu", true */ 'c', 'r', 'e', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "credex.bg", true */ 'c', 'r', 'e', 'd', 'e', 'x', '.', 'b', 'g', '\0',
+  /* "crediteo.pl", true */ 'c', 'r', 'e', 'd', 'i', 't', 'e', 'o', '.', 'p', 'l', '\0',
+  /* "creditkarma.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "creditos-rapidos.com", true */ 'c', 'r', 'e', 'd', 'i', 't', 'o', 's', '-', 'r', 'a', 'p', 'i', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creditproautos.com", false */ 'c', 'r', 'e', 'd', 'i', 't', 'p', 'r', 'o', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creeks-coworking.com", true */ 'c', 'r', 'e', 'e', 'k', 's', '-', 'c', 'o', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "creep.im", true */ 'c', 'r', 'e', 'e', 'p', '.', 'i', 'm', '\0',
+  /* "creepycraft.nl", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0',
+  /* "creepypastas.com", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "creepypastas.net", true */ 'c', 'r', 'e', 'e', 'p', 'y', 'p', 'a', 's', 't', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "creerunsitepro.com", true */ 'c', 'r', 'e', 'e', 'r', 'u', 'n', 's', 'i', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "crefelder.com", true */ 'c', 'r', 'e', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crem.in", true */ 'c', 'r', 'e', 'm', '.', 'i', 'n', '\0',
+  /* "crena.ch", true */ 'c', 'r', 'e', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "crepa.ch", true */ 'c', 'r', 'e', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "crepererum.net", true */ 'c', 'r', 'e', 'p', 'e', 'r', 'e', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "crescent.gr.jp", true */ 'c', 'r', 'e', 's', 'c', 'e', 'n', 't', '.', 'g', 'r', '.', 'j', 'p', '\0',
+  /* "crestasantos.com", true */ 'c', 'r', 'e', 's', 't', 'a', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cretdupuy.com", true */ 'c', 'r', 'e', 't', 'd', 'u', 'p', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "creusalp.ch", true */ 'c', 'r', 'e', 'u', 's', 'a', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "crewplanner.eu", true */ 'c', 'r', 'e', 'w', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "crge.eu", true */ 'c', 'r', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "crgm.net", true */ 'c', 'r', 'g', 'm', '.', 'n', 'e', 't', '\0',
+  /* "criadorespet.com.br", true */ 'c', 'r', 'i', 'a', 'd', 'o', 'r', 'e', 's', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "criena.com", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "criena.net", true */ 'c', 'r', 'i', 'e', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "criminal-attorney.ru", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'r', 'u', '\0',
+  /* "criminal.enterprises", true */ 'c', 'r', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0',
+  /* "crimson.no", true */ 'c', 'r', 'i', 'm', 's', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "crip-usk.ba", true */ 'c', 'r', 'i', 'p', '-', 'u', 's', 'k', '.', 'b', 'a', '\0',
+  /* "crisisactual.com", true */ 'c', 'r', 'i', 's', 'i', 's', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crisp.chat", true */ 'c', 'r', 'i', 's', 'p', '.', 'c', 'h', 'a', 't', '\0',
+  /* "crisp.im", true */ 'c', 'r', 'i', 's', 'p', '.', 'i', 'm', '\0',
+  /* "cristarta.com", true */ 'c', 'r', 'i', 's', 't', 'a', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cristau.org", true */ 'c', 'r', 'i', 's', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "critcola.com", true */ 'c', 'r', 'i', 't', 'c', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "critical.today", false */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "criticalsurveys.co.uk", true */ 'c', 'r', 'i', 't', 'i', 'c', 'a', 'l', 's', 'u', 'r', 'v', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crizin.io", true */ 'c', 'r', 'i', 'z', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "crl-autos.com", true */ 'c', 'r', 'l', '-', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crm.onlime.ch", false */ 'c', 'r', 'm', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "croixblanche-haguenau.fr", true */ 'c', 'r', 'o', 'i', 'x', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '-', 'h', 'a', 'g', 'u', 'e', 'n', 'a', 'u', '.', 'f', 'r', '\0',
+  /* "cronix.cc", true */ 'c', 'r', 'o', 'n', 'i', 'x', '.', 'c', 'c', '\0',
+  /* "cronometer.com", true */ 'c', 'r', 'o', 'n', 'o', 'm', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crop-alert.com", true */ 'c', 'r', 'o', 'p', '-', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "croquette.net", true */ 'c', 'r', 'o', 'q', 'u', 'e', 't', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "crosbug.com", true */ 'c', 'r', 'o', 's', 'b', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cross-led-sign.com", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'e', 'd', '-', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cross-link.ch", true */ 'c', 'r', 'o', 's', 's', '-', 'l', 'i', 'n', 'k', '.', 'c', 'h', '\0',
+  /* "cross-view.com", true */ 'c', 'r', 'o', 's', 's', '-', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "cross-x.com", true */ 'c', 'r', 'o', 's', 's', '-', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "crossborderreturns.com", true */ 'c', 'r', 'o', 's', 's', 'b', 'o', 'r', 'd', 'e', 'r', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crosscom.ch", true */ 'c', 'r', 'o', 's', 's', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "crossfitblackwater.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'i', 't', 'b', 'l', 'a', 'c', 'k', 'w', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "crossfunctional.com", true */ 'c', 'r', 'o', 's', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crossorig.in", true */ 'c', 'r', 'o', 's', 's', 'o', 'r', 'i', 'g', '.', 'i', 'n', '\0',
+  /* "crosspeakoms.com", true */ 'c', 'r', 'o', 's', 's', 'p', 'e', 'a', 'k', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crosssellguide.com", true */ 'c', 'r', 'o', 's', 's', 's', 'e', 'l', 'l', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "crow.tw", true */ 'c', 'r', 'o', 'w', '.', 't', 'w', '\0',
+  /* "crowdbox.net", true */ 'c', 'r', 'o', 'w', 'd', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "crowdliminal.com", true */ 'c', 'r', 'o', 'w', 'd', 'l', 'i', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crowdsupply.com", true */ 'c', 'r', 'o', 'w', 'd', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "crownbouncycastlehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crowncastles.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crownmarqueehire.co.uk", true */ 'c', 'r', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "croydonapartments.com.au", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "croydonbouncycastles.co.uk", true */ 'c', 'r', 'o', 'y', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "crrev.com", true */ 'c', 'r', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "crstat.ru", true */ 'c', 'r', 's', 't', 'a', 't', '.', 'r', 'u', '\0',
+  /* "crt.sh", true */ 'c', 'r', 't', '.', 's', 'h', '\0',
+  /* "crt2014-2024review.gov", true */ 'c', 'r', 't', '2', '0', '1', '4', '-', '2', '0', '2', '4', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "crumbcontrol.com", true */ 'c', 'r', 'u', 'm', 'b', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "crunchy.rocks", true */ 'c', 'r', 'u', 'n', 'c', 'h', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "crushroom.com", true */ 'c', 'r', 'u', 's', 'h', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "crustytoothpaste.net", true */ 'c', 'r', 'u', 's', 't', 'y', 't', 'o', 'o', 't', 'h', 'p', 'a', 's', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "crute.me", true */ 'c', 'r', 'u', 't', 'e', '.', 'm', 'e', '\0',
+  /* "cruzeiropedia.org", true */ 'c', 'r', 'u', 'z', 'e', 'i', 'r', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "crvv.me", true */ 'c', 'r', 'v', 'v', '.', 'm', 'e', '\0',
+  /* "cry.nu", false */ 'c', 'r', 'y', '.', 'n', 'u', '\0',
+  /* "cryoit.com", true */ 'c', 'r', 'y', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cryothanasia.com", true */ 'c', 'r', 'y', 'o', 't', 'h', 'a', 'n', 'a', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cryp.no", true */ 'c', 'r', 'y', 'p', '.', 'n', 'o', '\0',
+  /* "crypalert.com", true */ 'c', 'r', 'y', 'p', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "crypt.is-by.us", true */ 'c', 'r', 'y', 'p', 't', '.', 'i', 's', '-', 'b', 'y', '.', 'u', 's', '\0',
+  /* "cryptearth.de", true */ 'c', 'r', 'y', 'p', 't', 'e', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "crypted.chat", true */ 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'c', 'h', 'a', 't', '\0',
+  /* "crypto-armory.com", true */ 'c', 'r', 'y', 'p', 't', 'o', '-', 'a', 'r', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "crypto.cat", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'c', 'a', 't', '\0',
+  /* "crypto.graphics", true */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0',
+  /* "crypto.is", false */ 'c', 'r', 'y', 'p', 't', 'o', '.', 'i', 's', '\0',
+  /* "cryptobells.com", false */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cryptobin.co", true */ 'c', 'r', 'y', 'p', 't', 'o', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "cryptocon.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cryptofan.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'f', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "cryptography.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "cryptography.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'i', 'o', '\0',
+  /* "cryptoisnotacrime.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "cryptojourney.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cryptology.ch", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "cryptolosophy.io", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'i', 'o', '\0',
+  /* "cryptolosophy.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cryptonom.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "cryptonym.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'n', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "cryptoparty.at", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'a', 't', '\0',
+  /* "cryptoparty.dk", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'd', 'k', '\0',
+  /* "cryptopartyutah.org", true */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'a', 'r', 't', 'y', 'u', 't', 'a', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "cryptophobia.nl", false */ 'c', 'r', 'y', 'p', 't', 'o', 'p', 'h', 'o', 'b', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "cryptorival.com", true */ 'c', 'r', 'y', 'p', 't', 'o', 'r', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cryptoseb.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'e', 'b', '.', 'p', 'w', '\0',
+  /* "cryptoshot.pw", true */ 'c', 'r', 'y', 'p', 't', 'o', 's', 'h', 'o', 't', '.', 'p', 'w', '\0',
+  /* "cryptract.co", true */ 'c', 'r', 'y', 'p', 't', 'r', 'a', 'c', 't', '.', 'c', 'o', '\0',
+  /* "crystalchandelierservices.com", true */ 'c', 'r', 'y', 's', 't', 'a', 'l', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "crystone.me", true */ 'c', 'r', 'y', 's', 't', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "cs-colorscreed-betongulve.dk", true */ 'c', 's', '-', 'c', 'o', 'l', 'o', 'r', 's', 'c', 'r', 'e', 'e', 'd', '-', 'b', 'e', 't', 'o', 'n', 'g', 'u', 'l', 'v', 'e', '.', 'd', 'k', '\0',
+  /* "cs2016.ch", true */ 'c', 's', '2', '0', '1', '6', '.', 'c', 'h', '\0',
+  /* "csabg.org", true */ 'c', 's', 'a', 'b', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "csacongress.org", true */ 'c', 's', 'a', 'c', 'o', 'n', 'g', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "csbs.fr", true */ 'c', 's', 'b', 's', '.', 'f', 'r', '\0',
+  /* "cscau.com", true */ 'c', 's', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "csengle.de", true */ 'c', 's', 'e', 'n', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "csfd.cz", true */ 'c', 's', 'f', 'd', '.', 'c', 'z', '\0',
+  /* "csfloors.co.uk", true */ 'c', 's', 'f', 'l', 'o', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "csfm.com", true */ 'c', 's', 'f', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "csgo.help", true */ 'c', 's', 'g', 'o', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "csgo.su", true */ 'c', 's', 'g', 'o', '.', 's', 'u', '\0',
+  /* "csgogamers.com", false */ 'c', 's', 'g', 'o', 'g', 'a', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "csgohandouts.com", true */ 'c', 's', 'g', 'o', 'h', 'a', 'n', 'd', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "csgotwister.com", true */ 'c', 's', 'g', 'o', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "csharpmarc.net", true */ 'c', 's', 'h', 'a', 'r', 'p', 'm', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "cshopify.com", true */ 'c', 's', 'h', 'o', 'p', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "csilies.de", true */ 'c', 's', 'i', 'l', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "csinterstargeneve.ch", true */ 'c', 's', 'i', 'n', 't', 'e', 'r', 's', 't', 'a', 'r', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "cskentertainment.co.uk", true */ 'c', 's', 'k', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "csmainframe.com", true */ 'c', 's', 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "csokolade.hu", true */ 'c', 's', 'o', 'k', 'o', 'l', 'a', 'd', 'e', '.', 'h', 'u', '\0',
+  /* "csp.ch", true */ 'c', 's', 'p', '.', 'c', 'h', '\0',
+  /* "cspvalidator.org", true */ 'c', 's', 'p', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "csru.net", true */ 'c', 's', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "css.net", true */ 'c', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "cssai.eu", true */ 'c', 's', 's', 'a', 'i', '.', 'e', 'u', '\0',
+  /* "cssaunion.com", true */ 'c', 's', 's', 'a', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "cstb.ch", true */ 'c', 's', 't', 'b', '.', 'c', 'h', '\0',
+  /* "cstp-marketing.com", true */ 'c', 's', 't', 'p', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ct.search.yahoo.com", false */ 'c', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cthomas.work", true */ 'c', 't', 'h', 'o', 'm', 'a', 's', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "ctliu.com", true */ 'c', 't', 'l', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ctnguyen.de", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ctnguyen.net", true */ 'c', 't', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ctns.de", true */ 'c', 't', 'n', 's', '.', 'd', 'e', '\0',
+  /* "ctoforhire.com.au", true */ 'c', 't', 'o', 'f', 'o', 'r', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ctomp.io", true */ 'c', 't', 'o', 'm', 'p', '.', 'i', 'o', '\0',
+  /* "ctpe.net", true */ 'c', 't', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ctrld.me", true */ 'c', 't', 'r', 'l', 'd', '.', 'm', 'e', '\0',
+  /* "ctyi.me", true */ 'c', 't', 'y', 'i', '.', 'm', 'e', '\0',
+  /* "cub-bouncingcastles.co.uk", true */ 'c', 'u', 'b', '-', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cube-cloud.com", true */ 'c', 'u', 'b', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "cube.de", true */ 'c', 'u', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "cubecraft.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "cubecraftstore.com", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cubecraftstore.net", true */ 'c', 'u', 'b', 'e', 'c', 'r', 'a', 'f', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "cubekrowd.net", true */ 'c', 'u', 'b', 'e', 'k', 'r', 'o', 'w', 'd', '.', 'n', 'e', 't', '\0',
+  /* "cubela.tech", true */ 'c', 'u', 'b', 'e', 'l', 'a', '.', 't', 'e', 'c', 'h', '\0',
+  /* "cubia.de", true */ 'c', 'u', 'b', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "cubia3.com", true */ 'c', 'u', 'b', 'i', 'a', '3', '.', 'c', 'o', 'm', '\0',
+  /* "cubia4.com", true */ 'c', 'u', 'b', 'i', 'a', '4', '.', 'c', 'o', 'm', '\0',
+  /* "cubile.xyz", true */ 'c', 'u', 'b', 'i', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "cublick.com", true */ 'c', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cubos.io", false */ 'c', 'u', 'b', 'o', 's', '.', 'i', 'o', '\0',
+  /* "cubostecnologia.com", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cubostecnologia.com.br", false */ 'c', 'u', 'b', 'o', 's', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cubua.com", true */ 'c', 'u', 'b', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuckoopalace.cn", true */ 'c', 'u', 'c', 'k', 'o', 'o', 'p', 'a', 'l', 'a', 'c', 'e', '.', 'c', 'n', '\0',
+  /* "cuddlecomfort.com", true */ 'c', 'u', 'd', 'd', 'l', 'e', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cuddlingyaks.com", true */ 'c', 'u', 'd', 'd', 'l', 'i', 'n', 'g', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cuecasonline.com.br", true */ 'c', 'u', 'e', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cuentasmutualamr.org.ar", true */ 'c', 'u', 'e', 'n', 't', 'a', 's', 'm', 'u', 't', 'u', 'a', 'l', 'a', 'm', 'r', '.', 'o', 'r', 'g', '.', 'a', 'r', '\0',
+  /* "cuetoems.com", true */ 'c', 'u', 'e', 't', 'o', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cuibonobo.com", true */ 'c', 'u', 'i', 'b', 'o', 'n', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "cuisinezest.com", true */ 'c', 'u', 'i', 's', 'i', 'n', 'e', 'z', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cultiv.nl", true */ 'c', 'u', 'l', 't', 'i', 'v', '.', 'n', 'l', '\0',
+  /* "cultivo.bio", true */ 'c', 'u', 'l', 't', 'i', 'v', 'o', '.', 'b', 'i', 'o', '\0',
+  /* "cultofd50.org", true */ 'c', 'u', 'l', 't', 'o', 'f', 'd', '5', '0', '.', 'o', 'r', 'g', '\0',
+  /* "cultofperf.org.uk", true */ 'c', 'u', 'l', 't', 'o', 'f', 'p', 'e', 'r', 'f', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "culture-school.top", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 't', 'o', 'p', '\0',
+  /* "culturedcode.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'd', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cultureroll.com", true */ 'c', 'u', 'l', 't', 'u', 'r', 'e', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cumparama.com", true */ 'c', 'u', 'm', 'p', 'a', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuni-cuni-club.com", true */ 'c', 'u', 'n', 'i', '-', 'c', 'u', 'n', 'i', '-', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cuni-rec.com", true */ 'c', 'u', 'n', 'i', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cuoc.org.uk", true */ 'c', 'u', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "cuongthach.com", true */ 'c', 'u', 'o', 'n', 'g', 't', 'h', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cup.al", true */ 'c', 'u', 'p', '.', 'a', 'l', '\0',
+  /* "cupcake.io", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "cupcake.is", true */ 'c', 'u', 'p', 'c', 'a', 'k', 'e', '.', 'i', 's', '\0',
+  /* "cupi.co", true */ 'c', 'u', 'p', 'i', '.', 'c', 'o', '\0',
+  /* "cupom.net", true */ 'c', 'u', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "cuppycakes.fi", true */ 'c', 'u', 'p', 'p', 'y', 'c', 'a', 'k', 'e', 's', '.', 'f', 'i', '\0',
+  /* "curacao-firma.com", true */ 'c', 'u', 'r', 'a', 'c', 'a', 'o', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "curamail.co.uk", true */ 'c', 'u', 'r', 'a', 'm', 'a', 'i', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "curieux.digital", true */ 'c', 'u', 'r', 'i', 'e', 'u', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "curio-shiki.com", true */ 'c', 'u', 'r', 'i', 'o', '-', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "curiosity-driven.org", true */ 'c', 'u', 'r', 'i', 'o', 's', 'i', 't', 'y', '-', 'd', 'r', 'i', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "curiouscat.me", true */ 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'm', 'e', '\0',
+  /* "curlybracket.co.uk", true */ 'c', 'u', 'r', 'l', 'y', 'b', 'r', 'a', 'c', 'k', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "currency-strength.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 'c', 'y', '-', 's', 't', 'r', 'e', 'n', 'g', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "current.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "currentlystreaming.com", true */ 'c', 'u', 'r', 'r', 'e', 'n', 't', 'l', 'y', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "currynissanmaparts.com", true */ 'c', 'u', 'r', 'r', 'y', 'n', 'i', 's', 's', 'a', 'n', 'm', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cursos.com", true */ 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cursuri-de-actorie.ro", true */ 'c', 'u', 'r', 's', 'u', 'r', 'i', '-', 'd', 'e', '-', 'a', 'c', 't', 'o', 'r', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "curtacircuitos.com.br", false */ 'c', 'u', 'r', 't', 'a', 'c', 'i', 'r', 'c', 'u', 'i', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "curtis-smith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "curtis-smith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', '-', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0',
+  /* "curtissmith.me.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "curtissmith.uk", true */ 'c', 'u', 'r', 't', 'i', 's', 's', 'm', 'i', 't', 'h', '.', 'u', 'k', '\0',
+  /* "curveprotect.com", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "curveprotect.cz", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'c', 'z', '\0',
+  /* "curveprotect.net", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "curveprotect.org", true */ 'c', 'u', 'r', 'v', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "curvesandwords.com", true */ 'c', 'u', 'r', 'v', 'e', 's', 'a', 'n', 'd', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "curvissa.co.uk", true */ 'c', 'u', 'r', 'v', 'i', 's', 's', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "custodyxchange.com", true */ 'c', 'u', 's', 't', 'o', 'd', 'y', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "customd.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "customerbox.ir", true */ 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 'b', 'o', 'x', '.', 'i', 'r', '\0',
+  /* "customfitmarketing.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'f', 'i', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "customgear.com.au", true */ 'c', 'u', 's', 't', 'o', 'm', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "customizeyourshower.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "customizeyoursink.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'y', 'o', 'u', 'r', 's', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "customromlist.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'r', 'o', 'm', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "customshort.link", true */ 'c', 'u', 's', 't', 'o', 'm', 's', 'h', 'o', 'r', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "customwritings.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "customwritingservice.com", true */ 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cutelariafiveladeouro.com.br", true */ 'c', 'u', 't', 'e', 'l', 'a', 'r', 'i', 'a', 'f', 'i', 'v', 'e', 'l', 'a', 'd', 'e', 'o', 'u', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "cutephil.com", true */ 'c', 'u', 't', 'e', 'p', 'h', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "cutimbo.ovh", true */ 'c', 'u', 't', 'i', 'm', 'b', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "cutner.co", true */ 'c', 'u', 't', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "cuvva.co", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '\0',
+  /* "cuvva.co.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cuvva.com", true */ 'c', 'u', 'v', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cuvva.eu", true */ 'c', 'u', 'v', 'v', 'a', '.', 'e', 'u', '\0',
+  /* "cuvva.io", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 'o', '\0',
+  /* "cuvva.it", true */ 'c', 'u', 'v', 'v', 'a', '.', 'i', 't', '\0',
+  /* "cuvva.me", true */ 'c', 'u', 'v', 'v', 'a', '.', 'm', 'e', '\0',
+  /* "cuvva.net", true */ 'c', 'u', 'v', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "cuvva.org", true */ 'c', 'u', 'v', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cuvva.uk", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 'k', '\0',
+  /* "cuvva.us", true */ 'c', 'u', 'v', 'v', 'a', '.', 'u', 's', '\0',
+  /* "cuxpool.club", true */ 'c', 'u', 'x', 'p', 'o', 'o', 'l', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "cve-le-carrousel.ch", true */ 'c', 'v', 'e', '-', 'l', 'e', '-', 'c', 'a', 'r', 'r', 'o', 'u', 's', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "cviip.ca", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'a', '\0',
+  /* "cviip.com", true */ 'c', 'v', 'i', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cvjd.me", true */ 'c', 'v', 'j', 'd', '.', 'm', 'e', '\0',
+  /* "cvl.ch", true */ 'c', 'v', 'l', '.', 'c', 'h', '\0',
+  /* "cvlibrary.co.uk", true */ 'c', 'v', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "cvmu.jp", true */ 'c', 'v', 'm', 'u', '.', 'j', 'p', '\0',
+  /* "cvninja.pl", true */ 'c', 'v', 'n', 'i', 'n', 'j', 'a', '.', 'p', 'l', '\0',
+  /* "cvr.dk", true */ 'c', 'v', 'r', '.', 'd', 'k', '\0',
+  /* "cvsoftub.com", true */ 'c', 'v', 's', 'o', 'f', 't', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "cvursache.com", true */ 'c', 'v', 'u', 'r', 's', 'a', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cvv.cn", true */ 'c', 'v', 'v', '.', 'c', 'n', '\0',
+  /* "cw.center", true */ 'c', 'w', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "cwagner.me", true */ 'c', 'w', 'a', 'g', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "cwmart.in", true */ 'c', 'w', 'm', 'a', 'r', 't', '.', 'i', 'n', '\0',
+  /* "cwningen.cymru", false */ 'c', 'w', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'c', 'y', 'm', 'r', 'u', '\0',
+  /* "cwrcoding.com", true */ 'c', 'w', 'r', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "cy.technology", true */ 'c', 'y', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "cybbh.space", true */ 'c', 'y', 'b', 'b', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "cyber-konzept.de", true */ 'c', 'y', 'b', 'e', 'r', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '.', 'd', 'e', '\0',
+  /* "cyber-perikarp.eu", true */ 'c', 'y', 'b', 'e', 'r', '-', 'p', 'e', 'r', 'i', 'k', 'a', 'r', 'p', '.', 'e', 'u', '\0',
+  /* "cyber.cafe", true */ 'c', 'y', 'b', 'e', 'r', '.', 'c', 'a', 'f', 'e', '\0',
+  /* "cybercloud.cc", true */ 'c', 'y', 'b', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'c', '\0',
+  /* "cyberdos.de", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'o', 's', '.', 'd', 'e', '\0',
+  /* "cyberduck.io", true */ 'c', 'y', 'b', 'e', 'r', 'd', 'u', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "cybergrx.com", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "cyberguerrilla.info", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "cyberguerrilla.org", true */ 'c', 'y', 'b', 'e', 'r', 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "cyberianhusky.com", true */ 'c', 'y', 'b', 'e', 'r', 'i', 'a', 'n', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyberkov.com", true */ 'c', 'y', 'b', 'e', 'r', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "cyberlightapp.com", true */ 'c', 'y', 'b', 'e', 'r', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "cyberoptic.de", true */ 'c', 'y', 'b', 'e', 'r', 'o', 'p', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "cyberphaze.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyberprey.com", true */ 'c', 'y', 'b', 'e', 'r', 'p', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cybersecurity.nz", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'z', '\0',
+  /* "cybersecuritychallenge.be", true */ 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'b', 'e', '\0',
+  /* "cybersins.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cybersmartdefence.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'm', 'a', 'r', 't', 'd', 'e', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyberspace.community", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "cyberspace.today", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'a', 'c', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "cyberspect.com", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "cyberspect.io", true */ 'c', 'y', 'b', 'e', 'r', 's', 'p', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "cybertorsk.org", true */ 'c', 'y', 'b', 'e', 'r', 't', 'o', 'r', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "cybertu.be", true */ 'c', 'y', 'b', 'e', 'r', 't', 'u', '.', 'b', 'e', '\0',
+  /* "cyberwars.dk", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'a', 'r', 's', '.', 'd', 'k', '\0',
+  /* "cyberwire.nl", true */ 'c', 'y', 'b', 'e', 'r', 'w', 'i', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "cyberxpert.nl", true */ 'c', 'y', 'b', 'e', 'r', 'x', 'p', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "cybozu.cn", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'n', '\0',
+  /* "cybozu.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "cybozulive-dev.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "cybozulive.com", true */ 'c', 'y', 'b', 'o', 'z', 'u', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cyclebeads.com", true */ 'c', 'y', 'c', 'l', 'e', 'b', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cyclehackluxembourgcity.lu", true */ 'c', 'y', 'c', 'l', 'e', 'h', 'a', 'c', 'k', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', 'c', 'i', 't', 'y', '.', 'l', 'u', '\0',
+  /* "cyclisjumper.gallery", true */ 'c', 'y', 'c', 'l', 'i', 's', 'j', 'u', 'm', 'p', 'e', 'r', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "cyclop-editorial.fr", true */ 'c', 'y', 'c', 'l', 'o', 'p', '-', 'e', 'd', 'i', 't', 'o', 'r', 'i', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "cydetec.com", true */ 'c', 'y', 'd', 'e', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "cyfly.org", true */ 'c', 'y', 'f', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "cygnatus.com", true */ 'c', 'y', 'g', 'n', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cygnius.net", true */ 'c', 'y', 'g', 'n', 'i', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "cyhour.com", true */ 'c', 'y', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "cylindricity.com", true */ 'c', 'y', 'l', 'i', 'n', 'd', 'r', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyon.ch", true */ 'c', 'y', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "cype.dedyn.io", true */ 'c', 'y', 'p', 'e', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "cyph.audio", true */ 'c', 'y', 'p', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "cyph.com", true */ 'c', 'y', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "cyph.healthcare", true */ 'c', 'y', 'p', 'h', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '\0',
+  /* "cyph.im", true */ 'c', 'y', 'p', 'h', '.', 'i', 'm', '\0',
+  /* "cyph.io", true */ 'c', 'y', 'p', 'h', '.', 'i', 'o', '\0',
+  /* "cyph.me", true */ 'c', 'y', 'p', 'h', '.', 'm', 'e', '\0',
+  /* "cyph.video", true */ 'c', 'y', 'p', 'h', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "cyph.ws", true */ 'c', 'y', 'p', 'h', '.', 'w', 's', '\0',
+  /* "cypherpunk.at", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'a', 't', '\0',
+  /* "cypherpunk.com", true */ 'c', 'y', 'p', 'h', 'e', 'r', 'p', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "cypressinheritancesaga.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'i', 'n', 'h', 'e', 'r', 'i', 't', 'a', 'n', 'c', 'e', 's', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "cypresslegacy.com", true */ 'c', 'y', 'p', 'r', 'e', 's', 's', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "cyprus-company-service.com", true */ 'c', 'y', 'p', 'r', 'u', 's', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "cysec.biz", true */ 'c', 'y', 's', 'e', 'c', '.', 'b', 'i', 'z', '\0',
+  /* "cysmo.de", true */ 'c', 'y', 's', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "cytech.com.tr", true */ 'c', 'y', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "cytegic-update-packages.com", true */ 'c', 'y', 't', 'e', 'g', 'i', 'c', '-', 'u', 'p', 'd', 'a', 't', 'e', '-', 'p', 'a', 'c', 'k', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "cyumus.com", true */ 'c', 'y', 'u', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "czakey.net", true */ 'c', 'z', 'a', 'k', 'e', 'y', '.', 'n', 'e', 't', '\0',
+  /* "czaw.org", true */ 'c', 'z', 'a', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "czbix.com", true */ 'c', 'z', 'b', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "czc.cz", true */ 'c', 'z', 'c', '.', 'c', 'z', '\0',
+  /* "czechamlp.com", true */ 'c', 'z', 'e', 'c', 'h', 'a', 'm', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "czechvirus.cz", true */ 'c', 'z', 'e', 'c', 'h', 'v', 'i', 'r', 'u', 's', '.', 'c', 'z', '\0',
+  /* "czerno.com", true */ 'c', 'z', 'e', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "czirnich.org", true */ 'c', 'z', 'i', 'r', 'n', 'i', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "czk.mk", true */ 'c', 'z', 'k', '.', 'm', 'k', '\0',
+  /* "d-20.fr", true */ 'd', '-', '2', '0', '.', 'f', 'r', '\0',
+  /* "d-academia.com", true */ 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "d-designerin.de", true */ 'd', '-', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "d-loop.de", true */ 'd', '-', 'l', 'o', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "d-parts24.de", true */ 'd', '-', 'p', 'a', 'r', 't', 's', '2', '4', '.', 'd', 'e', '\0',
+  /* "d-quantum.com", true */ 'd', '-', 'q', 'u', 'a', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "d-toys.com.ua", true */ 'd', '-', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "d-training.de", true */ 'd', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "d.nf", true */ 'd', '.', 'n', 'f', '\0',
+  /* "d.nr", true */ 'd', '.', 'n', 'r', '\0',
+  /* "d00d.de", true */ 'd', '0', '0', 'd', '.', 'd', 'e', '\0',
+  /* "d0g.cc", true */ 'd', '0', 'g', '.', 'c', 'c', '\0',
+  /* "d0xq.net", true */ 'd', '0', 'x', 'q', '.', 'n', 'e', 't', '\0',
+  /* "d2s.uk", true */ 'd', '2', 's', '.', 'u', 'k', '\0',
+  /* "d3njjcbhbojbot.cloudfront.net", true */ 'd', '3', 'n', 'j', 'j', 'c', 'b', 'h', 'b', 'o', 'j', 'b', 'o', 't', '.', 'c', 'l', 'o', 'u', 'd', 'f', 'r', 'o', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "d3x.pw", true */ 'd', '3', 'x', '.', 'p', 'w', '\0',
+  /* "d3xt3r01.tk", true */ 'd', '3', 'x', 't', '3', 'r', '0', '1', '.', 't', 'k', '\0',
+  /* "d42.no", true */ 'd', '4', '2', '.', 'n', 'o', '\0',
+  /* "d4wson.com", true */ 'd', '4', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "d4x.de", true */ 'd', '4', 'x', '.', 'd', 'e', '\0',
+  /* "d66.nl", true */ 'd', '6', '6', '.', 'n', 'l', '\0',
+  /* "d8.io", true */ 'd', '8', '.', 'i', 'o', '\0',
+  /* "da-ist-kunst.de", true */ 'd', 'a', '-', 'i', 's', 't', '-', 'k', 'u', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "da8.cc", true */ 'd', 'a', '8', '.', 'c', 'c', '\0',
+  /* "daallexx.eu", true */ 'd', 'a', 'a', 'l', 'l', 'e', 'x', 'x', '.', 'e', 'u', '\0',
+  /* "dachb0den.net", true */ 'd', 'a', 'c', 'h', 'b', '0', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dachdecker-ranzenberger.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', '-', 'r', 'a', 'n', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dachdeckermeister-egon-weiss.de", true */ 'd', 'a', 'c', 'h', 'd', 'e', 'c', 'k', 'e', 'r', 'm', 'e', 'i', 's', 't', 'e', 'r', '-', 'e', 'g', 'o', 'n', '-', 'w', 'e', 'i', 's', 's', '.', 'd', 'e', '\0',
+  /* "daciaforum.nl", true */ 'd', 'a', 'c', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "daciamodellen.nl", true */ 'd', 'a', 'c', 'i', 'a', 'm', 'o', 'd', 'e', 'l', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "dado.fr", true */ 'd', 'a', 'd', 'o', '.', 'f', 'r', '\0',
+  /* "dado.me", true */ 'd', 'a', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "dado.virtual.museum", true */ 'd', 'a', 'd', 'o', '.', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'm', 'u', 's', 'e', 'u', 'm', '\0',
+  /* "dadons-laserdiscs.com", true */ 'd', 'a', 'd', 'o', 'n', 's', '-', 'l', 'a', 's', 'e', 'r', 'd', 'i', 's', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dadosch.de", true */ 'd', 'a', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "dadrian.io", true */ 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "daduke.org", true */ 'd', 'a', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "daemen.org", true */ 'd', 'a', 'e', 'm', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "daemon.xin", true */ 'd', 'a', 'e', 'm', 'o', 'n', '.', 'x', 'i', 'n', '\0',
+  /* "daemwool.ch", true */ 'd', 'a', 'e', 'm', 'w', 'o', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "daevel.fr", true */ 'd', 'a', 'e', 'v', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "dag-hebergement.fr", true */ 'd', 'a', 'g', '-', 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "dag-konsult.com", true */ 'd', 'a', 'g', '-', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dahlberg.cologne", true */ 'd', 'a', 'h', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'l', 'o', 'g', 'n', 'e', '\0',
+  /* "dai.top", true */ 'd', 'a', 'i', '.', 't', 'o', 'p', '\0',
+  /* "dailyblogged.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dailybunda.com", true */ 'd', 'a', 'i', 'l', 'y', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dailyenglishchallenge.com", true */ 'd', 'a', 'i', 'l', 'y', 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dailyhealthguard.com", true */ 'd', 'a', 'i', 'l', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'g', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dailykos.com", true */ 'd', 'a', 'i', 'l', 'y', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dailytopix.com", true */ 'd', 'a', 'i', 'l', 'y', 't', 'o', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "daintymeal.com", true */ 'd', 'a', 'i', 'n', 't', 'y', 'm', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dairyshrine.org", true */ 'd', 'a', 'i', 'r', 'y', 's', 'h', 'r', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "daisidaniels.co.uk", true */ 'd', 'a', 'i', 's', 'i', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "daisy-peanut.com", true */ 'd', 'a', 'i', 's', 'y', '-', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "daisypeanut.com", true */ 'd', 'a', 'i', 's', 'y', 'p', 'e', 'a', 'n', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "daiwai.de", false */ 'd', 'a', 'i', 'w', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "daiweihu.com", true */ 'd', 'a', 'i', 'w', 'e', 'i', 'h', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "daiyuu.jp", true */ 'd', 'a', 'i', 'y', 'u', 'u', '.', 'j', 'p', '\0',
+  /* "daknob.net", true */ 'd', 'a', 'k', 'n', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dakotasilencer.com", true */ 'd', 'a', 'k', 'o', 't', 'a', 's', 'i', 'l', 'e', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "daktarisys.com", true */ 'd', 'a', 'k', 't', 'a', 'r', 'i', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "daladubbeln.se", true */ 'd', 'a', 'l', 'a', 'd', 'u', 'b', 'b', 'e', 'l', 'n', '.', 's', 'e', '\0',
+  /* "dalaran.city", true */ 'd', 'a', 'l', 'a', 'r', 'a', 'n', '.', 'c', 'i', 't', 'y', '\0',
+  /* "dalb.in", true */ 'd', 'a', 'l', 'b', '.', 'i', 'n', '\0',
+  /* "dale-electric.com", true */ 'd', 'a', 'l', 'e', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dalek.co.nz", true */ 'd', 'a', 'l', 'e', 'k', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "dalfiume.it", false */ 'd', 'a', 'l', 'f', 'i', 'u', 'm', 'e', '.', 'i', 't', '\0',
+  /* "dalfsennet.nl", true */ 'd', 'a', 'l', 'f', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "dalingk.com", true */ 'd', 'a', 'l', 'i', 'n', 'g', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dallaslu.com", true */ 'd', 'a', 'l', 'l', 'a', 's', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dallinbryce.com", true */ 'd', 'a', 'l', 'l', 'i', 'n', 'b', 'r', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dallmeier.net", true */ 'd', 'a', 'l', 'l', 'm', 'e', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dalmatiersheusden.be", true */ 'd', 'a', 'l', 'm', 'a', 't', 'i', 'e', 'r', 's', 'h', 'e', 'u', 's', 'd', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "damaged.org", true */ 'd', 'a', 'm', 'a', 'g', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "damasexpress.com", true */ 'd', 'a', 'm', 'a', 's', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "damedrogy.cz", true */ 'd', 'a', 'm', 'e', 'd', 'r', 'o', 'g', 'y', '.', 'c', 'z', '\0',
+  /* "damicris.ro", true */ 'd', 'a', 'm', 'i', 'c', 'r', 'i', 's', '.', 'r', 'o', '\0',
+  /* "damienoreilly.org", true */ 'd', 'a', 'm', 'i', 'e', 'n', 'o', 'r', 'e', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "damip.net", true */ 'd', 'a', 'm', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "dammekens.be", true */ 'd', 'a', 'm', 'm', 'e', 'k', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "damngoodpepper.com", true */ 'd', 'a', 'm', 'n', 'g', 'o', 'o', 'd', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dan-informacijske-varnosti.si", true */ 'd', 'a', 'n', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 'c', 'i', 'j', 's', 'k', 'e', '-', 'v', 'a', 'r', 'n', 'o', 's', 't', 'i', '.', 's', 'i', '\0',
+  /* "dan.me.uk", true */ 'd', 'a', 'n', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "dan.org.nz", true */ 'd', 'a', 'n', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "danaketh.com", true */ 'd', 'a', 'n', 'a', 'k', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danamica.dk", true */ 'd', 'a', 'n', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'k', '\0',
+  /* "danandrum.com", true */ 'd', 'a', 'n', 'a', 'n', 'd', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "danarozmarin.com", true */ 'd', 'a', 'n', 'a', 'r', 'o', 'z', 'm', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "danchen.org", true */ 'd', 'a', 'n', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dancingcubs.co.uk", true */ 'd', 'a', 'n', 'c', 'i', 'n', 'g', 'c', 'u', 'b', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dandenongroadapartments.com.au", true */ 'd', 'a', 'n', 'd', 'e', 'n', 'o', 'n', 'g', 'r', 'o', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dandymrsb.com", true */ 'd', 'a', 'n', 'd', 'y', 'm', 'r', 's', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "daneandthepain.com", true */ 'd', 'a', 'n', 'e', 'a', 'n', 'd', 't', 'h', 'e', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dango.in", true */ 'd', 'a', 'n', 'g', 'o', '.', 'i', 'n', '\0',
+  /* "daniel-baumann.ch", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'b', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0',
+  /* "daniel-du.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "daniel-kulbe.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'k', 'u', 'l', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "daniel-ruf.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 'r', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "daniel-seifert.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', '-', 's', 'e', 'i', 'f', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "danielalvarez.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 'l', 'v', 'a', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "danielas.boutique", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'a', 's', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "danielehniss.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'h', 'n', 'i', 's', 's', '.', 'd', 'e', '\0',
+  /* "danielepestilli.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'e', 'p', 'e', 's', 't', 'i', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "danielhochleitner.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'h', 'o', 'c', 'h', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "danieljamesscott.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'a', 'm', 'e', 's', 's', 'c', 'o', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "danieljireh.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'j', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danielkoster.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'o', 's', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "danielkratz.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'k', 'r', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "danielmarquard.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'a', 'r', 'q', 'u', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "danielmoch.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danielmostertman.com", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "danielmostertman.nl", false */ 'd', 'a', 'n', 'i', 'e', 'l', 'm', 'o', 's', 't', 'e', 'r', 't', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "danielrozenberg.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'r', 'o', 'z', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "danielsblog.org", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "danielschreurs.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 'c', 'h', 'r', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "danielstach.cz", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'a', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "danielsteiner.net", true */ 'd', 'a', 'n', 'i', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "danieltollot.de", true */ 'd', 'a', 'n', 'i', 'e', 'l', 't', 'o', 'l', 'l', 'o', 't', '.', 'd', 'e', '\0',
+  /* "danielverlaan.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "danielvoogsgerd.nl", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'v', 'o', 'o', 'g', 's', 'g', 'e', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "danielzuzevich.com", true */ 'd', 'a', 'n', 'i', 'e', 'l', 'z', 'u', 'z', 'e', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danilapisarev.com", true */ 'd', 'a', 'n', 'i', 'l', 'a', 'p', 'i', 's', 'a', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "danjesensky.com", true */ 'd', 'a', 'n', 'j', 'e', 's', 'e', 'n', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dank.ninja", true */ 'd', 'a', 'n', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "dankim.de", false */ 'd', 'a', 'n', 'k', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "dankredues.com", true */ 'd', 'a', 'n', 'k', 'r', 'e', 'd', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "danla.nl", true */ 'd', 'a', 'n', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "danmaby.com", true */ 'd', 'a', 'n', 'm', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danmarksbedstefredagsbar.dk", true */ 'd', 'a', 'n', 'm', 'a', 'r', 'k', 's', 'b', 'e', 'd', 's', 't', 'e', 'f', 'r', 'e', 'd', 'a', 'g', 's', 'b', 'a', 'r', '.', 'd', 'k', '\0',
+  /* "danminkevitch.com", true */ 'd', 'a', 'n', 'm', 'i', 'n', 'k', 'e', 'v', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "danna-salary.com", true */ 'd', 'a', 'n', 'n', 'a', '-', 's', 'a', 'l', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danny.fm", true */ 'd', 'a', 'n', 'n', 'y', '.', 'f', 'm', '\0',
+  /* "dannyrohde.de", true */ 'd', 'a', 'n', 'n', 'y', 'r', 'o', 'h', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "dannystevens.co.uk", true */ 'd', 'a', 'n', 'n', 'y', 's', 't', 'e', 'v', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "danonsecurity.com", true */ 'd', 'a', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "danotage.tv", true */ 'd', 'a', 'n', 'o', 't', 'a', 'g', 'e', '.', 't', 'v', '\0',
+  /* "danova.de", true */ 'd', 'a', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "danoz.net", true */ 'd', 'a', 'n', 'o', 'z', '.', 'n', 'e', 't', '\0',
+  /* "danscomp.com", true */ 'd', 'a', 'n', 's', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "danselibre.net", true */ 'd', 'a', 'n', 's', 'e', 'l', 'i', 'b', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "danseressen.nl", true */ 'd', 'a', 'n', 's', 'e', 'r', 'e', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "dansk-skole.de", true */ 'd', 'a', 'n', 's', 'k', '-', 's', 'k', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "danskoferie.dk", true */ 'd', 'a', 'n', 's', 'k', 'o', 'f', 'e', 'r', 'i', 'e', '.', 'd', 'k', '\0',
+  /* "danskringsporta.be", true */ 'd', 'a', 'n', 's', 'k', 'r', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', '.', 'b', 'e', '\0',
+  /* "dantransports.fr", true */ 'd', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 's', '.', 'f', 'r', '\0',
+  /* "danw.io", true */ 'd', 'a', 'n', 'w', '.', 'i', 'o', '\0',
+  /* "danwin1210.me", true */ 'd', 'a', 'n', 'w', 'i', 'n', '1', '2', '1', '0', '.', 'm', 'e', '\0',
+  /* "danyabanya.com", true */ 'd', 'a', 'n', 'y', 'a', 'b', 'a', 'n', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dao.spb.su", true */ 'd', 'a', 'o', '.', 's', 'p', 'b', '.', 's', 'u', '\0',
+  /* "daoro.net", true */ 'd', 'a', 'o', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "daphne.informatik.uni-freiburg.de", true */ 'd', 'a', 'p', 'h', 'n', 'e', '.', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'u', 'n', 'i', '-', 'f', 'r', 'e', 'i', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "dapim.co.il", true */ 'd', 'a', 'p', 'i', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "daplie.com", true */ 'd', 'a', 'p', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daracokorilo.com", true */ 'd', 'a', 'r', 'a', 'c', 'o', 'k', 'o', 'r', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "daravk.ch", true */ 'd', 'a', 'r', 'a', 'v', 'k', '.', 'c', 'h', '\0',
+  /* "darbi.org", true */ 'd', 'a', 'r', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "darbtech.net", true */ 'd', 'a', 'r', 'b', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "darc-mak.de", true */ 'd', 'a', 'r', 'c', '-', 'm', 'a', 'k', '.', 'd', 'e', '\0',
+  /* "darchoods.net", false */ 'd', 'a', 'r', 'c', 'h', 'o', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "darcymarshall.com", true */ 'd', 'a', 'r', 'c', 'y', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "daren.com.br", true */ 'd', 'a', 'r', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dareyou.be", true */ 'd', 'a', 'r', 'e', 'y', 'o', 'u', '.', 'b', 'e', '\0',
+  /* "darinkotter.com", true */ 'd', 'a', 'r', 'i', 'n', 'k', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "darioackermann.ch", true */ 'd', 'a', 'r', 'i', 'o', 'a', 'c', 'k', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'h', '\0',
+  /* "darioturchetti.me", true */ 'd', 'a', 'r', 'i', 'o', 't', 'u', 'r', 'c', 'h', 'e', 't', 't', 'i', '.', 'm', 'e', '\0',
+  /* "darisni.me", true */ 'd', 'a', 'r', 'i', 's', 'n', 'i', '.', 'm', 'e', '\0',
+  /* "dark-infection.de", true */ 'd', 'a', 'r', 'k', '-', 'i', 'n', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "dark-vision.cz", true */ 'd', 'a', 'r', 'k', '-', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "darkcores.net", true */ 'd', 'a', 'r', 'k', 'c', 'o', 'r', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "darkdestiny.ch", true */ 'd', 'a', 'r', 'k', 'd', 'e', 's', 't', 'i', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "darkengine.io", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "darkengine.net", true */ 'd', 'a', 'r', 'k', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "darkeststar.org", true */ 'd', 'a', 'r', 'k', 'e', 's', 't', 's', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "darkfire.ch", true */ 'd', 'a', 'r', 'k', 'f', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "darkishgreen.com", true */ 'd', 'a', 'r', 'k', 'i', 's', 'h', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "darknode.in", true */ 'd', 'a', 'r', 'k', 'n', 'o', 'd', 'e', '.', 'i', 'n', '\0',
+  /* "darkserver.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "darkserver.stg.fedoraproject.org", true */ 'd', 'a', 'r', 'k', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "darkshop.nl", true */ 'd', 'a', 'r', 'k', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "darkside.re", true */ 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'e', '\0',
+  /* "darkspacelab.com", true */ 'd', 'a', 'r', 'k', 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "darktime.ru", true */ 'd', 'a', 'r', 'k', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "darkwater.info", true */ 'd', 'a', 'r', 'k', 'w', 'a', 't', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "darkx.me", true */ 'd', 'a', 'r', 'k', 'x', '.', 'm', 'e', '\0',
+  /* "darlastudio66.com", true */ 'd', 'a', 'r', 'l', 'a', 's', 't', 'u', 'd', 'i', 'o', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "darom.jp", true */ 'd', 'a', 'r', 'o', 'm', '.', 'j', 'p', '\0',
+  /* "darookee.net", true */ 'd', 'a', 'r', 'o', 'o', 'k', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "daropia.org", true */ 'd', 'a', 'r', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "darrenm.net", true */ 'd', 'a', 'r', 'r', 'e', 'n', 'm', '.', 'n', 'e', 't', '\0',
+  /* "darrienworth.com", true */ 'd', 'a', 'r', 'r', 'i', 'e', 'n', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "darshnam.com", true */ 'd', 'a', 'r', 's', 'h', 'n', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dart-tanke.com", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dart-tanke.de", true */ 'd', 'a', 'r', 't', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "darth-sonic.de", true */ 'd', 'a', 'r', 't', 'h', '-', 's', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "dartsdon.jp", true */ 'd', 'a', 'r', 't', 's', 'd', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "darwinkel.net", false */ 'd', 'a', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "daryl.moe", true */ 'd', 'a', 'r', 'y', 'l', '.', 'm', 'o', 'e', '\0',
+  /* "darylcumbo.net", true */ 'd', 'a', 'r', 'y', 'l', 'c', 'u', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "das-mediale-haus.de", true */ 'd', 'a', 's', '-', 'm', 'e', 'd', 'i', 'a', 'l', 'e', '-', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "das-sommercamp.de", true */ 'd', 'a', 's', '-', 's', 'o', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', '.', 'd', 'e', '\0',
+  /* "das-tyrol.at", true */ 'd', 'a', 's', '-', 't', 'y', 'r', 'o', 'l', '.', 'a', 't', '\0',
+  /* "dasgeestig.nl", true */ 'd', 'a', 's', 'g', 'e', 'e', 's', 't', 'i', 'g', '.', 'n', 'l', '\0',
+  /* "dashboard.run", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'r', 'u', 'n', '\0',
+  /* "dashboard.yt", true */ 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'y', 't', '\0',
+  /* "dashlane.com", true */ 'd', 'a', 's', 'h', 'l', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dashnearby.com", true */ 'd', 'a', 's', 'h', 'n', 'e', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dasinternetluegt.at", true */ 'd', 'a', 's', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'u', 'e', 'g', 't', '.', 'a', 't', '\0',
+  /* "data-detox.de", true */ 'd', 'a', 't', 'a', '-', 'd', 'e', 't', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "data.gov", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "data.govt.nz", true */ 'd', 'a', 't', 'a', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "data.world", true */ 'd', 'a', 't', 'a', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "databeam.de", true */ 'd', 'a', 't', 'a', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "databionix.com", true */ 'd', 'a', 't', 'a', 'b', 'i', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "databutlr.com", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "databutlr.net", true */ 'd', 'a', 't', 'a', 'b', 'u', 't', 'l', 'r', '.', 'n', 'e', 't', '\0',
+  /* "datacalle.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datacandy.com", true */ 'd', 'a', 't', 'a', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "datacenternews.asia", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'a', 's', 'i', 'a', '\0',
+  /* "datacenternews.co.nz", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "datacentrenews.eu", true */ 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'r', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "datacubed.com", true */ 'd', 'a', 't', 'a', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "datadit.hu", true */ 'd', 'a', 't', 'a', 'd', 'i', 't', '.', 'h', 'u', '\0',
+  /* "datadyne.technology", true */ 'd', 'a', 't', 'a', 'd', 'y', 'n', 'e', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "dataformers.at", true */ 'd', 'a', 't', 'a', 'f', 'o', 'r', 'm', 'e', 'r', 's', '.', 'a', 't', '\0',
+  /* "datahove.no", false */ 'd', 'a', 't', 'a', 'h', 'o', 'v', 'e', '.', 'n', 'o', '\0',
+  /* "dataisme.com", true */ 'd', 'a', 't', 'a', 'i', 's', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datajapan.co.jp", true */ 'd', 'a', 't', 'a', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "datakick.org", true */ 'd', 'a', 't', 'a', 'k', 'i', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "datalysis.ch", true */ 'd', 'a', 't', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'h', '\0',
+  /* "datamatic.ru", true */ 'd', 'a', 't', 'a', 'm', 'a', 't', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "dataprotectionadvisors.com", true */ 'd', 'a', 't', 'a', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "datapun.ch", true */ 'd', 'a', 't', 'a', 'p', 'u', 'n', '.', 'c', 'h', '\0',
+  /* "datascience.ch", true */ 'd', 'a', 't', 'a', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "datascomemorativas.com.br", true */ 'd', 'a', 't', 'a', 's', 'c', 'o', 'm', 'e', 'm', 'o', 'r', 'a', 't', 'i', 'v', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "datasharesystem.com", true */ 'd', 'a', 't', 'a', 's', 'h', 'a', 'r', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dataskydd.net", true */ 'd', 'a', 't', 'a', 's', 'k', 'y', 'd', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dataspace.pl", true */ 'd', 'a', 't', 'a', 's', 'p', 'a', 'c', 'e', '.', 'p', 'l', '\0',
+  /* "datastream.re", false */ 'd', 'a', 't', 'a', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'e', '\0',
+  /* "dataswamp.org", true */ 'd', 'a', 't', 'a', 's', 'w', 'a', 'm', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "datatekniikka.fi", false */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'i', 'i', 'k', 'k', 'a', '.', 'f', 'i', '\0',
+  /* "datateknologsektionen.se", true */ 'd', 'a', 't', 'a', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "datatree.nl", true */ 'd', 'a', 't', 'a', 't', 'r', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "datatruckers.com", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "datatruckers.net", true */ 'd', 'a', 't', 'a', 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "datememe.com", true */ 'd', 'a', 't', 'e', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datengrab.xyz", true */ 'd', 'a', 't', 'e', 'n', 'g', 'r', 'a', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "datenlast.de", true */ 'd', 'a', 't', 'e', 'n', 'l', 'a', 's', 't', '.', 'd', 'e', '\0',
+  /* "dateno1.com", true */ 'd', 'a', 't', 'e', 'n', 'o', '1', '.', 'c', 'o', 'm', '\0',
+  /* "datenreiter.org", true */ 'd', 'a', 't', 'e', 'n', 'r', 'e', 'i', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "datenschutz-individuell.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "datenschutzgrundverordnung.de", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'g', 'r', 'u', 'n', 'd', 'v', 'e', 'r', 'o', 'r', 'd', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "datenschutzhelden.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 'h', 'e', 'l', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "datenschutztag.org", true */ 'd', 'a', 't', 'e', 'n', 's', 'c', 'h', 'u', 't', 'z', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "datenwerkstatt.net", true */ 'd', 'a', 't', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "datewon.net", false */ 'd', 'a', 't', 'e', 'w', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "datine.com.br", true */ 'd', 'a', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "datingticino.ch", true */ 'd', 'a', 't', 'i', 'n', 'g', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "datovyaudit.cz", true */ 'd', 'a', 't', 'o', 'v', 'y', 'a', 'u', 'd', 'i', 't', '.', 'c', 'z', '\0',
+  /* "datsound.ru", true */ 'd', 'a', 't', 's', 'o', 'u', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "datsumou-q.com", true */ 'd', 'a', 't', 's', 'u', 'm', 'o', 'u', '-', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "datumou-osusume.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'o', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "datumou-recipe.com", true */ 'd', 'a', 't', 'u', 'm', 'o', 'u', '-', 'r', 'e', 'c', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daubehosting.de", true */ 'd', 'a', 'u', 'b', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "dave-pearce.com", true */ 'd', 'a', 'v', 'e', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "daveaglick.com", true */ 'd', 'a', 'v', 'e', 'a', 'g', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "davecardwell.com", true */ 'd', 'a', 'v', 'e', 'c', 'a', 'r', 'd', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "davelynes.com", true */ 'd', 'a', 'v', 'e', 'l', 'y', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "daveoc64.co.uk", true */ 'd', 'a', 'v', 'e', 'o', 'c', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "davepage.me.uk", true */ 'd', 'a', 'v', 'e', 'p', 'a', 'g', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "davepearce.com", true */ 'd', 'a', 'v', 'e', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "davescomputertips.com", true */ 'd', 'a', 'v', 'e', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "davesinclair.com.au", true */ 'd', 'a', 'v', 'e', 's', 'i', 'n', 'c', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "davetempleton.com", true */ 'd', 'a', 'v', 'e', 't', 'e', 'm', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "davevelopment.net", true */ 'd', 'a', 'v', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "davewardle.com", true */ 'd', 'a', 'v', 'e', 'w', 'a', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "david-corry.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'c', 'o', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "david-pearce.com", true */ 'd', 'a', 'v', 'i', 'd', '-', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "david-schiffmann.de", true */ 'd', 'a', 'v', 'i', 'd', '-', 's', 'c', 'h', 'i', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "david.kitchen", true */ 'd', 'a', 'v', 'i', 'd', '.', 'k', 'i', 't', 'c', 'h', 'e', 'n', '\0',
+  /* "davidadrian.org", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'd', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "davidandersson.se", true */ 'd', 'a', 'v', 'i', 'd', 'a', 'n', 'd', 'e', 'r', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "davidcrx.net", true */ 'd', 'a', 'v', 'i', 'd', 'c', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "daviddever.net", true */ 'd', 'a', 'v', 'i', 'd', 'd', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "davidfrancoeur.com", true */ 'd', 'a', 'v', 'i', 'd', 'f', 'r', 'a', 'n', 'c', 'o', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "davidgouveia.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'u', 'v', 'e', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "davidgow.net", true */ 'd', 'a', 'v', 'i', 'd', 'g', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "davidking.xyz", true */ 'd', 'a', 'v', 'i', 'd', 'k', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "davidlillo.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "davidlyness.com", true */ 'd', 'a', 'v', 'i', 'd', 'l', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "davidmcevoy.org.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'c', 'e', 'v', 'o', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "davidmessenger.co.uk", true */ 'd', 'a', 'v', 'i', 'd', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "davidnadaski.com", true */ 'd', 'a', 'v', 'i', 'd', 'n', 'a', 'd', 'a', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "davidpearce.com", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "davidpearce.org", true */ 'd', 'a', 'v', 'i', 'd', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "davidschadlich.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'a', 'd', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "davidschlachter.com", true */ 'd', 'a', 'v', 'i', 'd', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "davie3.com", true */ 'd', 'a', 'v', 'i', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "davimun.org", true */ 'd', 'a', 'v', 'i', 'm', 'u', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "davisroi.com", true */ 'd', 'a', 'v', 'i', 's', 'r', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "davo-usedcars.be", true */ 'd', 'a', 'v', 'o', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "davy-server.com", true */ 'd', 'a', 'v', 'y', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "daw.nz", true */ 'd', 'a', 'w', '.', 'n', 'z', '\0',
+  /* "dawnbringer.eu", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "dawnbringer.net", true */ 'd', 'a', 'w', 'n', 'b', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dawson-floridavilla.co.uk", true */ 'd', 'a', 'w', 's', 'o', 'n', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "day-peak.com", true */ 'd', 'a', 'y', '-', 'p', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "daylightpirates.org", true */ 'd', 'a', 'y', 'l', 'i', 'g', 'h', 't', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dayman.net", true */ 'd', 'a', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "daysoftheyear.com", true */ 'd', 'a', 'y', 's', 'o', 'f', 't', 'h', 'e', 'y', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "db-sanity.com", true */ 'd', 'b', '-', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "db-works.nl", true */ 'd', 'b', '-', 'w', 'o', 'r', 'k', 's', '.', 'n', 'l', '\0',
+  /* "dbapress.org", true */ 'd', 'b', 'a', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dbaron.org", true */ 'd', 'b', 'a', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dbas.cz", true */ 'd', 'b', 'a', 's', '.', 'c', 'z', '\0',
+  /* "dbdc.us", true */ 'd', 'b', 'd', 'c', '.', 'u', 's', '\0',
+  /* "dbentertainment.co.uk", true */ 'd', 'b', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dbgamestudio.com", true */ 'd', 'b', 'g', 'a', 'm', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dblcastles.co.uk", true */ 'd', 'b', 'l', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dbldub.net", true */ 'd', 'b', 'l', 'd', 'u', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dblx.io", true */ 'd', 'b', 'l', 'x', '.', 'i', 'o', '\0',
+  /* "dbmteam.com", true */ 'd', 'b', 'm', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dborcard.com", true */ 'd', 'b', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dbpkg.com", true */ 'd', 'b', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dbpmedia.se", true */ 'd', 'b', 'p', 'm', 'e', 'd', 'i', 'a', '.', 's', 'e', '\0',
+  /* "dbq.com", true */ 'd', 'b', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "dbrgn.ch", true */ 'd', 'b', 'r', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "dbtsai.com", true */ 'd', 'b', 't', 's', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dbyz.co.uk", true */ 'd', 'b', 'y', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dc-occasies.be", true */ 'd', 'c', '-', 'o', 'c', 'c', 'a', 's', 'i', 'e', 's', '.', 'b', 'e', '\0',
+  /* "dc562.org", true */ 'd', 'c', '5', '6', '2', '.', 'o', 'r', 'g', '\0',
+  /* "dc585.info", true */ 'd', 'c', '5', '8', '5', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dcards.in.th", true */ 'd', 'c', 'a', 'r', 'd', 's', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "dcautomacao.com.br", true */ 'd', 'c', 'a', 'u', 't', 'o', 'm', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dcbouncycastles.co.uk", true */ 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dcc.cat", true */ 'd', 'c', 'c', '.', 'c', 'a', 't', '\0',
+  /* "dcepler.net", true */ 'd', 'c', 'e', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dchatelain.ch", true */ 'd', 'c', 'h', 'a', 't', 'e', 'l', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "dchest.org", true */ 'd', 'c', 'h', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "dckd.nl", true */ 'd', 'c', 'k', 'd', '.', 'n', 'l', '\0',
+  /* "dclaisse.fr", true */ 'd', 'c', 'l', 'a', 'i', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "dcmt.co", true */ 'd', 'c', 'm', 't', '.', 'c', 'o', '\0',
+  /* "dcrdev.com", true */ 'd', 'c', 'r', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "dd.art.pl", true */ 'd', 'd', '.', 'a', 'r', 't', '.', 'p', 'l', '\0',
+  /* "ddel.de", true */ 'd', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "dden.ca", false */ 'd', 'd', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "ddfreedish.site", false */ 'd', 'd', 'f', 'r', 'e', 'e', 'd', 'i', 's', 'h', '.', 's', 'i', 't', 'e', '\0',
+  /* "ddhosted.com", true */ 'd', 'd', 'h', 'o', 's', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ddmeportal.com", true */ 'd', 'd', 'm', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ddns-anbieter.de", true */ 'd', 'd', 'n', 's', '-', 'a', 'n', 'b', 'i', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ddocu.me", true */ 'd', 'd', 'o', 'c', 'u', '.', 'm', 'e', '\0',
+  /* "ddos-mitigation.co.uk", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ddos-mitigation.info", true */ 'd', 'd', 'o', 's', '-', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ddracepro.net", true */ 'd', 'd', 'r', 'a', 'c', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dds.mil", true */ 'd', 'd', 's', '.', 'm', 'i', 'l', '\0',
+  /* "de-mail.info", true */ 'd', 'e', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "de-medici.nl", true */ 'd', 'e', '-', 'm', 'e', 'd', 'i', 'c', 'i', '.', 'n', 'l', '\0',
+  /* "de-rwa.de", true */ 'd', 'e', '-', 'r', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "de-spil.be", true */ 'd', 'e', '-', 's', 'p', 'i', 'l', '.', 'b', 'e', '\0',
+  /* "de.search.yahoo.com", false */ 'd', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "deadbeef.ninja", true */ 'd', 'e', 'a', 'd', 'b', 'e', 'e', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "deadc0de.re", true */ 'd', 'e', 'a', 'd', 'c', '0', 'd', 'e', '.', 'r', 'e', '\0',
+  /* "deadmann.com", true */ 'd', 'e', 'a', 'd', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "deaf.dating", true */ 'd', 'e', 'a', 'f', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "deaf.eu.org", true */ 'd', 'e', 'a', 'f', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "deai-life.biz", true */ 'd', 'e', 'a', 'i', '-', 'l', 'i', 'f', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "deaktualisierung.org", false */ 'd', 'e', 'a', 'k', 't', 'u', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "dealapp.nl", true */ 'd', 'e', 'a', 'l', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "dealbanana.at", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'a', 't', '\0',
+  /* "dealbanana.be", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'b', 'e', '\0',
+  /* "dealbanana.ch", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "dealbanana.co.uk", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dealbanana.com", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dealbanana.de", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "dealbanana.fi", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'i', '\0',
+  /* "dealbanana.fr", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'f', 'r', '\0',
+  /* "dealbanana.it", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 'i', 't', '\0',
+  /* "dealbanana.se", true */ 'd', 'e', 'a', 'l', 'b', 'a', 'n', 'a', 'n', 'a', '.', 's', 'e', '\0',
+  /* "dealcruiser.nl", true */ 'd', 'e', 'a', 'l', 'c', 'r', 'u', 'i', 's', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "dealinflatables.co.uk", true */ 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dealpass.no", true */ 'd', 'e', 'a', 'l', 'p', 'a', 's', 's', '.', 'n', 'o', '\0',
+  /* "deamuseum.org", true */ 'd', 'e', 'a', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "deanbank.com", true */ 'd', 'e', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "deanjerkovich.com", true */ 'd', 'e', 'a', 'n', 'j', 'e', 'r', 'k', 'o', 'v', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "deanmorgan.org", true */ 'd', 'e', 'a', 'n', 'm', 'o', 'r', 'g', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "deano-s.co.uk", true */ 'd', 'e', 'a', 'n', 'o', '-', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deanosplace.net", true */ 'd', 'e', 'a', 'n', 'o', 's', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "deanpearce.net", true */ 'd', 'e', 'a', 'n', 'p', 'e', 'a', 'r', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dearfcc.com", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dearfcc.net", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'n', 'e', 't', '\0',
+  /* "dearfcc.org", true */ 'd', 'e', 'a', 'r', 'f', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "dearnevalleybouncycastles.co.uk", true */ 'd', 'e', 'a', 'r', 'n', 'e', 'v', 'a', 'l', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deathy.ro", true */ 'd', 'e', 'a', 't', 'h', 'y', '.', 'r', 'o', '\0',
+  /* "debie-usedcars.be", true */ 'd', 'e', 'b', 'i', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "debigare.com", true */ 'd', 'e', 'b', 'i', 'g', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "debitoutil.com", true */ 'd', 'e', 'b', 'i', 't', 'o', 'u', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "debitpaie.com", true */ 'd', 'e', 'b', 'i', 't', 'p', 'a', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "deborahmarinelli.eu", true */ 'd', 'e', 'b', 'o', 'r', 'a', 'h', 'm', 'a', 'r', 'i', 'n', 'e', 'l', 'l', 'i', '.', 'e', 'u', '\0',
+  /* "debron-ot.nl", true */ 'd', 'e', 'b', 'r', 'o', 'n', '-', 'o', 't', '.', 'n', 'l', '\0',
+  /* "debrusoft.ch", true */ 'd', 'e', 'b', 'r', 'u', 's', 'o', 'f', 't', '.', 'c', 'h', '\0',
+  /* "debt.com", true */ 'd', 'e', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "debtrecycling.com.au", true */ 'd', 'e', 'b', 't', 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "debuemon.com", true */ 'd', 'e', 'b', 'u', 'e', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "debuis.nl", true */ 'd', 'e', 'b', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "decalquai.ch", true */ 'd', 'e', 'c', 'a', 'l', 'q', 'u', 'a', 'i', '.', 'c', 'h', '\0',
+  /* "decentralizedweb.net", true */ 'd', 'e', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'i', 'z', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "dechat.nl", true */ 'd', 'e', 'c', 'h', 'a', 't', '.', 'n', 'l', '\0',
+  /* "decidetreatment.org", true */ 'd', 'e', 'c', 'i', 'd', 'e', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "decock-usedcars.be", true */ 'd', 'e', 'c', 'o', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "decodeanddestroy.com", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'a', 'n', 'd', 'd', 'e', 's', 't', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "decoder.link", true */ 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "decomplify.com", true */ 'd', 'e', 'c', 'o', 'm', 'p', 'l', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "decor-d.com", true */ 'd', 'e', 'c', 'o', 'r', '-', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "decoraid.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "decoratrix.com", true */ 'd', 'e', 'c', 'o', 'r', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "decorauvent.ca", true */ 'd', 'e', 'c', 'o', 'r', 'a', 'u', 'v', 'e', 'n', 't', '.', 'c', 'a', '\0',
+  /* "decorestilo.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'e', 's', 't', 'i', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "decorincasa.com.br", true */ 'd', 'e', 'c', 'o', 'r', 'i', 'n', 'c', 'a', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "decormiernissanparts.com", true */ 'd', 'e', 'c', 'o', 'r', 'm', 'i', 'e', 'r', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "decosoftware.com", true */ 'd', 'e', 'c', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "decrousaz-ceramique.ch", true */ 'd', 'e', 'c', 'r', 'o', 'u', 's', 'a', 'z', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "decstasy.de", true */ 'd', 'e', 'c', 's', 't', 'a', 's', 'y', '.', 'd', 'e', '\0',
+  /* "dede.ml", true */ 'd', 'e', 'd', 'e', '.', 'm', 'l', '\0',
+  /* "dedelta.net", true */ 'd', 'e', 'd', 'e', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "dedimax.de", true */ 'd', 'e', 'd', 'i', 'm', 'a', 'x', '.', 'd', 'e', '\0',
+  /* "dedmorozrzn.ru", true */ 'd', 'e', 'd', 'm', 'o', 'r', 'o', 'z', 'r', 'z', 'n', '.', 'r', 'u', '\0',
+  /* "deduijventil.nl", true */ 'd', 'e', 'd', 'u', 'i', 'j', 'v', 'e', 'n', 't', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "dee.pe", true */ 'd', 'e', 'e', '.', 'p', 'e', '\0',
+  /* "dee.su", true */ 'd', 'e', 'e', '.', 's', 'u', '\0',
+  /* "deegeeinflatables.co.uk", true */ 'd', 'e', 'e', 'g', 'e', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deep.club", true */ 'd', 'e', 'e', 'p', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "deeparamaraj.com", true */ 'd', 'e', 'e', 'p', 'a', 'r', 'a', 'm', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "deepbluecrafting.co.uk", true */ 'd', 'e', 'e', 'p', 'b', 'l', 'u', 'e', 'c', 'r', 'a', 'f', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "deephill.com", true */ 'd', 'e', 'e', 'p', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deepserve.info", true */ 'd', 'e', 'e', 'p', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "deepsouthsounds.com", true */ 'd', 'e', 'e', 'p', 's', 'o', 'u', 't', 'h', 's', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "deepvalley.tech", true */ 'd', 'e', 'e', 'p', 'v', 'a', 'l', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "deepzz.com", true */ 'd', 'e', 'e', 'p', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "deer.team", true */ 'd', 'e', 'e', 'r', '.', 't', 'e', 'a', 'm', '\0',
+  /* "deezeno.com", true */ 'd', 'e', 'e', 'z', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "def-pos.ru", true */ 'd', 'e', 'f', '-', 'p', 'o', 's', '.', 'r', 'u', '\0',
+  /* "defcon.org", true */ 'd', 'e', 'f', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "defendas.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defender-pro.com", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'e', 'r', '-', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "defendinnovation.org", true */ 'd', 'e', 'f', 'e', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "defero.io", true */ 'd', 'e', 'f', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "defi-metier.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "defi-metier.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "defi-metier.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "defi-metiers.com", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defi-metiers.fr", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "defi-metiers.org", true */ 'd', 'e', 'f', 'i', '-', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "defimetier.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "defimetier.org", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "defimetiers.com", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "defimetiers.fr", true */ 'd', 'e', 'f', 'i', 'm', 'e', 't', 'i', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "deflect.ca", true */ 'd', 'e', 'f', 'l', 'e', 'c', 't', '.', 'c', 'a', '\0',
+  /* "defman.me", true */ 'd', 'e', 'f', 'm', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "defme.eu", true */ 'd', 'e', 'f', 'm', 'e', '.', 'e', 'u', '\0',
+  /* "defont.nl", true */ 'd', 'e', 'f', 'o', 'n', 't', '.', 'n', 'l', '\0',
+  /* "defrax.com", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "defrax.de", true */ 'd', 'e', 'f', 'r', 'a', 'x', '.', 'd', 'e', '\0',
+  /* "deftek.com", true */ 'd', 'e', 'f', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "deftnerd.com", true */ 'd', 'e', 'f', 't', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "defuse.ca", true */ 'd', 'e', 'f', 'u', 's', 'e', '.', 'c', 'a', '\0',
+  /* "defxing.net", true */ 'd', 'e', 'f', 'x', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "degata.com", true */ 'd', 'e', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "degeberg.com", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "degeberg.dk", true */ 'd', 'e', 'g', 'e', 'b', 'e', 'r', 'g', '.', 'd', 'k', '\0',
+  /* "degen-elektrotechnik.de", true */ 'd', 'e', 'g', 'e', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "degoulet.net", true */ 'd', 'e', 'g', 'o', 'u', 'l', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "degraafschapdierenartsen.nl", true */ 'd', 'e', 'g', 'r', 'a', 'a', 'f', 's', 'c', 'h', 'a', 'p', 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "degracetechnologie.com", true */ 'd', 'e', 'g', 'r', 'a', 'c', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dehopre.com", true */ 'd', 'e', 'h', 'o', 'p', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dehydrated.de", true */ 'd', 'e', 'h', 'y', 'd', 'r', 'a', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "deidee.nl", true */ 'd', 'e', 'i', 'd', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "deinballon.de", true */ 'd', 'e', 'i', 'n', 'b', 'a', 'l', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "deinewebsite.de", true */ 'd', 'e', 'i', 'n', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "deinfoto.ch", true */ 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "deitti.net", true */ 'd', 'e', 'i', 't', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "dejan.media", true */ 'd', 'e', 'j', 'a', 'n', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "dejandayoff.com", true */ 'd', 'e', 'j', 'a', 'n', 'd', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "dejure.org", true */ 'd', 'e', 'j', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "dejw.cz", true */ 'd', 'e', 'j', 'w', '.', 'c', 'z', '\0',
+  /* "dekasiba.com", true */ 'd', 'e', 'k', 'a', 's', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "delahrzolder.nl", true */ 'd', 'e', 'l', 'a', 'h', 'r', 'z', 'o', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "delbecqvo.be", true */ 'd', 'e', 'l', 'b', 'e', 'c', 'q', 'v', 'o', '.', 'b', 'e', '\0',
+  /* "delbrouck.ch", true */ 'd', 'e', 'l', 'b', 'r', 'o', 'u', 'c', 'k', '.', 'c', 'h', '\0',
+  /* "deleidscheflesch.nl", true */ 'd', 'e', 'l', 'e', 'i', 'd', 's', 'c', 'h', 'e', 'f', 'l', 'e', 's', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "delfic.org", true */ 'd', 'e', 'l', 'f', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "delhionlinegifts.com", true */ 'd', 'e', 'l', 'h', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "deliandiver.org", true */ 'd', 'e', 'l', 'i', 'a', 'n', 'd', 'i', 'v', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "deliberatedigital.com", true */ 'd', 'e', 'l', 'i', 'b', 'e', 'r', 'a', 't', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deliciisanatoase.ro", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'i', 's', 'a', 'n', 'a', 't', 'o', 'a', 's', 'e', '.', 'r', 'o', '\0',
+  /* "deliciousmedia.co.uk", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "delicioustable.com", true */ 'd', 'e', 'l', 'i', 'c', 'i', 'o', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "delitto.top", true */ 'd', 'e', 'l', 'i', 't', 't', 'o', '.', 't', 'o', 'p', '\0',
+  /* "deliver.moe", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', '.', 'm', 'o', 'e', '\0',
+  /* "delivery.co.at", true */ 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "dellipaoli.com", true */ 'd', 'e', 'l', 'l', 'i', 'p', 'a', 'o', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "delogo.nl", true */ 'd', 'e', 'l', 'o', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "delphine.dance", true */ 'd', 'e', 'l', 'p', 'h', 'i', 'n', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "delta-data.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0',
+  /* "delta-smart.ch", true */ 'd', 'e', 'l', 't', 'a', '-', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "delta.ru", true */ 'd', 'e', 'l', 't', 'a', '.', 'r', 'u', '\0',
+  /* "delta23.de", true */ 'd', 'e', 'l', 't', 'a', '2', '3', '.', 'd', 'e', '\0',
+  /* "deltaacademy.org", true */ 'd', 'e', 'l', 't', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "deltadata.ch", true */ 'd', 'e', 'l', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'h', '\0',
+  /* "deltasmart.ch", true */ 'd', 'e', 'l', 't', 'a', 's', 'm', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "deltava.org", true */ 'd', 'e', 'l', 't', 'a', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "demandware.com", true */ 'd', 'e', 'm', 'a', 'n', 'd', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demarche-expresse.com", true */ 'd', 'e', 'm', 'a', 'r', 'c', 'h', 'e', '-', 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demarle.ch", true */ 'd', 'e', 'm', 'a', 'r', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "dementiapraecox.de", true */ 'd', 'e', 'm', 'e', 'n', 't', 'i', 'a', 'p', 'r', 'a', 'e', 'c', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "demeyere-usedcars.be", true */ 'd', 'e', 'm', 'e', 'y', 'e', 'r', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "demfloro.ru", true */ 'd', 'e', 'm', 'f', 'l', 'o', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "demijn.nl", true */ 'd', 'e', 'm', 'i', 'j', 'n', '.', 'n', 'l', '\0',
+  /* "demilletech.net", true */ 'd', 'e', 'm', 'i', 'l', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "demo.sb", true */ 'd', 'e', 'm', 'o', '.', 's', 'b', '\0',
+  /* "demo.swedbank.se", true */ 'd', 'e', 'm', 'o', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "demo9.ovh", true */ 'd', 'e', 'm', 'o', '9', '.', 'o', 'v', 'h', '\0',
+  /* "democracy.io", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'i', 'o', '\0',
+  /* "democracychronicles.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'c', 'h', 'r', 'o', 'n', 'i', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "democracyineurope.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'e', 'u', '\0',
+  /* "democraticdifference.com", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'c', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "democraziaineuropa.eu", true */ 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'z', 'i', 'a', 'i', 'n', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0',
+  /* "demoniak.ch", true */ 'd', 'e', 'm', 'o', 'n', 'i', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "demonwav.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "demonwolfdev.com", true */ 'd', 'e', 'm', 'o', 'n', 'w', 'o', 'l', 'f', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "demotivatorbi.ru", true */ 'd', 'e', 'm', 'o', 't', 'i', 'v', 'a', 't', 'o', 'r', 'b', 'i', '.', 'r', 'u', '\0',
+  /* "demuzere.be", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "demuzere.com", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "demuzere.eu", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "demuzere.net", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "demuzere.org", true */ 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "denabot.pw", true */ 'd', 'e', 'n', 'a', 'b', 'o', 't', '.', 'p', 'w', '\0',
+  /* "denaehula.com", true */ 'd', 'e', 'n', 'a', 'e', 'h', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "denardbrewing.com", true */ 'd', 'e', 'n', 'a', 'r', 'd', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dengchangdong.com", true */ 'd', 'e', 'n', 'g', 'c', 'h', 'a', 'n', 'g', 'd', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dengode.eu", true */ 'd', 'e', 'n', 'g', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "denimio.com", true */ 'd', 'e', 'n', 'i', 'm', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "denimtoday.com", true */ 'd', 'e', 'n', 'i', 'm', 't', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "denis-martinez.photos", true */ 'd', 'e', 'n', 'i', 's', '-', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "denisewakeman.com", true */ 'd', 'e', 'n', 'i', 's', 'e', 'w', 'a', 'k', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "denistruffaut.fr", true */ 'd', 'e', 'n', 'i', 's', 't', 'r', 'u', 'f', 'f', 'a', 'u', 't', '.', 'f', 'r', '\0',
+  /* "deniszczuk.pl", true */ 'd', 'e', 'n', 'i', 's', 'z', 'c', 'z', 'u', 'k', '.', 'p', 'l', '\0',
+  /* "dennisang.com", true */ 'd', 'e', 'n', 'n', 'i', 's', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dennisdoes.net", false */ 'd', 'e', 'n', 'n', 'i', 's', 'd', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "denniskoot.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'k', 'o', 'o', 't', '.', 'n', 'l', '\0',
+  /* "dennispotter.eu", true */ 'd', 'e', 'n', 'n', 'i', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "dennisvandenbos.nl", true */ 'd', 'e', 'n', 'n', 'i', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "dennogumi.org", true */ 'd', 'e', 'n', 'n', 'o', 'g', 'u', 'm', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "denous.nl", true */ 'd', 'e', 'n', 'o', 'u', 's', '.', 'n', 'l', '\0',
+  /* "dent.uy", true */ 'd', 'e', 'n', 't', '.', 'u', 'y', '\0',
+  /* "dental-misaki.com", true */ 'd', 'e', 'n', 't', 'a', 'l', '-', 'm', 'i', 's', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dentallaborgeraeteservice.de", true */ 'd', 'e', 'n', 't', 'a', 'l', 'l', 'a', 'b', 'o', 'r', 'g', 'e', 'r', 'a', 'e', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "dentfix.ro", true */ 'd', 'e', 'n', 't', 'f', 'i', 'x', '.', 'r', 'o', '\0',
+  /* "dentistglasgow.com", true */ 'd', 'e', 'n', 't', 'i', 's', 't', 'g', 'l', 'a', 's', 'g', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "dentrassi.de", true */ 'd', 'e', 'n', 't', 'r', 'a', 's', 's', 'i', '.', 'd', 'e', '\0',
+  /* "dentystabirmingham.co.uk", true */ 'd', 'e', 'n', 't', 'y', 's', 't', 'a', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "denverphilharmonic.org", true */ 'd', 'e', 'n', 'v', 'e', 'r', 'p', 'h', 'i', 'l', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "deontology.com", true */ 'd', 'e', 'o', 'n', 't', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "depaddestoeltjes.be", true */ 'd', 'e', 'p', 'a', 'd', 'd', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', 's', '.', 'b', 'e', '\0',
+  /* "depechemode-live.com", true */ 'd', 'e', 'p', 'e', 'c', 'h', 'e', 'm', 'o', 'd', 'e', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "depedshs.com", true */ 'd', 'e', 'p', 'e', 'd', 's', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "depicus.com", true */ 'd', 'e', 'p', 'i', 'c', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "depone.net", true */ 'd', 'e', 'p', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "depotsquarekerrville.com", true */ 'd', 'e', 'p', 'o', 't', 's', 'q', 'u', 'a', 'r', 'e', 'k', 'e', 'r', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "depotter-usedcars.be", true */ 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "deprecate.de", true */ 'd', 'e', 'p', 'r', 'e', 'c', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "deprobe.pro", true */ 'd', 'e', 'p', 'r', 'o', 'b', 'e', '.', 'p', 'r', 'o', '\0',
+  /* "depth-co.jp", true */ 'd', 'e', 'p', 't', 'h', '-', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "depthe.gr", true */ 'd', 'e', 'p', 't', 'h', 'e', '.', 'g', 'r', '\0',
+  /* "der-bank-blog.de", true */ 'd', 'e', 'r', '-', 'b', 'a', 'n', 'k', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "der-gardinenmann.de", true */ 'd', 'e', 'r', '-', 'g', 'a', 'r', 'd', 'i', 'n', 'e', 'n', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "der-rudi.eu", true */ 'd', 'e', 'r', '-', 'r', 'u', 'd', 'i', '.', 'e', 'u', '\0',
+  /* "der-stein-fluesterer.de", true */ 'd', 'e', 'r', '-', 's', 't', 'e', 'i', 'n', '-', 'f', 'l', 'u', 'e', 's', 't', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "derattizzazione.name", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "derattizzazioni.biz", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "derattizzazioni.org", true */ 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "derbybouncycastles.com", true */ 'd', 'e', 'r', 'b', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "derbyshire-language-scheme.co.uk", true */ 'd', 'e', 'r', 'b', 'y', 's', 'h', 'i', 'r', 'e', '-', 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', '-', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "derdewereldrommelmarkt.nl", true */ 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', 'r', 'o', 'm', 'm', 'e', 'l', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0',
+  /* "derechosdigitales.org", true */ 'd', 'e', 'r', 'e', 'c', 'h', 'o', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "dereferenced.net", true */ 'd', 'e', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "derehamcastles.co.uk", true */ 'd', 'e', 'r', 'e', 'h', 'a', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "derekkent.com", true */ 'd', 'e', 'r', 'e', 'k', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "derekseaman.com", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "derekseaman.studio", true */ 'd', 'e', 'r', 'e', 'k', 's', 'e', 'a', 'm', 'a', 'n', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "dergeilstestammderwelt.de", true */ 'd', 'e', 'r', 'g', 'e', 'i', 'l', 's', 't', 'e', 's', 't', 'a', 'm', 'm', 'd', 'e', 'r', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "derhil.de", true */ 'd', 'e', 'r', 'h', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "derive.cc", true */ 'd', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'c', '\0',
+  /* "dermapuur.nl", true */ 'd', 'e', 'r', 'm', 'a', 'p', 'u', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "dermatologie-morges.ch", true */ 'd', 'e', 'r', 'm', 'a', 't', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'm', 'o', 'r', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "dermediq.nl", true */ 'd', 'e', 'r', 'm', 'e', 'd', 'i', 'q', '.', 'n', 'l', '\0',
+  /* "dermot.org.uk", true */ 'd', 'e', 'r', 'm', 'o', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "deroo.org", true */ 'd', 'e', 'r', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "derp.army", true */ 'd', 'e', 'r', 'p', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "derre.fr", true */ 'd', 'e', 'r', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "derreichesack.com", true */ 'd', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 's', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dersix.com", true */ 'd', 'e', 'r', 's', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dersoundhunter.de", true */ 'd', 'e', 'r', 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "derstulle.de", true */ 'd', 'e', 'r', 's', 't', 'u', 'l', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "des-hommes-et-des-clous.com", true */ 'd', 'e', 's', '-', 'h', 'o', 'm', 'm', 'e', 's', '-', 'e', 't', '-', 'd', 'e', 's', '-', 'c', 'l', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "desagaz.com", true */ 'd', 'e', 's', 'a', 'g', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "desarrollowp.com", true */ 'd', 'e', 's', 'a', 'r', 'r', 'o', 'l', 'l', 'o', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "descartes-finance.com", true */ 'd', 'e', 's', 'c', 'a', 'r', 't', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desec.io", true */ 'd', 'e', 's', 'e', 'c', '.', 'i', 'o', '\0',
+  /* "desertsounds.org", true */ 'd', 'e', 's', 'e', 'r', 't', 's', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "desgenst.ch", true */ 'd', 'e', 's', 'g', 'e', 'n', 's', 't', '.', 'c', 'h', '\0',
+  /* "design-fu.com", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 'f', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "design-tooning.de", true */ 'd', 'e', 's', 'i', 'g', 'n', '-', 't', 'o', 'o', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "designanyware.com.br", true */ 'd', 'e', 's', 'i', 'g', 'n', 'a', 'n', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "designdevs.eu", true */ 'd', 'e', 's', 'i', 'g', 'n', 'd', 'e', 'v', 's', '.', 'e', 'u', '\0',
+  /* "designed-cybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', '-', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "designedcybersecurity.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'd', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "designer-drug.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '-', 'd', 'r', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "designgraphic.fr", true */ 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "designhotel-kronjuwel.de", true */ 'd', 'e', 's', 'i', 'g', 'n', 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "designsbyjanith.com", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'j', 'a', 'n', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "designsbykerrialee.co.uk", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'b', 'y', 'k', 'e', 'r', 'r', 'i', 'a', 'l', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "designskin.ch", true */ 'd', 'e', 's', 'i', 'g', 'n', 's', 'k', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "designville.cz", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "designville.sk", true */ 'd', 'e', 's', 'i', 'g', 'n', 'v', 'i', 'l', 'l', 'e', '.', 's', 'k', '\0',
+  /* "desila.jp", true */ 'd', 'e', 's', 'i', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "desktopfx.net", false */ 'd', 'e', 's', 'k', 't', 'o', 'p', 'f', 'x', '.', 'n', 'e', 't', '\0',
+  /* "deskture.com", true */ 'd', 'e', 's', 'k', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desmaakvanplanten.be", true */ 'd', 'e', 's', 'm', 'a', 'a', 'k', 'v', 'a', 'n', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "desmo.gg", true */ 'd', 'e', 's', 'm', 'o', '.', 'g', 'g', '\0',
+  /* "despertadoronline.com.es", true */ 'd', 'e', 's', 'p', 'e', 'r', 't', 'a', 'd', 'o', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "desplats.com.ar", true */ 'd', 'e', 's', 'p', 'l', 'a', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "despotika.de", true */ 'd', 'e', 's', 'p', 'o', 't', 'i', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "dessinemoilademocratie.ch", true */ 'd', 'e', 's', 's', 'i', 'n', 'e', 'm', 'o', 'i', 'l', 'a', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "desterman.ru", true */ 'd', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "destileria.net.br", true */ 'd', 'e', 's', 't', 'i', 'l', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "destinationsofnewyorkstate.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 's', 'o', 'f', 'n', 'e', 'w', 'y', 'o', 'r', 'k', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "destinattorneyjohngreene.com", true */ 'd', 'e', 's', 't', 'i', 'n', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'j', 'o', 'h', 'n', 'g', 'r', 'e', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "desu.ne.jp", true */ 'd', 'e', 's', 'u', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "det-te.ch", true */ 'd', 'e', 't', '-', 't', 'e', '.', 'c', 'h', '\0',
+  /* "detalhecomercio.com.br", true */ 'd', 'e', 't', 'a', 'l', 'h', 'e', 'c', 'o', 'm', 'e', 'r', 'c', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "detalyedesigngroup.com", true */ 'd', 'e', 't', 'a', 'l', 'y', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "detechnologiecooperatie.nl", true */ 'd', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "detectify.com", false */ 'd', 'e', 't', 'e', 'c', 't', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "detekenmuze.nl", true */ 'd', 'e', 't', 'e', 'k', 'e', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "dethemium.com", true */ 'd', 'e', 't', 'h', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dethikiemtra.com", true */ 'd', 'e', 't', 'h', 'i', 'k', 'i', 'e', 'm', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "detoxetmoi.com", true */ 'd', 'e', 't', 'o', 'x', 'e', 't', 'm', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "detoxsinutritie.ro", true */ 'd', 'e', 't', 'o', 'x', 's', 'i', 'n', 'u', 't', 'r', 'i', 't', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "detroit-english.de", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'd', 'e', '\0',
+  /* "detroitstylepizza.com", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 's', 't', 'y', 'l', 'e', 'p', 'i', 'z', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "detroitzoo.org", true */ 'd', 'e', 't', 'r', 'o', 'i', 't', 'z', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "detskysad.com", true */ 'd', 'e', 't', 's', 'k', 'y', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "detuinmuze.nl", true */ 'd', 'e', 't', 'u', 'i', 'n', 'm', 'u', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "detype.nl", true */ 'd', 'e', 't', 'y', 'p', 'e', '.', 'n', 'l', '\0',
+  /* "deude.de", true */ 'd', 'e', 'u', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "deurenfabriek.nl", true */ 'd', 'e', 'u', 'r', 'e', 'n', 'f', 'a', 'b', 'r', 'i', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "deusu.de", true */ 'd', 'e', 'u', 's', 'u', '.', 'd', 'e', '\0',
+  /* "deusu.org", true */ 'd', 'e', 'u', 's', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "deutsch-vietnamesisch-dolmetscher.com", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', '-', 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'i', 's', 'c', 'h', '-', 'd', 'o', 'l', 'm', 'e', 't', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "deutschland-dsl.de", true */ 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '-', 'd', 's', 'l', '.', 'd', 'e', '\0',
+  /* "deux.solutions", true */ 'd', 'e', 'u', 'x', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "deuxsol.co", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', '\0',
+  /* "deuxsol.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "deuxsolutions.com", true */ 'd', 'e', 'u', 'x', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dev-brandywineglobal.com", true */ 'd', 'e', 'v', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dev-pulse-mtn.pantheonsite.io", true */ 'd', 'e', 'v', '-', 'p', 'u', 'l', 's', 'e', '-', 'm', 't', 'n', '.', 'p', 'a', 'n', 't', 'h', 'e', 'o', 'n', 's', 'i', 't', 'e', '.', 'i', 'o', '\0',
+  /* "dev-talk.net", true */ 'd', 'e', 'v', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "devafterdark.com", true */ 'd', 'e', 'v', 'a', 'f', 't', 'e', 'r', 'd', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "devalps.eu", true */ 'd', 'e', 'v', 'a', 'l', 'p', 's', '.', 'e', 'u', '\0',
+  /* "devb.nl", true */ 'd', 'e', 'v', 'b', '.', 'n', 'l', '\0',
+  /* "devcast.io", true */ 'd', 'e', 'v', 'c', 'a', 's', 't', '.', 'i', 'o', '\0',
+  /* "devct.cz", false */ 'd', 'e', 'v', 'c', 't', '.', 'c', 'z', '\0',
+  /* "devcu.com", true */ 'd', 'e', 'v', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "devdesco.com", true */ 'd', 'e', 'v', 'd', 'e', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "devdom.io", true */ 'd', 'e', 'v', 'd', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "devdoodle.net", true */ 'd', 'e', 'v', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "devel.cz", true */ 'd', 'e', 'v', 'e', 'l', '.', 'c', 'z', '\0',
+  /* "develop.cool", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "developer.android.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "developer.mydigipass.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "developerfair.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "developermail.io", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'i', 'o', '\0',
+  /* "developers.facebook.com", false */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "developfx.com", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "developmentaid.org", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 'a', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "developmentsites.melbourne", true */ 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', 'i', 't', 'e', 's', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "develux.com", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "develux.net", true */ 'd', 'e', 'v', 'e', 'l', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "devenney.io", true */ 'd', 'e', 'v', 'e', 'n', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "devh.de", true */ 'd', 'e', 'v', 'h', '.', 'd', 'e', '\0',
+  /* "devh.net", true */ 'd', 'e', 'v', 'h', '.', 'n', 'e', 't', '\0',
+  /* "deviant.email", true */ 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "devillers-occasions.be", true */ 'd', 'e', 'v', 'i', 'l', 'l', 'e', 'r', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "devilshakerz.com", true */ 'd', 'e', 'v', 'i', 'l', 's', 'h', 'a', 'k', 'e', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "deviltracks.net", true */ 'd', 'e', 'v', 'i', 'l', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "devinfo.net", false */ 'd', 'e', 'v', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0',
+  /* "devisnow.fr", true */ 'd', 'e', 'v', 'i', 's', 'n', 'o', 'w', '.', 'f', 'r', '\0',
+  /* "devjack.de", true */ 'd', 'e', 'v', 'j', 'a', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "devkit.cc", true */ 'd', 'e', 'v', 'k', 'i', 't', '.', 'c', 'c', '\0',
+  /* "devklog.net", true */ 'd', 'e', 'v', 'k', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "devlamvzw.org", true */ 'd', 'e', 'v', 'l', 'a', 'm', 'v', 'z', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "devlatron.net", true */ 'd', 'e', 'v', 'l', 'a', 't', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "devlogr.com", true */ 'd', 'e', 'v', 'l', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "devlux.ch", true */ 'd', 'e', 'v', 'l', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "devolution.ws", true */ 'd', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'w', 's', '\0',
+  /* "devonsawatzky.ca", true */ 'd', 'e', 'v', 'o', 'n', 's', 'a', 'w', 'a', 't', 'z', 'k', 'y', '.', 'c', 'a', '\0',
+  /* "devops-survey.com", true */ 'd', 'e', 'v', 'o', 'p', 's', '-', 's', 'u', 'r', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "devpgsv.com", true */ 'd', 'e', 'v', 'p', 'g', 's', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "devpsy.info", true */ 'd', 'e', 'v', 'p', 's', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "devstaff.gr", true */ 'd', 'e', 'v', 's', 't', 'a', 'f', 'f', '.', 'g', 'r', '\0',
+  /* "devyn.ca", true */ 'd', 'e', 'v', 'y', 'n', '.', 'c', 'a', '\0',
+  /* "devzero.io", true */ 'd', 'e', 'v', 'z', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "dewalch.net", true */ 'd', 'e', 'w', 'a', 'l', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "dewapress.com", true */ 'd', 'e', 'w', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dexalo.de", true */ 'd', 'e', 'x', 'a', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "dezeregio.nl", true */ 'd', 'e', 'z', 'e', 'r', 'e', 'g', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "dezet-ev.de", true */ 'd', 'e', 'z', 'e', 't', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "dezintranet.com", true */ 'd', 'e', 'z', 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dezmembrariromania.ro", true */ 'd', 'e', 'z', 'm', 'e', 'm', 'b', 'r', 'a', 'r', 'i', 'r', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "dezshop24.de", true */ 'd', 'e', 'z', 's', 'h', 'o', 'p', '2', '4', '.', 'd', 'e', '\0',
+  /* "df1paw.de", true */ 'd', 'f', '1', 'p', 'a', 'w', '.', 'd', 'e', '\0',
+  /* "dfctaiwan.org", true */ 'd', 'f', 'c', 't', 'a', 'i', 'w', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "dfekt.no", true */ 'd', 'f', 'e', 'k', 't', '.', 'n', 'o', '\0',
+  /* "dfektlan.no", true */ 'd', 'f', 'e', 'k', 't', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "dfixit.com", true */ 'd', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dfl.mn", true */ 'd', 'f', 'l', '.', 'm', 'n', '\0',
+  /* "dflcares.com", true */ 'd', 'f', 'l', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dfmn.berlin", true */ 'd', 'f', 'm', 'n', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "dfranke.com", true */ 'd', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dgbouncycastlehire.com", true */ 'd', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dgby.org", true */ 'd', 'g', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "dgeex.eu", true */ 'd', 'g', 'e', 'e', 'x', '.', 'e', 'u', '\0',
+  /* "dgitup.com", true */ 'd', 'g', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dgportals.co.uk", true */ 'd', 'g', 'p', 'o', 'r', 't', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dgpot.com", true */ 'd', 'g', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dgt-portal.de", true */ 'd', 'g', 't', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "dgx.io", true */ 'd', 'g', 'x', '.', 'i', 'o', '\0',
+  /* "dhautefeuille.eu", true */ 'd', 'h', 'a', 'u', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "dhauwer.nl", true */ 'd', 'h', 'a', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "dhconcept.ch", true */ 'd', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0',
+  /* "dheart.net", true */ 'd', 'h', 'e', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "dhedegaard.dk", true */ 'd', 'h', 'e', 'd', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "dhhs.gov", true */ 'd', 'h', 'h', 's', '.', 'g', 'o', 'v', '\0',
+  /* "dhinflatables.co.uk", true */ 'd', 'h', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dhlcotizadorexpo-qa.azurewebsites.net", true */ 'd', 'h', 'l', 'c', 'o', 't', 'i', 'z', 'a', 'd', 'o', 'r', 'e', 'x', 'p', 'o', '-', 'q', 'a', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "dhlinux.org", true */ 'd', 'h', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dhome.at", true */ 'd', 'h', 'o', 'm', 'e', '.', 'a', 't', '\0',
+  /* "dhxxls.com", true */ 'd', 'h', 'x', 'x', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "di2pra.com", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "di2pra.fr", true */ 'd', 'i', '2', 'p', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "diabolic.chat", true */ 'd', 'i', 'a', 'b', 'o', 'l', 'i', 'c', '.', 'c', 'h', 'a', 't', '\0',
+  /* "diadorafitness.es", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 's', '\0',
+  /* "diadorafitness.it", true */ 'd', 'i', 'a', 'd', 'o', 'r', 'a', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'i', 't', '\0',
+  /* "diagnocentro.cl", true */ 'd', 'i', 'a', 'g', 'n', 'o', 'c', 'e', 'n', 't', 'r', 'o', '.', 'c', 'l', '\0',
+  /* "diagnostix.org", true */ 'd', 'i', 'a', 'g', 'n', 'o', 's', 't', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dialoegue.com", true */ 'd', 'i', 'a', 'l', 'o', 'e', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diamante.ro", true */ 'd', 'i', 'a', 'm', 'a', 'n', 't', 'e', '.', 'r', 'o', '\0',
+  /* "diamondpkg.org", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'p', 'k', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "diamondyze.nl", true */ 'd', 'i', 'a', 'm', 'o', 'n', 'd', 'y', 'z', 'e', '.', 'n', 'l', '\0',
+  /* "diamorphine.com", true */ 'd', 'i', 'a', 'm', 'o', 'r', 'p', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diamsmedia.ch", true */ 'd', 'i', 'a', 'm', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "dianefriedli.ch", true */ 'd', 'i', 'a', 'n', 'e', 'f', 'r', 'i', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "dianurse.com", true */ 'd', 'i', 'a', 'n', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diare-na-miru.cz", true */ 'd', 'i', 'a', 'r', 'e', '-', 'n', 'a', '-', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0',
+  /* "diario-egipto.com", true */ 'd', 'i', 'a', 'r', 'i', 'o', '-', 'e', 'g', 'i', 'p', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diasdasemana.com", true */ 'd', 'i', 'a', 's', 'd', 'a', 's', 'e', 'm', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "diasp.org", true */ 'd', 'i', 'a', 's', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "diasporadialogues.com", true */ 'd', 'i', 'a', 's', 'p', 'o', 'r', 'a', 'd', 'i', 'a', 'l', 'o', 'g', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "diavo.de", true */ 'd', 'i', 'a', 'v', 'o', '.', 'd', 'e', '\0',
+  /* "dibiphp.com", true */ 'd', 'i', 'b', 'i', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "diccionarioabierto.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'a', 'b', 'i', 'e', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diccionariodedudas.com", true */ 'd', 'i', 'c', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'd', 'u', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dice.tokyo", true */ 'd', 'i', 'c', 'e', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "dichgans-besserer.de", true */ 'd', 'i', 'c', 'h', 'g', 'a', 'n', 's', '-', 'b', 'e', 's', 's', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dichvudangkygiayphep.com", true */ 'd', 'i', 'c', 'h', 'v', 'u', 'd', 'a', 'n', 'g', 'k', 'y', 'g', 'i', 'a', 'y', 'p', 'h', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dicionario.org", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "dicionariodegirias.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'g', 'i', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodelatim.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'l', 'a', 't', 'i', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodenomesproprios.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 'n', 'o', 'm', 'e', 's', 'p', 'r', 'o', 'p', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionariodesimbolos.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'd', 'e', 's', 'i', 'm', 'b', 'o', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dicionarioetimologico.com.br", true */ 'd', 'i', 'c', 'i', 'o', 'n', 'a', 'r', 'i', 'o', 'e', 't', 'i', 'm', 'o', 'l', 'o', 'g', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dickieslife.com", true */ 'd', 'i', 'c', 'k', 'i', 'e', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dickpics.ru", true */ 'd', 'i', 'c', 'k', 'p', 'i', 'c', 's', '.', 'r', 'u', '\0',
+  /* "dicoding.com", true */ 'd', 'i', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "didacte.com", true */ 'd', 'i', 'd', 'a', 'c', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "didche.net", true */ 'd', 'i', 'd', 'c', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "diddens.de", true */ 'd', 'i', 'd', 'd', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "didikhari.web.id", true */ 'd', 'i', 'd', 'i', 'k', 'h', 'a', 'r', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "die-besten-weisheiten.de", true */ 'd', 'i', 'e', '-', 'b', 'e', 's', 't', 'e', 'n', '-', 'w', 'e', 'i', 's', 'h', 'e', 'i', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-blahuts.de", true */ 'd', 'i', 'e', '-', 'b', 'l', 'a', 'h', 'u', 't', 's', '.', 'd', 'e', '\0',
+  /* "die-borts.ch", true */ 'd', 'i', 'e', '-', 'b', 'o', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "die-gruenen-teufel.de", true */ 'd', 'i', 'e', '-', 'g', 'r', 'u', 'e', 'n', 'e', 'n', '-', 't', 'e', 'u', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "die-partei-reutlingen.de", true */ 'd', 'i', 'e', '-', 'p', 'a', 'r', 't', 'e', 'i', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-sinlosen.de", true */ 'd', 'i', 'e', '-', 's', 'i', 'n', 'l', 'o', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "die-speisekammer-reutlingen.de", true */ 'd', 'i', 'e', '-', 's', 'p', 'e', 'i', 's', 'e', 'k', 'a', 'm', 'm', 'e', 'r', '-', 'r', 'e', 'u', 't', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "diedrich.co", false */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'c', 'o', '\0',
+  /* "diedrich.me", true */ 'd', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "dieecpd.org", true */ 'd', 'i', 'e', 'e', 'c', 'p', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "diegelernten.de", true */ 'd', 'i', 'e', 'g', 'e', 'l', 'e', 'r', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "diegerbers.de", true */ 'd', 'i', 'e', 'g', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "diegogelin.com", true */ 'd', 'i', 'e', 'g', 'o', 'g', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "diegorbaquero.com", true */ 'd', 'i', 'e', 'g', 'o', 'r', 'b', 'a', 'q', 'u', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "diehl.io", true */ 'd', 'i', 'e', 'h', 'l', '.', 'i', 'o', '\0',
+  /* "diemattels.at", true */ 'd', 'i', 'e', 'm', 'a', 't', 't', 'e', 'l', 's', '.', 'a', 't', '\0',
+  /* "dienchaninstitute.com", true */ 'd', 'i', 'e', 'n', 'c', 'h', 'a', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dienstplan.cc", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'c', 'c', '\0',
+  /* "dienstplan.one", true */ 'd', 'i', 'e', 'n', 's', 't', 'p', 'l', 'a', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "dierabenmutti.de", true */ 'd', 'i', 'e', 'r', 'a', 'b', 'e', 'n', 'm', 'u', 't', 't', 'i', '.', 'd', 'e', '\0',
+  /* "dierenartsdeconinck.be", true */ 'd', 'i', 'e', 'r', 'e', 'n', 'a', 'r', 't', 's', 'd', 'e', 'c', 'o', 'n', 'i', 'n', 'c', 'k', '.', 'b', 'e', '\0',
+  /* "dieselanimals.lt", true */ 'd', 'i', 'e', 's', 'e', 'l', 'a', 'n', 'i', 'm', 'a', 'l', 's', '.', 'l', 't', '\0',
+  /* "dieselgalleri.com", true */ 'd', 'i', 'e', 's', 'e', 'l', 'g', 'a', 'l', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dietagespresse.com", true */ 'd', 'i', 'e', 't', 'a', 'g', 'e', 's', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dietbrand.eu", true */ 'd', 'i', 'e', 't', 'b', 'r', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "dieti.net", true */ 'd', 'i', 'e', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "dietlin.com", true */ 'd', 'i', 'e', 't', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dietrich.cx", true */ 'd', 'i', 'e', 't', 'r', 'i', 'c', 'h', '.', 'c', 'x', '\0',
+  /* "dieumfrage.com", true */ 'd', 'i', 'e', 'u', 'm', 'f', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diff2html.xyz", true */ 'd', 'i', 'f', 'f', '2', 'h', 't', 'm', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "different.cz", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'c', 'z', '\0',
+  /* "differenta.ro", false */ 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', 'a', '.', 'r', 'o', '\0',
+  /* "diffnow.com", true */ 'd', 'i', 'f', 'f', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "difoosion.com", true */ 'd', 'i', 'f', 'o', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "digcit.org", true */ 'd', 'i', 'g', 'c', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "digdata.de", true */ 'd', 'i', 'g', 'd', 'a', 't', 'a', '.', 'd', 'e', '\0',
+  /* "dighans.com", true */ 'd', 'i', 'g', 'h', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digiarc.net", true */ 'd', 'i', 'g', 'i', 'a', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "digibild.ch", true */ 'd', 'i', 'g', 'i', 'b', 'i', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "digibull.email", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "digibull.link", true */ 'd', 'i', 'g', 'i', 'b', 'u', 'l', 'l', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "digicert-support.com", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "digicert.nl", true */ 'd', 'i', 'g', 'i', 'c', 'e', 'r', 't', '.', 'n', 'l', '\0',
+  /* "digidroom.be", true */ 'd', 'i', 'g', 'i', 'd', 'r', 'o', 'o', 'm', '.', 'b', 'e', '\0',
+  /* "digikol.net", true */ 'd', 'i', 'g', 'i', 'k', 'o', 'l', '.', 'n', 'e', 't', '\0',
+  /* "digilicious.com", true */ 'd', 'i', 'g', 'i', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digimagical.com", true */ 'd', 'i', 'g', 'i', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "digimedia.cd", false */ 'd', 'i', 'g', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'd', '\0',
+  /* "digired.ro", true */ 'd', 'i', 'g', 'i', 'r', 'e', 'd', '.', 'r', 'o', '\0',
+  /* "digital-coach.it", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'a', 'c', 'h', '.', 'i', 't', '\0',
+  /* "digital-compounds.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'c', 'o', 'm', 'p', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digital-eastside.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '-', 'e', 'a', 's', 't', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "digital.gov", false */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "digital1st.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '1', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digital2web.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', '2', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "digitalarchitecture.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "digitalbitbox.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'i', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "digitalbox.jp", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'b', 'o', 'x', '.', 'j', 'p', '\0',
+  /* "digitalcash.cf", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'a', 's', 'h', '.', 'c', 'f', '\0',
+  /* "digitalcloud.ovh", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "digitalcraftmarketing.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'a', 'f', 't', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digitalcreationclass.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digitalcuko.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'c', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldashboard.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "digitaldatacenter.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'a', 't', 'a', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "digitaldeli.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldeli.org", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "digitaldeli.tv", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 't', 'v', '\0',
+  /* "digitaldeli.us", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', '.', 'u', 's', '\0',
+  /* "digitaldeliarchive.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'l', 'i', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "digitaldem.it", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'd', 'e', 'm', '.', 'i', 't', '\0',
+  /* "digitalehandtekeningen.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'h', 'a', 'n', 'd', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "digitaleoverheid.nl", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'o', 'v', 'e', 'r', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "digitalewelten.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "digitalgov.gov", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0',
+  /* "digitalimpostor.co.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'i', 'm', 'p', 'o', 's', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "digitalmarketingindallas.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'i', 'n', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "digitalrights.center", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "digitalrights.fund", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'f', 'u', 'n', 'd', '\0',
+  /* "digitalrxcloud.com", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'r', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "digitalsurge.io", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'u', 'r', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "digitaltechnologies.ltd.uk", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'l', 't', 'd', '.', 'u', 'k', '\0',
+  /* "digitalunite.de", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'u', 'n', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "digitalwasteland.net", true */ 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'a', 's', 't', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "digitkon.com", true */ 'd', 'i', 'g', 'i', 't', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "digiworks.se", true */ 'd', 'i', 'g', 'i', 'w', 'o', 'r', 'k', 's', '.', 's', 'e', '\0',
+  /* "digminecraft.com", true */ 'd', 'i', 'g', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "digwp.com", true */ 'd', 'i', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dihesan.com", true */ 'd', 'i', 'h', 'e', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dijkmanmuziek.nl", false */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "dijkmanvandoorn.nl", true */ 'd', 'i', 'j', 'k', 'm', 'a', 'n', 'v', 'a', 'n', 'd', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "diju.ch", true */ 'd', 'i', 'j', 'u', '.', 'c', 'h', '\0',
+  /* "dilichen.fr", true */ 'd', 'i', 'l', 'i', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "diligo.ch", true */ 'd', 'i', 'l', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "dillewijnzwapak.nl", true */ 'd', 'i', 'l', 'l', 'e', 'w', 'i', 'j', 'n', 'z', 'w', 'a', 'p', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "dillonkorman.com", true */ 'd', 'i', 'l', 'l', 'o', 'n', 'k', 'o', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dillynbarber.com", true */ 'd', 'i', 'l', 'l', 'y', 'n', 'b', 'a', 'r', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "diluv.com", true */ 'd', 'i', 'l', 'u', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "dimanss47.net", true */ 'd', 'i', 'm', 'a', 'n', 's', 's', '4', '7', '.', 'n', 'e', 't', '\0',
+  /* "dimdom.com.br", true */ 'd', 'i', 'm', 'd', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dime-staging.com", true */ 'd', 'i', 'm', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dime.io", true */ 'd', 'i', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "dimeponline.com.br", true */ 'd', 'i', 'm', 'e', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dimes.com.tr", true */ 'd', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "dimez.ru", true */ 'd', 'i', 'm', 'e', 'z', '.', 'r', 'u', '\0',
+  /* "din-hkd.jp", true */ 'd', 'i', 'n', '-', 'h', 'k', 'd', '.', 'j', 'p', '\0',
+  /* "dineachook.com.au", true */ 'd', 'i', 'n', 'e', 'a', 'c', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dinepont.fr", true */ 'd', 'i', 'n', 'e', 'p', 'o', 'n', 't', '.', 'f', 'r', '\0',
+  /* "dingcc.com", true */ 'd', 'i', 'n', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dinge.xyz", true */ 'd', 'i', 'n', 'g', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "dingss.com", true */ 'd', 'i', 'n', 'g', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dinmtb.dk", true */ 'd', 'i', 'n', 'm', 't', 'b', '.', 'd', 'k', '\0',
+  /* "dino.li", true */ 'd', 'i', 'n', 'o', '.', 'l', 'i', '\0',
+  /* "dinotopia.org.uk", true */ 'd', 'i', 'n', 'o', 't', 'o', 'p', 'i', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "dinotv.at", true */ 'd', 'i', 'n', 'o', 't', 'v', '.', 'a', 't', '\0',
+  /* "dintillat.fr", true */ 'd', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', '.', 'f', 'r', '\0',
+  /* "dintrafic.net", true */ 'd', 'i', 'n', 't', 'r', 'a', 'f', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "dinube.com", true */ 'd', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "diodeled.com", true */ 'd', 'i', 'o', 'd', 'e', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "diodo.me", true */ 'd', 'i', 'o', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "dionysus.se", true */ 'd', 'i', 'o', 'n', 'y', 's', 'u', 's', '.', 's', 'e', '\0',
+  /* "dipl.io", false */ 'd', 'i', 'p', 'l', '.', 'i', 'o', '\0',
+  /* "dipling.de", true */ 'd', 'i', 'p', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "dipulse.it", true */ 'd', 'i', 'p', 'u', 'l', 's', 'e', '.', 'i', 't', '\0',
+  /* "dir2epub.com", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "dir2epub.org", true */ 'd', 'i', 'r', '2', 'e', 'p', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "direct2uk.com", true */ 'd', 'i', 'r', 'e', 'c', 't', '2', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "directebanking.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "directinsure.in", true */ 'd', 'i', 'r', 'e', 'c', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'i', 'n', '\0',
+  /* "directlinkfunding.co.uk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'l', 'i', 'n', 'k', 'f', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "directme.ga", true */ 'd', 'i', 'r', 'e', 'c', 't', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "directnews.be", true */ 'd', 'i', 'r', 'e', 'c', 't', 'n', 'e', 'w', 's', '.', 'b', 'e', '\0',
+  /* "directorioz.com", true */ 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'i', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "directreal.sk", true */ 'd', 'i', 'r', 'e', 'c', 't', 'r', 'e', 'a', 'l', '.', 's', 'k', '\0',
+  /* "directtwo.solutions", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "directtwosolutions.org", true */ 'd', 'i', 'r', 'e', 'c', 't', 't', 'w', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "direwolfsoftware.ca", true */ 'd', 'i', 'r', 'e', 'w', 'o', 'l', 'f', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "dirips.com", true */ 'd', 'i', 'r', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dirk-scheele.de", true */ 'd', 'i', 'r', 'k', '-', 's', 'c', 'h', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "dirko.net", true */ 'd', 'i', 'r', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dirkwolf.de", true */ 'd', 'i', 'r', 'k', 'w', 'o', 'l', 'f', '.', 'd', 'e', '\0',
+  /* "dirtcraft.ca", true */ 'd', 'i', 'r', 't', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0',
+  /* "dirtygeek.ovh", true */ 'd', 'i', 'r', 't', 'y', 'g', 'e', 'e', 'k', '.', 'o', 'v', 'h', '\0',
+  /* "disabled.dating", true */ 'd', 'i', 's', 'a', 'b', 'l', 'e', 'd', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "disanteimpianti.com", true */ 'd', 'i', 's', 'a', 'n', 't', 'e', 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "disavow.tools", true */ 'd', 'i', 's', 'a', 'v', 'o', 'w', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "disc.uz", true */ 'd', 'i', 's', 'c', '.', 'u', 'z', '\0',
+  /* "discarica.roma.it", true */ 'd', 'i', 's', 'c', 'a', 'r', 'i', 'c', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "discha.net", true */ 'd', 'i', 's', 'c', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "disciples.io", true */ 'd', 'i', 's', 'c', 'i', 'p', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "discipul.nl", true */ 'd', 'i', 's', 'c', 'i', 'p', 'u', 'l', '.', 'n', 'l', '\0',
+  /* "discofitta.com", true */ 'd', 'i', 's', 'c', 'o', 'f', 'i', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "disconformity.net", true */ 'd', 'i', 's', 'c', 'o', 'n', 'f', 'o', 'r', 'm', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "discord-chan.net", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', '-', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "discordapp.com", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "discordghost.space", true */ 'd', 'i', 's', 'c', 'o', 'r', 'd', 'g', 'h', 'o', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "discotek.club", false */ 'd', 'i', 's', 'c', 'o', 't', 'e', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "discount24.de", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "discountmania.eu", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "discountmetaux.fr", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'm', 'e', 't', 'a', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "discountplush.com", true */ 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', 'p', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "discover-mercure.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', '-', 'm', 'e', 'r', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "discoverhealthage.com", false */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "discoveringdocker.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 'd', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "discoverrsv.com", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'r', 's', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "discoverwellness.center", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "discoveryrom.org", true */ 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "discreet-condooms.nl", true */ 'd', 'i', 's', 'c', 'r', 'e', 'e', 't', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0',
+  /* "disinclined.org", true */ 'd', 'i', 's', 'i', 'n', 'c', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "disinfesta.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', '.', 'i', 't', '\0',
+  /* "disinfestando.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'n', 'd', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "disinfestatori.com", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "disinfestazione.brescia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'b', 'r', 'e', 's', 'c', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazione.venezia.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'v', 'e', 'n', 'e', 'z', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazione24.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "disinfestazioni-umbria.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '-', 'u', 'm', 'b', 'r', 'i', 'a', '.', 'i', 't', '\0',
+  /* "disinfestazioni.info", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "disinfestazioni.net", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "disinfestazioni.verona.it", true */ 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'v', 'e', 'r', 'o', 'n', 'a', '.', 'i', 't', '\0',
+  /* "disinisharing.com", true */ 'd', 'i', 's', 'i', 'n', 'i', 's', 'h', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "diskbit.com", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "diskbit.nl", true */ 'd', 'i', 's', 'k', 'b', 'i', 't', '.', 'n', 'l', '\0',
+  /* "dismail.de", true */ 'd', 'i', 's', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "disposable.link", true */ 'd', 'i', 's', 'p', 'o', 's', 'a', 'b', 'l', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "disroot.org", true */ 'd', 'i', 's', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "disrupters.ch", true */ 'd', 'i', 's', 'r', 'u', 'p', 't', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "dissectcyber.com", true */ 'd', 'i', 's', 's', 'e', 'c', 't', 'c', 'y', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dissertationhelp.com", true */ 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dissidence.ovh", true */ 'd', 'i', 's', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "dist.torproject.org", false */ 'd', 'i', 's', 't', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "distinguishedprisoner.com", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'p', 'r', 'i', 's', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "distinguishedwindows.co.uk", true */ 'd', 'i', 's', 't', 'i', 'n', 'g', 'u', 'i', 's', 'h', 'e', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "distribuidoracristal.com.br", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'a', 'c', 'r', 'i', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "distribuidorveterinario.es", true */ 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 'i', 'd', 'o', 'r', 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'e', 's', '\0',
+  /* "distrilogservices.com", true */ 'd', 'i', 's', 't', 'r', 'i', 'l', 'o', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "distro.re", true */ 'd', 'i', 's', 't', 'r', 'o', '.', 'r', 'e', '\0',
+  /* "ditelbat.com", true */ 'd', 'i', 't', 'e', 'l', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "diti.me", true */ 'd', 'i', 't', 'i', '.', 'm', 'e', '\0',
+  /* "ditisabc.nl", true */ 'd', 'i', 't', 'i', 's', 'a', 'b', 'c', '.', 'n', 'l', '\0',
+  /* "diva.nl", true */ 'd', 'i', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "divcoder.com", true */ 'd', 'i', 'v', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "divedowntown.com", true */ 'd', 'i', 'v', 'e', 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "divegearexpress.com", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "divegearexpress.com.cn", true */ 'd', 'i', 'v', 'e', 'g', 'e', 'a', 'r', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "diveidc.com", true */ 'd', 'i', 'v', 'e', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "divenwa.com", true */ 'd', 'i', 'v', 'e', 'n', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "diveplan.org", true */ 'd', 'i', 'v', 'e', 'p', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "divergenz.org", true */ 'd', 'i', 'v', 'e', 'r', 'g', 'e', 'n', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "diversity-spielzeug.de", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '-', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "diversityflags.com", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "diversityflags.com.au", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "diversityflags.nz", true */ 'd', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', 'f', 'l', 'a', 'g', 's', '.', 'n', 'z', '\0',
+  /* "divertiagua.com.br", true */ 'd', 'i', 'v', 'e', 'r', 't', 'i', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "divinegames.studio", true */ 'd', 'i', 'v', 'i', 'n', 'e', 'g', 'a', 'm', 'e', 's', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "divingwithnic.com", true */ 'd', 'i', 'v', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "diwei.vip", true */ 'd', 'i', 'w', 'e', 'i', '.', 'v', 'i', 'p', '\0',
+  /* "diybook.at", true */ 'd', 'i', 'y', 'b', 'o', 'o', 'k', '.', 'a', 't', '\0',
+  /* "diycc.org", true */ 'd', 'i', 'y', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "diymediahome.org", true */ 'd', 'i', 'y', 'm', 'e', 'd', 'i', 'a', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "diyosun.com", true */ 'd', 'i', 'y', 'o', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "diz.in.ua", true */ 'd', 'i', 'z', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "dizzythewizard.co.uk", true */ 'd', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dj-x.info", true */ 'd', 'j', '-', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dj3dub.com", true */ 'd', 'j', '3', 'd', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "djangobirthday.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "djangogolf.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "djangoproject.com", true */ 'd', 'j', 'a', 'n', 'g', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "djangosnippets.org", true */ 'd', 'j', 'a', 'n', 'g', 'o', 's', 'n', 'i', 'p', 'p', 'e', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "djbbouncycastles.co.uk", true */ 'd', 'j', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "djc.me", true */ 'd', 'j', 'c', '.', 'm', 'e', '\0',
+  /* "djdavid98.hu", true */ 'd', 'j', 'd', 'a', 'v', 'i', 'd', '9', '8', '.', 'h', 'u', '\0',
+  /* "djipanov.com", true */ 'd', 'j', 'i', 'p', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "djlive.pl", true */ 'd', 'j', 'l', 'i', 'v', 'e', '.', 'p', 'l', '\0',
+  /* "djlnetworks.co.uk", true */ 'd', 'j', 'l', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "djsbouncycastlehire.com", true */ 'd', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "djt-vom-chausseehaus.de", true */ 'd', 'j', 't', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "djul.net", true */ 'd', 'j', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "djwaynepryke.com", true */ 'd', 'j', 'w', 'a', 'y', 'n', 'e', 'p', 'r', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dk.search.yahoo.com", false */ 'd', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dkcomputers.com.au", true */ 'd', 'k', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dkds.us", true */ 'd', 'k', 'd', 's', '.', 'u', 's', '\0',
+  /* "dkn.go.id", false */ 'd', 'k', 'n', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "dl.google.com", true */ 'd', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dlabouncycastlehire.co.uk", true */ 'd', 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dlaspania.pl", true */ 'd', 'l', 'a', 's', 'p', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "dlbouncers.co.uk", true */ 'd', 'l', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dlde.ru", true */ 'd', 'l', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "dldl.fr", true */ 'd', 'l', 'd', 'l', '.', 'f', 'r', '\0',
+  /* "dlfsymposium.nl", true */ 'd', 'l', 'f', 's', 'y', 'm', 'p', 'o', 's', 'i', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "dlg.im", true */ 'd', 'l', 'g', '.', 'i', 'm', '\0',
+  /* "dll4free.com", true */ 'd', 'l', 'l', '4', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dlld.com", true */ 'd', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dlrsp.org", true */ 'd', 'l', 'r', 's', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "dlscomputers.com.au", true */ 'd', 'l', 's', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dlunch.net", true */ 'd', 'l', 'u', 'n', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "dlzz.net", true */ 'd', 'l', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "dm.lookout.com", false */ 'd', 'm', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dm4productions.com", true */ 'd', 'm', '4', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dm7ds.de", true */ 'd', 'm', '7', 'd', 's', '.', 'd', 'e', '\0',
+  /* "dmarc.dk", true */ 'd', 'm', 'a', 'r', 'c', '.', 'd', 'k', '\0',
+  /* "dmarketer.com", true */ 'd', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dmcastles.com", true */ 'd', 'm', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dmdre.com", true */ 'd', 'm', 'd', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dmeevalumate.com", true */ 'd', 'm', 'e', 'e', 'v', 'a', 'l', 'u', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dmenergy.ru", true */ 'd', 'm', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'r', 'u', '\0',
+  /* "dmfd.net", true */ 'd', 'm', 'f', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dmi.es", true */ 'd', 'm', 'i', '.', 'e', 's', '\0',
+  /* "dmlogic.com", true */ 'd', 'm', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dmxledlights.com", true */ 'd', 'm', 'x', 'l', 'e', 'd', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dn3s.me", true */ 'd', 'n', '3', 's', '.', 'm', 'e', '\0',
+  /* "dn42.eu", false */ 'd', 'n', '4', '2', '.', 'e', 'u', '\0',
+  /* "dn42.us", true */ 'd', 'n', '4', '2', '.', 'u', 's', '\0',
+  /* "dna.li", true */ 'd', 'n', 'a', '.', 'l', 'i', '\0',
+  /* "dnc.org.nz", true */ 'd', 'n', 'c', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "dndtools.net", true */ 'd', 'n', 'd', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "dne.lu", true */ 'd', 'n', 'e', '.', 'l', 'u', '\0',
+  /* "dnfc.rocks", true */ 'd', 'n', 'f', 'c', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "dnmaze.com", true */ 'd', 'n', 'm', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dnmlab.it", true */ 'd', 'n', 'm', 'l', 'a', 'b', '.', 'i', 't', '\0',
+  /* "dnplegal.com", true */ 'd', 'n', 'p', 'l', 'e', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dns-control.eu", true */ 'd', 'n', 's', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'e', 'u', '\0',
+  /* "dns-manager.info", true */ 'd', 'n', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dns.google.com", true */ 'd', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dns8.online", true */ 'd', 'n', 's', '8', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "dnsbird.org", true */ 'd', 'n', 's', 'b', 'i', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dnscurve.io", true */ 'd', 'n', 's', 'c', 'u', 'r', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "dnshallinta.fi", true */ 'd', 'n', 's', 'h', 'a', 'l', 'l', 'i', 'n', 't', 'a', '.', 'f', 'i', '\0',
+  /* "dnslog.com", true */ 'd', 'n', 's', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dnsman.se", true */ 'd', 'n', 's', 'm', 'a', 'n', '.', 's', 'e', '\0',
+  /* "dnstwister.report", true */ 'd', 'n', 's', 't', 'w', 'i', 's', 't', 'e', 'r', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "do-it.cz", true */ 'd', 'o', '-', 'i', 't', '.', 'c', 'z', '\0',
+  /* "do-prod.com", true */ 'd', 'o', '-', 'p', 'r', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "do.gd", true */ 'd', 'o', '.', 'g', 'd', '\0',
+  /* "do.search.yahoo.com", false */ 'd', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "do13.net", true */ 'd', 'o', '1', '3', '.', 'n', 'e', 't', '\0',
+  /* "do67.de", true */ 'd', 'o', '6', '7', '.', 'd', 'e', '\0',
+  /* "do67.net", true */ 'd', 'o', '6', '7', '.', 'n', 'e', 't', '\0',
+  /* "dobrev.family", true */ 'd', 'o', 'b', 'r', 'e', 'v', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "dobsnet.net", true */ 'd', 'o', 'b', 's', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "doc.python.org", true */ 'd', 'o', 'c', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "doc.to", true */ 'd', 'o', 'c', '.', 't', 'o', '\0',
+  /* "doc8643.com", true */ 'd', 'o', 'c', '8', '6', '4', '3', '.', 'c', 'o', 'm', '\0',
+  /* "docabo.ch", true */ 'd', 'o', 'c', 'a', 'b', 'o', '.', 'c', 'h', '\0',
+  /* "docbox.ch", true */ 'd', 'o', 'c', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "docemeldoces.com", true */ 'd', 'o', 'c', 'e', 'm', 'e', 'l', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dochitaceahlau.ro", true */ 'd', 'o', 'c', 'h', 'i', 't', 'a', 'c', 'e', 'a', 'h', 'l', 'a', 'u', '.', 'r', 'o', '\0',
+  /* "dockerm.com", true */ 'd', 'o', 'c', 'k', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "doclassworks.com", true */ 'd', 'o', 'c', 'l', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "docline.gov", true */ 'd', 'o', 'c', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "docloh.de", true */ 'd', 'o', 'c', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "docloudu.info", true */ 'd', 'o', 'c', 'l', 'o', 'u', 'd', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "docplexus.in", true */ 'd', 'o', 'c', 'p', 'l', 'e', 'x', 'u', 's', '.', 'i', 'n', '\0',
+  /* "docs.google.com", false */ 'd', 'o', 'c', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "docs.python.org", true */ 'd', 'o', 'c', 's', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "docs.re", true */ 'd', 'o', 'c', 's', '.', 'r', 'e', '\0',
+  /* "docs.tw", true */ 'd', 'o', 'c', 's', '.', 't', 'w', '\0',
+  /* "docsoc.org.uk", true */ 'd', 'o', 'c', 's', 'o', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "doctafit.com", true */ 'd', 'o', 'c', 't', 'a', 'f', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doctor-locks.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', '-', 'l', 'o', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "doctor.dating", true */ 'd', 'o', 'c', 't', 'o', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "doctorfox.co.uk", true */ 'd', 'o', 'c', 't', 'o', 'r', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "doctorsonmaps.com", true */ 'd', 'o', 'c', 't', 'o', 'r', 's', 'o', 'n', 'm', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "doctorwho.cz", true */ 'd', 'o', 'c', 't', 'o', 'r', 'w', 'h', 'o', '.', 'c', 'z', '\0',
+  /* "docubox.info", true */ 'd', 'o', 'c', 'u', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "docucopies.com", true */ 'd', 'o', 'c', 'u', 'c', 'o', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "documaniatv.com", true */ 'd', 'o', 'c', 'u', 'm', 'a', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "documentations-sociales.com", true */ 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 's', 'o', 'c', 'i', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "docupet.com", true */ 'd', 'o', 'c', 'u', 'p', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doenjoylife.com", true */ 'd', 'o', 'e', 'n', 'j', 'o', 'y', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "does.one", true */ 'd', 'o', 'e', 's', '.', 'o', 'n', 'e', '\0',
+  /* "doesmycodehavebugs.today", true */ 'd', 'o', 'e', 's', 'm', 'y', 'c', 'o', 'd', 'e', 'h', 'a', 'v', 'e', 'b', 'u', 'g', 's', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "doesnotscale.com", false */ 'd', 'o', 'e', 's', 'n', 'o', 't', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dofuspvp.com", true */ 'd', 'o', 'f', 'u', 's', 'p', 'v', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dog-blum.com", true */ 'd', 'o', 'g', '-', 'b', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dogan.ch", false */ 'd', 'o', 'g', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "dogear.ch", true */ 'd', 'o', 'g', 'e', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "dogft.com", true */ 'd', 'o', 'g', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "doggroomingcourse.com", true */ 'd', 'o', 'g', 'g', 'r', 'o', 'o', 'm', 'i', 'n', 'g', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dogmap.jp", true */ 'd', 'o', 'g', 'm', 'a', 'p', '.', 'j', 'p', '\0',
+  /* "dogoo.com", true */ 'd', 'o', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dogprograms.net", true */ 'd', 'o', 'g', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "dogworld.com.br", true */ 'd', 'o', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dohanews.co", true */ 'd', 'o', 'h', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', '\0',
+  /* "dokan-e.com", true */ 'd', 'o', 'k', 'a', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dokelio-idf.fr", true */ 'd', 'o', 'k', 'e', 'l', 'i', 'o', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "doku-gilde.de", true */ 'd', 'o', 'k', 'u', '-', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "dokuboard.com", true */ 'd', 'o', 'k', 'u', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dokuraum.de", true */ 'd', 'o', 'k', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "dolarcanadense.com.br", true */ 'd', 'o', 'l', 'a', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dolcevitatech.education", true */ 'd', 'o', 'l', 'c', 'e', 'v', 'i', 't', 'a', 't', 'e', 'c', 'h', '.', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "dolci-delizie.de", true */ 'd', 'o', 'l', 'c', 'i', '-', 'd', 'e', 'l', 'i', 'z', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "doli.se", true */ 'd', 'o', 'l', 'i', '.', 's', 'e', '\0',
+  /* "dolice.net", true */ 'd', 'o', 'l', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dollemore.com", true */ 'd', 'o', 'l', 'l', 'e', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dolorism.com", true */ 'd', 'o', 'l', 'o', 'r', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "dolphin-hosting.com", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dolphin-it.de", true */ 'd', 'o', 'l', 'p', 'h', 'i', 'n', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "dom-medicina.ru", true */ 'd', 'o', 'm', '-', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "doma.in", true */ 'd', 'o', 'm', 'a', '.', 'i', 'n', '\0',
+  /* "domadillo.com", true */ 'd', 'o', 'm', 'a', 'd', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "domain-ermittlung.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', '-', 'e', 'r', 'm', 'i', 't', 't', 'l', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "domain001.info", true */ 'd', 'o', 'm', 'a', 'i', 'n', '0', '0', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "domainedemiolan.ch", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'd', 'e', 'm', 'i', 'o', 'l', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "domainexpress.de", false */ 'd', 'o', 'm', 'a', 'i', 'n', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'd', 'e', '\0',
+  /* "domainkauf.de", true */ 'd', 'o', 'm', 'a', 'i', 'n', 'k', 'a', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "domains.google.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "domainsilk.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domainstaff.com", true */ 'd', 'o', 'm', 'a', 'i', 'n', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "domaxpoker.com", true */ 'd', 'o', 'm', 'a', 'x', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domenic.me", true */ 'd', 'o', 'm', 'e', 'n', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "domesticcleaners.co.uk", true */ 'd', 'o', 'm', 'e', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "domhaase.me", true */ 'd', 'o', 'm', 'h', 'a', 'a', 's', 'e', '.', 'm', 'e', '\0',
+  /* "domian.cz", true */ 'd', 'o', 'm', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "dominationgame.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dominicself.co.uk", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'c', 's', 'e', 'l', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dominik-schlueter.de", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dominikkulaga.pl", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'k', 'k', 'u', 'l', 'a', 'g', 'a', '.', 'p', 'l', '\0',
+  /* "dominioanimal.com.br", true */ 'd', 'o', 'm', 'i', 'n', 'i', 'o', 'a', 'n', 'i', 'm', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dominoknihy.cz", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "dominomatrix.com", true */ 'd', 'o', 'm', 'i', 'n', 'o', 'm', 'a', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dommascate.com.br", true */ 'd', 'o', 'm', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "domodeco.fr", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0',
+  /* "domodedovo.travel", true */ 'd', 'o', 'm', 'o', 'd', 'e', 'd', 'o', 'v', 'o', '.', 't', 'r', 'a', 'v', 'e', 'l', '\0',
+  /* "domprojects.com", true */ 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domscripting.com", true */ 'd', 'o', 'm', 's', 'c', 'r', 'i', 'p', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "domyassignments.com", true */ 'd', 'o', 'm', 'y', 'a', 's', 's', 'i', 'g', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domycasestudy.com", true */ 'd', 'o', 'm', 'y', 'c', 'a', 's', 'e', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "domycoursework.com", true */ 'd', 'o', 'm', 'y', 'c', 'o', 'u', 'r', 's', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domycreativewritings.com", true */ 'd', 'o', 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domydissertations.com", true */ 'd', 'o', 'm', 'y', 'd', 'i', 's', 's', 'e', 'r', 't', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyessay.net", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "domyessays.com", true */ 'd', 'o', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyhomeworks.net", true */ 'd', 'o', 'm', 'y', 'h', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "domynetwork.com", true */ 'd', 'o', 'm', 'y', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "domypapers.com", true */ 'd', 'o', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "domyresearchpaper.com", true */ 'd', 'o', 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domyreview.net", true */ 'd', 'o', 'm', 'y', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'n', 'e', 't', '\0',
+  /* "domyspeech.com", true */ 'd', 'o', 'm', 'y', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "domytermpaper.com", true */ 'd', 'o', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "domythesis.net", true */ 'd', 'o', 'm', 'y', 't', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "domyzitrka.cz", true */ 'd', 'o', 'm', 'y', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "donabeneko.jp", true */ 'd', 'o', 'n', 'a', 'b', 'e', 'n', 'e', 'k', 'o', '.', 'j', 'p', '\0',
+  /* "donateaday.net", true */ 'd', 'o', 'n', 'a', 't', 'e', 'a', 'd', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "donateway.com", true */ 'd', 'o', 'n', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "donfelino.tk", false */ 'd', 'o', 'n', 'f', 'e', 'l', 'i', 'n', 'o', '.', 't', 'k', '\0',
+  /* "dongkexue.com", true */ 'd', 'o', 'n', 'g', 'k', 'e', 'x', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "donhoward.org", true */ 'd', 'o', 'n', 'h', 'o', 'w', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "donkeytrekkingkefalonia.com", true */ 'd', 'o', 'n', 'k', 'e', 'y', 't', 'r', 'e', 'k', 'k', 'i', 'n', 'g', 'k', 'e', 'f', 'a', 'l', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "donmaldeamores.com", true */ 'd', 'o', 'n', 'm', 'a', 'l', 'd', 'e', 'a', 'm', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "donnachie.net", true */ 'd', 'o', 'n', 'n', 'a', 'c', 'h', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "donner-reuschel.de", true */ 'd', 'o', 'n', 'n', 'e', 'r', '-', 'r', 'e', 'u', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "donnons.org", false */ 'd', 'o', 'n', 'n', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "donnoval.ru", true */ 'd', 'o', 'n', 'n', 'o', 'v', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "donotcall.gov", true */ 'd', 'o', 'n', 'o', 't', 'c', 'a', 'l', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "donotlink.it", true */ 'd', 'o', 'n', 'o', 't', 'l', 'i', 'n', 'k', '.', 'i', 't', '\0',
+  /* "donotspellitgav.in", true */ 'd', 'o', 'n', 'o', 't', 's', 'p', 'e', 'l', 'l', 'i', 't', 'g', 'a', 'v', '.', 'i', 'n', '\0',
+  /* "donpaginasweb.com", true */ 'd', 'o', 'n', 'p', 'a', 'g', 'i', 'n', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "donsbach-edv.de", true */ 'd', 'o', 'n', 's', 'b', 'a', 'c', 'h', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0',
+  /* "dont.re", true */ 'd', 'o', 'n', 't', '.', 'r', 'e', '\0',
+  /* "dont.watch", true */ 'd', 'o', 'n', 't', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "dontbubble.me", true */ 'd', 'o', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "dontcageus.org", true */ 'd', 'o', 'n', 't', 'c', 'a', 'g', 'e', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "donthedragonwilson.com", true */ 'd', 'o', 'n', 't', 'h', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dontpayfull.com", true */ 'd', 'o', 'n', 't', 'p', 'a', 'y', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "donttrust.me", true */ 'd', 'o', 'n', 't', 't', 'r', 'u', 's', 't', '.', 'm', 'e', '\0',
+  /* "donutcompany.co.jp", true */ 'd', 'o', 'n', 'u', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "donzool.es", true */ 'd', 'o', 'n', 'z', 'o', 'o', 'l', '.', 'e', 's', '\0',
+  /* "dooby.fr", true */ 'd', 'o', 'o', 'b', 'y', '.', 'f', 'r', '\0',
+  /* "doodlefinder.de", true */ 'd', 'o', 'o', 'd', 'l', 'e', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dooleylabs.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dooleytackaberry.com", true */ 'd', 'o', 'o', 'l', 'e', 'y', 't', 'a', 'c', 'k', 'a', 'b', 'e', 'r', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "doomoo.com", true */ 'd', 'o', 'o', 'm', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "doomsworld.com", true */ 'd', 'o', 'o', 'm', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "door.cards", true */ 'd', 'o', 'o', 'r', '.', 'c', 'a', 'r', 'd', 's', '\0',
+  /* "doordecor.bg", true */ 'd', 'o', 'o', 'r', 'd', 'e', 'c', 'o', 'r', '.', 'b', 'g', '\0',
+  /* "doorflow.com", true */ 'd', 'o', 'o', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "dopesoft.de", true */ 'd', 'o', 'p', 'e', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "dopfer-fenstertechnik.de", true */ 'd', 'o', 'p', 'f', 'e', 'r', '-', 'f', 'e', 'n', 's', 't', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "doppenpost.nl", true */ 'd', 'o', 'p', 'p', 'e', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "dopply.com", true */ 'd', 'o', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dopravni-modely.cz", true */ 'd', 'o', 'p', 'r', 'a', 'v', 'n', 'i', '-', 'm', 'o', 'd', 'e', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "dopsi.ch", true */ 'd', 'o', 'p', 's', 'i', '.', 'c', 'h', '\0',
+  /* "dora.moe", true */ 'd', 'o', 'r', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "dorfbaeck.at", true */ 'd', 'o', 'r', 'f', 'b', 'a', 'e', 'c', 'k', '.', 'a', 't', '\0',
+  /* "dorfbrunnen.eu", true */ 'd', 'o', 'r', 'f', 'b', 'r', 'u', 'n', 'n', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "doriangirod.ch", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'g', 'i', 'r', 'o', 'd', '.', 'c', 'h', '\0',
+  /* "dorianharmans.nl", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'h', 'a', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "dorianmuthig.com", true */ 'd', 'o', 'r', 'i', 'a', 'n', 'm', 'u', 't', 'h', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dormebebe.com.br", true */ 'd', 'o', 'r', 'm', 'e', 'b', 'e', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dormiu.com", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dormiu.com.br", true */ 'd', 'o', 'r', 'm', 'i', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dorquelle.com", true */ 'd', 'o', 'r', 'q', 'u', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dorsetentertainments.co.uk", true */ 'd', 'o', 'r', 's', 'e', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dorth.nl", true */ 'd', 'o', 'r', 't', 'h', '.', 'n', 'l', '\0',
+  /* "dosenkiwi.at", true */ 'd', 'o', 's', 'e', 'n', 'k', 'i', 'w', 'i', '.', 'a', 't', '\0',
+  /* "dosipe.com", true */ 'd', 'o', 's', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "doska.by", true */ 'd', 'o', 's', 'k', 'a', '.', 'b', 'y', '\0',
+  /* "doska.kz", true */ 'd', 'o', 's', 'k', 'a', '.', 'k', 'z', '\0',
+  /* "doska.ru", true */ 'd', 'o', 's', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "dosomeworks.biz", true */ 'd', 'o', 's', 'o', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'b', 'i', 'z', '\0',
+  /* "dossplumbing.co.za", true */ 'd', 'o', 's', 's', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "dosvientoselectrical.com", true */ 'd', 'o', 's', 'v', 'i', 'e', 'n', 't', 'o', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dosyauzantisi.com", true */ 'd', 'o', 's', 'y', 'a', 'u', 'z', 'a', 'n', 't', 'i', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dot.ro", true */ 'd', 'o', 't', '.', 'r', 'o', '\0',
+  /* "dotacni-parazit.cz", true */ 'd', 'o', 't', 'a', 'c', 'n', 'i', '-', 'p', 'a', 'r', 'a', 'z', 'i', 't', '.', 'c', 'z', '\0',
+  /* "dotb.dn.ua", false */ 'd', 'o', 't', 'b', '.', 'd', 'n', '.', 'u', 'a', '\0',
+  /* "dotbigbang.com", true */ 'd', 'o', 't', 'b', 'i', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dotbox.org", true */ 'd', 'o', 't', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dotbrick.co.th", true */ 'd', 'o', 't', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "dotconnor.com", true */ 'd', 'o', 't', 'c', 'o', 'n', 'n', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dotgov.gov", true */ 'd', 'o', 't', 'g', 'o', 'v', '.', 'g', 'o', 'v', '\0',
+  /* "dothebangthingsalon.com", true */ 'd', 'o', 't', 'h', 'e', 'b', 'a', 'n', 'g', 't', 'h', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dotjs.party", true */ 'd', 'o', 't', 'j', 's', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "dotkniseandroida.cz", true */ 'd', 'o', 't', 'k', 'n', 'i', 's', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "dotkod.com", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "dotkod.pl", true */ 'd', 'o', 't', 'k', 'o', 'd', '.', 'p', 'l', '\0',
+  /* "dotneko.net", true */ 'd', 'o', 't', 'n', 'e', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "dotnetsandbox.ca", true */ 'd', 'o', 't', 'n', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'c', 'a', '\0',
+  /* "dotphoto.com", true */ 'd', 'o', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dotplex.com", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dotplex.de", true */ 'd', 'o', 't', 'p', 'l', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "dotrox.net", true */ 'd', 'o', 't', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "dotsiam.com", true */ 'd', 'o', 't', 's', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "douai.me", true */ 'd', 'o', 'u', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "doubleavineyards.com", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'a', 'v', 'i', 'n', 'e', 'y', 'a', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "doublefun.net", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "doubleup.com.au", true */ 'd', 'o', 'u', 'b', 'l', 'e', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "doucheba.gs", false */ 'd', 'o', 'u', 'c', 'h', 'e', 'b', 'a', '.', 'g', 's', '\0',
+  /* "dougferris.id.au", true */ 'd', 'o', 'u', 'g', 'f', 'e', 'r', 'r', 'i', 's', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "doujinshi.info", true */ 'd', 'o', 'u', 'j', 'i', 'n', 's', 'h', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dounats.com", true */ 'd', 'o', 'u', 'n', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "douzer.de", true */ 'd', 'o', 'u', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dovenzorgmalawi.nl", true */ 'd', 'o', 'v', 'e', 'n', 'z', 'o', 'r', 'g', 'm', 'a', 'l', 'a', 'w', 'i', '.', 'n', 'l', '\0',
+  /* "dovro.de", true */ 'd', 'o', 'v', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "dowc.org", true */ 'd', 'o', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "downloadaja.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "downloadgamemods.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'a', 'm', 'e', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "downloadgram.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "downloadsoftwaregratisan.com", true */ 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'g', 'r', 'a', 't', 'i', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "downtimerobot.com", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "downtimerobot.nl", true */ 'd', 'o', 'w', 'n', 't', 'i', 'm', 'e', 'r', 'o', 'b', 'o', 't', '.', 'n', 'l', '\0',
+  /* "downtownvernon.com", true */ 'd', 'o', 'w', 'n', 't', 'o', 'w', 'n', 'v', 'e', 'r', 'n', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "doyoucheck.com", false */ 'd', 'o', 'y', 'o', 'u', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "doyouedc.com", true */ 'd', 'o', 'y', 'o', 'u', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "doyoutax.com", true */ 'd', 'o', 'y', 'o', 'u', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "doypacky.cz", true */ 'd', 'o', 'y', 'p', 'a', 'c', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "dpd.com.pl", true */ 'd', 'p', 'd', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "dperson.net", true */ 'd', 'p', 'e', 'r', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dpfsolutionsfl.com", true */ 'd', 'p', 'f', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', 'f', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "dpg.no", true */ 'd', 'p', 'g', '.', 'n', 'o', '\0',
+  /* "dpisecuretests.com", true */ 'd', 'p', 'i', 's', 'e', 'c', 'u', 'r', 'e', 't', 'e', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dprb.biz", true */ 'd', 'p', 'r', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "dprd-wonogirikab.go.id", false */ 'd', 'p', 'r', 'd', '-', 'w', 'o', 'n', 'o', 'g', 'i', 'r', 'i', 'k', 'a', 'b', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "dpwsweeps.co.uk", true */ 'd', 'p', 'w', 's', 'w', 'e', 'e', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dr-schuessler.de", true */ 'd', 'r', '-', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "dr-www.de", true */ 'd', 'r', '-', 'w', 'w', 'w', '.', 'd', 'e', '\0',
+  /* "drabadir.com", true */ 'd', 'r', 'a', 'b', 'a', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drabben.be", true */ 'd', 'r', 'a', 'b', 'b', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "drabbin.com", true */ 'd', 'r', 'a', 'b', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drabim.org", true */ 'd', 'r', 'a', 'b', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "dracisvet.cz", true */ 'd', 'r', 'a', 'c', 'i', 's', 'v', 'e', 't', '.', 'c', 'z', '\0',
+  /* "dracon.es", true */ 'd', 'r', 'a', 'c', 'o', 'n', '.', 'e', 's', '\0',
+  /* "dracox.com", true */ 'd', 'r', 'a', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "draftguru.com.au", true */ 'd', 'r', 'a', 'f', 't', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drafton.com", true */ 'd', 'r', 'a', 'f', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drageeparadise.fr", true */ 'd', 'r', 'a', 'g', 'e', 'e', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'f', 'r', '\0',
+  /* "dragfiles.com", true */ 'd', 'r', 'a', 'g', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dragon-aspect.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'a', 's', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dragon-chem.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'c', 'h', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "dragon-hearts.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', '-', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dragoncave.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'a', 'v', 'e', '.', 'm', 'e', '\0',
+  /* "dragoncityhack.tips", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'c', 'i', 't', 'y', 'h', 'a', 'c', 'k', '.', 't', 'i', 'p', 's', '\0',
+  /* "dragonfly.co.uk", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'f', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dragonheartsrpg.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'h', 'e', 'a', 'r', 't', 's', 'r', 'p', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dragonkin.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dragonprogrammer.com", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dragonschool.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "dragonsunited.at", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'a', 't', '\0',
+  /* "dragonsunited.ch", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "dragonsunited.de", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "dragonsunited.eu", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "dragonsunited.info", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dragonsunited.net", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "dragonsunited.org", true */ 'd', 'r', 'a', 'g', 'o', 'n', 's', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dragonwork.me", true */ 'd', 'r', 'a', 'g', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0',
+  /* "drahcro.uk", true */ 'd', 'r', 'a', 'h', 'c', 'r', 'o', '.', 'u', 'k', '\0',
+  /* "drakeluce.com", true */ 'd', 'r', 'a', 'k', 'e', 'l', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drakenprospero.com", false */ 'd', 'r', 'a', 'k', 'e', 'n', 'p', 'r', 'o', 's', 'p', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "drakfot.se", true */ 'd', 'r', 'a', 'k', 'f', 'o', 't', '.', 's', 'e', '\0',
+  /* "dramaticpeople.com", true */ 'd', 'r', 'a', 'm', 'a', 't', 'i', 'c', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dranderle.com", true */ 'd', 'r', 'a', 'n', 'd', 'e', 'r', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dranek.com", true */ 'd', 'r', 'a', 'n', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "draugr.de", true */ 'd', 'r', 'a', 'u', 'g', 'r', '.', 'd', 'e', '\0',
+  /* "draw.uy", true */ 'd', 'r', 'a', 'w', '.', 'u', 'y', '\0',
+  /* "drawesome.uy", true */ 'd', 'r', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'u', 'y', '\0',
+  /* "drawingcode.net", true */ 'd', 'r', 'a', 'w', 'i', 'n', 'g', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "drbethanybarnes.com", true */ 'd', 'r', 'b', 'e', 't', 'h', 'a', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drchristinehatfield.ca", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'i', 'n', 'e', 'h', 'a', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'a', '\0',
+  /* "drchristophepanthier.com", true */ 'd', 'r', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'p', 'a', 'n', 't', 'h', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drdavidgilpin.com", true */ 'd', 'r', 'd', 'a', 'v', 'i', 'd', 'g', 'i', 'l', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drdim.ru", true */ 'd', 'r', 'd', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "drdipilla.com", true */ 'd', 'r', 'd', 'i', 'p', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dreamaholic.club", true */ 'd', 'r', 'e', 'a', 'm', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "dreamcreator108.com", true */ 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'e', 'a', 't', 'o', 'r', '1', '0', '8', '.', 'c', 'o', 'm', '\0',
+  /* "dreamhack.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dreamhostremixer.com", true */ 'd', 'r', 'e', 'a', 'm', 'h', 'o', 's', 't', 'r', 'e', 'm', 'i', 'x', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dreamithost.com.au", true */ 'd', 'r', 'e', 'a', 'm', 'i', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dreamlandmagic.com", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'a', 'n', 'd', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dreamlinehost.com", false */ 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dreamlux.cz", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 'c', 'z', '\0',
+  /* "dreamlux.sk", true */ 'd', 'r', 'e', 'a', 'm', 'l', 'u', 'x', '.', 's', 'k', '\0',
+  /* "dreamonkey.com", true */ 'd', 'r', 'e', 'a', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dreamtechie.com", true */ 'd', 'r', 'e', 'a', 'm', 't', 'e', 'c', 'h', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drei01.de", true */ 'd', 'r', 'e', 'i', '0', '1', '.', 'd', 'e', '\0',
+  /* "dreid.org", true */ 'd', 'r', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "dreiweiden.de", true */ 'd', 'r', 'e', 'i', 'w', 'e', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "dreizwosechs.de", true */ 'd', 'r', 'e', 'i', 'z', 'w', 'o', 's', 'e', 'c', 'h', 's', '.', 'd', 'e', '\0',
+  /* "dress-cons.com", true */ 'd', 'r', 'e', 's', 's', '-', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drevo-door.cz", true */ 'd', 'r', 'e', 'v', 'o', '-', 'd', 'o', 'o', 'r', '.', 'c', 'z', '\0',
+  /* "drew.beer", true */ 'd', 'r', 'e', 'w', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "drew.red", true */ 'd', 'r', 'e', 'w', '.', 'r', 'e', 'd', '\0',
+  /* "dreweryinc.com", true */ 'd', 'r', 'e', 'w', 'e', 'r', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "drewsilcock.co.uk", true */ 'd', 'r', 'e', 'w', 's', 'i', 'l', 'c', 'o', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dreyfussplasticsurgery.com", true */ 'd', 'r', 'e', 'y', 'f', 'u', 's', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "drezzy.it", true */ 'd', 'r', 'e', 'z', 'z', 'y', '.', 'i', 't', '\0',
+  /* "drfrey.ch", true */ 'd', 'r', 'f', 'r', 'e', 'y', '.', 'c', 'h', '\0',
+  /* "drgn.no", true */ 'd', 'r', 'g', 'n', '.', 'n', 'o', '\0',
+  /* "drheibel.com", true */ 'd', 'r', 'h', 'e', 'i', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "driftdude.nl", true */ 'd', 'r', 'i', 'f', 't', 'd', 'u', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "drighes.com", true */ 'd', 'r', 'i', 'g', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drillion.net", true */ 'd', 'r', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "drillnation.com.au", true */ 'd', 'r', 'i', 'l', 'l', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drinkplanet.eu", true */ 'd', 'r', 'i', 'n', 'k', 'p', 'l', 'a', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "drino.org", false */ 'd', 'r', 'i', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "drive.google.com", false */ 'd', 'r', 'i', 'v', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "drive.xyz", true */ 'd', 'r', 'i', 'v', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "driven2shine.eu", true */ 'd', 'r', 'i', 'v', 'e', 'n', '2', 's', 'h', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "drivenes.net", true */ 'd', 'r', 'i', 'v', 'e', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "driver.ru", true */ 'd', 'r', 'i', 'v', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "driver61.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', '6', '1', '.', 'c', 'o', 'm', '\0',
+  /* "driverless.id", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'l', 'e', 's', 's', '.', 'i', 'd', '\0',
+  /* "driverprofiler.co.uk", true */ 'd', 'r', 'i', 'v', 'e', 'r', 'p', 'r', 'o', 'f', 'i', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "driverscollection.com", true */ 'd', 'r', 'i', 'v', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drivewithstatetransit.com.au", true */ 'd', 'r', 'i', 'v', 'e', 'w', 'i', 't', 'h', 's', 't', 'a', 't', 'e', 't', 'r', 'a', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drivingtestpro.com", true */ 'd', 'r', 'i', 'v', 'i', 'n', 'g', 't', 'e', 's', 't', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "drixn.com", true */ 'd', 'r', 'i', 'x', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drjacquesmalan.com", true */ 'd', 'r', 'j', 'a', 'c', 'q', 'u', 'e', 's', 'm', 'a', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drjenafernandez.com", true */ 'd', 'r', 'j', 'e', 'n', 'a', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "drjoe.ca", true */ 'd', 'r', 'j', 'o', 'e', '.', 'c', 'a', '\0',
+  /* "drjuanitacollier.com", true */ 'd', 'r', 'j', 'u', 'a', 'n', 'i', 't', 'a', 'c', 'o', 'l', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "drkhsh.at", true */ 'd', 'r', 'k', 'h', 's', 'h', '.', 'a', 't', '\0',
+  /* "drkmtrx.xyz", true */ 'd', 'r', 'k', 'm', 't', 'r', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "drlangsdon.com", true */ 'd', 'r', 'l', 'a', 'n', 'g', 's', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drlazarina.net", true */ 'd', 'r', 'l', 'a', 'z', 'a', 'r', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "drms.us", true */ 'd', 'r', 'm', 's', '.', 'u', 's', '\0',
+  /* "drobniuch.pl", false */ 'd', 'r', 'o', 'b', 'n', 'i', 'u', 'c', 'h', '.', 'p', 'l', '\0',
+  /* "drogueriaelbarco.com", true */ 'd', 'r', 'o', 'g', 'u', 'e', 'r', 'i', 'a', 'e', 'l', 'b', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "droidapp.nl", true */ 'd', 'r', 'o', 'i', 'd', 'a', 'p', 'p', '.', 'n', 'l', '\0',
+  /* "droidgyan.com", true */ 'd', 'r', 'o', 'i', 'd', 'g', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "droidhere.com", true */ 'd', 'r', 'o', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "droidim.com", true */ 'd', 'r', 'o', 'i', 'd', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "droidwave.com", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "droidwiki.de", true */ 'd', 'r', 'o', 'i', 'd', 'w', 'i', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "droithxn.com", true */ 'd', 'r', 'o', 'i', 't', 'h', 'x', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "drone-it.net", true */ 'd', 'r', 'o', 'n', 'e', '-', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "dronebotworkshop.com", true */ 'd', 'r', 'o', 'n', 'e', 'b', 'o', 't', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dronepit.dk", true */ 'd', 'r', 'o', 'n', 'e', 'p', 'i', 't', '.', 'd', 'k', '\0',
+  /* "droni.cz", true */ 'd', 'r', 'o', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "dronografia.es", true */ 'd', 'r', 'o', 'n', 'o', 'g', 'r', 'a', 'f', 'i', 'a', '.', 'e', 's', '\0',
+  /* "dropbox.com", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dropboxer.net", true */ 'd', 'r', 'o', 'p', 'b', 'o', 'x', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "dropshare.cloud", true */ 'd', 'r', 'o', 'p', 's', 'h', 'a', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "droso.dk", true */ 'd', 'r', 'o', 's', 'o', '.', 'd', 'k', '\0',
+  /* "drown.photography", true */ 'd', 'r', 'o', 'w', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "drpetervoigt.de", true */ 'd', 'r', 'p', 'e', 't', 'e', 'r', 'v', 'o', 'i', 'g', 't', '.', 'd', 'e', '\0',
+  /* "drpico.com.au", true */ 'd', 'r', 'p', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drrr.chat", true */ 'd', 'r', 'r', 'r', '.', 'c', 'h', 'a', 't', '\0',
+  /* "drrr.wiki", true */ 'd', 'r', 'r', 'r', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "drschruefer.de", true */ 'd', 'r', 's', 'c', 'h', 'r', 'u', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "drsturgeonfreitas.com", true */ 'd', 'r', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drturner.com.au", true */ 'd', 'r', 't', 'u', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "drubn.de", false */ 'd', 'r', 'u', 'b', 'n', '.', 'd', 'e', '\0',
+  /* "drugagodba.si", true */ 'd', 'r', 'u', 'g', 'a', 'g', 'o', 'd', 'b', 'a', '.', 's', 'i', '\0',
+  /* "drumbe.at", true */ 'd', 'r', 'u', 'm', 'b', 'e', '.', 'a', 't', '\0',
+  /* "drummondframing.com", true */ 'd', 'r', 'u', 'm', 'm', 'o', 'n', 'd', 'f', 'r', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "drupal-expert.it", true */ 'd', 'r', 'u', 'p', 'a', 'l', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'i', 't', '\0',
+  /* "drupal.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "drupalspb.org", true */ 'd', 'r', 'u', 'p', 'a', 'l', 's', 'p', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "drweissbrot.net", true */ 'd', 'r', 'w', 'e', 'i', 's', 's', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "drybasement.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "drybasementkansas.com", true */ 'd', 'r', 'y', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'k', 'a', 'n', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "drybjed.net", true */ 'd', 'r', 'y', 'b', 'j', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "drycleancoalition.org", true */ 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "drycreekphoto.com", true */ 'd', 'r', 'y', 'c', 'r', 'e', 'e', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ds67.de", true */ 'd', 's', '6', '7', '.', 'd', 'e', '\0',
+  /* "dsancomics.com", true */ 'd', 's', 'a', 'n', 'c', 'o', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dsayce.com", true */ 'd', 's', 'a', 'y', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dsbrowser.com", true */ 'd', 's', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dsebastien.net", true */ 'd', 's', 'e', 'b', 'a', 's', 't', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "dsektionen.se", true */ 'd', 's', 'e', 'k', 't', 'i', 'o', 'n', 'e', 'n', '.', 's', 'e', '\0',
+  /* "dsm5.com", true */ 'd', 's', 'm', '5', '.', 'c', 'o', 'm', '\0',
+  /* "dsol.hu", true */ 'd', 's', 'o', 'l', '.', 'h', 'u', '\0',
+  /* "dssale.com", true */ 'd', 's', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dstamou.de", true */ 'd', 's', 't', 'a', 'm', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "dt27.org", true */ 'd', 't', '2', '7', '.', 'o', 'r', 'g', '\0',
+  /* "dtbouncycastles.co.uk", true */ 'd', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dtdsh.com", true */ 'd', 't', 'd', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dtechstore.com.br", true */ 'd', 't', 'e', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "dtg-fonds.com", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dtg-fonds.de", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "dtg-fonds.net", true */ 'd', 't', 'g', '-', 'f', 'o', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "dtk-vom-chausseehaus.de", true */ 'd', 't', 'k', '-', 'v', 'o', 'm', '-', 'c', 'h', 'a', 'u', 's', 's', 'e', 'e', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "dtnx.eu", true */ 'd', 't', 'n', 'x', '.', 'e', 'u', '\0',
+  /* "dtnx.net", true */ 'd', 't', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "dtnx.org", true */ 'd', 't', 'n', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dtp-mstdn.jp", true */ 'd', 't', 'p', '-', 'm', 's', 't', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "dtuaarsfest.dk", true */ 'd', 't', 'u', 'a', 'a', 'r', 's', 'f', 'e', 's', 't', '.', 'd', 'k', '\0',
+  /* "dtx.sk", true */ 'd', 't', 'x', '.', 's', 'k', '\0',
+  /* "dualascent.com", true */ 'd', 'u', 'a', 'l', 'a', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dualias.xyz", false */ 'd', 'u', 'a', 'l', 'i', 'a', 's', '.', 'x', 'y', 'z', '\0',
+  /* "duan.li", true */ 'd', 'u', 'a', 'n', '.', 'l', 'i', '\0',
+  /* "dubaieveningsafari.com", true */ 'd', 'u', 'b', 'a', 'i', 'e', 'v', 'e', 'n', 'i', 'n', 'g', 's', 'a', 'f', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dublin-traceroute.net", true */ 'd', 'u', 'b', 'l', 'i', 'n', '-', 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dubrovnik-dental.clinic", true */ 'd', 'u', 'b', 'r', 'o', 'v', 'n', 'i', 'k', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "ducalendars.com", true */ 'd', 'u', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "duckasylum.com", true */ 'd', 'u', 'c', 'k', 'a', 's', 'y', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "duckbase.com", true */ 'd', 'u', 'c', 'k', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "duckduckstart.com", true */ 'd', 'u', 'c', 'k', 'd', 'u', 'c', 'k', 's', 't', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duckinc.net", true */ 'd', 'u', 'c', 'k', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "duckyubuntu.tk", true */ 'd', 'u', 'c', 'k', 'y', 'u', 'b', 'u', 'n', 't', 'u', '.', 't', 'k', '\0',
+  /* "duernberg.at", true */ 'd', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'a', 't', '\0',
+  /* "duesee.org", true */ 'd', 'u', 'e', 's', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "dufrei.com", true */ 'd', 'u', 'f', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dugnet.com", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "dugnet.io", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "dugnet.net", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "dugnet.org", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "dugnet.tech", false */ 'd', 'u', 'g', 'n', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "dugunedavet.com", true */ 'd', 'u', 'g', 'u', 'n', 'e', 'd', 'a', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duh.se", true */ 'd', 'u', 'h', '.', 's', 'e', '\0',
+  /* "duijf.info", true */ 'd', 'u', 'i', 'j', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "duijfathome.nl", true */ 'd', 'u', 'i', 'j', 'f', 'a', 't', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "duitang.com", true */ 'd', 'u', 'i', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "dujsq.com", true */ 'd', 'u', 'j', 's', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "dujsq.top", true */ 'd', 'u', 'j', 's', 'q', '.', 't', 'o', 'p', '\0',
+  /* "dukan-recepty.ru", true */ 'd', 'u', 'k', 'a', 'n', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'r', 'u', '\0',
+  /* "dukefox.com", true */ 'd', 'u', 'k', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "dukegat.de", true */ 'd', 'u', 'k', 'e', 'g', 'a', 't', '.', 'd', 'e', '\0',
+  /* "dukesatqueens.com", true */ 'd', 'u', 'k', 'e', 's', 'a', 't', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dukun.de", true */ 'd', 'u', 'k', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "dulei.si", true */ 'd', 'u', 'l', 'e', 'i', '.', 's', 'i', '\0',
+  /* "dullapp.com", true */ 'd', 'u', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "dumax.xyz", true */ 'd', 'u', 'm', 'a', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "dumbeartech.com", true */ 'd', 'u', 'm', 'b', 'e', 'a', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dumbomove.com.au", true */ 'd', 'u', 'm', 'b', 'o', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dumino.bg", true */ 'd', 'u', 'm', 'i', 'n', 'o', '.', 'b', 'g', '\0',
+  /* "dumpsters.com", true */ 'd', 'u', 'm', 'p', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dunableguitars.com", false */ 'd', 'u', 'n', 'a', 'b', 'l', 'e', 'g', 'u', 'i', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dunashoes.com", true */ 'd', 'u', 'n', 'a', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "duncancmt.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'c', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "duncanfamilytrust.org", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "duncanwinfrey.com", true */ 'd', 'u', 'n', 'c', 'a', 'n', 'w', 'i', 'n', 'f', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "dundalkdonnie.com", true */ 'd', 'u', 'n', 'd', 'a', 'l', 'k', 'd', 'o', 'n', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dungeon-bbs.de", true */ 'd', 'u', 'n', 'g', 'e', 'o', 'n', '-', 'b', 'b', 's', '.', 'd', 'e', '\0',
+  /* "dunmanelectric.com", true */ 'd', 'u', 'n', 'm', 'a', 'n', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "duo.com", true */ 'd', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "duoluodeyu.com", true */ 'd', 'u', 'o', 'l', 'u', 'o', 'd', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "dupisces.com.tw", true */ 'd', 'u', 'p', 'i', 's', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "dupree.co", true */ 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', '\0',
+  /* "durdle.com", true */ 'd', 'u', 'r', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dureuil.info", true */ 'd', 'u', 'r', 'e', 'u', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "durexwinkel.nl", true */ 'd', 'u', 'r', 'e', 'x', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "duria.de", true */ 'd', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "duriaux-dentiste.ch", true */ 'd', 'u', 'r', 'i', 'a', 'u', 'x', '-', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0',
+  /* "durys.be", true */ 'd', 'u', 'r', 'y', 's', '.', 'b', 'e', '\0',
+  /* "dusmomente.com", true */ 'd', 'u', 's', 'm', 'o', 'm', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dustri.org", true */ 'd', 'u', 's', 't', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "dustycloth.com", true */ 'd', 'u', 's', 't', 'y', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "dustygroove.com", true */ 'd', 'u', 's', 't', 'y', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "dustyspokesbnb.ca", true */ 'd', 'u', 's', 't', 'y', 's', 'p', 'o', 'k', 'e', 's', 'b', 'n', 'b', '.', 'c', 'a', '\0',
+  /* "dutch.desi", true */ 'd', 'u', 't', 'c', 'h', '.', 'd', 'e', 's', 'i', '\0',
+  /* "dutch1.nl", true */ 'd', 'u', 't', 'c', 'h', '1', '.', 'n', 'l', '\0',
+  /* "dutchrank.nl", true */ 'd', 'u', 't', 'c', 'h', 'r', 'a', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "dutchweballiance.nl", true */ 'd', 'u', 't', 'c', 'h', 'w', 'e', 'b', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "dutyfreeonboard.com", true */ 'd', 'u', 't', 'y', 'f', 'r', 'e', 'e', 'o', 'n', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "duyao.de", false */ 'd', 'u', 'y', 'a', 'o', '.', 'd', 'e', '\0',
+  /* "dv189.com", true */ 'd', 'v', '1', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "dvbris.co.uk", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dvbris.com", true */ 'd', 'v', 'b', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dvdland.com.au", true */ 'd', 'v', 'd', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "dvhosting.be", true */ 'd', 'v', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "dvnatura.ch", true */ 'd', 'v', 'n', 'a', 't', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "dvorupotocnych.sk", true */ 'd', 'v', 'o', 'r', 'u', 'p', 'o', 't', 'o', 'c', 'n', 'y', 'c', 'h', '.', 's', 'k', '\0',
+  /* "dvotx.org", true */ 'd', 'v', 'o', 't', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "dvwc.org", true */ 'd', 'v', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "dvx.cloud", true */ 'd', 'v', 'x', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "dwgf.xyz", true */ 'd', 'w', 'g', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "dworzak.ch", true */ 'd', 'w', 'o', 'r', 'z', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "dwscdv3.com", true */ 'd', 'w', 's', 'c', 'd', 'v', '3', '.', 'c', 'o', 'm', '\0',
+  /* "dwtm.ch", true */ 'd', 'w', 't', 'm', '.', 'c', 'h', '\0',
+  /* "dwworld.co.uk", true */ 'd', 'w', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dxa.io", false */ 'd', 'x', 'a', '.', 'i', 'o', '\0',
+  /* "dxgl.info", true */ 'd', 'x', 'g', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "dxm.no-ip.biz", true */ 'd', 'x', 'm', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "dyeager.org", true */ 'd', 'y', 'e', 'a', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "dyktig.as", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'a', 's', '\0',
+  /* "dyktig.no", true */ 'd', 'y', 'k', 't', 'i', 'g', '.', 'n', 'o', '\0',
+  /* "dylanboudro.com", true */ 'd', 'y', 'l', 'a', 'n', 'b', 'o', 'u', 'd', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "dylankatz.com", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "dylanknoll.ca", true */ 'd', 'y', 'l', 'a', 'n', 'k', 'n', 'o', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "dyn-nserve.net", true */ 'd', 'y', 'n', '-', 'n', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "dyn.im", true */ 'd', 'y', 'n', '.', 'i', 'm', '\0',
+  /* "dynaloop.net", true */ 'd', 'y', 'n', 'a', 'l', 'o', 'o', 'p', '.', 'n', 'e', 't', '\0',
+  /* "dynamic-networks.be", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'b', 'e', '\0',
+  /* "dynamicnet.net", false */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "dynamics-365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '-', '3', '6', '5', '.', 'n', 'o', '\0',
+  /* "dynamics365.no", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '3', '6', '5', '.', 'n', 'o', '\0',
+  /* "dynamicsnetwork.net", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "dynamictostatic.com", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 't', 'o', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "dynamicyou.co.uk", true */ 'd', 'y', 'n', 'a', 'm', 'i', 'c', 'y', 'o', 'u', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "dynastic.co", true */ 'd', 'y', 'n', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '\0',
+  /* "dynn.be", true */ 'd', 'y', 'n', 'n', '.', 'b', 'e', '\0',
+  /* "dynorphin.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "dynorphins.com", true */ 'd', 'y', 'n', 'o', 'r', 'p', 'h', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "dynts.pro", false */ 'd', 'y', 'n', 't', 's', '.', 'p', 'r', 'o', '\0',
+  /* "dynx.pl", true */ 'd', 'y', 'n', 'x', '.', 'p', 'l', '\0',
+  /* "dyrenesverden.no", true */ 'd', 'y', 'r', 'e', 'n', 'e', 's', 'v', 'e', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "dyrkar.com", true */ 'd', 'y', 'r', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "dysthymia.com", true */ 'd', 'y', 's', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "dyyn.de", true */ 'd', 'y', 'y', 'n', '.', 'd', 'e', '\0',
+  /* "dyz.pw", true */ 'd', 'y', 'z', '.', 'p', 'w', '\0',
+  /* "dzeina.ch", true */ 'd', 'z', 'e', 'i', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "dzet.de", true */ 'd', 'z', 'e', 't', '.', 'd', 'e', '\0',
+  /* "dziekonski.com", true */ 'd', 'z', 'i', 'e', 'k', 'o', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "dziurdzia.pl", true */ 'd', 'z', 'i', 'u', 'r', 'd', 'z', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "dzndk.com", true */ 'd', 'z', 'n', 'd', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "dzndk.net", true */ 'd', 'z', 'n', 'd', 'k', '.', 'n', 'e', 't', '\0',
+  /* "dzndk.org", true */ 'd', 'z', 'n', 'd', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "dzomo.org", true */ 'd', 'z', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "dzsula.hu", true */ 'd', 'z', 's', 'u', 'l', 'a', '.', 'h', 'u', '\0',
+  /* "dzyabchenko.com", true */ 'd', 'z', 'y', 'a', 'b', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "e-apack.com.br", true */ 'e', '-', 'a', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "e-briancon.com", true */ 'e', '-', 'b', 'r', 'i', 'a', 'n', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "e-cottage.com.br", true */ 'e', '-', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "e-hon.link", true */ 'e', '-', 'h', 'o', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "e-id.ee", true */ 'e', '-', 'i', 'd', '.', 'e', 'e', '\0',
+  /* "e-kontakti.fi", true */ 'e', '-', 'k', 'o', 'n', 't', 'a', 'k', 't', 'i', '.', 'f', 'i', '\0',
+  /* "e-lambre.com", true */ 'e', '-', 'l', 'a', 'm', 'b', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "e-learningbs.com", true */ 'e', '-', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "e-lifetechnology.com", true */ 'e', '-', 'l', 'i', 'f', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "e-migration.ch", true */ 'e', '-', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "e-standardstore.org", true */ 'e', '-', 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', 't', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "e-surveillant.nl", true */ 'e', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "e-teacher.pl", true */ 'e', '-', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "e-tech-solution.com", true */ 'e', '-', 't', 'e', 'c', 'h', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "e-tmf.org", true */ 'e', '-', 't', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "e-tresor.at", true */ 'e', '-', 't', 'r', 'e', 's', 'o', 'r', '.', 'a', 't', '\0',
+  /* "e-tune-mt.net", true */ 'e', '-', 't', 'u', 'n', 'e', '-', 'm', 't', '.', 'n', 'e', 't', '\0',
+  /* "e-typ.eu", true */ 'e', '-', 't', 'y', 'p', '.', 'e', 'u', '\0',
+  /* "e-vau.de", true */ 'e', '-', 'v', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "e-worksmedia.com", true */ 'e', '-', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "e.mail.ru", true */ 'e', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "e024.org", true */ 'e', '0', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "e11even.nl", false */ 'e', '1', '1', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "e191.com", true */ 'e', '1', '9', '1', '.', 'c', 'o', 'm', '\0',
+  /* "e2feed.com", true */ 'e', '2', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "e30.ee", true */ 'e', '3', '0', '.', 'e', 'e', '\0',
+  /* "e3kids.com", true */ 'e', '3', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "e3q.de", true */ 'e', '3', 'q', '.', 'd', 'e', '\0',
+  /* "e505.net", true */ 'e', '5', '0', '5', '.', 'n', 'e', 't', '\0',
+  /* "e5tv.hu", true */ 'e', '5', 't', 'v', '.', 'h', 'u', '\0',
+  /* "e64.com", true */ 'e', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "e7d.io", true */ 'e', '7', 'd', '.', 'i', 'o', '\0',
+  /* "e9a.at", true */ 'e', '9', 'a', '.', 'a', 't', '\0',
+  /* "ea2drocks.com", true */ 'e', 'a', '2', 'd', 'r', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ead-italia.it", true */ 'e', 'a', 'd', '-', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "eagle-yard.de", true */ 'e', 'a', 'g', 'l', 'e', '-', 'y', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "eagleindustriesltd.com", true */ 'e', 'a', 'g', 'l', 'e', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eagleridgecampground.com", true */ 'e', 'a', 'g', 'l', 'e', 'r', 'i', 'd', 'g', 'e', 'c', 'a', 'm', 'p', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eaglesecurity.com", true */ 'e', 'a', 'g', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "eagletechz.com.br", true */ 'e', 'a', 'g', 'l', 'e', 't', 'e', 'c', 'h', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "eagleyecs.com", true */ 'e', 'a', 'g', 'l', 'e', 'y', 'e', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eaimty.com", true */ 'e', 'a', 'i', 'm', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ealev.de", true */ 'e', 'a', 'l', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "eames-clayton.us", true */ 'e', 'a', 'm', 'e', 's', '-', 'c', 'l', 'a', 'y', 't', 'o', 'n', '.', 'u', 's', '\0',
+  /* "eapestudioweb.com", true */ 'e', 'a', 'p', 'e', 's', 't', 'u', 'd', 'i', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "earl.org.uk", true */ 'e', 'a', 'r', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "earlyyearshub.com", true */ 'e', 'a', 'r', 'l', 'y', 'y', 'e', 'a', 'r', 's', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "earmarks.gov", true */ 'e', 'a', 'r', 'm', 'a', 'r', 'k', 's', '.', 'g', 'o', 'v', '\0',
+  /* "earn.com", true */ 'e', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "earth-people.org", true */ 'e', 'a', 'r', 't', 'h', '-', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "earticleblog.com", true */ 'e', 'a', 'r', 't', 'i', 'c', 'l', 'e', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "earvinkayonga.com", true */ 'e', 'a', 'r', 'v', 'i', 'n', 'k', 'a', 'y', 'o', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "easelforart.com", true */ 'e', 'a', 's', 'e', 'l', 'f', 'o', 'r', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eashwar.com", true */ 'e', 'a', 's', 'h', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eason-yang.com", true */ 'e', 'a', 's', 'o', 'n', '-', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "east-line.su", true */ 'e', 'a', 's', 't', '-', 'l', 'i', 'n', 'e', '.', 's', 'u', '\0',
+  /* "eastarm.net", true */ 'e', 'a', 's', 't', 'a', 'r', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eastcoastbubbleandbounce.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'b', 'u', 'b', 'b', 'l', 'e', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastcoastinflatables.co.uk", true */ 'e', 'a', 's', 't', 'c', 'o', 'a', 's', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastlothianbouncycastles.co.uk", true */ 'e', 'a', 's', 't', 'l', 'o', 't', 'h', 'i', 'a', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eastmanbusinessinstitute.com", true */ 'e', 'a', 's', 't', 'm', 'a', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eastmontgroup.com", true */ 'e', 'a', 's', 't', 'm', 'o', 'n', 't', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "easy-factures.fr", true */ 'e', 'a', 's', 'y', '-', 'f', 'a', 'c', 't', 'u', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "easy-rpg.org", false */ 'e', 'a', 's', 'y', '-', 'r', 'p', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "easyadsnbanners.tk", false */ 'e', 'a', 's', 'y', 'a', 'd', 's', 'n', 'b', 'a', 'n', 'n', 'e', 'r', 's', '.', 't', 'k', '\0',
+  /* "easycoding.org", true */ 'e', 'a', 's', 'y', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "easyconstat.com", true */ 'e', 'a', 's', 'y', 'c', 'o', 'n', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "easycosmetic.ch", true */ 'e', 'a', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "easycup.com", true */ 'e', 'a', 's', 'y', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "easyfiles.ch", true */ 'e', 'a', 's', 'y', 'f', 'i', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "easyhaul.com", true */ 'e', 'a', 's', 'y', 'h', 'a', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "easyllc.com", false */ 'e', 'a', 's', 'y', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "easyocm.hu", true */ 'e', 'a', 's', 'y', 'o', 'c', 'm', '.', 'h', 'u', '\0',
+  /* "easyproperty.com", true */ 'e', 'a', 's', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "easypv.ch", true */ 'e', 'a', 's', 'y', 'p', 'v', '.', 'c', 'h', '\0',
+  /* "easysimplecrm.com", false */ 'e', 'a', 's', 'y', 's', 'i', 'm', 'p', 'l', 'e', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "easystore.co", true */ 'e', 'a', 's', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', '\0',
+  /* "eat-sleep-code.com", true */ 'e', 'a', 't', '-', 's', 'l', 'e', 'e', 'p', '-', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eat-the-world.ch", true */ 'e', 'a', 't', '-', 't', 'h', 'e', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "eatery.co.il", true */ 'e', 'a', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "eatlowcarb.de", false */ 'e', 'a', 't', 'l', 'o', 'w', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "eaton-works.com", true */ 'e', 'a', 't', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eatsleeprepeat.net", true */ 'e', 'a', 't', 's', 'l', 'e', 'e', 'p', 'r', 'e', 'p', 'e', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "eatson.com", true */ 'e', 'a', 't', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eattherich.us", true */ 'e', 'a', 't', 't', 'h', 'e', 'r', 'i', 'c', 'h', '.', 'u', 's', '\0',
+  /* "eatz.com", true */ 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "eauxdespleiades.ch", true */ 'e', 'a', 'u', 'x', 'd', 'e', 's', 'p', 'l', 'e', 'i', 'a', 'd', 'e', 's', '.', 'c', 'h', '\0',
+  /* "eb-net.de", true */ 'e', 'b', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "eb7.jp", true */ 'e', 'b', '7', '.', 'j', 'p', '\0',
+  /* "ebanking.indovinabank.com.vn", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0',
+  /* "ebankingabersicher.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'a', 'b', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "ebankingbutsecure.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'b', 'u', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "ebankingentoutesecurite.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'e', 'n', 't', 'o', 'u', 't', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "ebankingmasicuro.ch", true */ 'e', 'b', 'a', 'n', 'k', 'i', 'n', 'g', 'm', 'a', 's', 'i', 'c', 'u', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "ebas.ch", true */ 'e', 'b', 'a', 's', '.', 'c', 'h', '\0',
+  /* "ebataw.com", true */ 'e', 'b', 'a', 't', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ebayinc.com", true */ 'e', 'b', 'a', 'y', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ebaymotorssucks.com", true */ 'e', 'b', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ebermannstadt.de", false */ 'e', 'b', 'e', 'r', 'm', 'a', 'n', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "eboek.info", true */ 'e', 'b', 'o', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ebooki.eu.org", true */ 'e', 'b', 'o', 'o', 'k', 'i', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ebop.ch", true */ 'e', 'b', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "eboyer.com", true */ 'e', 'b', 'o', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ebrnd.de", true */ 'e', 'b', 'r', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ebrowz.com", true */ 'e', 'b', 'r', 'o', 'w', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ec-baran.de", true */ 'e', 'c', '-', 'b', 'a', 'r', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "ecchidreams.com", true */ 'e', 'c', 'c', 'h', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ecco-verde.com", false */ 'e', 'c', 'c', 'o', '-', 'v', 'e', 'r', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eccoviasolutions.com", true */ 'e', 'c', 'c', 'o', 'v', 'i', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eccux.com", true */ 'e', 'c', 'c', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ecelembrou.ovh", true */ 'e', 'c', 'e', 'l', 'e', 'm', 'b', 'r', 'o', 'u', '.', 'o', 'v', 'h', '\0',
+  /* "ecfnorte.com.br", true */ 'e', 'c', 'f', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "echatta.net", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "echatta.org", true */ 'e', 'c', 'h', 'a', 't', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "echo-security.co", true */ 'e', 'c', 'h', 'o', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '\0',
+  /* "echoactive.com", true */ 'e', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "echoanalytics.com", true */ 'e', 'c', 'h', 'o', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "echodio.com", true */ 'e', 'c', 'h', 'o', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "echofoxtrot.co", true */ 'e', 'c', 'h', 'o', 'f', 'o', 'x', 't', 'r', 'o', 't', '.', 'c', 'o', '\0',
+  /* "echomanchester.net", true */ 'e', 'c', 'h', 'o', 'm', 'a', 'n', 'c', 'h', 'e', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "echopaper.com", true */ 'e', 'c', 'h', 'o', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "echosim.io", true */ 'e', 'c', 'h', 'o', 's', 'i', 'm', '.', 'i', 'o', '\0',
+  /* "echosixmonkey.com", true */ 'e', 'c', 'h', 'o', 's', 'i', 'x', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "echosystem.fr", true */ 'e', 'c', 'h', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'f', 'r', '\0',
+  /* "echoworld.ch", true */ 'e', 'c', 'h', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "ecirtam.net", true */ 'e', 'c', 'i', 'r', 't', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eckel.co", true */ 'e', 'c', 'k', 'e', 'l', '.', 'c', 'o', '\0',
+  /* "eclipse.ws", true */ 'e', 'c', 'l', 'i', 'p', 's', 'e', '.', 'w', 's', '\0',
+  /* "ecnetworker.com", true */ 'e', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eco-derattizzazione.it", true */ 'e', 'c', 'o', '-', 'd', 'e', 'r', 'a', 't', 't', 'i', 'z', 'z', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'i', 't', '\0',
+  /* "eco-work.it", true */ 'e', 'c', 'o', '-', 'w', 'o', 'r', 'k', '.', 'i', 't', '\0',
+  /* "ecoccinelles.ch", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "ecoccinelles.com", true */ 'e', 'c', 'o', 'c', 'c', 'i', 'n', 'e', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ecococon.fr", true */ 'e', 'c', 'o', 'c', 'o', 'c', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "ecodigital.social", true */ 'e', 'c', 'o', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "ecogen.com.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ecogen.net.au", true */ 'e', 'c', 'o', 'g', 'e', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "ecoheatcool.co.uk", true */ 'e', 'c', 'o', 'h', 'e', 'a', 't', 'c', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ecohostingservices.uk", true */ 'e', 'c', 'o', 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'u', 'k', '\0',
+  /* "ecolala.my", true */ 'e', 'c', 'o', 'l', 'a', 'l', 'a', '.', 'm', 'y', '\0',
+  /* "ecole-attalens.ch", true */ 'e', 'c', 'o', 'l', 'e', '-', 'a', 't', 't', 'a', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "ecole-iaf.fr", true */ 'e', 'c', 'o', 'l', 'e', '-', 'i', 'a', 'f', '.', 'f', 'r', '\0',
+  /* "ecoledusabbat.org", true */ 'e', 'c', 'o', 'l', 'e', 'd', 'u', 's', 'a', 'b', 'b', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ecolemathurincordier.com", true */ 'e', 'c', 'o', 'l', 'e', 'm', 'a', 't', 'h', 'u', 'r', 'i', 'n', 'c', 'o', 'r', 'd', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ecolesrec.ch", true */ 'e', 'c', 'o', 'l', 'e', 's', 'r', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "ecolife-vrn.ru", true */ 'e', 'c', 'o', 'l', 'i', 'f', 'e', '-', 'v', 'r', 'n', '.', 'r', 'u', '\0',
+  /* "ecompen.co.za", true */ 'e', 'c', 'o', 'm', 'p', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "econativa.pt", true */ 'e', 'c', 'o', 'n', 'a', 't', 'i', 'v', 'a', '.', 'p', 't', '\0',
+  /* "economias.pt", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'a', 's', '.', 'p', 't', '\0',
+  /* "economicinclusion.gov", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'c', 'i', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "economiefidu.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 'f', 'i', 'd', 'u', '.', 'c', 'h', '\0',
+  /* "economies.ch", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'c', 'h', '\0',
+  /* "economy.st", true */ 'e', 'c', 'o', 'n', 'o', 'm', 'y', '.', 's', 't', '\0',
+  /* "econsumer.gov", true */ 'e', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ecorp.cc", true */ 'e', 'c', 'o', 'r', 'p', '.', 'c', 'c', '\0',
+  /* "ecos-ev.de", true */ 'e', 'c', 'o', 's', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "ecoshare.info", true */ 'e', 'c', 'o', 's', 'h', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ecoskif.ru", true */ 'e', 'c', 'o', 's', 'k', 'i', 'f', '.', 'r', 'u', '\0',
+  /* "ecosoftconsult.com", true */ 'e', 'c', 'o', 's', 'o', 'f', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ecosound.ch", true */ 'e', 'c', 'o', 's', 'o', 'u', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "ecosystem.atlassian.net", true */ 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ecoterramedia.com", true */ 'e', 'c', 'o', 't', 'e', 'r', 'r', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ecotruck-pooling.com", true */ 'e', 'c', 'o', 't', 'r', 'u', 'c', 'k', '-', 'p', 'o', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ecovision.com.br", true */ 'e', 'c', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ecrandouble.ch", true */ 'e', 'c', 'r', 'a', 'n', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "ecupcafe.com", false */ 'e', 'c', 'u', 'p', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ed.gs", true */ 'e', 'd', '.', 'g', 's', '\0',
+  /* "edakoe.ru", true */ 'e', 'd', 'a', 'k', 'o', 'e', '.', 'r', 'u', '\0',
+  /* "edd-miles.com", true */ 'e', 'd', 'd', '-', 'm', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eddesign.ch", true */ 'e', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "eddmil.es", true */ 'e', 'd', 'd', 'm', 'i', 'l', '.', 'e', 's', '\0',
+  /* "edeca.net", true */ 'e', 'd', 'e', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "edenmal.net", true */ 'e', 'd', 'e', 'n', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "edenvalerubbleremovals.co.za", true */ 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "edesseglabor.hu", true */ 'e', 'd', 'e', 's', 's', 'e', 'g', 'l', 'a', 'b', 'o', 'r', '.', 'h', 'u', '\0',
+  /* "edge-cloud.net", true */ 'e', 'd', 'g', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "edgeservices.co.uk", true */ 'e', 'd', 'g', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "edgetalk.net", true */ 'e', 'd', 'g', 'e', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "edhesive.com", true */ 'e', 'd', 'h', 'e', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edholm.pub", true */ 'e', 'd', 'h', 'o', 'l', 'm', '.', 'p', 'u', 'b', '\0',
+  /* "edibarcode.com", true */ 'e', 'd', 'i', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edicct.com", true */ 'e', 'd', 'i', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "edisonchee.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'c', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edisonlee55.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'e', 'e', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "edisonluiz.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'l', 'u', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "edisonnissanparts.com", true */ 'e', 'd', 'i', 's', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "edit.yahoo.com", false */ 'e', 'd', 'i', 't', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "edition-bambou.com", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 'b', 'a', 'm', 'b', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "edition-sonblom.de", true */ 'e', 'd', 'i', 't', 'i', 'o', 'n', '-', 's', 'o', 'n', 'b', 'l', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "editoraacademiacrista.com.br", true */ 'e', 'd', 'i', 't', 'o', 'r', 'a', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'a', 'c', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "edlinus.cn", true */ 'e', 'd', 'l', 'i', 'n', 'u', 's', '.', 'c', 'n', '\0',
+  /* "edmundcelis.com", true */ 'e', 'd', 'm', 'u', 'n', 'd', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "edoss.co.za", true */ 'e', 'd', 'o', 's', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "edp-collaborative.com", true */ 'e', 'd', 'p', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "edsm.net", true */ 'e', 'd', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "edstep.com", true */ 'e', 'd', 's', 't', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "edtech-hub.com", true */ 'e', 'd', 't', 'e', 'c', 'h', '-', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "edtechwebb.com", true */ 'e', 'd', 't', 'e', 'c', 'h', 'w', 'e', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "edu6.cloud", true */ 'e', 'd', 'u', '6', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "eduard-dopler.de", true */ 'e', 'd', 'u', 'a', 'r', 'd', '-', 'd', 'o', 'p', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "edubras.com.br", true */ 'e', 'd', 'u', 'b', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "educaid.be", true */ 'e', 'd', 'u', 'c', 'a', 'i', 'd', '.', 'b', 'e', '\0',
+  /* "educationevolving.org", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'e', 'v', 'o', 'l', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "educationunlimited.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'u', 'n', 'l', 'i', 'm', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "educator-one.com", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', '-', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "educators.co.nz", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "educatoys.com.br", true */ 'e', 'd', 'u', 'c', 'a', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "educatweb.de", true */ 'e', 'd', 'u', 'c', 'a', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "eductf.org", true */ 'e', 'd', 'u', 'c', 't', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "edudrugs.com", true */ 'e', 'd', 'u', 'd', 'r', 'u', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eduid.se", true */ 'e', 'd', 'u', 'i', 'd', '.', 's', 'e', '\0',
+  /* "edumundo.nl", true */ 'e', 'd', 'u', 'm', 'u', 'n', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "eduroam.no", true */ 'e', 'd', 'u', 'r', 'o', 'a', 'm', '.', 'n', 'o', '\0',
+  /* "edusanjal.com", true */ 'e', 'd', 'u', 's', 'a', 'n', 'j', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "edv-bv.de", true */ 'e', 'd', 'v', '-', 'b', 'v', '.', 'd', 'e', '\0',
+  /* "edv-kohls.de", true */ 'e', 'd', 'v', '-', 'k', 'o', 'h', 'l', 's', '.', 'd', 'e', '\0',
+  /* "edv-lehrgang.de", true */ 'e', 'd', 'v', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "edvmesstec.de", true */ 'e', 'd', 'v', 'm', 'e', 's', 's', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "edwar.do", true */ 'e', 'd', 'w', 'a', 'r', '.', 'd', 'o', '\0',
+  /* "edwards.me.uk", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "edwardsnowden.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "edwardspeyer.com", true */ 'e', 'd', 'w', 'a', 'r', 'd', 's', 'p', 'e', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "edxg.de", false */ 'e', 'd', 'x', 'g', '.', 'd', 'e', '\0',
+  /* "edyou.eu", true */ 'e', 'd', 'y', 'o', 'u', '.', 'e', 'u', '\0',
+  /* "edzilla.info", true */ 'e', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ee-terminals.com", true */ 'e', 'e', '-', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eeetrust.org", true */ 'e', 'e', 'e', 't', 'r', 'u', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "eellak.gr", true */ 'e', 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0',
+  /* "eelsden.net", true */ 'e', 'e', 'l', 's', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "eelzak.nl", true */ 'e', 'e', 'l', 'z', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "eeqj.com", true */ 'e', 'e', 'q', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "eer.io", true */ 'e', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "eerlijktransport.nl", true */ 'e', 'e', 'r', 'l', 'i', 'j', 'k', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "eerstejaarsweekend.nl", true */ 'e', 'e', 'r', 's', 't', 'e', 'j', 'a', 'a', 'r', 's', 'w', 'e', 'e', 'k', 'e', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "eery.de", true */ 'e', 'e', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "eewna.org", true */ 'e', 'e', 'w', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "eez.ee", true */ 'e', 'e', 'z', '.', 'e', 'e', '\0',
+  /* "ef-georgia.org", true */ 'e', 'f', '-', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ef.gy", true */ 'e', 'f', '.', 'g', 'y', '\0',
+  /* "efa-football.com", true */ 'e', 'f', 'a', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "efaas.nl", true */ 'e', 'f', 'a', 'a', 's', '.', 'n', 'l', '\0',
+  /* "efag.com", true */ 'e', 'f', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "efeen.nl", true */ 'e', 'f', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "eff-bee-eye.de", true */ 'e', 'f', 'f', '-', 'b', 'e', 'e', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "eff.org", true */ 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "effdocs.com", true */ 'e', 'f', 'f', 'd', 'o', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "effe.ch", true */ 'e', 'f', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "effective-altruist.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', '-', 'a', 'l', 't', 'r', 'u', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "effectivecoffee.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "effectiveosgi.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'o', 's', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "effectivepapers.com", true */ 'e', 'f', 'f', 'e', 'c', 't', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "effero.net", true */ 'e', 'f', 'f', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "effex.ru", true */ 'e', 'f', 'f', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "effishiency.com", true */ 'e', 'f', 'f', 'i', 's', 'h', 'i', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "effizienta.ch", true */ 'e', 'f', 'f', 'i', 'z', 'i', 'e', 'n', 't', 'a', '.', 'c', 'h', '\0',
+  /* "efflam.net", true */ 'e', 'f', 'f', 'l', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "eft.boutique", true */ 'e', 'f', 't', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "egablo.black", true */ 'e', 'g', 'a', 'b', 'l', 'o', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "egami.ch", true */ 'e', 'g', 'a', 'm', 'i', '.', 'c', 'h', '\0',
+  /* "eganassociates.com.au", true */ 'e', 'g', 'a', 'n', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "egarden.it", true */ 'e', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'i', 't', '\0',
+  /* "egb.at", false */ 'e', 'g', 'b', '.', 'a', 't', '\0',
+  /* "egbert.net", true */ 'e', 'g', 'b', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "egeozcan.com", true */ 'e', 'g', 'e', 'o', 'z', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "egfl.org.uk", true */ 'e', 'g', 'f', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "egg-ortho.ch", true */ 'e', 'g', 'g', '-', 'o', 'r', 't', 'h', 'o', '.', 'c', 'h', '\0',
+  /* "eggblast.com", true */ 'e', 'g', 'g', 'b', 'l', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eggert.org", true */ 'e', 'g', 'g', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "eggplant.today", true */ 'e', 'g', 'g', 'p', 'l', 'a', 'n', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "egiftcards.be", true */ 'e', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'b', 'e', '\0',
+  /* "eglek.com", true */ 'e', 'g', 'l', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ego4u.com", true */ 'e', 'g', 'o', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ego4u.de", true */ 'e', 'g', 'o', '4', 'u', '.', 'd', 'e', '\0',
+  /* "egoroof.ru", true */ 'e', 'g', 'o', 'r', 'o', 'o', 'f', '.', 'r', 'u', '\0',
+  /* "egov4.ch", true */ 'e', 'g', 'o', 'v', '4', '.', 'c', 'h', '\0',
+  /* "egretail.no", false */ 'e', 'g', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'o', '\0',
+  /* "egumenita.ro", true */ 'e', 'g', 'u', 'm', 'e', 'n', 'i', 't', 'a', '.', 'r', 'o', '\0',
+  /* "egupova.ru", true */ 'e', 'g', 'u', 'p', 'o', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "egw-ceramica.de", true */ 'e', 'g', 'w', '-', 'c', 'e', 'r', 'a', 'm', 'i', 'c', 'a', '.', 'd', 'e', '\0',
+  /* "egweb.tv", true */ 'e', 'g', 'w', 'e', 'b', '.', 't', 'v', '\0',
+  /* "ehaccp.it", true */ 'e', 'h', 'a', 'c', 'c', 'p', '.', 'i', 't', '\0',
+  /* "ehandel.com", true */ 'e', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ehazi.hu", true */ 'e', 'h', 'a', 'z', 'i', '.', 'h', 'u', '\0',
+  /* "ehertz.uk", true */ 'e', 'h', 'e', 'r', 't', 'z', '.', 'u', 'k', '\0',
+  /* "ehipaa.com", true */ 'e', 'h', 'i', 'p', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ehlacademy.org", true */ 'e', 'h', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ehomusicgear.com", true */ 'e', 'h', 'o', 'm', 'u', 's', 'i', 'c', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ehrlichesbier.de", true */ 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 's', 'b', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "eichel.eu", true */ 'e', 'i', 'c', 'h', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "eichornenterprises.com", true */ 'e', 'i', 'c', 'h', 'o', 'r', 'n', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eickemeyer.nl", true */ 'e', 'i', 'c', 'k', 'e', 'm', 'e', 'y', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "eickhof.co", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'c', 'o', '\0',
+  /* "eickhof.us", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', '.', 'u', 's', '\0',
+  /* "eickhofcolumbaria.com", true */ 'e', 'i', 'c', 'k', 'h', 'o', 'f', 'c', 'o', 'l', 'u', 'm', 'b', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "eidolons.org", true */ 'e', 'i', 'd', 'o', 'l', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eiga-movie.com", true */ 'e', 'i', 'g', 'a', '-', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eigenbubi.de", true */ 'e', 'i', 'g', 'e', 'n', 'b', 'u', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "eighty-aid.com", true */ 'e', 'i', 'g', 'h', 't', 'y', '-', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eightyfour.ca", true */ 'e', 'i', 'g', 'h', 't', 'y', 'f', 'o', 'u', 'r', '.', 'c', 'a', '\0',
+  /* "eigpropertyauctions.co.uk", true */ 'e', 'i', 'g', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eilhan.com", true */ 'e', 'i', 'l', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eimacs.com", true */ 'e', 'i', 'm', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eimanavicius.lt", true */ 'e', 'i', 'm', 'a', 'n', 'a', 'v', 'i', 'c', 'i', 'u', 's', '.', 'l', 't', '\0',
+  /* "einar.io", true */ 'e', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "einaros.is", true */ 'e', 'i', 'n', 'a', 'r', 'o', 's', '.', 'i', 's', '\0',
+  /* "einfachbahn.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'b', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "einfachmaldiefressehalten.de", true */ 'e', 'i', 'n', 'f', 'a', 'c', 'h', 'm', 'a', 'l', 'd', 'i', 'e', 'f', 'r', 'e', 's', 's', 'e', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "einheft.info", true */ 'e', 'i', 'n', 'h', 'e', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "einheizpreis.de", true */ 'e', 'i', 'n', 'h', 'e', 'i', 'z', 'p', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0',
+  /* "einmonolog.de", true */ 'e', 'i', 'n', 'm', 'o', 'n', 'o', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "einsatzstellenverwaltung.de", true */ 'e', 'i', 'n', 's', 'a', 't', 'z', 's', 't', 'e', 'l', 'l', 'e', 'n', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "einsteinathome.org", true */ 'e', 'i', 'n', 's', 't', 'e', 'i', 'n', 'a', 't', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eintageinzug.de", true */ 'e', 'i', 'n', 't', 'a', 'g', 'e', 'i', 'n', 'z', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "eintragsservice24.de", true */ 'e', 'i', 'n', 't', 'r', 'a', 'g', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "eipione.com", true */ 'e', 'i', 'p', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eirastudios.co.uk", false */ 'e', 'i', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eisaev.ru", true */ 'e', 'i', 's', 'a', 'e', 'v', '.', 'r', 'u', '\0',
+  /* "eit-web.de", false */ 'e', 'i', 't', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "eitler.cx", true */ 'e', 'i', 't', 'l', 'e', 'r', '.', 'c', 'x', '\0',
+  /* "eiyoushi-shigoto.com", true */ 'e', 'i', 'y', 'o', 'u', 's', 'h', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ejdv-anmeldung.de", true */ 'e', 'j', 'd', 'v', '-', 'a', 'n', 'm', 'e', 'l', 'd', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ejeff.org", true */ 'e', 'j', 'e', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "ejgconsultancy.co.uk", true */ 'e', 'j', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ejuicelab.co.uk", true */ 'e', 'j', 'u', 'i', 'c', 'e', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ejusu.com", true */ 'e', 'j', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ekaigotenshoku.com", true */ 'e', 'k', 'a', 'i', 'g', 'o', 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ekd.de", true */ 'e', 'k', 'd', '.', 'd', 'e', '\0',
+  /* "ekedc.com", true */ 'e', 'k', 'e', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ekedp.com", true */ 'e', 'k', 'e', 'd', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eklepka.com", true */ 'e', 'k', 'l', 'e', 'p', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ekodevices.com", true */ 'e', 'k', 'o', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ekokontakt.cz", true */ 'e', 'k', 'o', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0',
+  /* "ekonbenefits.com", true */ 'e', 'k', 'o', 'n', 'b', 'e', 'n', 'e', 'f', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ekong366.com", true */ 'e', 'k', 'o', 'n', 'g', '3', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "ekostecki.de", true */ 'e', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "ekpyroticfrood.net", true */ 'e', 'k', 'p', 'y', 'r', 'o', 't', 'i', 'c', 'f', 'r', 'o', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "eksisozluk.com", true */ 'e', 'k', 's', 'i', 's', 'o', 'z', 'l', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ekuatorial.com", true */ 'e', 'k', 'u', 'a', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ekzarta.ru", true */ 'e', 'k', 'z', 'a', 'r', 't', 'a', '.', 'r', 'u', '\0',
+  /* "el-cell.com", true */ 'e', 'l', '-', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "el-hossari.com", true */ 'e', 'l', '-', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eladgames.com", true */ 'e', 'l', 'a', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elagplus.com", true */ 'e', 'l', 'a', 'g', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elaon.de", true */ 'e', 'l', 'a', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "elars.de", true */ 'e', 'l', 'a', 'r', 's', '.', 'd', 'e', '\0',
+  /* "elarvee.xyz", true */ 'e', 'l', 'a', 'r', 'v', 'e', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "elaxy-online.de", true */ 'e', 'l', 'a', 'x', 'y', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "elderoost.com", true */ 'e', 'l', 'd', 'e', 'r', 'o', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eldertons.co.uk", true */ 'e', 'l', 'd', 'e', 'r', 't', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eldinhadzic.com", true */ 'e', 'l', 'd', 'i', 'n', 'h', 'a', 'd', 'z', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "eldisagjapi.com", true */ 'e', 'l', 'd', 'i', 's', 'a', 'g', 'j', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eldrid.ge", true */ 'e', 'l', 'd', 'r', 'i', 'd', '.', 'g', 'e', '\0',
+  /* "eldritchfiction.net", true */ 'e', 'l', 'd', 'r', 'i', 't', 'c', 'h', 'f', 'i', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "elearningpilot.com", true */ 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "electionsdatabase.com", true */ 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "electr0sheep.com", true */ 'e', 'l', 'e', 'c', 't', 'r', '0', 's', 'h', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "electragirl.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'a', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "electricalagoura.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'a', 'g', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "electricalcontrolpanels.co.uk", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "electricalfencingedenvale.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', 'f', 'e', 'n', 'c', 'i', 'n', 'g', 'e', 'd', 'e', 'n', 'v', 'a', 'l', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "electricgatemotorgermiston.co.za", true */ 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'g', 'a', 't', 'e', 'm', 'o', 't', 'o', 'r', 'g', 'e', 'r', 'm', 'i', 's', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "electronic-ignition-system.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', '-', 'i', 'g', 'n', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "electronicafacil.net", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', 'f', 'a', 'c', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "electronicfasteners.com", true */ 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'f', 'a', 's', 't', 'e', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eled.io", true */ 'e', 'l', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "elefantevoador.com", true */ 'e', 'l', 'e', 'f', 'a', 'n', 't', 'e', 'v', 'o', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eleicoes2014.com.br", true */ 'e', 'l', 'e', 'i', 'c', 'o', 'e', 's', '2', '0', '1', '4', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "elektro-adam.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'a', 'd', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "elektro-collee.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'c', 'o', 'l', 'l', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "elektro-diehm.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'd', 'i', 'e', 'h', 'm', '.', 'd', 'e', '\0',
+  /* "elektro-hammes.net", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'a', 'm', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "elektro-hofmann-gmbh.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-hornetz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'h', 'o', 'r', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektro-kahlen.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'a', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "elektro-koehl.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'k', 'o', 'e', 'h', 'l', '.', 'd', 'e', '\0',
+  /* "elektro-liebeskind.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'l', 'i', 'e', 'b', 'e', 's', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "elektro-metz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektro-pfeiffer.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "elektro-rossbach.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 's', 's', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-roth.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0',
+  /* "elektro-stock.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 's', 't', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "elektro-woerdehoff.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', '-', 'w', 'o', 'e', 'r', 'd', 'e', 'h', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "elektrobusch.com", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'b', 'u', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "elektrofinke.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'f', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "elektrokarges.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'k', 'a', 'r', 'g', 'e', 's', '.', 'd', 'e', '\0',
+  /* "elektrometz.de", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "elektropost.org", true */ 'e', 'l', 'e', 'k', 't', 'r', 'o', 'p', 'o', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "elemental.software", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "elementalict.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "elementalrobotics.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elementalsoftware.net", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "elementalsoftware.org", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "elementarywave.com", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'r', 'y', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "elements.guide", true */ 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '.', 'g', 'u', 'i', 'd', 'e', '\0',
+  /* "elena-baykova.ru", true */ 'e', 'l', 'e', 'n', 'a', '-', 'b', 'a', 'y', 'k', 'o', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "elephants.net", true */ 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "elephpant.cz", true */ 'e', 'l', 'e', 'p', 'h', 'p', 'a', 'n', 't', '.', 'c', 'z', '\0',
+  /* "elepover.com", true */ 'e', 'l', 'e', 'p', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eletesstilus.hu", true */ 'e', 'l', 'e', 't', 'e', 's', 's', 't', 'i', 'l', 'u', 's', '.', 'h', 'u', '\0',
+  /* "eleusis-zur-verschwiegenheit.de", true */ 'e', 'l', 'e', 'u', 's', 'i', 's', '-', 'z', 'u', 'r', '-', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'i', 'e', 'g', 'e', 'n', 'h', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "elevateandprosper.com", true */ 'e', 'l', 'e', 'v', 'a', 't', 'e', 'a', 'n', 'd', 'p', 'r', 'o', 's', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "elexel.ru", true */ 'e', 'l', 'e', 'x', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "elexprimidor.com", true */ 'e', 'l', 'e', 'x', 'p', 'r', 'i', 'm', 'i', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "elgosblanc.com", false */ 'e', 'l', 'g', 'o', 's', 'b', 'l', 'a', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "elguadia.faith", true */ 'e', 'l', 'g', 'u', 'a', 'd', 'i', 'a', '.', 'f', 'a', 'i', 't', 'h', '\0',
+  /* "elhall.pro", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'p', 'r', 'o', '\0',
+  /* "elhall.ru", true */ 'e', 'l', 'h', 'a', 'l', 'l', '.', 'r', 'u', '\0',
+  /* "elhamadimi.com", true */ 'e', 'l', 'h', 'a', 'm', 'a', 'd', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "elhossari.com", true */ 'e', 'l', 'h', 'o', 's', 's', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "elias-nicolas.com", true */ 'e', 'l', 'i', 'a', 's', '-', 'n', 'i', 'c', 'o', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "elifesciences.org", true */ 'e', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eligible.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eligibleapi.com", true */ 'e', 'l', 'i', 'g', 'i', 'b', 'l', 'e', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eligrey.com", true */ 'e', 'l', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elijahgrey.com", true */ 'e', 'l', 'i', 'j', 'a', 'h', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elinevanhaaften.nl", true */ 'e', 'l', 'i', 'n', 'e', 'v', 'a', 'n', 'h', 'a', 'a', 'f', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "elinvention.ovh", true */ 'e', 'l', 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'o', 'v', 'h', '\0',
+  /* "eliott.be", false */ 'e', 'l', 'i', 'o', 't', 't', '.', 'b', 'e', '\0',
+  /* "elisa.ee", false */ 'e', 'l', 'i', 's', 'a', '.', 'e', 'e', '\0',
+  /* "elisabeth-kostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "elisabeth-strunz.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', '-', 's', 't', 'r', 'u', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "elisabethkostecki.de", true */ 'e', 'l', 'i', 's', 'a', 'b', 'e', 't', 'h', 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "elistor6100.xyz", true */ 'e', 'l', 'i', 's', 't', 'o', 'r', '6', '1', '0', '0', '.', 'x', 'y', 'z', '\0',
+  /* "elite-box.com", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "elite-box.org", true */ 'e', 'l', 'i', 't', 'e', '-', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "elite12.de", true */ 'e', 'l', 'i', 't', 'e', '1', '2', '.', 'd', 'e', '\0',
+  /* "elitebouncingfun.com", true */ 'e', 'l', 'i', 't', 'e', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "elitegameservers.net", true */ 'e', 'l', 'i', 't', 'e', 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "elitehosting.de", true */ 'e', 'l', 'i', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "elitesensual.com.br", true */ 'e', 'l', 'i', 't', 'e', 's', 'e', 'n', 's', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "elixir.bzh", true */ 'e', 'l', 'i', 'x', 'i', 'r', '.', 'b', 'z', 'h', '\0',
+  /* "eliyah.co.il", true */ 'e', 'l', 'i', 'y', 'a', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "elizabethbuitrago.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'b', 'u', 'i', 't', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "elizabethgreenfield.com", true */ 'e', 'l', 'i', 'z', 'a', 'b', 'e', 't', 'h', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eljef.me", true */ 'e', 'l', 'j', 'e', 'f', '.', 'm', 'e', '\0',
+  /* "ella-kwikmed.com", false */ 'e', 'l', 'l', 'a', '-', 'k', 'w', 'i', 'k', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ellak.gr", true */ 'e', 'l', 'l', 'a', 'k', '.', 'g', 'r', '\0',
+  /* "ellegaard.dk", true */ 'e', 'l', 'l', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "ellemental.me", true */ 'e', 'l', 'l', 'e', 'm', 'e', 'n', 't', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "ellevit.ch", true */ 'e', 'l', 'l', 'e', 'v', 'i', 't', '.', 'c', 'h', '\0',
+  /* "elliesbouncers.co.uk", true */ 'e', 'l', 'l', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "elliff.net", true */ 'e', 'l', 'l', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "elliot.cat", true */ 'e', 'l', 'l', 'i', 'o', 't', '.', 'c', 'a', 't', '\0',
+  /* "elliotgluck.com", true */ 'e', 'l', 'l', 'i', 'o', 't', 'g', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "elliquiy.com", true */ 'e', 'l', 'l', 'i', 'q', 'u', 'i', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elliriehl.at", true */ 'e', 'l', 'l', 'i', 'r', 'i', 'e', 'h', 'l', '.', 'a', 't', '\0',
+  /* "ellisamusements.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'a', 'm', 'u', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ellisleisure.co.uk", true */ 'e', 'l', 'l', 'i', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ellsinger.me", true */ 'e', 'l', 'l', 's', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "elmermx.ch", true */ 'e', 'l', 'm', 'e', 'r', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "elna-service.com.ua", true */ 'e', 'l', 'n', 'a', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "elnan.do", true */ 'e', 'l', 'n', 'a', 'n', '.', 'd', 'o', '\0',
+  /* "elodieclerc.ch", true */ 'e', 'l', 'o', 'd', 'i', 'e', 'c', 'l', 'e', 'r', 'c', '.', 'c', 'h', '\0',
+  /* "eloge.se", true */ 'e', 'l', 'o', 'g', 'e', '.', 's', 'e', '\0',
+  /* "elosrah.com", true */ 'e', 'l', 'o', 's', 'r', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "elosuite.com", true */ 'e', 'l', 'o', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "elpado.de", true */ 'e', 'l', 'p', 'a', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "elpo.net", true */ 'e', 'l', 'p', 'o', '.', 'n', 'e', 't', '\0',
+  /* "elpoderdelespiritu.org", true */ 'e', 'l', 'p', 'o', 'd', 'e', 'r', 'd', 'e', 'l', 'e', 's', 'p', 'i', 'r', 'i', 't', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "elsensohn.ch", true */ 'e', 'l', 's', 'e', 'n', 's', 'o', 'h', 'n', '.', 'c', 'h', '\0',
+  /* "elsvanderlugt.nl", true */ 'e', 'l', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 'g', 't', '.', 'n', 'l', '\0',
+  /* "eltagroup.co.uk", true */ 'e', 'l', 't', 'a', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eltair.com", true */ 'e', 'l', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eltern-verein.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', '-', 'v', 'e', 'r', 'e', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "elternbeiratswahl.online", true */ 'e', 'l', 't', 'e', 'r', 'n', 'b', 'e', 'i', 'r', 'a', 't', 's', 'w', 'a', 'h', 'l', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "elternforum-birmensdorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'f', 'o', 'r', 'u', 'm', '-', 'b', 'i', 'r', 'm', 'e', 'n', 's', 'd', 'o', 'r', 'f', '.', 'c', 'h', '\0',
+  /* "elternverein-utzenstorf.ch", true */ 'e', 'l', 't', 'e', 'r', 'n', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'u', 't', 'z', 'e', 'n', 's', 't', 'o', 'r', 'f', '.', 'c', 'h', '\0',
+  /* "elucron.com", true */ 'e', 'l', 'u', 'c', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "eluhome.de", true */ 'e', 'l', 'u', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "elvidence.com.au", true */ 'e', 'l', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "elvisripley.com", true */ 'e', 'l', 'v', 'i', 's', 'r', 'i', 'p', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "elwave.org", true */ 'e', 'l', 'w', 'a', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "elxsi.de", true */ 'e', 'l', 'x', 's', 'i', '.', 'd', 'e', '\0',
+  /* "elyasweb.com", true */ 'e', 'l', 'y', 'a', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "elyisus.info", true */ 'e', 'l', 'y', 'i', 's', 'u', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "elytronsecurity.com", true */ 'e', 'l', 'y', 't', 'r', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "em-biotek.cz", true */ 'e', 'm', '-', 'b', 'i', 'o', 't', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "emailconfiguration.com", true */ 'e', 'm', 'a', 'i', 'l', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emailfuermich.de", true */ 'e', 'm', 'a', 'i', 'l', 'f', 'u', 'e', 'r', 'm', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "emailhunter.co", true */ 'e', 'm', 'a', 'i', 'l', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "emailprivacytester.com", true */ 'e', 'm', 'a', 'i', 'l', 'p', 'r', 'i', 'v', 'a', 'c', 'y', 't', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "emailtools.io", true */ 'e', 'm', 'a', 'i', 'l', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "emaily.eu", true */ 'e', 'm', 'a', 'i', 'l', 'y', '.', 'e', 'u', '\0',
+  /* "emanuelduss.ch", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'u', 's', 's', '.', 'c', 'h', '\0',
+  /* "emanuelemazzotta.com", true */ 'e', 'm', 'a', 'n', 'u', 'e', 'l', 'e', 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "emavok.eu", true */ 'e', 'm', 'a', 'v', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "embassycargo.eu", true */ 'e', 'm', 'b', 'a', 's', 's', 'y', 'c', 'a', 'r', 'g', 'o', '.', 'e', 'u', '\0',
+  /* "embox.net", true */ 'e', 'm', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "embraceni.org", true */ 'e', 'm', 'b', 'r', 'a', 'c', 'e', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "embroideryexpress.co.uk", true */ 'e', 'm', 'b', 'r', 'o', 'i', 'd', 'e', 'r', 'y', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "emcspotlight.com", true */ 'e', 'm', 'c', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "emeliefalk.se", true */ 'e', 'm', 'e', 'l', 'i', 'e', 'f', 'a', 'l', 'k', '.', 's', 'e', '\0',
+  /* "emeraldcoastrideshare.com", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'c', 'o', 'a', 's', 't', 'r', 'i', 'd', 'e', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emeraldonion.org", true */ 'e', 'm', 'e', 'r', 'a', 'l', 'd', 'o', 'n', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "emergencyessay.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emergencymedicinefoundations.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emergentvisiontec.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 't', 'v', 'i', 's', 'i', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "emergenzalavoro.com", true */ 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'z', 'a', 'l', 'a', 'v', 'o', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "emero.de", true */ 'e', 'm', 'e', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "emex.ro", true */ 'e', 'm', 'e', 'x', '.', 'r', 'o', '\0',
+  /* "emi-air-comprime.com", true */ 'e', 'm', 'i', '-', 'a', 'i', 'r', '-', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emi.im", true */ 'e', 'm', 'i', '.', 'i', 'm', '\0',
+  /* "emielraaijmakers.nl", true */ 'e', 'm', 'i', 'e', 'l', 'r', 'a', 'a', 'i', 'j', 'm', 'a', 'k', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "emil.click", true */ 'e', 'm', 'i', 'l', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "emilong.com", true */ 'e', 'm', 'i', 'l', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "emilstahl.dk", true */ 'e', 'm', 'i', 'l', 's', 't', 'a', 'h', 'l', '.', 'd', 'k', '\0',
+  /* "emilvarga.com", true */ 'e', 'm', 'i', 'l', 'v', 'a', 'r', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "emilyshepherd.me", true */ 'e', 'm', 'i', 'l', 'y', 's', 'h', 'e', 'p', 'h', 'e', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "eminhuseynov.com", true */ 'e', 'm', 'i', 'n', 'h', 'u', 's', 'e', 'y', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "emirabiz.com", false */ 'e', 'm', 'i', 'r', 'a', 'b', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "emirichardson.com", true */ 'e', 'm', 'i', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emivauthey.com", true */ 'e', 'm', 'i', 'v', 'a', 'u', 't', 'h', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emkanrecords.com", true */ 'e', 'm', 'k', 'a', 'n', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emma-o.com", true */ 'e', 'm', 'm', 'a', '-', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "emmagraystore.com", true */ 'e', 'm', 'm', 'a', 'g', 'r', 'a', 'y', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emmaliddell.com", true */ 'e', 'm', 'm', 'a', 'l', 'i', 'd', 'd', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "emmanuelle-et-julien.ch", true */ 'e', 'm', 'm', 'a', 'n', 'u', 'e', 'l', 'l', 'e', '-', 'e', 't', '-', 'j', 'u', 'l', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "emmdy.com", true */ 'e', 'm', 'm', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "emmehair.com", true */ 'e', 'm', 'm', 'e', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "emoji.bzh", true */ 'e', 'm', 'o', 'j', 'i', '.', 'b', 'z', 'h', '\0',
+  /* "emojiengine.com", true */ 'e', 'm', 'o', 'j', 'i', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "emolafarm.com", true */ 'e', 'm', 'o', 'l', 'a', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "emond-usedcars.net", true */ 'e', 'm', 'o', 'n', 'd', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "emoticonesjaponeses.com", true */ 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 'e', 's', 'j', 'a', 'p', 'o', 'n', 'e', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emotuit.com", true */ 'e', 'm', 'o', 't', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "empathogen.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "empathogens.com", true */ 'e', 'm', 'p', 'a', 't', 'h', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "empathy.ca", true */ 'e', 'm', 'p', 'a', 't', 'h', 'y', '.', 'c', 'a', '\0',
+  /* "emperor-penguin.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "emperor-penguins.com", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '-', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "emperor.blog", true */ 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "empese.com", true */ 'e', 'm', 'p', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "empire24.co", true */ 'e', 'm', 'p', 'i', 'r', 'e', '2', '4', '.', 'c', 'o', '\0',
+  /* "empireauto-2000.com", true */ 'e', 'm', 'p', 'i', 'r', 'e', 'a', 'u', 't', 'o', '-', '2', '0', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "employer.guru", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "employer411.com", true */ 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'r', '4', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "emporiodascalcinhas.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'a', 's', 'c', 'a', 'l', 'c', 'i', 'n', 'h', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiodosperfumes.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'd', 'o', 's', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiopatanegra.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'p', 'a', 't', 'a', 'n', 'e', 'g', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporiovinareal.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'n', 'a', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "emporioviverbem.com.br", true */ 'e', 'm', 'p', 'o', 'r', 'i', 'o', 'v', 'i', 'v', 'e', 'r', 'b', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "empower.net", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "empowerdb.com", true */ 'e', 'm', 'p', 'o', 'w', 'e', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "emprego.pt", true */ 'e', 'm', 'p', 'r', 'e', 'g', 'o', '.', 'p', 't', '\0',
+  /* "emresaglam.com", true */ 'e', 'm', 'r', 'e', 's', 'a', 'g', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "emultiagent.pl", true */ 'e', 'm', 'u', 'l', 't', 'i', 'a', 'g', 'e', 'n', 't', '.', 'p', 'l', '\0',
+  /* "emupedia.net", true */ 'e', 'm', 'u', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "emw3.com", true */ 'e', 'm', 'w', '3', '.', 'c', 'o', 'm', '\0',
+  /* "emyr.net", true */ 'e', 'm', 'y', 'r', '.', 'n', 'e', 't', '\0',
+  /* "en-booster.jp", true */ 'e', 'n', '-', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "en-crypt.me", true */ 'e', 'n', '-', 'c', 'r', 'y', 'p', 't', '.', 'm', 'e', '\0',
+  /* "en-maktoob.search.yahoo.com", false */ 'e', 'n', '-', 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "en4rab.co.uk", true */ 'e', 'n', '4', 'r', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enaim.de", true */ 'e', 'n', 'a', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "enamae.net", true */ 'e', 'n', 'a', 'm', 'a', 'e', '.', 'n', 'e', 't', '\0',
+  /* "encadrer-mon-enfant.com", true */ 'e', 'n', 'c', 'a', 'd', 'r', 'e', 'r', '-', 'm', 'o', 'n', '-', 'e', 'n', 'f', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "encfs.win", true */ 'e', 'n', 'c', 'f', 's', '.', 'w', 'i', 'n', '\0',
+  /* "encircleapp.com", true */ 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "encnet.de", true */ 'e', 'n', 'c', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "encode.host", true */ 'e', 'n', 'c', 'o', 'd', 'e', '.', 'h', 'o', 's', 't', '\0',
+  /* "encoderx.uk", true */ 'e', 'n', 'c', 'o', 'd', 'e', 'r', 'x', '.', 'u', 'k', '\0',
+  /* "encouragemarketing.com", true */ 'e', 'n', 'c', 'o', 'u', 'r', 'a', 'g', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "encredible.de", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "encredible.org", false */ 'e', 'n', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "encretplomb.ch", true */ 'e', 'n', 'c', 'r', 'e', 't', 'p', 'l', 'o', 'm', 'b', '.', 'c', 'h', '\0',
+  /* "encryptallthethings.net", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'a', 'l', 'l', 't', 'h', 'e', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "encrypted.google.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "encryptedaudience.com", true */ 'e', 'n', 'c', 'r', 'y', 'p', 't', 'e', 'd', 'a', 'u', 'd', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "encuentraprecios.es", true */ 'e', 'n', 'c', 'u', 'e', 'n', 't', 'r', 'a', 'p', 'r', 'e', 'c', 'i', 'o', 's', '.', 'e', 's', '\0',
+  /* "endangeredwatch.com", true */ 'e', 'n', 'd', 'a', 'n', 'g', 'e', 'r', 'e', 'd', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "endeal.nl", true */ 'e', 'n', 'd', 'e', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "ender.co.at", true */ 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "endingthedocumentgame.gov", true */ 'e', 'n', 'd', 'i', 'n', 'g', 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'g', 'a', 'm', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "endlessdiy.ca", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'd', 'i', 'y', '.', 'c', 'a', '\0',
+  /* "endlessvideo.com", true */ 'e', 'n', 'd', 'l', 'e', 's', 's', 'v', 'i', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "endofnet.org", true */ 'e', 'n', 'd', 'o', 'f', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "endoftennancycleaning.co.uk", true */ 'e', 'n', 'd', 'o', 'f', 't', 'e', 'n', 'n', 'a', 'n', 'c', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "endohaus.us", true */ 'e', 'n', 'd', 'o', 'h', 'a', 'u', 's', '.', 'u', 's', '\0',
+  /* "enduranceday.be", true */ 'e', 'n', 'd', 'u', 'r', 'a', 'n', 'c', 'e', 'd', 'a', 'y', '.', 'b', 'e', '\0',
+  /* "endzeit-architekten.com", false */ 'e', 'n', 'd', 'z', 'e', 'i', 't', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "enemiesoflight.de", true */ 'e', 'n', 'e', 'm', 'i', 'e', 's', 'o', 'f', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "energie-sante.ch", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', '-', 's', 'a', 'n', 't', 'e', '.', 'c', 'h', '\0',
+  /* "energiekeurplus.nl", true */ 'e', 'n', 'e', 'r', 'g', 'i', 'e', 'k', 'e', 'u', 'r', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0',
+  /* "energisammenslutningen.dk", true */ 'e', 'n', 'e', 'r', 'g', 'i', 's', 'a', 'm', 'm', 'e', 'n', 's', 'l', 'u', 't', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "energy-drink-magazin.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'd', 'r', 'i', 'n', 'k', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "energy-in-balance.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', '-', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "energy-infra.nl", true */ 'e', 'n', 'e', 'r', 'g', 'y', '-', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "energy.eu", true */ 'e', 'n', 'e', 'r', 'g', 'y', '.', 'e', 'u', '\0',
+  /* "energyatlas.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 't', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "energyaupair.se", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'a', 'u', 'p', 'a', 'i', 'r', '.', 's', 'e', '\0',
+  /* "energydrinkblog.de", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'd', 'r', 'i', 'n', 'k', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "energyelephant.com", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "energyled.com.br", true */ 'e', 'n', 'e', 'r', 'g', 'y', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "enersaveapp.org", true */ 'e', 'n', 'e', 'r', 's', 'a', 'v', 'e', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "enersec.co.uk", true */ 'e', 'n', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enet-navigator.de", true */ 'e', 'n', 'e', 't', '-', 'n', 'a', 'v', 'i', 'g', 'a', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "enfantsdelarue.ch", true */ 'e', 'n', 'f', 'a', 'n', 't', 's', 'd', 'e', 'l', 'a', 'r', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "enfield-kitchens.co.uk", true */ 'e', 'n', 'f', 'i', 'e', 'l', 'd', '-', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "enflow.nl", true */ 'e', 'n', 'f', 'l', 'o', 'w', '.', 'n', 'l', '\0',
+  /* "enfoqueseguro.com", true */ 'e', 'n', 'f', 'o', 'q', 'u', 'e', 's', 'e', 'g', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "enfu.se", true */ 'e', 'n', 'f', 'u', '.', 's', 'e', '\0',
+  /* "engarde.net", true */ 'e', 'n', 'g', 'a', 'r', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "engaugetools.com", true */ 'e', 'n', 'g', 'a', 'u', 'g', 'e', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "engelundlicht.ch", true */ 'e', 'n', 'g', 'e', 'l', 'u', 'n', 'd', 'l', 'i', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "engg.ca", true */ 'e', 'n', 'g', 'g', '.', 'c', 'a', '\0',
+  /* "engineowning.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "enginepit.com", true */ 'e', 'n', 'g', 'i', 'n', 'e', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "enginx.net", true */ 'e', 'n', 'g', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "englerts.de", true */ 'e', 'n', 'g', 'l', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "englishbulgaria.net", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'b', 'u', 'l', 'g', 'a', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "englishcast.com.br", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "englishclub.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "englishdirectory.de", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "englishforums.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "englishlol.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 'l', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "englishstudio.com", true */ 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "engvid.com", true */ 'e', 'n', 'g', 'v', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "enigma.swiss", true */ 'e', 'n', 'i', 'g', 'm', 'a', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "enijew.com", true */ 'e', 'n', 'i', 'j', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "enixgaming.com", true */ 'e', 'n', 'i', 'x', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "enjoyphoneblog.it", true */ 'e', 'n', 'j', 'o', 'y', 'p', 'h', 'o', 'n', 'e', 'b', 'l', 'o', 'g', '.', 'i', 't', '\0',
+  /* "enjoystudio.ro", true */ 'e', 'n', 'j', 'o', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'o', '\0',
+  /* "enlatte.com", true */ 'e', 'n', 'l', 'a', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "enlazaresbueno.cl", true */ 'e', 'n', 'l', 'a', 'z', 'a', 'r', 'e', 's', 'b', 'u', 'e', 'n', 'o', '.', 'c', 'l', '\0',
+  /* "enlighten10x.ga", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', '1', '0', 'x', '.', 'g', 'a', '\0',
+  /* "enlightened.si", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', '.', 's', 'i', '\0',
+  /* "enlightenedhr.com", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'e', 'd', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "enlightenment.org", true */ 'e', 'n', 'l', 'i', 'g', 'h', 't', 'e', 'n', 'm', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "enloestatebank.com", true */ 'e', 'n', 'l', 'o', 'e', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ennea-mediation.fr", true */ 'e', 'n', 'n', 'e', 'a', '-', 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "enness.co.uk", true */ 'e', 'n', 'n', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ennori.jp", true */ 'e', 'n', 'n', 'o', 'r', 'i', '.', 'j', 'p', '\0',
+  /* "enoou.com", true */ 'e', 'n', 'o', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "enorekcah.com", true */ 'e', 'n', 'o', 'r', 'e', 'k', 'c', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "enot32.ru", true */ 'e', 'n', 'o', 't', '3', '2', '.', 'r', 'u', '\0',
+  /* "enotecastore.it", true */ 'e', 'n', 'o', 't', 'e', 'c', 'a', 's', 't', 'o', 'r', 'e', '.', 'i', 't', '\0',
+  /* "enquos.com", true */ 'e', 'n', 'q', 'u', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enriquepiraces.com", true */ 'e', 'n', 'r', 'i', 'q', 'u', 'e', 'p', 'i', 'r', 'a', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enrollapp.com", true */ 'e', 'n', 'r', 'o', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ensage.io", true */ 'e', 'n', 's', 'a', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "enscosupply.com", true */ 'e', 'n', 's', 'c', 'o', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ensemble-rubato.de", true */ 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '-', 'r', 'u', 'b', 'a', 't', 'o', '.', 'd', 'e', '\0',
+  /* "enskat.de", true */ 'e', 'n', 's', 'k', 'a', 't', '.', 'd', 'e', '\0',
+  /* "enskatson-sippe.de", true */ 'e', 'n', 's', 'k', 'a', 't', 's', 'o', 'n', '-', 's', 'i', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "ensley.tech", true */ 'e', 'n', 's', 'l', 'e', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "ensons.de", true */ 'e', 'n', 's', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "ensured.com", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ensured.nl", true */ 'e', 'n', 's', 'u', 'r', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "entabe.jp", true */ 'e', 'n', 't', 'a', 'b', 'e', '.', 'j', 'p', '\0',
+  /* "entactogen.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "entactogens.com", true */ 'e', 'n', 't', 'a', 'c', 't', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entaurus.com", true */ 'e', 'n', 't', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "enteente.com", true */ 'e', 'n', 't', 'e', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "enterprisechannel.asia", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'a', 's', 'i', 'a', '\0',
+  /* "enterprisey.enterprises", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 'y', '.', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '\0',
+  /* "enterprivacy.com", true */ 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "entheogens.com", true */ 'e', 'n', 't', 'h', 'e', 'o', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entrainr.com", true */ 'e', 'n', 't', 'r', 'a', 'i', 'n', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "entrecieletpierres.com", true */ 'e', 'n', 't', 'r', 'e', 'c', 'i', 'e', 'l', 'e', 't', 'p', 'i', 'e', 'r', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "entreprise-toiture-clement.fr", true */ 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'c', 'l', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "entropia.de", false */ 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "entryboss.cc", true */ 'e', 'n', 't', 'r', 'y', 'b', 'o', 's', 's', '.', 'c', 'c', '\0',
+  /* "entrypoint.sh", true */ 'e', 'n', 't', 'r', 'y', 'p', 'o', 'i', 'n', 't', '.', 's', 'h', '\0',
+  /* "enuchi.jp", true */ 'e', 'n', 'u', 'c', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "envant.co.uk", true */ 'e', 'n', 'v', 'a', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "envelope.co.nz", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "enveloppenopmaat.nl", true */ 'e', 'n', 'v', 'e', 'l', 'o', 'p', 'p', 'e', 'n', 'o', 'p', 'm', 'a', 'a', 't', '.', 'n', 'l', '\0',
+  /* "envescent.com", true */ 'e', 'n', 'v', 'e', 's', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "enviam.de", true */ 'e', 'n', 'v', 'i', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "enviaya.com.mx", true */ 'e', 'n', 'v', 'i', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "environment.ai", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', '.', 'a', 'i', '\0',
+  /* "environmentkirklees.org", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'n', 'm', 'e', 'n', 't', 'k', 'i', 'r', 'k', 'l', 'e', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "enviroprobasements.com", true */ 'e', 'n', 'v', 'i', 'r', 'o', 'p', 'r', 'o', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "envoyglobal.com", true */ 'e', 'n', 'v', 'o', 'y', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "eocservices.co.uk", true */ 'e', 'o', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eoitek.com", true */ 'e', 'o', 'i', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "eolme.ml", true */ 'e', 'o', 'l', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "eonet.cc", true */ 'e', 'o', 'n', 'e', 't', '.', 'c', 'c', '\0',
+  /* "eonhive.com", true */ 'e', 'o', 'n', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eoonglobalresources.jp", true */ 'e', 'o', 'o', 'n', 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'j', 'p', '\0',
+  /* "eopugetsound.org", false */ 'e', 'o', 'p', 'u', 'g', 'e', 't', 's', 'o', 'u', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "epassafe.com", true */ 'e', 'p', 'a', 's', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "epave.paris", true */ 'e', 'p', 'a', 'v', 'e', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "epay.bg", true */ 'e', 'p', 'a', 'y', '.', 'b', 'g', '\0',
+  /* "epaygateway.net", true */ 'e', 'p', 'a', 'y', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "epi.one", true */ 'e', 'p', 'i', '.', 'o', 'n', 'e', '\0',
+  /* "epic-vistas.com", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epic-vistas.de", true */ 'e', 'p', 'i', 'c', '-', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epicbouncycastlehirenorwich.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'n', 'o', 'r', 'w', 'i', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicbouncycastles.co.uk", true */ 'e', 'p', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicenter.work", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "epicenter.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'e', 'r', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epicentre.works", true */ 'e', 'p', 'i', 'c', 'e', 'n', 't', 'r', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epichouse.net", true */ 'e', 'p', 'i', 'c', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "epicinflatables.co.uk", true */ 'e', 'p', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epickitty.co.uk", true */ 'e', 'p', 'i', 'c', 'k', 'i', 't', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epicpages.com", true */ 'e', 'p', 'i', 'c', 'p', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epicsecure.de", true */ 'e', 'p', 'i', 'c', 's', 'e', 'c', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "epicsoft.de", true */ 'e', 'p', 'i', 'c', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "epicvistas.com", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epicvistas.de", true */ 'e', 'p', 'i', 'c', 'v', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epicwalnutcreek.com", true */ 'e', 'p', 'i', 'c', 'w', 'a', 'l', 'n', 'u', 't', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "epilis.gr", true */ 'e', 'p', 'i', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "epiphyte.network", true */ 'e', 'p', 'i', 'p', 'h', 'y', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "epistas.com", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "epistas.de", true */ 'e', 'p', 'i', 's', 't', 'a', 's', '.', 'd', 'e', '\0',
+  /* "epitesz.co", true */ 'e', 'p', 'i', 't', 'e', 's', 'z', '.', 'c', 'o', '\0',
+  /* "epiteugma.com", true */ 'e', 'p', 'i', 't', 'e', 'u', 'g', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "epizentrum.work", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "epizentrum.works", true */ 'e', 'p', 'i', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "epmcentroitalia.it", true */ 'e', 'p', 'm', 'c', 'e', 'n', 't', 'r', 'o', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "epoch.com", true */ 'e', 'p', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "epolitiker.com", true */ 'e', 'p', 'o', 'l', 'i', 't', 'i', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "epos-distributor.co.uk", true */ 'e', 'p', 'o', 's', '-', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbirmingham.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbrighton.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 'g', 'h', 't', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposbristol.co.uk", true */ 'e', 'p', 'o', 's', 'b', 'r', 'i', 's', 't', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposcardiff.co.uk", true */ 'e', 'p', 'o', 's', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposcloud.net", true */ 'e', 'p', 'o', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "eposkent.co.uk", true */ 'e', 'p', 'o', 's', 'k', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposleeds.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposleicester.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'e', 'i', 'c', 'e', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposliverpool.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposlondon.co.uk", true */ 'e', 'p', 'o', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposmidlands.co.uk", true */ 'e', 'p', 'o', 's', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposnewport.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'e', 'w', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposnottingham.co.uk", true */ 'e', 'p', 'o', 's', 'n', 'o', 't', 't', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposreading.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposreview.co.uk", true */ 'e', 'p', 'o', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossheffield.co.uk", true */ 'e', 'p', 'o', 's', 's', 'h', 'e', 'f', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossurrey.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 'r', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossussex.co.uk", true */ 'e', 'p', 'o', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposswansea.co.uk", true */ 'e', 'p', 'o', 's', 's', 'w', 'a', 'n', 's', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epossystems.co.uk", true */ 'e', 'p', 'o', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "epostplus.li", true */ 'e', 'p', 'o', 's', 't', 'p', 'l', 'u', 's', '.', 'l', 'i', '\0',
+  /* "eposwales.co.uk", true */ 'e', 'p', 'o', 's', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eposyork.co.uk", true */ 'e', 'p', 'o', 's', 'y', 'o', 'r', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "eppelblei.lu", true */ 'e', 'p', 'p', 'e', 'l', 'b', 'l', 'e', 'i', '.', 'l', 'u', '\0',
+  /* "eppelpress.lu", true */ 'e', 'p', 'p', 'e', 'l', 'p', 'r', 'e', 's', 's', '.', 'l', 'u', '\0',
+  /* "eprofitacademy.com", true */ 'e', 'p', 'r', 'o', 'f', 'i', 't', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "epsilon.dk", true */ 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "epsorting.cz", true */ 'e', 'p', 's', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "epublibre.org", true */ 'e', 'p', 'u', 'b', 'l', 'i', 'b', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "epulsar.ru", true */ 'e', 'p', 'u', 'l', 's', 'a', 'r', '.', 'r', 'u', '\0',
+  /* "eq-serve.com", true */ 'e', 'q', '-', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eqorg.com", true */ 'e', 'q', 'o', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "equalcloud.com", true */ 'e', 'q', 'u', 'a', 'l', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "equalparts.eu", true */ 'e', 'q', 'u', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'e', 'u', '\0',
+  /* "equidam.com", true */ 'e', 'q', 'u', 'i', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "equinecoaching.ca", true */ 'e', 'q', 'u', 'i', 'n', 'e', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "equinox.io", true */ 'e', 'q', 'u', 'i', 'n', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "equipandoloja.net.br", true */ 'e', 'q', 'u', 'i', 'p', 'a', 'n', 'd', 'o', 'l', 'o', 'j', 'a', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "equipedefrance.tv", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 't', 'v', '\0',
+  /* "equipeferramentas.com.br", true */ 'e', 'q', 'u', 'i', 'p', 'e', 'f', 'e', 'r', 'r', 'a', 'm', 'e', 'n', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "equippers.de", true */ 'e', 'q', 'u', 'i', 'p', 'p', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "equipsupply.com", true */ 'e', 'q', 'u', 'i', 'p', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "er.tl", true */ 'e', 'r', '.', 't', 'l', '\0',
+  /* "erad.fr", true */ 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0',
+  /* "erasmusplusrooms.com", true */ 'e', 'r', 'a', 's', 'm', 'u', 's', 'p', 'l', 'u', 's', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "erath.fr", true */ 'e', 'r', 'a', 't', 'h', '.', 'f', 'r', '\0',
+  /* "erclab.kr", true */ 'e', 'r', 'c', 'l', 'a', 'b', '.', 'k', 'r', '\0',
+  /* "erdethamburgeronsdag.no", true */ 'e', 'r', 'd', 'e', 't', 'h', 'a', 'm', 'b', 'u', 'r', 'g', 'e', 'r', 'o', 'n', 's', 'd', 'a', 'g', '.', 'n', 'o', '\0',
+  /* "ereader.uno", true */ 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'u', 'n', 'o', '\0',
+  /* "erectiepillenwinkel.nl", true */ 'e', 'r', 'e', 'c', 't', 'i', 'e', 'p', 'i', 'l', 'l', 'e', 'n', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "erepublik-deutschland.de", true */ 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'k', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "erethon.com", true */ 'e', 'r', 'e', 't', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "erf-neuilly.com", true */ 'e', 'r', 'f', '-', 'n', 'e', 'u', 'i', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ergo-open.de", true */ 'e', 'r', 'g', 'o', '-', 'o', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ergobyte.eu", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'e', 'u', '\0',
+  /* "ergobyte.gr", true */ 'e', 'r', 'g', 'o', 'b', 'y', 't', 'e', '.', 'g', 'r', '\0',
+  /* "ergovita.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ergovitanet.com.br", true */ 'e', 'r', 'g', 'o', 'v', 'i', 't', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "eriador.io", true */ 'e', 'r', 'i', 'a', 'd', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "ericabrahamsen.net", true */ 'e', 'r', 'i', 'c', 'a', 'b', 'r', 'a', 'h', 'a', 'm', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ericairwin.com", true */ 'e', 'r', 'i', 'c', 'a', 'i', 'r', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ericdiao.com", true */ 'e', 'r', 'i', 'c', 'd', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "erichorstmanshof.nl", true */ 'e', 'r', 'i', 'c', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "ericisaweso.me", true */ 'e', 'r', 'i', 'c', 'i', 's', 'a', 'w', 'e', 's', 'o', '.', 'm', 'e', '\0',
+  /* "ericjohnltd.com", true */ 'e', 'r', 'i', 'c', 'j', 'o', 'h', 'n', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "erick.blog", true */ 'e', 'r', 'i', 'c', 'k', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "ericleuthardt.com", true */ 'e', 'r', 'i', 'c', 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "erico.jp", true */ 'e', 'r', 'i', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "ericoc.com", true */ 'e', 'r', 'i', 'c', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ericwie.se", true */ 'e', 'r', 'i', 'c', 'w', 'i', 'e', '.', 's', 'e', '\0',
+  /* "erigrid.eu", true */ 'e', 'r', 'i', 'g', 'r', 'i', 'd', '.', 'e', 'u', '\0',
+  /* "eriix.org", true */ 'e', 'r', 'i', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "erikheemskerk.nl", true */ 'e', 'r', 'i', 'k', 'h', 'e', 'e', 'm', 's', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "erikhubers.nl", true */ 'e', 'r', 'i', 'k', 'h', 'u', 'b', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "erikseth.de", true */ 'e', 'r', 'i', 'k', 's', 'e', 't', 'h', '.', 'd', 'e', '\0',
+  /* "erinaceinae.com", true */ 'e', 'r', 'i', 'n', 'a', 'c', 'e', 'i', 'n', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "eriner.me", true */ 'e', 'r', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "erinn.io", true */ 'e', 'r', 'i', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "erisrenee.com", true */ 'e', 'r', 'i', 's', 'r', 'e', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "erkaelderbarenaaben.dk", true */ 'e', 'r', 'k', 'a', 'e', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'a', 'a', 'b', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "ernest.ly", true */ 'e', 'r', 'n', 'e', 's', 't', '.', 'l', 'y', '\0',
+  /* "eron.info", true */ 'e', 'r', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "erotic4me.ch", true */ 'e', 'r', 'o', 't', 'i', 'c', '4', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "erotpo.cz", true */ 'e', 'r', 'o', 't', 'p', 'o', '.', 'c', 'z', '\0',
+  /* "erp-band.ru", true */ 'e', 'r', 'p', '-', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "erp.band", true */ 'e', 'r', 'p', '.', 'b', 'a', 'n', 'd', '\0',
+  /* "erpband.ru", true */ 'e', 'r', 'p', 'b', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "erpcargo.com", false */ 'e', 'r', 'p', 'c', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "errietta.me", true */ 'e', 'r', 'r', 'i', 'e', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "errlytics.com", true */ 'e', 'r', 'r', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "error418.nl", true */ 'e', 'r', 'r', 'o', 'r', '4', '1', '8', '.', 'n', 'l', '\0',
+  /* "ers35.com", true */ 'e', 'r', 's', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "ersa-shop.com", true */ 'e', 'r', 's', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ershiwo.com", true */ 'e', 'r', 's', 'h', 'i', 'w', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "erstehilfeprodukte.at", true */ 'e', 'r', 's', 't', 'e', 'h', 'i', 'l', 'f', 'e', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'a', 't', '\0',
+  /* "eru.im", true */ 'e', 'r', 'u', '.', 'i', 'm', '\0',
+  /* "erudicia.com", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "erudicia.de", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "erudicia.es", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'e', 's', '\0',
+  /* "erudicia.fr", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'f', 'r', '\0',
+  /* "erudicia.it", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'i', 't', '\0',
+  /* "erudicia.nl", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "erudicia.se", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 's', 'e', '\0',
+  /* "erudicia.uk", true */ 'e', 'r', 'u', 'd', 'i', 'c', 'i', 'a', '.', 'u', 'k', '\0',
+  /* "erudikum.cz", true */ 'e', 'r', 'u', 'd', 'i', 'k', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "erverydown.ml", true */ 'e', 'r', 'v', 'e', 'r', 'y', 'd', 'o', 'w', 'n', '.', 'm', 'l', '\0',
+  /* "erwanlepape.com", true */ 'e', 'r', 'w', 'a', 'n', 'l', 'e', 'p', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "erwin.saarland", true */ 'e', 'r', 'w', 'i', 'n', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "erwinschmaeh.ch", true */ 'e', 'r', 'w', 'i', 'n', 's', 'c', 'h', 'm', 'a', 'e', 'h', '.', 'c', 'h', '\0',
+  /* "erythroxylum-coca.com", true */ 'e', 'r', 'y', 't', 'h', 'r', 'o', 'x', 'y', 'l', 'u', 'm', '-', 'c', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "es-geenen.de", true */ 'e', 's', '-', 'g', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "es.search.yahoo.com", false */ 'e', 's', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "esaborit.ddns.net", true */ 'e', 's', 'a', 'b', 'o', 'r', 'i', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "esafar.cz", true */ 'e', 's', 'a', 'f', 'a', 'r', '.', 'c', 'z', '\0',
+  /* "esagente.com", true */ 'e', 's', 'a', 'g', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "esailinggear.com", true */ 'e', 's', 'a', 'i', 'l', 'i', 'n', 'g', 'g', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esalesdata.com", true */ 'e', 's', 'a', 'l', 'e', 's', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "esample.info", true */ 'e', 's', 'a', 'm', 'p', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "esb111.net", true */ 'e', 's', 'b', '1', '1', '1', '.', 'n', 'e', 't', '\0',
+  /* "esb112.com", true */ 'e', 's', 'b', '1', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "esb112.net", true */ 'e', 's', 'b', '1', '1', '2', '.', 'n', 'e', 't', '\0',
+  /* "esball.tv", true */ 'e', 's', 'b', 'a', 'l', 'l', '.', 't', 'v', '\0',
+  /* "esball888.net", true */ 'e', 's', 'b', 'a', 'l', 'l', '8', '8', '8', '.', 'n', 'e', 't', '\0',
+  /* "esc.chat", true */ 'e', 's', 'c', '.', 'c', 'h', 'a', 't', '\0',
+  /* "escael.org", true */ 'e', 's', 'c', 'a', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "escapees.com", true */ 'e', 's', 'c', 'a', 'p', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "escapeplaza.de", true */ 'e', 's', 'c', 'a', 'p', 'e', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "escapetalk.nl", true */ 'e', 's', 'c', 'a', 'p', 'e', 't', 'a', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "escargotbistro.com", true */ 'e', 's', 'c', 'a', 'r', 'g', 'o', 't', 'b', 'i', 's', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "escavador.com", true */ 'e', 's', 'c', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esclear.de", true */ 'e', 's', 'c', 'l', 'e', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "escontact.ch", true */ 'e', 's', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "escortdisplay.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "escortmantra.com", true */ 'e', 's', 'c', 'o', 'r', 't', 'm', 'a', 'n', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "escortshotsexy.com", true */ 'e', 's', 'c', 'o', 'r', 't', 's', 'h', 'o', 't', 's', 'e', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "escritoriodearte.com", true */ 'e', 's', 'c', 'r', 'i', 't', 'o', 'r', 'i', 'o', 'd', 'e', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "escueladewordpress.com", true */ 'e', 's', 'c', 'u', 'e', 'l', 'a', 'd', 'e', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "escxtra.com", true */ 'e', 's', 'c', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "escyr.top", true */ 'e', 's', 'c', 'y', 'r', '.', 't', 'o', 'p', '\0',
+  /* "esdenera.com", true */ 'e', 's', 'd', 'e', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "esdiscuss.org", true */ 'e', 's', 'd', 'i', 's', 'c', 'u', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "eseth.de", true */ 'e', 's', 'e', 't', 'h', '.', 'd', 'e', '\0',
+  /* "esg-abi2001.de", true */ 'e', 's', 'g', '-', 'a', 'b', 'i', '2', '0', '0', '1', '.', 'd', 'e', '\0',
+  /* "esh.ink", true */ 'e', 's', 'h', '.', 'i', 'n', 'k', '\0',
+  /* "eshepperd.com", true */ 'e', 's', 'h', 'e', 'p', 'p', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eshop-prices.com", true */ 'e', 's', 'h', 'o', 'p', '-', 'p', 'r', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eshtapay.com", true */ 'e', 's', 'h', 't', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "esibun.net", true */ 'e', 's', 'i', 'b', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "esigmbh.de", true */ 'e', 's', 'i', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "esipublications.com", true */ 'e', 's', 'i', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "esite.ch", true */ 'e', 's', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "eskdale.net", true */ 'e', 's', 'k', 'd', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "eskriett.com", true */ 'e', 's', 'k', 'r', 'i', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "esoa.net", true */ 'e', 's', 'o', 'a', '.', 'n', 'e', 't', '\0',
+  /* "esoko.eu", true */ 'e', 's', 'o', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "esolcourses.com", true */ 'e', 's', 'o', 'l', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "esono.de", true */ 'e', 's', 'o', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "esoterik.link", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "esoterikerforum.de", true */ 'e', 's', 'o', 't', 'e', 'r', 'i', 'k', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "esp-berlin.de", true */ 'e', 's', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "esp.community", true */ 'e', 's', 'p', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "espace-caen.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', '-', 'c', 'a', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "espace.network", true */ 'e', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "espacetemps.ch", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0',
+  /* "espacetheosophie.fr", true */ 'e', 's', 'p', 'a', 'c', 'e', 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "espacio-cultural.com", true */ 'e', 's', 'p', 'a', 'c', 'i', 'o', '-', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "espanol.search.yahoo.com", false */ 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "espanova.com", true */ 'e', 's', 'p', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "espci.fr", true */ 'e', 's', 'p', 'c', 'i', '.', 'f', 'r', '\0',
+  /* "especificosba.com.ar", true */ 'e', 's', 'p', 'e', 'c', 'i', 'f', 'i', 'c', 'o', 's', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "espenandersen.no", true */ 'e', 's', 'p', 'e', 'n', 'a', 'n', 'd', 'e', 'r', 's', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "espgg.org", true */ 'e', 's', 'p', 'g', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "esphigmenou.gr", true */ 'e', 's', 'p', 'h', 'i', 'g', 'm', 'e', 'n', 'o', 'u', '.', 'g', 'r', '\0',
+  /* "espigol.org", true */ 'e', 's', 'p', 'i', 'g', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "esports-network.de", true */ 'e', 's', 'p', 'o', 'r', 't', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "espressivo.com.br", true */ 'e', 's', 'p', 'r', 'e', 's', 's', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "esprit-cloture.fr", true */ 'e', 's', 'p', 'r', 'i', 't', '-', 'c', 'l', 'o', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "espritrait.com", true */ 'e', 's', 'p', 'r', 'i', 't', 'r', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "esquirou-trieves.fr", true */ 'e', 's', 'q', 'u', 'i', 'r', 'o', 'u', '-', 't', 'r', 'i', 'e', 'v', 'e', 's', '.', 'f', 'r', '\0',
+  /* "esquisse.fr", true */ 'e', 's', 'q', 'u', 'i', 's', 's', 'e', '.', 'f', 'r', '\0',
+  /* "ess-cert.ru", true */ 'e', 's', 's', '-', 'c', 'e', 'r', 't', '.', 'r', 'u', '\0',
+  /* "essayforsale.net", true */ 'e', 's', 's', 'a', 'y', 'f', 'o', 'r', 's', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "essayhave.com", true */ 'e', 's', 's', 'a', 'y', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "essaylib.com", true */ 'e', 's', 's', 'a', 'y', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "essaypro.net", true */ 'e', 's', 's', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "essaywriting.biz", true */ 'e', 's', 's', 'a', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "essenceofvitalitydetox.com", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 'o', 'f', 'v', 'i', 't', 'a', 'l', 'i', 't', 'y', 'd', 'e', 't', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "essencesdeprana.org", true */ 'e', 's', 's', 'e', 'n', 'c', 'e', 's', 'd', 'e', 'p', 'r', 'a', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "essential12.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "essentialoilsimports.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 'o', 'i', 'l', 's', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "essentiel-physique.com", true */ 'e', 's', 's', 'e', 'n', 't', 'i', 'e', 'l', '-', 'p', 'h', 'y', 's', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "esseriumani.com", true */ 'e', 's', 's', 'e', 'r', 'i', 'u', 'm', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "essexcosmeticdentists.co.uk", false */ 'e', 's', 's', 'e', 'x', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'd', 'e', 'n', 't', 'i', 's', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "essite.net", true */ 'e', 's', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "esslm.sk", true */ 'e', 's', 's', 'l', 'm', '.', 's', 'k', '\0',
+  /* "essoduke.org", true */ 'e', 's', 's', 'o', 'd', 'u', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "essplusmed.org", true */ 'e', 's', 's', 'p', 'l', 'u', 's', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "essteebee.ch", true */ 'e', 's', 's', 't', 'e', 'e', 'b', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "estafallando.es", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'e', 's', '\0',
+  /* "estafallando.mx", true */ 'e', 's', 't', 'a', 'f', 'a', 'l', 'l', 'a', 'n', 'd', 'o', '.', 'm', 'x', '\0',
+  /* "estaleiro.org", true */ 'e', 's', 't', 'a', 'l', 'e', 'i', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "estan.cn", true */ 'e', 's', 't', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "estateczech-eu.ru", true */ 'e', 's', 't', 'a', 't', 'e', 'c', 'z', 'e', 'c', 'h', '-', 'e', 'u', '.', 'r', 'u', '\0',
+  /* "estcequejailaflemme.fr", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'e', 'j', 'a', 'i', 'l', 'a', 'f', 'l', 'e', 'm', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "estcequonmetenprodaujourdhui.info", true */ 'e', 's', 't', 'c', 'e', 'q', 'u', 'o', 'n', 'm', 'e', 't', 'e', 'n', 'p', 'r', 'o', 'd', 'a', 'u', 'j', 'o', 'u', 'r', 'd', 'h', 'u', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "esteam.se", true */ 'e', 's', 't', 'e', 'a', 'm', '.', 's', 'e', '\0',
+  /* "estespr.com", true */ 'e', 's', 't', 'e', 's', 'p', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "esteticanorte.com.br", true */ 'e', 's', 't', 'e', 't', 'i', 'c', 'a', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estilopack-loja.com.br", true */ 'e', 's', 't', 'i', 'l', 'o', 'p', 'a', 'c', 'k', '-', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estoic.net", true */ 'e', 's', 't', 'o', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "estoniantrade.ee", true */ 'e', 's', 't', 'o', 'n', 'i', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'e', 'e', '\0',
+  /* "estonoentraenelexamen.com", true */ 'e', 's', 't', 'o', 'n', 'o', 'e', 'n', 't', 'r', 'a', 'e', 'n', 'e', 'l', 'e', 'x', 'a', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "estoqueinformatica.com.br", true */ 'e', 's', 't', 'o', 'q', 'u', 'e', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "estrietoit.com", false */ 'e', 's', 't', 'r', 'i', 'e', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eswap.cz", true */ 'e', 's', 'w', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "etaes.eu", true */ 'e', 't', 'a', 'e', 's', '.', 'e', 'u', '\0',
+  /* "etalent.net", true */ 'e', 't', 'a', 'l', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "etaoinwu.win", true */ 'e', 't', 'a', 'o', 'i', 'n', 'w', 'u', '.', 'w', 'i', 'n', '\0',
+  /* "etath.com", true */ 'e', 't', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "etaxi.tn", true */ 'e', 't', 'a', 'x', 'i', '.', 't', 'n', '\0',
+  /* "etccooperative.org", true */ 'e', 't', 'c', 'c', 'o', 'o', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eteapparel.com", true */ 'e', 't', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "eteesheet.com", true */ 'e', 't', 'e', 'e', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "etelej.com", false */ 'e', 't', 'e', 'l', 'e', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "etenendrinken.nu", true */ 'e', 't', 'e', 'n', 'e', 'n', 'd', 'r', 'i', 'n', 'k', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "eternalabyss.int.eu.org", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'b', 'y', 's', 's', '.', 'i', 'n', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "eternalsymbols.com", true */ 'e', 't', 'e', 'r', 'n', 'a', 'l', 's', 'y', 'm', 'b', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eternit.roma.it", true */ 'e', 't', 'e', 'r', 'n', 'i', 't', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "eth-faucet.net", true */ 'e', 't', 'h', '-', 'f', 'a', 'u', 'c', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "eth0.nl", true */ 'e', 't', 'h', '0', '.', 'n', 'l', '\0',
+  /* "etha.nz", true */ 'e', 't', 'h', 'a', '.', 'n', 'z', '\0',
+  /* "ethack.org", true */ 'e', 't', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ethaligan.fr", true */ 'e', 't', 'h', 'a', 'l', 'i', 'g', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "ethan.pm", true */ 'e', 't', 'h', 'a', 'n', '.', 'p', 'm', '\0',
+  /* "ethanfaust.com", true */ 'e', 't', 'h', 'a', 'n', 'f', 'a', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ethanlew.is", true */ 'e', 't', 'h', 'a', 'n', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "ethercalc.com", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ethercalc.org", true */ 'e', 't', 'h', 'e', 'r', 'c', 'a', 'l', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "etherpad.nl", true */ 'e', 't', 'h', 'e', 'r', 'p', 'a', 'd', '.', 'n', 'l', '\0',
+  /* "ethicaldata.co.uk", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 'd', 'a', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ethicaltek.com", true */ 'e', 't', 'h', 'i', 'c', 'a', 'l', 't', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ethicsburg.gov", true */ 'e', 't', 'h', 'i', 'c', 's', 'b', 'u', 'r', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "ethika.com", true */ 'e', 't', 'h', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ethiopian.dating", true */ 'e', 't', 'h', 'i', 'o', 'p', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "ethitter.com", true */ 'e', 't', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ethosinfo.com", true */ 'e', 't', 'h', 'o', 's', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "etidni.help", true */ 'e', 't', 'i', 'd', 'n', 'i', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "etienne.cc", true */ 'e', 't', 'i', 'e', 'n', 'n', 'e', '.', 'c', 'c', '\0',
+  /* "etincelle.ml", true */ 'e', 't', 'i', 'n', 'c', 'e', 'l', 'l', 'e', '.', 'm', 'l', '\0',
+  /* "etiquetaunica.com.br", true */ 'e', 't', 'i', 'q', 'u', 'e', 't', 'a', 'u', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "etkaddict.com", true */ 'e', 't', 'k', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "etoile-usedcars.com", true */ 'e', 't', 'o', 'i', 'l', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "etre-soi.ch", true */ 'e', 't', 'r', 'e', '-', 's', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "etre-vivant.fr", true */ 'e', 't', 'r', 'e', '-', 'v', 'i', 'v', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "etudesbibliques.fr", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'f', 'r', '\0',
+  /* "etudesbibliques.net", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "etudesbibliques.org", true */ 'e', 't', 'u', 'd', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'q', 'u', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "etv.cx", true */ 'e', 't', 'v', '.', 'c', 'x', '\0',
+  /* "etyd.org", true */ 'e', 't', 'y', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "etys.no", true */ 'e', 't', 'y', 's', '.', 'n', 'o', '\0',
+  /* "etzi.myds.me", true */ 'e', 't', 'z', 'i', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0',
+  /* "euchre.us", true */ 'e', 'u', 'c', 'h', 'r', 'e', '.', 'u', 's', '\0',
+  /* "eugenekay.com", true */ 'e', 'u', 'g', 'e', 'n', 'e', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "eugenetech.org", true */ 'e', 'u', 'g', 'e', 'n', 'e', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "eujuicers.bg", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'b', 'g', '\0',
+  /* "eujuicers.com", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eujuicers.com.hr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'h', 'r', '\0',
+  /* "eujuicers.com.tr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "eujuicers.com.ua", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "eujuicers.cz", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'c', 'z', '\0',
+  /* "eujuicers.de", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "eujuicers.es", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "eujuicers.fr", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "eujuicers.hu", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'h', 'u', '\0',
+  /* "eujuicers.it", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'i', 't', '\0',
+  /* "eujuicers.pl", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 'l', '\0',
+  /* "eujuicers.pt", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'p', 't', '\0',
+  /* "eujuicers.ro", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'o', '\0',
+  /* "eujuicers.rs", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 's', '\0',
+  /* "eujuicers.ru", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 'r', 'u', '\0',
+  /* "eujuicers.si", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'i', '\0',
+  /* "eujuicers.sk", true */ 'e', 'u', 'j', 'u', 'i', 'c', 'e', 'r', 's', '.', 's', 'k', '\0',
+  /* "eulenleben.de", true */ 'e', 'u', 'l', 'e', 'n', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "eung.ga", true */ 'e', 'u', 'n', 'g', '.', 'g', 'a', '\0',
+  /* "eupay.de", true */ 'e', 'u', 'p', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "euph.eu", true */ 'e', 'u', 'p', 'h', '.', 'e', 'u', '\0',
+  /* "eupresidency2018.com", true */ 'e', 'u', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'y', '2', '0', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "eureka.archi", true */ 'e', 'u', 'r', 'e', 'k', 'a', '.', 'a', 'r', 'c', 'h', 'i', '\0',
+  /* "eurekaarchi.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "eurekaarchitecture.com", true */ 'e', 'u', 'r', 'e', 'k', 'a', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "euroalter.com", true */ 'e', 'u', 'r', 'o', 'a', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "eurocomcompany.cz", true */ 'e', 'u', 'r', 'o', 'c', 'o', 'm', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "europapier.at", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'a', 't', '\0',
+  /* "europapier.ba", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'a', '\0',
+  /* "europapier.bg", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'b', 'g', '\0',
+  /* "europapier.com", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "europapier.cz", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "europapier.hr", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'r', '\0',
+  /* "europapier.hu", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'h', 'u', '\0',
+  /* "europapier.net", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "europapier.rs", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'r', 's', '\0',
+  /* "europapier.si", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'i', '\0',
+  /* "europapier.sk", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 's', 'k', '\0',
+  /* "europapier.ua", true */ 'e', 'u', 'r', 'o', 'p', 'a', 'p', 'i', 'e', 'r', '.', 'u', 'a', '\0',
+  /* "europastudien.de", true */ 'e', 'u', 'r', 'o', 'p', 'a', 's', 't', 'u', 'd', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "european-agency.org", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "europeantransportmanagement.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "europeanwineresource.com", true */ 'e', 'u', 'r', 'o', 'p', 'e', 'a', 'n', 'w', 'i', 'n', 'e', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "europop.com", true */ 'e', 'u', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eurora.de", true */ 'e', 'u', 'r', 'o', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "euroscot.de", true */ 'e', 'u', 'r', 'o', 's', 'c', 'o', 't', '.', 'd', 'e', '\0',
+  /* "euroshop.or.at", true */ 'e', 'u', 'r', 'o', 's', 'h', 'o', 'p', '.', 'o', 'r', '.', 'a', 't', '\0',
+  /* "eurotime.ua", true */ 'e', 'u', 'r', 'o', 't', 'i', 'm', 'e', '.', 'u', 'a', '\0',
+  /* "eurotramp.com", true */ 'e', 'u', 'r', 'o', 't', 'r', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "eurovision.ie", true */ 'e', 'u', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '.', 'i', 'e', '\0',
+  /* "eutram.com", true */ 'e', 'u', 't', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "eva.cz", true */ 'e', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "evaartinger.de", true */ 'e', 'v', 'a', 'a', 'r', 't', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "evades.io", true */ 'e', 'v', 'a', 'd', 'e', 's', '.', 'i', 'o', '\0',
+  /* "evailoil.ee", true */ 'e', 'v', 'a', 'i', 'l', 'o', 'i', 'l', '.', 'e', 'e', '\0',
+  /* "evalesc.com", true */ 'e', 'v', 'a', 'l', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "evanfiddes.com", true */ 'e', 'v', 'a', 'n', 'f', 'i', 'd', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evangelosm.com", true */ 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'o', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "evantage.org", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "evantageglobal.com", true */ 'e', 'v', 'a', 'n', 't', 'a', 'g', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "evapp.org", true */ 'e', 'v', 'a', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "evasion-energie.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "evasioncreole.com", true */ 'e', 'v', 'a', 's', 'i', 'o', 'n', 'c', 'r', 'e', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "evasovova.cz", true */ 'e', 'v', 'a', 's', 'o', 'v', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "eve0s.com", true */ 'e', 'v', 'e', '0', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evegalaxy.net", true */ 'e', 'v', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'n', 'e', 't', '\0',
+  /* "evelienzorgt.nl", true */ 'e', 'v', 'e', 'l', 'i', 'e', 'n', 'z', 'o', 'r', 'g', 't', '.', 'n', 'l', '\0',
+  /* "evelyndayman.com", true */ 'e', 'v', 'e', 'l', 'y', 'n', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "event4fun.no", true */ 'e', 'v', 'e', 'n', 't', '4', 'f', 'u', 'n', '.', 'n', 'o', '\0',
+  /* "eventaro.com", true */ 'e', 'v', 'e', 'n', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eventive.org", true */ 'e', 'v', 'e', 'n', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "eventmake.es", true */ 'e', 'v', 'e', 'n', 't', 'm', 'a', 'k', 'e', '.', 'e', 's', '\0',
+  /* "eventosenmendoza.com.ar", true */ 'e', 'v', 'e', 'n', 't', 'o', 's', 'e', 'n', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "events-hire.co.uk", true */ 'e', 'v', 'e', 'n', 't', 's', '-', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ever.sale", true */ 'e', 'v', 'e', 'r', '.', 's', 'a', 'l', 'e', '\0',
+  /* "everain.me", true */ 'e', 'v', 'e', 'r', 'a', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "everfine.com.tw", true */ 'e', 'v', 'e', 'r', 'f', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "evergladesrestoration.gov", true */ 'e', 'v', 'e', 'r', 'g', 'l', 'a', 'd', 'e', 's', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "everhome.de", true */ 'e', 'v', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "everling.lu", true */ 'e', 'v', 'e', 'r', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0',
+  /* "everlong.org", true */ 'e', 'v', 'e', 'r', 'l', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "evertonarentwe.com", true */ 'e', 'v', 'e', 'r', 't', 'o', 'n', 'a', 'r', 'e', 'n', 't', 'w', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "everwaking.com", false */ 'e', 'v', 'e', 'r', 'w', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "everyarti.st", true */ 'e', 'v', 'e', 'r', 'y', 'a', 'r', 't', 'i', '.', 's', 't', '\0',
+  /* "everybodyhertz.co.uk", true */ 'e', 'v', 'e', 'r', 'y', 'b', 'o', 'd', 'y', 'h', 'e', 'r', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "everyday.eu.org", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "everydaywot.com", true */ 'e', 'v', 'e', 'r', 'y', 'd', 'a', 'y', 'w', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "everyex.com", true */ 'e', 'v', 'e', 'r', 'y', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "everygayporn.com", true */ 'e', 'v', 'e', 'r', 'y', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "everymove.org", true */ 'e', 'v', 'e', 'r', 'y', 'm', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "everytruckjob.com", true */ 'e', 'v', 'e', 'r', 'y', 't', 'r', 'u', 'c', 'k', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "everywhere.cloud", true */ 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "eveshamglass.co.uk", true */ 'e', 'v', 'e', 's', 'h', 'a', 'm', 'g', 'l', 'a', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evexia.xyz", true */ 'e', 'v', 'e', 'x', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "evidence-based.review", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', '-', 'b', 'a', 's', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "evidencebased.net", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'b', 'a', 's', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "evidenceusa.com.br", true */ 'e', 'v', 'i', 'd', 'e', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "evilarmy.com", true */ 'e', 'v', 'i', 'l', 'a', 'r', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "evilized.de", true */ 'e', 'v', 'i', 'l', 'i', 'z', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "evilvolcanolairs.com", true */ 'e', 'v', 'i', 'l', 'v', 'o', 'l', 'c', 'a', 'n', 'o', 'l', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evio.com", true */ 'e', 'v', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "evion.nl", true */ 'e', 'v', 'i', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "evlear.com", true */ 'e', 'v', 'l', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "evodation.com", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "evodation.org", true */ 'e', 'v', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "evok.com.co", false */ 'e', 'v', 'o', 'k', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "evolutionexpeditions.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'e', 'x', 'p', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evolutioninflatables.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evolutionlending.co.uk", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'l', 'e', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "evolutionpets.com", true */ 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evonews.com", true */ 'e', 'v', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evony.eu", true */ 'e', 'v', 'o', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "evosyn.com", true */ 'e', 'v', 'o', 's', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "evotec.pl", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "evotec.xyz", true */ 'e', 'v', 'o', 't', 'e', 'c', '.', 'x', 'y', 'z', '\0',
+  /* "evrial.com", true */ 'e', 'v', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "evrica.me", true */ 'e', 'v', 'r', 'i', 'c', 'a', '.', 'm', 'e', '\0',
+  /* "evstatus.com", true */ 'e', 'v', 's', 't', 'a', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "evtripping.com", true */ 'e', 'v', 't', 'r', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ewanm89.co.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ewanm89.com", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "ewanm89.uk", true */ 'e', 'w', 'a', 'n', 'm', '8', '9', '.', 'u', 'k', '\0',
+  /* "ewe2.ninja", true */ 'e', 'w', 'e', '2', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "ewie.name", true */ 'e', 'w', 'i', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ewizmo.com", true */ 'e', 'w', 'i', 'z', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eworksmedia.com", true */ 'e', 'w', 'o', 'r', 'k', 's', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ewout.io", true */ 'e', 'w', 'o', 'u', 't', '.', 'i', 'o', '\0',
+  /* "ewsfeed.com", true */ 'e', 'w', 's', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ewuchuan.com", true */ 'e', 'w', 'u', 'c', 'h', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ewus.de", true */ 'e', 'w', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ewycena.pl", true */ 'e', 'w', 'y', 'c', 'e', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "exactlyinfinite.com", true */ 'e', 'x', 'a', 'c', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "exactphilosophy.net", true */ 'e', 'x', 'a', 'c', 't', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'n', 'e', 't', '\0',
+  /* "example.sc", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 's', 'c', '\0',
+  /* "example.wf", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'w', 'f', '\0',
+  /* "exampleessays.com", true */ 'e', 'x', 'a', 'm', 'p', 'l', 'e', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exaplac.com", true */ 'e', 'x', 'a', 'p', 'l', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "exceed.global", true */ 'e', 'x', 'c', 'e', 'e', 'd', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "exceltobarcode.com", true */ 'e', 'x', 'c', 'e', 'l', 't', 'o', 'b', 'a', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "excentos.com", true */ 'e', 'x', 'c', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exceptionalservers.com", true */ 'e', 'x', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "excessamerica.com", true */ 'e', 'x', 'c', 'e', 's', 's', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exchangecoordinator.com", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'r', 'd', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exchangeworks.co", true */ 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '\0',
+  /* "exclusivebouncycastles.co.uk", true */ 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "exdamo.de", true */ 'e', 'x', 'd', 'a', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "exe-boss.tech", true */ 'e', 'x', 'e', '-', 'b', 'o', 's', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "exebouncycastles.co.uk", true */ 'e', 'x', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "exehack.net", true */ 'e', 'x', 'e', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "exeintel.com", true */ 'e', 'x', 'e', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "exekutori.com", true */ 'e', 'x', 'e', 'k', 'u', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "exembit.com", true */ 'e', 'x', 'e', 'm', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "exemples-de-stands.com", true */ 'e', 'x', 'e', 'm', 'p', 'l', 'e', 's', '-', 'd', 'e', '-', 's', 't', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exeria.de", true */ 'e', 'x', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "exgaywatch.com", true */ 'e', 'x', 'g', 'a', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "exgen.io", true */ 'e', 'x', 'g', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "exhalespa.com", true */ 'e', 'x', 'h', 'a', 'l', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exhibityour.com", true */ 'e', 'x', 'h', 'i', 'b', 'i', 't', 'y', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exiahost.com", true */ 'e', 'x', 'i', 'a', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "exit9wineandliquor.com", true */ 'e', 'x', 'i', 't', '9', 'w', 'i', 'n', 'e', 'a', 'n', 'd', 'l', 'i', 'q', 'u', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exmoe.com", true */ 'e', 'x', 'm', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "exon.io", true */ 'e', 'x', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "exoscale.ch", true */ 'e', 'x', 'o', 's', 'c', 'a', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "exoticads.com", true */ 'e', 'x', 'o', 't', 'i', 'c', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "exousiakaidunamis.pw", true */ 'e', 'x', 'o', 'u', 's', 'i', 'a', 'k', 'a', 'i', 'd', 'u', 'n', 'a', 'm', 'i', 's', '.', 'p', 'w', '\0',
+  /* "exp.de", true */ 'e', 'x', 'p', '.', 'd', 'e', '\0',
+  /* "expancio.com", true */ 'e', 'x', 'p', 'a', 'n', 'c', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "expandeco.com", true */ 'e', 'x', 'p', 'a', 'n', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "expatads.com", true */ 'e', 'x', 'p', 'a', 't', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "expatmortgage.uk", true */ 'e', 'x', 'p', 'a', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'u', 'k', '\0',
+  /* "expatriate.pl", true */ 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'p', 'l', '\0',
+  /* "expecting.com.br", true */ 'e', 'x', 'p', 'e', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "experienceoz.com.au", true */ 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "expert-korovin.ru", true */ 'e', 'x', 'p', 'e', 'r', 't', '-', 'k', 'o', 'r', 'o', 'v', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "expert.cz", true */ 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'z', '\0',
+  /* "experteasy.com.au", true */ 'e', 'x', 'p', 'e', 'r', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "experticon.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "experts-en-gestion.fr", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', '-', 'e', 'n', '-', 'g', 'e', 's', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "expertsverts.com", true */ 'e', 'x', 'p', 'e', 'r', 't', 's', 'v', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "explodie.org", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "explodingcamera.com", true */ 'e', 'x', 'p', 'l', 'o', 'd', 'i', 'n', 'g', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "exploflex.com.br", true */ 'e', 'x', 'p', 'l', 'o', 'f', 'l', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "exploit.cz", false */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'c', 'z', '\0',
+  /* "exploit.party", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "exploit.ph", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', '.', 'p', 'h', '\0',
+  /* "exploited.cz", true */ 'e', 'x', 'p', 'l', 'o', 'i', 't', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "exploodo.rocks", true */ 'e', 'x', 'p', 'l', 'o', 'o', 'd', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "exploravacations.in", true */ 'e', 'x', 'p', 'l', 'o', 'r', 'a', 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'n', '\0',
+  /* "expo-america.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'r', 'u', '\0',
+  /* "expo-asia.ru", true */ 'e', 'x', 'p', 'o', '-', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "expo-europe.ru", true */ 'e', 'x', 'p', 'o', '-', 'e', 'u', 'r', 'o', 'p', 'e', '.', 'r', 'u', '\0',
+  /* "expokohler.com", true */ 'e', 'x', 'p', 'o', 'k', 'o', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "exponentialnews.net", true */ 'e', 'x', 'p', 'o', 'n', 'e', 'n', 't', 'i', 'a', 'l', 'n', 'e', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "exporta.cz", true */ 'e', 'x', 'p', 'o', 'r', 't', 'a', '.', 'c', 'z', '\0',
+  /* "expoundite.net", true */ 'e', 'x', 'p', 'o', 'u', 'n', 'd', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "expowerhps.com", true */ 'e', 'x', 'p', 'o', 'w', 'e', 'r', 'h', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "express-shina.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 's', 'h', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "express-vpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', '-', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "expressemotion.net", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "expresshosting.org", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "expressmarket.ru", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'm', 'a', 'r', 'k', 'e', 't', '.', 'r', 'u', '\0',
+  /* "expresstinte.de", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 't', 'i', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "expressvpn.com", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "expresswins.co.uk", true */ 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "expxkcd.com", true */ 'e', 'x', 'p', 'x', 'k', 'c', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "exs.lv", true */ 'e', 'x', 's', '.', 'l', 'v', '\0',
+  /* "exside.com", true */ 'e', 'x', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "extasic.com", true */ 'e', 'x', 't', 'a', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "extendwings.com", true */ 'e', 'x', 't', 'e', 'n', 'd', 'w', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extensiblewebmanifesto.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'm', 'a', 'n', 'i', 'f', 'e', 's', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "extensiblewebreportcard.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', 'c', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "extensiblewebsummit.org", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'b', 'l', 'e', 'w', 'e', 'b', 's', 'u', 'm', 'm', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "extensiontree.com", true */ 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "extradesktops.com", false */ 'e', 'x', 't', 'r', 'a', 'd', 'e', 's', 'k', 't', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extramoney.cash", true */ 'e', 'x', 't', 'r', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'a', 's', 'h', '\0',
+  /* "extranetpuc.com.br", true */ 'e', 'x', 't', 'r', 'a', 'n', 'e', 't', 'p', 'u', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "extrapagetab.com", true */ 'e', 'x', 't', 'r', 'a', 'p', 'a', 'g', 'e', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "extratorrent.cool", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "extratorrent.fyi", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'y', 'i', '\0',
+  /* "extratorrent.red", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'e', 'd', '\0',
+  /* "extratorrent.world", true */ 'e', 'x', 't', 'r', 'a', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "extreme-gaming.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "extreme-gaming.us", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "extreme-players.com", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "extreme-players.de", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', '-', 'p', 'l', 'a', 'y', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "extrememanual.net", true */ 'e', 'x', 't', 'r', 'e', 'm', 'e', 'm', 'a', 'n', 'u', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "exvs.org", true */ 'e', 'x', 'v', 's', '.', 'o', 'r', 'g', '\0',
+  /* "exyplis.com", true */ 'e', 'x', 'y', 'p', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eydesignguidelines.com", true */ 'e', 'y', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eyecandy.gr", true */ 'e', 'y', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'g', 'r', '\0',
+  /* "eyeglasses.com", false */ 'e', 'y', 'e', 'g', 'l', 'a', 's', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "eyelashconcept.com", true */ 'e', 'y', 'e', 'l', 'a', 's', 'h', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "eyeonid.com", true */ 'e', 'y', 'e', 'o', 'n', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "eyep.me", true */ 'e', 'y', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "eyes-berg.ch", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "eyes-berg.com", true */ 'e', 'y', 'e', 's', '-', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "eynio.com", true */ 'e', 'y', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "eyps.net", true */ 'e', 'y', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "ez3d.eu", true */ 'e', 'z', '3', 'd', '.', 'e', 'u', '\0',
+  /* "ezakazivanje.rs", true */ 'e', 'z', 'a', 'k', 'a', 'z', 'i', 'v', 'a', 'n', 'j', 'e', '.', 'r', 's', '\0',
+  /* "ezdog.press", true */ 'e', 'z', 'd', 'o', 'g', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "ezequiel-garzon.net", true */ 'e', 'z', 'e', 'q', 'u', 'i', 'e', 'l', '-', 'g', 'a', 'r', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ezgif.com", true */ 'e', 'z', 'g', 'i', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ezhik-din.ru", true */ 'e', 'z', 'h', 'i', 'k', '-', 'd', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "eznfe.com", true */ 'e', 'z', 'n', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ezorgportaal.nl", true */ 'e', 'z', 'o', 'r', 'g', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "ezwritingservice.com", true */ 'e', 'z', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f-be.com", true */ 'f', '-', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f-droid.org", true */ 'f', '-', 'd', 'r', 'o', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "f-hd.net", true */ 'f', '-', 'h', 'd', '.', 'n', 'e', 't', '\0',
+  /* "f-thie.de", true */ 'f', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "f00.fr", true */ 'f', '0', '0', '.', 'f', 'r', '\0',
+  /* "f1bigpicture.com", true */ 'f', '1', 'b', 'i', 'g', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f1classement.com", true */ 'f', '1', 'c', 'l', 'a', 's', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "f1fever.co.uk", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "f1fever.net", true */ 'f', '1', 'f', 'e', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "f1minute.com", true */ 'f', '1', 'm', 'i', 'n', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "f42.net", true */ 'f', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "f43.me", true */ 'f', '4', '3', '.', 'm', 'e', '\0',
+  /* "f5movies.top", true */ 'f', '5', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', 'p', '\0',
+  /* "f5nu.com", true */ 'f', '5', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "f5w.de", true */ 'f', '5', 'w', '.', 'd', 'e', '\0',
+  /* "f9digital.com", true */ 'f', '9', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fa-works.com", true */ 'f', 'a', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "faber.org.ru", true */ 'f', 'a', 'b', 'e', 'r', '.', 'o', 'r', 'g', '.', 'r', 'u', '\0',
+  /* "faberusa.com", true */ 'f', 'a', 'b', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fabian-fingerle.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'f', 'i', 'n', 'g', 'e', 'r', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "fabian-koeppen.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fabianackle.ch", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 'c', 'k', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "fabianasantiago.com", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'a', 's', 'a', 'n', 't', 'i', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fabianfranke.de", true */ 'f', 'a', 'b', 'i', 'a', 'n', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "fabienbaker.com", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fabienne-roux.org", true */ 'f', 'a', 'b', 'i', 'e', 'n', 'n', 'e', '-', 'r', 'o', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "fabiobier.com", true */ 'f', 'a', 'b', 'i', 'o', 'b', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fableforge.nl", true */ 'f', 'a', 'b', 'l', 'e', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "fabriceleroux.com", true */ 'f', 'a', 'b', 'r', 'i', 'c', 'e', 'l', 'e', 'r', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "fabriziorocca.it", true */ 'f', 'a', 'b', 'r', 'i', 'z', 'i', 'o', 'r', 'o', 'c', 'c', 'a', '.', 'i', 't', '\0',
+  /* "fabrysociety.org", true */ 'f', 'a', 'b', 'r', 'y', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "fabse.net", true */ 'f', 'a', 'b', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fabulouslyyouthfulskin.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fabulouslyyouthfulskineyeserum.com", true */ 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'l', 'y', 'y', 'o', 'u', 't', 'h', 'f', 'u', 'l', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "facanabota.com", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "facanabota.com.br", true */ 'f', 'a', 'c', 'a', 'n', 'a', 'b', 'o', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "facciadastile.it", true */ 'f', 'a', 'c', 'c', 'i', 'a', 'd', 'a', 's', 't', 'i', 'l', 'e', '.', 'i', 't', '\0',
+  /* "facealacrise.fr", true */ 'f', 'a', 'c', 'e', 'a', 'l', 'a', 'c', 'r', 'i', 's', 'e', '.', 'f', 'r', '\0',
+  /* "facebattle.com", true */ 'f', 'a', 'c', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "facebook-atom.appspot.com", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "facebook.com", false */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "facebooktsukaikata.net", true */ 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', 't', 's', 'u', 'k', 'a', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "facebylouise.co.uk", true */ 'f', 'a', 'c', 'e', 'b', 'y', 'l', 'o', 'u', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "facepalmsecurity.com", true */ 'f', 'a', 'c', 'e', 'p', 'a', 'l', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "facepunch.org", true */ 'f', 'a', 'c', 'e', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "facerepo.com", true */ 'f', 'a', 'c', 'e', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "facesnf.com", true */ 'f', 'a', 'c', 'e', 's', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "fach-journalist.de", true */ 'f', 'a', 'c', 'h', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "fachschaft-informatik.de", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "fachschaftslisten.at", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "fachschaftslisten.org", true */ 'f', 'a', 'c', 'h', 's', 'c', 'h', 'a', 'f', 't', 's', 'l', 'i', 's', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "facialexercising.com", true */ 'f', 'a', 'c', 'i', 'a', 'l', 'e', 'x', 'e', 'r', 'c', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "faciledireto.com.br", true */ 'f', 'a', 'c', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "facilitiessurvey.org", true */ 'f', 'a', 'c', 'i', 'l', 'i', 't', 'i', 'e', 's', 's', 'u', 'r', 'v', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "factbytefactbox.com", true */ 'f', 'a', 'c', 't', 'b', 'y', 't', 'e', 'f', 'a', 'c', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "factor.cc", false */ 'f', 'a', 'c', 't', 'o', 'r', '.', 'c', 'c', '\0',
+  /* "factorypartsdirect.com", true */ 'f', 'a', 'c', 't', 'o', 'r', 'y', 'p', 'a', 'r', 't', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "factuursturen.be", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "factuursturen.nl", true */ 'f', 'a', 'c', 't', 'u', 'u', 'r', 's', 't', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "factys.do", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'd', 'o', '\0',
+  /* "factys.es", true */ 'f', 'a', 'c', 't', 'y', 's', '.', 'e', 's', '\0',
+  /* "fadednet.com", false */ 'f', 'a', 'd', 'e', 'd', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "faderweb.de", true */ 'f', 'a', 'd', 'e', 'r', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "fads-center.online", true */ 'f', 'a', 'd', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "faehler.de", true */ 'f', 'a', 'e', 'h', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "faeriecakes.be", true */ 'f', 'a', 'e', 'r', 'i', 'e', 'c', 'a', 'k', 'e', 's', '.', 'b', 'e', '\0',
+  /* "fag.wtf", true */ 'f', 'a', 'g', '.', 'w', 't', 'f', '\0',
+  /* "fahrenwal.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "fahrenwalde.de", true */ 'f', 'a', 'h', 'r', 'e', 'n', 'w', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "fail.coach", true */ 'f', 'a', 'i', 'l', '.', 'c', 'o', 'a', 'c', 'h', '\0',
+  /* "failover.de", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "failover.eu", true */ 'f', 'a', 'i', 'l', 'o', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "fairbill.com", true */ 'f', 'a', 'i', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fairedeseconomies.info", true */ 'f', 'a', 'i', 'r', 'e', 'd', 'e', 's', 'e', 'c', 'o', 'n', 'o', 'm', 'i', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fairgolfteams.com", true */ 'f', 'a', 'i', 'r', 'g', 'o', 'l', 'f', 't', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fairplay.im", true */ 'f', 'a', 'i', 'r', 'p', 'l', 'a', 'y', '.', 'i', 'm', '\0',
+  /* "fairviewmotel-simcoe.com", true */ 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'e', 'l', '-', 's', 'i', 'm', 'c', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "faithgrowth.com", true */ 'f', 'a', 'i', 't', 'h', 'g', 'r', 'o', 'w', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "faithindemocracy.eu", true */ 'f', 'a', 'i', 't', 'h', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "faithmissionaries.com", true */ 'f', 'a', 'i', 't', 'h', 'm', 'i', 's', 's', 'i', 'o', 'n', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "faixaazul.com", true */ 'f', 'a', 'i', 'x', 'a', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "faizan.net", true */ 'f', 'a', 'i', 'z', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fakeapple.nl", true */ 'f', 'a', 'k', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "fakerli.com", true */ 'f', 'a', 'k', 'e', 'r', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fakti.bg", true */ 'f', 'a', 'k', 't', 'i', '.', 'b', 'g', '\0',
+  /* "fakturi.com", true */ 'f', 'a', 'k', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fakturoid.cz", true */ 'f', 'a', 'k', 't', 'u', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "falaowang.com", true */ 'f', 'a', 'l', 'a', 'o', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "falbros.com", true */ 'f', 'a', 'l', 'b', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "falcibiosystems.org", true */ 'f', 'a', 'l', 'c', 'i', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "falconvintners.com", true */ 'f', 'a', 'l', 'c', 'o', 'n', 'v', 'i', 'n', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "falcoz.co", true */ 'f', 'a', 'l', 'c', 'o', 'z', '.', 'c', 'o', '\0',
+  /* "faldoria.de", true */ 'f', 'a', 'l', 'd', 'o', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "fallenangeldrinks.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fallenangeldrinks.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fallenangelspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fallenangelspirits.com", true */ 'f', 'a', 'l', 'l', 'e', 'n', 'a', 'n', 'g', 'e', 'l', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fallenspirits.co.uk", true */ 'f', 'a', 'l', 'l', 'e', 'n', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "falsum.net", true */ 'f', 'a', 'l', 's', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "fam-kreibich.de", true */ 'f', 'a', 'm', '-', 'k', 'r', 'e', 'i', 'b', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "fam-stemmer.de", false */ 'f', 'a', 'm', '-', 's', 't', 'e', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "famcloud.de", true */ 'f', 'a', 'm', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "famdouma.nl", true */ 'f', 'a', 'm', 'd', 'o', 'u', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "fameng.nl", true */ 'f', 'a', 'm', 'e', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "familiaperez.net", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'a', 'p', 'e', 'r', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "familie-kupschke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "familie-leu.ch", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'l', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "familie-monka.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'm', 'o', 'n', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "familie-remke.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', '-', 'r', 'e', 'm', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "familiegrottendieck.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "familieholme.de", true */ 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'h', 'o', 'l', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "familjenfrodlund.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'f', 'r', 'o', 'd', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0',
+  /* "familjenm.se", true */ 'f', 'a', 'm', 'i', 'l', 'j', 'e', 'n', 'm', '.', 's', 'e', '\0',
+  /* "familletouret.fr", true */ 'f', 'a', 'm', 'i', 'l', 'l', 'e', 't', 'o', 'u', 'r', 'e', 't', '.', 'f', 'r', '\0',
+  /* "familylawhotline.org", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'l', 'a', 'w', 'h', 'o', 't', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "familyparties.co.uk", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "familyreal.ru", true */ 'f', 'a', 'm', 'i', 'l', 'y', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "familytreehq.com", true */ 'f', 'a', 'm', 'i', 'l', 'y', 't', 'r', 'e', 'e', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "famososnaweb.com", true */ 'f', 'a', 'm', 'o', 's', 'o', 's', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "famousbirthdays.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'b', 'i', 'r', 't', 'h', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "famoushostels.com", true */ 'f', 'a', 'm', 'o', 'u', 's', 'h', 'o', 's', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "famvangelder.nl", true */ 'f', 'a', 'm', 'v', 'a', 'n', 'g', 'e', 'l', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "famvsomeren.nl", true */ 'f', 'a', 'm', 'v', 's', 'o', 'm', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "fanboi.ch", true */ 'f', 'a', 'n', 'b', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "fander.it", true */ 'f', 'a', 'n', 'd', 'e', 'r', '.', 'i', 't', '\0',
+  /* "fandler.cz", true */ 'f', 'a', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "fandomservices.com", true */ 'f', 'a', 'n', 'd', 'o', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fanfareunion.ch", true */ 'f', 'a', 'n', 'f', 'a', 'r', 'e', 'u', 'n', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "fangs.ink", true */ 'f', 'a', 'n', 'g', 's', '.', 'i', 'n', 'k', '\0',
+  /* "fanjoe.be", true */ 'f', 'a', 'n', 'j', 'o', 'e', '.', 'b', 'e', '\0',
+  /* "fantasiapainter.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'i', 'a', 'p', 'a', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fantasticcleaners.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantastichandymanmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasticpestcontrolmelbourne.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 't', 'i', 'c', 'p', 'e', 's', 't', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasycastles.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fantasyescortsbirmingham.co.uk", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'e', 's', 'c', 'o', 'r', 't', 's', 'b', 'i', 'r', 'm', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fantasypartyhire.com.au", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fantasyspectrum.com", true */ 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'e', 'c', 't', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fantopia.club", true */ 'f', 'a', 'n', 't', 'o', 'p', 'i', 'a', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fanvoice.com", true */ 'f', 'a', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fanyue123.tk", true */ 'f', 'a', 'n', 'y', 'u', 'e', '1', '2', '3', '.', 't', 'k', '\0',
+  /* "fanz.pro", true */ 'f', 'a', 'n', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "fanzlive.com", true */ 'f', 'a', 'n', 'z', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fap.no", true */ 'f', 'a', 'p', '.', 'n', 'o', '\0',
+  /* "faq.ie", true */ 'f', 'a', 'q', '.', 'i', 'e', '\0',
+  /* "faq.lookout.com", false */ 'f', 'a', 'q', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fara.gov", true */ 'f', 'a', 'r', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "faraslot8.com", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'c', 'o', 'm', '\0',
+  /* "faraslot8.net", true */ 'f', 'a', 'r', 'a', 's', 'l', 'o', 't', '8', '.', 'n', 'e', 't', '\0',
+  /* "farcecrew.de", true */ 'f', 'a', 'r', 'c', 'e', 'c', 'r', 'e', 'w', '.', 'd', 'e', '\0',
+  /* "farfallapets.com.br", true */ 'f', 'a', 'r', 'f', 'a', 'l', 'l', 'a', 'p', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "farfetchos.com", true */ 'f', 'a', 'r', 'f', 'e', 't', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fargtorget.se", true */ 'f', 'a', 'r', 'g', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "farhadexchange.com", true */ 'f', 'a', 'r', 'h', 'a', 'd', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "farhood.org", true */ 'f', 'a', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "farid.is", true */ 'f', 'a', 'r', 'i', 'd', '.', 'i', 's', '\0',
+  /* "farkas.bz", true */ 'f', 'a', 'r', 'k', 'a', 's', '.', 'b', 'z', '\0',
+  /* "farmacia.pt", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', '.', 'p', 't', '\0',
+  /* "farmacialaboratorio.it", true */ 'f', 'a', 'r', 'm', 'a', 'c', 'i', 'a', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'o', 'r', 'i', 'o', '.', 'i', 't', '\0',
+  /* "farmer.dating", true */ 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "farmkazuto.com", true */ 'f', 'a', 'r', 'm', 'k', 'a', 'z', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "faroes.net", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "faroes.org", true */ 'f', 'a', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "farrel-f.id", true */ 'f', 'a', 'r', 'r', 'e', 'l', '-', 'f', '.', 'i', 'd', '\0',
+  /* "farsil.eu", true */ 'f', 'a', 'r', 's', 'i', 'l', '.', 'e', 'u', '\0',
+  /* "fascia.fit", true */ 'f', 'a', 's', 'c', 'i', 'a', '.', 'f', 'i', 't', '\0',
+  /* "fasdoutreach.ca", true */ 'f', 'a', 's', 'd', 'o', 'u', 't', 'r', 'e', 'a', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "fashion24.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "fashion4ever.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', '4', 'e', 'v', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "fashiondock.de", false */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'd', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "fashionunited.be", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "fashionunited.cl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'l', '\0',
+  /* "fashionunited.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fashionunited.com.ar", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "fashionunited.de", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "fashionunited.fi", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'f', 'i', '\0',
+  /* "fashionunited.hk", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'k', '\0',
+  /* "fashionunited.hu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'h', 'u', '\0',
+  /* "fashionunited.ie", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'i', 'e', '\0',
+  /* "fashionunited.lu", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'l', 'u', '\0',
+  /* "fashionunited.mx", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'm', 'x', '\0',
+  /* "fashionunited.nl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "fashionunited.no", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'o', '\0',
+  /* "fashionunited.nz", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'n', 'z', '\0',
+  /* "fashionunited.pl", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "fashionunited.se", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', 'd', '.', 's', 'e', '\0',
+  /* "fashionweekweb.com", true */ 'f', 'a', 's', 'h', 'i', 'o', 'n', 'w', 'e', 'e', 'k', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "faspirits.co.uk", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "faspirits.com", true */ 'f', 'a', 's', 'p', 'i', 'r', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fassadenverkleidung24.de", true */ 'f', 'a', 's', 's', 'a', 'd', 'e', 'n', 'v', 'e', 'r', 'k', 'l', 'e', 'i', 'd', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "fassi-sport.it", true */ 'f', 'a', 's', 's', 'i', '-', 's', 'p', 'o', 'r', 't', '.', 'i', 't', '\0',
+  /* "fastbackmbm.be", true */ 'f', 'a', 's', 't', 'b', 'a', 'c', 'k', 'm', 'b', 'm', '.', 'b', 'e', '\0',
+  /* "fastcommerce.org", true */ 'f', 'a', 's', 't', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fastconfirm.com", true */ 'f', 'a', 's', 't', 'c', 'o', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fastforwardthemes.com", true */ 'f', 'a', 's', 't', 'f', 'o', 'r', 'w', 'a', 'r', 'd', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fastmail.com", false */ 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fastonline.ro", true */ 'f', 'a', 's', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "fastpresence.com", true */ 'f', 'a', 's', 't', 'p', 'r', 'e', 's', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fastrevision.com", true */ 'f', 'a', 's', 't', 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fastwebsites.com.br", true */ 'f', 'a', 's', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "faszienrollen-info.de", false */ 'f', 'a', 's', 'z', 'i', 'e', 'n', 'r', 'o', 'l', 'l', 'e', 'n', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "fatedata.com", true */ 'f', 'a', 't', 'e', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fathers4equalrights.org", true */ 'f', 'a', 't', 'h', 'e', 'r', 's', '4', 'e', 'q', 'u', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fatidique.com", true */ 'f', 'a', 't', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fatimamoldes.com.br", true */ 'f', 'a', 't', 'i', 'm', 'a', 'm', 'o', 'l', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fatowltees.com", true */ 'f', 'a', 't', 'o', 'w', 'l', 't', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fatox.de", true */ 'f', 'a', 't', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "faucetbox.com", false */ 'f', 'a', 'u', 'c', 'e', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "faulty.equipment", true */ 'f', 'a', 'u', 'l', 't', 'y', '.', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '\0',
+  /* "fauvettes.be", true */ 'f', 'a', 'u', 'v', 'e', 't', 't', 'e', 's', '.', 'b', 'e', '\0',
+  /* "favorit.club", true */ 'f', 'a', 'v', 'o', 'r', 'i', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fawkex.me", true */ 'f', 'a', 'w', 'k', 'e', 'x', '.', 'm', 'e', '\0',
+  /* "fawong.com", true */ 'f', 'a', 'w', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "faxite.com", true */ 'f', 'a', 'x', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fb.me", true */ 'f', 'b', '.', 'm', 'e', '\0',
+  /* "fbcdn.net", true */ 'f', 'b', 'c', 'd', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fbcfairburn.com", true */ 'f', 'b', 'c', 'f', 'a', 'i', 'r', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fbcopy.com", true */ 'f', 'b', 'c', 'o', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fbi.pw", true */ 'f', 'b', 'i', '.', 'p', 'w', '\0',
+  /* "fbijobs.gov", true */ 'f', 'b', 'i', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fbsbx.com", true */ 'f', 'b', 's', 'b', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "fburl.com", true */ 'f', 'b', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fc.media", true */ 'f', 'c', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "fca-tools.com", true */ 'f', 'c', 'a', '-', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fcapartsdb.com", true */ 'f', 'c', 'a', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fcburk.de", true */ 'f', 'c', 'b', 'u', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "fcforum.net", true */ 'f', 'c', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "fcitasc.com", true */ 'f', 'c', 'i', 't', 'a', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fckd.net", true */ 'f', 'c', 'k', 'd', '.', 'n', 'e', 't', '\0',
+  /* "fcprovadia.com", true */ 'f', 'c', 'p', 'r', 'o', 'v', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fdevs.ch", true */ 'f', 'd', 'e', 'v', 's', '.', 'c', 'h', '\0',
+  /* "fdlibre.eu", true */ 'f', 'd', 'l', 'i', 'b', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "fdsys.gov", false */ 'f', 'd', 's', 'y', 's', '.', 'g', 'o', 'v', '\0',
+  /* "feac.us", true */ 'f', 'e', 'a', 'c', '.', 'u', 's', '\0',
+  /* "feaden.me", true */ 'f', 'e', 'a', 'd', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "fearghus.org", true */ 'f', 'e', 'a', 'r', 'g', 'h', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fearsomegaming.com", true */ 'f', 'e', 'a', 'r', 's', 'o', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "feastr-dev.de", true */ 'f', 'e', 'a', 's', 't', 'r', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "feastr.de", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'd', 'e', '\0',
+  /* "feastr.io", true */ 'f', 'e', 'a', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "featherweightlabs.com", true */ 'f', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'i', 'g', 'h', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "featuredmen.com", true */ 'f', 'e', 'a', 't', 'u', 'r', 'e', 'd', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fecik.sk", true */ 'f', 'e', 'c', 'i', 'k', '.', 's', 'k', '\0',
+  /* "federalinvestments.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'i', 'n', 'v', 'e', 's', 't', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'v', '\0',
+  /* "federaljobs.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "federalreserve.gov", true */ 'f', 'e', 'd', 'e', 'r', 'a', 'l', 'r', 'e', 's', 'e', 'r', 'v', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "federicomigliavacca.it", true */ 'f', 'e', 'd', 'e', 'r', 'i', 'c', 'o', 'm', 'i', 'g', 'l', 'i', 'a', 'v', 'a', 'c', 'c', 'a', '.', 'i', 't', '\0',
+  /* "fedinvest.gov", true */ 'f', 'e', 'd', 'i', 'n', 'v', 'e', 's', 't', '.', 'g', 'o', 'v', '\0',
+  /* "fedjobs.gov", true */ 'f', 'e', 'd', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fedorahosted.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'h', 'o', 's', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "fedoramagazine.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fedorapeople.org", true */ 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fedramp.gov", true */ 'f', 'e', 'd', 'r', 'a', 'm', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "fedrtc.org", true */ 'f', 'e', 'd', 'r', 't', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "fedux.com.ar", true */ 'f', 'e', 'd', 'u', 'x', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "feedbin.com", false */ 'f', 'e', 'e', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "feedhq.org", true */ 'f', 'e', 'e', 'd', 'h', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "feedkovacs.hu", true */ 'f', 'e', 'e', 'd', 'k', 'o', 'v', 'a', 'c', 's', '.', 'h', 'u', '\0',
+  /* "feedough.com", true */ 'f', 'e', 'e', 'd', 'o', 'u', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "feel.aero", true */ 'f', 'e', 'e', 'l', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "feelgood-workouts.de", true */ 'f', 'e', 'e', 'l', 'g', 'o', 'o', 'd', '-', 'w', 'o', 'r', 'k', 'o', 'u', 't', 's', '.', 'd', 'e', '\0',
+  /* "feeltennis.net", true */ 'f', 'e', 'e', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "feen.us", true */ 'f', 'e', 'e', 'n', '.', 'u', 's', '\0',
+  /* "fefelovalex.ru", true */ 'f', 'e', 'f', 'e', 'l', 'o', 'v', 'a', 'l', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "fehngarten.de", true */ 'f', 'e', 'h', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fehnladen.de", true */ 'f', 'e', 'h', 'n', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feigling.net", true */ 'f', 'e', 'i', 'g', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "feilen.de", true */ 'f', 'e', 'i', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feisbed.com", true */ 'f', 'e', 'i', 's', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "feisim.com", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "feisim.org", true */ 'f', 'e', 'i', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "feistyduck.com", true */ 'f', 'e', 'i', 's', 't', 'y', 'd', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "feitobrasilcosmeticos.com.br", true */ 'f', 'e', 'i', 't', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fejes.house", true */ 'f', 'e', 'j', 'e', 's', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "feld.design", true */ 'f', 'e', 'l', 'd', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "feld.saarland", true */ 'f', 'e', 'l', 'd', '.', 's', 'a', 'a', 'r', 'l', 'a', 'n', 'd', '\0',
+  /* "feldhousen.com", true */ 'f', 'e', 'l', 'd', 'h', 'o', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "felgitscher.xyz", true */ 'f', 'e', 'l', 'g', 'i', 't', 's', 'c', 'h', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "felicifia.org", true */ 'f', 'e', 'l', 'i', 'c', 'i', 'f', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "felistirnavia.sk", true */ 'f', 'e', 'l', 'i', 's', 't', 'i', 'r', 'n', 'a', 'v', 'i', 'a', '.', 's', 'k', '\0',
+  /* "felixbarta.de", true */ 'f', 'e', 'l', 'i', 'x', 'b', 'a', 'r', 't', 'a', '.', 'd', 'e', '\0',
+  /* "felixcrux.com", true */ 'f', 'e', 'l', 'i', 'x', 'c', 'r', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "felixhefner.de", true */ 'f', 'e', 'l', 'i', 'x', 'h', 'e', 'f', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "felixkauer.de", true */ 'f', 'e', 'l', 'i', 'x', 'k', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "felixqu.com", true */ 'f', 'e', 'l', 'i', 'x', 'q', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "felixsanz.com", true */ 'f', 'e', 'l', 'i', 'x', 's', 'a', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "felixseele.de", true */ 'f', 'e', 'l', 'i', 'x', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "felsing.net", true */ 'f', 'e', 'l', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "femanca.com", true */ 'f', 'e', 'm', 'a', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "femdombbw.com", true */ 'f', 'e', 'm', 'd', 'o', 'm', 'b', 'b', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "feminina.pt", true */ 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'p', 't', '\0',
+  /* "femradio.es", true */ 'f', 'e', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'e', 's', '\0',
+  /* "femtomind.com", true */ 'f', 'e', 'm', 't', 'o', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fence-stlouis.com", true */ 'f', 'e', 'n', 'c', 'e', '-', 's', 't', 'l', 'o', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "feng.si", true */ 'f', 'e', 'n', 'g', '.', 's', 'i', '\0',
+  /* "fengyi.tel", true */ 'f', 'e', 'n', 'g', 'y', 'i', '.', 't', 'e', 'l', '\0',
+  /* "fenster-bank.at", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'a', 't', '\0',
+  /* "fenster-bank.de", true */ 'f', 'e', 'n', 's', 't', 'e', 'r', '-', 'b', 'a', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "ferdies.co.za", true */ 'f', 'e', 'r', 'd', 'i', 'e', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "fergusoncastle.com", true */ 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ferien-netzwerk.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "ferienchalet-wallis.ch", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'c', 'h', 'a', 'l', 'e', 't', '-', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "ferienhaus-polchow-ruegen.de", false */ 'f', 'e', 'r', 'i', 'e', 'n', 'h', 'a', 'u', 's', '-', 'p', 'o', 'l', 'c', 'h', 'o', 'w', '-', 'r', 'u', 'e', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ferienwohnungen-lastminute.de", true */ 'f', 'e', 'r', 'i', 'e', 'n', 'w', 'o', 'h', 'n', 'u', 'n', 'g', 'e', 'n', '-', 'l', 'a', 's', 't', 'm', 'i', 'n', 'u', 't', 'e', '.', 'd', 'e', '\0',
+  /* "fermabel.com.br", true */ 'f', 'e', 'r', 'm', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fernandes.org", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fernandob.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fernandobarata.pt", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'a', 't', 'a', '.', 'p', 't', '\0',
+  /* "fernandobarillas.com", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'b', 'a', 'r', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fernandomiguel.net", true */ 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'o', 'm', 'i', 'g', 'u', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "ferret.zone", true */ 'f', 'e', 'r', 'r', 'e', 't', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "ferreteriaxerez.com", true */ 'f', 'e', 'r', 'r', 'e', 't', 'e', 'r', 'i', 'a', 'x', 'e', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ferrolatino.ch", true */ 'f', 'e', 'r', 'r', 'o', 'l', 'a', 't', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "ferticare.pt", true */ 'f', 'e', 'r', 't', 'i', 'c', 'a', 'r', 'e', '.', 'p', 't', '\0',
+  /* "fertila.de", true */ 'f', 'e', 'r', 't', 'i', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "festaprylar.se", true */ 'f', 'e', 's', 't', 'a', 'p', 'r', 'y', 'l', 'a', 'r', '.', 's', 'e', '\0',
+  /* "festival-tipps.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '-', 't', 'i', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "festival.house", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "festivaljapon.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'j', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "festivalxdentro.com", true */ 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', 'x', 'd', 'e', 'n', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fetlife.com", true */ 'f', 'e', 't', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fettlaus.de", true */ 'f', 'e', 't', 't', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "feudalisten.de", true */ 'f', 'e', 'u', 'd', 'a', 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "feuerwehr-dachaufsetzer.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'd', 'a', 'c', 'h', 'a', 'u', 'f', 's', 'e', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "feuerwehr-illmensee.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'i', 'l', 'l', 'm', 'e', 'n', 's', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "feuerwehr-oberkotzau.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '-', 'o', 'b', 'e', 'r', 'k', 'o', 't', 'z', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "feuerwerksmanufaktur.de", true */ 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'r', 'k', 's', 'm', 'a', 'n', 'u', 'f', 'a', 'k', 't', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "feuetgloire.com", true */ 'f', 'e', 'u', 'e', 't', 'g', 'l', 'o', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fewo-thueringer-wald.de", true */ 'f', 'e', 'w', 'o', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'r', '-', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "fexco.com", true */ 'f', 'e', 'x', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "feyermedia.de", true */ 'f', 'e', 'y', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "ff-bad-hoehenstadt.de", true */ 'f', 'f', '-', 'b', 'a', 'd', '-', 'h', 'o', 'e', 'h', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "ff-bg.xyz", true */ 'f', 'f', '-', 'b', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "ff-obersunzing-niedersunzing.de", true */ 'f', 'f', '-', 'o', 'b', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'u', 'n', 'z', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ff14-mstdn.xyz", true */ 'f', 'f', '1', '4', '-', 'm', 's', 't', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "ffbans.org", true */ 'f', 'f', 'b', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ffis.me", true */ 'f', 'f', 'i', 's', '.', 'm', 'e', '\0',
+  /* "ffkoenigsberg.de", true */ 'f', 'f', 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "ffl123.com", true */ 'f', 'f', 'l', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ffmradio.de", true */ 'f', 'f', 'm', 'r', 'a', 'd', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "ffprofile.com", true */ 'f', 'f', 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ffta.eu", true */ 'f', 'f', 't', 'a', '.', 'e', 'u', '\0',
+  /* "fgequipamentos.com.br", true */ 'f', 'g', 'e', 'q', 'u', 'i', 'p', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fhcdn.xyz", true */ 'f', 'h', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "fhconseil.fr", true */ 'f', 'h', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "fhdhelp.de", false */ 'f', 'h', 'd', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "fhdhilft.de", false */ 'f', 'h', 'd', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0',
+  /* "fhfaoig.gov", true */ 'f', 'h', 'f', 'a', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "fhg90.com", true */ 'f', 'h', 'g', '9', '0', '.', 'c', 'o', 'm', '\0',
+  /* "fhsseniormens.club", true */ 'f', 'h', 's', 's', 'e', 'n', 'i', 'o', 'r', 'm', 'e', 'n', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "fi-sanki.co.jp", true */ 'f', 'i', '-', 's', 'a', 'n', 'k', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "fi.google.com", true */ 'f', 'i', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fi.search.yahoo.com", false */ 'f', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fialat.cz", true */ 'f', 'i', 'a', 'l', 'a', 't', '.', 'c', 'z', '\0',
+  /* "fiam.me", true */ 'f', 'i', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "fiareapp.red", false */ 'f', 'i', 'a', 'r', 'e', 'a', 'p', 'p', '.', 'r', 'e', 'd', '\0',
+  /* "fibrasynormasdecolombia.com", true */ 'f', 'i', 'b', 'r', 'a', 's', 'y', 'n', 'o', 'r', 'm', 'a', 's', 'd', 'e', 'c', 'o', 'l', 'o', 'm', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fickweiler.nl", true */ 'f', 'i', 'c', 'k', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "ficlab.com", true */ 'f', 'i', 'c', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "ficus.io", true */ 'f', 'i', 'c', 'u', 's', '.', 'i', 'o', '\0',
+  /* "fid-elite.ch", true */ 'f', 'i', 'd', '-', 'e', 'l', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "fid.to", true */ 'f', 'i', 'd', '.', 't', 'o', '\0',
+  /* "fidanza.eu", true */ 'f', 'i', 'd', 'a', 'n', 'z', 'a', '.', 'e', 'u', '\0',
+  /* "fidel.uk", true */ 'f', 'i', 'd', 'e', 'l', '.', 'u', 'k', '\0',
+  /* "fidelapp.com", true */ 'f', 'i', 'd', 'e', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "fidelis-it.ch", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'c', 'h', '\0',
+  /* "fidelis-it.net", true */ 'f', 'i', 'd', 'e', 'l', 'i', 's', '-', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "fidhouriet.ch", true */ 'f', 'i', 'd', 'h', 'o', 'u', 'r', 'i', 'e', 't', '.', 'c', 'h', '\0',
+  /* "fiduciaire-ratio.ch", true */ 'f', 'i', 'd', 'u', 'c', 'i', 'a', 'i', 'r', 'e', '-', 'r', 'a', 't', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "fieldclockapp.com", true */ 'f', 'i', 'e', 'l', 'd', 'c', 'l', 'o', 'c', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "fieldtalk.co.uk", false */ 'f', 'i', 'e', 'l', 'd', 't', 'a', 'l', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fieldwork-paysage.com", true */ 'f', 'i', 'e', 'l', 'd', 'w', 'o', 'r', 'k', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fierlafijn.net", true */ 'f', 'i', 'e', 'r', 'l', 'a', 'f', 'i', 'j', 'n', '.', 'n', 'e', 't', '\0',
+  /* "fifichachnil.paris", true */ 'f', 'i', 'f', 'i', 'c', 'h', 'a', 'c', 'h', 'n', 'i', 'l', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "fiftynorth.eu", true */ 'f', 'i', 'f', 't', 'y', 'n', 'o', 'r', 't', 'h', '.', 'e', 'u', '\0',
+  /* "fiftyonetielt.be", true */ 'f', 'i', 'f', 't', 'y', 'o', 'n', 'e', 't', 'i', 'e', 'l', 't', '.', 'b', 'e', '\0',
+  /* "figan.cz", true */ 'f', 'i', 'g', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "fight215.com", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'c', 'o', 'm', '\0',
+  /* "fight215.org", true */ 'f', 'i', 'g', 'h', 't', '2', '1', '5', '.', 'o', 'r', 'g', '\0',
+  /* "figinstitute.org", true */ 'f', 'i', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "figshare.com", true */ 'f', 'i', 'g', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "figura.cz", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "figura.im", true */ 'f', 'i', 'g', 'u', 'r', 'a', '.', 'i', 'm', '\0',
+  /* "figurasdelinguagem.com.br", true */ 'f', 'i', 'g', 'u', 'r', 'a', 's', 'd', 'e', 'l', 'i', 'n', 'g', 'u', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fiilr.com", true */ 'f', 'i', 'i', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fiix.io", true */ 'f', 'i', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "fiken.no", true */ 'f', 'i', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "file-cloud.eu", true */ 'f', 'i', 'l', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'e', 'u', '\0',
+  /* "file-pdf.it", true */ 'f', 'i', 'l', 'e', '-', 'p', 'd', 'f', '.', 'i', 't', '\0',
+  /* "filebox.space", true */ 'f', 'i', 'l', 'e', 'b', 'o', 'x', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "filecopa.com", true */ 'f', 'i', 'l', 'e', 'c', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filedir.com", false */ 'f', 'i', 'l', 'e', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "filesense.com", true */ 'f', 'i', 'l', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "filestar.io", true */ 'f', 'i', 'l', 'e', 's', 't', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "filewall.de", true */ 'f', 'i', 'l', 'e', 'w', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "filhin.es", true */ 'f', 'i', 'l', 'h', 'i', 'n', '.', 'e', 's', '\0',
+  /* "filhodohomem.com", true */ 'f', 'i', 'l', 'h', 'o', 'd', 'o', 'h', 'o', 'm', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "filhomes.ph", true */ 'f', 'i', 'l', 'h', 'o', 'm', 'e', 's', '.', 'p', 'h', '\0',
+  /* "fili.org", true */ 'f', 'i', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "filingsmadeeasy.com", true */ 'f', 'i', 'l', 'i', 'n', 'g', 's', 'm', 'a', 'd', 'e', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "filip-prochazka.com", true */ 'f', 'i', 'l', 'i', 'p', '-', 'p', 'r', 'o', 'c', 'h', 'a', 'z', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filippo.io", true */ 'f', 'i', 'l', 'i', 'p', 'p', 'o', '.', 'i', 'o', '\0',
+  /* "filipsebesta.com", true */ 'f', 'i', 'l', 'i', 'p', 's', 'e', 'b', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "filleritemsindia.com", true */ 'f', 'i', 'l', 'l', 'e', 'r', 'i', 't', 'e', 'm', 's', 'i', 'n', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fillitupchallenge.eu", true */ 'f', 'i', 'l', 'l', 'i', 't', 'u', 'p', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "fillmysuitca.se", true */ 'f', 'i', 'l', 'l', 'm', 'y', 's', 'u', 'i', 't', 'c', 'a', '.', 's', 'e', '\0',
+  /* "fillo.sk", true */ 'f', 'i', 'l', 'l', 'o', '.', 's', 'k', '\0',
+  /* "film-tutorial.com", true */ 'f', 'i', 'l', 'm', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "film.photography", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "film.photos", true */ 'f', 'i', 'l', 'm', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "filmatiporno.xxx", true */ 'f', 'i', 'l', 'm', 'a', 't', 'i', 'p', 'o', 'r', 'n', 'o', '.', 'x', 'x', 'x', '\0',
+  /* "filme-online.eu.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "filme-onlines.com", true */ 'f', 'i', 'l', 'm', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "filmreviewonline.com", true */ 'f', 'i', 'l', 'm', 'r', 'e', 'v', 'i', 'e', 'w', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "filmserver.de", true */ 'f', 'i', 'l', 'm', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "filoo.de", true */ 'f', 'i', 'l', 'o', 'o', '.', 'd', 'e', '\0',
+  /* "filterflasche-kaufen.de", true */ 'f', 'i', 'l', 't', 'e', 'r', 'f', 'l', 'a', 's', 'c', 'h', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "filterlists.com", true */ 'f', 'i', 'l', 't', 'e', 'r', 'l', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "finalx.nl", false */ 'f', 'i', 'n', 'a', 'l', 'x', '.', 'n', 'l', '\0',
+  /* "financejobs.ch", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "financier.io", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "financniexperti.sk", true */ 'f', 'i', 'n', 'a', 'n', 'c', 'n', 'i', 'e', 'x', 'p', 'e', 'r', 't', 'i', '.', 's', 'k', '\0',
+  /* "finch.am", true */ 'f', 'i', 'n', 'c', 'h', '.', 'a', 'm', '\0',
+  /* "find-job-in.com", true */ 'f', 'i', 'n', 'd', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "find-mba.com", true */ 'f', 'i', 'n', 'd', '-', 'm', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "findhoustonseniorcare.com", true */ 'f', 'i', 'n', 'd', 'h', 'o', 'u', 's', 't', 'o', 'n', 's', 'e', 'n', 'i', 'o', 'r', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "findingkorea.com", true */ 'f', 'i', 'n', 'd', 'i', 'n', 'g', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "finditez.com", true */ 'f', 'i', 'n', 'd', 'i', 't', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "findthatnude.com", true */ 'f', 'i', 'n', 'd', 't', 'h', 'a', 't', 'n', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "findthere.net", true */ 'f', 'i', 'n', 'd', 't', 'h', 'e', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "findyour.diet", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', '.', 'd', 'i', 'e', 't', '\0',
+  /* "findyourvoice.ca", true */ 'f', 'i', 'n', 'd', 'y', 'o', 'u', 'r', 'v', 'o', 'i', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "fine-services.paris", true */ 'f', 'i', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "finelovedolls.com", true */ 'f', 'i', 'n', 'e', 'l', 'o', 'v', 'e', 'd', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "finenet.com.tw", true */ 'f', 'i', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "finer04.pw", true */ 'f', 'i', 'n', 'e', 'r', '0', '4', '.', 'p', 'w', '\0',
+  /* "finewineonline.com", true */ 'f', 'i', 'n', 'e', 'w', 'i', 'n', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "finfev.de", true */ 'f', 'i', 'n', 'f', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "finflix.net", true */ 'f', 'i', 'n', 'f', 'l', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "finform.ch", true */ 'f', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "fini-de-jouer.ch", true */ 'f', 'i', 'n', 'i', '-', 'd', 'e', '-', 'j', 'o', 'u', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "finisron.in", true */ 'f', 'i', 'n', 'i', 's', 'r', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "finkelstein.fr", true */ 'f', 'i', 'n', 'k', 'e', 'l', 's', 't', 'e', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "finkenberger.org", false */ 'f', 'i', 'n', 'k', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "finn.io", true */ 'f', 'i', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "finnclass.cz", true */ 'f', 'i', 'n', 'n', 'c', 'l', 'a', 's', 's', '.', 'c', 'z', '\0',
+  /* "finneas.net", true */ 'f', 'i', 'n', 'n', 'e', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "finsprings.org", true */ 'f', 'i', 'n', 's', 'p', 'r', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "fintandunleavy.com", true */ 'f', 'i', 'n', 't', 'a', 'n', 'd', 'u', 'n', 'l', 'e', 'a', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "finvantage.com", true */ 'f', 'i', 'n', 'v', 'a', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fionamcbride.com", true */ 'f', 'i', 'o', 'n', 'a', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fiork.com", true */ 'f', 'i', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fioulmarket.fr", true */ 'f', 'i', 'o', 'u', 'l', 'm', 'a', 'r', 'k', 'e', 't', '.', 'f', 'r', '\0',
+  /* "fire-wolf.com", true */ 'f', 'i', 'r', 'e', '-', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "fireandelectrical.co.uk", true */ 'f', 'i', 'r', 'e', 'a', 'n', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firebaseio.com", true */ 'f', 'i', 'r', 'e', 'b', 'a', 's', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "firebirdrangecookers.com", true */ 'f', 'i', 'r', 'e', 'b', 'i', 'r', 'd', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "firebounty.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fireboxfood.com", true */ 'f', 'i', 'r', 'e', 'b', 'o', 'x', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "firebugmusic.com", true */ 'f', 'i', 'r', 'e', 'b', 'u', 'g', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "firecore.com", true */ 'f', 'i', 'r', 'e', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firecry.org", true */ 'f', 'i', 'r', 'e', 'c', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "firefart.at", true */ 'f', 'i', 'r', 'e', 'f', 'a', 'r', 't', '.', 'a', 't', '\0',
+  /* "firefighters.dating", true */ 'f', 'i', 'r', 'e', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "firegoby.jp", true */ 'f', 'i', 'r', 'e', 'g', 'o', 'b', 'y', '.', 'j', 'p', '\0',
+  /* "firehost.com", true */ 'f', 'i', 'r', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fireportal.cz", true */ 'f', 'i', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "firesofheaven.org", true */ 'f', 'i', 'r', 'e', 's', 'o', 'f', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "firetotheprisons.org", true */ 'f', 'i', 'r', 'e', 't', 'o', 't', 'h', 'e', 'p', 'r', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "firevap.org", true */ 'f', 'i', 'r', 'e', 'v', 'a', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "firewallconsultants.com", true */ 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fireworksshowvr.com", true */ 'f', 'i', 'r', 'e', 'w', 'o', 'r', 'k', 's', 's', 'h', 'o', 'w', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "firma-cerny.cz", true */ 'f', 'i', 'r', 'm', 'a', '-', 'c', 'e', 'r', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "firma-offshore.com", true */ 'f', 'i', 'r', 'm', 'a', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firmale.com", true */ 'f', 'i', 'r', 'm', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "firmapi.com", true */ 'f', 'i', 'r', 'm', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "first-house.no", true */ 'f', 'i', 'r', 's', 't', '-', 'h', 'o', 'u', 's', 'e', '.', 'n', 'o', '\0',
+  /* "first-time-offender.com", true */ 'f', 'i', 'r', 's', 't', '-', 't', 'i', 'm', 'e', '-', 'o', 'f', 'f', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "first.org", true */ 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "first4it.com", true */ 'f', 'i', 'r', 's', 't', '4', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "firstchoicebouncycastlehire.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firstchoicecandy.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'c', 'a', 'n', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "firstchoicepool.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'h', 'o', 'i', 'c', 'e', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "firstclasscastles.com", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "firstclassleisure.co.uk", true */ 'f', 'i', 'r', 's', 't', 'c', 'l', 'a', 's', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "firstderm.com", true */ 'f', 'i', 'r', 's', 't', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "firstfinca.de", true */ 'f', 'i', 'r', 's', 't', 'f', 'i', 'n', 'c', 'a', '.', 'd', 'e', '\0',
+  /* "firstmall.de", true */ 'f', 'i', 'r', 's', 't', 'm', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "firstq.xyz", true */ 'f', 'i', 'r', 's', 't', 'q', '.', 'x', 'y', 'z', '\0',
+  /* "fischer-its.com", false */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fischer-kundendienst.de", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', '-', 'k', 'u', 'n', 'd', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "fischers.cc", true */ 'f', 'i', 's', 'c', 'h', 'e', 'r', 's', '.', 'c', 'c', '\0',
+  /* "fiscoeconti.it", true */ 'f', 'i', 's', 'c', 'o', 'e', 'c', 'o', 'n', 't', 'i', '.', 'i', 't', '\0',
+  /* "fish-hook.ru", true */ 'f', 'i', 's', 'h', '-', 'h', 'o', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "fish2.me", true */ 'f', 'i', 's', 'h', '2', '.', 'm', 'e', '\0',
+  /* "fishbattle.io", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "fishbattle.net", true */ 'f', 'i', 's', 'h', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fishermailbox.net", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "fishermansbend.apartments", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "fishermansbendcorporation.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fishermansbendtownhouses.com.au", true */ 'f', 'i', 's', 'h', 'e', 'r', 'm', 'a', 'n', 's', 'b', 'e', 'n', 'd', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fishserver.net", true */ 'f', 'i', 's', 'h', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fishtacos.blog", true */ 'f', 'i', 's', 'h', 't', 'a', 'c', 'o', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "fistu.la", true */ 'f', 'i', 's', 't', 'u', '.', 'l', 'a', '\0',
+  /* "fit-4u.ch", true */ 'f', 'i', 't', '-', '4', 'u', '.', 'c', 'h', '\0',
+  /* "fit365.jp", true */ 'f', 'i', 't', '3', '6', '5', '.', 'j', 'p', '\0',
+  /* "fitchannel.com", true */ 'f', 'i', 't', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fitkram.cz", true */ 'f', 'i', 't', 'k', 'r', 'a', 'm', '.', 'c', 'z', '\0',
+  /* "fitness-challenge.co.uk", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '-', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fitness.gov", true */ 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'g', 'o', 'v', '\0',
+  /* "fitseven.ru", true */ 'f', 'i', 't', 's', 'e', 'v', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "fittelo.cz", true */ 'f', 'i', 't', 't', 'e', 'l', 'o', '.', 'c', 'z', '\0',
+  /* "fitzsim.org", true */ 'f', 'i', 't', 'z', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "fiuxy.bz", true */ 'f', 'i', 'u', 'x', 'y', '.', 'b', 'z', '\0',
+  /* "fiuxy.co", true */ 'f', 'i', 'u', 'x', 'y', '.', 'c', 'o', '\0',
+  /* "fiws.net", true */ 'f', 'i', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "fixate.ru", true */ 'f', 'i', 'x', 'a', 't', 'e', '.', 'r', 'u', '\0',
+  /* "fixatom.com", true */ 'f', 'i', 'x', 'a', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "fixeaide.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixeaider.com", true */ 'f', 'i', 'x', 'e', 'a', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fixel.express", true */ 'f', 'i', 'x', 'e', 'l', '.', 'e', 'x', 'p', 'r', 'e', 's', 's', '\0',
+  /* "fixforce.nl", true */ 'f', 'i', 'x', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "fixhotsauce.com", true */ 'f', 'i', 'x', 'h', 'o', 't', 's', 'a', 'u', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixmyalarmpanel.co.uk", true */ 'f', 'i', 'x', 'm', 'y', 'a', 'l', 'a', 'r', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fixmycomputerdude.com", true */ 'f', 'i', 'x', 'm', 'y', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'd', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fixvoltage.ru", true */ 'f', 'i', 'x', 'v', 'o', 'l', 't', 'a', 'g', 'e', '.', 'r', 'u', '\0',
+  /* "fizz.buzz", false */ 'f', 'i', 'z', 'z', '.', 'b', 'u', 'z', 'z', '\0',
+  /* "fj.search.yahoo.com", false */ 'f', 'j', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fj.simple.com", false */ 'f', 'j', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fjharcu.com", true */ 'f', 'j', 'h', 'a', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "fjugstad.com", true */ 'f', 'j', 'u', 'g', 's', 't', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fkcdn.de", true */ 'f', 'k', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "fkfev.de", true */ 'f', 'k', 'f', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "fktpm.ru", true */ 'f', 'k', 't', 'p', 'm', '.', 'r', 'u', '\0',
+  /* "flaemig42.de", true */ 'f', 'l', 'a', 'e', 'm', 'i', 'g', '4', '2', '.', 'd', 'e', '\0',
+  /* "flagburningworld.com", true */ 'f', 'l', 'a', 'g', 'b', 'u', 'r', 'n', 'i', 'n', 'g', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flagfic.com", true */ 'f', 'l', 'a', 'g', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "flagshop.jp", true */ 'f', 'l', 'a', 'g', 's', 'h', 'o', 'p', '.', 'j', 'p', '\0',
+  /* "flagspot.net", false */ 'f', 'l', 'a', 'g', 's', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "flair.co", true */ 'f', 'l', 'a', 'i', 'r', '.', 'c', 'o', '\0',
+  /* "flam.io", true */ 'f', 'l', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "flamer-scene.com", false */ 'f', 'l', 'a', 'm', 'e', 'r', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "flamingcow.tv", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'c', 'o', 'w', '.', 't', 'v', '\0',
+  /* "flamingkeys.com", true */ 'f', 'l', 'a', 'm', 'i', 'n', 'g', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flamme-von-anor.de", true */ 'f', 'l', 'a', 'm', 'm', 'e', '-', 'v', 'o', 'n', '-', 'a', 'n', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "flana.com", true */ 'f', 'l', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "flanga.io", true */ 'f', 'l', 'a', 'n', 'g', 'a', '.', 'i', 'o', '\0',
+  /* "flapoverspeed.com", true */ 'f', 'l', 'a', 'p', 'o', 'v', 'e', 'r', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flaretechnologies.io", true */ 'f', 'l', 'a', 'r', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "flashback.org", true */ 'f', 'l', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "flashgot.net", true */ 'f', 'l', 'a', 's', 'h', 'g', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "flat.io", true */ 'f', 'l', 'a', 't', '.', 'i', 'o', '\0',
+  /* "flatmatehub.com.au", true */ 'f', 'l', 'a', 't', 'm', 'a', 't', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "flatpackmates.co.uk", true */ 'f', 'l', 'a', 't', 'p', 'a', 'c', 'k', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "flauschig.net", true */ 'f', 'l', 'a', 'u', 's', 'c', 'h', 'i', 'g', '.', 'n', 'e', 't', '\0',
+  /* "flavr.be", true */ 'f', 'l', 'a', 'v', 'r', '.', 'b', 'e', '\0',
+  /* "flawlesscowboy.xyz", true */ 'f', 'l', 'a', 'w', 'l', 'e', 's', 's', 'c', 'o', 'w', 'b', 'o', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "fleamarketgoods.com", true */ 'f', 'l', 'e', 'a', 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fleep.io", true */ 'f', 'l', 'e', 'e', 'p', '.', 'i', 'o', '\0',
+  /* "fleetssl.com", true */ 'f', 'l', 'e', 'e', 't', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "flehm.de", true */ 'f', 'l', 'e', 'h', 'm', '.', 'd', 'e', '\0',
+  /* "fleisch.club", true */ 'f', 'l', 'e', 'i', 's', 'c', 'h', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "flemingtonaudiparts.com", true */ 'f', 'l', 'e', 'm', 'i', 'n', 'g', 't', 'o', 'n', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fletchto99.com", true */ 'f', 'l', 'e', 't', 'c', 'h', 't', 'o', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "flets-ms.com", true */ 'f', 'l', 'e', 't', 's', '-', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fleurette.me", true */ 'f', 'l', 'e', 'u', 'r', 'e', 't', 't', 'e', '.', 'm', 'e', '\0',
+  /* "fleursdesoleil.fr", true */ 'f', 'l', 'e', 'u', 'r', 's', 'd', 'e', 's', 'o', 'l', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "flexapplications.se", true */ 'f', 'l', 'e', 'x', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 's', 'e', '\0',
+  /* "flexdrukker.nl", true */ 'f', 'l', 'e', 'x', 'd', 'r', 'u', 'k', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "fleximus.org", false */ 'f', 'l', 'e', 'x', 'i', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "flexinvesting.fi", true */ 'f', 'l', 'e', 'x', 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "flexport.com", true */ 'f', 'l', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "flexstart.me", true */ 'f', 'l', 'e', 'x', 's', 't', 'a', 'r', 't', '.', 'm', 'e', '\0',
+  /* "flextrack.dk", true */ 'f', 'l', 'e', 'x', 't', 'r', 'a', 'c', 'k', '.', 'd', 'k', '\0',
+  /* "fliacuello.com.ar", true */ 'f', 'l', 'i', 'a', 'c', 'u', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "flightdeckfriend.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'd', 'e', 'c', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flightmedx.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 'm', 'e', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "flightschoolbooking.com", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "flightschoolcandidates.gov", true */ 'f', 'l', 'i', 'g', 'h', 't', 's', 'c', 'h', 'o', 'o', 'l', 'c', 'a', 'n', 'd', 'i', 'd', 'a', 't', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "flightzero.cf", true */ 'f', 'l', 'i', 'g', 'h', 't', 'z', 'e', 'r', 'o', '.', 'c', 'f', '\0',
+  /* "fliino.com", true */ 'f', 'l', 'i', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "flikmsg.co", true */ 'f', 'l', 'i', 'k', 'm', 's', 'g', '.', 'c', 'o', '\0',
+  /* "flinch.io", true */ 'f', 'l', 'i', 'n', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "fling.dating", true */ 'f', 'l', 'i', 'n', 'g', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "flipagram.com", false */ 'f', 'l', 'i', 'p', 'a', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "flipneus.net", true */ 'f', 'l', 'i', 'p', 'n', 'e', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "fliptable.org", true */ 'f', 'l', 'i', 'p', 't', 'a', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "flirt-norden.de", true */ 'f', 'l', 'i', 'r', 't', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "flirtfaces.de", true */ 'f', 'l', 'i', 'r', 't', 'f', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "floaternet.com", true */ 'f', 'l', 'o', 'a', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "flocktofedora.org", true */ 'f', 'l', 'o', 'c', 'k', 't', 'o', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "floffi.media", true */ 'f', 'l', 'o', 'f', 'f', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "flokinet.is", true */ 'f', 'l', 'o', 'k', 'i', 'n', 'e', 't', '.', 'i', 's', '\0',
+  /* "floobits.com", true */ 'f', 'l', 'o', 'o', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flood.io", true */ 'f', 'l', 'o', 'o', 'd', '.', 'i', 'o', '\0',
+  /* "flooringnightmares.com", true */ 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "floort.net", false */ 'f', 'l', 'o', 'o', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "flopix.net", false */ 'f', 'l', 'o', 'p', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "flopy.club", true */ 'f', 'l', 'o', 'p', 'y', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "florence.uk.net", true */ 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'u', 'k', '.', 'n', 'e', 't', '\0',
+  /* "florent-tatard.fr", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', '-', 't', 'a', 't', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "florentynadawn.co.uk", true */ 'f', 'l', 'o', 'r', 'e', 'n', 't', 'y', 'n', 'a', 'd', 'a', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "florian-bachelet.fr", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'c', 'h', 'e', 'l', 'e', 't', '.', 'f', 'r', '\0',
+  /* "florian-schlachter.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "florian-thie.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', '-', 't', 'h', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "floriankarmen.com", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'a', 'r', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "floriankeller.de", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "florianmitrea.uk", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 'm', 'i', 't', 'r', 'e', 'a', '.', 'u', 'k', '\0',
+  /* "florianschmitt.ca", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'a', '\0',
+  /* "floriantanner.ch", true */ 'f', 'l', 'o', 'r', 'i', 'a', 'n', 't', 'a', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "florida-prep.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', '-', 'p', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "floridaderi.ru", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'r', 'i', '.', 'r', 'u', '\0',
+  /* "floridafieros.org", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'f', 'i', 'e', 'r', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "floridahomesinvest.com", true */ 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'h', 'o', 'm', 'e', 's', 'i', 'n', 'v', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "florinapp.com", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "florinlungu.it", true */ 'f', 'l', 'o', 'r', 'i', 'n', 'l', 'u', 'n', 'g', 'u', '.', 'i', 't', '\0',
+  /* "florismoo.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'o', '.', 'n', 'l', '\0',
+  /* "florismouwen.com", false */ 'f', 'l', 'o', 'r', 'i', 's', 'm', 'o', 'u', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "florispoort.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'p', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "florisvdk.net", true */ 'f', 'l', 'o', 'r', 'i', 's', 'v', 'd', 'k', '.', 'n', 'e', 't', '\0',
+  /* "floriswesterman.nl", true */ 'f', 'l', 'o', 'r', 'i', 's', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "flosch.at", false */ 'f', 'l', 'o', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "floseed.fr", true */ 'f', 'l', 'o', 's', 'e', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "floskelwolke.de", true */ 'f', 'l', 'o', 's', 'k', 'e', 'l', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "floth.at", true */ 'f', 'l', 'o', 't', 'h', '.', 'a', 't', '\0',
+  /* "flowcom.de", true */ 'f', 'l', 'o', 'w', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "flowerandplant.org", true */ 'f', 'l', 'o', 'w', 'e', 'r', 'a', 'n', 'd', 'p', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "flowersbylegacy.com", true */ 'f', 'l', 'o', 'w', 'e', 'r', 's', 'b', 'y', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "flowreader.com", true */ 'f', 'l', 'o', 'w', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "flox.io", true */ 'f', 'l', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "floydm.com", true */ 'f', 'l', 'o', 'y', 'd', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "flra.gov", true */ 'f', 'l', 'r', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "flucky.xyz", true */ 'f', 'l', 'u', 'c', 'k', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "flucto.com", true */ 'f', 'l', 'u', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "flue-ducting.co.uk", true */ 'f', 'l', 'u', 'e', '-', 'd', 'u', 'c', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fluffycloud.de", true */ 'f', 'l', 'u', 'f', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "fluidmeterusa.com", true */ 'f', 'l', 'u', 'i', 'd', 'm', 'e', 't', 'e', 'r', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "flumble.nl", true */ 'f', 'l', 'u', 'm', 'b', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "flunschi.goip.de", true */ 'f', 'l', 'u', 'n', 's', 'c', 'h', 'i', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "fluoxetine.net", true */ 'f', 'l', 'u', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fluteandpianoteaching.co.uk", true */ 'f', 'l', 'u', 't', 'e', 'a', 'n', 'd', 'p', 'i', 'a', 'n', 'o', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "flux.by", true */ 'f', 'l', 'u', 'x', '.', 'b', 'y', '\0',
+  /* "fluxent.de", false */ 'f', 'l', 'u', 'x', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "fluxfingers.net", true */ 'f', 'l', 'u', 'x', 'f', 'i', 'n', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "fluxforge.com", true */ 'f', 'l', 'u', 'x', 'f', 'o', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fluxoid.com", true */ 'f', 'l', 'u', 'x', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "flw365365.com", true */ 'f', 'l', 'w', '3', '6', '5', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "flyawayantennas.com", true */ 'f', 'l', 'y', 'a', 'w', 'a', 'y', 'a', 'n', 't', 'e', 'n', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flyboyfpv.com", true */ 'f', 'l', 'y', 'b', 'o', 'y', 'f', 'p', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "flybunnyfly.dk", true */ 'f', 'l', 'y', 'b', 'u', 'n', 'n', 'y', 'f', 'l', 'y', '.', 'd', 'k', '\0',
+  /* "flygon.pink", true */ 'f', 'l', 'y', 'g', 'o', 'n', '.', 'p', 'i', 'n', 'k', '\0',
+  /* "flyinglocksmiths.com", false */ 'f', 'l', 'y', 'i', 'n', 'g', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', 's', '.', 'c', 'o', 'm', '\0',
+  /* "flyingpackets.net", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'p', 'a', 'c', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "flyingrub.me", true */ 'f', 'l', 'y', 'i', 'n', 'g', 'r', 'u', 'b', '.', 'm', 'e', '\0',
+  /* "flymns.fr", true */ 'f', 'l', 'y', 'm', 'n', 's', '.', 'f', 'r', '\0',
+  /* "flynn.io", true */ 'f', 'l', 'y', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "flyp.me", true */ 'f', 'l', 'y', 'p', '.', 'm', 'e', '\0',
+  /* "flyserver.co.il", true */ 'f', 'l', 'y', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "flyspace.ga", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'g', 'a', '\0',
+  /* "flyspace.ml", true */ 'f', 'l', 'y', 's', 'p', 'a', 'c', 'e', '.', 'm', 'l', '\0',
+  /* "flyss.net", true */ 'f', 'l', 'y', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "flyssh.net", true */ 'f', 'l', 'y', 's', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "flyt.online", true */ 'f', 'l', 'y', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "flytoadventures.com", true */ 'f', 'l', 'y', 't', 'o', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fm-cdn.de", true */ 'f', 'm', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "fm.ie", true */ 'f', 'm', '.', 'i', 'e', '\0',
+  /* "fmapplication.com", true */ 'f', 'm', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fmarchal.fr", true */ 'f', 'm', 'a', 'r', 'c', 'h', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "fmdance.cl", true */ 'f', 'm', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'l', '\0',
+  /* "fmi.gov", true */ 'f', 'm', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "fminsight.net", true */ 'f', 'm', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "fmodoux.biz", true */ 'f', 'm', 'o', 'd', 'o', 'u', 'x', '.', 'b', 'i', 'z', '\0',
+  /* "fmovies.fyi", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'f', 'y', 'i', '\0',
+  /* "fmovies.life", true */ 'f', 'm', 'o', 'v', 'i', 'e', 's', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "fnb-griffinonline.com", true */ 'f', 'n', 'b', '-', 'g', 'r', 'i', 'f', 'f', 'i', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fndout.com", true */ 'f', 'n', 'd', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "fniephaus.com", false */ 'f', 'n', 'i', 'e', 'p', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fnof.ch", true */ 'f', 'n', 'o', 'f', '.', 'c', 'h', '\0',
+  /* "fnordserver.eu", true */ 'f', 'n', 'o', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "fnzc.co.nz", true */ 'f', 'n', 'z', 'c', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "foairbus.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', '.', 'f', 'r', '\0',
+  /* "foairbussas.fr", true */ 'f', 'o', 'a', 'i', 'r', 'b', 'u', 's', 's', 'a', 's', '.', 'f', 'r', '\0',
+  /* "focanamoda.com.br", true */ 'f', 'o', 'c', 'a', 'n', 'a', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "focusmark.jp", false */ 'f', 'o', 'c', 'u', 's', 'm', 'a', 'r', 'k', '.', 'j', 'p', '\0',
+  /* "focusministries1.org", true */ 'f', 'o', 'c', 'u', 's', 'm', 'i', 'n', 'i', 's', 't', 'r', 'i', 'e', 's', '1', '.', 'o', 'r', 'g', '\0',
+  /* "foej-aktiv.de", true */ 'f', 'o', 'e', 'j', '-', 'a', 'k', 't', 'i', 'v', '.', 'd', 'e', '\0',
+  /* "foej.net", true */ 'f', 'o', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "foerster-kunststoff.de", true */ 'f', 'o', 'e', 'r', 's', 't', 'e', 'r', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "fognini-depablo.eu", true */ 'f', 'o', 'g', 'n', 'i', 'n', 'i', '-', 'd', 'e', 'p', 'a', 'b', 'l', 'o', '.', 'e', 'u', '\0',
+  /* "foia.gov", true */ 'f', 'o', 'i', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "fojing.com", true */ 'f', 'o', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fokan.be", true */ 'f', 'o', 'k', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "fokkusu.fi", true */ 'f', 'o', 'k', 'k', 'u', 's', 'u', '.', 'f', 'i', '\0',
+  /* "fol.tf", true */ 'f', 'o', 'l', '.', 't', 'f', '\0',
+  /* "foliekonsulenten.dk", true */ 'f', 'o', 'l', 'i', 'e', 'k', 'o', 'n', 's', 'u', 'l', 'e', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "foljeton.dk", true */ 'f', 'o', 'l', 'j', 'e', 't', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "folkadelic.de", true */ 'f', 'o', 'l', 'k', 'a', 'd', 'e', 'l', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "folkfests.org", true */ 'f', 'o', 'l', 'k', 'f', 'e', 's', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "follandviolins.com", true */ 'f', 'o', 'l', 'l', 'a', 'n', 'd', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "followerrocket.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 'r', 'o', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "followersya.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', 's', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "followthatpage.com", true */ 'f', 'o', 'l', 'l', 'o', 'w', 't', 'h', 'a', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "folv.es", true */ 'f', 'o', 'l', 'v', '.', 'e', 's', '\0',
+  /* "fondanastasia.ru", true */ 'f', 'o', 'n', 'd', 'a', 'n', 'a', 's', 't', 'a', 's', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "fondationwiggli.ch", true */ 'f', 'o', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'w', 'i', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "fondy.eu", true */ 'f', 'o', 'n', 'd', 'y', '.', 'e', 'u', '\0',
+  /* "fondy.ru", true */ 'f', 'o', 'n', 'd', 'y', '.', 'r', 'u', '\0',
+  /* "fondy.ua", true */ 'f', 'o', 'n', 'd', 'y', '.', 'u', 'a', '\0',
+  /* "foneo.com", true */ 'f', 'o', 'n', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fonga.ch", true */ 'f', 'o', 'n', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "fonolo.com", true */ 'f', 'o', 'n', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fonseguin.ca", true */ 'f', 'o', 'n', 's', 'e', 'g', 'u', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "font-converter.net", true */ 'f', 'o', 'n', 't', '-', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fontawesome.com", true */ 'f', 'o', 'n', 't', 'a', 'w', 'e', 's', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fonte-trading.com", true */ 'f', 'o', 'n', 't', 'e', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fontein.de", true */ 'f', 'o', 'n', 't', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "fontlibrary.org", true */ 'f', 'o', 'n', 't', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "foo.fo", true */ 'f', 'o', 'o', '.', 'f', 'o', '\0',
+  /* "foo.hamburg", true */ 'f', 'o', 'o', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "foodacademy.capetown", true */ 'f', 'o', 'o', 'd', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'a', 'p', 'e', 't', 'o', 'w', 'n', '\0',
+  /* "foodattitude.ch", true */ 'f', 'o', 'o', 'd', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "foodblogger.club", true */ 'f', 'o', 'o', 'd', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "foodev.de", true */ 'f', 'o', 'o', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "foodsafety.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "foodsafetyjobs.gov", true */ 'f', 'o', 'o', 'd', 's', 'a', 'f', 'e', 't', 'y', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "foodserve.in", true */ 'f', 'o', 'o', 'd', 's', 'e', 'r', 'v', 'e', '.', 'i', 'n', '\0',
+  /* "foodsouvenirs.it", true */ 'f', 'o', 'o', 'd', 's', 'o', 'u', 'v', 'e', 'n', 'i', 'r', 's', '.', 'i', 't', '\0',
+  /* "foodwise.marketing", true */ 'f', 'o', 'o', 'd', 'w', 'i', 's', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0',
+  /* "foolip.org", true */ 'f', 'o', 'o', 'l', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "foolwealth.com", true */ 'f', 'o', 'o', 'l', 'w', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "foorack.com", true */ 'f', 'o', 'o', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fooster.io", true */ 'f', 'o', 'o', 's', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "foot.fr", true */ 'f', 'o', 'o', 't', '.', 'f', 'r', '\0',
+  /* "footballforum.de", true */ 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "for.care", true */ 'f', 'o', 'r', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "foray-jero.me", true */ 'f', 'o', 'r', 'a', 'y', '-', 'j', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "forbiddenhistory.info", true */ 'f', 'o', 'r', 'b', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "forbusiness.ca", true */ 'f', 'o', 'r', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "forces.army", true */ 'f', 'o', 'r', 'c', 'e', 's', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "forcewave.com", true */ 'f', 'o', 'r', 'c', 'e', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ford-shop.by", true */ 'f', 'o', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'b', 'y', '\0',
+  /* "foreachcode.com", true */ 'f', 'o', 'r', 'e', 'a', 'c', 'h', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "foreclosureattorneyhouston.com", true */ 'f', 'o', 'r', 'e', 'c', 'l', 'o', 's', 'u', 'r', 'e', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 'h', 'o', 'u', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "foregroundweb.com", true */ 'f', 'o', 'r', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "forellenpark.com", true */ 'f', 'o', 'r', 'e', 'l', 'l', 'e', 'n', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "forento.be", true */ 'f', 'o', 'r', 'e', 'n', 't', 'o', '.', 'b', 'e', '\0',
+  /* "forestraven.net", true */ 'f', 'o', 'r', 'e', 's', 't', 'r', 'a', 'v', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "foreverssl.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "foreversummertime.com", true */ 'f', 'o', 'r', 'e', 'v', 'e', 'r', 's', 'u', 'm', 'm', 'e', 'r', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forex.ee", true */ 'f', 'o', 'r', 'e', 'x', '.', 'e', 'e', '\0',
+  /* "forexchef.de", true */ 'f', 'o', 'r', 'e', 'x', 'c', 'h', 'e', 'f', '.', 'd', 'e', '\0',
+  /* "forexee.com", true */ 'f', 'o', 'r', 'e', 'x', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forextimes.ru", false */ 'f', 'o', 'r', 'e', 'x', 't', 'i', 'm', 'e', 's', '.', 'r', 'u', '\0',
+  /* "forge-goerger.eu", true */ 'f', 'o', 'r', 'g', 'e', '-', 'g', 'o', 'e', 'r', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "forglemmigej.net", true */ 'f', 'o', 'r', 'g', 'l', 'e', 'm', 'm', 'i', 'g', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "forgotten-legends.org", true */ 'f', 'o', 'r', 'g', 'o', 't', 't', 'e', 'n', '-', 'l', 'e', 'g', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "formadmin.com", true */ 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "formaliteo.com", true */ 'f', 'o', 'r', 'm', 'a', 'l', 'i', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "forman.store", true */ 'f', 'o', 'r', 'm', 'a', 'n', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "formapi.io", true */ 'f', 'o', 'r', 'm', 'a', 'p', 'i', '.', 'i', 'o', '\0',
+  /* "format-paysage.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "formation-assureur.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'u', 'r', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formation-mac.ch", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '-', 'm', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "formationseeker.com", true */ 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', 'e', 'e', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formbetter.com", true */ 'f', 'o', 'r', 'm', 'b', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "formini.dz", true */ 'f', 'o', 'r', 'm', 'i', 'n', 'i', '.', 'd', 'z', '\0',
+  /* "formkiq.com", true */ 'f', 'o', 'r', 'm', 'k', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "formula-ot.ru", true */ 'f', 'o', 'r', 'm', 'u', 'l', 'a', '-', 'o', 't', '.', 'r', 'u', '\0',
+  /* "fornoreason.net.au", true */ 'f', 'o', 'r', 'n', 'o', 'r', 'e', 'a', 's', 'o', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "foro.io", false */ 'f', 'o', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "forodeespanol.com", true */ 'f', 'o', 'r', 'o', 'd', 'e', 'e', 's', 'p', 'a', 'n', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "forologikidilosi.com.gr", true */ 'f', 'o', 'r', 'o', 'l', 'o', 'g', 'i', 'k', 'i', 'd', 'i', 'l', 'o', 's', 'i', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "forourselves.com", true */ 'f', 'o', 'r', 'o', 'u', 'r', 's', 'e', 'l', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "forrestheller.com", true */ 'f', 'o', 'r', 'r', 'e', 's', 't', 'h', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "forro.info", true */ 'f', 'o', 'r', 'r', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "forsakringsarkivet.se", true */ 'f', 'o', 'r', 's', 'a', 'k', 'r', 'i', 'n', 'g', 's', 'a', 'r', 'k', 'i', 'v', 'e', 't', '.', 's', 'e', '\0',
+  /* "forsec.nl", true */ 'f', 'o', 'r', 's', 'e', 'c', '.', 'n', 'l', '\0',
+  /* "forstbetrieb-hennecke.de", true */ 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '-', 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "forstprodukte.de", true */ 'f', 'o', 'r', 's', 't', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "forteggz.nl", true */ 'f', 'o', 'r', 't', 'e', 'g', 'g', 'z', '.', 'n', 'l', '\0',
+  /* "fortesanshop.it", true */ 'f', 'o', 'r', 't', 'e', 's', 'a', 'n', 's', 'h', 'o', 'p', '.', 'i', 't', '\0',
+  /* "fortnine.ca", true */ 'f', 'o', 'r', 't', 'n', 'i', 'n', 'e', '.', 'c', 'a', '\0',
+  /* "fortran.io", true */ 'f', 'o', 'r', 't', 'r', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "fortress.no", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 'n', 'o', '\0',
+  /* "fortress.sk", true */ 'f', 'o', 'r', 't', 'r', 'e', 's', 's', '.', 's', 'k', '\0',
+  /* "fortricks.in", true */ 'f', 'o', 'r', 't', 'r', 'i', 'c', 'k', 's', '.', 'i', 'n', '\0',
+  /* "fortuna-s.com", true */ 'f', 'o', 'r', 't', 'u', 'n', 'a', '-', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fortworth.ch", true */ 'f', 'o', 'r', 't', 'w', 'o', 'r', 't', 'h', '.', 'c', 'h', '\0',
+  /* "forty-two.nl", true */ 'f', 'o', 'r', 't', 'y', '-', 't', 'w', 'o', '.', 'n', 'l', '\0',
+  /* "forty8creates.com", true */ 'f', 'o', 'r', 't', 'y', '8', 'c', 'r', 'e', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fortytwo.cloud", true */ 'f', 'o', 'r', 't', 'y', 't', 'w', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "forum-bonn.de", true */ 'f', 'o', 'r', 'u', 'm', '-', 'b', 'o', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "forum-kinozal-tv.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "forum-kinozal.appspot.com", true */ 'f', 'o', 'r', 'u', 'm', '-', 'k', 'i', 'n', 'o', 'z', 'a', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "forum.linode.com", false */ 'f', 'o', 'r', 'u', 'm', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "forum3.ru", true */ 'f', 'o', 'r', 'u', 'm', '3', '.', 'r', 'u', '\0',
+  /* "forumvoordemocratie.nl", true */ 'f', 'o', 'r', 'u', 'm', 'v', 'o', 'o', 'r', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "forvisualdesign.com", true */ 'f', 'o', 'r', 'v', 'i', 's', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "forward-fly-fishing.ch", true */ 'f', 'o', 'r', 'w', 'a', 'r', 'd', '-', 'f', 'l', 'y', '-', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "foryouandyourcustomers.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'a', 'n', 'd', 'y', 'o', 'u', 'r', 'c', 'u', 's', 't', 'o', 'm', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "foryoucosmeticos.com.br", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "foryourhealthybody.com", true */ 'f', 'o', 'r', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'b', 'o', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "foscamcanada.com", true */ 'f', 'o', 's', 'c', 'a', 'm', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fosdem.org", true */ 'f', 'o', 's', 'd', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "fossgruppen.se", true */ 'f', 'o', 's', 's', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "fossilfreeyale.org", true */ 'f', 'o', 's', 's', 'i', 'l', 'f', 'r', 'e', 'e', 'y', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "fotella.com", true */ 'f', 'o', 't', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fotikpro.ru", true */ 'f', 'o', 't', 'i', 'k', 'p', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "foto-janvanaefst.nl", true */ 'f', 'o', 't', 'o', '-', 'j', 'a', 'n', 'v', 'a', 'n', 'a', 'e', 'f', 's', 't', '.', 'n', 'l', '\0',
+  /* "foto-leitner.com", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "foto-leitner.de", true */ 'f', 'o', 't', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "foto-robitsch.at", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'b', 'i', 't', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "foto-roma.ru", true */ 'f', 'o', 't', 'o', '-', 'r', 'o', 'm', 'a', '.', 'r', 'u', '\0',
+  /* "foto.by", true */ 'f', 'o', 't', 'o', '.', 'b', 'y', '\0',
+  /* "fotoallerlei.com", true */ 'f', 'o', 't', 'o', 'a', 'l', 'l', 'e', 'r', 'l', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fotografiadellalucerossa.com", true */ 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'a', 'd', 'e', 'l', 'l', 'a', 'l', 'u', 'c', 'e', 'r', 'o', 's', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fotohome.dk", true */ 'f', 'o', 't', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'k', '\0',
+  /* "fotoleitner.com", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotoleitner.de", true */ 'f', 'o', 't', 'o', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fotostravestisbr.com", true */ 'f', 'o', 't', 'o', 's', 't', 'r', 'a', 'v', 'e', 's', 't', 'i', 's', 'b', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotostudio-leitner.com", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fotostudio-leitner.de", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fotostudio-schweiz.ch", true */ 'f', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '-', 's', 'c', 'h', 'w', 'e', 'i', 'z', '.', 'c', 'h', '\0',
+  /* "fotowettbewerb.co", true */ 'f', 'o', 't', 'o', 'w', 'e', 't', 't', 'b', 'e', 'w', 'e', 'r', 'b', '.', 'c', 'o', '\0',
+  /* "fotowolfy.com", true */ 'f', 'o', 't', 'o', 'w', 'o', 'l', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fougner.co", true */ 'f', 'o', 'u', 'g', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "found.website", true */ 'f', 'o', 'u', 'n', 'd', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "foundsounds.me", true */ 'f', 'o', 'u', 'n', 'd', 's', 'o', 'u', 'n', 'd', 's', '.', 'm', 'e', '\0',
+  /* "fourdesignstudio.com", true */ 'f', 'o', 'u', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fowlervwparts.com", true */ 'f', 'o', 'w', 'l', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "foxbnc.co.uk", true */ 'f', 'o', 'x', 'b', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "foxdev.co", true */ 'f', 'o', 'x', 'd', 'e', 'v', '.', 'c', 'o', '\0',
+  /* "foxes.no", true */ 'f', 'o', 'x', 'e', 's', '.', 'n', 'o', '\0',
+  /* "foxhound.com.br", true */ 'f', 'o', 'x', 'h', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "foxing.club", true */ 'f', 'o', 'x', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "foxmay.co.uk", true */ 'f', 'o', 'x', 'm', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "foxontheinter.net", true */ 'f', 'o', 'x', 'o', 'n', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "foxphotography.ch", true */ 'f', 'o', 'x', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "foxquill.com", true */ 'f', 'o', 'x', 'q', 'u', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "foxterrier.com.br", true */ 'f', 'o', 'x', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fpc.gov", true */ 'f', 'p', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "fpersona.com", true */ 'f', 'p', 'e', 'r', 's', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fpki.sh", true */ 'f', 'p', 'k', 'i', '.', 's', 'h', '\0',
+  /* "fptravelling.com", true */ 'f', 'p', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fpy.cz", true */ 'f', 'p', 'y', '.', 'c', 'z', '\0',
+  /* "fr.search.yahoo.com", false */ 'f', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "fr0zenbits.io", true */ 'f', 'r', '0', 'z', 'e', 'n', 'b', 'i', 't', 's', '.', 'i', 'o', '\0',
+  /* "fr33tux.org", true */ 'f', 'r', '3', '3', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "frack.nl", true */ 'f', 'r', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "fraesentest.de", true */ 'f', 'r', 'a', 'e', 's', 'e', 'n', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "fragmentspuren.de", true */ 'f', 'r', 'a', 'g', 'm', 'e', 'n', 't', 's', 'p', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "fragstore.net", true */ 'f', 'r', 'a', 'g', 's', 't', 'o', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "fraho.eu", true */ 'f', 'r', 'a', 'h', 'o', '.', 'e', 'u', '\0',
+  /* "framapiaf.org", true */ 'f', 'r', 'a', 'm', 'a', 'p', 'i', 'a', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "framedpaws.com", true */ 'f', 'r', 'a', 'm', 'e', 'd', 'p', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fran.cr", true */ 'f', 'r', 'a', 'n', '.', 'c', 'r', '\0',
+  /* "francesca-and-lucas.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'a', '-', 'a', 'n', 'd', '-', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "francescopalazzo.com", true */ 'f', 'r', 'a', 'n', 'c', 'e', 's', 'c', 'o', 'p', 'a', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "franchini.email", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "franchini.engineer", true */ 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '\0',
+  /* "francisli.net", true */ 'f', 'r', 'a', 'n', 'c', 'i', 's', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "franckgirard.net", true */ 'f', 'r', 'a', 'n', 'c', 'k', 'g', 'i', 'r', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "francois-occasions.be", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "francoiscarrier.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'c', 'a', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "francoislepage.com", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'i', 's', 'l', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "francoz.me", true */ 'f', 'r', 'a', 'n', 'c', 'o', 'z', '.', 'm', 'e', '\0',
+  /* "frandor.co.uk", true */ 'f', 'r', 'a', 'n', 'd', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "frank.fyi", true */ 'f', 'r', 'a', 'n', 'k', '.', 'f', 'y', 'i', '\0',
+  /* "franke-chemie.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', '-', 'c', 'h', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "franken-lehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', '-', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "frankenlehrmittel.de", true */ 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'l', 'e', 'h', 'r', 'm', 'i', 't', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "frankhaala.com", true */ 'f', 'r', 'a', 'n', 'k', 'h', 'a', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frankl.in", true */ 'f', 'r', 'a', 'n', 'k', 'l', '.', 'i', 'n', '\0',
+  /* "franklinhua.com", true */ 'f', 'r', 'a', 'n', 'k', 'l', 'i', 'n', 'h', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frankmorrow.com", true */ 'f', 'r', 'a', 'n', 'k', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "franksiler.com", true */ 'f', 'r', 'a', 'n', 'k', 's', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "frankwei.xyz", true */ 'f', 'r', 'a', 'n', 'k', 'w', 'e', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "frankyan.com", true */ 'f', 'r', 'a', 'n', 'k', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frantic1048.com", true */ 'f', 'r', 'a', 'n', 't', 'i', 'c', '1', '0', '4', '8', '.', 'c', 'o', 'm', '\0',
+  /* "frantorregrosa.me", true */ 'f', 'r', 'a', 'n', 't', 'o', 'r', 'r', 'e', 'g', 'r', 'o', 's', 'a', '.', 'm', 'e', '\0',
+  /* "frappant.cc", false */ 'f', 'r', 'a', 'p', 'p', 'a', 'n', 't', '.', 'c', 'c', '\0',
+  /* "fraselab.ru", true */ 'f', 'r', 'a', 's', 'e', 'l', 'a', 'b', '.', 'r', 'u', '\0',
+  /* "frasesaniversarios.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "frasesdodia.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'd', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frasesparaface.com.br", true */ 'f', 'r', 'a', 's', 'e', 's', 'p', 'a', 'r', 'a', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "frasesytarjetas.com", true */ 'f', 'r', 'a', 's', 'e', 's', 'y', 't', 'a', 'r', 'j', 'e', 't', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "frasys.cloud", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "frasys.net", true */ 'f', 'r', 'a', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "frattaroli.org", true */ 'f', 'r', 'a', 't', 't', 'a', 'r', 'o', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "frau-inge.de", true */ 'f', 'r', 'a', 'u', '-', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "frau-sucht-bauer.de", true */ 'f', 'r', 'a', 'u', '-', 's', 'u', 'c', 'h', 't', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fraudmarc.com", true */ 'f', 'r', 'a', 'u', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frauenarzt-zinke.de", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'a', 'r', 'z', 't', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "frauenlob.rocks", true */ 'f', 'r', 'a', 'u', 'e', 'n', 'l', 'o', 'b', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "fraurichter.net", true */ 'f', 'r', 'a', 'u', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "fraye.net", true */ 'f', 'r', 'a', 'y', 'e', '.', 'n', 'e', 't', '\0',
+  /* "frbracch.it", true */ 'f', 'r', 'b', 'r', 'a', 'c', 'c', 'h', '.', 'i', 't', '\0',
+  /* "frdl.ch", true */ 'f', 'r', 'd', 'l', '.', 'c', 'h', '\0',
+  /* "freaksites.dk", true */ 'f', 'r', 'e', 'a', 'k', 's', 'i', 't', 'e', 's', '.', 'd', 'k', '\0',
+  /* "frebi.org", true */ 'f', 'r', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "freddysfuncastles.co.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 's', 'f', 'u', 'n', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "freddythechick.uk", true */ 'f', 'r', 'e', 'd', 'd', 'y', 't', 'h', 'e', 'c', 'h', 'i', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "frederik-braun.com", true */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', '-', 'b', 'r', 'a', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frederikschoell.de", false */ 'f', 'r', 'e', 'd', 'e', 'r', 'i', 'k', 's', 'c', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "fredloya.com", true */ 'f', 'r', 'e', 'd', 'l', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fredriksslekt.se", true */ 'f', 'r', 'e', 'd', 'r', 'i', 'k', 's', 's', 'l', 'e', 'k', 't', '.', 's', 'e', '\0',
+  /* "fredvoyage.fr", true */ 'f', 'r', 'e', 'd', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "free-your-pc.com", true */ 'f', 'r', 'e', 'e', '-', 'y', 'o', 'u', 'r', '-', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "free.com.tw", true */ 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "free8.xyz", true */ 'f', 'r', 'e', 'e', '8', '.', 'x', 'y', 'z', '\0',
+  /* "freeasinlliure.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 'i', 'n', 'l', 'l', 'i', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "freeassangenow.org", true */ 'f', 'r', 'e', 'e', 'a', 's', 's', 'a', 'n', 'g', 'e', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "freeasyshop.com", true */ 'f', 'r', 'e', 'e', 'a', 's', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "freebarrettbrown.org", true */ 'f', 'r', 'e', 'e', 'b', 'a', 'r', 'r', 'e', 't', 't', 'b', 'r', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "freeben666.fr", true */ 'f', 'r', 'e', 'e', 'b', 'e', 'n', '6', '6', '6', '.', 'f', 'r', '\0',
+  /* "freebetoffers.co.uk", true */ 'f', 'r', 'e', 'e', 'b', 'e', 't', 'o', 'f', 'f', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "freeblog.me", true */ 'f', 'r', 'e', 'e', 'b', 'l', 'o', 'g', '.', 'm', 'e', '\0',
+  /* "freebookmakerbets.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 'b', 'e', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "freebookmakersbetsandbonuses.com.au", true */ 'f', 'r', 'e', 'e', 'b', 'o', 'o', 'k', 'm', 'a', 'k', 'e', 'r', 's', 'b', 'e', 't', 's', 'a', 'n', 'd', 'b', 'o', 'n', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "freebus.org", true */ 'f', 'r', 'e', 'e', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "freecam2cam.site", true */ 'f', 'r', 'e', 'e', 'c', 'a', 'm', '2', 'c', 'a', 'm', '.', 's', 'i', 't', 'e', '\0',
+  /* "freecloud.at", true */ 'f', 'r', 'e', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "freedev.cz", true */ 'f', 'r', 'e', 'e', 'd', 'e', 'v', '.', 'c', 'z', '\0',
+  /* "freedom.press", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'p', 'r', 'e', 's', 's', '\0',
+  /* "freedomflotilla.org", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'l', 'o', 't', 'i', 'l', 'l', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "freedomfrontier.tk", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 't', 'k', '\0',
+  /* "freedomkiaparts.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freedomonline.bg", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'b', 'g', '\0',
+  /* "freedomrealtyoftexas.com", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'r', 'e', 'a', 'l', 't', 'y', 'o', 'f', 't', 'e', 'x', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freedomvote.nl", true */ 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'v', 'o', 't', 'e', '.', 'n', 'l', '\0',
+  /* "freeexampapers.com", true */ 'f', 'r', 'e', 'e', 'e', 'x', 'a', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freeflightstoitaly.ngo", true */ 'f', 'r', 'e', 'e', 'f', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'i', 't', 'a', 'l', 'y', '.', 'n', 'g', 'o', '\0',
+  /* "freeform4u.de", true */ 'f', 'r', 'e', 'e', 'f', 'o', 'r', 'm', '4', 'u', '.', 'd', 'e', '\0',
+  /* "freegame-mugen.jp", true */ 'f', 'r', 'e', 'e', 'g', 'a', 'm', 'e', '-', 'm', 'u', 'g', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "freegutters.com", true */ 'f', 'r', 'e', 'e', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freeinoutboard.com", true */ 'f', 'r', 'e', 'e', 'i', 'n', 'o', 'u', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "freejasongoudlock.org", true */ 'f', 'r', 'e', 'e', 'j', 'a', 's', 'o', 'n', 'g', 'o', 'u', 'd', 'l', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "freejeremy.net", true */ 'f', 'r', 'e', 'e', 'j', 'e', 'r', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "freela.ch", true */ 'f', 'r', 'e', 'e', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "freelance.boutique", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '\0',
+  /* "freelance.guide", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'g', 'u', 'i', 'd', 'e', '\0',
+  /* "freelance.nl", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "freelancehunt.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "freelanceshipping.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 's', 'h', 'i', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "freelandinnovation.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'd', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "freelauri.com", true */ 'f', 'r', 'e', 'e', 'l', 'a', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "freelifer.jp", true */ 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "freemanning.de", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "freemans.com", true */ 'f', 'r', 'e', 'e', 'm', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freemedforms.com", true */ 'f', 'r', 'e', 'e', 'm', 'e', 'd', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "freemyipod.org", true */ 'f', 'r', 'e', 'e', 'm', 'y', 'i', 'p', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "freend.me", false */ 'f', 'r', 'e', 'e', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "freenetproject.org", true */ 'f', 'r', 'e', 'e', 'n', 'e', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "freeonplate.com", true */ 'f', 'r', 'e', 'e', 'o', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "freergform.org", true */ 'f', 'r', 'e', 'e', 'r', 'g', 'f', 'o', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "freeshell.de", true */ 'f', 'r', 'e', 'e', 's', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "freesitemapgenerator.com", true */ 'f', 'r', 'e', 'e', 's', 'i', 't', 'e', 'm', 'a', 'p', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "freeslots.guru", true */ 'f', 'r', 'e', 'e', 's', 'l', 'o', 't', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "freesms-online.de", true */ 'f', 'r', 'e', 'e', 's', 'm', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "freesnowden.is", true */ 'f', 'r', 'e', 'e', 's', 'n', 'o', 'w', 'd', 'e', 'n', '.', 'i', 's', '\0',
+  /* "freesolitaire.win", true */ 'f', 'r', 'e', 'e', 's', 'o', 'l', 'i', 't', 'a', 'i', 'r', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "freesounding.com", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "freesounding.ru", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'n', 'd', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "freesourcestl.org", true */ 'f', 'r', 'e', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', 't', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "freespace.info", true */ 'f', 'r', 'e', 'e', 's', 'p', 'a', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "freethetv.ie", true */ 'f', 'r', 'e', 'e', 't', 'h', 'e', 't', 'v', '.', 'i', 'e', '\0',
+  /* "freetsa.org", true */ 'f', 'r', 'e', 'e', 't', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "freevps.us", true */ 'f', 'r', 'e', 'e', 'v', 'p', 's', '.', 'u', 's', '\0',
+  /* "freeweibo.com", true */ 'f', 'r', 'e', 'e', 'w', 'e', 'i', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "freeyourmusic.com", true */ 'f', 'r', 'e', 'e', 'y', 'o', 'u', 'r', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "freezion.com", true */ 'f', 'r', 'e', 'e', 'z', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "freifahrt.de", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'h', 'r', 't', '.', 'd', 'e', '\0',
+  /* "freifamily.ch", true */ 'f', 'r', 'e', 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "freifunk-burgaltendorf.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'b', 'u', 'r', 'g', 'a', 'l', 't', 'e', 'n', 'd', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "freifunk-essen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'e', 's', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-in-solingen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'i', 'n', '-', 's', 'o', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-lindlar.net", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'i', 'n', 'd', 'l', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "freifunk-luenen.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'l', 'u', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freifunk-nrw.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0',
+  /* "freifunk-remscheid.de", true */ 'f', 'r', 'e', 'i', 'f', 'u', 'n', 'k', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "freimeldungen.de", true */ 'f', 'r', 'e', 'i', 'm', 'e', 'l', 'd', 'u', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "freims.cc", true */ 'f', 'r', 'e', 'i', 'm', 's', '.', 'c', 'c', '\0',
+  /* "freiwurst.net", true */ 'f', 'r', 'e', 'i', 'w', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "freizeitplaza.de", true */ 'f', 'r', 'e', 'i', 'z', 'e', 'i', 't', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "frenchcreekcog.org", true */ 'f', 'r', 'e', 'n', 'c', 'h', 'c', 'r', 'e', 'e', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "frenzel.dk", true */ 'f', 'r', 'e', 'n', 'z', 'e', 'l', '.', 'd', 'k', '\0',
+  /* "frequencebanane.ch", true */ 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'e', 'b', 'a', 'n', 'a', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "fresh-hotel.org", true */ 'f', 'r', 'e', 's', 'h', '-', 'h', 'o', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "fresh-networks.net", true */ 'f', 'r', 'e', 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "fresh.co.il", true */ 'f', 'r', 'e', 's', 'h', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "freshdesigns.de", true */ 'f', 'r', 'e', 's', 'h', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'd', 'e', '\0',
+  /* "freshdns.nl", true */ 'f', 'r', 'e', 's', 'h', 'd', 'n', 's', '.', 'n', 'l', '\0',
+  /* "freshempire.gov", true */ 'f', 'r', 'e', 's', 'h', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "freshmaza.com", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "freshmaza.net", true */ 'f', 'r', 'e', 's', 'h', 'm', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "fretscha.com", true */ 'f', 'r', 'e', 't', 's', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "frettboard.com", true */ 'f', 'r', 'e', 't', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fretworksec.com", true */ 'f', 'r', 'e', 't', 'w', 'o', 'r', 'k', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fribourgviking.net", true */ 'f', 'r', 'i', 'b', 'o', 'u', 'r', 'g', 'v', 'i', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "frickelboxx.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'b', 'o', 'x', 'x', '.', 'd', 'e', '\0',
+  /* "frickelmeister.de", true */ 'f', 'r', 'i', 'c', 'k', 'e', 'l', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "fridayfoucoud.ma", true */ 'f', 'r', 'i', 'd', 'a', 'y', 'f', 'o', 'u', 'c', 'o', 'u', 'd', '.', 'm', 'a', '\0',
+  /* "friederes.lu", true */ 'f', 'r', 'i', 'e', 'd', 'e', 'r', 'e', 's', '.', 'l', 'u', '\0',
+  /* "friedrich-foto-art.de", true */ 'f', 'r', 'i', 'e', 'd', 'r', 'i', 'c', 'h', '-', 'f', 'o', 't', 'o', '-', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "friedsamphotography.com", true */ 'f', 'r', 'i', 'e', 'd', 's', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "friendlysiberia.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 'l', 'y', 's', 'i', 'b', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "friends-of-naz.com", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '-', 'o', 'f', '-', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "friends24.cz", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', '2', '4', '.', 'c', 'z', '\0',
+  /* "friendship-quotes.co.uk", true */ 'f', 'r', 'i', 'e', 'n', 'd', 's', 'h', 'i', 'p', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "friet.org", true */ 'f', 'r', 'i', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "friezy.ru", true */ 'f', 'r', 'i', 'e', 'z', 'y', '.', 'r', 'u', '\0',
+  /* "frigi.ch", true */ 'f', 'r', 'i', 'g', 'i', '.', 'c', 'h', '\0',
+  /* "frigolit.net", true */ 'f', 'r', 'i', 'g', 'o', 'l', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "friller.com.au", true */ 'f', 'r', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "frillip.com", true */ 'f', 'r', 'i', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "frinkiac.com", true */ 'f', 'r', 'i', 'n', 'k', 'i', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frino.de", true */ 'f', 'r', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "frippz.se", true */ 'f', 'r', 'i', 'p', 'p', 'z', '.', 's', 'e', '\0',
+  /* "fritteli.ch", true */ 'f', 'r', 'i', 't', 't', 'e', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "fritzrepair.com", true */ 'f', 'r', 'i', 't', 'z', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "frizo.com", true */ 'f', 'r', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "frly.de", true */ 'f', 'r', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "frob.nl", true */ 'f', 'r', 'o', 'b', '.', 'n', 'l', '\0',
+  /* "froehlich.it", true */ 'f', 'r', 'o', 'e', 'h', 'l', 'i', 'c', 'h', '.', 'i', 't', '\0',
+  /* "frogatto.com", true */ 'f', 'r', 'o', 'g', 'a', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "frogeye.fr", true */ 'f', 'r', 'o', 'g', 'e', 'y', 'e', '.', 'f', 'r', '\0',
+  /* "froggitt.com", true */ 'f', 'r', 'o', 'g', 'g', 'i', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "frogsonamission.de", true */ 'f', 'r', 'o', 'g', 's', 'o', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "froh.co.jp", true */ 'f', 'r', 'o', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "frokenblomma.se", true */ 'f', 'r', 'o', 'k', 'e', 'n', 'b', 'l', 'o', 'm', 'm', 'a', '.', 's', 'e', '\0',
+  /* "frolova.org", true */ 'f', 'r', 'o', 'l', 'o', 'v', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "fromix.de", true */ 'f', 'r', 'o', 'm', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "fromscratch.rocks", true */ 'f', 'r', 'o', 'm', 's', 'c', 'r', 'a', 't', 'c', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "fronteers.nl", false */ 'f', 'r', 'o', 'n', 't', 'e', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "frontline.cloud", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "frontline6.com", true */ 'f', 'r', 'o', 'n', 't', 'l', 'i', 'n', 'e', '6', '.', 'c', 'o', 'm', '\0',
+  /* "fropky.com", true */ 'f', 'r', 'o', 'p', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "frostbytes.net", true */ 'f', 'r', 'o', 's', 't', 'b', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "frostwarning.com", true */ 'f', 'r', 'o', 's', 't', 'w', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "frothy.coffee", true */ 'f', 'r', 'o', 't', 'h', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "froufe.com", true */ 'f', 'r', 'o', 'u', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "frozen-geek.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 'g', 'e', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "frozen-solid.net", true */ 'f', 'r', 'o', 'z', 'e', 'n', '-', 's', 'o', 'l', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "frtn.com", true */ 'f', 'r', 't', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "frtr.gov", true */ 'f', 'r', 't', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "frtrains.com", true */ 'f', 'r', 't', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fruchthof24.de", true */ 'f', 'r', 'u', 'c', 'h', 't', 'h', 'o', 'f', '2', '4', '.', 'd', 'e', '\0',
+  /* "fruchtikus.net", true */ 'f', 'r', 'u', 'c', 'h', 't', 'i', 'k', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "frugalfamilyhome.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "frugalmechanic.com", true */ 'f', 'r', 'u', 'g', 'a', 'l', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "frugro.be", false */ 'f', 'r', 'u', 'g', 'r', 'o', '.', 'b', 'e', '\0',
+  /* "fruition.co.jp", true */ 'f', 'r', 'u', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "frusky.de", true */ 'f', 'r', 'u', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "frydrychit.cz", true */ 'f', 'r', 'y', 'd', 'r', 'y', 'c', 'h', 'i', 't', '.', 'c', 'z', '\0',
+  /* "fs-fitness.eu", true */ 'f', 's', '-', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'e', 'u', '\0',
+  /* "fs-maistadt.de", true */ 'f', 's', '-', 'm', 'a', 'i', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "fsbnh.bank", true */ 'f', 's', 'b', 'n', 'h', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "fsbpaintrock.com", true */ 'f', 's', 'b', 'p', 'a', 'i', 'n', 't', 'r', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fsbturton.com", true */ 'f', 's', 'b', 't', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fsck.cz", true */ 'f', 's', 'c', 'k', '.', 'c', 'z', '\0',
+  /* "fsck.jp", true */ 'f', 's', 'c', 'k', '.', 'j', 'p', '\0',
+  /* "fsckd.com", true */ 'f', 's', 'c', 'k', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fscott.de", true */ 'f', 's', 'c', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "fsf.moe", true */ 'f', 's', 'f', '.', 'm', 'o', 'e', '\0',
+  /* "fsk.fo", true */ 'f', 's', 'k', '.', 'f', 'o', '\0',
+  /* "fsky.info", true */ 'f', 's', 'k', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fsm2016.org", true */ 'f', 's', 'm', '2', '0', '1', '6', '.', 'o', 'r', 'g', '\0',
+  /* "fsps.ch", true */ 'f', 's', 'p', 's', '.', 'c', 'h', '\0',
+  /* "fstatic.io", true */ 'f', 's', 't', 'a', 't', 'i', 'c', '.', 'i', 'o', '\0',
+  /* "fsvt.ch", true */ 'f', 's', 'v', 't', '.', 'c', 'h', '\0',
+  /* "ftang.de", true */ 'f', 't', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ftc.gov", false */ 'f', 't', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ftccomplaintassistant.gov", true */ 'f', 't', 'c', 'c', 'o', 'm', 'p', 'l', 'a', 'i', 'n', 't', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "ftcefile.gov", true */ 'f', 't', 'c', 'e', 'f', 'i', 'l', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ftgho.com", true */ 'f', 't', 'g', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ftng.se", true */ 'f', 't', 'n', 'g', '.', 's', 'e', '\0',
+  /* "ftrsecure.com", true */ 'f', 't', 'r', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuchsy.com", true */ 'f', 'u', 'c', 'h', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "fuckav.ru", true */ 'f', 'u', 'c', 'k', 'a', 'v', '.', 'r', 'u', '\0',
+  /* "fuckcie.com", true */ 'f', 'u', 'c', 'k', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fucklife.ch", true */ 'f', 'u', 'c', 'k', 'l', 'i', 'f', 'e', '.', 'c', 'h', '\0',
+  /* "fuckyoupaypal.me", true */ 'f', 'u', 'c', 'k', 'y', 'o', 'u', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "fudanshi.org", true */ 'f', 'u', 'd', 'a', 'n', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "fuechschen.org", true */ 'f', 'u', 'e', 'c', 'h', 's', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "fuelingyourdreams.com", true */ 'f', 'u', 'e', 'l', 'i', 'n', 'g', 'y', 'o', 'u', 'r', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fugamo.de", true */ 'f', 'u', 'g', 'a', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "fuglede.dk", true */ 'f', 'u', 'g', 'l', 'e', 'd', 'e', '.', 'd', 'k', '\0',
+  /* "fuite.ch", true */ 'f', 'u', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "fuites.ch", true */ 'f', 'u', 'i', 't', 'e', 's', '.', 'c', 'h', '\0',
+  /* "fujianshipbuilding.com", true */ 'f', 'u', 'j', 'i', 'a', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "fujiwaraqol.com", true */ 'f', 'u', 'j', 'i', 'w', 'a', 'r', 'a', 'q', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "fukakukeiba.com", true */ 'f', 'u', 'k', 'a', 'k', 'u', 'k', 'e', 'i', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "fukuoka-cityliner.jp", true */ 'f', 'u', 'k', 'u', 'o', 'k', 'a', '-', 'c', 'i', 't', 'y', 'l', 'i', 'n', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "fukushimacoffee.com", true */ 'f', 'u', 'k', 'u', 's', 'h', 'i', 'm', 'a', 'c', 'o', 'f', 'f', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fulgenzis.com", true */ 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fuliwang.info", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "fuliwang.us", true */ 'f', 'u', 'l', 'i', 'w', 'a', 'n', 'g', '.', 'u', 's', '\0',
+  /* "fullautomotivo.com.br", true */ 'f', 'u', 'l', 'l', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fullbundle.com", true */ 'f', 'u', 'l', 'l', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fullhub.ru", true */ 'f', 'u', 'l', 'l', 'h', 'u', 'b', '.', 'r', 'u', '\0',
+  /* "fullmatch.net", true */ 'f', 'u', 'l', 'l', 'm', 'a', 't', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "fullstacknotes.com", true */ 'f', 'u', 'l', 'l', 's', 't', 'a', 'c', 'k', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "fumblers.ca", true */ 'f', 'u', 'm', 'b', 'l', 'e', 'r', 's', '.', 'c', 'a', '\0',
+  /* "fumerolles.ch", true */ 'f', 'u', 'm', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "fun-bounce.co.uk", true */ 'f', 'u', 'n', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun-tasia.co.uk", true */ 'f', 'u', 'n', '-', 't', 'a', 's', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun4kidzbouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'k', 'i', 'd', 'z', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fun4ubouncycastles.co.uk", true */ 'f', 'u', 'n', '4', 'u', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funandbounce.com", true */ 'f', 'u', 'n', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "funarena.com.ua", true */ 'f', 'u', 'n', 'a', 'r', 'e', 'n', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "funatic.nl", true */ 'f', 'u', 'n', 'a', 't', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "funbouncelincs.co.uk", true */ 'f', 'u', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'i', 'n', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funchestra.at", false */ 'f', 'u', 'n', 'c', 'h', 'e', 's', 't', 'r', 'a', '.', 'a', 't', '\0',
+  /* "functional.cc", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'c', '\0',
+  /* "functions-online.com", true */ 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fundacionfranciscofiasco.org", true */ 'f', 'u', 'n', 'd', 'a', 'c', 'i', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'i', 's', 'c', 'o', 'f', 'i', 'a', 's', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "fundayltd.com", true */ 'f', 'u', 'n', 'd', 'a', 'y', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "fundays.nl", true */ 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'n', 'l', '\0',
+  /* "fundchan.com", true */ 'f', 'u', 'n', 'd', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fundeego.com", true */ 'f', 'u', 'n', 'd', 'e', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "funderburg.me", true */ 'f', 'u', 'n', 'd', 'e', 'r', 'b', 'u', 'r', 'g', '.', 'm', 'e', '\0',
+  /* "fundingempire.com", true */ 'f', 'u', 'n', 'd', 'i', 'n', 'g', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fundort.ch", true */ 'f', 'u', 'n', 'd', 'o', 'r', 't', '.', 'c', 'h', '\0',
+  /* "funfactorleeds.co.uk", true */ 'f', 'u', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funfoodco.co.uk", true */ 'f', 'u', 'n', 'f', 'o', 'o', 'd', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funfunmstdn.tokyo", true */ 'f', 'u', 'n', 'f', 'u', 'n', 'm', 's', 't', 'd', 'n', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "funhouse-inflatables.co.uk", true */ 'f', 'u', 'n', 'h', 'o', 'u', 's', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funi4u.com", true */ 'f', 'u', 'n', 'i', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "funideas.org", true */ 'f', 'u', 'n', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "funinbeds.org.uk", true */ 'f', 'u', 'n', 'i', 'n', 'b', 'e', 'd', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "funken-networks.de", true */ 'f', 'u', 'n', 'k', 'e', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "funktionel.co", true */ 'f', 'u', 'n', 'k', 't', 'i', 'o', 'n', 'e', 'l', '.', 'c', 'o', '\0',
+  /* "funnelweb.xyz", true */ 'f', 'u', 'n', 'n', 'e', 'l', 'w', 'e', 'b', '.', 'x', 'y', 'z', '\0',
+  /* "funniestclip.com", true */ 'f', 'u', 'n', 'n', 'i', 'e', 's', 't', 'c', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "funny-joke-pictures.com", true */ 'f', 'u', 'n', 'n', 'y', '-', 'j', 'o', 'k', 'e', '-', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "funnybikini.com", true */ 'f', 'u', 'n', 'n', 'y', 'b', 'i', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "funoverip.net", true */ 'f', 'u', 'n', 'o', 'v', 'e', 'r', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "funtastic.ie", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', '.', 'i', 'e', '\0',
+  /* "funtasticinflatablesdurham.co.uk", true */ 'f', 'u', 'n', 't', 'a', 's', 't', 'i', 'c', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtime-inflatables.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtime.kiev.ua", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0',
+  /* "funtimebourne.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtimeentertainment.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "funtimesbouncycastles.co.uk", true */ 'f', 'u', 'n', 't', 'i', 'm', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "furgo.love", true */ 'f', 'u', 'r', 'g', 'o', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "furigana.info", true */ 'f', 'u', 'r', 'i', 'g', 'a', 'n', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "furkancaliskan.com", true */ 'f', 'u', 'r', 'k', 'a', 'n', 'c', 'a', 'l', 'i', 's', 'k', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "furkot.com", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "furkot.de", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'd', 'e', '\0',
+  /* "furkot.es", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'e', 's', '\0',
+  /* "furkot.fr", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'f', 'r', '\0',
+  /* "furkot.it", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'i', 't', '\0',
+  /* "furkot.pl", true */ 'f', 'u', 'r', 'k', 'o', 't', '.', 'p', 'l', '\0',
+  /* "furlan.co", true */ 'f', 'u', 'r', 'l', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "furnfurs.com", true */ 'f', 'u', 'r', 'n', 'f', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "furnitureconcept.co.uk", true */ 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "furry.agency", true */ 'f', 'u', 'r', 'r', 'y', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "furry.dk", true */ 'f', 'u', 'r', 'r', 'y', '.', 'd', 'k', '\0',
+  /* "furtivelook.com", true */ 'f', 'u', 'r', 't', 'i', 'v', 'e', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "fusa-miyamoto.jp", true */ 'f', 'u', 's', 'a', '-', 'm', 'i', 'y', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "fuseos.net", true */ 'f', 'u', 's', 'e', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "fushee.com", true */ 'f', 'u', 's', 'h', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuskator.com", true */ 'f', 'u', 's', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "fussball-xxl.de", true */ 'f', 'u', 's', 's', 'b', 'a', 'l', 'l', '-', 'x', 'x', 'l', '.', 'd', 'e', '\0',
+  /* "fussell.io", true */ 'f', 'u', 's', 's', 'e', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "futbolvivo.tv", true */ 'f', 'u', 't', 'b', 'o', 'l', 'v', 'i', 'v', 'o', '.', 't', 'v', '\0',
+  /* "futrou.com", true */ 'f', 'u', 't', 'r', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "futurefire.de", true */ 'f', 'u', 't', 'u', 'r', 'e', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "futurenda.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "futureoceans.org", true */ 'f', 'u', 't', 'u', 'r', 'e', 'o', 'c', 'e', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "futuresonline.com", true */ 'f', 'u', 't', 'u', 'r', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "futurezone.at", true */ 'f', 'u', 't', 'u', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'a', 't', '\0',
+  /* "futuristarchitecture.com", true */ 'f', 'u', 't', 'u', 'r', 'i', 's', 't', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "futurope.com", true */ 'f', 'u', 't', 'u', 'r', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fuwafuwa.moe", true */ 'f', 'u', 'w', 'a', 'f', 'u', 'w', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "fuxwerk.de", true */ 'f', 'u', 'x', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "fuyu.moe", true */ 'f', 'u', 'y', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "fuzoku.jp", true */ 'f', 'u', 'z', 'o', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "fuzzing-project.org", true */ 'f', 'u', 'z', 'z', 'i', 'n', 'g', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "fveevaete.com", true */ 'f', 'v', 'e', 'e', 'v', 'a', 'e', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fwdx.net", true */ 'f', 'w', 'd', 'x', '.', 'n', 'e', 't', '\0',
+  /* "fwei.tk", true */ 'f', 'w', 'e', 'i', '.', 't', 'k', '\0',
+  /* "fwest.ovh", true */ 'f', 'w', 'e', 's', 't', '.', 'o', 'v', 'h', '\0',
+  /* "fwest98.ovh", true */ 'f', 'w', 'e', 's', 't', '9', '8', '.', 'o', 'v', 'h', '\0',
+  /* "fwww7.com", true */ 'f', 'w', 'w', 'w', '7', '.', 'c', 'o', 'm', '\0',
+  /* "fx24.uk", true */ 'f', 'x', '2', '4', '.', 'u', 'k', '\0',
+  /* "fx5.de", true */ 'f', 'x', '5', '.', 'd', 'e', '\0',
+  /* "fxgame.online", true */ 'f', 'x', 'g', 'a', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "fxislamic.com", true */ 'f', 'x', 'i', 's', 'l', 'a', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "fxopen.co.uk", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "fxopen.com", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "fxopen.com.au", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "fxopen.com.br", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "fxopen.com.mx", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "fxopen.my", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'm', 'y', '\0',
+  /* "fxopen.ru", true */ 'f', 'x', 'o', 'p', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "fxp.co.il", false */ 'f', 'x', 'p', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "fxpig-ib.com", true */ 'f', 'x', 'p', 'i', 'g', '-', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fxtalk.cn", true */ 'f', 'x', 't', 'a', 'l', 'k', '.', 'c', 'n', '\0',
+  /* "fxthai.com", true */ 'f', 'x', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "fxtrade-lab.com", true */ 'f', 'x', 't', 'r', 'a', 'd', 'e', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "fyn.nl", true */ 'f', 'y', 'n', '.', 'n', 'l', '\0',
+  /* "fysesbjerg.dk", true */ 'f', 'y', 's', 'e', 's', 'b', 'j', 'e', 'r', 'g', '.', 'd', 'k', '\0',
+  /* "fysiotherapieholtenbroek.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'h', 'o', 'l', 't', 'e', 'n', 'b', 'r', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "fysiotherapierossum.nl", true */ 'f', 'y', 's', 'i', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', 'r', 'o', 's', 's', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "fysiovdberg.nl", true */ 'f', 'y', 's', 'i', 'o', 'v', 'd', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "fysuite.com", true */ 'f', 'y', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "fzbrweb.cz", true */ 'f', 'z', 'b', 'r', 'w', 'e', 'b', '.', 'c', 'z', '\0',
+  /* "fzx750.ru", true */ 'f', 'z', 'x', '7', '5', '0', '.', 'r', 'u', '\0',
+  /* "g-m-w.eu", true */ 'g', '-', 'm', '-', 'w', '.', 'e', 'u', '\0',
+  /* "g-o.pl", true */ 'g', '-', 'o', '.', 'p', 'l', '\0',
+  /* "g-rom.net", true */ 'g', '-', 'r', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "g01.in.ua", true */ 'g', '0', '1', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "g1.ie", true */ 'g', '1', '.', 'i', 'e', '\0',
+  /* "g10e.ch", true */ 'g', '1', '0', 'e', '.', 'c', 'h', '\0',
+  /* "g2-inc.com", false */ 'g', '2', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "g2links.com", true */ 'g', '2', 'l', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "g2pla.net", true */ 'g', '2', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "g2soft.net", true */ 'g', '2', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "g3dev.ch", true */ 'g', '3', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "g3rv4.com", true */ 'g', '3', 'r', 'v', '4', '.', 'c', 'o', 'm', '\0',
+  /* "g4w.co", true */ 'g', '4', 'w', '.', 'c', 'o', '\0',
+  /* "gaanbaksho.com.au", true */ 'g', 'a', 'a', 'n', 'b', 'a', 'k', 's', 'h', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gabemack.com", true */ 'g', 'a', 'b', 'e', 'm', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gabethebabetv.com", true */ 'g', 'a', 'b', 'e', 't', 'h', 'e', 'b', 'a', 'b', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "gabrielsimonet.ch", true */ 'g', 'a', 'b', 'r', 'i', 'e', 'l', 's', 'i', 'm', 'o', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "gachter.name", true */ 'g', 'a', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "gadabit.pl", true */ 'g', 'a', 'd', 'a', 'b', 'i', 't', '.', 'p', 'l', '\0',
+  /* "gadgethacks.com", true */ 'g', 'a', 'd', 'g', 'e', 't', 'h', 'a', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gaestehaus-monika.com", true */ 'g', 'a', 'e', 's', 't', 'e', 'h', 'a', 'u', 's', '-', 'm', 'o', 'n', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gaflooring.com", true */ 'g', 'a', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gafunds.com", true */ 'g', 'a', 'f', 'u', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gagne-enterprises.com", true */ 'g', 'a', 'g', 'n', 'e', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gagne.tk", true */ 'g', 'a', 'g', 'n', 'e', '.', 't', 'k', '\0',
+  /* "gagnerplusdargent.info", true */ 'g', 'a', 'g', 'n', 'e', 'r', 'p', 'l', 'u', 's', 'd', 'a', 'r', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gagniard.org", true */ 'g', 'a', 'g', 'n', 'i', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gagor.pl", true */ 'g', 'a', 'g', 'o', 'r', '.', 'p', 'l', '\0',
+  /* "gagygnole.ch", true */ 'g', 'a', 'g', 'y', 'g', 'n', 'o', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "gaichanh.com", true */ 'g', 'a', 'i', 'c', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gaichon.com", true */ 'g', 'a', 'i', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gaines-sodiamex.fr", true */ 'g', 'a', 'i', 'n', 'e', 's', '-', 's', 'o', 'd', 'i', 'a', 'm', 'e', 'x', '.', 'f', 'r', '\0',
+  /* "gaio-automobiles.fr", true */ 'g', 'a', 'i', 'o', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'f', 'r', '\0',
+  /* "gaireg.de", true */ 'g', 'a', 'i', 'r', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "gajas18.com", true */ 'g', 'a', 'j', 'a', 's', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "gakkainavi-epsilon.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '-', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "gakkainavi.net", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '.', 'n', 'e', 't', '\0',
+  /* "gakkainavi4.jp", true */ 'g', 'a', 'k', 'k', 'a', 'i', 'n', 'a', 'v', 'i', '4', '.', 'j', 'p', '\0',
+  /* "gaku-architect.com", true */ 'g', 'a', 'k', 'u', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "galactic-crew.org", true */ 'g', 'a', 'l', 'a', 'c', 't', 'i', 'c', '-', 'c', 'r', 'e', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "galak.ch", true */ 'g', 'a', 'l', 'a', 'k', '.', 'c', 'h', '\0',
+  /* "galerieautodirect.com", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 'a', 'u', 't', 'o', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "galeries.photo", true */ 'g', 'a', 'l', 'e', 'r', 'i', 'e', 's', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "galgoafegao.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'a', 'f', 'e', 'g', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galgoingles.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galgopersa.com.br", true */ 'g', 'a', 'l', 'g', 'o', 'p', 'e', 'r', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "galileanhome.org", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'a', 'n', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "galileomtz.com", true */ 'g', 'a', 'l', 'i', 'l', 'e', 'o', 'm', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "galinas-blog.de", true */ 'g', 'a', 'l', 'i', 'n', 'a', 's', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "galinos.gr", true */ 'g', 'a', 'l', 'i', 'n', 'o', 's', '.', 'g', 'r', '\0',
+  /* "gallerify.eu", true */ 'g', 'a', 'l', 'l', 'e', 'r', 'i', 'f', 'y', '.', 'e', 'u', '\0',
+  /* "gallicrooster.com", true */ 'g', 'a', 'l', 'l', 'i', 'c', 'r', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gallun-shop.com", true */ 'g', 'a', 'l', 'l', 'u', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "galpaoap.com.br", true */ 'g', 'a', 'l', 'p', 'a', 'o', 'a', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gamajo.com", true */ 'g', 'a', 'm', 'a', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gamberorosso.menu", true */ 'g', 'a', 'm', 'b', 'e', 'r', 'o', 'r', 'o', 's', 's', 'o', '.', 'm', 'e', 'n', 'u', '\0',
+  /* "gambetti.fr", true */ 'g', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'f', 'r', '\0',
+  /* "gambit.pro", true */ 'g', 'a', 'm', 'b', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "gambitboard.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gambitnash.co.uk", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gambitnash.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gambitprint.com", true */ 'g', 'a', 'm', 'b', 'i', 't', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamblersgaming.eu", true */ 'g', 'a', 'm', 'b', 'l', 'e', 'r', 's', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "game-files.net", false */ 'g', 'a', 'm', 'e', '-', 'f', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "game7.de", true */ 'g', 'a', 'm', 'e', '7', '.', 'd', 'e', '\0',
+  /* "gamebits.net", true */ 'g', 'a', 'm', 'e', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "gamebrott.com", true */ 'g', 'a', 'm', 'e', 'b', 'r', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamecard-shop.nl", true */ 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "gameclue.jp", true */ 'g', 'a', 'm', 'e', 'c', 'l', 'u', 'e', '.', 'j', 'p', '\0',
+  /* "gamecollector.be", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'o', 'r', '.', 'b', 'e', '\0',
+  /* "gameconservation.org.uk", true */ 'g', 'a', 'm', 'e', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "gamedevelopers.pl", true */ 'g', 'a', 'm', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', 's', '.', 'p', 'l', '\0',
+  /* "gamegix.com", true */ 'g', 'a', 'm', 'e', 'g', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gameguardian.net", true */ 'g', 'a', 'm', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "gameisbest.jp", true */ 'g', 'a', 'm', 'e', 'i', 's', 'b', 'e', 's', 't', '.', 'j', 'p', '\0',
+  /* "gamekeepers.cz", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'z', '\0',
+  /* "gamekeysuche.de", true */ 'g', 'a', 'm', 'e', 'k', 'e', 'y', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "gamenerd.net", true */ 'g', 'a', 'm', 'e', 'n', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "gameofbay.org", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "gameofpwnz.com", true */ 'g', 'a', 'm', 'e', 'o', 'f', 'p', 'w', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "gamepad.com.br", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gameparagon.info", true */ 'g', 'a', 'm', 'e', 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gamercredo.com", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gamercredo.net", true */ 'g', 'a', 'm', 'e', 'r', 'c', 'r', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0',
+  /* "gamerezo.com", true */ 'g', 'a', 'm', 'e', 'r', 'e', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "games4theworld.org", true */ 'g', 'a', 'm', 'e', 's', '4', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gameserver-sponsor.me", true */ 'g', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '-', 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "gameshowchallenge.ie", true */ 'g', 'a', 'm', 'e', 's', 'h', 'o', 'w', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'i', 'e', '\0',
+  /* "gamesplanet.com", true */ 'g', 'a', 'm', 'e', 's', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamestats.gg", true */ 'g', 'a', 'm', 'e', 's', 't', 'a', 't', 's', '.', 'g', 'g', '\0',
+  /* "gamhealth.net", true */ 'g', 'a', 'm', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "gamingexodus.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'e', 'x', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gamingrealms.net", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'a', 'l', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "gamingreinvented.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'r', 'e', 'i', 'n', 'v', 'e', 'n', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gamingwithcromulent.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'w', 'i', 't', 'h', 'c', 'r', 'o', 'm', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gamingzoneservers.com", true */ 'g', 'a', 'm', 'i', 'n', 'g', 'z', 'o', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gamishou.fr", true */ 'g', 'a', 'm', 'i', 's', 'h', 'o', 'u', '.', 'f', 'r', '\0',
+  /* "gamoloco.com", true */ 'g', 'a', 'm', 'o', 'l', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ganado.org", true */ 'g', 'a', 'n', 'a', 'd', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "gancedo.com.es", true */ 'g', 'a', 'n', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '.', 'e', 's', '\0',
+  /* "gandalfservice.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gandalfthefeline.com", true */ 'g', 'a', 'n', 'd', 'a', 'l', 'f', 't', 'h', 'e', 'f', 'e', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gandgliquors.com", true */ 'g', 'a', 'n', 'd', 'g', 'l', 'i', 'q', 'u', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ganhonet.com.br", true */ 'g', 'a', 'n', 'h', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ganztagplus.de", true */ 'g', 'a', 'n', 'z', 't', 'a', 'g', 'p', 'l', 'u', 's', '.', 'd', 'e', '\0',
+  /* "gapdirect.com", true */ 'g', 'a', 'p', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gapfa.org", true */ 'g', 'a', 'p', 'f', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "gaptek.id", false */ 'g', 'a', 'p', 't', 'e', 'k', '.', 'i', 'd', '\0',
+  /* "gar-nich.net", false */ 'g', 'a', 'r', '-', 'n', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "garage-door.pro", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'd', 'o', 'o', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "garage-leone.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'l', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garage-meynard.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', '-', 'm', 'e', 'y', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "garageenginuity.com", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'e', 'n', 'g', 'i', 'n', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "garagegoossens.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'g', 'o', 'o', 's', 's', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "garagemhermetica.org", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'm', 'h', 'e', 'r', 'm', 'e', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "garagevanhulle-used.be", true */ 'g', 'a', 'r', 'a', 'g', 'e', 'v', 'a', 'n', 'h', 'u', 'l', 'l', 'e', '-', 'u', 's', 'e', 'd', '.', 'b', 'e', '\0',
+  /* "garanteasy.com", true */ 'g', 'a', 'r', 'a', 'n', 't', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "garantieabschluss.de", false */ 'g', 'a', 'r', 'a', 'n', 't', 'i', 'e', 'a', 'b', 's', 'c', 'h', 'l', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "garbage-juice.com", true */ 'g', 'a', 'r', 'b', 'a', 'g', 'e', '-', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garciniacambogiareviewed.co", true */ 'g', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'c', 'a', 'm', 'b', 'o', 'g', 'i', 'a', 'r', 'e', 'v', 'i', 'e', 'w', 'e', 'd', '.', 'c', 'o', '\0',
+  /* "garda-see.mobi", true */ 'g', 'a', 'r', 'd', 'a', '-', 's', 'e', 'e', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "garden-life.org", true */ 'g', 'a', 'r', 'd', 'e', 'n', '-', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "gardencarezone.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'a', 'r', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gardengameshireuk.com", true */ 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 's', 'h', 'i', 'r', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "garderobche.eu", true */ 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', 'c', 'h', 'e', '.', 'e', 'u', '\0',
+  /* "gardikagigih.com", true */ 'g', 'a', 'r', 'd', 'i', 'k', 'a', 'g', 'i', 'g', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "garedtech.com", false */ 'g', 'a', 'r', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "garethrhugh.es", true */ 'g', 'a', 'r', 'e', 't', 'h', 'r', 'h', 'u', 'g', 'h', '.', 'e', 's', '\0',
+  /* "garfieldairlines.net", true */ 'g', 'a', 'r', 'f', 'i', 'e', 'l', 'd', 'a', 'i', 'r', 'l', 'i', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "gargazon.net", true */ 'g', 'a', 'r', 'g', 'a', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "garron.net", true */ 'g', 'a', 'r', 'r', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "gartenplanung-brendes.de", true */ 'g', 'a', 'r', 't', 'e', 'n', 'p', 'l', 'a', 'n', 'u', 'n', 'g', '-', 'b', 'r', 'e', 'n', 'd', 'e', 's', '.', 'd', 'e', '\0',
+  /* "garycarmell.com", true */ 'g', 'a', 'r', 'y', 'c', 'a', 'r', 'm', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "garycwaite.com", true */ 'g', 'a', 'r', 'y', 'c', 'w', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "garyjones.co.uk", true */ 'g', 'a', 'r', 'y', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "garystallman.com", true */ 'g', 'a', 'r', 'y', 's', 't', 'a', 'l', 'l', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "garywhittington.com", true */ 'g', 'a', 'r', 'y', 'w', 'h', 'i', 't', 't', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gastauftritt.net", true */ 'g', 'a', 's', 't', 'a', 'u', 'f', 't', 'r', 'i', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "gastoudererenda.nl", true */ 'g', 'a', 's', 't', 'o', 'u', 'd', 'e', 'r', 'e', 'r', 'e', 'n', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "gate2home.com", true */ 'g', 'a', 't', 'e', '2', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gateaucreation.fr", true */ 'g', 'a', 't', 'e', 'a', 'u', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "gatemoves.com", true */ 'g', 'a', 't', 'e', 'm', 'o', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gatewaybridal.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gatewaybronco.com", true */ 'g', 'a', 't', 'e', 'w', 'a', 'y', 'b', 'r', 'o', 'n', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gateworld.fr", true */ 'g', 'a', 't', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'f', 'r', '\0',
+  /* "gatilagata.com.br", true */ 'g', 'a', 't', 'i', 'l', 'a', 'g', 'a', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gatomix.net", true */ 'g', 'a', 't', 'o', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "gauche.com", true */ 'g', 'a', 'u', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gaussianwaves.com", true */ 'g', 'a', 'u', 's', 's', 'i', 'a', 'n', 'w', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gauthier.dk", true */ 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "gautvedt.no", true */ 'g', 'a', 'u', 't', 'v', 'e', 'd', 't', '.', 'n', 'o', '\0',
+  /* "gavick.com", false */ 'g', 'a', 'v', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gavins.stream", true */ 'g', 'a', 'v', 'i', 'n', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "gay-sissies.com", true */ 'g', 'a', 'y', '-', 's', 'i', 's', 's', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gaycc.cc", true */ 'g', 'a', 'y', 'c', 'c', '.', 'c', 'c', '\0',
+  /* "gayforgenji.com", true */ 'g', 'a', 'y', 'f', 'o', 'r', 'g', 'e', 'n', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gaysfisting.com", true */ 'g', 'a', 'y', 's', 'f', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gaytorrent.ru", true */ 'g', 'a', 'y', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'r', 'u', '\0',
+  /* "gayxsite.com", true */ 'g', 'a', 'y', 'x', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gazee.net", true */ 'g', 'a', 'z', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gazellegames.net", false */ 'g', 'a', 'z', 'e', 'l', 'l', 'e', 'g', 'a', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "gazette.govt.nz", true */ 'g', 'a', 'z', 'e', 't', 't', 'e', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "gazflynn.com", true */ 'g', 'a', 'z', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gbc-radio.nl", true */ 'g', 'b', 'c', '-', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "gbcsummercamps.com", true */ 'g', 'b', 'c', 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gbit.xyz", true */ 'g', 'b', 'i', 't', '.', 'x', 'y', 'z', '\0',
+  /* "gbl.selfip.net", true */ 'g', 'b', 'l', '.', 's', 'e', 'l', 'f', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "gboys.net", true */ 'g', 'b', 'o', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "gc-mc.de", true */ 'g', 'c', '-', 'm', 'c', '.', 'd', 'e', '\0',
+  /* "gc.gy", true */ 'g', 'c', '.', 'g', 'y', '\0',
+  /* "gcbit.dk", true */ 'g', 'c', 'b', 'i', 't', '.', 'd', 'k', '\0',
+  /* "gchp.ie", true */ 'g', 'c', 'h', 'p', '.', 'i', 'e', '\0',
+  /* "gchq.wtf", true */ 'g', 'c', 'h', 'q', '.', 'w', 't', 'f', '\0',
+  /* "gcs-ventures.com", true */ 'g', 'c', 's', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gcsepod.com", true */ 'g', 'c', 's', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gdax.com", true */ 'g', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gdb-tutorial.net", true */ 'g', 'd', 'b', '-', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "gdgrzeszow.pl", true */ 'g', 'd', 'g', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0',
+  /* "gdiary.net", true */ 'g', 'd', 'i', 'a', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gdoce.es", false */ 'g', 'd', 'o', 'c', 'e', '.', 'e', 's', '\0',
+  /* "gdutnic.com", true */ 'g', 'd', 'u', 't', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "gdv.me", true */ 'g', 'd', 'v', '.', 'm', 'e', '\0',
+  /* "gdz-spishy.com", true */ 'g', 'd', 'z', '-', 's', 'p', 'i', 's', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gdz.tv", true */ 'g', 'd', 'z', '.', 't', 'v', '\0',
+  /* "ge3k.net", false */ 'g', 'e', '3', 'k', '.', 'n', 'e', 't', '\0',
+  /* "gear-acquisition-syndrome.community", true */ 'g', 'e', 'a', 'r', '-', 'a', 'c', 'q', 'u', 'i', 's', 'i', 't', 'i', 'o', 'n', '-', 's', 'y', 'n', 'd', 'r', 'o', 'm', 'e', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "gearev.net", true */ 'g', 'e', 'a', 'r', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "gearfinder.nl", true */ 'g', 'e', 'a', 'r', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "gearset.com", true */ 'g', 'e', 'a', 'r', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "geaskb.nl", true */ 'g', 'e', 'a', 's', 'k', 'b', '.', 'n', 'l', '\0',
+  /* "geass.xyz", true */ 'g', 'e', 'a', 's', 's', '.', 'x', 'y', 'z', '\0',
+  /* "geblitzt.de", true */ 'g', 'e', 'b', 'l', 'i', 't', 'z', 't', '.', 'd', 'e', '\0',
+  /* "geboortestoeltje.com", true */ 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 's', 't', 'o', 'e', 'l', 't', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geborgen-wachsen.de", true */ 'g', 'e', 'b', 'o', 'r', 'g', 'e', 'n', '-', 'w', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gebruikershandleiding.com", true */ 'g', 'e', 'b', 'r', 'u', 'i', 'k', 'e', 'r', 's', 'h', 'a', 'n', 'd', 'l', 'e', 'i', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gecem.org", true */ 'g', 'e', 'c', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "gechr.io", true */ 'g', 'e', 'c', 'h', 'r', '.', 'i', 'o', '\0',
+  /* "gedankenworks.com", true */ 'g', 'e', 'd', 'a', 'n', 'k', 'e', 'n', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geder.at", true */ 'g', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "gedlingcastlehire.co.uk", true */ 'g', 'e', 'd', 'l', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gee.is", true */ 'g', 'e', 'e', '.', 'i', 's', '\0',
+  /* "geek-hub.de", true */ 'g', 'e', 'e', 'k', '-', 'h', 'u', 'b', '.', 'd', 'e', '\0',
+  /* "geek.ch", true */ 'g', 'e', 'e', 'k', '.', 'c', 'h', '\0',
+  /* "geekabit.nl", true */ 'g', 'e', 'e', 'k', 'a', 'b', 'i', 't', '.', 'n', 'l', '\0',
+  /* "geekandi.com", true */ 'g', 'e', 'e', 'k', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "geekariom.com", true */ 'g', 'e', 'e', 'k', 'a', 'r', 'i', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "geekbundle.org", false */ 'g', 'e', 'e', 'k', 'b', 'u', 'n', 'd', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "geekchimp.com", true */ 'g', 'e', 'e', 'k', 'c', 'h', 'i', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "geekclubbooks.com", true */ 'g', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geeklair.net", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'i', 'r', '.', 'n', 'e', 't', '\0',
+  /* "geeklan.co.uk", true */ 'g', 'e', 'e', 'k', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "geekles.net", true */ 'g', 'e', 'e', 'k', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "geeknik.com", true */ 'g', 'e', 'e', 'k', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "geekpad.com", true */ 'g', 'e', 'e', 'k', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geeks.one", true */ 'g', 'e', 'e', 'k', 's', '.', 'o', 'n', 'e', '\0',
+  /* "geekshirts.cz", true */ 'g', 'e', 'e', 'k', 's', 'h', 'i', 'r', 't', 's', '.', 'c', 'z', '\0',
+  /* "geektopia.es", true */ 'g', 'e', 'e', 'k', 't', 'o', 'p', 'i', 'a', '.', 'e', 's', '\0',
+  /* "geekwhack.org", true */ 'g', 'e', 'e', 'k', 'w', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "geekwithabudget.com", true */ 'g', 'e', 'e', 'k', 'w', 'i', 't', 'h', 'a', 'b', 'u', 'd', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "geekwu.org", true */ 'g', 'e', 'e', 'k', 'w', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "geekz.sk", true */ 'g', 'e', 'e', 'k', 'z', '.', 's', 'k', '\0',
+  /* "geekzone.co.nz", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "geekzone.fr", true */ 'g', 'e', 'e', 'k', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "geeq.ch", true */ 'g', 'e', 'e', 'q', '.', 'c', 'h', '\0',
+  /* "geerdsen.net", true */ 'g', 'e', 'e', 'r', 'd', 's', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "geertdegraaf.nl", true */ 'g', 'e', 'e', 'r', 't', 'd', 'e', 'g', 'r', 'a', 'a', 'f', '.', 'n', 'l', '\0',
+  /* "geertswei.nl", true */ 'g', 'e', 'e', 'r', 't', 's', 'w', 'e', 'i', '.', 'n', 'l', '\0',
+  /* "gegeco.ch", true */ 'g', 'e', 'g', 'e', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "geh.li", true */ 'g', 'e', 'h', '.', 'l', 'i', '\0',
+  /* "gehaowu.com", true */ 'g', 'e', 'h', 'a', 'o', 'w', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gehopft.de", true */ 'g', 'e', 'h', 'o', 'p', 'f', 't', '.', 'd', 'e', '\0',
+  /* "gehreslaw.com", true */ 'g', 'e', 'h', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gehrke.in", true */ 'g', 'e', 'h', 'r', 'k', 'e', '.', 'i', 'n', '\0',
+  /* "gehsicht.de", true */ 'g', 'e', 'h', 's', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "geiser-family.ch", true */ 'g', 'e', 'i', 's', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "geiser.io", true */ 'g', 'e', 'i', 's', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "gelb-computer.de", true */ 'g', 'e', 'l', 'b', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "geld-im-blick.de", true */ 'g', 'e', 'l', 'd', '-', 'i', 'm', '-', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "geld24.nl", true */ 'g', 'e', 'l', 'd', '2', '4', '.', 'n', 'l', '\0',
+  /* "geldimblick.de", true */ 'g', 'e', 'l', 'd', 'i', 'm', 'b', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "geldteveel.eu", true */ 'g', 'e', 'l', 'd', 't', 'e', 'v', 'e', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "geleenbeekdal.nl", true */ 'g', 'e', 'l', 'e', 'e', 'n', 'b', 'e', 'e', 'k', 'd', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "geleia-real.com", true */ 'g', 'e', 'l', 'e', 'i', 'a', '-', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gelis.ch", true */ 'g', 'e', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "gelodosul.com.br", true */ 'g', 'e', 'l', 'o', 'd', 'o', 's', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gelog-software.de", false */ 'g', 'e', 'l', 'o', 'g', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "geloofindemocratie.nl", true */ 'g', 'e', 'l', 'o', 'o', 'f', 'i', 'n', 'd', 'e', 'm', 'o', 'c', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "geluidsstudio.com", true */ 'g', 'e', 'l', 'u', 'i', 'd', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gem-indonesia.net", false */ 'g', 'e', 'm', '-', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "gem-info.fr", true */ 'g', 'e', 'm', '-', 'i', 'n', 'f', 'o', '.', 'f', 'r', '\0',
+  /* "gemeentemolenwaard.nl", true */ 'g', 'e', 'm', 'e', 'e', 'n', 't', 'e', 'm', 'o', 'l', 'e', 'n', 'w', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "gemeinfreie-lieder.de", true */ 'g', 'e', 'm', 'e', 'i', 'n', 'f', 'r', 'e', 'i', 'e', '-', 'l', 'i', 'e', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gemini.com", true */ 'g', 'e', 'm', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gemquery.com", true */ 'g', 'e', 'm', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gencmedya.com", true */ 'g', 'e', 'n', 'c', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gendrin.com", true */ 'g', 'e', 'n', 'd', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gendundrupa.ch", true */ 'g', 'e', 'n', 'd', 'u', 'n', 'd', 'r', 'u', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "gene-drive.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gene-drives.com", true */ 'g', 'e', 'n', 'e', '-', 'd', 'r', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genealorand.com", true */ 'g', 'e', 'n', 'e', 'a', 'l', 'o', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geneau.net", true */ 'g', 'e', 'n', 'e', 'a', 'u', '.', 'n', 'e', 't', '\0',
+  /* "genehightower.com", true */ 'g', 'e', 'n', 'e', 'h', 'i', 'g', 'h', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "genehome.com.au", true */ 'g', 'e', 'n', 'e', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "genemesservwparts.com", true */ 'g', 'e', 'n', 'e', 'm', 'e', 's', 's', 'e', 'r', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "general-anaesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "general-anaesthetics.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "general-anesthesia.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', '-', 'a', 'n', 'e', 's', 't', 'h', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "generali-worldwide.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'i', '-', 'w', 'o', 'r', 'l', 'd', 'w', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "generalpants.com.au", true */ 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'p', 'a', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "generationgoat.com", true */ 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "generic.cx", true */ 'g', 'e', 'n', 'e', 'r', 'i', 'c', '.', 'c', 'x', '\0',
+  /* "genesiseureka.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'e', 'u', 'r', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "genesismachina.ca", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'a', '\0',
+  /* "genesistrading.com", true */ 'g', 'e', 'n', 'e', 's', 'i', 's', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genetargetsolutions.com.au", true */ 'g', 'e', 'n', 'e', 't', 'a', 'r', 'g', 'e', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "genetidyne.com", true */ 'g', 'e', 'n', 'e', 't', 'i', 'd', 'y', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geneve-naturisme.ch", true */ 'g', 'e', 'n', 'e', 'v', 'e', '-', 'n', 'a', 't', 'u', 'r', 'i', 's', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "genevoise-entretien.ch", true */ 'g', 'e', 'n', 'e', 'v', 'o', 'i', 's', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "genfaerd.dk", true */ 'g', 'e', 'n', 'f', 'a', 'e', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "genia-life.de", true */ 'g', 'e', 'n', 'i', 'a', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "genie-seiner-generation.de", true */ 'g', 'e', 'n', 'i', 'e', '-', 's', 'e', 'i', 'n', 'e', 'r', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "geniusteacher.in", true */ 'g', 'e', 'n', 'i', 'u', 's', 't', 'e', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "geniuszone.biz", true */ 'g', 'e', 'n', 'i', 'u', 's', 'z', 'o', 'n', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "genneve.com", true */ 'g', 'e', 'n', 'n', 'e', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "genomequestlive.com", true */ 'g', 'e', 'n', 'o', 'm', 'e', 'q', 'u', 'e', 's', 't', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "genoog.com", true */ 'g', 'e', 'n', 'o', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genosse-einhorn.de", true */ 'g', 'e', 'n', 'o', 's', 's', 'e', '-', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "gensend.com", true */ 'g', 'e', 'n', 's', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gensenwedding.jp", true */ 'g', 'e', 'n', 's', 'e', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "genshiken-itb.org", true */ 'g', 'e', 'n', 's', 'h', 'i', 'k', 'e', 'n', '-', 'i', 't', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "genslerapps.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genslerwisp.com", true */ 'g', 'e', 'n', 's', 'l', 'e', 'r', 'w', 'i', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gensonline.eu", true */ 'g', 'e', 'n', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "gentianes.ch", true */ 'g', 'e', 'n', 't', 'i', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "gentoo-blog.de", true */ 'g', 'e', 'n', 't', 'o', 'o', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "genusshotel-riegersburg.at", true */ 'g', 'e', 'n', 'u', 's', 's', 'h', 'o', 't', 'e', 'l', '-', 'r', 'i', 'e', 'g', 'e', 'r', 's', 'b', 'u', 'r', 'g', '.', 'a', 't', '\0',
+  /* "genuxtsg.com", true */ 'g', 'e', 'n', 'u', 'x', 't', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "genxbeats.com", true */ 'g', 'e', 'n', 'x', 'b', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "genxnotes.com", true */ 'g', 'e', 'n', 'x', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geocommunicator.gov", true */ 'g', 'e', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "geoffanderinmyers.com", true */ 'g', 'e', 'o', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 'i', 'n', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geoffmyers.com", false */ 'g', 'e', 'o', 'f', 'f', 'm', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geofox.org", true */ 'g', 'e', 'o', 'f', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "geoip.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "geoip.stg.fedoraproject.org", true */ 'g', 'e', 'o', 'i', 'p', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "geolad.com", false */ 'g', 'e', 'o', 'l', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "geometra.roma.it", true */ 'g', 'e', 'o', 'm', 'e', 't', 'r', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "geoport.al", true */ 'g', 'e', 'o', 'p', 'o', 'r', 't', '.', 'a', 'l', '\0',
+  /* "george-orwell.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', '-', 'o', 'r', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "georgehalachev.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'h', 'a', 'l', 'a', 'c', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "georgemaschke.com", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "georgemaschke.net", true */ 'g', 'e', 'o', 'r', 'g', 'e', 'm', 'a', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "georgiaglassrepair.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 'g', 'l', 'a', 's', 's', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "georgiastuartyoga.co.uk", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'a', 's', 't', 'u', 'a', 'r', 't', 'y', 'o', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "georgioskontaxis.com", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "georgioskontaxis.net", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "georgioskontaxis.org", true */ 'g', 'e', 'o', 'r', 'g', 'i', 'o', 's', 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "georgmayer.eu", true */ 'g', 'e', 'o', 'r', 'g', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "geoscan.aero", true */ 'g', 'e', 'o', 's', 'c', 'a', 'n', '.', 'a', 'e', 'r', 'o', '\0',
+  /* "geoscope.ch", true */ 'g', 'e', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'h', '\0',
+  /* "geosphereservices.com", true */ 'g', 'e', 'o', 's', 'p', 'h', 'e', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "geotab.com", true */ 'g', 'e', 'o', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "geraintwhite.co.uk", true */ 'g', 'e', 'r', 'a', 'i', 'n', 't', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gerald-zojer.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', '-', 'z', 'o', 'j', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "geraldsonrealty.com", true */ 'g', 'e', 'r', 'a', 'l', 'd', 's', 'o', 'n', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gerardobsd.com", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'b', 's', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gerardozamudio.mx", true */ 'g', 'e', 'r', 'a', 'r', 'd', 'o', 'z', 'a', 'm', 'u', 'd', 'i', 'o', '.', 'm', 'x', '\0',
+  /* "germandarknes.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 'd', 'a', 'r', 'k', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "germansoldiers.net", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 'o', 'l', 'd', 'i', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "germanssky.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 's', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "germanticz.de", true */ 'g', 'e', 'r', 'm', 'a', 'n', 't', 'i', 'c', 'z', '.', 'd', 'e', '\0',
+  /* "gernert-server.de", true */ 'g', 'e', 'r', 'n', 'e', 'r', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gero.io", true */ 'g', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "gerritcodereview.com", true */ 'g', 'e', 'r', 'r', 'i', 't', 'c', 'o', 'd', 'e', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gers-authentique.com", true */ 'g', 'e', 'r', 's', '-', 'a', 'u', 't', 'h', 'e', 'n', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gerum.dynv6.net", true */ 'g', 'e', 'r', 'u', 'm', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "gerwinvanderkamp.nl", true */ 'g', 'e', 'r', 'w', 'i', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0',
+  /* "ges-bo.de", true */ 'g', 'e', 's', '-', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "geschmacksache.online", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'a', 'c', 'h', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "geschmackspiloten.de", true */ 'g', 'e', 's', 'c', 'h', 'm', 'a', 'c', 'k', 's', 'p', 'i', 'l', 'o', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "geschwinder.net", true */ 'g', 'e', 's', 'c', 'h', 'w', 'i', 'n', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gestormensajeria.com", true */ 'g', 'e', 's', 't', 'o', 'r', 'm', 'e', 'n', 's', 'a', 'j', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "get-asterisk.ru", true */ 'g', 'e', 't', '-', 'a', 's', 't', 'e', 'r', 'i', 's', 'k', '.', 'r', 'u', '\0',
+  /* "get-erp.ru", true */ 'g', 'e', 't', '-', 'e', 'r', 'p', '.', 'r', 'u', '\0',
+  /* "get-it-live.com", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "get-it-live.de", true */ 'g', 'e', 't', '-', 'i', 't', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "get-link.info", true */ 'g', 'e', 't', '-', 'l', 'i', 'n', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "get-on.bid", true */ 'g', 'e', 't', '-', 'o', 'n', '.', 'b', 'i', 'd', '\0',
+  /* "get-refer.com", true */ 'g', 'e', 't', '-', 'r', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "get4x.com", true */ 'g', 'e', 't', '4', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "getbox.me", true */ 'g', 'e', 't', 'b', 'o', 'x', '.', 'm', 'e', '\0',
+  /* "getbutterfly.com", true */ 'g', 'e', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "getcloak.com", false */ 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getcolq.com", true */ 'g', 'e', 't', 'c', 'o', 'l', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "getdash.io", true */ 'g', 'e', 't', 'd', 'a', 's', 'h', '.', 'i', 'o', '\0',
+  /* "getdigitized.net", true */ 'g', 'e', 't', 'd', 'i', 'g', 'i', 't', 'i', 'z', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "geteckeld.nl", true */ 'g', 'e', 't', 'e', 'c', 'k', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "geterp.ru", true */ 'g', 'e', 't', 'e', 'r', 'p', '.', 'r', 'u', '\0',
+  /* "getfedora.org", true */ 'g', 'e', 't', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "getfirstalert.com", true */ 'g', 'e', 't', 'f', 'i', 'r', 's', 't', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "getfittedstore.com", true */ 'g', 'e', 't', 'f', 'i', 't', 't', 'e', 'd', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getflorence.co.uk", true */ 'g', 'e', 't', 'f', 'l', 'o', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getfuturama.com", true */ 'g', 'e', 't', 'f', 'u', 't', 'u', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gethow.org", true */ 'g', 'e', 't', 'h', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "gethttpsforfree.com", true */ 'g', 'e', 't', 'h', 't', 't', 'p', 's', 'f', 'o', 'r', 'f', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "geti2p.com", true */ 'g', 'e', 't', 'i', '2', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "getidmcc.com", true */ 'g', 'e', 't', 'i', 'd', 'm', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "getitlive.de", true */ 'g', 'e', 't', 'i', 't', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "getitpeople.com", true */ 'g', 'e', 't', 'i', 't', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getmango.com", true */ 'g', 'e', 't', 'm', 'a', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "getmdl.io", true */ 'g', 'e', 't', 'm', 'd', 'l', '.', 'i', 'o', '\0',
+  /* "getmerch.eu", true */ 'g', 'e', 't', 'm', 'e', 'r', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "getnib.com", true */ 'g', 'e', 't', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "getnikola.com", true */ 'g', 'e', 't', 'n', 'i', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "geto.ml", true */ 'g', 'e', 't', 'o', '.', 'm', 'l', '\0',
+  /* "getoutofdebt.org", true */ 'g', 'e', 't', 'o', 'u', 't', 'o', 'f', 'd', 'e', 'b', 't', '.', 'o', 'r', 'g', '\0',
+  /* "getpost.online", true */ 'g', 'e', 't', 'p', 'o', 's', 't', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "getpuck.com", true */ 'g', 'e', 't', 'p', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getrambling.com", true */ 'g', 'e', 't', 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "getresilience.org", true */ 'g', 'e', 't', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "getsecure.nl", true */ 'g', 'e', 't', 's', 'e', 'c', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "getsensibill.com", true */ 'g', 'e', 't', 's', 'e', 'n', 's', 'i', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "getsetbounce.co.uk", true */ 'g', 'e', 't', 's', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getsetupfile.com", true */ 'g', 'e', 't', 's', 'e', 't', 'u', 'p', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getshifter.io", true */ 'g', 'e', 't', 's', 'h', 'i', 'f', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "getsilknow.com", true */ 'g', 'e', 't', 's', 'i', 'l', 'k', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "getspire.com", true */ 'g', 'e', 't', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "getsport.mobi", true */ 'g', 'e', 't', 's', 'p', 'o', 'r', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "getsubs.net", true */ 'g', 'e', 't', 's', 'u', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "getswadeshi.com", true */ 'g', 'e', 't', 's', 'w', 'a', 'd', 'e', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "getticker.com", true */ 'g', 'e', 't', 't', 'i', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "getts.ro", true */ 'g', 'e', 't', 't', 's', '.', 'r', 'o', '\0',
+  /* "getupandbounce.co.uk", true */ 'g', 'e', 't', 'u', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "getvdownloader.com", true */ 'g', 'e', 't', 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "getwisdom.io", true */ 'g', 'e', 't', 'w', 'i', 's', 'd', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "getwpd.com", false */ 'g', 'e', 't', 'w', 'p', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "getyeflask.com", true */ 'g', 'e', 't', 'y', 'e', 'f', 'l', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "getyou.onl", true */ 'g', 'e', 't', 'y', 'o', 'u', '.', 'o', 'n', 'l', '\0',
+  /* "getyourlifestraight.com", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', 's', 't', 'r', 'a', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "getyourphix.tk", true */ 'g', 'e', 't', 'y', 'o', 'u', 'r', 'p', 'h', 'i', 'x', '.', 't', 'k', '\0',
+  /* "geyduschek.be", true */ 'g', 'e', 'y', 'd', 'u', 's', 'c', 'h', 'e', 'k', '.', 'b', 'e', '\0',
+  /* "gfast.ru", true */ 'g', 'f', 'a', 's', 't', '.', 'r', 'u', '\0',
+  /* "gfcleisure.co.uk", true */ 'g', 'f', 'c', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gfk-kunststoff-luebben.de", true */ 'g', 'f', 'k', '-', 'k', 'u', 'n', 's', 't', 's', 't', 'o', 'f', 'f', '-', 'l', 'u', 'e', 'b', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gflame.de", true */ 'g', 'f', 'l', 'a', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "gflclan.ru", true */ 'g', 'f', 'l', 'c', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "gforce.ninja", true */ 'g', 'f', 'o', 'r', 'c', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "gfoss.eu", true */ 'g', 'f', 'o', 's', 's', '.', 'e', 'u', '\0',
+  /* "gfournier.ca", true */ 'g', 'f', 'o', 'u', 'r', 'n', 'i', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "gfxbench.com", true */ 'g', 'f', 'x', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ggdcpt.com", true */ 'g', 'g', 'd', 'c', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gginin.today", true */ 'g', 'g', 'i', 'n', 'i', 'n', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "ggl-luzern.ch", true */ 'g', 'g', 'l', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "ggma.co.uk", true */ 'g', 'g', 'm', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ggmmontascale.it", true */ 'g', 'g', 'm', 'm', 'o', 'n', 't', 'a', 's', 'c', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "ggp2.com", true */ 'g', 'g', 'p', '2', '.', 'c', 'o', 'm', '\0',
+  /* "ggs-marschallstrasse.de", true */ 'g', 'g', 's', '-', 'm', 'a', 'r', 's', 'c', 'h', 'a', 'l', 'l', 's', 't', 'r', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "ggs.jp", true */ 'g', 'g', 's', '.', 'j', 'p', '\0',
+  /* "ggservers.com", true */ 'g', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ggx.us", true */ 'g', 'g', 'x', '.', 'u', 's', '\0',
+  /* "gh16.com.ar", true */ 'g', 'h', '1', '6', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "gha.st", true */ 'g', 'h', 'a', '.', 's', 't', '\0',
+  /* "ghaglund.se", true */ 'g', 'h', 'a', 'g', 'l', 'u', 'n', 'd', '.', 's', 'e', '\0',
+  /* "ghcif.de", true */ 'g', 'h', 'c', 'i', 'f', '.', 'd', 'e', '\0',
+  /* "ghislainphu.fr", true */ 'g', 'h', 'i', 's', 'l', 'a', 'i', 'n', 'p', 'h', 'u', '.', 'f', 'r', '\0',
+  /* "ghostblog.info", true */ 'g', 'h', 'o', 's', 't', 'b', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ghostcir.com", true */ 'g', 'h', 'o', 's', 't', 'c', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ghrelinblocker.info", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ghrelinblocker.org", true */ 'g', 'h', 'r', 'e', 'l', 'i', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "giacomodrago.com", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "giacomodrago.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'd', 'r', 'a', 'g', 'o', '.', 'i', 't', '\0',
+  /* "giacomopelagatti.it", true */ 'g', 'i', 'a', 'c', 'o', 'm', 'o', 'p', 'e', 'l', 'a', 'g', 'a', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "gianproperties.com", true */ 'g', 'i', 'a', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "giant-panda.com", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "giant-powerfit.co.uk", true */ 'g', 'i', 'a', 'n', 't', '-', 'p', 'o', 'w', 'e', 'r', 'f', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giant-tortoise.com", true */ 'g', 'i', 'a', 'n', 't', '-', 't', 'o', 'r', 't', 'o', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gianttree.de", true */ 'g', 'i', 'a', 'n', 't', 't', 'r', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "giardinaggio.milano.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'm', 'i', 'l', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "giardinaggio.napoli.it", true */ 'g', 'i', 'a', 'r', 'd', 'i', 'n', 'a', 'g', 'g', 'i', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "gibraltar.at", true */ 'g', 'i', 'b', 'r', 'a', 'l', 't', 'a', 'r', '.', 'a', 't', '\0',
+  /* "gichigamigames.com", true */ 'g', 'i', 'c', 'h', 'i', 'g', 'a', 'm', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "giddyaunt.net", true */ 'g', 'i', 'd', 'd', 'y', 'a', 'u', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "giduv.com", true */ 'g', 'i', 'd', 'u', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "gierds.de", true */ 'g', 'i', 'e', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "giftedconsortium.com", true */ 'g', 'i', 'f', 't', 'e', 'd', 'c', 'o', 'n', 's', 'o', 'r', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "giftking.nl", false */ 'g', 'i', 'f', 't', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "giftmaniabrilhos.com.br", true */ 'g', 'i', 'f', 't', 'm', 'a', 'n', 'i', 'a', 'b', 'r', 'i', 'l', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gifts365.co.uk", true */ 'g', 'i', 'f', 't', 's', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giftsn.com.sg", false */ 'g', 'i', 'f', 't', 's', 'n', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "gig.ru", false */ 'g', 'i', 'g', '.', 'r', 'u', '\0',
+  /* "giga.nl", true */ 'g', 'i', 'g', 'a', '.', 'n', 'l', '\0',
+  /* "gigantism.com", true */ 'g', 'i', 'g', 'a', 'n', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "gigawa.lt", true */ 'g', 'i', 'g', 'a', 'w', 'a', '.', 'l', 't', '\0',
+  /* "gigawattz.com", true */ 'g', 'i', 'g', 'a', 'w', 'a', 't', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "giggletotz.co.uk", true */ 'g', 'i', 'g', 'g', 'l', 'e', 't', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gigiscloud.servebeer.com", true */ 'g', 'i', 'g', 'i', 's', 'c', 'l', 'o', 'u', 'd', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "giglink.club", true */ 'g', 'i', 'g', 'l', 'i', 'n', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "gigolodavid.be", true */ 'g', 'i', 'g', 'o', 'l', 'o', 'd', 'a', 'v', 'i', 'd', '.', 'b', 'e', '\0',
+  /* "gigtroll.eu", true */ 'g', 'i', 'g', 't', 'r', 'o', 'l', 'l', '.', 'e', 'u', '\0',
+  /* "gijsbertus.com", true */ 'g', 'i', 'j', 's', 'b', 'e', 'r', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gikovatelojavirtual.com.br", true */ 'g', 'i', 'k', 'o', 'v', 'a', 't', 'e', 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gilangcp.com", true */ 'g', 'i', 'l', 'a', 'n', 'g', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gileadpac.com", true */ 'g', 'i', 'l', 'e', 'a', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "giliamor.com", true */ 'g', 'i', 'l', 'i', 'a', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gillesdesnoyers.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'd', 'e', 's', 'n', 'o', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gillesmorelle.com", true */ 'g', 'i', 'l', 'l', 'e', 's', 'm', 'o', 'r', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gillmanandsoame.co.uk", true */ 'g', 'i', 'l', 'l', 'm', 'a', 'n', 'a', 'n', 'd', 's', 'o', 'a', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gillyscastles.co.uk", true */ 'g', 'i', 'l', 'l', 'y', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gilmoreid.com.au", true */ 'g', 'i', 'l', 'm', 'o', 'r', 'e', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gilnet.be", true */ 'g', 'i', 'l', 'n', 'e', 't', '.', 'b', 'e', '\0',
+  /* "ginie.de", true */ 'g', 'i', 'n', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ginionusedcars.be", true */ 'g', 'i', 'n', 'i', 'o', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "ginja.co.th", true */ 'g', 'i', 'n', 'j', 'a', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "ginkel.com", true */ 'g', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ginnegappen.nl", true */ 'g', 'i', 'n', 'n', 'e', 'g', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "ginniemae.gov", true */ 'g', 'i', 'n', 'n', 'i', 'e', 'm', 'a', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ginzadelunch.jp", true */ 'g', 'i', 'n', 'z', 'a', 'd', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'j', 'p', '\0',
+  /* "giochi-online.ws", true */ 'g', 'i', 'o', 'c', 'h', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'w', 's', '\0',
+  /* "giochiecodici.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 'e', 'c', 'o', 'd', 'i', 'c', 'i', '.', 'i', 't', '\0',
+  /* "giochistem.it", true */ 'g', 'i', 'o', 'c', 'h', 'i', 's', 't', 'e', 'm', '.', 'i', 't', '\0',
+  /* "gioielleriamolena.com", true */ 'g', 'i', 'o', 'i', 'e', 'l', 'l', 'e', 'r', 'i', 'a', 'm', 'o', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gip-carif-idf.net", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "gip-carif-idf.org", true */ 'g', 'i', 'p', '-', 'c', 'a', 'r', 'i', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "giraffeinflatables.co.uk", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "giraffes.org", true */ 'g', 'i', 'r', 'a', 'f', 'f', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "giri.co", true */ 'g', 'i', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "girlan.net", true */ 'g', 'i', 'r', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "girlsforum.com", true */ 'g', 'i', 'r', 'l', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "girlsgenerationgoods.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'i', 'o', 'n', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "girlsgonesporty.com", true */ 'g', 'i', 'r', 'l', 's', 'g', 'o', 'n', 'e', 's', 'p', 'o', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "girlsnet.work", true */ 'g', 'i', 'r', 'l', 's', 'n', 'e', 't', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "girsa.org", true */ 'g', 'i', 'r', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "girvas.ru", true */ 'g', 'i', 'r', 'v', 'a', 's', '.', 'r', 'u', '\0',
+  /* "gisgov.be", true */ 'g', 'i', 's', 'g', 'o', 'v', '.', 'b', 'e', '\0',
+  /* "gistr.io", true */ 'g', 'i', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "git.market", true */ 'g', 'i', 't', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "gitep.org.uk", true */ 'g', 'i', 't', 'e', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "gitesdeshautescourennes.com", true */ 'g', 'i', 't', 'e', 's', 'd', 'e', 's', 'h', 'a', 'u', 't', 'e', 's', 'c', 'o', 'u', 'r', 'e', 'n', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "github.com", true */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "github.party", false */ 'g', 'i', 't', 'h', 'u', 'b', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "gitla.in", true */ 'g', 'i', 't', 'l', 'a', '.', 'i', 'n', '\0',
+  /* "gitstuff.tk", true */ 'g', 'i', 't', 's', 't', 'u', 'f', 'f', '.', 't', 'k', '\0',
+  /* "gittigidiyor.com", true */ 'g', 'i', 't', 't', 'i', 'g', 'i', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gittr.ch", true */ 'g', 'i', 't', 't', 'r', '.', 'c', 'h', '\0',
+  /* "giunchi.net", true */ 'g', 'i', 'u', 'n', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "giuseppemacario.men", true */ 'g', 'i', 'u', 's', 'e', 'p', 'p', 'e', 'm', 'a', 'c', 'a', 'r', 'i', 'o', '.', 'm', 'e', 'n', '\0',
+  /* "givastar.com", true */ 'g', 'i', 'v', 'a', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "giveattheoffice.org", false */ 'g', 'i', 'v', 'e', 'a', 't', 't', 'h', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "giveme.online", true */ 'g', 'i', 'v', 'e', 'm', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "given2.com", true */ 'g', 'i', 'v', 'e', 'n', '2', '.', 'c', 'o', 'm', '\0',
+  /* "giverang.biz", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "giverang.com", true */ 'g', 'i', 'v', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "givesunlight.com", true */ 'g', 'i', 'v', 'e', 's', 'u', 'n', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "givingnexus.org", false */ 'g', 'i', 'v', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gix.net.pl", true */ 'g', 'i', 'x', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "gixtools.co.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gixtools.com", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gixtools.net", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "gixtools.uk", true */ 'g', 'i', 'x', 't', 'o', 'o', 'l', 's', '.', 'u', 'k', '\0',
+  /* "gizmo.ovh", true */ 'g', 'i', 'z', 'm', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "gj-bochum.de", true */ 'g', 'j', '-', 'b', 'o', 'c', 'h', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "gjcampbell.co.uk", true */ 'g', 'j', 'c', 'a', 'm', 'p', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gjengset.com", true */ 'g', 'j', 'e', 'n', 'g', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gjspunk.de", false */ 'g', 'j', 's', 'p', 'u', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "gjung.com", false */ 'g', 'j', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gkralik.eu", true */ 'g', 'k', 'r', 'a', 'l', 'i', 'k', '.', 'e', 'u', '\0',
+  /* "gl.search.yahoo.com", false */ 'g', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gladwellentertainments.co.uk", true */ 'g', 'l', 'a', 'd', 'w', 'e', 'l', 'l', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glahcks.com", true */ 'g', 'l', 'a', 'h', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "glamguru.co.il", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "glamguru.world", true */ 'g', 'l', 'a', 'm', 'g', 'u', 'r', 'u', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "glamour4you.de", true */ 'g', 'l', 'a', 'm', 'o', 'u', 'r', '4', 'y', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "glasen-hardt.de", true */ 'g', 'l', 'a', 's', 'e', 'n', '-', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "glasfaser-im-hanseviertel.de", true */ 'g', 'l', 'a', 's', 'f', 'a', 's', 'e', 'r', '-', 'i', 'm', '-', 'h', 'a', 'n', 's', 'e', 'v', 'i', 'e', 'r', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "glasgestaltung.biz", true */ 'g', 'l', 'a', 's', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'b', 'i', 'z', '\0',
+  /* "glass.google.com", true */ 'g', 'l', 'a', 's', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "glasschmuck-millefiori.de", true */ 'g', 'l', 'a', 's', 's', 'c', 'h', 'm', 'u', 'c', 'k', '-', 'm', 'i', 'l', 'l', 'e', 'f', 'i', 'o', 'r', 'i', '.', 'd', 'e', '\0',
+  /* "glavsudexpertiza.ru", true */ 'g', 'l', 'a', 'v', 's', 'u', 'd', 'e', 'x', 'p', 'e', 'r', 't', 'i', 'z', 'a', '.', 'r', 'u', '\0',
+  /* "glazedmag.fr", true */ 'g', 'l', 'a', 'z', 'e', 'd', 'm', 'a', 'g', '.', 'f', 'r', '\0',
+  /* "glcastlekings.co.uk", true */ 'g', 'l', 'c', 'a', 's', 't', 'l', 'e', 'k', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gleanview.com", true */ 'g', 'l', 'e', 'a', 'n', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "glencarbide.com", true */ 'g', 'l', 'e', 'n', 'c', 'a', 'r', 'b', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "glendarraghbouncycastles.co.uk", true */ 'g', 'l', 'e', 'n', 'd', 'a', 'r', 'r', 'a', 'g', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glenhuntlyapartments.com.au", true */ 'g', 'l', 'e', 'n', 'h', 'u', 'n', 't', 'l', 'y', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "glidingshop.cz", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "glidingshop.de", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "glidingshop.eu", true */ 'g', 'l', 'i', 'd', 'i', 'n', 'g', 's', 'h', 'o', 'p', '.', 'e', 'u', '\0',
+  /* "glitchsys.com", true */ 'g', 'l', 'i', 't', 'c', 'h', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "glloq.org", true */ 'g', 'l', 'l', 'o', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "glob-coin.com", true */ 'g', 'l', 'o', 'b', '-', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "global-lights.ma", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'l', 'i', 'g', 'h', 't', 's', '.', 'm', 'a', '\0',
+  /* "global-office.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "global-village.koeln", true */ 'g', 'l', 'o', 'b', 'a', 'l', '-', 'v', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'k', 'o', 'e', 'l', 'n', '\0',
+  /* "global.hr", true */ 'g', 'l', 'o', 'b', 'a', 'l', '.', 'h', 'r', '\0',
+  /* "globalchokepoints.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'c', 'h', 'o', 'k', 'e', 'p', 'o', 'i', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "globalelite.black", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'e', 'l', 'i', 't', 'e', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "globalgivingtime.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'g', 'i', 'v', 'i', 'n', 'g', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "globalhealth.gov", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "globalhorses.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'h', 'o', 'r', 's', 'e', 's', '.', 'd', 'e', '\0',
+  /* "globalinstitutefortraining.org.au", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', 'f', 'o', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "globalisierung-fakten.de", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'i', 's', 'i', 'e', 'r', 'u', 'n', 'g', '-', 'f', 'a', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "globalnewsdaily.cf", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'e', 'w', 's', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'f', '\0',
+  /* "globalnomadvintage.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'n', 'o', 'm', 'a', 'd', 'v', 'i', 'n', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "globalonetechnology.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'o', 'n', 'e', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "globalperspectivescanada.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'e', 's', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "globalprojetores.com.br", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "globalresearchcouncil.org", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "globalresistancecorporation.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "globaltennis.ca", true */ 'g', 'l', 'o', 'b', 'a', 'l', 't', 'e', 'n', 'n', 'i', 's', '.', 'c', 'a', '\0',
+  /* "globalventil.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'e', 'n', 't', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "globalvisions-events.ch", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "globalvisions-events.com", true */ 'g', 'l', 'o', 'b', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 's', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "globeinform.com", true */ 'g', 'l', 'o', 'b', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "globuli-info.de", true */ 'g', 'l', 'o', 'b', 'u', 'l', 'i', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "glofox.com", true */ 'g', 'l', 'o', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gloneta.com", false */ 'g', 'l', 'o', 'n', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gloomyspark.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 's', 'p', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gloomyvancouver.com", true */ 'g', 'l', 'o', 'o', 'm', 'y', 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "glossopnorthendafc.co.uk", true */ 'g', 'l', 'o', 's', 's', 'o', 'p', 'n', 'o', 'r', 't', 'h', 'e', 'n', 'd', 'a', 'f', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "glueck-im-norden.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', '-', 'i', 'm', '-', 'n', 'o', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gluecksgriff-taschen.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'g', 'r', 'i', 'f', 'f', '-', 't', 'a', 's', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "glueckskindter.de", true */ 'g', 'l', 'u', 'e', 'c', 'k', 's', 'k', 'i', 'n', 'd', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "glyph.ws", true */ 'g', 'l', 'y', 'p', 'h', '.', 'w', 's', '\0',
+  /* "glyxins.com", true */ 'g', 'l', 'y', 'x', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gm.search.yahoo.com", false */ 'g', 'm', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gmail.com", false */ 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gmbh-kiekin.de", true */ 'g', 'm', 'b', 'h', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "gmc.uy", true */ 'g', 'm', 'c', '.', 'u', 'y', '\0',
+  /* "gmcd.co", true */ 'g', 'm', 'c', 'd', '.', 'c', 'o', '\0',
+  /* "gmdu.net", true */ 'g', 'm', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "gmind.ovh", true */ 'g', 'm', 'i', 'n', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "gmod.de", true */ 'g', 'm', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "gmpark.dk", true */ 'g', 'm', 'p', 'a', 'r', 'k', '.', 'd', 'k', '\0',
+  /* "gmpartsdb.com", true */ 'g', 'm', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "gmta.nl", true */ 'g', 'm', 't', 'a', '.', 'n', 'l', '\0',
+  /* "gmw-hannover.de", true */ 'g', 'm', 'w', '-', 'h', 'a', 'n', 'n', 'o', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gmw-ingenieurbuero.de", true */ 'g', 'm', 'w', '-', 'i', 'n', 'g', 'e', 'n', 'i', 'e', 'u', 'r', 'b', 'u', 'e', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "gmx.at", true */ 'g', 'm', 'x', '.', 'a', 't', '\0',
+  /* "gmx.ch", true */ 'g', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "gmx.co.uk", true */ 'g', 'm', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gmx.com", true */ 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gmx.de", true */ 'g', 'm', 'x', '.', 'd', 'e', '\0',
+  /* "gmx.es", true */ 'g', 'm', 'x', '.', 'e', 's', '\0',
+  /* "gmx.fr", true */ 'g', 'm', 'x', '.', 'f', 'r', '\0',
+  /* "gmx.net", true */ 'g', 'm', 'x', '.', 'n', 'e', 't', '\0',
+  /* "gn00.com", true */ 'g', 'n', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "gnax.jp", true */ 'g', 'n', 'a', 'x', '.', 'j', 'p', '\0',
+  /* "gnetion.com", true */ 'g', 'n', 'e', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gnetwork.eu", true */ 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "gnhub.org", true */ 'g', 'n', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "gnilebein.de", true */ 'g', 'n', 'i', 'l', 'e', 'b', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "gnucashtoqif.us", true */ 'g', 'n', 'u', 'c', 'a', 's', 'h', 't', 'o', 'q', 'i', 'f', '.', 'u', 's', '\0',
+  /* "gnunet.org", true */ 'g', 'n', 'u', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "gnwp.eu", true */ 'g', 'n', 'w', 'p', '.', 'e', 'u', '\0',
+  /* "gnylf.com", true */ 'g', 'n', 'y', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "go-embedded.de", true */ 'g', 'o', '-', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "go-zh.org", true */ 'g', 'o', '-', 'z', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "go.xero.com", false */ 'g', 'o', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "goalbookapp.com", true */ 'g', 'o', 'a', 'l', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "goalongtravels.com", true */ 'g', 'o', 'a', 'l', 'o', 'n', 'g', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goanalyse.co.uk", true */ 'g', 'o', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "goapunks.net", true */ 'g', 'o', 'a', 'p', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "goatcloud.com", true */ 'g', 'o', 'a', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gobarrelroll.com", true */ 'g', 'o', 'b', 'a', 'r', 'r', 'e', 'l', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "goblinsatwork.com", true */ 'g', 'o', 'b', 'l', 'i', 'n', 's', 'a', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gobouncy.co.uk", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gobouncy.com", true */ 'g', 'o', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "gocardless.com", true */ 'g', 'o', 'c', 'a', 'r', 'd', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gochu.se", true */ 'g', 'o', 'c', 'h', 'u', '.', 's', 'e', '\0',
+  /* "gocleanerslondon.co.uk", true */ 'g', 'o', 'c', 'l', 'e', 'a', 'n', 'e', 'r', 's', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "godesigner.ru", true */ 'g', 'o', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "godrive.ga", true */ 'g', 'o', 'd', 'r', 'i', 'v', 'e', '.', 'g', 'a', '\0',
+  /* "godsofhell.com", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "godsofhell.de", true */ 'g', 'o', 'd', 's', 'o', 'f', 'h', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "goededoelkerstkaarten.nl", true */ 'g', 'o', 'e', 'd', 'e', 'd', 'o', 'e', 'l', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "goedverzekerd.net", true */ 'g', 'o', 'e', 'd', 'v', 'e', 'r', 'z', 'e', 'k', 'e', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "goemail.me", true */ 'g', 'o', 'e', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0',
+  /* "goerres2014.de", true */ 'g', 'o', 'e', 'r', 'r', 'e', 's', '2', '0', '1', '4', '.', 'd', 'e', '\0',
+  /* "goetemp.de", true */ 'g', 'o', 'e', 't', 'e', 'm', 'p', '.', 'd', 'e', '\0',
+  /* "goffrie.com", true */ 'g', 'o', 'f', 'f', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gofigure.fr", false */ 'g', 'o', 'f', 'i', 'g', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "gofoiayourself.org", true */ 'g', 'o', 'f', 'o', 'i', 'a', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "gogle-analytics.com", true */ 'g', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gogleapis.com", true */ 'g', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gogoodyear.eu", true */ 'g', 'o', 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', '.', 'e', 'u', '\0',
+  /* "gogrow.com", true */ 'g', 'o', 'g', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gogsat.com", true */ 'g', 'o', 'g', 's', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goguel.org", true */ 'g', 'o', 'g', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "gohon.org", true */ 'g', 'o', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "gohongi-katakori.com", true */ 'g', 'o', 'h', 'o', 'n', 'g', 'i', '-', 'k', 'a', 't', 'a', 'k', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "goingreen.com.au", true */ 'g', 'o', 'i', 'n', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gokhankesici.com", true */ 'g', 'o', 'k', 'h', 'a', 'n', 'k', 'e', 's', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gokmenguresci.com", true */ 'g', 'o', 'k', 'm', 'e', 'n', 'g', 'u', 'r', 'e', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gold24.ru", true */ 'g', 'o', 'l', 'd', '2', '4', '.', 'r', 'u', '\0',
+  /* "goldcoasthypnotherapyhypnosis.com.au", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'h', 'y', 'p', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "goldcoaststumpbusters.com", true */ 'g', 'o', 'l', 'd', 'c', 'o', 'a', 's', 't', 's', 't', 'u', 'm', 'p', 'b', 'u', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goldenbadger.de", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "goldendawnapersonalaffair.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'd', 'a', 'w', 'n', 'a', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'a', 'f', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "goldenhillsoftware.com", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goldenhost.ca", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'h', 'o', 's', 't', '.', 'c', 'a', '\0',
+  /* "goldenplate.com.sg", true */ 'g', 'o', 'l', 'd', 'e', 'n', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "goldfelt.com", true */ 'g', 'o', 'l', 'd', 'f', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goldmark.com.au", true */ 'g', 'o', 'l', 'd', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "goldpreisfinder.at", true */ 'g', 'o', 'l', 'd', 'p', 'r', 'e', 'i', 's', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "goldsecurity.com", true */ 'g', 'o', 'l', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "goldsky.com.au", true */ 'g', 'o', 'l', 'd', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "golf18network.com", true */ 'g', 'o', 'l', 'f', '1', '8', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "golfburn.com", true */ 'g', 'o', 'l', 'f', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "golfhausmallorca.com", true */ 'g', 'o', 'l', 'f', 'h', 'a', 'u', 's', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "golfscape.com", true */ 'g', 'o', 'l', 'f', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "golik.net.pl", true */ 'g', 'o', 'l', 'i', 'k', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "golser.info", true */ 'g', 'o', 'l', 's', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gomiblog.com", true */ 'g', 'o', 'm', 'i', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "gommista.roma.it", true */ 'g', 'o', 'm', 'm', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "gondawa.com", true */ 'g', 'o', 'n', 'd', 'a', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gongjianwei.com", true */ 'g', 'o', 'n', 'g', 'j', 'i', 'a', 'n', 'w', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gonkar.com", true */ 'g', 'o', 'n', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gonx.dk", true */ 'g', 'o', 'n', 'x', '.', 'd', 'k', '\0',
+  /* "goo.gl", true */ 'g', 'o', 'o', '.', 'g', 'l', '\0',
+  /* "good-tips.pro", true */ 'g', 'o', 'o', 'd', '-', 't', 'i', 'p', 's', '.', 'p', 'r', 'o', '\0',
+  /* "gooday.life", true */ 'g', 'o', 'o', 'd', 'a', 'y', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "gooddomainna.me", true */ 'g', 'o', 'o', 'd', 'd', 'o', 'm', 'a', 'i', 'n', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "goodenough.nz", false */ 'g', 'o', 'o', 'd', 'e', 'n', 'o', 'u', 'g', 'h', '.', 'n', 'z', '\0',
+  /* "goodfeels.net", true */ 'g', 'o', 'o', 'd', 'f', 'e', 'e', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "goodmengroup.de", true */ 'g', 'o', 'o', 'd', 'm', 'e', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "goods-memo.net", true */ 'g', 'o', 'o', 'd', 's', '-', 'm', 'e', 'm', 'o', '.', 'n', 'e', 't', '\0',
+  /* "goodsex4all.com.br", true */ 'g', 'o', 'o', 'd', 's', 'e', 'x', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "goodvibesblog.com", true */ 'g', 'o', 'o', 'd', 'v', 'i', 'b', 'e', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "goodyearsotn.co.uk", true */ 'g', 'o', 'o', 'd', 'y', 'e', 'a', 'r', 's', 'o', 't', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "google", true */ 'g', 'o', 'o', 'g', 'l', 'e', '\0',
+  /* "google-analytics.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "googleandroid.cz", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "googlemail.com", false */ 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "googleplex.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "googlesource.com", true */ 'g', 'o', 'o', 'g', 'l', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goombi.fr", true */ 'g', 'o', 'o', 'm', 'b', 'i', '.', 'f', 'r', '\0',
+  /* "goonersworld.co.uk", true */ 'g', 'o', 'o', 'n', 'e', 'r', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gootax.pro", true */ 'g', 'o', 'o', 't', 'a', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "gopher.tk", true */ 'g', 'o', 'p', 'h', 'e', 'r', '.', 't', 'k', '\0',
+  /* "goproallaccess.com", true */ 'g', 'o', 'p', 'r', 'o', 'a', 'l', 'l', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gorakukai.jp", true */ 'g', 'o', 'r', 'a', 'k', 'u', 'k', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "gordonobrecht.com", true */ 'g', 'o', 'r', 'd', 'o', 'n', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gordonscouts.com.au", true */ 'g', 'o', 'r', 'd', 'o', 'n', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "gorf.chat", true */ 'g', 'o', 'r', 'f', '.', 'c', 'h', 'a', 't', '\0',
+  /* "gorf.club", true */ 'g', 'o', 'r', 'f', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "gorky.media", true */ 'g', 'o', 'r', 'k', 'y', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "gorn.ch", true */ 'g', 'o', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "gorod74.ru", false */ 'g', 'o', 'r', 'o', 'd', '7', '4', '.', 'r', 'u', '\0',
+  /* "gorschenin.com", true */ 'g', 'o', 'r', 's', 'c', 'h', 'e', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gosccs.com", true */ 'g', 'o', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gosciencegirls.com", true */ 'g', 'o', 's', 'c', 'i', 'e', 'n', 'c', 'e', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "goshawkdb.io", true */ 'g', 'o', 's', 'h', 'a', 'w', 'k', 'd', 'b', '.', 'i', 'o', '\0',
+  /* "goshin-group.co.jp", true */ 'g', 'o', 's', 'h', 'i', 'n', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "gospelfollower.com", true */ 'g', 'o', 's', 'p', 'e', 'l', 'f', 'o', 'l', 'l', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gospelofmark.ch", true */ 'g', 'o', 's', 'p', 'e', 'l', 'o', 'f', 'm', 'a', 'r', 'k', '.', 'c', 'h', '\0',
+  /* "gospelvestcination.de", true */ 'g', 'o', 's', 'p', 'e', 'l', 'v', 'e', 's', 't', 'c', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "gostudy.net", true */ 'g', 'o', 's', 't', 'u', 'd', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gosuland.org", true */ 'g', 'o', 's', 'u', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "gotech.com.eg", false */ 'g', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '.', 'e', 'g', '\0',
+  /* "gothamlimo.com", true */ 'g', 'o', 't', 'h', 'a', 'm', 'l', 'i', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gothic.dating", true */ 'g', 'o', 't', 'h', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "gotirupati.com", false */ 'g', 'o', 't', 'i', 'r', 'u', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "goto.google.com", true */ 'g', 'o', 't', 'o', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "goto.world", true */ 'g', 'o', 't', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "gotomi.info", true */ 'g', 'o', 't', 'o', 'm', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gotoxy.at", true */ 'g', 'o', 't', 'o', 'x', 'y', '.', 'a', 't', '\0',
+  /* "goubi.me", true */ 'g', 'o', 'u', 'b', 'i', '.', 'm', 'e', '\0',
+  /* "goudenharynck.be", true */ 'g', 'o', 'u', 'd', 'e', 'n', 'h', 'a', 'r', 'y', 'n', 'c', 'k', '.', 'b', 'e', '\0',
+  /* "gouforit.com", true */ 'g', 'o', 'u', 'f', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "goukon.ru", true */ 'g', 'o', 'u', 'k', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "gouldcooksey.com", true */ 'g', 'o', 'u', 'l', 'd', 'c', 'o', 'o', 'k', 's', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "goup.co", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', '\0',
+  /* "goup.com.tr", true */ 'g', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "gouptime.ml", true */ 'g', 'o', 'u', 'p', 't', 'i', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "gourmetfestival.de", true */ 'g', 'o', 'u', 'r', 'm', 'e', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "gouthro-goteborg.se", true */ 'g', 'o', 'u', 't', 'h', 'r', 'o', '-', 'g', 'o', 't', 'e', 'b', 'o', 'r', 'g', '.', 's', 'e', '\0',
+  /* "gov.tc", true */ 'g', 'o', 'v', '.', 't', 'c', '\0',
+  /* "governmentjobs.gov", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "governorhub.com", true */ 'g', 'o', 'v', 'e', 'r', 'n', 'o', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "govtjobs.blog", true */ 'g', 'o', 'v', 't', 'j', 'o', 'b', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "govtrack.us", true */ 'g', 'o', 'v', 't', 'r', 'a', 'c', 'k', '.', 'u', 's', '\0',
+  /* "gowe.wang", false */ 'g', 'o', 'w', 'e', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "gowildrodeo.co.uk", true */ 'g', 'o', 'w', 'i', 'l', 'd', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gpalabs.com", true */ 'g', 'p', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gpcsolutions.fr", true */ 'g', 'p', 'c', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "gpdimaranathasiantar.org", true */ 'g', 'p', 'd', 'i', 'm', 'a', 'r', 'a', 'n', 'a', 't', 'h', 'a', 's', 'i', 'a', 'n', 't', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "gpfclan.de", true */ 'g', 'p', 'f', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "gpio.gq", true */ 'g', 'p', 'i', 'o', '.', 'g', 'q', '\0',
+  /* "gplintegratedit.com", true */ 'g', 'p', 'l', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gprs.uk.com", true */ 'g', 'p', 'r', 's', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gps.com.br", true */ 'g', 'p', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "gpsarena.ro", true */ 'g', 'p', 's', 'a', 'r', 'e', 'n', 'a', '.', 'r', 'o', '\0',
+  /* "gpsfix.cz", true */ 'g', 'p', 's', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "gpsolarpanels.com", true */ 'g', 'p', 's', 'o', 'l', 'a', 'r', 'p', 'a', 'n', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gpsvideocanada.com", true */ 'g', 'p', 's', 'v', 'i', 'd', 'e', 'o', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gpws.ovh", true */ 'g', 'p', 'w', 's', '.', 'o', 'v', 'h', '\0',
+  /* "gr.search.yahoo.com", false */ 'g', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gra2.com", true */ 'g', 'r', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "graasp.net", false */ 'g', 'r', 'a', 'a', 's', 'p', '.', 'n', 'e', 't', '\0',
+  /* "grabi.ga", true */ 'g', 'r', 'a', 'b', 'i', '.', 'g', 'a', '\0',
+  /* "grace-wan.com", true */ 'g', 'r', 'a', 'c', 'e', '-', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gracedays.org", true */ 'g', 'r', 'a', 'c', 'e', 'd', 'a', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "graceful-project.eu", true */ 'g', 'r', 'a', 'c', 'e', 'f', 'u', 'l', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "gracethrufaith.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'h', 'r', 'u', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gracetini.com", true */ 'g', 'r', 'a', 'c', 'e', 't', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "graciousmay.com", true */ 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "grademymac.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'm', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "grademypc.com", true */ 'g', 'r', 'a', 'd', 'e', 'm', 'y', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "gradienthosting.co.uk", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gradients.com", true */ 'g', 'r', 'a', 'd', 'i', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gradualgram.com", true */ 'g', 'r', 'a', 'd', 'u', 'a', 'l', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "graeber.com", true */ 'g', 'r', 'a', 'e', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "graetnew.com", true */ 'g', 'r', 'a', 'e', 't', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "graf.re", true */ 'g', 'r', 'a', 'f', '.', 'r', 'e', '\0',
+  /* "grafcaps.com", true */ 'g', 'r', 'a', 'f', 'c', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graffen.dk", true */ 'g', 'r', 'a', 'f', 'f', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "grafmurr.de", true */ 'g', 'r', 'a', 'f', 'm', 'u', 'r', 'r', '.', 'd', 'e', '\0',
+  /* "grahamofthewheels.com", true */ 'g', 'r', 'a', 'h', 'a', 'm', 'o', 'f', 't', 'h', 'e', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grailians.com", true */ 'g', 'r', 'a', 'i', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graingert.co.uk", true */ 'g', 'r', 'a', 'i', 'n', 'g', 'e', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "graliv.net", false */ 'g', 'r', 'a', 'l', 'i', 'v', '.', 'n', 'e', 't', '\0',
+  /* "gramati.com.br", true */ 'g', 'r', 'a', 'm', 'a', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "grammysgrid.com", true */ 'g', 'r', 'a', 'm', 'm', 'y', 's', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "granary-demo.appspot.com", false */ 'g', 'r', 'a', 'n', 'a', 'r', 'y', '-', 'd', 'e', 'm', 'o', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grandcapital.cn", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'n', '\0',
+  /* "grandcapital.id", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'i', 'd', '\0',
+  /* "grandcapital.ru", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "grandcastles.co.uk", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "grandchamproofing.com", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'a', 'm', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grandchene.ch", true */ 'g', 'r', 'a', 'n', 'd', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "grande.coffee", true */ 'g', 'r', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "grandefratellonews.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 'f', 'r', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grandeto.com", true */ 'g', 'r', 'a', 'n', 'd', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "grandjunctionbrewing.com", true */ 'g', 'r', 'a', 'n', 'd', 'j', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grandmasfridge.org", true */ 'g', 'r', 'a', 'n', 'd', 'm', 'a', 's', 'f', 'r', 'i', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "grandpadusercontent.com", true */ 'g', 'r', 'a', 'n', 'd', 'p', 'a', 'd', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grandwailea.com", true */ 'g', 'r', 'a', 'n', 'd', 'w', 'a', 'i', 'l', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "grannys-stats.com", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grannyshouse.de", true */ 'g', 'r', 'a', 'n', 'n', 'y', 's', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "grantcooper.com", true */ 'g', 'r', 'a', 'n', 't', 'c', 'o', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "grantdb.ca", true */ 'g', 'r', 'a', 'n', 't', 'd', 'b', '.', 'c', 'a', '\0',
+  /* "grantmorrison.net", true */ 'g', 'r', 'a', 'n', 't', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "granular.ag", true */ 'g', 'r', 'a', 'n', 'u', 'l', 'a', 'r', '.', 'a', 'g', '\0',
+  /* "graonatural.com.br", true */ 'g', 'r', 'a', 'o', 'n', 'a', 't', 'u', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "grapee.jp", true */ 'g', 'r', 'a', 'p', 'e', 'e', '.', 'j', 'p', '\0',
+  /* "grapeintentions.com", true */ 'g', 'r', 'a', 'p', 'e', 'i', 'n', 't', 'e', 'n', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graphcommons.com", true */ 'g', 'r', 'a', 'p', 'h', 'c', 'o', 'm', 'm', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "graphene.software", true */ 'g', 'r', 'a', 'p', 'h', 'e', 'n', 'e', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "grapholio.net", true */ 'g', 'r', 'a', 'p', 'h', 'o', 'l', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "grasmark.com", true */ 'g', 'r', 'a', 's', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "grassenberg.de", true */ 'g', 'r', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "grasshoppervape.com", true */ 'g', 'r', 'a', 's', 's', 'h', 'o', 'p', 'p', 'e', 'r', 'v', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "gratis-lovecheck.de", true */ 'g', 'r', 'a', 't', 'i', 's', '-', 'l', 'o', 'v', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "gratitudeabundancepassion.com", true */ 'g', 'r', 'a', 't', 'i', 't', 'u', 'd', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "grattan.co.uk", true */ 'g', 'r', 'a', 't', 't', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "graumeier.de", true */ 'g', 'r', 'a', 'u', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gravitascreative.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'a', 's', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gravitechthai.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'e', 'c', 'h', 't', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "gravity-dev.de", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "gravity-inc.net", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', '-', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "gravityformspdfextended.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'f', 'o', 'r', 'm', 's', 'p', 'd', 'f', 'e', 'x', 't', 'e', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "gravitypdf.com", true */ 'g', 'r', 'a', 'v', 'i', 't', 'y', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "grawe-blog.at", true */ 'g', 'r', 'a', 'w', 'e', '-', 'b', 'l', 'o', 'g', '.', 'a', 't', '\0',
+  /* "grayclub.co.il", true */ 'g', 'r', 'a', 'y', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "grayhatter.com", true */ 'g', 'r', 'a', 'y', 'h', 'a', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "graymalk.in", true */ 'g', 'r', 'a', 'y', 'm', 'a', 'l', 'k', '.', 'i', 'n', '\0',
+  /* "grayowlworks.com", true */ 'g', 'r', 'a', 'y', 'o', 'w', 'l', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grayscale.co", true */ 'g', 'r', 'a', 'y', 's', 'c', 'a', 'l', 'e', '.', 'c', 'o', '\0',
+  /* "grayson.sh", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 's', 'h', '\0',
+  /* "graysonsmith.co.uk", true */ 'g', 'r', 'a', 'y', 's', 'o', 'n', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "grc.com", false */ 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "greatfire.org", true */ 'g', 'r', 'e', 'a', 't', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "greatislandarts.ca", true */ 'g', 'r', 'e', 'a', 't', 'i', 's', 'l', 'a', 'n', 'd', 'a', 'r', 't', 's', '.', 'c', 'a', '\0',
+  /* "greatlakeside.de", true */ 'g', 'r', 'e', 'a', 't', 'l', 'a', 'k', 'e', 's', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "greboid.co.uk", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "greboid.com", true */ 'g', 'r', 'e', 'b', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "greditsoft.com", true */ 'g', 'r', 'e', 'd', 'i', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "greedbutt.com", true */ 'g', 'r', 'e', 'e', 'd', 'b', 'u', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "greek.dating", true */ 'g', 'r', 'e', 'e', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "green-attitude.be", true */ 'g', 'r', 'e', 'e', 'n', '-', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'b', 'e', '\0',
+  /* "green-care.nl", true */ 'g', 'r', 'e', 'e', 'n', '-', 'c', 'a', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "green-light.cf", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'f', '\0',
+  /* "green-light.co.nz", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "green-light.ga", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'a', '\0',
+  /* "green-light.gq", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'g', 'q', '\0',
+  /* "green-light.ml", true */ 'g', 'r', 'e', 'e', 'n', '-', 'l', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0',
+  /* "greenaddress.it", true */ 'g', 'r', 'e', 'e', 'n', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 't', '\0',
+  /* "greencircleplantnursery.com.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "greencircleplantnursery.net.au", true */ 'g', 'r', 'e', 'e', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 'p', 'l', 'a', 'n', 't', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "greenglam.biz", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'l', 'a', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "greengoblindev.com", true */ 'g', 'r', 'e', 'e', 'n', 'g', 'o', 'b', 'l', 'i', 'n', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "greenliquidsystem.com", true */ 'g', 'r', 'e', 'e', 'n', 'l', 'i', 'q', 'u', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "greenpartyofnewmilford.org", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 't', 'y', 'o', 'f', 'n', 'e', 'w', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "greenpeace-magazin.de", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "greenpeace.berlin", true */ 'g', 'r', 'e', 'e', 'n', 'p', 'e', 'a', 'c', 'e', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "greenroach.ru", true */ 'g', 'r', 'e', 'e', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'r', 'u', '\0',
+  /* "greensdictofslang.com", true */ 'g', 'r', 'e', 'e', 'n', 's', 'd', 'i', 'c', 't', 'o', 'f', 's', 'l', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "greensquare.tk", true */ 'g', 'r', 'e', 'e', 'n', 's', 'q', 'u', 'a', 'r', 'e', '.', 't', 'k', '\0',
+  /* "greenteamtwente.nl", true */ 'g', 'r', 'e', 'e', 'n', 't', 'e', 'a', 'm', 't', 'w', 'e', 'n', 't', 'e', '.', 'n', 'l', '\0',
+  /* "greenville.ag", true */ 'g', 'r', 'e', 'e', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'a', 'g', '\0',
+  /* "greenwithdecor.com", true */ 'g', 'r', 'e', 'e', 'n', 'w', 'i', 't', 'h', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "greg.red", true */ 'g', 'r', 'e', 'g', '.', 'r', 'e', 'd', '\0',
+  /* "greger.me", true */ 'g', 'r', 'e', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "gregmilton.com", true */ 'g', 'r', 'e', 'g', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gregoirow.be", true */ 'g', 'r', 'e', 'g', 'o', 'i', 'r', 'o', 'w', '.', 'b', 'e', '\0',
+  /* "gregorians.org", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gregorkofler.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'k', 'o', 'f', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gregorykelleher.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gregoryrealestategroup.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "gregorywiest.com", true */ 'g', 'r', 'e', 'g', 'o', 'r', 'y', 'w', 'i', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "grenadiercorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'c', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadiere-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'e', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadierkorps-kaarst.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '-', 'k', 'a', 'a', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "grenadierkorps.de", true */ 'g', 'r', 'e', 'n', 'a', 'd', 'i', 'e', 'r', 'k', 'o', 'r', 'p', 's', '.', 'd', 'e', '\0',
+  /* "grendel.no", true */ 'g', 'r', 'e', 'n', 'd', 'e', 'l', '.', 'n', 'o', '\0',
+  /* "grepmaste.rs", true */ 'g', 'r', 'e', 'p', 'm', 'a', 's', 't', 'e', '.', 'r', 's', '\0',
+  /* "grepular.com", true */ 'g', 'r', 'e', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gresak.io", true */ 'g', 'r', 'e', 's', 'a', 'k', '.', 'i', 'o', '\0',
+  /* "grettogeek.com", true */ 'g', 'r', 'e', 't', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "greve.xyz", true */ 'g', 'r', 'e', 'v', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "grey.house", true */ 'g', 'r', 'e', 'y', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "greybit.net", true */ 'g', 'r', 'e', 'y', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "greyhash.se", true */ 'g', 'r', 'e', 'y', 'h', 'a', 's', 'h', '.', 's', 'e', '\0',
+  /* "greysky.me", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', '.', 'm', 'e', '\0',
+  /* "greyskymedia.com", true */ 'g', 'r', 'e', 'y', 's', 'k', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "greysolutions.it", true */ 'g', 'r', 'e', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'i', 't', '\0',
+  /* "greywizard.com", true */ 'g', 'r', 'e', 'y', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "grh.am", true */ 'g', 'r', 'h', '.', 'a', 'm', '\0',
+  /* "grian-bam.at", true */ 'g', 'r', 'i', 'a', 'n', '-', 'b', 'a', 'm', '.', 'a', 't', '\0',
+  /* "gridle.io", true */ 'g', 'r', 'i', 'd', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "grieg-gaarden.no", true */ 'g', 'r', 'i', 'e', 'g', '-', 'g', 'a', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "grieg.com", true */ 'g', 'r', 'i', 'e', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grieg.net", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'e', 't', '\0',
+  /* "grieg.no", true */ 'g', 'r', 'i', 'e', 'g', '.', 'n', 'o', '\0',
+  /* "grieg.org", true */ 'g', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "griegfoundation.no", true */ 'g', 'r', 'i', 'e', 'g', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "grieglogistics.no", true */ 'g', 'r', 'i', 'e', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'o', '\0',
+  /* "griegshipbrokers.com", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "griegshipbrokers.no", true */ 'g', 'r', 'i', 'e', 'g', 's', 'h', 'i', 'p', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'n', 'o', '\0',
+  /* "griesser2.de", true */ 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '2', '.', 'd', 'e', '\0',
+  /* "grillteller42.de", true */ 'g', 'r', 'i', 'l', 'l', 't', 'e', 'l', 'l', 'e', 'r', '4', '2', '.', 'd', 'e', '\0',
+  /* "grimcalc.com", true */ 'g', 'r', 'i', 'm', 'c', 'a', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "grimm-gastrobedarf.de", true */ 'g', 'r', 'i', 'm', 'm', '-', 'g', 'a', 's', 't', 'r', 'o', 'b', 'e', 'd', 'a', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "grimneko.de", true */ 'g', 'r', 'i', 'm', 'n', 'e', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "grinnellplans.com", true */ 'g', 'r', 'i', 'n', 'n', 'e', 'l', 'l', 'p', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gripnijmegen.rip", true */ 'g', 'r', 'i', 'p', 'n', 'i', 'j', 'm', 'e', 'g', 'e', 'n', '.', 'r', 'i', 'p', '\0',
+  /* "gritte.ch", true */ 'g', 'r', 'i', 't', 't', 'e', '.', 'c', 'h', '\0',
+  /* "grizzlys.com", true */ 'g', 'r', 'i', 'z', 'z', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grmp.fr", true */ 'g', 'r', 'm', 'p', '.', 'f', 'r', '\0',
+  /* "groben-itsolutions.de", true */ 'g', 'r', 'o', 'b', 'e', 'n', '-', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "grocock.me.uk", true */ 'g', 'r', 'o', 'c', 'o', 'c', 'k', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "groenaquasolutions.nl", true */ 'g', 'r', 'o', 'e', 'n', 'a', 'q', 'u', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'l', '\0',
+  /* "groentefruitzeep.com", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "groentefruitzeep.nl", true */ 'g', 'r', 'o', 'e', 'n', 't', 'e', 'f', 'r', 'u', 'i', 't', 'z', 'e', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "groepjam-usedcars.be", true */ 'g', 'r', 'o', 'e', 'p', 'j', 'a', 'm', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "grog.pw", true */ 'g', 'r', 'o', 'g', '.', 'p', 'w', '\0',
+  /* "grokker.com", true */ 'g', 'r', 'o', 'k', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "groklearning.com", true */ 'g', 'r', 'o', 'k', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "grolimur.ch", true */ 'g', 'r', 'o', 'l', 'i', 'm', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "gronau-it-cloud-computing.de", true */ 'g', 'r', 'o', 'n', 'a', 'u', '-', 'i', 't', '-', 'c', 'l', 'o', 'u', 'd', '-', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "grondius.com", true */ 'g', 'r', 'o', 'n', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "grootinadvies.nl", true */ 'g', 'r', 'o', 'o', 't', 'i', 'n', 'a', 'd', 'v', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "groovydisk.com", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "groovygoldfish.org", true */ 'g', 'r', 'o', 'o', 'v', 'y', 'g', 'o', 'l', 'd', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "gropp.org", true */ 'g', 'r', 'o', 'p', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "grossberger-ge.org", true */ 'g', 'r', 'o', 's', 's', 'b', 'e', 'r', 'g', 'e', 'r', '-', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "groszek.pl", true */ 'g', 'r', 'o', 's', 'z', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "groth.im", true */ 'g', 'r', 'o', 't', 'h', '.', 'i', 'm', '\0',
+  /* "groth.xyz", true */ 'g', 'r', 'o', 't', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "grothoff.org", true */ 'g', 'r', 'o', 't', 'h', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "grouchysysadmin.com", true */ 'g', 'r', 'o', 'u', 'c', 'h', 'y', 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "group4layers.net", true */ 'g', 'r', 'o', 'u', 'p', '4', 'l', 'a', 'y', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "groupe-neurologique-nord.lu", true */ 'g', 'r', 'o', 'u', 'p', 'e', '-', 'n', 'e', 'u', 'r', 'o', 'l', 'o', 'g', 'i', 'q', 'u', 'e', '-', 'n', 'o', 'r', 'd', '.', 'l', 'u', '\0',
+  /* "groupebaillargeon.com", true */ 'g', 'r', 'o', 'u', 'p', 'e', 'b', 'a', 'i', 'l', 'l', 'a', 'r', 'g', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "groupghistelinck-cars.be", true */ 'g', 'r', 'o', 'u', 'p', 'g', 'h', 'i', 's', 't', 'e', 'l', 'i', 'n', 'c', 'k', '-', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "grouphomes.com.au", false */ 'g', 'r', 'o', 'u', 'p', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "groupme.com", true */ 'g', 'r', 'o', 'u', 'p', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "groups.google.com", true */ 'g', 'r', 'o', 'u', 'p', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "growingmetrics.com", true */ 'g', 'r', 'o', 'w', 'i', 'n', 'g', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "growy.ch", true */ 'g', 'r', 'o', 'w', 'y', '.', 'c', 'h', '\0',
+  /* "grsecurity.net", true */ 'g', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gruebebraeu.ch", true */ 'g', 'r', 'u', 'e', 'b', 'e', 'b', 'r', 'a', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "gruelang.org", true */ 'g', 'r', 'u', 'e', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "gruenderlehrstuhl.de", true */ 'g', 'r', 'u', 'e', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '.', 'd', 'e', '\0',
+  /* "gruene-im-rvr.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'i', 'm', '-', 'r', 'v', 'r', '.', 'd', 'e', '\0',
+  /* "gruene-wattenscheid.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', '-', 'w', 'a', 't', 't', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "gruenes-wp.de", true */ 'g', 'r', 'u', 'e', 'n', 'e', 's', '-', 'w', 'p', '.', 'd', 'e', '\0',
+  /* "gruenprint.de", true */ 'g', 'r', 'u', 'e', 'n', 'p', 'r', 'i', 'n', 't', '.', 'd', 'e', '\0',
+  /* "grumpy.fr", true */ 'g', 'r', 'u', 'm', 'p', 'y', '.', 'f', 'r', '\0',
+  /* "grunwasser.fr", true */ 'g', 'r', 'u', 'n', 'w', 'a', 's', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "grupomakben.com", true */ 'g', 'r', 'u', 'p', 'o', 'm', 'a', 'k', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "grupoparco.com", true */ 'g', 'r', 'u', 'p', 'o', 'p', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "grusenmeyer.be", true */ 'g', 'r', 'u', 's', 'e', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "grusig-geil.ch", true */ 'g', 'r', 'u', 's', 'i', 'g', '-', 'g', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "gruwa.net", true */ 'g', 'r', 'u', 'w', 'a', '.', 'n', 'e', 't', '\0',
+  /* "grytics.com", true */ 'g', 'r', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gs-net.at", true */ 'g', 's', '-', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "gs93.de", true */ 'g', 's', '9', '3', '.', 'd', 'e', '\0',
+  /* "gscloud.xyz", true */ 'g', 's', 'c', 'l', 'o', 'u', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "gsgs.se", true */ 'g', 's', 'g', 's', '.', 's', 'e', '\0',
+  /* "gsi-network.com", true */ 'g', 's', 'i', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gsimagebank.co.uk", true */ 'g', 's', 'i', 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gslink.me", true */ 'g', 's', 'l', 'i', 'n', 'k', '.', 'm', 'e', '\0',
+  /* "gsmkungen.com", true */ 'g', 's', 'm', 'k', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "gsmsecurity.net", true */ 'g', 's', 'm', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "gsoc.se", true */ 'g', 's', 'o', 'c', '.', 's', 'e', '\0',
+  /* "gsrc.io", true */ 'g', 's', 'r', 'c', '.', 'i', 'o', '\0',
+  /* "gst.name", true */ 'g', 's', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "gst.priv.at", true */ 'g', 's', 't', '.', 'p', 'r', 'i', 'v', '.', 'a', 't', '\0',
+  /* "gt-mp.net", true */ 'g', 't', '-', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "gt-network.de", true */ 'g', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "gta-arabs.com", true */ 'g', 't', 'a', '-', 'a', 'r', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gta5voice.net", true */ 'g', 't', 'a', '5', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gtaforum.nl", true */ 'g', 't', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "gtalife.net", true */ 'g', 't', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "gtchipsi.org", true */ 'g', 't', 'c', 'h', 'i', 'p', 's', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "gtcprojects.com", true */ 'g', 't', 'c', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gtdgo.com", true */ 'g', 't', 'd', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "gtmasterclub.it", false */ 'g', 't', 'm', 'a', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'i', 't', '\0',
+  /* "gtmetrix.com", true */ 'g', 't', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "gtopala.com", true */ 'g', 't', 'o', 'p', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "gtour.info", true */ 'g', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "gtravers-basketmaker.co.uk", true */ 'g', 't', 'r', 'a', 'v', 'e', 'r', 's', '-', 'b', 'a', 's', 'k', 'e', 't', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gtts.space", true */ 'g', 't', 't', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "guardian360.nl", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '3', '6', '0', '.', 'n', 'l', '\0',
+  /* "guardianproject.info", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "guardiansoftheearth.org", true */ 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', 's', 'o', 'f', 't', 'h', 'e', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "gudini.net", true */ 'g', 'u', 'd', 'i', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "guelo.ch", true */ 'g', 'u', 'e', 'l', 'o', '.', 'c', 'h', '\0',
+  /* "guelphhydropool.com", true */ 'g', 'u', 'e', 'l', 'p', 'h', 'h', 'y', 'd', 'r', 'o', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "guenthereder.at", true */ 'g', 'u', 'e', 'n', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "guerrilla.technology", true */ 'g', 'u', 'e', 'r', 'r', 'i', 'l', 'l', 'a', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "guesthouse-namaste.com", true */ 'g', 'u', 'e', 's', 't', 'h', 'o', 'u', 's', 'e', '-', 'n', 'a', 'm', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "guevener.de", true */ 'g', 'u', 'e', 'v', 'e', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "gueze-ardeche.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 'a', 'r', 'd', 'e', 'c', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "gueze-sas.fr", true */ 'g', 'u', 'e', 'z', 'e', '-', 's', 'a', 's', '.', 'f', 'r', '\0',
+  /* "gufen.ga", true */ 'g', 'u', 'f', 'e', 'n', '.', 'g', 'a', '\0',
+  /* "guffr.it", true */ 'g', 'u', 'f', 'f', 'r', '.', 'i', 't', '\0',
+  /* "guge.ch", true */ 'g', 'u', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "gugert.net", true */ 'g', 'u', 'g', 'e', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "guhei.net", true */ 'g', 'u', 'h', 'e', 'i', '.', 'n', 'e', 't', '\0',
+  /* "guhenry3.tk", true */ 'g', 'u', 'h', 'e', 'n', 'r', 'y', '3', '.', 't', 'k', '\0',
+  /* "guichet-entreprises.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "guichet-qualifications.fr", true */ 'g', 'u', 'i', 'c', 'h', 'e', 't', '-', 'q', 'u', 'a', 'l', 'i', 'f', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "guid2steamid.com", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "guid2steamid.pw", true */ 'g', 'u', 'i', 'd', '2', 's', 't', 'e', 'a', 'm', 'i', 'd', '.', 'p', 'w', '\0',
+  /* "guide-peche-cantal.com", true */ 'g', 'u', 'i', 'd', 'e', '-', 'p', 'e', 'c', 'h', 'e', '-', 'c', 'a', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "guidechecking.com", true */ 'g', 'u', 'i', 'd', 'e', 'c', 'h', 'e', 'c', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "guidedselling.net", true */ 'g', 'u', 'i', 'd', 'e', 'd', 's', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "guideo.ch", true */ 'g', 'u', 'i', 'd', 'e', 'o', '.', 'c', 'h', '\0',
+  /* "guides-peche64.com", true */ 'g', 'u', 'i', 'd', 'e', 's', '-', 'p', 'e', 'c', 'h', 'e', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "guidetoiceland.is", false */ 'g', 'u', 'i', 'd', 'e', 't', 'o', 'i', 'c', 'e', 'l', 'a', 'n', 'd', '.', 'i', 's', '\0',
+  /* "guildgearscore.cf", false */ 'g', 'u', 'i', 'l', 'd', 'g', 'e', 'a', 'r', 's', 'c', 'o', 'r', 'e', '.', 'c', 'f', '\0',
+  /* "guildofmusicsupervisors.co.uk", true */ 'g', 'u', 'i', 'l', 'd', 'o', 'f', 'm', 'u', 's', 'i', 'c', 's', 'u', 'p', 'e', 'r', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guillaume-briand.fr", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', '-', 'b', 'r', 'i', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "guillaumecote.me", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'c', 'o', 't', 'e', '.', 'm', 'e', '\0',
+  /* "guillaumeperrin.io", true */ 'g', 'u', 'i', 'l', 'l', 'a', 'u', 'm', 'e', 'p', 'e', 'r', 'r', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "guillemaud.me", false */ 'g', 'u', 'i', 'l', 'l', 'e', 'm', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "guiltypleasuresroleplaying.com", true */ 'g', 'u', 'i', 'l', 't', 'y', 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', 's', 'r', 'o', 'l', 'e', 'p', 'l', 'a', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "guim.co.uk", true */ 'g', 'u', 'i', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guineapigmustach.es", true */ 'g', 'u', 'i', 'n', 'e', 'a', 'p', 'i', 'g', 'm', 'u', 's', 't', 'a', 'c', 'h', '.', 'e', 's', '\0',
+  /* "gulchuk.com", true */ 'g', 'u', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "gulenbase.no", true */ 'g', 'u', 'l', 'e', 'n', 'b', 'a', 's', 'e', '.', 'n', 'o', '\0',
+  /* "gulfstream.ru", true */ 'g', 'u', 'l', 'f', 's', 't', 'r', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "gulleyperformancecenter.com", true */ 'g', 'u', 'l', 'l', 'e', 'y', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "gulshankumar.net", true */ 'g', 'u', 'l', 's', 'h', 'a', 'n', 'k', 'u', 'm', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gume4you.com", true */ 'g', 'u', 'm', 'e', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gumi.ca", true */ 'g', 'u', 'm', 'i', '.', 'c', 'a', '\0',
+  /* "gummibande.noip.me", true */ 'g', 'u', 'm', 'm', 'i', 'b', 'a', 'n', 'd', 'e', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "gunhunter.com", true */ 'g', 'u', 'n', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "guniram.com", true */ 'g', 'u', 'n', 'i', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "gunwatch.co.uk", true */ 'g', 'u', 'n', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "guochang.xyz", true */ 'g', 'u', 'o', 'c', 'h', 'a', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "guoke.com", true */ 'g', 'u', 'o', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "guozeyu.com", true */ 'g', 'u', 'o', 'z', 'e', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "guphi.net", false */ 'g', 'u', 'p', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "gurkan.in", true */ 'g', 'u', 'r', 'k', 'a', 'n', '.', 'i', 'n', '\0',
+  /* "gurmel.ru", true */ 'g', 'u', 'r', 'm', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "gurochan.ch", true */ 'g', 'u', 'r', 'o', 'c', 'h', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "guru-naradi.cz", true */ 'g', 'u', 'r', 'u', '-', 'n', 'a', 'r', 'a', 'd', 'i', '.', 'c', 'z', '\0',
+  /* "gurueffect.com", true */ 'g', 'u', 'r', 'u', 'e', 'f', 'f', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "gus.host", true */ 'g', 'u', 's', '.', 'h', 'o', 's', 't', '\0',
+  /* "gustaff.de", true */ 'g', 'u', 's', 't', 'a', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "gustiaux.com", true */ 'g', 'u', 's', 't', 'i', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "guthabenkarten-billiger.de", true */ 'g', 'u', 't', 'h', 'a', 'b', 'e', 'n', 'k', 'a', 'r', 't', 'e', 'n', '-', 'b', 'i', 'l', 'l', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "guts.me", true */ 'g', 'u', 't', 's', '.', 'm', 'e', '\0',
+  /* "gutscheingeiz.de", true */ 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', 'g', 'e', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "gutuia.blue", true */ 'g', 'u', 't', 'u', 'i', 'a', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "guus-thijssen.nl", true */ 'g', 'u', 'u', 's', '-', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "guusvandewal.nl", true */ 'g', 'u', 'u', 's', 'v', 'a', 'n', 'd', 'e', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "guvernalternativa.ro", true */ 'g', 'u', 'v', 'e', 'r', 'n', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', 'a', '.', 'r', 'o', '\0',
+  /* "guyot-tech.com", true */ 'g', 'u', 'y', 'o', 't', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gv-neumann.de", true */ 'g', 'v', '-', 'n', 'e', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "gvatas.in", true */ 'g', 'v', 'a', 't', 'a', 's', '.', 'i', 'n', '\0',
+  /* "gveh.de", true */ 'g', 'v', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "gvi-timing.ch", true */ 'g', 'v', 'i', '-', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "gviedu.com", true */ 'g', 'v', 'i', 'e', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "gvitiming.ch", true */ 'g', 'v', 'i', 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "gvobgyn.ca", true */ 'g', 'v', 'o', 'b', 'g', 'y', 'n', '.', 'c', 'a', '\0',
+  /* "gvt2.com", true */ 'g', 'v', 't', '2', '.', 'c', 'o', 'm', '\0',
+  /* "gvt3.com", true */ 'g', 'v', 't', '3', '.', 'c', 'o', 'm', '\0',
+  /* "gw2treasures.com", true */ 'g', 'w', '2', 't', 'r', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gwa-verwaltung.de", true */ 'g', 'w', 'a', '-', 'v', 'e', 'r', 'w', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "gwerder.net", true */ 'g', 'w', 'e', 'r', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "gwhois.org", true */ 'g', 'w', 'h', 'o', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "gwrtech.com", true */ 'g', 'w', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gwsec.co.uk", true */ 'g', 'w', 's', 'e', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "gxgx.org", true */ 'g', 'x', 'g', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "gyas.nl", true */ 'g', 'y', 'a', 's', '.', 'n', 'l', '\0',
+  /* "gymagine.ch", true */ 'g', 'y', 'm', 'a', 'g', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "gymhero.me", true */ 'g', 'y', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "gymkirchenfeld.ch", true */ 'g', 'y', 'm', 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'f', 'e', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "gymnaserenens.ch", true */ 'g', 'y', 'm', 'n', 'a', 's', 'e', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "gymnasium-farmsen.de", true */ 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '-', 'f', 'a', 'r', 'm', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gympap.de", true */ 'g', 'y', 'm', 'p', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "gynaecology.co", true */ 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '\0',
+  /* "gyoza.beer", false */ 'g', 'y', 'o', 'z', 'a', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "gypsycatdreams.com", true */ 'g', 'y', 'p', 's', 'y', 'c', 'a', 't', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "gypsyreel.com", true */ 'g', 'y', 'p', 's', 'y', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "gyre.ch", true */ 'g', 'y', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "gyrenens.ch", true */ 'g', 'y', 'r', 'e', 'n', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "gyu-raku.jp", true */ 'g', 'y', 'u', '-', 'r', 'a', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "gz-architekten.de", true */ 'g', 'z', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'k', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "gz-benz.com", true */ 'g', 'z', '-', 'b', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "gz-bmw.com", true */ 'g', 'z', '-', 'b', 'm', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "gza.jp", true */ 'g', 'z', 'a', '.', 'j', 'p', '\0',
+  /* "gzitech.com", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "gzitech.net", true */ 'g', 'z', 'i', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "gzom.ru", true */ 'g', 'z', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "gzpblog.com", true */ 'g', 'z', 'p', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "h-jo.net", true */ 'h', '-', 'j', 'o', '.', 'n', 'e', 't', '\0',
+  /* "h-suppo.com", true */ 'h', '-', 's', 'u', 'p', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "h001.ru", true */ 'h', '0', '0', '1', '.', 'r', 'u', '\0',
+  /* "h09.eu", true */ 'h', '0', '9', '.', 'e', 'u', '\0',
+  /* "h11.io", true */ 'h', '1', '1', '.', 'i', 'o', '\0',
+  /* "h11.moe", true */ 'h', '1', '1', '.', 'm', 'o', 'e', '\0',
+  /* "h24.org", true */ 'h', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "h2s-design.de", true */ 'h', '2', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "h2u.tv", true */ 'h', '2', 'u', '.', 't', 'v', '\0',
+  /* "h3x.jp", true */ 'h', '3', 'x', '.', 'j', 'p', '\0',
+  /* "h3z.jp", true */ 'h', '3', 'z', '.', 'j', 'p', '\0',
+  /* "h404bi.com", false */ 'h', '4', '0', '4', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ha3.eu", true */ 'h', 'a', '3', '.', 'e', 'u', '\0',
+  /* "ha6.ru", true */ 'h', 'a', '6', '.', 'r', 'u', '\0',
+  /* "haarlemsesaxofoonschool.nl", true */ 'h', 'a', 'a', 'r', 'l', 'e', 'm', 's', 'e', 's', 'a', 'x', 'o', 'f', 'o', 'o', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "haavard.me", true */ 'h', 'a', 'a', 'v', 'a', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "haazen.xyz", true */ 'h', 'a', 'a', 'z', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "habarisoft.com", true */ 'h', 'a', 'b', 'a', 'r', 'i', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "habbos.es", true */ 'h', 'a', 'b', 'b', 'o', 's', '.', 'e', 's', '\0',
+  /* "habtium.com", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "habtium.es", true */ 'h', 'a', 'b', 't', 'i', 'u', 'm', '.', 'e', 's', '\0',
+  /* "haccp.roma.it", true */ 'h', 'a', 'c', 'c', 'p', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "hacettepeteknokent.com.tr", true */ 'h', 'a', 'c', 'e', 't', 't', 'e', 'p', 'e', 't', 'e', 'k', 'n', 'o', 'k', 'e', 'n', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "hachre.de", true */ 'h', 'a', 'c', 'h', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "hack.club", true */ 'h', 'a', 'c', 'k', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "hackademix.net", true */ 'h', 'a', 'c', 'k', 'a', 'd', 'e', 'm', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "hackanders.com", true */ 'h', 'a', 'c', 'k', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackbarth.guru", true */ 'h', 'a', 'c', 'k', 'b', 'a', 'r', 't', 'h', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "hackbeil.name", true */ 'h', 'a', 'c', 'k', 'b', 'e', 'i', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "hackbubble.me", true */ 'h', 'a', 'c', 'k', 'b', 'u', 'b', 'b', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "hackcraft.net", true */ 'h', 'a', 'c', 'k', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "hackenkunjeleren.nl", true */ 'h', 'a', 'c', 'k', 'e', 'n', 'k', 'u', 'n', 'j', 'e', 'l', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "hackenturet.dk", true */ 'h', 'a', 'c', 'k', 'e', 'n', 't', 'u', 'r', 'e', 't', '.', 'd', 'k', '\0',
+  /* "hacker.club", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "hacker.deals", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'd', 'e', 'a', 'l', 's', '\0',
+  /* "hacker.im", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "hacker.one", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'o', 'n', 'e', '\0',
+  /* "hacker.parts", true */ 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'a', 'r', 't', 's', '\0',
+  /* "hacker1.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hacker101.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hackerchai.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'h', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hackerco.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hackergateway.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hackernet.se", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "hackerone-ext-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'e', 'x', 't', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone-user-content.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '-', 'u', 's', 'e', 'r', '-', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hackerone.net", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hackerpoints.com", true */ 'h', 'a', 'c', 'k', 'e', 'r', 'p', 'o', 'i', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackerstxt.org", true */ 'h', 'a', 'c', 'k', 'e', 'r', 's', 't', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "hackgins.com", true */ 'h', 'a', 'c', 'k', 'g', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hackingand.coffee", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'a', 'n', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "hackingdh.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 'd', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hackingsafe.com", true */ 'h', 'a', 'c', 'k', 'i', 'n', 'g', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hackmd.io", true */ 'h', 'a', 'c', 'k', 'm', 'd', '.', 'i', 'o', '\0',
+  /* "hackmeplz.com", true */ 'h', 'a', 'c', 'k', 'm', 'e', 'p', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "hacksoc.co.uk", true */ 'h', 'a', 'c', 'k', 's', 'o', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hackthissite.org", true */ 'h', 'a', 'c', 'k', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "hacktivis.me", true */ 'h', 'a', 'c', 'k', 't', 'i', 'v', 'i', 's', '.', 'm', 'e', '\0',
+  /* "hackyourfaceoff.com", true */ 'h', 'a', 'c', 'k', 'y', 'o', 'u', 'r', 'f', 'a', 'c', 'e', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hadaly.fr", true */ 'h', 'a', 'd', 'a', 'l', 'y', '.', 'f', 'r', '\0',
+  /* "hadleighswimmingclub.co.uk", true */ 'h', 'a', 'd', 'l', 'e', 'i', 'g', 'h', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hadouk.in", true */ 'h', 'a', 'd', 'o', 'u', 'k', '.', 'i', 'n', '\0',
+  /* "hadrons.org", true */ 'h', 'a', 'd', 'r', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "haefligermedia.ch", true */ 'h', 'a', 'e', 'f', 'l', 'i', 'g', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "haehnlein.at", true */ 'h', 'a', 'e', 'h', 'n', 'l', 'e', 'i', 'n', '.', 'a', 't', '\0',
+  /* "haens.li", true */ 'h', 'a', 'e', 'n', 's', '.', 'l', 'i', '\0',
+  /* "haerwu.biz", true */ 'h', 'a', 'e', 'r', 'w', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "hafniatimes.com", true */ 'h', 'a', 'f', 'n', 'i', 'a', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "haggeluring.su", true */ 'h', 'a', 'g', 'g', 'e', 'l', 'u', 'r', 'i', 'n', 'g', '.', 's', 'u', '\0',
+  /* "hagueaustralia.com.au", true */ 'h', 'a', 'g', 'u', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "haha-raku.com", true */ 'h', 'a', 'h', 'a', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "haiboxu.com", true */ 'h', 'a', 'i', 'b', 'o', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hail2u.net", true */ 'h', 'a', 'i', 'l', '2', 'u', '.', 'n', 'e', 't', '\0',
+  /* "hailer.com", true */ 'h', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "haircrazy.com", true */ 'h', 'a', 'i', 'r', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hairraisingphotobooths.co.uk", true */ 'h', 'a', 'i', 'r', 'r', 'a', 'i', 's', 'i', 'n', 'g', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hairtonic-lab.com", true */ 'h', 'a', 'i', 'r', 't', 'o', 'n', 'i', 'c', '-', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hajnzic.at", true */ 'h', 'a', 'j', 'n', 'z', 'i', 'c', '.', 'a', 't', '\0',
+  /* "hak5.org", true */ 'h', 'a', 'k', '5', '.', 'o', 'r', 'g', '\0',
+  /* "hakase.kr", true */ 'h', 'a', 'k', 'a', 's', 'e', '.', 'k', 'r', '\0',
+  /* "hakatabijin-mind.com", true */ 'h', 'a', 'k', 'a', 't', 'a', 'b', 'i', 'j', 'i', 'n', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hake.me", true */ 'h', 'a', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "haktec.de", true */ 'h', 'a', 'k', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "hakurei.moe", true */ 'h', 'a', 'k', 'u', 'r', 'e', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "halacs.hu", true */ 'h', 'a', 'l', 'a', 'c', 's', '.', 'h', 'u', '\0',
+  /* "half-logic.eu.org", true */ 'h', 'a', 'l', 'f', '-', 'l', 'o', 'g', 'i', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "halfco.de", true */ 'h', 'a', 'l', 'f', 'c', 'o', '.', 'd', 'e', '\0',
+  /* "halfwaythere.eu", true */ 'h', 'a', 'l', 'f', 'w', 'a', 'y', 't', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "halitopuroprodutos.com.br", true */ 'h', 'a', 'l', 'i', 't', 'o', 'p', 'u', 'r', 'o', 'p', 'r', 'o', 'd', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "halkirkbouncycastles.co.uk", true */ 'h', 'a', 'l', 'k', 'i', 'r', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hallelujahsoftware.com", true */ 'h', 'a', 'l', 'l', 'e', 'l', 'u', 'j', 'a', 'h', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hallhuber.com", true */ 'h', 'a', 'l', 'l', 'h', 'u', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "halligladen.de", true */ 'h', 'a', 'l', 'l', 'i', 'g', 'l', 'a', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hallmarkestates.ca", true */ 'h', 'a', 'l', 'l', 'm', 'a', 'r', 'k', 'e', 's', 't', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "hallucinogen.com", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hallucinogens.org", true */ 'h', 'a', 'l', 'l', 'u', 'c', 'i', 'n', 'o', 'g', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "halo.fr", true */ 'h', 'a', 'l', 'o', '.', 'f', 'r', '\0',
+  /* "halongbaybackpackertour.com", true */ 'h', 'a', 'l', 'o', 'n', 'g', 'b', 'a', 'y', 'b', 'a', 'c', 'k', 'p', 'a', 'c', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "haloobaloo.com", true */ 'h', 'a', 'l', 'o', 'o', 'b', 'a', 'l', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "halta.info", true */ 'h', 'a', 'l', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hamacho-kyudo.com", true */ 'h', 'a', 'm', 'a', 'c', 'h', 'o', '-', 'k', 'y', 'u', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hamali.bg", true */ 'h', 'a', 'm', 'a', 'l', 'i', '.', 'b', 'g', '\0',
+  /* "hamish.ca", true */ 'h', 'a', 'm', 'i', 's', 'h', '.', 'c', 'a', '\0',
+  /* "hamking.tk", true */ 'h', 'a', 'm', 'k', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "hammamsayad.com", true */ 'h', 'a', 'm', 'm', 'a', 'm', 's', 'a', 'y', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-corp.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-schnaps.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hammer-sms.com", true */ 'h', 'a', 'm', 'm', 'e', 'r', '-', 's', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hampl.tv", true */ 'h', 'a', 'm', 'p', 'l', '.', 't', 'v', '\0',
+  /* "hampshiretechservices.co.uk", true */ 'h', 'a', 'm', 'p', 's', 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hamsters-uk.org", true */ 'h', 'a', 'm', 's', 't', 'e', 'r', 's', '-', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hana.ondemand.com", true */ 'h', 'a', 'n', 'a', '.', 'o', 'n', 'd', 'e', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hanakaraku.com", true */ 'h', 'a', 'n', 'a', 'k', 'a', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hanashi.eu", true */ 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'e', 'u', '\0',
+  /* "hancatemc.com", true */ 'h', 'a', 'n', 'c', 'a', 't', 'e', 'm', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "handbrake.fr", true */ 'h', 'a', 'n', 'd', 'b', 'r', 'a', 'k', 'e', '.', 'f', 'r', '\0',
+  /* "handcraft.eu.org", true */ 'h', 'a', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "handgelenkbandage-test.de", true */ 'h', 'a', 'n', 'd', 'g', 'e', 'l', 'e', 'n', 'k', 'b', 'a', 'n', 'd', 'a', 'g', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "handinhandfoundation.org.uk", true */ 'h', 'a', 'n', 'd', 'i', 'n', 'h', 'a', 'n', 'd', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "handlecoin.com", true */ 'h', 'a', 'n', 'd', 'l', 'e', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "handmade-workshop.de", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "handmadegobelin.com", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 'g', 'o', 'b', 'e', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "handmadetutorials.ro", true */ 'h', 'a', 'n', 'd', 'm', 'a', 'd', 'e', 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 's', '.', 'r', 'o', '\0',
+  /* "handycommerce.co", true */ 'h', 'a', 'n', 'd', 'y', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "handyglas.com", true */ 'h', 'a', 'n', 'd', 'y', 'g', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "handymanlondonplease.co.uk", true */ 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 'l', 'o', 'n', 'd', 'o', 'n', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "handynummer.online", true */ 'h', 'a', 'n', 'd', 'y', 'n', 'u', 'm', 'm', 'e', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "handysex.live", true */ 'h', 'a', 'n', 'd', 'y', 's', 'e', 'x', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "handyticket.de", true */ 'h', 'a', 'n', 'd', 'y', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hanfox.co.uk", false */ 'h', 'a', 'n', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hangar.hosting", true */ 'h', 'a', 'n', 'g', 'a', 'r', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "hangcapnach.com", true */ 'h', 'a', 'n', 'g', 'c', 'a', 'p', 'n', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hangouts.google.com", true */ 'h', 'a', 'n', 'g', 'o', 'u', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hangtenseo.com", true */ 'h', 'a', 'n', 'g', 't', 'e', 'n', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hanksservice.com", true */ 'h', 'a', 'n', 'k', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hannah.link", true */ 'h', 'a', 'n', 'n', 'a', 'h', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "hannes-speelgoedencadeautjes.nl", true */ 'h', 'a', 'n', 'n', 'e', 's', '-', 's', 'p', 'e', 'e', 'l', 'g', 'o', 'e', 'd', 'e', 'n', 'c', 'a', 'd', 'e', 'a', 'u', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "hanover.edu", false */ 'h', 'a', 'n', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "hansen.hn", true */ 'h', 'a', 'n', 's', 'e', 'n', '.', 'h', 'n', '\0',
+  /* "hansmund.com", true */ 'h', 'a', 'n', 's', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hansolrella.com", true */ 'h', 'a', 'n', 's', 'o', 'l', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hansvaneijsden.com", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hansvaneijsden.nl", true */ 'h', 'a', 'n', 's', 'v', 'a', 'n', 'e', 'i', 'j', 's', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "hantse.com", true */ 'h', 'a', 'n', 't', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hanu.la", true */ 'h', 'a', 'n', 'u', '.', 'l', 'a', '\0',
+  /* "hanxv.pw", true */ 'h', 'a', 'n', 'x', 'v', '.', 'p', 'w', '\0',
+  /* "hanys.xyz", true */ 'h', 'a', 'n', 'y', 's', '.', 'x', 'y', 'z', '\0',
+  /* "hanzubon.jp", true */ 'h', 'a', 'n', 'z', 'u', 'b', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "hao-zhang.com", true */ 'h', 'a', 'o', '-', 'z', 'h', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "haogoodair.ca", true */ 'h', 'a', 'o', 'g', 'o', 'o', 'd', 'a', 'i', 'r', '.', 'c', 'a', '\0',
+  /* "haozhang.org", true */ 'h', 'a', 'o', 'z', 'h', 'a', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "haozi.me", true */ 'h', 'a', 'o', 'z', 'i', '.', 'm', 'e', '\0',
+  /* "hapissl.com", true */ 'h', 'a', 'p', 'i', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hapivm.com", true */ 'h', 'a', 'p', 'i', 'v', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "happyagain.de", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "happyagain.se", true */ 'h', 'a', 'p', 'p', 'y', 'a', 'g', 'a', 'i', 'n', '.', 's', 'e', '\0',
+  /* "happyandrelaxeddogs.eu", false */ 'h', 'a', 'p', 'p', 'y', 'a', 'n', 'd', 'r', 'e', 'l', 'a', 'x', 'e', 'd', 'd', 'o', 'g', 's', '.', 'e', 'u', '\0',
+  /* "happybounce.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "happycarb.de", true */ 'h', 'a', 'p', 'p', 'y', 'c', 'a', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "happycoder.net", false */ 'h', 'a', 'p', 'p', 'y', 'c', 'o', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "happydoq.ch", true */ 'h', 'a', 'p', 'p', 'y', 'd', 'o', 'q', '.', 'c', 'h', '\0',
+  /* "happygadget.me", true */ 'h', 'a', 'p', 'p', 'y', 'g', 'a', 'd', 'g', 'e', 't', '.', 'm', 'e', '\0',
+  /* "happykidscastles.co.uk", true */ 'h', 'a', 'p', 'p', 'y', 'k', 'i', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "happylifestyle.com", true */ 'h', 'a', 'p', 'p', 'y', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "happyschnapper.com", true */ 'h', 'a', 'p', 'p', 'y', 's', 'c', 'h', 'n', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "happyteamlabs.com", true */ 'h', 'a', 'p', 'p', 'y', 't', 'e', 'a', 'm', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "happytiger.eu", true */ 'h', 'a', 'p', 'p', 'y', 't', 'i', 'g', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "happyukgo.com", true */ 'h', 'a', 'p', 'p', 'y', 'u', 'k', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hapsfordmill.co.uk", true */ 'h', 'a', 'p', 's', 'f', 'o', 'r', 'd', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hapvm.com", true */ 'h', 'a', 'p', 'v', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "haqaza.com.br", true */ 'h', 'a', 'q', 'a', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "haraj.com.sa", true */ 'h', 'a', 'r', 'a', 'j', '.', 'c', 'o', 'm', '.', 's', 'a', '\0',
+  /* "harald-d.dyndns.org", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'd', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "harald-pfeiffer.de", true */ 'h', 'a', 'r', 'a', 'l', 'd', '-', 'p', 'f', 'e', 'i', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "harapecorita.com", true */ 'h', 'a', 'r', 'a', 'p', 'e', 'c', 'o', 'r', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "harbor-light.net", true */ 'h', 'a', 'r', 'b', 'o', 'r', '-', 'l', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "hardeman.nu", true */ 'h', 'a', 'r', 'd', 'e', 'm', 'a', 'n', '.', 'n', 'u', '\0',
+  /* "hardenize.com", true */ 'h', 'a', 'r', 'd', 'e', 'n', 'i', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hardergayporn.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 'g', 'a', 'y', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hardertimes.com", true */ 'h', 'a', 'r', 'd', 'e', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hardesec.com", true */ 'h', 'a', 'r', 'd', 'e', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hardfalcon.net", true */ 'h', 'a', 'r', 'd', 'f', 'a', 'l', 'c', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hardforum.com", true */ 'h', 'a', 'r', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hardh.at", true */ 'h', 'a', 'r', 'd', 'h', '.', 'a', 't', '\0',
+  /* "hardrain980.com", true */ 'h', 'a', 'r', 'd', 'r', 'a', 'i', 'n', '9', '8', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hardtfrieden.de", true */ 'h', 'a', 'r', 'd', 't', 'f', 'r', 'i', 'e', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hardtime.ru", true */ 'h', 'a', 'r', 'd', 't', 'i', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "hardyboyplant.com", true */ 'h', 'a', 'r', 'd', 'y', 'b', 'o', 'y', 'p', 'l', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "haribilalic.com", true */ 'h', 'a', 'r', 'i', 'b', 'i', 'l', 'a', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "harilova.fr", true */ 'h', 'a', 'r', 'i', 'l', 'o', 'v', 'a', '.', 'f', 'r', '\0',
+  /* "hariome.com", true */ 'h', 'a', 'r', 'i', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "haritsa.co.id", true */ 'h', 'a', 'r', 'i', 't', 's', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "harjitbhogal.com", true */ 'h', 'a', 'r', 'j', 'i', 't', 'b', 'h', 'o', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "harmfarm.nl", true */ 'h', 'a', 'r', 'm', 'f', 'a', 'r', 'm', '.', 'n', 'l', '\0',
+  /* "harmoney.co.nz", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "harmoney.com", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "harmoney.com.au", true */ 'h', 'a', 'r', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "haroldsharpe.com", true */ 'h', 'a', 'r', 'o', 'l', 'd', 's', 'h', 'a', 'r', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "harringtonca.com", true */ 'h', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "harrisonsand.com", false */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "harrisonsdirect.co.uk", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrisonswebsites.com", true */ 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "harryharrison.co", true */ 'h', 'a', 'r', 'r', 'y', 'h', 'a', 'r', 'r', 'i', 's', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "harrymclaren.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 'm', 'c', 'l', 'a', 'r', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harryphoto.fr", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'h', 'o', 't', 'o', '.', 'f', 'r', '\0',
+  /* "harrypottereditor.com", true */ 'h', 'a', 'r', 'r', 'y', 'p', 'o', 't', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "harrysgardengamehire.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'g', 'a', 'r', 'd', 'e', 'n', 'g', 'a', 'm', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrysmallbones.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'm', 'a', 'l', 'l', 'b', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harrysqnc.co.uk", true */ 'h', 'a', 'r', 'r', 'y', 's', 'q', 'n', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "harschnitz.nl", true */ 'h', 'a', 'r', 's', 'c', 'h', 'n', 'i', 't', 'z', '.', 'n', 'l', '\0',
+  /* "hartie95.de", true */ 'h', 'a', 'r', 't', 'i', 'e', '9', '5', '.', 'd', 'e', '\0',
+  /* "hartlep.email", true */ 'h', 'a', 'r', 't', 'l', 'e', 'p', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "harukakikuchi.com", true */ 'h', 'a', 'r', 'u', 'k', 'a', 'k', 'i', 'k', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "haruue.moe", true */ 'h', 'a', 'r', 'u', 'u', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "harvestapp.com", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "harvester.fr", true */ 'h', 'a', 'r', 'v', 'e', 's', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "harveyauzorst.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'a', 'u', 'z', 'o', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "harveymilton.com", true */ 'h', 'a', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "haschrebellen.de", true */ 'h', 'a', 's', 'c', 'h', 'r', 'e', 'b', 'e', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hasdf.de", true */ 'h', 'a', 's', 'd', 'f', '.', 'd', 'e', '\0',
+  /* "haselsteiner.me", true */ 'h', 'a', 's', 'e', 'l', 's', 't', 'e', 'i', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "hash-archive.org", true */ 'h', 'a', 's', 'h', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "hash.works", true */ 'h', 'a', 's', 'h', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "hashcat.net", true */ 'h', 'a', 's', 'h', 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "hashes.org", true */ 'h', 'a', 's', 'h', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hashi.dk", true */ 'h', 'a', 's', 'h', 'i', '.', 'd', 'k', '\0',
+  /* "hashiconf.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hashiconf.eu", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'n', 'f', '.', 'e', 'u', '\0',
+  /* "hashicorp.com", true */ 'h', 'a', 's', 'h', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hashimah.ca", true */ 'h', 'a', 's', 'h', 'i', 'm', 'a', 'h', '.', 'c', 'a', '\0',
+  /* "hashinteractive.com", true */ 'h', 'a', 's', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hashish.net", true */ 'h', 'a', 's', 'h', 'i', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "hashiura.jp", true */ 'h', 'a', 's', 'h', 'i', 'u', 'r', 'a', '.', 'j', 'p', '\0',
+  /* "hashru.nl", true */ 'h', 'a', 's', 'h', 'r', 'u', '.', 'n', 'l', '\0',
+  /* "hashworks.net", true */ 'h', 'a', 's', 'h', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "haskovec.com", true */ 'h', 'a', 's', 'k', 'o', 'v', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hasselbach-dellwig.de", true */ 'h', 'a', 's', 's', 'e', 'l', 'b', 'a', 'c', 'h', '-', 'd', 'e', 'l', 'l', 'w', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "hatarisecurity.co.ke", true */ 'h', 'a', 't', 'a', 'r', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "hatcherlawgroupnm.com", true */ 'h', 'a', 't', 'c', 'h', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', 'n', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hatethe.uk", true */ 'h', 'a', 't', 'e', 't', 'h', 'e', '.', 'u', 'k', '\0',
+  /* "hatisenang.com", false */ 'h', 'a', 't', 'i', 's', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hatul.info", true */ 'h', 'a', 't', 'u', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "haucke.xyz", true */ 'h', 'a', 'u', 'c', 'k', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "hauntedfishtank.com", false */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'f', 'i', 's', 'h', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hauntedhouserecords.co.uk", true */ 'h', 'a', 'u', 'n', 't', 'e', 'd', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "haus-garten-test.de", true */ 'h', 'a', 'u', 's', '-', 'g', 'a', 'r', 't', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "haus-henne.de", true */ 'h', 'a', 'u', 's', '-', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "haushenne.de", true */ 'h', 'a', 'u', 's', 'h', 'e', 'n', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "hausundhof.com", true */ 'h', 'a', 'u', 's', 'u', 'n', 'd', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hausverbrauch.de", true */ 'h', 'a', 'u', 's', 'v', 'e', 'r', 'b', 'r', 'a', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hautarztzentrum.ch", true */ 'h', 'a', 'u', 't', 'a', 'r', 'z', 't', 'z', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "hauteslatitudes.com", true */ 'h', 'a', 'u', 't', 'e', 's', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "havasuhomepage.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "havasuinsurance.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "havasutacohacienda.com", true */ 'h', 'a', 'v', 'a', 's', 'u', 't', 'a', 'c', 'o', 'h', 'a', 'c', 'i', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "haveabounce.co.uk", true */ 'h', 'a', 'v', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "haveforeningen-enghaven.dk", true */ 'h', 'a', 'v', 'e', 'f', 'o', 'r', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '-', 'e', 'n', 'g', 'h', 'a', 'v', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "havefunbiking.com", true */ 'h', 'a', 'v', 'e', 'f', 'u', 'n', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "haveibeenpwned.com", true */ 'h', 'a', 'v', 'e', 'i', 'b', 'e', 'e', 'n', 'p', 'w', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "havellab.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "havelland-obstler.de", true */ 'h', 'a', 'v', 'e', 'l', 'l', 'a', 'n', 'd', '-', 'o', 'b', 's', 't', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "haven-moon.com", true */ 'h', 'a', 'v', 'e', 'n', '-', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "haven-staging.cloud", true */ 'h', 'a', 'v', 'e', 'n', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "haven.cloud", true */ 'h', 'a', 'v', 'e', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "hawaya.com", true */ 'h', 'a', 'w', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawk-la.com", true */ 'h', 'a', 'w', 'k', '-', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawkeyeinsight.com", true */ 'h', 'a', 'w', 'k', 'e', 'y', 'e', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hawkinsonkiaparts.com", true */ 'h', 'a', 'w', 'k', 'i', 'n', 's', 'o', 'n', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hawkofgeorgia.com", true */ 'h', 'a', 'w', 'k', 'o', 'f', 'g', 'e', 'o', 'r', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hawksguild.com", true */ 'h', 'a', 'w', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "haxdroid.com", true */ 'h', 'a', 'x', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "haxo.nl", false */ 'h', 'a', 'x', 'o', '.', 'n', 'l', '\0',
+  /* "hayai.space", true */ 'h', 'a', 'y', 'a', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hayashi-rin.net", true */ 'h', 'a', 'y', 'a', 's', 'h', 'i', '-', 'r', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hayden.one", true */ 'h', 'a', 'y', 'd', 'e', 'n', '.', 'o', 'n', 'e', '\0',
+  /* "haydenjames.io", true */ 'h', 'a', 'y', 'd', 'e', 'n', 'j', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0',
+  /* "hayfordoleary.com", true */ 'h', 'a', 'y', 'f', 'o', 'r', 'd', 'o', 'l', 'e', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "haynes-davis.com", true */ 'h', 'a', 'y', 'n', 'e', 's', '-', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "haz.cat", true */ 'h', 'a', 'z', '.', 'c', 'a', 't', '\0',
+  /* "haze.productions", true */ 'h', 'a', 'z', 'e', '.', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '\0',
+  /* "hazeover.com", true */ 'h', 'a', 'z', 'e', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hb8522.com", true */ 'h', 'b', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hbdesign.work", true */ 'h', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "hbkonsult.com", true */ 'h', 'b', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hboeck.de", true */ 'h', 'b', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "hbpowell.com", true */ 'h', 'b', 'p', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hcbj.io", true */ 'h', 'c', 'b', 'j', '.', 'i', 'o', '\0',
+  /* "hcfhomelottery.ca", true */ 'h', 'c', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "hcoe.fi", true */ 'h', 'c', 'o', 'e', '.', 'f', 'i', '\0',
+  /* "hd-gaming.com", true */ 'h', 'd', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hd-offensive.at", false */ 'h', 'd', '-', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'a', 't', '\0',
+  /* "hd-only.org", true */ 'h', 'd', '-', 'o', 'n', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hd-outillage.com", true */ 'h', 'd', '-', 'o', 'u', 't', 'i', 'l', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hd1tj.org", true */ 'h', 'd', '1', 't', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "hda.me", true */ 'h', 'd', 'a', '.', 'm', 'e', '\0',
+  /* "hdc.cz", true */ 'h', 'd', 'c', '.', 'c', 'z', '\0',
+  /* "hdcenter.cc", true */ 'h', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "hdeaves.uk", true */ 'h', 'd', 'e', 'a', 'v', 'e', 's', '.', 'u', 'k', '\0',
+  /* "hdf.world", true */ 'h', 'd', 'f', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "hdfgroup.org", true */ 'h', 'd', 'f', 'g', 'r', 'o', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "hdguru.com", true */ 'h', 'd', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hdhoang.space", true */ 'h', 'd', 'h', 'o', 'a', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hdrsource.com", true */ 'h', 'd', 'r', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hdrtranscon.com", true */ 'h', 'd', 'r', 't', 'r', 'a', 'n', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hds-lan.de", true */ 'h', 'd', 's', '-', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "hdy.nz", true */ 'h', 'd', 'y', '.', 'n', 'z', '\0',
+  /* "head.org", true */ 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "head.ru", true */ 'h', 'e', 'a', 'd', '.', 'r', 'u', '\0',
+  /* "headjapan.com", true */ 'h', 'e', 'a', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "headlinepublishing.be", true */ 'h', 'e', 'a', 'd', 'l', 'i', 'n', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "headshotharp.de", true */ 'h', 'e', 'a', 'd', 's', 'h', 'o', 't', 'h', 'a', 'r', 'p', '.', 'd', 'e', '\0',
+  /* "health-match.com.au", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "health-plan-news.com", true */ 'h', 'e', 'a', 'l', 't', 'h', '-', 'p', 'l', 'a', 'n', '-', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "health.graphics", true */ 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '\0',
+  /* "healthcare.gov", false */ 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "healtheals.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healtheffectsofasbestos.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'f', 'f', 'e', 'c', 't', 's', 'o', 'f', 'a', 's', 'b', 'e', 's', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healthery.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "healthfoam.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "healthiercompany.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'i', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "healthlabs.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "healthmatchapp.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'm', 'a', 't', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "healththoroughfare.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 't', 'h', 'o', 'r', 'o', 'u', 'g', 'h', 'f', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "healthy-map.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', '-', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "healthyfitfood.com", true */ 'h', 'e', 'a', 'l', 't', 'h', 'y', 'f', 'i', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "heap.zone", true */ 'h', 'e', 'a', 'p', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "hearmeraw.uk", true */ 'h', 'e', 'a', 'r', 'm', 'e', 'r', 'a', 'w', '.', 'u', 'k', '\0',
+  /* "heart.taxi", true */ 'h', 'e', 'a', 'r', 't', '.', 't', 'a', 'x', 'i', '\0',
+  /* "heartbeat24.de", true */ 'h', 'e', 'a', 'r', 't', 'b', 'e', 'a', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "heartgames.pl", true */ 'h', 'e', 'a', 'r', 't', 'g', 'a', 'm', 'e', 's', '.', 'p', 'l', '\0',
+  /* "heartmdinstitute.com", true */ 'h', 'e', 'a', 'r', 't', 'm', 'd', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "heartsucker.com", true */ 'h', 'e', 'a', 'r', 't', 's', 'u', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hearttruth.gov", true */ 'h', 'e', 'a', 'r', 't', 't', 'r', 'u', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "heartview.com.br", true */ 'h', 'e', 'a', 'r', 't', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "heartwoodart.com", true */ 'h', 'e', 'a', 'r', 't', 'w', 'o', 'o', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hearty.blog", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "hearty.cf", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'c', 'f', '\0',
+  /* "hearty.ga", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'g', 'a', '\0',
+  /* "hearty.me", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'm', 'e', '\0',
+  /* "hearty.taipei", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0',
+  /* "hearty.tech", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 't', 'e', 'c', 'h', '\0',
+  /* "hearty.us", true */ 'h', 'e', 'a', 'r', 't', 'y', '.', 'u', 's', '\0',
+  /* "heartyapp.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "heartycraft.com", true */ 'h', 'e', 'a', 'r', 't', 'y', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "heavenlyseals.com", true */ 'h', 'e', 'a', 'v', 'e', 'n', 'l', 'y', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "heavensattic.co.uk", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "heavensinferno.net", true */ 'h', 'e', 'a', 'v', 'e', 'n', 's', 'i', 'n', 'f', 'e', 'r', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "heavyequipments.org", true */ 'h', 'e', 'a', 'v', 'y', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hebergeurssd.com", true */ 'h', 'e', 'b', 'e', 'r', 'g', 'e', 'u', 'r', 's', 's', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hebikhiv.nl", true */ 'h', 'e', 'b', 'i', 'k', 'h', 'i', 'v', '.', 'n', 'l', '\0',
+  /* "hebriff.com", true */ 'h', 'e', 'b', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "hec-espace-entreprise.ch", true */ 'h', 'e', 'c', '-', 'e', 's', 'p', 'a', 'c', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "hec.global", true */ 'h', 'e', 'c', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "hechamano.es", true */ 'h', 'e', 'c', 'h', 'a', 'm', 'a', 'n', 'o', '.', 'e', 's', '\0',
+  /* "heckelektro.de", true */ 'h', 'e', 'c', 'k', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "heckerundknopp.de", true */ 'h', 'e', 'c', 'k', 'e', 'r', 'u', 'n', 'd', 'k', 'n', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "heckticmedia.com", true */ 'h', 'e', 'c', 'k', 't', 'i', 'c', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hectorj.net", true */ 'h', 'e', 'c', 't', 'o', 'r', 'j', '.', 'n', 'e', 't', '\0',
+  /* "hedgeschool.ie", true */ 'h', 'e', 'd', 'g', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'e', '\0',
+  /* "hedonism.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "hedonistic-imperative.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '-', 'i', 'm', 'p', 'e', 'r', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hedonistic.org", true */ 'h', 'e', 'd', 'o', 'n', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "hedonium.com", true */ 'h', 'e', 'd', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hedweb.co.uk", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hedweb.com", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hedweb.net", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "hedweb.org", true */ 'h', 'e', 'd', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "heeler.blue", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "heeler.red", true */ 'h', 'e', 'e', 'l', 'e', 'r', '.', 'r', 'e', 'd', '\0',
+  /* "heello.es", true */ 'h', 'e', 'e', 'l', 'l', 'o', '.', 'e', 's', '\0',
+  /* "hefengautoparts.com", true */ 'h', 'e', 'f', 'e', 'n', 'g', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "heftkaufen.de", true */ 'h', 'e', 'f', 't', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hegen.com.pl", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "hegen.cz", true */ 'h', 'e', 'g', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "hegen.sk", true */ 'h', 'e', 'g', 'e', 'n', '.', 's', 'k', '\0',
+  /* "hegenshop.de", true */ 'h', 'e', 'g', 'e', 'n', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "heh.ee", true */ 'h', 'e', 'h', '.', 'e', 'e', '\0',
+  /* "heha.co", false */ 'h', 'e', 'h', 'a', '.', 'c', 'o', '\0',
+  /* "heiaheia.com", true */ 'h', 'e', 'i', 'a', 'h', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "heid.ws", true */ 'h', 'e', 'i', 'd', '.', 'w', 's', '\0',
+  /* "heidisheroes.org", true */ 'h', 'e', 'i', 'd', 'i', 's', 'h', 'e', 'r', 'o', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "heikorichter.name", true */ 'h', 'e', 'i', 'k', 'o', 'r', 'i', 'c', 'h', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "heiland.io", true */ 'h', 'e', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "heiliger-gral.info", true */ 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'r', '-', 'g', 'r', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "heilpraxis-bgl.de", true */ 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "heimatverein-eitensheim.de", true */ 'h', 'e', 'i', 'm', 'a', 't', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'i', 't', 'e', 'n', 's', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "heimonen.eu", true */ 'h', 'e', 'i', 'm', 'o', 'n', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "heimprofis.de", true */ 'h', 'e', 'i', 'm', 'p', 'r', 'o', 'f', 'i', 's', '.', 'd', 'e', '\0',
+  /* "heinpost.nl", false */ 'h', 'e', 'i', 'n', 'p', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "heinzelmann.co", true */ 'h', 'e', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', '\0',
+  /* "heissluft-fritteuse.com", true */ 'h', 'e', 'i', 's', 's', 'l', 'u', 'f', 't', '-', 'f', 'r', 'i', 't', 't', 'e', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "heitland-it.de", true */ 'h', 'e', 'i', 't', 'l', 'a', 'n', 'd', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "hekeki.com", true */ 'h', 'e', 'k', 'e', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "helber-it-services.de", true */ 'h', 'e', 'l', 'b', 'e', 'r', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "helden-spielen.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', '-', 's', 'p', 'i', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "heldenhalde.de", true */ 'h', 'e', 'l', 'd', 'e', 'n', 'h', 'a', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "heldundsexgott.de", true */ 'h', 'e', 'l', 'd', 'u', 'n', 'd', 's', 'e', 'x', 'g', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "hele.cz", true */ 'h', 'e', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "helenaknowledge.com", true */ 'h', 'e', 'l', 'e', 'n', 'a', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helenelefauconnier.com", true */ 'h', 'e', 'l', 'e', 'n', 'e', 'l', 'e', 'f', 'a', 'u', 'c', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helenkellersimulator.org", true */ 'h', 'e', 'l', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "helichat.de", true */ 'h', 'e', 'l', 'i', 'c', 'h', 'a', 't', '.', 'd', 'e', '\0',
+  /* "helikon.ro", true */ 'h', 'e', 'l', 'i', 'k', 'o', 'n', '.', 'r', 'o', '\0',
+  /* "helioanodyne.eu", true */ 'h', 'e', 'l', 'i', 'o', 'a', 'n', 'o', 'd', 'y', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "helios4.com", true */ 'h', 'e', 'l', 'i', 'o', 's', '4', '.', 'c', 'o', 'm', '\0',
+  /* "heliosnet.com", true */ 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "heliosvoting.org", true */ 'h', 'e', 'l', 'i', 'o', 's', 'v', 'o', 't', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "helix.am", true */ 'h', 'e', 'l', 'i', 'x', '.', 'a', 'm', '\0',
+  /* "helixflight.com", true */ 'h', 'e', 'l', 'i', 'x', 'f', 'l', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hell.sh", true */ 'h', 'e', 'l', 'l', '.', 's', 'h', '\0',
+  /* "hellenicaward.com", true */ 'h', 'e', 'l', 'l', 'e', 'n', 'i', 'c', 'a', 'w', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hellersgas.com", true */ 'h', 'e', 'l', 'l', 'e', 'r', 's', 'g', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "helles-koepfchen.de", true */ 'h', 'e', 'l', 'l', 'e', 's', '-', 'k', 'o', 'e', 'p', 'f', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hello-nestor.com", true */ 'h', 'e', 'l', 'l', 'o', '-', 'n', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helloacm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'c', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "helloanselm.com", true */ 'h', 'e', 'l', 'l', 'o', 'a', 'n', 's', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hellomouse.cf", true */ 'h', 'e', 'l', 'l', 'o', 'm', 'o', 'u', 's', 'e', '.', 'c', 'f', '\0',
+  /* "hellotandem.com", true */ 'h', 'e', 'l', 'l', 'o', 't', 'a', 'n', 'd', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hellothought.net", true */ 'h', 'e', 'l', 'l', 'o', 't', 'h', 'o', 'u', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "help.simpletax.ca", true */ 'h', 'e', 'l', 'p', '.', 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "helpconnect.com.au", true */ 'h', 'e', 'l', 'p', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "helpdebit.com", true */ 'h', 'e', 'l', 'p', 'd', 'e', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "helpfacile.com", true */ 'h', 'e', 'l', 'p', 'f', 'a', 'c', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helpfixe.com", true */ 'h', 'e', 'l', 'p', 'f', 'i', 'x', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "helpflux.com", true */ 'h', 'e', 'l', 'p', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "helpgerer.com", true */ 'h', 'e', 'l', 'p', 'g', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "helpgoabroad.com", true */ 'h', 'e', 'l', 'p', 'g', 'o', 'a', 'b', 'r', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "helpmij.cf", true */ 'h', 'e', 'l', 'p', 'm', 'i', 'j', '.', 'c', 'f', '\0',
+  /* "helppresta.com", true */ 'h', 'e', 'l', 'p', 'p', 'r', 'e', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "helpstarloja.com.br", true */ 'h', 'e', 'l', 'p', 's', 't', 'a', 'r', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "helsinki.dating", true */ 'h', 'e', 'l', 's', 'i', 'n', 'k', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "helup.com", true */ 'h', 'e', 'l', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "helvella.de", true */ 'h', 'e', 'l', 'v', 'e', 'l', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "hematoonkologia.pl", true */ 'h', 'e', 'm', 'a', 't', 'o', 'o', 'n', 'k', 'o', 'l', 'o', 'g', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "hemdal.se", true */ 'h', 'e', 'm', 'd', 'a', 'l', '.', 's', 'e', '\0',
+  /* "hemnet.se", true */ 'h', 'e', 'm', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "hen.ne.ke", true */ 'h', 'e', 'n', '.', 'n', 'e', '.', 'k', 'e', '\0',
+  /* "hendric.us", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'c', '.', 'u', 's', '\0',
+  /* "hendrinortier.nl", true */ 'h', 'e', 'n', 'd', 'r', 'i', 'n', 'o', 'r', 't', 'i', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "hendyisaac.com", true */ 'h', 'e', 'n', 'd', 'y', 'i', 's', 'a', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hengelsportdeal.com", true */ 'h', 'e', 'n', 'g', 'e', 'l', 's', 'p', 'o', 'r', 't', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hengstumone.com", true */ 'h', 'e', 'n', 'g', 's', 't', 'u', 'm', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "henhenlu.com", true */ 'h', 'e', 'n', 'h', 'e', 'n', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "henkbrink.com", true */ 'h', 'e', 'n', 'k', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "henker.net", true */ 'h', 'e', 'n', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "henkverlinde.com", false */ 'h', 'e', 'n', 'k', 'v', 'e', 'r', 'l', 'i', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "henleybouncycastles.co.uk", true */ 'h', 'e', 'n', 'l', 'e', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hennadesigns.org", true */ 'h', 'e', 'n', 'n', 'a', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hennecke-forstbetrieb.de", true */ 'h', 'e', 'n', 'n', 'e', 'c', 'k', 'e', '-', 'f', 'o', 'r', 's', 't', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "henneke.me", true */ 'h', 'e', 'n', 'n', 'e', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "hennymerkel.com", true */ 'h', 'e', 'n', 'n', 'y', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "henok.eu", true */ 'h', 'e', 'n', 'o', 'k', '.', 'e', 'u', '\0',
+  /* "henriksen.is", true */ 'h', 'e', 'n', 'r', 'i', 'k', 's', 'e', 'n', '.', 'i', 's', '\0',
+  /* "henrikwelk.de", true */ 'h', 'e', 'n', 'r', 'i', 'k', 'w', 'e', 'l', 'k', '.', 'd', 'e', '\0',
+  /* "henrock.net", true */ 'h', 'e', 'n', 'r', 'o', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "henry.gg", true */ 'h', 'e', 'n', 'r', 'y', '.', 'g', 'g', '\0',
+  /* "henryphan.com", false */ 'h', 'e', 'n', 'r', 'y', 'p', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hentschke-bau.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "hentschke-betonfertigteilwerk.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'b', 'e', 't', 'o', 'n', 'f', 'e', 'r', 't', 'i', 'g', 't', 'e', 'i', 'l', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "hentschke-invest.de", true */ 'h', 'e', 'n', 't', 's', 'c', 'h', 'k', 'e', '-', 'i', 'n', 'v', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "heppler.net", true */ 'h', 'e', 'p', 'p', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "heptafrogs.de", true */ 'h', 'e', 'p', 't', 'a', 'f', 'r', 'o', 'g', 's', '.', 'd', 'e', '\0',
+  /* "hepteract.us", true */ 'h', 'e', 'p', 't', 'e', 'r', 'a', 'c', 't', '.', 'u', 's', '\0',
+  /* "heptner24.de", true */ 'h', 'e', 'p', 't', 'n', 'e', 'r', '2', '4', '.', 'd', 'e', '\0',
+  /* "her25.com", true */ 'h', 'e', 'r', '2', '5', '.', 'c', 'o', 'm', '\0',
+  /* "herbal-id.com", true */ 'h', 'e', 'r', 'b', 'a', 'l', '-', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "herberichfamily.com", true */ 'h', 'e', 'r', 'b', 'e', 'r', 'i', 'c', 'h', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "herbert.io", true */ 'h', 'e', 'r', 'b', 'e', 'r', 't', '.', 'i', 'o', '\0',
+  /* "herbweb.net", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "herbweb.org", true */ 'h', 'e', 'r', 'b', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "herculex.fi", true */ 'h', 'e', 'r', 'c', 'u', 'l', 'e', 'x', '.', 'f', 'i', '\0',
+  /* "herds.eu", true */ 'h', 'e', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "herdserv.de", true */ 'h', 'e', 'r', 'd', 's', 'e', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "herebedragons.io", true */ 'h', 'e', 'r', 'e', 'b', 'e', 'd', 'r', 'a', 'g', 'o', 'n', 's', '.', 'i', 'o', '\0',
+  /* "herecsrymy.cz", true */ 'h', 'e', 'r', 'e', 'c', 's', 'r', 'y', 'm', 'y', '.', 'c', 'z', '\0',
+  /* "heritagebaptistchurch.com.ph", true */ 'h', 'e', 'r', 'i', 't', 'a', 'g', 'e', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "hermanbrouwer.nl", true */ 'h', 'e', 'r', 'm', 'a', 'n', 'b', 'r', 'o', 'u', 'w', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "hermes-net.de", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hermes-servizi.it", true */ 'h', 'e', 'r', 'm', 'e', 's', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "herndl.org", true */ 'h', 'e', 'r', 'n', 'd', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "herni-kupony.cz", true */ 'h', 'e', 'r', 'n', 'i', '-', 'k', 'u', 'p', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "herocentral.de", true */ 'h', 'e', 'r', 'o', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "herohirehq.co.uk", true */ 'h', 'e', 'r', 'o', 'h', 'i', 'r', 'e', 'h', 'q', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "heroicpixel.com", true */ 'h', 'e', 'r', 'o', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "heroku.com", true */ 'h', 'e', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "herr-webdesign.de", true */ 'h', 'e', 'r', 'r', '-', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "herrderzeit.de", true */ 'h', 'e', 'r', 'r', 'd', 'e', 'r', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "herringsresidence.be", true */ 'h', 'e', 'r', 'r', 'i', 'n', 'g', 's', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'b', 'e', '\0',
+  /* "herrsmith.com", true */ 'h', 'e', 'r', 'r', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hertsbouncycastles.com", true */ 'h', 'e', 'r', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hertz.bj", true */ 'h', 'e', 'r', 't', 'z', '.', 'b', 'j', '\0',
+  /* "herzig.cc", true */ 'h', 'e', 'r', 'z', 'i', 'g', '.', 'c', 'c', '\0',
+  /* "hesaplama.net", true */ 'h', 'e', 's', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "hessen-liebe.de", true */ 'h', 'e', 's', 's', 'e', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "hetene.nl", true */ 'h', 'e', 't', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "hethely.ch", true */ 'h', 'e', 't', 'h', 'e', 'l', 'y', '.', 'c', 'h', '\0',
+  /* "heute-kaufen.de", true */ 'h', 'e', 'u', 't', 'e', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "heverhagen.rocks", true */ 'h', 'e', 'v', 'e', 'r', 'h', 'a', 'g', 'e', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "hevertonfreitas.com.br", true */ 'h', 'e', 'v', 'e', 'r', 't', 'o', 'n', 'f', 'r', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hex.bz", true */ 'h', 'e', 'x', '.', 'b', 'z', '\0',
+  /* "hexacon.io", true */ 'h', 'e', 'x', 'a', 'c', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "hexagon-e.com", true */ 'h', 'e', 'x', 'a', 'g', 'o', 'n', '-', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hexapt.com", true */ 'h', 'e', 'x', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hexe.net", true */ 'h', 'e', 'x', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hexed.it", true */ 'h', 'e', 'x', 'e', 'd', '.', 'i', 't', '\0',
+  /* "hexicurity.com", true */ 'h', 'e', 'x', 'i', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hexid.me", true */ 'h', 'e', 'x', 'i', 'd', '.', 'm', 'e', '\0',
+  /* "hexieshe.com", true */ 'h', 'e', 'x', 'i', 'e', 's', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hexo.io", true */ 'h', 'e', 'x', 'o', '.', 'i', 'o', '\0',
+  /* "hexony.com", true */ 'h', 'e', 'x', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hexr.org", true */ 'h', 'e', 'x', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "hexxagon.com", true */ 'h', 'e', 'x', 'x', 'a', 'g', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "heycms.com", false */ 'h', 'e', 'y', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hfbg.nl", true */ 'h', 'f', 'b', 'g', '.', 'n', 'l', '\0',
+  /* "hg.python.org", true */ 'h', 'g', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "hg0088.vip", true */ 'h', 'g', '0', '0', '8', '8', '.', 'v', 'i', 'p', '\0',
+  /* "hg718.com", true */ 'h', 'g', '7', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hg71801.com", true */ 'h', 'g', '7', '1', '8', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71802.com", true */ 'h', 'g', '7', '1', '8', '0', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71803.com", true */ 'h', 'g', '7', '1', '8', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71805.com", true */ 'h', 'g', '7', '1', '8', '0', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71806.com", true */ 'h', 'g', '7', '1', '8', '0', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71807.com", true */ 'h', 'g', '7', '1', '8', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71809.com", true */ 'h', 'g', '7', '1', '8', '0', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71811.com", true */ 'h', 'g', '7', '1', '8', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71812.com", true */ 'h', 'g', '7', '1', '8', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71813.com", true */ 'h', 'g', '7', '1', '8', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71815.com", true */ 'h', 'g', '7', '1', '8', '1', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71819.com", true */ 'h', 'g', '7', '1', '8', '1', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71822.com", true */ 'h', 'g', '7', '1', '8', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71833.com", true */ 'h', 'g', '7', '1', '8', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hg71835.com", true */ 'h', 'g', '7', '1', '8', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hg71836.com", true */ 'h', 'g', '7', '1', '8', '3', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71837.com", true */ 'h', 'g', '7', '1', '8', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71839.com", true */ 'h', 'g', '7', '1', '8', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hg71850.com", true */ 'h', 'g', '7', '1', '8', '5', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hg71851.com", true */ 'h', 'g', '7', '1', '8', '5', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71852.com", true */ 'h', 'g', '7', '1', '8', '5', '2', '.', 'c', 'o', 'm', '\0',
+  /* "hg71856.com", true */ 'h', 'g', '7', '1', '8', '5', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hg71857.com", true */ 'h', 'g', '7', '1', '8', '5', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hg71858.com", true */ 'h', 'g', '7', '1', '8', '5', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hg71860.com", true */ 'h', 'g', '7', '1', '8', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "hg71861.com", true */ 'h', 'g', '7', '1', '8', '6', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hg71863.com", true */ 'h', 'g', '7', '1', '8', '6', '3', '.', 'c', 'o', 'm', '\0',
+  /* "hga8586.com", true */ 'h', 'g', 'a', '8', '5', '8', '6', '.', 'c', 'o', 'm', '\0',
+  /* "hga8587.com", true */ 'h', 'g', 'a', '8', '5', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8685.com", true */ 'h', 'g', 'a', '8', '6', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hga8687.com", true */ 'h', 'g', 'a', '8', '6', '8', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8689.com", true */ 'h', 'g', 'a', '8', '6', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hga8757.com", true */ 'h', 'g', 'a', '8', '7', '5', '7', '.', 'c', 'o', 'm', '\0',
+  /* "hga8758.com", true */ 'h', 'g', 'a', '8', '7', '5', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hgbet.com", true */ 'h', 'g', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hgfa.fi", true */ 'h', 'g', 'f', 'a', '.', 'f', 'i', '\0',
+  /* "hgw168.com", true */ 'h', 'g', 'w', '1', '6', '8', '.', 'c', 'o', 'm', '\0',
+  /* "hh-medic.com", true */ 'h', 'h', '-', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hhgdo.de", true */ 'h', 'h', 'g', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "hhhdb.com", true */ 'h', 'h', 'h', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hhidr.org", true */ 'h', 'h', 'i', 'd', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "hhmmmm.de", true */ 'h', 'h', 'm', 'm', 'm', 'm', '.', 'd', 'e', '\0',
+  /* "hhs.gov", true */ 'h', 'h', 's', '.', 'g', 'o', 'v', '\0',
+  /* "hialatv.com", true */ 'h', 'i', 'a', 'l', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "hiccupsandjuice.co.uk", true */ 'h', 'i', 'c', 'c', 'u', 'p', 's', 'a', 'n', 'd', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hickorywinecellar.com", true */ 'h', 'i', 'c', 'k', 'o', 'r', 'y', 'w', 'i', 'n', 'e', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hicl.org", true */ 'h', 'i', 'c', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "hicoria.com", true */ 'h', 'i', 'c', 'o', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hidbo.de", true */ 'h', 'i', 'd', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "hiddenhillselectrical.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hiddenmalta.net", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'm', 'a', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "hiddenprocess.com", true */ 'h', 'i', 'd', 'd', 'e', 'n', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hideallip.com", true */ 'h', 'i', 'd', 'e', 'a', 'l', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hidedd.com", true */ 'h', 'i', 'd', 'e', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hideouswebsite.com", true */ 'h', 'i', 'd', 'e', 'o', 'u', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hidroshop.com.br", true */ 'h', 'i', 'd', 'r', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hieu.com.au", true */ 'h', 'i', 'e', 'u', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "higgstools.org", true */ 'h', 'i', 'g', 'g', 's', 't', 'o', 'o', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "highland-webcams.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', '-', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highlandparkcog.org", true */ 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'p', 'a', 'r', 'k', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "highlatitudestravel.com", true */ 'h', 'i', 'g', 'h', 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "highlegshop.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'g', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "highlevelwoodlands.com", true */ 'h', 'i', 'g', 'h', 'l', 'e', 'v', 'e', 'l', 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highlnk.com", true */ 'h', 'i', 'g', 'h', 'l', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "highspeed-arnsberg.de", true */ 'h', 'i', 'g', 'h', 's', 'p', 'e', 'e', 'd', '-', 'a', 'r', 'n', 's', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "hightechbasementsystems.com", true */ 'h', 'i', 'g', 'h', 't', 'e', 'c', 'h', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hightimes.com", true */ 'h', 'i', 'g', 'h', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "highwaytohoell.de", true */ 'h', 'i', 'g', 'h', 'w', 'a', 'y', 't', 'o', 'h', 'o', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "higilopocht.li", true */ 'h', 'i', 'g', 'i', 'l', 'o', 'p', 'o', 'c', 'h', 't', '.', 'l', 'i', '\0',
+  /* "higp.de", true */ 'h', 'i', 'g', 'p', '.', 'd', 'e', '\0',
+  /* "hijoan.com", true */ 'h', 'i', 'j', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hik-cloud.com", true */ 'h', 'i', 'k', '-', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hikagestudios.com", true */ 'h', 'i', 'k', 'a', 'g', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hike.pics", true */ 'h', 'i', 'k', 'e', '.', 'p', 'i', 'c', 's', '\0',
+  /* "hikinggearlab.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'e', 'a', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "hikingguy.com", true */ 'h', 'i', 'k', 'i', 'n', 'g', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hilahdih.cz", true */ 'h', 'i', 'l', 'a', 'h', 'd', 'i', 'h', '.', 'c', 'z', '\0',
+  /* "hilaolu.com", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hilaolu.studio", true */ 'h', 'i', 'l', 'a', 'o', 'l', 'u', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "hilchenba.ch", true */ 'h', 'i', 'l', 'c', 'h', 'e', 'n', 'b', 'a', '.', 'c', 'h', '\0',
+  /* "hilfreiche-server.tips", true */ 'h', 'i', 'l', 'f', 'r', 'e', 'i', 'c', 'h', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 't', 'i', 'p', 's', '\0',
+  /* "hilhorst-uitvaartverzorging.nl", true */ 'h', 'i', 'l', 'h', 'o', 'r', 's', 't', '-', 'u', 'i', 't', 'v', 'a', 'a', 'r', 't', 'v', 'e', 'r', 'z', 'o', 'r', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hillebrand.io", true */ 'h', 'i', 'l', 'l', 'e', 'b', 'r', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "hillsboroccpa.org", true */ 'h', 'i', 'l', 'l', 's', 'b', 'o', 'r', 'o', 'c', 'c', 'p', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hilnu.com", true */ 'h', 'i', 'l', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hilti.ee", false */ 'h', 'i', 'l', 't', 'i', '.', 'e', 'e', '\0',
+  /* "hilti.kz", false */ 'h', 'i', 'l', 't', 'i', '.', 'k', 'z', '\0',
+  /* "hilti.lv", false */ 'h', 'i', 'l', 't', 'i', '.', 'l', 'v', '\0',
+  /* "hiltonarubabeachservices.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'a', 'r', 'u', 'b', 'a', 'b', 'e', 'a', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hiltonhyland.com", true */ 'h', 'i', 'l', 't', 'o', 'n', 'h', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "himens.com", false */ 'h', 'i', 'm', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hindmanfuneralhomes.com", true */ 'h', 'i', 'n', 'd', 'm', 'a', 'n', 'f', 'u', 'n', 'e', 'r', 'a', 'l', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hingle.me", true */ 'h', 'i', 'n', 'g', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "hinrich.de", true */ 'h', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hintergrundbewegung.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'g', 'r', 'u', 'n', 'd', 'b', 'e', 'w', 'e', 'g', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "hinterhofbu.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'h', 'o', 'f', 'b', 'u', '.', 'd', 'e', '\0',
+  /* "hinterposemuckel.de", true */ 'h', 'i', 'n', 't', 'e', 'r', 'p', 'o', 's', 'e', 'm', 'u', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hintss.pw", true */ 'h', 'i', 'n', 't', 's', 's', '.', 'p', 'w', '\0',
+  /* "hiphop.ren", true */ 'h', 'i', 'p', 'h', 'o', 'p', '.', 'r', 'e', 'n', '\0',
+  /* "hipi.jp", true */ 'h', 'i', 'p', 'i', '.', 'j', 'p', '\0',
+  /* "hippies.com.br", true */ 'h', 'i', 'p', 'p', 'i', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hippo.ge", true */ 'h', 'i', 'p', 'p', 'o', '.', 'g', 'e', '\0',
+  /* "hippomovers.com", true */ 'h', 'i', 'p', 'p', 'o', 'm', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hippopotamuses.org", true */ 'h', 'i', 'p', 'p', 'o', 'p', 'o', 't', 'a', 'm', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hips.com", true */ 'h', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hipstercat.fr", true */ 'h', 'i', 'p', 's', 't', 'e', 'r', 'c', 'a', 't', '.', 'f', 'r', '\0',
+  /* "hiqfleet.co.uk", true */ 'h', 'i', 'q', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiqfranchise.co.uk", true */ 'h', 'i', 'q', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiqonline.co.uk", true */ 'h', 'i', 'q', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hirake55.com", true */ 'h', 'i', 'r', 'a', 'k', 'e', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "hiraku.me", false */ 'h', 'i', 'r', 'a', 'k', 'u', '.', 'm', 'e', '\0',
+  /* "hiratake.xyz", true */ 'h', 'i', 'r', 'a', 't', 'a', 'k', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "hire-a-coder.de", true */ 'h', 'i', 'r', 'e', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "hireabouncycastle.net", true */ 'h', 'i', 'r', 'e', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hiresteve.ca", true */ 'h', 'i', 'r', 'e', 's', 't', 'e', 'v', 'e', '.', 'c', 'a', '\0',
+  /* "hiresuccessstaffing.com", true */ 'h', 'i', 'r', 'e', 's', 'u', 'c', 'c', 'e', 's', 's', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hiretech.com", true */ 'h', 'i', 'r', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hirezzportal.com", true */ 'h', 'i', 'r', 'e', 'z', 'z', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hirotaka.org", true */ 'h', 'i', 'r', 'o', 't', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hirzaconsult.ro", true */ 'h', 'i', 'r', 'z', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'o', '\0',
+  /* "hisbrucker.net", true */ 'h', 'i', 's', 'b', 'r', 'u', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "hisnet.de", true */ 'h', 'i', 's', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "hispanic.dating", true */ 'h', 'i', 's', 'p', 'a', 'n', 'i', 'c', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "histoire-cite.ch", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "histoire-theatre.com", true */ 'h', 'i', 's', 't', 'o', 'i', 'r', 'e', '-', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "historia-arte.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'i', 'a', '-', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "history.google.com", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "history.pe", true */ 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0',
+  /* "hiteco.com", true */ 'h', 'i', 't', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hitmanstat.us", true */ 'h', 'i', 't', 'm', 'a', 'n', 's', 't', 'a', 't', '.', 'u', 's', '\0',
+  /* "hitoapi.cc", true */ 'h', 'i', 't', 'o', 'a', 'p', 'i', '.', 'c', 'c', '\0',
+  /* "hitocom.net.br", true */ 'h', 'i', 't', 'o', 'c', 'o', 'm', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "hitter-lauzon.com", true */ 'h', 'i', 't', 't', 'e', 'r', '-', 'l', 'a', 'u', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hitter.family", true */ 'h', 'i', 't', 't', 'e', 'r', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "hitterfamily.com", true */ 'h', 'i', 't', 't', 'e', 'r', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hiv-symptome.de", true */ 'h', 'i', 'v', '-', 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "hivatal-info.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', '-', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0',
+  /* "hivatalinfo.hu", true */ 'h', 'i', 'v', 'a', 't', 'a', 'l', 'i', 'n', 'f', 'o', '.', 'h', 'u', '\0',
+  /* "hiverlune.net", true */ 'h', 'i', 'v', 'e', 'r', 'l', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hiwiki.tk", true */ 'h', 'i', 'w', 'i', 'k', 'i', '.', 't', 'k', '\0',
+  /* "hiyacar.co.uk", true */ 'h', 'i', 'y', 'a', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hiyuki2578.net", true */ 'h', 'i', 'y', 'u', 'k', 'i', '2', '5', '7', '8', '.', 'n', 'e', 't', '\0',
+  /* "hizzacked.xxx", true */ 'h', 'i', 'z', 'z', 'a', 'c', 'k', 'e', 'd', '.', 'x', 'x', 'x', '\0',
+  /* "hj.rs", true */ 'h', 'j', '.', 'r', 's', '\0',
+  /* "hjartasmarta.se", true */ 'h', 'j', 'a', 'r', 't', 'a', 's', 'm', 'a', 'r', 't', 'a', '.', 's', 'e', '\0',
+  /* "hjes.com.ve", true */ 'h', 'j', 'e', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "hjf-immobilien.de", true */ 'h', 'j', 'f', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "hjortland.org", true */ 'h', 'j', 'o', 'r', 't', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "hjw-kunstwerk.de", true */ 'h', 'j', 'w', '-', 'k', 'u', 'n', 's', 't', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "hk.search.yahoo.com", false */ 'h', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hkdobrev.com", true */ 'h', 'k', 'd', 'o', 'b', 'r', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "hknet.at", true */ 'h', 'k', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "hkustmbajp.com", true */ 'h', 'k', 'u', 's', 't', 'm', 'b', 'a', 'j', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hl7999.com", true */ 'h', 'l', '7', '9', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "hlacosedora.com", true */ 'h', 'l', 'a', 'c', 'o', 's', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hlavacek.us", true */ 'h', 'l', 'a', 'v', 'a', 'c', 'e', 'k', '.', 'u', 's', '\0',
+  /* "hledejlevne.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'l', 'e', 'v', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "hledejpravnika.cz", true */ 'h', 'l', 'e', 'd', 'e', 'j', 'p', 'r', 'a', 'v', 'n', 'i', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "hlfh.space", true */ 'h', 'l', 'f', 'h', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "hloe0xff.ru", true */ 'h', 'l', 'o', 'e', '0', 'x', 'f', 'f', '.', 'r', 'u', '\0',
+  /* "hlsmandarincentre.com", true */ 'h', 'l', 's', 'm', 'a', 'n', 'd', 'a', 'r', 'i', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hlucas.de", true */ 'h', 'l', 'u', 'c', 'a', 's', '.', 'd', 'e', '\0',
+  /* "hm1ch.com", true */ 'h', 'm', '1', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hm773.net", true */ 'h', 'm', '7', '7', '3', '.', 'n', 'e', 't', '\0',
+  /* "hmhotelec.com", false */ 'h', 'm', 'h', 'o', 't', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "hmoegirl.com", true */ 'h', 'm', 'o', 'e', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hms-waldmann.de", true */ 'h', 'm', 's', '-', 'w', 'a', 'l', 'd', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "hn.search.yahoo.com", false */ 'h', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hoahau.org", true */ 'h', 'o', 'a', 'h', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "hobby-drechselei.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'd', 'r', 'e', 'c', 'h', 's', 'e', 'l', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "hobby-gamerz-community.de", true */ 'h', 'o', 'b', 'b', 'y', '-', 'g', 'a', 'm', 'e', 'r', 'z', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "hobbyspeed.com", true */ 'h', 'o', 'b', 'b', 'y', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hochhaus.us", true */ 'h', 'o', 'c', 'h', 'h', 'a', 'u', 's', '.', 'u', 's', '\0',
+  /* "hochoukikikiraku.com", true */ 'h', 'o', 'c', 'h', 'o', 'u', 'k', 'i', 'k', 'i', 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hochzeit-dana-laurens.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '-', 'd', 'a', 'n', 'a', '-', 'l', 'a', 'u', 'r', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "hochzeitsfotograf-deinfoto.ch", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "hochzeitshelferlein.de", true */ 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', 's', 'h', 'e', 'l', 'f', 'e', 'r', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "hockeyapp.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'a', 'p', 'p', '.', 'c', 'h', '\0',
+  /* "hockeymotion.ch", true */ 'h', 'o', 'c', 'k', 'e', 'y', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "hodgephotography.com", true */ 'h', 'o', 'd', 'g', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hoe.re", true */ 'h', 'o', 'e', '.', 'r', 'e', '\0',
+  /* "hoeft-autolackierung.de", true */ 'h', 'o', 'e', 'f', 't', '-', 'a', 'u', 't', 'o', 'l', 'a', 'c', 'k', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "hoekvanholland.eu", true */ 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "hoelty.network", true */ 'h', 'o', 'e', 'l', 't', 'y', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "hoesnelwasik.nl", true */ 'h', 'o', 'e', 's', 'n', 'e', 'l', 'w', 'a', 's', 'i', 'k', '.', 'n', 'l', '\0',
+  /* "hoewler.ch", true */ 'h', 'o', 'e', 'w', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "hoezzi.nl", true */ 'h', 'o', 'e', 'z', 'z', 'i', '.', 'n', 'l', '\0',
+  /* "hoffens.se", true */ 'h', 'o', 'f', 'f', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "hoflerlawfirm.com", true */ 'h', 'o', 'f', 'l', 'e', 'r', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hogl.dk", true */ 'h', 'o', 'g', 'l', '.', 'd', 'k', '\0',
+  /* "hogrebe.de", true */ 'h', 'o', 'g', 'r', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "hohnet.com", true */ 'h', 'o', 'h', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hoikuen-now.top", true */ 'h', 'o', 'i', 'k', 'u', 'e', 'n', '-', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0',
+  /* "hoiquanadida.com", true */ 'h', 'o', 'i', 'q', 'u', 'a', 'n', 'a', 'd', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hoken-wakaru.jp", true */ 'h', 'o', 'k', 'e', 'n', '-', 'w', 'a', 'k', 'a', 'r', 'u', '.', 'j', 'p', '\0',
+  /* "hokieprivacy.org", true */ 'h', 'o', 'k', 'i', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hokify.at", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'a', 't', '\0',
+  /* "hokify.ch", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'c', 'h', '\0',
+  /* "hokify.de", true */ 'h', 'o', 'k', 'i', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "hokioisecurity.com", true */ 'h', 'o', 'k', 'i', 'o', 'i', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "holad.de", true */ 'h', 'o', 'l', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "holboxwhalesharktours.com", true */ 'h', 'o', 'l', 'b', 'o', 'x', 'w', 'h', 'a', 'l', 'e', 's', 'h', 'a', 'r', 'k', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "holebedeljek.hu", true */ 'h', 'o', 'l', 'e', 'b', 'e', 'd', 'e', 'l', 'j', 'e', 'k', '.', 'h', 'u', '\0',
+  /* "holidaysportugal.eu", true */ 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "holisticacupuncture.com.au", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'a', 'c', 'u', 'p', 'u', 'n', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "holistichealer.in", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'h', 'e', 'a', 'l', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "holisticon.de", true */ 'h', 'o', 'l', 'i', 's', 't', 'i', 'c', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "hollandguns.com", true */ 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hollermann.eu", true */ 'h', 'o', 'l', 'l', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "hollo.me", true */ 'h', 'o', 'l', 'l', 'o', '.', 'm', 'e', '\0',
+  /* "hollowrap.com", true */ 'h', 'o', 'l', 'l', 'o', 'w', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hollyforrest.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'c', 'a', '\0',
+  /* "hollyforrestphotography.ca", true */ 'h', 'o', 'l', 'l', 'y', 'f', 'o', 'r', 'r', 'e', 's', 't', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'a', '\0',
+  /* "holmesian.org", true */ 'h', 'o', 'l', 'm', 'e', 's', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "holo.ovh", true */ 'h', 'o', 'l', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "holodeck.us", true */ 'h', 'o', 'l', 'o', 'd', 'e', 'c', 'k', '.', 'u', 's', '\0',
+  /* "holofono.com", true */ 'h', 'o', 'l', 'o', 'f', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "holowaty.me", true */ 'h', 'o', 'l', 'o', 'w', 'a', 't', 'y', '.', 'm', 'e', '\0',
+  /* "holoxplor.space", true */ 'h', 'o', 'l', 'o', 'x', 'p', 'l', 'o', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "holvonix.com", true */ 'h', 'o', 'l', 'v', 'o', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "holy-hi.com", true */ 'h', 'o', 'l', 'y', '-', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "holydragoon.jp", true */ 'h', 'o', 'l', 'y', 'd', 'r', 'a', 'g', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "holygrail.games", true */ 'h', 'o', 'l', 'y', 'g', 'r', 'a', 'i', 'l', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "holyhiphopdatabase.com", true */ 'h', 'o', 'l', 'y', 'h', 'i', 'p', 'h', 'o', 'p', 'd', 'a', 't', 'a', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "holymolycasinos.com", true */ 'h', 'o', 'l', 'y', 'm', 'o', 'l', 'y', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "holytransaction.com", true */ 'h', 'o', 'l', 'y', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "holywhite.com", true */ 'h', 'o', 'l', 'y', 'w', 'h', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "holz.nu", true */ 'h', 'o', 'l', 'z', '.', 'n', 'u', '\0',
+  /* "holzheizer-forum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "holzheizerforum.de", true */ 'h', 'o', 'l', 'z', 'h', 'e', 'i', 'z', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "holzspielzeug-shop.ch", true */ 'h', 'o', 'l', 'z', 's', 'p', 'i', 'e', 'l', 'z', 'e', 'u', 'g', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "holzvergaser-forum.de", true */ 'h', 'o', 'l', 'z', 'v', 'e', 'r', 'g', 'a', 's', 'e', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "homatism.com", true */ 'h', 'o', 'm', 'a', 't', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "home-cloud.online", true */ 'h', 'o', 'm', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "home-coaching.be", true */ 'h', 'o', 'm', 'e', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "home-v.ind.in", true */ 'h', 'o', 'm', 'e', '-', 'v', '.', 'i', 'n', 'd', '.', 'i', 'n', '\0',
+  /* "home-work-jobs.com", true */ 'h', 'o', 'm', 'e', '-', 'w', 'o', 'r', 'k', '-', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "homeautomated.com", true */ 'h', 'o', 'm', 'e', 'a', 'u', 't', 'o', 'm', 'a', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "homebasedsalons.com.au", true */ 'h', 'o', 'm', 'e', 'b', 'a', 's', 'e', 'd', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "homebodyalberta.com", true */ 'h', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'a', 'l', 'b', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homecareassociatespa.com", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homecarpetcleaning.co.uk", true */ 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "homecoming.city", true */ 'h', 'o', 'm', 'e', 'c', 'o', 'm', 'i', 'n', 'g', '.', 'c', 'i', 't', 'y', '\0',
+  /* "homefacialpro.com", true */ 'h', 'o', 'm', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "homegardeningforum.com", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "homegardenresort.nl", true */ 'h', 'o', 'm', 'e', 'g', 'a', 'r', 'd', 'e', 'n', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "homehuntertoronto.com", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'e', 'r', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "homehunting.pt", true */ 'h', 'o', 'm', 'e', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'p', 't', '\0',
+  /* "homeodynamics.com", true */ 'h', 'o', 'm', 'e', 'o', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "homeofjones.net", true */ 'h', 'o', 'm', 'e', 'o', 'f', 'j', 'o', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "homeogenium.com", true */ 'h', 'o', 'm', 'e', 'o', 'g', 'e', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "homeownersinsurancenevada.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'e', 'v', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homeownersinsurancenv.com", true */ 'h', 'o', 'm', 'e', 'o', 'w', 'n', 'e', 'r', 's', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'n', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "homeprivate.de", true */ 'h', 'o', 'm', 'e', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "homeremodelingcontractorsca.com", true */ 'h', 'o', 'm', 'e', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 'o', 'r', 's', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "homesandal.com", true */ 'h', 'o', 'm', 'e', 's', 'a', 'n', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "homeseller.com", true */ 'h', 'o', 'm', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "homesfordinner.ca", true */ 'h', 'o', 'm', 'e', 's', 'f', 'o', 'r', 'd', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "homesteadfarm.org", true */ 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', 'f', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "homewatt.co.uk", true */ 'h', 'o', 'm', 'e', 'w', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "homeyou.com", true */ 'h', 'o', 'm', 'e', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "homezhi.com.tw", true */ 'h', 'o', 'm', 'e', 'z', 'h', 'i', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "hommeatoutfaire.be", true */ 'h', 'o', 'm', 'm', 'e', 'a', 't', 'o', 'u', 't', 'f', 'a', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "homophoni.com", true */ 'h', 'o', 'm', 'o', 'p', 'h', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hompus.nl", false */ 'h', 'o', 'm', 'p', 'u', 's', '.', 'n', 'l', '\0',
+  /* "honda-centrum.cz", true */ 'h', 'o', 'n', 'd', 'a', '-', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "hondart.cz", true */ 'h', 'o', 'n', 'd', 'a', 'r', 't', '.', 'c', 'z', '\0',
+  /* "hondenoppasfraneker.nl", true */ 'h', 'o', 'n', 'd', 'e', 'n', 'o', 'p', 'p', 'a', 's', 'f', 'r', 'a', 'n', 'e', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "honeybadger.io", false */ 'h', 'o', 'n', 'e', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "honeybeard.co.uk", true */ 'h', 'o', 'n', 'e', 'y', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "honeycome.net", true */ 'h', 'o', 'n', 'e', 'y', 'c', 'o', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "honeyhaw.com", true */ 'h', 'o', 'n', 'e', 'y', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "honeypot.net", true */ 'h', 'o', 'n', 'e', 'y', 'p', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "hong.io", true */ 'h', 'o', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "honkhonk.net", true */ 'h', 'o', 'n', 'k', 'h', 'o', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "honkion.net", true */ 'h', 'o', 'n', 'k', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "honovere.de", true */ 'h', 'o', 'n', 'o', 'v', 'e', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "hontoir.eu", true */ 'h', 'o', 'n', 't', 'o', 'i', 'r', '.', 'e', 'u', '\0',
+  /* "hoodtrader.com", true */ 'h', 'o', 'o', 'd', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hoofddorp-centraal.nl", true */ 'h', 'o', 'o', 'f', 'd', 'd', 'o', 'r', 'p', '-', 'c', 'e', 'n', 't', 'r', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "hookbin.com", true */ 'h', 'o', 'o', 'k', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hooowl.com", true */ 'h', 'o', 'o', 'o', 'w', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hoopertechnicalsolutions.com", true */ 'h', 'o', 'o', 'p', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hooray.beer", true */ 'h', 'o', 'o', 'r', 'a', 'y', '.', 'b', 'e', 'e', 'r', '\0',
+  /* "hootworld.net", true */ 'h', 'o', 'o', 't', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "hoowhen.cn", true */ 'h', 'o', 'o', 'w', 'h', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "hopconseils.ch", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'h', '\0',
+  /* "hopconseils.com", true */ 'h', 'o', 'p', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hopewellproperties.co.uk", true */ 'h', 'o', 'p', 'e', 'w', 'e', 'l', 'l', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hopglass.eu", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'e', 'u', '\0',
+  /* "hopglass.net", true */ 'h', 'o', 'p', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "hoplongtech.com", true */ 'h', 'o', 'p', 'l', 'o', 'n', 'g', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hopps.me", true */ 'h', 'o', 'p', 'p', 's', '.', 'm', 'e', '\0',
+  /* "hoppyx.com", true */ 'h', 'o', 'p', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "horace.li", true */ 'h', 'o', 'r', 'a', 'c', 'e', '.', 'l', 'i', '\0',
+  /* "horaceli.com", true */ 'h', 'o', 'r', 'a', 'c', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "horackova.info", true */ 'h', 'o', 'r', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hord.ca", true */ 'h', 'o', 'r', 'd', '.', 'c', 'a', '\0',
+  /* "horeizai.net", true */ 'h', 'o', 'r', 'e', 'i', 'z', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "horisonttimedia.fi", true */ 'h', 'o', 'r', 'i', 's', 'o', 'n', 't', 't', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'f', 'i', '\0',
+  /* "horizonhomes-samui.com", true */ 'h', 'o', 'r', 'i', 'z', 'o', 'n', 'h', 'o', 'm', 'e', 's', '-', 's', 'a', 'm', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "horkel.cf", true */ 'h', 'o', 'r', 'k', 'e', 'l', '.', 'c', 'f', '\0',
+  /* "hornyforhanzo.com", true */ 'h', 'o', 'r', 'n', 'y', 'f', 'o', 'r', 'h', 'a', 'n', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "horodance.dk", true */ 'h', 'o', 'r', 'o', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'k', '\0',
+  /* "horrell.ca", true */ 'h', 'o', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "horrendous-servers.com", true */ 'h', 'o', 'r', 'r', 'e', 'n', 'd', 'o', 'u', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "horror-forum.de", true */ 'h', 'o', 'r', 'r', 'o', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "horsehunter.co.uk", true */ 'h', 'o', 'r', 's', 'e', 'h', 'u', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "horstmanshof.eu", true */ 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'e', 'u', '\0',
+  /* "hory.me", true */ 'h', 'o', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "horza.org", true */ 'h', 'o', 'r', 'z', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "hoshimaq.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hoshimaquinas.com.br", true */ 'h', 'o', 's', 'h', 'i', 'm', 'a', 'q', 'u', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hoshinplan.com", true */ 'h', 'o', 's', 'h', 'i', 'n', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hoshisato.com", true */ 'h', 'o', 's', 'h', 'i', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hosiet.me", true */ 'h', 'o', 's', 'i', 'e', 't', '.', 'm', 'e', '\0',
+  /* "hosmussynergie.nl", false */ 'h', 'o', 's', 'm', 'u', 's', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "hospitalhomelottery.org", true */ 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "hostadvice.com", true */ 'h', 'o', 's', 't', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hostam.link", true */ 'h', 'o', 's', 't', 'a', 'm', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "hostarea51.com", true */ 'h', 'o', 's', 't', 'a', 'r', 'e', 'a', '5', '1', '.', 'c', 'o', 'm', '\0',
+  /* "hostedbgp.net", true */ 'h', 'o', 's', 't', 'e', 'd', 'b', 'g', 'p', '.', 'n', 'e', 't', '\0',
+  /* "hostedcomments.com", true */ 'h', 'o', 's', 't', 'e', 'd', 'c', 'o', 'm', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hostedtalkgadget.google.com", true */ 'h', 'o', 's', 't', 'e', 'd', 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hostfission.com", true */ 'h', 'o', 's', 't', 'f', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hostgigz.com", true */ 'h', 'o', 's', 't', 'g', 'i', 'g', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "hostingactive.it", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'a', 'c', 't', 'i', 'v', 'e', '.', 'i', 't', '\0',
+  /* "hostingfirst.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "hostinghelp.guru", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "hostinginnederland.nl", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'i', 'n', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "hostinglogin.net", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "hostingpunt.be", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 'p', 'u', 'n', 't', '.', 'b', 'e', '\0',
+  /* "hostingsolutions.cz", true */ 'h', 'o', 's', 't', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'z', '\0',
+  /* "hostix.de", true */ 'h', 'o', 's', 't', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "hostma.ma", true */ 'h', 'o', 's', 't', 'm', 'a', '.', 'm', 'a', '\0',
+  /* "hostme.co.il", false */ 'h', 'o', 's', 't', 'm', 'e', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "hostmijnpagina.nl", true */ 'h', 'o', 's', 't', 'm', 'i', 'j', 'n', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "hostmodern.com.au", true */ 'h', 'o', 's', 't', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hosts.cf", true */ 'h', 'o', 's', 't', 's', '.', 'c', 'f', '\0',
+  /* "hostserv.org", true */ 'h', 'o', 's', 't', 's', 'e', 'r', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "hosyaku.gr.jp", true */ 'h', 'o', 's', 'y', 'a', 'k', 'u', '.', 'g', 'r', '.', 'j', 'p', '\0',
+  /* "hot-spa.ch", true */ 'h', 'o', 't', '-', 's', 'p', 'a', '.', 'c', 'h', '\0',
+  /* "hotcandlestick.com", true */ 'h', 'o', 't', 'c', 'a', 'n', 'd', 'l', 'e', 's', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hotchillibox.co.za", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hotchillibox.com", true */ 'h', 'o', 't', 'c', 'h', 'i', 'l', 'l', 'i', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "hotel-huberhof.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'h', 'u', 'b', 'e', 'r', 'h', 'o', 'f', '.', 'a', 't', '\0',
+  /* "hotel-kronjuwel.de", true */ 'h', 'o', 't', 'e', 'l', '-', 'k', 'r', 'o', 'n', 'j', 'u', 'w', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hotel-le-vaisseau.ch", true */ 'h', 'o', 't', 'e', 'l', '-', 'l', 'e', '-', 'v', 'a', 'i', 's', 's', 'e', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "hotel-pension-sonnalp.eu", true */ 'h', 'o', 't', 'e', 'l', '-', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'o', 'n', 'n', 'a', 'l', 'p', '.', 'e', 'u', '\0',
+  /* "hotel-rosner.at", true */ 'h', 'o', 't', 'e', 'l', '-', 'r', 'o', 's', 'n', 'e', 'r', '.', 'a', 't', '\0',
+  /* "hotelflow.com.br", true */ 'h', 'o', 't', 'e', 'l', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hotelident.de", true */ 'h', 'o', 't', 'e', 'l', 'i', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "hotelmap.com", true */ 'h', 'o', 't', 'e', 'l', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hotelsinformer.com", true */ 'h', 'o', 't', 'e', 'l', 's', 'i', 'n', 'f', 'o', 'r', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hotelvalena.com", true */ 'h', 'o', 't', 'e', 'l', 'v', 'a', 'l', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hothbricks.com", true */ 'h', 'o', 't', 'h', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hotnewhiphop.com", true */ 'h', 'o', 't', 'n', 'e', 'w', 'h', 'i', 'p', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "hoto.us", true */ 'h', 'o', 't', 'o', '.', 'u', 's', '\0',
+  /* "hoton.in", true */ 'h', 'o', 't', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "hotornot.com", true */ 'h', 'o', 't', 'o', 'r', 'n', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hotplate.co.nz", true */ 'h', 'o', 't', 'p', 'l', 'a', 't', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "hotplug.gr", true */ 'h', 'o', 't', 'p', 'l', 'u', 'g', '.', 'g', 'r', '\0',
+  /* "hotpoint-training.com", true */ 'h', 'o', 't', 'p', 'o', 'i', 'n', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hottaro.com", true */ 'h', 'o', 't', 't', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hottestwebcamgirls.org", true */ 'h', 'o', 't', 't', 'e', 's', 't', 'w', 'e', 'b', 'c', 'a', 'm', 'g', 'i', 'r', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "hottheme.net", true */ 'h', 'o', 't', 't', 'h', 'e', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "hotting.nl", true */ 'h', 'o', 't', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hottubhirenewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 'h', 'i', 'r', 'e', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hottubspasnewcastle.co.uk", true */ 'h', 'o', 't', 't', 'u', 'b', 's', 'p', 'a', 's', 'n', 'e', 'w', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "houdremont-la-courneuve.info", true */ 'h', 'o', 'u', 'd', 'r', 'e', 'm', 'o', 'n', 't', '-', 'l', 'a', '-', 'c', 'o', 'u', 'r', 'n', 'e', 'u', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "houraiteahouse.net", true */ 'h', 'o', 'u', 'r', 'a', 'i', 't', 'e', 'a', 'h', 'o', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "house-of-japan.co.jp", true */ 'h', 'o', 'u', 's', 'e', '-', 'o', 'f', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "house-sparrow.com", true */ 'h', 'o', 'u', 's', 'e', '-', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "houseboydesigns.com", true */ 'h', 'o', 'u', 's', 'e', 'b', 'o', 'y', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "houseinvestor.com", true */ 'h', 'o', 'u', 's', 'e', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "houser.lu", true */ 'h', 'o', 'u', 's', 'e', 'r', '.', 'l', 'u', '\0',
+  /* "housetalk.ru", true */ 'h', 'o', 'u', 's', 'e', 't', 'a', 'l', 'k', '.', 'r', 'u', '\0',
+  /* "houstonapartmentinsiders.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 'i', 'n', 's', 'i', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "houstoncreditlaw.com", true */ 'h', 'o', 'u', 's', 't', 'o', 'n', 'c', 'r', 'e', 'd', 'i', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "houtinee.com", true */ 'h', 'o', 'u', 't', 'i', 'n', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "how2fsbo.com", true */ 'h', 'o', 'w', '2', 'f', 's', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "how2play.pl", true */ 'h', 'o', 'w', '2', 'p', 'l', 'a', 'y', '.', 'p', 'l', '\0',
+  /* "howa-n.net", true */ 'h', 'o', 'w', 'a', '-', 'n', '.', 'n', 'e', 't', '\0',
+  /* "howardwatts.co.uk", true */ 'h', 'o', 'w', 'a', 'r', 'd', 'w', 'a', 't', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "howbehealthy.com", true */ 'h', 'o', 'w', 'b', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "howbigismybuilding.com", true */ 'h', 'o', 'w', 'b', 'i', 'g', 'i', 's', 'm', 'y', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "howlongtobeatsteam.com", true */ 'h', 'o', 'w', 'l', 'o', 'n', 'g', 't', 'o', 'b', 'e', 'a', 't', 's', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "howmanymilesfrom.com", true */ 'h', 'o', 'w', 'm', 'a', 'n', 'y', 'm', 'i', 'l', 'e', 's', 'f', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "howsecureismypassword.net", true */ 'h', 'o', 'w', 's', 'e', 'c', 'u', 'r', 'e', 'i', 's', 'm', 'y', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "howsmyssl.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "howsmytls.com", true */ 'h', 'o', 'w', 's', 'm', 'y', 't', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "howsyourhealth.org", true */ 'h', 'o', 'w', 's', 'y', 'o', 'u', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "howtofreelance.com", true */ 'h', 'o', 'w', 't', 'o', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "howtogeek.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "howtogeekpro.com", true */ 'h', 'o', 'w', 't', 'o', 'g', 'e', 'e', 'k', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "howtogosolar.org", true */ 'h', 'o', 'w', 't', 'o', 'g', 'o', 's', 'o', 'l', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "howtolaser.com", true */ 'h', 'o', 'w', 't', 'o', 'l', 'a', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hozana.si", false */ 'h', 'o', 'z', 'a', 'n', 'a', '.', 's', 'i', '\0',
+  /* "hp42.de", true */ 'h', 'p', '4', '2', '.', 'd', 'e', '\0',
+  /* "hpac-portal.com", true */ 'h', 'p', 'a', 'c', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "hpbn.co", true */ 'h', 'p', 'b', 'n', '.', 'c', 'o', '\0',
+  /* "hpctecnologias.com", true */ 'h', 'p', 'c', 't', 'e', 'c', 'n', 'o', 'l', 'o', 'g', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hpeditor.tk", true */ 'h', 'p', 'e', 'd', 'i', 't', 'o', 'r', '.', 't', 'k', '\0',
+  /* "hpisavageforum.com", true */ 'h', 'p', 'i', 's', 'a', 'v', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hpkp-faq.de", true */ 'h', 'p', 'k', 'p', '-', 'f', 'a', 'q', '.', 'd', 'e', '\0',
+  /* "hpnow.com.br", true */ 'h', 'p', 'n', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "hqq.tv", true */ 'h', 'q', 'q', '.', 't', 'v', '\0',
+  /* "hqwebhosting.tk", false */ 'h', 'q', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "hr98.xyz", true */ 'h', 'r', '9', '8', '.', 'x', 'y', 'z', '\0',
+  /* "hrabogados.com", true */ 'h', 'r', 'a', 'b', 'o', 'g', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hraesvelg.net", true */ 'h', 'r', 'a', 'e', 's', 'v', 'e', 'l', 'g', '.', 'n', 'e', 't', '\0',
+  /* "hranicka.cz", true */ 'h', 'r', 'a', 'n', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "hrbatypes.cz", true */ 'h', 'r', 'b', 'a', 't', 'y', 'p', 'e', 's', '.', 'c', 'z', '\0',
+  /* "hrdns.de", false */ 'h', 'r', 'd', 'n', 's', '.', 'd', 'e', '\0',
+  /* "href.one", true */ 'h', 'r', 'e', 'f', '.', 'o', 'n', 'e', '\0',
+  /* "hreflang.info", true */ 'h', 'r', 'e', 'f', 'l', 'a', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hrfhomelottery.com", true */ 'h', 'r', 'f', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "hrjfeedstock.com", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "hrjfeedstock.org", true */ 'h', 'r', 'j', 'f', 'e', 'e', 'd', 's', 't', 'o', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hrndz.io", true */ 'h', 'r', 'n', 'd', 'z', '.', 'i', 'o', '\0',
+  /* "hrobert.hu", true */ 'h', 'r', 'o', 'b', 'e', 'r', 't', '.', 'h', 'u', '\0',
+  /* "hroling.nl", true */ 'h', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hroschyk.cz", true */ 'h', 'r', 'o', 's', 'c', 'h', 'y', 'k', '.', 'c', 'z', '\0',
+  /* "hrtraining.com.au", true */ 'h', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hs-arbeitsschutz.de", true */ 'h', 's', '-', 'a', 'r', 'b', 'e', 'i', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'd', 'e', '\0',
+  /* "hs-group.net", true */ 'h', 's', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "hscorp.de", true */ 'h', 's', 'c', 'o', 'r', 'p', '.', 'd', 'e', '\0',
+  /* "hsivonen.com", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hsivonen.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "hsivonen.iki.fi", true */ 'h', 's', 'i', 'v', 'o', 'n', 'e', 'n', '.', 'i', 'k', 'i', '.', 'f', 'i', '\0',
+  /* "hsmr.cc", true */ 'h', 's', 'm', 'r', '.', 'c', 'c', '\0',
+  /* "hsr.gov", false */ 'h', 's', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "hsts-preload-test.xyz", true */ 'h', 's', 't', 's', '-', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '-', 't', 'e', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "hsts.eu", true */ 'h', 's', 't', 's', '.', 'e', 'u', '\0',
+  /* "hstsfail.appspot.com", true */ 'h', 's', 't', 's', 'f', 'a', 'i', 'l', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.appspot.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.com", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "hstspreload.org", true */ 'h', 's', 't', 's', 'p', 'r', 'e', 'l', 'o', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "hszemi.de", true */ 'h', 's', 'z', 'e', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "htaccessbook.com", true */ 'h', 't', 'a', 'c', 'c', 'e', 's', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "htaps.com", true */ 'h', 't', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hte.ovh", true */ 'h', 't', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "htlball.at", true */ 'h', 't', 'l', 'b', 'a', 'l', 'l', '.', 'a', 't', '\0',
+  /* "html5.org", true */ 'h', 't', 'm', 'l', '5', '.', 'o', 'r', 'g', '\0',
+  /* "html5media.info", true */ 'h', 't', 'm', 'l', '5', 'm', 'e', 'd', 'i', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "htmlacademy.ru", true */ 'h', 't', 'm', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'r', 'u', '\0',
+  /* "htmlvalidator.com", true */ 'h', 't', 'm', 'l', 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "htmlyse.com", true */ 'h', 't', 'm', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "htmue.net", true */ 'h', 't', 'm', 'u', 'e', '.', 'n', 'e', 't', '\0',
+  /* "htmue.org", true */ 'h', 't', 'm', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "htsure.ma", true */ 'h', 't', 's', 'u', 'r', 'e', '.', 'm', 'a', '\0',
+  /* "http2.eu", true */ 'h', 't', 't', 'p', '2', '.', 'e', 'u', '\0',
+  /* "http2.pro", true */ 'h', 't', 't', 'p', '2', '.', 'p', 'r', 'o', '\0',
+  /* "https.jetzt", true */ 'h', 't', 't', 'p', 's', '.', 'j', 'e', 't', 'z', 't', '\0',
+  /* "https4all.org", true */ 'h', 't', 't', 'p', 's', '4', 'a', 'l', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "httpsecured.net", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "httpsecurityreport.com", true */ 'h', 't', 't', 'p', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "httpsnow.com", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "httpsnow.org", true */ 'h', 't', 't', 'p', 's', 'n', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "httpswatch.ca", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "httpswatch.com", true */ 'h', 't', 't', 'p', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "httptest.net", true */ 'h', 't', 't', 'p', 't', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "hu.search.yahoo.com", false */ 'h', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hua-in.com", true */ 'h', 'u', 'a', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "huagati.com", true */ 'h', 'u', 'a', 'g', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "huahinpropertylisting.com", true */ 'h', 'u', 'a', 'h', 'i', 'n', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'l', 'i', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "huang.nu", true */ 'h', 'u', 'a', 'n', 'g', '.', 'n', 'u', '\0',
+  /* "huangguancq.com", true */ 'h', 'u', 'a', 'n', 'g', 'g', 'u', 'a', 'n', 'c', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "huangjingjing.com", true */ 'h', 'u', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'j', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "huangzenghao.cn", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'n', '\0',
+  /* "huangzenghao.com", true */ 'h', 'u', 'a', 'n', 'g', 'z', 'e', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "huaxueba.com", true */ 'h', 'u', 'a', 'x', 'u', 'e', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hub385.com", true */ 'h', 'u', 'b', '3', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "huberulrich.de", true */ 'h', 'u', 'b', 'e', 'r', 'u', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "hubok.net", true */ 'h', 'u', 'b', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "huchet.me", true */ 'h', 'u', 'c', 'h', 'e', 't', '.', 'm', 'e', '\0',
+  /* "hudhaifahgoga.co.za", true */ 'h', 'u', 'd', 'h', 'a', 'i', 'f', 'a', 'h', 'g', 'o', 'g', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hudingyuan.cn", true */ 'h', 'u', 'd', 'i', 'n', 'g', 'y', 'u', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "hudrydum.cz", true */ 'h', 'u', 'd', 'r', 'y', 'd', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "huduser.gov", true */ 'h', 'u', 'd', 'u', 's', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "huendeleskopfhuette.de", true */ 'h', 'u', 'e', 'n', 'd', 'e', 'l', 'e', 's', 'k', 'o', 'p', 'f', 'h', 'u', 'e', 't', 't', 'e', '.', 'd', 'e', '\0',
+  /* "huersch.com", true */ 'h', 'u', 'e', 'r', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "huffduffer.com", true */ 'h', 'u', 'f', 'f', 'd', 'u', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hughtodd.ink", true */ 'h', 'u', 'g', 'h', 't', 'o', 'd', 'd', '.', 'i', 'n', 'k', '\0',
+  /* "hugi.is", true */ 'h', 'u', 'g', 'i', '.', 'i', 's', '\0',
+  /* "huglen.info", true */ 'h', 'u', 'g', 'l', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hugofs.com", true */ 'h', 'u', 'g', 'o', 'f', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hugolynx.fr", true */ 'h', 'u', 'g', 'o', 'l', 'y', 'n', 'x', '.', 'f', 'r', '\0',
+  /* "huguesblanchard.paris", true */ 'h', 'u', 'g', 'u', 'e', 's', 'b', 'l', 'a', 'n', 'c', 'h', 'a', 'r', 'd', '.', 'p', 'a', 'r', 'i', 's', '\0',
+  /* "huguesditciles.com", true */ 'h', 'u', 'g', 'u', 'e', 's', 'd', 'i', 't', 'c', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huihui.moe", true */ 'h', 'u', 'i', 'h', 'u', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "huirongis.me", true */ 'h', 'u', 'i', 'r', 'o', 'n', 'g', 'i', 's', '.', 'm', 'e', '\0',
+  /* "huislaw.com", true */ 'h', 'u', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "huissier-vosges.com", true */ 'h', 'u', 'i', 's', 's', 'i', 'e', 'r', '-', 'v', 'o', 's', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huitaodang.com", true */ 'h', 'u', 'i', 't', 'a', 'o', 'd', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hukaloh.com", true */ 'h', 'u', 'k', 'a', 'l', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hukutuu.com", true */ 'h', 'u', 'k', 'u', 't', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "hulet.tech", true */ 'h', 'u', 'l', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "hulldevs.net", true */ 'h', 'u', 'l', 'l', 'd', 'e', 'v', 's', '.', 'n', 'e', 't', '\0',
+  /* "hulpbijmarketing.nl", true */ 'h', 'u', 'l', 'p', 'b', 'i', 'j', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "hulsoft.co.uk", true */ 'h', 'u', 'l', 's', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "human-clone.com", true */ 'h', 'u', 'm', 'a', 'n', '-', 'c', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "humanenrich.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "humanesources.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "humanexperiments.com", true */ 'h', 'u', 'm', 'a', 'n', 'e', 'x', 'p', 'e', 'r', 'i', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "humanity.com", true */ 'h', 'u', 'm', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "humans.io", true */ 'h', 'u', 'm', 'a', 'n', 's', '.', 'i', 'o', '\0',
+  /* "humanzee.com", true */ 'h', 'u', 'm', 'a', 'n', 'z', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "humblebee.at", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'a', 't', '\0',
+  /* "humblebee.be", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'b', 'e', '\0',
+  /* "humblebee.co.in", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "humblebee.com.ph", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "humblebee.cz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'c', 'z', '\0',
+  /* "humblebee.dk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'd', 'k', '\0',
+  /* "humblebee.es", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 's', '\0',
+  /* "humblebee.eu", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'e', 'u', '\0',
+  /* "humblebee.foundation", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "humblebee.fr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'f', 'r', '\0',
+  /* "humblebee.gr", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'g', 'r', '\0',
+  /* "humblebee.ie", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 'e', '\0',
+  /* "humblebee.it", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'i', 't', '\0',
+  /* "humblebee.me.uk", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "humblebee.nz", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'n', 'z', '\0',
+  /* "humblebee.pl", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'p', 'l', '\0',
+  /* "humblebee.us", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', '.', 'u', 's', '\0',
+  /* "humblebeeshop.ca", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'a', '\0',
+  /* "humblebeeshop.com.au", true */ 'h', 'u', 'm', 'b', 'l', 'e', 'b', 'e', 'e', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "hummy.tv", true */ 'h', 'u', 'm', 'm', 'y', '.', 't', 'v', '\0',
+  /* "humpen.se", true */ 'h', 'u', 'm', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "hund.io", true */ 'h', 'u', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "hundeformel.de", true */ 'h', 'u', 'n', 'd', 'e', 'f', 'o', 'r', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "hundter.com", true */ 'h', 'u', 'n', 'd', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "hunter.io", true */ 'h', 'u', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "huntingdonbouncers.co.uk", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "huntingdonlifesciences.com", true */ 'h', 'u', 'n', 't', 'i', 'n', 'g', 'd', 'o', 'n', 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huongquynh.com", true */ 'h', 'u', 'o', 'n', 'g', 'q', 'u', 'y', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hup.hu", true */ 'h', 'u', 'p', '.', 'h', 'u', '\0',
+  /* "hupp.se", true */ 'h', 'u', 'p', 'p', '.', 's', 'e', '\0',
+  /* "hurd.is", true */ 'h', 'u', 'r', 'd', '.', 'i', 's', '\0',
+  /* "huren.nl", true */ 'h', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "huroji.com", true */ 'h', 'u', 'r', 'o', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "hurricanelabs.com", false */ 'h', 'u', 'r', 'r', 'i', 'c', 'a', 'n', 'e', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "husakbau.at", true */ 'h', 'u', 's', 'a', 'k', 'b', 'a', 'u', '.', 'a', 't', '\0',
+  /* "hushfile.it", true */ 'h', 'u', 's', 'h', 'f', 'i', 'l', 'e', '.', 'i', 't', '\0',
+  /* "husic.net", true */ 'h', 'u', 's', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "husky.xyz", true */ 'h', 'u', 's', 'k', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "huskyduvercors.com", true */ 'h', 'u', 's', 'k', 'y', 'd', 'u', 'v', 'e', 'r', 'c', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "huskyinc.us", true */ 'h', 'u', 's', 'k', 'y', 'i', 'n', 'c', '.', 'u', 's', '\0',
+  /* "hussam.eu.org", true */ 'h', 'u', 's', 's', 'a', 'm', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "hustlehope.com", true */ 'h', 'u', 's', 't', 'l', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hustunique.com", true */ 'h', 'u', 's', 't', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "huto.ml", true */ 'h', 'u', 't', 'o', '.', 'm', 'l', '\0',
+  /* "huutonauru.net", true */ 'h', 'u', 'u', 't', 'o', 'n', 'a', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "huwcbjones.co.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "huwcbjones.uk", true */ 'h', 'u', 'w', 'c', 'b', 'j', 'o', 'n', 'e', 's', '.', 'u', 'k', '\0',
+  /* "huxley.net", true */ 'h', 'u', 'x', 'l', 'e', 'y', '.', 'n', 'e', 't', '\0',
+  /* "hvdbox.de", true */ 'h', 'v', 'd', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "hverdagogkink.no", true */ 'h', 'v', 'e', 'r', 'd', 'a', 'g', 'o', 'g', 'k', 'i', 'n', 'k', '.', 'n', 'o', '\0',
+  /* "hvh.no", true */ 'h', 'v', 'h', '.', 'n', 'o', '\0',
+  /* "hvtuananh.com", true */ 'h', 'v', 't', 'u', 'a', 'n', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "hwaddress.com", true */ 'h', 'w', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hwag-pb.de", true */ 'h', 'w', 'a', 'g', '-', 'p', 'b', '.', 'd', 'e', '\0',
+  /* "hwcine.com", true */ 'h', 'w', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "hwinfo.com", true */ 'h', 'w', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hwpkasse.de", true */ 'h', 'w', 'p', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "hx53.de", true */ 'h', 'x', '5', '3', '.', 'd', 'e', '\0',
+  /* "hxying.com", true */ 'h', 'x', 'y', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hybridiyhdistys.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'i', 'y', 'h', 'd', 'i', 's', 't', 'y', 's', '.', 'f', 'i', '\0',
+  /* "hybridklubben.fi", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "hybridworx.com", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "hybridworx.de", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'd', 'e', '\0',
+  /* "hybridworx.eu", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'e', 'u', '\0',
+  /* "hybridworx.net", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "hybridworx.org", true */ 'h', 'y', 'b', 'r', 'i', 'd', 'w', 'o', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "hycken.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "hyckenberg.com", true */ 'h', 'y', 'c', 'k', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "hyderabadonlinegifts.com", true */ 'h', 'y', 'd', 'e', 'r', 'a', 'b', 'a', 'd', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hydra.zone", true */ 'h', 'y', 'd', 'r', 'a', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "hydrasolutions.de", true */ 'h', 'y', 'd', 'r', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "hydroagro.pl", true */ 'h', 'y', 'd', 'r', 'o', 'a', 'g', 'r', 'o', '.', 'p', 'l', '\0',
+  /* "hydrocloud.net", true */ 'h', 'y', 'd', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "hydronyx.me", true */ 'h', 'y', 'd', 'r', 'o', 'n', 'y', 'x', '.', 'm', 'e', '\0',
+  /* "hydroturbine.info", true */ 'h', 'y', 'd', 'r', 'o', 't', 'u', 'r', 'b', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hydrozone.fr", true */ 'h', 'y', 'd', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "hyeok.org", true */ 'h', 'y', 'e', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "hygo.com", true */ 'h', 'y', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "hyk.me", true */ 'h', 'y', 'k', '.', 'm', 'e', '\0',
+  /* "hylians.com", true */ 'h', 'y', 'l', 'i', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "hymerscollege.co.uk", true */ 'h', 'y', 'm', 'e', 'r', 's', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "hynek.me", true */ 'h', 'y', 'n', 'e', 'k', '.', 'm', 'e', '\0',
+  /* "hype.ru", true */ 'h', 'y', 'p', 'e', '.', 'r', 'u', '\0',
+  /* "hypemgmt.com", true */ 'h', 'y', 'p', 'e', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "hyper-matrix.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 'm', 'a', 't', 'r', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "hyper-text.org", true */ 'h', 'y', 'p', 'e', 'r', '-', 't', 'e', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "hyperalgesia.com", true */ 'h', 'y', 'p', 'e', 'r', 'a', 'l', 'g', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyperbolic-mayonnaise-interceptor.ovh", true */ 'h', 'y', 'p', 'e', 'r', 'b', 'o', 'l', 'i', 'c', '-', 'm', 'a', 'y', 'o', 'n', 'n', 'a', 'i', 's', 'e', '-', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', 'o', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "hyperion.io", true */ 'h', 'y', 'p', 'e', 'r', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "hyperreal.biz", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "hyperreal.info", true */ 'h', 'y', 'p', 'e', 'r', 'r', 'e', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "hypersomnia.com", true */ 'h', 'y', 'p', 'e', 'r', 's', 'o', 'm', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyperthymia.com", true */ 'h', 'y', 'p', 'e', 'r', 't', 'h', 'y', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "hyphen.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hyphenpda.co.za", true */ 'h', 'y', 'p', 'h', 'e', 'n', 'p', 'd', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "hypotecnicentrum.cz", true */ 'h', 'y', 'p', 'o', 't', 'e', 'c', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "hypothecairelening.net", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'c', 'a', 'i', 'r', 'e', 'l', 'e', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "hypotheekbond.nl", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 'e', 'k', 'b', 'o', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "hypothes.is", true */ 'h', 'y', 'p', 'o', 't', 'h', 'e', 's', '.', 'i', 's', '\0',
+  /* "hypothyroidmom.com", true */ 'h', 'y', 'p', 'o', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "hyvinvointineuvoja.fi", true */ 'h', 'y', 'v', 'i', 'n', 'v', 'o', 'i', 'n', 't', 'i', 'n', 'e', 'u', 'v', 'o', 'j', 'a', '.', 'f', 'i', '\0',
+  /* "i--b.com", true */ 'i', '-', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "i-geld.de", true */ 'i', '-', 'g', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "i-hakul.net", true */ 'i', '-', 'h', 'a', 'k', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "i-meto.com", true */ 'i', '-', 'm', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "i-proswiss.com", true */ 'i', '-', 'p', 'r', 'o', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "i-red.info", true */ 'i', '-', 'r', 'e', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "i-stats.net", true */ 'i', '-', 's', 't', 'a', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "i-stuff.site", true */ 'i', '-', 's', 't', 'u', 'f', 'f', '.', 's', 'i', 't', 'e', '\0',
+  /* "i-verbi.it", true */ 'i', '-', 'v', 'e', 'r', 'b', 'i', '.', 'i', 't', '\0',
+  /* "i1314.gdn", true */ 'i', '1', '3', '1', '4', '.', 'g', 'd', 'n', '\0',
+  /* "i1place.com", true */ 'i', '1', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "i28s.com", true */ 'i', '2', '8', 's', '.', 'c', 'o', 'm', '\0',
+  /* "i496.eu", true */ 'i', '4', '9', '6', '.', 'e', 'u', '\0',
+  /* "i4m1k0su.com", true */ 'i', '4', 'm', '1', 'k', '0', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "i5y.co.uk", true */ 'i', '5', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "i879.com", true */ 'i', '8', '7', '9', '.', 'c', 'o', 'm', '\0',
+  /* "i95.me", false */ 'i', '9', '5', '.', 'm', 'e', '\0',
+  /* "iaco.li", true */ 'i', 'a', 'c', 'o', '.', 'l', 'i', '\0',
+  /* "iactu.info", true */ 'i', 'a', 'c', 't', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "iaeste.no", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'n', 'o', '\0',
+  /* "iaeste.or.jp", true */ 'i', 'a', 'e', 's', 't', 'e', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "iainsimms.me", true */ 'i', 'a', 'i', 'n', 's', 'i', 'm', 'm', 's', '.', 'm', 'e', '\0',
+  /* "ialis.me", true */ 'i', 'a', 'l', 'i', 's', '.', 'm', 'e', '\0',
+  /* "iamcarrico.com", true */ 'i', 'a', 'm', 'c', 'a', 'r', 'r', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "iamsoareyou.se", true */ 'i', 'a', 'm', 's', 'o', 'a', 'r', 'e', 'y', 'o', 'u', '.', 's', 'e', '\0',
+  /* "iamtheib.me", true */ 'i', 'a', 'm', 't', 'h', 'e', 'i', 'b', '.', 'm', 'e', '\0',
+  /* "iamusingtheinter.net", true */ 'i', 'a', 'm', 'u', 's', 'i', 'n', 'g', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "iamwoodbeard.com", true */ 'i', 'a', 'm', 'w', 'o', 'o', 'd', 'b', 'e', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ian.sh", true */ 'i', 'a', 'n', '.', 's', 'h', '\0',
+  /* "iandouglasscott.com", true */ 'i', 'a', 'n', 'd', 'o', 'u', 'g', 'l', 'a', 's', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ianix.com", true */ 'i', 'a', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "iavian.com", true */ 'i', 'a', 'v', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ib-wedler.de", false */ 'i', 'b', '-', 'w', 'e', 'd', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "iba.community", true */ 'i', 'b', 'a', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "ibacktraced.it", true */ 'i', 'b', 'a', 'c', 'k', 't', 'r', 'a', 'c', 'e', 'd', '.', 'i', 't', '\0',
+  /* "ibcmed.org", true */ 'i', 'b', 'c', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "iberiaversicherungen.com", true */ 'i', 'b', 'e', 'r', 'i', 'a', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ibexcore.com", true */ 'i', 'b', 'e', 'x', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ibin.co", true */ 'i', 'b', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "ibiz.mk", true */ 'i', 'b', 'i', 'z', '.', 'm', 'k', '\0',
+  /* "ibizatopcharter.com", true */ 'i', 'b', 'i', 'z', 'a', 't', 'o', 'p', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ibnw.de", true */ 'i', 'b', 'n', 'w', '.', 'd', 'e', '\0',
+  /* "ibox.ovh", true */ 'i', 'b', 'o', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "ibps.blog", true */ 'i', 'b', 'p', 's', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "ibpsrecruitment.co.in", true */ 'i', 'b', 'p', 's', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "ibrainmedicine.org", true */ 'i', 'b', 'r', 'a', 'i', 'n', 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ibrom.eu", true */ 'i', 'b', 'r', 'o', 'm', '.', 'e', 'u', '\0',
+  /* "ibron.co", false */ 'i', 'b', 'r', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "ibsafrica.co.za", true */ 'i', 'b', 's', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ibsglobal.co.za", true */ 'i', 'b', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ibwc.gov", true */ 'i', 'b', 'w', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "ic-lighting.com.au", true */ 'i', 'c', '-', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ic3.gov", true */ 'i', 'c', '3', '.', 'g', 'o', 'v', '\0',
+  /* "icafecash.com", true */ 'i', 'c', 'a', 'f', 'e', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "icanhasht.ml", true */ 'i', 'c', 'a', 'n', 'h', 'a', 's', 'h', 't', '.', 'm', 'l', '\0',
+  /* "icarlos.net", true */ 'i', 'c', 'a', 'r', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "icasnetwork.com", true */ 'i', 'c', 'a', 's', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "icbemp.gov", true */ 'i', 'c', 'b', 'e', 'm', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "iccpublisher.com", true */ 'i', 'c', 'c', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "icebat.dyndns.org", true */ 'i', 'c', 'e', 'b', 'a', 't', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "iceberg.academy", true */ 'i', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '\0',
+  /* "icebound.win", true */ 'i', 'c', 'e', 'b', 'o', 'u', 'n', 'd', '.', 'w', 'i', 'n', '\0',
+  /* "icecars.net", true */ 'i', 'c', 'e', 'c', 'a', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "ich-tanke.de", true */ 'i', 'c', 'h', '-', 't', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "ichasco.com", true */ 'i', 'c', 'h', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ichbinkeinreh.de", true */ 'i', 'c', 'h', 'b', 'i', 'n', 'k', 'e', 'i', 'n', 'r', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "ichmachdas.net", true */ 'i', 'c', 'h', 'm', 'a', 'c', 'h', 'd', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ichronos.net", true */ 'i', 'c', 'h', 'r', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "iclinic.ua", true */ 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'u', 'a', '\0',
+  /* "icmhd.ch", true */ 'i', 'c', 'm', 'h', 'd', '.', 'c', 'h', '\0',
+  /* "icmp2018.org", true */ 'i', 'c', 'm', 'p', '2', '0', '1', '8', '.', 'o', 'r', 'g', '\0',
+  /* "icodeconnect.com", true */ 'i', 'c', 'o', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "icondoom.nl", true */ 'i', 'c', 'o', 'n', 'd', 'o', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "iconomi.net", true */ 'i', 'c', 'o', 'n', 'o', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "icpc.pp.ua", true */ 'i', 'c', 'p', 'c', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "icpc2016.in.th", true */ 'i', 'c', 'p', 'c', '2', '0', '1', '6', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "icq-project.net", true */ 'i', 'c', 'q', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "icsadviseurs.nl", true */ 'i', 'c', 's', 'a', 'd', 'v', 'i', 's', 'e', 'u', 'r', 's', '.', 'n', 'l', '\0',
+  /* "icsfinomornasco.gov.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'g', 'o', 'v', '.', 'i', 't', '\0',
+  /* "icsfinomornasco.it", true */ 'i', 'c', 's', 'f', 'i', 'n', 'o', 'm', 'o', 'r', 'n', 'a', 's', 'c', 'o', '.', 'i', 't', '\0',
+  /* "ict-concept.nl", false */ 'i', 'c', 't', '-', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'n', 'l', '\0',
+  /* "ict-crew.nl", true */ 'i', 'c', 't', '-', 'c', 'r', 'e', 'w', '.', 'n', 'l', '\0',
+  /* "ict-radar.com", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ict-radar.nl", true */ 'i', 'c', 't', '-', 'r', 'a', 'd', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "ictcareer.ch", true */ 'i', 'c', 't', 'c', 'a', 'r', 'e', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "ictinforensics.org", true */ 'i', 'c', 't', 'i', 'n', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ictl.eu", true */ 'i', 'c', 't', 'l', '.', 'e', 'u', '\0',
+  /* "ictradar.com", true */ 'i', 'c', 't', 'r', 'a', 'd', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "icyapril.com", true */ 'i', 'c', 'y', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "icymint.me", true */ 'i', 'c', 'y', 'm', 'i', 'n', 't', '.', 'm', 'e', '\0',
+  /* "icys2017.com", true */ 'i', 'c', 'y', 's', '2', '0', '1', '7', '.', 'c', 'o', 'm', '\0',
+  /* "iczc.cz", true */ 'i', 'c', 'z', 'c', '.', 'c', 'z', '\0',
+  /* "id-blog.ch", true */ 'i', 'd', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "id.atlassian.com", true */ 'i', 'd', '.', 'a', 't', 'l', 'a', 's', 's', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "id.mayfirst.org", false */ 'i', 'd', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "id.search.yahoo.com", false */ 'i', 'd', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "id0-rsa.pub", true */ 'i', 'd', '0', '-', 'r', 's', 'a', '.', 'p', 'u', 'b', '\0',
+  /* "id7.fr", true */ 'i', 'd', '7', '.', 'f', 'r', '\0',
+  /* "idaeus.eu", true */ 'i', 'd', 'a', 'e', 'u', 's', '.', 'e', 'u', '\0',
+  /* "idahoansforliberty.net", true */ 'i', 'd', 'a', 'h', 'o', 'a', 'n', 's', 'f', 'o', 'r', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "idaspis.com", true */ 'i', 'd', 'a', 's', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idatha.de", true */ 'i', 'd', 'a', 't', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "idc-business.be", true */ 'i', 'd', 'c', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'b', 'e', '\0',
+  /* "idconsult.nl", true */ 'i', 'd', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'n', 'l', '\0',
+  /* "iddconnect.com", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iddconnect.org", true */ 'i', 'd', 'd', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "idealinflatablehire.co.uk", true */ 'i', 'd', 'e', 'a', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idealtruss.com", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idealtruss.com.tw", true */ 'i', 'd', 'e', 'a', 'l', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "idealwhite.space", true */ 'i', 'd', 'e', 'a', 'l', 'w', 'h', 'i', 't', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ideashop.com", true */ 'i', 'd', 'e', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ideaweb.de", true */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "ideaweblab.com", false */ 'i', 'd', 'e', 'a', 'w', 'e', 'b', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "idensys.nl", true */ 'i', 'd', 'e', 'n', 's', 'y', 's', '.', 'n', 'l', '\0',
+  /* "identifyme.net", true */ 'i', 'd', 'e', 'n', 't', 'i', 'f', 'y', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "identity-hash.online", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '-', 'h', 'a', 's', 'h', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "identitytheft.gov", true */ 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idexxpublicationportal.com", true */ 'i', 'd', 'e', 'x', 'x', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "idgard.de", true */ 'i', 'd', 'g', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "idgateway.co.uk", true */ 'i', 'd', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idhosts.co.id", true */ 'i', 'd', 'h', 'o', 's', 't', 's', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "idid.tk", true */ 'i', 'd', 'i', 'd', '.', 't', 'k', '\0',
+  /* "idiopolis.org", true */ 'i', 'd', 'i', 'o', 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "idiotentruppe.de", true */ 'i', 'd', 'i', 'o', 't', 'e', 'n', 't', 'r', 'u', 'p', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "idmanagement.gov", true */ 'i', 'd', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idmobile.co.uk", true */ 'i', 'd', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "idndx.com", true */ 'i', 'd', 'n', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "idoc24.com", true */ 'i', 'd', 'o', 'c', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "idolf.dk", true */ 'i', 'd', 'o', 'l', 'f', '.', 'd', 'k', '\0',
+  /* "idolish7.fun", true */ 'i', 'd', 'o', 'l', 'i', 's', 'h', '7', '.', 'f', 'u', 'n', '\0',
+  /* "idolshop.dk", true */ 'i', 'd', 'o', 'l', 's', 'h', 'o', 'p', '.', 'd', 'k', '\0',
+  /* "idontplaydarts.com", true */ 'i', 'd', 'o', 'n', 't', 'p', 'l', 'a', 'y', 'd', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "idranktoomuch.coffee", true */ 'i', 'd', 'r', 'a', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "idraulico.roma.it", true */ 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "idrinktoomuch.coffee", true */ 'i', 'd', 'r', 'i', 'n', 'k', 't', 'o', 'o', 'm', 'u', 'c', 'h', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "idrycleaningi.com", true */ 'i', 'd', 'r', 'y', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "idsafe.co.za", true */ 'i', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "idsoccer.com", true */ 'i', 'd', 's', 'o', 'c', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "idtheft.gov", true */ 'i', 'd', 't', 'h', 'e', 'f', 't', '.', 'g', 'o', 'v', '\0',
+  /* "idubaj.cz", true */ 'i', 'd', 'u', 'b', 'a', 'j', '.', 'c', 'z', '\0',
+  /* "idunno.org", true */ 'i', 'd', 'u', 'n', 'n', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "idvl.de", true */ 'i', 'd', 'v', 'l', '.', 'd', 'e', '\0',
+  /* "ie.search.yahoo.com", false */ 'i', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "iea-annex61.org", true */ 'i', 'e', 'a', '-', 'a', 'n', 'n', 'e', 'x', '6', '1', '.', 'o', 'r', 'g', '\0',
+  /* "iec.pe", true */ 'i', 'e', 'c', '.', 'p', 'e', '\0',
+  /* "ieeesb.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', '.', 'n', 'l', '\0',
+  /* "ieeesbe.nl", true */ 'i', 'e', 'e', 'e', 's', 'b', 'e', '.', 'n', 'l', '\0',
+  /* "ieeespmb.org", true */ 'i', 'e', 'e', 'e', 's', 'p', 'm', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "ieji.de", false */ 'i', 'e', 'j', 'i', '.', 'd', 'e', '\0',
+  /* "iemas.azurewebsites.net", true */ 'i', 'e', 'm', 'a', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "ienakanote.com", false */ 'i', 'e', 'n', 'a', 'k', 'a', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ieval.ro", true */ 'i', 'e', 'v', 'a', 'l', '.', 'r', 'o', '\0',
+  /* "iewar.com", true */ 'i', 'e', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iexpert9.com", true */ 'i', 'e', 'x', 'p', 'e', 'r', 't', '9', '.', 'c', 'o', 'm', '\0',
+  /* "ifamily.top", false */ 'i', 'f', 'a', 'm', 'i', 'l', 'y', '.', 't', 'o', 'p', '\0',
+  /* "ifan.ch", true */ 'i', 'f', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "ifasec.de", false */ 'i', 'f', 'a', 's', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "ifcfg.me", true */ 'i', 'f', 'c', 'f', 'g', '.', 'm', 'e', '\0',
+  /* "ifconfig.co", true */ 'i', 'f', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'c', 'o', '\0',
+  /* "ifelse.io", true */ 'i', 'f', 'e', 'l', 's', 'e', '.', 'i', 'o', '\0',
+  /* "ifengge.cn", true */ 'i', 'f', 'e', 'n', 'g', 'g', 'e', '.', 'c', 'n', '\0',
+  /* "ifightsurveillance.com", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ifightsurveillance.net", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ifightsurveillance.org", true */ 'i', 'f', 'i', 'g', 'h', 't', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ifixe.ch", true */ 'i', 'f', 'i', 'x', 'e', '.', 'c', 'h', '\0',
+  /* "iflare.de", true */ 'i', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "iformbuilder.com", false */ 'i', 'f', 'o', 'r', 'm', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ifort.fr", true */ 'i', 'f', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "ifosep.fr", true */ 'i', 'f', 'o', 's', 'e', 'p', '.', 'f', 'r', '\0',
+  /* "ifsac.org", true */ 'i', 'f', 's', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "ifsclist.com", true */ 'i', 'f', 's', 'c', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ifsr.de", true */ 'i', 'f', 's', 'r', '.', 'd', 'e', '\0',
+  /* "iftrue.de", true */ 'i', 'f', 't', 'r', 'u', 'e', '.', 'd', 'e', '\0',
+  /* "ifxor.com", true */ 'i', 'f', 'x', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ifyou.live", true */ 'i', 'f', 'y', 'o', 'u', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "iga-semi.jp", true */ 'i', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'j', 'p', '\0',
+  /* "igamingforums.com", true */ 'i', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "igd.chat", true */ 'i', 'g', 'd', '.', 'c', 'h', 'a', 't', '\0',
+  /* "igglabs.com", true */ 'i', 'g', 'g', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iggprivate.com", true */ 'i', 'g', 'g', 'p', 'r', 'i', 'v', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iggsoft.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iggsoftware.com", true */ 'i', 'g', 'g', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "igiftcards.de", true */ 'i', 'g', 'i', 'f', 't', 'c', 'a', 'r', 'd', 's', '.', 'd', 'e', '\0',
+  /* "igimusic.com", true */ 'i', 'g', 'i', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "igk.nz", true */ 'i', 'g', 'k', '.', 'n', 'z', '\0',
+  /* "igm-be.ch", true */ 'i', 'g', 'm', '-', 'b', 'e', '.', 'c', 'h', '\0',
+  /* "igmus.org", true */ 'i', 'g', 'm', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ignace72.eu", true */ 'i', 'g', 'n', 'a', 'c', 'e', '7', '2', '.', 'e', 'u', '\0',
+  /* "ignat.by", true */ 'i', 'g', 'n', 'a', 't', '.', 'b', 'y', '\0',
+  /* "ignatovich.by", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0',
+  /* "ignatovich.me", true */ 'i', 'g', 'n', 'a', 't', 'o', 'v', 'i', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "ignet.gov", true */ 'i', 'g', 'n', 'e', 't', '.', 'g', 'o', 'v', '\0',
+  /* "ignitedmindz.in", true */ 'i', 'g', 'n', 'i', 't', 'e', 'd', 'm', 'i', 'n', 'd', 'z', '.', 'i', 'n', '\0',
+  /* "igorw.org", true */ 'i', 'g', 'o', 'r', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "igotoffer.com", false */ 'i', 'g', 'o', 't', 'o', 'f', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "igrivi.com", true */ 'i', 'g', 'r', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "igsmgmt.com", true */ 'i', 'g', 's', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iguana.com.ec", false */ 'i', 'g', 'u', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "ih8sn0w.com", true */ 'i', 'h', '8', 's', 'n', '0', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ihacklabs.com", true */ 'i', 'h', 'a', 'c', 'k', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ihatethissh.it", true */ 'i', 'h', 'a', 't', 'e', 't', 'h', 'i', 's', 's', 'h', '.', 'i', 't', '\0',
+  /* "ihc.im", true */ 'i', 'h', 'c', '.', 'i', 'm', '\0',
+  /* "ihkk.net", true */ 'i', 'h', 'k', 'k', '.', 'n', 'e', 't', '\0',
+  /* "ihollaback.org", true */ 'i', 'h', 'o', 'l', 'l', 'a', 'b', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ihopeit.works", true */ 'i', 'h', 'o', 'p', 'e', 'i', 't', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "ihostup.net", true */ 'i', 'h', 'o', 's', 't', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "ihrhost.com", true */ 'i', 'h', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iideaz.org", true */ 'i', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "iilin.com", false */ 'i', 'i', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "iiong.com", false */ 'i', 'i', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "iirii.com", true */ 'i', 'i', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "iix.se", true */ 'i', 'i', 'x', '.', 's', 'e', '\0',
+  /* "ijohan.nl", true */ 'i', 'j', 'o', 'h', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "ijsclubtilburg.nl", true */ 'i', 'j', 's', 'c', 'l', 'u', 'b', 't', 'i', 'l', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "ijunohana.jp", true */ 'i', 'j', 'u', 'n', 'o', 'h', 'a', 'n', 'a', '.', 'j', 'p', '\0',
+  /* "ik-life.com", true */ 'i', 'k', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ikachalife.com", true */ 'i', 'k', 'a', 'c', 'h', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ikarate.ru", true */ 'i', 'k', 'a', 'r', 'a', 't', 'e', '.', 'r', 'u', '\0',
+  /* "ike.io", true */ 'i', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "ikeacareers.co.uk", true */ 'i', 'k', 'e', 'a', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ikeyless.com", true */ 'i', 'k', 'e', 'y', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ikiler.com", true */ 'i', 'k', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ikinokori-marketing.com", true */ 'i', 'k', 'i', 'n', 'o', 'k', 'o', 'r', 'i', '-', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ikk.me", true */ 'i', 'k', 'k', '.', 'm', 'e', '\0',
+  /* "ikkatsu-satei.jp", true */ 'i', 'k', 'k', 'a', 't', 's', 'u', '-', 's', 'a', 't', 'e', 'i', '.', 'j', 'p', '\0',
+  /* "ikkoku.de", true */ 'i', 'k', 'k', 'o', 'k', 'u', '.', 'd', 'e', '\0',
+  /* "iklive.org", false */ 'i', 'k', 'l', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ikulist.me", true */ 'i', 'k', 'u', 'l', 'i', 's', 't', '.', 'm', 'e', '\0',
+  /* "ikvts.de", true */ 'i', 'k', 'v', 't', 's', '.', 'd', 'e', '\0',
+  /* "ikwilthepiratebay.org", true */ 'i', 'k', 'w', 'i', 'l', 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ila.fi", true */ 'i', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "ilamparas.at", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'a', 't', '\0',
+  /* "ilamparas.co.uk", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ilamparas.com", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ilamparas.com.co", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "ilamparas.com.ve", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "ilamparas.mx", true */ 'i', 'l', 'a', 'm', 'p', 'a', 'r', 'a', 's', '.', 'm', 'x', '\0',
+  /* "ilard.fr", true */ 'i', 'l', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "ilazycat.com", true */ 'i', 'l', 'a', 'z', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ildomani.it", true */ 'i', 'l', 'd', 'o', 'm', 'a', 'n', 'i', '.', 'i', 't', '\0',
+  /* "ile-kalorii.pl", true */ 'i', 'l', 'e', '-', 'k', 'a', 'l', 'o', 'r', 'i', 'i', '.', 'p', 'l', '\0',
+  /* "ile-sapporo.jp", true */ 'i', 'l', 'e', '-', 's', 'a', 'p', 'p', 'o', 'r', 'o', '.', 'j', 'p', '\0',
+  /* "ilektronika-farmakeia-online.gr", true */ 'i', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', 'a', '-', 'f', 'a', 'r', 'm', 'a', 'k', 'e', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0',
+  /* "ilhan.name", true */ 'i', 'l', 'h', 'a', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "iligang.cn", true */ 'i', 'l', 'i', 'g', 'a', 'n', 'g', '.', 'c', 'n', '\0',
+  /* "illambias.ch", true */ 'i', 'l', 'l', 'a', 'm', 'b', 'i', 'a', 's', '.', 'c', 'h', '\0',
+  /* "illich.cz", true */ 'i', 'l', 'l', 'i', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "illicitart.ca", true */ 'i', 'l', 'l', 'i', 'c', 'i', 't', 'a', 'r', 't', '.', 'c', 'a', '\0',
+  /* "illjinx.info", true */ 'i', 'l', 'l', 'j', 'i', 'n', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "illorenese.fr", true */ 'i', 'l', 'l', 'o', 'r', 'e', 'n', 'e', 's', 'e', '.', 'f', 'r', '\0',
+  /* "illsley.org", true */ 'i', 'l', 'l', 's', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "illuminationis.com", true */ 'i', 'l', 'l', 'u', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "illusionephemere.com", true */ 'i', 'l', 'l', 'u', 's', 'i', 'o', 'n', 'e', 'p', 'h', 'e', 'm', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "illuxat.com", true */ 'i', 'l', 'l', 'u', 'x', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ilmataat.ee", true */ 'i', 'l', 'm', 'a', 't', 'a', 'a', 't', '.', 'e', 'e', '\0',
+  /* "ilmiobusinessonline.it", true */ 'i', 'l', 'm', 'i', 'o', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0',
+  /* "ilmuk.org", true */ 'i', 'l', 'm', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "ilrg.com", true */ 'i', 'l', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "iltec-prom.ru", true */ 'i', 'l', 't', 'e', 'c', '-', 'p', 'r', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "iltec.ru", true */ 'i', 'l', 't', 'e', 'c', '.', 'r', 'u', '\0',
+  /* "iltisim.ch", true */ 'i', 'l', 't', 'i', 's', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "ilweb.es", true */ 'i', 'l', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "ilya.pp.ua", true */ 'i', 'l', 'y', 'a', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "im-c-shop.com", true */ 'i', 'm', '-', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "im-design.com.ua", true */ 'i', 'm', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "im2net.com", true */ 'i', 'm', '2', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "im66.net", false */ 'i', 'm', '6', '6', '.', 'n', 'e', 't', '\0',
+  /* "ima-tourcoing.fr", true */ 'i', 'm', 'a', '-', 't', 'o', 'u', 'r', 'c', 'o', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "imacs.org", true */ 'i', 'm', 'a', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "imadalin.ro", true */ 'i', 'm', 'a', 'd', 'a', 'l', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "image-drive.de", true */ 'i', 'm', 'a', 'g', 'e', '-', 'd', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "image.tf", true */ 'i', 'm', 'a', 'g', 'e', '.', 't', 'f', '\0',
+  /* "imagebin.ca", true */ 'i', 'm', 'a', 'g', 'e', 'b', 'i', 'n', '.', 'c', 'a', '\0',
+  /* "imagefu.com", true */ 'i', 'm', 'a', 'g', 'e', 'f', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "imageination.co", true */ 'i', 'm', 'a', 'g', 'e', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "imagerive.ch", true */ 'i', 'm', 'a', 'g', 'e', 'r', 'i', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "imagescostumes.com", true */ 'i', 'm', 'a', 'g', 'e', 's', 'c', 'o', 's', 't', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imaginair.es", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'i', 'r', '.', 'e', 's', '\0',
+  /* "imaginary.ca", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "imaginarymakings.me", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'a', 'r', 'y', 'm', 'a', 'k', 'i', 'n', 'g', 's', '.', 'm', 'e', '\0',
+  /* "imagine-programming.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', '-', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "imaginetricks.com", true */ 'i', 'm', 'a', 'g', 'i', 'n', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imagr.io", true */ 'i', 'm', 'a', 'g', 'r', '.', 'i', 'o', '\0',
+  /* "imanageproducts.uk", true */ 'i', 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'u', 'k', '\0',
+  /* "imanesdeviaje.com", true */ 'i', 'm', 'a', 'n', 'e', 's', 'd', 'e', 'v', 'i', 'a', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imanhearts.com", true */ 'i', 'm', 'a', 'n', 'h', 'e', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imanolbarba.net", true */ 'i', 'm', 'a', 'n', 'o', 'l', 'b', 'a', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "imanudin.net", true */ 'i', 'm', 'a', 'n', 'u', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "imarkethost.co.uk", true */ 'i', 'm', 'a', 'r', 'k', 'e', 't', 'h', 'o', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "imawhale.com", true */ 'i', 'm', 'a', 'w', 'h', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imbianchino.roma.it", true */ 'i', 'm', 'b', 'i', 'a', 'n', 'c', 'h', 'i', 'n', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "imbrian.org", true */ 'i', 'm', 'b', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "imbushuo.net", true */ 'i', 'm', 'b', 'u', 's', 'h', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "imcsx.co", true */ 'i', 'm', 'c', 's', 'x', '.', 'c', 'o', '\0',
+  /* "imedi.co.uk", true */ 'i', 'm', 'e', 'd', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "imedi.it", true */ 'i', 'm', 'e', 'd', 'i', '.', 'i', 't', '\0',
+  /* "imedikament.de", true */ 'i', 'm', 'e', 'd', 'i', 'k', 'a', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "imeds.pl", true */ 'i', 'm', 'e', 'd', 's', '.', 'p', 'l', '\0',
+  /* "imefuniversitario.org", true */ 'i', 'm', 'e', 'f', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'a', 'r', 'i', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "imex-dtp.com", true */ 'i', 'm', 'e', 'x', '-', 'd', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "imforza.com", true */ 'i', 'm', 'f', 'o', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imga.ch", true */ 'i', 'm', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "imgaa.com", true */ 'i', 'm', 'g', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imgg.es", true */ 'i', 'm', 'g', 'g', '.', 'e', 's', '\0',
+  /* "imgul.net", true */ 'i', 'm', 'g', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "imguoguo.com", true */ 'i', 'm', 'g', 'u', 'o', 'g', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "imguploaden.nl", true */ 'i', 'm', 'g', 'u', 'p', 'l', 'o', 'a', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "imi-rhapsody.eu", true */ 'i', 'm', 'i', '-', 'r', 'h', 'a', 'p', 's', 'o', 'd', 'y', '.', 'e', 'u', '\0',
+  /* "imirhil.fr", true */ 'i', 'm', 'i', 'r', 'h', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "imitza.com", true */ 'i', 'm', 'i', 't', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "imjad.cn", true */ 'i', 'm', 'j', 'a', 'd', '.', 'c', 'n', '\0',
+  /* "imjustcreative.com", true */ 'i', 'm', 'j', 'u', 's', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imkerei-freilinger.de", true */ 'i', 'm', 'k', 'e', 'r', 'e', 'i', '-', 'f', 'r', 'e', 'i', 'l', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "imkerverein-moenchswald.de", true */ 'i', 'm', 'k', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'o', 'e', 'n', 'c', 'h', 's', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "imlinan.com", true */ 'i', 'm', 'l', 'i', 'n', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "imlonghao.com", true */ 'i', 'm', 'l', 'o', 'n', 'g', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "immanuel60.hu", true */ 'i', 'm', 'm', 'a', 'n', 'u', 'e', 'l', '6', '0', '.', 'h', 'u', '\0',
+  /* "immersivewebportal.com", true */ 'i', 'm', 'm', 'e', 'r', 's', 'i', 'v', 'e', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "immigrationdirect.com.au", true */ 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "immo-passion.net", true */ 'i', 'm', 'm', 'o', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "immo-vk.de", true */ 'i', 'm', 'm', 'o', '-', 'v', 'k', '.', 'd', 'e', '\0',
+  /* "immobilien-badlippspringe.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'b', 'a', 'd', 'l', 'i', 'p', 'p', 's', 'p', 'r', 'i', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "immobilien-wallat.de", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 'w', 'a', 'l', 'l', 'a', 't', '.', 'd', 'e', '\0',
+  /* "immobilier-nice.fr", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '-', 'n', 'i', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "immobilier92.net", true */ 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '9', '2', '.', 'n', 'e', 't', '\0',
+  /* "immobiza.com", false */ 'i', 'm', 'm', 'o', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "immortal.run", true */ 'i', 'm', 'm', 'o', 'r', 't', 'a', 'l', '.', 'r', 'u', 'n', '\0',
+  /* "imokuri123.com", true */ 'i', 'm', 'o', 'k', 'u', 'r', 'i', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "imoner.com", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "imoner.ga", true */ 'i', 'm', 'o', 'n', 'e', 'r', '.', 'g', 'a', '\0',
+  /* "imouyang.com", true */ 'i', 'm', 'o', 'u', 'y', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "impact.health.nz", true */ 'i', 'm', 'p', 'a', 'c', 't', '.', 'h', 'e', 'a', 'l', 't', 'h', '.', 'n', 'z', '\0',
+  /* "impacter.eu", true */ 'i', 'm', 'p', 'a', 'c', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "impactfestival.be", true */ 'i', 'm', 'p', 'a', 'c', 't', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'b', 'e', '\0',
+  /* "impactpub.ch", true */ 'i', 'm', 'p', 'a', 'c', 't', 'p', 'u', 'b', '.', 'c', 'h', '\0',
+  /* "impakho.com", true */ 'i', 'm', 'p', 'a', 'k', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "impas.se", true */ 'i', 'm', 'p', 'a', 's', '.', 's', 'e', '\0',
+  /* "imperdin.com", true */ 'i', 'm', 'p', 'e', 'r', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "imperial-legrand.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', '-', 'l', 'e', 'g', 'r', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "imperialmiami.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'm', 'i', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "imperialonlinestore.com", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "imperiumnova.info", true */ 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', 'n', 'o', 'v', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "impex.com.bd", true */ 'i', 'm', 'p', 'e', 'x', '.', 'c', 'o', 'm', '.', 'b', 'd', '\0',
+  /* "impiantistica.org", true */ 'i', 'm', 'p', 'i', 'a', 'n', 't', 'i', 's', 't', 'i', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "impotsimple.ca", true */ 'i', 'm', 'p', 'o', 't', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "imppac.de", true */ 'i', 'm', 'p', 'p', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "imprendo.co", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'c', 'o', '\0',
+  /* "imprendo.pro", true */ 'i', 'm', 'p', 'r', 'e', 'n', 'd', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "impresa-pulizie.it", true */ 'i', 'm', 'p', 'r', 'e', 's', 'a', '-', 'p', 'u', 'l', 'i', 'z', 'i', 'e', '.', 'i', 't', '\0',
+  /* "improklinikken.dk", true */ 'i', 'm', 'p', 'r', 'o', 'k', 'l', 'i', 'n', 'i', 'k', 'k', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "improvingwp.com", true */ 'i', 'm', 'p', 'r', 'o', 'v', 'i', 'n', 'g', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "impulse-clan.de", true */ 'i', 'm', 'p', 'u', 'l', 's', 'e', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "impulsionsa.com", true */ 'i', 'm', 'p', 'u', 'l', 's', 'i', 'o', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "impyus.com", true */ 'i', 'm', 'p', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "imququ.com", true */ 'i', 'm', 'q', 'u', 'q', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "imreh.net", true */ 'i', 'm', 'r', 'e', 'h', '.', 'n', 'e', 't', '\0',
+  /* "imrejonk.nl", false */ 'i', 'm', 'r', 'e', 'j', 'o', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "imrunner.com", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "imrunner.ru", true */ 'i', 'm', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "ims-sargans.ch", true */ 'i', 'm', 's', '-', 's', 'a', 'r', 'g', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "in-depthoutdoors.com", true */ 'i', 'n', '-', 'd', 'e', 'p', 't', 'h', 'o', 'u', 't', 'd', 'o', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "in-flames.com", true */ 'i', 'n', '-', 'f', 'l', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "in.search.yahoo.com", false */ 'i', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "in.xero.com", false */ 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "in10tion.com", false */ 'i', 'n', '1', '0', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "inabox.ro", true */ 'i', 'n', 'a', 'b', 'o', 'x', '.', 'r', 'o', '\0',
+  /* "inait.ai", true */ 'i', 'n', 'a', 'i', 't', '.', 'a', 'i', '\0',
+  /* "inandeyes.com", true */ 'i', 'n', 'a', 'n', 'd', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inanyevent.london", true */ 'i', 'n', 'a', 'n', 'y', 'e', 'v', 'e', 'n', 't', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "inares.org", true */ 'i', 'n', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "inbitcoin.it", true */ 'i', 'n', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'i', 't', '\0',
+  /* "inbounder.io", true */ 'i', 'n', 'b', 'o', 'u', 'n', 'd', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "inbox-group.com", true */ 'i', 'n', 'b', 'o', 'x', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "inbox.google.com", true */ 'i', 'n', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inboxen.org", true */ 'i', 'n', 'b', 'o', 'x', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "inceptionradionetwork.com", true */ 'i', 'n', 'c', 'e', 'p', 't', 'i', 'o', 'n', 'r', 'a', 'd', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "inchcape-fleet-autobid.co.uk", true */ 'i', 'n', 'c', 'h', 'c', 'a', 'p', 'e', '-', 'f', 'l', 'e', 'e', 't', '-', 'a', 'u', 't', 'o', 'b', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "includesubdomains.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "includesubdomains2.preloaded.test", true */ 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '2', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "incommon.io", true */ 'i', 'n', 'c', 'o', 'm', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "inconcerts.de", true */ 'i', 'n', 'c', 'o', 'n', 'c', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "incontrixsingle.net", true */ 'i', 'n', 'c', 'o', 'n', 't', 'r', 'i', 'x', 's', 'i', 'n', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "incowrimo.org", true */ 'i', 'n', 'c', 'o', 'w', 'r', 'i', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "incparadise.net", true */ 'i', 'n', 'c', 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "incubos.org", true */ 'i', 'n', 'c', 'u', 'b', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ind.ie", true */ 'i', 'n', 'd', '.', 'i', 'e', '\0',
+  /* "indarceky.sk", false */ 'i', 'n', 'd', 'a', 'r', 'c', 'e', 'k', 'y', '.', 's', 'k', '\0',
+  /* "indecipherable.info", true */ 'i', 'n', 'd', 'e', 'c', 'i', 'p', 'h', 'e', 'r', 'a', 'b', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "independencerecovery.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 'c', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "independent-operators.com", true */ 'i', 'n', 'd', 'e', 'p', 'e', 'n', 'd', 'e', 'n', 't', '-', 'o', 'p', 'e', 'r', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inderagamono.net", true */ 'i', 'n', 'd', 'e', 'r', 'a', 'g', 'a', 'm', 'o', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "indesit-training.com", true */ 'i', 'n', 'd', 'e', 's', 'i', 't', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "index-games.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "index-mp3.com", true */ 'i', 'n', 'd', 'e', 'x', '-', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0',
+  /* "indiaflowermall.com", true */ 'i', 'n', 'd', 'i', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "indian-elephant.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', '-', 'e', 'l', 'e', 'p', 'h', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indianaantlersupply.com", true */ 'i', 'n', 'd', 'i', 'a', 'n', 'a', 'a', 'n', 't', 'l', 'e', 'r', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "indiawise.co.uk", true */ 'i', 'n', 'd', 'i', 'a', 'w', 'i', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "indieethos.com", true */ 'i', 'n', 'd', 'i', 'e', 'e', 't', 'h', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indiegame.space", true */ 'i', 'n', 'd', 'i', 'e', 'g', 'a', 'm', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "indievelopment.nl", true */ 'i', 'n', 'd', 'i', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "indigoinflatables.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indigosakura.com", true */ 'i', 'n', 'd', 'i', 'g', 'o', 's', 'a', 'k', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "indilens.com", true */ 'i', 'n', 'd', 'i', 'l', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inditip.com", true */ 'i', 'n', 'd', 'i', 't', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indogerman.de", false */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "indogermanstartup.com", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indogermantrade.de", true */ 'i', 'n', 'd', 'o', 'g', 'e', 'r', 'm', 'a', 'n', 't', 'r', 'a', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "indoorplantsexpert.com", true */ 'i', 'n', 'd', 'o', 'o', 'r', 'p', 'l', 'a', 'n', 't', 's', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indostar303.com", true */ 'i', 'n', 'd', 'o', 's', 't', 'a', 'r', '3', '0', '3', '.', 'c', 'o', 'm', '\0',
+  /* "indovinabank.com.vn", true */ 'i', 'n', 'd', 'o', 'v', 'i', 'n', 'a', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'v', 'n', '\0',
+  /* "indusap.com", true */ 'i', 'n', 'd', 'u', 's', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit-ca.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit-us.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '-', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "indusfastremit.com", true */ 'i', 'n', 'd', 'u', 's', 'f', 'a', 's', 't', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "indust.me", true */ 'i', 'n', 'd', 'u', 's', 't', '.', 'm', 'e', '\0',
+  /* "industrialstarter.com", true */ 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'a', 'l', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "indybay.org", true */ 'i', 'n', 'd', 'y', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ineardisplay.com", true */ 'i', 'n', 'e', 'a', 'r', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inebula.it", true */ 'i', 'n', 'e', 'b', 'u', 'l', 'a', '.', 'i', 't', '\0',
+  /* "ineed.coffee", true */ 'i', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "inertianetworks.com", true */ 'i', 'n', 'e', 'r', 't', 'i', 'a', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inesta.nl", true */ 'i', 'n', 'e', 's', 't', 'a', '.', 'n', 'l', '\0',
+  /* "inet.se", true */ 'i', 'n', 'e', 't', '.', 's', 'e', '\0',
+  /* "inetpub.cn", true */ 'i', 'n', 'e', 't', 'p', 'u', 'b', '.', 'c', 'n', '\0',
+  /* "inetserver.eu", true */ 'i', 'n', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "inexlog.fr", true */ 'i', 'n', 'e', 'x', 'l', 'o', 'g', '.', 'f', 'r', '\0',
+  /* "inficom.org", true */ 'i', 'n', 'f', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "infinether.net", true */ 'i', 'n', 'f', 'i', 'n', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "infinitegroup.info", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "infinitiofallentownparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'l', 'l', 'e', 'n', 't', 'o', 'w', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitiofaugustaparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'a', 'u', 'g', 'u', 's', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitioflynnwoodparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'l', 'y', 'n', 'n', 'w', 'o', 'o', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinitiofmarinparts.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 'm', 'a', 'r', 'i', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinity.to", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 't', 'o', '\0',
+  /* "infinitybas.com", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infinityengine.org", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "infinityepos.co.uk", true */ 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', 'e', 'p', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "infirmieredevie.ch", true */ 'i', 'n', 'f', 'i', 'r', 'm', 'i', 'e', 'r', 'e', 'd', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "inflatablehire-scotland.co.uk", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'h', 'i', 'r', 'e', '-', 's', 'c', 'o', 't', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inflatablesny.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inflatamania.com", true */ 'i', 'n', 'f', 'l', 'a', 't', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "inflexsys.com", true */ 'i', 'n', 'f', 'l', 'e', 'x', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "influencerchampions.com", true */ 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 'c', 'h', 'a', 'm', 'p', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "influo.com", true */ 'i', 'n', 'f', 'l', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "influxus.com", false */ 'i', 'n', 'f', 'l', 'u', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "infmed.com", true */ 'i', 'n', 'f', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "info-bay.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "info-beamer.com", true */ 'i', 'n', 'f', 'o', '-', 'b', 'e', 'a', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "info-d-74.com", true */ 'i', 'n', 'f', 'o', '-', 'd', '-', '7', '4', '.', 'c', 'o', 'm', '\0',
+  /* "info-screen.me", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "info-screw.com", true */ 'i', 'n', 'f', 'o', '-', 's', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "infocity-tech.fr", true */ 'i', 'n', 'f', 'o', 'c', 'i', 't', 'y', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "infocommsociety.com", true */ 'i', 'n', 'f', 'o', 'c', 'o', 'm', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "infomegastore.com", true */ 'i', 'n', 'f', 'o', 'm', 'e', 'g', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "infomisto.com", true */ 'i', 'n', 'f', 'o', 'm', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "infopagina.es", true */ 'i', 'n', 'f', 'o', 'p', 'a', 'g', 'i', 'n', 'a', '.', 'e', 's', '\0',
+  /* "infopier.sg", true */ 'i', 'n', 'f', 'o', 'p', 'i', 'e', 'r', '.', 's', 'g', '\0',
+  /* "infopulsa.com", true */ 'i', 'n', 'f', 'o', 'p', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "inforisposte.com", true */ 'i', 'n', 'f', 'o', 'r', 'i', 's', 'p', 'o', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "informatiebeveiliging.nl", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'e', 'b', 'e', 'v', 'e', 'i', 'l', 'i', 'g', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "informatik-handwerk.de", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '-', 'h', 'a', 'n', 'd', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "informationrx.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "informnapalm.org", true */ 'i', 'n', 'f', 'o', 'r', 'm', 'n', 'a', 'p', 'a', 'l', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "infosec.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "infosec.exchange", true */ 'i', 'n', 'f', 'o', 's', 'e', 'c', '.', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '\0',
+  /* "infosenior.ch", true */ 'i', 'n', 'f', 'o', 's', 'e', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "infotainworld.com", true */ 'i', 'n', 'f', 'o', 't', 'a', 'i', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "infotolium.com", true */ 'i', 'n', 'f', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "infotune.nl", true */ 'i', 'n', 'f', 'o', 't', 'u', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "infovae-idf.com", true */ 'i', 'n', 'f', 'o', 'v', 'a', 'e', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "infovision-france.com", true */ 'i', 'n', 'f', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "infoweb.ee", true */ 'i', 'n', 'f', 'o', 'w', 'e', 'b', '.', 'e', 'e', '\0',
+  /* "infra-con.dk", false */ 'i', 'n', 'f', 'r', 'a', '-', 'c', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "infrapirtis.lt", true */ 'i', 'n', 'f', 'r', 'a', 'p', 'i', 'r', 't', 'i', 's', '.', 'l', 't', '\0',
+  /* "ingalabs.hu", true */ 'i', 'n', 'g', 'a', 'l', 'a', 'b', 's', '.', 'h', 'u', '\0',
+  /* "ingalls.run", true */ 'i', 'n', 'g', 'a', 'l', 'l', 's', '.', 'r', 'u', 'n', '\0',
+  /* "ingber.com", true */ 'i', 'n', 'g', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "inge-r.nl", true */ 'i', 'n', 'g', 'e', '-', 'r', '.', 'n', 'l', '\0',
+  /* "ingeeibach.de", true */ 'i', 'n', 'g', 'e', 'e', 'i', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ingenium.si", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 'm', '.', 's', 'i', '\0',
+  /* "ingenius.ws", true */ 'i', 'n', 'g', 'e', 'n', 'i', 'u', 's', '.', 'w', 's', '\0',
+  /* "ingerhy.com", true */ 'i', 'n', 'g', 'e', 'r', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ingjobs.ch", true */ 'i', 'n', 'g', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "inglesnarede.com.br", true */ 'i', 'n', 'g', 'l', 'e', 's', 'n', 'a', 'r', 'e', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ingo-schlueter.de", true */ 'i', 'n', 'g', 'o', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ingoschlueter.de", true */ 'i', 'n', 'g', 'o', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ingresscode.cn", true */ 'i', 'n', 'g', 'r', 'e', 's', 's', 'c', 'o', 'd', 'e', '.', 'c', 'n', '\0',
+  /* "inhaltsangabe.de", true */ 'i', 'n', 'h', 'a', 'l', 't', 's', 'a', 'n', 'g', 'a', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "inheritestate.com", true */ 'i', 'n', 'h', 'e', 'r', 'i', 't', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inhive.group", true */ 'i', 'n', 'h', 'i', 'v', 'e', '.', 'g', 'r', 'o', 'u', 'p', '\0',
+  /* "inhouseents.co.uk", true */ 'i', 'n', 'h', 'o', 'u', 's', 'e', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "iniiter.com", true */ 'i', 'n', 'i', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "inima.org", true */ 'i', 'n', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "inios.fr", false */ 'i', 'n', 'i', 'o', 's', '.', 'f', 'r', '\0',
+  /* "inishbofin.ie", true */ 'i', 'n', 'i', 's', 'h', 'b', 'o', 'f', 'i', 'n', '.', 'i', 'e', '\0',
+  /* "initq.net", true */ 'i', 'n', 'i', 't', 'q', '.', 'n', 'e', 't', '\0',
+  /* "initramfs.io", true */ 'i', 'n', 'i', 't', 'r', 'a', 'm', 'f', 's', '.', 'i', 'o', '\0',
+  /* "initrd.net", true */ 'i', 'n', 'i', 't', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "inixal.com", true */ 'i', 'n', 'i', 'x', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "injust.eu.org", true */ 'i', 'n', 'j', 'u', 's', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ink.horse", true */ 'i', 'n', 'k', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "inkable.com.au", true */ 'i', 'n', 'k', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inkbunny.net", false */ 'i', 'n', 'k', 'b', 'u', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0',
+  /* "inkhor.se", true */ 'i', 'n', 'k', 'h', 'o', 'r', '.', 's', 'e', '\0',
+  /* "inkontriamoci.com", true */ 'i', 'n', 'k', 'o', 'n', 't', 'r', 'i', 'a', 'm', 'o', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "inksay.com", true */ 'i', 'n', 'k', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "inkthemes.com", true */ 'i', 'n', 'k', 't', 'h', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inline-sport.cz", true */ 'i', 'n', 'l', 'i', 'n', 'e', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "inlink.ee", true */ 'i', 'n', 'l', 'i', 'n', 'k', '.', 'e', 'e', '\0',
+  /* "inmaps.xyz", true */ 'i', 'n', 'm', 'a', 'p', 's', '.', 'x', 'y', 'z', '\0',
+  /* "inmateintake.com", true */ 'i', 'n', 'm', 'a', 't', 'e', 'i', 'n', 't', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inme.ga", true */ 'i', 'n', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "inmobillium.fr", true */ 'i', 'n', 'm', 'o', 'b', 'i', 'l', 'l', 'i', 'u', 'm', '.', 'f', 'r', '\0',
+  /* "inmusrv.de", true */ 'i', 'n', 'm', 'u', 's', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "innerfence.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "innerform.com", true */ 'i', 'n', 'n', 'e', 'r', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "innermostparts.org", true */ 'i', 'n', 'n', 'e', 'r', 'm', 'o', 's', 't', 'p', 'a', 'r', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "innit.be", true */ 'i', 'n', 'n', 'i', 't', '.', 'b', 'e', '\0',
+  /* "innoloop.com", true */ 'i', 'n', 'n', 'o', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "innophate-security.com", true */ 'i', 'n', 'n', 'o', 'p', 'h', 'a', 't', 'e', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "innoteil.com", true */ 'i', 'n', 'n', 'o', 't', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "innovamag.ca", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'm', 'a', 'g', '.', 'c', 'a', '\0',
+  /* "innovaptor.at", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'a', 't', '\0',
+  /* "innovaptor.com", true */ 'i', 'n', 'n', 'o', 'v', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "innovation-workshop.ro", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '-', 'w', 'o', 'r', 'k', 's', 'h', 'o', 'p', '.', 'r', 'o', '\0',
+  /* "innovation.gov", false */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "innovativebuildingsolutions.co.za", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "innovativeideaz.org", true */ 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'v', 'e', 'i', 'd', 'e', 'a', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "innoventure.de", true */ 'i', 'n', 'n', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "innsalzachsingles.de", true */ 'i', 'n', 'n', 's', 'a', 'l', 'z', 'a', 'c', 'h', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "innwan.com", true */ 'i', 'n', 'n', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "inoa8.com", true */ 'i', 'n', 'o', 'a', '8', '.', 'c', 'o', 'm', '\0',
+  /* "inobun.jp", true */ 'i', 'n', 'o', 'b', 'u', 'n', '.', 'j', 'p', '\0',
+  /* "inorder.website", true */ 'i', 'n', 'o', 'r', 'd', 'e', 'r', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "inovat.ma", true */ 'i', 'n', 'o', 'v', 'a', 't', '.', 'm', 'a', '\0',
+  /* "inovatec.com", true */ 'i', 'n', 'o', 'v', 'a', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "inoxio.de", true */ 'i', 'n', 'o', 'x', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "inpas.co.uk", true */ 'i', 'n', 'p', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ins1gn1a.com", true */ 'i', 'n', 's', '1', 'g', 'n', '1', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "insane.zone", true */ 'i', 'n', 's', 'a', 'n', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "insblauehinein.nl", true */ 'i', 'n', 's', 'b', 'l', 'a', 'u', 'e', 'h', 'i', 'n', 'e', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "inschrijfformulier.com", true */ 'i', 'n', 's', 'c', 'h', 'r', 'i', 'j', 'f', 'f', 'o', 'r', 'm', 'u', 'l', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "insertcoins.net", true */ 'i', 'n', 's', 'e', 'r', 't', 'c', 'o', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "insgesamt.net", true */ 'i', 'n', 's', 'g', 'e', 's', 'a', 'm', 't', '.', 'n', 'e', 't', '\0',
+  /* "inshapenutrition.com.br", true */ 'i', 'n', 's', 'h', 'a', 'p', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "insho.fashion", false */ 'i', 'n', 's', 'h', 'o', '.', 'f', 'a', 's', 'h', 'i', 'o', 'n', '\0',
+  /* "insideaudit.com", true */ 'i', 'n', 's', 'i', 'd', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "insidethefirewall.tk", true */ 'i', 'n', 's', 'i', 'd', 'e', 't', 'h', 'e', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 't', 'k', '\0',
+  /* "insightera.co.th", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'e', 'r', 'a', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "insighti.com", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "insighti.eu", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'e', 'u', '\0',
+  /* "insighti.org", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "insighti.sk", true */ 'i', 'n', 's', 'i', 'g', 'h', 't', 'i', '.', 's', 'k', '\0',
+  /* "insinuator.net", true */ 'i', 'n', 's', 'i', 'n', 'u', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "insolent.ch", true */ 'i', 'n', 's', 'o', 'l', 'e', 'n', 't', '.', 'c', 'h', '\0',
+  /* "insping.com", true */ 'i', 'n', 's', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "inspirationalquotesuk.co.uk", true */ 'i', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'q', 'u', 'o', 't', 'e', 's', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inspired-lua.org", true */ 'i', 'n', 's', 'p', 'i', 'r', 'e', 'd', '-', 'l', 'u', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "insside.net", true */ 'i', 'n', 's', 's', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "inst.mobi", true */ 'i', 'n', 's', 't', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "instafind.nl", true */ 'i', 'n', 's', 't', 'a', 'f', 'i', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "instagram-atom.appspot.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', '-', 'a', 't', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "instagrammernews.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 'm', 'e', 'r', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "instagramtweet.com", true */ 'i', 'n', 's', 't', 'a', 'g', 'r', 'a', 'm', 't', 'w', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "installgentoo.net", true */ 'i', 'n', 's', 't', 'a', 'l', 'l', 'g', 'e', 'n', 't', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "instant-hack.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '-', 'h', 'a', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "instant.io", true */ 'i', 'n', 's', 't', 'a', 'n', 't', '.', 'i', 'o', '\0',
+  /* "instantkhabar.com", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 'k', 'h', 'a', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "instantsubs.de", true */ 'i', 'n', 's', 't', 'a', 'n', 't', 's', 'u', 'b', 's', '.', 'd', 'e', '\0',
+  /* "instava.cz", true */ 'i', 'n', 's', 't', 'a', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "instawi.com", true */ 'i', 'n', 's', 't', 'a', 'w', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "instela.com", true */ 'i', 'n', 's', 't', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "instelikes.com.br", true */ 'i', 'n', 's', 't', 'e', 'l', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "instics.com", true */ 'i', 'n', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "instinctive.io", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "instinctiveads.com", true */ 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 'i', 'v', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "institut-confucius-montpellier.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', '-', 'c', 'o', 'n', 'f', 'u', 'c', 'i', 'u', 's', '-', 'm', 'o', 'n', 't', 'p', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "institutmaupertuis.hopto.org", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'm', 'a', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "institutulcultural.ro", true */ 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'u', 'l', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'r', 'o', '\0',
+  /* "instrumart.ru", false */ 'i', 'n', 's', 't', 'r', 'u', 'm', 'a', 'r', 't', '.', 'r', 'u', '\0',
+  /* "insult.es", true */ 'i', 'n', 's', 'u', 'l', 't', '.', 'e', 's', '\0',
+  /* "int-ext-design.fr", true */ 'i', 'n', 't', '-', 'e', 'x', 't', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'r', '\0',
+  /* "int-ma.in", true */ 'i', 'n', 't', '-', 'm', 'a', '.', 'i', 'n', '\0',
+  /* "intafe.co.jp", true */ 'i', 'n', 't', 'a', 'f', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "intarweb.ca", true */ 'i', 'n', 't', 'a', 'r', 'w', 'e', 'b', '.', 'c', 'a', '\0',
+  /* "integraelchen.de", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "integralblue.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "integralkk.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'l', 'k', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "integratedmedicalonline.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "integrationinc.com", false */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "integraxor.com.tw", true */ 'i', 'n', 't', 'e', 'g', 'r', 'a', 'x', 'o', 'r', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "integrity.gov", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "integrityingovernmentidaho.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'i', 'n', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', 'i', 'd', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "integrityoklahoma.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "integrogroup.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "integromat.com", true */ 'i', 'n', 't', 'e', 'g', 'r', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "intelbet.es", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'e', 's', '\0',
+  /* "intelbet.ro", true */ 'i', 'n', 't', 'e', 'l', 'b', 'e', 't', '.', 'r', 'o', '\0',
+  /* "intellar.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "intellectdynamics.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'e', 'c', 't', 'd', 'y', 'n', 'a', 'm', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intelligence-explosion.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '-', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "intellinetixvibration.com", true */ 'i', 'n', 't', 'e', 'l', 'l', 'i', 'n', 'e', 't', 'i', 'x', 'v', 'i', 'b', 'r', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "intencje.pl", true */ 'i', 'n', 't', 'e', 'n', 'c', 'j', 'e', '.', 'p', 'l', '\0',
+  /* "intensifyrsvp.com.au", true */ 'i', 'n', 't', 'e', 'n', 's', 'i', 'f', 'y', 'r', 's', 'v', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inter-corporate.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inter-culinarium.com", true */ 'i', 'n', 't', 'e', 'r', '-', 'c', 'u', 'l', 'i', 'n', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "interaffairs.com", true */ 'i', 'n', 't', 'e', 'r', 'a', 'f', 'f', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "interasistmen.se", true */ 'i', 'n', 't', 'e', 'r', 'a', 's', 'i', 's', 't', 'm', 'e', 'n', '.', 's', 'e', '\0',
+  /* "interchangedesign.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "interchanges.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'h', 'a', 'n', 'g', 'e', 's', '.', 'i', 'o', '\0',
+  /* "intercom.com", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "intercom.io", true */ 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "interessiert-uns.net", true */ 'i', 'n', 't', 'e', 'r', 'e', 's', 's', 'i', 'e', 'r', 't', '-', 'u', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "interfesse.net", true */ 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "interfloraservices.co.uk", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'a', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "interflores.com.br", true */ 'i', 'n', 't', 'e', 'r', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "interfug.de", true */ 'i', 'n', 't', 'e', 'r', 'f', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "interimages.fr", true */ 'i', 'n', 't', 'e', 'r', 'i', 'm', 'a', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "interiorcheapo.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'c', 'h', 'e', 'a', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "interiordesignsconcept.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "interisaudit.com", true */ 'i', 'n', 't', 'e', 'r', 'i', 's', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "interlingvo.biz", true */ 'i', 'n', 't', 'e', 'r', 'l', 'i', 'n', 'g', 'v', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "intermax.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "intermedinet.nl", true */ 'i', 'n', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "internaluse.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'u', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "international-arbitration-attorney.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '-', 'a', 'r', 'b', 'i', 't', 'r', 'a', 't', 'i', 'o', 'n', '-', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "internationalfashionjobs.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "internaut.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'a', 'u', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "internect.co.za", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 'c', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "internetaanbieders.eu", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'a', 'a', 'n', 'b', 'i', 'e', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "internetbank.swedbank.se", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "internetbugbounty.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "internetbugbounty.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'b', 'u', 'g', 'b', 'o', 'u', 'n', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "internetcom.jp", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'c', 'o', 'm', '.', 'j', 'p', '\0',
+  /* "internethealthreport.org", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "internethering.de", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "internetinhetbuitengebied.nl", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'i', 'n', 'h', 'e', 't', 'b', 'u', 'i', 't', 'e', 'n', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "internetmarkets.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'm', 'a', 'r', 'k', 'e', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "internetofdon.gs", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'd', 'o', 'n', '.', 'g', 's', '\0',
+  /* "internetoffensive.fail", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'f', 'f', 'e', 'n', 's', 'i', 'v', 'e', '.', 'f', 'a', 'i', 'l', '\0',
+  /* "internetovehazardnihry.cz", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'e', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'y', '.', 'c', 'z', '\0',
+  /* "internetstaff.com", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 's', 't', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "internetzentrale.net", true */ 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'z', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "interociter-enterprises.com", true */ 'i', 'n', 't', 'e', 'r', 'o', 'c', 'i', 't', 'e', 'r', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "interracial.dating", true */ 'i', 'n', 't', 'e', 'r', 'r', 'a', 'c', 'i', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "interseller.io", true */ 'i', 'n', 't', 'e', 'r', 's', 'e', 'l', 'l', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "intertime.services", true */ 'i', 'n', 't', 'e', 'r', 't', 'i', 'm', 'e', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "interview-suite.com", true */ 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '-', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "interways.de", true */ 'i', 'n', 't', 'e', 'r', 'w', 'a', 'y', 's', '.', 'd', 'e', '\0',
+  /* "intheater.de", true */ 'i', 'n', 't', 'h', 'e', 'a', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "inthepicture.com", true */ 'i', 'n', 't', 'h', 'e', 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "inthouse.cloud", true */ 'i', 'n', 't', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "intimastoreatacado.com.br", true */ 'i', 'n', 't', 'i', 'm', 'a', 's', 't', 'o', 'r', 'e', 'a', 't', 'a', 'c', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "intl-webs.com", true */ 'i', 'n', 't', 'l', '-', 'w', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intmissioncenter.org", true */ 'i', 'n', 't', 'm', 'i', 's', 's', 'i', 'o', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "into.technology", true */ 'i', 'n', 't', 'o', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "inton.biz", true */ 'i', 'n', 't', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "intoparking.com", false */ 'i', 'n', 't', 'o', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "intracom.com", true */ 'i', 'n', 't', 'r', 'a', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "intradayseasonals.com", true */ 'i', 'n', 't', 'r', 'a', 'd', 'a', 'y', 's', 'e', 'a', 's', 'o', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intramanager.co.uk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "intramanager.dk", true */ 'i', 'n', 't', 'r', 'a', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "intranetsec-regionra.fr", true */ 'i', 'n', 't', 'r', 'a', 'n', 'e', 't', 's', 'e', 'c', '-', 'r', 'e', 'g', 'i', 'o', 'n', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "intraobes.com", true */ 'i', 'n', 't', 'r', 'a', 'o', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "intrasoft.com.au", true */ 'i', 'n', 't', 'r', 'a', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "intraxia.com", true */ 'i', 'n', 't', 'r', 'a', 'x', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "introvertedtravel.space", true */ 'i', 'n', 't', 'r', 'o', 'v', 'e', 'r', 't', 'e', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "intune.life", true */ 'i', 'n', 't', 'u', 'n', 'e', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "intux.be", false */ 'i', 'n', 't', 'u', 'x', '.', 'b', 'e', '\0',
+  /* "intvonline.com", true */ 'i', 'n', 't', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "intxt.net", true */ 'i', 'n', 't', 'x', 't', '.', 'n', 'e', 't', '\0',
+  /* "inusasha.de", true */ 'i', 'n', 'u', 's', 'a', 's', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "inuyasha-petition.tk", true */ 'i', 'n', 'u', 'y', 'a', 's', 'h', 'a', '-', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 't', 'k', '\0',
+  /* "invasion.com", true */ 'i', 'n', 'v', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "invenio.software", true */ 'i', 'n', 'v', 'e', 'n', 'i', 'o', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "inventaire.ch", true */ 'i', 'n', 'v', 'e', 'n', 't', 'a', 'i', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "inventionsteps.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'o', 'n', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "inventix.nl", true */ 'i', 'n', 'v', 'e', 'n', 't', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "inventoryimages.co.uk", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "inventoryimages.com", true */ 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "inventtheworld.com.au", true */ 'i', 'n', 'v', 'e', 'n', 't', 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "investarholding.nl", true */ 'i', 'n', 'v', 'e', 's', 't', 'a', 'r', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "investcountry.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "investigazionimoretti.it", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'g', 'a', 'z', 'i', 'o', 'n', 'i', 'm', 'o', 'r', 'e', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "investingdiary.cn", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'n', '\0',
+  /* "investingtrader.net", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'n', 'g', 't', 'r', 'a', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "investir.ch", true */ 'i', 'n', 'v', 'e', 's', 't', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "investorforms.com", true */ 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'f', 'o', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "investpay.ru", true */ 'i', 'n', 'v', 'e', 's', 't', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "invinsec.com", true */ 'i', 'n', 'v', 'i', 'n', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "invioinc.com", true */ 'i', 'n', 'v', 'i', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "invis.net", true */ 'i', 'n', 'v', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "invisible-college.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invisibles.ch", true */ 'i', 'n', 'v', 'i', 's', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "invisionita.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'o', 'n', 'i', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "invisiverse.com", true */ 'i', 'n', 'v', 'i', 's', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invitescene.com", true */ 'i', 'n', 'v', 'i', 't', 'e', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invoiced.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "invoicefinance.com", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "invoicefinance.nl", true */ 'i', 'n', 'v', 'o', 'i', 'c', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "inwestcorp.se", true */ 'i', 'n', 'w', 'e', 's', 't', 'c', 'o', 'r', 'p', '.', 's', 'e', '\0',
+  /* "inzdr.com", true */ 'i', 'n', 'z', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iobint.com", true */ 'i', 'o', 'b', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iocheck.com", false */ 'i', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "iodice.org", true */ 'i', 'o', 'd', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "iodu.re", true */ 'i', 'o', 'd', 'u', '.', 'r', 'e', '\0',
+  /* "ioiart.eu", true */ 'i', 'o', 'i', 'a', 'r', 't', '.', 'e', 'u', '\0',
+  /* "iojo.net", true */ 'i', 'o', 'j', 'o', '.', 'n', 'e', 't', '\0',
+  /* "iompost.com", true */ 'i', 'o', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iomstamps.com", true */ 'i', 'o', 'm', 's', 't', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ionc.ca", true */ 'i', 'o', 'n', 'c', '.', 'c', 'a', '\0',
+  /* "ionlabs.kr", true */ 'i', 'o', 'n', 'l', 'a', 'b', 's', '.', 'k', 'r', '\0',
+  /* "ionx.co.uk", true */ 'i', 'o', 'n', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ioover.net", true */ 'i', 'o', 'o', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ioslo.net", true */ 'i', 'o', 's', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "iosnoops.com", true */ 'i', 'o', 's', 'n', 'o', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iossifovlab.com", true */ 'i', 'o', 's', 's', 'i', 'f', 'o', 'v', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "iostream.by", true */ 'i', 'o', 's', 't', 'r', 'e', 'a', 'm', '.', 'b', 'y', '\0',
+  /* "iotsms.io", true */ 'i', 'o', 't', 's', 'm', 's', '.', 'i', 'o', '\0',
+  /* "ip-blacklist.net", true */ 'i', 'p', '-', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "ip-hahn.de", true */ 'i', 'p', '-', 'h', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "ip-life.net", true */ 'i', 'p', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ip.sb", true */ 'i', 'p', '.', 's', 'b', '\0',
+  /* "ip2country.info", true */ 'i', 'p', '2', 'c', 'o', 'u', 'n', 't', 'r', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ip3office.com", true */ 'i', 'p', '3', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ip6.li", true */ 'i', 'p', '6', '.', 'l', 'i', '\0',
+  /* "ipal.im", true */ 'i', 'p', 'a', 'l', '.', 'i', 'm', '\0',
+  /* "ipal.name", true */ 'i', 'p', 'a', 'l', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ipal.pl", true */ 'i', 'p', 'a', 'l', '.', 'p', 'l', '\0',
+  /* "ipal.tel", true */ 'i', 'p', 'a', 'l', '.', 't', 'e', 'l', '\0',
+  /* "ipawind.com", true */ 'i', 'p', 'a', 'w', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ipcareers.net", true */ 'i', 'p', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "ipcfg.me", true */ 'i', 'p', 'c', 'f', 'g', '.', 'm', 'e', '\0',
+  /* "ipconsulting.se", true */ 'i', 'p', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "ipfirebox.de", true */ 'i', 'p', 'f', 'i', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "ipfp.pl", true */ 'i', 'p', 'f', 'p', '.', 'p', 'l', '\0',
+  /* "ipfs.ink", true */ 'i', 'p', 'f', 's', '.', 'i', 'n', 'k', '\0',
+  /* "ipfs.io", true */ 'i', 'p', 'f', 's', '.', 'i', 'o', '\0',
+  /* "iphoneunlock.nu", true */ 'i', 'p', 'h', 'o', 'n', 'e', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0',
+  /* "iphonote.com", true */ 'i', 'p', 'h', 'o', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ipintel.io", true */ 'i', 'p', 'i', 'n', 't', 'e', 'l', '.', 'i', 'o', '\0',
+  /* "iplabs.de", true */ 'i', 'p', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "iplantom.com", true */ 'i', 'p', 'l', 'a', 'n', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ipleak.net", true */ 'i', 'p', 'l', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "ipledgeonline.org", false */ 'i', 'p', 'l', 'e', 'd', 'g', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "iplog.info", true */ 'i', 'p', 'l', 'o', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ipmonitoring.hu", true */ 'i', 'p', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'h', 'u', '\0',
+  /* "ipmotion.ca", true */ 'i', 'p', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "ipo-times.com", true */ 'i', 'p', 'o', '-', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ipokabu.net", true */ 'i', 'p', 'o', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0',
+  /* "ipomue.com", false */ 'i', 'p', 'o', 'm', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ipop.gr", true */ 'i', 'p', 'o', 'p', '.', 'g', 'r', '\0',
+  /* "iprim.ru", true */ 'i', 'p', 'r', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "ipsec.pl", true */ 'i', 'p', 's', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "ipsilon-project.org", true */ 'i', 'p', 's', 'i', 'l', 'o', 'n', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ipstream.it", true */ 'i', 'p', 's', 't', 'r', 'e', 'a', 'm', '.', 'i', 't', '\0',
+  /* "ipswitch.com.tw", true */ 'i', 'p', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "ipty.de", true */ 'i', 'p', 't', 'y', '.', 'd', 'e', '\0',
+  /* "ipura.ch", true */ 'i', 'p', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "ipv4.cf", true */ 'i', 'p', 'v', '4', '.', 'c', 'f', '\0',
+  /* "ipv4.gr", true */ 'i', 'p', 'v', '4', '.', 'g', 'r', '\0',
+  /* "ipv6-adresse.dk", true */ 'i', 'p', 'v', '6', '-', 'a', 'd', 'r', 'e', 's', 's', 'e', '.', 'd', 'k', '\0',
+  /* "ipv6-handbuch.de", true */ 'i', 'p', 'v', '6', '-', 'h', 'a', 'n', 'd', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ipv6.gr", true */ 'i', 'p', 'v', '6', '.', 'g', 'r', '\0',
+  /* "ipv6vpn.net", true */ 'i', 'p', 'v', '6', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "iqboxy.com", true */ 'i', 'q', 'b', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "iqsmn.org", true */ 'i', 'q', 's', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ir1s.com", true */ 'i', 'r', '1', 's', '.', 'c', 'o', 'm', '\0',
+  /* "iranianholiday.com", true */ 'i', 'r', 'a', 'n', 'i', 'a', 'n', 'h', 'o', 'l', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "irayo.net", true */ 'i', 'r', 'a', 'y', 'o', '.', 'n', 'e', 't', '\0',
+  /* "irc-results.com", true */ 'i', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ircmett.de", true */ 'i', 'r', 'c', 'm', 'e', 't', 't', '.', 'd', 'e', '\0',
+  /* "iready.ro", true */ 'i', 'r', 'e', 'a', 'd', 'y', '.', 'r', 'o', '\0',
+  /* "ireef.tv", true */ 'i', 'r', 'e', 'e', 'f', '.', 't', 'v', '\0',
+  /* "irenekauer.com", true */ 'i', 'r', 'e', 'n', 'e', 'k', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "irf2.pl", true */ 'i', 'r', 'f', '2', '.', 'p', 'l', '\0',
+  /* "irfan.id", true */ 'i', 'r', 'f', 'a', 'n', '.', 'i', 'd', '\0',
+  /* "irgit.pl", true */ 'i', 'r', 'g', 'i', 't', '.', 'p', 'l', '\0',
+  /* "iridiumbrowser.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "iridiumflare.de", true */ 'i', 'r', 'i', 'd', 'i', 'u', 'm', 'f', 'l', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "iriomote.com", true */ 'i', 'r', 'i', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iris-design.info", true */ 'i', 'r', 'i', 's', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "iris-insa.com", true */ 'i', 'r', 'i', 's', '-', 'i', 'n', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "irische-segenswuensche.info", true */ 'i', 'r', 'i', 's', 'c', 'h', 'e', '-', 's', 'e', 'g', 'e', 'n', 's', 'w', 'u', 'e', 'n', 's', 'c', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "irisdina.de", true */ 'i', 'r', 'i', 's', 'd', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "irish.dating", true */ 'i', 'r', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "irishmusic.nu", true */ 'i', 'r', 'i', 's', 'h', 'm', 'u', 's', 'i', 'c', '.', 'n', 'u', '\0',
+  /* "irisjieun.com", true */ 'i', 'r', 'i', 's', 'j', 'i', 'e', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "irland-firma.com", true */ 'i', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "irmag.ru", true */ 'i', 'r', 'm', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "irmgard-woelfle.de", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', '-', 'w', 'o', 'e', 'l', 'f', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "irmgardkoch.com", true */ 'i', 'r', 'm', 'g', 'a', 'r', 'd', 'k', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "irodorinet.com", true */ 'i', 'r', 'o', 'd', 'o', 'r', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "iroise.ch", true */ 'i', 'r', 'o', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "iron-guard.net", true */ 'i', 'r', 'o', 'n', '-', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ironcarnival.com", true */ 'i', 'r', 'o', 'n', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "irondaleirregulars.com", true */ 'i', 'r', 'o', 'n', 'd', 'a', 'l', 'e', 'i', 'r', 'r', 'e', 'g', 'u', 'l', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ironfistdesign.com", true */ 'i', 'r', 'o', 'n', 'f', 'i', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "irritant.net", true */ 'i', 'r', 'r', 'i', 't', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "irstaxforumsonline.com", true */ 'i', 'r', 's', 't', 'a', 'x', 'f', 'o', 'r', 'u', 'm', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "iruarts.ch", true */ 'i', 'r', 'u', 'a', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "iruca.co", true */ 'i', 'r', 'u', 'c', 'a', '.', 'c', 'o', '\0',
+  /* "is-sw.net", true */ 'i', 's', '-', 's', 'w', '.', 'n', 'e', 't', '\0',
+  /* "isaackabel.cf", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'c', 'f', '\0',
+  /* "isaackabel.ga", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'a', '\0',
+  /* "isaackabel.gq", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'g', 'q', '\0',
+  /* "isaackabel.ml", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 'm', 'l', '\0',
+  /* "isaackabel.tk", true */ 'i', 's', 'a', 'a', 'c', 'k', 'a', 'b', 'e', 'l', '.', 't', 'k', '\0',
+  /* "isaackhor.com", true */ 'i', 's', 'a', 'a', 'c', 'k', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "isaacman.tech", true */ 'i', 's', 'a', 'a', 'c', 'm', 'a', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "isaacpartnership.co.uk", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "isaacpartnership.com", true */ 'i', 's', 'a', 'a', 'c', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "isaacphysics.org", true */ 'i', 's', 'a', 'a', 'c', 'p', 'h', 'y', 's', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "isabelle-delpech.com", true */ 'i', 's', 'a', 'b', 'e', 'l', 'l', 'e', '-', 'd', 'e', 'l', 'p', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "isara.com", true */ 'i', 's', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isbc-telecom.ru", true */ 'i', 's', 'b', 'c', '-', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "isbengrumpy.com", true */ 'i', 's', 'b', 'e', 'n', 'g', 'r', 'u', 'm', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "iscert.org", true */ 'i', 's', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "isdn.jp", true */ 'i', 's', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "isdown.cz", true */ 'i', 's', 'd', 'o', 'w', 'n', '.', 'c', 'z', '\0',
+  /* "isecrets.se", true */ 'i', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 's', 'e', '\0',
+  /* "iserv.fr", true */ 'i', 's', 'e', 'r', 'v', '.', 'f', 'r', '\0',
+  /* "iservicio.mx", true */ 'i', 's', 'e', 'r', 'v', 'i', 'c', 'i', 'o', '.', 'm', 'x', '\0',
+  /* "isfriday.com", true */ 'i', 's', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "isgp-studies.com", true */ 'i', 's', 'g', 'p', '-', 's', 't', 'u', 'd', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ishamf.com", true */ 'i', 's', 'h', 'a', 'm', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ishiharaken.com", true */ 'i', 's', 'h', 'i', 'h', 'a', 'r', 'a', 'k', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ishome.org", true */ 'i', 's', 'h', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "isidom.fr", true */ 'i', 's', 'i', 'd', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "isil.fi", true */ 'i', 's', 'i', 'l', '.', 'f', 'i', '\0',
+  /* "isimonbrown.co.uk", true */ 'i', 's', 'i', 'm', 'o', 'n', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "isincheck.com", true */ 'i', 's', 'i', 'n', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "isisfighters.info", true */ 'i', 's', 'i', 's', 'f', 'i', 'g', 'h', 't', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "isistomie.com", true */ 'i', 's', 'i', 's', 't', 'o', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "isitchristmas.com", true */ 'i', 's', 'i', 't', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "isitcoffeetime.com", true */ 'i', 's', 'i', 't', 'c', 'o', 'f', 'f', 'e', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "isitdoneyet.gov", true */ 'i', 's', 'i', 't', 'd', 'o', 'n', 'e', 'y', 'e', 't', '.', 'g', 'o', 'v', '\0',
+  /* "isitnuclearwaryet.com", true */ 'i', 's', 'i', 't', 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'w', 'a', 'r', 'y', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isitup.org", true */ 'i', 's', 'i', 't', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "iskaron.de", true */ 'i', 's', 'k', 'a', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "iskogen.nu", true */ 'i', 's', 'k', 'o', 'g', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "islam.si", true */ 'i', 's', 'l', 'a', 'm', '.', 's', 'i', '\0',
+  /* "islandhosting.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "islandinthenet.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 't', 'h', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "islandpumpandtank.com", true */ 'i', 's', 'l', 'a', 'n', 'd', 'p', 'u', 'm', 'p', 'a', 'n', 'd', 't', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "islazia.fr", true */ 'i', 's', 'l', 'a', 'z', 'i', 'a', '.', 'f', 'r', '\0',
+  /* "isletech.net", true */ 'i', 's', 'l', 'e', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "isliada.org", true */ 'i', 's', 'l', 'i', 'a', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ismat.com", true */ 'i', 's', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isn.cz", true */ 'i', 's', 'n', '.', 'c', 'z', '\0',
+  /* "isntall.us", true */ 'i', 's', 'n', 't', 'a', 'l', 'l', '.', 'u', 's', '\0',
+  /* "isocom.eu", true */ 'i', 's', 'o', 'c', 'o', 'm', '.', 'e', 'u', '\0',
+  /* "isognattori.com", true */ 'i', 's', 'o', 'g', 'n', 'a', 't', 't', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "isolta.com", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isolta.de", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'd', 'e', '\0',
+  /* "isolta.ee", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'e', 'e', '\0',
+  /* "isolta.lv", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 'l', 'v', '\0',
+  /* "isolta.se", true */ 'i', 's', 'o', 'l', 't', 'a', '.', 's', 'e', '\0',
+  /* "isondo.com", true */ 'i', 's', 'o', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "isonet.fr", true */ 'i', 's', 'o', 'n', 'e', 't', '.', 'f', 'r', '\0',
+  /* "isopres.de", true */ 'i', 's', 'o', 'p', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "isoroc-nidzica.pl", true */ 'i', 's', 'o', 'r', 'o', 'c', '-', 'n', 'i', 'd', 'z', 'i', 'c', 'a', '.', 'p', 'l', '\0',
+  /* "isotope.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "isotopes.gov", true */ 'i', 's', 'o', 't', 'o', 'p', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "isowosi.com", true */ 'i', 's', 'o', 'w', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ispo.com.tw", true */ 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "ispringcloud.ru", true */ 'i', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'l', 'o', 'u', 'd', '.', 'r', 'u', '\0',
+  /* "ispsoft.pro", true */ 'i', 's', 'p', 's', 'o', 'f', 't', '.', 'p', 'r', 'o', '\0',
+  /* "ispweb.es", true */ 'i', 's', 'p', 'w', 'e', 'b', '.', 'e', 's', '\0',
+  /* "isqrl.de", true */ 'i', 's', 'q', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "israelbizreg.com", true */ 'i', 's', 'r', 'a', 'e', 'l', 'b', 'i', 'z', 'r', 'e', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "israkurort.com", true */ 'i', 's', 'r', 'a', 'k', 'u', 'r', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "isreedyintheuk.com", true */ 'i', 's', 'r', 'e', 'e', 'd', 'y', 'i', 'n', 't', 'h', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "issasfrissa.se", true */ 'i', 's', 's', 'a', 's', 'f', 'r', 'i', 's', 's', 'a', '.', 's', 'e', '\0',
+  /* "isscouncil.com", true */ 'i', 's', 's', 'c', 'o', 'u', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "issforum.org", true */ 'i', 's', 's', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "issio.net", true */ 'i', 's', 's', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "isslshop.com", true */ 'i', 's', 's', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "issue.watch", true */ 'i', 's', 's', 'u', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "issuesofconcern.in", true */ 'i', 's', 's', 'u', 'e', 's', 'o', 'f', 'c', 'o', 'n', 'c', 'e', 'r', 'n', '.', 'i', 'n', '\0',
+  /* "ist-intim.de", true */ 'i', 's', 't', '-', 'i', 'n', 't', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "istdieweltschonuntergegangen.de", true */ 'i', 's', 't', 'd', 'i', 'e', 'w', 'e', 'l', 't', 's', 'c', 'h', 'o', 'n', 'u', 'n', 't', 'e', 'r', 'g', 'e', 'g', 'a', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "isteinbaby.de", true */ 'i', 's', 't', 'e', 'i', 'n', 'b', 'a', 'b', 'y', '.', 'd', 'e', '\0',
+  /* "istgame.com", true */ 'i', 's', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "istheapplestoredown.com", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheapplestoredown.de", true */ 'i', 's', 't', 'h', 'e', 'a', 'p', 'p', 'l', 'e', 's', 't', 'o', 'r', 'e', 'd', 'o', 'w', 'n', '.', 'd', 'e', '\0',
+  /* "isthefieldcontrolsystemdown.com", true */ 'i', 's', 't', 'h', 'e', 'f', 'i', 'e', 'l', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', 's', 'y', 's', 't', 'e', 'm', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheinternetdown.com", true */ 'i', 's', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istherrienstillcoach.com", true */ 'i', 's', 't', 'h', 'e', 'r', 'r', 'i', 'e', 'n', 's', 't', 'i', 'l', 'l', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "istheservicedown.co.uk", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "istheservicedown.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "istheservicedowncanada.com", true */ 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'd', 'o', 'w', 'n', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "isthnew.com", true */ 'i', 's', 't', 'h', 'n', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "istore.lt", true */ 'i', 's', 't', 'o', 'r', 'e', '.', 'l', 't', '\0',
+  /* "istorrent.is", true */ 'i', 's', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "istschonsolangeinrente.de", true */ 'i', 's', 't', 's', 'c', 'h', 'o', 'n', 's', 'o', 'l', 'a', 'n', 'g', 'e', 'i', 'n', 'r', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "istsi.org", true */ 'i', 's', 't', 's', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "isuzupartscenter.com", true */ 'i', 's', 'u', 'z', 'u', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "isv.online", true */ 'i', 's', 'v', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "isvbscriptdead.com", true */ 'i', 's', 'v', 'b', 's', 'c', 'r', 'i', 'p', 't', 'd', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "isyu.xyz", true */ 'i', 's', 'y', 'u', '.', 'x', 'y', 'z', '\0',
+  /* "it-adminio.ru", true */ 'i', 't', '-', 'a', 'd', 'm', 'i', 'n', 'i', 'o', '.', 'r', 'u', '\0',
+  /* "it-fernau.com", true */ 'i', 't', '-', 'f', 'e', 'r', 'n', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "it-jobbank.dk", true */ 'i', 't', '-', 'j', 'o', 'b', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0',
+  /* "it-kron.de", true */ 'i', 't', '-', 'k', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "it-labor.info", true */ 'i', 't', '-', 'l', 'a', 'b', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "it-rotter.de", true */ 'i', 't', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "it-schamans.de", true */ 'i', 't', '-', 's', 'c', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "it-service24.at", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'a', 't', '\0',
+  /* "it-service24.ch", true */ 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '2', '4', '.', 'c', 'h', '\0',
+  /* "it-shamans.de", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'd', 'e', '\0',
+  /* "it-shamans.eu", true */ 'i', 't', '-', 's', 'h', 'a', 'm', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "it-sysoft.com", true */ 'i', 't', '-', 's', 'y', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "it-world.eu", true */ 'i', 't', '-', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0',
+  /* "it.search.yahoo.com", false */ 'i', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "itactiq.com", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "itactiq.info", true */ 'i', 't', 'a', 'c', 't', 'i', 'q', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ital-gamma.be", true */ 'i', 't', 'a', 'l', '-', 'g', 'a', 'm', 'm', 'a', '.', 'b', 'e', '\0',
+  /* "italia-store.com", true */ 'i', 't', 'a', 'l', 'i', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "italiachegioca.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'c', 'h', 'e', 'g', 'i', 'o', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "italian.dating", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "italianshoemanufacturers.com", true */ 'i', 't', 'a', 'l', 'i', 'a', 'n', 's', 'h', 'o', 'e', 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "italyinspires.com", true */ 'i', 't', 'a', 'l', 'y', 'i', 'n', 's', 'p', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itamservices.nl", true */ 'i', 't', 'a', 'm', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "itb-online.co.uk", true */ 'i', 't', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itbrief.co.nz", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "itbrief.com.au", true */ 'i', 't', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "itchimes.com", true */ 'i', 't', 'c', 'h', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itchy.nl", true */ 'i', 't', 'c', 'h', 'y', '.', 'n', 'l', '\0',
+  /* "itcko.sk", true */ 'i', 't', 'c', 'k', 'o', '.', 's', 'k', '\0',
+  /* "itdashboard.gov", true */ 'i', 't', 'd', 'a', 's', 'h', 'b', 'o', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "itds-consulting.com", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itds-consulting.cz", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "itds-consulting.eu", true */ 'i', 't', 'd', 's', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "itecor.net", true */ 'i', 't', 'e', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "iteecafe.hu", true */ 'i', 't', 'e', 'e', 'c', 'a', 'f', 'e', '.', 'h', 'u', '\0',
+  /* "iteha.de", true */ 'i', 't', 'e', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "iteke.ml", true */ 'i', 't', 'e', 'k', 'e', '.', 'm', 'l', '\0',
+  /* "iteke.tk", true */ 'i', 't', 'e', 'k', 'e', '.', 't', 'k', '\0',
+  /* "iteli.eu", true */ 'i', 't', 'e', 'l', 'i', '.', 'e', 'u', '\0',
+  /* "iterader.com", true */ 'i', 't', 'e', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "iterror.co", true */ 'i', 't', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', '\0',
+  /* "itfensi.net", true */ 'i', 't', 'f', 'e', 'n', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "itfh.eu", true */ 'i', 't', 'f', 'h', '.', 'e', 'u', '\0',
+  /* "itfix.cz", true */ 'i', 't', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "itforge.nl", true */ 'i', 't', 'f', 'o', 'r', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "ithenrik.com", true */ 'i', 't', 'h', 'e', 'n', 'r', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "itilo.de", true */ 'i', 't', 'i', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "itiomassagem.com.br", true */ 'i', 't', 'i', 'o', 'm', 'a', 's', 's', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "itis.gov", true */ 'i', 't', 'i', 's', '.', 'g', 'o', 'v', '\0',
+  /* "itis4u.ch", true */ 'i', 't', 'i', 's', '4', 'u', '.', 'c', 'h', '\0',
+  /* "itludens.com", true */ 'i', 't', 'l', 'u', 'd', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itmanie.cz", true */ 'i', 't', 'm', 'a', 'n', 'i', 'e', '.', 'c', 'z', '\0',
+  /* "itneeds.tech", true */ 'i', 't', 'n', 'e', 'e', 'd', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "itnews-bg.com", true */ 'i', 't', 'n', 'e', 'w', 's', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itnota.com", true */ 'i', 't', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itochan.jp", true */ 'i', 't', 'o', 'c', 'h', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "itooky.com", true */ 'i', 't', 'o', 'o', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "itpro.ua", true */ 'i', 't', 'p', 'r', 'o', '.', 'u', 'a', '\0',
+  /* "itraveille.fr", true */ 'i', 't', 'r', 'a', 'v', 'e', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "itring.pl", false */ 'i', 't', 'r', 'i', 'n', 'g', '.', 'p', 'l', '\0',
+  /* "itruss.com.tw", true */ 'i', 't', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "its-future.com", true */ 'i', 't', 's', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "its-gutachten.de", true */ 'i', 't', 's', '-', 'g', 'u', 't', 'a', 'c', 'h', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "its-v.de", true */ 'i', 't', 's', '-', 'v', '.', 'd', 'e', '\0',
+  /* "its4living.com", true */ 'i', 't', 's', '4', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itsabouncything.com", true */ 'i', 't', 's', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "itsanicedoor.co.uk", true */ 'i', 't', 's', 'a', 'n', 'i', 'c', 'e', 'd', 'o', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itsasaja.com", true */ 'i', 't', 's', 'a', 's', 'a', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itsdcdn.com", true */ 'i', 't', 's', 'd', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsecblog.de", true */ 'i', 't', 's', 'e', 'c', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "itsecguy.com", false */ 'i', 't', 's', 'e', 'c', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "itsevident.com", true */ 'i', 't', 's', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "itsgoingdown.org", true */ 'i', 't', 's', 'g', 'o', 'i', 'n', 'g', 'd', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "itshka.rv.ua", true */ 'i', 't', 's', 'h', 'k', 'a', '.', 'r', 'v', '.', 'u', 'a', '\0',
+  /* "itskayla.com", true */ 'i', 't', 's', 'k', 'a', 'y', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "itsmejohn.org", true */ 'i', 't', 's', 'm', 'e', 'j', 'o', 'h', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "itsmyparty.ie", true */ 'i', 't', 's', 'm', 'y', 'p', 'a', 'r', 't', 'y', '.', 'i', 'e', '\0',
+  /* "itsnotquitethehilton.com", true */ 'i', 't', 's', 'n', 'o', 't', 'q', 'u', 'i', 't', 'e', 't', 'h', 'e', 'h', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsok.de", true */ 'i', 't', 's', 'o', 'k', '.', 'd', 'e', '\0',
+  /* "itspartytimeonline.co.uk", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "itspartytimesweetinflations.com", true */ 'i', 't', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 's', 'w', 'e', 'e', 't', 'i', 'n', 'f', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "itspersonaltraining.nl", true */ 'i', 't', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "itsryan.com", true */ 'i', 't', 's', 'r', 'y', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itsstefan.eu", true */ 'i', 't', 's', 's', 't', 'e', 'f', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "itstatic.tech", true */ 'i', 't', 's', 't', 'a', 't', 'i', 'c', '.', 't', 'e', 'c', 'h', '\0',
+  /* "itsupport-luzern.ch", true */ 'i', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '-', 'l', 'u', 'z', 'e', 'r', 'n', '.', 'c', 'h', '\0',
+  /* "itswincer.com", true */ 'i', 't', 's', 'w', 'i', 'n', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ittop-gabon.com", true */ 'i', 't', 't', 'o', 'p', '-', 'g', 'a', 'b', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "itzap.com.au", true */ 'i', 't', 'z', 'a', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ivanbenito.com", true */ 'i', 'v', 'a', 'n', 'b', 'e', 'n', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ivancacic.com", false */ 'i', 'v', 'a', 'n', 'c', 'a', 'c', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ivanmeade.com", true */ 'i', 'v', 'a', 'n', 'm', 'e', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ivaoru.org", true */ 'i', 'v', 'a', 'o', 'r', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ivfausland.de", true */ 'i', 'v', 'f', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "ivfmeds.com", true */ 'i', 'v', 'f', 'm', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ivi-fertilite.fr", true */ 'i', 'v', 'i', '-', 'f', 'e', 'r', 't', 'i', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "ivi-fruchtbarkeit.de", true */ 'i', 'v', 'i', '-', 'f', 'r', 'u', 'c', 'h', 't', 'b', 'a', 'r', 'k', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "ivi.com.ar", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "ivi.com.pa", true */ 'i', 'v', 'i', '.', 'c', 'o', 'm', '.', 'p', 'a', '\0',
+  /* "ivi.mx", true */ 'i', 'v', 'i', '.', 'm', 'x', '\0',
+  /* "ivi.net.br", true */ 'i', 'v', 'i', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "ivi.pt", true */ 'i', 'v', 'i', '.', 'p', 't', '\0',
+  /* "ivinet.cl", true */ 'i', 'v', 'i', 'n', 'e', 't', '.', 'c', 'l', '\0',
+  /* "ivitalia.it", true */ 'i', 'v', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "ivo.co.za", true */ 'i', 'v', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ivor.io", true */ 'i', 'v', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "ivor.is", true */ 'i', 'v', 'o', 'r', '.', 'i', 's', '\0',
+  /* "ivorvanhese.com", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ivorvanhese.nl", true */ 'i', 'v', 'o', 'r', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0',
+  /* "ivpn.net", true */ 'i', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ivvl.ru", true */ 'i', 'v', 'v', 'l', '.', 'r', 'u', '\0',
+  /* "ivxv.ee", true */ 'i', 'v', 'x', 'v', '.', 'e', 'e', '\0',
+  /* "ivyshop.com.br", true */ 'i', 'v', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ivystech.com", true */ 'i', 'v', 'y', 's', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "iwader.co.uk", true */ 'i', 'w', 'a', 'd', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "iwalton.com", true */ 'i', 'w', 'a', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "iwell.de", true */ 'i', 'w', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "iwex.swiss", true */ 'i', 'w', 'e', 'x', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "iwizerunek.pl", true */ 'i', 'w', 'i', 'z', 'e', 'r', 'u', 'n', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "iwos.io", true */ 'i', 'w', 'o', 's', '.', 'i', 'o', '\0',
+  /* "iww.me", true */ 'i', 'w', 'w', '.', 'm', 'e', '\0',
+  /* "iww.mx", true */ 'i', 'w', 'w', '.', 'm', 'x', '\0',
+  /* "ixds.org", true */ 'i', 'x', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ixio.cz", true */ 'i', 'x', 'i', 'o', '.', 'c', 'z', '\0',
+  /* "ixnext.de", true */ 'i', 'x', 'n', 'e', 'x', 't', '.', 'd', 'e', '\0',
+  /* "ixquick-proxy.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '-', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ixquick.co.uk", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ixquick.com", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ixquick.de", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ixquick.eu", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "ixquick.fr", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'f', 'r', '\0',
+  /* "ixquick.info", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "ixquick.nl", true */ 'i', 'x', 'q', 'u', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "iyinolaashafa.com", true */ 'i', 'y', 'i', 'n', 'o', 'l', 'a', 'a', 's', 'h', 'a', 'f', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "iz8mbw.net", true */ 'i', 'z', '8', 'm', 'b', 'w', '.', 'n', 'e', 't', '\0',
+  /* "izevg.ru", true */ 'i', 'z', 'e', 'v', 'g', '.', 'r', 'u', '\0',
+  /* "izodiacsigns.com", true */ 'i', 'z', 'o', 'd', 'i', 'a', 'c', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "izuba.info", true */ 'i', 'z', 'u', 'b', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "izumi.tv", true */ 'i', 'z', 'u', 'm', 'i', '.', 't', 'v', '\0',
+  /* "j-eck.nl", true */ 'j', '-', 'e', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "j-elliott.co.uk", true */ 'j', '-', 'e', 'l', 'l', 'i', 'o', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "j-navi.com", true */ 'j', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "j0m.de", true */ 'j', '0', 'm', '.', 'd', 'e', '\0',
+  /* "j0s.at", true */ 'j', '0', 's', '.', 'a', 't', '\0',
+  /* "j0s.eu", true */ 'j', '0', 's', '.', 'e', 'u', '\0',
+  /* "j15t98j.co.uk", true */ 'j', '1', '5', 't', '9', '8', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "j2ee.cz", true */ 'j', '2', 'e', 'e', '.', 'c', 'z', '\0',
+  /* "j3e.de", true */ 'j', '3', 'e', '.', 'd', 'e', '\0',
+  /* "j8y.de", true */ 'j', '8', 'y', '.', 'd', 'e', '\0',
+  /* "ja-dyck.de", true */ 'j', 'a', '-', 'd', 'y', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "ja.md", true */ 'j', 'a', '.', 'm', 'd', '\0',
+  /* "jaakkohannikainen.fi", true */ 'j', 'a', 'a', 'k', 'k', 'o', 'h', 'a', 'n', 'n', 'i', 'k', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "jaalits.com", true */ 'j', 'a', 'a', 'l', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jaaxypro.com", true */ 'j', 'a', 'a', 'x', 'y', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jaba.hosting", true */ 'j', 'a', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "jababu.cz", true */ 'j', 'a', 'b', 'a', 'b', 'u', '.', 'c', 'z', '\0',
+  /* "jabbari.io", true */ 'j', 'a', 'b', 'b', 'a', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "jabbas.eu", true */ 'j', 'a', 'b', 'b', 'a', 's', '.', 'e', 'u', '\0',
+  /* "jabber.at", true */ 'j', 'a', 'b', 'b', 'e', 'r', '.', 'a', 't', '\0',
+  /* "jabberfr.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'f', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jabberzac.org", true */ 'j', 'a', 'b', 'b', 'e', 'r', 'z', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "jaberg-rutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', '-', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0',
+  /* "jabergrutschi.ch", true */ 'j', 'a', 'b', 'e', 'r', 'g', 'r', 'u', 't', 's', 'c', 'h', 'i', '.', 'c', 'h', '\0',
+  /* "jability.ovh", true */ 'j', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'o', 'v', 'h', '\0',
+  /* "jabjab.de", true */ 'j', 'a', 'b', 'j', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "jaccblog.com", true */ 'j', 'a', 'c', 'c', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jacekowski.org", true */ 'j', 'a', 'c', 'e', 'k', 'o', 'w', 's', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jackdawphoto.co.uk", true */ 'j', 'a', 'c', 'k', 'd', 'a', 'w', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jackdelik.de", true */ 'j', 'a', 'c', 'k', 'd', 'e', 'l', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "jackf.me", true */ 'j', 'a', 'c', 'k', 'f', '.', 'm', 'e', '\0',
+  /* "jackingramnissanparts.com", true */ 'j', 'a', 'c', 'k', 'i', 'n', 'g', 'r', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jackpothappy.com", true */ 'j', 'a', 'c', 'k', 'p', 'o', 't', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jackrusselterrier.com.br", true */ 'j', 'a', 'c', 'k', 'r', 'u', 's', 's', 'e', 'l', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jackyliao123.tk", true */ 'j', 'a', 'c', 'k', 'y', 'l', 'i', 'a', 'o', '1', '2', '3', '.', 't', 'k', '\0',
+  /* "jackyyf.com", false */ 'j', 'a', 'c', 'k', 'y', 'y', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jaco.by", true */ 'j', 'a', 'c', 'o', '.', 'b', 'y', '\0',
+  /* "jacobhaug.com", true */ 'j', 'a', 'c', 'o', 'b', 'h', 'a', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jacobi-server.de", true */ 'j', 'a', 'c', 'o', 'b', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jacobian.org", true */ 'j', 'a', 'c', 'o', 'b', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jacobphono.com", true */ 'j', 'a', 'c', 'o', 'b', 'p', 'h', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jacuzziprozone.com", true */ 'j', 'a', 'c', 'u', 'z', 'z', 'i', 'p', 'r', 'o', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jadopado.com", true */ 'j', 'a', 'd', 'o', 'p', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jaegerlacke.de", true */ 'j', 'a', 'e', 'g', 'e', 'r', 'l', 'a', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "jagbouncycastles.co.uk", true */ 'j', 'a', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jagerman.com", true */ 'j', 'a', 'g', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jaguarlandrover-asse.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'a', 's', 's', 'e', '.', 'b', 'e', '\0',
+  /* "jaguarlandrover-occasions.be", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'l', 'a', 'n', 'd', 'r', 'o', 'v', 'e', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "jaguarwong.xyz", true */ 'j', 'a', 'g', 'u', 'a', 'r', 'w', 'o', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jahanaisamu.com", true */ 'j', 'a', 'h', 'a', 'n', 'a', 'i', 's', 'a', 'm', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jahner.xyz", true */ 'j', 'a', 'h', 'n', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "jahofmann.de", true */ 'j', 'a', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "jailbreakingisnotacrime.org", true */ 'j', 'a', 'i', 'l', 'b', 'r', 'e', 'a', 'k', 'i', 'n', 'g', 'i', 's', 'n', 'o', 't', 'a', 'c', 'r', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jaispirit.com", false */ 'j', 'a', 'i', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jaitnetworking.com", false */ 'j', 'a', 'i', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jakarta.dating", true */ 'j', 'a', 'k', 'a', 'r', 't', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "jake.eu.org", true */ 'j', 'a', 'k', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "jake.ml", true */ 'j', 'a', 'k', 'e', '.', 'm', 'l', '\0',
+  /* "jake.nom.za", true */ 'j', 'a', 'k', 'e', '.', 'n', 'o', 'm', '.', 'z', 'a', '\0',
+  /* "jakecurtis.de", true */ 'j', 'a', 'k', 'e', 'c', 'u', 'r', 't', 'i', 's', '.', 'd', 'e', '\0',
+  /* "jakeguild.com", true */ 'j', 'a', 'k', 'e', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jakenbake.com", true */ 'j', 'a', 'k', 'e', 'n', 'b', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jakereynolds.co", true */ 'j', 'a', 'k', 'e', 'r', 'e', 'y', 'n', 'o', 'l', 'd', 's', '.', 'c', 'o', '\0',
+  /* "jaketremper.com", true */ 'j', 'a', 'k', 'e', 't', 'r', 'e', 'm', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jakewalker.xyz", true */ 'j', 'a', 'k', 'e', 'w', 'a', 'l', 'k', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "jakobejitblokaci.cz", true */ 'j', 'a', 'k', 'o', 'b', 'e', 'j', 'i', 't', 'b', 'l', 'o', 'k', 'a', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "jakobkrigovsky.com", true */ 'j', 'a', 'k', 'o', 'b', 'k', 'r', 'i', 'g', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jakobssystems.net", true */ 'j', 'a', 'k', 'o', 'b', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "jakpremyslet.cz", true */ 'j', 'a', 'k', 'p', 'r', 'e', 'm', 'y', 's', 'l', 'e', 't', '.', 'c', 'z', '\0',
+  /* "jaksch.biz", true */ 'j', 'a', 'k', 's', 'c', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "jaksi.io", true */ 'j', 'a', 'k', 's', 'i', '.', 'i', 'o', '\0',
+  /* "jakub-boucek.cz", true */ 'j', 'a', 'k', 'u', 'b', '-', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "jakubboucek.cz", true */ 'j', 'a', 'k', 'u', 'b', 'b', 'o', 'u', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "jakubtopic.cz", true */ 'j', 'a', 'k', 'u', 'b', 't', 'o', 'p', 'i', 'c', '.', 'c', 'z', '\0',
+  /* "jakubvrba.cz", true */ 'j', 'a', 'k', 'u', 'b', 'v', 'r', 'b', 'a', '.', 'c', 'z', '\0',
+  /* "jamaat.hk", true */ 'j', 'a', 'm', 'a', 'a', 't', '.', 'h', 'k', '\0',
+  /* "jamberrynails.co.uk", true */ 'j', 'a', 'm', 'b', 'e', 'r', 'r', 'y', 'n', 'a', 'i', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "james-bell.co.uk", true */ 'j', 'a', 'm', 'e', 's', '-', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "james-loewen.com", true */ 'j', 'a', 'm', 'e', 's', '-', 'l', 'o', 'e', 'w', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jamesachambers.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'c', 'h', 'a', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jamesaimonetti.com", true */ 'j', 'a', 'm', 'e', 's', 'a', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jamesbillingham.com", true */ 'j', 'a', 'm', 'e', 's', 'b', 'i', 'l', 'l', 'i', 'n', 'g', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jamesbradach.com", false */ 'j', 'a', 'm', 'e', 's', 'b', 'r', 'a', 'd', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jamesdorf.com", true */ 'j', 'a', 'm', 'e', 's', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jamesevans.is", true */ 'j', 'a', 'm', 'e', 's', 'e', 'v', 'a', 'n', 's', '.', 'i', 's', '\0',
+  /* "jamesgreenfield.com", true */ 'j', 'a', 'm', 'e', 's', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jameshemmings.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'h', 'e', 'm', 'm', 'i', 'n', 'g', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jameshost.net", true */ 'j', 'a', 'm', 'e', 's', 'h', 'o', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "jameshunt.us", false */ 'j', 'a', 'm', 'e', 's', 'h', 'u', 'n', 't', '.', 'u', 's', '\0',
+  /* "jamesj.me", true */ 'j', 'a', 'm', 'e', 's', 'j', '.', 'm', 'e', '\0',
+  /* "jamesmarsh.net", true */ 'j', 'a', 'm', 'e', 's', 'm', 'a', 'r', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "jamesmcdonald.com", false */ 'j', 'a', 'm', 'e', 's', 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jamesmilazzo.com", true */ 'j', 'a', 'm', 'e', 's', 'm', 'i', 'l', 'a', 'z', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jamesmorrison.me", true */ 'j', 'a', 'm', 'e', 's', 'm', 'o', 'r', 'r', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jamesrains.com", true */ 'j', 'a', 'm', 'e', 's', 'r', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jamesrussellward.co.uk", true */ 'j', 'a', 'm', 'e', 's', 'r', 'u', 's', 's', 'e', 'l', 'l', 'w', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamessmith.me.uk", true */ 'j', 'a', 'm', 'e', 's', 's', 'm', 'i', 't', 'h', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "jameswarp.com", true */ 'j', 'a', 'm', 'e', 's', 'w', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "jamhost.org", true */ 'j', 'a', 'm', 'h', 'o', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "jamielinux.com", true */ 'j', 'a', 'm', 'i', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jamiemagee.co.uk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamiemagee.dk", true */ 'j', 'a', 'm', 'i', 'e', 'm', 'a', 'g', 'e', 'e', '.', 'd', 'k', '\0',
+  /* "jamiepeters.nl", true */ 'j', 'a', 'm', 'i', 'e', 'p', 'e', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "jamieweb.net", true */ 'j', 'a', 'm', 'i', 'e', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "jammucake.com", true */ 'j', 'a', 'm', 'm', 'u', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jammysplodgers.co.uk", true */ 'j', 'a', 'm', 'm', 'y', 's', 'p', 'l', 'o', 'd', 'g', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jamon.ca", true */ 'j', 'a', 'm', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "jamonsilva.com", true */ 'j', 'a', 'm', 'o', 'n', 's', 'i', 'l', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jamstatic.fr", false */ 'j', 'a', 'm', 's', 't', 'a', 't', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "jamyeprice.com", true */ 'j', 'a', 'm', 'y', 'e', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jan-bucher.ch", true */ 'j', 'a', 'n', '-', 'b', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jan-rieger.de", true */ 'j', 'a', 'n', '-', 'r', 'i', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jan-von.de", true */ 'j', 'a', 'n', '-', 'v', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "janada.cz", true */ 'j', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "janaundgeorgsagenja.eu", true */ 'j', 'a', 'n', 'a', 'u', 'n', 'd', 'g', 'e', 'o', 'r', 'g', 's', 'a', 'g', 'e', 'n', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "janduchene.ch", true */ 'j', 'a', 'n', 'd', 'u', 'c', 'h', 'e', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "janehamelgardendesign.co.uk", true */ 'j', 'a', 'n', 'e', 'h', 'a', 'm', 'e', 'l', 'g', 'a', 'r', 'd', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jangocloud.tk", true */ 'j', 'a', 'n', 'g', 'o', 'c', 'l', 'o', 'u', 'd', '.', 't', 'k', '\0',
+  /* "janheidler.dynv6.net", true */ 'j', 'a', 'n', 'h', 'e', 'i', 'd', 'l', 'e', 'r', '.', 'd', 'y', 'n', 'v', '6', '.', 'n', 'e', 't', '\0',
+  /* "jani.media", true */ 'j', 'a', 'n', 'i', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "janiat.com", true */ 'j', 'a', 'n', 'i', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "janik.xyz", false */ 'j', 'a', 'n', 'i', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "janjoris.nl", true */ 'j', 'a', 'n', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "jankoepsel.com", true */ 'j', 'a', 'n', 'k', 'o', 'e', 'p', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "janmachynka.cz", true */ 'j', 'a', 'n', 'm', 'a', 'c', 'h', 'y', 'n', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "jann.is", true */ 'j', 'a', 'n', 'n', '.', 'i', 's', '\0',
+  /* "jannisfink.de", true */ 'j', 'a', 'n', 'n', 'i', 's', 'f', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "janoberst.com", false */ 'j', 'a', 'n', 'o', 'b', 'e', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "janokacer.sk", true */ 'j', 'a', 'n', 'o', 'k', 'a', 'c', 'e', 'r', '.', 's', 'k', '\0',
+  /* "janosh.com", true */ 'j', 'a', 'n', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "janschaumann.de", true */ 'j', 'a', 'n', 's', 'c', 'h', 'a', 'u', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "janssenwigman.nl", true */ 'j', 'a', 'n', 's', 's', 'e', 'n', 'w', 'i', 'g', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "janverlaan.nl", true */ 'j', 'a', 'n', 'v', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jaot.info", true */ 'j', 'a', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jap-nope.de", true */ 'j', 'a', 'p', '-', 'n', 'o', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "japan4you.org", true */ 'j', 'a', 'p', 'a', 'n', '4', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "japaneseemoticons.org", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "japanesenames.biz", true */ 'j', 'a', 'p', 'a', 'n', 'e', 's', 'e', 'n', 'a', 'm', 'e', 's', '.', 'b', 'i', 'z', '\0',
+  /* "japaniac.de", false */ 'j', 'a', 'p', 'a', 'n', 'i', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "japanphilosophy.com", true */ 'j', 'a', 'p', 'a', 'n', 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "japanwatches.xyz", true */ 'j', 'a', 'p', 'a', 'n', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "jardin-exotique-rennes.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', '-', 'e', 'x', 'o', 't', 'i', 'q', 'u', 'e', '-', 'r', 'e', 'n', 'n', 'e', 's', '.', 'f', 'r', '\0',
+  /* "jardinderline.ch", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "jardiniersduminotaure.fr", true */ 'j', 'a', 'r', 'd', 'i', 'n', 'i', 'e', 'r', 's', 'd', 'u', 'm', 'i', 'n', 'o', 't', 'a', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "jaredeberle.org", false */ 'j', 'a', 'r', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jaredfernandez.com", true */ 'j', 'a', 'r', 'e', 'd', 'f', 'e', 'r', 'n', 'a', 'n', 'd', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jarl.ninja", true */ 'j', 'a', 'r', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "jarniashop.se", true */ 'j', 'a', 'r', 'n', 'i', 'a', 's', 'h', 'o', 'p', '.', 's', 'e', '\0',
+  /* "jaroku.com", true */ 'j', 'a', 'r', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jarondl.net", true */ 'j', 'a', 'r', 'o', 'n', 'd', 'l', '.', 'n', 'e', 't', '\0',
+  /* "jarrettgraham.com", true */ 'j', 'a', 'r', 'r', 'e', 't', 't', 'g', 'r', 'a', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jarroba.com", true */ 'j', 'a', 'r', 'r', 'o', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jas-team.net", true */ 'j', 'a', 's', '-', 't', 'e', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "jasl.works", true */ 'j', 'a', 's', 'l', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "jasmijnwagenaar.nl", true */ 'j', 'a', 's', 'm', 'i', 'j', 'n', 'w', 'a', 'g', 'e', 'n', 'a', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "jasonamorrow.com", true */ 'j', 'a', 's', 'o', 'n', 'a', 'm', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jasongerber.ch", true */ 'j', 'a', 's', 'o', 'n', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jasonian-photo.com", true */ 'j', 'a', 's', 'o', 'n', 'i', 'a', 'n', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jasonmili.online", true */ 'j', 'a', 's', 'o', 'n', 'm', 'i', 'l', 'i', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "jasonradin.com", true */ 'j', 'a', 's', 'o', 'n', 'r', 'a', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jasonsansone.com", true */ 'j', 'a', 's', 'o', 'n', 's', 'a', 'n', 's', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jasonwindholz.com", true */ 'j', 'a', 's', 'o', 'n', 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jasperhammink.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'a', 'm', 'm', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jasperhuttenmedia.com", true */ 'j', 'a', 's', 'p', 'e', 'r', 'h', 'u', 't', 't', 'e', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "javalestari.com", true */ 'j', 'a', 'v', 'a', 'l', 'e', 's', 't', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "javamilk.com", true */ 'j', 'a', 'v', 'a', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "javfree.me", true */ 'j', 'a', 'v', 'f', 'r', 'e', 'e', '.', 'm', 'e', '\0',
+  /* "jawn.ca", true */ 'j', 'a', 'w', 'n', '.', 'c', 'a', '\0',
+  /* "jawnelodzkie.org.pl", true */ 'j', 'a', 'w', 'n', 'e', 'l', 'o', 'd', 'z', 'k', 'i', 'e', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0',
+  /* "jaxageto.de", true */ 'j', 'a', 'x', 'a', 'g', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "jaycouture.com", true */ 'j', 'a', 'y', 'c', 'o', 'u', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jayf.de", true */ 'j', 'a', 'y', 'f', '.', 'd', 'e', '\0',
+  /* "jayfreestone.com", true */ 'j', 'a', 'y', 'f', 'r', 'e', 'e', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jayharris.ca", true */ 'j', 'a', 'y', 'h', 'a', 'r', 'r', 'i', 's', '.', 'c', 'a', '\0',
+  /* "jaymecd.rocks", true */ 'j', 'a', 'y', 'm', 'e', 'c', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "jaytx.com", true */ 'j', 'a', 'y', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jayxon.com", true */ 'j', 'a', 'y', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jayxu.com", true */ 'j', 'a', 'y', 'x', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jazz-alliance.com", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jazz-alliance.org", true */ 'j', 'a', 'z', 'z', '-', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "jazzanet.com", true */ 'j', 'a', 'z', 'z', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jazzinutrecht.info", true */ 'j', 'a', 'z', 'z', 'i', 'n', 'u', 't', 'r', 'e', 'c', 'h', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jazzncheese.com", true */ 'j', 'a', 'z', 'z', 'n', 'c', 'h', 'e', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jazzy.id.au", true */ 'j', 'a', 'z', 'z', 'y', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "jazzy.pro", true */ 'j', 'a', 'z', 'z', 'y', '.', 'p', 'r', 'o', '\0',
+  /* "jazzysumi.com", true */ 'j', 'a', 'z', 'z', 'y', 's', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jbbd.fr", true */ 'j', 'b', 'b', 'd', '.', 'f', 'r', '\0',
+  /* "jbradaric.me", true */ 'j', 'b', 'r', 'a', 'd', 'a', 'r', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "jbs-jardins.ch", true */ 'j', 'b', 's', '-', 'j', 'a', 'r', 'd', 'i', 'n', 's', '.', 'c', 'h', '\0',
+  /* "jbsinternational.com", true */ 'j', 'b', 's', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jbt-stl.com", true */ 'j', 'b', 't', '-', 's', 't', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jcaicedo.com", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jcaicedo.tk", true */ 'j', 'c', 'a', 'i', 'c', 'e', 'd', 'o', '.', 't', 'k', '\0',
+  /* "jcwodan.nl", true */ 'j', 'c', 'w', 'o', 'd', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jcyz.cf", true */ 'j', 'c', 'y', 'z', '.', 'c', 'f', '\0',
+  /* "jd-group.co.uk", true */ 'j', 'd', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jd1.de", true */ 'j', 'd', '1', '.', 'd', 'e', '\0',
+  /* "jdassets.com", true */ 'j', 'd', 'a', 's', 's', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jdc.io", true */ 'j', 'd', 'c', '.', 'i', 'o', '\0',
+  /* "jdcdirectsales.com", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jdcdirectsales.com.ph", true */ 'j', 'd', 'c', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "jdcgroup.com.ph", true */ 'j', 'd', 'c', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "jdh8.org", true */ 'j', 'd', 'h', '8', '.', 'o', 'r', 'g', '\0',
+  /* "jdheysupplies.co.uk", true */ 'j', 'd', 'h', 'e', 'y', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdjohnsonmedia.com", true */ 'j', 'd', 'j', 'o', 'h', 'n', 's', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jdncr.com", true */ 'j', 'd', 'n', 'c', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jdoi.pw", true */ 'j', 'd', 'o', 'i', '.', 'p', 'w', '\0',
+  /* "jdoiron.me", true */ 'j', 'd', 'o', 'i', 'r', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jdpleisure.co.uk", true */ 'j', 'd', 'p', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdscastlehire.co.uk", true */ 'j', 'd', 's', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jdsf.tk", true */ 'j', 'd', 's', 'f', '.', 't', 'k', '\0',
+  /* "jdtic.com", true */ 'j', 'd', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "jdubya.info", true */ 'j', 'd', 'u', 'b', 'y', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "je-vends.fr", true */ 'j', 'e', '-', 'v', 'e', 'n', 'd', 's', '.', 'f', 'r', '\0',
+  /* "je2050.de", true */ 'j', 'e', '2', '0', '5', '0', '.', 'd', 'e', '\0',
+  /* "jean-remy.ch", true */ 'j', 'e', 'a', 'n', '-', 'r', 'e', 'm', 'y', '.', 'c', 'h', '\0',
+  /* "jeancardeno.com", true */ 'j', 'e', 'a', 'n', 'c', 'a', 'r', 'd', 'e', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jeandanielfaessler.ch", true */ 'j', 'e', 'a', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'f', 'a', 'e', 's', 's', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jeankygourmet.com", true */ 'j', 'e', 'a', 'n', 'k', 'y', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeanmarieayer.ch", true */ 'j', 'e', 'a', 'n', 'm', 'a', 'r', 'i', 'e', 'a', 'y', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jeannecalment.com", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'c', 'a', 'l', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeannelucienne.fr", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'l', 'u', 'c', 'i', 'e', 'n', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "jeanneret-combustibles.ch", true */ 'j', 'e', 'a', 'n', 'n', 'e', 'r', 'e', 't', '-', 'c', 'o', 'm', 'b', 'u', 's', 't', 'i', 'b', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "jec-dekrone.be", true */ 'j', 'e', 'c', '-', 'd', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "jedepannetonordi.fr", true */ 'j', 'e', 'd', 'e', 'p', 'a', 'n', 'n', 'e', 't', 'o', 'n', 'o', 'r', 'd', 'i', '.', 'f', 'r', '\0',
+  /* "jedidiah.eu", true */ 'j', 'e', 'd', 'i', 'd', 'i', 'a', 'h', '.', 'e', 'u', '\0',
+  /* "jedipedia.net", true */ 'j', 'e', 'd', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jediweb.com.au", true */ 'j', 'e', 'd', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jedwarddurrett.com", true */ 'j', 'e', 'd', 'w', 'a', 'r', 'd', 'd', 'u', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeec.ist", true */ 'j', 'e', 'e', 'c', '.', 'i', 's', 't', '\0',
+  /* "jeepmafia.com", true */ 'j', 'e', 'e', 'p', 'm', 'a', 'f', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jeff.forsale", true */ 'j', 'e', 'f', 'f', '.', 'f', 'o', 'r', 's', 'a', 'l', 'e', '\0',
+  /* "jeff.is", true */ 'j', 'e', 'f', 'f', '.', 'i', 's', '\0',
+  /* "jeffanderson.me", true */ 'j', 'e', 'f', 'f', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "jeffcasavant.com", false */ 'j', 'e', 'f', 'f', 'c', 'a', 's', 'a', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jeffersonregan.co.uk", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jeffersonregan.com", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jeffersonregan.net", true */ 'j', 'e', 'f', 'f', 'e', 'r', 's', 'o', 'n', 'r', 'e', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "jeffhuxley.com", true */ 'j', 'e', 'f', 'f', 'h', 'u', 'x', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jeffmcneill.com", true */ 'j', 'e', 'f', 'f', 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jeffri.me", true */ 'j', 'e', 'f', 'f', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "jeffsanders.com", true */ 'j', 'e', 'f', 'f', 's', 'a', 'n', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jefftickle.com", true */ 'j', 'e', 'f', 'f', 't', 'i', 'c', 'k', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jefrydco.id", true */ 'j', 'e', 'f', 'r', 'y', 'd', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "jekhar.com", true */ 'j', 'e', 'k', 'h', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jekkt.com", true */ 'j', 'e', 'k', 'k', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jelena-adeli.com", true */ 'j', 'e', 'l', 'e', 'n', 'a', '-', 'a', 'd', 'e', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jelewa.de", true */ 'j', 'e', 'l', 'e', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "jell.ie", true */ 'j', 'e', 'l', 'l', '.', 'i', 'e', '\0',
+  /* "jelleglebbeek.com", true */ 'j', 'e', 'l', 'l', 'e', 'g', 'l', 'e', 'b', 'b', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jelly.cz", true */ 'j', 'e', 'l', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "jellybeanbooks.com.au", true */ 'j', 'e', 'l', 'l', 'y', 'b', 'e', 'a', 'n', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jelmer.co.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jelmer.uk", true */ 'j', 'e', 'l', 'm', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "jemangeducheval.com", true */ 'j', 'e', 'm', 'a', 'n', 'g', 'e', 'd', 'u', 'c', 'h', 'e', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jembatankarir.com", true */ 'j', 'e', 'm', 'b', 'a', 't', 'a', 'n', 'k', 'a', 'r', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jemoticons.com", true */ 'j', 'e', 'm', 'o', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jena.space", true */ 'j', 'e', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "jennedebleser.com", false */ 'j', 'e', 'n', 'n', 'e', 'd', 'e', 'b', 'l', 'e', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jennifersauer.nl", true */ 'j', 'e', 'n', 'n', 'i', 'f', 'e', 'r', 's', 'a', 'u', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "jennybeaned.com", true */ 'j', 'e', 'n', 'n', 'y', 'b', 'e', 'a', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jennythebaker.com", true */ 'j', 'e', 'n', 'n', 'y', 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jenolson.net", true */ 'j', 'e', 'n', 'o', 'l', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "jenprace.cz", true */ 'j', 'e', 'n', 'p', 'r', 'a', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "jensrex.dk", true */ 'j', 'e', 'n', 's', 'r', 'e', 'x', '.', 'd', 'k', '\0',
+  /* "jepertinger-itconsulting.de", true */ 'j', 'e', 'p', 'e', 'r', 't', 'i', 'n', 'g', 'e', 'r', '-', 'i', 't', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "jeproteste.info", true */ 'j', 'e', 'p', 'r', 'o', 't', 'e', 's', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jeremiahbenes.com", true */ 'j', 'e', 'r', 'e', 'm', 'i', 'a', 'h', 'b', 'e', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jeremy-chen.org", true */ 'j', 'e', 'r', 'e', 'm', 'y', '-', 'c', 'h', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jeremy.hu", true */ 'j', 'e', 'r', 'e', 'm', 'y', '.', 'h', 'u', '\0',
+  /* "jeremybentham.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'b', 'e', 'n', 't', 'h', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jeremycantu.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'a', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jeremycrews.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'c', 'r', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jeremyness.com", true */ 'j', 'e', 'r', 'e', 'm', 'y', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jermann.biz", true */ 'j', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "jerodslay.com", false */ 'j', 'e', 'r', 'o', 'd', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jeroendeneef.com", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'd', 'e', 'n', 'e', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jeroenensanne.wedding", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'e', 'n', 's', 'a', 'n', 'n', 'e', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "jeroenvanderwal.nl", true */ 'j', 'e', 'r', 'o', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "jerrypau.ca", true */ 'j', 'e', 'r', 'r', 'y', 'p', 'a', 'u', '.', 'c', 'a', '\0',
+  /* "jerryyu.ca", true */ 'j', 'e', 'r', 'r', 'y', 'y', 'u', '.', 'c', 'a', '\0',
+  /* "jerseybikehire.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'b', 'i', 'k', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jerseyjumpingbeans.co.uk", true */ 'j', 'e', 'r', 's', 'e', 'y', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jerseylvi2013.org", true */ 'j', 'e', 'r', 's', 'e', 'y', 'l', 'v', 'i', '2', '0', '1', '3', '.', 'o', 'r', 'g', '\0',
+  /* "jesse3.com", true */ 'j', 'e', 's', 's', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "jesseerbach.com", true */ 'j', 'e', 's', 's', 'e', 'e', 'r', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jessekaufman.com", true */ 'j', 'e', 's', 's', 'e', 'k', 'a', 'u', 'f', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jessesjumpingcastles.co.uk", true */ 'j', 'e', 's', 's', 'e', 's', 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jessevictors.com", true */ 'j', 'e', 's', 's', 'e', 'v', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jessgranger.com", true */ 'j', 'e', 's', 's', 'g', 'r', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jesters-court.net", true */ 'j', 'e', 's', 't', 'e', 'r', 's', '-', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "jesuisadmin.fr", true */ 'j', 'e', 's', 'u', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "jesuslucas.com", true */ 'j', 'e', 's', 'u', 's', 'l', 'u', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jet-stream.fr", true */ 'j', 'e', 't', '-', 's', 't', 'r', 'e', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "jetbbs.com", true */ 'j', 'e', 't', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jetkittens.co.uk", true */ 'j', 'e', 't', 'k', 'i', 't', 't', 'e', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jetmirshatri.com", true */ 'j', 'e', 't', 'm', 'i', 'r', 's', 'h', 'a', 't', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jetsetboyz.net", true */ 'j', 'e', 't', 's', 'e', 't', 'b', 'o', 'y', 'z', '.', 'n', 'e', 't', '\0',
+  /* "jetsieswerda.nl", true */ 'j', 'e', 't', 's', 'i', 'e', 's', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "jetwhiz.com", true */ 'j', 'e', 't', 'w', 'h', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "jetzt-elektromobil.de", true */ 'j', 'e', 't', 'z', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "jeugdkans.nl", true */ 'j', 'e', 'u', 'g', 'd', 'k', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "jeuxetcodes.fr", true */ 'j', 'e', 'u', 'x', 'e', 't', 'c', 'o', 'd', 'e', 's', '.', 'f', 'r', '\0',
+  /* "jeva.nl", true */ 'j', 'e', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "jevisite.ca", true */ 'j', 'e', 'v', 'i', 's', 'i', 't', 'e', '.', 'c', 'a', '\0',
+  /* "jeweet.net", true */ 'j', 'e', 'w', 'e', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "jewishboyscouts.com", true */ 'j', 'e', 'w', 'i', 's', 'h', 'b', 'o', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jez.nl", true */ 'j', 'e', 'z', '.', 'n', 'l', '\0',
+  /* "jf-projects.de", false */ 'j', 'f', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "jfmhero.me", true */ 'j', 'f', 'm', 'h', 'e', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "jfr.im", true */ 'j', 'f', 'r', '.', 'i', 'm', '\0',
+  /* "jfreitag.de", true */ 'j', 'f', 'r', 'e', 'i', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "jgid.de", true */ 'j', 'g', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "jgke.fi", true */ 'j', 'g', 'k', 'e', '.', 'f', 'i', '\0',
+  /* "jgwb.de", true */ 'j', 'g', 'w', 'b', '.', 'd', 'e', '\0',
+  /* "jgwb.eu", true */ 'j', 'g', 'w', 'b', '.', 'e', 'u', '\0',
+  /* "jhalderm.com", true */ 'j', 'h', 'a', 'l', 'd', 'e', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jhaveri.net", true */ 'j', 'h', 'a', 'v', 'e', 'r', 'i', '.', 'n', 'e', 't', '\0',
+  /* "jhcommunitysports.co.uk", true */ 'j', 'h', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jhe.li", true */ 'j', 'h', 'e', '.', 'l', 'i', '\0',
+  /* "jhermsmeier.de", true */ 'j', 'h', 'e', 'r', 'm', 's', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jhollandtranslations.com", true */ 'j', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jhuang.me", true */ 'j', 'h', 'u', 'a', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "jhwestover.com", true */ 'j', 'h', 'w', 'e', 's', 't', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jianjia.io", false */ 'j', 'i', 'a', 'n', 'j', 'i', 'a', '.', 'i', 'o', '\0',
+  /* "jianyuan.pro", true */ 'j', 'i', 'a', 'n', 'y', 'u', 'a', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "jichi.io", true */ 'j', 'i', 'c', 'h', 'i', '.', 'i', 'o', '\0',
+  /* "jie.dance", true */ 'j', 'i', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "jigsawdevelopments.com", true */ 'j', 'i', 'g', 's', 'a', 'w', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jimbraaten.com", true */ 'j', 'i', 'm', 'b', 'r', 'a', 'a', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimbutlerkiaparts.com", true */ 'j', 'i', 'm', 'b', 'u', 't', 'l', 'e', 'r', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jimdorf.com", true */ 'j', 'i', 'm', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jimmycai.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jimmycn.com", true */ 'j', 'i', 'm', 'm', 'y', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimmynelson.com", true */ 'j', 'i', 'm', 'm', 'y', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jimmyroura.ch", true */ 'j', 'i', 'm', 'm', 'y', 'r', 'o', 'u', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "jimshaver.net", true */ 'j', 'i', 'm', 's', 'h', 'a', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "jimslop.nl", true */ 'j', 'i', 'm', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "jinancy.fr", true */ 'j', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'f', 'r', '\0',
+  /* "jinanshen.com", true */ 'j', 'i', 'n', 'a', 'n', 's', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jinbo123.com", false */ 'j', 'i', 'n', 'b', 'o', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "jinbowiki.org", true */ 'j', 'i', 'n', 'b', 'o', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jing.su", true */ 'j', 'i', 'n', 'g', '.', 's', 'u', '\0',
+  /* "jingjo.com.au", true */ 'j', 'i', 'n', 'g', 'j', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jinja.ai", true */ 'j', 'i', 'n', 'j', 'a', '.', 'a', 'i', '\0',
+  /* "jinkuru.net", true */ 'j', 'i', 'n', 'k', 'u', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "jinliming.ml", true */ 'j', 'i', 'n', 'l', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'l', '\0',
+  /* "jino-jossy.appspot.com", true */ 'j', 'i', 'n', 'o', '-', 'j', 'o', 's', 's', 'y', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jinshuju.net", true */ 'j', 'i', 'n', 's', 'h', 'u', 'j', 'u', '.', 'n', 'e', 't', '\0',
+  /* "jiogo.com", true */ 'j', 'i', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jira.com", true */ 'j', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jirav.com", true */ 'j', 'i', 'r', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "jiripudil.cz", true */ 'j', 'i', 'r', 'i', 'p', 'u', 'd', 'i', 'l', '.', 'c', 'z', '\0',
+  /* "jiveiaktivno.bg", true */ 'j', 'i', 'v', 'e', 'i', 'a', 'k', 't', 'i', 'v', 'n', 'o', '.', 'b', 'g', '\0',
+  /* "jixun.moe", true */ 'j', 'i', 'x', 'u', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "jiyusu.com", true */ 'j', 'i', 'y', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "jiyuu-ni.com", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "jiyuu-ni.net", true */ 'j', 'i', 'y', 'u', 'u', '-', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "jjj.blog", true */ 'j', 'j', 'j', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "jjspartyhire.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jjspartytime.co.uk", true */ 'j', 'j', 's', 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jjvanoorschot.nl", true */ 'j', 'j', 'v', 'a', 'n', 'o', 'o', 'r', 's', 'c', 'h', 'o', 't', '.', 'n', 'l', '\0',
+  /* "jk-entertainment.biz", true */ 'j', 'k', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'b', 'i', 'z', '\0',
+  /* "jkchocolate.com", true */ 'j', 'k', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jkest.cc", true */ 'j', 'k', 'e', 's', 't', '.', 'c', 'c', '\0',
+  /* "jkinteriorspa.com", true */ 'j', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jkirsche.com", true */ 'j', 'k', 'i', 'r', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jkng.eu", true */ 'j', 'k', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "jkrippen.com", true */ 'j', 'k', 'r', 'i', 'p', 'p', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jlhmedia.com", true */ 'j', 'l', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jlkhosting.com", true */ 'j', 'l', 'k', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jlponsetto.com", true */ 'j', 'l', 'p', 'o', 'n', 's', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jlr-luxembourg.com", true */ 'j', 'l', 'r', '-', 'l', 'u', 'x', 'e', 'm', 'b', 'o', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jltctech.com", true */ 'j', 'l', 't', 'c', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jm-bea.net", true */ 'j', 'm', '-', 'b', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jmalarcon.es", true */ 'j', 'm', 'a', 'l', 'a', 'r', 'c', 'o', 'n', '.', 'e', 's', '\0',
+  /* "jmarciniak.it", true */ 'j', 'm', 'a', 'r', 'c', 'i', 'n', 'i', 'a', 'k', '.', 'i', 't', '\0',
+  /* "jmb.lc", true */ 'j', 'm', 'b', '.', 'l', 'c', '\0',
+  /* "jmcashngold.com.au", true */ 'j', 'm', 'c', 'a', 's', 'h', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jmcleaning.services", true */ 'j', 'm', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "jmedved.com", true */ 'j', 'm', 'e', 'd', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jmentertainment.co.uk", true */ 'j', 'm', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmk.hu", true */ 'j', 'm', 'k', '.', 'h', 'u', '\0',
+  /* "jmotion.co.uk", true */ 'j', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmpb.hu", true */ 'j', 'm', 'p', 'b', '.', 'h', 'u', '\0',
+  /* "jmpmotorsport.co.uk", true */ 'j', 'm', 'p', 'm', 'o', 't', 'o', 'r', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jmsolodesigns.com", true */ 'j', 'm', 's', 'o', 'l', 'o', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jmssg.jp", true */ 'j', 'm', 's', 's', 'g', '.', 'j', 'p', '\0',
+  /* "jmvbmx.ch", true */ 'j', 'm', 'v', 'b', 'm', 'x', '.', 'c', 'h', '\0',
+  /* "jmvdigital.com", true */ 'j', 'm', 'v', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jncde.de", true */ 'j', 'n', 'c', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "jncie.de", true */ 'j', 'n', 'c', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "jncie.eu", true */ 'j', 'n', 'c', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "jncip.de", true */ 'j', 'n', 'c', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "jnjdj.com", true */ 'j', 'n', 'j', 'd', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "jnm-art.com", true */ 'j', 'n', 'm', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joa-ebert.com", true */ 'j', 'o', 'a', '-', 'e', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joaosampaio.com.br", true */ 'j', 'o', 'a', 'o', 's', 'a', 'm', 'p', 'a', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "joaquimgoliveira.pt", true */ 'j', 'o', 'a', 'q', 'u', 'i', 'm', 'g', 'o', 'l', 'i', 'v', 'e', 'i', 'r', 'a', '.', 'p', 't', '\0',
+  /* "job-offer.de", true */ 'j', 'o', 'b', '-', 'o', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jobbkk.com", true */ 'j', 'o', 'b', 'b', 'k', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jobbsafari.no", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 'n', 'o', '\0',
+  /* "jobbsafari.se", true */ 'j', 'o', 'b', 'b', 's', 'a', 'f', 'a', 'r', 'i', '.', 's', 'e', '\0',
+  /* "jobindex.dk", true */ 'j', 'o', 'b', 'i', 'n', 'd', 'e', 'x', '.', 'd', 'k', '\0',
+  /* "joblife.co.za", true */ 'j', 'o', 'b', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "jobmob.co.il", true */ 'j', 'o', 'b', 'm', 'o', 'b', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "jobs-in-tech.com", true */ 'j', 'o', 'b', 's', '-', 'i', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jobs.at", true */ 'j', 'o', 'b', 's', '.', 'a', 't', '\0',
+  /* "jobs.ch", true */ 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "jobs4sales.ch", true */ 'j', 'o', 'b', 's', '4', 's', 'a', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "jobseekeritalia.it", true */ 'j', 'o', 'b', 's', 'e', 'e', 'k', 'e', 'r', 'i', 't', 'a', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "jobsuchmaschine.ch", true */ 'j', 'o', 'b', 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "jobtestprep.de", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "jobtestprep.dk", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'd', 'k', '\0',
+  /* "jobtestprep.fr", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'f', 'r', '\0',
+  /* "jobtestprep.it", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'i', 't', '\0',
+  /* "jobtestprep.nl", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "jobtestprep.se", true */ 'j', 'o', 'b', 't', 'e', 's', 't', 'p', 'r', 'e', 'p', '.', 's', 'e', '\0',
+  /* "jobwinner.ch", true */ 'j', 'o', 'b', 'w', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jobzninja.com", true */ 'j', 'o', 'b', 'z', 'n', 'i', 'n', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "jodel.ninja", true */ 'j', 'o', 'd', 'e', 'l', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "jodlajodla.si", true */ 'j', 'o', 'd', 'l', 'a', 'j', 'o', 'd', 'l', 'a', '.', 's', 'i', '\0',
+  /* "joduska.me", true */ 'j', 'o', 'd', 'u', 's', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "jodyboucher.com", true */ 'j', 'o', 'd', 'y', 'b', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joe-pagan.com", true */ 'j', 'o', 'e', '-', 'p', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "joe262.com", true */ 'j', 'o', 'e', '2', '6', '2', '.', 'c', 'o', 'm', '\0',
+  /* "joearodriguez.com", true */ 'j', 'o', 'e', 'a', 'r', 'o', 'd', 'r', 'i', 'g', 'u', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "joedavison.me", true */ 'j', 'o', 'e', 'd', 'a', 'v', 'i', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joedinardo.com", true */ 'j', 'o', 'e', 'd', 'i', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "joedoyle.us", true */ 'j', 'o', 'e', 'd', 'o', 'y', 'l', 'e', '.', 'u', 's', '\0',
+  /* "joedroll.com", true */ 'j', 'o', 'e', 'd', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "joehenry.co.uk", true */ 'j', 'o', 'e', 'h', 'e', 'n', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joelcoustrain.com", true */ 'j', 'o', 'e', 'l', 'c', 'o', 'u', 's', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "joeldrapper.com", true */ 'j', 'o', 'e', 'l', 'd', 'r', 'a', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joelfries.com", true */ 'j', 'o', 'e', 'l', 'f', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "joelj.org", true */ 'j', 'o', 'e', 'l', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "joelle.me", true */ 'j', 'o', 'e', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "joelleandpeter.co.uk", true */ 'j', 'o', 'e', 'l', 'l', 'e', 'a', 'n', 'd', 'p', 'e', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joellimberg.com", true */ 'j', 'o', 'e', 'l', 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "joellombardo.com", true */ 'j', 'o', 'e', 'l', 'l', 'o', 'm', 'b', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "joelmarkhamphotography.com.au", true */ 'j', 'o', 'e', 'l', 'm', 'a', 'r', 'k', 'h', 'a', 'm', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "joelmunch.com", true */ 'j', 'o', 'e', 'l', 'm', 'u', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "joepitt.co.uk", false */ 'j', 'o', 'e', 'p', 'i', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joerg-wellpott.de", true */ 'j', 'o', 'e', 'r', 'g', '-', 'w', 'e', 'l', 'l', 'p', 'o', 't', 't', '.', 'd', 'e', '\0',
+  /* "joerss.at", true */ 'j', 'o', 'e', 'r', 's', 's', '.', 'a', 't', '\0',
+  /* "joespaintingpgh.com", true */ 'j', 'o', 'e', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'p', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "joestead.codes", true */ 'j', 'o', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "joetyson.me", true */ 'j', 'o', 'e', 't', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joeysmith.com", true */ 'j', 'o', 'e', 'y', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jogi-server.de", true */ 'j', 'o', 'g', 'i', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "jogorama.com.br", false */ 'j', 'o', 'g', 'o', 'r', 'a', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "johanbissemattsson.se", false */ 'j', 'o', 'h', 'a', 'n', 'b', 'i', 's', 's', 'e', 'm', 'a', 't', 't', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "johand.io", true */ 'j', 'o', 'h', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "johanli.com", true */ 'j', 'o', 'h', 'a', 'n', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "johannaojanen.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'a', 'o', 'j', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "johannes-bauer.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "johannes-zinke.de", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '-', 'z', 'i', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "johannes.io", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'i', 'o', '\0',
+  /* "johannes.wtf", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', '.', 'w', 't', 'f', '\0',
+  /* "johannespichler.com", true */ 'j', 'o', 'h', 'a', 'n', 'n', 'e', 's', 'p', 'i', 'c', 'h', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "johnbeil.com", true */ 'j', 'o', 'h', 'n', 'b', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "johnblackbourn.com", true */ 'j', 'o', 'h', 'n', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "johndball.com", true */ 'j', 'o', 'h', 'n', 'd', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "johnfulgenzi.com", true */ 'j', 'o', 'h', 'n', 'f', 'u', 'l', 'g', 'e', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "johngallias.com", true */ 'j', 'o', 'h', 'n', 'g', 'a', 'l', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "johnguant.com", true */ 'j', 'o', 'h', 'n', 'g', 'u', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "johnkastler.net", true */ 'j', 'o', 'h', 'n', 'k', 'a', 's', 't', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "johnmalloneemd.com", false */ 'j', 'o', 'h', 'n', 'm', 'a', 'l', 'l', 'o', 'n', 'e', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "johnmcintosh.pro", true */ 'j', 'o', 'h', 'n', 'm', 'c', 'i', 'n', 't', 'o', 's', 'h', '.', 'p', 'r', 'o', '\0',
+  /* "johnmh.me", true */ 'j', 'o', 'h', 'n', 'm', 'h', '.', 'm', 'e', '\0',
+  /* "johnmichel.org", true */ 'j', 'o', 'h', 'n', 'm', 'i', 'c', 'h', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "johnmorganpartnership.co.uk", true */ 'j', 'o', 'h', 'n', 'm', 'o', 'r', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "johnnybet.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "johnnybsecure.com", true */ 'j', 'o', 'h', 'n', 'n', 'y', 'b', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "johnroach.io", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'a', 'c', 'h', '.', 'i', 'o', '\0',
+  /* "johnroberts.me", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'b', 'e', 'r', 't', 's', '.', 'm', 'e', '\0',
+  /* "johnrockefeller.net", true */ 'j', 'o', 'h', 'n', 'r', 'o', 'c', 'k', 'e', 'f', 'e', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "johnsegovia.com", true */ 'j', 'o', 'h', 'n', 's', 'e', 'g', 'o', 'v', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "johnsiu.com", true */ 'j', 'o', 'h', 'n', 's', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "johntomasowa.com", true */ 'j', 'o', 'h', 'n', 't', 'o', 'm', 'a', 's', 'o', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "johnvanhese.nl", true */ 'j', 'o', 'h', 'n', 'v', 'a', 'n', 'h', 'e', 's', 'e', '.', 'n', 'l', '\0',
+  /* "joi-dhl.ch", true */ 'j', 'o', 'i', '-', 'd', 'h', 'l', '.', 'c', 'h', '\0',
+  /* "jojosplaycentreandcafeteria.co.uk", true */ 'j', 'o', 'j', 'o', 's', 'p', 'l', 'a', 'y', 'c', 'e', 'n', 't', 'r', 'e', 'a', 'n', 'd', 'c', 'a', 'f', 'e', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jokedalderup.nl", true */ 'j', 'o', 'k', 'e', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "joker.menu", true */ 'j', 'o', 'k', 'e', 'r', '.', 'm', 'e', 'n', 'u', '\0',
+  /* "jokerice.co.uk", true */ 'j', 'o', 'k', 'e', 'r', 'i', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jokescoff.com", true */ 'j', 'o', 'k', 'e', 's', 'c', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "jokewignand.nl", true */ 'j', 'o', 'k', 'e', 'w', 'i', 'g', 'n', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "joliettech.com", true */ 'j', 'o', 'l', 'i', 'e', 't', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jollausers.de", true */ 'j', 'o', 'l', 'l', 'a', 'u', 's', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "jollykidswobbleworld.co.uk", true */ 'j', 'o', 'l', 'l', 'y', 'k', 'i', 'd', 's', 'w', 'o', 'b', 'b', 'l', 'e', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jomo.tv", true */ 'j', 'o', 'm', 'o', '.', 't', 'v', '\0',
+  /* "jomp16.tk", true */ 'j', 'o', 'm', 'p', '1', '6', '.', 't', 'k', '\0',
+  /* "jonandnoraswedding.com", true */ 'j', 'o', 'n', 'a', 'n', 'd', 'n', 'o', 'r', 'a', 's', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jonarcher.info", true */ 'j', 'o', 'n', 'a', 'r', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jonas-thelemann.de", true */ 'j', 'o', 'n', 'a', 's', '-', 't', 'h', 'e', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "jonas-wenk.de", true */ 'j', 'o', 'n', 'a', 's', '-', 'w', 'e', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "jonaskjodt.com", true */ 'j', 'o', 'n', 'a', 's', 'k', 'j', 'o', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jonaswitmer.ch", true */ 'j', 'o', 'n', 'a', 's', 'w', 'i', 't', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "jonathan-apps.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', '-', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonathancarter.org", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'c', 'a', 'r', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jonathandowning.uk", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'o', 'w', 'n', 'i', 'n', 'g', '.', 'u', 'k', '\0',
+  /* "jonathandupree.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'd', 'u', 'p', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jonathanmassacand.ch", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'm', 'a', 's', 's', 'a', 'c', 'a', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "jonathanschle.de", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 's', 'c', 'h', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "jonathanwisdom.com", true */ 'j', 'o', 'n', 'a', 't', 'h', 'a', 'n', 'w', 'i', 's', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jondarby.com", true */ 'j', 'o', 'n', 'd', 'a', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jondevin.com", true */ 'j', 'o', 'n', 'd', 'e', 'v', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonesborostatebank.com", false */ 'j', 'o', 'n', 'e', 's', 'b', 'o', 'r', 'o', 's', 't', 'a', 't', 'e', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jonferwerda.net", true */ 'j', 'o', 'n', 'f', 'e', 'r', 'w', 'e', 'r', 'd', 'a', '.', 'n', 'e', 't', '\0',
+  /* "jonfor.net", true */ 'j', 'o', 'n', 'f', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "jongbloed.nl", true */ 'j', 'o', 'n', 'g', 'b', 'l', 'o', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "jongcs.com", true */ 'j', 'o', 'n', 'g', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonilar.com", true */ 'j', 'o', 'n', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jonirrings.com", true */ 'j', 'o', 'n', 'i', 'r', 'r', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonkermedia.nl", true */ 'j', 'o', 'n', 'k', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "jonlabelle.com", true */ 'j', 'o', 'n', 'l', 'a', 'b', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jonnybarnes.uk", true */ 'j', 'o', 'n', 'n', 'y', 'b', 'a', 'r', 'n', 'e', 's', '.', 'u', 'k', '\0',
+  /* "jonnystoten.com", true */ 'j', 'o', 'n', 'n', 'y', 's', 't', 'o', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonoalderson.com", true */ 'j', 'o', 'n', 'o', 'a', 'l', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jonpads.com", true */ 'j', 'o', 'n', 'p', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jonpavelich.com", true */ 'j', 'o', 'n', 'p', 'a', 'v', 'e', 'l', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "jons.org", true */ 'j', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "jonscaife.com", true */ 'j', 'o', 'n', 's', 'c', 'a', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jooksuratas.ee", true */ 'j', 'o', 'o', 'k', 's', 'u', 'r', 'a', 't', 'a', 's', '.', 'e', 'e', '\0',
+  /* "joomlant.org", true */ 'j', 'o', 'o', 'm', 'l', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "joostrijneveld.nl", true */ 'j', 'o', 'o', 's', 't', 'r', 'i', 'j', 'n', 'e', 'v', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "joostvanderlaan.nl", true */ 'j', 'o', 'o', 's', 't', 'v', 'a', 'n', 'd', 'e', 'r', 'l', 'a', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "jopl.org", true */ 'j', 'o', 'p', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "jopsens.de", true */ 'j', 'o', 'p', 's', 'e', 'n', 's', '.', 'd', 'e', '\0',
+  /* "joran.org", true */ 'j', 'o', 'r', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "jordankmportal.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 'k', 'm', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jordans.co.uk", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jordanscorporatelaw.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jordanstrustcompany.com", true */ 'j', 'o', 'r', 'd', 'a', 'n', 's', 't', 'r', 'u', 's', 't', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jorisdalderup.nl", true */ 'j', 'o', 'r', 'i', 's', 'd', 'a', 'l', 'd', 'e', 'r', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "jornadasciberdefensa2016.es", true */ 'j', 'o', 'r', 'n', 'a', 'd', 'a', 's', 'c', 'i', 'b', 'e', 'r', 'd', 'e', 'f', 'e', 'n', 's', 'a', '2', '0', '1', '6', '.', 'e', 's', '\0',
+  /* "jornalalerta.com.br", true */ 'j', 'o', 'r', 'n', 'a', 'l', 'a', 'l', 'e', 'r', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jorovik.com", true */ 'j', 'o', 'r', 'o', 'v', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "jorrit.info", true */ 'j', 'o', 'r', 'r', 'i', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "josc.com.au", true */ 'j', 'o', 's', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "joscares.com", true */ 'j', 'o', 's', 'c', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jose.eti.br", true */ 'j', 'o', 's', 'e', '.', 'e', 't', 'i', '.', 'b', 'r', '\0',
+  /* "joseetesser.nl", true */ 'j', 'o', 's', 'e', 'e', 't', 'e', 's', 's', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "josef-lotz.de", true */ 'j', 'o', 's', 'e', 'f', '-', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0',
+  /* "josefjanosec.com", true */ 'j', 'o', 's', 'e', 'f', 'j', 'a', 'n', 'o', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "josefottosson.se", true */ 'j', 'o', 's', 'e', 'f', 'o', 't', 't', 'o', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "josegerber.ch", true */ 'j', 'o', 's', 'e', 'g', 'e', 'r', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "josemikkola.fi", true */ 'j', 'o', 's', 'e', 'm', 'i', 'k', 'k', 'o', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "josepbel.com", true */ 'j', 'o', 's', 'e', 'p', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "josephre.es", true */ 'j', 'o', 's', 'e', 'p', 'h', 'r', 'e', '.', 'e', 's', '\0',
+  /* "josephsniderman.com", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "josephsniderman.net", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "josephsniderman.org", true */ 'j', 'o', 's', 'e', 'p', 'h', 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "josephv.website", true */ 'j', 'o', 's', 'e', 'p', 'h', 'v', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "josericaurte.com", true */ 'j', 'o', 's', 'e', 'r', 'i', 'c', 'a', 'u', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "joshgrancell.com", true */ 'j', 'o', 's', 'h', 'g', 'r', 'a', 'n', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "joshharkema.com", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'k', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "joshharmon.me", true */ 'j', 'o', 's', 'h', 'h', 'a', 'r', 'm', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "joshlovephotography.co.uk", true */ 'j', 'o', 's', 'h', 'l', 'o', 'v', 'e', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "joshpanter.com", true */ 'j', 'o', 's', 'h', 'p', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "joshrickert.com", true */ 'j', 'o', 's', 'h', 'r', 'i', 'c', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "joshschmelzle.com", true */ 'j', 'o', 's', 'h', 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "joshtriplett.org", true */ 'j', 'o', 's', 'h', 't', 'r', 'i', 'p', 'l', 'e', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "joshua-kuepper.de", true */ 'j', 'o', 's', 'h', 'u', 'a', '-', 'k', 'u', 'e', 'p', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "joshuajohnson.ca", true */ 'j', 'o', 's', 'h', 'u', 'a', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "joshuarogers.net", true */ 'j', 'o', 's', 'h', 'u', 'a', 'r', 'o', 'g', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "josoansi.de", true */ 'j', 'o', 's', 'o', 'a', 'n', 's', 'i', '.', 'd', 'e', '\0',
+  /* "joto.de", true */ 'j', 'o', 't', 'o', '.', 'd', 'e', '\0',
+  /* "jouetspetitechanson.com", true */ 'j', 'o', 'u', 'e', 't', 's', 'p', 'e', 't', 'i', 't', 'e', 'c', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "journeyfriday.rocks", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 'f', 'r', 'i', 'd', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "journeytomastery.net", true */ 'j', 'o', 'u', 'r', 'n', 'e', 'y', 't', 'o', 'm', 'a', 's', 't', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "jovani.com", false */ 'j', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "joviam.com", true */ 'j', 'o', 'v', 'i', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "jovic.hamburg", true */ 'j', 'o', 'v', 'i', 'c', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "joworld.net", true */ 'j', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "joyful.house", true */ 'j', 'o', 'y', 'f', 'u', 'l', '.', 'h', 'o', 'u', 's', 'e', '\0',
+  /* "joyfulexpressions.gallery", true */ 'j', 'o', 'y', 'f', 'u', 'l', 'e', 'x', 'p', 'r', 'e', 's', 's', 'i', 'o', 'n', 's', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "joyofcookingandbaking.com", true */ 'j', 'o', 'y', 'o', 'f', 'c', 'o', 'o', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'b', 'a', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jpcrochetapparel.com", true */ 'j', 'p', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "jpdeharenne.be", true */ 'j', 'p', 'd', 'e', 'h', 'a', 'r', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "jpeg.io", true */ 'j', 'p', 'e', 'g', '.', 'i', 'o', '\0',
+  /* "jpgangbang.com", true */ 'j', 'p', 'g', 'a', 'n', 'g', 'b', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "jphandjob.com", true */ 'j', 'p', 'h', 'a', 'n', 'd', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "jplesbian.com", true */ 'j', 'p', 'l', 'e', 's', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jpmelos.com", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jpmelos.com.br", true */ 'j', 'p', 'm', 'e', 'l', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jpod.cc", true */ 'j', 'p', 'o', 'd', '.', 'c', 'c', '\0',
+  /* "jproxx.com", true */ 'j', 'p', 'r', 'o', 'x', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jps-selection.co.uk", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jps-selection.com", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jps-selection.eu", true */ 'j', 'p', 's', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "jpshop.ru", true */ 'j', 'p', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "jpsinflatables.co.uk", true */ 'j', 'p', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jpslconsulting.ca", true */ 'j', 'p', 's', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "jr5devdoug.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jr5devdouglas.xyz", true */ 'j', 'r', '5', 'd', 'e', 'v', 'd', 'o', 'u', 'g', 'l', 'a', 's', '.', 'x', 'y', 'z', '\0',
+  /* "jr5proxdoug.xyz", true */ 'j', 'r', '5', 'p', 'r', 'o', 'x', 'd', 'o', 'u', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "jrc9.ca", true */ 'j', 'r', 'c', '9', '.', 'c', 'a', '\0',
+  /* "jreb.nl", true */ 'j', 'r', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "jreinert.com", true */ 'j', 'r', 'e', 'i', 'n', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jross.me", true */ 'j', 'r', 'o', 's', 's', '.', 'm', 'e', '\0',
+  /* "jrtapsell.co.uk", true */ 'j', 'r', 't', 'a', 'p', 's', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jrxpress.com", true */ 'j', 'r', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "js-online.net", false */ 'j', 's', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "jschoi.org", true */ 'j', 's', 'c', 'h', 'o', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "jschumacher.info", true */ 'j', 's', 'c', 'h', 'u', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jsd-cog.org", true */ 'j', 's', 'd', '-', 'c', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "jsent.co.uk", true */ 'j', 's', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jsevilleja.org", true */ 'j', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'j', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "jskier.com", false */ 'j', 's', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jskoelliken.ch", true */ 'j', 's', 'k', 'o', 'e', 'l', 'l', 'i', 'k', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "jslidong.top", true */ 'j', 's', 'l', 'i', 'd', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0',
+  /* "jsmetallerie.fr", true */ 'j', 's', 'm', 'e', 't', 'a', 'l', 'l', 'e', 'r', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "json-viewer.com", true */ 'j', 's', 'o', 'n', '-', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "jstelecom.com.br", true */ 'j', 's', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "jsteward.moe", true */ 'j', 's', 't', 'e', 'w', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "jstore.ch", true */ 'j', 's', 't', 'o', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "jsvr.tk", true */ 'j', 's', 'v', 'r', '.', 't', 'k', '\0',
+  /* "jtcat.com", true */ 'j', 't', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jthackery.com", false */ 'j', 't', 'h', 'a', 'c', 'k', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jts3servermod.com", true */ 'j', 't', 's', '3', 's', 'e', 'r', 'v', 'e', 'r', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "jtslay.com", true */ 'j', 't', 's', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "jtwp470.net", false */ 'j', 't', 'w', 'p', '4', '7', '0', '.', 'n', 'e', 't', '\0',
+  /* "ju1ro.de", true */ 'j', 'u', '1', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "juan23.edu.uy", true */ 'j', 'u', 'a', 'n', '2', '3', '.', 'e', 'd', 'u', '.', 'u', 'y', '\0',
+  /* "juanhub.com", true */ 'j', 'u', 'a', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "juanmaguitar.com", true */ 'j', 'u', 'a', 'n', 'm', 'a', 'g', 'u', 'i', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "juanxt.ddns.net", true */ 'j', 'u', 'a', 'n', 'x', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "jubileum.online", true */ 'j', 'u', 'b', 'i', 'l', 'e', 'u', 'm', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "juch.cc", true */ 'j', 'u', 'c', 'h', '.', 'c', 'c', '\0',
+  /* "juchheim-methode.de", true */ 'j', 'u', 'c', 'h', 'h', 'e', 'i', 'm', '-', 'm', 'e', 't', 'h', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "juchit.at", true */ 'j', 'u', 'c', 'h', 'i', 't', '.', 'a', 't', '\0',
+  /* "judc-ge.ch", true */ 'j', 'u', 'd', 'c', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "judoprodeti.cz", true */ 'j', 'u', 'd', 'o', 'p', 'r', 'o', 'd', 'e', 't', 'i', '.', 'c', 'z', '\0',
+  /* "juegosycodigos.es", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'e', 's', '\0',
+  /* "juegosycodigos.mx", true */ 'j', 'u', 'e', 'g', 'o', 's', 'y', 'c', 'o', 'd', 'i', 'g', 'o', 's', '.', 'm', 'x', '\0',
+  /* "juergen-elbert.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', '-', 'e', 'l', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "juergenhecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 'h', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "juergenspecht.com", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "juergenspecht.de", true */ 'j', 'u', 'e', 'r', 'g', 'e', 'n', 's', 'p', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "jugendsuenden.info", true */ 'j', 'u', 'g', 'e', 'n', 'd', 's', 'u', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "jugh.de", true */ 'j', 'u', 'g', 'h', '.', 'd', 'e', '\0',
+  /* "juhakoho.com", true */ 'j', 'u', 'h', 'a', 'k', 'o', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "juice.codes", true */ 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "juiced.gs", true */ 'j', 'u', 'i', 'c', 'e', 'd', '.', 'g', 's', '\0',
+  /* "juku-info.top", true */ 'j', 'u', 'k', 'u', '-', 'i', 'n', 'f', 'o', '.', 't', 'o', 'p', '\0',
+  /* "juku-wing.jp", true */ 'j', 'u', 'k', 'u', '-', 'w', 'i', 'n', 'g', '.', 'j', 'p', '\0',
+  /* "julegoerke.de", true */ 'j', 'u', 'l', 'e', 'g', 'o', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "julenlanda.com", true */ 'j', 'u', 'l', 'e', 'n', 'l', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "julian-weigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', '-', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "juliangonggrijp.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'g', 'o', 'n', 'g', 'g', 'r', 'i', 'j', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "julianickel.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'i', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "julianmeyer.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "juliansimioni.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'i', 'm', 'i', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "julianskitchen.ch", true */ 'j', 'u', 'l', 'i', 'a', 'n', 's', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "julianvmodesto.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'v', 'm', 'o', 'd', 'e', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "julianwallmeroth.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'a', 'l', 'l', 'm', 'e', 'r', 'o', 't', 'h', '.', 'd', 'e', '\0',
+  /* "julianweigle.de", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'w', 'e', 'i', 'g', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "julianxhokaxhiu.com", true */ 'j', 'u', 'l', 'i', 'a', 'n', 'x', 'h', 'o', 'k', 'a', 'x', 'h', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "julibear.com", true */ 'j', 'u', 'l', 'i', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "julico.nl", true */ 'j', 'u', 'l', 'i', 'c', 'o', '.', 'n', 'l', '\0',
+  /* "julie-and-stevens-wedding.com", true */ 'j', 'u', 'l', 'i', 'e', '-', 'a', 'n', 'd', '-', 's', 't', 'e', 'v', 'e', 'n', 's', '-', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "juliedecubber.com", true */ 'j', 'u', 'l', 'i', 'e', 'd', 'e', 'c', 'u', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "juliekoubova.net", true */ 'j', 'u', 'l', 'i', 'e', 'k', 'o', 'u', 'b', 'o', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "juliemaurel.fr", true */ 'j', 'u', 'l', 'i', 'e', 'm', 'a', 'u', 'r', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "julienc.io", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'c', '.', 'i', 'o', '\0',
+  /* "julienpaterne.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 'p', 'a', 't', 'e', 'r', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "julientartarin.com", true */ 'j', 'u', 'l', 'i', 'e', 'n', 't', 'a', 'r', 't', 'a', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "julio.jamil.nom.br", true */ 'j', 'u', 'l', 'i', 'o', '.', 'j', 'a', 'm', 'i', 'l', '.', 'n', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "juls.cloud", true */ 'j', 'u', 'l', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "jultube.de", true */ 'j', 'u', 'l', 't', 'u', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "jumba.com.au", true */ 'j', 'u', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumboquid.co.uk", true */ 'j', 'u', 'm', 'b', 'o', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jump-zone.co.uk", true */ 'j', 'u', 'm', 'p', '-', 'z', 'o', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jump.bg", false */ 'j', 'u', 'm', 'p', '.', 'b', 'g', '\0',
+  /* "jump.wtf", true */ 'j', 'u', 'm', 'p', '.', 'w', 't', 'f', '\0',
+  /* "jump4funinflatables.co.uk", true */ 'j', 'u', 'm', 'p', '4', 'f', 'u', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpandbounce.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpandjivechildrensparties.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'n', 'd', 'j', 'i', 'v', 'e', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparoundbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparoundreading.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'u', 'n', 'd', 'r', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumparty.co.uk", true */ 'j', 'u', 'm', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpeasy.com.au", true */ 'j', 'u', 'm', 'p', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumperoos.co.uk", true */ 'j', 'u', 'm', 'p', 'e', 'r', 'o', 'o', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpin-jax.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', '-', 'j', 'a', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinchat.com", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "jumpingbee.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'b', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpingcastlesonline.com.au", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "jumpingjacksbouncycastles.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'g', 'j', 'a', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinjaes.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'j', 'a', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpinmonkeys.co.uk", true */ 'j', 'u', 'm', 'p', 'i', 'n', 'm', 'o', 'n', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jumpman-iphone-design.de", true */ 'j', 'u', 'm', 'p', 'm', 'a', 'n', '-', 'i', 'p', 'h', 'o', 'n', 'e', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "jumpnplay.co.uk", true */ 'j', 'u', 'm', 'p', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "junespina.com", true */ 'j', 'u', 'n', 'e', 's', 'p', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "junethack.net", true */ 'j', 'u', 'n', 'e', 't', 'h', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "jungaa.fr", true */ 'j', 'u', 'n', 'g', 'a', 'a', '.', 'f', 'r', '\0',
+  /* "jungesforumkonstanz.de", true */ 'j', 'u', 'n', 'g', 'e', 's', 'f', 'o', 'r', 'u', 'm', 'k', 'o', 'n', 's', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "jungleculture.co.za", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "jungleducks.ca", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'd', 'u', 'c', 'k', 's', '.', 'c', 'a', '\0',
+  /* "junglejackscastles.co.uk", true */ 'j', 'u', 'n', 'g', 'l', 'e', 'j', 'a', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "junglist.org", true */ 'j', 'u', 'n', 'g', 'l', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "juni.io", true */ 'j', 'u', 'n', 'i', '.', 'i', 'o', '\0',
+  /* "juniperroots.ca", true */ 'j', 'u', 'n', 'i', 'p', 'e', 'r', 'r', 'o', 'o', 't', 's', '.', 'c', 'a', '\0',
+  /* "juniwalk.cz", true */ 'j', 'u', 'n', 'i', 'w', 'a', 'l', 'k', '.', 'c', 'z', '\0',
+  /* "junkdrome.org", true */ 'j', 'u', 'n', 'k', 'd', 'r', 'o', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "junqueiropolis.com", true */ 'j', 'u', 'n', 'q', 'u', 'e', 'i', 'r', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "jurassicbarkharrogate.co.uk", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'b', 'a', 'r', 'k', 'h', 'a', 'r', 'r', 'o', 'g', 'a', 't', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jurassicgolf.nl", true */ 'j', 'u', 'r', 'a', 's', 's', 'i', 'c', 'g', 'o', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "juridoc.com.br", true */ 'j', 'u', 'r', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "juristeo.com", true */ 'j', 'u', 'r', 'i', 's', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jurke.com", true */ 'j', 'u', 'r', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "jurko.cz", true */ 'j', 'u', 'r', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "jurriaan.ninja", true */ 'j', 'u', 'r', 'r', 'i', 'a', 'a', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "just-a-clanpage.de", true */ 'j', 'u', 's', 't', '-', 'a', '-', 'c', 'l', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "just2trade.com", true */ 'j', 'u', 's', 't', '2', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "justanothercompany.name", true */ 'j', 'u', 's', 't', 'a', 'n', 'o', 't', 'h', 'e', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "justbelieverecovery.com", true */ 'j', 'u', 's', 't', 'b', 'e', 'l', 'i', 'e', 'v', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "justbookexcursions.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'e', 'x', 'c', 'u', 'r', 's', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justbookhotels.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 'h', 'o', 't', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justbooktransfers.com", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'k', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "justboom.co", true */ 'j', 'u', 's', 't', 'b', 'o', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "justbouncecastles.co.uk", true */ 'j', 'u', 's', 't', 'b', 'o', 'u', 'n', 'c', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "justchunks.net", true */ 'j', 'u', 's', 't', 'c', 'h', 'u', 'n', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "justgalak.com", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "justgalak.org", true */ 'j', 'u', 's', 't', 'g', 'a', 'l', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "justice.gov", false */ 'j', 'u', 's', 't', 'i', 'c', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "justice4assange.com", true */ 'j', 'u', 's', 't', 'i', 'c', 'e', '4', 'a', 's', 's', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "justinellingwood.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'e', 'l', 'l', 'i', 'n', 'g', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "justinho.com", true */ 'j', 'u', 's', 't', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "justinstandring.com", true */ 'j', 'u', 's', 't', 'i', 'n', 's', 't', 'a', 'n', 'd', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "justnu.se", false */ 'j', 'u', 's', 't', 'n', 'u', '.', 's', 'e', '\0',
+  /* "justpaste.it", true */ 'j', 'u', 's', 't', 'p', 'a', 's', 't', 'e', '.', 'i', 't', '\0',
+  /* "justupdate.me", true */ 'j', 'u', 's', 't', 'u', 'p', 'd', 'a', 't', 'e', '.', 'm', 'e', '\0',
+  /* "justyy.com", true */ 'j', 'u', 's', 't', 'y', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "juszkiewicz.com.pl", true */ 'j', 'u', 's', 'z', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "jutlander-netbank.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '-', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'd', 'k', '\0',
+  /* "jutlander.dk", true */ 'j', 'u', 't', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "juventusclublugano.ch", true */ 'j', 'u', 'v', 'e', 'n', 't', 'u', 's', 'c', 'l', 'u', 'b', 'l', 'u', 'g', 'a', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "juwelierstoopman.nl", true */ 'j', 'u', 'w', 'e', 'l', 'i', 'e', 'r', 's', 't', 'o', 'o', 'p', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "juzgalo.com", true */ 'j', 'u', 'z', 'g', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "jva-wuerzburg.de", true */ 'j', 'v', 'a', '-', 'w', 'u', 'e', 'r', 'z', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "jvanerp.nl", true */ 'j', 'v', 'a', 'n', 'e', 'r', 'p', '.', 'n', 'l', '\0',
+  /* "jvbouncycastlehire.co.uk", true */ 'j', 'v', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jvn.com", false */ 'j', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jvphotoboothhire.co.uk", true */ 'j', 'v', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "jvwdev.nl", true */ 'j', 'v', 'w', 'd', 'e', 'v', '.', 'n', 'l', '\0',
+  /* "jwatt.org", true */ 'j', 'w', 'a', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "jwe.nl", true */ 'j', 'w', 'e', '.', 'n', 'l', '\0',
+  /* "jwilsson.com", true */ 'j', 'w', 'i', 'l', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jwjwjw.com", true */ 'j', 'w', 'j', 'w', 'j', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "jwnotifier.org", true */ 'j', 'w', 'n', 'o', 't', 'i', 'f', 'i', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "jwolt-lx.com", true */ 'j', 'w', 'o', 'l', 't', '-', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "jwschuepfheim.ch", true */ 'j', 'w', 's', 'c', 'h', 'u', 'e', 'p', 'f', 'h', 'e', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "jxir.de", true */ 'j', 'x', 'i', 'r', '.', 'd', 'e', '\0',
+  /* "jyggen.com", true */ 'j', 'y', 'g', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "jyoti-fairworks.org", true */ 'j', 'y', 'o', 't', 'i', '-', 'f', 'a', 'i', 'r', 'w', 'o', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "jzbk.org", true */ 'j', 'z', 'b', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "k-homes.net", true */ 'k', '-', 'h', 'o', 'm', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "k-netz.de", true */ 'k', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "k-pan.com", true */ 'k', '-', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "k-pture.com", true */ 'k', '-', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "k-scr.me", true */ 'k', '-', 's', 'c', 'r', '.', 'm', 'e', '\0',
+  /* "k-tube.com", true */ 'k', '-', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "k258059.net", true */ 'k', '2', '5', '8', '0', '5', '9', '.', 'n', 'e', 't', '\0',
+  /* "k2mts.org", true */ 'k', '2', 'm', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "k82.org", true */ 'k', '8', '2', '.', 'o', 'r', 'g', '\0',
+  /* "k8r.eu", true */ 'k', '8', 'r', '.', 'e', 'u', '\0',
+  /* "k9swx.com", true */ 'k', '9', 's', 'w', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "kaamoscreations.com", true */ 'k', 'a', 'a', 'm', 'o', 's', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaanduman.com", true */ 'k', 'a', 'a', 'n', 'd', 'u', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kaangenc.me", true */ 'k', 'a', 'a', 'n', 'g', 'e', 'n', 'c', '.', 'm', 'e', '\0',
+  /* "kaatha-kamrater.se", true */ 'k', 'a', 'a', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '.', 's', 'e', '\0',
+  /* "kab-s.de", true */ 'k', 'a', 'b', '-', 's', '.', 'd', 'e', '\0',
+  /* "kabashop.com.br", true */ 'k', 'a', 'b', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kabat-fans.cz", false */ 'k', 'a', 'b', 'a', 't', '-', 'f', 'a', 'n', 's', '.', 'c', 'z', '\0',
+  /* "kabeltv.co.nz", true */ 'k', 'a', 'b', 'e', 'l', 't', 'v', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "kabeuchi.com", true */ 'k', 'a', 'b', 'e', 'u', 'c', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kaboom.pw", true */ 'k', 'a', 'b', 'o', 'o', 'm', '.', 'p', 'w', '\0',
+  /* "kabu-abc.com", true */ 'k', 'a', 'b', 'u', '-', 'a', 'b', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kabus.org", true */ 'k', 'a', 'b', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kachlikova2.cz", true */ 'k', 'a', 'c', 'h', 'l', 'i', 'k', 'o', 'v', 'a', '2', '.', 'c', 'z', '\0',
+  /* "kack.website", true */ 'k', 'a', 'c', 'k', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "kadhambam.in", true */ 'k', 'a', 'd', 'h', 'a', 'm', 'b', 'a', 'm', '.', 'i', 'n', '\0',
+  /* "kadmec.com", true */ 'k', 'a', 'd', 'm', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kaffeekrone.de", true */ 'k', 'a', 'f', 'f', 'e', 'e', 'k', 'r', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kafoom.de", true */ 'k', 'a', 'f', 'o', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "kaheim.de", false */ 'k', 'a', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "kai-ratzeburg.de", true */ 'k', 'a', 'i', '-', 'r', 'a', 't', 'z', 'e', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "kaigojj.com", true */ 'k', 'a', 'i', 'g', 'o', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "kaika-hms.de", true */ 'k', 'a', 'i', 'k', 'a', '-', 'h', 'm', 's', '.', 'd', 'e', '\0',
+  /* "kaileymslusser.com", true */ 'k', 'a', 'i', 'l', 'e', 'y', 'm', 's', 'l', 'u', 's', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kainetsoft.com", true */ 'k', 'a', 'i', 'n', 'e', 't', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kainz.bayern", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "kainz.be", true */ 'k', 'a', 'i', 'n', 'z', '.', 'b', 'e', '\0',
+  /* "kairion.de", true */ 'k', 'a', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "kaisakura.net", true */ 'k', 'a', 'i', 's', 'a', 'k', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kaisev.net", true */ 'k', 'a', 'i', 's', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "kaiusaltd.com", true */ 'k', 'a', 'i', 'u', 's', 'a', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kaizenreporting.com", true */ 'k', 'a', 'i', 'z', 'e', 'n', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kaizeronion.com", true */ 'k', 'a', 'i', 'z', 'e', 'r', 'o', 'n', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kajak.land", true */ 'k', 'a', 'j', 'a', 'k', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "kajlovo.cz", true */ 'k', 'a', 'j', 'l', 'o', 'v', 'o', '.', 'c', 'z', '\0',
+  /* "kaka.farm", true */ 'k', 'a', 'k', 'a', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "kakao-karten.de", true */ 'k', 'a', 'k', 'a', 'o', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kakaomilchkuh.de", true */ 'k', 'a', 'k', 'a', 'o', 'm', 'i', 'l', 'c', 'h', 'k', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "kakaravaara.fi", true */ 'k', 'a', 'k', 'a', 'r', 'a', 'v', 'a', 'a', 'r', 'a', '.', 'f', 'i', '\0',
+  /* "kakie-gobocha.jp", true */ 'k', 'a', 'k', 'i', 'e', '-', 'g', 'o', 'b', 'o', 'c', 'h', 'a', '.', 'j', 'p', '\0',
+  /* "kakie-kolesa.ru", true */ 'k', 'a', 'k', 'i', 'e', '-', 'k', 'o', 'l', 'e', 's', 'a', '.', 'r', 'u', '\0',
+  /* "kakolightingmuseum.or.jp", true */ 'k', 'a', 'k', 'o', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "kakoo-media.nl", true */ 'k', 'a', 'k', 'o', 'o', '-', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "kakoo.nl", true */ 'k', 'a', 'k', 'o', 'o', '.', 'n', 'l', '\0',
+  /* "kakoomedia.nl", true */ 'k', 'a', 'k', 'o', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "kalastus.com", true */ 'k', 'a', 'l', 'a', 's', 't', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaleidoscope.co.uk", true */ 'k', 'a', 'l', 'e', 'i', 'd', 'o', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kalender.com", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kalender.goip.de", true */ 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'g', 'o', 'i', 'p', '.', 'd', 'e', '\0',
+  /* "kalevlamps.co.uk", true */ 'k', 'a', 'l', 'e', 'v', 'l', 'a', 'm', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kaliaa.fi", true */ 'k', 'a', 'l', 'i', 'a', 'a', '.', 'f', 'i', '\0',
+  /* "kalian.cz", true */ 'k', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "kalifornien-tourismus.de", true */ 'k', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'e', 'n', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'u', 's', '.', 'd', 'e', '\0',
+  /* "kall.is", true */ 'k', 'a', 'l', 'l', '.', 'i', 's', '\0',
+  /* "kallies-net.de", true */ 'k', 'a', 'l', 'l', 'i', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "kalmar.com", true */ 'k', 'a', 'l', 'm', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kalsbouncies.com", true */ 'k', 'a', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaltenbrunner.it", true */ 'k', 'a', 'l', 't', 'e', 'n', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'i', 't', '\0',
+  /* "kalterersee.ch", true */ 'k', 'a', 'l', 't', 'e', 'r', 'e', 'r', 's', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "kamalame.co", true */ 'k', 'a', 'm', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "kamikaichimaru.com", true */ 'k', 'a', 'm', 'i', 'k', 'a', 'i', 'c', 'h', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kamikatse.net", true */ 'k', 'a', 'm', 'i', 'k', 'a', 't', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kamixa.se", true */ 'k', 'a', 'm', 'i', 'x', 'a', '.', 's', 'e', '\0',
+  /* "kana.me", true */ 'k', 'a', 'n', 'a', '.', 'm', 'e', '\0',
+  /* "kanaete-uranai.com", true */ 'k', 'a', 'n', 'a', 'e', 't', 'e', '-', 'u', 'r', 'a', 'n', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kanagawachuo-hospital.jp", true */ 'k', 'a', 'n', 'a', 'g', 'a', 'w', 'a', 'c', 'h', 'u', 'o', '-', 'h', 'o', 's', 'p', 'i', 't', 'a', 'l', '.', 'j', 'p', '\0',
+  /* "kanal-schaefer.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kanal-tv-haensch.de", true */ 'k', 'a', 'n', 'a', 'l', '-', 't', 'v', '-', 'h', 'a', 'e', 'n', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kanar.nl", true */ 'k', 'a', 'n', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "kancolle.me", true */ 'k', 'a', 'n', 'c', 'o', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "kandalife.com", true */ 'k', 'a', 'n', 'd', 'a', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kandec.co.jp", true */ 'k', 'a', 'n', 'd', 'e', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "kanecastles.com", true */ 'k', 'a', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kanehusky.com", true */ 'k', 'a', 'n', 'e', 'h', 'u', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kangaroo-bouncycastle.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kangarooislandholidayaccommodation.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'i', 's', 'l', 'a', 'n', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 'a', 'c', 'c', 'o', 'm', 'm', 'o', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroojacks.co.uk", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'j', 'a', 'c', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kangaroos.org", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kangaroovalleykayaks.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'k', 'a', 'y', 'a', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroovalleymuseum.com", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "kangaroovalleyolives.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'o', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangaroovalleyshow.org.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 's', 'h', 'o', 'w', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "kangaroovalleywoodcrafts.com.au", true */ 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', 'w', 'o', 'o', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kangkai.me", true */ 'k', 'a', 'n', 'g', 'k', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "kangooroule.fr", true */ 'k', 'a', 'n', 'g', 'o', 'o', 'r', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "kanis.ag", true */ 'k', 'a', 'n', 'i', 's', '.', 'a', 'g', '\0',
+  /* "kankimaru.com", true */ 'k', 'a', 'n', 'k', 'i', 'm', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kanmitao.com", true */ 'k', 'a', 'n', 'm', 'i', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kanna.cf", true */ 'k', 'a', 'n', 'n', 'a', '.', 'c', 'f', '\0',
+  /* "kannchen.de", true */ 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kanotijd.nl", true */ 'k', 'a', 'n', 'o', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0',
+  /* "kansaiyamamoto.jp", true */ 'k', 'a', 'n', 's', 'a', 'i', 'y', 'a', 'm', 'a', 'm', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "kantankye.nl", true */ 'k', 'a', 'n', 't', 'a', 'n', 'k', 'y', 'e', '.', 'n', 'l', '\0',
+  /* "kantanmt.com", true */ 'k', 'a', 'n', 't', 'a', 'n', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kantorad.io", true */ 'k', 'a', 'n', 't', 'o', 'r', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "kantorkita.net", true */ 'k', 'a', 'n', 't', 'o', 'r', 'k', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kantorosobisty.pl", true */ 'k', 'a', 'n', 't', 'o', 'r', 'o', 's', 'o', 'b', 'i', 's', 't', 'y', '.', 'p', 'l', '\0',
+  /* "kanuvu.de", true */ 'k', 'a', 'n', 'u', 'v', 'u', '.', 'd', 'e', '\0',
+  /* "kanzashi.com", true */ 'k', 'a', 'n', 'z', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kanzlei-sixt.de", true */ 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 's', 'i', 'x', 't', '.', 'd', 'e', '\0',
+  /* "kanzshop.com", true */ 'k', 'a', 'n', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kaomojis.net", true */ 'k', 'a', 'o', 'm', 'o', 'j', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "kap-genial.de", true */ 'k', 'a', 'p', '-', 'g', 'e', 'n', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "kapiorr.duckdns.org", true */ 'k', 'a', 'p', 'i', 'o', 'r', 'r', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kappit.dk", true */ 'k', 'a', 'p', 'p', 'i', 't', '.', 'd', 'k', '\0',
+  /* "kapseli.net", true */ 'k', 'a', 'p', 's', 'e', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "kaptadata.com", true */ 'k', 'a', 'p', 't', 'a', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kaptamedia.com", true */ 'k', 'a', 'p', 't', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kara-fabian.com", true */ 'k', 'a', 'r', 'a', '-', 'f', 'a', 'b', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "karabas.com", true */ 'k', 'a', 'r', 'a', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "karabijnhaken.nl", false */ 'k', 'a', 'r', 'a', 'b', 'i', 'j', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "karachi.dating", true */ 'k', 'a', 'r', 'a', 'c', 'h', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "karamomo.net", true */ 'k', 'a', 'r', 'a', 'm', 'o', 'm', 'o', '.', 'n', 'e', 't', '\0',
+  /* "karanjthakkar.com", true */ 'k', 'a', 'r', 'a', 'n', 'j', 't', 'h', 'a', 'k', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karasik.by", true */ 'k', 'a', 'r', 'a', 's', 'i', 'k', '.', 'b', 'y', '\0',
+  /* "karateka.org", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "karateka.ru", true */ 'k', 'a', 'r', 'a', 't', 'e', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "karatorian.org", true */ 'k', 'a', 'r', 'a', 't', 'o', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kardize24.pl", true */ 'k', 'a', 'r', 'd', 'i', 'z', 'e', '2', '4', '.', 'p', 'l', '\0',
+  /* "karguine.in", true */ 'k', 'a', 'r', 'g', 'u', 'i', 'n', 'e', '.', 'i', 'n', '\0',
+  /* "karhm.com", true */ 'k', 'a', 'r', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "karhukamera.com", true */ 'k', 'a', 'r', 'h', 'u', 'k', 'a', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "karina.gd", true */ 'k', 'a', 'r', 'i', 'n', 'a', '.', 'g', 'd', '\0',
+  /* "karit.nz", true */ 'k', 'a', 'r', 'i', 't', '.', 'n', 'z', '\0',
+  /* "karjala-ski.ru", true */ 'k', 'a', 'r', 'j', 'a', 'l', 'a', '-', 's', 'k', 'i', '.', 'r', 'u', '\0',
+  /* "karlbowden.com", true */ 'k', 'a', 'r', 'l', 'b', 'o', 'w', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "karlis-kavacis.id.lv", true */ 'k', 'a', 'r', 'l', 'i', 's', '-', 'k', 'a', 'v', 'a', 'c', 'i', 's', '.', 'i', 'd', '.', 'l', 'v', '\0',
+  /* "karlsmithmn.org", true */ 'k', 'a', 'r', 'l', 's', 'm', 'i', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "karlstabo.se", true */ 'k', 'a', 'r', 'l', 's', 't', 'a', 'b', 'o', '.', 's', 'e', '\0',
+  /* "karlzotter.com", true */ 'k', 'a', 'r', 'l', 'z', 'o', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karmaassurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'a', 's', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "karmabaker.com", true */ 'k', 'a', 'r', 'm', 'a', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "karmaflux.com", true */ 'k', 'a', 'r', 'm', 'a', 'f', 'l', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "karmainsurance.ca", true */ 'k', 'a', 'r', 'm', 'a', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'a', '\0',
+  /* "karmaplatform.com", true */ 'k', 'a', 'r', 'm', 'a', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "karmaspa.se", true */ 'k', 'a', 'r', 'm', 'a', 's', 'p', 'a', '.', 's', 'e', '\0',
+  /* "karmic.com", true */ 'k', 'a', 'r', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "karn.nu", true */ 'k', 'a', 'r', 'n', '.', 'n', 'u', '\0',
+  /* "karneid.info", true */ 'k', 'a', 'r', 'n', 'e', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "karpanhellas.com", false */ 'k', 'a', 'r', 'p', 'a', 'n', 'h', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kartacha.com", true */ 'k', 'a', 'r', 't', 'a', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kartec.com", true */ 'k', 'a', 'r', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kartonmodellbau.org", true */ 'k', 'a', 'r', 't', 'o', 'n', 'm', 'o', 'd', 'e', 'l', 'l', 'b', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kasadara.com", true */ 'k', 'a', 's', 'a', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kasei.im", true */ 'k', 'a', 's', 'e', 'i', '.', 'i', 'm', '\0',
+  /* "kashis.com.au", true */ 'k', 'a', 's', 'h', 'i', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kashmirobserver.net", true */ 'k', 'a', 's', 'h', 'm', 'i', 'r', 'o', 'b', 's', 'e', 'r', 'v', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "kasilag.me", false */ 'k', 'a', 's', 'i', 'l', 'a', 'g', '.', 'm', 'e', '\0',
+  /* "kasko.io", true */ 'k', 'a', 's', 'k', 'o', '.', 'i', 'o', '\0',
+  /* "kasnoffskinclinic.com", true */ 'k', 'a', 's', 'n', 'o', 'f', 'f', 's', 'k', 'i', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kassa.at", true */ 'k', 'a', 's', 's', 'a', '.', 'a', 't', '\0',
+  /* "kastankaoffice.cz", true */ 'k', 'a', 's', 't', 'a', 'n', 'k', 'a', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "kastelruth.biz", true */ 'k', 'a', 's', 't', 'e', 'l', 'r', 'u', 't', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "kat.al", true */ 'k', 'a', 't', '.', 'a', 'l', '\0',
+  /* "katalogbutikker.dk", true */ 'k', 'a', 't', 'a', 'l', 'o', 'g', 'b', 'u', 't', 'i', 'k', 'k', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "katata-kango.ac.jp", true */ 'k', 'a', 't', 'a', 't', 'a', '-', 'k', 'a', 'n', 'g', 'o', '.', 'a', 'c', '.', 'j', 'p', '\0',
+  /* "katedra.de", true */ 'k', 'a', 't', 'e', 'd', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "kateduggan.net", true */ 'k', 'a', 't', 'e', 'd', 'u', 'g', 'g', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kateenzenauer.com", true */ 'k', 'a', 't', 'e', 'e', 'n', 'z', 'e', 'n', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "katekligys.com", true */ 'k', 'a', 't', 'e', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "katemarsh.com", true */ 'k', 'a', 't', 'e', 'm', 'a', 'r', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "katericke.com", true */ 'k', 'a', 't', 'e', 'r', 'i', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kathardt.de", true */ 'k', 'a', 't', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "kathegiraldo.com", true */ 'k', 'a', 't', 'h', 'e', 'g', 'i', 'r', 'a', 'l', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kati-raumplaner.de", true */ 'k', 'a', 't', 'i', '-', 'r', 'a', 'u', 'm', 'p', 'l', 'a', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "katiechai.xyz", true */ 'k', 'a', 't', 'i', 'e', 'c', 'h', 'a', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "katieskandy.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 'n', 'd', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "katieskastles.co.uk", true */ 'k', 'a', 't', 'i', 'e', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "katja-nikolic-design.de", true */ 'k', 'a', 't', 'j', 'a', '-', 'n', 'i', 'k', 'o', 'l', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "katka.info", true */ 'k', 'a', 't', 'k', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "katnunn.co.uk", true */ 'k', 'a', 't', 'n', 'u', 'n', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kato-yane.com", true */ 'k', 'a', 't', 'o', '-', 'y', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "katscastles.co.uk", true */ 'k', 'a', 't', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kattelans.eu", true */ 'k', 'a', 't', 't', 'e', 'l', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "kattenfun.be", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'b', 'e', '\0',
+  /* "kattenfun.nl", true */ 'k', 'a', 't', 't', 'e', 'n', 'f', 'u', 'n', '.', 'n', 'l', '\0',
+  /* "katyl.info", false */ 'k', 'a', 't', 'y', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "katzspeech.com", true */ 'k', 'a', 't', 'z', 's', 'p', 'e', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kau-boys.com", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kau-boys.de", true */ 'k', 'a', 'u', '-', 'b', 'o', 'y', 's', '.', 'd', 'e', '\0',
+  /* "kaufberatung.community", true */ 'k', 'a', 'u', 'f', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '\0',
+  /* "kauperwood.ovh", true */ 'k', 'a', 'u', 'p', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "kausta.me", true */ 'k', 'a', 'u', 's', 't', 'a', '.', 'm', 'e', '\0',
+  /* "kavik.no", true */ 'k', 'a', 'v', 'i', 'k', '.', 'n', 'o', '\0',
+  /* "kavovary-kava.cz", true */ 'k', 'a', 'v', 'o', 'v', 'a', 'r', 'y', '-', 'k', 'a', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "kawaiii.link", true */ 'k', 'a', 'w', 'a', 'i', 'i', 'i', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "kaweus.de", true */ 'k', 'a', 'w', 'e', 'u', 's', '.', 'd', 'e', '\0',
+  /* "kayakabovegroundswimmingpools.com", true */ 'k', 'a', 'y', 'a', 'k', 'a', 'b', 'o', 'v', 'e', 'g', 'r', 'o', 'u', 'n', 'd', 's', 'w', 'i', 'm', 'm', 'i', 'n', 'g', 'p', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaydan.io", true */ 'k', 'a', 'y', 'd', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "kayipmurekkep.com", true */ 'k', 'a', 'y', 'i', 'p', 'm', 'u', 'r', 'e', 'k', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kayleen.net", true */ 'k', 'a', 'y', 'l', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kaylyn.ink", false */ 'k', 'a', 'y', 'l', 'y', 'n', '.', 'i', 'n', 'k', '\0',
+  /* "kayon.cf", true */ 'k', 'a', 'y', 'o', 'n', '.', 'c', 'f', '\0',
+  /* "kayscs.com", true */ 'k', 'a', 'y', 's', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kaysis.gov.tr", true */ 'k', 'a', 'y', 's', 'i', 's', '.', 'g', 'o', 'v', '.', 't', 'r', '\0',
+  /* "kazamasion.com", true */ 'k', 'a', 'z', 'a', 'm', 'a', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kazandaemon.ru", true */ 'k', 'a', 'z', 'a', 'n', 'd', 'a', 'e', 'm', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "kazenojiyu.fr", true */ 'k', 'a', 'z', 'e', 'n', 'o', 'j', 'i', 'y', 'u', '.', 'f', 'r', '\0',
+  /* "kazu.click", true */ 'k', 'a', 'z', 'u', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "kazuhirohigashi.com", true */ 'k', 'a', 'z', 'u', 'h', 'i', 'r', 'o', 'h', 'i', 'g', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kazumi.ro", true */ 'k', 'a', 'z', 'u', 'm', 'i', '.', 'r', 'o', '\0',
+  /* "kazy111.info", true */ 'k', 'a', 'z', 'y', '1', '1', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kb3.net", true */ 'k', 'b', '3', '.', 'n', 'e', 't', '\0',
+  /* "kba-online.de", true */ 'k', 'b', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kbb-ev.de", true */ 'k', 'b', 'b', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "kbbouncycastlehire.co.uk", true */ 'k', 'b', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kbcequitas.hu", true */ 'k', 'b', 'c', 'e', 'q', 'u', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "kbfl.org", true */ 'k', 'b', 'f', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kbit.dk", true */ 'k', 'b', 'i', 't', '.', 'd', 'k', '\0',
+  /* "kbjorklu.com", true */ 'k', 'b', 'j', 'o', 'r', 'k', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kbleventhire.co.uk", true */ 'k', 'b', 'l', 'e', 'v', 'e', 'n', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kc-holzfaeller.de", true */ 'k', 'c', '-', 'h', 'o', 'l', 'z', 'f', 'a', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kc5mpk.com", true */ 'k', 'c', '5', 'm', 'p', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kcolford.com", true */ 'k', 'c', 'o', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kcore.org", true */ 'k', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "kcptun.com", true */ 'k', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kcsordparticipation.org", true */ 'k', 'c', 's', 'o', 'r', 'd', 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kd.net.nz", true */ 'k', 'd', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "kdex.de", true */ 'k', 'd', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "kdw.cloud", true */ 'k', 'd', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "kdyby.org", true */ 'k', 'd', 'y', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ke7tlf.us", true */ 'k', 'e', '7', 't', 'l', 'f', '.', 'u', 's', '\0',
+  /* "keakon.net", true */ 'k', 'e', 'a', 'k', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "keaneokelley.com", true */ 'k', 'e', 'a', 'n', 'e', 'o', 'k', 'e', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kearney.io", true */ 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "keartanddesign.com", true */ 'k', 'e', 'a', 'r', 't', 'a', 'n', 'd', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keaysmillwork.com", true */ 'k', 'e', 'a', 'y', 's', 'm', 'i', 'l', 'l', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keb.com.au", true */ 'k', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "keb.net.au", true */ 'k', 'e', 'b', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "kedarastudios.com", true */ 'k', 'e', 'd', 'a', 'r', 'a', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kedibizworx.com", true */ 'k', 'e', 'd', 'i', 'b', 'i', 'z', 'w', 'o', 'r', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "keechain.io", true */ 'k', 'e', 'e', 'c', 'h', 'a', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "keeleysam.com", true */ 'k', 'e', 'e', 'l', 'e', 'y', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "keepa.com", true */ 'k', 'e', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "keeperapp.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "keeperklan.com", false */ 'k', 'e', 'e', 'p', 'e', 'r', 'k', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keepersecurity.com", true */ 'k', 'e', 'e', 'p', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "keepiteasy.eu", true */ 'k', 'e', 'e', 'p', 'i', 't', 'e', 'a', 's', 'y', '.', 'e', 'u', '\0',
+  /* "keeweb.info", true */ 'k', 'e', 'e', 'w', 'e', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "keezin.ga", true */ 'k', 'e', 'e', 'z', 'i', 'n', '.', 'g', 'a', '\0',
+  /* "keganthorrez.com", true */ 'k', 'e', 'g', 'a', 'n', 't', 'h', 'o', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "kehlenbach.net", true */ 'k', 'e', 'h', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "keifel.de", true */ 'k', 'e', 'i', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kein-design.de", true */ 'k', 'e', 'i', 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "kein-fidget-spinner-werden.de", true */ 'k', 'e', 'i', 'n', '-', 'f', 'i', 'd', 'g', 'e', 't', '-', 's', 'p', 'i', 'n', 'n', 'e', 'r', '-', 'w', 'e', 'r', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "keinanung.nl", true */ 'k', 'e', 'i', 'n', 'a', 'n', 'u', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "keinefilterblase.de", true */ 'k', 'e', 'i', 'n', 'e', 'f', 'i', 'l', 't', 'e', 'r', 'b', 'l', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "keisaku.org", true */ 'k', 'e', 'i', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "keishiando.com", true */ 'k', 'e', 'i', 's', 'h', 'i', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "keithws.net", true */ 'k', 'e', 'i', 't', 'h', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "keke-shop.ch", true */ 'k', 'e', 'k', 'e', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "kekku.li", true */ 'k', 'e', 'k', 'k', 'u', '.', 'l', 'i', '\0',
+  /* "keksi.io", true */ 'k', 'e', 'k', 's', 'i', '.', 'i', 'o', '\0',
+  /* "kekz.org", true */ 'k', 'e', 'k', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "kela.jp", true */ 'k', 'e', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "keldan.fo", true */ 'k', 'e', 'l', 'd', 'a', 'n', '.', 'f', 'o', '\0',
+  /* "kelgtermans-usedcars.be", true */ 'k', 'e', 'l', 'g', 't', 'e', 'r', 'm', 'a', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "kellyandantony.com", true */ 'k', 'e', 'l', 'l', 'y', 'a', 'n', 'd', 'a', 'n', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kellygrenard.com", true */ 'k', 'e', 'l', 'l', 'y', 'g', 'r', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kellyskastles.co.uk", true */ 'k', 'e', 'l', 'l', 'y', 's', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kelmarsafety.com", true */ 'k', 'e', 'l', 'm', 'a', 'r', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kempkens.io", true */ 'k', 'e', 'm', 'p', 'k', 'e', 'n', 's', '.', 'i', 'o', '\0',
+  /* "kemptown.co.uk", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kemptown.com", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kemptown.net", true */ 'k', 'e', 'm', 'p', 't', 'o', 'w', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ken-electric.com.br", true */ 'k', 'e', 'n', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ken.fm", true */ 'k', 'e', 'n', '.', 'f', 'm', '\0',
+  /* "kenalsworld.com", true */ 'k', 'e', 'n', 'a', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kenderbeton-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderbetonmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'b', 'e', 't', 'o', 'n', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderhaz-magyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', '-', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kenderhazmagyarorszag.hu", true */ 'k', 'e', 'n', 'd', 'e', 'r', 'h', 'a', 'z', 'm', 'a', 'g', 'y', 'a', 'r', 'o', 'r', 's', 'z', 'a', 'g', '.', 'h', 'u', '\0',
+  /* "kendra.io", true */ 'k', 'e', 'n', 'd', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "kendu.si", true */ 'k', 'e', 'n', 'd', 'u', '.', 's', 'i', '\0',
+  /* "kengilmour.com", true */ 'k', 'e', 'n', 'g', 'i', 'l', 'm', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kenguntokku.jp", true */ 'k', 'e', 'n', 'g', 'u', 'n', 't', 'o', 'k', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "kennedy.ie", true */ 'k', 'e', 'n', 'n', 'e', 'd', 'y', '.', 'i', 'e', '\0',
+  /* "kenners.org", true */ 'k', 'e', 'n', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kennethaasan.no", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'a', 'a', 's', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "kennethferguson.com", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'f', 'e', 'r', 'g', 'u', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kennethlim.me", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 'l', 'i', 'm', '.', 'm', 'e', '\0',
+  /* "kenneths.org", true */ 'k', 'e', 'n', 'n', 'e', 't', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kenny-peck.com", true */ 'k', 'e', 'n', 'n', 'y', '-', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keno.im", true */ 'k', 'e', 'n', 'o', '.', 'i', 'm', '\0',
+  /* "kenoschwalb.com", true */ 'k', 'e', 'n', 'o', 's', 'c', 'h', 'w', 'a', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "kenrogers.co", false */ 'k', 'e', 'n', 'r', 'o', 'g', 'e', 'r', 's', '.', 'c', 'o', '\0',
+  /* "kens.pics", true */ 'k', 'e', 'n', 's', '.', 'p', 'i', 'c', 's', '\0',
+  /* "kensbouncycastles.co.uk", true */ 'k', 'e', 'n', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kentec.net", true */ 'k', 'e', 'n', 't', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "kenterlis.gr", true */ 'k', 'e', 'n', 't', 'e', 'r', 'l', 'i', 's', '.', 'g', 'r', '\0',
+  /* "keops-spine.fr", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "keops-spine.us", true */ 'k', 'e', 'o', 'p', 's', '-', 's', 'p', 'i', 'n', 'e', '.', 'u', 's', '\0',
+  /* "kepler-seminar.de", true */ 'k', 'e', 'p', 'l', 'e', 'r', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "kerebro.com", true */ 'k', 'e', 'r', 'e', 'b', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kerem.xyz", true */ 'k', 'e', 'r', 'e', 'm', '.', 'x', 'y', 'z', '\0',
+  /* "kerforhome.com", true */ 'k', 'e', 'r', 'f', 'o', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kerijacoby.com", true */ 'k', 'e', 'r', 'i', 'j', 'a', 'c', 'o', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kermadec.com", true */ 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kernel-error.de", true */ 'k', 'e', 'r', 'n', 'e', 'l', '-', 'e', 'r', 'r', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "kernelpanics.nl", true */ 'k', 'e', 'r', 'n', 'e', 'l', 'p', 'a', 'n', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "kerrfrequencycombs.org", true */ 'k', 'e', 'r', 'r', 'f', 'r', 'e', 'q', 'u', 'e', 'n', 'c', 'y', 'c', 'o', 'm', 'b', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kerstkaart.nl", true */ 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kerus.net", true */ 'k', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "keshausconsulting.com", true */ 'k', 'e', 's', 'h', 'a', 'u', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kessel-runners.com", true */ 'k', 'e', 's', 's', 'e', 'l', '-', 'r', 'u', 'n', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kesslerwine.com", true */ 'k', 'e', 's', 's', 'l', 'e', 'r', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kesteren.com", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kesteren.org", true */ 'k', 'e', 's', 't', 'e', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ketamine.co.uk", true */ 'k', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ketosecology.co.uk", true */ 'k', 'e', 't', 'o', 's', 'e', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kettner.com", true */ 'k', 'e', 't', 't', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ketty-voyance.com", true */ 'k', 'e', 't', 't', 'y', '-', 'v', 'o', 'y', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinapease.com", true */ 'k', 'e', 'v', 'i', 'n', 'a', 'p', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinbusse.de", true */ 'k', 'e', 'v', 'i', 'n', 'b', 'u', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "kevincox.ca", false */ 'k', 'e', 'v', 'i', 'n', 'c', 'o', 'x', '.', 'c', 'a', '\0',
+  /* "kevinfoley.cc", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'c', 'c', '\0',
+  /* "kevinfoley.org", true */ 'k', 'e', 'v', 'i', 'n', 'f', 'o', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "kevinhill.nl", true */ 'k', 'e', 'v', 'i', 'n', 'h', 'i', 'l', 'l', '.', 'n', 'l', '\0',
+  /* "kevinkla.es", true */ 'k', 'e', 'v', 'i', 'n', 'k', 'l', 'a', '.', 'e', 's', '\0',
+  /* "kevinlocke.name", true */ 'k', 'e', 'v', 'i', 'n', 'l', 'o', 'c', 'k', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "kevinmeijer.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'e', 'i', 'j', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "kevinmorssink.nl", true */ 'k', 'e', 'v', 'i', 'n', 'm', 'o', 'r', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "kevinpirnie.com", true */ 'k', 'e', 'v', 'i', 'n', 'p', 'i', 'r', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kevinratcliff.com", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'a', 't', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "kevinroebert.de", true */ 'k', 'e', 'v', 'i', 'n', 'r', 'o', 'e', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "kevlar.pw", true */ 'k', 'e', 'v', 'l', 'a', 'r', '.', 'p', 'w', '\0',
+  /* "kevyn.lu", true */ 'k', 'e', 'v', 'y', 'n', '.', 'l', 'u', '\0',
+  /* "kewego.co.uk", true */ 'k', 'e', 'w', 'e', 'g', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "keybase.io", true */ 'k', 'e', 'y', 'b', 'a', 's', 'e', '.', 'i', 'o', '\0',
+  /* "keybored.me", true */ 'k', 'e', 'y', 'b', 'o', 'r', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "keycdn.com", true */ 'k', 'e', 'y', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "keycenter.com.br", true */ 'k', 'e', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "keycontainers.co.za", true */ 'k', 'e', 'y', 'c', 'o', 'n', 't', 'a', 'i', 'n', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "keyerror.com", true */ 'k', 'e', 'y', 'e', 'r', 'r', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "keyholdingservices.co.uk", true */ 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "keyihao.cn", true */ 'k', 'e', 'y', 'i', 'h', 'a', 'o', '.', 'c', 'n', '\0',
+  /* "keyinfo.io", true */ 'k', 'e', 'y', 'i', 'n', 'f', 'o', '.', 'i', 'o', '\0',
+  /* "keypersonins.com", true */ 'k', 'e', 'y', 'p', 'e', 'r', 's', 'o', 'n', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "keys.fedoraproject.org", true */ 'k', 'e', 'y', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "keystoneok.com", true */ 'k', 'e', 'y', 's', 't', 'o', 'n', 'e', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "keysupport.org", true */ 'k', 'e', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "kf7joz.com", true */ 'k', 'f', '7', 'j', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "kfv-kiel.de", false */ 'k', 'f', 'v', '-', 'k', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kfz-hantschel.de", true */ 'k', 'f', 'z', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kgnk.ru", true */ 'k', 'g', 'n', 'k', '.', 'r', 'u', '\0',
+  /* "khanovaskola.cz", true */ 'k', 'h', 'a', 'n', 'o', 'v', 'a', 's', 'k', 'o', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "khas.co.uk", true */ 'k', 'h', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "khasiatmanfaat.com", true */ 'k', 'h', 'a', 's', 'i', 'a', 't', 'm', 'a', 'n', 'f', 'a', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kheshtar.pl", true */ 'k', 'h', 'e', 's', 'h', 't', 'a', 'r', '.', 'p', 'l', '\0',
+  /* "khetzal.info", true */ 'k', 'h', 'e', 't', 'z', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "khipu.com", true */ 'k', 'h', 'i', 'p', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "khlee.net", true */ 'k', 'h', 'l', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "khmath.com", true */ 'k', 'h', 'm', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "khmb.ru", true */ 'k', 'h', 'm', 'b', '.', 'r', 'u', '\0',
+  /* "khoury-dulla.ch", true */ 'k', 'h', 'o', 'u', 'r', 'y', '-', 'd', 'u', 'l', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "khs1994.com", true */ 'k', 'h', 's', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0',
+  /* "kiadoapartman.hu", true */ 'k', 'i', 'a', 'd', 'o', 'a', 'p', 'a', 'r', 't', 'm', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "kiahoriane.com", true */ 'k', 'i', 'a', 'h', 'o', 'r', 'i', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kiano.net", true */ 'k', 'i', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "kiapartscenter.net", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "kiapartsdepartment.com", true */ 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kiapps.ovh", true */ 'k', 'i', 'a', 'p', 'p', 's', '.', 'o', 'v', 'h', '\0',
+  /* "kibibit.net", true */ 'k', 'i', 'b', 'i', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "kibriscicek.net", true */ 'k', 'i', 'b', 'r', 'i', 's', 'c', 'i', 'c', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kick-in.nl", true */ 'k', 'i', 'c', 'k', '-', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "kickasscanadians.ca", true */ 'k', 'i', 'c', 'k', 'a', 's', 's', 'c', 'a', 'n', 'a', 'd', 'i', 'a', 'n', 's', '.', 'c', 'a', '\0',
+  /* "kickedmycat.com", true */ 'k', 'i', 'c', 'k', 'e', 'd', 'm', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kickerplaza.nl", true */ 'k', 'i', 'c', 'k', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'l', '\0',
+  /* "kiddyboom.ua", true */ 'k', 'i', 'd', 'd', 'y', 'b', 'o', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "kids-at-home.ch", true */ 'k', 'i', 'd', 's', '-', 'a', 't', '-', 'h', 'o', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "kids-castles.com", true */ 'k', 'i', 'd', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kidsforsavingearth.org", true */ 'k', 'i', 'd', 's', 'f', 'o', 'r', 's', 'a', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kidsinwoods-interfacesouth.org", true */ 'k', 'i', 'd', 's', 'i', 'n', 'w', 'o', 'o', 'd', 's', '-', 'i', 'n', 't', 'e', 'r', 'f', 'a', 'c', 'e', 's', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kidsmark.net", true */ 'k', 'i', 'd', 's', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kidsneversleep.com", true */ 'k', 'i', 'd', 's', 'n', 'e', 'v', 'e', 'r', 's', 'l', 'e', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kidsplay-plymouth.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', '-', 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidsplaybouncycastles.co.uk", true */ 'k', 'i', 'd', 's', 'p', 'l', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidswallstickers.com.au", true */ 'k', 'i', 'd', 's', 'w', 'a', 'l', 'l', 's', 't', 'i', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kidtoyshop.ru", true */ 'k', 'i', 'd', 't', 'o', 'y', 's', 'h', 'o', 'p', '.', 'r', 'u', '\0',
+  /* "kidzpartiesllp.co.uk", true */ 'k', 'i', 'd', 'z', 'p', 'a', 'r', 't', 'i', 'e', 's', 'l', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kidzsmile.co.uk", true */ 'k', 'i', 'd', 'z', 's', 'm', 'i', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kiebel.de", true */ 'k', 'i', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kiefer-networks.de", true */ 'k', 'i', 'e', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "kiehls.pt", true */ 'k', 'i', 'e', 'h', 'l', 's', '.', 'p', 't', '\0',
+  /* "kiekin.org", true */ 'k', 'i', 'e', 'k', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kiekko.pro", true */ 'k', 'i', 'e', 'k', 'k', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "kiel-kind.de", true */ 'k', 'i', 'e', 'l', '-', 'k', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "kielderweather.org.uk", true */ 'k', 'i', 'e', 'l', 'd', 'e', 'r', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kienlen.org", true */ 'k', 'i', 'e', 'n', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kiesuwkerstkaart.nl", true */ 'k', 'i', 'e', 's', 'u', 'w', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kiffmarks.com", true */ 'k', 'i', 'f', 'f', 'm', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kigmbh.com", true */ 'k', 'i', 'g', 'm', 'b', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kikbb.com", true */ 'k', 'i', 'k', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "kiki-voice.jp", true */ 'k', 'i', 'k', 'i', '-', 'v', 'o', 'i', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "kiku.pw", true */ 'k', 'i', 'k', 'u', '.', 'p', 'w', '\0',
+  /* "kikuzuki.org", true */ 'k', 'i', 'k', 'u', 'z', 'u', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kilerd.me", true */ 'k', 'i', 'l', 'e', 'r', 'd', '.', 'm', 'e', '\0',
+  /* "kilianvalkhof.com", true */ 'k', 'i', 'l', 'i', 'a', 'n', 'v', 'a', 'l', 'k', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "kill-paff.com", true */ 'k', 'i', 'l', 'l', '-', 'p', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "killaraapartments.com.au", true */ 'k', 'i', 'l', 'l', 'a', 'r', 'a', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "killerit.in", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'i', 't', '.', 'i', 'n', '\0',
+  /* "killerrobots.com", true */ 'k', 'i', 'l', 'l', 'e', 'r', 'r', 'o', 'b', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "killymoonbouncycastles.com", true */ 'k', 'i', 'l', 'l', 'y', 'm', 'o', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kilobyte22.de", true */ 'k', 'i', 'l', 'o', 'b', 'y', 't', 'e', '2', '2', '.', 'd', 'e', '\0',
+  /* "kilogram.nl", true */ 'k', 'i', 'l', 'o', 'g', 'r', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kilometertje.nl", true */ 'k', 'i', 'l', 'o', 'm', 'e', 't', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "kimamass.com", true */ 'k', 'i', 'm', 'a', 'm', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kimiris.com", true */ 'k', 'i', 'm', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kimisia.net", true */ 'k', 'i', 'm', 'i', 's', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kimmel.com", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kimmel.in", true */ 'k', 'i', 'm', 'm', 'e', 'l', '.', 'i', 'n', '\0',
+  /* "kimoota.net", false */ 'k', 'i', 'm', 'o', 'o', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kimotodental.com", true */ 'k', 'i', 'm', 'o', 't', 'o', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kimscrazeecastles.co.uk", true */ 'k', 'i', 'm', 's', 'c', 'r', 'a', 'z', 'e', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kimsufi-jordi.tk", true */ 'k', 'i', 'm', 's', 'u', 'f', 'i', '-', 'j', 'o', 'r', 'd', 'i', '.', 't', 'k', '\0',
+  /* "kin.pet", true */ 'k', 'i', 'n', '.', 'p', 'e', 't', '\0',
+  /* "kinderbasar-luhe.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'a', 's', 'a', 'r', '-', 'l', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "kinderbuecher-kostenlos.de", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'b', 'u', 'e', 'c', 'h', 'e', 'r', '-', 'k', 'o', 's', 't', 'e', 'n', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "kinderopvangengeltjes.nl", true */ 'k', 'i', 'n', 'd', 'e', 'r', 'o', 'p', 'v', 'a', 'n', 'g', 'e', 'n', 'g', 'e', 'l', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "kindleworth.com", true */ 'k', 'i', 'n', 'd', 'l', 'e', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "kinepolis-studio.be", true */ 'k', 'i', 'n', 'e', 'p', 'o', 'l', 'i', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'b', 'e', '\0',
+  /* "kinetiq.com", true */ 'k', 'i', 'n', 'e', 't', 'i', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "kineto.space", true */ 'k', 'i', 'n', 'e', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "king-henris-castles.co.uk", true */ 'k', 'i', 'n', 'g', '-', 'h', 'e', 'n', 'r', 'i', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "king-of-the-castles.com", true */ 'k', 'i', 'n', 'g', '-', 'o', 'f', '-', 't', 'h', 'e', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kingant.net", true */ 'k', 'i', 'n', 'g', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "kinganywhere.eu", true */ 'k', 'i', 'n', 'g', 'a', 'n', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "kingdomcrc.org", true */ 'k', 'i', 'n', 'g', 'd', 'o', 'm', 'c', 'r', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "kingiescastles.co.uk", true */ 'k', 'i', 'n', 'g', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kinglaksa.com", false */ 'k', 'i', 'n', 'g', 'l', 'a', 'k', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kingofshooting.com", true */ 'k', 'i', 'n', 'g', 'o', 'f', 's', 'h', 'o', 'o', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kingofthecastlecoventry.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 'c', 'o', 'v', 'e', 'n', 't', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesentertainments.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesouthwales.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'o', 'u', 't', 'h', 'w', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingofthecastlesrhyl.co.uk", true */ 'k', 'i', 'n', 'g', 'o', 'f', 't', 'h', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', 'r', 'h', 'y', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kingpincages.com", true */ 'k', 'i', 'n', 'g', 'p', 'i', 'n', 'c', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kingqueen.org.uk", true */ 'k', 'i', 'n', 'g', 'q', 'u', 'e', 'e', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kingstclinic.com", true */ 'k', 'i', 'n', 'g', 's', 't', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kingtecservices.com", true */ 'k', 'i', 'n', 'g', 't', 'e', 'c', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kini24.ru", true */ 'k', 'i', 'n', 'i', '2', '4', '.', 'r', 'u', '\0',
+  /* "kinkenonline.com", true */ 'k', 'i', 'n', 'k', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kinmunity.com", true */ 'k', 'i', 'n', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kinnikinnick.com", true */ 'k', 'i', 'n', 'n', 'i', 'k', 'i', 'n', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kinocheck.de", true */ 'k', 'i', 'n', 'o', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kinohled.cz", true */ 'k', 'i', 'n', 'o', 'h', 'l', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "kinomoto.me", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'm', 'e', '\0',
+  /* "kinomoto.ovh", true */ 'k', 'i', 'n', 'o', 'm', 'o', 't', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "kinow.com", true */ 'k', 'i', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "kinozal-tv.appspot.com", true */ 'k', 'i', 'n', 'o', 'z', 'a', 'l', '-', 't', 'v', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kinsights.com", false */ 'k', 'i', 'n', 's', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kinsmenhomelottery.com", true */ 'k', 'i', 'n', 's', 'm', 'e', 'n', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kintawifi.com", false */ 'k', 'i', 'n', 't', 'a', 'w', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kintone.com", true */ 'k', 'i', 'n', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kintore.tv", true */ 'k', 'i', 'n', 't', 'o', 'r', 'e', '.', 't', 'v', '\0',
+  /* "kintzingerfilm.de", true */ 'k', 'i', 'n', 't', 'z', 'i', 'n', 'g', 'e', 'r', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "kiocloud.com", true */ 'k', 'i', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kionetworks.es", true */ 'k', 'i', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'e', 's', '\0',
+  /* "kippenbart.gq", true */ 'k', 'i', 'p', 'p', 'e', 'n', 'b', 'a', 'r', 't', '.', 'g', 'q', '\0',
+  /* "kipriakipita.gr", true */ 'k', 'i', 'p', 'r', 'i', 'a', 'k', 'i', 'p', 'i', 't', 'a', '.', 'g', 'r', '\0',
+  /* "kiraboshi.xyz", true */ 'k', 'i', 'r', 'a', 'b', 'o', 's', 'h', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "kiragameforum.net", true */ 'k', 'i', 'r', 'a', 'g', 'a', 'm', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "kiraku.co", true */ 'k', 'i', 'r', 'a', 'k', 'u', '.', 'c', 'o', '\0',
+  /* "kirbear.com", true */ 'k', 'i', 'r', 'b', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kirche-dortmund-ost.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', '-', 'd', 'o', 'r', 't', 'm', 'u', 'n', 'd', '-', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "kirchen-im-web.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', '-', 'i', 'm', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "kirchengemeinde-markt-erlbach.de", true */ 'k', 'i', 'r', 'c', 'h', 'e', 'n', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kircp.com", true */ 'k', 'i', 'r', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kirei.se", true */ 'k', 'i', 'r', 'e', 'i', '.', 's', 'e', '\0',
+  /* "kirig.ph", false */ 'k', 'i', 'r', 'i', 'g', '.', 'p', 'h', '\0',
+  /* "kirillpokrovsky.de", true */ 'k', 'i', 'r', 'i', 'l', 'l', 'p', 'o', 'k', 'r', 'o', 'v', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "kirinas.com", true */ 'k', 'i', 'r', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kirkovsky.com", true */ 'k', 'i', 'r', 'k', 'o', 'v', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kirrie.pe.kr", true */ 'k', 'i', 'r', 'r', 'i', 'e', '.', 'p', 'e', '.', 'k', 'r', '\0',
+  /* "kirsch-gestaltung.de", true */ 'k', 'i', 'r', 's', 'c', 'h', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "kirschbaum.me", true */ 'k', 'i', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', '.', 'm', 'e', '\0',
+  /* "kirstenbos.ca", true */ 'k', 'i', 'r', 's', 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'a', '\0',
+  /* "kirstin-peters.de", true */ 'k', 'i', 'r', 's', 't', 'i', 'n', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "kis-toitoidixi.de", true */ 'k', 'i', 's', '-', 't', 'o', 'i', 't', 'o', 'i', 'd', 'i', 'x', 'i', '.', 'd', 'e', '\0',
+  /* "kisallatorvos.hu", true */ 'k', 'i', 's', 'a', 'l', 'l', 'a', 't', 'o', 'r', 'v', 'o', 's', '.', 'h', 'u', '\0',
+  /* "kisiselveri.com", true */ 'k', 'i', 's', 'i', 's', 'e', 'l', 'v', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kissflow.com", true */ 'k', 'i', 's', 's', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "kissgyms.com", true */ 'k', 'i', 's', 's', 'g', 'y', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kisskiss.ch", true */ 'k', 'i', 's', 's', 'k', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "kisstube.tv", true */ 'k', 'i', 's', 's', 't', 'u', 'b', 'e', '.', 't', 'v', '\0',
+  /* "kitbag.com.au", true */ 'k', 'i', 't', 'b', 'a', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kitchen-profi.by", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'b', 'y', '\0',
+  /* "kitchen-profi.com.ua", true */ 'k', 'i', 't', 'c', 'h', 'e', 'n', '-', 'p', 'r', 'o', 'f', 'i', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "kiteadventure.nl", true */ 'k', 'i', 't', 'e', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "kitegarage.eu", true */ 'k', 'i', 't', 'e', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'e', 'u', '\0',
+  /* "kiteschoolamsterdam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'a', 'm', 's', 't', 'e', 'r', 'd', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kiteschooledam.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'e', 'd', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "kiteschoolijmuiden.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'i', 'j', 'm', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kiteschoolkatwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'k', 'a', 't', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "kiteschoolnoordwijk.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'n', 'o', 'o', 'r', 'd', 'w', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "kiteschoolschellinkhout.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 's', 'c', 'h', 'e', 'l', 'l', 'i', 'n', 'k', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "kiteschoolwijkaanzee.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'w', 'i', 'j', 'k', 'a', 'a', 'n', 'z', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "kiteschoolzandvoort.nl", true */ 'k', 'i', 't', 'e', 's', 'c', 'h', 'o', 'o', 'l', 'z', 'a', 'n', 'd', 'v', 'o', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "kittmedia.com", true */ 'k', 'i', 't', 't', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kittpress.com", true */ 'k', 'i', 't', 't', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kittyhacker101.tk", true */ 'k', 'i', 't', 't', 'y', 'h', 'a', 'c', 'k', 'e', 'r', '1', '0', '1', '.', 't', 'k', '\0',
+  /* "kiwi.digital", true */ 'k', 'i', 'w', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "kiwi.global", true */ 'k', 'i', 'w', 'i', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "kiwico.com", true */ 'k', 'i', 'w', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kiwipayment.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kiwipayments.com", true */ 'k', 'i', 'w', 'i', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kiwiplace.com", true */ 'k', 'i', 'w', 'i', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kj-prince.com", true */ 'k', 'j', '-', 'p', 'r', 'i', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kjaer.io", true */ 'k', 'j', 'a', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "kjarni.cc", true */ 'k', 'j', 'a', 'r', 'n', 'i', '.', 'c', 'c', '\0',
+  /* "kjarrval.is", true */ 'k', 'j', 'a', 'r', 'r', 'v', 'a', 'l', '.', 'i', 's', '\0',
+  /* "kjellner.com", true */ 'k', 'j', 'e', 'l', 'l', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kjellvn.net", true */ 'k', 'j', 'e', 'l', 'l', 'v', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kk-neudorf-duissern.de", false */ 'k', 'k', '-', 'n', 'e', 'u', 'd', 'o', 'r', 'f', '-', 'd', 'u', 'i', 's', 's', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "kkaefer.com", true */ 'k', 'k', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kkaufmann.de", false */ 'k', 'k', 'a', 'u', 'f', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "kki.org", true */ 'k', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kkovacs.eu", true */ 'k', 'k', 'o', 'v', 'a', 'c', 's', '.', 'e', 'u', '\0',
+  /* "kks-karlstadt.de", true */ 'k', 'k', 's', '-', 'k', 'a', 'r', 'l', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "kksg.com", true */ 'k', 'k', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kkyy.me", true */ 'k', 'k', 'y', 'y', '.', 'm', 'e', '\0',
+  /* "kkzxak47.com", true */ 'k', 'k', 'z', 'x', 'a', 'k', '4', '7', '.', 'c', 'o', 'm', '\0',
+  /* "kl-diaetist.dk", true */ 'k', 'l', '-', 'd', 'i', 'a', 'e', 't', 'i', 's', 't', '.', 'd', 'k', '\0',
+  /* "klaim.us", true */ 'k', 'l', 'a', 'i', 'm', '.', 'u', 's', '\0',
+  /* "klamathrestoration.gov", true */ 'k', 'l', 'a', 'm', 'a', 't', 'h', 'r', 'e', 's', 't', 'o', 'r', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "klanggut.at", true */ 'k', 'l', 'a', 'n', 'g', 'g', 'u', 't', '.', 'a', 't', '\0',
+  /* "klares-licht.de", true */ 'k', 'l', 'a', 'r', 'e', 's', '-', 'l', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "klarika.com", true */ 'k', 'l', 'a', 'r', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klarmobil-empfehlen.de", true */ 'k', 'l', 'a', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "klasfauseweh.de", true */ 'k', 'l', 'a', 's', 'f', 'a', 'u', 's', 'e', 'w', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "klatschreime.de", true */ 'k', 'l', 'a', 't', 's', 'c', 'h', 'r', 'e', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "klausbrinch.dk", true */ 'k', 'l', 'a', 'u', 's', 'b', 'r', 'i', 'n', 'c', 'h', '.', 'd', 'k', '\0',
+  /* "klausimas.lt", true */ 'k', 'l', 'a', 'u', 's', 'i', 'm', 'a', 's', '.', 'l', 't', '\0',
+  /* "klaver.it", true */ 'k', 'l', 'a', 'v', 'e', 'r', '.', 'i', 't', '\0',
+  /* "klaw.xyz", true */ 'k', 'l', 'a', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "kle.cz", true */ 'k', 'l', 'e', '.', 'c', 'z', '\0',
+  /* "kleaning.by", true */ 'k', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'b', 'y', '\0',
+  /* "kleberstoff.xyz", true */ 'k', 'l', 'e', 'b', 'e', 'r', 's', 't', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "klebetape.de", true */ 'k', 'l', 'e', 'b', 'e', 't', 'a', 'p', 'e', '.', 'd', 'e', '\0',
+  /* "kledingrekken.nl", true */ 'k', 'l', 'e', 'd', 'i', 'n', 'g', 'r', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kleidertauschpartys.de", true */ 'k', 'l', 'e', 'i', 'd', 'e', 'r', 't', 'a', 'u', 's', 'c', 'h', 'p', 'a', 'r', 't', 'y', 's', '.', 'd', 'e', '\0',
+  /* "kleine-dingen.nl", true */ 'k', 'l', 'e', 'i', 'n', 'e', '-', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "kleineanfragen.de", true */ 'k', 'l', 'e', 'i', 'n', 'e', 'a', 'n', 'f', 'r', 'a', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kleinfein.co", true */ 'k', 'l', 'e', 'i', 'n', 'f', 'e', 'i', 'n', '.', 'c', 'o', '\0',
+  /* "kleinholding.com", true */ 'k', 'l', 'e', 'i', 'n', 'h', 'o', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kleinreich.de", true */ 'k', 'l', 'e', 'i', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kleinserienproduktion.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'e', 'r', 'i', 'e', 'n', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kleinsys.com", true */ 'k', 'l', 'e', 'i', 'n', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kleteckova.cz", true */ 'k', 'l', 'e', 't', 'e', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "klickstdu.com", true */ 'k', 'l', 'i', 'c', 'k', 's', 't', 'd', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "kliemann.me", true */ 'k', 'l', 'i', 'e', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "klif1.nl", true */ 'k', 'l', 'i', 'f', '1', '.', 'n', 'l', '\0',
+  /* "klimaloven.no", true */ 'k', 'l', 'i', 'm', 'a', 'l', 'o', 'v', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "klimapartner.de", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "klimapartner.net", true */ 'k', 'l', 'i', 'm', 'a', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "klimchuk.by", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'b', 'y', '\0',
+  /* "klimchuk.com", true */ 'k', 'l', 'i', 'm', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "klinikac.co.id", false */ 'k', 'l', 'i', 'n', 'i', 'k', 'a', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "klinkerstreet.com.ua", true */ 'k', 'l', 'i', 'n', 'k', 'e', 'r', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "klinknetz.de", true */ 'k', 'l', 'i', 'n', 'k', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "klm-huisjes.nl", true */ 'k', 'l', 'm', '-', 'h', 'u', 'i', 's', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "klmhouses.com", true */ 'k', 'l', 'm', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "klocker-ausserlechner.com", true */ 'k', 'l', 'o', 'c', 'k', 'e', 'r', '-', 'a', 'u', 's', 's', 'e', 'r', 'l', 'e', 'c', 'h', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kloia.com", true */ 'k', 'l', 'o', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klosko.net", true */ 'k', 'l', 'o', 's', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "klotz-labs.com", true */ 'k', 'l', 'o', 't', 'z', '-', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kls-agency.com.ua", true */ 'k', 'l', 's', '-', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "klssn.com", true */ 'k', 'l', 's', 's', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kluck.me", true */ 'k', 'l', 'u', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "klugemedia.de", true */ 'k', 'l', 'u', 'g', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "klustekeningen.nl", true */ 'k', 'l', 'u', 's', 't', 'e', 'k', 'e', 'n', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "klustermedia.com", true */ 'k', 'l', 'u', 's', 't', 'e', 'r', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "klva.cz", true */ 'k', 'l', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "km-net.pl", true */ 'k', 'm', '-', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "kmashworth.co.uk", true */ 'k', 'm', 'a', 's', 'h', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kmkz.jp", true */ 'k', 'm', 'k', 'z', '.', 'j', 'p', '\0',
+  /* "kmsci.com.ph", true */ 'k', 'm', 's', 'c', 'i', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "kn007.net", true */ 'k', 'n', '0', '0', '7', '.', 'n', 'e', 't', '\0',
+  /* "knaake.net", true */ 'k', 'n', 'a', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "knab-networks.com", true */ 'k', 'n', 'a', 'b', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "knapp.noip.me", true */ 'k', 'n', 'a', 'p', 'p', '.', 'n', 'o', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "knarcraft.net", true */ 'k', 'n', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "kncg.pw", true */ 'k', 'n', 'c', 'g', '.', 'p', 'w', '\0',
+  /* "kneblinghausen.de", true */ 'k', 'n', 'e', 'b', 'l', 'i', 'n', 'g', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "knegten-agilis.com", true */ 'k', 'n', 'e', 'g', 't', 'e', 'n', '-', 'a', 'g', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "knep.me", true */ 'k', 'n', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "kngk-azs.ru", true */ 'k', 'n', 'g', 'k', '-', 'a', 'z', 's', '.', 'r', 'u', '\0',
+  /* "kngk-group.ru", true */ 'k', 'n', 'g', 'k', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "kngk-transavto.ru", true */ 'k', 'n', 'g', 'k', '-', 't', 'r', 'a', 'n', 's', 'a', 'v', 't', 'o', '.', 'r', 'u', '\0',
+  /* "kngk.org", true */ 'k', 'n', 'g', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "kngkng.com", true */ 'k', 'n', 'g', 'k', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kniga.market", true */ 'k', 'n', 'i', 'g', 'a', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "knight-industries.org", true */ 'k', 'n', 'i', 'g', 'h', 't', '-', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "knightsblog.de", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "knightsbridge.net", true */ 'k', 'n', 'i', 'g', 'h', 't', 's', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "knip.ch", true */ 'k', 'n', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "kniwweler.com", true */ 'k', 'n', 'i', 'w', 'w', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "knnet.ch", true */ 'k', 'n', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "knot-store.com", true */ 'k', 'n', 'o', 't', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "knowledgehook.com", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'h', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "knowlevillagecc.co.uk", true */ 'k', 'n', 'o', 'w', 'l', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'c', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "knthost.com", true */ 'k', 'n', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "knurps.de", true */ 'k', 'n', 'u', 'r', 'p', 's', '.', 'd', 'e', '\0',
+  /* "knutur.is", true */ 'k', 'n', 'u', 't', 'u', 'r', '.', 'i', 's', '\0',
+  /* "knygos.lt", true */ 'k', 'n', 'y', 'g', 'o', 's', '.', 'l', 't', '\0',
+  /* "ko-sys.com", true */ 'k', 'o', '-', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ko.si", true */ 'k', 'o', '.', 's', 'i', '\0',
+  /* "koalapress.fr", true */ 'k', 'o', 'a', 'l', 'a', 'p', 'r', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "koalas.org", true */ 'k', 'o', 'a', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kobezda.net", true */ 'k', 'o', 'b', 'e', 'z', 'd', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kobieta.guru", true */ 'k', 'o', 'b', 'i', 'e', 't', 'a', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "kobofarm.com", true */ 'k', 'o', 'b', 'o', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "koboldcraft.ch", true */ 'k', 'o', 'b', 'o', 'l', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0',
+  /* "kobolya.hu", true */ 'k', 'o', 'b', 'o', 'l', 'y', 'a', '.', 'h', 'u', '\0',
+  /* "kodak-ism.com", true */ 'k', 'o', 'd', 'a', 'k', '-', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "kodden.com.br", true */ 'k', 'o', 'd', 'd', 'e', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kode-it.de", true */ 'k', 'o', 'd', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "kode.ch", true */ 'k', 'o', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "koebbes.de", true */ 'k', 'o', 'e', 'b', 'b', 'e', 's', '.', 'd', 'e', '\0',
+  /* "koelbli.ch", true */ 'k', 'o', 'e', 'l', 'b', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "koelnmafia.de", true */ 'k', 'o', 'e', 'l', 'n', 'm', 'a', 'f', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "koenen-bau.de", true */ 'k', 'o', 'e', 'n', 'e', 'n', '-', 'b', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "koenigsbrunner-tafel.de", true */ 'k', 'o', 'e', 'n', 'i', 'g', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '-', 't', 'a', 'f', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "koerper-wie-seele.de", false */ 'k', 'o', 'e', 'r', 'p', 'e', 'r', '-', 'w', 'i', 'e', '-', 's', 'e', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "koertner-muth.com", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "koertner-muth.de", true */ 'k', 'o', 'e', 'r', 't', 'n', 'e', 'r', '-', 'm', 'u', 't', 'h', '.', 'd', 'e', '\0',
+  /* "koethen-markt.de", true */ 'k', 'o', 'e', 't', 'h', 'e', 'n', '-', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0',
+  /* "koetjesenkanker.nl", true */ 'k', 'o', 'e', 't', 'j', 'e', 's', 'e', 'n', 'k', 'a', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "kofler.info", true */ 'k', 'o', 'f', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kogak.ninja", true */ 'k', 'o', 'g', 'a', 'k', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "kogi.fr", true */ 'k', 'o', 'g', 'i', '.', 'f', 'r', '\0',
+  /* "kogro.de", true */ 'k', 'o', 'g', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "kogudesi.com", true */ 'k', 'o', 'g', 'u', 'd', 'e', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "koha.be", true */ 'k', 'o', 'h', 'a', '.', 'b', 'e', '\0',
+  /* "kohlistkool.tk", true */ 'k', 'o', 'h', 'l', 'i', 's', 't', 'k', 'o', 'o', 'l', '.', 't', 'k', '\0',
+  /* "koho.fi", true */ 'k', 'o', 'h', 'o', '.', 'f', 'i', '\0',
+  /* "kohsandra.com", true */ 'k', 'o', 'h', 's', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "koi-sama.net", true */ 'k', 'o', 'i', '-', 's', 'a', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "koifish.org", true */ 'k', 'o', 'i', 'f', 'i', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "kokensupport.com", true */ 'k', 'o', 'k', 'e', 'n', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "koketteriet.se", true */ 'k', 'o', 'k', 'e', 't', 't', 'e', 'r', 'i', 'e', 't', '.', 's', 'e', '\0',
+  /* "kokumoto.com", true */ 'k', 'o', 'k', 'u', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "koldanews.com", true */ 'k', 'o', 'l', 'd', 'a', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kolin.org", true */ 'k', 'o', 'l', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kolizaskrap.bg", true */ 'k', 'o', 'l', 'i', 'z', 'a', 's', 'k', 'r', 'a', 'p', '.', 'b', 'g', '\0',
+  /* "kolja-engelmann.de", true */ 'k', 'o', 'l', 'j', 'a', '-', 'e', 'n', 'g', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "kolkataflowermall.com", true */ 'k', 'o', 'l', 'k', 'a', 't', 'a', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kollect.ie", true */ 'k', 'o', 'l', 'l', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "kollega.it", true */ 'k', 'o', 'l', 'l', 'e', 'g', 'a', '.', 'i', 't', '\0',
+  /* "kolmann.at", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0',
+  /* "kolmann.eu", true */ 'k', 'o', 'l', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "koluke.co", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', '\0',
+  /* "koluke.com", true */ 'k', 'o', 'l', 'u', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "komandakovalchuk.com", false */ 'k', 'o', 'm', 'a', 'n', 'd', 'a', 'k', 'o', 'v', 'a', 'l', 'c', 'h', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "komicloud.com", true */ 'k', 'o', 'm', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "komidoc.com", true */ 'k', 'o', 'm', 'i', 'd', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kominfo.go.id", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "kominfo.net", true */ 'k', 'o', 'm', 'i', 'n', 'f', 'o', '.', 'n', 'e', 't', '\0',
+  /* "kominki-sauny.pl", true */ 'k', 'o', 'm', 'i', 'n', 'k', 'i', '-', 's', 'a', 'u', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "komintek.ru", true */ 'k', 'o', 'm', 'i', 'n', 't', 'e', 'k', '.', 'r', 'u', '\0',
+  /* "komischkeszeug.de", true */ 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', 's', 'z', 'e', 'u', 'g', '.', 'd', 'e', '\0',
+  /* "kommune42.org", true */ 'k', 'o', 'm', 'm', 'u', 'n', 'e', '4', '2', '.', 'o', 'r', 'g', '\0',
+  /* "komoju.com", true */ 'k', 'o', 'm', 'o', 'j', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "komok.co.uk", true */ 'k', 'o', 'm', 'o', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kompetenzkurs.de", true */ 'k', 'o', 'm', 'p', 'e', 't', 'e', 'n', 'z', 'k', 'u', 'r', 's', '.', 'd', 'e', '\0',
+  /* "kon-sil.de", true */ 'k', 'o', 'n', '-', 's', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "kondi.net", true */ 'k', 'o', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "kondou-butsudan.com", true */ 'k', 'o', 'n', 'd', 'o', 'u', '-', 'b', 'u', 't', 's', 'u', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kongar.org", true */ 'k', 'o', 'n', 'g', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "koniecfica.sk", true */ 'k', 'o', 'n', 'i', 'e', 'c', 'f', 'i', 'c', 'a', '.', 's', 'k', '\0',
+  /* "konijntjes.nl", true */ 'k', 'o', 'n', 'i', 'j', 'n', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "konings.it", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', '.', 'i', 't', '\0',
+  /* "koningskwartiertje.nl", true */ 'k', 'o', 'n', 'i', 'n', 'g', 's', 'k', 'w', 'a', 'r', 't', 'i', 'e', 'r', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "konklone.com", true */ 'k', 'o', 'n', 'k', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "konkurs.ba", true */ 'k', 'o', 'n', 'k', 'u', 'r', 's', '.', 'b', 'a', '\0',
+  /* "konoe.studio", true */ 'k', 'o', 'n', 'o', 'e', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "konosuke.jp", true */ 'k', 'o', 'n', 'o', 's', 'u', 'k', 'e', '.', 'j', 'p', '\0',
+  /* "konsertoversikt.no", true */ 'k', 'o', 'n', 's', 'e', 'r', 't', 'o', 'v', 'e', 'r', 's', 'i', 'k', 't', '.', 'n', 'o', '\0',
+  /* "konst.se", true */ 'k', 'o', 'n', 's', 't', '.', 's', 'e', '\0',
+  /* "kontakthuman.hu", true */ 'k', 'o', 'n', 't', 'a', 'k', 't', 'h', 'u', 'm', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "kontaxis.org", true */ 'k', 'o', 'n', 't', 'a', 'x', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "kontorhaus-schlachte.de", true */ 'k', 'o', 'n', 't', 'o', 'r', 'h', 'a', 'u', 's', '-', 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', '.', 'd', 'e', '\0',
+  /* "konyalian.com", true */ 'k', 'o', 'n', 'y', 'a', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "konzertheld.de", true */ 'k', 'o', 'n', 'z', 'e', 'r', 't', 'h', 'e', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "koodimasin.ee", true */ 'k', 'o', 'o', 'd', 'i', 'm', 'a', 's', 'i', 'n', '.', 'e', 'e', '\0',
+  /* "koolikatsed.ee", true */ 'k', 'o', 'o', 'l', 'i', 'k', 'a', 't', 's', 'e', 'd', '.', 'e', 'e', '\0',
+  /* "kooponline.eu", true */ 'k', 'o', 'o', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "koot.nl", true */ 'k', 'o', 'o', 't', '.', 'n', 'l', '\0',
+  /* "kopfkrieg.org", true */ 'k', 'o', 'p', 'f', 'k', 'r', 'i', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "koptev.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', '.', 'r', 'u', '\0',
+  /* "kopteva.ru", true */ 'k', 'o', 'p', 't', 'e', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "kopular.com", true */ 'k', 'o', 'p', 'u', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kopykatz.org", false */ 'k', 'o', 'p', 'y', 'k', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "korea.dating", true */ 'k', 'o', 'r', 'e', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "koreaboo.com", true */ 'k', 'o', 'r', 'e', 'a', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "koretech.nl", true */ 'k', 'o', 'r', 'e', 't', 'e', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "korinar.com", true */ 'k', 'o', 'r', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "korobi.io", true */ 'k', 'o', 'r', 'o', 'b', 'i', '.', 'i', 'o', '\0',
+  /* "korobkovsky.ru", true */ 'k', 'o', 'r', 'o', 'b', 'k', 'o', 'v', 's', 'k', 'y', '.', 'r', 'u', '\0',
+  /* "korono.de", true */ 'k', 'o', 'r', 'o', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "korosiprogram.hu", true */ 'k', 'o', 'r', 'o', 's', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0',
+  /* "korp.fr", true */ 'k', 'o', 'r', 'p', '.', 'f', 'r', '\0',
+  /* "korrelzout.nl", true */ 'k', 'o', 'r', 'r', 'e', 'l', 'z', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "kortgebyr.dk", true */ 'k', 'o', 'r', 't', 'g', 'e', 'b', 'y', 'r', '.', 'd', 'k', '\0',
+  /* "koryfi.com", true */ 'k', 'o', 'r', 'y', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kosaki.moe", true */ 'k', 'o', 's', 'a', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "koscielniak-nieruchomosci.pl", true */ 'k', 'o', 's', 'c', 'i', 'e', 'l', 'n', 'i', 'a', 'k', '-', 'n', 'i', 'e', 'r', 'u', 'c', 'h', 'o', 'm', 'o', 's', 'c', 'i', '.', 'p', 'l', '\0',
+  /* "kosho.org", true */ 'k', 'o', 's', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kosmetik-grothe.de", true */ 'k', 'o', 's', 'm', 'e', 't', 'i', 'k', '-', 'g', 'r', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "kostecki.com", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kostecki.org", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "kostecki.tel", true */ 'k', 'o', 's', 't', 'e', 'c', 'k', 'i', '.', 't', 'e', 'l', '\0',
+  /* "kostya.net", false */ 'k', 'o', 's', 't', 'y', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kostya.ws", true */ 'k', 'o', 's', 't', 'y', 'a', '.', 'w', 's', '\0',
+  /* "kotausaha.com", true */ 'k', 'o', 't', 'a', 'u', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kotelezobiztositas.eu", true */ 'k', 'o', 't', 'e', 'l', 'e', 'z', 'o', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'e', 'u', '\0',
+  /* "kotilinkki.fi", true */ 'k', 'o', 't', 'i', 'l', 'i', 'n', 'k', 'k', 'i', '.', 'f', 'i', '\0',
+  /* "kotitesti.fi", true */ 'k', 'o', 't', 'i', 't', 'e', 's', 't', 'i', '.', 'f', 'i', '\0',
+  /* "kotomei.moe", true */ 'k', 'o', 't', 'o', 'm', 'e', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "kotori.love", true */ 'k', 'o', 't', 'o', 'r', 'i', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "kottur.is", true */ 'k', 'o', 't', 't', 'u', 'r', '.', 'i', 's', '\0',
+  /* "koumuwin.com", true */ 'k', 'o', 'u', 'm', 'u', 'w', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "koushinjo.org", true */ 'k', 'o', 'u', 's', 'h', 'i', 'n', 'j', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kov.space", true */ 'k', 'o', 'v', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "kovaldo.ru", true */ 'k', 'o', 'v', 'a', 'l', 'd', 'o', '.', 'r', 'u', '\0',
+  /* "kovals.sk", true */ 'k', 'o', 'v', 'a', 'l', 's', '.', 's', 'k', '\0',
+  /* "kovnsk.net", true */ 'k', 'o', 'v', 'n', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "kovspace.com", true */ 'k', 'o', 'v', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kowalmik.tk", true */ 'k', 'o', 'w', 'a', 'l', 'm', 'i', 'k', '.', 't', 'k', '\0',
+  /* "kowarschick.de", true */ 'k', 'o', 'w', 'a', 'r', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kowshiksundararajan.com", true */ 'k', 'o', 'w', 's', 'h', 'i', 'k', 's', 'u', 'n', 'd', 'a', 'r', 'a', 'r', 'a', 'j', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "koyaanis.com", true */ 'k', 'o', 'y', 'a', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kozuch.biz", true */ 'k', 'o', 'z', 'u', 'c', 'h', '.', 'b', 'i', 'z', '\0',
+  /* "kpebetka.net", true */ 'k', 'p', 'e', 'b', 'e', 't', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kpfanworld.com", true */ 'k', 'p', 'f', 'a', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kpinvest.eu", true */ 'k', 'p', 'i', 'n', 'v', 'e', 's', 't', '.', 'e', 'u', '\0',
+  /* "kplasticsurgery.com", true */ 'k', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kplnet.net", true */ 'k', 'p', 'l', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "kpmgpublications.ie", true */ 'k', 'p', 'm', 'g', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'i', 'e', '\0',
+  /* "kpn-dnssec.com", true */ 'k', 'p', 'n', '-', 'd', 'n', 's', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kpop.re", true */ 'k', 'p', 'o', 'p', '.', 'r', 'e', '\0',
+  /* "kpumuk.info", true */ 'k', 'p', 'u', 'm', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "kpvpn.com", true */ 'k', 'p', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kpx1.de", true */ 'k', 'p', 'x', '1', '.', 'd', 'e', '\0',
+  /* "kr.search.yahoo.com", false */ 'k', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "krachtinverbinding.nl", true */ 'k', 'r', 'a', 'c', 'h', 't', 'i', 'n', 'v', 'e', 'r', 'b', 'i', 'n', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "kradalby.no", true */ 'k', 'r', 'a', 'd', 'a', 'l', 'b', 'y', '.', 'n', 'o', '\0',
+  /* "kraft.blog", true */ 'k', 'r', 'a', 'f', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "kraft.im", true */ 'k', 'r', 'a', 'f', 't', '.', 'i', 'm', '\0',
+  /* "krag.be", true */ 'k', 'r', 'a', 'g', '.', 'b', 'e', '\0',
+  /* "kraga.sk", true */ 'k', 'r', 'a', 'g', 'a', '.', 's', 'k', '\0',
+  /* "kraiwan.com", true */ 'k', 'r', 'a', 'i', 'w', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kraiwon.com", true */ 'k', 'r', 'a', 'i', 'w', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kraken.io", true */ 'k', 'r', 'a', 'k', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "kralik.io", true */ 'k', 'r', 'a', 'l', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "kralovstvimap.cz", true */ 'k', 'r', 'a', 'l', 'o', 'v', 's', 't', 'v', 'i', 'm', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "kram.nz", true */ 'k', 'r', 'a', 'm', '.', 'n', 'z', '\0',
+  /* "krambeutel.de", true */ 'k', 'r', 'a', 'm', 'b', 'e', 'u', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kramsj.uk", true */ 'k', 'r', 'a', 'm', 's', 'j', '.', 'u', 'k', '\0',
+  /* "krang.org.uk", true */ 'k', 'r', 'a', 'n', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "krasavchik.by", true */ 'k', 'r', 'a', 's', 'a', 'v', 'c', 'h', 'i', 'k', '.', 'b', 'y', '\0',
+  /* "krasota.ru", false */ 'k', 'r', 'a', 's', 'o', 't', 'a', '.', 'r', 'u', '\0',
+  /* "krasovsky.me", true */ 'k', 'r', 'a', 's', 'o', 'v', 's', 'k', 'y', '.', 'm', 'e', '\0',
+  /* "krautomat.com", true */ 'k', 'r', 'a', 'u', 't', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kraynik.com", true */ 'k', 'r', 'a', 'y', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "krazykastles.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krazykoolkastles.com", true */ 'k', 'r', 'a', 'z', 'y', 'k', 'o', 'o', 'l', 'k', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "krazyphotobooths.co.uk", true */ 'k', 'r', 'a', 'z', 'y', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krc.link", true */ 'k', 'r', 'c', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "kreationnext.com", true */ 'k', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'n', 'e', 'x', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kreativelabs.ch", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'l', 'a', 'b', 's', '.', 'c', 'h', '\0',
+  /* "kreativstrecke.de", true */ 'k', 'r', 'e', 'a', 't', 'i', 'v', 's', 't', 'r', 'e', 'c', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "kredit-abzocke.com", true */ 'k', 'r', 'e', 'd', 'i', 't', '-', 'a', 'b', 'z', 'o', 'c', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kredite24.de", true */ 'k', 'r', 'e', 'd', 'i', 't', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "kreditkacs.cz", true */ 'k', 'r', 'e', 'd', 'i', 't', 'k', 'a', 'c', 's', '.', 'c', 'z', '\0',
+  /* "kreen.org", true */ 'k', 'r', 'e', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "kremalicious.com", true */ 'k', 'r', 'e', 'm', 'a', 'l', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kretschmann.consulting", true */ 'k', 'r', 'e', 't', 's', 'c', 'h', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "kreuzpfadfinder.de", true */ 'k', 'r', 'e', 'u', 'z', 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "kreza.de", true */ 'k', 'r', 'e', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "kriechel.de", true */ 'k', 'r', 'i', 'e', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "kriegskindernothilfe.de", true */ 'k', 'r', 'i', 'e', 'g', 's', 'k', 'i', 'n', 'd', 'e', 'r', 'n', 'o', 't', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "krinetzki.de", true */ 'k', 'r', 'i', 'n', 'e', 't', 'z', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "krislamoureux.com", true */ 'k', 'r', 'i', 's', 'l', 'a', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "krismurray.co.uk", true */ 'k', 'r', 'i', 's', 'm', 'u', 'r', 'r', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krisstarkey.co.uk", true */ 'k', 'r', 'i', 's', 's', 't', 'a', 'r', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "krist.club", true */ 'k', 'r', 'i', 's', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "kristikala.nl", true */ 'k', 'r', 'i', 's', 't', 'i', 'k', 'a', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "kristinbailey.com", true */ 'k', 'r', 'i', 's', 't', 'i', 'n', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "kristofdv.be", true */ 'k', 'r', 'i', 's', 't', 'o', 'f', 'd', 'v', '.', 'b', 'e', '\0',
+  /* "krizek.cc", true */ 'k', 'r', 'i', 'z', 'e', 'k', '.', 'c', 'c', '\0',
+  /* "krizevci.info", true */ 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "krmeni.cz", true */ 'k', 'r', 'm', 'e', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "krokedil.se", true */ 'k', 'r', 'o', 'k', 'e', 'd', 'i', 'l', '.', 's', 'e', '\0',
+  /* "krokodent.de", true */ 'k', 'r', 'o', 'k', 'o', 'd', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "kromamoveis.com.br", true */ 'k', 'r', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "kromonos.net", true */ 'k', 'r', 'o', 'm', 'o', 'n', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "kronaw.it", true */ 'k', 'r', 'o', 'n', 'a', 'w', '.', 'i', 't', '\0',
+  /* "krony.de", true */ 'k', 'r', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "kroon.email", true */ 'k', 'r', 'o', 'o', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "kropkait.pl", true */ 'k', 'r', 'o', 'p', 'k', 'a', 'i', 't', '.', 'p', 'l', '\0',
+  /* "krsn.de", true */ 'k', 'r', 's', 'n', '.', 'd', 'e', '\0',
+  /* "krugermillions.org", true */ 'k', 'r', 'u', 'g', 'e', 'r', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "krugoval.hr", true */ 'k', 'r', 'u', 'g', 'o', 'v', 'a', 'l', '.', 'h', 'r', '\0',
+  /* "kruin.net", true */ 'k', 'r', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kruisselbrink.com", true */ 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kruk.co", true */ 'k', 'r', 'u', 'k', '.', 'c', 'o', '\0',
+  /* "krumberconsulting.com", true */ 'k', 'r', 'u', 'm', 'b', 'e', 'r', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "krupa.net.pl", false */ 'k', 'r', 'u', 'p', 'a', '.', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "krutka.cz", true */ 'k', 'r', 'u', 't', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "kruu.de", true */ 'k', 'r', 'u', 'u', '.', 'd', 'e', '\0',
+  /* "kry.no", true */ 'k', 'r', 'y', '.', 'n', 'o', '\0',
+  /* "kry.se", true */ 'k', 'r', 'y', '.', 's', 'e', '\0',
+  /* "kryglik.com", true */ 'k', 'r', 'y', 'g', 'l', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "krypsys.com", true */ 'k', 'r', 'y', 'p', 's', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "krypt.com", true */ 'k', 'r', 'y', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kryptera.se", true */ 'k', 'r', 'y', 'p', 't', 'e', 'r', 'a', '.', 's', 'e', '\0',
+  /* "kryx.de", true */ 'k', 'r', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "ks-watch.de", true */ 'k', 's', '-', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "kschv-rdeck.de", true */ 'k', 's', 'c', 'h', 'v', '-', 'r', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kshlm.in", true */ 'k', 's', 'h', 'l', 'm', '.', 'i', 'n', '\0',
+  /* "kspg.tv", true */ 'k', 's', 'p', 'g', '.', 't', 'v', '\0',
+  /* "kswcosmetics.com", true */ 'k', 's', 'w', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ktbnetbank.com", true */ 'k', 't', 'b', 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "kthnxbai.xyz", true */ 'k', 't', 'h', 'n', 'x', 'b', 'a', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "kts-thueringen.de", true */ 'k', 't', 's', '-', 't', 'h', 'u', 'e', 'r', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ktsee.eu.org", true */ 'k', 't', 's', 'e', 'e', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ktw.lv", true */ 'k', 't', 'w', '.', 'l', 'v', '\0',
+  /* "ku.io", true */ 'k', 'u', '.', 'i', 'o', '\0',
+  /* "kualo.co.uk", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kualo.com", true */ 'k', 'u', 'a', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kualo.in", true */ 'k', 'u', 'a', 'l', 'o', '.', 'i', 'n', '\0',
+  /* "kuaza.com", true */ 'k', 'u', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kub.hr", true */ 'k', 'u', 'b', '.', 'h', 'r', '\0',
+  /* "kubik-rubik.de", false */ 'k', 'u', 'b', 'i', 'k', '-', 'r', 'u', 'b', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "kubiwa.net", true */ 'k', 'u', 'b', 'i', 'w', 'a', '.', 'n', 'e', 't', '\0',
+  /* "kubkprf.ru", true */ 'k', 'u', 'b', 'k', 'p', 'r', 'f', '.', 'r', 'u', '\0',
+  /* "kuchenschock.de", true */ 'k', 'u', 'c', 'h', 'e', 'n', 's', 'c', 'h', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "kuchentraum.eu", true */ 'k', 'u', 'c', 'h', 'e', 'n', 't', 'r', 'a', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "kucheryavenkovn.ru", true */ 'k', 'u', 'c', 'h', 'e', 'r', 'y', 'a', 'v', 'e', 'n', 'k', 'o', 'v', 'n', '.', 'r', 'u', '\0',
+  /* "kucnibudzet.com", true */ 'k', 'u', 'c', 'n', 'i', 'b', 'u', 'd', 'z', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kueche-co.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', '-', 'c', 'o', '.', 'd', 'e', '\0',
+  /* "kuechenprofi-group.de", true */ 'k', 'u', 'e', 'c', 'h', 'e', 'n', 'p', 'r', 'o', 'f', 'i', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "kuehndel.org", true */ 'k', 'u', 'e', 'h', 'n', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kuehnel-bs.de", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'b', 's', '.', 'd', 'e', '\0',
+  /* "kuehnel-online.eu", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "kuehnel.org", true */ 'k', 'u', 'e', 'h', 'n', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "kuemmerlin.eu", true */ 'k', 'u', 'e', 'm', 'm', 'e', 'r', 'l', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "kuemmling.eu", true */ 'k', 'u', 'e', 'm', 'm', 'l', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "kuhn-elektrotechnik.de", true */ 'k', 'u', 'h', 'n', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "kujadin.de", true */ 'k', 'u', 'j', 'a', 'd', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "kukal.cz", true */ 'k', 'u', 'k', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "kuketz-blog.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "kuketz-security.de", true */ 'k', 'u', 'k', 'e', 't', 'z', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "kulde.net", true */ 'k', 'u', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kulivps.com", true */ 'k', 'u', 'l', 'i', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "kuma.es", true */ 'k', 'u', 'm', 'a', '.', 'e', 's', '\0',
+  /* "kumachan.biz", true */ 'k', 'u', 'm', 'a', 'c', 'h', 'a', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "kumalog.com", true */ 'k', 'u', 'm', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "kumasanda.jp", true */ 'k', 'u', 'm', 'a', 's', 'a', 'n', 'd', 'a', '.', 'j', 'p', '\0',
+  /* "kundenerreichen.com", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kundenerreichen.de", true */ 'k', 'u', 'n', 'd', 'e', 'n', 'e', 'r', 'r', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kundo.se", true */ 'k', 'u', 'n', 'd', 'o', '.', 's', 'e', '\0',
+  /* "kungerkueken.de", true */ 'k', 'u', 'n', 'g', 'e', 'r', 'k', 'u', 'e', 'k', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "kunstundunrat.de", true */ 'k', 'u', 'n', 's', 't', 'u', 'n', 'd', 'u', 'n', 'r', 'a', 't', '.', 'd', 'e', '\0',
+  /* "kuoruan.com", true */ 'k', 'u', 'o', 'r', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kupferstichshop.com", true */ 'k', 'u', 'p', 'f', 'e', 'r', 's', 't', 'i', 'c', 'h', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "kupid.com", true */ 'k', 'u', 'p', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kupiec.eu.org", true */ 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kupimlot.ru", true */ 'k', 'u', 'p', 'i', 'm', 'l', 'o', 't', '.', 'r', 'u', '\0',
+  /* "kuponrazzi.com", true */ 'k', 'u', 'p', 'o', 'n', 'r', 'a', 'z', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kuponydoher.cz", true */ 'k', 'u', 'p', 'o', 'n', 'y', 'd', 'o', 'h', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "kupschke.net", true */ 'k', 'u', 'p', 's', 'c', 'h', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kurashino-mall.com", true */ 'k', 'u', 'r', 'a', 's', 'h', 'i', 'n', 'o', '-', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kurofuku.me", true */ 'k', 'u', 'r', 'o', 'f', 'u', 'k', 'u', '.', 'm', 'e', '\0',
+  /* "kuroisalva.xyz", false */ 'k', 'u', 'r', 'o', 'i', 's', 'a', 'l', 'v', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kurona.ga", true */ 'k', 'u', 'r', 'o', 'n', 'a', '.', 'g', 'a', '\0',
+  /* "kuronekogaro.com", true */ 'k', 'u', 'r', 'o', 'n', 'e', 'k', 'o', 'g', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kurrietv.nl", true */ 'k', 'u', 'r', 'r', 'i', 'e', 't', 'v', '.', 'n', 'l', '\0',
+  /* "kurschies.de", true */ 'k', 'u', 'r', 's', 'c', 'h', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "kursprogramisty.pl", true */ 'k', 'u', 'r', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'i', 's', 't', 'y', '.', 'p', 'l', '\0',
+  /* "kurswahl-online.de", true */ 'k', 'u', 'r', 's', 'w', 'a', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "kurtschlatzer.com", true */ 'k', 'u', 'r', 't', 's', 'c', 'h', 'l', 'a', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kuruppa.xyz", true */ 'k', 'u', 'r', 'u', 'p', 'p', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kuschku.de", true */ 'k', 'u', 's', 'c', 'h', 'k', 'u', '.', 'd', 'e', '\0',
+  /* "kusdaryanto.web.id", true */ 'k', 'u', 's', 'd', 'a', 'r', 'y', 'a', 'n', 't', 'o', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "kushtikidsparties.co.uk", true */ 'k', 'u', 's', 'h', 't', 'i', 'k', 'i', 'd', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kusochi.eu", true */ 'k', 'u', 's', 'o', 'c', 'h', 'i', '.', 'e', 'u', '\0',
+  /* "kutinsoft.com", true */ 'k', 'u', 't', 'i', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kutny.cz", true */ 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "kutsankaplan.com", true */ 'k', 'u', 't', 's', 'a', 'n', 'k', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "kutukupret.com", true */ 'k', 'u', 't', 'u', 'k', 'u', 'p', 'r', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kutus.ee", true */ 'k', 'u', 't', 'u', 's', '.', 'e', 'e', '\0',
+  /* "kuwago.io", true */ 'k', 'u', 'w', 'a', 'g', 'o', '.', 'i', 'o', '\0',
+  /* "kuzbass-pwl.ru", true */ 'k', 'u', 'z', 'b', 'a', 's', 's', '-', 'p', 'w', 'l', '.', 'r', 'u', '\0',
+  /* "kvalita-1a.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'a', '-', '1', 'a', '.', 'c', 'z', '\0',
+  /* "kvalitnitesneni.cz", true */ 'k', 'v', 'a', 'l', 'i', 't', 'n', 'i', 't', 'e', 's', 'n', 'e', 'n', 'i', '.', 'c', 'z', '\0',
+  /* "kvcc.com.au", true */ 'k', 'v', 'c', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kvetinymilt.cz", true */ 'k', 'v', 'e', 't', 'i', 'n', 'y', 'm', 'i', 'l', 't', '.', 'c', 'z', '\0',
+  /* "kvhile.com", true */ 'k', 'v', 'h', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kvilt.dk", true */ 'k', 'v', 'i', 'l', 't', '.', 'd', 'k', '\0',
+  /* "kvn.tf", true */ 'k', 'v', 'n', '.', 't', 'f', '\0',
+  /* "kvpc.com.au", true */ 'k', 'v', 'p', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "kwat.chat", true */ 'k', 'w', 'a', 't', '.', 'c', 'h', 'a', 't', '\0',
+  /* "kwbresidential.com", true */ 'k', 'w', 'b', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kwcolville.com", true */ 'k', 'w', 'c', 'o', 'l', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "kwedo.com", true */ 'k', 'w', 'e', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kwidz.fr", true */ 'k', 'w', 'i', 'd', 'z', '.', 'f', 'r', '\0',
+  /* "kwipi.com", true */ 'k', 'w', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kwmr.me", true */ 'k', 'w', 'm', 'r', '.', 'm', 'e', '\0',
+  /* "kwok.cc", true */ 'k', 'w', 'o', 'k', '.', 'c', 'c', '\0',
+  /* "kwyxz.org", true */ 'k', 'w', 'y', 'x', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "kxah35.com", true */ 'k', 'x', 'a', 'h', '3', '5', '.', 'c', 'o', 'm', '\0',
+  /* "kxnrl.com", true */ 'k', 'x', 'n', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "kyberna.xyz", true */ 'k', 'y', 'b', 'e', 'r', 'n', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "kybi.sk", true */ 'k', 'y', 'b', 'i', '.', 's', 'k', '\0',
+  /* "kydara.com", true */ 'k', 'y', 'd', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kykoonn.net", true */ 'k', 'y', 'k', 'o', 'o', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "kyledrake.net", true */ 'k', 'y', 'l', 'e', 'd', 'r', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "kylejohnson.io", true */ 'k', 'y', 'l', 'e', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "kylelaker.com", true */ 'k', 'y', 'l', 'e', 'l', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "kylerwood.com", true */ 'k', 'y', 'l', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "kylescastles.co.uk", true */ 'k', 'y', 'l', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyliehunt.com", true */ 'k', 'y', 'l', 'i', 'e', 'h', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "kylinj.com", false */ 'k', 'y', 'l', 'i', 'n', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "kymo.org", true */ 'k', 'y', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kynaston.org.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "kynastonwedding.co.uk", true */ 'k', 'y', 'n', 'a', 's', 't', 'o', 'n', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyoko.org", true */ 'k', 'y', 'o', 'k', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "kyonagashima.com", true */ 'k', 'y', 'o', 'n', 'a', 'g', 'a', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "kyosaku.org", true */ 'k', 'y', 'o', 's', 'a', 'k', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kyoto-k9.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'k', '9', '.', 'c', 'o', 'm', '\0',
+  /* "kyoto-mic.com", true */ 'k', 'y', 'o', 't', 'o', '-', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "kyoto-tomikawa.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'i', 'k', 'a', 'w', 'a', '.', 'j', 'p', '\0',
+  /* "kyoto-tomoshibi.jp", true */ 'k', 'y', 'o', 't', 'o', '-', 't', 'o', 'm', 'o', 's', 'h', 'i', 'b', 'i', '.', 'j', 'p', '\0',
+  /* "kyras-castles.co.uk", true */ 'k', 'y', 'r', 'a', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "kyunyuki.com", true */ 'k', 'y', 'u', 'n', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "kyusyu.org", true */ 'k', 'y', 'u', 's', 'y', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "kyy.me", true */ 'k', 'y', 'y', '.', 'm', 'e', '\0',
+  /* "kz.search.yahoo.com", false */ 'k', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "kzsdabas.hu", true */ 'k', 'z', 's', 'd', 'a', 'b', 'a', 's', '.', 'h', 'u', '\0',
+  /* "l-lab.org", true */ 'l', '-', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "l0re.com", true */ 'l', '0', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "l4n-clan.de", true */ 'l', '4', 'n', '-', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "l7plumbing.com.au", true */ 'l', '7', 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "l7world.com", true */ 'l', '7', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "la-baldosa.fr", true */ 'l', 'a', '-', 'b', 'a', 'l', 'd', 'o', 's', 'a', '.', 'f', 'r', '\0',
+  /* "la-cave-a-nodo.fr", true */ 'l', 'a', '-', 'c', 'a', 'v', 'e', '-', 'a', '-', 'n', 'o', 'd', 'o', '.', 'f', 'r', '\0',
+  /* "la-ganiere.com", true */ 'l', 'a', '-', 'g', 'a', 'n', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "la-maison.ch", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "la-maison.eu", true */ 'l', 'a', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "la-petite-entreprise.com", true */ 'l', 'a', '-', 'p', 'e', 't', 'i', 't', 'e', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "la-tourmaline.ch", true */ 'l', 'a', '-', 't', 'o', 'u', 'r', 'm', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "laassari.me", true */ 'l', 'a', 'a', 's', 's', 'a', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "laatikko.io", true */ 'l', 'a', 'a', 't', 'i', 'k', 'k', 'o', '.', 'i', 'o', '\0',
+  /* "labande-annonce.fr", true */ 'l', 'a', 'b', 'a', 'n', 'd', 'e', '-', 'a', 'n', 'n', 'o', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "labcoat.jp", true */ 'l', 'a', 'b', 'c', 'o', 'a', 't', '.', 'j', 'p', '\0',
+  /* "labelleza.com.br", true */ 'l', 'a', 'b', 'e', 'l', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "labfox.de", true */ 'l', 'a', 'b', 'f', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "labiblioafronebrulepas.com", true */ 'l', 'a', 'b', 'i', 'b', 'l', 'i', 'o', 'a', 'f', 'r', 'o', 'n', 'e', 'b', 'r', 'u', 'l', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "labobooks.com", true */ 'l', 'a', 'b', 'o', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laboiteanem.fr", true */ 'l', 'a', 'b', 'o', 'i', 't', 'e', 'a', 'n', 'e', 'm', '.', 'f', 'r', '\0',
+  /* "labouncycastlehire.co.uk", true */ 'l', 'a', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "labourreedevergheas.fr", true */ 'l', 'a', 'b', 'o', 'u', 'r', 'r', 'e', 'e', 'd', 'e', 'v', 'e', 'r', 'g', 'h', 'e', 'a', 's', '.', 'f', 'r', '\0',
+  /* "laboxfaitsoncinema.com", true */ 'l', 'a', 'b', 'o', 'x', 'f', 'a', 'i', 't', 's', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "labradorpuppiesforsalebyregisteredlabradorbreeders.com", false */ 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'p', 'u', 'p', 'p', 'i', 'e', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', 'b', 'y', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'l', 'a', 'b', 'r', 'a', 'd', 'o', 'r', 'b', 'r', 'e', 'e', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lacaveducinquantenaire.com", true */ 'l', 'a', 'c', 'a', 'v', 'e', 'd', 'u', 'c', 'i', 'n', 'q', 'u', 'a', 'n', 't', 'e', 'n', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacetsroses.ch", true */ 'l', 'a', 'c', 'e', 't', 's', 'r', 'o', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lachainedesentrepreneurs.fr", true */ 'l', 'a', 'c', 'h', 'a', 'i', 'n', 'e', 'd', 'e', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "lachawoj.de", true */ 'l', 'a', 'c', 'h', 'a', 'w', 'o', 'j', '.', 'd', 'e', '\0',
+  /* "lachlan.com", true */ 'l', 'a', 'c', 'h', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lacicloud.net", true */ 'l', 'a', 'c', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "lacigf.org", true */ 'l', 'a', 'c', 'i', 'g', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "laclaque.ch", true */ 'l', 'a', 'c', 'l', 'a', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "lacledelareussite.com", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 'l', 'a', 'r', 'e', 'u', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacledeslan.com", false */ 'l', 'a', 'c', 'l', 'e', 'd', 'e', 's', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lacledor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'd', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "laclefdor.ch", true */ 'l', 'a', 'c', 'l', 'e', 'f', 'd', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "lacliniquefinanciere.com", true */ 'l', 'a', 'c', 'l', 'i', 'n', 'i', 'q', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lacuevadechauvet.com", true */ 'l', 'a', 'c', 'u', 'e', 'v', 'a', 'd', 'e', 'c', 'h', 'a', 'u', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lacyc3.eu", true */ 'l', 'a', 'c', 'y', 'c', '3', '.', 'e', 'u', '\0',
+  /* "ladbroke.net", true */ 'l', 'a', 'd', 'b', 'r', 'o', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lady-2.jp", true */ 'l', 'a', 'd', 'y', '-', '2', '.', 'j', 'p', '\0',
+  /* "ladybugjam.com", true */ 'l', 'a', 'd', 'y', 'b', 'u', 'g', 'j', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "laextra.mx", true */ 'l', 'a', 'e', 'x', 't', 'r', 'a', '.', 'm', 'x', '\0',
+  /* "lafayette-rushford.com", true */ 'l', 'a', 'f', 'a', 'y', 'e', 't', 't', 'e', '-', 'r', 'u', 's', 'h', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lafeemam.fr", true */ 'l', 'a', 'f', 'e', 'e', 'm', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "lafema.de", true */ 'l', 'a', 'f', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "lafillepolyvalente.ca", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'a', '\0',
+  /* "lafillepolyvalente.com", true */ 'l', 'a', 'f', 'i', 'l', 'l', 'e', 'p', 'o', 'l', 'y', 'v', 'a', 'l', 'e', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lafka.org", true */ 'l', 'a', 'f', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "lafkor.de", true */ 'l', 'a', 'f', 'k', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "laflash.com", true */ 'l', 'a', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laforetenchantee.ch", true */ 'l', 'a', 'f', 'o', 'r', 'e', 't', 'e', 'n', 'c', 'h', 'a', 'n', 't', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "lafosseobservatoire.be", true */ 'l', 'a', 'f', 'o', 's', 's', 'e', 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'i', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "lafr4nc3.net", true */ 'l', 'a', 'f', 'r', '4', 'n', 'c', '3', '.', 'n', 'e', 't', '\0',
+  /* "lag-gbr.gq", true */ 'l', 'a', 'g', '-', 'g', 'b', 'r', '.', 'g', 'q', '\0',
+  /* "lagarderob.ru", false */ 'l', 'a', 'g', 'a', 'r', 'd', 'e', 'r', 'o', 'b', '.', 'r', 'u', '\0',
+  /* "lagazzettadigitale.it", true */ 'l', 'a', 'g', 'a', 'z', 'z', 'e', 't', 't', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "lagerauftrag.info", true */ 'l', 'a', 'g', 'e', 'r', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "laglab.org", true */ 'l', 'a', 'g', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "laguiadelvaron.com", true */ 'l', 'a', 'g', 'u', 'i', 'a', 'd', 'e', 'l', 'v', 'a', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "laguinguette.fr", true */ 'l', 'a', 'g', 'u', 'i', 'n', 'g', 'u', 'e', 't', 't', 'e', '.', 'f', 'r', '\0',
+  /* "lahora.com.ec", true */ 'l', 'a', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "laindonleisure.co.uk", true */ 'l', 'a', 'i', 'n', 'd', 'o', 'n', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lajijonencadebarbera.com", true */ 'l', 'a', 'j', 'i', 'j', 'o', 'n', 'e', 'n', 'c', 'a', 'd', 'e', 'b', 'a', 'r', 'b', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lak-berlin.de", true */ 'l', 'a', 'k', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "lakatrop.com", true */ 'l', 'a', 'k', 'a', 't', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lakedavid.com.au", true */ 'l', 'a', 'k', 'e', 'd', 'a', 'v', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lakefrontlittleelm.com", true */ 'l', 'a', 'k', 'e', 'f', 'r', 'o', 'n', 't', 'l', 'i', 't', 't', 'l', 'e', 'e', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasucityhomebuyerscredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasucitynews.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'c', 'i', 't', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhomebuyercredit.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'm', 'e', 'b', 'u', 'y', 'e', 'r', 'c', 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhouserentals.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuhouses.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakehavasuwebsites.com", true */ 'l', 'a', 'k', 'e', 'h', 'a', 'v', 'a', 's', 'u', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lakesherwoodelectrical.com", true */ 'l', 'a', 'k', 'e', 's', 'h', 'e', 'r', 'w', 'o', 'o', 'd', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lakhesis.net", true */ 'l', 'a', 'k', 'h', 'e', 's', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "lakonia.com.br", true */ 'l', 'a', 'k', 'o', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lalaya.fr", true */ 'l', 'a', 'l', 'a', 'y', 'a', '.', 'f', 'r', '\0',
+  /* "laled.ch", true */ 'l', 'a', 'l', 'e', 'd', '.', 'c', 'h', '\0',
+  /* "laltroweb.it", true */ 'l', 'a', 'l', 't', 'r', 'o', 'w', 'e', 'b', '.', 'i', 't', '\0',
+  /* "lalyre-corcelles.ch", true */ 'l', 'a', 'l', 'y', 'r', 'e', '-', 'c', 'o', 'r', 'c', 'e', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lamakat.de", true */ 'l', 'a', 'm', 'a', 'k', 'a', 't', '.', 'd', 'e', '\0',
+  /* "lamapoll.de", true */ 'l', 'a', 'm', 'a', 'p', 'o', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "lamarieealhonneur.com", true */ 'l', 'a', 'm', 'a', 'r', 'i', 'e', 'e', 'a', 'l', 'h', 'o', 'n', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lambauer.com", true */ 'l', 'a', 'm', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lamiaposta.email", false */ 'l', 'a', 'm', 'i', 'a', 'p', 'o', 's', 't', 'a', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "laminine.info", true */ 'l', 'a', 'm', 'i', 'n', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lampegiganten.dk", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "lampegiganten.no", true */ 'l', 'a', 'm', 'p', 'e', 'g', 'i', 'g', 'a', 'n', 't', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "lampen24.be", true */ 'l', 'a', 'm', 'p', 'e', 'n', '2', '4', '.', 'b', 'e', '\0',
+  /* "lampenwelt.at", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'a', 't', '\0',
+  /* "lampenwelt.ch", true */ 'l', 'a', 'm', 'p', 'e', 'n', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0',
+  /* "lan2k.org", true */ 'l', 'a', 'n', '2', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "lana.swedbank.se", true */ 'l', 'a', 'n', 'a', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "lanbroa.eu", true */ 'l', 'a', 'n', 'b', 'r', 'o', 'a', '.', 'e', 'u', '\0',
+  /* "lanbyte.se", true */ 'l', 'a', 'n', 'b', 'y', 't', 'e', '.', 's', 'e', '\0',
+  /* "lancejames.com", true */ 'l', 'a', 'n', 'c', 'e', 'j', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lancelafontaine.com", true */ 'l', 'a', 'n', 'c', 'e', 'l', 'a', 'f', 'o', 'n', 't', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lanceyip.com", true */ 'l', 'a', 'n', 'c', 'e', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lancork.net", true */ 'l', 'a', 'n', 'c', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "lancyvbc.ch", true */ 'l', 'a', 'n', 'c', 'y', 'v', 'b', 'c', '.', 'c', 'h', '\0',
+  /* "land.nrw", false */ 'l', 'a', 'n', 'd', '.', 'n', 'r', 'w', '\0',
+  /* "landflair-magazin.de", true */ 'l', 'a', 'n', 'd', 'f', 'l', 'a', 'i', 'r', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "landhaus-christmann.de", true */ 'l', 'a', 'n', 'd', 'h', 'a', 'u', 's', '-', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "landinfo.no", true */ 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'n', 'o', '\0',
+  /* "landofelves.net", true */ 'l', 'a', 'n', 'd', 'o', 'f', 'e', 'l', 'v', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "landyparts.nl", true */ 'l', 'a', 'n', 'd', 'y', 'p', 'a', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "lanetix.com", true */ 'l', 'a', 'n', 'e', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lang-php.com", true */ 'l', 'a', 'n', 'g', '-', 'p', 'h', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "langatang.com", true */ 'l', 'a', 'n', 'g', 'a', 't', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "langbein.org", true */ 'l', 'a', 'n', 'g', 'b', 'e', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "langguth.io", true */ 'l', 'a', 'n', 'g', 'g', 'u', 't', 'h', '.', 'i', 'o', '\0',
+  /* "langkahteduh.com", true */ 'l', 'a', 'n', 'g', 'k', 'a', 'h', 't', 'e', 'd', 'u', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "langly.fr", false */ 'l', 'a', 'n', 'g', 'l', 'y', '.', 'f', 'r', '\0',
+  /* "languageterminal.com", true */ 'l', 'a', 'n', 'g', 'u', 'a', 'g', 'e', 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "langworth.com", true */ 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lanna.io", true */ 'l', 'a', 'n', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "lannainnovation.com", true */ 'l', 'a', 'n', 'n', 'a', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lanre.org", true */ 'l', 'a', 'n', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "lanroamer.de", true */ 'l', 'a', 'n', 'r', 'o', 'a', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lansechensilu.com", true */ 'l', 'a', 'n', 's', 'e', 'c', 'h', 'e', 'n', 's', 'i', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lanternalauth.com", true */ 'l', 'a', 'n', 't', 'e', 'r', 'n', 'a', 'l', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lantian.pub", true */ 'l', 'a', 'n', 't', 'i', 'a', 'n', '.', 'p', 'u', 'b', '\0',
+  /* "lanturtle.com", true */ 'l', 'a', 'n', 't', 'u', 'r', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lanuovariviera.it", true */ 'l', 'a', 'n', 'u', 'o', 'v', 'a', 'r', 'i', 'v', 'i', 'e', 'r', 'a', '.', 'i', 't', '\0',
+  /* "lanyang.tk", true */ 'l', 'a', 'n', 'y', 'a', 'n', 'g', '.', 't', 'k', '\0',
+  /* "lanzamientovirtual.es", true */ 'l', 'a', 'n', 'z', 'a', 'm', 'i', 'e', 'n', 't', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'e', 's', '\0',
+  /* "lanzarote-online.info", true */ 'l', 'a', 'n', 'z', 'a', 'r', 'o', 't', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "laos.dating", true */ 'l', 'a', 'o', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "laospage.com", true */ 'l', 'a', 'o', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laozhu.me", true */ 'l', 'a', 'o', 'z', 'h', 'u', '.', 'm', 'e', '\0',
+  /* "lapassiondutrading.com", true */ 'l', 'a', 'p', 'a', 's', 's', 'i', 'o', 'n', 'd', 'u', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lapetition.be", true */ 'l', 'a', 'p', 'e', 't', 'i', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0',
+  /* "lapidge.net", true */ 'l', 'a', 'p', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "laplanetebleue.com", true */ 'l', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'l', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lapolla.com", true */ 'l', 'a', 'p', 'o', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lapotagere.ch", true */ 'l', 'a', 'p', 'o', 't', 'a', 'g', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "lapparente-aise.ch", true */ 'l', 'a', 'p', 'p', 'a', 'r', 'e', 'n', 't', 'e', '-', 'a', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "laracode.eu", true */ 'l', 'a', 'r', 'a', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "laraeph.com", true */ 'l', 'a', 'r', 'a', 'e', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laraigneedusoir.com", true */ 'l', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'd', 'u', 's', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "laranara.se", true */ 'l', 'a', 'r', 'a', 'n', 'a', 'r', 'a', '.', 's', 'e', '\0',
+  /* "laraveldirectory.com", true */ 'l', 'a', 'r', 'a', 'v', 'e', 'l', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lareclame.fr", true */ 'l', 'a', 'r', 'e', 'c', 'l', 'a', 'm', 'e', '.', 'f', 'r', '\0',
+  /* "larepublicacultural.es", true */ 'l', 'a', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', 'a', 'c', 'u', 'l', 't', 'u', 'r', 'a', 'l', '.', 'e', 's', '\0',
+  /* "largescaleforums.com", true */ 'l', 'a', 'r', 'g', 'e', 's', 'c', 'a', 'l', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "largeviewer.com", true */ 'l', 'a', 'r', 'g', 'e', 'v', 'i', 'e', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lariscus.eu", true */ 'l', 'a', 'r', 'i', 's', 'c', 'u', 's', '.', 'e', 'u', '\0',
+  /* "larondinedisinfestazione.com", true */ 'l', 'a', 'r', 'o', 'n', 'd', 'i', 'n', 'e', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "larptreff.de", true */ 'l', 'a', 'r', 'p', 't', 'r', 'e', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "larraz.es", true */ 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0',
+  /* "larrysalibra.com", true */ 'l', 'a', 'r', 'r', 'y', 's', 'a', 'l', 'i', 'b', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lars-ewald.com", true */ 'l', 'a', 'r', 's', '-', 'e', 'w', 'a', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lars-mense.de", true */ 'l', 'a', 'r', 's', '-', 'm', 'e', 'n', 's', 'e', '.', 'd', 'e', '\0',
+  /* "lars.cloud", true */ 'l', 'a', 'r', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "larsbauer.xyz", true */ 'l', 'a', 'r', 's', 'b', 'a', 'u', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "larsklene.nl", true */ 'l', 'a', 'r', 's', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "larsklint.com", true */ 'l', 'a', 'r', 's', 'k', 'l', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "larsmerke.de", true */ 'l', 'a', 'r', 's', 'm', 'e', 'r', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "laruga.co.uk", true */ 'l', 'a', 'r', 'u', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lasalle.wa.edu.au", true */ 'l', 'a', 's', 'a', 'l', 'l', 'e', '.', 'w', 'a', '.', 'e', 'd', 'u', '.', 'a', 'u', '\0',
+  /* "lasarmas.com", true */ 'l', 'a', 's', 'a', 'r', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lascana.co.uk", true */ 'l', 'a', 's', 'c', 'a', 'n', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lasereyess.net", true */ 'l', 'a', 's', 'e', 'r', 'e', 'y', 'e', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "laserpc.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'c', '.', 'n', 'e', 't', '\0',
+  /* "laserplaza.de", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "laserplaza.net", true */ 'l', 'a', 's', 'e', 'r', 'p', 'l', 'a', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "lasertechsolutions.com", true */ 'l', 'a', 's', 'e', 'r', 't', 'e', 'c', 'h', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lask.in", true */ 'l', 'a', 's', 'k', '.', 'i', 'n', '\0',
+  /* "laskas.pl", true */ 'l', 'a', 's', 'k', 'a', 's', '.', 'p', 'l', '\0',
+  /* "lasnaves.com", true */ 'l', 'a', 's', 'n', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laspequenassemillas.com", true */ 'l', 'a', 's', 'p', 'e', 'q', 'u', 'e', 'n', 'a', 's', 's', 'e', 'm', 'i', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lasrecetasdeguada.com", true */ 'l', 'a', 's', 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'g', 'u', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lasse-it.dk", true */ 'l', 'a', 's', 's', 'e', '-', 'i', 't', '.', 'd', 'k', '\0',
+  /* "lasseleegaard.com", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lasseleegaard.dk", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'k', '\0',
+  /* "lasseleegaard.net", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "lasseleegaard.org", true */ 'l', 'a', 's', 's', 'e', 'l', 'e', 'e', 'g', 'a', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "lasst-uns-beten.de", true */ 'l', 'a', 's', 's', 't', '-', 'u', 'n', 's', '-', 'b', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lastchancetraveler.com", true */ 'l', 'a', 's', 't', 'c', 'h', 'a', 'n', 'c', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lastharo.com", true */ 'l', 'a', 's', 't', 'h', 'a', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lastpass.com", false */ 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lastrada-minden.de", true */ 'l', 'a', 's', 't', 'r', 'a', 'd', 'a', '-', 'm', 'i', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lastweekinaws.com", true */ 'l', 'a', 's', 't', 'w', 'e', 'e', 'k', 'i', 'n', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lasuzefc.fr", true */ 'l', 'a', 's', 'u', 'z', 'e', 'f', 'c', '.', 'f', 'r', '\0',
+  /* "lat.sk", true */ 'l', 'a', 't', '.', 's', 'k', '\0',
+  /* "latabledebry.be", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'b', 'r', 'y', '.', 'b', 'e', '\0',
+  /* "latabledemontebello.com", true */ 'l', 'a', 't', 'a', 'b', 'l', 'e', 'd', 'e', 'm', 'o', 'n', 't', 'e', 'b', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "latamarissiere.eu", true */ 'l', 'a', 't', 'a', 'm', 'a', 'r', 'i', 's', 's', 'i', 'e', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "late.am", true */ 'l', 'a', 't', 'e', '.', 'a', 'm', '\0',
+  /* "latecnosfera.com", true */ 'l', 'a', 't', 'e', 'c', 'n', 'o', 's', 'f', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lateliercantaldeco.fr", true */ 'l', 'a', 't', 'e', 'l', 'i', 'e', 'r', 'c', 'a', 'n', 't', 'a', 'l', 'd', 'e', 'c', 'o', '.', 'f', 'r', '\0',
+  /* "latemodern.com", true */ 'l', 'a', 't', 'e', 'm', 'o', 'd', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "latenitefilms.com", false */ 'l', 'a', 't', 'e', 'n', 'i', 't', 'e', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lateralsecurity.com", true */ 'l', 'a', 't', 'e', 'r', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "latestdeals.co.uk", true */ 'l', 'a', 't', 'e', 's', 't', 'd', 'e', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "latetrain.cn", true */ 'l', 'a', 't', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'n', '\0',
+  /* "lathen-wahn.de", true */ 'l', 'a', 't', 'h', 'e', 'n', '-', 'w', 'a', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "latino.dating", true */ 'l', 'a', 't', 'i', 'n', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "latinphone.com", true */ 'l', 'a', 't', 'i', 'n', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "latitude42technology.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', '4', '2', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "latitudesign.com", true */ 'l', 'a', 't', 'i', 't', 'u', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "latour-managedcare.ch", true */ 'l', 'a', 't', 'o', 'u', 'r', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'd', 'c', 'a', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "latremebunda.com", true */ 'l', 'a', 't', 'r', 'e', 'm', 'e', 'b', 'u', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "latrine.cz", true */ 'l', 'a', 't', 'r', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "latterdaybride.com", true */ 'l', 'a', 't', 't', 'e', 'r', 'd', 'a', 'y', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lattyware.co.uk", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lattyware.com", true */ 'l', 'a', 't', 't', 'y', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laubacher.io", true */ 'l', 'a', 'u', 'b', 'a', 'c', 'h', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "lauchundei.at", true */ 'l', 'a', 'u', 'c', 'h', 'u', 'n', 'd', 'e', 'i', '.', 'a', 't', '\0',
+  /* "laufcampus.com", true */ 'l', 'a', 'u', 'f', 'c', 'a', 'm', 'p', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "laufpix.de", true */ 'l', 'a', 'u', 'f', 'p', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "laufseminare-laufreisen.com", true */ 'l', 'a', 'u', 'f', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'l', 'a', 'u', 'f', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lauftrainer-ausbildung.com", true */ 'l', 'a', 'u', 'f', 't', 'r', 'a', 'i', 'n', 'e', 'r', '-', 'a', 'u', 's', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lauftreff-himmelgeist.de", true */ 'l', 'a', 'u', 'f', 't', 'r', 'e', 'f', 'f', '-', 'h', 'i', 'm', 'm', 'e', 'l', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "laughinggrapepublishing.com", true */ 'l', 'a', 'u', 'g', 'h', 'i', 'n', 'g', 'g', 'r', 'a', 'p', 'e', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "laukstein.com", true */ 'l', 'a', 'u', 'k', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "launchpad-app2.com", true */ 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '-', 'a', 'p', 'p', '2', '.', 'c', 'o', 'm', '\0',
+  /* "lauraandwill.wedding", true */ 'l', 'a', 'u', 'r', 'a', 'a', 'n', 'd', 'w', 'i', 'l', 'l', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "laurakashiwase.com", true */ 'l', 'a', 'u', 'r', 'a', 'k', 'a', 's', 'h', 'i', 'w', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laurasplacefamilysupport.org.au", true */ 'l', 'a', 'u', 'r', 'a', 's', 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "laurelblack.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 'b', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "laurelspaandlash.com", true */ 'l', 'a', 'u', 'r', 'e', 'l', 's', 'p', 'a', 'a', 'n', 'd', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "laurenlobue.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 'l', 'o', 'b', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "laurent-e-levy.com", true */ 'l', 'a', 'u', 'r', 'e', 'n', 't', '-', 'e', '-', 'l', 'e', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lauriuc.sk", true */ 'l', 'a', 'u', 'r', 'i', 'u', 'c', '.', 's', 'k', '\0',
+  /* "lausannedentiste.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'd', 'e', 'n', 't', 'i', 's', 't', 'e', '.', 'c', 'h', '\0',
+  /* "lausannelovers.ch", true */ 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "laussat.de", true */ 'l', 'a', 'u', 's', 's', 'a', 't', '.', 'd', 'e', '\0',
+  /* "lauzon-hitter.com", true */ 'l', 'a', 'u', 'z', 'o', 'n', '-', 'h', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lavabit.no", true */ 'l', 'a', 'v', 'a', 'b', 'i', 't', '.', 'n', 'o', '\0',
+  /* "lavalite.de", true */ 'l', 'a', 'v', 'a', 'l', 'i', 't', 'e', '.', 'd', 'e', '\0',
+  /* "lavamob.com", true */ 'l', 'a', 'v', 'a', 'm', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "lavaux.lv", true */ 'l', 'a', 'v', 'a', 'u', 'x', '.', 'l', 'v', '\0',
+  /* "lavenderx.org", true */ 'l', 'a', 'v', 'e', 'n', 'd', 'e', 'r', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "laviedalex.ovh", true */ 'l', 'a', 'v', 'i', 'e', 'd', 'a', 'l', 'e', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "lavita.de", true */ 'l', 'a', 'v', 'i', 't', 'a', '.', 'd', 'e', '\0',
+  /* "lavitrine-une-collection.be", true */ 'l', 'a', 'v', 'i', 't', 'r', 'i', 'n', 'e', '-', 'u', 'n', 'e', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'e', '\0',
+  /* "lavolte.net", true */ 'l', 'a', 'v', 'o', 'l', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lavval.com", false */ 'l', 'a', 'v', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "law-peters.de", true */ 'l', 'a', 'w', '-', 'p', 'e', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "lawformt.com", true */ 'l', 'a', 'w', 'f', 'o', 'r', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lawn-seeds.com", true */ 'l', 'a', 'w', 'n', '-', 's', 'e', 'e', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lawnuk.com", true */ 'l', 'a', 'w', 'n', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lawrence-institute.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lawrenceberg.nl", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "lawrencemurgatroyd.com", true */ 'l', 'a', 'w', 'r', 'e', 'n', 'c', 'e', 'm', 'u', 'r', 'g', 'a', 't', 'r', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "laylo.nl", true */ 'l', 'a', 'y', 'l', 'o', '.', 'n', 'l', '\0',
+  /* "laymans911.info", true */ 'l', 'a', 'y', 'm', 'a', 'n', 's', '9', '1', '1', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "layoutsatzunddruck.de", true */ 'l', 'a', 'y', 'o', 'u', 't', 's', 'a', 't', 'z', 'u', 'n', 'd', 'd', 'r', 'u', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "lazerus.net", true */ 'l', 'a', 'z', 'e', 'r', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "lazowik.pl", true */ 'l', 'a', 'z', 'o', 'w', 'i', 'k', '.', 'p', 'l', '\0',
+  /* "lazurit.com", true */ 'l', 'a', 'z', 'u', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lazyboston.com", true */ 'l', 'a', 'z', 'y', 'b', 'o', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lazyclock.com", true */ 'l', 'a', 'z', 'y', 'c', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lazyframe.com", true */ 'l', 'a', 'z', 'y', 'f', 'r', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lazytux.de", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "lazytux.org", true */ 'l', 'a', 'z', 'y', 't', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "lb-toner.de", true */ 'l', 'b', '-', 't', 'o', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lbayer.com", true */ 'l', 'b', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lbc.gr", true */ 'l', 'b', 'c', '.', 'g', 'r', '\0',
+  /* "lbgconsultores.com", true */ 'l', 'b', 'g', 'c', 'o', 'n', 's', 'u', 'l', 't', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lbihrhelpdesk.com", true */ 'l', 'b', 'i', 'h', 'r', 'h', 'e', 'l', 'p', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lbls.me", true */ 'l', 'b', 'l', 's', '.', 'm', 'e', '\0',
+  /* "lbphacker.pw", true */ 'l', 'b', 'p', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "lbrlh.tk", true */ 'l', 'b', 'r', 'l', 'h', '.', 't', 'k', '\0',
+  /* "lbrli.tk", true */ 'l', 'b', 'r', 'l', 'i', '.', 't', 'k', '\0',
+  /* "lbs-logics.com", true */ 'l', 'b', 's', '-', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lca-pv.de", true */ 'l', 'c', 'a', '-', 'p', 'v', '.', 'd', 'e', '\0',
+  /* "lce-events.com", true */ 'l', 'c', 'e', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lcht.ch", false */ 'l', 'c', 'h', 't', '.', 'c', 'h', '\0',
+  /* "lclarkpdx.com", true */ 'l', 'c', 'l', 'a', 'r', 'k', 'p', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ld-begunjscica.si", true */ 'l', 'd', '-', 'b', 'e', 'g', 'u', 'n', 'j', 's', 'c', 'i', 'c', 'a', '.', 's', 'i', '\0',
+  /* "ldc.com.br", false */ 'l', 'd', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "le-bar.org", true */ 'l', 'e', '-', 'b', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "le-blog.ch", true */ 'l', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "le-controle-parental.fr", true */ 'l', 'e', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'e', '-', 'p', 'a', 'r', 'e', 'n', 't', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "le-creux-du-van.ch", true */ 'l', 'e', '-', 'c', 'r', 'e', 'u', 'x', '-', 'd', 'u', '-', 'v', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "le-dev.de", false */ 'l', 'e', '-', 'd', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "le-h.de", true */ 'l', 'e', '-', 'h', '.', 'd', 'e', '\0',
+  /* "le-hosting.de", true */ 'l', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "le-page.info", true */ 'l', 'e', '-', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "le-palantir.com", true */ 'l', 'e', '-', 'p', 'a', 'l', 'a', 'n', 't', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "le-traiteur-parisien.fr", true */ 'l', 'e', '-', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', '-', 'p', 'a', 'r', 'i', 's', 'i', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "le0.me", true */ 'l', 'e', '0', '.', 'm', 'e', '\0',
+  /* "le130rb.com", true */ 'l', 'e', '1', '3', '0', 'r', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "le23.fr", true */ 'l', 'e', '2', '3', '.', 'f', 'r', '\0',
+  /* "le42mars.fr", true */ 'l', 'e', '4', '2', 'm', 'a', 'r', 's', '.', 'f', 'r', '\0',
+  /* "leadbox.cz", true */ 'l', 'e', 'a', 'd', 'b', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "leadgenie.me", true */ 'l', 'e', 'a', 'd', 'g', 'e', 'n', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "leadingsalons.com", true */ 'l', 'e', 'a', 'd', 'i', 'n', 'g', 's', 'a', 'l', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "leafandseed.co.uk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leafans.tk", true */ 'l', 'e', 'a', 'f', 'a', 'n', 's', '.', 't', 'k', '\0',
+  /* "leafinote.com", true */ 'l', 'e', 'a', 'f', 'i', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leakedminecraft.net", true */ 'l', 'e', 'a', 'k', 'e', 'd', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "leakforums.net", true */ 'l', 'e', 'a', 'k', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "leakreporter.net", true */ 'l', 'e', 'a', 'k', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "leaks.directory", true */ 'l', 'e', 'a', 'k', 's', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "leanclub.org", true */ 'l', 'e', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "leandre.cn", true */ 'l', 'e', 'a', 'n', 'd', 'r', 'e', '.', 'c', 'n', '\0',
+  /* "leanplando.com", true */ 'l', 'e', 'a', 'n', 'p', 'l', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leaodarodesia.com.br", true */ 'l', 'e', 'a', 'o', 'd', 'a', 'r', 'o', 'd', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "leap-it.be", true */ 'l', 'e', 'a', 'p', '-', 'i', 't', '.', 'b', 'e', '\0',
+  /* "leapandjump.co.uk", true */ 'l', 'e', 'a', 'p', 'a', 'n', 'd', 'j', 'u', 'm', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "learn-smart.uk", true */ 'l', 'e', 'a', 'r', 'n', '-', 's', 'm', 'a', 'r', 't', '.', 'u', 'k', '\0',
+  /* "learnedhacker.com", true */ 'l', 'e', 'a', 'r', 'n', 'e', 'd', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "learnerdriving.com", false */ 'l', 'e', 'a', 'r', 'n', 'e', 'r', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "learnflakes.net", true */ 'l', 'e', 'a', 'r', 'n', 'f', 'l', 'a', 'k', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "learningis1.st", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'i', 's', '1', '.', 's', 't', '\0',
+  /* "learninglaw.com", true */ 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "learnpianogreece.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'i', 'a', 'n', 'o', 'g', 'r', 'e', 'e', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "learnplayground.com", true */ 'l', 'e', 'a', 'r', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "learntube.cz", true */ 'l', 'e', 'a', 'r', 'n', 't', 'u', 'b', 'e', '.', 'c', 'z', '\0',
+  /* "leaseit24.com", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "leaseit24.de", true */ 'l', 'e', 'a', 's', 'e', 'i', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "leasit.at", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'a', 't', '\0',
+  /* "leasit.de", true */ 'l', 'e', 'a', 's', 'i', 't', '.', 'd', 'e', '\0',
+  /* "leatherfurnitureexpo.com", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', 'e', 'x', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leatherwood.nl", true */ 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'o', 'o', 'd', '.', 'n', 'l', '\0',
+  /* "leavesofchangeweekly.org", true */ 'l', 'e', 'a', 'v', 'e', 's', 'o', 'f', 'c', 'h', 'a', 'n', 'g', 'e', 'w', 'e', 'e', 'k', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "lebanesearmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'n', 'e', 's', 'e', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0',
+  /* "lebarbatruc.com", true */ 'l', 'e', 'b', 'a', 'r', 'b', 'a', 't', 'r', 'u', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lebarmy.gov.lb", true */ 'l', 'e', 'b', 'a', 'r', 'm', 'y', '.', 'g', 'o', 'v', '.', 'l', 'b', '\0',
+  /* "lebens-fluss.at", true */ 'l', 'e', 'b', 'e', 'n', 's', '-', 'f', 'l', 'u', 's', 's', '.', 'a', 't', '\0',
+  /* "lebihan.pl", true */ 'l', 'e', 'b', 'i', 'h', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "leblanc.io", true */ 'l', 'e', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'o', '\0',
+  /* "lebosse.me", true */ 'l', 'e', 'b', 'o', 's', 's', 'e', '.', 'm', 'e', '\0',
+  /* "lebourgeo.is", true */ 'l', 'e', 'b', 'o', 'u', 'r', 'g', 'e', 'o', '.', 'i', 's', '\0',
+  /* "lechaudrondupertuis.ch", true */ 'l', 'e', 'c', 'h', 'a', 'u', 'd', 'r', 'o', 'n', 'd', 'u', 'p', 'e', 'r', 't', 'u', 'i', 's', '.', 'c', 'h', '\0',
+  /* "lechiennoir.net", true */ 'l', 'e', 'c', 'h', 'i', 'e', 'n', 'n', 'o', 'i', 'r', '.', 'n', 'e', 't', '\0',
+  /* "leclaire.com.br", true */ 'l', 'e', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ledecologie.com.br", true */ 'l', 'e', 'd', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ledeguisement.com", true */ 'l', 'e', 'd', 'e', 'g', 'u', 'i', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ledhouse.sk", true */ 'l', 'e', 'd', 'h', 'o', 'u', 's', 'e', '.', 's', 'k', '\0',
+  /* "ledzom.ru", false */ 'l', 'e', 'd', 'z', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "lee-fuller.co.uk", true */ 'l', 'e', 'e', '-', 'f', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycenter.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycenter.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leebiblestudycentre.co.uk", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leebiblestudycentre.com", true */ 'l', 'e', 'e', 'b', 'i', 'b', 'l', 'e', 's', 't', 'u', 'd', 'y', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leech360.com", true */ 'l', 'e', 'e', 'c', 'h', '3', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "leeclemens.net", true */ 'l', 'e', 'e', 'c', 'l', 'e', 'm', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "leedev.org", true */ 'l', 'e', 'e', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "leelou.wedding", true */ 'l', 'e', 'e', 'l', 'o', 'u', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "leere.me", true */ 'l', 'e', 'e', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "leerkotte.eu", true */ 'l', 'e', 'e', 'r', 'k', 'o', 't', 't', 'e', '.', 'e', 'u', '\0',
+  /* "leerliga.de", true */ 'l', 'e', 'e', 'r', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "leertipp.de", true */ 'l', 'e', 'e', 'r', 't', 'i', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "leesilvey.com", true */ 'l', 'e', 'e', 's', 'i', 'l', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "leet2.com", true */ 'l', 'e', 'e', 't', '2', '.', 'c', 'o', 'm', '\0',
+  /* "leetcode.com", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leetcode.net", true */ 'l', 'e', 'e', 't', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "leetgamers.asia", true */ 'l', 'e', 'e', 't', 'g', 'a', 'm', 'e', 'r', 's', '.', 'a', 's', 'i', 'a', '\0',
+  /* "leetsaber.com", true */ 'l', 'e', 'e', 't', 's', 'a', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leevealdc.com", true */ 'l', 'e', 'e', 'v', 'e', 'a', 'l', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lefebvristes.com", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lefebvristes.fr", true */ 'l', 'e', 'f', 'e', 'b', 'v', 'r', 'i', 's', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "leflibustier.ru", true */ 'l', 'e', 'f', 'l', 'i', 'b', 'u', 's', 't', 'i', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "lefonddeloeil.com", true */ 'l', 'e', 'f', 'o', 'n', 'd', 'd', 'e', 'l', 'o', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "leftclick.cloud", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "leftclick.eu", true */ 'l', 'e', 'f', 't', 'c', 'l', 'i', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "lega-dental.com", true */ 'l', 'e', 'g', 'a', '-', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legadental.com", true */ 'l', 'e', 'g', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legalcontrol.info", true */ 'l', 'e', 'g', 'a', 'l', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "legalrobot-uat.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '-', 'u', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "legalrobot.com", true */ 'l', 'e', 'g', 'a', 'l', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "legaltip.eu", true */ 'l', 'e', 'g', 'a', 'l', 't', 'i', 'p', '.', 'e', 'u', '\0',
+  /* "legatofmrc.fr", true */ 'l', 'e', 'g', 'a', 't', 'o', 'f', 'm', 'r', 'c', '.', 'f', 'r', '\0',
+  /* "legendary.camera", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'a', 'r', 'y', '.', 'c', 'a', 'm', 'e', 'r', 'a', '\0',
+  /* "legendesdechine.ch", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'e', 's', 'd', 'e', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "legendofkrystal.com", true */ 'l', 'e', 'g', 'e', 'n', 'd', 'o', 'f', 'k', 'r', 'y', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "legends-game.ru", false */ 'l', 'e', 'g', 'e', 'n', 'd', 's', '-', 'g', 'a', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "legible.es", true */ 'l', 'e', 'g', 'i', 'b', 'l', 'e', '.', 'e', 's', '\0',
+  /* "legiscontabilidade.com.br", true */ 'l', 'e', 'g', 'i', 's', 'c', 'o', 'n', 't', 'a', 'b', 'i', 'l', 'i', 'd', 'a', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "legit.nz", true */ 'l', 'e', 'g', 'i', 't', '.', 'n', 'z', '\0',
+  /* "legjobblogo.hu", true */ 'l', 'e', 'g', 'j', 'o', 'b', 'b', 'l', 'o', 'g', 'o', '.', 'h', 'u', '\0',
+  /* "legland.fr", true */ 'l', 'e', 'g', 'l', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "legoutdesplantes.be", true */ 'l', 'e', 'g', 'o', 'u', 't', 'd', 'e', 's', 'p', 'l', 'a', 'n', 't', 'e', 's', '.', 'b', 'e', '\0',
+  /* "legumefederation.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'f', 'e', 'd', 'e', 'r', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "legumeinfo.org", true */ 'l', 'e', 'g', 'u', 'm', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "lehighmathcircle.org", true */ 'l', 'e', 'h', 'i', 'g', 'h', 'm', 'a', 't', 'h', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "leibniz-remscheid.de", false */ 'l', 'e', 'i', 'b', 'n', 'i', 'z', '-', 'r', 'e', 'm', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "leideninternationalreview.com", true */ 'l', 'e', 'i', 'd', 'e', 'n', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "leifdreizler.com", false */ 'l', 'e', 'i', 'f', 'd', 'r', 'e', 'i', 'z', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "leigh.life", true */ 'l', 'e', 'i', 'g', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "leilautourdumon.de", true */ 'l', 'e', 'i', 'l', 'a', 'u', 't', 'o', 'u', 'r', 'd', 'u', 'm', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "leilonorte.com", true */ 'l', 'e', 'i', 'l', 'o', 'n', 'o', 'r', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "leiming.co", true */ 'l', 'e', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "leinfelder.in", true */ 'l', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'e', 'r', '.', 'i', 'n', '\0',
+  /* "leipzig.photo", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "leipziger-triathlon.de", true */ 'l', 'e', 'i', 'p', 'z', 'i', 'g', 'e', 'r', '-', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "leisure-blog.com", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "leisure-supplies-show.co.uk", true */ 'l', 'e', 'i', 's', 'u', 'r', 'e', '-', 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '-', 's', 'h', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "leition.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "leitionusercontent.com", true */ 'l', 'e', 'i', 't', 'i', 'o', 'n', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lejardindesmesanges.fr", true */ 'l', 'e', 'j', 'a', 'r', 'd', 'i', 'n', 'd', 'e', 's', 'm', 'e', 's', 'a', 'n', 'g', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lel.ovh", true */ 'l', 'e', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "lelehei.com", true */ 'l', 'e', 'l', 'e', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lelubre.info", true */ 'l', 'e', 'l', 'u', 'b', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lemarcheelagrandeguerra.it", true */ 'l', 'e', 'm', 'a', 'r', 'c', 'h', 'e', 'e', 'l', 'a', 'g', 'r', 'a', 'n', 'd', 'e', 'g', 'u', 'e', 'r', 'r', 'a', '.', 'i', 't', '\0',
+  /* "lemni.top", true */ 'l', 'e', 'm', 'n', 'i', '.', 't', 'o', 'p', '\0',
+  /* "lemoine.at", true */ 'l', 'e', 'm', 'o', 'i', 'n', 'e', '.', 'a', 't', '\0',
+  /* "lemon.co", true */ 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '\0',
+  /* "lemondrops.xyz", true */ 'l', 'e', 'm', 'o', 'n', 'd', 'r', 'o', 'p', 's', '.', 'x', 'y', 'z', '\0',
+  /* "lemonop.com", true */ 'l', 'e', 'm', 'o', 'n', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lemonrockbiketours.com", true */ 'l', 'e', 'm', 'o', 'n', 'r', 'o', 'c', 'k', 'b', 'i', 'k', 'e', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lemuslimpost.com", true */ 'l', 'e', 'm', 'u', 's', 'l', 'i', 'm', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lenagroben.de", true */ 'l', 'e', 'n', 'a', 'g', 'r', 'o', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lence.net", true */ 'l', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lenguajedeprogramacion.com", true */ 'l', 'e', 'n', 'g', 'u', 'a', 'j', 'e', 'd', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'a', 'c', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lengzzz.com", true */ 'l', 'e', 'n', 'g', 'z', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "lenidh.de", true */ 'l', 'e', 'n', 'i', 'd', 'h', '.', 'd', 'e', '\0',
+  /* "leninalbertop.com.ve", true */ 'l', 'e', 'n', 'i', 'n', 'a', 'l', 'b', 'e', 'r', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "lenkunz.me", true */ 'l', 'e', 'n', 'k', 'u', 'n', 'z', '.', 'm', 'e', '\0',
+  /* "lennier.info", true */ 'l', 'e', 'n', 'n', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lennyfaces.net", true */ 'l', 'e', 'n', 'n', 'y', 'f', 'a', 'c', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "lennyobez.be", true */ 'l', 'e', 'n', 'n', 'y', 'o', 'b', 'e', 'z', '.', 'b', 'e', '\0',
+  /* "lenr-forum.com", true */ 'l', 'e', 'n', 'r', '-', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lensdoctor.com", true */ 'l', 'e', 'n', 's', 'd', 'o', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lenspirations.com", true */ 'l', 'e', 'n', 's', 'p', 'i', 'r', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lensual.space", true */ 'l', 'e', 'n', 's', 'u', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "lenuagebauche.org", true */ 'l', 'e', 'n', 'u', 'a', 'g', 'e', 'b', 'a', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "lenyip.com", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lenyip.me", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "lenyip.works", true */ 'l', 'e', 'n', 'y', 'i', 'p', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "lenzw.de", true */ 'l', 'e', 'n', 'z', 'w', '.', 'd', 'e', '\0',
+  /* "leoandpeto.com", true */ 'l', 'e', 'o', 'a', 'n', 'd', 'p', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "leodaniels.com", true */ 'l', 'e', 'o', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "leola.cz", true */ 'l', 'e', 'o', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "leola.sk", true */ 'l', 'e', 'o', 'l', 'a', '.', 's', 'k', '\0',
+  /* "leominstercu.com", false */ 'l', 'e', 'o', 'm', 'i', 'n', 's', 't', 'e', 'r', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "leon-tech.com", true */ 'l', 'e', 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "leon.net", true */ 'l', 'e', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "leonard.io", false */ 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'i', 'o', '\0',
+  /* "leonax.net", true */ 'l', 'e', 'o', 'n', 'a', 'x', '.', 'n', 'e', 't', '\0',
+  /* "leondenard.com", true */ 'l', 'e', 'o', 'n', 'd', 'e', 'n', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "leonklingele.de", true */ 'l', 'e', 'o', 'n', 'k', 'l', 'i', 'n', 'g', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "leopoldina.net", true */ 'l', 'e', 'o', 'p', 'o', 'l', 'd', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "leowkahman.com", true */ 'l', 'e', 'o', 'w', 'k', 'a', 'h', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lep.gov", true */ 'l', 'e', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "lepenetapeti.com", true */ 'l', 'e', 'p', 'e', 'n', 'e', 't', 'a', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lepiquillo.fr", true */ 'l', 'e', 'p', 'i', 'q', 'u', 'i', 'l', 'l', 'o', '.', 'f', 'r', '\0',
+  /* "leponton-lorient.fr", true */ 'l', 'e', 'p', 'o', 'n', 't', 'o', 'n', '-', 'l', 'o', 'r', 'i', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "leprado.com", true */ 'l', 'e', 'p', 'r', 'a', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lepsos.com", true */ 'l', 'e', 'p', 's', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lereporter.ma", true */ 'l', 'e', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'm', 'a', '\0',
+  /* "leretour.ch", true */ 'l', 'e', 'r', 'e', 't', 'o', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "lerku.com", true */ 'l', 'e', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lernenamsee.ch", true */ 'l', 'e', 'r', 'n', 'e', 'n', 'a', 'm', 's', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "lernerspersonalinjury.ca", true */ 'l', 'e', 'r', 'n', 'e', 'r', 's', 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', 'i', 'n', 'j', 'u', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "lernorteuropa.com", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lernorteuropa.de", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'd', 'e', '\0',
+  /* "lernorteuropa.eu", true */ 'l', 'e', 'r', 'n', 'o', 'r', 't', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'e', 'u', '\0',
+  /* "lernplattform-akademie.de", true */ 'l', 'e', 'r', 'n', 'p', 'l', 'a', 't', 't', 'f', 'o', 'r', 'm', '-', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "lerp.me", true */ 'l', 'e', 'r', 'p', '.', 'm', 'e', '\0',
+  /* "les-ateliers-de-melineo.be", true */ 'l', 'e', 's', '-', 'a', 't', 'e', 'l', 'i', 'e', 'r', 's', '-', 'd', 'e', '-', 'm', 'e', 'l', 'i', 'n', 'e', 'o', '.', 'b', 'e', '\0',
+  /* "les-pingouins.com", true */ 'l', 'e', 's', '-', 'p', 'i', 'n', 'g', 'o', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesancheslibres.fr", true */ 'l', 'e', 's', 'a', 'n', 'c', 'h', 'e', 's', 'l', 'i', 'b', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lesarts.com", true */ 'l', 'e', 's', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesberger.ch", true */ 'l', 'e', 's', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "lesbiansslaves.com", true */ 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', 's', 'l', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesbofight.com", true */ 'l', 'e', 's', 'b', 'o', 'f', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "leseditionsbraquage.com", true */ 'l', 'e', 's', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'b', 'r', 'a', 'q', 'u', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lesformations.net", true */ 'l', 'e', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "lesgoodnews.fr", true */ 'l', 'e', 's', 'g', 'o', 'o', 'd', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "leshervelines.com", true */ 'l', 'e', 's', 'h', 'e', 'r', 'v', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lesjardinsdubanchet.fr", true */ 'l', 'e', 's', 'j', 'a', 'r', 'd', 'i', 'n', 's', 'd', 'u', 'b', 'a', 'n', 'c', 'h', 'e', 't', '.', 'f', 'r', '\0',
+  /* "lesmamy.ch", true */ 'l', 'e', 's', 'm', 'a', 'm', 'y', '.', 'c', 'h', '\0',
+  /* "lesmontagne.net", true */ 'l', 'e', 's', 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lesnet.co.uk", true */ 'l', 'e', 's', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lespagesweb.ch", true */ 'l', 'e', 's', 'p', 'a', 'g', 'e', 's', 'w', 'e', 'b', '.', 'c', 'h', '\0',
+  /* "lespecialiste-pradelexcellence.com", true */ 'l', 'e', 's', 'p', 'e', 'c', 'i', 'a', 'l', 'i', 's', 't', 'e', '-', 'p', 'r', 'a', 'd', 'e', 'l', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lesplatanes.ch", true */ 'l', 'e', 's', 'p', 'l', 'a', 't', 'a', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "lesquatredauphins.fr", true */ 'l', 'e', 's', 'q', 'u', 'a', 't', 'r', 'e', 'd', 'a', 'u', 'p', 'h', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "lesscloud.com", true */ 'l', 'e', 's', 's', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lessing.consulting", true */ 'l', 'e', 's', 's', 'i', 'n', 'g', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "lessis.moe", true */ 'l', 'e', 's', 's', 'i', 's', '.', 'm', 'o', 'e', '\0',
+  /* "lesterrassesdusoleil.ch", true */ 'l', 'e', 's', 't', 'e', 'r', 'r', 'a', 's', 's', 'e', 's', 'd', 'u', 's', 'o', 'l', 'e', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "lesyndicat.info", true */ 'l', 'e', 's', 'y', 'n', 'd', 'i', 'c', 'a', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "let-go.cc", true */ 'l', 'e', 't', '-', 'g', 'o', '.', 'c', 'c', '\0',
+  /* "letemps.ch", true */ 'l', 'e', 't', 'e', 'm', 'p', 's', '.', 'c', 'h', '\0',
+  /* "lets-bounce.com", true */ 'l', 'e', 't', 's', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lets-go-acoustic.de", true */ 'l', 'e', 't', 's', '-', 'g', 'o', '-', 'a', 'c', 'o', 'u', 's', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "lets-ktai.jp", true */ 'l', 'e', 't', 's', '-', 'k', 't', 'a', 'i', '.', 'j', 'p', '\0',
+  /* "lets.ninja", true */ 'l', 'e', 't', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "lets.nu", true */ 'l', 'e', 't', 's', '.', 'n', 'u', '\0',
+  /* "letsbounceuk.com", true */ 'l', 'e', 't', 's', 'b', 'o', 'u', 'n', 'c', 'e', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "letsencrypt-for-cpanel.com", true */ 'l', 'e', 't', 's', 'e', 'n', 'c', 'r', 'y', 'p', 't', '-', 'f', 'o', 'r', '-', 'c', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "letsgame.nl", true */ 'l', 'e', 't', 's', 'g', 'a', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "letsgetchecked.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "letsgetintouch.com", true */ 'l', 'e', 't', 's', 'g', 'e', 't', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "letsgowhilewereyoung.com", true */ 'l', 'e', 't', 's', 'g', 'o', 'w', 'h', 'i', 'l', 'e', 'w', 'e', 'r', 'e', 'y', 'o', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "letspartyrugby.co.uk", true */ 'l', 'e', 't', 's', 'p', 'a', 'r', 't', 'y', 'r', 'u', 'g', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "letstalkcounseling.com", true */ 'l', 'e', 't', 's', 't', 'a', 'l', 'k', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "letterbox-online.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'b', 'o', 'x', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "letterdance.de", true */ 'l', 'e', 't', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "letteringinstitute.com", true */ 'l', 'e', 't', 't', 'e', 'r', 'i', 'n', 'g', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lettersblogatory.com", true */ 'l', 'e', 't', 't', 'e', 'r', 's', 'b', 'l', 'o', 'g', 'a', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lettland-firma.com", true */ 'l', 'e', 't', 't', 'l', 'a', 'n', 'd', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lettori.club", true */ 'l', 'e', 't', 't', 'o', 'r', 'i', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "leuenhagen.com", true */ 'l', 'e', 'u', 'e', 'n', 'h', 'a', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "leuthardtfamily.com", true */ 'l', 'e', 'u', 't', 'h', 'a', 'r', 'd', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "levans.fr", true */ 'l', 'e', 'v', 'a', 'n', 's', '.', 'f', 'r', '\0',
+  /* "levanscatering.com", true */ 'l', 'e', 'v', 'a', 'n', 's', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "leveluprails.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "levelupwear.com", true */ 'l', 'e', 'v', 'e', 'l', 'u', 'p', 'w', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "levendwater.org", true */ 'l', 'e', 'v', 'e', 'n', 'd', 'w', 'a', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "levensbron.nl", true */ 'l', 'e', 'v', 'e', 'n', 's', 'b', 'r', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "leverj.io", true */ 'l', 'e', 'v', 'e', 'r', 'j', '.', 'i', 'o', '\0',
+  /* "levermann.eu", true */ 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'e', 'u', '\0',
+  /* "levindesalpes.fr", false */ 'l', 'e', 'v', 'i', 'n', 'd', 'e', 's', 'a', 'l', 'p', 'e', 's', '.', 'f', 'r', '\0',
+  /* "levinus.de", true */ 'l', 'e', 'v', 'i', 'n', 'u', 's', '.', 'd', 'e', '\0',
+  /* "lew.im", true */ 'l', 'e', 'w', '.', 'i', 'm', '\0',
+  /* "lewdawson.com", true */ 'l', 'e', 'w', 'd', 'a', 'w', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lewis.li", true */ 'l', 'e', 'w', 'i', 's', '.', 'l', 'i', '\0',
+  /* "lewisdatasecurity.com", true */ 'l', 'e', 'w', 'i', 's', 'd', 'a', 't', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lewislaw.com", true */ 'l', 'e', 'w', 'i', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "lewisllewellyn.me", true */ 'l', 'e', 'w', 'i', 's', 'l', 'l', 'e', 'w', 'e', 'l', 'l', 'y', 'n', '.', 'm', 'e', '\0',
+  /* "lewisseals.com", true */ 'l', 'e', 'w', 'i', 's', 's', 'e', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lexico.pt", true */ 'l', 'e', 'x', 'i', 'c', 'o', '.', 'p', 't', '\0',
+  /* "lexicography.online", true */ 'l', 'e', 'x', 'i', 'c', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "lexiphanic.co.uk", true */ 'l', 'e', 'x', 'i', 'p', 'h', 'a', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lexpartsofac.com", true */ 'l', 'e', 'x', 'p', 'a', 'r', 't', 's', 'o', 'f', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lexway.pk", true */ 'l', 'e', 'x', 'w', 'a', 'y', '.', 'p', 'k', '\0',
+  /* "lexxyn.nl", true */ 'l', 'e', 'x', 'x', 'y', 'n', '.', 'n', 'l', '\0',
+  /* "lezard-com.fr", true */ 'l', 'e', 'z', 'a', 'r', 'd', '-', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "lfashion.eu", true */ 'l', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "lfgss.com", true */ 'l', 'f', 'g', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lfrconseil.com", true */ 'l', 'f', 'r', 'c', 'o', 'n', 's', 'e', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lgbt.io", true */ 'l', 'g', 'b', 't', '.', 'i', 'o', '\0',
+  /* "lghfinancialstrategy.ch", true */ 'l', 'g', 'h', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "lgpecasoriginais.com.br", true */ 'l', 'g', 'p', 'e', 'c', 'a', 's', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lgsg.us", true */ 'l', 'g', 's', 'g', '.', 'u', 's', '\0',
+  /* "lhalbert.xyz", true */ 'l', 'h', 'a', 'l', 'b', 'e', 'r', 't', '.', 'x', 'y', 'z', '\0',
+  /* "lhasaapso.com.br", true */ 'l', 'h', 'a', 's', 'a', 'a', 'p', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lhconsult.tk", false */ 'l', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 't', 'k', '\0',
+  /* "lheinrich.com", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lheinrich.de", true */ 'l', 'h', 'e', 'i', 'n', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "lhost.su", true */ 'l', 'h', 'o', 's', 't', '.', 's', 'u', '\0',
+  /* "li-ke.co.jp", true */ 'l', 'i', '-', 'k', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "li.search.yahoo.com", false */ 'l', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "liangbp.com", true */ 'l', 'i', 'a', 'n', 'g', 'b', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lianwen.kim", true */ 'l', 'i', 'a', 'n', 'w', 'e', 'n', '.', 'k', 'i', 'm', '\0',
+  /* "lianye1.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '1', '.', 'c', 'c', '\0',
+  /* "lianye2.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '2', '.', 'c', 'c', '\0',
+  /* "lianye3.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '3', '.', 'c', 'c', '\0',
+  /* "lianye4.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '4', '.', 'c', 'c', '\0',
+  /* "lianye5.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '5', '.', 'c', 'c', '\0',
+  /* "lianye6.cc", true */ 'l', 'i', 'a', 'n', 'y', 'e', '6', '.', 'c', 'c', '\0',
+  /* "liaozheqi.cn", true */ 'l', 'i', 'a', 'o', 'z', 'h', 'e', 'q', 'i', '.', 'c', 'n', '\0',
+  /* "liaronce.win", true */ 'l', 'i', 'a', 'r', 'o', 'n', 'c', 'e', '.', 'w', 'i', 'n', '\0',
+  /* "lib64.net", true */ 'l', 'i', 'b', '6', '4', '.', 'n', 'e', 't', '\0',
+  /* "libbitcoin.org", true */ 'l', 'i', 'b', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "libble.eu", true */ 'l', 'i', 'b', 'b', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "libdeer.so", true */ 'l', 'i', 'b', 'd', 'e', 'e', 'r', '.', 's', 'o', '\0',
+  /* "liberapay.com", true */ 'l', 'i', 'b', 'e', 'r', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "libmpq.org", true */ 'l', 'i', 'b', 'm', 'p', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "librairie-asie.com", true */ 'l', 'i', 'b', 'r', 'a', 'i', 'r', 'i', 'e', '-', 'a', 's', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "library-quest.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', '-', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "libraryextension.com", true */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "libraryfreedomproject.org", false */ 'l', 'i', 'b', 'r', 'a', 'r', 'y', 'f', 'r', 'e', 'e', 'd', 'o', 'm', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "librazy.org", true */ 'l', 'i', 'b', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "libre.university", true */ 'l', 'i', 'b', 'r', 'e', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0',
+  /* "libreboot.org", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "librebox.de", true */ 'l', 'i', 'b', 'r', 'e', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "librelamp.com", true */ 'l', 'i', 'b', 'r', 'e', 'l', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "libremail.nl", true */ 'l', 'i', 'b', 'r', 'e', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "librends.org", true */ 'l', 'i', 'b', 'r', 'e', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "libreoffice-from-collabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '-', 'f', 'r', 'o', 'm', '-', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "libreofficefromcollabora.com", true */ 'l', 'i', 'b', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'r', 'o', 'm', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "librervac.org", true */ 'l', 'i', 'b', 'r', 'e', 'r', 'v', 'a', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "librisulibri.it", true */ 'l', 'i', 'b', 'r', 'i', 's', 'u', 'l', 'i', 'b', 'r', 'i', '.', 'i', 't', '\0',
+  /* "libscode.com", false */ 'l', 'i', 'b', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "libskia.so", true */ 'l', 'i', 'b', 's', 'k', 'i', 'a', '.', 's', 'o', '\0',
+  /* "libsodium.org", true */ 'l', 'i', 'b', 's', 'o', 'd', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "libstock.si", true */ 'l', 'i', 'b', 's', 't', 'o', 'c', 'k', '.', 's', 'i', '\0',
+  /* "licence-registry.com", true */ 'l', 'i', 'c', 'e', 'n', 'c', 'e', '-', 'r', 'e', 'g', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "liceserv.com", true */ 'l', 'i', 'c', 'e', 's', 'e', 'r', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lichess.org", true */ 'l', 'i', 'c', 'h', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "lichtspot.de", true */ 'l', 'i', 'c', 'h', 't', 's', 'p', 'o', 't', '.', 'd', 'e', '\0',
+  /* "lichttraeumer.de", true */ 'l', 'i', 'c', 'h', 't', 't', 'r', 'a', 'e', 'u', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lickmypussy.us", true */ 'l', 'i', 'c', 'k', 'm', 'y', 'p', 'u', 's', 's', 'y', '.', 'u', 's', '\0',
+  /* "lickthesalt.com", true */ 'l', 'i', 'c', 'k', 't', 'h', 'e', 's', 'a', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lidavidm.me", true */ 'l', 'i', 'd', 'a', 'v', 'i', 'd', 'm', '.', 'm', 'e', '\0',
+  /* "lidel.org", true */ 'l', 'i', 'd', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "liderwalut.pl", false */ 'l', 'i', 'd', 'e', 'r', 'w', 'a', 'l', 'u', 't', '.', 'p', 'l', '\0',
+  /* "lidl-gewinnspiel.de", true */ 'l', 'i', 'd', 'l', '-', 'g', 'e', 'w', 'i', 'n', 'n', 's', 'p', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "lidl-holidays.com", true */ 'l', 'i', 'd', 'l', '-', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lidl-menubox.ch", true */ 'l', 'i', 'd', 'l', '-', 'm', 'e', 'n', 'u', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "lidl-selection.at", true */ 'l', 'i', 'd', 'l', '-', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'a', 't', '\0',
+  /* "lidl-shop.be", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0',
+  /* "lidl-shop.cz", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "lidl-shop.nl", true */ 'l', 'i', 'd', 'l', '-', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "lidl-tour.ro", true */ 'l', 'i', 'd', 'l', '-', 't', 'o', 'u', 'r', '.', 'r', 'o', '\0',
+  /* "lidlovajogurteka.si", true */ 'l', 'i', 'd', 'l', 'o', 'v', 'a', 'j', 'o', 'g', 'u', 'r', 't', 'e', 'k', 'a', '.', 's', 'i', '\0',
+  /* "lidogr.com", true */ 'l', 'i', 'd', 'o', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lidong.me", true */ 'l', 'i', 'd', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "lidow.eu", true */ 'l', 'i', 'd', 'o', 'w', '.', 'e', 'u', '\0',
+  /* "liduan.com", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "liduan.net", true */ 'l', 'i', 'd', 'u', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "liebel.org", true */ 'l', 'i', 'e', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "lied8.eu", true */ 'l', 'i', 'e', 'd', '8', '.', 'e', 'u', '\0',
+  /* "liehuojun.com", true */ 'l', 'i', 'e', 'h', 'u', 'o', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifanov.com", true */ 'l', 'i', 'f', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lifebetweenlives.com.au", true */ 'l', 'i', 'f', 'e', 'b', 'e', 't', 'w', 'e', 'e', 'n', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lifecism.com", true */ 'l', 'i', 'f', 'e', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lifeinhex.com", true */ 'l', 'i', 'f', 'e', 'i', 'n', 'h', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lifekiss.ru", true */ 'l', 'i', 'f', 'e', 'k', 'i', 's', 's', '.', 'r', 'u', '\0',
+  /* "lifemarque.co.uk", true */ 'l', 'i', 'f', 'e', 'm', 'a', 'r', 'q', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifematenutrition.com", true */ 'l', 'i', 'f', 'e', 'm', 'a', 't', 'e', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifemstyle.com", true */ 'l', 'i', 'f', 'e', 'm', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lifenexto.com", true */ 'l', 'i', 'f', 'e', 'n', 'e', 'x', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lifeqa.net", true */ 'l', 'i', 'f', 'e', 'q', 'a', '.', 'n', 'e', 't', '\0',
+  /* "lifequotes-uk.co.uk", true */ 'l', 'i', 'f', 'e', 'q', 'u', 'o', 't', 'e', 's', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifesafety.com.br", true */ 'l', 'i', 'f', 'e', 's', 'a', 'f', 'e', 't', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lifescience-japan.com", true */ 'l', 'i', 'f', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lifestylefinancial.ca", true */ 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'a', '\0',
+  /* "lifeventure.co.uk", true */ 'l', 'i', 'f', 'e', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lifi.digital", true */ 'l', 'i', 'f', 'i', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "lifi.is", true */ 'l', 'i', 'f', 'i', '.', 'i', 's', '\0',
+  /* "liftie.info", true */ 'l', 'i', 'f', 't', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "light.mail.ru", true */ 'l', 'i', 'g', 'h', 't', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "lightcloud.com", true */ 'l', 'i', 'g', 'h', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lighting-centres.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '-', 'c', 'e', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lightme.us", true */ 'l', 'i', 'g', 'h', 't', 'm', 'e', '.', 'u', 's', '\0',
+  /* "lightpics.net", true */ 'l', 'i', 'g', 'h', 't', 'p', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "lights.co.uk", true */ 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lightspeed.com", false */ 'l', 'i', 'g', 'h', 't', 's', 'p', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lighttp.com", true */ 'l', 'i', 'g', 'h', 't', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "lightupcollective.co.uk", true */ 'l', 'i', 'g', 'h', 't', 'u', 'p', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lignemalin.com", true */ 'l', 'i', 'g', 'n', 'e', 'm', 'a', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lignenet.com", true */ 'l', 'i', 'g', 'n', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lignoma.com", true */ 'l', 'i', 'g', 'n', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ligonier.com", true */ 'l', 'i', 'g', 'o', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lihaul.dnsalias.net", true */ 'l', 'i', 'h', 'a', 'u', 'l', '.', 'd', 'n', 's', 'a', 'l', 'i', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "lijero.co", true */ 'l', 'i', 'j', 'e', 'r', 'o', '.', 'c', 'o', '\0',
+  /* "likc.me", true */ 'l', 'i', 'k', 'c', '.', 'm', 'e', '\0',
+  /* "likeablehub.com", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'l', 'e', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "likeabox.de", true */ 'l', 'i', 'k', 'e', 'a', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "likeaross.com", false */ 'l', 'i', 'k', 'e', 'a', 'r', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "likegeeks.com", true */ 'l', 'i', 'k', 'e', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "likehifi.de", true */ 'l', 'i', 'k', 'e', 'h', 'i', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "likemovies.de", true */ 'l', 'i', 'k', 'e', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "likenewhearing.com.au", true */ 'l', 'i', 'k', 'e', 'n', 'e', 'w', 'h', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lilaccakeboutique.com", true */ 'l', 'i', 'l', 'a', 'c', 'c', 'a', 'k', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lilapmedia.com", true */ 'l', 'i', 'l', 'a', 'p', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "liliang13.com", true */ 'l', 'i', 'l', 'i', 'a', 'n', 'g', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "lilismartinis.com", true */ 'l', 'i', 'l', 'i', 's', 'm', 'a', 'r', 't', 'i', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lily-bearing.com", true */ 'l', 'i', 'l', 'y', '-', 'b', 'e', 'a', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lily-inn.com", true */ 'l', 'i', 'l', 'y', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lilyfarmfreshskincare.com", true */ 'l', 'i', 'l', 'y', 'f', 'a', 'r', 'm', 'f', 'r', 'e', 's', 'h', 's', 'k', 'i', 'n', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lilygreen.co.za", true */ 'l', 'i', 'l', 'y', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "lilysbouncycastles.com", true */ 'l', 'i', 'l', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limawi.io", true */ 'l', 'i', 'm', 'a', 'w', 'i', '.', 'i', 'o', '\0',
+  /* "limberg.me", true */ 'l', 'i', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'e', '\0',
+  /* "limeburst.net", true */ 'l', 'i', 'm', 'e', 'b', 'u', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "limeres.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limereslaw.com", true */ 'l', 'i', 'm', 'e', 'r', 'e', 's', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "limitededitioncomputers.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limitededitionsolutions.com", true */ 'l', 'i', 'm', 'i', 't', 'e', 'd', 'e', 'd', 'i', 't', 'i', 'o', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "limix.com", false */ 'l', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "limoairporttoronto.net", true */ 'l', 'i', 'm', 'o', 'a', 'i', 'r', 'p', 'o', 'r', 't', 't', 'o', 'r', 'o', 'n', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "limousineservicezurich.com", true */ 'l', 'i', 'm', 'o', 'u', 's', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'z', 'u', 'r', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "limpid.nl", true */ 'l', 'i', 'm', 'p', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "limules.ch", true */ 'l', 'i', 'm', 'u', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "limunana.com", true */ 'l', 'i', 'm', 'u', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lin.fi", true */ 'l', 'i', 'n', '.', 'f', 'i', '\0',
+  /* "linan.blog", true */ 'l', 'i', 'n', 'a', 'n', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "lincdavis.com", true */ 'l', 'i', 'n', 'c', 'd', 'a', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lincsbouncycastlehire.co.uk", true */ 'l', 'i', 'n', 'c', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "linden.me", true */ 'l', 'i', 'n', 'd', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "lindeskar.se", true */ 'l', 'i', 'n', 'd', 'e', 's', 'k', 'a', 'r', '.', 's', 'e', '\0',
+  /* "lindo.ru", true */ 'l', 'i', 'n', 'd', 'o', '.', 'r', 'u', '\0',
+  /* "lindon.pw", true */ 'l', 'i', 'n', 'd', 'o', 'n', '.', 'p', 'w', '\0',
+  /* "lindsayanderson.com", true */ 'l', 'i', 'n', 'd', 's', 'a', 'y', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lindskogen.se", true */ 'l', 'i', 'n', 'd', 's', 'k', 'o', 'g', 'e', 'n', '.', 's', 'e', '\0',
+  /* "lindy.co", true */ 'l', 'i', 'n', 'd', 'y', '.', 'c', 'o', '\0',
+  /* "line.co.nz", true */ 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "linearaudio.net", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "linearaudio.nl", true */ 'l', 'i', 'n', 'e', 'a', 'r', 'a', 'u', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "lineauniformes.com.br", true */ 'l', 'i', 'n', 'e', 'a', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "linernotekids.com", true */ 'l', 'i', 'n', 'e', 'r', 'n', 'o', 't', 'e', 'k', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lingerie.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lingerielovers.com.br", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 'l', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lingeriesilhouette.com", true */ 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', 's', 'i', 'l', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lingotaxi.com", true */ 'l', 'i', 'n', 'g', 'o', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lingting.vip", true */ 'l', 'i', 'n', 'g', 't', 'i', 'n', 'g', '.', 'v', 'i', 'p', '\0',
+  /* "linguamilla.com", true */ 'l', 'i', 'n', 'g', 'u', 'a', 'm', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lingvo-svoboda.ru", true */ 'l', 'i', 'n', 'g', 'v', 'o', '-', 's', 'v', 'o', 'b', 'o', 'd', 'a', '.', 'r', 'u', '\0',
+  /* "link-sanitizer.com", true */ 'l', 'i', 'n', 'k', '-', 's', 'a', 'n', 'i', 't', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "linkedinbackground.com", true */ 'l', 'i', 'n', 'k', 'e', 'd', 'i', 'n', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "linkenheil.org", true */ 'l', 'i', 'n', 'k', 'e', 'n', 'h', 'e', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "linklocker.co", true */ 'l', 'i', 'n', 'k', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "linkmaker.co.uk", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "linkmauve.fr", true */ 'l', 'i', 'n', 'k', 'm', 'a', 'u', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "linkonaut.net", true */ 'l', 'i', 'n', 'k', 'o', 'n', 'a', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "linky.tk", true */ 'l', 'i', 'n', 'k', 'y', '.', 't', 'k', '\0',
+  /* "linkycat.com", true */ 'l', 'i', 'n', 'k', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linode.com", false */ 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "linost.com", true */ 'l', 'i', 'n', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linostassi.net", true */ 'l', 'i', 'n', 'o', 's', 't', 'a', 's', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "linpx.com", true */ 'l', 'i', 'n', 'p', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "linqhost.nl", true */ 'l', 'i', 'n', 'q', 'h', 'o', 's', 't', '.', 'n', 'l', '\0',
+  /* "linss.com", true */ 'l', 'i', 'n', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lintmx.com", true */ 'l', 'i', 'n', 't', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "linux-florida.com", true */ 'l', 'i', 'n', 'u', 'x', '-', 'f', 'l', 'o', 'r', 'i', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "linux-mint-czech.cz", true */ 'l', 'i', 'n', 'u', 'x', '-', 'm', 'i', 'n', 't', '-', 'c', 'z', 'e', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "linux-vme.org", true */ 'l', 'i', 'n', 'u', 'x', '-', 'v', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "linux.army", true */ 'l', 'i', 'n', 'u', 'x', '.', 'a', 'r', 'm', 'y', '\0',
+  /* "linux.cn", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'n', '\0',
+  /* "linux.conf.au", true */ 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'n', 'f', '.', 'a', 'u', '\0',
+  /* "linux.fi", true */ 'l', 'i', 'n', 'u', 'x', '.', 'f', 'i', '\0',
+  /* "linux3.org", true */ 'l', 'i', 'n', 'u', 'x', '3', '.', 'o', 'r', 'g', '\0',
+  /* "linuxbabe.com", false */ 'l', 'i', 'n', 'u', 'x', 'b', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "linuxbierwanderung.com", true */ 'l', 'i', 'n', 'u', 'x', 'b', 'i', 'e', 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "linuxchick.se", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'h', 'i', 'c', 'k', '.', 's', 'e', '\0',
+  /* "linuxcommand.ru", true */ 'l', 'i', 'n', 'u', 'x', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'r', 'u', '\0',
+  /* "linuxdays.cz", true */ 'l', 'i', 'n', 'u', 'x', 'd', 'a', 'y', 's', '.', 'c', 'z', '\0',
+  /* "linuxforum.ch", true */ 'l', 'i', 'n', 'u', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "linuxhostsupport.com", true */ 'l', 'i', 'n', 'u', 'x', 'h', 'o', 's', 't', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "linuxiuvat.de", true */ 'l', 'i', 'n', 'u', 'x', 'i', 'u', 'v', 'a', 't', '.', 'd', 'e', '\0',
+  /* "linuxlounge.net", true */ 'l', 'i', 'n', 'u', 'x', 'l', 'o', 'u', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "linuxproperties.com", true */ 'l', 'i', 'n', 'u', 'x', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "linvx.org", true */ 'l', 'i', 'n', 'v', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "linx.li", true */ 'l', 'i', 'n', 'x', '.', 'l', 'i', '\0',
+  /* "linx.net", true */ 'l', 'i', 'n', 'x', '.', 'n', 'e', 't', '\0',
+  /* "linxmind.eu", true */ 'l', 'i', 'n', 'x', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "linzgau.de", true */ 'l', 'i', 'n', 'z', 'g', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "lionlyrics.com", true */ 'l', 'i', 'o', 'n', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lionsdeal.com", true */ 'l', 'i', 'o', 'n', 's', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lipartydepot.com", true */ 'l', 'i', 'p', 'a', 'r', 't', 'y', 'd', 'e', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lipex.com", true */ 'l', 'i', 'p', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lipo.lol", true */ 'l', 'i', 'p', 'o', '.', 'l', 'o', 'l', '\0',
+  /* "lipoabaltimore.org", true */ 'l', 'i', 'p', 'o', 'a', 'b', 'a', 'l', 't', 'i', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "liqd.net", true */ 'l', 'i', 'q', 'd', '.', 'n', 'e', 't', '\0',
+  /* "liquid.cz", true */ 'l', 'i', 'q', 'u', 'i', 'd', '.', 'c', 'z', '\0',
+  /* "liquidhost.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'h', 'o', 's', 't', '.', 'c', 'o', '\0',
+  /* "liquidinternet.co", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'o', '\0',
+  /* "liquidradio.pro", true */ 'l', 'i', 'q', 'u', 'i', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'p', 'r', 'o', '\0',
+  /* "lirion.de", true */ 'l', 'i', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "liris-beautywelt.de", true */ 'l', 'i', 'r', 'i', 's', '-', 'b', 'e', 'a', 'u', 't', 'y', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "lirlandais.ch", true */ 'l', 'i', 'r', 'l', 'a', 'n', 'd', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "lirnberger.com", true */ 'l', 'i', 'r', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lisamccorrie.com", true */ 'l', 'i', 's', 'a', 'm', 'c', 'c', 'o', 'r', 'r', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lisamortimore.com", true */ 'l', 'i', 's', 'a', 'm', 'o', 'r', 't', 'i', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lisburnhottubnbounce.co.uk", true */ 'l', 'i', 's', 'b', 'u', 'r', 'n', 'h', 'o', 't', 't', 'u', 'b', 'n', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "liskgdt.net", true */ 'l', 'i', 's', 'k', 'g', 'd', 't', '.', 'n', 'e', 't', '\0',
+  /* "lislan.org.uk", true */ 'l', 'i', 's', 'l', 'a', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "lisowski-development.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lisowski-photography.com", true */ 'l', 'i', 's', 'o', 'w', 's', 'k', 'i', '-', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "listahu.org", true */ 'l', 'i', 's', 't', 'a', 'h', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "listen.dk", true */ 'l', 'i', 's', 't', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "lister-kirchweg.de", true */ 'l', 'i', 's', 't', 'e', 'r', '-', 'k', 'i', 'r', 'c', 'h', 'w', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "listminut.be", true */ 'l', 'i', 's', 't', 'm', 'i', 'n', 'u', 't', '.', 'b', 'e', '\0',
+  /* "lists.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lists.mayfirst.org", false */ 'l', 'i', 's', 't', 's', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lists.stg.fedoraproject.org", true */ 'l', 'i', 's', 't', 's', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "litchidova.nl", true */ 'l', 'i', 't', 'c', 'h', 'i', 'd', 'o', 'v', 'a', '.', 'n', 'l', '\0',
+  /* "litcomphonors.com", true */ 'l', 'i', 't', 'c', 'o', 'm', 'p', 'h', 'o', 'n', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litebits.com", true */ 'l', 'i', 't', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litemind.com", true */ 'l', 'i', 't', 'e', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "litevault.net", true */ 'l', 'i', 't', 'e', 'v', 'a', 'u', 'l', 't', '.', 'n', 'e', 't', '\0',
+  /* "litfin.name", true */ 'l', 'i', 't', 'f', 'i', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "lithan.com", true */ 'l', 'i', 't', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lithesalar.se", true */ 'l', 'i', 't', 'h', 'e', 's', 'a', 'l', 'a', 'r', '.', 's', 'e', '\0',
+  /* "lithianissaneugeneparts.com", true */ 'l', 'i', 't', 'h', 'i', 'a', 'n', 'i', 's', 's', 'a', 'n', 'e', 'u', 'g', 'e', 'n', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "litsovet.com", true */ 'l', 'i', 't', 's', 'o', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "little-cake.com", true */ 'l', 'i', 't', 't', 'l', 'e', '-', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "littledisney.ro", true */ 'l', 'i', 't', 't', 'l', 'e', 'd', 'i', 's', 'n', 'e', 'y', '.', 'r', 'o', '\0',
+  /* "littlefairy.no", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'i', 'r', 'y', '.', 'n', 'o', '\0',
+  /* "littlefamilyadventure.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "littlejumpers.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'j', 'u', 'm', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlelife.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlenina.nz", false */ 'l', 'i', 't', 't', 'l', 'e', 'n', 'i', 'n', 'a', '.', 'n', 'z', '\0',
+  /* "littlepigcreek.com.au", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'g', 'c', 'r', 'e', 'e', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "littlepincha.fr", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'i', 'n', 'c', 'h', 'a', '.', 'f', 'r', '\0',
+  /* "littleprincessandmascotparties.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'a', 'n', 'd', 'm', 'a', 's', 'c', 'o', 't', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littlescallywagsplay.co.uk", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "littleswitch.co.jp", true */ 'l', 'i', 't', 't', 'l', 'e', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "littlewatcher.com", true */ 'l', 'i', 't', 't', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "litvideoserver.de", true */ 'l', 'i', 't', 'v', 'i', 'd', 'e', 'o', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "litz.ca", true */ 'l', 'i', 't', 'z', '.', 'c', 'a', '\0',
+  /* "litzenberger.ca", true */ 'l', 'i', 't', 'z', 'e', 'n', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "liuboznaiko.eu", true */ 'l', 'i', 'u', 'b', 'o', 'z', 'n', 'a', 'i', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "liud.im", true */ 'l', 'i', 'u', 'd', '.', 'i', 'm', '\0',
+  /* "liudon.org", true */ 'l', 'i', 'u', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "liul.in", true */ 'l', 'i', 'u', 'l', '.', 'i', 'n', '\0',
+  /* "liushuyu.tk", true */ 'l', 'i', 'u', 's', 'h', 'u', 'y', 'u', '.', 't', 'k', '\0',
+  /* "liv3ly.com", true */ 'l', 'i', 'v', '3', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "livebetterwith.com", true */ 'l', 'i', 'v', 'e', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "livecards.co.uk", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "livecards.es", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 's', '\0',
+  /* "livecards.eu", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'e', 'u', '\0',
+  /* "livecards.it", true */ 'l', 'i', 'v', 'e', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0',
+  /* "livedesign.at", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'a', 't', '\0',
+  /* "livedesign24.de", true */ 'l', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "liveflightapp.com", true */ 'l', 'i', 'v', 'e', 'f', 'l', 'i', 'g', 'h', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "liveforspeed.se", true */ 'l', 'i', 'v', 'e', 'f', 'o', 'r', 's', 'p', 'e', 'e', 'd', '.', 's', 'e', '\0',
+  /* "livejasmin.dk", true */ 'l', 'i', 'v', 'e', 'j', 'a', 's', 'm', 'i', 'n', '.', 'd', 'k', '\0',
+  /* "livekaarten.be", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "livekaarten.nl", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "livekarten.at", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "livekarten.de", true */ 'l', 'i', 'v', 'e', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "livekort.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "livekort.dk", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "livekort.no", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 'n', 'o', '\0',
+  /* "livekort.se", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', '.', 's', 'e', '\0',
+  /* "livekortti.com", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "livekortti.fi", true */ 'l', 'i', 'v', 'e', 'k', 'o', 'r', 't', 't', 'i', '.', 'f', 'i', '\0',
+  /* "livelexi.com", true */ 'l', 'i', 'v', 'e', 'l', 'e', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "livepaperhelp.com", true */ 'l', 'i', 'v', 'e', 'p', 'a', 'p', 'e', 'r', 'h', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "livepath.ch", true */ 'l', 'i', 'v', 'e', 'p', 'a', 't', 'h', '.', 'c', 'h', '\0',
+  /* "liveperformersmeeting.net", true */ 'l', 'i', 'v', 'e', 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 'r', 's', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "liveregistratie.nl", true */ 'l', 'i', 'v', 'e', 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 't', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "livesearch-fukuoka.com", true */ 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '-', 'f', 'u', 'k', 'u', 'o', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "livesure.com", true */ 'l', 'i', 'v', 'e', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "livi.co", true */ 'l', 'i', 'v', 'i', '.', 'c', 'o', '\0',
+  /* "living-space.co.nz", true */ 'l', 'i', 'v', 'i', 'n', 'g', '-', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "living24.de", true */ 'l', 'i', 'v', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "livingforreal.com", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "livingworduk.org", true */ 'l', 'i', 'v', 'i', 'n', 'g', 'w', 'o', 'r', 'd', 'u', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "livnev.me", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'm', 'e', '\0',
+  /* "livnev.xyz", true */ 'l', 'i', 'v', 'n', 'e', 'v', '.', 'x', 'y', 'z', '\0',
+  /* "livolett.de", true */ 'l', 'i', 'v', 'o', 'l', 'e', 't', 't', '.', 'd', 'e', '\0',
+  /* "livrariacoad.com.br", true */ 'l', 'i', 'v', 'r', 'a', 'r', 'i', 'a', 'c', 'o', 'a', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "livroseuniformes.com.br", true */ 'l', 'i', 'v', 'r', 'o', 's', 'e', 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lixtick.com", true */ 'l', 'i', 'x', 't', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "liyin.date", true */ 'l', 'i', 'y', 'i', 'n', '.', 'd', 'a', 't', 'e', '\0',
+  /* "liyinjia.com", true */ 'l', 'i', 'y', 'i', 'n', 'j', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lizardsystems.com", true */ 'l', 'i', 'z', 'a', 'r', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lizhi.io", true */ 'l', 'i', 'z', 'h', 'i', '.', 'i', 'o', '\0',
+  /* "lizzythepooch.com", true */ 'l', 'i', 'z', 'z', 'y', 't', 'h', 'e', 'p', 'o', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ljason.cn", true */ 'l', 'j', 'a', 's', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "ljs.io", true */ 'l', 'j', 's', '.', 'i', 'o', '\0',
+  /* "lknw.de", true */ 'l', 'k', 'n', 'w', '.', 'd', 'e', '\0',
+  /* "lkummer.cz", true */ 'l', 'k', 'u', 'm', 'm', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "llamacuba.com", true */ 'l', 'l', 'a', 'm', 'a', 'c', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "llm-guide.com", true */ 'l', 'l', 'm', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lloyd-day.me", true */ 'l', 'l', 'o', 'y', 'd', '-', 'd', 'a', 'y', '.', 'm', 'e', '\0',
+  /* "llslb.com", true */ 'l', 'l', 's', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "lm-pumpen.de", false */ 'l', 'm', '-', 'p', 'u', 'm', 'p', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lmcm.io", true */ 'l', 'm', 'c', 'm', '.', 'i', 'o', '\0',
+  /* "lmddgtfy.net", true */ 'l', 'm', 'd', 'd', 'g', 't', 'f', 'y', '.', 'n', 'e', 't', '\0',
+  /* "lmerza.com", true */ 'l', 'm', 'e', 'r', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lmintlcx.com", true */ 'l', 'm', 'i', 'n', 't', 'l', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lmmtfy.io", true */ 'l', 'm', 'm', 't', 'f', 'y', '.', 'i', 'o', '\0',
+  /* "lmsptfy.com", true */ 'l', 'm', 's', 'p', 't', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lmtm.eu", true */ 'l', 'm', 't', 'm', '.', 'e', 'u', '\0',
+  /* "ln.io", true */ 'l', 'n', '.', 'i', 'o', '\0',
+  /* "lnhequipmentltd.com", true */ 'l', 'n', 'h', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lnoldan.com", true */ 'l', 'n', 'o', 'l', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lntu.org", true */ 'l', 'n', 't', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "lnx.li", true */ 'l', 'n', 'x', '.', 'l', 'i', '\0',
+  /* "load-ev.de", true */ 'l', 'o', 'a', 'd', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "loadlow.me", true */ 'l', 'o', 'a', 'd', 'l', 'o', 'w', '.', 'm', 'e', '\0',
+  /* "loadwallet.com", true */ 'l', 'o', 'a', 'd', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "loanaway.ca", true */ 'l', 'o', 'a', 'n', 'a', 'w', 'a', 'y', '.', 'c', 'a', '\0',
+  /* "loancompare.co.za", true */ 'l', 'o', 'a', 'n', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "loandolphin.com.au", true */ 'l', 'o', 'a', 'n', 'd', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "loanmatch.sg", true */ 'l', 'o', 'a', 'n', 'm', 'a', 't', 'c', 'h', '.', 's', 'g', '\0',
+  /* "loanstreet.nl", true */ 'l', 'o', 'a', 'n', 's', 't', 'r', 'e', 'e', 't', '.', 'n', 'l', '\0',
+  /* "lobin21.com", true */ 'l', 'o', 'b', 'i', 'n', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "lobivia.de", true */ 'l', 'o', 'b', 'i', 'v', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "lobsangstudio.com", true */ 'l', 'o', 'b', 's', 'a', 'n', 'g', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "locais.org", true */ 'l', 'o', 'c', 'a', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "local360.net", true */ 'l', 'o', 'c', 'a', 'l', '3', '6', '0', '.', 'n', 'e', 't', '\0',
+  /* "localbandz.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'a', 'n', 'd', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "localbitcoins.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'i', 't', 'c', 'o', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "localblock.co.za", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'l', 'o', 'c', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "localbouncycastle.com", true */ 'l', 'o', 'c', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "localdecor.com.br", true */ 'l', 'o', 'c', 'a', 'l', 'd', 'e', 'c', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "localhorst.xyz", true */ 'l', 'o', 'c', 'a', 'l', 'h', 'o', 'r', 's', 't', '.', 'x', 'y', 'z', '\0',
+  /* "localspot.pl", true */ 'l', 'o', 'c', 'a', 'l', 's', 'p', 'o', 't', '.', 'p', 'l', '\0',
+  /* "locapos.com", true */ 'l', 'o', 'c', 'a', 'p', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "locatorplus.gov", true */ 'l', 'o', 'c', 'a', 't', 'o', 'r', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "locauxrama.fr", true */ 'l', 'o', 'c', 'a', 'u', 'x', 'r', 'a', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "locchat.com", true */ 'l', 'o', 'c', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "locker.email", true */ 'l', 'o', 'c', 'k', 'e', 'r', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "lockify.com", true */ 'l', 'o', 'c', 'k', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lockpick.nl", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "lockpicks.se", true */ 'l', 'o', 'c', 'k', 'p', 'i', 'c', 'k', 's', '.', 's', 'e', '\0',
+  /* "lockr.io", true */ 'l', 'o', 'c', 'k', 'r', '.', 'i', 'o', '\0',
+  /* "locksport.org.nz", true */ 'l', 'o', 'c', 'k', 's', 'p', 'o', 'r', 't', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "locomore.com", true */ 'l', 'o', 'c', 'o', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lodash.com", false */ 'l', 'o', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lodgesdureynou.fr", true */ 'l', 'o', 'd', 'g', 'e', 's', 'd', 'u', 'r', 'e', 'y', 'n', 'o', 'u', '.', 'f', 'r', '\0',
+  /* "loeildansledoigt.fr", true */ 'l', 'o', 'e', 'i', 'l', 'd', 'a', 'n', 's', 'l', 'e', 'd', 'o', 'i', 'g', 't', '.', 'f', 'r', '\0',
+  /* "loenshotel.de", true */ 'l', 'o', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "loew.de", true */ 'l', 'o', 'e', 'w', '.', 'd', 'e', '\0',
+  /* "lofttravel.com", true */ 'l', 'o', 'f', 't', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "log.my", false */ 'l', 'o', 'g', '.', 'm', 'y', '\0',
+  /* "logaldeveloper.com", true */ 'l', 'o', 'g', 'a', 'l', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "loganmarchione.com", true */ 'l', 'o', 'g', 'a', 'n', 'm', 'a', 'r', 'c', 'h', 'i', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "loganparkneighborhood.org", true */ 'l', 'o', 'g', 'a', 'n', 'p', 'a', 'r', 'k', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 'h', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "logbook.ch", true */ 'l', 'o', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'h', '\0',
+  /* "logbot.info", true */ 'l', 'o', 'g', 'b', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "logement-saisonnier.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '-', 's', 'a', 'i', 's', 'o', 'n', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "logement.com", true */ 'l', 'o', 'g', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "logentries.com", false */ 'l', 'o', 'g', 'e', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "logfile.at", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'a', 't', '\0',
+  /* "logfile.ch", true */ 'l', 'o', 'g', 'f', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "logicchen.com", true */ 'l', 'o', 'g', 'i', 'c', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "logiciel-entreprise-seurann.fr", true */ 'l', 'o', 'g', 'i', 'c', 'i', 'e', 'l', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', '-', 's', 'e', 'u', 'r', 'a', 'n', 'n', '.', 'f', 'r', '\0',
+  /* "logicio.ch", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "logicio.de", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "logicio.net", false */ 'l', 'o', 'g', 'i', 'c', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "logicsale.com", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "logicsale.de", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "logicsale.fr", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "logicsale.it", true */ 'l', 'o', 'g', 'i', 'c', 's', 'a', 'l', 'e', '.', 'i', 't', '\0',
+  /* "login.corp.google.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'c', 'o', 'r', 'p', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "login.gov", false */ 'l', 'o', 'g', 'i', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "login.launchpad.net", true */ 'l', 'o', 'g', 'i', 'n', '.', 'l', 'a', 'u', 'n', 'c', 'h', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "login.sapo.pt", true */ 'l', 'o', 'g', 'i', 'n', '.', 's', 'a', 'p', 'o', '.', 'p', 't', '\0',
+  /* "login.ubuntu.com", true */ 'l', 'o', 'g', 'i', 'n', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "login.xero.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "login.yahoo.com", false */ 'l', 'o', 'g', 'i', 'n', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "logitank.net", true */ 'l', 'o', 'g', 'i', 't', 'a', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "logitel.de", true */ 'l', 'o', 'g', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "logojoes.net", true */ 'l', 'o', 'g', 'o', 'j', 'o', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "logopaediereinhard.de", true */ 'l', 'o', 'g', 'o', 'p', 'a', 'e', 'd', 'i', 'e', 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "logopedistalanni.it", true */ 'l', 'o', 'g', 'o', 'p', 'e', 'd', 'i', 's', 't', 'a', 'l', 'a', 'n', 'n', 'i', '.', 'i', 't', '\0',
+  /* "logophiliapress.com", true */ 'l', 'o', 'g', 'o', 'p', 'h', 'i', 'l', 'i', 'a', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "logopoeia.com", true */ 'l', 'o', 'g', 'o', 'p', 'o', 'e', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "logostock.jp", true */ 'l', 'o', 'g', 'o', 's', 't', 'o', 'c', 'k', '.', 'j', 'p', '\0',
+  /* "lohanaflores.com.br", true */ 'l', 'o', 'h', 'a', 'n', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "loichot.ch", true */ 'l', 'o', 'i', 'c', 'h', 'o', 't', '.', 'c', 'h', '\0',
+  /* "lojadamimo.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'm', 'i', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadanidrea.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'a', 'n', 'i', 'd', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadewhisky.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'e', 'w', 'h', 'i', 's', 'k', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadoarcomprimido.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'i', 'm', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojadoprazer.com.br", true */ 'l', 'o', 'j', 'a', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojafazendoarte.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'a', 'z', 'e', 'n', 'd', 'o', 'a', 'r', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojafilipaper.com.br", true */ 'l', 'o', 'j', 'a', 'f', 'i', 'l', 'i', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamagicalx.com", true */ 'l', 'o', 'j', 'a', 'm', 'a', 'g', 'i', 'c', 'a', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lojamascate.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'a', 's', 'c', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamoleco.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'o', 'l', 'e', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojamulticapmais.com.br", true */ 'l', 'o', 'j', 'a', 'm', 'u', 'l', 't', 'i', 'c', 'a', 'p', 'm', 'a', 'i', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaprimemed.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'i', 'm', 'e', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaprojetoagua.com.br", true */ 'l', 'o', 'j', 'a', 'p', 'r', 'o', 'j', 'e', 't', 'o', 'a', 'g', 'u', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojaterrazul.com.br", true */ 'l', 'o', 'j', 'a', 't', 'e', 'r', 'r', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojavirtualfct.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'f', 'c', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojavisamed.com.br", true */ 'l', 'o', 'j', 'a', 'v', 'i', 's', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lojix.com", true */ 'l', 'o', 'j', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "lojj.pt", true */ 'l', 'o', 'j', 'j', '.', 'p', 't', '\0',
+  /* "lokaal.org", true */ 'l', 'o', 'k', 'a', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "lolcorp.pl", true */ 'l', 'o', 'l', 'c', 'o', 'r', 'p', '.', 'p', 'l', '\0',
+  /* "lolcow.farm", true */ 'l', 'o', 'l', 'c', 'o', 'w', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "lolhax.org", true */ 'l', 'o', 'l', 'h', 'a', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "loli.net", true */ 'l', 'o', 'l', 'i', '.', 'n', 'e', 't', '\0',
+  /* "loli.pet", true */ 'l', 'o', 'l', 'i', '.', 'p', 'e', 't', '\0',
+  /* "loli.world", true */ 'l', 'o', 'l', 'i', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "lolibrary.org", true */ 'l', 'o', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "lolicon.eu", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "lolicon.info", true */ 'l', 'o', 'l', 'i', 'c', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "lolis.stream", true */ 'l', 'o', 'l', 'i', 's', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "lolkot.ru", true */ 'l', 'o', 'l', 'k', 'o', 't', '.', 'r', 'u', '\0',
+  /* "lollaconcept.com.br", true */ 'l', 'o', 'l', 'l', 'a', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lolnames.gg", true */ 'l', 'o', 'l', 'n', 'a', 'm', 'e', 's', '.', 'g', 'g', '\0',
+  /* "lolpatrol.de", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "lolpatrol.wtf", true */ 'l', 'o', 'l', 'p', 'a', 't', 'r', 'o', 'l', '.', 'w', 't', 'f', '\0',
+  /* "loma.ml", true */ 'l', 'o', 'm', 'a', '.', 'm', 'l', '\0',
+  /* "lommyfleet.com", true */ 'l', 'o', 'm', 'm', 'y', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lon-so.com", true */ 'l', 'o', 'n', '-', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lona.io", true */ 'l', 'o', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "lonal.com", true */ 'l', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lonasdigital.com", true */ 'l', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lonbali.com", true */ 'l', 'o', 'n', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "london.dating", true */ 'l', 'o', 'n', 'd', 'o', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "londongynaecologist.co", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'g', 'y', 'n', 'a', 'e', 'c', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', '\0',
+  /* "londonkan.jp", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "londonkeyholdingcompany.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "londonseedcentre.co.uk", true */ 'l', 'o', 'n', 'd', 'o', 'n', 's', 'e', 'e', 'd', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lone-gunman.be", true */ 'l', 'o', 'n', 'e', '-', 'g', 'u', 'n', 'm', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "lonelytweets.com", true */ 'l', 'o', 'n', 'e', 'l', 'y', 't', 'w', 'e', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lonesomecosmonaut.com", true */ 'l', 'o', 'n', 'e', 's', 'o', 'm', 'e', 'c', 'o', 's', 'm', 'o', 'n', 'a', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "longhaircareforum.com", true */ 'l', 'o', 'n', 'g', 'h', 'a', 'i', 'r', 'c', 'a', 'r', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "longhorn-imports.com", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '-', 'i', 'm', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "longhorn.id.au", true */ 'l', 'o', 'n', 'g', 'h', 'o', 'r', 'n', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "longstride.net", true */ 'l', 'o', 'n', 'g', 's', 't', 'r', 'i', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "lonniec.com", true */ 'l', 'o', 'n', 'n', 'i', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "look.co.il", true */ 'l', 'o', 'o', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "looka.ch", true */ 'l', 'o', 'o', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "looka.photo", true */ 'l', 'o', 'o', 'k', 'a', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "lookagain.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lookart.ch", true */ 'l', 'o', 'o', 'k', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "lookasik.eu", true */ 'l', 'o', 'o', 'k', 'a', 's', 'i', 'k', '.', 'e', 'u', '\0',
+  /* "lookastic.co.uk", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lookastic.com", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "lookastic.de", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "lookastic.es", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'e', 's', '\0',
+  /* "lookastic.fr", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "lookastic.mx", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'm', 'x', '\0',
+  /* "lookastic.ru", true */ 'l', 'o', 'o', 'k', 'a', 's', 't', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "lookbetweenthelines.com", true */ 'l', 'o', 'o', 'k', 'b', 'e', 't', 'w', 'e', 'e', 'n', 't', 'h', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lookyman.net", true */ 'l', 'o', 'o', 'k', 'y', 'm', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "loom.no", true */ 'l', 'o', 'o', 'm', '.', 'n', 'o', '\0',
+  /* "looneymooney.com", true */ 'l', 'o', 'o', 'n', 'e', 'y', 'm', 'o', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "loony.info", true */ 'l', 'o', 'o', 'n', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "loophost.com.br", false */ 'l', 'o', 'o', 'p', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "loopower.com", true */ 'l', 'o', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "loopstart.org", true */ 'l', 'o', 'o', 'p', 's', 't', 'a', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "loovto.net", true */ 'l', 'o', 'o', 'v', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "loperetti.ch", true */ 'l', 'o', 'p', 'e', 'r', 'e', 't', 't', 'i', '.', 'c', 'h', '\0',
+  /* "loqu8.com", true */ 'l', 'o', 'q', 'u', '8', '.', 'c', 'o', 'm', '\0',
+  /* "lordgun.com", true */ 'l', 'o', 'r', 'd', 'g', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lordofthebrick.com", true */ 'l', 'o', 'r', 'd', 'o', 'f', 't', 'h', 'e', 'b', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lore.azurewebsites.net", true */ 'l', 'o', 'r', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "lorenadumitrascu.ro", true */ 'l', 'o', 'r', 'e', 'n', 'a', 'd', 'u', 'm', 'i', 't', 'r', 'a', 's', 'c', 'u', '.', 'r', 'o', '\0',
+  /* "loritaboegl.de", true */ 'l', 'o', 'r', 'i', 't', 'a', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "losless.fr", true */ 'l', 'o', 's', 'l', 'e', 's', 's', '.', 'f', 'r', '\0',
+  /* "loss.no", true */ 'l', 'o', 's', 's', '.', 'n', 'o', '\0',
+  /* "lost.host", true */ 'l', 'o', 's', 't', '.', 'h', 'o', 's', 't', '\0',
+  /* "lostandcash.com", true */ 'l', 'o', 's', 't', 'a', 'n', 'd', 'c', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lostarq.com", true */ 'l', 'o', 's', 't', 'a', 'r', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "lostingames.de", true */ 'l', 'o', 's', 't', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "lostkeys.co.uk", true */ 'l', 'o', 's', 't', 'k', 'e', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lostserver.com", true */ 'l', 'o', 's', 't', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lostwithdan.com", true */ 'l', 'o', 's', 't', 'w', 'i', 't', 'h', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "loteks.de", true */ 'l', 'o', 't', 'e', 'k', 's', '.', 'd', 'e', '\0',
+  /* "lothlorien.ca", true */ 'l', 'o', 't', 'h', 'l', 'o', 'r', 'i', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "lottosonline.com", true */ 'l', 'o', 't', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lottospielen24.org", false */ 'l', 'o', 't', 't', 'o', 's', 'p', 'i', 'e', 'l', 'e', 'n', '2', '4', '.', 'o', 'r', 'g', '\0',
+  /* "lotuscloud.de", true */ 'l', 'o', 't', 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "lotw.de", true */ 'l', 'o', 't', 'w', '.', 'd', 'e', '\0',
+  /* "lotz.li", true */ 'l', 'o', 't', 'z', '.', 'l', 'i', '\0',
+  /* "lou.lt", true */ 'l', 'o', 'u', '.', 'l', 't', '\0',
+  /* "louange-reconvilier.ch", true */ 'l', 'o', 'u', 'a', 'n', 'g', 'e', '-', 'r', 'e', 'c', 'o', 'n', 'v', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "loucanfixit.com", true */ 'l', 'o', 'u', 'c', 'a', 'n', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "louisvillecarguys.com", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'c', 'a', 'r', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "louisvillevmug.info", true */ 'l', 'o', 'u', 'i', 's', 'v', 'i', 'l', 'l', 'e', 'v', 'm', 'u', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "loune.net", true */ 'l', 'o', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "love-schna.jp", true */ 'l', 'o', 'v', 'e', '-', 's', 'c', 'h', 'n', 'a', '.', 'j', 'p', '\0',
+  /* "love4taylor.eu.org", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "love4taylor.me", true */ 'l', 'o', 'v', 'e', '4', 't', 'a', 'y', 'l', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "loveandadoreboutique.com", true */ 'l', 'o', 'v', 'e', 'a', 'n', 'd', 'a', 'd', 'o', 'r', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "loveislandgames.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "loveismore.de", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "loveismore.es", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 's', '\0',
+  /* "loveismore.eu", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "loveismore.fr", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "loveismore.it", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'i', 't', '\0',
+  /* "loveismore.org", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "loveismore.pl", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'p', 'l', '\0',
+  /* "loveismore.ru", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 'r', 'u', '\0',
+  /* "loveismore.sk", false */ 'l', 'o', 'v', 'e', 'i', 's', 'm', 'o', 'r', 'e', '.', 's', 'k', '\0',
+  /* "loveisourweapon.com", true */ 'l', 'o', 'v', 'e', 'i', 's', 'o', 'u', 'r', 'w', 'e', 'a', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lovelens.ch", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'c', 'h', '\0',
+  /* "lovelens.li", true */ 'l', 'o', 'v', 'e', 'l', 'e', 'n', 's', '.', 'l', 'i', '\0',
+  /* "lovelive-anime.tk", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '-', 'a', 'n', 'i', 'm', 'e', '.', 't', 'k', '\0',
+  /* "lovelive.us", true */ 'l', 'o', 'v', 'e', 'l', 'i', 'v', 'e', '.', 'u', 's', '\0',
+  /* "lovemomiji.com", true */ 'l', 'o', 'v', 'e', 'm', 'o', 'm', 'i', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lovemysafetynet.com", true */ 'l', 'o', 'v', 'e', 'm', 'y', 's', 'a', 'f', 'e', 't', 'y', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lovenwishes.com", true */ 'l', 'o', 'v', 'e', 'n', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "loveph.one", true */ 'l', 'o', 'v', 'e', 'p', 'h', '.', 'o', 'n', 'e', '\0',
+  /* "lover-bg.com", true */ 'l', 'o', 'v', 'e', 'r', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "loveread-ec.appspot.com", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'a', 'd', '-', 'e', 'c', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "loverepublic.ru", true */ 'l', 'o', 'v', 'e', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'r', 'u', '\0',
+  /* "lovesmagical.com", true */ 'l', 'o', 'v', 'e', 's', 'm', 'a', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lovesupremefestival.com", true */ 'l', 'o', 'v', 'e', 's', 'u', 'p', 'r', 'e', 'm', 'e', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lovetravel360.com", true */ 'l', 'o', 'v', 'e', 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '0', '.', 'c', 'o', 'm', '\0',
+  /* "loveyounastya.com", true */ 'l', 'o', 'v', 'e', 'y', 'o', 'u', 'n', 'a', 's', 't', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "loveysa.ch", true */ 'l', 'o', 'v', 'e', 'y', 's', 'a', '.', 'c', 'h', '\0',
+  /* "lovg.ren", true */ 'l', 'o', 'v', 'g', '.', 'r', 'e', 'n', '\0',
+  /* "lovingearth.co", true */ 'l', 'o', 'v', 'i', 'n', 'g', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '\0',
+  /* "lovizaim.ru", true */ 'l', 'o', 'v', 'i', 'z', 'a', 'i', 'm', '.', 'r', 'u', '\0',
+  /* "low-diets.com", true */ 'l', 'o', 'w', '-', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lowcostwire.com.au", true */ 'l', 'o', 'w', 'c', 'o', 's', 't', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "lowmagnitude.com", true */ 'l', 'o', 'w', 'm', 'a', 'g', 'n', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lowsec.space", true */ 'l', 'o', 'w', 's', 'e', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "lowsidetna.com", true */ 'l', 'o', 'w', 's', 'i', 'd', 'e', 't', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lowson.ca", true */ 'l', 'o', 'w', 's', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "loyaleco.it", true */ 'l', 'o', 'y', 'a', 'l', 'e', 'c', 'o', '.', 'i', 't', '\0',
+  /* "lp-support.nl", true */ 'l', 'p', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "lpacademy.com.br", true */ 'l', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "lpbk-bethel.de", false */ 'l', 'p', 'b', 'k', '-', 'b', 'e', 't', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "lpm-uk.com", true */ 'l', 'p', 'm', '-', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lpt-nebreziny.eu", true */ 'l', 'p', 't', '-', 'n', 'e', 'b', 'r', 'e', 'z', 'i', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "lra-cloud.de", true */ 'l', 'r', 'a', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "lrssystems.com", true */ 'l', 'r', 's', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ls-alarm.de", true */ 'l', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "ls-rp.es", true */ 'l', 's', '-', 'r', 'p', '.', 'e', 's', '\0',
+  /* "lsc-dillingen.de", true */ 'l', 's', 'c', '-', 'd', 'i', 'l', 'l', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "lsc.gov", true */ 'l', 's', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "lsquo.com", true */ 'l', 's', 'q', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lstma.com", true */ 'l', 's', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lsvih.com", true */ 'l', 's', 'v', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lsys.ac", true */ 'l', 's', 'y', 's', '.', 'a', 'c', '\0',
+  /* "lszj.com", true */ 'l', 's', 'z', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "lt.search.yahoo.com", false */ 'l', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ltba.org", true */ 'l', 't', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ltecode.com", true */ 'l', 't', 'e', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ltls.org", true */ 'l', 't', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ltn-tom-morel.fr", true */ 'l', 't', 'n', '-', 't', 'o', 'm', '-', 'm', 'o', 'r', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "lu.search.yahoo.com", false */ 'l', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "luav.org", true */ 'l', 'u', 'a', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "lubar.me", true */ 'l', 'u', 'b', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "lubbockyounglawyers.org", true */ 'l', 'u', 'b', 'b', 'o', 'c', 'k', 'y', 'o', 'u', 'n', 'g', 'l', 'a', 'w', 'y', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "lubomirkazakov.com", true */ 'l', 'u', 'b', 'o', 'm', 'i', 'r', 'k', 'a', 'z', 'a', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "lubot.net", false */ 'l', 'u', 'b', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "luc-oberson.ch", true */ 'l', 'u', 'c', '-', 'o', 'b', 'e', 'r', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "luca.swiss", true */ 'l', 'u', 'c', 'a', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "lucakrebs.de", true */ 'l', 'u', 'c', 'a', 'k', 'r', 'e', 'b', 's', '.', 'd', 'e', '\0',
+  /* "lucasantarella.com", true */ 'l', 'u', 'c', 'a', 's', 'a', 'n', 't', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lucascantor.com", true */ 'l', 'u', 'c', 'a', 's', 'c', 'a', 'n', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lucasem.com", true */ 'l', 'u', 'c', 'a', 's', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lucasgaland.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'a', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "lucasgymnastics.com", true */ 'l', 'u', 'c', 'a', 's', 'g', 'y', 'm', 'n', 'a', 's', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucassoler.com.ar", true */ 'l', 'u', 'c', 'a', 's', 's', 'o', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "luce.life", true */ 'l', 'u', 'c', 'e', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "luchscheider.de", false */ 'l', 'u', 'c', 'h', 's', 'c', 'h', 'e', 'i', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lucid-light.de", true */ 'l', 'u', 'c', 'i', 'd', '-', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "lucidframeworks.com", true */ 'l', 'u', 'c', 'i', 'd', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucidlight.de", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'i', 'g', 'h', 't', '.', 'd', 'e', '\0',
+  /* "lucidlogs.com", true */ 'l', 'u', 'c', 'i', 'd', 'l', 'o', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lucidoccult.com", true */ 'l', 'u', 'c', 'i', 'd', 'o', 'c', 'c', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lucielavickova.com", true */ 'l', 'u', 'c', 'i', 'e', 'l', 'a', 'v', 'i', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luckycastles.co.uk", true */ 'l', 'u', 'c', 'k', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "luckyfrog.hk", true */ 'l', 'u', 'c', 'k', 'y', 'f', 'r', 'o', 'g', '.', 'h', 'k', '\0',
+  /* "luckystarfishing.com", true */ 'l', 'u', 'c', 'k', 'y', 's', 't', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lucy.science", true */ 'l', 'u', 'c', 'y', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "lucysan.net", true */ 'l', 'u', 'c', 'y', 's', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ludikovsky.name", true */ 'l', 'u', 'd', 'i', 'k', 'o', 'v', 's', 'k', 'y', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "ludwig.im", true */ 'l', 'u', 'd', 'w', 'i', 'g', '.', 'i', 'm', '\0',
+  /* "ludwiggrill.de", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'g', 'r', 'i', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "ludwigpro.net", true */ 'l', 'u', 'd', 'w', 'i', 'g', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "luehne.de", true */ 'l', 'u', 'e', 'h', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "luelistan.net", true */ 'l', 'u', 'e', 'l', 'i', 's', 't', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "luenwarneke.com", true */ 'l', 'u', 'e', 'n', 'w', 'a', 'r', 'n', 'e', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luffyhair.com", true */ 'l', 'u', 'f', 'f', 'y', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "luftbild-siegerland.de", true */ 'l', 'u', 'f', 't', 'b', 'i', 'l', 'd', '-', 's', 'i', 'e', 'g', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "luftreiniger.biz", true */ 'l', 'u', 'f', 't', 'r', 'e', 'i', 'n', 'i', 'g', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "luganskservers.net", true */ 'l', 'u', 'g', 'a', 'n', 's', 'k', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "lugbb.org", true */ 'l', 'u', 'g', 'b', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "luginbuehl.be", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'b', 'e', '\0',
+  /* "luginbuehl.eu", true */ 'l', 'u', 'g', 'i', 'n', 'b', 'u', 'e', 'h', 'l', '.', 'e', 'u', '\0',
+  /* "lugui.in", true */ 'l', 'u', 'g', 'u', 'i', '.', 'i', 'n', '\0',
+  /* "luiscapelo.info", true */ 'l', 'u', 'i', 's', 'c', 'a', 'p', 'e', 'l', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "luisgf.es", true */ 'l', 'u', 'i', 's', 'g', 'f', '.', 'e', 's', '\0',
+  /* "luismaier.de", true */ 'l', 'u', 'i', 's', 'm', 'a', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "luisv.me", true */ 'l', 'u', 'i', 's', 'v', '.', 'm', 'e', '\0',
+  /* "luisyr.com", true */ 'l', 'u', 'i', 's', 'y', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "luizkowalski.net", true */ 'l', 'u', 'i', 'z', 'k', 'o', 'w', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "luk.earth", true */ 'l', 'u', 'k', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "luk.photo", true */ 'l', 'u', 'k', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "lukas-oppermann.de", true */ 'l', 'u', 'k', 'a', 's', '-', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "lukas-schauer.de", true */ 'l', 'u', 'k', 'a', 's', '-', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lukas.im", true */ 'l', 'u', 'k', 'a', 's', '.', 'i', 'm', '\0',
+  /* "lukas2511.de", true */ 'l', 'u', 'k', 'a', 's', '2', '5', '1', '1', '.', 'd', 'e', '\0',
+  /* "lukasberan.com", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lukasberan.cz", true */ 'l', 'u', 'k', 'a', 's', 'b', 'e', 'r', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "lukasfunk.com", true */ 'l', 'u', 'k', 'a', 's', 'f', 'u', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lukasoppermann.com", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lukasoppermann.de", true */ 'l', 'u', 'k', 'a', 's', 'o', 'p', 'p', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "lukasschauer.de", true */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lukasschick.de", false */ 'l', 'u', 'k', 'a', 's', 's', 'c', 'h', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "lukaszorn.de", true */ 'l', 'u', 'k', 'a', 's', 'z', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "lukatz.de", true */ 'l', 'u', 'k', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "luke.ch", true */ 'l', 'u', 'k', 'e', '.', 'c', 'h', '\0',
+  /* "lukeistschuld.de", true */ 'l', 'u', 'k', 'e', 'i', 's', 't', 's', 'c', 'h', 'u', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "lukeng.net", true */ 'l', 'u', 'k', 'e', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "lukesbouncycastlehire.com", true */ 'l', 'u', 'k', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lukestebbing.com", true */ 'l', 'u', 'k', 'e', 's', 't', 'e', 'b', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "lukmanulhakim.id", true */ 'l', 'u', 'k', 'm', 'a', 'n', 'u', 'l', 'h', 'a', 'k', 'i', 'm', '.', 'i', 'd', '\0',
+  /* "lukull-pizza.de", true */ 'l', 'u', 'k', 'u', 'l', 'l', '-', 'p', 'i', 'z', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "lumer.tech", true */ 'l', 'u', 'm', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0',
+  /* "lumiere.com", true */ 'l', 'u', 'm', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luminancy.com", true */ 'l', 'u', 'm', 'i', 'n', 'a', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "lunafag.ru", true */ 'l', 'u', 'n', 'a', 'f', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "lunakit.org", true */ 'l', 'u', 'n', 'a', 'k', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "lunapps.com", true */ 'l', 'u', 'n', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lunar6.ch", true */ 'l', 'u', 'n', 'a', 'r', '6', '.', 'c', 'h', '\0',
+  /* "lunarshark.com", true */ 'l', 'u', 'n', 'a', 'r', 's', 'h', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "lunarsoft.net", true */ 'l', 'u', 'n', 'a', 'r', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "lunartail.nl", true */ 'l', 'u', 'n', 'a', 'r', 't', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "lunasqu.ee", true */ 'l', 'u', 'n', 'a', 's', 'q', 'u', '.', 'e', 'e', '\0',
+  /* "lunchbunch.me", true */ 'l', 'u', 'n', 'c', 'h', 'b', 'u', 'n', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "lune-indigo.ch", true */ 'l', 'u', 'n', 'e', '-', 'i', 'n', 'd', 'i', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "lungdoc.us", false */ 'l', 'u', 'n', 'g', 'd', 'o', 'c', '.', 'u', 's', '\0',
+  /* "lunidea.ch", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "lunidea.com", true */ 'l', 'u', 'n', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "lunight.ml", true */ 'l', 'u', 'n', 'i', 'g', 'h', 't', '.', 'm', 'l', '\0',
+  /* "lunis.net", true */ 'l', 'u', 'n', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "lunix.io", true */ 'l', 'u', 'n', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "lunorian.is", true */ 'l', 'u', 'n', 'o', 'r', 'i', 'a', 'n', '.', 'i', 's', '\0',
+  /* "luoe.me", true */ 'l', 'u', 'o', 'e', '.', 'm', 'e', '\0',
+  /* "luoh.cc", true */ 'l', 'u', 'o', 'h', '.', 'c', 'c', '\0',
+  /* "luoh.me", true */ 'l', 'u', 'o', 'h', '.', 'm', 'e', '\0',
+  /* "luohua.im", true */ 'l', 'u', 'o', 'h', 'u', 'a', '.', 'i', 'm', '\0',
+  /* "luolikong.vip", true */ 'l', 'u', 'o', 'l', 'i', 'k', 'o', 'n', 'g', '.', 'v', 'i', 'p', '\0',
+  /* "luongvu.com", true */ 'l', 'u', 'o', 'n', 'g', 'v', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "lupinencyclopedia.com", true */ 'l', 'u', 'p', 'i', 'n', 'e', 'n', 'c', 'y', 'c', 'l', 'o', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luso-livros.net", true */ 'l', 'u', 's', 'o', '-', 'l', 'i', 'v', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "lusteniny.cz", false */ 'l', 'u', 's', 't', 'e', 'n', 'i', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "lustige-zitate.com", true */ 'l', 'u', 's', 't', 'i', 'g', 'e', '-', 'z', 'i', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lustin.fr", true */ 'l', 'u', 's', 't', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "lustrum.ch", true */ 'l', 'u', 's', 't', 'r', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "lusynth.com", true */ 'l', 'u', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "lutizi.com", false */ 'l', 'u', 't', 'i', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "lutoma.org", true */ 'l', 'u', 't', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "luukdebruincv.nl", true */ 'l', 'u', 'u', 'k', 'd', 'e', 'b', 'r', 'u', 'i', 'n', 'c', 'v', '.', 'n', 'l', '\0',
+  /* "luukklene.nl", true */ 'l', 'u', 'u', 'k', 'k', 'l', 'e', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "luuppi.fi", true */ 'l', 'u', 'u', 'p', 'p', 'i', '.', 'f', 'i', '\0',
+  /* "luvare.com", true */ 'l', 'u', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "luvbridal.com.au", true */ 'l', 'u', 'v', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "luxcraft.eng.br", true */ 'l', 'u', 'x', 'c', 'r', 'a', 'f', 't', '.', 'e', 'n', 'g', '.', 'b', 'r', '\0',
+  /* "luxe-it.co.uk", true */ 'l', 'u', 'x', 'e', '-', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "luxescreenprotector.nl", true */ 'l', 'u', 'x', 'e', 's', 'c', 'r', 'e', 'e', 'n', 'p', 'r', 'o', 't', 'e', 'c', 't', 'o', 'r', '.', 'n', 'l', '\0',
+  /* "luxsci.com", true */ 'l', 'u', 'x', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "luxuryweddingsindonesia.com", true */ 'l', 'u', 'x', 'u', 'r', 'y', 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "luxusnivoucher.cz", true */ 'l', 'u', 'x', 'u', 's', 'n', 'i', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "luxusnyvoucher.sk", true */ 'l', 'u', 'x', 'u', 's', 'n', 'y', 'v', 'o', 'u', 'c', 'h', 'e', 'r', '.', 's', 'k', '\0',
+  /* "luxvacuos.net", true */ 'l', 'u', 'x', 'v', 'a', 'c', 'u', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "luxwatch.com", true */ 'l', 'u', 'x', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "luzat.com", true */ 'l', 'u', 'z', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "lv.search.yahoo.com", false */ 'l', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "lv0.it", true */ 'l', 'v', '0', '.', 'i', 't', '\0',
+  /* "lv5.top", true */ 'l', 'v', '5', '.', 't', 'o', 'p', '\0',
+  /* "lvrsystems.com", true */ 'l', 'v', 'r', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lwl.moe", true */ 'l', 'w', 'l', '.', 'm', 'o', 'e', '\0',
+  /* "lwl12.com", true */ 'l', 'w', 'l', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "lycee-saintjoseph-mesnieres.fr", true */ 'l', 'y', 'c', 'e', 'e', '-', 's', 'a', 'i', 'n', 't', 'j', 'o', 's', 'e', 'p', 'h', '-', 'm', 'e', 's', 'n', 'i', 'e', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "lydudlejning.net", true */ 'l', 'y', 'd', 'u', 'd', 'l', 'e', 'j', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "lyfbits.com", true */ 'l', 'y', 'f', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lylares.com", true */ 'l', 'y', 'l', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynero.dk", true */ 'l', 'y', 'n', 'e', 'r', 'o', '.', 'd', 'k', '\0',
+  /* "lyness.io", true */ 'l', 'y', 'n', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "lyngvaer.no", true */ 'l', 'y', 'n', 'g', 'v', 'a', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "lynkos.com", true */ 'l', 'y', 'n', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynnlaytonnissanparts.com", true */ 'l', 'y', 'n', 'n', 'l', 'a', 'y', 't', 'o', 'n', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "lynnmosher.com", true */ 'l', 'y', 'n', 'n', 'm', 'o', 's', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "lynthium.com", true */ 'l', 'y', 'n', 't', 'h', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "lynx.nl", true */ 'l', 'y', 'n', 'x', '.', 'n', 'l', '\0',
+  /* "lynxbroker.de", true */ 'l', 'y', 'n', 'x', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "lynxpro.nl", true */ 'l', 'y', 'n', 'x', 'p', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "lyon-interactive.com", true */ 'l', 'y', 'o', 'n', '-', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lyon-synergie.com", true */ 'l', 'y', 'o', 'n', '-', 's', 'y', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "lyoness.digital", true */ 'l', 'y', 'o', 'n', 'e', 's', 's', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "lyonl.com", true */ 'l', 'y', 'o', 'n', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "lyricfm.ie", true */ 'l', 'y', 'r', 'i', 'c', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "lys.ch", true */ 'l', 'y', 's', '.', 'c', 'h', '\0',
+  /* "lysergion.com", true */ 'l', 'y', 's', 'e', 'r', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "lyst.co.uk", true */ 'l', 'y', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "lyx.dk", true */ 'l', 'y', 'x', '.', 'd', 'k', '\0',
+  /* "lz.sb", true */ 'l', 'z', '.', 's', 'b', '\0',
+  /* "m-22.com", true */ 'm', '-', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "m-edmondson.co.uk", true */ 'm', '-', 'e', 'd', 'm', 'o', 'n', 'd', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "m-generator.com", true */ 'm', '-', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "m-idea.jp", true */ 'm', '-', 'i', 'd', 'e', 'a', '.', 'j', 'p', '\0',
+  /* "m-kleinert.de", false */ 'm', '-', 'k', 'l', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "m-mail.fr", true */ 'm', '-', 'm', 'a', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "m-orthodontic.com", true */ 'm', '-', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "m-plan.com", true */ 'm', '-', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "m-ses.fr", true */ 'm', '-', 's', 'e', 's', '.', 'f', 'r', '\0',
+  /* "m.facebook.com", true */ 'm', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "m.mail.ru", true */ 'm', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "m.me", true */ 'm', '.', 'm', 'e', '\0',
+  /* "m0t0k1ch1.com", true */ 'm', '0', 't', '0', 'k', '1', 'c', 'h', '1', '.', 'c', 'o', 'm', '\0',
+  /* "m132.eu", true */ 'm', '1', '3', '2', '.', 'e', 'u', '\0',
+  /* "m2epro.com", true */ 'm', '2', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "m2os.com", true */ 'm', '2', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "m4rcus.de", true */ 'm', '4', 'r', 'c', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ma-eir.nl", true */ 'm', 'a', '-', 'e', 'i', 'r', '.', 'n', 'l', '\0',
+  /* "ma-plancha.ch", true */ 'm', 'a', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "ma2t.com", true */ 'm', 'a', '2', 't', '.', 'c', 'o', 'm', '\0',
+  /* "maartenderaedemaeker.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'd', 'e', 'r', 'a', 'e', 'd', 'e', 'm', 'a', 'e', 'k', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "maartenprovo.be", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'p', 'r', 'o', 'v', 'o', '.', 'b', 'e', '\0',
+  /* "maartenvandekamp.nl", true */ 'm', 'a', 'a', 'r', 't', 'e', 'n', 'v', 'a', 'n', 'd', 'e', 'k', 'a', 'm', 'p', '.', 'n', 'l', '\0',
+  /* "maaya.jp", true */ 'm', 'a', 'a', 'y', 'a', '.', 'j', 'p', '\0',
+  /* "mabankonline.com", true */ 'm', 'a', 'b', 'a', 'n', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mabulledu.net", true */ 'm', 'a', 'b', 'u', 'l', 'l', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "mac-i-tea.ch", true */ 'm', 'a', 'c', '-', 'i', '-', 't', 'e', 'a', '.', 'c', 'h', '\0',
+  /* "mac-world.pl", true */ 'm', 'a', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'p', 'l', '\0',
+  /* "mac1.net", true */ 'm', 'a', 'c', '1', '.', 'n', 'e', 't', '\0',
+  /* "macandtonic.com", true */ 'm', 'a', 'c', 'a', 'n', 'd', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "macaque.io", false */ 'm', 'a', 'c', 'a', 'q', 'u', 'e', '.', 'i', 'o', '\0',
+  /* "macaw.nl", true */ 'm', 'a', 'c', 'a', 'w', '.', 'n', 'l', '\0',
+  /* "macaws.org", true */ 'm', 'a', 'c', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "maceinturecuir.com", true */ 'm', 'a', 'c', 'e', 'i', 'n', 't', 'u', 'r', 'e', 'c', 'u', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maces-net.de", true */ 'm', 'a', 'c', 'e', 's', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "mach-politik.ch", true */ 'm', 'a', 'c', 'h', '-', 'p', 'o', 'l', 'i', 't', 'i', 'k', '.', 'c', 'h', '\0',
+  /* "macha.cloud", true */ 'm', 'a', 'c', 'h', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "machbach.com", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "machbach.net", true */ 'm', 'a', 'c', 'h', 'b', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "machetewp.com", true */ 'm', 'a', 'c', 'h', 'e', 't', 'e', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "machikka.com", false */ 'm', 'a', 'c', 'h', 'i', 'k', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "machineryhouse.com.au", false */ 'm', 'a', 'c', 'h', 'i', 'n', 'e', 'r', 'y', 'h', 'o', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "macht-elektro.de", true */ 'm', 'a', 'c', 'h', 't', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "machtweb.de", true */ 'm', 'a', 'c', 'h', 't', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "maciespartyhire.co.uk", true */ 'm', 'a', 'c', 'i', 'e', 's', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "macker.io", true */ 'm', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "mackey7.net", true */ 'm', 'a', 'c', 'k', 'e', 'y', '7', '.', 'n', 'e', 't', '\0',
+  /* "maclemon.at", true */ 'm', 'a', 'c', 'l', 'e', 'm', 'o', 'n', '.', 'a', 't', '\0',
+  /* "macleod.io", true */ 'm', 'a', 'c', 'l', 'e', 'o', 'd', '.', 'i', 'o', '\0',
+  /* "macnemo.de", true */ 'm', 'a', 'c', 'n', 'e', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "macnetwork.eu", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "macnetwork.fr", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0',
+  /* "macnetwork.net", true */ 'm', 'a', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "maco.org.uk", true */ 'm', 'a', 'c', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "maconnerie-dcs.ch", true */ 'm', 'a', 'c', 'o', 'n', 'n', 'e', 'r', 'i', 'e', '-', 'd', 'c', 's', '.', 'c', 'h', '\0',
+  /* "macosxfilerecovery.com", true */ 'm', 'a', 'c', 'o', 's', 'x', 'f', 'i', 'l', 'e', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "macoun.de", true */ 'm', 'a', 'c', 'o', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "macstore.pe", true */ 'm', 'a', 'c', 's', 't', 'o', 'r', 'e', '.', 'p', 'e', '\0',
+  /* "mactools.com.co", true */ 'm', 'a', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "madae.nl", true */ 'm', 'a', 'd', 'a', 'e', '.', 'n', 'l', '\0',
+  /* "madbin.com", true */ 'm', 'a', 'd', 'b', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "madbouncycastles.co.uk", true */ 'm', 'a', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "madcatdesign.de", true */ 'm', 'a', 'd', 'c', 'a', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "maddi.biz", true */ 'm', 'a', 'd', 'd', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "made-in-earth.co.jp", true */ 'm', 'a', 'd', 'e', '-', 'i', 'n', '-', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "madebyshore.com", true */ 'm', 'a', 'd', 'e', 'b', 'y', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "madeglobal.com", true */ 'm', 'a', 'd', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "madeinchezmoi.net", true */ 'm', 'a', 'd', 'e', 'i', 'n', 'c', 'h', 'e', 'z', 'm', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "madeinstudio3.com", true */ 'm', 'a', 'd', 'e', 'i', 'n', 's', 't', 'u', 'd', 'i', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "madeitwor.se", true */ 'm', 'a', 'd', 'e', 'i', 't', 'w', 'o', 'r', '.', 's', 'e', '\0',
+  /* "mademoiselledemargaux.com", true */ 'm', 'a', 'd', 'e', 'm', 'o', 'i', 's', 'e', 'l', 'l', 'e', 'd', 'e', 'm', 'a', 'r', 'g', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "mader.jp", true */ 'm', 'a', 'd', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "madesurveying.co.uk", true */ 'm', 'a', 'd', 'e', 's', 'u', 'r', 'v', 'e', 'y', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "madin.ru", true */ 'm', 'a', 'd', 'i', 'n', '.', 'r', 'u', '\0',
+  /* "madirc.net", true */ 'm', 'a', 'd', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "madmar.ee", true */ 'm', 'a', 'd', 'm', 'a', 'r', '.', 'e', 'e', '\0',
+  /* "madnetwork.org", true */ 'm', 'a', 'd', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "madoka.nu", true */ 'm', 'a', 'd', 'o', 'k', 'a', '.', 'n', 'u', '\0',
+  /* "madokami.net", true */ 'm', 'a', 'd', 'o', 'k', 'a', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "madrants.net", true */ 'm', 'a', 'd', 'r', 'a', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "madreacqua.org", true */ 'm', 'a', 'd', 'r', 'e', 'a', 'c', 'q', 'u', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "madtec.de", true */ 'm', 'a', 'd', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "mae-berlinistanbul.com", true */ 'm', 'a', 'e', '-', 'b', 'e', 'r', 'l', 'i', 'n', 'i', 's', 't', 'a', 'n', 'b', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maedchenflohmarkt.at", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'a', 't', '\0',
+  /* "maedchenflohmarkt.de", true */ 'm', 'a', 'e', 'd', 'c', 'h', 'e', 'n', 'f', 'l', 'o', 'h', 'm', 'a', 'r', 'k', 't', '.', 'd', 'e', '\0',
+  /* "maelstrom.ninja", true */ 'm', 'a', 'e', 'l', 's', 't', 'r', 'o', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "maeplasticsurgery.com", true */ 'm', 'a', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maestrano.com", true */ 'm', 'a', 'e', 's', 't', 'r', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maff.co.uk", true */ 'm', 'a', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "maff.scot", false */ 'm', 'a', 'f', 'f', '.', 's', 'c', 'o', 't', '\0',
+  /* "mafia.network", true */ 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "mafiaforum.de", true */ 'm', 'a', 'f', 'i', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "mafiapenguin.club", true */ 'm', 'a', 'f', 'i', 'a', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mafiasi.de", true */ 'm', 'a', 'f', 'i', 'a', 's', 'i', '.', 'd', 'e', '\0',
+  /* "magasindejouets.com", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 'd', 'e', 'j', 'o', 'u', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "magasinsalledebain.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'b', 'e', '\0',
+  /* "magasinsalledebain.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "magasinsalledebains.be", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'b', 'e', '\0',
+  /* "magasinsalledebains.fr", true */ 'm', 'a', 'g', 'a', 's', 'i', 'n', 's', 'a', 'l', 'l', 'e', 'd', 'e', 'b', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "magazinedabeleza.net", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'n', 'e', 't', '\0',
+  /* "magazinedotreino.com.br", true */ 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', 'd', 'o', 't', 'r', 'e', 'i', 'n', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "magdic.eu", true */ 'm', 'a', 'g', 'd', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "magebankin.com", true */ 'm', 'a', 'g', 'e', 'b', 'a', 'n', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "magenbrot.net", false */ 'm', 'a', 'g', 'e', 'n', 'b', 'r', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "magenda.sk", true */ 'm', 'a', 'g', 'e', 'n', 'd', 'a', '.', 's', 'k', '\0',
+  /* "magentaize.net", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "magentapinkinteriors.co.uk", true */ 'm', 'a', 'g', 'e', 'n', 't', 'a', 'p', 'i', 'n', 'k', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magi.systems", true */ 'm', 'a', 'g', 'i', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "magicball.co", true */ 'm', 'a', 'g', 'i', 'c', 'b', 'a', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "magicdaysomagh.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'd', 'a', 'y', 's', 'o', 'm', 'a', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magickmoments.co.uk", true */ 'm', 'a', 'g', 'i', 'c', 'k', 'm', 'o', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "magiclen.org", true */ 'm', 'a', 'g', 'i', 'c', 'l', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "magicspaceninjapirates.de", true */ 'm', 'a', 'g', 'i', 'c', 's', 'p', 'a', 'c', 'e', 'n', 'i', 'n', 'j', 'a', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "magictable.com", true */ 'm', 'a', 'g', 'i', 'c', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "magilio.com", true */ 'm', 'a', 'g', 'i', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "magnatronic.com.br", true */ 'm', 'a', 'g', 'n', 'a', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "magneticattraction.com.au", true */ 'm', 'a', 'g', 'n', 'e', 't', 'i', 'c', 'a', 't', 't', 'r', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "magnets.jp", true */ 'm', 'a', 'g', 'n', 'e', 't', 's', '.', 'j', 'p', '\0',
+  /* "magnettracker.com", true */ 'm', 'a', 'g', 'n', 'e', 't', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "magnificentdata.com", true */ 'm', 'a', 'g', 'n', 'i', 'f', 'i', 'c', 'e', 'n', 't', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "magnoliadoulas.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 'd', 'o', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "magnoliastrong.com", true */ 'm', 'a', 'g', 'n', 'o', 'l', 'i', 'a', 's', 't', 'r', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "magwin.co.uk", true */ 'm', 'a', 'g', 'w', 'i', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mahai.me", true */ 'm', 'a', 'h', 'a', 'i', '.', 'm', 'e', '\0',
+  /* "mahansexcavating.com", true */ 'm', 'a', 'h', 'a', 'n', 's', 'e', 'x', 'c', 'a', 'v', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mahatmayoga.org", true */ 'm', 'a', 'h', 'a', 't', 'm', 'a', 'y', 'o', 'g', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mahefa.co.uk", true */ 'm', 'a', 'h', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mahjong.org", true */ 'm', 'a', 'h', 'j', 'o', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "mahrer.net", true */ 'm', 'a', 'h', 'r', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "maiaimobiliare.ro", true */ 'm', 'a', 'i', 'a', 'i', 'm', 'o', 'b', 'i', 'l', 'i', 'a', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "maiebanatulfruncea.com", true */ 'm', 'a', 'i', 'e', 'b', 'a', 'n', 'a', 't', 'u', 'l', 'f', 'r', 'u', 'n', 'c', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mail-rotter.de", true */ 'm', 'a', 'i', 'l', '-', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mail-settings.google.com", true */ 'm', 'a', 'i', 'l', '-', 's', 'e', 't', 't', 'i', 'n', 'g', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mail.com", true */ 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mail.de", true */ 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "mail.google.com", true */ 'm', 'a', 'i', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mail.yahoo.com", false */ 'm', 'a', 'i', 'l', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mail4geek.com", true */ 'm', 'a', 'i', 'l', '4', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mail4you.in", true */ 'm', 'a', 'i', 'l', '4', 'y', 'o', 'u', '.', 'i', 'n', '\0',
+  /* "mailbox.mg", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'm', 'g', '\0',
+  /* "mailbox.org", true */ 'm', 'a', 'i', 'l', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "mailer-dot.de", true */ 'm', 'a', 'i', 'l', 'e', 'r', '-', 'd', 'o', 't', '.', 'd', 'e', '\0',
+  /* "mailfence.com", true */ 'm', 'a', 'i', 'l', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mailflank.com", true */ 'm', 'a', 'i', 'l', 'f', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mailinabox.email", true */ 'm', 'a', 'i', 'l', 'i', 'n', 'a', 'b', 'o', 'x', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "mailjet.tech", true */ 'm', 'a', 'i', 'l', 'j', 'e', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "maillady-susume.com", true */ 'm', 'a', 'i', 'l', 'l', 'a', 'd', 'y', '-', 's', 'u', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mailmag.net", true */ 'm', 'a', 'i', 'l', 'm', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "mailpenny.com", true */ 'm', 'a', 'i', 'l', 'p', 'e', 'n', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mailto.space", true */ 'm', 'a', 'i', 'l', 't', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "main-unit.com", true */ 'm', 'a', 'i', 'n', '-', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mainechiro.com", true */ 'm', 'a', 'i', 'n', 'e', 'c', 'h', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mainframeserver.space", true */ 'm', 'a', 'i', 'n', 'f', 'r', 'a', 'm', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mainlined.org", true */ 'm', 'a', 'i', 'n', 'l', 'i', 'n', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "mainston.com", true */ 'm', 'a', 'i', 'n', 's', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mainzelmaennchen.net", true */ 'm', 'a', 'i', 'n', 'z', 'e', 'l', 'm', 'a', 'e', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "maisgasolina.com", true */ 'm', 'a', 'i', 's', 'g', 'a', 's', 'o', 'l', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maispa.com", true */ 'm', 'a', 'i', 's', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maisretorno.com", true */ 'm', 'a', 'i', 's', 'r', 'e', 't', 'o', 'r', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maisvitaminas.com.br", true */ 'm', 'a', 'i', 's', 'v', 'i', 't', 'a', 'm', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "maitrechaton.fr", true */ 'm', 'a', 'i', 't', 'r', 'e', 'c', 'h', 'a', 't', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "maitrise-orthopedique.com", true */ 'm', 'a', 'i', 't', 'r', 'i', 's', 'e', '-', 'o', 'r', 't', 'h', 'o', 'p', 'e', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "majahoidja.ee", true */ 'm', 'a', 'j', 'a', 'h', 'o', 'i', 'd', 'j', 'a', '.', 'e', 'e', '\0',
+  /* "majaweb.cz", true */ 'm', 'a', 'j', 'a', 'w', 'e', 'b', '.', 'c', 'z', '\0',
+  /* "majemedia.com", true */ 'm', 'a', 'j', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "majid.info", true */ 'm', 'a', 'j', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "majkyto.cz", true */ 'm', 'a', 'j', 'k', 'y', 't', 'o', '.', 'c', 'z', '\0',
+  /* "makaleci.com", true */ 'm', 'a', 'k', 'a', 'l', 'e', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "makeaboldmove.com", true */ 'm', 'a', 'k', 'e', 'a', 'b', 'o', 'l', 'd', 'm', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "makedin.net", true */ 'm', 'a', 'k', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "makeit-so.de", false */ 'm', 'a', 'k', 'e', 'i', 't', '-', 's', 'o', '.', 'd', 'e', '\0',
+  /* "makem-bounce.co.uk", true */ 'm', 'a', 'k', 'e', 'm', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "makemejob.com", true */ 'm', 'a', 'k', 'e', 'm', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "makenaiyo-fx.com", true */ 'm', 'a', 'k', 'e', 'n', 'a', 'i', 'y', 'o', '-', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "makeuplove.nl", true */ 'm', 'a', 'k', 'e', 'u', 'p', 'l', 'o', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "makeyourlaws.org", true */ 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "makinen.ru", true */ 'm', 'a', 'k', 'i', 'n', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "makino.games", true */ 'm', 'a', 'k', 'i', 'n', 'o', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "makkusu.photo", true */ 'm', 'a', 'k', 'k', 'u', 's', 'u', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "makowitz.cz", true */ 'm', 'a', 'k', 'o', 'w', 'i', 't', 'z', '.', 'c', 'z', '\0',
+  /* "maktoob.search.yahoo.com", false */ 'm', 'a', 'k', 't', 'o', 'o', 'b', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maku.edu.tr", true */ 'm', 'a', 'k', 'u', '.', 'e', 'd', 'u', '.', 't', 'r', '\0',
+  /* "malachiteauth.com", true */ 'm', 'a', 'l', 'a', 'c', 'h', 'i', 't', 'e', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "malamutedoalasca.com.br", true */ 'm', 'a', 'l', 'a', 'm', 'u', 't', 'e', 'd', 'o', 'a', 'l', 'a', 's', 'c', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "malash.me", true */ 'm', 'a', 'l', 'a', 's', 'h', '.', 'm', 'e', '\0',
+  /* "malasuk.com", true */ 'm', 'a', 'l', 'a', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "malaysia.search.yahoo.com", false */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "malaysian.dating", true */ 'm', 'a', 'l', 'a', 'y', 's', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "maldives.cx", true */ 'm', 'a', 'l', 'd', 'i', 'v', 'e', 's', '.', 'c', 'x', '\0',
+  /* "malenyflorist.com.au", true */ 'm', 'a', 'l', 'e', 'n', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "maliar.fr", true */ 'm', 'a', 'l', 'i', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "malibuelectrical.com", true */ 'm', 'a', 'l', 'i', 'b', 'u', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "malik.id", true */ 'm', 'a', 'l', 'i', 'k', '.', 'i', 'd', '\0',
+  /* "malikussa.id", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', '.', 'i', 'd', '\0',
+  /* "malikussaid.com", true */ 'm', 'a', 'l', 'i', 'k', 'u', 's', 's', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "malinator.net", false */ 'm', 'a', 'l', 'i', 'n', 'a', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "malinheadview.ie", true */ 'm', 'a', 'l', 'i', 'n', 'h', 'e', 'a', 'd', 'v', 'i', 'e', 'w', '.', 'i', 'e', '\0',
+  /* "maliskovik.si", true */ 'm', 'a', 'l', 'i', 's', 'k', 'o', 'v', 'i', 'k', '.', 's', 'i', '\0',
+  /* "maljaars-fotografie.nl", true */ 'm', 'a', 'l', 'j', 'a', 'a', 'r', 's', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "malkaso.com.ua", true */ 'm', 'a', 'l', 'k', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "mall.cz", true */ 'm', 'a', 'l', 'l', '.', 'c', 'z', '\0',
+  /* "mall.hr", true */ 'm', 'a', 'l', 'l', '.', 'h', 'r', '\0',
+  /* "mall.hu", true */ 'm', 'a', 'l', 'l', '.', 'h', 'u', '\0',
+  /* "mall.pl", true */ 'm', 'a', 'l', 'l', '.', 'p', 'l', '\0',
+  /* "mall.sk", true */ 'm', 'a', 'l', 'l', '.', 's', 'k', '\0',
+  /* "mallach.net", true */ 'm', 'a', 'l', 'l', 'a', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "mallhonda.com", true */ 'm', 'a', 'l', 'l', 'h', 'o', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mallner.me", true */ 'm', 'a', 'l', 'l', 'n', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mallonline.com.br", true */ 'm', 'a', 'l', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "malmoesport.se", true */ 'm', 'a', 'l', 'm', 'o', 'e', 's', 'p', 'o', 'r', 't', '.', 's', 'e', '\0',
+  /* "malnex.de", true */ 'm', 'a', 'l', 'n', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "malta-firma.com", true */ 'm', 'a', 'l', 't', 'a', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "malte-kiefer.de", true */ 'm', 'a', 'l', 't', 'e', '-', 'k', 'i', 'e', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "malvy.kiev.ua", true */ 'm', 'a', 'l', 'v', 'y', '.', 'k', 'i', 'e', 'v', '.', 'u', 'a', '\0',
+  /* "malware.watch", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "malwarekillers.com", true */ 'm', 'a', 'l', 'w', 'a', 'r', 'e', 'k', 'i', 'l', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maly.cz", true */ 'm', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "maly.io", true */ 'm', 'a', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "malyshata.com", true */ 'm', 'a', 'l', 'y', 's', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "malysvet.net", true */ 'm', 'a', 'l', 'y', 's', 'v', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "mamacobaby.com", true */ 'm', 'a', 'm', 'a', 'c', 'o', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mamadea.be", true */ 'm', 'a', 'm', 'a', 'd', 'e', 'a', '.', 'b', 'e', '\0',
+  /* "mamadoma.com.ua", true */ 'm', 'a', 'm', 'a', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "mamanecesitaungintonic.com", true */ 'm', 'a', 'm', 'a', 'n', 'e', 'c', 'e', 's', 'i', 't', 'a', 'u', 'n', 'g', 'i', 'n', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mamastore.eu", true */ 'm', 'a', 'm', 'a', 's', 't', 'o', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "mamiecouscous.com", true */ 'm', 'a', 'm', 'i', 'e', 'c', 'o', 'u', 's', 'c', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mammals.net", true */ 'm', 'a', 'm', 'm', 'a', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "mammaw.com", true */ 'm', 'a', 'm', 'm', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mammeitalianeavienna.com", true */ 'm', 'a', 'm', 'm', 'e', 'i', 't', 'a', 'l', 'i', 'a', 'n', 'e', 'a', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mammooc.org", true */ 'm', 'a', 'm', 'm', 'o', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mamospienas.lt", true */ 'm', 'a', 'm', 'o', 's', 'p', 'i', 'e', 'n', 'a', 's', '.', 'l', 't', '\0',
+  /* "mamot.fr", false */ 'm', 'a', 'm', 'o', 't', '.', 'f', 'r', '\0',
+  /* "mamout.xyz", true */ 'm', 'a', 'm', 'o', 'u', 't', '.', 'x', 'y', 'z', '\0',
+  /* "man3s.jp", true */ 'm', 'a', 'n', '3', 's', '.', 'j', 'p', '\0',
+  /* "manage.cm", true */ 'm', 'a', 'n', 'a', 'g', 'e', '.', 'c', 'm', '\0',
+  /* "manage4all.de", true */ 'm', 'a', 'n', 'a', 'g', 'e', '4', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "management-companie.ro", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "management-ethics.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "managementboek.nl", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'b', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "managementfeedback.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', 'f', 'e', 'e', 'd', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "manageprojects.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manager-efficacement.com", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '-', 'e', 'f', 'f', 'i', 'c', 'a', 'c', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "manager.linode.com", false */ 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "managewp.org", true */ 'm', 'a', 'n', 'a', 'g', 'e', 'w', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "manalu.cz", true */ 'm', 'a', 'n', 'a', 'l', 'u', '.', 'c', 'z', '\0',
+  /* "manatees.net", true */ 'm', 'a', 'n', 'a', 't', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "manav-it.de", true */ 'm', 'a', 'n', 'a', 'v', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "manavgabhawala.com", true */ 'm', 'a', 'n', 'a', 'v', 'g', 'a', 'b', 'h', 'a', 'w', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manawill.jp", true */ 'm', 'a', 'n', 'a', 'w', 'i', 'l', 'l', '.', 'j', 'p', '\0',
+  /* "mandala-ausmalbilder.de", true */ 'm', 'a', 'n', 'd', 'a', 'l', 'a', '-', 'a', 'u', 's', 'm', 'a', 'l', 'b', 'i', 'l', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mandcbouncycastlehire.co.uk", true */ 'm', 'a', 'n', 'd', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mandm.servebeer.com", true */ 'm', 'a', 'n', 'd', 'm', '.', 's', 'e', 'r', 'v', 'e', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "manesht.ir", true */ 'm', 'a', 'n', 'e', 's', 'h', 't', '.', 'i', 'r', '\0',
+  /* "manfredgruber.net", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "manfredimatteo.com", true */ 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', 'm', 'a', 't', 't', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mangaristica.com", true */ 'm', 'a', 'n', 'g', 'a', 'r', 'i', 's', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manhattanchoralensemble.org", true */ 'm', 'a', 'n', 'h', 'a', 't', 't', 'a', 'n', 'c', 'h', 'o', 'r', 'a', 'l', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "manhole.club", true */ 'm', 'a', 'n', 'h', 'o', 'l', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "manicbouncycastles.co.uk", true */ 'm', 'a', 'n', 'i', 'c', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "manicode.com", true */ 'm', 'a', 'n', 'i', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maniorpedi.com", true */ 'm', 'a', 'n', 'i', 'o', 'r', 'p', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "maniosglass.gr", true */ 'm', 'a', 'n', 'i', 'o', 's', 'g', 'l', 'a', 's', 's', '.', 'g', 'r', '\0',
+  /* "manipil.ch", true */ 'm', 'a', 'n', 'i', 'p', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "manja-und-martin.de", true */ 'm', 'a', 'n', 'j', 'a', '-', 'u', 'n', 'd', '-', 'm', 'a', 'r', 't', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "manjaro.ru", true */ 'm', 'a', 'n', 'j', 'a', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "mankans.com", true */ 'm', 'a', 'n', 'k', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manneguiden.no", true */ 'm', 'a', 'n', 'n', 'e', 'g', 'u', 'i', 'd', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "mannford.com", true */ 'm', 'a', 'n', 'n', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mannheimbloggt.tk", true */ 'm', 'a', 'n', 'n', 'h', 'e', 'i', 'm', 'b', 'l', 'o', 'g', 'g', 't', '.', 't', 'k', '\0',
+  /* "manns-solutions.co.uk", true */ 'm', 'a', 'n', 'n', 's', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mannschafft.ch", true */ 'm', 'a', 'n', 'n', 's', 'c', 'h', 'a', 'f', 'f', 't', '.', 'c', 'h', '\0',
+  /* "manoirdecontres.com", true */ 'm', 'a', 'n', 'o', 'i', 'r', 'd', 'e', 'c', 'o', 'n', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "manojsharan.me", true */ 'm', 'a', 'n', 'o', 'j', 's', 'h', 'a', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "manova.cz", true */ 'm', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "manowarus.com", true */ 'm', 'a', 'n', 'o', 'w', 'a', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mansdell.net", true */ 'm', 'a', 'n', 's', 'd', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "mantor.org", false */ 'm', 'a', 'n', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "manualscollection.com", true */ 'm', 'a', 'n', 'u', 'a', 'l', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "manuel-herrmann.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 'h', 'e', 'r', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "manuel-schefczyk.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "manueldopheide.com", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'd', 'o', 'p', 'h', 'e', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "manueli.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "manuelrueger.de", true */ 'm', 'a', 'n', 'u', 'e', 'l', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "manufacturing.gov", true */ 'm', 'a', 'n', 'u', 'f', 'a', 'c', 't', 'u', 'r', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "manuscript.com", true */ 'm', 'a', 'n', 'u', 's', 'c', 'r', 'i', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "manutd.org.np", true */ 'm', 'a', 'n', 'u', 't', 'd', '.', 'o', 'r', 'g', '.', 'n', 'p', '\0',
+  /* "manuth.life", true */ 'm', 'a', 'n', 'u', 't', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "manutrol.com.br", true */ 'm', 'a', 'n', 'u', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "manwithavan.co.uk", true */ 'm', 'a', 'n', 'w', 'i', 't', 'h', 'a', 'v', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "manyetikboya.com", true */ 'm', 'a', 'n', 'y', 'e', 't', 'i', 'k', 'b', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "manyiu.com", true */ 'm', 'a', 'n', 'y', 'i', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "manyue.org", true */ 'm', 'a', 'n', 'y', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "maomihz.com", true */ 'm', 'a', 'o', 'm', 'i', 'h', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "maone.net", true */ 'm', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "maorseo.com", true */ 'm', 'a', 'o', 'r', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maosensanguentadasdejesus.net", true */ 'm', 'a', 'o', 's', 'e', 'n', 's', 'a', 'n', 'g', 'u', 'e', 'n', 't', 'a', 'd', 'a', 's', 'd', 'e', 'j', 'e', 's', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "maowtm.org", true */ 'm', 'a', 'o', 'w', 't', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "maozedong.red", true */ 'm', 'a', 'o', 'z', 'e', 'd', 'o', 'n', 'g', '.', 'r', 'e', 'd', '\0',
+  /* "map4erfurt.de", true */ 'm', 'a', 'p', '4', 'e', 'r', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "map4jena.de", true */ 'm', 'a', 'p', '4', 'j', 'e', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "mapasmundi.com.br", true */ 'm', 'a', 'p', 'a', 's', 'm', 'u', 'n', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mapblender.com", true */ 'm', 'a', 'p', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maplanetebeaute.fr", true */ 'm', 'a', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'b', 'e', 'a', 'u', 't', 'e', '.', 'f', 'r', '\0',
+  /* "maplenorth.co", true */ 'm', 'a', 'p', 'l', 'e', 'n', 'o', 'r', 't', 'h', '.', 'c', 'o', '\0',
+  /* "mapletime.com", true */ 'm', 'a', 'p', 'l', 'e', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maquettage.com", true */ 'm', 'a', 'q', 'u', 'e', 't', 't', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maquillage-permanent-tatoo.com", true */ 'm', 'a', 'q', 'u', 'i', 'l', 'l', 'a', 'g', 'e', '-', 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 't', '-', 't', 'a', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "maquinariaspesadas.org", true */ 'm', 'a', 'q', 'u', 'i', 'n', 'a', 'r', 'i', 'a', 's', 'p', 'e', 's', 'a', 'd', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "marabumadrid.com", false */ 'm', 'a', 'r', 'a', 'b', 'u', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marakovits.net", true */ 'm', 'a', 'r', 'a', 'k', 'o', 'v', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "marble.com", true */ 'm', 'a', 'r', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "marbogardenlidkoping.se", true */ 'm', 'a', 'r', 'b', 'o', 'g', 'a', 'r', 'd', 'e', 'n', 'l', 'i', 'd', 'k', 'o', 'p', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "marc-schlagenhauf.de", true */ 'm', 'a', 'r', 'c', '-', 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'd', 'e', '\0',
+  /* "marcaudefroy.com", true */ 'm', 'a', 'r', 'c', 'a', 'u', 'd', 'e', 'f', 'r', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "marcbuehlmann.com", true */ 'm', 'a', 'r', 'c', 'b', 'u', 'e', 'h', 'l', 'm', 'a', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcdorka.de", true */ 'm', 'a', 'r', 'c', 'd', 'o', 'r', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "marceau.ovh", true */ 'm', 'a', 'r', 'c', 'e', 'a', 'u', '.', 'o', 'v', 'h', '\0',
+  /* "marcel-preuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', '-', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "marcelinofranchini.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'i', 'n', 'o', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marcelpreuss.de", true */ 'm', 'a', 'r', 'c', 'e', 'l', 'p', 'r', 'e', 'u', 's', 's', '.', 'd', 'e', '\0',
+  /* "marcelsiegert.com", true */ 'm', 'a', 'r', 'c', 'e', 'l', 's', 'i', 'e', 'g', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marcgoertz.de", true */ 'm', 'a', 'r', 'c', 'g', 'o', 'e', 'r', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marche-contre-monsanto.ch", true */ 'm', 'a', 'r', 'c', 'h', 'e', '-', 'c', 'o', 'n', 't', 'r', 'e', '-', 'm', 'o', 'n', 's', 'a', 'n', 't', 'o', '.', 'c', 'h', '\0',
+  /* "marciaimportados.com.br", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'i', 'm', 'p', 'o', 'r', 't', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "marcianoandtopazio.com", true */ 'm', 'a', 'r', 'c', 'i', 'a', 'n', 'o', 'a', 'n', 'd', 't', 'o', 'p', 'a', 'z', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "marco-kretz.de", true */ 'm', 'a', 'r', 'c', 'o', '-', 'k', 'r', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marco-polo-reisen.com", true */ 'm', 'a', 'r', 'c', 'o', '-', 'p', 'o', 'l', 'o', '-', 'r', 'e', 'i', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcocasoni.com", true */ 'm', 'a', 'r', 'c', 'o', 'c', 'a', 's', 'o', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marcohager.de", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "marcoherten.com", true */ 'm', 'a', 'r', 'c', 'o', 'h', 'e', 'r', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marcoslater.com", true */ 'm', 'a', 'r', 'c', 'o', 's', 'l', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "marcuskoh.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 'k', 'o', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "marcusstafford.com", true */ 'm', 'a', 'r', 'c', 'u', 's', 's', 't', 'a', 'f', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marek.su", true */ 'm', 'a', 'r', 'e', 'k', '.', 's', 'u', '\0',
+  /* "mareklecian.cz", true */ 'm', 'a', 'r', 'e', 'k', 'l', 'e', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "margagriesser.de", true */ 'm', 'a', 'r', 'g', 'a', 'g', 'r', 'i', 'e', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "margan.ch", true */ 'm', 'a', 'r', 'g', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "margecommunication.com", true */ 'm', 'a', 'r', 'g', 'e', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "margo-co.ch", true */ 'm', 'a', 'r', 'g', 'o', '-', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "margotlondon.co.uk", true */ 'm', 'a', 'r', 'g', 'o', 't', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mariacristinadoces.com.br", true */ 'm', 'a', 'r', 'i', 'a', 'c', 'r', 'i', 's', 't', 'i', 'n', 'a', 'd', 'o', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mariage-photo.ch", true */ 'm', 'a', 'r', 'i', 'a', 'g', 'e', '-', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "marianatherapy.com", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'a', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "marianhoenscheid.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'h', 'o', 'e', 'n', 's', 'c', 'h', 'e', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "mariannenan.nl", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'n', 'e', 'n', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "marianwehlus.de", true */ 'm', 'a', 'r', 'i', 'a', 'n', 'w', 'e', 'h', 'l', 'u', 's', '.', 'd', 'e', '\0',
+  /* "mariaolesen.dk", true */ 'm', 'a', 'r', 'i', 'a', 'o', 'l', 'e', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "marie.club", true */ 'm', 'a', 'r', 'i', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mariehane.com", true */ 'm', 'a', 'r', 'i', 'e', 'h', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mariemiramont.fr", true */ 'm', 'a', 'r', 'i', 'e', 'm', 'i', 'r', 'a', 'm', 'o', 'n', 't', '.', 'f', 'r', '\0',
+  /* "marikafranke.de", true */ 'm', 'a', 'r', 'i', 'k', 'a', 'f', 'r', 'a', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "marilynmartin.com.au", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "marilynstreats.com", true */ 'm', 'a', 'r', 'i', 'l', 'y', 'n', 's', 't', 'r', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marin-business-center.ch", true */ 'm', 'a', 'r', 'i', 'n', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "marin-tullet.com", true */ 'm', 'a', 'r', 'i', 'n', '-', 't', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marinazarza.es", true */ 'm', 'a', 'r', 'i', 'n', 'a', 'z', 'a', 'r', 'z', 'a', '.', 'e', 's', '\0',
+  /* "marinbusinesscenter.ch", true */ 'm', 'a', 'r', 'i', 'n', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "marine.gov", true */ 'm', 'a', 'r', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "marinekaplama.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 'k', 'a', 'p', 'l', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "marines-shop.com", true */ 'm', 'a', 'r', 'i', 'n', 'e', 's', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mario.party", false */ 'm', 'a', 'r', 'i', 'o', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "marioabela.com", true */ 'm', 'a', 'r', 'i', 'o', 'a', 'b', 'e', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mariogeckler.de", true */ 'm', 'a', 'r', 'i', 'o', 'g', 'e', 'c', 'k', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mariposah.ch", true */ 'm', 'a', 'r', 'i', 'p', 'o', 's', 'a', 'h', '.', 'c', 'h', '\0',
+  /* "marisamorby.com", true */ 'm', 'a', 'r', 'i', 's', 'a', 'm', 'o', 'r', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maritim.go.id", false */ 'm', 'a', 'r', 'i', 't', 'i', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "mariushubatschek.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 'h', 'u', 'b', 'a', 't', 's', 'c', 'h', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "mariusschulte.de", true */ 'm', 'a', 'r', 'i', 'u', 's', 's', 'c', 'h', 'u', 'l', 't', 'e', '.', 'd', 'e', '\0',
+  /* "mariviolin.com", true */ 'm', 'a', 'r', 'i', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "marix.ro", true */ 'm', 'a', 'r', 'i', 'x', '.', 'r', 'o', '\0',
+  /* "marjoleindens.be", true */ 'm', 'a', 'r', 'j', 'o', 'l', 'e', 'i', 'n', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "mark-a-hydrant.com", true */ 'm', 'a', 'r', 'k', '-', 'a', '-', 'h', 'y', 'd', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mark-semmler.de", true */ 'm', 'a', 'r', 'k', '-', 's', 'e', 'm', 'm', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "markepps.com", true */ 'm', 'a', 'r', 'k', 'e', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "market.android.com", true */ 'm', 'a', 'r', 'k', 'e', 't', '.', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "marketgot.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'g', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marketing-advertising.eu", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '-', 'a', 'd', 'v', 'e', 'r', 't', 'i', 's', 'i', 'n', 'g', '.', 'e', 'u', '\0',
+  /* "marketing.limited", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'l', 'i', 'm', 'i', 't', 'e', 'd', '\0',
+  /* "marketingvirtuales.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'v', 'i', 'r', 't', 'u', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marketio.co", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'o', '.', 'c', 'o', '\0',
+  /* "marketizare.ro", true */ 'm', 'a', 'r', 'k', 'e', 't', 'i', 'z', 'a', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "marketnsight.com", true */ 'm', 'a', 'r', 'k', 'e', 't', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "markhaehnel.de", true */ 'm', 'a', 'r', 'k', 'h', 'a', 'e', 'h', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "markido.com", true */ 'm', 'a', 'r', 'k', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "markitzeroday.com", true */ 'm', 'a', 'r', 'k', 'i', 't', 'z', 'e', 'r', 'o', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "markoh.co.uk", true */ 'm', 'a', 'r', 'k', 'o', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "markom.rs", true */ 'm', 'a', 'r', 'k', 'o', 'm', '.', 'r', 's', '\0',
+  /* "markow.io", true */ 'm', 'a', 'r', 'k', 'o', 'w', '.', 'i', 'o', '\0',
+  /* "markprof.ru", true */ 'm', 'a', 'r', 'k', 'p', 'r', 'o', 'f', '.', 'r', 'u', '\0',
+  /* "markrego.com", true */ 'm', 'a', 'r', 'k', 'r', 'e', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "markri.nl", false */ 'm', 'a', 'r', 'k', 'r', 'i', '.', 'n', 'l', '\0',
+  /* "markridgwell.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "markridgwellcom.appspot.com", true */ 'm', 'a', 'r', 'k', 'r', 'i', 'd', 'g', 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "markscastles.co.uk", true */ 'm', 'a', 'r', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "marksouthall.com", true */ 'm', 'a', 'r', 'k', 's', 'o', 'u', 't', 'h', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "markspres.org", true */ 'm', 'a', 'r', 'k', 's', 'p', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "markt-heiligenstadt.de", false */ 'm', 'a', 'r', 'k', 't', '-', 'h', 'e', 'i', 'l', 'i', 'g', 'e', 'n', 's', 't', 'a', 'd', 't', '.', 'd', 'e', '\0',
+  /* "marktcontact.com", true */ 'm', 'a', 'r', 'k', 't', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marktissink.nl", true */ 'm', 'a', 'r', 'k', 't', 'i', 's', 's', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "markup-ua.com", true */ 'm', 'a', 'r', 'k', 'u', 'p', '-', 'u', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "markus-dev.com", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "markus-ullmann.de", true */ 'm', 'a', 'r', 'k', 'u', 's', '-', 'u', 'l', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "markus.design", true */ 'm', 'a', 'r', 'k', 'u', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "markusehrlicher.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'e', 'h', 'r', 'l', 'i', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "markusgran.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'g', 'r', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "markuskeppeler.no-ip.biz", true */ 'm', 'a', 'r', 'k', 'u', 's', 'k', 'e', 'p', 'p', 'e', 'l', 'e', 'r', '.', 'n', 'o', '-', 'i', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "markusueberallassetmanagement.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'a', 's', 's', 'e', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "markusueberallconsulting.de", true */ 'm', 'a', 'r', 'k', 'u', 's', 'u', 'e', 'b', 'e', 'r', 'a', 'l', 'l', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "marl.fr", true */ 'm', 'a', 'r', 'l', '.', 'f', 'r', '\0',
+  /* "marlen.cz", true */ 'm', 'a', 'r', 'l', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "marlonlosurdopictures.com", true */ 'm', 'a', 'r', 'l', 'o', 'n', 'l', 'o', 's', 'u', 'r', 'd', 'o', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marlonschultz.de", true */ 'm', 'a', 'r', 'l', 'o', 'n', 's', 'c', 'h', 'u', 'l', 't', 'z', '.', 'd', 'e', '\0',
+  /* "marlosoft.net", true */ 'm', 'a', 'r', 'l', 'o', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "marmolesromero.com", true */ 'm', 'a', 'r', 'm', 'o', 'l', 'e', 's', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "marmotte.love", true */ 'm', 'a', 'r', 'm', 'o', 't', 't', 'e', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "maroc-bivouac.com", true */ 'm', 'a', 'r', 'o', 'c', '-', 'b', 'i', 'v', 'o', 'u', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "marocemploi.co", true */ 'm', 'a', 'r', 'o', 'c', 'e', 'm', 'p', 'l', 'o', 'i', '.', 'c', 'o', '\0',
+  /* "marocmail.ma", true */ 'm', 'a', 'r', 'o', 'c', 'm', 'a', 'i', 'l', '.', 'm', 'a', '\0',
+  /* "marqperso.ch", true */ 'm', 'a', 'r', 'q', 'p', 'e', 'r', 's', 'o', '.', 'c', 'h', '\0',
+  /* "marquepersonnelle.ch", true */ 'm', 'a', 'r', 'q', 'u', 'e', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'l', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "marqueswines.co.uk", true */ 'm', 'a', 'r', 'q', 'u', 'e', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "marrai.de", true */ 'm', 'a', 'r', 'r', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "marriage-shrine.jp", true */ 'm', 'a', 'r', 'r', 'i', 'a', 'g', 'e', '-', 's', 'h', 'r', 'i', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "marrickvilleapartments.com.au", true */ 'm', 'a', 'r', 'r', 'i', 'c', 'k', 'v', 'i', 'l', 'l', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "marsanvet.com", true */ 'm', 'a', 'r', 's', 'a', 'n', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "marsatapp.com", true */ 'm', 'a', 'r', 's', 'a', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "marsble.com", true */ 'm', 'a', 'r', 's', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "marshallscastles.com", true */ 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marshmallow.co", true */ 'm', 'a', 'r', 's', 'h', 'm', 'a', 'l', 'l', 'o', 'w', '.', 'c', 'o', '\0',
+  /* "martelange.ovh", true */ 'm', 'a', 'r', 't', 'e', 'l', 'a', 'n', 'g', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "marten-buer.de", true */ 'm', 'a', 'r', 't', 'e', 'n', '-', 'b', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "martensmxservice.nl", true */ 'm', 'a', 'r', 't', 'e', 'n', 's', 'm', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "marti201.ga", true */ 'm', 'a', 'r', 't', 'i', '2', '0', '1', '.', 'g', 'a', '\0',
+  /* "martide.com", true */ 'm', 'a', 'r', 't', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "martiestrimsalon.nl", true */ 'm', 'a', 'r', 't', 'i', 'e', 's', 't', 'r', 'i', 'm', 's', 'a', 'l', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "martijn.site", true */ 'm', 'a', 'r', 't', 'i', 'j', 'n', '.', 's', 'i', 't', 'e', '\0',
+  /* "martin-arend.de", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'a', 'r', 'e', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "martin-mattel.com", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 'm', 'a', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "martin-smith.info", true */ 'm', 'a', 'r', 't', 'i', 'n', '-', 's', 'm', 'i', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "martine.nu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'e', '.', 'n', 'u', '\0',
+  /* "martingansler.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'g', 'a', 'n', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "martinkup.cz", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 'p', '.', 'c', 'z', '\0',
+  /* "martinkus.eu", true */ 'm', 'a', 'r', 't', 'i', 'n', 'k', 'u', 's', '.', 'e', 'u', '\0',
+  /* "martinmuc.de", true */ 'm', 'a', 'r', 't', 'i', 'n', 'm', 'u', 'c', '.', 'd', 'e', '\0',
+  /* "martins.im", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', '.', 'i', 'm', '\0',
+  /* "martinsfamilyappliance.com", true */ 'm', 'a', 'r', 't', 'i', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'a', 'p', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "martonmihaly.hu", true */ 'm', 'a', 'r', 't', 'o', 'n', 'm', 'i', 'h', 'a', 'l', 'y', '.', 'h', 'u', '\0',
+  /* "maru-life.com", true */ 'm', 'a', 'r', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "maruhoi.com", true */ 'm', 'a', 'r', 'u', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "marvinkeller.de", true */ 'm', 'a', 'r', 'v', 'i', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "maryeclark.com", true */ 'm', 'a', 'r', 'y', 'e', 'c', 'l', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "maryjruggles.com", true */ 'm', 'a', 'r', 'y', 'j', 'r', 'u', 'g', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "marykatrinaphotography.com", true */ 'm', 'a', 'r', 'y', 'k', 'a', 't', 'r', 'i', 'n', 'a', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "masa-hou.com", true */ 'm', 'a', 's', 'a', '-', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mascosolutions.com", true */ 'm', 'a', 's', 'c', 'o', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maservant.net", true */ 'm', 'a', 's', 'e', 'r', 'v', 'a', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "mashandco.it", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 'i', 't', '\0',
+  /* "mashandco.tv", true */ 'm', 'a', 's', 'h', 'a', 'n', 'd', 'c', 'o', '.', 't', 'v', '\0',
+  /* "mashek.net", true */ 'm', 'a', 's', 'h', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "masiniunelte.store.ro", true */ 'm', 'a', 's', 'i', 'n', 'i', 'u', 'n', 'e', 'l', 't', 'e', '.', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "masiul.is", true */ 'm', 'a', 's', 'i', 'u', 'l', '.', 'i', 's', '\0',
+  /* "maskinkultur.com", true */ 'm', 'a', 's', 'k', 'i', 'n', 'k', 'u', 'l', 't', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maslife365.com", true */ 'm', 'a', 's', 'l', 'i', 'f', 'e', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "massage-vitalite.fr", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '-', 'v', 'i', 't', 'a', 'l', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "massage4u.net", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', '4', 'u', '.', 'n', 'e', 't', '\0',
+  /* "massagecupping.com", true */ 'm', 'a', 's', 's', 'a', 'g', 'e', 'c', 'u', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "massdrop.com", true */ 'm', 'a', 's', 's', 'd', 'r', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "masse.org", true */ 'm', 'a', 's', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "massflix.com", true */ 'm', 'a', 's', 's', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "masshiro.blog", true */ 'm', 'a', 's', 's', 'h', 'i', 'r', 'o', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "massoni.pl", true */ 'm', 'a', 's', 's', 'o', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "massotherapeutique.com", true */ 'm', 'a', 's', 's', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masta.ch", true */ 'm', 'a', 's', 't', 'a', '.', 'c', 'h', '\0',
+  /* "mastah.fr", true */ 'm', 'a', 's', 't', 'a', 'h', '.', 'f', 'r', '\0',
+  /* "mastd.fr", true */ 'm', 'a', 's', 't', 'd', '.', 'f', 'r', '\0',
+  /* "mastd.me", false */ 'm', 'a', 's', 't', 'd', '.', 'm', 'e', '\0',
+  /* "mastd.onl", true */ 'm', 'a', 's', 't', 'd', '.', 'o', 'n', 'l', '\0',
+  /* "mastellone.us", true */ 'm', 'a', 's', 't', 'e', 'l', 'l', 'o', 'n', 'e', '.', 'u', 's', '\0',
+  /* "master-net.org", true */ 'm', 'a', 's', 't', 'e', 'r', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mastercardpac.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'c', 'a', 'r', 'd', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masterdemolitioninc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'e', 'm', 'o', 'l', 'i', 't', 'i', 'o', 'n', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masterdigitale.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masterhaus.bg", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', '.', 'b', 'g', '\0',
+  /* "masterhelenaroma.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'h', 'e', 'l', 'e', 'n', 'a', 'r', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "masterofallscience.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'o', 'f', 'a', 'l', 'l', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "masterpc.co.uk", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "masterplc.com", true */ 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "masters.black", true */ 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "mastersthesiswriting.com", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'h', 'e', 's', 'i', 's', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "masterstuff.de", true */ 'm', 'a', 's', 't', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "mastiffingles.com.br", true */ 'm', 'a', 's', 't', 'i', 'f', 'f', 'i', 'n', 'g', 'l', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "masto.io", true */ 'm', 'a', 's', 't', 'o', '.', 'i', 'o', '\0',
+  /* "mastodon.at", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'a', 't', '\0',
+  /* "mastodon.blue", false */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "mastodon.co.nz", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mastodon.fun", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'f', 'u', 'n', '\0',
+  /* "mastodon.host", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'h', 'o', 's', 't', '\0',
+  /* "mastodon.org.uk", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mastodon.rocks", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "mastodon.top", true */ 'm', 'a', 's', 't', 'o', 'd', 'o', 'n', '.', 't', 'o', 'p', '\0',
+  /* "mat99.dk", true */ 'm', 'a', 't', '9', '9', '.', 'd', 'k', '\0',
+  /* "matanz.de", true */ 'm', 'a', 't', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "matatabimix.com", true */ 'm', 'a', 't', 'a', 't', 'a', 'b', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "match.audio", true */ 'm', 'a', 't', 'c', 'h', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "matcha-iga.jp", true */ 'm', 'a', 't', 'c', 'h', 'a', '-', 'i', 'g', 'a', '.', 'j', 'p', '\0',
+  /* "matchatea24.com", true */ 'm', 'a', 't', 'c', 'h', 'a', 't', 'e', 'a', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "matchboxdesigngroup.com", true */ 'm', 'a', 't', 'c', 'h', 'b', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "matel.org", true */ 'm', 'a', 't', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "materiaischiquinho.com.br", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'i', 's', 'c', 'h', 'i', 'q', 'u', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "material-world-fuyouhin.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', '-', 'w', 'o', 'r', 'l', 'd', '-', 'f', 'u', 'y', 'o', 'u', 'h', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "materialism.com", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "materialyinzynierskie.pl", true */ 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'y', 'i', 'n', 'z', 'y', 'n', 'i', 'e', 'r', 's', 'k', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "maternum.com", true */ 'm', 'a', 't', 'e', 'r', 'n', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mathalexservice.info", true */ 'm', 'a', 't', 'h', 'a', 'l', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mathembedded.com", true */ 'm', 'a', 't', 'h', 'e', 'm', 'b', 'e', 'd', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "matheo-schefczyk.de", true */ 'm', 'a', 't', 'h', 'e', 'o', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "mathhire.org", true */ 'm', 'a', 't', 'h', 'h', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mathias.re", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', '.', 'r', 'e', '\0',
+  /* "mathiasbynens.be", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'b', 'y', 'n', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "mathiasgarbe.de", true */ 'm', 'a', 't', 'h', 'i', 'a', 's', 'g', 'a', 'r', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "mathieuguimond.com", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'g', 'u', 'i', 'm', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mathieui.net", true */ 'm', 'a', 't', 'h', 'i', 'e', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "maths.network", true */ 'm', 'a', 't', 'h', 's', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "mathspace.co", true */ 'm', 'a', 't', 'h', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "matildajaneclothing.com", true */ 'm', 'a', 't', 'i', 'l', 'd', 'a', 'j', 'a', 'n', 'e', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "matjaz.it", true */ 'm', 'a', 't', 'j', 'a', 'z', '.', 'i', 't', '\0',
+  /* "matlabjo.ir", true */ 'm', 'a', 't', 'l', 'a', 'b', 'j', 'o', '.', 'i', 'r', '\0',
+  /* "matlss.com", true */ 'm', 'a', 't', 'l', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matomeathena.com", true */ 'm', 'a', 't', 'o', 'm', 'e', 'a', 't', 'h', 'e', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "matoutepetiteboutique.com", true */ 'm', 'a', 't', 'o', 'u', 't', 'e', 'p', 'e', 't', 'i', 't', 'e', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "matriterie-sdv.ro", true */ 'm', 'a', 't', 'r', 'i', 't', 'e', 'r', 'i', 'e', '-', 's', 'd', 'v', '.', 'r', 'o', '\0',
+  /* "matrix.ac", false */ 'm', 'a', 't', 'r', 'i', 'x', '.', 'a', 'c', '\0',
+  /* "matrixmedia.ro", true */ 'm', 'a', 't', 'r', 'i', 'x', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "matrixreq.com", true */ 'm', 'a', 't', 'r', 'i', 'x', 'r', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "matsu-semi.com", true */ 'm', 'a', 't', 's', 'u', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mattandyana.com", true */ 'm', 'a', 't', 't', 'a', 'n', 'd', 'y', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mattbsg.xyz", true */ 'm', 'a', 't', 't', 'b', 's', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "mattcarr.net", false */ 'm', 'a', 't', 't', 'c', 'a', 'r', 'r', '.', 'n', 'e', 't', '\0',
+  /* "mattcoles.io", true */ 'm', 'a', 't', 't', 'c', 'o', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "matteomarescotti.it", true */ 'm', 'a', 't', 't', 'e', 'o', 'm', 'a', 'r', 'e', 's', 'c', 'o', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "mattferderer.com", true */ 'm', 'a', 't', 't', 'f', 'e', 'r', 'd', 'e', 'r', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mattfin.ch", true */ 'm', 'a', 't', 't', 'f', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "mattforster.ca", true */ 'm', 'a', 't', 't', 'f', 'o', 'r', 's', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "matthecat.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "matthew-carson.info", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', '-', 'c', 'a', 'r', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "matthewemes.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'e', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matthewfells.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'f', 'e', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "matthewgallagher.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'g', 'a', 'l', 'l', 'a', 'g', 'h', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matthewkenny.co.uk", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'k', 'e', 'n', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matthewohare.com", true */ 'm', 'a', 't', 't', 'h', 'e', 'w', 'o', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "matthey.nl", true */ 'm', 'a', 't', 't', 'h', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "matthi.coffee", true */ 'm', 'a', 't', 't', 'h', 'i', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "matthias-muenzner.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', '-', 'm', 'u', 'e', 'n', 'z', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "matthiasadler.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'a', 'd', 'l', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "matthiasott.com", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "matthiasschwab.de", true */ 'm', 'a', 't', 't', 'h', 'i', 'a', 's', 's', 'c', 'h', 'w', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "matthieuschlosser.fr", true */ 'm', 'a', 't', 't', 'h', 'i', 'e', 'u', 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "matthijssen.info", true */ 'm', 'a', 't', 't', 'h', 'i', 'j', 's', 's', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mattisam.com", true */ 'm', 'a', 't', 't', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mattmccutchen.net", true */ 'm', 'a', 't', 't', 'm', 'c', 'c', 'u', 't', 'c', 'h', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mattonline.me", true */ 'm', 'a', 't', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "mattwservices.co.uk", true */ 'm', 'a', 't', 't', 'w', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "matviet.vn", true */ 'm', 'a', 't', 'v', 'i', 'e', 't', '.', 'v', 'n', '\0',
+  /* "matze.co", true */ 'm', 'a', 't', 'z', 'e', '.', 'c', 'o', '\0',
+  /* "mauldincookfence.com", true */ 'm', 'a', 'u', 'l', 'd', 'i', 'n', 'c', 'o', 'o', 'k', 'f', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mauriciog.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "mauricioghiorzi.com.ar", false */ 'm', 'a', 'u', 'r', 'i', 'c', 'i', 'o', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "maury-moteurs.com", true */ 'm', 'a', 'u', 'r', 'y', '-', 'm', 'o', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mavenclinic.com", true */ 'm', 'a', 'v', 'e', 'n', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mavensecurity.com", true */ 'm', 'a', 'v', 'e', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "maveris.com", true */ 'm', 'a', 'v', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mawidabp.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'b', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mawidaca.com", true */ 'm', 'a', 'w', 'i', 'd', 'a', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "max-moeglich.de", true */ 'm', 'a', 'x', '-', 'm', 'o', 'e', 'g', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "max-went.pl", true */ 'm', 'a', 'x', '-', 'w', 'e', 'n', 't', '.', 'p', 'l', '\0',
+  /* "max.gov", true */ 'm', 'a', 'x', '.', 'g', 'o', 'v', '\0',
+  /* "maxbruckner.de", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "maxbruckner.org", true */ 'm', 'a', 'x', 'b', 'r', 'u', 'c', 'k', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "maxbytes.nl", false */ 'm', 'a', 'x', 'b', 'y', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "maxchan.info", true */ 'm', 'a', 'x', 'c', 'h', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "maxdev72.freeboxos.fr", true */ 'm', 'a', 'x', 'd', 'e', 'v', '7', '2', '.', 'f', 'r', 'e', 'e', 'b', 'o', 'x', 'o', 's', '.', 'f', 'r', '\0',
+  /* "maxfox.me", true */ 'm', 'a', 'x', 'f', 'o', 'x', '.', 'm', 'e', '\0',
+  /* "maxhamon.ovh", true */ 'm', 'a', 'x', 'h', 'a', 'm', 'o', 'n', '.', 'o', 'v', 'h', '\0',
+  /* "maxhoechtl.at", true */ 'm', 'a', 'x', 'h', 'o', 'e', 'c', 'h', 't', 'l', '.', 'a', 't', '\0',
+  /* "maxhorvath.com", true */ 'm', 'a', 'x', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "maxibanki.ovh", true */ 'm', 'a', 'x', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'o', 'v', 'h', '\0',
+  /* "maxicore.co.za", true */ 'm', 'a', 'x', 'i', 'c', 'o', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "maxima.at", true */ 'm', 'a', 'x', 'i', 'm', 'a', '.', 'a', 't', '\0',
+  /* "maximdeboiserie.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'b', 'o', 'i', 's', 'e', 'r', 'i', 'e', '.', 'b', 'e', '\0',
+  /* "maximdens.be", true */ 'm', 'a', 'x', 'i', 'm', 'd', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "maximeferon.fr", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'f', 'e', 'r', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "maximelouet.me", true */ 'm', 'a', 'x', 'i', 'm', 'e', 'l', 'o', 'u', 'e', 't', '.', 'm', 'e', '\0',
+  /* "maximilian-graf.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0',
+  /* "maximilian-greger.com", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', '-', 'g', 'r', 'e', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "maximiliankaul.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "maximiliankrieg.de", true */ 'm', 'a', 'x', 'i', 'm', 'i', 'l', 'i', 'a', 'n', 'k', 'r', 'i', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "maxims-travel.com", true */ 'm', 'a', 'x', 'i', 'm', 's', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maxipcalls.com", true */ 'm', 'a', 'x', 'i', 'p', 'c', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "maxisito.it", true */ 'm', 'a', 'x', 'i', 's', 'i', 't', 'o', '.', 'i', 't', '\0',
+  /* "maxkaul.de", true */ 'm', 'a', 'x', 'k', 'a', 'u', 'l', '.', 'd', 'e', '\0',
+  /* "maxmilton.com", true */ 'm', 'a', 'x', 'm', 'i', 'l', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "maxrandolph.com", true */ 'm', 'a', 'x', 'r', 'a', 'n', 'd', 'o', 'l', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "maxtruxa.com", true */ 'm', 'a', 'x', 't', 'r', 'u', 'x', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "maxwaellenergie.de", true */ 'm', 'a', 'x', 'w', 'a', 'e', 'l', 'l', 'e', 'n', 'e', 'r', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "maxwell-english.co.jp", false */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', '-', 'e', 'n', 'g', 'l', 'i', 's', 'h', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "maxwellflynn.com", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'f', 'l', 'y', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "maxwellmoore.co.uk", true */ 'm', 'a', 'x', 'w', 'e', 'l', 'l', 'm', 'o', 'o', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "may24.tw", true */ 'm', 'a', 'y', '2', '4', '.', 't', 'w', '\0',
+  /* "mayavi.co.in", true */ 'm', 'a', 'y', 'a', 'v', 'i', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "maybeul.com", true */ 'm', 'a', 'y', 'b', 'e', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "maydex.info", true */ 'm', 'a', 'y', 'd', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mayerbrownllz.com", true */ 'm', 'a', 'y', 'e', 'r', 'b', 'r', 'o', 'w', 'n', 'l', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mayomarquees.com", true */ 'm', 'a', 'y', 'o', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mayopartyhire.com", true */ 'm', 'a', 'y', 'o', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mayoristassexshop.com", true */ 'm', 'a', 'y', 'o', 'r', 'i', 's', 't', 'a', 's', 's', 'e', 'x', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "maypolevilla.co.uk", true */ 'm', 'a', 'y', 'p', 'o', 'l', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mayrhofer.eu.org", true */ 'm', 'a', 'y', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "mazda-mps.de", true */ 'm', 'a', 'z', 'd', 'a', '-', 'm', 'p', 's', '.', 'd', 'e', '\0',
+  /* "mazda-thermote.com", true */ 'm', 'a', 'z', 'd', 'a', '-', 't', 'h', 'e', 'r', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mazda626.net", true */ 'm', 'a', 'z', 'd', 'a', '6', '2', '6', '.', 'n', 'e', 't', '\0',
+  /* "maze.fr", true */ 'm', 'a', 'z', 'e', '.', 'f', 'r', '\0',
+  /* "mazternet.ru", true */ 'm', 'a', 'z', 't', 'e', 'r', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "mazzotta.me", true */ 'm', 'a', 'z', 'z', 'o', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "mbaestlein.de", true */ 'm', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "mbainflatables.co.uk", true */ 'm', 'b', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mbardot.com", true */ 'm', 'b', 'a', 'r', 'd', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mbasic.facebook.com", false */ 'm', 'b', 'a', 's', 'i', 'c', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mbcars.be", true */ 'm', 'b', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "mbeo.ch", true */ 'm', 'b', 'e', 'o', '.', 'c', 'h', '\0',
+  /* "mbilker.us", true */ 'm', 'b', 'i', 'l', 'k', 'e', 'r', '.', 'u', 's', '\0',
+  /* "mbinf.de", false */ 'm', 'b', 'i', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "mbinformatik.de", false */ 'm', 'b', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "mbits.solutions", true */ 'm', 'b', 'i', 't', 's', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "mblankhorst.nl", true */ 'm', 'b', 'l', 'a', 'n', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "mble.mg", true */ 'm', 'b', 'l', 'e', '.', 'm', 'g', '\0',
+  /* "mbp.banking.co.at", false */ 'm', 'b', 'p', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "mbr-net.de", true */ 'm', 'b', 'r', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "mbrooks.info", true */ 'm', 'b', 'r', 'o', 'o', 'k', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mbs-journey.com", true */ 'm', 'b', 's', '-', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mburns.duckdns.org", true */ 'm', 'b', 'u', 'r', 'n', 's', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mbweir.com", true */ 'm', 'b', 'w', 'e', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mc-venture.net", false */ 'm', 'c', '-', 'v', 'e', 'n', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mcadmin.net", true */ 'm', 'c', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mcatnnlo.org", true */ 'm', 'c', 'a', 't', 'n', 'n', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "mccordworks.com", true */ 'm', 'c', 'c', 'o', 'r', 'd', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mccrackon.com", true */ 'm', 'c', 'c', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mcdermottautomotive.com", true */ 'm', 'c', 'd', 'e', 'r', 'm', 'o', 't', 't', 'a', 'u', 't', 'o', 'm', 'o', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mcdona1d.me", true */ 'm', 'c', 'd', 'o', 'n', 'a', '1', 'd', '.', 'm', 'e', '\0',
+  /* "mcdonalds.be", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'b', 'e', '\0',
+  /* "mcdonalds.design", true */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 's', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "mcdonaldwhsl.com", false */ 'm', 'c', 'd', 'o', 'n', 'a', 'l', 'd', 'w', 'h', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mce.eu", true */ 'm', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "mce.nyc", true */ 'm', 'c', 'e', '.', 'n', 'y', 'c', '\0',
+  /* "mce55.eu", true */ 'm', 'c', 'e', '5', '5', '.', 'e', 'u', '\0',
+  /* "mcea-hld.jp", true */ 'm', 'c', 'e', 'a', '-', 'h', 'l', 'd', '.', 'j', 'p', '\0',
+  /* "mceconferencecentre.eu", true */ 'm', 'c', 'e', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "mcfedries.com", true */ 'm', 'c', 'f', 'e', 'd', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcgarderen.nl", true */ 'm', 'c', 'g', 'a', 'r', 'd', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "mcgavocknissanwichitaparts.com", true */ 'm', 'c', 'g', 'a', 'v', 'o', 'c', 'k', 'n', 'i', 's', 's', 'a', 'n', 'w', 'i', 'c', 'h', 'i', 't', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcgovernance.com", true */ 'm', 'c', 'g', 'o', 'v', 'e', 'r', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mchopkins.net", true */ 'm', 'c', 'h', 'o', 'p', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "mchristopher.com", true */ 'm', 'c', 'h', 'r', 'i', 's', 't', 'o', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mcideas.tk", true */ 'm', 'c', 'i', 'd', 'e', 'a', 's', '.', 't', 'k', '\0',
+  /* "mcjackk77.com", true */ 'm', 'c', 'j', 'a', 'c', 'k', 'k', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "mckenry.net", true */ 'm', 'c', 'k', 'e', 'n', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "mckernan.in", true */ 'm', 'c', 'k', 'e', 'r', 'n', 'a', 'n', '.', 'i', 'n', '\0',
+  /* "mckinley.school", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', '.', 's', 'c', 'h', 'o', 'o', 'l', '\0',
+  /* "mckinleytk.com", true */ 'm', 'c', 'k', 'i', 'n', 'l', 'e', 'y', 't', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mcl.gg", true */ 'm', 'c', 'l', '.', 'g', 'g', '\0',
+  /* "mclinflatables.co.uk", true */ 'm', 'c', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mcmillanskiclub.com.au", true */ 'm', 'c', 'm', 'i', 'l', 'l', 'a', 'n', 's', 'k', 'i', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mcneill.io", true */ 'm', 'c', 'n', 'e', 'i', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "mcnext.net", true */ 'm', 'c', 'n', 'e', 'x', 't', '.', 'n', 'e', 't', '\0',
+  /* "mcpart.land", true */ 'm', 'c', 'p', 'a', 'r', 't', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "mcrn.jp", true */ 'm', 'c', 'r', 'n', '.', 'j', 'p', '\0',
+  /* "mcsinflatables.co.uk", true */ 'm', 'c', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mcsniper.co", true */ 'm', 'c', 's', 'n', 'i', 'p', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "mcuong.tk", false */ 'm', 'c', 'u', 'o', 'n', 'g', '.', 't', 'k', '\0',
+  /* "mcynews.com", true */ 'm', 'c', 'y', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mcyukon.com", true */ 'm', 'c', 'y', 'u', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "md5file.com", true */ 'm', 'd', '5', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "md5hashing.net", true */ 'm', 'd', '5', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "mdbouncycastlehirelondon.co.uk", true */ 'm', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', 'l', 'o', 'n', 'd', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mdcloudpracticesolutions.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdcloudps.com", true */ 'm', 'd', 'c', 'l', 'o', 'u', 'd', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdek.at", true */ 'm', 'd', 'e', 'k', '.', 'a', 't', '\0',
+  /* "mdewendt.de", true */ 'm', 'd', 'e', 'w', 'e', 'n', 'd', 't', '.', 'd', 'e', '\0',
+  /* "mdf-bis.com", true */ 'm', 'd', 'f', '-', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mdiv.pl", true */ 'm', 'd', 'i', 'v', '.', 'p', 'l', '\0',
+  /* "mdma.net", true */ 'm', 'd', 'm', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mdmed.clinic", true */ 'm', 'd', 'm', 'e', 'd', '.', 'c', 'l', 'i', 'n', 'i', 'c', '\0',
+  /* "mdoering.de", true */ 'm', 'd', 'o', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mdosch.de", true */ 'm', 'd', 'o', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "mdpraha.cz", true */ 'm', 'd', 'p', 'r', 'a', 'h', 'a', '.', 'c', 'z', '\0',
+  /* "mdsave.com", true */ 'm', 'd', 's', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mdwftw.com", true */ 'm', 'd', 'w', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mdx.no", true */ 'm', 'd', 'x', '.', 'n', 'o', '\0',
+  /* "mdxdave.de", true */ 'm', 'd', 'x', 'd', 'a', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "mdxn.org", true */ 'm', 'd', 'x', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "me-center.com", true */ 'm', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "me-groups.com", true */ 'm', 'e', '-', 'g', 'r', 'o', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "me.net.nz", true */ 'm', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "meadowviewfarms.org", true */ 'm', 'e', 'a', 'd', 'o', 'w', 'v', 'i', 'e', 'w', 'f', 'a', 'r', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mealgoo.com", true */ 'm', 'e', 'a', 'l', 'g', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mealz.com", false */ 'm', 'e', 'a', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "meany.xyz", true */ 'm', 'e', 'a', 'n', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "meap.xyz", true */ 'm', 'e', 'a', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "measuretwice.com", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 't', 'w', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "measureyourpenis.today", true */ 'm', 'e', 'a', 's', 'u', 'r', 'e', 'y', 'o', 'u', 'r', 'p', 'e', 'n', 'i', 's', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "meat.org.uk", true */ 'm', 'e', 'a', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mecanicoautomotriz.org", true */ 'm', 'e', 'c', 'a', 'n', 'i', 'c', 'o', 'a', 'u', 't', 'o', 'm', 'o', 't', 'r', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "mechanixdirect.co.uk", false */ 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'x', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mechanus.io", true */ 'm', 'e', 'c', 'h', 'a', 'n', 'u', 's', '.', 'i', 'o', '\0',
+  /* "med-otzyv.ru", true */ 'm', 'e', 'd', '-', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0',
+  /* "medba.se", true */ 'm', 'e', 'd', 'b', 'a', '.', 's', 'e', '\0',
+  /* "medcir.com.br", true */ 'm', 'e', 'd', 'c', 'i', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medcrowd.com", true */ 'm', 'e', 'd', 'c', 'r', 'o', 'w', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "meddelare.com", true */ 'm', 'e', 'd', 'd', 'e', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meddigital.com", true */ 'm', 'e', 'd', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "medeinos.lt", true */ 'm', 'e', 'd', 'e', 'i', 'n', 'o', 's', '.', 'l', 't', '\0',
+  /* "medexpress.co.uk", true */ 'm', 'e', 'd', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "medi-link.co.il", true */ 'm', 'e', 'd', 'i', '-', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "media-access.online", true */ 'm', 'e', 'd', 'i', 'a', '-', 'a', 'c', 'c', 'e', 's', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "media-courses.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'o', 'u', 'r', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "media-credit.eu", true */ 'm', 'e', 'd', 'i', 'a', '-', 'c', 'r', 'e', 'd', 'i', 't', '.', 'e', 'u', '\0',
+  /* "media-instance.ru", true */ 'm', 'e', 'd', 'i', 'a', '-', 'i', 'n', 's', 't', 'a', 'n', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "media-pi.com", true */ 'm', 'e', 'd', 'i', 'a', '-', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mediaarea.net", true */ 'm', 'e', 'd', 'i', 'a', 'a', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mediablaster.com", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mediaburst.co.uk", true */ 'm', 'e', 'd', 'i', 'a', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mediadex.be", true */ 'm', 'e', 'd', 'i', 'a', 'd', 'e', 'x', '.', 'b', 'e', '\0',
+  /* "mediaexpert.fr", true */ 'm', 'e', 'd', 'i', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'f', 'r', '\0',
+  /* "mediafocus.biz", true */ 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'c', 'u', 's', '.', 'b', 'i', 'z', '\0',
+  /* "mediagenic.ch", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'e', 'n', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "mediagrand.net", true */ 'm', 'e', 'd', 'i', 'a', 'g', 'r', 'a', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "mediajurnal.com", true */ 'm', 'e', 'd', 'i', 'a', 'j', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "medialab.nrw", true */ 'm', 'e', 'd', 'i', 'a', 'l', 'a', 'b', '.', 'n', 'r', 'w', '\0',
+  /* "mediamarkt.pl", true */ 'm', 'e', 'd', 'i', 'a', 'm', 'a', 'r', 'k', 't', '.', 'p', 'l', '\0',
+  /* "mediapart.fr", true */ 'm', 'e', 'd', 'i', 'a', 'p', 'a', 'r', 't', '.', 'f', 'r', '\0',
+  /* "mediaselection.eu", true */ 'm', 'e', 'd', 'i', 'a', 's', 'e', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "mediastorm.us", true */ 'm', 'e', 'd', 'i', 'a', 's', 't', 'o', 'r', 'm', '.', 'u', 's', '\0',
+  /* "mediationculturelleclp.ch", true */ 'm', 'e', 'd', 'i', 'a', 't', 'i', 'o', 'n', 'c', 'u', 'l', 't', 'u', 'r', 'e', 'l', 'l', 'e', 'c', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "mediatorzy.waw.pl", true */ 'm', 'e', 'd', 'i', 'a', 't', 'o', 'r', 'z', 'y', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0',
+  /* "mediawiki.org", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "mediawin.pl", true */ 'm', 'e', 'd', 'i', 'a', 'w', 'i', 'n', '.', 'p', 'l', '\0',
+  /* "medic-world.com", true */ 'm', 'e', 'd', 'i', 'c', '-', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "medicalcountermeasures.gov", true */ 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'c', 'o', 'u', 'n', 't', 'e', 'r', 'm', 'e', 'a', 's', 'u', 'r', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "medicinesfast.com", false */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'e', 's', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "medicinia.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'i', 'n', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medicocompetente.it", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'c', 'o', 'm', 'p', 'e', 't', 'e', 'n', 't', 'e', '.', 'i', 't', '\0',
+  /* "medicoresponde.com.br", true */ 'm', 'e', 'd', 'i', 'c', 'o', 'r', 'e', 's', 'p', 'o', 'n', 'd', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "medifab.online", true */ 'm', 'e', 'd', 'i', 'f', 'a', 'b', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "medifi.com", true */ 'm', 'e', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "medireport.fr", true */ 'm', 'e', 'd', 'i', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "medium.com", true */ 'm', 'e', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mediumraw.org", true */ 'm', 'e', 'd', 'i', 'u', 'm', 'r', 'a', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "medlineplus.gov", true */ 'm', 'e', 'd', 'l', 'i', 'n', 'e', 'p', 'l', 'u', 's', '.', 'g', 'o', 'v', '\0',
+  /* "medo64.com", true */ 'm', 'e', 'd', 'o', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "medovea.ru", true */ 'm', 'e', 'd', 'o', 'v', 'e', 'a', '.', 'r', 'u', '\0',
+  /* "medpics.com", true */ 'm', 'e', 'd', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "medstreaming.com", true */ 'm', 'e', 'd', 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "medtalents.ch", true */ 'm', 'e', 'd', 't', 'a', 'l', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "medtankers.management", true */ 'm', 'e', 'd', 't', 'a', 'n', 'k', 'e', 'r', 's', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0',
+  /* "medtehnika.ua", true */ 'm', 'e', 'd', 't', 'e', 'h', 'n', 'i', 'k', 'a', '.', 'u', 'a', '\0',
+  /* "medusa.wtf", true */ 'm', 'e', 'd', 'u', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "meduza.io", true */ 'm', 'e', 'd', 'u', 'z', 'a', '.', 'i', 'o', '\0',
+  /* "medwaybouncycastlehire.co.uk", true */ 'm', 'e', 'd', 'w', 'a', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "medyotan.ga", true */ 'm', 'e', 'd', 'y', 'o', 't', 'a', 'n', '.', 'g', 'a', '\0',
+  /* "meedoenhartvanwestbrabant.nl", true */ 'm', 'e', 'e', 'd', 'o', 'e', 'n', 'h', 'a', 'r', 't', 'v', 'a', 'n', 'w', 'e', 's', 't', 'b', 'r', 'a', 'b', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "meehle.com", true */ 'm', 'e', 'e', 'h', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meerutcake.com", true */ 'm', 'e', 'e', 'r', 'u', 't', 'c', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meet.google.com", true */ 'm', 'e', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meetbot.fedoraproject.org", true */ 'm', 'e', 'e', 't', 'b', 'o', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "meetingfriends.ch", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'h', '\0',
+  /* "meetingmanage.nl", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "meetingmanager.ovh", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "meetings2.com", true */ 'm', 'e', 'e', 't', 'i', 'n', 'g', 's', '2', '.', 'c', 'o', 'm', '\0',
+  /* "meetmibaby.co.uk", true */ 'm', 'e', 'e', 't', 'm', 'i', 'b', 'a', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "meetmygoods.com", true */ 'm', 'e', 'e', 't', 'm', 'y', 'g', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meeusen-usedcars.be", true */ 'm', 'e', 'e', 'u', 's', 'e', 'n', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "meeztertom.nl", true */ 'm', 'e', 'e', 'z', 't', 'e', 'r', 't', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "meg-a-bounce.co.uk", true */ 'm', 'e', 'g', '-', 'a', '-', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mega-feeling.de", true */ 'm', 'e', 'g', 'a', '-', 'f', 'e', 'e', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mega.co.nz", true */ 'm', 'e', 'g', 'a', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mega.nz", true */ 'm', 'e', 'g', 'a', '.', 'n', 'z', '\0',
+  /* "mega.online", true */ 'm', 'e', 'g', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "megablogging.org", true */ 'm', 'e', 'g', 'a', 'b', 'l', 'o', 'g', 'g', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "megabounce.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megabounceni.co.uk", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'e', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megabouncingcastles.com", true */ 'm', 'e', 'g', 'a', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "megadrol.com", true */ 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "megaflix.nl", true */ 'm', 'e', 'g', 'a', 'f', 'l', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "megagifs.de", true */ 'm', 'e', 'g', 'a', 'g', 'i', 'f', 's', '.', 'd', 'e', '\0',
+  /* "megainflatables.co.uk", true */ 'm', 'e', 'g', 'a', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "megamarkey.de", true */ 'm', 'e', 'g', 'a', 'm', 'a', 'r', 'k', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "megamisja.pl", true */ 'm', 'e', 'g', 'a', 'm', 'i', 's', 'j', 'a', '.', 'p', 'l', '\0',
+  /* "meganandmarc.us", true */ 'm', 'e', 'g', 'a', 'n', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'u', 's', '\0',
+  /* "meganreel.com", true */ 'm', 'e', 'g', 'a', 'n', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "megapixel.cz", true */ 'm', 'e', 'g', 'a', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'z', '\0',
+  /* "megaplan.cz", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "megaplan.ru", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "megaplonk.com", true */ 'm', 'e', 'g', 'a', 'p', 'l', 'o', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "megasslstore.com", true */ 'm', 'e', 'g', 'a', 's', 's', 'l', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "megaxchange.com", true */ 'm', 'e', 'g', 'a', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "megumico.net", true */ 'm', 'e', 'g', 'u', 'm', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mehalick.com", true */ 'm', 'e', 'h', 'a', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mehhh.xyz", true */ 'm', 'e', 'h', 'h', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "mehmetakif.edu.tr", true */ 'm', 'e', 'h', 'm', 'e', 't', 'a', 'k', 'i', 'f', '.', 'e', 'd', 'u', '.', 't', 'r', '\0',
+  /* "mehmetince.net", true */ 'm', 'e', 'h', 'm', 'e', 't', 'i', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mehostdd.com", false */ 'm', 'e', 'h', 'o', 's', 't', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mehr-schulferien.de", true */ 'm', 'e', 'h', 'r', '-', 's', 'c', 'h', 'u', 'l', 'f', 'e', 'r', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mehrleben.at", true */ 'm', 'e', 'h', 'r', 'l', 'e', 'b', 'e', 'n', '.', 'a', 't', '\0',
+  /* "mehrwert.de", true */ 'm', 'e', 'h', 'r', 'w', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "meierhofer.net", true */ 'm', 'e', 'i', 'e', 'r', 'h', 'o', 'f', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "meiju.video", true */ 'm', 'e', 'i', 'j', 'u', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "meikan.moe", true */ 'm', 'e', 'i', 'k', 'a', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "meillard-auto-ecole.ch", true */ 'm', 'e', 'i', 'l', 'l', 'a', 'r', 'd', '-', 'a', 'u', 't', 'o', '-', 'e', 'c', 'o', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "meilleur.info", true */ 'm', 'e', 'i', 'l', 'l', 'e', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mein-muehlhausen.bayern", true */ 'm', 'e', 'i', 'n', '-', 'm', 'u', 'e', 'h', 'l', 'h', 'a', 'u', 's', 'e', 'n', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "mein-webportal.de", true */ 'm', 'e', 'i', 'n', '-', 'w', 'e', 'b', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "meinbetriebsrat24.de", true */ 'm', 'e', 'i', 'n', 'b', 'e', 't', 'r', 'i', 'e', 'b', 's', 'r', 'a', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "meincenter-meinemeinung.de", true */ 'm', 'e', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', '-', 'm', 'e', 'i', 'n', 'e', 'm', 'e', 'i', 'n', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meincoach.at", true */ 'm', 'e', 'i', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "meine-email-im.net", true */ 'm', 'e', 'i', 'n', 'e', '-', 'e', 'm', 'a', 'i', 'l', '-', 'i', 'm', '.', 'n', 'e', 't', '\0',
+  /* "meine-immofinanzierung.de", true */ 'm', 'e', 'i', 'n', 'e', '-', 'i', 'm', 'm', 'o', 'f', 'i', 'n', 'a', 'n', 'z', 'i', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meine-plancha.ch", true */ 'm', 'e', 'i', 'n', 'e', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "meinezwangsversteigerung.de", true */ 'm', 'e', 'i', 'n', 'e', 'z', 'w', 'a', 'n', 'g', 's', 'v', 'e', 'r', 's', 't', 'e', 'i', 'g', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "meinstartinsleben.com", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "meinstartinsleben.de", true */ 'm', 'e', 'i', 'n', 's', 't', 'a', 'r', 't', 'i', 'n', 's', 'l', 'e', 'b', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "meinv.asia", true */ 'm', 'e', 'i', 'n', 'v', '.', 'a', 's', 'i', 'a', '\0',
+  /* "meiqia.cn", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'n', '\0',
+  /* "meiqia.com", true */ 'm', 'e', 'i', 'q', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "meisterritter.de", true */ 'm', 'e', 'i', 's', 't', 'e', 'r', 'r', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "meizufans.eu", true */ 'm', 'e', 'i', 'z', 'u', 'f', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "mekongeye.com", true */ 'm', 'e', 'k', 'o', 'n', 'g', 'e', 'y', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "melakaltenegger.at", true */ 'm', 'e', 'l', 'a', 'k', 'a', 'l', 't', 'e', 'n', 'e', 'g', 'g', 'e', 'r', '.', 'a', 't', '\0',
+  /* "melaniebernhardt.com", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'b', 'e', 'r', 'n', 'h', 'a', 'r', 'd', 't', '.', 'c', 'o', 'm', '\0',
+  /* "melaniegruber.de", true */ 'm', 'e', 'l', 'a', 'n', 'i', 'e', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "melbourne.dating", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "melbourneapartments.website", true */ 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "melchizedek-forum.de", true */ 'm', 'e', 'l', 'c', 'h', 'i', 'z', 'e', 'd', 'e', 'k', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "meldcode-assistent.nl", true */ 'm', 'e', 'l', 'd', 'c', 'o', 'd', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "melearning.university", false */ 'm', 'e', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '\0',
+  /* "meledia.com", false */ 'm', 'e', 'l', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "melenchatsmelenchiens.fr", true */ 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'a', 't', 's', 'm', 'e', 'l', 'e', 'n', 'c', 'h', 'i', 'e', 'n', 's', '.', 'f', 'r', '\0',
+  /* "melerpaine.com", true */ 'm', 'e', 'l', 'e', 'r', 'p', 'a', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "melf.nl", true */ 'm', 'e', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "melhoresdominios.com", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'd', 'o', 'm', 'i', 'n', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melhoresmarcasdenotebook.com.br", true */ 'm', 'e', 'l', 'h', 'o', 'r', 'e', 's', 'm', 'a', 'r', 'c', 'a', 's', 'd', 'e', 'n', 'o', 't', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "melikoff.es", true */ 'm', 'e', 'l', 'i', 'k', 'o', 'f', 'f', '.', 'e', 's', '\0',
+  /* "melina-schefczyk.de", true */ 'm', 'e', 'l', 'i', 'n', 'a', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "melissaadkins.com", true */ 'm', 'e', 'l', 'i', 's', 's', 'a', 'a', 'd', 'k', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melitopol.co.ua", false */ 'm', 'e', 'l', 'i', 't', 'o', 'p', 'o', 'l', '.', 'c', 'o', '.', 'u', 'a', '\0',
+  /* "melnessgroup.com", true */ 'm', 'e', 'l', 'n', 'e', 's', 's', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "melnikov.ch", true */ 'm', 'e', 'l', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'h', '\0',
+  /* "melodic.com.au", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "melodiouscode.net", true */ 'm', 'e', 'l', 'o', 'd', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "melodrom.de", true */ 'm', 'e', 'l', 'o', 'd', 'r', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "melody-lyrics.com", true */ 'm', 'e', 'l', 'o', 'd', 'y', '-', 'l', 'y', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "melted.me", true */ 'm', 'e', 'l', 't', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "meltzow.net", true */ 'm', 'e', 'l', 't', 'z', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "melvinlammerts.nl", true */ 'm', 'e', 'l', 'v', 'i', 'n', 'l', 'a', 'm', 'm', 'e', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "members-only-shopping.com", true */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '-', 'o', 'n', 'l', 'y', '-', 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "members.nearlyfreespeech.net", false */ 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'n', 'e', 'a', 'r', 'l', 'y', 'f', 'r', 'e', 'e', 's', 'p', 'e', 'e', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "memdoc.org", true */ 'm', 'e', 'm', 'd', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "meme-photostudio.com.tw", true */ 'm', 'e', 'm', 'e', '-', 'p', 'h', 'o', 't', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "meme.fi", true */ 'm', 'e', 'm', 'e', '.', 'f', 'i', '\0',
+  /* "meme.institute", true */ 'm', 'e', 'm', 'e', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "memepasmal.net", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "memepasmal.org", true */ 'm', 'e', 'm', 'e', 'p', 'a', 's', 'm', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "memetrash.co.uk", true */ 'm', 'e', 'm', 'e', 't', 'r', 'a', 's', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "memfrob.org", true */ 'm', 'e', 'm', 'f', 'r', 'o', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "memiux.com", true */ 'm', 'e', 'm', 'i', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "memo-linux.com", true */ 'm', 'e', 'm', 'o', '-', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "memoire-resistance-ariege.fr", true */ 'm', 'e', 'm', 'o', 'i', 'r', 'e', '-', 'r', 'e', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '-', 'a', 'r', 'i', 'e', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "memorycards.ie", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'c', 'a', 'r', 'd', 's', '.', 'i', 'e', '\0',
+  /* "memoryex.net", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "memorygame.io", true */ 'm', 'e', 'm', 'o', 'r', 'y', 'g', 'a', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "menanwc.org", true */ 'm', 'e', 'n', 'a', 'n', 'w', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "menaraannonces.com", true */ 'm', 'e', 'n', 'a', 'r', 'a', 'a', 'n', 'n', 'o', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menden.com", true */ 'm', 'e', 'n', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mendipbouncycastles.co.uk", true */ 'm', 'e', 'n', 'd', 'i', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mendy.jp", true */ 'm', 'e', 'n', 'd', 'y', '.', 'j', 'p', '\0',
+  /* "menielias.com", true */ 'm', 'e', 'n', 'i', 'e', 'l', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menole.com", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "menole.de", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "menole.net", true */ 'm', 'e', 'n', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mensachterdepatient.nl", true */ 'm', 'e', 'n', 's', 'a', 'c', 'h', 't', 'e', 'r', 'd', 'e', 'p', 'a', 't', 'i', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "mensagemaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagemdaluz.com", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'm', 'd', 'a', 'l', 'u', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mensagensaniversario.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'a', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'r', 'i', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagensdeconforto.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'd', 'e', 'c', 'o', 'n', 'f', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensagensperfeitas.com.br", true */ 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', 'p', 'e', 'r', 'f', 'e', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mensch-peter.me", true */ 'm', 'e', 'n', 's', 'c', 'h', '-', 'p', 'e', 't', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mentalhealth.gov", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "mentalhealthmn.org", true */ 'm', 'e', 'n', 't', 'a', 'l', 'h', 'e', 'a', 'l', 't', 'h', 'm', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mentaltraining-fuer-musiker.ch", true */ 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'u', 'e', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "mentiq.az", true */ 'm', 'e', 'n', 't', 'i', 'q', '.', 'a', 'z', '\0',
+  /* "mentorithm.com", true */ 'm', 'e', 'n', 't', 'o', 'r', 'i', 't', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mentz.info", true */ 'm', 'e', 'n', 't', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "menuonlineordering.com", true */ 'm', 'e', 'n', 'u', 'o', 'n', 'l', 'i', 'n', 'e', 'o', 'r', 'd', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "menzel-motors.com", true */ 'm', 'e', 'n', 'z', 'e', 'l', '-', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "menzietti.it", true */ 'm', 'e', 'n', 'z', 'i', 'e', 't', 't', 'i', '.', 'i', 't', '\0',
+  /* "mephedrone.org", true */ 'm', 'e', 'p', 'h', 'e', 'd', 'r', 'o', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "meransuedtirol.com", true */ 'm', 'e', 'r', 'a', 'n', 's', 'u', 'e', 'd', 't', 'i', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mercadobitcoin.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mercadobitcoin.net", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mercadoleal.com.br", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'l', 'e', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mercadopago.com", true */ 'm', 'e', 'r', 'c', 'a', 'd', 'o', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mercamaris.es", true */ 'm', 'e', 'r', 'c', 'a', 'm', 'a', 'r', 'i', 's', '.', 'e', 's', '\0',
+  /* "mercedes-benz.io", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'b', 'e', 'n', 'z', '.', 'i', 'o', '\0',
+  /* "mercedes-ig.de", true */ 'm', 'e', 'r', 'c', 'e', 'd', 'e', 's', '-', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "mercury-studio.com", true */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mercuryamericas.com", false */ 'm', 'e', 'r', 'c', 'u', 'r', 'y', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meremeti-online.gr", true */ 'm', 'e', 'r', 'e', 'm', 'e', 't', 'i', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'r', '\0',
+  /* "meridianstore.com.br", true */ 'm', 'e', 'r', 'i', 'd', 'i', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "merimatka.fi", true */ 'm', 'e', 'r', 'i', 'm', 'a', 't', 'k', 'a', '.', 'f', 'i', '\0',
+  /* "merkel.me", true */ 'm', 'e', 'r', 'k', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "merlet.eu", true */ 'm', 'e', 'r', 'l', 'e', 't', '.', 'e', 'u', '\0',
+  /* "merojob.com", true */ 'm', 'e', 'r', 'o', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "meronberry.jp", true */ 'm', 'e', 'r', 'o', 'n', 'b', 'e', 'r', 'r', 'y', '.', 'j', 'p', '\0',
+  /* "mertak.cz", true */ 'm', 'e', 'r', 't', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "mertarauh.com", true */ 'm', 'e', 'r', 't', 'a', 'r', 'a', 'u', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mertcangokgoz.com", true */ 'm', 'e', 'r', 't', 'c', 'a', 'n', 'g', 'o', 'k', 'g', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "meruri.com", true */ 'm', 'e', 'r', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mes-finances.be", true */ 'm', 'e', 's', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 's', '.', 'b', 'e', '\0',
+  /* "mes10doigts.ovh", true */ 'm', 'e', 's', '1', '0', 'd', 'o', 'i', 'g', 't', 's', '.', 'o', 'v', 'h', '\0',
+  /* "mescaline.com", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mescaline.org", true */ 'm', 'e', 's', 'c', 'a', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mesh.gov", true */ 'm', 'e', 's', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "meshok.ru", false */ 'm', 'e', 's', 'h', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "meshotes.com", true */ 'm', 'e', 's', 'h', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mesicka.com", true */ 'm', 'e', 's', 'i', 'c', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "messagescelestes-archives.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '-', 'a', 'r', 'c', 'h', 'i', 'v', 'e', 's', '.', 'c', 'a', '\0',
+  /* "messagescelestes.ca", true */ 'm', 'e', 's', 's', 'a', 'g', 'e', 's', 'c', 'e', 'l', 'e', 's', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "messenger.com", false */ 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "messer24.ch", true */ 'm', 'e', 's', 's', 'e', 'r', '2', '4', '.', 'c', 'h', '\0',
+  /* "messymom.com", true */ 'm', 'e', 's', 's', 'y', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mestazitrka.cz", true */ 'm', 'e', 's', 't', 'a', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "mestr.es", true */ 'm', 'e', 's', 't', 'r', '.', 'e', 's', '\0',
+  /* "mesvt.com", true */ 'm', 'e', 's', 'v', 't', '.', 'c', 'o', 'm', '\0',
+  /* "meta-db.com", true */ 'm', 'e', 't', 'a', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "meta.sc", true */ 'm', 'e', 't', 'a', '.', 's', 'c', '\0',
+  /* "metachris.com", true */ 'm', 'e', 't', 'a', 'c', 'h', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "metacoda.com", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "metacode.biz", true */ 'm', 'e', 't', 'a', 'c', 'o', 'd', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "metadatawiki.com", true */ 'm', 'e', 't', 'a', 'd', 'a', 't', 'a', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "metaether.net", true */ 'm', 'e', 't', 'a', 'e', 't', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "metalsculpture.co.uk", true */ 'm', 'e', 't', 'a', 'l', 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "metalu.ch", true */ 'm', 'e', 't', 'a', 'l', 'u', '.', 'c', 'h', '\0',
+  /* "metapeen.nl", true */ 'm', 'e', 't', 'a', 'p', 'e', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "metasquare.com.au", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "metasquare.nyc", true */ 'm', 'e', 't', 'a', 's', 'q', 'u', 'a', 'r', 'e', '.', 'n', 'y', 'c', '\0',
+  /* "meteenonline.nl", true */ 'm', 'e', 't', 'e', 'e', 'n', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "meteo-parc.com", true */ 'm', 'e', 't', 'e', 'o', '-', 'p', 'a', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "meteobox.co", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'o', '\0',
+  /* "meteobox.cz", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "meteobox.de", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "meteobox.es", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'e', 's', '\0',
+  /* "meteobox.fr", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "meteobox.mx", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'm', 'x', '\0',
+  /* "meteobox.pl", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 'p', 'l', '\0',
+  /* "meteobox.sk", true */ 'm', 'e', 't', 'e', 'o', 'b', 'o', 'x', '.', 's', 'k', '\0',
+  /* "meteorapp.space", true */ 'm', 'e', 't', 'e', 'o', 'r', 'a', 'p', 'p', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "meteosmit.it", true */ 'm', 'e', 't', 'e', 'o', 's', 'm', 'i', 't', '.', 'i', 't', '\0',
+  /* "meterhost.com", true */ 'm', 'e', 't', 'e', 'r', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "methamphetamine.co.uk", true */ 'm', 'e', 't', 'h', 'a', 'm', 'p', 'h', 'e', 't', 'a', 'm', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "methylone.com", true */ 'm', 'e', 't', 'h', 'y', 'l', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "metikam.pl", true */ 'm', 'e', 't', 'i', 'k', 'a', 'm', '.', 'p', 'l', '\0',
+  /* "metin2sepeti.com", true */ 'm', 'e', 't', 'i', 'n', '2', 's', 'e', 'p', 'e', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "metroairvirtual.com", true */ 'm', 'e', 't', 'r', 'o', 'a', 'i', 'r', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "metrobriefs.com", true */ 'm', 'e', 't', 'r', 'o', 'b', 'r', 'i', 'e', 'f', 's', '.', 'c', 'o', 'm', '\0',
+  /* "metrolush.com", true */ 'm', 'e', 't', 'r', 'o', 'l', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "metronaut.de", true */ 'm', 'e', 't', 'r', 'o', 'n', 'a', 'u', 't', '.', 'd', 'e', '\0',
+  /* "metropop.ch", true */ 'm', 'e', 't', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "metsasta.com", true */ 'm', 'e', 't', 's', 'a', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "meu-smartphone.com", true */ 'm', 'e', 'u', '-', 's', 'm', 'a', 'r', 't', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "meu-solutions.com", true */ 'm', 'e', 'u', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "meulike.us", true */ 'm', 'e', 'u', 'l', 'i', 'k', 'e', '.', 'u', 's', '\0',
+  /* "meupedido.online", true */ 'm', 'e', 'u', 'p', 'e', 'd', 'i', 'd', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "meusigno.com", true */ 'm', 'e', 'u', 's', 'i', 'g', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mevo.xyz", true */ 'm', 'e', 'v', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "mevs.cz", true */ 'm', 'e', 'v', 's', '.', 'c', 'z', '\0',
+  /* "mexican.dating", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "mexicanjokes.net", true */ 'm', 'e', 'x', 'i', 'c', 'a', 'n', 'j', 'o', 'k', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "mexicom.org", true */ 'm', 'e', 'x', 'i', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "mf-fischer.de", true */ 'm', 'f', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mfgod.com", false */ 'm', 'f', 'g', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mflodin.se", true */ 'm', 'f', 'l', 'o', 'd', 'i', 'n', '.', 's', 'e', '\0',
+  /* "mfrsgb45.org", true */ 'm', 'f', 'r', 's', 'g', 'b', '4', '5', '.', 'o', 'r', 'g', '\0',
+  /* "mft.global", true */ 'm', 'f', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "mfxbe.de", true */ 'm', 'f', 'x', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "mghiorzi.com.ar", false */ 'm', 'g', 'h', 'i', 'o', 'r', 'z', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "mgknet.com", true */ 'm', 'g', 'k', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mgoessel.de", true */ 'm', 'g', 'o', 'e', 's', 's', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mgrossklaus.de", true */ 'm', 'g', 'r', 'o', 's', 's', 'k', 'l', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "mgrt.net", true */ 'm', 'g', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "mgsisk.com", true */ 'm', 'g', 's', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mhalfter.de", true */ 'm', 'h', 'a', 'l', 'f', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "mhatlaw.com", true */ 'm', 'h', 'a', 't', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "mheistermann.de", true */ 'm', 'h', 'e', 'i', 's', 't', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "mhermans.nl", true */ 'm', 'h', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "mhi.web.id", true */ 'm', 'h', 'i', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "mhmfoundationrepair.com", true */ 'm', 'h', 'm', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mi-beratung.de", true */ 'm', 'i', '-', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "mi-so-ji.com", true */ 'm', 'i', '-', 's', 'o', '-', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mi80.com", true */ 'm', 'i', '8', '0', '.', 'c', 'o', 'm', '\0',
+  /* "mia.ac", true */ 'm', 'i', 'a', '.', 'a', 'c', '\0',
+  /* "mia.to", true */ 'm', 'i', 'a', '.', 't', 'o', '\0',
+  /* "miagexport.com", true */ 'm', 'i', 'a', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "miamicityballet.org", true */ 'm', 'i', 'a', 'm', 'i', 'c', 'i', 't', 'y', 'b', 'a', 'l', 'l', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "miaoubox.com", true */ 'm', 'i', 'a', 'o', 'u', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "miaowo.org", true */ 'm', 'i', 'a', 'o', 'w', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "miasarafina.de", true */ 'm', 'i', 'a', 's', 'a', 'r', 'a', 'f', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "miboulot.com", true */ 'm', 'i', 'b', 'o', 'u', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "micado-software.com", true */ 'm', 'i', 'c', 'a', 'd', 'o', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "micaiahparker.com", true */ 'm', 'i', 'c', 'a', 'i', 'a', 'h', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "micalodeal.ch", true */ 'm', 'i', 'c', 'a', 'l', 'o', 'd', 'e', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "micasamgmt.com", false */ 'm', 'i', 'c', 'a', 's', 'a', 'm', 'g', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "micbase.com", true */ 'm', 'i', 'c', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "michael-rigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "michael-schefczyk.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "michael-schilling.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 'c', 'h', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "michael-steinhauer.eu", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'h', 'a', 'u', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "michaelasawyer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'a', 's', 'a', 'w', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaelcullen.name", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'c', 'u', 'l', 'l', 'e', 'n', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "michaeleichorn.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "michaelizquierdo.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'i', 'z', 'q', 'u', 'i', 'e', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "michaeljdennis.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'j', 'd', 'e', 'n', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "michaelkuchta.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'k', 'u', 'c', 'h', 't', 'a', '.', 'm', 'e', '\0',
+  /* "michaelleibundgut.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'l', 'e', 'i', 'b', 'u', 'n', 'd', 'g', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michaelpfrommer.de", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "michaelpfrommer.pub", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'p', 'f', 'r', 'o', 'm', 'm', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "michaelrigart.be", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'r', 'i', 'g', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "michaelschubert.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michaelsweater.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 's', 'w', 'e', 'a', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaeltaboada.me", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'a', 'b', 'o', 'a', 'd', 'a', '.', 'm', 'e', '\0',
+  /* "michaeltroger.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'o', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michaeltruskowski.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 't', 'r', 'u', 's', 'k', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "michaelzomer.com", true */ 'm', 'i', 'c', 'h', 'a', 'e', 'l', 'z', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "michal-spacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "michal-spacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', '-', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalkral.tk", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'k', 'r', 'a', 'l', '.', 't', 'k', '\0',
+  /* "michalspacek.com", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "michalspacek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalvasicek.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'v', 'a', 's', 'i', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "michalwiglasz.cz", true */ 'm', 'i', 'c', 'h', 'a', 'l', 'w', 'i', 'g', 'l', 'a', 's', 'z', '.', 'c', 'z', '\0',
+  /* "michasfahrschule.com", true */ 'm', 'i', 'c', 'h', 'a', 's', 'f', 'a', 'h', 'r', 's', 'c', 'h', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "michel-wein.de", true */ 'm', 'i', 'c', 'h', 'e', 'l', '-', 'w', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "michel.pt", true */ 'm', 'i', 'c', 'h', 'e', 'l', '.', 'p', 't', '\0',
+  /* "michelledonelan.co.uk", true */ 'm', 'i', 'c', 'h', 'e', 'l', 'l', 'e', 'd', 'o', 'n', 'e', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "michiganunionoptout.com", true */ 'm', 'i', 'c', 'h', 'i', 'g', 'a', 'n', 'u', 'n', 'i', 'o', 'n', 'o', 'p', 't', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "michmexguides.com.mx", true */ 'm', 'i', 'c', 'h', 'm', 'e', 'x', 'g', 'u', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "michu.pl", true */ 'm', 'i', 'c', 'h', 'u', '.', 'p', 'l', '\0',
+  /* "mico.world", true */ 'm', 'i', 'c', 'o', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "miconcinemas.com", true */ 'm', 'i', 'c', 'o', 'n', 'c', 'i', 'n', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "micr.io", true */ 'm', 'i', 'c', 'r', '.', 'i', 'o', '\0',
+  /* "micr0lab.org", true */ 'm', 'i', 'c', 'r', '0', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "microbiote-insectes-vecteurs.group", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'i', 'o', 't', 'e', '-', 'i', 'n', 's', 'e', 'c', 't', 'e', 's', '-', 'v', 'e', 'c', 't', 'e', 'u', 'r', 's', '.', 'g', 'r', 'o', 'u', 'p', '\0',
+  /* "microblading.pe", true */ 'm', 'i', 'c', 'r', 'o', 'b', 'l', 'a', 'd', 'i', 'n', 'g', '.', 'p', 'e', '\0',
+  /* "microco.sm", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', '.', 's', 'm', '\0',
+  /* "microcomploja.com.br", true */ 'm', 'i', 'c', 'r', 'o', 'c', 'o', 'm', 'p', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "microdesic.com", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'e', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "microdots.de", true */ 'm', 'i', 'c', 'r', 'o', 'd', 'o', 't', 's', '.', 'd', 'e', '\0',
+  /* "microlinks.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'i', 'n', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "microlog.org", true */ 'm', 'i', 'c', 'r', 'o', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "micromata.de", true */ 'm', 'i', 'c', 'r', 'o', 'm', 'a', 't', 'a', '.', 'd', 'e', '\0',
+  /* "microsoftaffiliates.azurewebsites.net", true */ 'm', 'i', 'c', 'r', 'o', 's', 'o', 'f', 't', 'a', 'f', 'f', 'i', 'l', 'i', 'a', 't', 'e', 's', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "microvb.com", true */ 'm', 'i', 'c', 'r', 'o', 'v', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "midair.io", true */ 'm', 'i', 'd', 'a', 'i', 'r', '.', 'i', 'o', '\0',
+  /* "midlandgate.de", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'g', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "midlandleisuresales.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlandsfundays.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlandsphotobooths.co.uk", true */ 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "midlgx.com", true */ 'm', 'i', 'd', 'l', 'g', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "midnight-visions.de", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', '-', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "midnightmechanism.com", true */ 'm', 'i', 'd', 'n', 'i', 'g', 'h', 't', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "midterm.us", true */ 'm', 'i', 'd', 't', 'e', 'r', 'm', '.', 'u', 's', '\0',
+  /* "midtowndentistry.com", true */ 'm', 'i', 'd', 't', 'o', 'w', 'n', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "midwestbloggers.org", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 'b', 'l', 'o', 'g', 'g', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "midweststructuralrepair.com", true */ 'm', 'i', 'd', 'w', 'e', 's', 't', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mieterschutzkartei.de", true */ 'm', 'i', 'e', 't', 'e', 'r', 's', 'c', 'h', 'u', 't', 'z', 'k', 'a', 'r', 't', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "mieuxgrandir.ch", true */ 'm', 'i', 'e', 'u', 'x', 'g', 'r', 'a', 'n', 'd', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "miffy.me", true */ 'm', 'i', 'f', 'f', 'y', '.', 'm', 'e', '\0',
+  /* "mig5.net", true */ 'm', 'i', 'g', '5', '.', 'n', 'e', 't', '\0',
+  /* "miggy.org", true */ 'm', 'i', 'g', 'g', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "mightymillionsraffle.com", true */ 'm', 'i', 'g', 'h', 't', 'y', 'm', 'i', 'l', 'l', 'i', 'o', 'n', 's', 'r', 'a', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "miguel.pw", true */ 'm', 'i', 'g', 'u', 'e', 'l', '.', 'p', 'w', '\0',
+  /* "migueldemoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'e', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "migueldominguez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'd', 'o', 'm', 'i', 'n', 'g', 'u', 'e', 'z', '.', 'c', 'h', '\0',
+  /* "miguelgfierro.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'g', 'f', 'i', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "miguelmartinez.ch", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'a', 'r', 't', 'i', 'n', 'e', 'z', '.', 'c', 'h', '\0',
+  /* "miguelmenendez.pro", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'e', 'n', 'e', 'n', 'd', 'e', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "miguelmoura.com", true */ 'm', 'i', 'g', 'u', 'e', 'l', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "miguia.tv", true */ 'm', 'i', 'g', 'u', 'i', 'a', '.', 't', 'v', '\0',
+  /* "mihnea.net", true */ 'm', 'i', 'h', 'n', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "mijn-financien.be", true */ 'm', 'i', 'j', 'n', '-', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "mijnkerstkaarten.be", true */ 'm', 'i', 'j', 'n', 'k', 'e', 'r', 's', 't', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "mijnreisoverzicht.nl", true */ 'm', 'i', 'j', 'n', 'r', 'e', 'i', 's', 'o', 'v', 'e', 'r', 'z', 'i', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "mijnsite.ovh", true */ 'm', 'i', 'j', 'n', 's', 'i', 't', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "mijnstembureau.nl", true */ 'm', 'i', 'j', 'n', 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'n', 'l', '\0',
+  /* "mijntransacties.nl", true */ 'm', 'i', 'j', 'n', 't', 'r', 'a', 'n', 's', 'a', 'c', 't', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "mika.cat", true */ 'm', 'i', 'k', 'a', '.', 'c', 'a', 't', '\0',
+  /* "mika.moe", true */ 'm', 'i', 'k', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "mikadoe.nl", true */ 'm', 'i', 'k', 'a', 'd', 'o', 'e', '.', 'n', 'l', '\0',
+  /* "mikaela.info", true */ 'm', 'i', 'k', 'a', 'e', 'l', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mikakalevi.com", true */ 'm', 'i', 'k', 'a', 'k', 'a', 'l', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mikalikes.men", true */ 'm', 'i', 'k', 'a', 'l', 'i', 'k', 'e', 's', '.', 'm', 'e', 'n', '\0',
+  /* "mike-bland.com", true */ 'm', 'i', 'k', 'e', '-', 'b', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mike2k.de", true */ 'm', 'i', 'k', 'e', '2', 'k', '.', 'd', 'e', '\0',
+  /* "mikebelanger.ca", true */ 'm', 'i', 'k', 'e', 'b', 'e', 'l', 'a', 'n', 'g', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "mikecb.org", true */ 'm', 'i', 'k', 'e', 'c', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "mikegarnett.co.uk", true */ 'm', 'i', 'k', 'e', 'g', 'a', 'r', 'n', 'e', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mikegerwitz.com", true */ 'm', 'i', 'k', 'e', 'g', 'e', 'r', 'w', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mikehamburg.com", true */ 'm', 'i', 'k', 'e', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mikerichards.photography", true */ 'm', 'i', 'k', 'e', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "mikes.tk", true */ 'm', 'i', 'k', 'e', 's', '.', 't', 'k', '\0',
+  /* "miketabor.com", true */ 'm', 'i', 'k', 'e', 't', 'a', 'b', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "miketheuer.com", true */ 'm', 'i', 'k', 'e', 't', 'h', 'e', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mikevesch.com", true */ 'm', 'i', 'k', 'e', 'v', 'e', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mikewest.org", true */ 'm', 'i', 'k', 'e', 'w', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mikewillia.ms", true */ 'm', 'i', 'k', 'e', 'w', 'i', 'l', 'l', 'i', 'a', '.', 'm', 's', '\0',
+  /* "mikeybailey.org", true */ 'm', 'i', 'k', 'e', 'y', 'b', 'a', 'i', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "mikhlevich.ru", true */ 'm', 'i', 'k', 'h', 'l', 'e', 'v', 'i', 'c', 'h', '.', 'r', 'u', '\0',
+  /* "miki.it", true */ 'm', 'i', 'k', 'i', '.', 'i', 't', '\0',
+  /* "mikkelvej.dk", true */ 'm', 'i', 'k', 'k', 'e', 'l', 'v', 'e', 'j', '.', 'd', 'k', '\0',
+  /* "miklcct.com", true */ 'm', 'i', 'k', 'l', 'c', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "miknight.com", true */ 'm', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mikonmaa.fi", true */ 'm', 'i', 'k', 'o', 'n', 'm', 'a', 'a', '.', 'f', 'i', '\0',
+  /* "mikori.sk", true */ 'm', 'i', 'k', 'o', 'r', 'i', '.', 's', 'k', '\0',
+  /* "mikro-inwestycje.co.uk", true */ 'm', 'i', 'k', 'r', 'o', '-', 'i', 'n', 'w', 'e', 's', 't', 'y', 'c', 'j', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mikrom.cz", false */ 'm', 'i', 'k', 'r', 'o', 'm', '.', 'c', 'z', '\0',
+  /* "mikropixel.de", true */ 'm', 'i', 'k', 'r', 'o', 'p', 'i', 'x', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mikroskeem.eu", true */ 'm', 'i', 'k', 'r', 'o', 's', 'k', 'e', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "mil-spec.ch", true */ 'm', 'i', 'l', '-', 's', 'p', 'e', 'c', '.', 'c', 'h', '\0',
+  /* "mil0.com", true */ 'm', 'i', 'l', '0', '.', 'c', 'o', 'm', '\0',
+  /* "milahendri.com", true */ 'm', 'i', 'l', 'a', 'h', 'e', 'n', 'd', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "milcahsmusings.com", true */ 'm', 'i', 'l', 'c', 'a', 'h', 's', 'm', 'u', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mileme.com", true */ 'm', 'i', 'l', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "milenaria.es", true */ 'm', 'i', 'l', 'e', 'n', 'a', 'r', 'i', 'a', '.', 'e', 's', '\0',
+  /* "milesapart.dating", true */ 'm', 'i', 'l', 'e', 's', 'a', 'p', 'a', 'r', 't', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "milhoazul.com.br", true */ 'm', 'i', 'l', 'h', 'o', 'a', 'z', 'u', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "milionshop.sk", true */ 'm', 'i', 'l', 'i', 'o', 'n', 's', 'h', 'o', 'p', '.', 's', 'k', '\0',
+  /* "militaryconsumer.gov", true */ 'm', 'i', 'l', 'i', 't', 'a', 'r', 'y', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "milkingit.co.uk", true */ 'm', 'i', 'l', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "milktea.info", true */ 'm', 'i', 'l', 'k', 't', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "millanova.wedding", false */ 'm', 'i', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "milldyke.com", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "milldyke.nl", true */ 'm', 'i', 'l', 'l', 'd', 'y', 'k', 'e', '.', 'n', 'l', '\0',
+  /* "millefleurs.eu", true */ 'm', 'i', 'l', 'l', 'e', 'f', 'l', 'e', 'u', 'r', 's', '.', 'e', 'u', '\0',
+  /* "millhousenchurch.com", true */ 'm', 'i', 'l', 'l', 'h', 'o', 'u', 's', 'e', 'n', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "millionairessecrets.com", true */ 'm', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', 's', 'e', 'c', 'r', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "millistream.com", true */ 'm', 'i', 'l', 'l', 'i', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "millstep.de", true */ 'm', 'i', 'l', 'l', 's', 't', 'e', 'p', '.', 'd', 'e', '\0',
+  /* "milonga.tips", true */ 'm', 'i', 'l', 'o', 'n', 'g', 'a', '.', 't', 'i', 'p', 's', '\0',
+  /* "mim.properties", true */ 'm', 'i', 'm', '.', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '\0',
+  /* "mimbeim.com", true */ 'm', 'i', 'm', 'b', 'e', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mimemo.io", true */ 'm', 'i', 'm', 'e', 'm', 'o', '.', 'i', 'o', '\0',
+  /* "mimeo.digital", true */ 'm', 'i', 'm', 'e', 'o', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "mimithedog.com", true */ 'm', 'i', 'm', 'i', 't', 'h', 'e', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mimobile.website", true */ 'm', 'i', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "mimocad.io", true */ 'm', 'i', 'm', 'o', 'c', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "mimovrste.com", true */ 'm', 'i', 'm', 'o', 'v', 'r', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "min-sky.no", true */ 'm', 'i', 'n', '-', 's', 'k', 'y', '.', 'n', 'o', '\0',
+  /* "minacssas.com", true */ 'm', 'i', 'n', 'a', 'c', 's', 's', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minakov.pro", true */ 'm', 'i', 'n', 'a', 'k', 'o', 'v', '.', 'p', 'r', 'o', '\0',
+  /* "minami.xyz", true */ 'm', 'i', 'n', 'a', 'm', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "minamo.io", true */ 'm', 'i', 'n', 'a', 'm', 'o', '.', 'i', 'o', '\0',
+  /* "minantavla.se", true */ 'm', 'i', 'n', 'a', 'n', 't', 'a', 'v', 'l', 'a', '.', 's', 'e', '\0',
+  /* "minaprine.com", true */ 'm', 'i', 'n', 'a', 'p', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mind-box.ch", true */ 'm', 'i', 'n', 'd', '-', 'b', 'o', 'x', '.', 'c', 'h', '\0',
+  /* "mind-hochschul-netzwerk.de", true */ 'm', 'i', 'n', 'd', '-', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', '-', 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "mind-moves.es", true */ 'm', 'i', 'n', 'd', '-', 'm', 'o', 'v', 'e', 's', '.', 'e', 's', '\0',
+  /* "mindbodycontinuum.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 'c', 'o', 'n', 't', 'i', 'n', 'u', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mindbodytherapymn.com", true */ 'm', 'i', 'n', 'd', 'b', 'o', 'd', 'y', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'm', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mindcoding.ro", true */ 'm', 'i', 'n', 'd', 'c', 'o', 'd', 'i', 'n', 'g', '.', 'r', 'o', '\0',
+  /* "mindercasso.nl", true */ 'm', 'i', 'n', 'd', 'e', 'r', 'c', 'a', 's', 's', 'o', '.', 'n', 'l', '\0',
+  /* "mindleaking.org", true */ 'm', 'i', 'n', 'd', 'l', 'e', 'a', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "mindoktor.se", false */ 'm', 'i', 'n', 'd', 'o', 'k', 't', 'o', 'r', '.', 's', 'e', '\0',
+  /* "mindorbs.com", true */ 'm', 'i', 'n', 'd', 'o', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mindturbo.com", true */ 'm', 'i', 'n', 'd', 't', 'u', 'r', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mindwerks.net", true */ 'm', 'i', 'n', 'd', 'w', 'e', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "mindwork.space", true */ 'm', 'i', 'n', 'd', 'w', 'o', 'r', 'k', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mine260309.me", true */ 'm', 'i', 'n', 'e', '2', '6', '0', '3', '0', '9', '.', 'm', 'e', '\0',
+  /* "minebier.dk", true */ 'm', 'i', 'n', 'e', 'b', 'i', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "minecraft-forum.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 'f', 'o', 'r', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "minecraft-server.eu", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "minecraftforum.de", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "minecraftforum.ovh", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'v', 'h', '\0',
+  /* "minecrell.net", true */ 'm', 'i', 'n', 'e', 'c', 'r', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "minei.me", true */ 'm', 'i', 'n', 'e', 'i', '.', 'm', 'e', '\0',
+  /* "minenash.com", true */ 'm', 'i', 'n', 'e', 'n', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "minepay.net", true */ 'm', 'i', 'n', 'e', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "minepic.org", true */ 'm', 'i', 'n', 'e', 'p', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "minepod.fr", true */ 'm', 'i', 'n', 'e', 'p', 'o', 'd', '.', 'f', 'r', '\0',
+  /* "minerstat.com", true */ 'm', 'i', 'n', 'e', 'r', 's', 't', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "minesouls.fr", true */ 'm', 'i', 'n', 'e', 's', 'o', 'u', 'l', 's', '.', 'f', 'r', '\0',
+  /* "minez-nightswatch.com", false */ 'm', 'i', 'n', 'e', 'z', '-', 'n', 'i', 'g', 'h', 't', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "minf3-games.de", true */ 'm', 'i', 'n', 'f', '3', '-', 'g', 'a', 'm', 'e', 's', '.', 'd', 'e', '\0',
+  /* "mingram.net", true */ 'm', 'i', 'n', 'g', 'r', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "mingwah.ch", true */ 'm', 'i', 'n', 'g', 'w', 'a', 'h', '.', 'c', 'h', '\0',
+  /* "minhanossasenhora.com.br", true */ 'm', 'i', 'n', 'h', 'a', 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mini2.fi", true */ 'm', 'i', 'n', 'i', '2', '.', 'f', 'i', '\0',
+  /* "minigames.com", true */ 'm', 'i', 'n', 'i', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minigolf-reisinger.com", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', '-', 'r', 'e', 'i', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "minigolfandgames.co.uk", true */ 'm', 'i', 'n', 'i', 'g', 'o', 'l', 'f', 'a', 'n', 'd', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "minikidz.es", true */ 'm', 'i', 'n', 'i', 'k', 'i', 'd', 'z', '.', 'e', 's', '\0',
+  /* "minikneet.com", true */ 'm', 'i', 'n', 'i', 'k', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "minilions.fr", true */ 'm', 'i', 'n', 'i', 'l', 'i', 'o', 'n', 's', '.', 'f', 'r', '\0',
+  /* "minimaltimer.com", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "minimayhemsoftplay.co.uk", true */ 'm', 'i', 'n', 'i', 'm', 'a', 'y', 'h', 'e', 'm', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "minimbah.com.au", true */ 'm', 'i', 'n', 'i', 'm', 'b', 'a', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "minimvc.com", true */ 'm', 'i', 'n', 'i', 'm', 'v', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "minipainting.net", true */ 'm', 'i', 'n', 'i', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "miniskipper.at", true */ 'm', 'i', 'n', 'i', 's', 'k', 'i', 'p', 'p', 'e', 'r', '.', 'a', 't', '\0',
+  /* "minitrucktalk.com", true */ 'm', 'i', 'n', 'i', 't', 'r', 'u', 'c', 'k', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "minkymoon.jp", true */ 'm', 'i', 'n', 'k', 'y', 'm', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "minnesotakinkyyouth.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'k', 'i', 'n', 'k', 'y', 'y', 'o', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "minnesotamathcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'm', 'a', 't', 'h', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "minnesotareadingcorps.org", true */ 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "minnit.chat", true */ 'm', 'i', 'n', 'n', 'i', 't', '.', 'c', 'h', 'a', 't', '\0',
+  /* "minor.news", true */ 'm', 'i', 'n', 'o', 'r', '.', 'n', 'e', 'w', 's', '\0',
+  /* "minorshadows.net", true */ 'm', 'i', 'n', 'o', 'r', 's', 'h', 'a', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "minpingvin.dk", true */ 'm', 'i', 'n', 'p', 'i', 'n', 'g', 'v', 'i', 'n', '.', 'd', 'k', '\0',
+  /* "minschuns.ch", true */ 'm', 'i', 'n', 's', 'c', 'h', 'u', 'n', 's', '.', 'c', 'h', '\0',
+  /* "mintclass.com", true */ 'm', 'i', 'n', 't', 'c', 'l', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "minto.cc", true */ 'm', 'i', 'n', 't', 'o', '.', 'c', 'c', '\0',
+  /* "mintosherbs.com", true */ 'm', 'i', 'n', 't', 'o', 's', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mintrak2.com", true */ 'm', 'i', 'n', 't', 'r', 'a', 'k', '2', '.', 'c', 'o', 'm', '\0',
+  /* "minube.co.cr", true */ 'm', 'i', 'n', 'u', 'b', 'e', '.', 'c', 'o', '.', 'c', 'r', '\0',
+  /* "minux.info", true */ 'm', 'i', 'n', 'u', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mipapo.de", true */ 'm', 'i', 'p', 'a', 'p', 'o', '.', 'd', 'e', '\0',
+  /* "mipiaci.co.nz", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "mipiaci.com.au", false */ 'm', 'i', 'p', 'i', 'a', 'c', 'i', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mipla.ch", true */ 'm', 'i', 'p', 'l', 'a', '.', 'c', 'h', '\0',
+  /* "mipymesenlinea.com", true */ 'm', 'i', 'p', 'y', 'm', 'e', 's', 'e', 'n', 'l', 'i', 'n', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mir.pe", true */ 'm', 'i', 'r', '.', 'p', 'e', '\0',
+  /* "miraheze.org", true */ 'm', 'i', 'r', 'a', 'h', 'e', 'z', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "miraidenshi.com", true */ 'm', 'i', 'r', 'a', 'i', 'd', 'e', 'n', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mirch.com", true */ 'm', 'i', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mirco-grams.de", true */ 'm', 'i', 'r', 'c', 'o', '-', 'g', 'r', 'a', 'm', 's', '.', 'd', 'e', '\0',
+  /* "mireiaseuba.com", true */ 'm', 'i', 'r', 'e', 'i', 'a', 's', 'e', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mireillewendling.com.br", true */ 'm', 'i', 'r', 'e', 'i', 'l', 'l', 'e', 'w', 'e', 'n', 'd', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mireservaonline.es", true */ 'm', 'i', 'r', 'e', 's', 'e', 'r', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0',
+  /* "mirkofranz.de", true */ 'm', 'i', 'r', 'k', 'o', 'f', 'r', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "mirodasilva.be", true */ 'm', 'i', 'r', 'o', 'd', 'a', 's', 'i', 'l', 'v', 'a', '.', 'b', 'e', '\0',
+  /* "mironet.cz", true */ 'm', 'i', 'r', 'o', 'n', 'e', 't', '.', 'c', 'z', '\0',
+  /* "mirshak.com", true */ 'm', 'i', 'r', 's', 'h', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mirtes.cz", true */ 'm', 'i', 'r', 't', 'e', 's', '.', 'c', 'z', '\0',
+  /* "mirtouf.fr", true */ 'm', 'i', 'r', 't', 'o', 'u', 'f', '.', 'f', 'r', '\0',
+  /* "miruc.co", true */ 'm', 'i', 'r', 'u', 'c', '.', 'c', 'o', '\0',
+  /* "mirucon.com", true */ 'm', 'i', 'r', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "misakiya.co.jp", true */ 'm', 'i', 's', 'a', 'k', 'i', 'y', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "misclick.nl", true */ 'm', 'i', 's', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "misconfigured.io", true */ 'm', 'i', 's', 'c', 'o', 'n', 'f', 'i', 'g', 'u', 'r', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "miscreant.me", true */ 'm', 'i', 's', 'c', 'r', 'e', 'a', 'n', 't', '.', 'm', 'e', '\0',
+  /* "misericordiasegrate.org", true */ 'm', 'i', 's', 'e', 'r', 'i', 'c', 'o', 'r', 'd', 'i', 'a', 's', 'e', 'g', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mishkovskyi.net", true */ 'm', 'i', 's', 'h', 'k', 'o', 'v', 's', 'k', 'y', 'i', '.', 'n', 'e', 't', '\0',
+  /* "miskatonic.org", true */ 'm', 'i', 's', 'k', 'a', 't', 'o', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "misoji-resist.com", true */ 'm', 'i', 's', 'o', 'j', 'i', '-', 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "misrv.com", true */ 'm', 'i', 's', 'r', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "miss-inventory.co.uk", true */ 'm', 'i', 's', 's', '-', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "miss-platinum.net", true */ 'm', 'i', 's', 's', '-', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "miss.com.tw", true */ 'm', 'i', 's', 's', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "missdream.org", true */ 'm', 'i', 's', 's', 'd', 'r', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "misseguf.dk", true */ 'm', 'i', 's', 's', 'e', 'g', 'u', 'f', '.', 'd', 'k', '\0',
+  /* "missguidedus.com", true */ 'm', 'i', 's', 's', 'g', 'u', 'i', 'd', 'e', 'd', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mission-orange.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', '-', 'o', 'r', 'a', 'n', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "missionsgemeinde.de", true */ 'm', 'i', 's', 's', 'i', 'o', 'n', 's', 'g', 'e', 'm', 'e', 'i', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "missip.nl", true */ 'm', 'i', 's', 's', 'i', 'p', '.', 'n', 'l', '\0',
+  /* "missjoias.com.br", true */ 'm', 'i', 's', 's', 'j', 'o', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "misskey.xyz", true */ 'm', 'i', 's', 's', 'k', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "missoy.me", true */ 'm', 'i', 's', 's', 'o', 'y', '.', 'm', 'e', '\0',
+  /* "misssex.de", true */ 'm', 'i', 's', 's', 's', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "missualready.com", true */ 'm', 'i', 's', 's', 'u', 'a', 'l', 'r', 'e', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "missycosmeticos.com.br", true */ 'm', 'i', 's', 's', 'y', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mistacms.com", true */ 'm', 'i', 's', 't', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mister-cooks.fr", true */ 'm', 'i', 's', 't', 'e', 'r', '-', 'c', 'o', 'o', 'k', 's', '.', 'f', 'r', '\0',
+  /* "mistreaded.com", true */ 'm', 'i', 's', 't', 'r', 'e', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mistybox.com", true */ 'm', 'i', 's', 't', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "misupport.dk", true */ 'm', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "misura.re", true */ 'm', 'i', 's', 'u', 'r', 'a', '.', 'r', 'e', '\0',
+  /* "misuzu.moe", true */ 'm', 'i', 's', 'u', 'z', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "mit-uns.org", true */ 'm', 'i', 't', '-', 'u', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mita.me", true */ 'm', 'i', 't', 'a', '.', 'm', 'e', '\0',
+  /* "mitaines.ch", true */ 'm', 'i', 't', 'a', 'i', 'n', 'e', 's', '.', 'c', 'h', '\0',
+  /* "mitchellhandymanservices.co.uk", true */ 'm', 'i', 't', 'c', 'h', 'e', 'l', 'l', 'h', 'a', 'n', 'd', 'y', 'm', 'a', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "miticobikes.com", true */ 'm', 'i', 't', 'i', 'c', 'o', 'b', 'i', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitior.net", true */ 'm', 'i', 't', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "mitnetz-gas.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 'g', 'a', 's', '.', 'd', 'e', '\0',
+  /* "mitnetz-strom.de", true */ 'm', 'i', 't', 'n', 'e', 't', 'z', '-', 's', 't', 'r', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "mitrax.com.br", true */ 'm', 'i', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mitrecaasd.org", true */ 'm', 'i', 't', 'r', 'e', 'c', 'a', 'a', 's', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "mitremai.org", true */ 'm', 'i', 't', 'r', 'e', 'm', 'a', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "mitrostudios.com", true */ 'm', 'i', 't', 'r', 'o', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitsign.com", true */ 'm', 'i', 't', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mitsu-szene.de", true */ 'm', 'i', 't', 's', 'u', '-', 's', 'z', 'e', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "mitsukabose.com", true */ 'm', 'i', 't', 's', 'u', 'k', 'a', 'b', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mittagonggardencentre.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'g', 'a', 'r', 'd', 'e', 'n', 'c', 'e', 'n', 't', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mittagonghomestead.com.au", true */ 'm', 'i', 't', 't', 'a', 'g', 'o', 'n', 'g', 'h', 'o', 'm', 'e', 's', 't', 'e', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mittelunsachlich.de", true */ 'm', 'i', 't', 't', 'e', 'l', 'u', 'n', 's', 'a', 'c', 'h', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "mittenofficesystems.com", true */ 'm', 'i', 't', 't', 'e', 'n', 'o', 'f', 'f', 'i', 'c', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mitzpettel.com", true */ 'm', 'i', 't', 'z', 'p', 'e', 't', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "miui-germany.de", true */ 'm', 'i', 'u', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "miukimodafeminina.com", true */ 'm', 'i', 'u', 'k', 'i', 'm', 'o', 'd', 'a', 'f', 'e', 'm', 'i', 'n', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mivzakim.net", true */ 'm', 'i', 'v', 'z', 'a', 'k', 'i', 'm', '.', 'n', 'e', 't', '\0',
+  /* "mixnshake.com", true */ 'm', 'i', 'x', 'n', 's', 'h', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mixposure.com", true */ 'm', 'i', 'x', 'p', 'o', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mixtape.moe", true */ 'm', 'i', 'x', 't', 'a', 'p', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "miya.io", true */ 'm', 'i', 'y', 'a', '.', 'i', 'o', '\0',
+  /* "miyako-kyoto.jp", true */ 'm', 'i', 'y', 'a', 'k', 'o', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "miyatore.com", true */ 'm', 'i', 'y', 'a', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "miyoshi-kikaku.co.jp", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "miyoshi-kikaku.com", true */ 'm', 'i', 'y', 'o', 's', 'h', 'i', '-', 'k', 'i', 'k', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "miyugirls.com", true */ 'm', 'i', 'y', 'u', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mizipack.com", true */ 'm', 'i', 'z', 'i', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mizque.ch", true */ 'm', 'i', 'z', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "mizumax.me", true */ 'm', 'i', 'z', 'u', 'm', 'a', 'x', '.', 'm', 'e', '\0',
+  /* "mj420.com", true */ 'm', 'j', '4', '2', '0', '.', 'c', 'o', 'm', '\0',
+  /* "mjacobson.net", true */ 'm', 'j', 'a', 'c', 'o', 'b', 's', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mjanja.ch", true */ 'm', 'j', 'a', 'n', 'j', 'a', '.', 'c', 'h', '\0',
+  /* "mjasm.org", true */ 'm', 'j', 'a', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "mjec.net", true */ 'm', 'j', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "mjlaurindo.pt", true */ 'm', 'j', 'l', 'a', 'u', 'r', 'i', 'n', 'd', 'o', '.', 'p', 't', '\0',
+  /* "mjmnagy.info", true */ 'm', 'j', 'm', 'n', 'a', 'g', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mk89.de", true */ 'm', 'k', '8', '9', '.', 'd', 'e', '\0',
+  /* "mkacg.com", true */ 'm', 'k', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mkaciuba.com", true */ 'm', 'k', 'a', 'c', 'i', 'u', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mkakh.com", true */ 'm', 'k', 'a', 'k', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mkakh.xyz", true */ 'm', 'k', 'a', 'k', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "mkasu.org", true */ 'm', 'k', 'a', 's', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "mkbouncycastles.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkbouncyhire.co.uk", true */ 'm', 'k', 'b', 'o', 'u', 'n', 'c', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkcert.org", true */ 'm', 'k', 'c', 'e', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mkd.mk", true */ 'm', 'k', 'd', '.', 'm', 'k', '\0',
+  /* "mkes.com", true */ 'm', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mkhsoft.eu", true */ 'm', 'k', 'h', 's', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "mkimage.com", true */ 'm', 'k', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mklpedia.de", true */ 'm', 'k', 'l', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "mkoppmann.at", true */ 'm', 'k', 'o', 'p', 'p', 'm', 'a', 'n', 'n', '.', 'a', 't', '\0',
+  /* "mkp-deutschland.de", true */ 'm', 'k', 'p', '-', 'd', 'e', 'u', 't', 's', 'c', 'h', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "mkpef.org", true */ 'm', 'k', 'p', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "mkplay.io", true */ 'm', 'k', 'p', 'l', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "mksac.co.uk", true */ 'm', 'k', 's', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mkse.com", true */ 'm', 'k', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mkset.ru", true */ 'm', 'k', 's', 'e', 't', '.', 'r', 'u', '\0',
+  /* "mktdigital.info", true */ 'm', 'k', 't', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mktemp.org", true */ 'm', 'k', 't', 'e', 'm', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "mkuznets.com", true */ 'm', 'k', 'u', 'z', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mkw.st", true */ 'm', 'k', 'w', '.', 's', 't', '\0',
+  /* "mlcambiental.com.br", true */ 'm', 'l', 'c', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mlcnfriends.com", true */ 'm', 'l', 'c', 'n', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mlemay.com", true */ 'm', 'l', 'e', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mlrslateroofing.com.au", true */ 'm', 'l', 'r', 's', 'l', 'a', 't', 'e', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mlsrv.de", true */ 'm', 'l', 's', 'r', 'v', '.', 'd', 'e', '\0',
+  /* "mlundberg.se", true */ 'm', 'l', 'u', 'n', 'd', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "mlvbphotography.com", true */ 'm', 'l', 'v', 'b', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mm13.at", true */ 'm', 'm', '1', '3', '.', 'a', 't', '\0',
+  /* "mm404.com", true */ 'm', 'm', '4', '0', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mma-acareporting.com", true */ 'm', 'm', 'a', '-', 'a', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mmalisz.com", true */ 'm', 'm', 'a', 'l', 'i', 's', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "mmbb.org", true */ 'm', 'm', 'b', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "mmcc.pe", true */ 'm', 'm', 'c', 'c', '.', 'p', 'e', '\0',
+  /* "mmilog.hu", true */ 'm', 'm', 'i', 'l', 'o', 'g', '.', 'h', 'u', '\0',
+  /* "mmin.us", false */ 'm', 'm', 'i', 'n', '.', 'u', 's', '\0',
+  /* "mmmarco.com", true */ 'm', 'm', 'm', 'a', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mmogah.com", true */ 'm', 'm', 'o', 'g', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mmonit.com", true */ 'm', 'm', 'o', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mmt.my", true */ 'm', 'm', 't', '.', 'm', 'y', '\0',
+  /* "mmucha.de", true */ 'm', 'm', 'u', 'c', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "mncloud.de", true */ 'm', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "mncr.nl", true */ 'm', 'n', 'c', 'r', '.', 'n', 'l', '\0',
+  /* "mnd.sc", true */ 'm', 'n', 'd', '.', 's', 'c', '\0',
+  /* "mne.moe", true */ 'm', 'n', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "mnec.io", true */ 'm', 'n', 'e', 'c', '.', 'i', 'o', '\0',
+  /* "mnedc.org", true */ 'm', 'n', 'e', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mneeb.de", true */ 'm', 'n', 'e', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "mnguyen.io", true */ 'm', 'n', 'g', 'u', 'y', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "mnitro.com", true */ 'm', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mnium.de", true */ 'm', 'n', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "mnsure.org", true */ 'm', 'n', 's', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mnt-tech.fr", true */ 'm', 'n', 't', '-', 't', 'e', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "mnt9.de", true */ 'm', 'n', 't', '9', '.', 'd', 'e', '\0',
+  /* "mo.nl", true */ 'm', 'o', '.', 'n', 'l', '\0',
+  /* "moa.moe", true */ 'm', 'o', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "mobal.com", true */ 'm', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mobeforlife.com", true */ 'm', 'o', 'b', 'e', 'f', 'o', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mobidea.com", true */ 'm', 'o', 'b', 'i', 'd', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mobifinans.ru", true */ 'm', 'o', 'b', 'i', 'f', 'i', 'n', 'a', 'n', 's', '.', 'r', 'u', '\0',
+  /* "mobil-bei-uns.de", true */ 'm', 'o', 'b', 'i', 'l', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0',
+  /* "mobilcom-debitel-empfehlen.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '-', 'e', 'm', 'p', 'f', 'e', 'h', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mobilcom-debitel.de", true */ 'm', 'o', 'b', 'i', 'l', 'c', 'o', 'm', '-', 'd', 'e', 'b', 'i', 't', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "mobile.united.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mobile.usaa.com", false */ 'm', 'o', 'b', 'i', 'l', 'e', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mobileread.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mobileritelushi.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'r', 'i', 't', 'e', 'l', 'u', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mobilesector.de", true */ 'm', 'o', 'b', 'i', 'l', 'e', 's', 'e', 'c', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "mobiletraff.co", true */ 'm', 'o', 'b', 'i', 'l', 'e', 't', 'r', 'a', 'f', 'f', '.', 'c', 'o', '\0',
+  /* "mobilewikiserver.com", true */ 'm', 'o', 'b', 'i', 'l', 'e', 'w', 'i', 'k', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mobilinnov.it", true */ 'm', 'o', 'b', 'i', 'l', 'i', 'n', 'n', 'o', 'v', '.', 'i', 't', '\0',
+  /* "mobilisation-generale.org", true */ 'm', 'o', 'b', 'i', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '-', 'g', 'e', 'n', 'e', 'r', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mobility-events.ch", true */ 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "mobilux.lv", true */ 'm', 'o', 'b', 'i', 'l', 'u', 'x', '.', 'l', 'v', '\0',
+  /* "mobio.net", true */ 'm', 'o', 'b', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mobisaar-cloud.de", true */ 'm', 'o', 'b', 'i', 's', 'a', 'a', 'r', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "mobobe.com", true */ 'm', 'o', 'b', 'o', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mobsender.com", true */ 'm', 'o', 'b', 's', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mobycoders.com", true */ 'm', 'o', 'b', 'y', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mocarps.hk", true */ 'm', 'o', 'c', 'a', 'r', 'p', 's', '.', 'h', 'k', '\0',
+  /* "mochanstore.com", true */ 'm', 'o', 'c', 'h', 'a', 'n', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mochoko.com", true */ 'm', 'o', 'c', 'h', 'o', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modaexecutiva.com.br", true */ 'm', 'o', 'd', 'a', 'e', 'x', 'e', 'c', 'u', 't', 'i', 'v', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "modafinil.com", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "modafinil.wiki", true */ 'm', 'o', 'd', 'a', 'f', 'i', 'n', 'i', 'l', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "modafo.com", true */ 'm', 'o', 'd', 'a', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modalogi.com", true */ 'm', 'o', 'd', 'a', 'l', 'o', 'g', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "modcasts.video", true */ 'm', 'o', 'd', 'c', 'a', 's', 't', 's', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "modcentral.pw", true */ 'm', 'o', 'd', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'p', 'w', '\0',
+  /* "mode-hautnah.de", true */ 'm', 'o', 'd', 'e', '-', 'h', 'a', 'u', 't', 'n', 'a', 'h', '.', 'd', 'e', '\0',
+  /* "mode-individuell.de", true */ 'm', 'o', 'd', 'e', '-', 'i', 'n', 'd', 'i', 'v', 'i', 'd', 'u', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "modecaso.com", true */ 'm', 'o', 'd', 'e', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "modehaus-marionk.de", true */ 'm', 'o', 'd', 'e', 'h', 'a', 'u', 's', '-', 'm', 'a', 'r', 'i', 'o', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "modelcase.co.jp", false */ 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "modelcube.com", true */ 'm', 'o', 'd', 'e', 'l', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "modelservis.cz", true */ 'm', 'o', 'd', 'e', 'l', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'z', '\0',
+  /* "modemaille.com", true */ 'm', 'o', 'd', 'e', 'm', 'a', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "modeportaal.nl", true */ 'm', 'o', 'd', 'e', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "moderatoren.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moderatorenpool.org", true */ 'm', 'o', 'd', 'e', 'r', 'a', 't', 'o', 'r', 'e', 'n', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "modernapprenticeships.org", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'a', 'p', 'p', 'r', 'e', 'n', 't', 'i', 'c', 'e', 's', 'h', 'i', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "modernibytovytextil.cz", true */ 'm', 'o', 'd', 'e', 'r', 'n', 'i', 'b', 'y', 't', 'o', 'v', 'y', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'z', '\0',
+  /* "modifiedmind.com", true */ 'm', 'o', 'd', 'i', 'f', 'i', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "modistry.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "modistryusercontent.com", true */ 'm', 'o', 'd', 'i', 's', 't', 'r', 'y', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "modmountain.com", true */ 'm', 'o', 'd', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "module.market", true */ 'm', 'o', 'd', 'u', 'l', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "moe.pe", true */ 'm', 'o', 'e', '.', 'p', 'e', '\0',
+  /* "moechel.com", true */ 'm', 'o', 'e', 'c', 'h', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "moefactory.com", true */ 'm', 'o', 'e', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "moefi.xyz", true */ 'm', 'o', 'e', 'f', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "moehrke.cc", true */ 'm', 'o', 'e', 'h', 'r', 'k', 'e', '.', 'c', 'c', '\0',
+  /* "moellers.systems", true */ 'm', 'o', 'e', 'l', 'l', 'e', 'r', 's', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "moetrack.com", true */ 'm', 'o', 'e', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mofohome.dyndns.org", true */ 'm', 'o', 'f', 'o', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "moha-swiss.com", true */ 'm', 'o', 'h', 'a', '-', 's', 'w', 'i', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mohanmekap.com", true */ 'm', 'o', 'h', 'a', 'n', 'm', 'e', 'k', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mohio.co.nz", true */ 'm', 'o', 'h', 'i', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "moin.jp", true */ 'm', 'o', 'i', 'n', '.', 'j', 'p', '\0',
+  /* "moipourtoit.ch", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'h', '\0',
+  /* "moipourtoit.com", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moipourtoit.org", true */ 'm', 'o', 'i', 'p', 'o', 'u', 'r', 't', 'o', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mojaknjiznica.com", false */ 'm', 'o', 'j', 'a', 'k', 'n', 'j', 'i', 'z', 'n', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mojapraca.sk", true */ 'm', 'o', 'j', 'a', 'p', 'r', 'a', 'c', 'a', '.', 's', 'k', '\0',
+  /* "mojavenissanofbarstowparts.com", true */ 'm', 'o', 'j', 'a', 'v', 'e', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'a', 'r', 's', 't', 'o', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mojeco2.cz", true */ 'm', 'o', 'j', 'e', 'c', 'o', '2', '.', 'c', 'z', '\0',
+  /* "mojefedora.cz", true */ 'm', 'o', 'j', 'e', 'f', 'e', 'd', 'o', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "mojefilmy.xyz", true */ 'm', 'o', 'j', 'e', 'f', 'i', 'l', 'm', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "mojilitygroup.com", true */ 'm', 'o', 'j', 'i', 'l', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mojnet.eu", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "mojnet.net", true */ 'm', 'o', 'j', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "mojoco.co.za", true */ 'm', 'o', 'j', 'o', 'c', 'o', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "mojzis.com", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mojzis.cz", true */ 'm', 'o', 'j', 'z', 'i', 's', '.', 'c', 'z', '\0',
+  /* "mojzisova.com", true */ 'm', 'o', 'j', 'z', 'i', 's', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mokadev.com", true */ 'm', 'o', 'k', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "mokeedev.review", true */ 'm', 'o', 'k', 'e', 'e', 'd', 'e', 'v', '.', 'r', 'e', 'v', 'i', 'e', 'w', '\0',
+  /* "mokhtarmial.com", false */ 'm', 'o', 'k', 'h', 't', 'a', 'r', 'm', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mokote.com", true */ 'm', 'o', 'k', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mokum-organics.com", true */ 'm', 'o', 'k', 'u', 'm', '-', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "molb.org", true */ 'm', 'o', 'l', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "molecularbiosystems.org", true */ 'm', 'o', 'l', 'e', 'c', 'u', 'l', 'a', 'r', 'b', 'i', 'o', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "molinero.xyz", true */ 'm', 'o', 'l', 'i', 'n', 'e', 'r', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "molti.hu", true */ 'm', 'o', 'l', 't', 'i', '.', 'h', 'u', '\0',
+  /* "molunerfinn.com", true */ 'm', 'o', 'l', 'u', 'n', 'e', 'r', 'f', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "molwick.com", true */ 'm', 'o', 'l', 'w', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "momentumdash.com", true */ 'm', 'o', 'm', 'e', 'n', 't', 'u', 'm', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "momirfarooq.com", true */ 'm', 'o', 'm', 'i', 'r', 'f', 'a', 'r', 'o', 'o', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "momozeit.de", true */ 'm', 'o', 'm', 'o', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "momstableonline.com", true */ 'm', 'o', 'm', 's', 't', 'a', 'b', 'l', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "momut.org", true */ 'm', 'o', 'm', 'u', 't', '.', 'o', 'r', 'g', '\0',
+  /* "mon-agenda.org", false */ 'm', 'o', 'n', '-', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mon-partage.fr", true */ 'm', 'o', 'n', '-', 'p', 'a', 'r', 't', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "mon-trafic.com", true */ 'm', 'o', 'n', '-', 't', 'r', 'a', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "mon22.ch", true */ 'm', 'o', 'n', '2', '2', '.', 'c', 'h', '\0',
+  /* "mona-antenna.com", true */ 'm', 'o', 'n', 'a', '-', 'a', 'n', 't', 'e', 'n', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mona-dress.com", true */ 'm', 'o', 'n', 'a', '-', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monachatdeco.com", true */ 'm', 'o', 'n', 'a', 'c', 'h', 'a', 't', 'd', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monalisa.wtf", true */ 'm', 'o', 'n', 'a', 'l', 'i', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "monbudget.org", true */ 'm', 'o', 'n', 'b', 'u', 'd', 'g', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "moncoach.ch", true */ 'm', 'o', 'n', 'c', 'o', 'a', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "mondedesnovels.com", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'e', 's', 'n', 'o', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mondedie.fr", true */ 'm', 'o', 'n', 'd', 'e', 'd', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "mondial-movers.nl", true */ 'm', 'o', 'n', 'd', 'i', 'a', 'l', '-', 'm', 'o', 'v', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "mondo-it.ch", true */ 'm', 'o', 'n', 'd', 'o', '-', 'i', 't', '.', 'c', 'h', '\0',
+  /* "moneychangersoftware.com", true */ 'm', 'o', 'n', 'e', 'y', 'c', 'h', 'a', 'n', 'g', 'e', 'r', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moneygo.se", true */ 'm', 'o', 'n', 'e', 'y', 'g', 'o', '.', 's', 'e', '\0',
+  /* "moneyhouse.de", true */ 'm', 'o', 'n', 'e', 'y', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "moneytoday.se", true */ 'm', 'o', 'n', 'e', 'y', 't', 'o', 'd', 'a', 'y', '.', 's', 'e', '\0',
+  /* "monique.io", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', '.', 'i', 'o', '\0',
+  /* "moniquedekermadec.com", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'd', 'e', 'k', 'e', 'r', 'm', 'a', 'd', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "moniquemunhoz.com.br", true */ 'm', 'o', 'n', 'i', 'q', 'u', 'e', 'm', 'u', 'n', 'h', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "monitman.solutions", true */ 'm', 'o', 'n', 'i', 't', 'm', 'a', 'n', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "monitoring.kalisz.pl", true */ 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'k', 'a', 'l', 'i', 's', 'z', '.', 'p', 'l', '\0',
+  /* "monitzer.com", true */ 'm', 'o', 'n', 'i', 't', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "monix.io", true */ 'm', 'o', 'n', 'i', 'x', '.', 'i', 'o', '\0',
+  /* "monkeydust.net", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'd', 'u', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "monkeyhill.us", true */ 'm', 'o', 'n', 'k', 'e', 'y', 'h', 'i', 'l', 'l', '.', 'u', 's', '\0',
+  /* "monkeytek.ca", true */ 'm', 'o', 'n', 'k', 'e', 'y', 't', 'e', 'k', '.', 'c', 'a', '\0',
+  /* "monloyer.quebec", true */ 'm', 'o', 'n', 'l', 'o', 'y', 'e', 'r', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0',
+  /* "monnyonle.hu", true */ 'm', 'o', 'n', 'n', 'y', 'o', 'n', 'l', 'e', '.', 'h', 'u', '\0',
+  /* "monobank.no", true */ 'm', 'o', 'n', 'o', 'b', 'a', 'n', 'k', '.', 'n', 'o', '\0',
+  /* "monochrometoys.com", true */ 'm', 'o', 'n', 'o', 'c', 'h', 'r', 'o', 'm', 'e', 't', 'o', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monodukuri.com", true */ 'm', 'o', 'n', 'o', 'd', 'u', 'k', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "monokoo.com", true */ 'm', 'o', 'n', 'o', 'k', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monolithapps.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monolithindustries.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monolithinteractive.com", true */ 'm', 'o', 'n', 'o', 'l', 'i', 't', 'h', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monoseis-monotica.gr", true */ 'm', 'o', 'n', 'o', 's', 'e', 'i', 's', '-', 'm', 'o', 'n', 'o', 't', 'i', 'c', 'a', '.', 'g', 'r', '\0',
+  /* "monothesis.com", true */ 'm', 'o', 'n', 'o', 't', 'h', 'e', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "monotsuku.com", true */ 'm', 'o', 'n', 'o', 't', 's', 'u', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "monpc-pro.fr", true */ 'm', 'o', 'n', 'p', 'c', '-', 'p', 'r', 'o', '.', 'f', 'r', '\0',
+  /* "monpermismoto.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "monpermisvoiture.com", true */ 'm', 'o', 'n', 'p', 'e', 'r', 'm', 'i', 's', 'v', 'o', 'i', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monpetitforfait.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'f', 'o', 'r', 'f', 'a', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "monpetitmobile.com", true */ 'm', 'o', 'n', 'p', 'e', 't', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "monsieurbureau.com", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 'b', 'u', 'r', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "monsieursavon.ch", true */ 'm', 'o', 'n', 's', 'i', 'e', 'u', 'r', 's', 'a', 'v', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "monstermashentertainments.co.uk", true */ 'm', 'o', 'n', 's', 't', 'e', 'r', 'm', 'a', 's', 'h', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "montage-kaika.de", true */ 'm', 'o', 'n', 't', 'a', 'g', 'e', '-', 'k', 'a', 'i', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "montagne-tendance.ch", true */ 'm', 'o', 'n', 't', 'a', 'g', 'n', 'e', '-', 't', 'e', 'n', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "montanana.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "montand.com", true */ 'm', 'o', 'n', 't', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "montarfotoaki.com", true */ 'm', 'o', 'n', 't', 'a', 'r', 'f', 'o', 't', 'o', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "montas.io", true */ 'm', 'o', 'n', 't', 'a', 's', '.', 'i', 'o', '\0',
+  /* "montazer.net", true */ 'm', 'o', 'n', 't', 'a', 'z', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "montenero.pl", true */ 'm', 'o', 'n', 't', 'e', 'n', 'e', 'r', 'o', '.', 'p', 'l', '\0',
+  /* "monteurzimmerfrei.de", true */ 'm', 'o', 'n', 't', 'e', 'u', 'r', 'z', 'i', 'm', 'm', 'e', 'r', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "montopolis.com", true */ 'm', 'o', 'n', 't', 'o', 'p', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "montpreveyres.ch", true */ 'm', 'o', 'n', 't', 'p', 'r', 'e', 'v', 'e', 'y', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "montsaintaignan.fr", true */ 'm', 'o', 'n', 't', 's', 'a', 'i', 'n', 't', 'a', 'i', 'g', 'n', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "montychristie.com", true */ 'm', 'o', 'n', 't', 'y', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moo.la", true */ 'm', 'o', 'o', '.', 'l', 'a', '\0',
+  /* "moobo.co.jp", true */ 'm', 'o', 'o', 'b', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "moodfoods.com", true */ 'm', 'o', 'o', 'd', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moodifiers.com", true */ 'm', 'o', 'o', 'd', 'i', 'f', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moodzshop.com", true */ 'm', 'o', 'o', 'd', 'z', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "moojp.co.jp", true */ 'm', 'o', 'o', 'j', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "moonagic.com", true */ 'm', 'o', 'o', 'n', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "moonchart.co.uk", true */ 'm', 'o', 'o', 'n', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moondrop.org", true */ 'm', 'o', 'o', 'n', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "moonkin.eu", true */ 'm', 'o', 'o', 'n', 'k', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "moonmelo.com", true */ 'm', 'o', 'o', 'n', 'm', 'e', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "moonraptor.co.uk", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moonraptor.com", true */ 'm', 'o', 'o', 'n', 'r', 'a', 'p', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "moonrhythm.info", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "moonrhythm.io", true */ 'm', 'o', 'o', 'n', 'r', 'h', 'y', 't', 'h', 'm', '.', 'i', 'o', '\0',
+  /* "moonshyne.org", true */ 'm', 'o', 'o', 'n', 's', 'h', 'y', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "moonvpn.org", true */ 'm', 'o', 'o', 'n', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moorewelliver.com", true */ 'm', 'o', 'o', 'r', 'e', 'w', 'e', 'l', 'l', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "moorfunevents.co.uk", true */ 'm', 'o', 'o', 'r', 'f', 'u', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moorparkelectrical.com", true */ 'm', 'o', 'o', 'r', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mooselook.de", true */ 'm', 'o', 'o', 's', 'e', 'l', 'o', 'o', 'k', '.', 'd', 'e', '\0',
+  /* "moovablestorage.com", true */ 'm', 'o', 'o', 'v', 'a', 'b', 'l', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moparcraft.net", true */ 'm', 'o', 'p', 'a', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "moparisthebest.com", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moparisthebest.net", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "moparisthebest.org", true */ 'm', 'o', 'p', 'a', 'r', 'i', 's', 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "moparscape.net", true */ 'm', 'o', 'p', 'a', 'r', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "mopedreifen.de", true */ 'm', 'o', 'p', 'e', 'd', 'r', 'e', 'i', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mople71.cz", true */ 'm', 'o', 'p', 'l', 'e', '7', '1', '.', 'c', 'z', '\0',
+  /* "moppeleinhorn.de", true */ 'm', 'o', 'p', 'p', 'e', 'l', 'e', 'i', 'n', 'h', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "moppy.org", true */ 'm', 'o', 'p', 'p', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "morbatex.com", true */ 'm', 'o', 'r', 'b', 'a', 't', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "morbitzer.de", false */ 'm', 'o', 'r', 'b', 'i', 't', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "morbotron.com", true */ 'm', 'o', 'r', 'b', 'o', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "morchino.ch", true */ 'm', 'o', 'r', 'c', 'h', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "morchstore.com", true */ 'm', 'o', 'r', 'c', 'h', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mordor.io", false */ 'm', 'o', 'r', 'd', 'o', 'r', '.', 'i', 'o', '\0',
+  /* "moreapp.co.uk", true */ 'm', 'o', 'r', 'e', 'a', 'p', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "morenci.ch", true */ 'm', 'o', 'r', 'e', 'n', 'c', 'i', '.', 'c', 'h', '\0',
+  /* "morepay.cn", true */ 'm', 'o', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'n', '\0',
+  /* "moreserviceleads.com", true */ 'm', 'o', 'r', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', 'l', 'e', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "morespacestorage.com.au", true */ 'm', 'o', 'r', 'e', 's', 'p', 'a', 'c', 'e', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "moresw.com", true */ 'm', 'o', 'r', 'e', 's', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "morganino.eu", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "morganino.it", true */ 'm', 'o', 'r', 'g', 'a', 'n', 'i', 'n', 'o', '.', 'i', 't', '\0',
+  /* "morgansleisure.co.uk", true */ 'm', 'o', 'r', 'g', 'a', 'n', 's', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "moritz-baestlein.de", true */ 'm', 'o', 'r', 'i', 't', 'z', '-', 'b', 'a', 'e', 's', 't', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "moritztremmel.de", true */ 'm', 'o', 'r', 'i', 't', 'z', 't', 'r', 'e', 'm', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "moriz.de", true */ 'm', 'o', 'r', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "moriz.net", true */ 'm', 'o', 'r', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "morphy2k.io", true */ 'm', 'o', 'r', 'p', 'h', 'y', '2', 'k', '.', 'i', 'o', '\0',
+  /* "morteruelo.net", true */ 'm', 'o', 'r', 't', 'e', 'r', 'u', 'e', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mortgagecalculator.biz", true */ 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "mortis.eu", true */ 'm', 'o', 'r', 't', 'i', 's', '.', 'e', 'u', '\0',
+  /* "mosaic-design.ru", true */ 'm', 'o', 's', 'a', 'i', 'c', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'r', 'u', '\0',
+  /* "mosaicadvisors.com", true */ 'm', 'o', 's', 'a', 'i', 'c', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "moscow.dating", true */ 'm', 'o', 's', 'c', 'o', 'w', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "mosfet.cz", true */ 'm', 'o', 's', 'f', 'e', 't', '.', 'c', 'z', '\0',
+  /* "moshwire.com", true */ 'm', 'o', 's', 'h', 'w', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mosin.org", true */ 'm', 'o', 's', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "moskeedieren.nl", true */ 'm', 'o', 's', 'k', 'e', 'e', 'd', 'i', 'e', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "moso.io", true */ 'm', 'o', 's', 'o', '.', 'i', 'o', '\0',
+  /* "mosos.de", true */ 'm', 'o', 's', 'o', 's', '.', 'd', 'e', '\0',
+  /* "mosscade.com", true */ 'm', 'o', 's', 's', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mosstier.com", true */ 'm', 'o', 's', 's', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mostlyharmless.at", true */ 'm', 'o', 's', 't', 'l', 'y', 'h', 'a', 'r', 'm', 'l', 'e', 's', 's', '.', 'a', 't', '\0',
+  /* "mostlyinfinite.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mostlyoverhead.com", true */ 'm', 'o', 's', 't', 'l', 'y', 'o', 'v', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "motd.ch", true */ 'm', 'o', 't', 'd', '.', 'c', 'h', '\0',
+  /* "moteksystems.com", true */ 'm', 'o', 't', 'e', 'k', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "motezazer.fr", true */ 'm', 'o', 't', 'e', 'z', 'a', 'z', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "motherboard.services", true */ 'm', 'o', 't', 'h', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "mothereff.in", false */ 'm', 'o', 't', 'h', 'e', 'r', 'e', 'f', 'f', '.', 'i', 'n', '\0',
+  /* "motionless.nl", true */ 'm', 'o', 't', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'n', 'l', '\0',
+  /* "motohell.com", true */ 'm', 'o', 't', 'o', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "motojato.com.br", true */ 'm', 'o', 't', 'o', 'j', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "motonauticaibiza.com", true */ 'm', 'o', 't', 'o', 'n', 'a', 'u', 't', 'i', 'c', 'a', 'i', 'b', 'i', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "motorcheck.ie", true */ 'm', 'o', 't', 'o', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'e', '\0',
+  /* "motoroilinfo.com", true */ 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "motorpointarenacardiff.co.uk", true */ 'm', 'o', 't', 'o', 'r', 'p', 'o', 'i', 'n', 't', 'a', 'r', 'e', 'n', 'a', 'c', 'a', 'r', 'd', 'i', 'f', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "motorring.ru", true */ 'm', 'o', 't', 'o', 'r', 'r', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "motorsplus.com", true */ 'm', 'o', 't', 'o', 'r', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "motoryachtclub-radolfzell.de", true */ 'm', 'o', 't', 'o', 'r', 'y', 'a', 'c', 'h', 't', 'c', 'l', 'u', 'b', '-', 'r', 'a', 'd', 'o', 'l', 'f', 'z', 'e', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "motosikletevi.com", true */ 'm', 'o', 't', 'o', 's', 'i', 'k', 'l', 'e', 't', 'e', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "motostorie.blog", false */ 'm', 'o', 't', 'o', 's', 't', 'o', 'r', 'i', 'e', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "motransportinfo.com", true */ 'm', 'o', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mottomortgage.com", true */ 'm', 'o', 't', 't', 'o', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "moube.fr", true */ 'm', 'o', 'u', 'b', 'e', '.', 'f', 'r', '\0',
+  /* "moulinaparoles.ca", true */ 'm', 'o', 'u', 'l', 'i', 'n', 'a', 'p', 'a', 'r', 'o', 'l', 'e', 's', '.', 'c', 'a', '\0',
+  /* "moumaobuchiyu.com", true */ 'm', 'o', 'u', 'm', 'a', 'o', 'b', 'u', 'c', 'h', 'i', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mountain-rock.ru", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', '-', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "mountainactivitysection.org.uk", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "mountainroseherbs.com", true */ 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'r', 'o', 's', 'e', 'h', 'e', 'r', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mountfarmer.de", true */ 'm', 'o', 'u', 'n', 't', 'f', 'a', 'r', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "moveek.com", true */ 'm', 'o', 'v', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "moveisfit.com.br", true */ 'm', 'o', 'v', 'e', 'i', 's', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "moveltix.net", true */ 'm', 'o', 'v', 'e', 'l', 't', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "movember.com", false */ 'm', 'o', 'v', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "movepin.com", true */ 'm', 'o', 'v', 'e', 'p', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "movie-cross.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'c', 'r', 'o', 's', 's', '.', 'n', 'e', 't', '\0',
+  /* "movie-infos.net", true */ 'm', 'o', 'v', 'i', 'e', '-', 'i', 'n', 'f', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "movie4k.fyi", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'f', 'y', 'i', '\0',
+  /* "movie4k.life", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "movie4kto.site", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "movie4kto.stream", true */ 'm', 'o', 'v', 'i', 'e', '4', 'k', 't', 'o', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "moviedeposit.com", true */ 'm', 'o', 'v', 'i', 'e', 'd', 'e', 'p', 'o', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "moviefreeze.com", true */ 'm', 'o', 'v', 'i', 'e', 'f', 'r', 'e', 'e', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "movieguys.org", true */ 'm', 'o', 'v', 'i', 'e', 'g', 'u', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "movienang.com", true */ 'm', 'o', 'v', 'i', 'e', 'n', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "moviepilot.com", true */ 'm', 'o', 'v', 'i', 'e', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "movil.uno", true */ 'm', 'o', 'v', 'i', 'l', '.', 'u', 'n', 'o', '\0',
+  /* "movinglogistics.nl", false */ 'm', 'o', 'v', 'i', 'n', 'g', 'l', 'o', 'g', 'i', 's', 't', 'i', 'c', 's', '.', 'n', 'l', '\0',
+  /* "movingoklahoma.org", true */ 'm', 'o', 'v', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "movingtohttps.com", true */ 'm', 'o', 'v', 'i', 'n', 'g', 't', 'o', 'h', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "movlib.org", true */ 'm', 'o', 'v', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "moyer.pub", true */ 'm', 'o', 'y', 'e', 'r', '.', 'p', 'u', 'b', '\0',
+  /* "moylen.eu", true */ 'm', 'o', 'y', 'l', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "moyoo.net", true */ 'm', 'o', 'y', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "mozilla.cz", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'z', '\0',
+  /* "mozillians.org", true */ 'm', 'o', 'z', 'i', 'l', 'l', 'i', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mozzez.de", true */ 'm', 'o', 'z', 'z', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "mp3gratuiti.com", true */ 'm', 'p', '3', 'g', 'r', 'a', 't', 'u', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mpc-hc.org", true */ 'm', 'p', 'c', '-', 'h', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mpcompliance.com", true */ 'm', 'p', 'c', 'o', 'm', 'p', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mpe.org", true */ 'm', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mpetroff.net", true */ 'm', 'p', 'e', 't', 'r', 'o', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "mpg-universal.com", true */ 'm', 'p', 'g', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mpg.ovh", true */ 'm', 'p', 'g', '.', 'o', 'v', 'h', '\0',
+  /* "mpi-sa.fr", true */ 'm', 'p', 'i', '-', 's', 'a', '.', 'f', 'r', '\0',
+  /* "mpintaamalabanna.it", true */ 'm', 'p', 'i', 'n', 't', 'a', 'a', 'm', 'a', 'l', 'a', 'b', 'a', 'n', 'n', 'a', '.', 'i', 't', '\0',
+  /* "mplanetphl.fr", true */ 'm', 'p', 'l', 'a', 'n', 'e', 't', 'p', 'h', 'l', '.', 'f', 'r', '\0',
+  /* "mplant.io", true */ 'm', 'p', 'l', 'a', 'n', 't', '.', 'i', 'o', '\0',
+  /* "mplicka.cz", true */ 'm', 'p', 'l', 'i', 'c', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "mplusm.eu", true */ 'm', 'p', 'l', 'u', 's', 'm', '.', 'e', 'u', '\0',
+  /* "mpn.poker", true */ 'm', 'p', 'n', '.', 'p', 'o', 'k', 'e', 'r', '\0',
+  /* "mpnpokertour.com", true */ 'm', 'p', 'n', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mpodraza.pl", true */ 'm', 'p', 'o', 'd', 'r', 'a', 'z', 'a', '.', 'p', 'l', '\0',
+  /* "mpreserver.com", true */ 'm', 'p', 'r', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mpsgarage.com.au", true */ 'm', 'p', 's', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "mpsoundcraft.com", true */ 'm', 'p', 's', 'o', 'u', 'n', 'd', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mpy.ovh", true */ 'm', 'p', 'y', '.', 'o', 'v', 'h', '\0',
+  /* "mr-anderson.org", true */ 'm', 'r', '-', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mr-labo.jp", true */ 'm', 'r', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "mr-nachhilfe.de", true */ 'm', 'r', '-', 'n', 'a', 'c', 'h', 'h', 'i', 'l', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "mr-wolf.nl", true */ 'm', 'r', '-', 'w', 'o', 'l', 'f', '.', 'n', 'l', '\0',
+  /* "mrbmafrica.com", true */ 'm', 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mrbounce.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mrbouncescrazycastles.co.uk", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 's', 'c', 'r', 'a', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrbouncycastle.com", true */ 'm', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mrca-sharp.com", true */ 'm', 'r', 'c', 'a', '-', 's', 'h', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mrcoolevents.com", true */ 'm', 'r', 'c', 'o', 'o', 'l', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mrd.ninja", true */ 'm', 'r', 'd', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "mrdayman.com", true */ 'm', 'r', 'd', 'a', 'y', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mrdleisure.co.uk", true */ 'm', 'r', 'd', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrevolution.eu", true */ 'm', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "mrinalpurohit.in", true */ 'm', 'r', 'i', 'n', 'a', 'l', 'p', 'u', 'r', 'o', 'h', 'i', 't', '.', 'i', 'n', '\0',
+  /* "mrkapowski.com", true */ 'm', 'r', 'k', 'a', 'p', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mrketolocksmith.com", true */ 'm', 'r', 'k', 'e', 't', 'o', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "mrleonardo.com", true */ 'm', 'r', 'l', 'e', 'o', 'n', 'a', 'r', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mrmoregame.de", true */ 'm', 'r', 'm', 'o', 'r', 'e', 'g', 'a', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "mrnh.de", true */ 'm', 'r', 'n', 'h', '.', 'd', 'e', '\0',
+  /* "mrnh.tk", true */ 'm', 'r', 'n', 'h', '.', 't', 'k', '\0',
+  /* "mrpropop.com", true */ 'm', 'r', 'p', 'r', 'o', 'p', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mrs-labo.jp", true */ 'm', 'r', 's', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "mrserge.lv", true */ 'm', 'r', 's', 'e', 'r', 'g', 'e', '.', 'l', 'v', '\0',
+  /* "mrsk.me", true */ 'm', 'r', 's', 'k', '.', 'm', 'e', '\0',
+  /* "mrstat.co.uk", true */ 'm', 'r', 's', 't', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mrx.one", true */ 'm', 'r', 'x', '.', 'o', 'n', 'e', '\0',
+  /* "ms-alternativ.de", true */ 'm', 's', '-', 'a', 'l', 't', 'e', 'r', 'n', 'a', 't', 'i', 'v', '.', 'd', 'e', '\0',
+  /* "ms-host.fr", true */ 'm', 's', '-', 'h', 'o', 's', 't', '.', 'f', 'r', '\0',
+  /* "msa-aesch.ch", true */ 'm', 's', 'a', '-', 'a', 'e', 's', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "mscc.mu", true */ 'm', 's', 'c', 'c', '.', 'm', 'u', '\0',
+  /* "mscc.org", true */ 'm', 's', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mscenter.cf", true */ 'm', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'f', '\0',
+  /* "msch.pw", true */ 'm', 's', 'c', 'h', '.', 'p', 'w', '\0',
+  /* "mschuessler.org", true */ 'm', 's', 'c', 'h', 'u', 'e', 's', 's', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "msebera.cz", true */ 'm', 's', 'e', 'b', 'e', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "msh100.uk", true */ 'm', 's', 'h', '1', '0', '0', '.', 'u', 'k', '\0',
+  /* "mshemailmarketer.com.au", true */ 'm', 's', 'h', 'e', 'm', 'a', 'i', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "msi-zlin.cz", true */ 'm', 's', 'i', '-', 'z', 'l', 'i', 'n', '.', 'c', 'z', '\0',
+  /* "msiegmund.com", true */ 'm', 's', 'i', 'e', 'g', 'm', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "msmails.de", true */ 'm', 's', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "msnr.net", true */ 'm', 's', 'n', 'r', '.', 'n', 'e', 't', '\0',
+  /* "msp66.de", true */ 'm', 's', 'p', '6', '6', '.', 'd', 'e', '\0',
+  /* "mspnocsupport.com", true */ 'm', 's', 'p', 'n', 'o', 'c', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "msquadrat.de", true */ 'm', 's', 'q', 'u', 'a', 'd', 'r', 'a', 't', '.', 'd', 'e', '\0',
+  /* "mssys.de", true */ 'm', 's', 's', 'y', 's', '.', 'd', 'e', '\0',
+  /* "mstdn.blue", true */ 'm', 's', 't', 'd', 'n', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "mstdn.club", true */ 'm', 's', 't', 'd', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "mstdn.fr", true */ 'm', 's', 't', 'd', 'n', '.', 'f', 'r', '\0',
+  /* "mstdn.io", true */ 'm', 's', 't', 'd', 'n', '.', 'i', 'o', '\0',
+  /* "mstdn.nl", true */ 'm', 's', 't', 'd', 'n', '.', 'n', 'l', '\0',
+  /* "mstdn.onl", true */ 'm', 's', 't', 'd', 'n', '.', 'o', 'n', 'l', '\0',
+  /* "mstiles92.com", true */ 'm', 's', 't', 'i', 'l', 'e', 's', '9', '2', '.', 'c', 'o', 'm', '\0',
+  /* "msuess.me", true */ 'm', 's', 'u', 'e', 's', 's', '.', 'm', 'e', '\0',
+  /* "msuna.net", true */ 'm', 's', 'u', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "msv-limpezas.pt", true */ 'm', 's', 'v', '-', 'l', 'i', 'm', 'p', 'e', 'z', 'a', 's', '.', 'p', 't', '\0',
+  /* "msx.org", true */ 'm', 's', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "msz-fotografie.de", true */ 'm', 's', 'z', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "mszavodumiru.cz", true */ 'm', 's', 'z', 'a', 'v', 'o', 'd', 'u', 'm', 'i', 'r', 'u', '.', 'c', 'z', '\0',
+  /* "mt.search.yahoo.com", false */ 'm', 't', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mt2414.com", true */ 'm', 't', '2', '4', '1', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mtasa.com", true */ 'm', 't', 'a', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mtau.com", true */ 'm', 't', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mtb.wtf", true */ 'm', 't', 'b', '.', 'w', 't', 'f', '\0',
+  /* "mtcq.jp", true */ 'm', 't', 'c', 'q', '.', 'j', 'p', '\0',
+  /* "mtd.ovh", true */ 'm', 't', 'd', '.', 'o', 'v', 'h', '\0',
+  /* "mtfgnettoyage.fr", true */ 'm', 't', 'f', 'g', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "mtg-tutor.de", true */ 'm', 't', 'g', '-', 't', 'u', 't', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "mthode.org", true */ 'm', 't', 'h', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mths.be", false */ 'm', 't', 'h', 's', '.', 'b', 'e', '\0',
+  /* "mticareportal.com", true */ 'm', 't', 'i', 'c', 'a', 'r', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mtirc.co", true */ 'm', 't', 'i', 'r', 'c', '.', 'c', 'o', '\0',
+  /* "mtnz.co.za", true */ 'm', 't', 'n', 'z', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "mtouch.facebook.com", false */ 'm', 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mtr.md", true */ 'm', 't', 'r', '.', 'm', 'd', '\0',
+  /* "mtrock.ru", true */ 'm', 't', 'r', 'o', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "mts-energia.eu", true */ 'm', 't', 's', '-', 'e', 'n', 'e', 'r', 'g', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "mts-server.com", true */ 'm', 't', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mtsolar.es", true */ 'm', 't', 's', 'o', 'l', 'a', 'r', '.', 'e', 's', '\0',
+  /* "mu.search.yahoo.com", false */ 'm', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "muabannhanh.com", false */ 'm', 'u', 'a', 'b', 'a', 'n', 'n', 'h', 'a', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "muahahahaha.co.uk", true */ 'm', 'u', 'a', 'h', 'a', 'h', 'a', 'h', 'a', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mubiflex.nl", true */ 'm', 'u', 'b', 'i', 'f', 'l', 'e', 'x', '.', 'n', 'l', '\0',
+  /* "muchohentai.com", true */ 'm', 'u', 'c', 'h', 'o', 'h', 'e', 'n', 't', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "muckingabout.eu", true */ 'm', 'u', 'c', 'k', 'i', 'n', 'g', 'a', 'b', 'o', 'u', 't', '.', 'e', 'u', '\0',
+  /* "mucmail.de", true */ 'm', 'u', 'c', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "mudcrab.us", false */ 'm', 'u', 'd', 'c', 'r', 'a', 'b', '.', 'u', 's', '\0',
+  /* "muehlemann.net", true */ 'm', 'u', 'e', 'h', 'l', 'e', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "muellapp.com", true */ 'm', 'u', 'e', 'l', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "muenchberger.com", true */ 'm', 'u', 'e', 'n', 'c', 'h', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "muenzubi.de", true */ 'm', 'u', 'e', 'n', 'z', 'u', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "muffet.pw", true */ 'm', 'u', 'f', 'f', 'e', 't', '.', 'p', 'w', '\0',
+  /* "muga.space", true */ 'm', 'u', 'g', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "muguayuan.com", true */ 'm', 'u', 'g', 'u', 'a', 'y', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "muh.io", true */ 'm', 'u', 'h', '.', 'i', 'o', '\0',
+  /* "muk-kobetsu.com", true */ 'm', 'u', 'k', '-', 'k', 'o', 'b', 'e', 't', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mukka.ch", true */ 'm', 'u', 'k', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "mulaccosmetics.com", true */ 'm', 'u', 'l', 'a', 'c', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mulaisehat.com", true */ 'm', 'u', 'l', 'a', 'i', 's', 'e', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mulej.net", true */ 'm', 'u', 'l', 'e', 'j', '.', 'n', 'e', 't', '\0',
+  /* "mulheres18.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'e', 's', '1', '8', '.', 'c', 'o', 'm', '\0',
+  /* "mulherportuguesa.com", true */ 'm', 'u', 'l', 'h', 'e', 'r', 'p', 'o', 'r', 't', 'u', 'g', 'u', 'e', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "muling.lu", true */ 'm', 'u', 'l', 'i', 'n', 'g', '.', 'l', 'u', '\0',
+  /* "mullens-usedcars.be", true */ 'm', 'u', 'l', 'l', 'e', 'n', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "multi-vpn.biz", true */ 'm', 'u', 'l', 't', 'i', '-', 'v', 'p', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "multibase.pt", true */ 'm', 'u', 'l', 't', 'i', 'b', 'a', 's', 'e', '.', 'p', 't', '\0',
+  /* "multibit.org", true */ 'm', 'u', 'l', 't', 'i', 'b', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "multibomasm.com.br", true */ 'm', 'u', 'l', 't', 'i', 'b', 'o', 'm', 'a', 's', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "multicomhost.com", true */ 'm', 'u', 'l', 't', 'i', 'c', 'o', 'm', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "multigamecard.com", true */ 'm', 'u', 'l', 't', 'i', 'g', 'a', 'm', 'e', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "multigeist.de", true */ 'm', 'u', 'l', 't', 'i', 'g', 'e', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "multikalender.de", false */ 'm', 'u', 'l', 't', 'i', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "multimail.work", true */ 'm', 'u', 'l', 't', 'i', 'm', 'a', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "multimedia-pool.com", true */ 'm', 'u', 'l', 't', 'i', 'm', 'e', 'd', 'i', 'a', '-', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "multiplayernow.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'a', 'y', 'e', 'r', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "multipleservers.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "multiplexcy.com", true */ 'm', 'u', 'l', 't', 'i', 'p', 'l', 'e', 'x', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "multirep.ch", true */ 'm', 'u', 'l', 't', 'i', 'r', 'e', 'p', '.', 'c', 'h', '\0',
+  /* "multitek.no", true */ 'm', 'u', 'l', 't', 'i', 't', 'e', 'k', '.', 'n', 'o', '\0',
+  /* "multitheftauto.com", true */ 'm', 'u', 'l', 't', 'i', 't', 'h', 'e', 'f', 't', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "multivpn.cn.com", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "multivpn.com.de", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "multivpn.com.ua", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "multivpn.fr", true */ 'm', 'u', 'l', 't', 'i', 'v', 'p', 'n', '.', 'f', 'r', '\0',
+  /* "multiworldsoftware.com", true */ 'm', 'u', 'l', 't', 'i', 'w', 'o', 'r', 'l', 'd', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "multrier.fr", true */ 'm', 'u', 'l', 't', 'r', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "mumbaionlinegifts.com", true */ 'm', 'u', 'm', 'b', 'a', 'i', 'o', 'n', 'l', 'i', 'n', 'e', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mumei.space", true */ 'm', 'u', 'm', 'e', 'i', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "mumolabs.com", true */ 'm', 'u', 'm', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "munchcorp.com", true */ 'm', 'u', 'n', 'c', 'h', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mundoadulto.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'd', 'u', 'l', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundoalpha.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundoarabe.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'a', 'r', 'a', 'b', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundodasmensagens.com", true */ 'm', 'u', 'n', 'd', 'o', 'd', 'a', 's', 'm', 'e', 'n', 's', 'a', 'g', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mundokinderland.com.br", true */ 'm', 'u', 'n', 'd', 'o', 'k', 'i', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "mundolarraz.es", true */ 'm', 'u', 'n', 'd', 'o', 'l', 'a', 'r', 'r', 'a', 'z', '.', 'e', 's', '\0',
+  /* "mundschenk.at", true */ 'm', 'u', 'n', 'd', 's', 'c', 'h', 'e', 'n', 'k', '.', 'a', 't', '\0',
+  /* "mundtec.com.br", true */ 'm', 'u', 'n', 'd', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "munirajiwa.com", true */ 'm', 'u', 'n', 'i', 'r', 'a', 'j', 'i', 'w', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "munki.org", true */ 'm', 'u', 'n', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "munkibuilds.org", true */ 'm', 'u', 'n', 'k', 'i', 'b', 'u', 'i', 'l', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "munpanel.com", true */ 'm', 'u', 'n', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "munrabi.com", true */ 'm', 'u', 'n', 'r', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "muqu.co", true */ 'm', 'u', 'q', 'u', '.', 'c', 'o', '\0',
+  /* "mur-vegetal-interieur.fr", true */ 'm', 'u', 'r', '-', 'v', 'e', 'g', 'e', 't', 'a', 'l', '-', 'i', 'n', 't', 'e', 'r', 'i', 'e', 'u', 'r', '.', 'f', 'r', '\0',
+  /* "murakami-sah.com", true */ 'm', 'u', 'r', 'a', 'k', 'a', 'm', 'i', '-', 's', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "murdercube.com", true */ 'm', 'u', 'r', 'd', 'e', 'r', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "murfy.kiwi", true */ 'm', 'u', 'r', 'f', 'y', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "murfy.nz", true */ 'm', 'u', 'r', 'f', 'y', '.', 'n', 'z', '\0',
+  /* "murgi.de", true */ 'm', 'u', 'r', 'g', 'i', '.', 'd', 'e', '\0',
+  /* "murmel.it", false */ 'm', 'u', 'r', 'm', 'e', 'l', '.', 'i', 't', '\0',
+  /* "murof.com.br", true */ 'm', 'u', 'r', 'o', 'f', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "murraycoin.org", true */ 'm', 'u', 'r', 'r', 'a', 'y', 'c', 'o', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mursu.directory", true */ 'm', 'u', 'r', 's', 'u', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "muscle-tg.com", true */ 'm', 'u', 's', 'c', 'l', 'e', '-', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "muscleangels.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'a', 'n', 'g', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "musclecarresearch.com", true */ 'm', 'u', 's', 'c', 'l', 'e', 'c', 'a', 'r', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "muscolinomusic.com", true */ 'm', 'u', 's', 'c', 'o', 'l', 'i', 'n', 'o', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "musearchengine.com", true */ 'm', 'u', 's', 'e', 'a', 'r', 'c', 'h', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "musehelix.com", true */ 'm', 'u', 's', 'e', 'h', 'e', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "muses-success.info", true */ 'm', 'u', 's', 'e', 's', '-', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "museumstreak.com", true */ 'm', 'u', 's', 'e', 'u', 'm', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mush-room.co.jp", true */ 'm', 'u', 's', 'h', '-', 'r', 'o', 'o', 'm', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "mushikabu.net", true */ 'm', 'u', 's', 'h', 'i', 'k', 'a', 'b', 'u', '.', 'n', 'e', 't', '\0',
+  /* "music-is-my-life.de", true */ 'm', 'u', 's', 'i', 'c', '-', 'i', 's', '-', 'm', 'y', '-', 'l', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "music-project.eu", true */ 'm', 'u', 's', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'e', 'u', '\0',
+  /* "music.amazon.com", true */ 'm', 'u', 's', 'i', 'c', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "musicalive.nl", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "musicall.com", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "musicalschwarzenburg.ch", true */ 'm', 'u', 's', 'i', 'c', 'a', 'l', 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'n', 'b', 'u', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "musicchris.de", true */ 'm', 'u', 's', 'i', 'c', 'c', 'h', 'r', 'i', 's', '.', 'd', 'e', '\0',
+  /* "musicgamegalaxy.de", true */ 'm', 'u', 's', 'i', 'c', 'g', 'a', 'm', 'e', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'd', 'e', '\0',
+  /* "musician.dating", true */ 'm', 'u', 's', 'i', 'c', 'i', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "musickhouseleveling.com", true */ 'm', 'u', 's', 'i', 'c', 'k', 'h', 'o', 'u', 's', 'e', 'l', 'e', 'v', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "musicschoolonline.com", true */ 'm', 'u', 's', 'i', 'c', 's', 'c', 'h', 'o', 'o', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "musicstore.de", false */ 'm', 'u', 's', 'i', 'c', 's', 't', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "musicwear.cz", true */ 'm', 'u', 's', 'i', 'c', 'w', 'e', 'a', 'r', '.', 'c', 'z', '\0',
+  /* "musik-mentaltraining.ch", true */ 'm', 'u', 's', 'i', 'k', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "musikverein-elten.de", true */ 'm', 'u', 's', 'i', 'k', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "musketonhaken.nl", false */ 'm', 'u', 's', 'k', 'e', 't', 'o', 'n', 'h', 'a', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "muslim.singles", true */ 'm', 'u', 's', 'l', 'i', 'm', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0',
+  /* "musmann.io", true */ 'm', 'u', 's', 'm', 'a', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "muspla.com", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "muspla.com.br", true */ 'm', 'u', 's', 'p', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "musselsblog.com", true */ 'm', 'u', 's', 's', 'e', 'l', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mustard.co.uk", true */ 'm', 'u', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mustasj.no", true */ 'm', 'u', 's', 't', 'a', 's', 'j', '.', 'n', 'o', '\0',
+  /* "musthavesforreal.com", true */ 'm', 'u', 's', 't', 'h', 'a', 'v', 'e', 's', 'f', 'o', 'r', 'r', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mutantmonkey.in", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', '\0',
+  /* "mutantmonkey.info", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mutantmonkey.sexy", true */ 'm', 'u', 't', 'a', 'n', 't', 'm', 'o', 'n', 'k', 'e', 'y', '.', 's', 'e', 'x', 'y', '\0',
+  /* "mutuals.cool", true */ 'm', 'u', 't', 'u', 'a', 'l', 's', '.', 'c', 'o', 'o', 'l', '\0',
+  /* "mutuelle.fr", true */ 'm', 'u', 't', 'u', 'e', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "muusika.fun", true */ 'm', 'u', 'u', 's', 'i', 'k', 'a', '.', 'f', 'u', 'n', '\0',
+  /* "muusikoiden.net", true */ 'm', 'u', 'u', 's', 'i', 'k', 'o', 'i', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "muwatenraqamy.org", true */ 'm', 'u', 'w', 'a', 't', 'e', 'n', 'r', 'a', 'q', 'a', 'm', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "muzi.cz", true */ 'm', 'u', 'z', 'i', '.', 'c', 'z', '\0',
+  /* "mv-wohnen.de", true */ 'm', 'v', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mvandek.nl", true */ 'm', 'v', 'a', 'n', 'd', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "mvbits.com", true */ 'm', 'v', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mvno.io", true */ 'm', 'v', 'n', 'o', '.', 'i', 'o', '\0',
+  /* "mvp-stars.com", true */ 'm', 'v', 'p', '-', 's', 't', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mw.search.yahoo.com", false */ 'm', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mwainc.org", true */ 'm', 'w', 'a', 'i', 'n', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "mware-staging.azurewebsites.net", true */ 'm', 'w', 'a', 'r', 'e', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "mwavuli.co.ke", true */ 'm', 'w', 'a', 'v', 'u', 'l', 'i', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "mwba.org", true */ 'm', 'w', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "mwe.st", true */ 'm', 'w', 'e', '.', 's', 't', '\0',
+  /* "mwtdev.se", true */ 'm', 'w', 't', 'd', 'e', 'v', '.', 's', 'e', '\0',
+  /* "mww.moe", true */ 'm', 'w', 'w', '.', 'm', 'o', 'e', '\0',
+  /* "mx.org.ua", true */ 'm', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "mx.search.yahoo.com", false */ 'm', 'x', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mx5international.com", true */ 'm', 'x', '5', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mxawei.cn", true */ 'm', 'x', 'a', 'w', 'e', 'i', '.', 'c', 'n', '\0',
+  /* "mxihan.xyz", true */ 'm', 'x', 'i', 'h', 'a', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "mxlife.org", true */ 'm', 'x', 'l', 'i', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mxp.tw", true */ 'm', 'x', 'p', '.', 't', 'w', '\0',
+  /* "my-cdn.de", true */ 'm', 'y', '-', 'c', 'd', 'n', '.', 'd', 'e', '\0',
+  /* "my-contract.ch", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'c', 'h', '\0',
+  /* "my-contract.info", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "my-contract.net", true */ 'm', 'y', '-', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "my-dick.ru", true */ 'm', 'y', '-', 'd', 'i', 'c', 'k', '.', 'r', 'u', '\0',
+  /* "my-dns.co.il", true */ 'm', 'y', '-', 'd', 'n', 's', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "my-ebook.es", true */ 'm', 'y', '-', 'e', 'b', 'o', 'o', 'k', '.', 'e', 's', '\0',
+  /* "my-floor.com", true */ 'm', 'y', '-', 'f', 'l', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "my-host.ovh", true */ 'm', 'y', '-', 'h', 'o', 's', 't', '.', 'o', 'v', 'h', '\0',
+  /* "my-hps.de", true */ 'm', 'y', '-', 'h', 'p', 's', '.', 'd', 'e', '\0',
+  /* "my-ip.work", true */ 'm', 'y', '-', 'i', 'p', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "my-pawnshop.com.ua", false */ 'm', 'y', '-', 'p', 'a', 'w', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "my-plancha.ch", true */ 'm', 'y', '-', 'p', 'l', 'a', 'n', 'c', 'h', 'a', '.', 'c', 'h', '\0',
+  /* "my-static-demo-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'd', 'e', 'm', 'o', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "my-static-live-808795.c.cdn77.org", true */ 'm', 'y', '-', 's', 't', 'a', 't', 'i', 'c', '-', 'l', 'i', 'v', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "my-voice.nl", false */ 'm', 'y', '-', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "my.onlime.ch", false */ 'm', 'y', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "my.usa.gov", false */ 'm', 'y', '.', 'u', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "my.xero.com", false */ 'm', 'y', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myaccount.google.com", false */ 'm', 'y', 'a', 'c', 'c', 'o', 'u', 'n', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myactivity.google.com", true */ 'm', 'y', 'a', 'c', 't', 'i', 'v', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myadself.com", true */ 'm', 'y', 'a', 'd', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "myaggic.com", true */ 'm', 'y', 'a', 'g', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "myalliancechurch.com", true */ 'm', 'y', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "myamend.com", true */ 'm', 'y', 'a', 'm', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myamity.info", true */ 'm', 'y', 'a', 'm', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "myanimelist.net", true */ 'm', 'y', 'a', 'n', 'i', 'm', 'e', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "myapexcard.com", true */ 'm', 'y', 'a', 'p', 'e', 'x', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myartsjournal.com", true */ 'm', 'y', 'a', 'r', 't', 's', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mybb.com", true */ 'm', 'y', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "mybb.de", true */ 'm', 'y', 'b', 'b', '.', 'd', 'e', '\0',
+  /* "mybboard.pl", true */ 'm', 'y', 'b', 'b', 'o', 'a', 'r', 'd', '.', 'p', 'l', '\0',
+  /* "mybicc.org", true */ 'm', 'y', 'b', 'i', 'c', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "myblockchain.cloud", true */ 'm', 'y', 'b', 'l', 'o', 'c', 'k', 'c', 'h', 'a', 'i', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "mybloggedlife.com", true */ 'm', 'y', 'b', 'l', 'o', 'g', 'g', 'e', 'd', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mybon.at", false */ 'm', 'y', 'b', 'o', 'n', '.', 'a', 't', '\0',
+  /* "mycard.moe", true */ 'm', 'y', 'c', 'a', 'r', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "mycieokien.info", false */ 'm', 'y', 'c', 'i', 'e', 'o', 'k', 'i', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mycircleworks.com", true */ 'm', 'y', 'c', 'i', 'r', 'c', 'l', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myclinicalstudybuddy.com", true */ 'm', 'y', 'c', 'l', 'i', 'n', 'i', 'c', 'a', 'l', 's', 't', 'u', 'd', 'y', 'b', 'u', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mycloud-system.com", true */ 'm', 'y', 'c', 'l', 'o', 'u', 'd', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mycofairtrade.com", true */ 'm', 'y', 'c', 'o', 'f', 'a', 'i', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mycompanion.cz", true */ 'm', 'y', 'c', 'o', 'm', 'p', 'a', 'n', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "myconan.net", true */ 'm', 'y', 'c', 'o', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "myconsulting.ch", true */ 'm', 'y', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "mycontrolmonitor.com", true */ 'm', 'y', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mycr.eu", true */ 'm', 'y', 'c', 'r', '.', 'e', 'u', '\0',
+  /* "mycreativeartsconsulting.com", true */ 'm', 'y', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', 'a', 'r', 't', 's', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mycreditcardcenter.com", true */ 'm', 'y', 'c', 'r', 'e', 'd', 'i', 't', 'c', 'a', 'r', 'd', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mycrypnet.io", true */ 'm', 'y', 'c', 'r', 'y', 'p', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "mycrystalgrove.com", true */ 'm', 'y', 'c', 'r', 'y', 's', 't', 'a', 'l', 'g', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mycustomwriting.com", true */ 'm', 'y', 'c', 'u', 's', 't', 'o', 'm', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "mydarkstar.net", true */ 'm', 'y', 'd', 'a', 'r', 'k', 's', 't', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "myday.eu.com", true */ 'm', 'y', 'd', 'a', 'y', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "mydaywebapp.com", true */ 'm', 'y', 'd', 'a', 'y', 'w', 'e', 'b', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mydebian.in.ua", true */ 'm', 'y', 'd', 'e', 'b', 'i', 'a', 'n', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "mydevolo.com", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "mydevolo.de", true */ 'm', 'y', 'd', 'e', 'v', 'o', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "mydigitalweek.com", true */ 'm', 'y', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'w', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mydjsongbook.com", true */ 'm', 'y', 'd', 'j', 's', 'o', 'n', 'g', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mydocserve.com", true */ 'm', 'y', 'd', 'o', 'c', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mydreamlifelab.com", true */ 'm', 'y', 'd', 'r', 'e', 'a', 'm', 'l', 'i', 'f', 'e', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "myeberspaecher.com", true */ 'm', 'y', 'e', 'b', 'e', 'r', 's', 'p', 'a', 'e', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myeffect.today", true */ 'm', 'y', 'e', 'f', 'f', 'e', 'c', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "myepass.bg", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'b', 'g', '\0',
+  /* "myepass.de", true */ 'm', 'y', 'e', 'p', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "myfantasysportstalk.com", true */ 'm', 'y', 'f', 'a', 'n', 't', 'a', 's', 'y', 's', 'p', 'o', 'r', 't', 's', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "myfedloan.org", true */ 'm', 'y', 'f', 'e', 'd', 'l', 'o', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "myfirenet.com", true */ 'm', 'y', 'f', 'i', 'r', 'e', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "myfloridadeferredcomp.com", true */ 'm', 'y', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'd', 'e', 'f', 'e', 'r', 'r', 'e', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "myforfaitmobile.com", true */ 'm', 'y', 'f', 'o', 'r', 'f', 'a', 'i', 't', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myfreemp3.click", true */ 'm', 'y', 'f', 'r', 'e', 'e', 'm', 'p', '3', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "myfrenchtattoo.fr", true */ 'm', 'y', 'f', 'r', 'e', 'n', 'c', 'h', 't', 'a', 't', 't', 'o', 'o', '.', 'f', 'r', '\0',
+  /* "myfunworld.de", true */ 'm', 'y', 'f', 'u', 'n', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "myg21.com", true */ 'm', 'y', 'g', '2', '1', '.', 'c', 'o', 'm', '\0',
+  /* "mygadgetguardian.lookout.com", false */ 'm', 'y', 'g', 'a', 'd', 'g', 'e', 't', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mygalgame.com", true */ 'm', 'y', 'g', 'a', 'l', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mygallery.homelinux.net", true */ 'm', 'y', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'h', 'o', 'm', 'e', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "mygaysitges.com", true */ 'm', 'y', 'g', 'a', 'y', 's', 'i', 't', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mygeneral.org", true */ 'm', 'y', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "mygeotrip.com", true */ 'm', 'y', 'g', 'e', 'o', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "mygoldennetwork.com", true */ 'm', 'y', 'g', 'o', 'l', 'd', 'e', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mygpsite.com", true */ 'm', 'y', 'g', 'p', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mygreatjob.eu", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', '.', 'e', 'u', '\0',
+  /* "mygreatjobs.de", true */ 'm', 'y', 'g', 'r', 'e', 'a', 't', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0',
+  /* "mygretchen.de", true */ 'm', 'y', 'g', 'r', 'e', 't', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mygrotto.org", true */ 'm', 'y', 'g', 'r', 'o', 't', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "mygymer.ch", true */ 'm', 'y', 'g', 'y', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "myhatsuden.jp", true */ 'm', 'y', 'h', 'a', 't', 's', 'u', 'd', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "myhealthreviews.com", true */ 'm', 'y', 'h', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myhostname.net", true */ 'm', 'y', 'h', 'o', 's', 't', 'n', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "myimds.com", true */ 'm', 'y', 'i', 'm', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myimmitracker.com", true */ 'm', 'y', 'i', 'm', 'm', 'i', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myjumparoo.co.uk", true */ 'm', 'y', 'j', 'u', 'm', 'p', 'a', 'r', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "myki.co", true */ 'm', 'y', 'k', 'i', '.', 'c', 'o', '\0',
+  /* "mykontool.de", true */ 'm', 'y', 'k', 'o', 'n', 't', 'o', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "mylatestnews.org", true */ 'm', 'y', 'l', 'a', 't', 'e', 's', 't', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "mylawyer.be", true */ 'm', 'y', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "myleanfactory.de", true */ 'm', 'y', 'l', 'e', 'a', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "mylene-chandelier.me", true */ 'm', 'y', 'l', 'e', 'n', 'e', '-', 'c', 'h', 'a', 'n', 'd', 'e', 'l', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "mylifeabundant.com", true */ 'm', 'y', 'l', 'i', 'f', 'e', 'a', 'b', 'u', 'n', 'd', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mylighthost.com", true */ 'm', 'y', 'l', 'i', 'g', 'h', 't', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "myliveupdates.com", true */ 'm', 'y', 'l', 'i', 'v', 'e', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mylocalsearch.co.uk", true */ 'm', 'y', 'l', 'o', 'c', 'a', 'l', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mylookout.com", false */ 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mymadina.com", true */ 'm', 'y', 'm', 'a', 'd', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "mymb.pm", true */ 'm', 'y', 'm', 'b', '.', 'p', 'm', '\0',
+  /* "mymed.de", true */ 'm', 'y', 'm', 'e', 'd', '.', 'd', 'e', '\0',
+  /* "mymed.eu", true */ 'm', 'y', 'm', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "mymommyworld.com", true */ 'm', 'y', 'm', 'o', 'm', 'm', 'y', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "mymotor.nl", true */ 'm', 'y', 'm', 'o', 't', 'o', 'r', '.', 'n', 'l', '\0',
+  /* "mymp3singer.co", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "mymp3singer.net", true */ 'm', 'y', 'm', 'p', '3', 's', 'i', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "myms.eu", true */ 'm', 'y', 'm', 's', '.', 'e', 'u', '\0',
+  /* "mymsr.de", true */ 'm', 'y', 'm', 's', 'r', '.', 'd', 'e', '\0',
+  /* "mymun.net", true */ 'm', 'y', 'm', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "mymx.lu", true */ 'm', 'y', 'm', 'x', '.', 'l', 'u', '\0',
+  /* "myna.go.jp", true */ 'm', 'y', 'n', 'a', '.', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "myndcommunication.com", true */ 'm', 'y', 'n', 'd', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mynext.events", true */ 'm', 'y', 'n', 'e', 'x', 't', '.', 'e', 'v', 'e', 'n', 't', 's', '\0',
+  /* "mynn.io", true */ 'm', 'y', 'n', 'n', '.', 'i', 'o', '\0',
+  /* "mynook.info", true */ 'm', 'y', 'n', 'o', 'o', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "mynortherngarden.com", true */ 'm', 'y', 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "myon.info", true */ 'm', 'y', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "myonline.hu", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'h', 'u', '\0',
+  /* "myonlinedating.club", true */ 'm', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 'd', 'a', 't', 'i', 'n', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "myoptumhealthcomplexmedical.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'o', 'm', 'p', 'l', 'e', 'x', 'm', 'e', 'd', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "myoptumhealthparentsteps.com", true */ 'm', 'y', 'o', 'p', 't', 'u', 'm', 'h', 'e', 'a', 'l', 't', 'h', 'p', 'a', 'r', 'e', 'n', 't', 's', 't', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myoueb.fr", true */ 'm', 'y', 'o', 'u', 'e', 'b', '.', 'f', 'r', '\0',
+  /* "myoukochou.com", true */ 'm', 'y', 'o', 'u', 'k', 'o', 'c', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "myownconference.com", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myownconference.com.ua", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "myownconference.de", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "myownconference.es", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'e', 's', '\0',
+  /* "myownconference.fr", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "myownconference.lt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 't', '\0',
+  /* "myownconference.lv", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'l', 'v', '\0',
+  /* "myownconference.pl", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 'l', '\0',
+  /* "myownconference.pt", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'p', 't', '\0',
+  /* "myownconference.ru", true */ 'm', 'y', 'o', 'w', 'n', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'r', 'u', '\0',
+  /* "myowndisk.com", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "myowndisk.net", true */ 'm', 'y', 'o', 'w', 'n', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "myownwebinar.com", true */ 'm', 'y', 'o', 'w', 'n', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypanier.com", true */ 'm', 'y', 'p', 'a', 'n', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypaperwriter.com", true */ 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mypayoffloan.com", true */ 'm', 'y', 'p', 'a', 'y', 'o', 'f', 'f', 'l', 'o', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "myperfumecollection.com", true */ 'm', 'y', 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mypillcard.com", true */ 'm', 'y', 'p', 'i', 'l', 'l', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "myplaceonline.com", true */ 'm', 'y', 'p', 'l', 'a', 'c', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mypress.mx", true */ 'm', 'y', 'p', 'r', 'e', 's', 's', '.', 'm', 'x', '\0',
+  /* "myprintcard.de", true */ 'm', 'y', 'p', 'r', 'i', 'n', 't', 'c', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "myproblog.com", true */ 'm', 'y', 'p', 'r', 'o', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "myptsite.com", true */ 'm', 'y', 'p', 't', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "mypup.nl", true */ 'm', 'y', 'p', 'u', 'p', '.', 'n', 'l', '\0',
+  /* "myrandomtips.com", true */ 'm', 'y', 'r', 'a', 'n', 'd', 'o', 'm', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myranicol.com", true */ 'm', 'y', 'r', 'a', 'n', 'i', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "myrealestatemate.com.au", true */ 'm', 'y', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "myrekber.co.id", true */ 'm', 'y', 'r', 'e', 'k', 'b', 'e', 'r', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "myrent.quebec", true */ 'm', 'y', 'r', 'e', 'n', 't', '.', 'q', 'u', 'e', 'b', 'e', 'c', '\0',
+  /* "myresearchapp.com", true */ 'm', 'y', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "myriadof.com", true */ 'm', 'y', 'r', 'i', 'a', 'd', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "myrig.com", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "myrig.com.ua", true */ 'm', 'y', 'r', 'i', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "myrig.io", true */ 'm', 'y', 'r', 'i', 'g', '.', 'i', 'o', '\0',
+  /* "myrig.ru", true */ 'm', 'y', 'r', 'i', 'g', '.', 'r', 'u', '\0',
+  /* "myrotvorets.center", true */ 'm', 'y', 'r', 'o', 't', 'v', 'o', 'r', 'e', 't', 's', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "myruststats.com", true */ 'm', 'y', 'r', 'u', 's', 't', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myschoolphoto.org", true */ 'm', 'y', 's', 'c', 'h', 'o', 'o', 'l', 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "myseatime.com", true */ 'm', 'y', 's', 'e', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "myself5.de", true */ 'm', 'y', 's', 'e', 'l', 'f', '5', '.', 'd', 'e', '\0',
+  /* "mysignal.com", true */ 'm', 'y', 's', 'i', 'g', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mysize-condooms.nl", true */ 'm', 'y', 's', 'i', 'z', 'e', '-', 'c', 'o', 'n', 'd', 'o', 'o', 'm', 's', '.', 'n', 'l', '\0',
+  /* "mysmelly.com", true */ 'm', 'y', 's', 'm', 'e', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "mysocialporn.com", true */ 'm', 'y', 's', 'o', 'c', 'i', 'a', 'l', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "mysocrat.com", true */ 'm', 'y', 's', 'o', 'c', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mysoundtalks.com", false */ 'm', 'y', 's', 'o', 'u', 'n', 'd', 't', 'a', 'l', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myspicer.com", true */ 'm', 'y', 's', 'p', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mysqldump-secure.org", true */ 'm', 'y', 's', 'q', 'l', 'd', 'u', 'm', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "myssl.com", true */ 'm', 'y', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mystatus24.com", true */ 'm', 'y', 's', 't', 'a', 't', 'u', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "mysteriouscode.io", true */ 'm', 'y', 's', 't', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'o', 'd', 'e', '.', 'i', 'o', '\0',
+  /* "mysterymind.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 'm', 'i', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "mysterysear.ch", true */ 'm', 'y', 's', 't', 'e', 'r', 'y', 's', 'e', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "mystic-welten.de", true */ 'm', 'y', 's', 't', 'i', 'c', '-', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "mystickphysick.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'k', 'p', 'h', 'y', 's', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "mysticplumes.com", true */ 'm', 'y', 's', 't', 'i', 'c', 'p', 'l', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mystorymonster.com", true */ 'm', 'y', 's', 't', 'o', 'r', 'y', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mystown.org", true */ 'm', 'y', 's', 't', 'o', 'w', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "mystudy.me", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', '.', 'm', 'e', '\0',
+  /* "mystudycart.com", true */ 'm', 'y', 's', 't', 'u', 'd', 'y', 'c', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "mysupboard.de", true */ 'm', 'y', 's', 'u', 'p', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "myswissmailaddress.com", true */ 'm', 'y', 's', 'w', 'i', 's', 's', 'm', 'a', 'i', 'l', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mytc.fr", true */ 'm', 'y', 't', 'c', '.', 'f', 'r', '\0',
+  /* "mythengay.ch", true */ 'm', 'y', 't', 'h', 'e', 'n', 'g', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "mythicdelirium.com", true */ 'm', 'y', 't', 'h', 'i', 'c', 'd', 'e', 'l', 'i', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "mytraiteurs.com", true */ 'm', 'y', 't', 'r', 'a', 'i', 't', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "mytripcar.co.uk", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "mytripcar.com", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "mytripcar.de", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "mytripcar.es", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'e', 's', '\0',
+  /* "mytripcar.fr", true */ 'm', 'y', 't', 'r', 'i', 'p', 'c', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "mytruecare.org", true */ 'm', 'y', 't', 'r', 'u', 'e', 'c', 'a', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "mytty.net", true */ 'm', 'y', 't', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "myulog.net", true */ 'm', 'y', 'u', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "myupdatestar.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myupdatestudio.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myupdatesystems.com", true */ 'm', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myusagepayments.com", true */ 'm', 'y', 'u', 's', 'a', 'g', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myvacompany.com", true */ 'm', 'y', 'v', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "myvirtualserver.com", true */ 'm', 'y', 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "myvoipnews.com", true */ 'm', 'y', 'v', 'o', 'i', 'p', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "myvpl.com", true */ 'm', 'y', 'v', 'p', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "mywari.com", true */ 'm', 'y', 'w', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "mywebinar.io", true */ 'm', 'y', 'w', 'e', 'b', 'i', 'n', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "myworkinfo.com", false */ 'm', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "myworth.com.au", true */ 'm', 'y', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "myzina.cz", false */ 'm', 'y', 'z', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "mz-mz.net", true */ 'm', 'z', '-', 'm', 'z', '.', 'n', 'e', 't', '\0',
+  /* "mzh.io", true */ 'm', 'z', 'h', '.', 'i', 'o', '\0',
+  /* "mziulu.me", false */ 'm', 'z', 'i', 'u', 'l', 'u', '.', 'm', 'e', '\0',
+  /* "mzorn.photography", true */ 'm', 'z', 'o', 'r', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "n-design.de", true */ 'n', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'd', 'e', '\0',
+  /* "n-kanazawa.jp", true */ 'n', '-', 'k', 'a', 'n', 'a', 'z', 'a', 'w', 'a', '.', 'j', 'p', '\0',
+  /* "n-m.lu", true */ 'n', '-', 'm', '.', 'l', 'u', '\0',
+  /* "n-pix.com", false */ 'n', '-', 'p', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "n-soft.info", true */ 'n', '-', 's', 'o', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "n-un.de", true */ 'n', '-', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "n0paste.tk", false */ 'n', '0', 'p', 'a', 's', 't', 'e', '.', 't', 'k', '\0',
+  /* "n26.com", true */ 'n', '2', '6', '.', 'c', 'o', 'm', '\0',
+  /* "n2servers.com", true */ 'n', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "n3twork.net", true */ 'n', '3', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "n4v.eu", true */ 'n', '4', 'v', '.', 'e', 'u', '\0',
+  /* "n6a.net", true */ 'n', '6', 'a', '.', 'n', 'e', 't', '\0',
+  /* "na.hn", true */ 'n', 'a', '.', 'h', 'n', '\0',
+  /* "naam.me", true */ 'n', 'a', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "nabaleka.com", true */ 'n', 'a', 'b', 'a', 'l', 'e', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nabankco.com", true */ 'n', 'a', 'b', 'a', 'n', 'k', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nachsendeauftrag.net", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'a', 'u', 'f', 't', 'r', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "nachsenden.info", true */ 'n', 'a', 'c', 'h', 's', 'e', 'n', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nachtmuziek.info", true */ 'n', 'a', 'c', 'h', 't', 'm', 'u', 'z', 'i', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nacin.com", true */ 'n', 'a', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nacktwanderfreunde.de", true */ 'n', 'a', 'c', 'k', 't', 'w', 'a', 'n', 'd', 'e', 'r', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "nacyklo.cz", true */ 'n', 'a', 'c', 'y', 'k', 'l', 'o', '.', 'c', 'z', '\0',
+  /* "nadaquenosepas.com", true */ 'n', 'a', 'd', 'a', 'q', 'u', 'e', 'n', 'o', 's', 'e', 'p', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nadejeproninu.cz", true */ 'n', 'a', 'd', 'e', 'j', 'e', 'p', 'r', 'o', 'n', 'i', 'n', 'u', '.', 'c', 'z', '\0',
+  /* "nadelholzkulturen.de", true */ 'n', 'a', 'd', 'e', 'l', 'h', 'o', 'l', 'z', 'k', 'u', 'l', 't', 'u', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "nadine-chaudier.net", true */ 'n', 'a', 'd', 'i', 'n', 'e', '-', 'c', 'h', 'a', 'u', 'd', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nadyaolcer.fr", true */ 'n', 'a', 'd', 'y', 'a', 'o', 'l', 'c', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nafod.net", true */ 'n', 'a', 'f', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "naga-semi.com", true */ 'n', 'a', 'g', 'a', '-', 's', 'e', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nagaragem.com.br", true */ 'n', 'a', 'g', 'a', 'r', 'a', 'g', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nagashi.ma", true */ 'n', 'a', 'g', 'a', 's', 'h', 'i', '.', 'm', 'a', '\0',
+  /* "nagaya.biz", true */ 'n', 'a', 'g', 'a', 'y', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "nagb.gov", true */ 'n', 'a', 'g', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "nagb.org", true */ 'n', 'a', 'g', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "nagel-dentaltechnik.de", true */ 'n', 'a', 'g', 'e', 'l', '-', 'd', 'e', 'n', 't', 'a', 'l', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "nagelfam.com", true */ 'n', 'a', 'g', 'e', 'l', 'f', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "naggie.net", true */ 'n', 'a', 'g', 'g', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "nah.nz", true */ 'n', 'a', 'h', '.', 'n', 'z', '\0',
+  /* "nah.re", true */ 'n', 'a', 'h', '.', 'r', 'e', '\0',
+  /* "nahura.com", true */ 'n', 'a', 'h', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "naiaspa.fr", true */ 'n', 'a', 'i', 'a', 's', 'p', 'a', '.', 'f', 'r', '\0',
+  /* "nailattitude.ch", true */ 'n', 'a', 'i', 'l', 'a', 't', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "nailchiodo.com", true */ 'n', 'a', 'i', 'l', 'c', 'h', 'i', 'o', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nailsalon-aztplus.com", true */ 'n', 'a', 'i', 'l', 's', 'a', 'l', 'o', 'n', '-', 'a', 'z', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nairobibusinessreview.com", true */ 'n', 'a', 'i', 'r', 'o', 'b', 'i', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'r', 'e', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nakama.tv", true */ 'n', 'a', 'k', 'a', 'm', 'a', '.', 't', 'v', '\0',
+  /* "nakandya.com", true */ 'n', 'a', 'k', 'a', 'n', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nakanishi-paint.com", true */ 'n', 'a', 'k', 'a', 'n', 'i', 's', 'h', 'i', '-', 'p', 'a', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nakedalarmclock.me", true */ 'n', 'a', 'k', 'e', 'd', 'a', 'l', 'a', 'r', 'm', 'c', 'l', 'o', 'c', 'k', '.', 'm', 'e', '\0',
+  /* "nakedfacts.co.uk", false */ 'n', 'a', 'k', 'e', 'd', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nakedtruthbeauty.com", true */ 'n', 'a', 'k', 'e', 'd', 't', 'r', 'u', 't', 'h', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nakhonidc.com", true */ 'n', 'a', 'k', 'h', 'o', 'n', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nakliyatsirketi.biz.tr", true */ 'n', 'a', 'k', 'l', 'i', 'y', 'a', 't', 's', 'i', 'r', 'k', 'e', 't', 'i', '.', 'b', 'i', 'z', '.', 't', 'r', '\0',
+  /* "nako.no", true */ 'n', 'a', 'k', 'o', '.', 'n', 'o', '\0',
+  /* "nalao-company.com", true */ 'n', 'a', 'l', 'a', 'o', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nalepky-na-zed.cz", true */ 'n', 'a', 'l', 'e', 'p', 'k', 'y', '-', 'n', 'a', '-', 'z', 'e', 'd', '.', 'c', 'z', '\0',
+  /* "nalepte.cz", true */ 'n', 'a', 'l', 'e', 'p', 't', 'e', '.', 'c', 'z', '\0',
+  /* "nalexandru.xyz", true */ 'n', 'a', 'l', 'e', 'x', 'a', 'n', 'd', 'r', 'u', '.', 'x', 'y', 'z', '\0',
+  /* "nalukfitness.com.br", true */ 'n', 'a', 'l', 'u', 'k', 'f', 'i', 't', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "namaleaks.com", false */ 'n', 'a', 'm', 'a', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "namazvakitleri.com.tr", true */ 'n', 'a', 'm', 'a', 'z', 'v', 'a', 'k', 'i', 't', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "namegrep.com", true */ 'n', 'a', 'm', 'e', 'g', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nameid.org", true */ 'n', 'a', 'm', 'e', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "namepros.com", true */ 'n', 'a', 'm', 'e', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "namereel.com", true */ 'n', 'a', 'm', 'e', 'r', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "namethatporn.com", true */ 'n', 'a', 'm', 'e', 't', 'h', 'a', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nametiles.co", true */ 'n', 'a', 'm', 'e', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '\0',
+  /* "namikawatetsuji.jp", true */ 'n', 'a', 'm', 'i', 'k', 'a', 'w', 'a', 't', 'e', 't', 's', 'u', 'j', 'i', '.', 'j', 'p', '\0',
+  /* "naminam.de", true */ 'n', 'a', 'm', 'i', 'n', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "namrs.net", true */ 'n', 'a', 'm', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "namu.moe", true */ 'n', 'a', 'm', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "namu.wiki", true */ 'n', 'a', 'm', 'u', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "nanami.moe", true */ 'n', 'a', 'n', 'a', 'm', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "nanarose.ch", true */ 'n', 'a', 'n', 'a', 'r', 'o', 's', 'e', '.', 'c', 'h', '\0',
+  /* "nanch.com", true */ 'n', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nanderson.me", true */ 'n', 'a', 'n', 'd', 'e', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "nanfangstone.com", true */ 'n', 'a', 'n', 'f', 'a', 'n', 'g', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nani.io", true */ 'n', 'a', 'n', 'i', '.', 'i', 'o', '\0',
+  /* "nankiseamansclub.com", true */ 'n', 'a', 'n', 'k', 'i', 's', 'e', 'a', 'm', 'a', 'n', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nanogi.ga", true */ 'n', 'a', 'n', 'o', 'g', 'i', '.', 'g', 'a', '\0',
+  /* "nanotechnologist.com", true */ 'n', 'a', 'n', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nanovolt.nl", true */ 'n', 'a', 'n', 'o', 'v', 'o', 'l', 't', '.', 'n', 'l', '\0',
+  /* "nanpuyue.com", true */ 'n', 'a', 'n', 'p', 'u', 'y', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nanubo.com", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nanubo.de", true */ 'n', 'a', 'n', 'u', 'b', 'o', '.', 'd', 'e', '\0',
+  /* "naoar.com", true */ 'n', 'a', 'o', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "naotone.com", true */ 'n', 'a', 'o', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "napcae.de", true */ 'n', 'a', 'p', 'c', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "napisynapomniky.cz", true */ 'n', 'a', 'p', 'i', 's', 'y', 'n', 'a', 'p', 'o', 'm', 'n', 'i', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "napolinissanctparts.com", true */ 'n', 'a', 'p', 'o', 'l', 'i', 'n', 'i', 's', 's', 'a', 'n', 'c', 't', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "narach.com", true */ 'n', 'a', 'r', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "narada.com.ua", true */ 'n', 'a', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "naralogics.com", true */ 'n', 'a', 'r', 'a', 'l', 'o', 'g', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "narazaka.net", true */ 'n', 'a', 'r', 'a', 'z', 'a', 'k', 'a', '.', 'n', 'e', 't', '\0',
+  /* "narfation.org", true */ 'n', 'a', 'r', 'f', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nargele.eu", true */ 'n', 'a', 'r', 'g', 'e', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "nargileh.nl", true */ 'n', 'a', 'r', 'g', 'i', 'l', 'e', 'h', '.', 'n', 'l', '\0',
+  /* "narindal.ch", true */ 'n', 'a', 'r', 'i', 'n', 'd', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "narko.space", true */ 'n', 'a', 'r', 'k', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "narmos.ch", true */ 'n', 'a', 'r', 'm', 'o', 's', '.', 'c', 'h', '\0',
+  /* "naro.se", true */ 'n', 'a', 'r', 'o', '.', 's', 'e', '\0',
+  /* "naroska.name", true */ 'n', 'a', 'r', 'o', 's', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "narrativasdigitais.pt", true */ 'n', 'a', 'r', 'r', 'a', 't', 'i', 'v', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'i', 's', '.', 'p', 't', '\0',
+  /* "narthollis.net", false */ 'n', 'a', 'r', 't', 'h', 'o', 'l', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "nasarawanewsonline.com", true */ 'n', 'a', 's', 'a', 'r', 'a', 'w', 'a', 'n', 'e', 'w', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nasbi.pl", true */ 'n', 'a', 's', 'b', 'i', '.', 'p', 'l', '\0',
+  /* "nasbnation.com", true */ 'n', 'a', 's', 'b', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nascher.org", false */ 'n', 'a', 's', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "nasmocopati.com", true */ 'n', 'a', 's', 'm', 'o', 'c', 'o', 'p', 'a', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nasrsolar.com", true */ 'n', 'a', 's', 'r', 's', 'o', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nassi.me", true */ 'n', 'a', 's', 's', 'i', '.', 'm', 'e', '\0',
+  /* "nastoletni.pl", true */ 'n', 'a', 's', 't', 'o', 'l', 'e', 't', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "nastysclaw.com", true */ 'n', 'a', 's', 't', 'y', 's', 'c', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nataldigital.com", true */ 'n', 'a', 't', 'a', 'l', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nataliedawnhanson.com", true */ 'n', 'a', 't', 'a', 'l', 'i', 'e', 'd', 'a', 'w', 'n', 'h', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "natalydanilova.com", true */ 'n', 'a', 't', 'a', 'l', 'y', 'd', 'a', 'n', 'i', 'l', 'o', 'v', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "natanaelys.com", false */ 'n', 'a', 't', 'a', 'n', 'a', 'e', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "natation-nsh.com", true */ 'n', 'a', 't', 'a', 't', 'i', 'o', 'n', '-', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "natatorium.org", true */ 'n', 'a', 't', 'a', 't', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "natchmatch.com", true */ 'n', 'a', 't', 'c', 'h', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nate.sh", true */ 'n', 'a', 't', 'e', '.', 's', 'h', '\0',
+  /* "natecraun.net", true */ 'n', 'a', 't', 'e', 'c', 'r', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "natenom.com", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "natenom.de", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "natenom.name", true */ 'n', 'a', 't', 'e', 'n', 'o', 'm', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "nathaliebaron.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "nathaliebaroncoaching.ch", true */ 'n', 'a', 't', 'h', 'a', 'l', 'i', 'e', 'b', 'a', 'r', 'o', 'n', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "nathan.io", true */ 'n', 'a', 't', 'h', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "nathankonopinski.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 'k', 'o', 'n', 'o', 'p', 'i', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nathansmetana.com", true */ 'n', 'a', 't', 'h', 'a', 'n', 's', 'm', 'e', 't', 'a', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nathumarket.com.br", true */ 'n', 'a', 't', 'h', 'u', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nationalcentereg.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'e', 'n', 't', 'e', 'r', 'e', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "nationalcprfoundation.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'p', 'r', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nationalcrimecheck.com.au", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'i', 'm', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nationalmap.gov", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'm', 'a', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "nationalpriorities.org", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'p', 'r', 'i', 'o', 'r', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nationaltaxprep.com", true */ 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 't', 'a', 'x', 'p', 'r', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "natives-team.ch", true */ 'n', 'a', 't', 'i', 'v', 'e', 's', '-', 't', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "nativs.ch", true */ 'n', 'a', 't', 'i', 'v', 's', '.', 'c', 'h', '\0',
+  /* "natlec.com", true */ 'n', 'a', 't', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "natsumihoshino.com", true */ 'n', 'a', 't', 's', 'u', 'm', 'i', 'h', 'o', 's', 'h', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "natur-udvar.hu", true */ 'n', 'a', 't', 'u', 'r', '-', 'u', 'd', 'v', 'a', 'r', '.', 'h', 'u', '\0',
+  /* "naturalcommission.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'c', 'o', 'm', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "naturalkitchen.co.uk", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 'k', 'i', 't', 'c', 'h', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "naturalspacesdomes.com", true */ 'n', 'a', 't', 'u', 'r', 'a', 'l', 's', 'p', 'a', 'c', 'e', 's', 'd', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "naturaum.de", true */ 'n', 'a', 't', 'u', 'r', 'a', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "natureflo.net", true */ 'n', 'a', 't', 'u', 'r', 'e', 'f', 'l', 'o', '.', 'n', 'e', 't', '\0',
+  /* "naturesorganichaven.com", true */ 'n', 'a', 't', 'u', 'r', 'e', 's', 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "naturheilpraxis-orlowsky.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'o', 'r', 'l', 'o', 'w', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "naturheilpraxis-p-grote.de", true */ 'n', 'a', 't', 'u', 'r', 'h', 'e', 'i', 'l', 'p', 'r', 'a', 'x', 'i', 's', '-', 'p', '-', 'g', 'r', 'o', 't', 'e', '.', 'd', 'e', '\0',
+  /* "naturline.com", true */ 'n', 'a', 't', 'u', 'r', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "naturtint.co.uk", true */ 'n', 'a', 't', 'u', 'r', 't', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "natusvita.com.br", true */ 'n', 'a', 't', 'u', 's', 'v', 'i', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "natuterra.com.br", true */ 'n', 'a', 't', 'u', 't', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "naude.co", false */ 'n', 'a', 'u', 'd', 'e', '.', 'c', 'o', '\0',
+  /* "naughty.audio", true */ 'n', 'a', 'u', 'g', 'h', 't', 'y', '.', 'a', 'u', 'd', 'i', 'o', '\0',
+  /* "nautiljon.com", true */ 'n', 'a', 'u', 't', 'i', 'l', 'j', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nautsch.de", true */ 'n', 'a', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "navdeep.ca", true */ 'n', 'a', 'v', 'd', 'e', 'e', 'p', '.', 'c', 'a', '\0',
+  /* "navenlle.com", false */ 'n', 'a', 'v', 'e', 'n', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "naviaddress.io", false */ 'n', 'a', 'v', 'i', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "navigate-it-services.de", false */ 'n', 'a', 'v', 'i', 'g', 'a', 't', 'e', '-', 'i', 't', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "naviteq.eu", true */ 'n', 'a', 'v', 'i', 't', 'e', 'q', '.', 'e', 'u', '\0',
+  /* "navitime.me", true */ 'n', 'a', 'v', 'i', 't', 'i', 'm', 'e', '.', 'm', 'e', '\0',
+  /* "navstevnik.sk", true */ 'n', 'a', 'v', 's', 't', 'e', 'v', 'n', 'i', 'k', '.', 's', 'k', '\0',
+  /* "navycs.com", true */ 'n', 'a', 'v', 'y', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nawir.de", true */ 'n', 'a', 'w', 'i', 'r', '.', 'd', 'e', '\0',
+  /* "nawroth.info", true */ 'n', 'a', 'w', 'r', 'o', 't', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nayahe.ru", true */ 'n', 'a', 'y', 'a', 'h', 'e', '.', 'r', 'u', '\0',
+  /* "nayanaas.com", true */ 'n', 'a', 'y', 'a', 'n', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nazevfirmy.cz", true */ 'n', 'a', 'z', 'e', 'v', 'f', 'i', 'r', 'm', 'y', '.', 'c', 'z', '\0',
+  /* "nb.zone", true */ 'n', 'b', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "nb6.de", true */ 'n', 'b', '6', '.', 'd', 'e', '\0',
+  /* "nba-2k.com", true */ 'n', 'b', 'a', '-', '2', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nba.christmas", true */ 'n', 'b', 'a', '.', 'c', 'h', 'r', 'i', 's', 't', 'm', 'a', 's', '\0',
+  /* "nba.com.de", true */ 'n', 'b', 'a', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "nba.de.com", true */ 'n', 'b', 'a', '.', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nba.download", true */ 'n', 'b', 'a', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "nba.gd", true */ 'n', 'b', 'a', '.', 'g', 'd', '\0',
+  /* "nba.gs", true */ 'n', 'b', 'a', '.', 'g', 's', '\0',
+  /* "nba.gy", true */ 'n', 'b', 'a', '.', 'g', 'y', '\0',
+  /* "nba.hosting", true */ 'n', 'b', 'a', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "nba.im", true */ 'n', 'b', 'a', '.', 'i', 'm', '\0',
+  /* "nba.live", true */ 'n', 'b', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "nba.lu", true */ 'n', 'b', 'a', '.', 'l', 'u', '\0',
+  /* "nba.moe", true */ 'n', 'b', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "nba.trade", true */ 'n', 'b', 'a', '.', 't', 'r', 'a', 'd', 'e', '\0',
+  /* "nba.vc", true */ 'n', 'b', 'a', '.', 'v', 'c', '\0',
+  /* "nba.vg", true */ 'n', 'b', 'a', '.', 'v', 'g', '\0',
+  /* "nba2.com", true */ 'n', 'b', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "nba2k.blog", true */ 'n', 'b', 'a', '2', 'k', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "nba2k.cc", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'c', '\0',
+  /* "nba2k.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'n', '\0',
+  /* "nba2k.co", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', '\0',
+  /* "nba2k.com.cn", true */ 'n', 'b', 'a', '2', 'k', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "nba2k.download", true */ 'n', 'b', 'a', '2', 'k', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "nba2k.live", true */ 'n', 'b', 'a', '2', 'k', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "nba2k.net", true */ 'n', 'b', 'a', '2', 'k', '.', 'n', 'e', 't', '\0',
+  /* "nba2k.online", true */ 'n', 'b', 'a', '2', 'k', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "nba2k.tw", true */ 'n', 'b', 'a', '2', 'k', '.', 't', 'w', '\0',
+  /* "nba2kcn.com", true */ 'n', 'b', 'a', '2', 'k', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmods.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmt.com", true */ 'n', 'b', 'a', '2', 'k', 'm', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kmy.team", true */ 'n', 'b', 'a', '2', 'k', 'm', 'y', '.', 't', 'e', 'a', 'm', '\0',
+  /* "nba2kol.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nba2konline.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nba2konlinex.com", true */ 'n', 'b', 'a', '2', 'k', 'o', 'n', 'l', 'i', 'n', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kqq.com", true */ 'n', 'b', 'a', '2', 'k', 'q', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "nba2kx.com", true */ 'n', 'b', 'a', '2', 'k', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nbadancers.com", true */ 'n', 'b', 'a', 'd', 'a', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nbade.com", true */ 'n', 'b', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nbafile.com", true */ 'n', 'b', 'a', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nbagirls.com", true */ 'n', 'b', 'a', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nbaim.com", true */ 'n', 'b', 'a', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "nbaimg.com", true */ 'n', 'b', 'a', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nbalive.cn", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', '.', 'c', 'n', '\0',
+  /* "nbalivecn.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'c', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nbalivex.com", true */ 'n', 'b', 'a', 'l', 'i', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nbari.com", true */ 'n', 'b', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbask.com", true */ 'n', 'b', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nbasky.com", true */ 'n', 'b', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nbaspot.com", true */ 'n', 'b', 'a', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nbavc.com", true */ 'n', 'b', 'a', 'v', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nbavg.com", true */ 'n', 'b', 'a', 'v', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nbayouxi.com", true */ 'n', 'b', 'a', 'y', 'o', 'u', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbl.org.tw", true */ 'n', 'b', 'l', '.', 'o', 'r', 'g', '.', 't', 'w', '\0',
+  /* "nbp.com.pk", true */ 'n', 'b', 'p', '.', 'c', 'o', 'm', '.', 'p', 'k', '\0',
+  /* "nbrii.com", true */ 'n', 'b', 'r', 'i', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nbriresearch.com", true */ 'n', 'b', 'r', 'i', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nbrown.us", true */ 'n', 'b', 'r', 'o', 'w', 'n', '.', 'u', 's', '\0',
+  /* "nbtparse.org", true */ 'n', 'b', 't', 'p', 'a', 'r', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nbur.co.uk", true */ 'n', 'b', 'u', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nc99.co", true */ 'n', 'c', '9', '9', '.', 'c', 'o', '\0',
+  /* "ncamarquee.co.uk", true */ 'n', 'c', 'a', 'm', 'a', 'r', 'q', 'u', 'e', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ncands.net", true */ 'n', 'c', 'a', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "ncaq.net", true */ 'n', 'c', 'a', 'q', '.', 'n', 'e', 't', '\0',
+  /* "ncc-qualityandsafety.org", true */ 'n', 'c', 'c', '-', 'q', 'u', 'a', 'l', 'i', 't', 'y', 'a', 'n', 'd', 's', 'a', 'f', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "ncconsumer.org", true */ 'n', 'c', 'c', 'o', 'n', 's', 'u', 'm', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ncea.net.au", true */ 'n', 'c', 'e', 'a', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "nchangfong.com", true */ 'n', 'c', 'h', 'a', 'n', 'g', 'f', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nchristo.com", true */ 'n', 'c', 'h', 'r', 'i', 's', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nclvle.co.uk", true */ 'n', 'c', 'l', 'v', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ncpw.gov", true */ 'n', 'c', 'p', 'w', '.', 'g', 'o', 'v', '\0',
+  /* "ncrmnt.org", true */ 'n', 'c', 'r', 'm', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "ncsccs.com", true */ 'n', 'c', 's', 'c', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ncstep.org", true */ 'n', 'c', 's', 't', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "ndarville.com", true */ 'n', 'd', 'a', 'r', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ndbt.com", true */ 'n', 'd', 'b', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ndcpolipak.com", true */ 'n', 'd', 'c', 'p', 'o', 'l', 'i', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ndeoffshore.com", true */ 'n', 'd', 'e', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nder.be", true */ 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "ndmath.club", true */ 'n', 'd', 'm', 'a', 't', 'h', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "ndpbrn-research.org", true */ 'n', 'd', 'p', 'b', 'r', 'n', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "ndtblog.com", true */ 'n', 'd', 't', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ndy.sex", true */ 'n', 'd', 'y', '.', 's', 'e', 'x', '\0',
+  /* "ne-on.org", true */ 'n', 'e', '-', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ne1home.dyndns.org", true */ 'n', 'e', '1', 'h', 'o', 'm', 'e', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neap.io", true */ 'n', 'e', 'a', 'p', '.', 'i', 'o', '\0',
+  /* "nearby.in.th", true */ 'n', 'e', 'a', 'r', 'b', 'y', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "neartothesky.com", true */ 'n', 'e', 'a', 'r', 't', 'o', 't', 'h', 'e', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neatous.cz", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'c', 'z', '\0',
+  /* "neatous.net", true */ 'n', 'e', 'a', 't', 'o', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "neave.tv", true */ 'n', 'e', 'a', 'v', 'e', '.', 't', 'v', '\0',
+  /* "neba.io", true */ 'n', 'e', 'b', 'a', '.', 'i', 'o', '\0',
+  /* "nebelheim.de", true */ 'n', 'e', 'b', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "nebra.io", true */ 'n', 'e', 'b', 'r', 'a', '.', 'i', 'o', '\0',
+  /* "nebul.at", true */ 'n', 'e', 'b', 'u', 'l', '.', 'a', 't', '\0',
+  /* "nebulae.co", true */ 'n', 'e', 'b', 'u', 'l', 'a', 'e', '.', 'c', 'o', '\0',
+  /* "nebuluxcapital.com", true */ 'n', 'e', 'b', 'u', 'l', 'u', 'x', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "necesitodinero.org", true */ 'n', 'e', 'c', 'e', 's', 'i', 't', 'o', 'd', 'i', 'n', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "necessaryandproportionate.net", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "necessaryandproportionate.org", true */ 'n', 'e', 'c', 'e', 's', 's', 'a', 'r', 'y', 'a', 'n', 'd', 'p', 'r', 'o', 'p', 'o', 'r', 't', 'i', 'o', 'n', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "necormansir.com", true */ 'n', 'e', 'c', 'o', 'r', 'm', 'a', 'n', 's', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nectarleaf.com", true */ 'n', 'e', 'c', 't', 'a', 'r', 'l', 'e', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "nedcdata.org", true */ 'n', 'e', 'd', 'c', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "nedim-accueil.fr", true */ 'n', 'e', 'd', 'i', 'm', '-', 'a', 'c', 'c', 'u', 'e', 'i', 'l', '.', 'f', 'r', '\0',
+  /* "nediyor.com", true */ 'n', 'e', 'd', 'i', 'y', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nedlinin.com", true */ 'n', 'e', 'd', 'l', 'i', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nedraconsult.ru", true */ 'n', 'e', 'd', 'r', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', '.', 'r', 'u', '\0',
+  /* "neecist.org", true */ 'n', 'e', 'e', 'c', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "needle.net.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "needle.nz", true */ 'n', 'e', 'e', 'd', 'l', 'e', '.', 'n', 'z', '\0',
+  /* "needstyle.ru", true */ 'n', 'e', 'e', 'd', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "neeerd.org", true */ 'n', 'e', 'e', 'e', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "neel.ch", true */ 'n', 'e', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "neemzy.org", true */ 'n', 'e', 'e', 'm', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "neet-investor.biz", true */ 'n', 'e', 'e', 't', '-', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "nefertitis.cz", true */ 'n', 'e', 'f', 'e', 'r', 't', 'i', 't', 'i', 's', '.', 'c', 'z', '\0',
+  /* "neftebitum-kngk.ru", true */ 'n', 'e', 'f', 't', 'e', 'b', 'i', 't', 'u', 'm', '-', 'k', 'n', 'g', 'k', '.', 'r', 'u', '\0',
+  /* "neg9.org", false */ 'n', 'e', 'g', '9', '.', 'o', 'r', 'g', '\0',
+  /* "negai.moe", true */ 'n', 'e', 'g', 'a', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "neglecteddiseases.gov", true */ 'n', 'e', 'g', 'l', 'e', 'c', 't', 'e', 'd', 'd', 'i', 's', 'e', 'a', 's', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "negraelinda.com", true */ 'n', 'e', 'g', 'r', 'a', 'e', 'l', 'i', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nehoupat.cz", true */ 'n', 'e', 'h', 'o', 'u', 'p', 'a', 't', '.', 'c', 'z', '\0',
+  /* "neillans.co.uk", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "neillans.com", true */ 'n', 'e', 'i', 'l', 'l', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neilwynne.com", true */ 'n', 'e', 'i', 'l', 'w', 'y', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neio.uk", true */ 'n', 'e', 'i', 'o', '.', 'u', 'k', '\0',
+  /* "neko-nyan-nuko.com", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '-', 'n', 'u', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "neko-nyan.org", true */ 'n', 'e', 'k', 'o', '-', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "neko.li", true */ 'n', 'e', 'k', 'o', '.', 'l', 'i', '\0',
+  /* "neko.ml", true */ 'n', 'e', 'k', 'o', '.', 'm', 'l', '\0',
+  /* "nekodex.net", true */ 'n', 'e', 'k', 'o', 'd', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nekoku.io", true */ 'n', 'e', 'k', 'o', 'k', 'u', '.', 'i', 'o', '\0',
+  /* "nekolove.jp", true */ 'n', 'e', 'k', 'o', 'l', 'o', 'v', 'e', '.', 'j', 'p', '\0',
+  /* "nekomimi.pl", true */ 'n', 'e', 'k', 'o', 'm', 'i', 'm', 'i', '.', 'p', 'l', '\0',
+  /* "nekosc.com", true */ 'n', 'e', 'k', 'o', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nekowa.moe", true */ 'n', 'e', 'k', 'o', 'w', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "nelhage.com", true */ 'n', 'e', 'l', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nella-project.org", true */ 'n', 'e', 'l', 'l', 'a', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "nella.io", true */ 'n', 'e', 'l', 'l', 'a', '.', 'i', 'o', '\0',
+  /* "nellacms.com", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nellacms.org", true */ 'n', 'e', 'l', 'l', 'a', 'c', 'm', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nellafw.org", true */ 'n', 'e', 'l', 'l', 'a', 'f', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "nellen.it", true */ 'n', 'e', 'l', 'l', 'e', 'n', '.', 'i', 't', '\0',
+  /* "nemcd.com", true */ 'n', 'e', 'm', 'c', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nemecl.eu", true */ 'n', 'e', 'm', 'e', 'c', 'l', '.', 'e', 'u', '\0',
+  /* "nemez.net", true */ 'n', 'e', 'm', 'e', 'z', '.', 'n', 'e', 't', '\0',
+  /* "nemo.run", true */ 'n', 'e', 'm', 'o', '.', 'r', 'u', 'n', '\0',
+  /* "nemopan.com", true */ 'n', 'e', 'm', 'o', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nemumu.com", true */ 'n', 'e', 'm', 'u', 'm', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nemunai.re", true */ 'n', 'e', 'm', 'u', 'n', 'a', 'i', '.', 'r', 'e', '\0',
+  /* "neo2shyalien.eu", false */ 'n', 'e', 'o', '2', 's', 'h', 'y', 'a', 'l', 'i', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "neobits.nl", true */ 'n', 'e', 'o', 'b', 'i', 't', 's', '.', 'n', 'l', '\0',
+  /* "neocities.org", true */ 'n', 'e', 'o', 'c', 'i', 't', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neoclick.io", true */ 'n', 'e', 'o', 'c', 'l', 'i', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "neojo.org", true */ 'n', 'e', 'o', 'j', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "neokobe.city", true */ 'n', 'e', 'o', 'k', 'o', 'b', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "neolaudia.es", true */ 'n', 'e', 'o', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'e', 's', '\0',
+  /* "neons.org", true */ 'n', 'e', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "neophilus.net", true */ 'n', 'e', 'o', 'p', 'h', 'i', 'l', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "neosdesignstudio.co.uk", true */ 'n', 'e', 'o', 's', 'd', 'e', 's', 'i', 'g', 'n', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "neostralis.com", true */ 'n', 'e', 'o', 's', 't', 'r', 'a', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neowlan.net", true */ 'n', 'e', 'o', 'w', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "neoxcrf.com", true */ 'n', 'e', 'o', 'x', 'c', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "neoz.com.br", true */ 'n', 'e', 'o', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nepal-evolution.org", true */ 'n', 'e', 'p', 'a', 'l', '-', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nephelion.org", true */ 'n', 'e', 'p', 'h', 'e', 'l', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nephos.xyz", true */ 'n', 'e', 'p', 'h', 'o', 's', '.', 'x', 'y', 'z', '\0',
+  /* "nepovolenainternetovahazardnihra.cz", true */ 'n', 'e', 'p', 'o', 'v', 'o', 'l', 'e', 'n', 'a', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'o', 'v', 'a', 'h', 'a', 'z', 'a', 'r', 'd', 'n', 'i', 'h', 'r', 'a', '.', 'c', 'z', '\0',
+  /* "nercp.org.uk", true */ 'n', 'e', 'r', 'c', 'p', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "nerdjokes.de", true */ 'n', 'e', 'r', 'd', 'j', 'o', 'k', 'e', 's', '.', 'd', 'e', '\0',
+  /* "nerdmind.de", true */ 'n', 'e', 'r', 'd', 'm', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "nerdoutstudios.tv", true */ 'n', 'e', 'r', 'd', 'o', 'u', 't', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 't', 'v', '\0',
+  /* "nerdpol.ch", true */ 'n', 'e', 'r', 'd', 'p', 'o', 'l', '.', 'c', 'h', '\0',
+  /* "nerds-gegen-stephan.de", true */ 'n', 'e', 'r', 'd', 's', '-', 'g', 'e', 'g', 'e', 'n', '-', 's', 't', 'e', 'p', 'h', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "nerds.company", false */ 'n', 'e', 'r', 'd', 's', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0',
+  /* "nerdtime.de", true */ 'n', 'e', 'r', 'd', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "nerdydev.net", true */ 'n', 'e', 'r', 'd', 'y', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "nerot.eu", true */ 'n', 'e', 'r', 'o', 't', '.', 'e', 'u', '\0',
+  /* "nerull7.info", true */ 'n', 'e', 'r', 'u', 'l', 'l', '7', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "nerven.se", false */ 'n', 'e', 'r', 'v', 'e', 'n', '.', 's', 'e', '\0',
+  /* "nesantuoka.lt", true */ 'n', 'e', 's', 'a', 'n', 't', 'u', 'o', 'k', 'a', '.', 'l', 't', '\0',
+  /* "nesolabs.com", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nesolabs.de", true */ 'n', 'e', 's', 'o', 'l', 'a', 'b', 's', '.', 'd', 'e', '\0',
+  /* "nesterov.pw", true */ 'n', 'e', 's', 't', 'e', 'r', 'o', 'v', '.', 'p', 'w', '\0',
+  /* "nestor.nu", true */ 'n', 'e', 's', 't', 'o', 'r', '.', 'n', 'u', '\0',
+  /* "neswec.org.uk", true */ 'n', 'e', 's', 'w', 'e', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "net-safe.info", true */ 'n', 'e', 't', '-', 's', 'a', 'f', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "net4visions.at", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'a', 't', '\0',
+  /* "net4visions.de", true */ 'n', 'e', 't', '4', 'v', 'i', 's', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "netamia.com", true */ 'n', 'e', 't', 'a', 'm', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "netapps.de", true */ 'n', 'e', 't', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "netba.net", true */ 'n', 'e', 't', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "netbank.com.au", true */ 'n', 'e', 't', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "netbears.com", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netbears.ro", true */ 'n', 'e', 't', 'b', 'e', 'a', 'r', 's', '.', 'r', 'o', '\0',
+  /* "netbows.com", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netbows.es", true */ 'n', 'e', 't', 'b', 'o', 'w', 's', '.', 'e', 's', '\0',
+  /* "netbulls.io", true */ 'n', 'e', 't', 'b', 'u', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "netbuzz.ru", true */ 'n', 'e', 't', 'b', 'u', 'z', 'z', '.', 'r', 'u', '\0',
+  /* "netconnect.at", true */ 'n', 'e', 't', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'a', 't', '\0',
+  /* "netcoolusers.org", true */ 'n', 'e', 't', 'c', 'o', 'o', 'l', 'u', 's', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "netde.jp", true */ 'n', 'e', 't', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "netdego.jp", true */ 'n', 'e', 't', 'd', 'e', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "netdex.co", true */ 'n', 'e', 't', 'd', 'e', 'x', '.', 'c', 'o', '\0',
+  /* "netducks.com", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netducks.space", true */ 'n', 'e', 't', 'd', 'u', 'c', 'k', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "netera.se", true */ 'n', 'e', 't', 'e', 'r', 'a', '.', 's', 'e', '\0',
+  /* "netfabb.com", true */ 'n', 'e', 't', 'f', 'a', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "netfs.pl", false */ 'n', 'e', 't', 'f', 's', '.', 'p', 'l', '\0',
+  /* "netfxharmonics.com", true */ 'n', 'e', 't', 'f', 'x', 'h', 'a', 'r', 'm', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "netguide.co.nz", true */ 'n', 'e', 't', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "nethackwiki.com", true */ 'n', 'e', 't', 'h', 'a', 'c', 'k', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nethruster.com", true */ 'n', 'e', 't', 'h', 'r', 'u', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nethunter.top", true */ 'n', 'e', 't', 'h', 'u', 'n', 't', 'e', 'r', '.', 't', 'o', 'p', '\0',
+  /* "netki.com", true */ 'n', 'e', 't', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "netlentes.com.br", true */ 'n', 'e', 't', 'l', 'e', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "netlocal.ru", true */ 'n', 'e', 't', 'l', 'o', 'c', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "netmagicas.com.br", true */ 'n', 'e', 't', 'm', 'a', 'g', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "netmeister.org", true */ 'n', 'e', 't', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "netnik.de", true */ 'n', 'e', 't', 'n', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "netnodes.net", true */ 'n', 'e', 't', 'n', 'o', 'd', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "netrelay.email", true */ 'n', 'e', 't', 'r', 'e', 'l', 'a', 'y', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "netrider.net.au", false */ 'n', 'e', 't', 'r', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "netronix.be", true */ 'n', 'e', 't', 'r', 'o', 'n', 'i', 'x', '.', 'b', 'e', '\0',
+  /* "netscaler.expert", true */ 'n', 'e', 't', 's', 'c', 'a', 'l', 'e', 'r', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "netsight.org", true */ 'n', 'e', 't', 's', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "netsigna.de", true */ 'n', 'e', 't', 's', 'i', 'g', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "netsite.dk", true */ 'n', 'e', 't', 's', 'i', 't', 'e', '.', 'd', 'k', '\0',
+  /* "netsoins.org", true */ 'n', 'e', 't', 's', 'o', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "netsparker.com", false */ 'n', 'e', 't', 's', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "netsystems.pro", true */ 'n', 'e', 't', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'p', 'r', 'o', '\0',
+  /* "nette.org", true */ 'n', 'e', 't', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nettia.fi", true */ 'n', 'e', 't', 't', 'i', 'a', '.', 'f', 'i', '\0',
+  /* "netto-service.ch", true */ 'n', 'e', 't', 't', 'o', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "nettools.link", true */ 'n', 'e', 't', 't', 'o', 'o', 'l', 's', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "nettopower.dk", true */ 'n', 'e', 't', 't', 'o', 'p', 'o', 'w', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "nettplusultra-rhone.fr", true */ 'n', 'e', 't', 't', 'p', 'l', 'u', 's', 'u', 'l', 't', 'r', 'a', '-', 'r', 'h', 'o', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "nettx.co.uk", true */ 'n', 'e', 't', 't', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "netulo.com", true */ 'n', 'e', 't', 'u', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "netvizura.co.uk", true */ 'n', 'e', 't', 'v', 'i', 'z', 'u', 'r', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "netwarc.eu", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'e', 'u', '\0',
+  /* "netwarc.nl", true */ 'n', 'e', 't', 'w', 'a', 'r', 'c', '.', 'n', 'l', '\0',
+  /* "netweaver.uk", true */ 'n', 'e', 't', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "netwerkmanager.nl", false */ 'n', 'e', 't', 'w', 'e', 'r', 'k', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "network-notes.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "network23.nl", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', '2', '3', '.', 'n', 'l', '\0',
+  /* "networkersdiary.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'e', 'r', 's', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "networking4all.com", false */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "networkingnexus.net", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'n', 'e', 'x', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "networkingphoenix.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "networkmarketingpro.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "networkposting.com", true */ 'n', 'e', 't', 'w', 'o', 'r', 'k', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "networth.at", true */ 'n', 'e', 't', 'w', 'o', 'r', 't', 'h', '.', 'a', 't', '\0',
+  /* "netzfrauen.org", true */ 'n', 'e', 't', 'z', 'f', 'r', 'a', 'u', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "netzspielplatz.de", true */ 'n', 'e', 't', 'z', 's', 'p', 'i', 'e', 'l', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "netzwerkwerk.de", true */ 'n', 'e', 't', 'z', 'w', 'e', 'r', 'k', 'w', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "neuch.info", true */ 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "neuflizeobc.net", true */ 'n', 'e', 'u', 'f', 'l', 'i', 'z', 'e', 'o', 'b', 'c', '.', 'n', 'e', 't', '\0',
+  /* "neuhaus-city.de", true */ 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'c', 'i', 't', 'y', '.', 'd', 'e', '\0',
+  /* "neurabyte.com", true */ 'n', 'e', 'u', 'r', 'a', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neurexcellence.com", true */ 'n', 'e', 'u', 'r', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neurobiology.com", true */ 'n', 'e', 'u', 'r', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neurochip.com", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "neurocny.cloud", true */ 'n', 'e', 'u', 'r', 'o', 'c', 'n', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "neuroethics.com", true */ 'n', 'e', 'u', 'r', 'o', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neurogroove.info", true */ 'n', 'e', 'u', 'r', 'o', 'g', 'r', 'o', 'o', 'v', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "neuronasdigitales.com", true */ 'n', 'e', 'u', 'r', 'o', 'n', 'a', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "neuropharmacology.com", true */ 'n', 'e', 'u', 'r', 'o', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "neurotransmitter.net", true */ 'n', 'e', 'u', 'r', 'o', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "neutralox.com", false */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "neutralvehicle.com", true */ 'n', 'e', 'u', 't', 'r', 'a', 'l', 'v', 'e', 'h', 'i', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "neuwal.com", true */ 'n', 'e', 'u', 'w', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "neverwetturkey.com", true */ 'n', 'e', 'v', 'e', 'r', 'w', 'e', 't', 't', 'u', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nevntech.com", true */ 'n', 'e', 'v', 'n', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nevolution.me", true */ 'n', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "nevoxo.com", true */ 'n', 'e', 'v', 'o', 'x', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "new-black-order.com", true */ 'n', 'e', 'w', '-', 'b', 'l', 'a', 'c', 'k', '-', 'o', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "new-ms.com", true */ 'n', 'e', 'w', '-', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "new-process.ch", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "new-process.com", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "new-process.de", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'd', 'e', '\0',
+  /* "new-process.eu", true */ 'n', 'e', 'w', '-', 'p', 'r', 'o', 'c', 'e', 's', 's', '.', 'e', 'u', '\0',
+  /* "new.travel.pl", true */ 'n', 'e', 'w', '.', 't', 'r', 'a', 'v', 'e', 'l', '.', 'p', 'l', '\0',
+  /* "newaccess.ch", true */ 'n', 'e', 'w', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "newantiagingcreams.com", true */ 'n', 'e', 'w', 'a', 'n', 't', 'i', 'a', 'g', 'i', 'n', 'g', 'c', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "newbietech.cn", true */ 'n', 'e', 'w', 'b', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'n', '\0',
+  /* "newbownerton.xyz", true */ 'n', 'e', 'w', 'b', 'o', 'w', 'n', 'e', 'r', 't', 'o', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "newburybouncycastles.co.uk", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "newburyparkelectrical.com", true */ 'n', 'e', 'w', 'b', 'u', 'r', 'y', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "newcitygas.ca", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'g', 'a', 's', '.', 'c', 'a', '\0',
+  /* "newcityinfo.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "newcitystudio.ch", true */ 'n', 'e', 'w', 'c', 'i', 't', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "newcreamforface.com", true */ 'n', 'e', 'w', 'c', 'r', 'e', 'a', 'm', 'f', 'o', 'r', 'f', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "newday.host", true */ 'n', 'e', 'w', 'd', 'a', 'y', '.', 'h', 'o', 's', 't', '\0',
+  /* "newfacialbeautycream.com", true */ 'n', 'e', 'w', 'f', 'a', 'c', 'i', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "newfiepedia.ca", true */ 'n', 'e', 'w', 'f', 'i', 'e', 'p', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "newgrowbook.com", true */ 'n', 'e', 'w', 'g', 'r', 'o', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "newguidance.ch", true */ 'n', 'e', 'w', 'g', 'u', 'i', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "newind.info", true */ 'n', 'e', 'w', 'i', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "newizv.ru", true */ 'n', 'e', 'w', 'i', 'z', 'v', '.', 'r', 'u', '\0',
+  /* "newjianzhi.com", true */ 'n', 'e', 'w', 'j', 'i', 'a', 'n', 'z', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "newknd.com", true */ 'n', 'e', 'w', 'k', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "newline.online", true */ 'n', 'e', 'w', 'l', 'i', 'n', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "newmarketbouncycastlehire.co.uk", true */ 'n', 'e', 'w', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "newmed.com.br", true */ 'n', 'e', 'w', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "newmediaone.net", true */ 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "newmovements.net", true */ 'n', 'e', 'w', 'm', 'o', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "newodesign.com", true */ 'n', 'e', 'w', 'o', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "newpathintegratedtherapy.com", true */ 'n', 'e', 'w', 'p', 'a', 't', 'h', 'i', 'n', 't', 'e', 'g', 'r', 'a', 't', 'e', 'd', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "news47ell.com", true */ 'n', 'e', 'w', 's', '4', '7', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "newsa2.com", true */ 'n', 'e', 'w', 's', 'a', '2', '.', 'c', 'o', 'm', '\0',
+  /* "newserumforskin.com", true */ 'n', 'e', 'w', 's', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 's', 'k', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "newsmotor.info", true */ 'n', 'e', 'w', 's', 'm', 'o', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "newspsychology.com", true */ 'n', 'e', 'w', 's', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "newsquantified.com", true */ 'n', 'e', 'w', 's', 'q', 'u', 'a', 'n', 't', 'i', 'f', 'i', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "newstone-tech.com", true */ 'n', 'e', 'w', 's', 't', 'o', 'n', 'e', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "newsyslog.org", true */ 'n', 'e', 'w', 's', 'y', 's', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "newtnote.com", true */ 'n', 'e', 'w', 't', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "newtonhaus.com", true */ 'n', 'e', 'w', 't', 'o', 'n', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "newtrackon.com", true */ 'n', 'e', 'w', 't', 'r', 'a', 'c', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nex.sx", true */ 'n', 'e', 'x', '.', 's', 'x', '\0',
+  /* "nexicafiles.com", true */ 'n', 'e', 'x', 'i', 'c', 'a', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nexlab.org", true */ 'n', 'e', 'x', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "next-taxi.ru", true */ 'n', 'e', 'x', 't', '-', 't', 'a', 'x', 'i', '.', 'r', 'u', '\0',
+  /* "next24.io", true */ 'n', 'e', 'x', 't', '2', '4', '.', 'i', 'o', '\0',
+  /* "nextads.ch", true */ 'n', 'e', 'x', 't', 'a', 'd', 's', '.', 'c', 'h', '\0',
+  /* "nextcairn.com", true */ 'n', 'e', 'x', 't', 'c', 'a', 'i', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nextcloud.com", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nextcloud.li", true */ 'n', 'e', 'x', 't', 'c', 'l', 'o', 'u', 'd', '.', 'l', 'i', '\0',
+  /* "nextend.net", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "nextend.org", true */ 'n', 'e', 'x', 't', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "nextgen.sk", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', '.', 's', 'k', '\0',
+  /* "nextgencel.com", true */ 'n', 'e', 'x', 't', 'g', 'e', 'n', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nexthop.co.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "nexthop.jp", true */ 'n', 'e', 'x', 't', 'h', 'o', 'p', '.', 'j', 'p', '\0',
+  /* "nextmbta.com", true */ 'n', 'e', 'x', 't', 'm', 'b', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nextnowagency.com", true */ 'n', 'e', 'x', 't', 'n', 'o', 'w', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nextrobotics.de", true */ 'n', 'e', 'x', 't', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'd', 'e', '\0',
+  /* "nextshutter.com", true */ 'n', 'e', 'x', 't', 's', 'h', 'u', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nexus-exit.de", true */ 'n', 'e', 'x', 'u', 's', '-', 'e', 'x', 'i', 't', '.', 'd', 'e', '\0',
+  /* "nexus-vienna.at", true */ 'n', 'e', 'x', 'u', 's', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "nexusconnectinternational.eu", true */ 'n', 'e', 'x', 'u', 's', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "nexxus-sistemas.net.br", true */ 'n', 'e', 'x', 'x', 'u', 's', '-', 's', 'i', 's', 't', 'e', 'm', 'a', 's', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "neyer-lorenz.de", true */ 'n', 'e', 'y', 'e', 'r', '-', 'l', 'o', 'r', 'e', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "nezrouge-est-vaudois.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'e', 's', 't', '-', 'v', 'a', 'u', 'd', 'o', 'i', 's', '.', 'c', 'h', '\0',
+  /* "nezrouge-geneve.ch", true */ 'n', 'e', 'z', 'r', 'o', 'u', 'g', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "nf9q.com", true */ 'n', 'f', '9', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "nfe-elektro.de", true */ 'n', 'f', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "nfhome.be", true */ 'n', 'f', 'h', 'o', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "nfir.nl", true */ 'n', 'f', 'i', 'r', '.', 'n', 'l', '\0',
+  /* "nfl.dedyn.io", true */ 'n', 'f', 'l', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "nfl.duckdns.org", true */ 'n', 'f', 'l', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nfls.io", true */ 'n', 'f', 'l', 's', '.', 'i', 'o', '\0',
+  /* "nframe.io", true */ 'n', 'f', 'r', 'a', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "nfrost.me", true */ 'n', 'f', 'r', 'o', 's', 't', '.', 'm', 'e', '\0',
+  /* "nfsec.pl", true */ 'n', 'f', 's', 'e', 'c', '.', 'p', 'l', '\0',
+  /* "nfz.moe", true */ 'n', 'f', 'z', '.', 'm', 'o', 'e', '\0',
+  /* "ng-firewall.com", true */ 'n', 'g', '-', 'f', 'i', 'r', 'e', 'w', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ngasembaru.com", true */ 'n', 'g', 'a', 's', 'e', 'm', 'b', 'a', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nghe.net", true */ 'n', 'g', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ngiemboon.net", true */ 'n', 'g', 'i', 'e', 'm', 'b', 'o', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "nginxyii.tk", true */ 'n', 'g', 'i', 'n', 'x', 'y', 'i', 'i', '.', 't', 'k', '\0',
+  /* "ngndn.jp", true */ 'n', 'g', 'n', 'd', 'n', '.', 'j', 'p', '\0',
+  /* "ngocuong.net", true */ 'n', 'g', 'o', 'c', 'u', 'o', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "ngvf.de", true */ 'n', 'g', 'v', 'f', '.', 'd', 'e', '\0',
+  /* "ngxpkg.com", true */ 'n', 'g', 'x', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "nhccnews.org", true */ 'n', 'h', 'c', 'c', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nhimf.org", true */ 'n', 'h', 'i', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "nhliberty.org", true */ 'n', 'h', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "nhome.ba", true */ 'n', 'h', 'o', 'm', 'e', '.', 'b', 'a', '\0',
+  /* "nhus.de", true */ 'n', 'h', 'u', 's', '.', 'd', 'e', '\0',
+  /* "ni-mate.com", true */ 'n', 'i', '-', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ni.search.yahoo.com", false */ 'n', 'i', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "niadd.com", true */ 'n', 'i', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "niagara.ru", false */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "niagarafalls.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', '.', 'c', 'a', '\0',
+  /* "niagarafallsmuseums.ca", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 'f', 'a', 'l', 'l', 's', 'm', 'u', 's', 'e', 'u', 'm', 's', '.', 'c', 'a', '\0',
+  /* "niagaraschoice.org", true */ 'n', 'i', 'a', 'g', 'a', 'r', 'a', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nibb13.tech", true */ 'n', 'i', 'b', 'b', '1', '3', '.', 't', 'e', 'c', 'h', '\0',
+  /* "nic.gov", true */ 'n', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "niceb5y.net", false */ 'n', 'i', 'c', 'e', 'b', '5', 'y', '.', 'n', 'e', 't', '\0',
+  /* "niceguyit.biz", true */ 'n', 'i', 'c', 'e', 'g', 'u', 'y', 'i', 't', '.', 'b', 'i', 'z', '\0',
+  /* "nicestudio.co.il", false */ 'n', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "nichijou.com", true */ 'n', 'i', 'c', 'h', 'i', 'j', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nicholaspruss.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'p', 'r', 'u', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nicholasquigley.com", true */ 'n', 'i', 'c', 'h', 'o', 'l', 'a', 's', 'q', 'u', 'i', 'g', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nichteinschalten.de", false */ 'n', 'i', 'c', 'h', 't', 'e', 'i', 'n', 's', 'c', 'h', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "nichthelfer.de", true */ 'n', 'i', 'c', 'h', 't', 'h', 'e', 'l', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "nicic.gov", true */ 'n', 'i', 'c', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "nickcleans.co.uk", true */ 'n', 'i', 'c', 'k', 'c', 'l', 'e', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nickcraver.com", true */ 'n', 'i', 'c', 'k', 'c', 'r', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nickdekruijk.nl", true */ 'n', 'i', 'c', 'k', 'd', 'e', 'k', 'r', 'u', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "nickguyver.com", true */ 'n', 'i', 'c', 'k', 'g', 'u', 'y', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nickloose.de", true */ 'n', 'i', 'c', 'k', 'l', 'o', 'o', 's', 'e', '.', 'd', 'e', '\0',
+  /* "nickmorri.com", true */ 'n', 'i', 'c', 'k', 'm', 'o', 'r', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nickrickard.co.uk", true */ 'n', 'i', 'c', 'k', 'r', 'i', 'c', 'k', 'a', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nickserve.com", true */ 'n', 'i', 'c', 'k', 's', 'e', 'r', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nickstories.de", true */ 'n', 'i', 'c', 'k', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "niclasreich.de", true */ 'n', 'i', 'c', 'l', 'a', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "nicn.me", true */ 'n', 'i', 'c', 'n', '.', 'm', 'e', '\0',
+  /* "nicocourts.com", true */ 'n', 'i', 'c', 'o', 'c', 'o', 'u', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nicoknibbe.nl", true */ 'n', 'i', 'c', 'o', 'k', 'n', 'i', 'b', 'b', 'e', '.', 'n', 'l', '\0',
+  /* "nicolaeiotcu.ro", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'i', 'o', 't', 'c', 'u', '.', 'r', 'o', '\0',
+  /* "nicolaelmer.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'e', 'l', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "nicolajanedesigns.co.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'j', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nicolas-dumermuth.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'd', 'u', 'm', 'e', 'r', 'm', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nicolas-hoffmann.net", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'f', 'f', 'm', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "nicolas-hoizey.com", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', '-', 'h', 'o', 'i', 'z', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nicolasiung.me", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'i', 'u', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "nicolasklotz.de", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'k', 'l', 'o', 't', 'z', '.', 'd', 'e', '\0',
+  /* "nicolaszambetti.ch", true */ 'n', 'i', 'c', 'o', 'l', 'a', 's', 'z', 'a', 'm', 'b', 'e', 't', 't', 'i', '.', 'c', 'h', '\0',
+  /* "nicolaw.uk", true */ 'n', 'i', 'c', 'o', 'l', 'a', 'w', '.', 'u', 'k', '\0',
+  /* "nicoleoquendo.com", true */ 'n', 'i', 'c', 'o', 'l', 'e', 'o', 'q', 'u', 'e', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nicul.in", true */ 'n', 'i', 'c', 'u', 'l', '.', 'i', 'n', '\0',
+  /* "nidro.de", true */ 'n', 'i', 'd', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "nidsuber.ch", true */ 'n', 'i', 'd', 's', 'u', 'b', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "niederohmig.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 'o', 'h', 'm', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "niedersetz.de", true */ 'n', 'i', 'e', 'd', 'e', 'r', 's', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "niehage.name", true */ 'n', 'i', 'e', 'h', 'a', 'g', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "nielshoogenhout.be", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'b', 'e', '\0',
+  /* "nielshoogenhout.eu", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'e', 'u', '\0',
+  /* "nielshoogenhout.nl", true */ 'n', 'i', 'e', 'l', 's', 'h', 'o', 'o', 'g', 'e', 'n', 'h', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "nien.cf", true */ 'n', 'i', 'e', 'n', '.', 'c', 'f', '\0',
+  /* "nien.co", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', '\0',
+  /* "nien.com", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nien.com.tw", true */ 'n', 'i', 'e', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "nien.eu.org", true */ 'n', 'i', 'e', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "nien.gq", true */ 'n', 'i', 'e', 'n', '.', 'g', 'q', '\0',
+  /* "nien.org", true */ 'n', 'i', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nien.taipei", true */ 'n', 'i', 'e', 'n', '.', 't', 'a', 'i', 'p', 'e', 'i', '\0',
+  /* "nien.tk", true */ 'n', 'i', 'e', 'n', '.', 't', 'k', '\0',
+  /* "nienkeslop.nl", true */ 'n', 'i', 'e', 'n', 'k', 'e', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "nierenpraxis-dr-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'r', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "nierenpraxis-merkel.de", true */ 'n', 'i', 'e', 'r', 'e', 'n', 'p', 'r', 'a', 'x', 'i', 's', '-', 'm', 'e', 'r', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "nieselregen.com", false */ 'n', 'i', 'e', 's', 'e', 'l', 'r', 'e', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "niess.space", true */ 'n', 'i', 'e', 's', 's', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "niesstar.com", true */ 'n', 'i', 'e', 's', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nietzsche.com", true */ 'n', 'i', 'e', 't', 'z', 's', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nieuwsoverijssel.nl", true */ 'n', 'i', 'e', 'u', 'w', 's', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "niftiestsoftware.com", true */ 'n', 'i', 'f', 't', 'i', 'e', 's', 't', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nifume.com", true */ 'n', 'i', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nigelwakefield.com", true */ 'n', 'i', 'g', 'e', 'l', 'w', 'a', 'k', 'e', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "nigensha.co.jp", true */ 'n', 'i', 'g', 'e', 'n', 's', 'h', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "niggemeier.cc", true */ 'n', 'i', 'g', 'g', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'c', 'c', '\0',
+  /* "nigger.racing", true */ 'n', 'i', 'g', 'g', 'e', 'r', '.', 'r', 'a', 'c', 'i', 'n', 'g', '\0',
+  /* "night2stay.cn", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'n', '\0',
+  /* "night2stay.com", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "night2stay.de", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "night2stay.fr", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'f', 'r', '\0',
+  /* "night2stay.ru", true */ 'n', 'i', 'g', 'h', 't', '2', 's', 't', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "nightbutterflies.com", true */ 'n', 'i', 'g', 'h', 't', 'b', 'u', 't', 't', 'e', 'r', 'f', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nightfirec.at", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', '.', 'a', 't', '\0',
+  /* "nightfirecat.com", true */ 'n', 'i', 'g', 'h', 't', 'f', 'i', 'r', 'e', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nightmoose.org", true */ 'n', 'i', 'g', 'h', 't', 'm', 'o', 'o', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nightwinds.tk", true */ 'n', 'i', 'g', 'h', 't', 'w', 'i', 'n', 'd', 's', '.', 't', 'k', '\0',
+  /* "nihon-no-sake.net", true */ 'n', 'i', 'h', 'o', 'n', '-', 'n', 'o', '-', 's', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "nihseniorhealth.gov", false */ 'n', 'i', 'h', 's', 'e', 'n', 'i', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "nijiero-ch.com", false */ 'n', 'i', 'j', 'i', 'e', 'r', 'o', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nijikata.com", true */ 'n', 'i', 'j', 'i', 'k', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nijm.nl", true */ 'n', 'i', 'j', 'm', '.', 'n', 'l', '\0',
+  /* "nikandcara.com", true */ 'n', 'i', 'k', 'a', 'n', 'd', 'c', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nikao-tech.com", true */ 'n', 'i', 'k', 'a', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nikavandenbos.nl", true */ 'n', 'i', 'k', 'a', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "nikimix.com", true */ 'n', 'i', 'k', 'i', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "nikkila.me", true */ 'n', 'i', 'k', 'k', 'i', 'l', 'a', '.', 'm', 'e', '\0',
+  /* "niklas.pw", true */ 'n', 'i', 'k', 'l', 'a', 's', '.', 'p', 'w', '\0',
+  /* "niklasbabel.com", true */ 'n', 'i', 'k', 'l', 'a', 's', 'b', 'a', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nikobradshaw.com", true */ 'n', 'i', 'k', 'o', 'b', 'r', 'a', 'd', 's', 'h', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "nikolasgrottendieck.com", true */ 'n', 'i', 'k', 'o', 'l', 'a', 's', 'g', 'r', 'o', 't', 't', 'e', 'n', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nikomo.fi", false */ 'n', 'i', 'k', 'o', 'm', 'o', '.', 'f', 'i', '\0',
+  /* "nikz.in", true */ 'n', 'i', 'k', 'z', '.', 'i', 'n', '\0',
+  /* "nil.gs", true */ 'n', 'i', 'l', '.', 'g', 's', '\0',
+  /* "nilrem.org", true */ 'n', 'i', 'l', 'r', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "nimeshjm.com", true */ 'n', 'i', 'm', 'e', 's', 'h', 'j', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ninaforever.com", true */ 'n', 'i', 'n', 'a', 'f', 'o', 'r', 'e', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ninarinaldi.com.br", true */ 'n', 'i', 'n', 'a', 'r', 'i', 'n', 'a', 'l', 'd', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ninaundandre.de", true */ 'n', 'i', 'n', 'a', 'u', 'n', 'd', 'a', 'n', 'd', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "ninchat.com", true */ 'n', 'i', 'n', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ninebennink.com", true */ 'n', 'i', 'n', 'e', 'b', 'e', 'n', 'n', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ninebytes.xyz", true */ 'n', 'i', 'n', 'e', 'b', 'y', 't', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "ninespec.com", true */ 'n', 'i', 'n', 'e', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ninetaillabs.com", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ninetaillabs.xyz", true */ 'n', 'i', 'n', 'e', 't', 'a', 'i', 'l', 'l', 'a', 'b', 's', '.', 'x', 'y', 'z', '\0',
+  /* "ninfora.com", true */ 'n', 'i', 'n', 'f', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ning.so", true */ 'n', 'i', 'n', 'g', '.', 's', 'o', '\0',
+  /* "ninja-galerie.de", true */ 'n', 'i', 'n', 'j', 'a', '-', 'g', 'a', 'l', 'e', 'r', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "ninofink.com", true */ 'n', 'i', 'n', 'o', 'f', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nintendoforum.no", true */ 'n', 'i', 'n', 't', 'e', 'n', 'd', 'o', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0',
+  /* "ninthfloor.org", true */ 'n', 'i', 'n', 't', 'h', 'f', 'l', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ninux.ch", false */ 'n', 'i', 'n', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "nipax.cz", true */ 'n', 'i', 'p', 'a', 'x', '.', 'c', 'z', '\0',
+  /* "nipe-systems.de", true */ 'n', 'i', 'p', 'e', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'd', 'e', '\0',
+  /* "nippon-oku.com", true */ 'n', 'i', 'p', 'p', 'o', 'n', '-', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "nippon.fr", true */ 'n', 'i', 'p', 'p', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "nirna.io", true */ 'n', 'i', 'r', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "nirudo.me", true */ 'n', 'i', 'r', 'u', 'd', 'o', '.', 'm', 'e', '\0',
+  /* "nirvanashop.com", true */ 'n', 'i', 'r', 'v', 'a', 'n', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nishaswonderland.be", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'b', 'e', '\0',
+  /* "nishaswonderland.nl", true */ 'n', 'i', 's', 'h', 'a', 's', 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "nishisbma.com", true */ 'n', 'i', 's', 'h', 'i', 's', 'b', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nissanofbismarckparts.com", true */ 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'b', 'i', 's', 'm', 'a', 'r', 'c', 'k', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nitaonline.org", true */ 'n', 'i', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nitifilter.com", true */ 'n', 'i', 't', 'i', 'f', 'i', 'l', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nitrix.me", true */ 'n', 'i', 't', 'r', 'i', 'x', '.', 'm', 'e', '\0',
+  /* "nitrokey.com", true */ 'n', 'i', 't', 'r', 'o', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nitropanel.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'a', 'n', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nitropur.com", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "nitropur.de", true */ 'n', 'i', 't', 'r', 'o', 'p', 'u', 'r', '.', 'd', 'e', '\0',
+  /* "nitrous-networks.com", true */ 'n', 'i', 't', 'r', 'o', 'u', 's', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "niu.moe", true */ 'n', 'i', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "nivi.ca", true */ 'n', 'i', 'v', 'i', '.', 'c', 'a', '\0',
+  /* "nix.black", true */ 'n', 'i', 'x', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "nix.org.ua", false */ 'n', 'i', 'x', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "nixonlibrary.gov", true */ 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "niyawe.de", true */ 'n', 'i', 'y', 'a', 'w', 'e', '.', 'd', 'e', '\0',
+  /* "nja.id.au", true */ 'n', 'j', 'a', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "njguardtraining.com", true */ 'n', 'j', 'g', 'u', 'a', 'r', 'd', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "njpjanssen.nl", true */ 'n', 'j', 'p', 'j', 'a', 'n', 's', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "nkinka.de", true */ 'n', 'k', 'i', 'n', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "nkp-media.de", true */ 'n', 'k', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "nl-ix.net", true */ 'n', 'l', '-', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nl.search.yahoo.com", false */ 'n', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nlap.ca", true */ 'n', 'l', 'a', 'p', '.', 'c', 'a', '\0',
+  /* "nlbewustgezond.nl", true */ 'n', 'l', 'b', 'e', 'w', 'u', 's', 't', 'g', 'e', 'z', 'o', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "nlegall.fr", true */ 'n', 'l', 'e', 'g', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "nlfant.eu", true */ 'n', 'l', 'f', 'a', 'n', 't', '.', 'e', 'u', '\0',
+  /* "nlm.gov", true */ 'n', 'l', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "nlrb.gov", true */ 'n', 'l', 'r', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "nlt.by", false */ 'n', 'l', 't', '.', 'b', 'y', '\0',
+  /* "nmd.so", true */ 'n', 'm', 'd', '.', 's', 'o', '\0',
+  /* "nmnd.de", true */ 'n', 'm', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "nmsnj.com", true */ 'n', 'm', 's', 'n', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "nn.cz", true */ 'n', 'n', '.', 'c', 'z', '\0',
+  /* "nna774.net", true */ 'n', 'n', 'a', '7', '7', '4', '.', 'n', 'e', 't', '\0',
+  /* "nnqc.nl", true */ 'n', 'n', 'q', 'c', '.', 'n', 'l', '\0',
+  /* "no-xice.com", true */ 'n', 'o', '-', 'x', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "no.search.yahoo.com", false */ 'n', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "noagendahr.org", true */ 'n', 'o', 'a', 'g', 'e', 'n', 'd', 'a', 'h', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "nobleparkapartments.com.au", true */ 'n', 'o', 'b', 'l', 'e', 'p', 'a', 'r', 'k', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nobly.de", true */ 'n', 'o', 'b', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "noc.org", true */ 'n', 'o', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "noc.wang", true */ 'n', 'o', 'c', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "nocit.dk", true */ 'n', 'o', 'c', 'i', 't', '.', 'd', 'k', '\0',
+  /* "nocs.cn", true */ 'n', 'o', 'c', 's', '.', 'c', 'n', '\0',
+  /* "nodari.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "nodariweb.com.ar", true */ 'n', 'o', 'd', 'a', 'r', 'i', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "nodecompat.com", true */ 'n', 'o', 'd', 'e', 'c', 'o', 'm', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nodefiles.com", true */ 'n', 'o', 'd', 'e', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nodefoo.com", true */ 'n', 'o', 'd', 'e', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nodejs.de", true */ 'n', 'o', 'd', 'e', 'j', 's', '.', 'd', 'e', '\0',
+  /* "nodelia.com", true */ 'n', 'o', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nodepositcasinouk.com", true */ 'n', 'o', 'd', 'e', 'p', 'o', 's', 'i', 't', 'c', 'a', 's', 'i', 'n', 'o', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nodesturut.cl", true */ 'n', 'o', 'd', 'e', 's', 't', 'u', 'r', 'u', 't', '.', 'c', 'l', '\0',
+  /* "nodum.io", true */ 'n', 'o', 'd', 'u', 'm', '.', 'i', 'o', '\0',
+  /* "noeatnosleep.me", true */ 'n', 'o', 'e', 'a', 't', 'n', 'o', 's', 'l', 'e', 'e', 'p', '.', 'm', 'e', '\0',
+  /* "noedidacticos.com", true */ 'n', 'o', 'e', 'd', 'i', 'd', 'a', 'c', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noegoph.com", true */ 'n', 'o', 'e', 'g', 'o', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "noellabo.jp", true */ 'n', 'o', 'e', 'l', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "noematic.space", true */ 'n', 'o', 'e', 'm', 'a', 't', 'i', 'c', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "noemax.com", true */ 'n', 'o', 'e', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "noesberts-weidmoos.de", true */ 'n', 'o', 'e', 's', 'b', 'e', 'r', 't', 's', '-', 'w', 'e', 'i', 'd', 'm', 'o', 'o', 's', '.', 'd', 'e', '\0',
+  /* "noexec.org", true */ 'n', 'o', 'e', 'x', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "noez.de", true */ 'n', 'o', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "nofrillsdns.com", true */ 'n', 'o', 'f', 'r', 'i', 'l', 'l', 's', 'd', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noglobalwarrants.org", true */ 'n', 'o', 'g', 'l', 'o', 'b', 'a', 'l', 'w', 'a', 'r', 'r', 'a', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nohats.ca", true */ 'n', 'o', 'h', 'a', 't', 's', '.', 'c', 'a', '\0',
+  /* "nohkan.fr", true */ 'n', 'o', 'h', 'k', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "nohm.eu", true */ 'n', 'o', 'h', 'm', '.', 'e', 'u', '\0',
+  /* "nohttps.org", true */ 'n', 'o', 'h', 't', 't', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nohup.se", true */ 'n', 'o', 'h', 'u', 'p', '.', 's', 'e', '\0',
+  /* "nohup.xyz", true */ 'n', 'o', 'h', 'u', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "noincludesubdomains.preloaded.test", false */ 'n', 'o', 'i', 'n', 'c', 'l', 'u', 'd', 'e', 's', 'u', 'b', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '.', 't', 'e', 's', 't', '\0',
+  /* "noisebridge.social", true */ 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "noisetrap.cz", true */ 'n', 'o', 'i', 's', 'e', 't', 'r', 'a', 'p', '.', 'c', 'z', '\0',
+  /* "noisky.cn", true */ 'n', 'o', 'i', 's', 'k', 'y', '.', 'c', 'n', '\0',
+  /* "noisyfox.cn", true */ 'n', 'o', 'i', 's', 'y', 'f', 'o', 'x', '.', 'c', 'n', '\0',
+  /* "nojestorget.se", true */ 'n', 'o', 'j', 'e', 's', 't', 'o', 'r', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "nojok.es", true */ 'n', 'o', 'j', 'o', 'k', '.', 'e', 's', '\0',
+  /* "nokono.com", true */ 'n', 'o', 'k', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nolaviz.org", true */ 'n', 'o', 'l', 'a', 'v', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "noma-film.com", true */ 'n', 'o', 'm', 'a', '-', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "nomadproject.io", true */ 'n', 'o', 'm', 'a', 'd', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "nomesbiblicos.com", true */ 'n', 'o', 'm', 'e', 's', 'b', 'i', 'b', 'l', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nomial.co.uk", true */ 'n', 'o', 'm', 'i', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nomifensine.com", true */ 'n', 'o', 'm', 'i', 'f', 'e', 'n', 's', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nomsy.net", true */ 'n', 'o', 'm', 's', 'y', '.', 'n', 'e', 't', '\0',
+  /* "noname-ev.de", true */ 'n', 'o', 'n', 'a', 'm', 'e', '-', 'e', 'v', '.', 'd', 'e', '\0',
+  /* "noncombatant.org", true */ 'n', 'o', 'n', 'c', 'o', 'm', 'b', 'a', 't', 'a', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "noob-box.net", true */ 'n', 'o', 'o', 'b', '-', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "noobunbox.net", true */ 'n', 'o', 'o', 'b', 'u', 'n', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "noodles.net.nz", true */ 'n', 'o', 'o', 'd', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'n', 'z', '\0',
+  /* "noodleyum.com", true */ 'n', 'o', 'o', 'd', 'l', 'e', 'y', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "noodweer.be", true */ 'n', 'o', 'o', 'd', 'w', 'e', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "noon-entertainments.com", true */ 'n', 'o', 'o', 'n', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noop.ch", true */ 'n', 'o', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "noordsee.de", true */ 'n', 'o', 'o', 'r', 'd', 's', 'e', 'e', '.', 'd', 'e', '\0',
+  /* "noorsolidarity.com", true */ 'n', 'o', 'o', 'r', 's', 'o', 'l', 'i', 'd', 'a', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nootropic.com", true */ 'n', 'o', 'o', 't', 'r', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "noovell.com", true */ 'n', 'o', 'o', 'v', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nopaste.xyz", true */ 'n', 'o', 'p', 'a', 's', 't', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "nopaynocure.com", true */ 'n', 'o', 'p', 'a', 'y', 'n', 'o', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nord-sud.be", true */ 'n', 'o', 'r', 'd', '-', 's', 'u', 'd', '.', 'b', 'e', '\0',
+  /* "nordakademie.de", true */ 'n', 'o', 'r', 'd', 'a', 'k', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "nordic-survival.de", true */ 'n', 'o', 'r', 'd', 'i', 'c', '-', 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "nordiccasinocommunity.com", true */ 'n', 'o', 'r', 'd', 'i', 'c', 'c', 'a', 's', 'i', 'n', 'o', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nordinfo.fi", true */ 'n', 'o', 'r', 'd', 'i', 'n', 'f', 'o', '.', 'f', 'i', '\0',
+  /* "nordmoregatebilklubb.com", true */ 'n', 'o', 'r', 'd', 'm', 'o', 'r', 'e', 'g', 'a', 't', 'e', 'b', 'i', 'l', 'k', 'l', 'u', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nordnetz-hamburg.de", true */ 'n', 'o', 'r', 'd', 'n', 'e', 't', 'z', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "nordor.homeip.net", true */ 'n', 'o', 'r', 'd', 'o', 'r', '.', 'h', 'o', 'm', 'e', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "nordwaldzendo.de", true */ 'n', 'o', 'r', 'd', 'w', 'a', 'l', 'd', 'z', 'e', 'n', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "noref.tk", true */ 'n', 'o', 'r', 'e', 'f', '.', 't', 'k', '\0',
+  /* "noreply.mx", true */ 'n', 'o', 'r', 'e', 'p', 'l', 'y', '.', 'm', 'x', '\0',
+  /* "normaculta.com.br", true */ 'n', 'o', 'r', 'm', 'a', 'c', 'u', 'l', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "normalady.com", true */ 'n', 'o', 'r', 'm', 'a', 'l', 'a', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "norman-preusser-gmbh.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', '-', 'p', 'r', 'e', 'u', 's', 's', 'e', 'r', '-', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "normanbauer.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "normandgascon.com", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'd', 'g', 'a', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "normankranich.de", true */ 'n', 'o', 'r', 'm', 'a', 'n', 'k', 'r', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "norrkemi.se", true */ 'n', 'o', 'r', 'r', 'k', 'e', 'm', 'i', '.', 's', 'e', '\0',
+  /* "norrliden.de", true */ 'n', 'o', 'r', 'r', 'l', 'i', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "norskpensjon.no", true */ 'n', 'o', 'r', 's', 'k', 'p', 'e', 'n', 's', 'j', 'o', 'n', '.', 'n', 'o', '\0',
+  /* "north.supply", true */ 'n', 'o', 'r', 't', 'h', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "northatlantalaw.net", true */ 'n', 'o', 'r', 't', 'h', 'a', 't', 'l', 'a', 'n', 't', 'a', 'l', 'a', 'w', '.', 'n', 'e', 't', '\0',
+  /* "northbrisbaneapartments.com.au", true */ 'n', 'o', 'r', 't', 'h', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "northconsulting.fr", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "northcountykiaparts.com", true */ 'n', 'o', 'r', 't', 'h', 'c', 'o', 'u', 'n', 't', 'y', 'k', 'i', 'a', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northdevonbouncycastles.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'd', 'e', 'v', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northeastcdc.org", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'c', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "northeastrodeo.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'e', 'a', 's', 't', 'r', 'o', 'd', 'e', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northern-lakes.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', '-', 'l', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northernhamsterclub.com", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'h', 'a', 'm', 's', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "northernmuscle.ca", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 'm', 'u', 's', 'c', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "northernselfstorage.co.za", true */ 'n', 'o', 'r', 't', 'h', 'e', 'r', 'n', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "northfieldyarn.com", true */ 'n', 'o', 'r', 't', 'h', 'f', 'i', 'e', 'l', 'd', 'y', 'a', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "northpennvwparts.com", true */ 'n', 'o', 'r', 't', 'h', 'p', 'e', 'n', 'n', 'v', 'w', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "northpole.dance", true */ 'n', 'o', 'r', 't', 'h', 'p', 'o', 'l', 'e', '.', 'd', 'a', 'n', 'c', 'e', '\0',
+  /* "northridgeelectrical.com", true */ 'n', 'o', 'r', 't', 'h', 'r', 'i', 'd', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "northumbriagames.co.uk", true */ 'n', 'o', 'r', 't', 'h', 'u', 'm', 'b', 'r', 'i', 'a', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "northwoodsfish.com", true */ 'n', 'o', 'r', 't', 'h', 'w', 'o', 'o', 'd', 's', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nos-medias.fr", true */ 'n', 'o', 's', '-', 'm', 'e', 'd', 'i', 'a', 's', '.', 'f', 'r', '\0',
+  /* "nos-oignons.net", true */ 'n', 'o', 's', '-', 'o', 'i', 'g', 'n', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "noscript.net", true */ 'n', 'o', 's', 'c', 'r', 'i', 'p', 't', '.', 'n', 'e', 't', '\0',
+  /* "nosfermiers.com", true */ 'n', 'o', 's', 'f', 'e', 'r', 'm', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "noslite.nl", true */ 'n', 'o', 's', 'l', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "nospoint.cz", true */ 'n', 'o', 's', 'p', 'o', 'i', 'n', 't', '.', 'c', 'z', '\0',
+  /* "nossasenhora.net", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "nossasenhoradaconceicao.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'a', 'c', 'o', 'n', 'c', 'e', 'i', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nossasenhoradodesterro.com.br", true */ 'n', 'o', 's', 's', 'a', 's', 'e', 'n', 'h', 'o', 'r', 'a', 'd', 'o', 'd', 'e', 's', 't', 'e', 'r', 'r', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nostraforma.com", false */ 'n', 'o', 's', 't', 'r', 'a', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "noswap.com", true */ 'n', 'o', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "nosyu.pe.kr", true */ 'n', 'o', 's', 'y', 'u', '.', 'p', 'e', '.', 'k', 'r', '\0',
+  /* "not-a.link", true */ 'n', 'o', 't', '-', 'a', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "nota-web.com", true */ 'n', 'o', 't', 'a', '-', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "nota.moe", true */ 'n', 'o', 't', 'a', '.', 'm', 'o', 'e', '\0',
+  /* "notablog.xyz", true */ 'n', 'o', 't', 'a', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "notabug.org", true */ 'n', 'o', 't', 'a', 'b', 'u', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "notadd.com", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "notadd.store", true */ 'n', 'o', 't', 'a', 'd', 'd', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "notalone.gov", true */ 'n', 'o', 't', 'a', 'l', 'o', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "notar-glagowski.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "notar-glagowski.de", true */ 'n', 'o', 't', 'a', 'r', '-', 'g', 'l', 'a', 'g', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "notar-peikert.com", true */ 'n', 'o', 't', 'a', 'r', '-', 'p', 'e', 'i', 'k', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "notarvysocina.cz", true */ 'n', 'o', 't', 'a', 'r', 'v', 'y', 's', 'o', 'c', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "notbolaget.se", true */ 'n', 'o', 't', 'b', 'o', 'l', 'a', 'g', 'e', 't', '.', 's', 'e', '\0',
+  /* "notboring.co.uk", true */ 'n', 'o', 't', 'b', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "notcompletelycorrect.com", true */ 'n', 'o', 't', 'c', 'o', 'm', 'p', 'l', 'e', 't', 'e', 'l', 'y', 'c', 'o', 'r', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "notdienstreform-nordrhein.de", true */ 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', 'r', 'e', 'f', 'o', 'r', 'm', '-', 'n', 'o', 'r', 'd', 'r', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "noticiasdehumor.com", true */ 'n', 'o', 't', 'i', 'c', 'i', 'a', 's', 'd', 'e', 'h', 'u', 'm', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "notificami.com", true */ 'n', 'o', 't', 'i', 'f', 'i', 'c', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "notify.moe", true */ 'n', 'o', 't', 'i', 'f', 'y', '.', 'm', 'o', 'e', '\0',
+  /* "notinglife.com", true */ 'n', 'o', 't', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "notjustvacs.com", true */ 'n', 'o', 't', 'j', 'u', 's', 't', 'v', 'a', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "notnize.net", true */ 'n', 'o', 't', 'n', 'i', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "notnl.com", true */ 'n', 'o', 't', 'n', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "notoriousdev.com", true */ 'n', 'o', 't', 'o', 'r', 'i', 'o', 'u', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "notrecourrier.net", true */ 'n', 'o', 't', 'r', 'e', 'c', 'o', 'u', 'r', 'r', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nottres.com", true */ 'n', 'o', 't', 't', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "notypiesni.sk", false */ 'n', 'o', 't', 'y', 'p', 'i', 'e', 's', 'n', 'i', '.', 's', 'k', '\0',
+  /* "noudjalink.nl", true */ 'n', 'o', 'u', 'd', 'j', 'a', 'l', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "nouma.fr", true */ 'n', 'o', 'u', 'm', 'a', '.', 'f', 'r', '\0',
+  /* "nova-dess.ch", true */ 'n', 'o', 'v', 'a', '-', 'd', 'e', 's', 's', '.', 'c', 'h', '\0',
+  /* "nova-wd.org.uk", true */ 'n', 'o', 'v', 'a', '-', 'w', 'd', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "nova.live", true */ 'n', 'o', 'v', 'a', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "novabench.com", true */ 'n', 'o', 'v', 'a', 'b', 'e', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "novacoast.com", false */ 'n', 'o', 'v', 'a', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "novadermis.es", true */ 'n', 'o', 'v', 'a', 'd', 'e', 'r', 'm', 'i', 's', '.', 'e', 's', '\0',
+  /* "novafreixo.pt", true */ 'n', 'o', 'v', 'a', 'f', 'r', 'e', 'i', 'x', 'o', '.', 'p', 't', '\0',
+  /* "novaopcaofestas.com.br", true */ 'n', 'o', 'v', 'a', 'o', 'p', 'c', 'a', 'o', 'f', 'e', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "novawave.ca", true */ 'n', 'o', 'v', 'a', 'w', 'a', 'v', 'e', '.', 'c', 'a', '\0',
+  /* "nove.city", true */ 'n', 'o', 'v', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "noveciti.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "novecity.cloud", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "novecity.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "novecity.info", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "novecity.it", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'i', 't', '\0',
+  /* "novecity.org", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "novecitymail.com", true */ 'n', 'o', 'v', 'e', 'c', 'i', 't', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "novelfeed.com", true */ 'n', 'o', 'v', 'e', 'l', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "novelinglife.net", true */ 'n', 'o', 'v', 'e', 'l', 'i', 'n', 'g', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "novelvyretraite.fr", true */ 'n', 'o', 'v', 'e', 'l', 'v', 'y', 'r', 'e', 't', 'r', 'a', 'i', 't', 'e', '.', 'f', 'r', '\0',
+  /* "novfishing.ru", true */ 'n', 'o', 'v', 'f', 'i', 's', 'h', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "novilaw.com", true */ 'n', 'o', 'v', 'i', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "novinhabucetuda.com", true */ 'n', 'o', 'v', 'i', 'n', 'h', 'a', 'b', 'u', 'c', 'e', 't', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "novoresume.com", false */ 'n', 'o', 'v', 'o', 'r', 'e', 's', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nowcost.com", true */ 'n', 'o', 'w', 'c', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nowhere.dk", true */ 'n', 'o', 'w', 'h', 'e', 'r', 'e', '.', 'd', 'k', '\0',
+  /* "nowlas.org", true */ 'n', 'o', 'w', 'l', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nowloading.co", true */ 'n', 'o', 'w', 'l', 'o', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "noxlogic.nl", true */ 'n', 'o', 'x', 'l', 'o', 'g', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "noyocenter.org", true */ 'n', 'o', 'y', 'o', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "np.search.yahoo.com", false */ 'n', 'p', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "npath.de", true */ 'n', 'p', 'a', 't', 'h', '.', 'd', 'e', '\0',
+  /* "npm.li", true */ 'n', 'p', 'm', '.', 'l', 'i', '\0',
+  /* "npmcdn.com", true */ 'n', 'p', 'm', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "npw.net", true */ 'n', 'p', 'w', '.', 'n', 'e', 't', '\0',
+  /* "nqesh.com", true */ 'n', 'q', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "nrd.li", true */ 'n', 'r', 'd', '.', 'l', 'i', '\0',
+  /* "nrdstd.io", true */ 'n', 'r', 'd', 's', 't', 'd', '.', 'i', 'o', '\0',
+  /* "nrev.ch", true */ 'n', 'r', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "nrkn.fr", true */ 'n', 'r', 'k', 'n', '.', 'f', 'r', '\0',
+  /* "ns-frontier.com", true */ 'n', 's', '-', 'f', 'r', 'o', 'n', 't', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ns2servers.pw", true */ 'n', 's', '2', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'p', 'w', '\0',
+  /* "nsa.lol", true */ 'n', 's', 'a', '.', 'l', 'o', 'l', '\0',
+  /* "nsa.wtf", true */ 'n', 's', 'a', '.', 'w', 't', 'f', '\0',
+  /* "nsboston.org", true */ 'n', 's', 'b', 'o', 's', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nsboutique.com", true */ 'n', 's', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nscnet.jp", true */ 'n', 's', 'c', 'n', 'e', 't', '.', 'j', 'p', '\0',
+  /* "nsellier.fr", true */ 'n', 's', 'e', 'l', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nsfw-story.com", true */ 'n', 's', 'f', 'w', '-', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nshost.ro", true */ 'n', 's', 'h', 'o', 's', 't', '.', 'r', 'o', '\0',
+  /* "nsm.ee", true */ 'n', 's', 'm', '.', 'e', 'e', '\0',
+  /* "nsm.stat.no", true */ 'n', 's', 'm', '.', 's', 't', 'a', 't', '.', 'n', 'o', '\0',
+  /* "nso.ie", true */ 'n', 's', 'o', '.', 'i', 'e', '\0',
+  /* "nsp.ua", true */ 'n', 's', 'p', '.', 'u', 'a', '\0',
+  /* "nspeaks.com", true */ 'n', 's', 'p', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nst-maroc.com", true */ 'n', 's', 't', '-', 'm', 'a', 'r', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nstd.net", true */ 'n', 's', 't', 'd', '.', 'n', 'e', 't', '\0',
+  /* "nstremsdoerfer.ovh", true */ 'n', 's', 't', 'r', 'e', 'm', 's', 'd', 'o', 'e', 'r', 'f', 'e', 'r', '.', 'o', 'v', 'h', '\0',
+  /* "nsure.us", true */ 'n', 's', 'u', 'r', 'e', '.', 'u', 's', '\0',
+  /* "nsworks.com", true */ 'n', 's', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ntotten.com", true */ 'n', 't', 'o', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ntppool.org", true */ 'n', 't', 'p', 'p', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "ntx360grad-fallakte.de", true */ 'n', 't', 'x', '3', '6', '0', 'g', 'r', 'a', 'd', '-', 'f', 'a', 'l', 'l', 'a', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "ntzwrk.org", true */ 'n', 't', 'z', 'w', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "nu-pogodi.net", true */ 'n', 'u', '-', 'p', 'o', 'g', 'o', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "nu3tion.com", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nu3tion.cz", true */ 'n', 'u', '3', 't', 'i', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "nuacht.ie", true */ 'n', 'u', 'a', 'c', 'h', 't', '.', 'i', 'e', '\0',
+  /* "nuamooreaindonesia.com", true */ 'n', 'u', 'a', 'm', 'o', 'o', 'r', 'e', 'a', 'i', 'n', 'd', 'o', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nubella.com.au", true */ 'n', 'u', 'b', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "nubu.at", true */ 'n', 'u', 'b', 'u', '.', 'a', 't', '\0',
+  /* "nuclear-crimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', '-', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcat.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcrimes.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuclearcrimes1.com", true */ 'n', 'u', 'c', 'l', 'e', 'a', 'r', 'c', 'r', 'i', 'm', 'e', 's', '1', '.', 'c', 'o', 'm', '\0',
+  /* "nucleuscore.org", true */ 'n', 'u', 'c', 'l', 'e', 'u', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nudestpics.com", true */ 'n', 'u', 'd', 'e', 's', 't', 'p', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nuel.cl", true */ 'n', 'u', 'e', 'l', '.', 'c', 'l', '\0',
+  /* "nuevaimagenpublicidad.es", true */ 'n', 'u', 'e', 'v', 'a', 'i', 'm', 'a', 'g', 'e', 'n', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'e', 's', '\0',
+  /* "null-life.com", true */ 'n', 'u', 'l', 'l', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nullday.de", true */ 'n', 'u', 'l', 'l', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "nullpointer.io", true */ 'n', 'u', 'l', 'l', 'p', 'o', 'i', 'n', 't', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "nullroute.com", true */ 'n', 'u', 'l', 'l', 'r', 'o', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "nulltime.net", true */ 'n', 'u', 'l', 'l', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "numarasorgulama.tel", true */ 'n', 'u', 'm', 'a', 'r', 'a', 's', 'o', 'r', 'g', 'u', 'l', 'a', 'm', 'a', '.', 't', 'e', 'l', '\0',
+  /* "numatic.co.uk", true */ 'n', 'u', 'm', 'a', 't', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "number.me", true */ 'n', 'u', 'm', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "numbercult.net", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'c', 'u', 'l', 't', '.', 'n', 'e', 't', '\0',
+  /* "numberoneshoes.co.nz", false */ 'n', 'u', 'm', 'b', 'e', 'r', 'o', 'n', 'e', 's', 'h', 'o', 'e', 's', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "numberzero.org", true */ 'n', 'u', 'm', 'b', 'e', 'r', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "numerik-games.ch", true */ 'n', 'u', 'm', 'e', 'r', 'i', 'k', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'h', '\0',
+  /* "numero-aleatorio.com", true */ 'n', 'u', 'm', 'e', 'r', 'o', '-', 'a', 'l', 'e', 'a', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "numero1.ch", true */ 'n', 'u', 'm', 'e', 'r', 'o', '1', '.', 'c', 'h', '\0',
+  /* "numerossanos.com.ar", true */ 'n', 'u', 'm', 'e', 'r', 'o', 's', 's', 'a', 'n', 'o', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "numis.tech", true */ 'n', 'u', 'm', 'i', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "numm.fr", true */ 'n', 'u', 'm', 'm', '.', 'f', 'r', '\0',
+  /* "numwave.nl", true */ 'n', 'u', 'm', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "nunnenmacher.net", true */ 'n', 'u', 'n', 'n', 'e', 'n', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "nunomoura.com", true */ 'n', 'u', 'n', 'o', 'm', 'o', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nuos.org", true */ 'n', 'u', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "nupef.org.br", true */ 'n', 'u', 'p', 'e', 'f', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "nuquery.com", true */ 'n', 'u', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "nursejj.com", true */ 'n', 'u', 'r', 's', 'e', 'j', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "nurses.dating", true */ 'n', 'u', 'r', 's', 'e', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "nuryahan.com.br", true */ 'n', 'u', 'r', 'y', 'a', 'h', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nusku.biz", true */ 'n', 'u', 's', 'k', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "nussadoclub.org", true */ 'n', 'u', 's', 's', 'a', 'd', 'o', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "nutikell.com", true */ 'n', 'u', 't', 'i', 'k', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "nutleyeducationalfoundation.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "nutleyef.org", true */ 'n', 'u', 't', 'l', 'e', 'y', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "nutonic-sports.com", true */ 'n', 'u', 't', 'o', 'n', 'i', 'c', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nutri-spec.me", true */ 'n', 'u', 't', 'r', 'i', '-', 's', 'p', 'e', 'c', '.', 'm', 'e', '\0',
+  /* "nutrienti.eu", false */ 'n', 'u', 't', 'r', 'i', 'e', 'n', 't', 'i', '.', 'e', 'u', '\0',
+  /* "nutrifyyourself.com", true */ 'n', 'u', 't', 'r', 'i', 'f', 'y', 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "nutripedia.gr", true */ 'n', 'u', 't', 'r', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'g', 'r', '\0',
+  /* "nutrivisa.com.br", true */ 'n', 'u', 't', 'r', 'i', 'v', 'i', 's', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "nuvechtdal.nl", true */ 'n', 'u', 'v', 'e', 'c', 'h', 't', 'd', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "nuvini.com", true */ 'n', 'u', 'v', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "nuxer.fr", true */ 'n', 'u', 'x', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "nvlop.xyz", true */ 'n', 'v', 'l', 'o', 'p', '.', 'x', 'y', 'z', '\0',
+  /* "nvq.nl", true */ 'n', 'v', 'q', '.', 'n', 'l', '\0',
+  /* "nvr.bz", true */ 'n', 'v', 'r', '.', 'b', 'z', '\0',
+  /* "nwerc.party", true */ 'n', 'w', 'e', 'r', 'c', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "nwgh.org", false */ 'n', 'w', 'g', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "nwk1.com", true */ 'n', 'w', 'k', '1', '.', 'c', 'o', 'm', '\0',
+  /* "nwra.com", true */ 'n', 'w', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "nwwc.dk", true */ 'n', 'w', 'w', 'c', '.', 'd', 'k', '\0',
+  /* "nwwnetwork.net", true */ 'n', 'w', 'w', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "nxinfo.ch", true */ 'n', 'x', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "nyan.it", true */ 'n', 'y', 'a', 'n', '.', 'i', 't', '\0',
+  /* "nyanco.space", true */ 'n', 'y', 'a', 'n', 'c', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "nyantec.com", true */ 'n', 'y', 'a', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "nycoyote.org", true */ 'n', 'y', 'c', 'o', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "nydnxs.com", true */ 'n', 'y', 'd', 'n', 'x', 's', '.', 'c', 'o', 'm', '\0',
+  /* "nyffo.com", true */ 'n', 'y', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "nyiad.edu", true */ 'n', 'y', 'i', 'a', 'd', '.', 'e', 'd', 'u', '\0',
+  /* "nyip.co.uk", true */ 'n', 'y', 'i', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "nyip.edu", true */ 'n', 'y', 'i', 'p', '.', 'e', 'd', 'u', '\0',
+  /* "nyloc.de", true */ 'n', 'y', 'l', 'o', 'c', '.', 'd', 'e', '\0',
+  /* "nylonfeetporn.com", true */ 'n', 'y', 'l', 'o', 'n', 'f', 'e', 'e', 't', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "nymphetomania.net", true */ 'n', 'y', 'm', 'p', 'h', 'e', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "nynex.net", true */ 'n', 'y', 'n', 'e', 'x', '.', 'n', 'e', 't', '\0',
+  /* "nyphox.ovh", true */ 'n', 'y', 'p', 'h', 'o', 'x', '.', 'o', 'v', 'h', '\0',
+  /* "nyronet.de", false */ 'n', 'y', 'r', 'o', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "nys-hk.com", true */ 'n', 'y', 's', '-', 'h', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "nystudio107.com", true */ 'n', 'y', 's', 't', 'u', 'd', 'i', 'o', '1', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "nyyu.tk", true */ 'n', 'y', 'y', 'u', '.', 't', 'k', '\0',
+  /* "nzb.cat", false */ 'n', 'z', 'b', '.', 'c', 'a', 't', '\0',
+  /* "nzstudy.ac.nz", true */ 'n', 'z', 's', 't', 'u', 'd', 'y', '.', 'a', 'c', '.', 'n', 'z', '\0',
+  /* "o-loska.cz", true */ 'o', '-', 'l', 'o', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "o-sp.com", true */ 'o', '-', 's', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "o2careers.co.uk", true */ 'o', '2', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "o3.wf", true */ 'o', '3', '.', 'w', 'f', '\0',
+  /* "o3wallet.com", true */ 'o', '3', 'w', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "o6asan.com", true */ 'o', '6', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oaic.gov.au", true */ 'o', 'a', 'i', 'c', '.', 'g', 'o', 'v', '.', 'a', 'u', '\0',
+  /* "oakington.info", true */ 'o', 'a', 'k', 'i', 'n', 'g', 't', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "oakparkelectrical.com", true */ 'o', 'a', 'k', 'p', 'a', 'r', 'k', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "oaksbloom.com", true */ 'o', 'a', 'k', 's', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "oakslighting.co.uk", true */ 'o', 'a', 'k', 's', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oasis-conference.org.nz", true */ 'o', 'a', 's', 'i', 's', '-', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '.', 'n', 'z', '\0',
+  /* "oasisdabeleza.com.br", true */ 'o', 'a', 's', 'i', 's', 'd', 'a', 'b', 'e', 'l', 'e', 'z', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oatberry.me", false */ 'o', 'a', 't', 'b', 'e', 'r', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "oauth-dropins.appspot.com", false */ 'o', 'a', 'u', 't', 'h', '-', 'd', 'r', 'o', 'p', 'i', 'n', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "obamalibrary.gov", true */ 'o', 'b', 'a', 'm', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "oberhofdrinks.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oberhofjuice.com", true */ 'o', 'b', 'e', 'r', 'h', 'o', 'f', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "obermeiers.eu", true */ 'o', 'b', 'e', 'r', 'm', 'e', 'i', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "oberoi.de", true */ 'o', 'b', 'e', 'r', 'o', 'i', '.', 'd', 'e', '\0',
+  /* "obfuscate.xyz", true */ 'o', 'b', 'f', 'u', 's', 'c', 'a', 't', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "obg-global.com", true */ 'o', 'b', 'g', '-', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "object.earth", true */ 'o', 'b', 'j', 'e', 'c', 't', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "objectif-terre.ch", true */ 'o', 'b', 'j', 'e', 'c', 't', 'i', 'f', '-', 't', 'e', 'r', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "objekt-textil.ch", true */ 'o', 'b', 'j', 'e', 'k', 't', '-', 't', 'e', 'x', 't', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "oblast45.ru", false */ 'o', 'b', 'l', 'a', 's', 't', '4', '5', '.', 'r', 'u', '\0',
+  /* "oblikdom.pro", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "oblikdom.ru", true */ 'o', 'b', 'l', 'i', 'k', 'd', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "oblondata.io", true */ 'o', 'b', 'l', 'o', 'n', 'd', 'a', 't', 'a', '.', 'i', 'o', '\0',
+  /* "obrienlab.com", true */ 'o', 'b', 'r', 'i', 'e', 'n', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "obscur.us", true */ 'o', 'b', 's', 'c', 'u', 'r', '.', 'u', 's', '\0',
+  /* "observatory.se", true */ 'o', 'b', 's', 'e', 'r', 'v', 'a', 't', 'o', 'r', 'y', '.', 's', 'e', '\0',
+  /* "obsidianirc.net", true */ 'o', 'b', 's', 'i', 'd', 'i', 'a', 'n', 'i', 'r', 'c', '.', 'n', 'e', 't', '\0',
+  /* "obsproject.com", true */ 'o', 'b', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "obtima.org", true */ 'o', 'b', 't', 'i', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "obud.cz", true */ 'o', 'b', 'u', 'd', '.', 'c', 'z', '\0',
+  /* "obyvateleceska.cz", true */ 'o', 'b', 'y', 'v', 'a', 't', 'e', 'l', 'e', 'c', 'e', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "oc-minecraft.com", true */ 'o', 'c', '-', 'm', 'i', 'n', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oc-sa.ch", true */ 'o', 'c', '-', 's', 'a', '.', 'c', 'h', '\0',
+  /* "ocad.com.au", true */ 'o', 'c', 'a', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ocapic.com", true */ 'o', 'c', 'a', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "occasion-impro.com", true */ 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', '-', 'i', 'm', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "occentus.net", true */ 'o', 'c', 'c', 'e', 'n', 't', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "occmon.net", true */ 'o', 'c', 'c', 'm', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ocd2016.com", true */ 'o', 'c', 'd', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "oceandns.eu", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'e', 'u', '\0',
+  /* "oceandns.net", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "oceandns.nl", true */ 'o', 'c', 'e', 'a', 'n', 'd', 'n', 's', '.', 'n', 'l', '\0',
+  /* "oceanvisuals.com", true */ 'o', 'c', 'e', 'a', 'n', 'v', 'i', 's', 'u', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ocelot.help", true */ 'o', 'c', 'e', 'l', 'o', 't', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "ocenovani-inspekce.cz", true */ 'o', 'c', 'e', 'n', 'o', 'v', 'a', 'n', 'i', '-', 'i', 'n', 's', 'p', 'e', 'k', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "ocf.io", true */ 'o', 'c', 'f', '.', 'i', 'o', '\0',
+  /* "ocg-card.com", true */ 'o', 'c', 'g', '-', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "ochsundjunior.ch", true */ 'o', 'c', 'h', 's', 'u', 'n', 'd', 'j', 'u', 'n', 'i', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "ocim.ch", true */ 'o', 'c', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "ockendenhemming.co.uk", true */ 'o', 'c', 'k', 'e', 'n', 'd', 'e', 'n', 'h', 'e', 'm', 'm', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ocloud.fr", true */ 'o', 'c', 'l', 'o', 'u', 'd', '.', 'f', 'r', '\0',
+  /* "ocolere.ch", true */ 'o', 'c', 'o', 'l', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "ocotg.com", true */ 'o', 'c', 'o', 't', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ocrn.nl", true */ 'o', 'c', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "ocsigroup.fr", true */ 'o', 'c', 's', 'i', 'g', 'r', 'o', 'u', 'p', '.', 'f', 'r', '\0',
+  /* "ocsr.nl", true */ 'o', 'c', 's', 'r', '.', 'n', 'l', '\0',
+  /* "octal.es", true */ 'o', 'c', 't', 'a', 'l', '.', 'e', 's', '\0',
+  /* "octanio.com", true */ 'o', 'c', 't', 'a', 'n', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "octav.name", false */ 'o', 'c', 't', 'a', 'v', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "octod.tk", true */ 'o', 'c', 't', 'o', 'd', '.', 't', 'k', '\0',
+  /* "octofox.de", true */ 'o', 'c', 't', 'o', 'f', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "octohedralpvp.tk", true */ 'o', 'c', 't', 'o', 'h', 'e', 'd', 'r', 'a', 'l', 'p', 'v', 'p', '.', 't', 'k', '\0',
+  /* "octolopagon.games", true */ 'o', 'c', 't', 'o', 'l', 'o', 'p', 'a', 'g', 'o', 'n', '.', 'g', 'a', 'm', 'e', 's', '\0',
+  /* "octopus-agents.com", true */ 'o', 'c', 't', 'o', 'p', 'u', 's', '-', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "octosniff.net", true */ 'o', 'c', 't', 'o', 's', 'n', 'i', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "octosys.net", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "octosys.org", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "octosys.ru", true */ 'o', 'c', 't', 'o', 's', 'y', 's', '.', 'r', 'u', '\0',
+  /* "octothorpe.club", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "octothorpe.ninja", true */ 'o', 'c', 't', 'o', 't', 'h', 'o', 'r', 'p', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "oddnumber.ca", true */ 'o', 'd', 'd', 'n', 'u', 'm', 'b', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "oddsandevens.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', '.', 'c', 'a', '\0',
+  /* "oddsandevensbookkeeping.ca", true */ 'o', 'd', 'd', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 's', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "oddtime.net", true */ 'o', 'd', 'd', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "odensc.me", true */ 'o', 'd', 'e', 'n', 's', 'c', '.', 'm', 'e', '\0',
+  /* "odifi.com", true */ 'o', 'd', 'i', 'f', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "odoo.co.th", false */ 'o', 'd', 'o', 'o', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "odtu.lu", true */ 'o', 'd', 't', 'u', '.', 'l', 'u', '\0',
+  /* "oducs.org", true */ 'o', 'd', 'u', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "odysseyconservationtrust.com", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', 't', 'r', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "odysseyofthemind.eu", true */ 'o', 'd', 'y', 's', 's', 'e', 'y', 'o', 'f', 't', 'h', 'e', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "odzyskaniedomeny.pl", true */ 'o', 'd', 'z', 'y', 's', 'k', 'a', 'n', 'i', 'e', 'd', 'o', 'm', 'e', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "oec-music.com", true */ 'o', 'e', 'c', '-', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oeh.ac.at", true */ 'o', 'e', 'h', '.', 'a', 'c', '.', 'a', 't', '\0',
+  /* "oeko-bundesfreiwilligendienst-sh.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '-', 's', 'h', '.', 'd', 'e', '\0',
+  /* "oeko-bundesfreiwilligendienst.de", true */ 'o', 'e', 'k', 'o', '-', 'b', 'u', 'n', 'd', 'e', 's', 'f', 'r', 'e', 'i', 'w', 'i', 'l', 'l', 'i', 'g', 'e', 'n', 'd', 'i', 'e', 'n', 's', 't', '.', 'd', 'e', '\0',
+  /* "oeko-jahr-jubilaeum.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '-', 'j', 'u', 'b', 'i', 'l', 'a', 'e', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "oeko-jahr.de", true */ 'o', 'e', 'k', 'o', '-', 'j', 'a', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "oelsner.net", true */ 'o', 'e', 'l', 's', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "oemwolf.com", true */ 'o', 'e', 'm', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "ofcampuslausanne.ch", true */ 'o', 'f', 'c', 'a', 'm', 'p', 'u', 's', 'l', 'a', 'u', 's', 'a', 'n', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "ofcss.com", true */ 'o', 'f', 'c', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ofda.gov", true */ 'o', 'f', 'd', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "offbyinfinity.com", true */ 'o', 'f', 'f', 'b', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "offenekommune.de", true */ 'o', 'f', 'f', 'e', 'n', 'e', 'k', 'o', 'm', 'm', 'u', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "offersgame.com", true */ 'o', 'f', 'f', 'e', 'r', 's', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "offgames.io", true */ 'o', 'f', 'f', 'g', 'a', 'm', 'e', 's', '.', 'i', 'o', '\0',
+  /* "office-de-tourisme.net", false */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'd', 'e', '-', 't', 'o', 'u', 'r', 'i', 's', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "office-morimoto.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', '-', 'm', 'o', 'r', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "officefundays.co.uk", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'f', 'u', 'n', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "officemovepro.com", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'm', 'o', 'v', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "officeprint.co.th", true */ 'o', 'f', 'f', 'i', 'c', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', '.', 't', 'h', '\0',
+  /* "officiants.wedding", false */ 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'n', 't', 's', '.', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '\0',
+  /* "officium.tech", true */ 'o', 'f', 'f', 'i', 'c', 'i', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0',
+  /* "offroadeq.com", true */ 'o', 'f', 'f', 'r', 'o', 'a', 'd', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "offshoot.rentals", true */ 'o', 'f', 'f', 's', 'h', 'o', 'o', 't', '.', 'r', 'e', 'n', 't', 'a', 'l', 's', '\0',
+  /* "offtherails.ie", true */ 'o', 'f', 'f', 't', 'h', 'e', 'r', 'a', 'i', 'l', 's', '.', 'i', 'e', '\0',
+  /* "ofggolf.com", true */ 'o', 'f', 'g', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "oflow.me", true */ 'o', 'f', 'l', 'o', 'w', '.', 'm', 'e', '\0',
+  /* "oftamedic.com", true */ 'o', 'f', 't', 'a', 'm', 'e', 'd', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oftn.org", true */ 'o', 'f', 't', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oge.ch", true */ 'o', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "oggw.us", true */ 'o', 'g', 'g', 'w', '.', 'u', 's', '\0',
+  /* "ogis.gov", true */ 'o', 'g', 'i', 's', '.', 'g', 'o', 'v', '\0',
+  /* "ogkw.de", true */ 'o', 'g', 'k', 'w', '.', 'd', 'e', '\0',
+  /* "oglen.ca", true */ 'o', 'g', 'l', 'e', 'n', '.', 'c', 'a', '\0',
+  /* "ogocare.com", true */ 'o', 'g', 'o', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ogrodywstudniach.pl", true */ 'o', 'g', 'r', 'o', 'd', 'y', 'w', 's', 't', 'u', 'd', 'n', 'i', 'a', 'c', 'h', '.', 'p', 'l', '\0',
+  /* "oguya.ch", true */ 'o', 'g', 'u', 'y', 'a', '.', 'c', 'h', '\0',
+  /* "oh14.de", true */ 'o', 'h', '1', '4', '.', 'd', 'e', '\0',
+  /* "ohadsoft.com", true */ 'o', 'h', 'a', 'd', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ohai.su", true */ 'o', 'h', 'a', 'i', '.', 's', 'u', '\0',
+  /* "ohayosoro.me", true */ 'o', 'h', 'a', 'y', 'o', 's', 'o', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "ohchouette.com", true */ 'o', 'h', 'c', 'h', 'o', 'u', 'e', 't', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ohd.dk", true */ 'o', 'h', 'd', '.', 'd', 'k', '\0',
+  /* "oheila.com", true */ 'o', 'h', 'e', 'i', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ohhdeertrade.com", true */ 'o', 'h', 'h', 'd', 'e', 'e', 'r', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ohiohealthfortune100.com", true */ 'o', 'h', 'i', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'f', 'o', 'r', 't', 'u', 'n', 'e', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "ohling.org", true */ 'o', 'h', 'l', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "ohma.ga", true */ 'o', 'h', 'm', 'a', '.', 'g', 'a', '\0',
+  /* "ohnemusik.com", true */ 'o', 'h', 'n', 'e', 'm', 'u', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ohreally.de", true */ 'o', 'h', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "ohsohairy.co.uk", true */ 'o', 'h', 's', 'o', 'h', 'a', 'i', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oilpaintingsonly.com", true */ 'o', 'i', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 's', 'o', 'n', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "oinky.ddns.net", true */ 'o', 'i', 'n', 'k', 'y', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "ojaioliveoil.com", true */ 'o', 'j', 'a', 'i', 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ojdip.net", true */ 'o', 'j', 'd', 'i', 'p', '.', 'n', 'e', 't', '\0',
+  /* "ojomovies.com", true */ 'o', 'j', 'o', 'm', 'o', 'v', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ojp.gov", true */ 'o', 'j', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "okad-center.de", true */ 'o', 'k', 'a', 'd', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "okad.de", true */ 'o', 'k', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "okad.eu", true */ 'o', 'k', 'a', 'd', '.', 'e', 'u', '\0',
+  /* "okakuro.org", true */ 'o', 'k', 'a', 'k', 'u', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "okanaganrailtrail.ca", true */ 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', 'r', 'a', 'i', 'l', 't', 'r', 'a', 'i', 'l', '.', 'c', 'a', '\0',
+  /* "okay.cf", true */ 'o', 'k', 'a', 'y', '.', 'c', 'f', '\0',
+  /* "okay.coffee", true */ 'o', 'k', 'a', 'y', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "okaz.de", true */ 'o', 'k', 'a', 'z', '.', 'd', 'e', '\0',
+  /* "okburrito.com", true */ 'o', 'k', 'b', 'u', 'r', 'r', 'i', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "okchicas.com", true */ 'o', 'k', 'c', 'h', 'i', 'c', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "okchousebuyer.com", true */ 'o', 'k', 'c', 'h', 'o', 'u', 's', 'e', 'b', 'u', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "okeeferanch.ca", true */ 'o', 'k', 'e', 'e', 'f', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "okhrana.agency", true */ 'o', 'k', 'h', 'r', 'a', 'n', 'a', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "okib.ca", true */ 'o', 'k', 'i', 'b', '.', 'c', 'a', '\0',
+  /* "okin-jp.net", true */ 'o', 'k', 'i', 'n', '-', 'j', 'p', '.', 'n', 'e', 't', '\0',
+  /* "oklahomamoversassociation.org", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'm', 'o', 'v', 'e', 'r', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oklahomanotepro.com", true */ 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', 'n', 'o', 't', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "okmx.de", false */ 'o', 'k', 'm', 'x', '.', 'd', 'e', '\0',
+  /* "okonetwork.org.uk", true */ 'o', 'k', 'o', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "oktime.cz", true */ 'o', 'k', 't', 'i', 'm', 'e', '.', 'c', 'z', '\0',
+  /* "oktoberfeststore.nl", true */ 'o', 'k', 't', 'o', 'b', 'e', 'r', 'f', 'e', 's', 't', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "oktomus.com", true */ 'o', 'k', 't', 'o', 'm', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "okusiassociates.com", true */ 'o', 'k', 'u', 's', 'i', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olasouris.com", true */ 'o', 'l', 'a', 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olback.net", true */ 'o', 'l', 'b', 'a', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "oldandyounglesbians.us", true */ 'o', 'l', 'd', 'a', 'n', 'd', 'y', 'o', 'u', 'n', 'g', 'l', 'e', 's', 'b', 'i', 'a', 'n', 's', '.', 'u', 's', '\0',
+  /* "oldbrookinflatables.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oldbrookmarqueehire.co.uk", true */ 'o', 'l', 'd', 'b', 'r', 'o', 'o', 'k', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oldchaphome.nl", true */ 'o', 'l', 'd', 'c', 'h', 'a', 'p', 'h', 'o', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "oldenglishsheepdog.com.br", true */ 'o', 'l', 'd', 'e', 'n', 'g', 'l', 'i', 's', 'h', 's', 'h', 'e', 'e', 'p', 'd', 'o', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oldking.net", true */ 'o', 'l', 'd', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "oldtimer-trifft-flugplatz.de", true */ 'o', 'l', 'd', 't', 'i', 'm', 'e', 'r', '-', 't', 'r', 'i', 'f', 'f', 't', '-', 'f', 'l', 'u', 'g', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "olegon.ru", true */ 'o', 'l', 'e', 'g', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "olegs.be", true */ 'o', 'l', 'e', 'g', 's', '.', 'b', 'e', '\0',
+  /* "oleksii.name", true */ 'o', 'l', 'e', 'k', 's', 'i', 'i', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "oleodecopayba.com.br", true */ 'o', 'l', 'e', 'o', 'd', 'e', 'c', 'o', 'p', 'a', 'y', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "olgiati.org", true */ 'o', 'l', 'g', 'i', 'a', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "olightstore.com", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olightstore.ro", true */ 'o', 'l', 'i', 'g', 'h', 't', 's', 't', 'o', 'r', 'e', '.', 'r', 'o', '\0',
+  /* "oliode.tk", true */ 'o', 'l', 'i', 'o', 'd', 'e', '.', 't', 'k', '\0',
+  /* "oliveoiltest.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oliveoiltimes.com", true */ 'o', 'l', 'i', 'v', 'e', 'o', 'i', 'l', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oliveraiedelabastideblanche.fr", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'a', 'i', 'e', 'd', 'e', 'l', 'a', 'b', 'a', 's', 't', 'i', 'd', 'e', 'b', 'l', 'a', 'n', 'c', 'h', 'e', '.', 'f', 'r', '\0',
+  /* "oliverfaircliff.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'f', 'a', 'i', 'r', 'c', 'l', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "olivernaraki.com", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'a', 'r', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "oliverniebuhr.de", true */ 'o', 'l', 'i', 'v', 'e', 'r', 'n', 'i', 'e', 'b', 'u', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "olivierberardphotographe.com", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'b', 'e', 'r', 'a', 'r', 'd', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olivierlemoal.fr", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'l', 'e', 'm', 'o', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "olivierpieters.be", true */ 'o', 'l', 'i', 'v', 'i', 'e', 'r', 'p', 'i', 'e', 't', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "olivlabs.com", true */ 'o', 'l', 'i', 'v', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "olizeite.ch", true */ 'o', 'l', 'i', 'z', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "ollie.io", true */ 'o', 'l', 'l', 'i', 'e', '.', 'i', 'o', '\0',
+  /* "ollies.cloud", true */ 'o', 'l', 'l', 'i', 'e', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "olliespage.com", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "olliespage.net", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "olliespage.uk", true */ 'o', 'l', 'l', 'i', 'e', 's', 'p', 'a', 'g', 'e', '.', 'u', 'k', '\0',
+  /* "ollning.com", true */ 'o', 'l', 'l', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "olmari.fi", true */ 'o', 'l', 'm', 'a', 'r', 'i', '.', 'f', 'i', '\0',
+  /* "olmsted.io", true */ 'o', 'l', 'm', 's', 't', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "olygazoo.com", true */ 'o', 'l', 'y', 'g', 'a', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "olymp-arts.world", true */ 'o', 'l', 'y', 'm', 'p', '-', 'a', 'r', 't', 's', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "olympe-transport.fr", true */ 'o', 'l', 'y', 'm', 'p', 'e', '-', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "olympiads.ca", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'a', 'd', 's', '.', 'c', 'a', '\0',
+  /* "olympic-research.com", true */ 'o', 'l', 'y', 'm', 'p', 'i', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "om1.com", true */ 'o', 'm', '1', '.', 'c', 'o', 'm', '\0',
+  /* "omanko.porn", true */ 'o', 'm', 'a', 'n', 'k', 'o', '.', 'p', 'o', 'r', 'n', '\0',
+  /* "omarh.net", true */ 'o', 'm', 'a', 'r', 'h', '.', 'n', 'e', 't', '\0',
+  /* "omegahosting.net", true */ 'o', 'm', 'e', 'g', 'a', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "omertabeyond.com", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "omertabeyond.net", true */ 'o', 'm', 'e', 'r', 't', 'a', 'b', 'e', 'y', 'o', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ometepeislandinfo.com", true */ 'o', 'm', 'e', 't', 'e', 'p', 'e', 'i', 's', 'l', 'a', 'n', 'd', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "omf.link", true */ 'o', 'm', 'f', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "omgbouncycastlehire.co.uk", true */ 'o', 'm', 'g', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "omi-news.fr", true */ 'o', 'm', 'i', '-', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "omifind.com", true */ 'o', 'm', 'i', 'f', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "omise.co", true */ 'o', 'm', 'i', 's', 'e', '.', 'c', 'o', '\0',
+  /* "omitech.co.uk", true */ 'o', 'm', 'i', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ommahpost.com", true */ 'o', 'm', 'm', 'a', 'h', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "omniasl.com", true */ 'o', 'm', 'n', 'i', 'a', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "omniatv.com", true */ 'o', 'm', 'n', 'i', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "omnienviro.com", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "omnienviro.com.au", false */ 'o', 'm', 'n', 'i', 'e', 'n', 'v', 'i', 'r', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "omniscimus.net", false */ 'o', 'm', 'n', 'i', 's', 'c', 'i', 'm', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "omnisiens.se", true */ 'o', 'm', 'n', 'i', 's', 'i', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "omnitrack.org", true */ 'o', 'm', 'n', 'i', 't', 'r', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "omniverse.ru", true */ 'o', 'm', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'r', 'u', '\0',
+  /* "omorashi.org", true */ 'o', 'm', 'o', 'r', 'a', 's', 'h', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "omoteura.com", true */ 'o', 'm', 'o', 't', 'e', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "omranic.com", true */ 'o', 'm', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "omronwellness.com", true */ 'o', 'm', 'r', 'o', 'n', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "omsdieppe.fr", true */ 'o', 'm', 's', 'd', 'i', 'e', 'p', 'p', 'e', '.', 'f', 'r', '\0',
+  /* "omyogarishikesh.com", true */ 'o', 'm', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "on-te.ch", true */ 'o', 'n', '-', 't', 'e', '.', 'c', 'h', '\0',
+  /* "on-tech.co.uk", true */ 'o', 'n', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ona.io", true */ 'o', 'n', 'a', '.', 'i', 'o', '\0',
+  /* "onaboat.se", true */ 'o', 'n', 'a', 'b', 'o', 'a', 't', '.', 's', 'e', '\0',
+  /* "onarto.com", true */ 'o', 'n', 'a', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "onceuponarainbow.co.uk", true */ 'o', 'n', 'c', 'e', 'u', 'p', 'o', 'n', 'a', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oncf.asso.fr", true */ 'o', 'n', 'c', 'f', '.', 'a', 's', 's', 'o', '.', 'f', 'r', '\0',
+  /* "oncodedesign.com", true */ 'o', 'n', 'c', 'o', 'd', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ond-inc.com", true */ 'o', 'n', 'd', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "ondrej.org", true */ 'o', 'n', 'd', 'r', 'e', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "one-resource.com", true */ 'o', 'n', 'e', '-', 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "one-s.co.jp", true */ 'o', 'n', 'e', '-', 's', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "one-tab.com", true */ 'o', 'n', 'e', '-', 't', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "one2edit.com", true */ 'o', 'n', 'e', '2', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oneazcu.com", false */ 'o', 'n', 'e', 'a', 'z', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "onebigcow.com", true */ 'o', 'n', 'e', 'b', 'i', 'g', 'c', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "oneclic.ch", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "oneclickonejob.com", true */ 'o', 'n', 'e', 'c', 'l', 'i', 'c', 'k', 'o', 'n', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "onedot.nl", true */ 'o', 'n', 'e', 'd', 'o', 't', '.', 'n', 'l', '\0',
+  /* "onedottwelve.co.jp", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "onedottwelve.com", true */ 'o', 'n', 'e', 'd', 'o', 't', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onedrive.com", true */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onedrive.live.com", false */ 'o', 'n', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onee3.org", true */ 'o', 'n', 'e', 'e', '3', '.', 'o', 'r', 'g', '\0',
+  /* "onefour.ga", false */ 'o', 'n', 'e', 'f', 'o', 'u', 'r', '.', 'g', 'a', '\0',
+  /* "onelawsuit.com", true */ 'o', 'n', 'e', 'l', 'a', 'w', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "onemid.net", true */ 'o', 'n', 'e', 'm', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "onemoonmedia.de", true */ 'o', 'n', 'e', 'm', 'o', 'o', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "oneononeonone.de", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "oneononeonone.tv", true */ 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', 'o', 'n', 'o', 'n', 'e', '.', 't', 'v', '\0',
+  /* "onepointzero.com", true */ 'o', 'n', 'e', 'p', 'o', 'i', 'n', 't', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "onestepfootcare.com", true */ 'o', 'n', 'e', 's', 't', 'e', 'p', 'f', 'o', 'o', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onestopcastles.co.uk", true */ 'o', 'n', 'e', 's', 't', 'o', 'p', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onetech.it", true */ 'o', 'n', 'e', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "onetime.info", true */ 'o', 'n', 'e', 't', 'i', 'm', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "oneway.ga", true */ 'o', 'n', 'e', 'w', 'a', 'y', '.', 'g', 'a', '\0',
+  /* "onewaymail.com", true */ 'o', 'n', 'e', 'w', 'a', 'y', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "oneweb.hu", true */ 'o', 'n', 'e', 'w', 'e', 'b', '.', 'h', 'u', '\0',
+  /* "onfarma.it", true */ 'o', 'n', 'f', 'a', 'r', 'm', 'a', '.', 'i', 't', '\0',
+  /* "onguardonline.gov", true */ 'o', 'n', 'g', 'u', 'a', 'r', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "onhub1.com", true */ 'o', 'n', 'h', 'u', 'b', '1', '.', 'c', 'o', 'm', '\0',
+  /* "onionscan.org", true */ 'o', 'n', 'i', 'o', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oniria.ch", true */ 'o', 'n', 'i', 'r', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "onix.eu.com", true */ 'o', 'n', 'i', 'x', '.', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "onixcco.com.br", true */ 'o', 'n', 'i', 'x', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "onlfait.ch", true */ 'o', 'n', 'l', 'f', 'a', 'i', 't', '.', 'c', 'h', '\0',
+  /* "online-bouwmaterialen.nl", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'b', 'o', 'u', 'w', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "online-consulting-corp.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "online-consulting-corp.fr", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '-', 'c', 'o', 'r', 'p', '.', 'f', 'r', '\0',
+  /* "online-eikaiwa-guide.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'e', 'i', 'k', 'a', 'i', 'w', 'a', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "online-results.dk", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'd', 'k', '\0',
+  /* "online-scene.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', '-', 's', 'c', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "online.marketing", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '\0',
+  /* "online.swedbank.se", true */ 'o', 'n', 'l', 'i', 'n', 'e', '.', 's', 'w', 'e', 'd', 'b', 'a', 'n', 'k', '.', 's', 'e', '\0',
+  /* "online24.pt", true */ 'o', 'n', 'l', 'i', 'n', 'e', '2', '4', '.', 'p', 't', '\0',
+  /* "onlinebizdirect.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 'b', 'i', 'z', 'd', 'i', 'r', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "onlinecasino.vlaanderen", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', '.', 'v', 'l', 'a', 'a', 'n', 'd', 'e', 'r', 'e', 'n', '\0',
+  /* "onlinecasinobluebook.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'a', 's', 'i', 'n', 'o', 'b', 'l', 'u', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "onlinecensorship.org", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'e', 'n', 's', 'o', 'r', 's', 'h', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "onlinecollegeessay.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "onlinefashion.it", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'f', 'a', 's', 'h', 'i', 'o', 'n', '.', 'i', 't', '\0',
+  /* "onlinelegalmarketing.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "onlinelegalmedia.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'e', 'g', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "onlinelighting.com.au", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'l', 'i', 'g', 'h', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "onlinemarketingtraining.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onlinepokerspelen.be", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'p', 'o', 'k', 'e', 'r', 's', 'p', 'e', 'l', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "onlinerollout.de", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'o', 'l', 'l', 'o', 'u', 't', '.', 'd', 'e', '\0',
+  /* "onlinestoreninjas.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 's', 't', 'o', 'r', 'e', 'n', 'i', 'n', 'j', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onlineth.com", false */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "onlinetravelmoney.co.uk", true */ 'o', 'n', 'l', 'i', 'n', 'e', 't', 'r', 'a', 'v', 'e', 'l', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "onlineweblearning.com", true */ 'o', 'n', 'l', 'i', 'n', 'e', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "onlylebanon.net", true */ 'o', 'n', 'l', 'y', 'l', 'e', 'b', 'a', 'n', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "onmaps.de", true */ 'o', 'n', 'm', 'a', 'p', 's', '.', 'd', 'e', '\0',
+  /* "onmarketbookbuilds.com", true */ 'o', 'n', 'm', 'a', 'r', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'b', 'u', 'i', 'l', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onmyoji.biz", true */ 'o', 'n', 'm', 'y', 'o', 'j', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "onnee.ch", true */ 'o', 'n', 'n', 'e', 'e', '.', 'c', 'h', '\0',
+  /* "ono.es", true */ 'o', 'n', 'o', '.', 'e', 's', '\0',
+  /* "ononpay.com", true */ 'o', 'n', 'o', 'n', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "onpay.io", true */ 'o', 'n', 'p', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "onqproductions.com", true */ 'o', 'n', 'q', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "onrr.gov", true */ 'o', 'n', 'r', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "ons.ca", true */ 'o', 'n', 's', '.', 'c', 'a', '\0',
+  /* "onsennuie.fr", true */ 'o', 'n', 's', 'e', 'n', 'n', 'u', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "onshuistrust.co.za", true */ 'o', 'n', 's', 'h', 'u', 'i', 's', 't', 'r', 'u', 's', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "onsite4u.de", true */ 'o', 'n', 's', 'i', 't', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "ontdekhetzelf.nu", true */ 'o', 'n', 't', 'd', 'e', 'k', 'h', 'e', 't', 'z', 'e', 'l', 'f', '.', 'n', 'u', '\0',
+  /* "onthe.network", true */ 'o', 'n', 't', 'h', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "ontheboard.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "onthebriteside.com", true */ 'o', 'n', 't', 'h', 'e', 'b', 'r', 'i', 't', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onthecheap.store", true */ 'o', 'n', 't', 'h', 'e', 'c', 'h', 'e', 'a', 'p', '.', 's', 't', 'o', 'r', 'e', '\0',
+  /* "ontheten.org", true */ 'o', 'n', 't', 'h', 'e', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "onvey.io", true */ 'o', 'n', 'v', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "onviga.de", true */ 'o', 'n', 'v', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "onvirt.de", true */ 'o', 'n', 'v', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "onvori.com", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "onvori.de", true */ 'o', 'n', 'v', 'o', 'r', 'i', '.', 'd', 'e', '\0',
+  /* "onwie.com", true */ 'o', 'n', 'w', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "onysix.net", true */ 'o', 'n', 'y', 's', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "onyxfireinc.com", true */ 'o', 'n', 'y', 'x', 'f', 'i', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oodlessoftplay.co.uk", true */ 'o', 'o', 'd', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oogartsennet.nl", true */ 'o', 'o', 'g', 'a', 'r', 't', 's', 'e', 'n', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "ooharttemplates.com", true */ 'o', 'o', 'h', 'a', 'r', 't', 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ooonja.de", true */ 'o', 'o', 'o', 'n', 'j', 'a', '.', 'd', 'e', '\0',
+  /* "oopsis.com", true */ 'o', 'o', 'p', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ooyo.be", true */ 'o', 'o', 'y', 'o', '.', 'b', 'e', '\0',
+  /* "op11.co.uk", true */ 'o', 'p', '1', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oparl.org", true */ 'o', 'p', 'a', 'r', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "opatut.de", true */ 'o', 'p', 'a', 't', 'u', 't', '.', 'd', 'e', '\0',
+  /* "opcaobolsas.com.br", true */ 'o', 'p', 'c', 'a', 'o', 'b', 'o', 'l', 's', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "opcenter.de", true */ 'o', 'p', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ope.ee", true */ 'o', 'p', 'e', '.', 'e', 'e', '\0',
+  /* "open-bs.com", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "open-bs.ru", true */ 'o', 'p', 'e', 'n', '-', 'b', 's', '.', 'r', 'u', '\0',
+  /* "open-desk.org", true */ 'o', 'p', 'e', 'n', '-', 'd', 'e', 's', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "open-freax.fr", true */ 'o', 'p', 'e', 'n', '-', 'f', 'r', 'e', 'a', 'x', '.', 'f', 'r', '\0',
+  /* "open-future.be", true */ 'o', 'p', 'e', 'n', '-', 'f', 'u', 't', 'u', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "open-infrastructure.net", true */ 'o', 'p', 'e', 'n', '-', 'i', 'n', 'f', 'r', 'a', 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "open-letters.de", true */ 'o', 'p', 'e', 'n', '-', 'l', 'e', 't', 't', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "open-mesh.org", true */ 'o', 'p', 'e', 'n', '-', 'm', 'e', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "open-sauce-recipes.co.uk", true */ 'o', 'p', 'e', 'n', '-', 's', 'a', 'u', 'c', 'e', '-', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "open-source.gr", true */ 'o', 'p', 'e', 'n', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'g', 'r', '\0',
+  /* "open.gl", true */ 'o', 'p', 'e', 'n', '.', 'g', 'l', '\0',
+  /* "openacademies.com", true */ 'o', 'p', 'e', 'n', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "openacte.ch", true */ 'o', 'p', 'e', 'n', 'a', 'c', 't', 'e', '.', 'c', 'h', '\0',
+  /* "openblox.org", true */ 'o', 'p', 'e', 'n', 'b', 'l', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "openbsd.id", true */ 'o', 'p', 'e', 'n', 'b', 's', 'd', '.', 'i', 'd', '\0',
+  /* "opencad.io", true */ 'o', 'p', 'e', 'n', 'c', 'a', 'd', '.', 'i', 'o', '\0',
+  /* "opencircuit.nl", true */ 'o', 'p', 'e', 'n', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "opencluster.at", true */ 'o', 'p', 'e', 'n', 'c', 'l', 'u', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "openconnect.com.au", true */ 'o', 'p', 'e', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "opendataincubator.eu", true */ 'o', 'p', 'e', 'n', 'd', 'a', 't', 'a', 'i', 'n', 'c', 'u', 'b', 'a', 't', 'o', 'r', '.', 'e', 'u', '\0',
+  /* "opendecide.com", true */ 'o', 'p', 'e', 'n', 'd', 'e', 'c', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "openevic.info", true */ 'o', 'p', 'e', 'n', 'e', 'v', 'i', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "openfir.st", true */ 'o', 'p', 'e', 'n', 'f', 'i', 'r', '.', 's', 't', '\0',
+  /* "openfitapi-falke.azurewebsites.net", true */ 'o', 'p', 'e', 'n', 'f', 'i', 't', 'a', 'p', 'i', '-', 'f', 'a', 'l', 'k', 'e', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "opengg.me", true */ 'o', 'p', 'e', 'n', 'g', 'g', '.', 'm', 'e', '\0',
+  /* "openings.ninja", true */ 'o', 'p', 'e', 'n', 'i', 'n', 'g', 's', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "openintelligence.uk", true */ 'o', 'p', 'e', 'n', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'u', 'k', '\0',
+  /* "openiocdb.com", true */ 'o', 'p', 'e', 'n', 'i', 'o', 'c', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "openitforum.pl", true */ 'o', 'p', 'e', 'n', 'i', 't', 'f', 'o', 'r', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "openkim.org", true */ 'o', 'p', 'e', 'n', 'k', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "openkvk.nl", true */ 'o', 'p', 'e', 'n', 'k', 'v', 'k', '.', 'n', 'l', '\0',
+  /* "openmirrors.cf", true */ 'o', 'p', 'e', 'n', 'm', 'i', 'r', 'r', 'o', 'r', 's', '.', 'c', 'f', '\0',
+  /* "opennippon.com", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opennippon.ru", true */ 'o', 'p', 'e', 'n', 'n', 'i', 'p', 'p', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "openpictures.ch", true */ 'o', 'p', 'e', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "openquery.com.au", true */ 'o', 'p', 'e', 'n', 'q', 'u', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "openrainbow.com", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "openrainbow.net", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "openrainbow.org", true */ 'o', 'p', 'e', 'n', 'r', 'a', 'i', 'n', 'b', 'o', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "openrealestate.co", true */ 'o', 'p', 'e', 'n', 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', '.', 'c', 'o', '\0',
+  /* "openresty.com", true */ 'o', 'p', 'e', 'n', 'r', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "openrtv.com", true */ 'o', 'p', 'e', 'n', 'r', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "opensource-cms.nl", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', '-', 'c', 'm', 's', '.', 'n', 'l', '\0',
+  /* "opensourcedmind.eu", true */ 'o', 'p', 'e', 'n', 's', 'o', 'u', 'r', 'c', 'e', 'd', 'm', 'i', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "openspa.webhop.info", true */ 'o', 'p', 'e', 'n', 's', 'p', 'a', '.', 'w', 'e', 'b', 'h', 'o', 'p', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "openssl.org", true */ 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "openstem.com.au", true */ 'o', 'p', 'e', 'n', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "openstreetmap.is", true */ 'o', 'p', 'e', 'n', 's', 't', 'r', 'e', 'e', 't', 'm', 'a', 'p', '.', 'i', 's', '\0',
+  /* "opentexon.com", true */ 'o', 'p', 'e', 'n', 't', 'e', 'x', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opentrack.info", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 'c', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "opentrash.org", true */ 'o', 'p', 'e', 'n', 't', 'r', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "openverse.com", true */ 'o', 'p', 'e', 'n', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "openvz.org", true */ 'o', 'p', 'e', 'n', 'v', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "openwaveguide.de", true */ 'o', 'p', 'e', 'n', 'w', 'a', 'v', 'e', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "openwifi.gr", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'f', 'i', '.', 'g', 'r', '\0',
+  /* "openwireless.org", true */ 'o', 'p', 'e', 'n', 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "operad.fr", true */ 'o', 'p', 'e', 'r', 'a', 'd', '.', 'f', 'r', '\0',
+  /* "opfin.com", true */ 'o', 'p', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "opiates.ca", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "opiates.net", true */ 'o', 'p', 'i', 'a', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "opic.gov", true */ 'o', 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "opin.me", true */ 'o', 'p', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "opinion8td.com", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', '8', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "opinionicentrifuga.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'c', 'e', 'n', 't', 'r', 'i', 'f', 'u', 'g', 'a', '.', 'i', 't', '\0',
+  /* "opinionipannolini.it", true */ 'o', 'p', 'i', 'n', 'i', 'o', 'n', 'i', 'p', 'a', 'n', 'n', 'o', 'l', 'i', 'n', 'i', '.', 'i', 't', '\0',
+  /* "opioids.co.uk", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "opioids.com", true */ 'o', 'p', 'i', 'o', 'i', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "oplop.appspot.com", true */ 'o', 'p', 'l', 'o', 'p', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "oportho.com.br", true */ 'o', 'p', 'o', 'r', 't', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "opp.ag", true */ 'o', 'p', 'p', '.', 'a', 'g', '\0',
+  /* "oppaiti.me", true */ 'o', 'p', 'p', 'a', 'i', 't', 'i', '.', 'm', 'e', '\0',
+  /* "oppejoud.ee", true */ 'o', 'p', 'p', 'e', 'j', 'o', 'u', 'd', '.', 'e', 'e', '\0',
+  /* "opportunis.me", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 's', '.', 'm', 'e', '\0',
+  /* "opportunitycorps.org", true */ 'o', 'p', 'p', 'o', 'r', 't', 'u', 'n', 'i', 't', 'y', 'c', 'o', 'r', 'p', 's', '.', 'o', 'r', 'g', '\0',
+  /* "opposer.me", true */ 'o', 'p', 'p', 'o', 's', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "opq.pw", true */ 'o', 'p', 'q', '.', 'p', 'w', '\0',
+  /* "oprbox.com", true */ 'o', 'p', 'r', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "oprechtgezegd.nl", true */ 'o', 'p', 'r', 'e', 'c', 'h', 't', 'g', 'e', 'z', 'e', 'g', 'd', '.', 'n', 'l', '\0',
+  /* "opryshok.com", true */ 'o', 'p', 'r', 'y', 's', 'h', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "opsmate.com", false */ 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "opsnotepad.com", true */ 'o', 'p', 's', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "opticaltest.com", true */ 'o', 'p', 't', 'i', 'c', 'a', 'l', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "optiekzien.nl", true */ 'o', 'p', 't', 'i', 'e', 'k', 'z', 'i', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "optik-trosdorff.de", true */ 'o', 'p', 't', 'i', 'k', '-', 't', 'r', 'o', 's', 'd', 'o', 'r', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "optimalsetup.com", true */ 'o', 'p', 't', 'i', 'm', 'a', 'l', 's', 'e', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "optimisedlabs.com", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 'e', 'd', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "optimist.bg", true */ 'o', 'p', 't', 'i', 'm', 'i', 's', 't', '.', 'b', 'g', '\0',
+  /* "optimumwebdesigns.com", true */ 'o', 'p', 't', 'i', 'm', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "optimus.io", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', '.', 'i', 'o', '\0',
+  /* "optimuscrime.net", true */ 'o', 'p', 't', 'i', 'm', 'u', 's', 'c', 'r', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "optisure.de", true */ 'o', 'p', 't', 'i', 's', 'u', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "optmos.at", true */ 'o', 'p', 't', 'm', 'o', 's', '.', 'a', 't', '\0',
+  /* "optoutday.de", true */ 'o', 'p', 't', 'o', 'u', 't', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "opunch.org", true */ 'o', 'p', 'u', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "opus-codium.fr", true */ 'o', 'p', 'u', 's', '-', 'c', 'o', 'd', 'i', 'u', 'm', '.', 'f', 'r', '\0',
+  /* "orang-utans.com", true */ 'o', 'r', 'a', 'n', 'g', '-', 'u', 't', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orangecomputers.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orangefinanse.com.pl", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'f', 'i', 'n', 'a', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "orangejetpack.com", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'j', 'e', 't', 'p', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "orangenbaum.at", true */ 'o', 'r', 'a', 'n', 'g', 'e', 'n', 'b', 'a', 'u', 'm', '.', 'a', 't', '\0',
+  /* "oranges.tokyo", true */ 'o', 'r', 'a', 'n', 'g', 'e', 's', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "orangetravel.eu", true */ 'o', 'r', 'a', 'n', 'g', 'e', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "orangutan-appeal.org.uk", true */ 'o', 'r', 'a', 'n', 'g', 'u', 't', 'a', 'n', '-', 'a', 'p', 'p', 'e', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "oranic.com", true */ 'o', 'r', 'a', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "orcahq.com", true */ 'o', 'r', 'c', 'a', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "orcamoney.com", true */ 'o', 'r', 'c', 'a', 'm', 'o', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "orchideenettoyage.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'e', 'e', 'n', 'e', 't', 't', 'o', 'y', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "orchidlive.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "orchidsforum.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "orchidspaper.com", true */ 'o', 'r', 'c', 'h', 'i', 'd', 's', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "orcsnet.com", true */ 'o', 'r', 'c', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "orderessay.net", true */ 'o', 'r', 'd', 'e', 'r', 'e', 's', 's', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "ordernow.at", true */ 'o', 'r', 'd', 'e', 'r', 'n', 'o', 'w', '.', 'a', 't', '\0',
+  /* "orderswift.com", true */ 'o', 'r', 'd', 'e', 'r', 's', 'w', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ordr.mobi", true */ 'o', 'r', 'd', 'r', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "oref-idf.com", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "oref-idf.net", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "oref-idf.org", true */ 'o', 'r', 'e', 'f', '-', 'i', 'd', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "oreka.online", true */ 'o', 'r', 'e', 'k', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "oreshinya.xyz", true */ 'o', 'r', 'e', 's', 'h', 'i', 'n', 'y', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "oreto.de", true */ 'o', 'r', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "orf-digitalsatkarte.at", false */ 'o', 'r', 'f', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', 's', 'a', 't', 'k', 'a', 'r', 't', 'e', '.', 'a', 't', '\0',
+  /* "orf-kartentausch.at", false */ 'o', 'r', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', 't', 'a', 'u', 's', 'c', 'h', '.', 'a', 't', '\0',
+  /* "orfeo-engineering.ch", true */ 'o', 'r', 'f', 'e', 'o', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "organica.co.za", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "organicae.com", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'c', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "organisatieteam.nl", true */ 'o', 'r', 'g', 'a', 'n', 'i', 's', 'a', 't', 'i', 'e', 't', 'e', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "organix.ma", true */ 'o', 'r', 'g', 'a', 'n', 'i', 'x', '.', 'm', 'a', '\0',
+  /* "orgasmium.com", true */ 'o', 'r', 'g', 'a', 's', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "orhideous.name", true */ 'o', 'r', 'h', 'i', 'd', 'e', 'o', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "orians.eu", true */ 'o', 'r', 'i', 'a', 'n', 's', '.', 'e', 'u', '\0',
+  /* "oribia.net", true */ 'o', 'r', 'i', 'b', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "oricejoc.com", false */ 'o', 'r', 'i', 'c', 'e', 'j', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "orientalart.nl", true */ 'o', 'r', 'i', 'e', 'n', 't', 'a', 'l', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "origami.to", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', '.', 't', 'o', '\0',
+  /* "origamika.com", true */ 'o', 'r', 'i', 'g', 'a', 'm', 'i', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "originalniknihy.cz", true */ 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'n', 'i', 'k', 'n', 'i', 'h', 'y', '.', 'c', 'z', '\0',
+  /* "orimex-mebel.ru", true */ 'o', 'r', 'i', 'm', 'e', 'x', '-', 'm', 'e', 'b', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "orion-universe.com", true */ 'o', 'r', 'i', 'o', 'n', '-', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oriongames.eu", true */ 'o', 'r', 'i', 'o', 'n', 'g', 'a', 'm', 'e', 's', '.', 'e', 'u', '\0',
+  /* "orkestar-krizevci.hr", true */ 'o', 'r', 'k', 'e', 's', 't', 'a', 'r', '-', 'k', 'r', 'i', 'z', 'e', 'v', 'c', 'i', '.', 'h', 'r', '\0',
+  /* "orlandoprojects.com", true */ 'o', 'r', 'l', 'a', 'n', 'd', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "orleika.io", true */ 'o', 'r', 'l', 'e', 'i', 'k', 'a', '.', 'i', 'o', '\0',
+  /* "orlives.de", false */ 'o', 'r', 'l', 'i', 'v', 'e', 's', '.', 'd', 'e', '\0',
+  /* "ormer.nl", true */ 'o', 'r', 'm', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "orovillelaw.com", true */ 'o', 'r', 'o', 'v', 'i', 'l', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "orro.ro", true */ 'o', 'r', 'r', 'o', '.', 'r', 'o', '\0',
+  /* "orrs.de", true */ 'o', 'r', 'r', 's', '.', 'd', 'e', '\0',
+  /* "ortho-graz.at", true */ 'o', 'r', 't', 'h', 'o', '-', 'g', 'r', 'a', 'z', '.', 'a', 't', '\0',
+  /* "orthodontiste-geneve-docteur-rioux.com", true */ 'o', 'r', 't', 'h', 'o', 'd', 'o', 'n', 't', 'i', 's', 't', 'e', '-', 'g', 'e', 'n', 'e', 'v', 'e', '-', 'd', 'o', 'c', 't', 'e', 'u', 'r', '-', 'r', 'i', 'o', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "orthotictransfers.com", true */ 'o', 'r', 't', 'h', 'o', 't', 'i', 'c', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ortlepp.eu", true */ 'o', 'r', 't', 'l', 'e', 'p', 'p', '.', 'e', 'u', '\0',
+  /* "orui.com.br", true */ 'o', 'r', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "orwell1984.today", true */ 'o', 'r', 'w', 'e', 'l', 'l', '1', '9', '8', '4', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "orz.uno", true */ 'o', 'r', 'z', '.', 'u', 'n', 'o', '\0',
+  /* "os-chrome.ru", true */ 'o', 's', '-', 'c', 'h', 'r', 'o', 'm', 'e', '.', 'r', 'u', '\0',
+  /* "os-s.net", true */ 'o', 's', '-', 's', '.', 'n', 'e', 't', '\0',
+  /* "os24.cz", true */ 'o', 's', '2', '4', '.', 'c', 'z', '\0',
+  /* "osacrypt.studio", true */ 'o', 's', 'a', 'c', 'r', 'y', 'p', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "osaka-fukushi.jp", true */ 'o', 's', 'a', 'k', 'a', '-', 'f', 'u', 'k', 'u', 's', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "osakeannit.fi", true */ 'o', 's', 'a', 'k', 'e', 'a', 'n', 'n', 'i', 't', '.', 'f', 'i', '\0',
+  /* "osao.org", true */ 'o', 's', 'a', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "osbi.pl", true */ 'o', 's', 'b', 'i', '.', 'p', 'l', '\0',
+  /* "osborneinn.com", true */ 'o', 's', 'b', 'o', 'r', 'n', 'e', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "osburn.com", true */ 'o', 's', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oscamp.eu", true */ 'o', 's', 'c', 'a', 'm', 'p', '.', 'e', 'u', '\0',
+  /* "oscarvk.ch", true */ 'o', 's', 'c', 'a', 'r', 'v', 'k', '.', 'c', 'h', '\0',
+  /* "osereso.tn", true */ 'o', 's', 'e', 'r', 'e', 's', 'o', '.', 't', 'n', '\0',
+  /* "oses.mobi", true */ 'o', 's', 'e', 's', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "osha-kimi.com", true */ 'o', 's', 'h', 'a', '-', 'k', 'i', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "oshanko.de", true */ 'o', 's', 'h', 'a', 'n', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "oshayr.com", true */ 'o', 's', 'h', 'a', 'y', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "oshell.me", true */ 'o', 's', 'h', 'e', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "oshinagaki.jp", true */ 'o', 's', 'h', 'i', 'n', 'a', 'g', 'a', 'k', 'i', '.', 'j', 'p', '\0',
+  /* "oshrc.gov", true */ 'o', 's', 'h', 'r', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "oskrba.net", true */ 'o', 's', 'k', 'r', 'b', 'a', '.', 'n', 'e', 't', '\0',
+  /* "oskuro.net", true */ 'o', 's', 'k', 'u', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "oslinux.net", true */ 'o', 's', 'l', 'i', 'n', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "osm.is", true */ 'o', 's', 'm', '.', 'i', 's', '\0',
+  /* "osmosis.org", true */ 'o', 's', 'm', 'o', 's', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ospree.me", true */ 'o', 's', 'p', 'r', 'e', 'e', '.', 'm', 'e', '\0',
+  /* "osquery.io", true */ 'o', 's', 'q', 'u', 'e', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "ostan-collections.net", true */ 'o', 's', 't', 'a', 'n', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "osterkraenzchen.de", true */ 'o', 's', 't', 'e', 'r', 'k', 'r', 'a', 'e', 'n', 'z', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "ostr.io", true */ 'o', 's', 't', 'r', '.', 'i', 'o', '\0',
+  /* "ostrov8.com", true */ 'o', 's', 't', 'r', 'o', 'v', '8', '.', 'c', 'o', 'm', '\0',
+  /* "osusume-houhou.com", true */ 'o', 's', 'u', 's', 'u', 'm', 'e', '-', 'h', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "oswalds.co.uk", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "oswaldsmillaudio.com", true */ 'o', 's', 'w', 'a', 'l', 'd', 's', 'm', 'i', 'l', 'l', 'a', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "oswbouncycastles.co.uk", true */ 'o', 's', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "osx86spain.com", true */ 'o', 's', 'x', '8', '6', 's', 'p', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "osxentwicklerforum.de", true */ 'o', 's', 'x', 'e', 'n', 't', 'w', 'i', 'c', 'k', 'l', 'e', 'r', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "oszri.hu", true */ 'o', 's', 'z', 'r', 'i', '.', 'h', 'u', '\0',
+  /* "otako.pl", true */ 'o', 't', 'a', 'k', 'o', '.', 'p', 'l', '\0',
+  /* "otakubox.de", true */ 'o', 't', 'a', 'k', 'u', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "otakurepublic.com", true */ 'o', 't', 'a', 'k', 'u', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "otakurumi.de", true */ 'o', 't', 'a', 'k', 'u', 'r', 'u', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "otchecker.com", true */ 'o', 't', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "otellio.com", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "otellio.de", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "otellio.it", true */ 'o', 't', 'e', 'l', 'l', 'i', 'o', '.', 'i', 't', '\0',
+  /* "oticasaopaulo.com.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'a', 'o', 'p', 'a', 'u', 'l', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "oticasvisao.net.br", true */ 'o', 't', 'i', 'c', 'a', 's', 'v', 'i', 's', 'a', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "otmns.net", true */ 'o', 't', 'm', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "otorrino.pt", true */ 'o', 't', 'o', 'r', 'r', 'i', 'n', 'o', '.', 'p', 't', '\0',
+  /* "otoy.com", true */ 'o', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "otoya.space", true */ 'o', 't', 'o', 'y', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "otpsmart.com.ua", true */ 'o', 't', 'p', 's', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "otr.ie", true */ 'o', 't', 'r', '.', 'i', 'e', '\0',
+  /* "otrm.de", true */ 'o', 't', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "ottoproject.io", true */ 'o', 't', 't', 'o', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "otvaracie-hodiny.sk", true */ 'o', 't', 'v', 'a', 'r', 'a', 'c', 'i', 'e', '-', 'h', 'o', 'd', 'i', 'n', 'y', '.', 's', 'k', '\0',
+  /* "otya.me", true */ 'o', 't', 'y', 'a', '.', 'm', 'e', '\0',
+  /* "ouaibe.qc.ca", true */ 'o', 'u', 'a', 'i', 'b', 'e', '.', 'q', 'c', '.', 'c', 'a', '\0',
+  /* "ouestsolutions.com", true */ 'o', 'u', 'e', 's', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ouimoove.com", true */ 'o', 'u', 'i', 'm', 'o', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oulunjujutsu.com", true */ 'o', 'u', 'l', 'u', 'n', 'j', 'u', 'j', 'u', 't', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ourai.ws", true */ 'o', 'u', 'r', 'a', 'i', '.', 'w', 's', '\0',
+  /* "ourcloud.at", true */ 'o', 'u', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "ourcodinglives.com", true */ 'o', 'u', 'r', 'c', 'o', 'd', 'i', 'n', 'g', 'l', 'i', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ourevents.net", true */ 'o', 'u', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "ourwedding.xyz", true */ 'o', 'u', 'r', 'w', 'e', 'd', 'd', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "outdoorfurniture.ie", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'f', 'u', 'r', 'n', 'i', 't', 'u', 'r', 'e', '.', 'i', 'e', '\0',
+  /* "outdoorimagingportal.com", true */ 'o', 'u', 't', 'd', 'o', 'o', 'r', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "outerlimitsdigital.com", true */ 'o', 'u', 't', 'e', 'r', 'l', 'i', 'm', 'i', 't', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "outgress.com", true */ 'o', 'u', 't', 'g', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "outka.xyz", true */ 'o', 'u', 't', 'k', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "outline.ski", true */ 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 's', 'k', 'i', '\0',
+  /* "outlookonthedesktop.com", true */ 'o', 'u', 't', 'l', 'o', 'o', 'k', 'o', 'n', 't', 'h', 'e', 'd', 'e', 's', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "outofcontrol.ca", true */ 'o', 'u', 't', 'o', 'f', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'a', '\0',
+  /* "outpostinfo.com", true */ 'o', 'u', 't', 'p', 'o', 's', 't', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "outsideconnections.com", true */ 'o', 'u', 't', 's', 'i', 'd', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "overalglas.nl", true */ 'o', 'v', 'e', 'r', 'a', 'l', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "overclockers.ge", true */ 'o', 'v', 'e', 'r', 'c', 'l', 'o', 'c', 'k', 'e', 'r', 's', '.', 'g', 'e', '\0',
+  /* "overdrive-usedcars.be", true */ 'o', 'v', 'e', 'r', 'd', 'r', 'i', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "overkillshop.com", true */ 'o', 'v', 'e', 'r', 'k', 'i', 'l', 'l', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "overseamusic.de", true */ 'o', 'v', 'e', 'r', 's', 'e', 'a', 'm', 'u', 's', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "oversight.garden", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0',
+  /* "oversight.gov", true */ 'o', 'v', 'e', 'r', 's', 'i', 'g', 'h', 't', '.', 'g', 'o', 'v', '\0',
+  /* "overstap.deals", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', '.', 'd', 'e', 'a', 'l', 's', '\0',
+  /* "overstappen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "overstemmen.nl", true */ 'o', 'v', 'e', 'r', 's', 't', 'e', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "overstockpromote.com", true */ 'o', 'v', 'e', 'r', 's', 't', 'o', 'c', 'k', 'p', 'r', 'o', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "overthecloud.it", true */ 'o', 'v', 'e', 'r', 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', '.', 'i', 't', '\0',
+  /* "overthinkingit.com", true */ 'o', 'v', 'e', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "overture.london", true */ 'o', 'v', 'e', 'r', 't', 'u', 'r', 'e', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "ovnrain.com", true */ 'o', 'v', 'n', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ovpn.to", true */ 'o', 'v', 'p', 'n', '.', 't', 'o', '\0',
+  /* "owapi.net", true */ 'o', 'w', 'a', 'p', 'i', '.', 'n', 'e', 't', '\0',
+  /* "owennelson.co.uk", true */ 'o', 'w', 'e', 'n', 'n', 'e', 'l', 's', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "owensmith.website", true */ 'o', 'w', 'e', 'n', 's', 'm', 'i', 't', 'h', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "owl-stat.ch", true */ 'o', 'w', 'l', '-', 's', 't', 'a', 't', '.', 'c', 'h', '\0',
+  /* "owl.net", true */ 'o', 'w', 'l', '.', 'n', 'e', 't', '\0',
+  /* "owlishmedia.com", true */ 'o', 'w', 'l', 'i', 's', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "own3d.ch", true */ 'o', 'w', 'n', '3', 'd', '.', 'c', 'h', '\0',
+  /* "ownc.at", true */ 'o', 'w', 'n', 'c', '.', 'a', 't', '\0',
+  /* "owngeek.com", true */ 'o', 'w', 'n', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ownit.se", false */ 'o', 'w', 'n', 'i', 't', '.', 's', 'e', '\0',
+  /* "ownmay.com", true */ 'o', 'w', 'n', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ownspec.com", true */ 'o', 'w', 'n', 's', 'p', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "oxanababy.com", true */ 'o', 'x', 'a', 'n', 'a', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "oxborrow.ca", true */ 'o', 'x', 'b', 'o', 'r', 'r', 'o', 'w', '.', 'c', 'a', '\0',
+  /* "oxelie.com", true */ 'o', 'x', 'e', 'l', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "oxytocin.org", true */ 'o', 'x', 'y', 't', 'o', 'c', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "oyesunn.com", true */ 'o', 'y', 'e', 's', 'u', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "oyoony.de", true */ 'o', 'y', 'o', 'o', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "oyosoft.fr", true */ 'o', 'y', 'o', 's', 'o', 'f', 't', '.', 'f', 'r', '\0',
+  /* "ozark.be", true */ 'o', 'z', 'a', 'r', 'k', '.', 'b', 'e', '\0',
+  /* "oznamovacipovinnost.cz", true */ 'o', 'z', 'n', 'a', 'm', 'o', 'v', 'a', 'c', 'i', 'p', 'o', 'v', 'i', 'n', 'n', 'o', 's', 't', '.', 'c', 'z', '\0',
+  /* "ozonitron.com", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ozonitron.de", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ozonitron.eu", true */ 'o', 'z', 'o', 'n', 'i', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "ozonytron.com", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ozonytron.de", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ozonytron.eu", true */ 'o', 'z', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'e', 'u', '\0',
+  /* "ozvolvo.org", true */ 'o', 'z', 'v', 'o', 'l', 'v', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "p-pc.de", true */ 'p', '-', 'p', 'c', '.', 'd', 'e', '\0',
+  /* "p-s-b.com", true */ 'p', '-', 's', '-', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "p1984.nl", false */ 'p', '1', '9', '8', '4', '.', 'n', 'l', '\0',
+  /* "p1ratrulezzz.me", true */ 'p', '1', 'r', 'a', 't', 'r', 'u', 'l', 'e', 'z', 'z', 'z', '.', 'm', 'e', '\0',
+  /* "p22.co", true */ 'p', '2', '2', '.', 'c', 'o', '\0',
+  /* "p3ter.fr", true */ 'p', '3', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "p4chivtac.com", true */ 'p', '4', 'c', 'h', 'i', 'v', 't', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pa-w.de", true */ 'p', 'a', '-', 'w', '.', 'd', 'e', '\0',
+  /* "pa.search.yahoo.com", false */ 'p', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paarberatung-hn.de", true */ 'p', 'a', 'a', 'r', 'b', 'e', 'r', 'a', 't', 'u', 'n', 'g', '-', 'h', 'n', '.', 'd', 'e', '\0',
+  /* "paazmaya.fi", true */ 'p', 'a', 'a', 'z', 'm', 'a', 'y', 'a', '.', 'f', 'i', '\0',
+  /* "pabloartea.ga", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', '.', 'g', 'a', '\0',
+  /* "pabloarteaga.co.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pabloarteaga.com", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pabloarteaga.es", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'e', 's', '\0',
+  /* "pabloarteaga.me", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "pabloarteaga.net", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pabloarteaga.tech", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 't', 'e', 'c', 'h', '\0',
+  /* "pabloarteaga.uk", true */ 'p', 'a', 'b', 'l', 'o', 'a', 'r', 't', 'e', 'a', 'g', 'a', '.', 'u', 'k', '\0',
+  /* "pabuzo.vn", true */ 'p', 'a', 'b', 'u', 'z', 'o', '.', 'v', 'n', '\0',
+  /* "pacco.com.br", true */ 'p', 'a', 'c', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pace.car", true */ 'p', 'a', 'c', 'e', '.', 'c', 'a', 'r', '\0',
+  /* "pacelink.de", true */ 'p', 'a', 'c', 'e', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "pacificpalisadeselectrical.com", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 'p', 'a', 'l', 'i', 's', 'a', 'd', 'e', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pacifictilkin-occasions.be", true */ 'p', 'a', 'c', 'i', 'f', 'i', 'c', 't', 'i', 'l', 'k', 'i', 'n', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "packagingproject.management", true */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 'n', 'g', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '\0',
+  /* "packagist.org", false */ 'p', 'a', 'c', 'k', 'a', 'g', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "packaware.com", true */ 'p', 'a', 'c', 'k', 'a', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "packer.io", true */ 'p', 'a', 'c', 'k', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "packetapp.ru", true */ 'p', 'a', 'c', 'k', 'e', 't', 'a', 'p', 'p', '.', 'r', 'u', '\0',
+  /* "packetcrash.net", true */ 'p', 'a', 'c', 'k', 'e', 't', 'c', 'r', 'a', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "packetlinux.com", true */ 'p', 'a', 'c', 'k', 'e', 't', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "pacoda.de", false */ 'p', 'a', 'c', 'o', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "pactf-flag-4boxdpa21ogonzkcrs9p.com", true */ 'p', 'a', 'c', 't', 'f', '-', 'f', 'l', 'a', 'g', '-', '4', 'b', 'o', 'x', 'd', 'p', 'a', '2', '1', 'o', 'g', 'o', 'n', 'z', 'k', 'c', 'r', 's', '9', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pactf.com", true */ 'p', 'a', 'c', 't', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paddy.rocks", true */ 'p', 'a', 'd', 'd', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "padianda.com", true */ 'p', 'a', 'd', 'i', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "padovani.de", true */ 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "padrepio.in", true */ 'p', 'a', 'd', 'r', 'e', 'p', 'i', 'o', '.', 'i', 'n', '\0',
+  /* "paducaheic.com", true */ 'p', 'a', 'd', 'u', 'c', 'a', 'h', 'e', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "padzilla.com", true */ 'p', 'a', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "paedlink.ca", true */ 'p', 'a', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'c', 'a', '\0',
+  /* "paf-events.ch", true */ 'p', 'a', 'f', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "pagalworld.la", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'l', 'a', '\0',
+  /* "pagalworld.me", true */ 'p', 'a', 'g', 'a', 'l', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'e', '\0',
+  /* "page-builders.com", true */ 'p', 'a', 'g', 'e', '-', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pageantsnews.com", false */ 'p', 'a', 'g', 'e', 'a', 'n', 't', 's', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignhub.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignpro.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignshop.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pagedesignweb.com", true */ 'p', 'a', 'g', 'e', 'd', 'e', 's', 'i', 'g', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "pagefulloflies.io", true */ 'p', 'a', 'g', 'e', 'f', 'u', 'l', 'l', 'o', 'f', 'l', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "pages-tocaven.com", true */ 'p', 'a', 'g', 'e', 's', '-', 't', 'o', 'c', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pagewizz.com", false */ 'p', 'a', 'g', 'e', 'w', 'i', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pagiamtzis.com", true */ 'p', 'a', 'g', 'i', 'a', 'm', 't', 'z', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pagina.com.mx", true */ 'p', 'a', 'g', 'i', 'n', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "paginapolitica.ro", true */ 'p', 'a', 'g', 'i', 'n', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 'a', '.', 'r', 'o', '\0',
+  /* "pagure.io", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "pagure.org", true */ 'p', 'a', 'g', 'u', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pahae.de", true */ 'p', 'a', 'h', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "pahealthbilling.com", true */ 'p', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'b', 'i', 'l', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paindata.dk", true */ 'p', 'a', 'i', 'n', 'd', 'a', 't', 'a', '.', 'd', 'k', '\0',
+  /* "painefamily.co.uk", true */ 'p', 'a', 'i', 'n', 'e', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "painlessproperty.co.uk", true */ 'p', 'a', 'i', 'n', 'l', 'e', 's', 's', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "painosso.org", true */ 'p', 'a', 'i', 'n', 'o', 's', 's', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "paint-it.pink", true */ 'p', 'a', 'i', 'n', 't', '-', 'i', 't', '.', 'p', 'i', 'n', 'k', '\0',
+  /* "paipuman.jp", true */ 'p', 'a', 'i', 'p', 'u', 'm', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "paizinhovirgula.com", true */ 'p', 'a', 'i', 'z', 'i', 'n', 'h', 'o', 'v', 'i', 'r', 'g', 'u', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pajadam.me", true */ 'p', 'a', 'j', 'a', 'd', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "pajuvuo.fi", true */ 'p', 'a', 'j', 'u', 'v', 'u', 'o', '.', 'f', 'i', '\0',
+  /* "paketkreditsuzuki.com", true */ 'p', 'a', 'k', 'e', 't', 'k', 'r', 'e', 'd', 'i', 't', 's', 'u', 'z', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "paketwatch.de", true */ 'p', 'a', 'k', 'e', 't', 'w', 'a', 't', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "pakistani.dating", true */ 'p', 'a', 'k', 'i', 's', 't', 'a', 'n', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "pakitow.fr", true */ 'p', 'a', 'k', 'i', 't', 'o', 'w', '.', 'f', 'r', '\0',
+  /* "pakke.de", true */ 'p', 'a', 'k', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "pakremit.com", true */ 'p', 'a', 'k', 'r', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "paktolos.net", true */ 'p', 'a', 'k', 't', 'o', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "palabr.as", true */ 'p', 'a', 'l', 'a', 'b', 'r', '.', 'a', 's', '\0',
+  /* "palapadev.com", true */ 'p', 'a', 'l', 'a', 'p', 'a', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "palatin.at", true */ 'p', 'a', 'l', 'a', 't', 'i', 'n', '.', 'a', 't', '\0',
+  /* "palationtrade.com", true */ 'p', 'a', 'l', 'a', 't', 'i', 'o', 'n', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "palava.tv", true */ 'p', 'a', 'l', 'a', 'v', 'a', '.', 't', 'v', '\0',
+  /* "palavatv.com", true */ 'p', 'a', 'l', 'a', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paleosquawk.com", true */ 'p', 'a', 'l', 'e', 'o', 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "palletflow.com", true */ 'p', 'a', 'l', 'l', 'e', 't', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "palli.ch", true */ 'p', 'a', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "palmavile.us", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'e', '.', 'u', 's', '\0',
+  /* "palmaville.com", true */ 'p', 'a', 'l', 'm', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pamaniqu.nl", true */ 'p', 'a', 'm', 'a', 'n', 'i', 'q', 'u', '.', 'n', 'l', '\0',
+  /* "pamatv.hk", true */ 'p', 'a', 'm', 'a', 't', 'v', '.', 'h', 'k', '\0',
+  /* "pan.digital", true */ 'p', 'a', 'n', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "panaxis.ch", true */ 'p', 'a', 'n', 'a', 'x', 'i', 's', '.', 'c', 'h', '\0',
+  /* "panda-community.com", true */ 'p', 'a', 'n', 'd', 'a', '-', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "panda.tf", true */ 'p', 'a', 'n', 'd', 'a', '.', 't', 'f', '\0',
+  /* "pandemicflu.gov", true */ 'p', 'a', 'n', 'd', 'e', 'm', 'i', 'c', 'f', 'l', 'u', '.', 'g', 'o', 'v', '\0',
+  /* "pandoraflora.com", true */ 'p', 'a', 'n', 'd', 'o', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pandymic.com", true */ 'p', 'a', 'n', 'd', 'y', 'm', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "paneldewelopera.pl", true */ 'p', 'a', 'n', 'e', 'l', 'd', 'e', 'w', 'e', 'l', 'o', 'p', 'e', 'r', 'a', '.', 'p', 'l', '\0',
+  /* "paneu.de", true */ 'p', 'a', 'n', 'e', 'u', '.', 'd', 'e', '\0',
+  /* "panier-legumes.bio", true */ 'p', 'a', 'n', 'i', 'e', 'r', '-', 'l', 'e', 'g', 'u', 'm', 'e', 's', '.', 'b', 'i', 'o', '\0',
+  /* "panj.ws", true */ 'p', 'a', 'n', 'j', '.', 'w', 's', '\0',
+  /* "panmetro.com", true */ 'p', 'a', 'n', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "panoti.com", false */ 'p', 'a', 'n', 'o', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "panoxadrez.com.br", true */ 'p', 'a', 'n', 'o', 'x', 'a', 'd', 'r', 'e', 'z', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "panpsychism.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "panpsychist.com", true */ 'p', 'a', 'n', 'p', 's', 'y', 'c', 'h', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pantallasled.com.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "pantallasled.mx", true */ 'p', 'a', 'n', 't', 'a', 'l', 'l', 'a', 's', 'l', 'e', 'd', '.', 'm', 'x', '\0',
+  /* "panthur.com.au", false */ 'p', 'a', 'n', 't', 'h', 'u', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pantographe.info", true */ 'p', 'a', 'n', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pantou.org", false */ 'p', 'a', 'n', 't', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "panzer72.ru", true */ 'p', 'a', 'n', 'z', 'e', 'r', '7', '2', '.', 'r', 'u', '\0',
+  /* "pap.la", false */ 'p', 'a', 'p', '.', 'l', 'a', '\0',
+  /* "papa-webzeit.de", true */ 'p', 'a', 'p', 'a', '-', 'w', 'e', 'b', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "papadopoulos.me", true */ 'p', 'a', 'p', 'a', 'd', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0',
+  /* "papakatsu-life.com", true */ 'p', 'a', 'p', 'a', 'k', 'a', 't', 's', 'u', '-', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "papatest24.de", true */ 'p', 'a', 'p', 'a', 't', 'e', 's', 't', '2', '4', '.', 'd', 'e', '\0',
+  /* "papayame.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "papayapythons.com", true */ 'p', 'a', 'p', 'a', 'y', 'a', 'p', 'y', 't', 'h', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paper-republic.org", true */ 'p', 'a', 'p', 'e', 'r', '-', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "paperhaven.com.au", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "paperhoney.by", true */ 'p', 'a', 'p', 'e', 'r', 'h', 'o', 'n', 'e', 'y', '.', 'b', 'y', '\0',
+  /* "papermasters.com", true */ 'p', 'a', 'p', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "papersmart.net", true */ 'p', 'a', 'p', 'e', 'r', 's', 'm', 'a', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "papertracker.net", true */ 'p', 'a', 'p', 'e', 'r', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "paperturn.com", true */ 'p', 'a', 'p', 'e', 'r', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "paperwork.co.za", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'o', 'r', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "paperwritinghelp.net", true */ 'p', 'a', 'p', 'e', 'r', 'w', 'r', 'i', 't', 'i', 'n', 'g', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0',
+  /* "paprikas.fr", true */ 'p', 'a', 'p', 'r', 'i', 'k', 'a', 's', '.', 'f', 'r', '\0',
+  /* "paraborsa.net", true */ 'p', 'a', 'r', 'a', 'b', 'o', 'r', 's', 'a', '.', 'n', 'e', 't', '\0',
+  /* "parachute70.com", true */ 'p', 'a', 'r', 'a', 'c', 'h', 'u', 't', 'e', '7', '0', '.', 'c', 'o', 'm', '\0',
+  /* "paradiesgirls.ch", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', 'g', 'i', 'r', 'l', 's', '.', 'c', 'h', '\0',
+  /* "paradigi.com.br", true */ 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "paradise-engineer.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "paradise-engineering.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paradise-engineers.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', '-', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paradiselost.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'l', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "paradisenazarene.com", true */ 'p', 'a', 'r', 'a', 'd', 'i', 's', 'e', 'n', 'a', 'z', 'a', 'r', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paradoxdesigns.org", true */ 'p', 'a', 'r', 'a', 'd', 'o', 'x', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "paragon.edu", true */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', '.', 'e', 'd', 'u', '\0',
+  /* "paragonie.com", false */ 'p', 'a', 'r', 'a', 'g', 'o', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paragreen.net", true */ 'p', 'a', 'r', 'a', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "parakranov.ru", true */ 'p', 'a', 'r', 'a', 'k', 'r', 'a', 'n', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "paranoidmode.com", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paranoidpenguin.net", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', 'p', 'e', 'n', 'g', 'u', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "paranoxer.hu", true */ 'p', 'a', 'r', 'a', 'n', 'o', 'x', 'e', 'r', '.', 'h', 'u', '\0',
+  /* "parasitologyclub.org", true */ 'p', 'a', 'r', 'a', 's', 'i', 't', 'o', 'l', 'o', 'g', 'y', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "paratlan.hu", true */ 'p', 'a', 'r', 'a', 't', 'l', 'a', 'n', '.', 'h', 'u', '\0',
+  /* "paratxt.org", true */ 'p', 'a', 'r', 'a', 't', 'x', 't', '.', 'o', 'r', 'g', '\0',
+  /* "parcelbroker.co.uk", true */ 'p', 'a', 'r', 'c', 'e', 'l', 'b', 'r', 'o', 'k', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parchcraftaustralia.com", true */ 'p', 'a', 'r', 'c', 'h', 'c', 'r', 'a', 'f', 't', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "parckwart.de", true */ 'p', 'a', 'r', 'c', 'k', 'w', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "parcon.it", true */ 'p', 'a', 'r', 'c', 'o', 'n', '.', 'i', 't', '\0',
+  /* "parentheseardenne.be", true */ 'p', 'a', 'r', 'e', 'n', 't', 'h', 'e', 's', 'e', 'a', 'r', 'd', 'e', 'n', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "parentinterview.com", true */ 'p', 'a', 'r', 'e', 'n', 't', 'i', 'n', 't', 'e', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "parentsintouch.co.uk", true */ 'p', 'a', 'r', 'e', 'n', 't', 's', 'i', 'n', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pariga.co.uk", true */ 'p', 'a', 'r', 'i', 'g', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parisescortgirls.com", true */ 'p', 'a', 'r', 'i', 's', 'e', 's', 'c', 'o', 'r', 't', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "parisfranceparking.com", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "parisfranceparking.de", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "parisfranceparking.fr", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'f', 'r', '\0',
+  /* "parisfranceparking.nl", true */ 'p', 'a', 'r', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'e', 'p', 'a', 'r', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "parishome.jp", true */ 'p', 'a', 'r', 'i', 's', 'h', 'o', 'm', 'e', '.', 'j', 'p', '\0',
+  /* "parkingpoint.co.uk", true */ 'p', 'a', 'r', 'k', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "parksubaruoemparts.com", true */ 'p', 'a', 'r', 'k', 's', 'u', 'b', 'a', 'r', 'u', 'o', 'e', 'm', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "parkviewmotorcompany.com", true */ 'p', 'a', 'r', 'k', 'v', 'i', 'e', 'w', 'm', 'o', 't', 'o', 'r', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "parkwayminyan.org", true */ 'p', 'a', 'r', 'k', 'w', 'a', 'y', 'm', 'i', 'n', 'y', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "parlamento.gub.uy", true */ 'p', 'a', 'r', 'l', 'a', 'm', 'e', 'n', 't', 'o', '.', 'g', 'u', 'b', '.', 'u', 'y', '\0',
+  /* "parleamonluc.fr", true */ 'p', 'a', 'r', 'l', 'e', 'a', 'm', 'o', 'n', 'l', 'u', 'c', '.', 'f', 'r', '\0',
+  /* "parleu2016.nl", true */ 'p', 'a', 'r', 'l', 'e', 'u', '2', '0', '1', '6', '.', 'n', 'l', '\0',
+  /* "parolu.io", true */ 'p', 'a', 'r', 'o', 'l', 'u', '.', 'i', 'o', '\0',
+  /* "parquettista.roma.it", true */ 'p', 'a', 'r', 'q', 'u', 'e', 't', 't', 'i', 's', 't', 'a', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "parsemail.org", true */ 'p', 'a', 'r', 's', 'e', 'm', 'a', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "parser.nu", true */ 'p', 'a', 'r', 's', 'e', 'r', '.', 'n', 'u', '\0',
+  /* "parsonsfamilyhomes.com", true */ 'p', 'a', 'r', 's', 'o', 'n', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "partecipa.tn.it", true */ 'p', 'a', 'r', 't', 'e', 'c', 'i', 'p', 'a', '.', 't', 'n', '.', 'i', 't', '\0',
+  /* "parthkolekar.me", true */ 'p', 'a', 'r', 't', 'h', 'k', 'o', 'l', 'e', 'k', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "participatorybudgeting.de", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "participatorybudgeting.info", true */ 'p', 'a', 'r', 't', 'i', 'c', 'i', 'p', 'a', 't', 'o', 'r', 'y', 'b', 'u', 'd', 'g', 'e', 't', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "partijtjevoordevrijheid.nl", false */ 'p', 'a', 'r', 't', 'i', 'j', 't', 'j', 'e', 'v', 'o', 'o', 'r', 'd', 'e', 'v', 'r', 'i', 'j', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "partner.sh", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 's', 'h', '\0',
+  /* "partnerbeam.com", true */ 'p', 'a', 'r', 't', 'n', 'e', 'r', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "partou.de", true */ 'p', 'a', 'r', 't', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "partridge.tech", true */ 'p', 'a', 'r', 't', 'r', 'i', 'd', 'g', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "parts4phone.com", true */ 'p', 'a', 'r', 't', 's', '4', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "partsestore.com", true */ 'p', 'a', 'r', 't', 's', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "party-and-play.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 'a', 'n', 'd', '-', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "party-calendar.net", true */ 'p', 'a', 'r', 't', 'y', '-', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "party-kneipe-bar.com", true */ 'p', 'a', 'r', 't', 'y', '-', 'k', 'n', 'e', 'i', 'p', 'e', '-', 'b', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "party-time-inflatables-durham.co.uk", true */ 'p', 'a', 'r', 't', 'y', '-', 't', 'i', 'm', 'e', '-', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'd', 'u', 'r', 'h', 'a', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partybounceplay.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partycentrumdebinnenhof.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'd', 'e', 'b', 'i', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "partycentrumopenhuis.nl", true */ 'p', 'a', 'r', 't', 'y', 'c', 'e', 'n', 't', 'r', 'u', 'm', 'o', 'p', 'e', 'n', 'h', 'u', 'i', 's', '.', 'n', 'l', '\0',
+  /* "partyhireisleofwight.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'i', 's', 'l', 'e', 'o', 'f', 'w', 'i', 'g', 'h', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyhireliverpool.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', 'l', 'i', 'v', 'e', 'r', 'p', 'o', 'o', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyrocksbounce.co.uk", true */ 'p', 'a', 'r', 't', 'y', 'r', 'o', 'c', 'k', 's', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyschnaps.com", true */ 'p', 'a', 'r', 't', 'y', 's', 'c', 'h', 'n', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "partyspaces.co.uk", true */ 'p', 'a', 'r', 't', 'y', 's', 'p', 'a', 'c', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytime-uk.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', '-', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytimeltd.ie", true */ 'p', 'a', 'r', 't', 'y', 't', 'i', 'm', 'e', 'l', 't', 'd', '.', 'i', 'e', '\0',
+  /* "partytownireland.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'i', 'r', 'e', 'l', 'a', 'n', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partytownmarquees.co.uk", true */ 'p', 'a', 'r', 't', 'y', 't', 'o', 'w', 'n', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "partyvan.io", true */ 'p', 'a', 'r', 't', 'y', 'v', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "partyzone.ie", true */ 'p', 'a', 'r', 't', 'y', 'z', 'o', 'n', 'e', '.', 'i', 'e', '\0',
+  /* "parvaneh.fr", true */ 'p', 'a', 'r', 'v', 'a', 'n', 'e', 'h', '.', 'f', 'r', '\0',
+  /* "pasadenapooch.org", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 'p', 'o', 'o', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "pasadenasandwichcompany.com", true */ 'p', 'a', 's', 'a', 'd', 'e', 'n', 'a', 's', 'a', 'n', 'd', 'w', 'i', 'c', 'h', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pasarella.eu", true */ 'p', 'a', 's', 'a', 'r', 'e', 'l', 'l', 'a', '.', 'e', 'u', '\0',
+  /* "pascal-bourhis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pascal-bourhis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "pascal-kannchen.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'k', 'a', 'n', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "pascal-wittmann.de", true */ 'p', 'a', 's', 'c', 'a', 'l', '-', 'w', 'i', 't', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "pascaline-jouis.fr", true */ 'p', 'a', 's', 'c', 'a', 'l', 'i', 'n', 'e', '-', 'j', 'o', 'u', 'i', 's', '.', 'f', 'r', '\0',
+  /* "pascalleguern.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'l', 'e', 'g', 'u', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pascalmathis.com", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pascalmathis.me", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'm', 'e', '\0',
+  /* "pascalmathis.net", true */ 'p', 'a', 's', 'c', 'a', 'l', 'm', 'a', 't', 'h', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "pascalspoerri.ch", false */ 'p', 'a', 's', 'c', 'a', 'l', 's', 'p', 'o', 'e', 'r', 'r', 'i', '.', 'c', 'h', '\0',
+  /* "pass.org.my", true */ 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '.', 'm', 'y', '\0',
+  /* "passfoto-deinfoto.ch", true */ 'p', 'a', 's', 's', 'f', 'o', 't', 'o', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "passieposse.nl", true */ 'p', 'a', 's', 's', 'i', 'e', 'p', 'o', 's', 's', 'e', '.', 'n', 'l', '\0',
+  /* "passionatefoodie.co.uk", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'f', 'o', 'o', 'd', 'i', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "passionatehorsemanship.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'a', 't', 'e', 'h', 'o', 'r', 's', 'e', 'm', 'a', 'n', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "passionpictures.eu", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'e', 'u', '\0',
+  /* "passions-art.com", true */ 'p', 'a', 's', 's', 'i', 'o', 'n', 's', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "passphrase.today", true */ 'p', 'a', 's', 's', 'p', 'h', 'r', 'a', 's', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "passpilot.co.uk", true */ 'p', 'a', 's', 's', 'p', 'i', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "passport.yandex.by", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'b', 'y', '\0',
+  /* "passport.yandex.com", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "passport.yandex.com.tr", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "passport.yandex.kz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'k', 'z', '\0',
+  /* "passport.yandex.ru", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "passport.yandex.ua", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', '.', 'y', 'a', 'n', 'd', 'e', 'x', '.', 'u', 'a', '\0',
+  /* "passports.govt.nz", true */ 'p', 'a', 's', 's', 'p', 'o', 'r', 't', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "passthepopcorn.me", true */ 'p', 'a', 's', 's', 't', 'h', 'e', 'p', 'o', 'p', 'c', 'o', 'r', 'n', '.', 'm', 'e', '\0',
+  /* "passvau.lt", true */ 'p', 'a', 's', 's', 'v', 'a', 'u', '.', 'l', 't', '\0',
+  /* "passwd.one", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "passwd.org", true */ 'p', 'a', 's', 's', 'w', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "password-checker.de", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '-', 'c', 'h', 'e', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "password.codes", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "password.consulting", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "password.work", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "passwordhashing.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'h', 'a', 's', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "passwordkeeperbooks.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 'k', 'e', 'e', 'p', 'e', 'r', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "passwords.google.com", false */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "passwordscon.com", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "passwordscon.org", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "passwordsecurity.info", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "passworks.io", true */ 'p', 'a', 's', 's', 'w', 'o', 'r', 'k', 's', '.', 'i', 'o', '\0',
+  /* "pasta-factory.co.il", true */ 'p', 'a', 's', 't', 'a', '-', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "pastaenprosecco.nl", true */ 'p', 'a', 's', 't', 'a', 'e', 'n', 'p', 'r', 'o', 's', 'e', 'c', 'c', 'o', '.', 'n', 'l', '\0',
+  /* "paste.fedoraproject.org", true */ 'p', 'a', 's', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pastebin.co.za", true */ 'p', 'a', 's', 't', 'e', 'b', 'i', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "pasternok.org", true */ 'p', 'a', 's', 't', 'e', 'r', 'n', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "pasteros.io", true */ 'p', 'a', 's', 't', 'e', 'r', 'o', 's', '.', 'i', 'o', '\0',
+  /* "pastoral-verbund.de", true */ 'p', 'a', 's', 't', 'o', 'r', 'a', 'l', '-', 'v', 'e', 'r', 'b', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "pastorbelgagroenendael.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'b', 'e', 'l', 'g', 'a', 'g', 'r', 'o', 'e', 'n', 'e', 'n', 'd', 'a', 'e', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastorcanadense.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'c', 'a', 'n', 'a', 'd', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastordocaucaso.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'd', 'o', 'c', 'a', 'u', 'c', 'a', 's', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastormaremanoabruzes.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 'm', 'a', 'r', 'e', 'm', 'a', 'n', 'o', 'a', 'b', 'r', 'u', 'z', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pastorsuico.com.br", true */ 'p', 'a', 's', 't', 'o', 'r', 's', 'u', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pasztor.at", true */ 'p', 'a', 's', 'z', 't', 'o', 'r', '.', 'a', 't', '\0',
+  /* "patadanabouca.pw", true */ 'p', 'a', 't', 'a', 'd', 'a', 'n', 'a', 'b', 'o', 'u', 'c', 'a', '.', 'p', 'w', '\0',
+  /* "pataterosviajeros.com", true */ 'p', 'a', 't', 'a', 't', 'e', 'r', 'o', 's', 'v', 'i', 'a', 'j', 'e', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "patbatesremodeling.com", false */ 'p', 'a', 't', 'b', 'a', 't', 'e', 's', 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "patdorf.com", true */ 'p', 'a', 't', 'd', 'o', 'r', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "patechmasters.com", true */ 'p', 'a', 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "patentfamily.de", true */ 'p', 'a', 't', 'e', 'n', 't', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "paterno-gaming.com", true */ 'p', 'a', 't', 'e', 'r', 'n', 'o', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pathagoras.com", true */ 'p', 'a', 't', 'h', 'a', 'g', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pathwaystoresilience.org", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', 't', 'o', 'r', 'e', 's', 'i', 'l', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pathwaytofaith.com", true */ 'p', 'a', 't', 'h', 'w', 'a', 'y', 't', 'o', 'f', 'a', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "patikabiztositas.hu", true */ 'p', 'a', 't', 'i', 'k', 'a', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "patouille-et-gribouille.fr", true */ 'p', 'a', 't', 'o', 'u', 'i', 'l', 'l', 'e', '-', 'e', 't', '-', 'g', 'r', 'i', 'b', 'o', 'u', 'i', 'l', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "patralos.at", false */ 'p', 'a', 't', 'r', 'a', 'l', 'o', 's', '.', 'a', 't', '\0',
+  /* "patriaco.net", true */ 'p', 'a', 't', 'r', 'i', 'a', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "patric-lenhart.de", true */ 'p', 'a', 't', 'r', 'i', 'c', '-', 'l', 'e', 'n', 'h', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "patrick-othmer.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'o', 't', 'h', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "patrick-robrecht.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '-', 'r', 'o', 'b', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "patrick.dark.name", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', '.', 'd', 'a', 'r', 'k', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "patrickaudley.ca", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "patrickaudley.com", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "patrickbrosi.de", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 'b', 'r', 'o', 's', 'i', '.', 'd', 'e', '\0',
+  /* "patrickschneider.me", true */ 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "patriksima.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'a', '.', 'c', 'z', '\0',
+  /* "patriksimek.cz", true */ 'p', 'a', 't', 'r', 'i', 'k', 's', 'i', 'm', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "patrz.eu", true */ 'p', 'a', 't', 'r', 'z', '.', 'e', 'u', '\0',
+  /* "patsyforyou.ch", true */ 'p', 'a', 't', 's', 'y', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0',
+  /* "patsytoforyou.ch", true */ 'p', 'a', 't', 's', 'y', 't', 'o', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'c', 'h', '\0',
+  /* "pattuka.com", true */ 'p', 'a', 't', 't', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pattyliao.com", true */ 'p', 'a', 't', 't', 'y', 'l', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paudley.ca", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "paudley.com", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "paudley.org", true */ 'p', 'a', 'u', 'd', 'l', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "paul-bronski.de", true */ 'p', 'a', 'u', 'l', '-', 'b', 'r', 'o', 'n', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "paul.reviews", true */ 'p', 'a', 'u', 'l', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "pauladamsmith.com", true */ 'p', 'a', 'u', 'l', 'a', 'd', 'a', 'm', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "paulbakaus.com", true */ 'p', 'a', 'u', 'l', 'b', 'a', 'k', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "paulbdelaat.nl", true */ 'p', 'a', 'u', 'l', 'b', 'd', 'e', 'l', 'a', 'a', 't', '.', 'n', 'l', '\0',
+  /* "paulchen.at", true */ 'p', 'a', 'u', 'l', 'c', 'h', 'e', 'n', '.', 'a', 't', '\0',
+  /* "pauldcox.com", true */ 'p', 'a', 'u', 'l', 'd', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "paulerhof.com", true */ 'p', 'a', 'u', 'l', 'e', 'r', 'h', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paulinewesterman.nl", true */ 'p', 'a', 'u', 'l', 'i', 'n', 'e', 'w', 'e', 's', 't', 'e', 'r', 'm', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "paulomonteiro.pt", true */ 'p', 'a', 'u', 'l', 'o', 'm', 'o', 'n', 't', 'e', 'i', 'r', 'o', '.', 'p', 't', '\0',
+  /* "paulov.com", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paulov.info", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "paulov.ru", true */ 'p', 'a', 'u', 'l', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "paulpetersen.dk", true */ 'p', 'a', 'u', 'l', 'p', 'e', 't', 'e', 'r', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "paulrobertlloyd.com", true */ 'p', 'a', 'u', 'l', 'r', 'o', 'b', 'e', 'r', 't', 'l', 'l', 'o', 'y', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "paulrotter.de", true */ 'p', 'a', 'u', 'l', 'r', 'o', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "paulschreiber.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "paulscustomauto.com", true */ 'p', 'a', 'u', 'l', 's', 'c', 'u', 's', 't', 'o', 'm', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paulswartz.net", true */ 'p', 'a', 'u', 'l', 's', 'w', 'a', 'r', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "paultibbetts.uk", true */ 'p', 'a', 'u', 'l', 't', 'i', 'b', 'b', 'e', 't', 't', 's', '.', 'u', 'k', '\0',
+  /* "paulus-foto.pl", true */ 'p', 'a', 'u', 'l', 'u', 's', '-', 'f', 'o', 't', 'o', '.', 'p', 'l', '\0',
+  /* "paulward.net", true */ 'p', 'a', 'u', 'l', 'w', 'a', 'r', 'd', '.', 'n', 'e', 't', '\0',
+  /* "paulwatabe.com", true */ 'p', 'a', 'u', 'l', 'w', 'a', 't', 'a', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pauspam.net", true */ 'p', 'a', 'u', 's', 'p', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "pautadiaria.com", true */ 'p', 'a', 'u', 't', 'a', 'd', 'i', 'a', 'r', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pavando.com", true */ 'p', 'a', 'v', 'a', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "paveljanda.com", true */ 'p', 'a', 'v', 'e', 'l', 'j', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pavelrebrov.com", true */ 'p', 'a', 'v', 'e', 'l', 'r', 'e', 'b', 'r', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "paw.cloud", true */ 'p', 'a', 'w', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "paw.pt", true */ 'p', 'a', 'w', '.', 'p', 't', '\0',
+  /* "pawel-international.com", true */ 'p', 'a', 'w', 'e', 'l', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pawelnazaruk.com", true */ 'p', 'a', 'w', 'e', 'l', 'n', 'a', 'z', 'a', 'r', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pawsomebox.co.uk", true */ 'p', 'a', 'w', 's', 'o', 'm', 'e', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pawsr.us", true */ 'p', 'a', 'w', 's', 'r', '.', 'u', 's', '\0',
+  /* "pay.ubuntu.com", true */ 'p', 'a', 'y', '.', 'u', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pay8522.com", true */ 'p', 'a', 'y', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "payboy.biz", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'b', 'i', 'z', '\0',
+  /* "payboy.rocks", true */ 'p', 'a', 'y', 'b', 'o', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "paybro.eu", true */ 'p', 'a', 'y', 'b', 'r', 'o', '.', 'e', 'u', '\0',
+  /* "payclixpayments.com", true */ 'p', 'a', 'y', 'c', 'l', 'i', 'x', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "payfazz.com", true */ 'p', 'a', 'y', 'f', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "paylike.io", true */ 'p', 'a', 'y', 'l', 'i', 'k', 'e', '.', 'i', 'o', '\0',
+  /* "payload.tech", true */ 'p', 'a', 'y', 'l', 'o', 'a', 'd', '.', 't', 'e', 'c', 'h', '\0',
+  /* "payloc.io", true */ 'p', 'a', 'y', 'l', 'o', 'c', '.', 'i', 'o', '\0',
+  /* "payme.uz", true */ 'p', 'a', 'y', 'm', 'e', '.', 'u', 'z', '\0',
+  /* "payment-network.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "paymentaccuracy.gov", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 'a', 'c', 'c', 'u', 'r', 'a', 'c', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "payments.google.com", true */ 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paymerang.com", true */ 'p', 'a', 'y', 'm', 'e', 'r', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "paymill.com", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "paymill.de", true */ 'p', 'a', 'y', 'm', 'i', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "payoff.com", true */ 'p', 'a', 'y', 'o', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "paypal.com", false */ 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "paypaq.com", true */ 'p', 'a', 'y', 'p', 'a', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "paypro.nl", false */ 'p', 'a', 'y', 'p', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "payroll.xero.com", false */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'x', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "payrollhive.com", true */ 'p', 'a', 'y', 'r', 'o', 'l', 'l', 'h', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "paysera.com", false */ 'p', 'a', 'y', 's', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "payslipview.com", true */ 'p', 'a', 'y', 's', 'l', 'i', 'p', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "payssaintgilles.fr", true */ 'p', 'a', 'y', 's', 's', 'a', 'i', 'n', 't', 'g', 'i', 'l', 'l', 'e', 's', '.', 'f', 'r', '\0',
+  /* "paystack.com", true */ 'p', 'a', 'y', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "paytm.in", true */ 'p', 'a', 'y', 't', 'm', '.', 'i', 'n', '\0',
+  /* "payupay.ru", true */ 'p', 'a', 'y', 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "payzang.com", true */ 'p', 'a', 'y', 'z', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pback.se", true */ 'p', 'b', 'a', 'c', 'k', '.', 's', 'e', '\0',
+  /* "pbcknd.ml", true */ 'p', 'b', 'c', 'k', 'n', 'd', '.', 'm', 'l', '\0',
+  /* "pbosquet.com", true */ 'p', 'b', 'o', 's', 'q', 'u', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pbourhis.me", true */ 'p', 'b', 'o', 'u', 'r', 'h', 'i', 's', '.', 'm', 'e', '\0',
+  /* "pbqs.site", true */ 'p', 'b', 'q', 's', '.', 's', 'i', 't', 'e', '\0',
+  /* "pbraunschdash.com", true */ 'p', 'b', 'r', 'a', 'u', 'n', 's', 'c', 'h', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pbreen.co.uk", true */ 'p', 'b', 'r', 'e', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pbrumby.com", true */ 'p', 'b', 'r', 'u', 'm', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pbscreens.com", true */ 'p', 'b', 's', 'c', 'r', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pbytes.com", true */ 'p', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pbz.im", true */ 'p', 'b', 'z', '.', 'i', 'm', '\0',
+  /* "pc-rescue.me", true */ 'p', 'c', '-', 'r', 'e', 's', 'c', 'u', 'e', '.', 'm', 'e', '\0',
+  /* "pc-tweak.de", true */ 'p', 'c', '-', 't', 'w', 'e', 'a', 'k', '.', 'd', 'e', '\0',
+  /* "pcbricole.fr", true */ 'p', 'c', 'b', 'r', 'i', 'c', 'o', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "pccentral.nl", true */ 'p', 'c', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "pcel.com", true */ 'p', 'c', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pcf92.fr", true */ 'p', 'c', 'f', '9', '2', '.', 'f', 'r', '\0',
+  /* "pcfeuerwehr.de", true */ 'p', 'c', 'f', 'e', 'u', 'e', 'r', 'w', 'e', 'h', 'r', '.', 'd', 'e', '\0',
+  /* "pcforum.sk", true */ 'p', 'c', 'f', 'o', 'r', 'u', 'm', '.', 's', 'k', '\0',
+  /* "pcgamingfreaks.at", true */ 'p', 'c', 'g', 'a', 'm', 'i', 'n', 'g', 'f', 'r', 'e', 'a', 'k', 's', '.', 'a', 't', '\0',
+  /* "pchelpforum.net", true */ 'p', 'c', 'h', 'e', 'l', 'p', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "pciconcursos.com.br", true */ 'p', 'c', 'i', 'c', 'o', 'n', 'c', 'u', 'r', 's', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pcipac.com", true */ 'p', 'c', 'i', 'p', 'a', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pclaeuft.de", true */ 'p', 'c', 'l', 'a', 'e', 'u', 'f', 't', '.', 'd', 'e', '\0',
+  /* "pclob.gov", false */ 'p', 'c', 'l', 'o', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "pcloud.com", true */ 'p', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pcmkrembangan.or.id", true */ 'p', 'c', 'm', 'k', 'r', 'e', 'm', 'b', 'a', 'n', 'g', 'a', 'n', '.', 'o', 'r', '.', 'i', 'd', '\0',
+  /* "pcnotdienst-oldenburg-rastede.de", true */ 'p', 'c', 'n', 'o', 't', 'd', 'i', 'e', 'n', 's', 't', '-', 'o', 'l', 'd', 'e', 'n', 'b', 'u', 'r', 'g', '-', 'r', 'a', 's', 't', 'e', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "pcrypt.org", true */ 'p', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pctonic.net", true */ 'p', 'c', 't', 'o', 'n', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "pctrouble.net", true */ 'p', 'c', 't', 'r', 'o', 'u', 'b', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "pcxserver.com", false */ 'p', 'c', 'x', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pdfconvert.me", true */ 'p', 'd', 'f', 'c', 'o', 'n', 'v', 'e', 'r', 't', '.', 'm', 'e', '\0',
+  /* "pdfmint.com", true */ 'p', 'd', 'f', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pdfresizer.com", true */ 'p', 'd', 'f', 'r', 'e', 's', 'i', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pdox.net", true */ 'p', 'd', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "pdthings.net", true */ 'p', 'd', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "pe.search.yahoo.com", false */ 'p', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "peak-careers.com", true */ 'p', 'e', 'a', 'k', '-', 'c', 'a', 'r', 'e', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "peaksloth.com", true */ 'p', 'e', 'a', 'k', 's', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "peanutbase.org", true */ 'p', 'e', 'a', 'n', 'u', 't', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "peanutproductionsnyc.com", true */ 'p', 'e', 'a', 'n', 'u', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', 'n', 'y', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pearbloom.com", true */ 'p', 'e', 'a', 'r', 'b', 'l', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pebbles.net.in", true */ 'p', 'e', 'b', 'b', 'l', 'e', 's', '.', 'n', 'e', 't', '.', 'i', 'n', '\0',
+  /* "pecker-johnson.com", true */ 'p', 'e', 'c', 'k', 'e', 'r', '-', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pecot.fr", true */ 'p', 'e', 'c', 'o', 't', '.', 'f', 'r', '\0',
+  /* "pedicurean.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'a', 'n', '.', 'n', 'l', '\0',
+  /* "pedicureduiven.nl", true */ 'p', 'e', 'd', 'i', 'c', 'u', 'r', 'e', 'd', 'u', 'i', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "pedidamanosevilla.com", true */ 'p', 'e', 'd', 'i', 'd', 'a', 'm', 'a', 'n', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pedimoda.com.br", true */ 'p', 'e', 'd', 'i', 'm', 'o', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pedrosaurus.com", true */ 'p', 'e', 'd', 'r', 'o', 's', 'a', 'u', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pedrosluiter.nl", true */ 'p', 'e', 'd', 'r', 'o', 's', 'l', 'u', 'i', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "pedroventura.com", false */ 'p', 'e', 'd', 'r', 'o', 'v', 'e', 'n', 't', 'u', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "peeekaaabooo.com", true */ 'p', 'e', 'e', 'e', 'k', 'a', 'a', 'a', 'b', 'o', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "peekier.com", true */ 'p', 'e', 'e', 'k', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "peep.gq", true */ 'p', 'e', 'e', 'p', '.', 'g', 'q', '\0',
+  /* "peercraft.at", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'a', 't', '\0',
+  /* "peercraft.be", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'e', '\0',
+  /* "peercraft.biz", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "peercraft.ch", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'h', '\0',
+  /* "peercraft.cn", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'n', '\0',
+  /* "peercraft.co.uk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "peercraft.com", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "peercraft.de", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "peercraft.dk", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'd', 'k', '\0',
+  /* "peercraft.es", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 's', '\0',
+  /* "peercraft.eu", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'e', 'u', '\0',
+  /* "peercraft.fr", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'f', 'r', '\0',
+  /* "peercraft.info", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peercraft.it", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'i', 't', '\0',
+  /* "peercraft.net", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "peercraft.nl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'n', 'l', '\0',
+  /* "peercraft.org", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'o', 'r', 'g', '\0',
+  /* "peercraft.pl", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 'l', '\0',
+  /* "peercraft.pt", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'p', 't', '\0',
+  /* "peercraft.se", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 's', 'e', '\0',
+  /* "peercraft.us", true */ 'p', 'e', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'u', 's', '\0',
+  /* "peerless.ae", true */ 'p', 'e', 'e', 'r', 'l', 'e', 's', 's', '.', 'a', 'e', '\0',
+  /* "peername.com", true */ 'p', 'e', 'e', 'r', 'n', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "peervpn.net", true */ 'p', 'e', 'e', 'r', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "peetah.com", true */ 'p', 'e', 'e', 't', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "peeters.io", true */ 'p', 'e', 'e', 't', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "peg.nu", true */ 'p', 'e', 'g', '.', 'n', 'u', '\0',
+  /* "pegas-studio.net", true */ 'p', 'e', 'g', 'a', 's', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "pehapkari.cz", true */ 'p', 'e', 'h', 'a', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "peifi.de", false */ 'p', 'e', 'i', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "peippo.at", true */ 'p', 'e', 'i', 'p', 'p', 'o', '.', 'a', 't', '\0',
+  /* "pekkapleppanen.fi", true */ 'p', 'e', 'k', 'k', 'a', 'p', 'l', 'e', 'p', 'p', 'a', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "pekoe.se", true */ 'p', 'e', 'k', 'o', 'e', '.', 's', 'e', '\0',
+  /* "pelanucto.cz", true */ 'p', 'e', 'l', 'a', 'n', 'u', 'c', 't', 'o', '.', 'c', 'z', '\0',
+  /* "pelican.ie", true */ 'p', 'e', 'l', 'i', 'c', 'a', 'n', '.', 'i', 'e', '\0',
+  /* "pelletsprice.com", true */ 'p', 'e', 'l', 'l', 'e', 't', 's', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pelopogrund.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'g', 'r', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pelopoplot.com", true */ 'p', 'e', 'l', 'o', 'p', 'o', 'p', 'l', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pemagrid.org", true */ 'p', 'e', 'm', 'a', 'g', 'r', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "penaugustin.com", true */ 'p', 'e', 'n', 'a', 'u', 'g', 'u', 's', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pencepay.com", true */ 'p', 'e', 'n', 'c', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pencillab.cn", true */ 'p', 'e', 'n', 'c', 'i', 'l', 'l', 'a', 'b', '.', 'c', 'n', '\0',
+  /* "penetrationstest.se", true */ 'p', 'e', 'n', 'e', 't', 'r', 'a', 't', 'i', 'o', 'n', 's', 't', 'e', 's', 't', '.', 's', 'e', '\0',
+  /* "penfold.fr", true */ 'p', 'e', 'n', 'f', 'o', 'l', 'd', '.', 'f', 'r', '\0',
+  /* "pengi.me", true */ 'p', 'e', 'n', 'g', 'i', '.', 'm', 'e', '\0',
+  /* "pennergold.net", true */ 'p', 'e', 'n', 'n', 'e', 'r', 'g', 'o', 'l', 'd', '.', 'n', 'e', 't', '\0',
+  /* "pennyapp.io", true */ 'p', 'e', 'n', 'n', 'y', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "pennyparkerpaper.com", true */ 'p', 'e', 'n', 'n', 'y', 'p', 'a', 'r', 'k', 'e', 'r', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "penrithapartments.com.au", true */ 'p', 'e', 'n', 'r', 'i', 't', 'h', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pensacolawinterfest.org", true */ 'p', 'e', 'n', 's', 'a', 'c', 'o', 'l', 'a', 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pensador.com", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pensador.info", true */ 'p', 'e', 'n', 's', 'a', 'd', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pensioenfonds-ey.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', 'f', 'o', 'n', 'd', 's', '-', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "pension-veldzigt.nl", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'v', 'e', 'l', 'd', 'z', 'i', 'g', 't', '.', 'n', 'l', '\0',
+  /* "pension-waldesruh.de", true */ 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 'w', 'a', 'l', 'd', 'e', 's', 'r', 'u', 'h', '.', 'd', 'e', '\0',
+  /* "pensiunealido.ro", true */ 'p', 'e', 'n', 's', 'i', 'u', 'n', 'e', 'a', 'l', 'i', 'd', 'o', '.', 'r', 'o', '\0',
+  /* "pentandra.com", true */ 'p', 'e', 'n', 't', 'a', 'n', 'd', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pentest.blog", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "pentest.nl", true */ 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "pentesterlab.com", true */ 'p', 'e', 'n', 't', 'e', 's', 't', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "penticton.photography", true */ 'p', 'e', 'n', 't', 'i', 'c', 't', 'o', 'n', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "penz.media", true */ 'p', 'e', 'n', 'z', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "peoplelikemeapp.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 'l', 'i', 'k', 'e', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "peoplesbankal.com", true */ 'p', 'e', 'o', 'p', 'l', 'e', 's', 'b', 'a', 'n', 'k', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pepemodelismo.com.br", true */ 'p', 'e', 'p', 'e', 'm', 'o', 'd', 'e', 'l', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "peplog.nl", true */ 'p', 'e', 'p', 'l', 'o', 'g', '.', 'n', 'l', '\0',
+  /* "pepwaterproofing.com", true */ 'p', 'e', 'p', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "per-pedes.at", true */ 'p', 'e', 'r', '-', 'p', 'e', 'd', 'e', 's', '.', 'a', 't', '\0',
+  /* "pera.gs", true */ 'p', 'e', 'r', 'a', '.', 'g', 's', '\0',
+  /* "peraparker.cz", true */ 'p', 'e', 'r', 'a', 'p', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "percolate.com", true */ 'p', 'e', 'r', 'c', 'o', 'l', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "percraft.com", true */ 'p', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "percy.io", true */ 'p', 'e', 'r', 'c', 'y', '.', 'i', 'o', '\0',
+  /* "perd.re", true */ 'p', 'e', 'r', 'd', '.', 'r', 'e', '\0',
+  /* "perecraft.com", true */ 'p', 'e', 'r', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pereuda.com", true */ 'p', 'e', 'r', 'e', 'u', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "perezdecastro.org", true */ 'p', 'e', 'r', 'e', 'z', 'd', 'e', 'c', 'a', 's', 't', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "perfect.in.th", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "perfectbalance.tech", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'b', 'a', 'l', 'a', 'n', 'c', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "perfectcloud.org", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "perfectionunite.com", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'i', 'o', 'n', 'u', 'n', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "perfectoparty.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 'o', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "perfectsnap.co.uk", true */ 'p', 'e', 'r', 'f', 'e', 'c', 't', 's', 'n', 'a', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "perfektesgewicht.com", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "perfektesgewicht.de", true */ 'p', 'e', 'r', 'f', 'e', 'k', 't', 'e', 's', 'g', 'e', 'w', 'i', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "performancesantafe.org", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'n', 'c', 'e', 's', 'a', 'n', 't', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "performaride.com.au", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'a', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "performetric.net", true */ 'p', 'e', 'r', 'f', 'o', 'r', 'm', 'e', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "perfumeaz.com", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "perfumes.com.br", true */ 'p', 'e', 'r', 'f', 'u', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "periodismoactual.com", true */ 'p', 'e', 'r', 'i', 'o', 'd', 'i', 's', 'm', 'o', 'a', 'c', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "periscope.tv", true */ 'p', 'e', 'r', 'i', 's', 'c', 'o', 'p', 'e', '.', 't', 'v', '\0',
+  /* "perishablepress.com", true */ 'p', 'e', 'r', 'i', 's', 'h', 'a', 'b', 'l', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "perm-jur.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', '.', 'c', 'h', '\0',
+  /* "perm-juridique.ch", true */ 'p', 'e', 'r', 'm', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "perm4.com", true */ 'p', 'e', 'r', 'm', '4', '.', 'c', 'o', 'm', '\0',
+  /* "permanence-juridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', '-', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "permanencejuridique-ge.ch", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '-', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "permanencejuridique.com", true */ 'p', 'e', 'r', 'm', 'a', 'n', 'e', 'n', 'c', 'e', 'j', 'u', 'r', 'i', 'd', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "perniciousgames.com", true */ 'p', 'e', 'r', 'n', 'i', 'c', 'i', 'o', 'u', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "peromsik.com", true */ 'p', 'e', 'r', 'o', 'm', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "perot.me", true */ 'p', 'e', 'r', 'o', 't', '.', 'm', 'e', '\0',
+  /* "perpetualemotion.com", true */ 'p', 'e', 'r', 'p', 'e', 't', 'u', 'a', 'l', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "perrau.lt", true */ 'p', 'e', 'r', 'r', 'a', 'u', '.', 'l', 't', '\0',
+  /* "perrone.co", true */ 'p', 'e', 'r', 'r', 'o', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "perroquet-passion.ch", true */ 'p', 'e', 'r', 'r', 'o', 'q', 'u', 'e', 't', '-', 'p', 'a', 's', 's', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "personal-genome.com", true */ 'p', 'e', 'r', 's', 'o', 'n', 'a', 'l', '-', 'g', 'e', 'n', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "personcar.com.br", true */ 'p', 'e', 'r', 's', 'o', 'n', 'c', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "personnedisparue.fr", true */ 'p', 'e', 'r', 's', 'o', 'n', 'n', 'e', 'd', 'i', 's', 'p', 'a', 'r', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "perspectivum.com", true */ 'p', 'e', 'r', 's', 'p', 'e', 'c', 't', 'i', 'v', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "perspektivwechsel-coaching.de", true */ 'p', 'e', 'r', 's', 'p', 'e', 'k', 't', 'i', 'v', 'w', 'e', 'c', 'h', 's', 'e', 'l', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "persson.im", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'i', 'm', '\0',
+  /* "persson.me", true */ 'p', 'e', 'r', 's', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "perucasestoril.com.br", true */ 'p', 'e', 'r', 'u', 'c', 'a', 's', 'e', 's', 't', 'o', 'r', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pervacio.hu", true */ 'p', 'e', 'r', 'v', 'a', 'c', 'i', 'o', '.', 'h', 'u', '\0',
+  /* "perzeidi.hr", true */ 'p', 'e', 'r', 'z', 'e', 'i', 'd', 'i', '.', 'h', 'r', '\0',
+  /* "pestici.de", true */ 'p', 'e', 's', 't', 'i', 'c', 'i', '.', 'd', 'e', '\0',
+  /* "pet-hotel-mura.net", true */ 'p', 'e', 't', '-', 'h', 'o', 't', 'e', 'l', '-', 'm', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pet-life.top", true */ 'p', 'e', 't', '-', 'l', 'i', 'f', 'e', '.', 't', 'o', 'p', '\0',
+  /* "petabits.de", true */ 'p', 'e', 't', 'a', 'b', 'i', 't', 's', '.', 'd', 'e', '\0',
+  /* "petangen.se", true */ 'p', 'e', 't', 'a', 'n', 'g', 'e', 'n', '.', 's', 'e', '\0',
+  /* "petcarvers.com", true */ 'p', 'e', 't', 'c', 'a', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petelew.is", true */ 'p', 'e', 't', 'e', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "peter.org.ua", true */ 'p', 'e', 't', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "peterandjoelle.co.uk", true */ 'p', 'e', 't', 'e', 'r', 'a', 'n', 'd', 'j', 'o', 'e', 'l', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "peterboers.info", true */ 'p', 'e', 't', 'e', 'r', 'b', 'o', 'e', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peterdavehello.org", true */ 'p', 'e', 't', 'e', 'r', 'd', 'a', 'v', 'e', 'h', 'e', 'l', 'l', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "peterfolta.net", true */ 'p', 'e', 't', 'e', 'r', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "peterhuetz.at", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "peterhuetz.com", true */ 'p', 'e', 't', 'e', 'r', 'h', 'u', 'e', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "peterjohnson.io", true */ 'p', 'e', 't', 'e', 'r', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "peterlew.is", true */ 'p', 'e', 't', 'e', 'r', 'l', 'e', 'w', '.', 'i', 's', '\0',
+  /* "peternagy.ie", true */ 'p', 'e', 't', 'e', 'r', 'n', 'a', 'g', 'y', '.', 'i', 'e', '\0',
+  /* "petersontoscano.com", true */ 'p', 'e', 't', 'e', 'r', 's', 'o', 'n', 't', 'o', 's', 'c', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pethelpers.org", true */ 'p', 'e', 't', 'h', 'e', 'l', 'p', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "petite-maison.ch", true */ 'p', 'e', 't', 'i', 't', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "petitsfrenchies.com", true */ 'p', 'e', 't', 'i', 't', 's', 'f', 'r', 'e', 'n', 'c', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petja.me", false */ 'p', 'e', 't', 'j', 'a', '.', 'm', 'e', '\0',
+  /* "petko.me", true */ 'p', 'e', 't', 'k', 'o', '.', 'm', 'e', '\0',
+  /* "petlife.vet", true */ 'p', 'e', 't', 'l', 'i', 'f', 'e', '.', 'v', 'e', 't', '\0',
+  /* "petmall.bg", true */ 'p', 'e', 't', 'm', 'a', 'l', 'l', '.', 'b', 'g', '\0',
+  /* "petofiprogram.hu", true */ 'p', 'e', 't', 'o', 'f', 'i', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'h', 'u', '\0',
+  /* "petplus.com", true */ 'p', 'e', 't', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "petpost.co.nz", false */ 'p', 'e', 't', 'p', 'o', 's', 't', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "petrachuk.ru", true */ 'p', 'e', 't', 'r', 'a', 'c', 'h', 'u', 'k', '.', 'r', 'u', '\0',
+  /* "petrasestakova.cz", true */ 'p', 'e', 't', 'r', 'a', 's', 'e', 's', 't', 'a', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "petroscand.eu", true */ 'p', 'e', 't', 'r', 'o', 's', 'c', 'a', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "petruzz.net", true */ 'p', 'e', 't', 'r', 'u', 'z', 'z', '.', 'n', 'e', 't', '\0',
+  /* "pettitcoat.com", true */ 'p', 'e', 't', 't', 'i', 't', 'c', 'o', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "petwall.info", true */ 'p', 'e', 't', 'w', 'a', 'l', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "peuterspeelzaalhoekvanholland.nl", true */ 'p', 'e', 'u', 't', 'e', 'r', 's', 'p', 'e', 'e', 'l', 'z', 'a', 'a', 'l', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "pex.digital", true */ 'p', 'e', 'x', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "peyote.com", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "peyote.org", true */ 'p', 'e', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pfa.or.jp", true */ 'p', 'f', 'a', '.', 'o', 'r', '.', 'j', 'p', '\0',
+  /* "pfadfinder-aurich.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'a', 'u', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "pfadfinder-grossauheim.de", true */ 'p', 'f', 'a', 'd', 'f', 'i', 'n', 'd', 'e', 'r', '-', 'g', 'r', 'o', 's', 's', 'a', 'u', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "pfarchimedes-pensioen123.nl", true */ 'p', 'f', 'a', 'r', 'c', 'h', 'i', 'm', 'e', 'd', 'e', 's', '-', 'p', 'e', 'n', 's', 'i', 'o', 'e', 'n', '1', '2', '3', '.', 'n', 'l', '\0',
+  /* "pfd-nz.com", false */ 'p', 'f', 'd', '-', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pferdeeinstreu-kaufen.com", true */ 'p', 'f', 'e', 'r', 'd', 'e', 'e', 'i', 'n', 's', 't', 'r', 'e', 'u', '-', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pfeuffer-elektro.de", true */ 'p', 'f', 'e', 'u', 'f', 'f', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "pfft.net", true */ 'p', 'f', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "pfmeasure.com", true */ 'p', 'f', 'm', 'e', 'a', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pfo.io", true */ 'p', 'f', 'o', '.', 'i', 'o', '\0',
+  /* "pfolta.net", true */ 'p', 'f', 'o', 'l', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pfudor.tk", true */ 'p', 'f', 'u', 'd', 'o', 'r', '.', 't', 'k', '\0',
+  /* "pg-forum.de", true */ 'p', 'g', '-', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "pgmann.cf", true */ 'p', 'g', 'm', 'a', 'n', 'n', '.', 'c', 'f', '\0',
+  /* "pgnetwork.net", true */ 'p', 'g', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "pgpmail.cc", true */ 'p', 'g', 'p', 'm', 'a', 'i', 'l', '.', 'c', 'c', '\0',
+  /* "pgregg.com", false */ 'p', 'g', 'r', 'e', 'g', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ph-blog.de", true */ 'p', 'h', '-', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "ph.search.yahoo.com", false */ 'p', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phantasie.cc", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 'i', 'e', '.', 'c', 'c', '\0',
+  /* "phantastikon.de", true */ 'p', 'h', 'a', 'n', 't', 'a', 's', 't', 'i', 'k', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "pharma-display.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pharmaabsoluta.com.br", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'a', 'b', 's', 'o', 'l', 'u', 't', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pharmaboard.de", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "pharmaboard.org", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "pharmacieplusfm.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'i', 'e', 'p', 'l', 'u', 's', 'f', 'm', '.', 'c', 'h', '\0',
+  /* "pharmafoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "pharmaphoto.ch", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'h', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "pharmapolitics.com", true */ 'p', 'h', 'a', 'r', 'm', 'a', 'p', 'o', 'l', 'i', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pharynks.com", true */ 'p', 'h', 'a', 'r', 'y', 'n', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phasme-2016.com", true */ 'p', 'h', 'a', 's', 'm', 'e', '-', '2', '0', '1', '6', '.', 'c', 'o', 'm', '\0',
+  /* "phcimages.com", true */ 'p', 'h', 'c', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phcmembers.com", true */ 'p', 'h', 'c', 'm', 'e', 'm', 'b', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phcnetworks.net", true */ 'p', 'h', 'c', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "phcorner.net", true */ 'p', 'h', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "phdhub.it", true */ 'p', 'h', 'd', 'h', 'u', 'b', '.', 'i', 't', '\0',
+  /* "phelx.de", true */ 'p', 'h', 'e', 'l', 'x', '.', 'd', 'e', '\0',
+  /* "phenomeno-porto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '-', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phenomeno.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', '.', 'n', 'l', '\0',
+  /* "phenomenoporto.com", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phenomenoporto.nl", true */ 'p', 'h', 'e', 'n', 'o', 'm', 'e', 'n', 'o', 'p', 'o', 'r', 't', 'o', '.', 'n', 'l', '\0',
+  /* "phget.com", true */ 'p', 'h', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "phi-works.com", true */ 'p', 'h', 'i', '-', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "phialo.de", true */ 'p', 'h', 'i', 'a', 'l', 'o', '.', 'd', 'e', '\0',
+  /* "phil-phillies.com", true */ 'p', 'h', 'i', 'l', '-', 'p', 'h', 'i', 'l', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "philadelphia.com.mx", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "philadelphiadancefoundation.org", true */ 'p', 'h', 'i', 'l', 'a', 'd', 'e', 'l', 'p', 'h', 'i', 'a', 'd', 'a', 'n', 'c', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "philia-sa.com", true */ 'p', 'h', 'i', 'l', 'i', 'a', '-', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "philipdb.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "philipkohn.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'k', 'o', 'h', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "philipmordue.co.uk", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'm', 'o', 'r', 'd', 'u', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "philippbirkholz.com", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "philippbirkholz.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'b', 'i', 'r', 'k', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "philippe-mignotte.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', '-', 'm', 'i', 'g', 'n', 'o', 't', 't', 'e', '.', 'f', 'r', '\0',
+  /* "philippebonnard.fr", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'b', 'o', 'n', 'n', 'a', 'r', 'd', '.', 'f', 'r', '\0',
+  /* "philipperoose.be", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'e', 'r', 'o', 'o', 's', 'e', '.', 'b', 'e', '\0',
+  /* "philippheenen.de", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'h', 'e', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "philippkeschl.at", true */ 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'k', 'e', 's', 'c', 'h', 'l', '.', 'a', 't', '\0',
+  /* "phillipgoldfarb.com", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'g', 'o', 'l', 'd', 'f', 'a', 'r', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "phillippi.me", true */ 'p', 'h', 'i', 'l', 'l', 'i', 'p', 'p', 'i', '.', 'm', 'e', '\0',
+  /* "phillprice.com", true */ 'p', 'h', 'i', 'l', 'l', 'p', 'r', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "philonas.net", true */ 'p', 'h', 'i', 'l', 'o', 'n', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "philosoftware.com.br", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "philosopherswool.com", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'e', 'r', 's', 'w', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "philosophyguides.org", true */ 'p', 'h', 'i', 'l', 'o', 's', 'o', 'p', 'h', 'y', 'g', 'u', 'i', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "philphonic.de", true */ 'p', 'h', 'i', 'l', 'p', 'h', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "philsturgeon.uk", true */ 'p', 'h', 'i', 'l', 's', 't', 'u', 'r', 'g', 'e', 'o', 'n', '.', 'u', 'k', '\0',
+  /* "philux.ch", true */ 'p', 'h', 'i', 'l', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "phippsreporting.com", true */ 'p', 'h', 'i', 'p', 'p', 's', 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "phishingusertraining.com", true */ 'p', 'h', 'i', 's', 'h', 'i', 'n', 'g', 'u', 's', 'e', 'r', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "phocean.net", true */ 'p', 'h', 'o', 'c', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "phoenix.dj", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', '.', 'd', 'j', '\0',
+  /* "phoenixlogan.com", true */ 'p', 'h', 'o', 'e', 'n', 'i', 'x', 'l', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "phone-service-center.de", true */ 'p', 'h', 'o', 'n', 'e', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '-', 'c', 'e', 'n', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "phood.be", true */ 'p', 'h', 'o', 'o', 'd', '.', 'b', 'e', '\0',
+  /* "phormance.com", true */ 'p', 'h', 'o', 'r', 'm', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phosagro.biz", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "phosagro.com", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phosagro.ru", true */ 'p', 'h', 'o', 's', 'a', 'g', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "photistic.org", true */ 'p', 'h', 'o', 't', 'i', 's', 't', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "photo-livesearch.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'l', 'i', 'v', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "photo-paysage.com", true */ 'p', 'h', 'o', 't', 'o', '-', 'p', 'a', 'y', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photo.org.il", true */ 'p', 'h', 'o', 't', 'o', '.', 'o', 'r', 'g', '.', 'i', 'l', '\0',
+  /* "photoancestry.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'n', 'c', 'e', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "photoartelle.com", true */ 'p', 'h', 'o', 't', 'o', 'a', 'r', 't', 'e', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photodeal.fr", true */ 'p', 'h', 'o', 't', 'o', 'd', 'e', 'a', 'l', '.', 'f', 'r', '\0',
+  /* "photographe-reims.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '-', 'r', 'e', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "photographyforchange.com", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "photographyforchange.org", true */ 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', 'f', 'o', 'r', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "photolium.net", true */ 'p', 'h', 'o', 't', 'o', 'l', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "photomodelcasting.com", true */ 'p', 'h', 'o', 't', 'o', 'm', 'o', 'd', 'e', 'l', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "photon.sh", true */ 'p', 'h', 'o', 't', 'o', 'n', '.', 's', 'h', '\0',
+  /* "phototravel.uk", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'a', 'v', 'e', 'l', '.', 'u', 'k', '\0',
+  /* "phototrio.com", true */ 'p', 'h', 'o', 't', 'o', 't', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "phoxmeh.com", true */ 'p', 'h', 'o', 'x', 'm', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "php-tuning.de", true */ 'p', 'h', 'p', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "phparcade.com", true */ 'p', 'h', 'p', 'a', 'r', 'c', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpartners.org", true */ 'p', 'h', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "phpbbchinese.com", true */ 'p', 'h', 'p', 'b', 'b', 'c', 'h', 'i', 'n', 'e', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpdistribution.com", true */ 'p', 'h', 'p', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "phpdorset.co.uk", true */ 'p', 'h', 'p', 'd', 'o', 'r', 's', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "phpkari.cz", true */ 'p', 'h', 'p', 'k', 'a', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "phpliteadmin.org", true */ 'p', 'h', 'p', 'l', 'i', 't', 'e', 'a', 'd', 'm', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "phpmyadmin.net", true */ 'p', 'h', 'p', 'm', 'y', 'a', 'd', 'm', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "phpprime.com", true */ 'p', 'h', 'p', 'p', 'r', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "phpsecure.info", true */ 'p', 'h', 'p', 's', 'e', 'c', 'u', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "phra.gs", true */ 'p', 'h', 'r', 'a', '.', 'g', 's', '\0',
+  /* "phrive.space", true */ 'p', 'h', 'r', 'i', 'v', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "phryanjr.com", false */ 'p', 'h', 'r', 'y', 'a', 'n', 'j', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "phryneas.de", true */ 'p', 'h', 'r', 'y', 'n', 'e', 'a', 's', '.', 'd', 'e', '\0',
+  /* "phuket-idc.com", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "phuket-idc.de", true */ 'p', 'h', 'u', 'k', 'e', 't', '-', 'i', 'd', 'c', '.', 'd', 'e', '\0',
+  /* "phunehehe.net", true */ 'p', 'h', 'u', 'n', 'e', 'h', 'e', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "phuong.faith", true */ 'p', 'h', 'u', 'o', 'n', 'g', '.', 'f', 'a', 'i', 't', 'h', '\0',
+  /* "phurl.de", true */ 'p', 'h', 'u', 'r', 'l', '.', 'd', 'e', '\0',
+  /* "phurl.io", true */ 'p', 'h', 'u', 'r', 'l', '.', 'i', 'o', '\0',
+  /* "phus.lu", true */ 'p', 'h', 'u', 's', '.', 'l', 'u', '\0',
+  /* "physicalism.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "physicalist.com", true */ 'p', 'h', 'y', 's', 'i', 'c', 'a', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "physiovesenaz.ch", true */ 'p', 'h', 'y', 's', 'i', 'o', 'v', 'e', 's', 'e', 'n', 'a', 'z', '.', 'c', 'h', '\0',
+  /* "pi-control.de", true */ 'p', 'i', '-', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "pi-dash.com", true */ 'p', 'i', '-', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pi-supply.com", true */ 'p', 'i', '-', 's', 'u', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pianetaottica.com", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pianetaottica.info", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pianetaottica.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 'o', 't', 't', 'i', 'c', 'a', '.', 'i', 't', '\0',
+  /* "pianetatatuaggi.it", true */ 'p', 'i', 'a', 'n', 'e', 't', 'a', 't', 'a', 't', 'u', 'a', 'g', 'g', 'i', '.', 'i', 't', '\0',
+  /* "piatabrasil.com.br", true */ 'p', 'i', 'a', 't', 'a', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "piatanoua.md", true */ 'p', 'i', 'a', 't', 'a', 'n', 'o', 'u', 'a', '.', 'm', 'd', '\0',
+  /* "pic.gov", true */ 'p', 'i', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "pic.sr", true */ 'p', 'i', 'c', '.', 's', 'r', '\0',
+  /* "pic2map.com", true */ 'p', 'i', 'c', '2', 'm', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "piccirello.com", true */ 'p', 'i', 'c', 'c', 'i', 'r', 'e', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "piccolo-parties.co.uk", true */ 'p', 'i', 'c', 'c', 'o', 'l', 'o', '-', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pickme.nl", true */ 'p', 'i', 'c', 'k', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "pickormix.co.uk", true */ 'p', 'i', 'c', 'k', 'o', 'r', 'm', 'i', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "picksin.club", true */ 'p', 'i', 'c', 'k', 's', 'i', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "piclect.com", true */ 'p', 'i', 'c', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "picoauto.com", true */ 'p', 'i', 'c', 'o', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "picone.com.au", true */ 'p', 'i', 'c', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "piconepress.com", true */ 'p', 'i', 'c', 'o', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "picotech.com", true */ 'p', 'i', 'c', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "picotronic.de", true */ 'p', 'i', 'c', 'o', 't', 'r', 'o', 'n', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "picsandtours.com", true */ 'p', 'i', 'c', 's', 'a', 'n', 'd', 't', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "picster.at", true */ 'p', 'i', 'c', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "picsto.re", true */ 'p', 'i', 'c', 's', 't', 'o', '.', 'r', 'e', '\0',
+  /* "pictr.nl", true */ 'p', 'i', 'c', 't', 'r', '.', 'n', 'l', '\0',
+  /* "picture.team", true */ 'p', 'i', 'c', 't', 'u', 'r', 'e', '.', 't', 'e', 'a', 'm', '\0',
+  /* "picturingjordan.com", true */ 'p', 'i', 'c', 't', 'u', 'r', 'i', 'n', 'g', 'j', 'o', 'r', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pidginhost.com", true */ 'p', 'i', 'd', 'g', 'i', 'n', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pidjipi.com", true */ 'p', 'i', 'd', 'j', 'i', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pieceofme.be", false */ 'p', 'i', 'e', 'c', 'e', 'o', 'f', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "piedfeed.com", true */ 'p', 'i', 'e', 'd', 'f', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pieinsurance.com", true */ 'p', 'i', 'e', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "piekacz.co.uk", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "piekacz.eu.org", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "piekacz.net", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "piekacz.tel", true */ 'p', 'i', 'e', 'k', 'a', 'c', 'z', '.', 't', 'e', 'l', '\0',
+  /* "piem.org", true */ 'p', 'i', 'e', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "pieperhome.de", true */ 'p', 'i', 'e', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "pieq.eu", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '\0',
+  /* "pieq.eu.org", true */ 'p', 'i', 'e', 'q', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pier28.com", true */ 'p', 'i', 'e', 'r', '2', '8', '.', 'c', 'o', 'm', '\0',
+  /* "piercing-store.com", true */ 'p', 'i', 'e', 'r', 'c', 'i', 'n', 'g', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "piercraft.com", true */ 'p', 'i', 'e', 'r', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pierre-denoblens.net", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 'd', 'e', 'n', 'o', 'b', 'l', 'e', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "pierre-schmitz.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pierrefv.com", true */ 'p', 'i', 'e', 'r', 'r', 'e', 'f', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pietawittermans.nl", true */ 'p', 'i', 'e', 't', 'a', 'w', 'i', 't', 't', 'e', 'r', 'm', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "pietechsf.com", true */ 'p', 'i', 'e', 't', 'e', 'c', 'h', 's', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "pieterbos.nl", true */ 'p', 'i', 'e', 't', 'e', 'r', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "pietz.uk", true */ 'p', 'i', 'e', 't', 'z', '.', 'u', 'k', '\0',
+  /* "pigritia.de", true */ 'p', 'i', 'g', 'r', 'i', 't', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "piils.fr", true */ 'p', 'i', 'i', 'l', 's', '.', 'f', 'r', '\0',
+  /* "pijuice.com", true */ 'p', 'i', 'j', 'u', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pik.bzh", true */ 'p', 'i', 'k', '.', 'b', 'z', 'h', '\0',
+  /* "pikeitservices.com.au", true */ 'p', 'i', 'k', 'e', 'i', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pikmy.com", true */ 'p', 'i', 'k', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pilani.ch", true */ 'p', 'i', 'l', 'a', 'n', 'i', '.', 'c', 'h', '\0',
+  /* "pileofgarbage.net", true */ 'p', 'i', 'l', 'e', 'o', 'f', 'g', 'a', 'r', 'b', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "piliszek.net", true */ 'p', 'i', 'l', 'i', 's', 'z', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "pill.id", true */ 'p', 'i', 'l', 'l', '.', 'i', 'd', '\0',
+  /* "pimhaarsma.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "pimhaarsmamedia.nl", true */ 'p', 'i', 'm', 'h', 'a', 'a', 'r', 's', 'm', 'a', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "pimpmyperf.fr", true */ 'p', 'i', 'm', 'p', 'm', 'y', 'p', 'e', 'r', 'f', '.', 'f', 'r', '\0',
+  /* "pin.net.au", true */ 'p', 'i', 'n', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "pinceaux.org", true */ 'p', 'i', 'n', 'c', 'e', 'a', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "pincha.com.tw", false */ 'p', 'i', 'n', 'c', 'h', 'a', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "pincodeit.com", true */ 'p', 'i', 'n', 'c', 'o', 'd', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pindanutjes.be", false */ 'p', 'i', 'n', 'd', 'a', 'n', 'u', 't', 'j', 'e', 's', '.', 'b', 'e', '\0',
+  /* "pinemountainnursery.com.au", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "pinemountbaptistchurch.org", true */ 'p', 'i', 'n', 'e', 'm', 'o', 'u', 'n', 't', 'b', 'a', 'p', 't', 'i', 's', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "pinesandneedles.com", true */ 'p', 'i', 'n', 'e', 's', 'a', 'n', 'd', 'n', 'e', 'e', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pingworks.com", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pingworks.de", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "pingworks.eu", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'e', 'u', '\0',
+  /* "pingworks.net", true */ 'p', 'i', 'n', 'g', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "pinhadigital.com", true */ 'p', 'i', 'n', 'h', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pinimg.com", true */ 'p', 'i', 'n', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pinkapple.com", true */ 'p', 'i', 'n', 'k', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pinkbike.com", true */ 'p', 'i', 'n', 'k', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pinkcasino.co.uk", true */ 'p', 'i', 'n', 'k', 'c', 'a', 's', 'i', 'n', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinkfis.ch", true */ 'p', 'i', 'n', 'k', 'f', 'i', 's', '.', 'c', 'h', '\0',
+  /* "pinkhq.com", true */ 'p', 'i', 'n', 'k', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "pinkinked.com", true */ 'p', 'i', 'n', 'k', 'i', 'n', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pinkladyapples.co.uk", true */ 'p', 'i', 'n', 'k', 'l', 'a', 'd', 'y', 'a', 'p', 'p', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinklecfest.org", true */ 'p', 'i', 'n', 'k', 'l', 'e', 'c', 'f', 'e', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "pinnaclelife.co.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "pinnaclelife.nz", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 'l', 'i', 'f', 'e', '.', 'n', 'z', '\0',
+  /* "pinnacles.com", true */ 'p', 'i', 'n', 'n', 'a', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pinoyonlinetv.com", true */ 'p', 'i', 'n', 'o', 'y', 'o', 'n', 'l', 'i', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pinpayments.com", true */ 'p', 'i', 'n', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pinpointengineer.co.uk", true */ 'p', 'i', 'n', 'p', 'o', 'i', 'n', 't', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinscher.com.br", true */ 'p', 'i', 'n', 's', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pinterest.at", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'a', 't', '\0',
+  /* "pinterest.co.uk", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pinterest.com", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pinterest.de", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "pinterest.engineering", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "pinterest.ie", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'e', '\0',
+  /* "pinterest.info", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pinterest.jp", true */ 'p', 'i', 'n', 't', 'e', 'r', 'e', 's', 't', '.', 'j', 'p', '\0',
+  /* "pipenny.net", true */ 'p', 'i', 'p', 'e', 'n', 'n', 'y', '.', 'n', 'e', 't', '\0',
+  /* "piranil.com", true */ 'p', 'i', 'r', 'a', 'n', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pirate.trade", true */ 'p', 'i', 'r', 'a', 't', 'e', '.', 't', 'r', 'a', 'd', 'e', '\0',
+  /* "pirateahoy.eu", true */ 'p', 'i', 'r', 'a', 't', 'e', 'a', 'h', 'o', 'y', '.', 'e', 'u', '\0',
+  /* "piratebayproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'b', 'a', 'y', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0',
+  /* "piraten-basel.ch", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'a', 's', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "piraten-bv-nord.de", true */ 'p', 'i', 'r', 'a', 't', 'e', 'n', '-', 'b', 'v', '-', 'n', 'o', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "piratepay.io", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "piratepay.ir", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'a', 'y', '.', 'i', 'r', '\0',
+  /* "pirateproxy.cam", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 'm', '\0',
+  /* "pirateproxy.cat", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'a', 't', '\0',
+  /* "pirateproxy.cc", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'c', '\0',
+  /* "pirateproxy.ist", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'i', 's', 't', '\0',
+  /* "pirateproxy.la", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'l', 'a', '\0',
+  /* "pirateproxy.one", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "pirateproxy.pl", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'l', '\0',
+  /* "pirateproxy.pw", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0',
+  /* "pirateproxy.red", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'r', 'e', 'd', '\0',
+  /* "pirateproxy.tf", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'f', '\0',
+  /* "pirateproxy.tv", true */ 'p', 'i', 'r', 'a', 't', 'e', 'p', 'r', 'o', 'x', 'y', '.', 't', 'v', '\0',
+  /* "piratesforums.co", true */ 'p', 'i', 'r', 'a', 't', 'e', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', '\0',
+  /* "pires.ovh", true */ 'p', 'i', 'r', 'e', 's', '.', 'o', 'v', 'h', '\0',
+  /* "pirganj24.com", true */ 'p', 'i', 'r', 'g', 'a', 'n', 'j', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "pirman.es", true */ 'p', 'i', 'r', 'm', 'a', 'n', '.', 'e', 's', '\0',
+  /* "pirxpilot.me", true */ 'p', 'i', 'r', 'x', 'p', 'i', 'l', 'o', 't', '.', 'm', 'e', '\0',
+  /* "piseach.be", true */ 'p', 'i', 's', 'e', 'a', 'c', 'h', '.', 'b', 'e', '\0',
+  /* "pissblau.com", true */ 'p', 'i', 's', 's', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pissflaps.co.uk", true */ 'p', 'i', 's', 's', 'f', 'l', 'a', 'p', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pisupp.ly", true */ 'p', 'i', 's', 'u', 'p', 'p', '.', 'l', 'y', '\0',
+  /* "pitchpinecapital.com", true */ 'p', 'i', 't', 'c', 'h', 'p', 'i', 'n', 'e', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pitfire.io", true */ 'p', 'i', 't', 'f', 'i', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "pitot-rs.org", true */ 'p', 'i', 't', 'o', 't', '-', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "pitsstop.nu", true */ 'p', 'i', 't', 's', 's', 't', 'o', 'p', '.', 'n', 'u', '\0',
+  /* "pittaya.com", true */ 'p', 'i', 't', 't', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pittmantraffic.co.uk", true */ 'p', 'i', 't', 't', 'm', 'a', 'n', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pivotaltracker.com", true */ 'p', 'i', 'v', 'o', 't', 'a', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pivotanimation.org", true */ 'p', 'i', 'v', 'o', 't', 'a', 'n', 'i', 'm', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pix5.de", true */ 'p', 'i', 'x', '5', '.', 'd', 'e', '\0',
+  /* "pixel.facebook.com", false */ 'p', 'i', 'x', 'e', 'l', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pixel.google.com", true */ 'p', 'i', 'x', 'e', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pixelbash.de", true */ 'p', 'i', 'x', 'e', 'l', 'b', 'a', 's', 'h', '.', 'd', 'e', '\0',
+  /* "pixelcubed.com", true */ 'p', 'i', 'x', 'e', 'l', 'c', 'u', 'b', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "pixelesque.uk", true */ 'p', 'i', 'x', 'e', 'l', 'e', 's', 'q', 'u', 'e', '.', 'u', 'k', '\0',
+  /* "pixelfou.com", true */ 'p', 'i', 'x', 'e', 'l', 'f', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pixelminers.net", true */ 'p', 'i', 'x', 'e', 'l', 'm', 'i', 'n', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "pixelpoint.io", true */ 'p', 'i', 'x', 'e', 'l', 'p', 'o', 'i', 'n', 't', '.', 'i', 'o', '\0',
+  /* "pixelrain.info", true */ 'p', 'i', 'x', 'e', 'l', 'r', 'a', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pixelsquared.us", true */ 'p', 'i', 'x', 'e', 'l', 's', 'q', 'u', 'a', 'r', 'e', 'd', '.', 'u', 's', '\0',
+  /* "pixelurbia.com", true */ 'p', 'i', 'x', 'e', 'l', 'u', 'r', 'b', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pixelution.at", true */ 'p', 'i', 'x', 'e', 'l', 'u', 't', 'i', 'o', 'n', '.', 'a', 't', '\0',
+  /* "pixiv.moe", true */ 'p', 'i', 'x', 'i', 'v', '.', 'm', 'o', 'e', '\0',
+  /* "pixivimg.me", true */ 'p', 'i', 'x', 'i', 'v', 'i', 'm', 'g', '.', 'm', 'e', '\0',
+  /* "pixlfox.com", true */ 'p', 'i', 'x', 'l', 'f', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "pizala.de", true */ 'p', 'i', 'z', 'a', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "pizzabottle.com", true */ 'p', 'i', 'z', 'z', 'a', 'b', 'o', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pizzacook.ch", true */ 'p', 'i', 'z', 'z', 'a', 'c', 'o', 'o', 'k', '.', 'c', 'h', '\0',
+  /* "pizzafest.ddns.net", true */ 'p', 'i', 'z', 'z', 'a', 'f', 'e', 's', 't', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "pizzagigant.hu", true */ 'p', 'i', 'z', 'z', 'a', 'g', 'i', 'g', 'a', 'n', 't', '.', 'h', 'u', '\0',
+  /* "pizzeria-mehrhoog.de", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', '-', 'm', 'e', 'h', 'r', 'h', 'o', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "pizzeriacolore.com", true */ 'p', 'i', 'z', 'z', 'e', 'r', 'i', 'a', 'c', 'o', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pj539999.com", true */ 'p', 'j', '5', '3', '9', '9', '9', '9', '.', 'c', 'o', 'm', '\0',
+  /* "pjentertainments.co.uk", true */ 'p', 'j', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pjili.com", true */ 'p', 'j', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pjleisure.co.uk", true */ 'p', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pjuu.com", false */ 'p', 'j', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "pk.search.yahoo.com", false */ 'p', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pkgt.de", false */ 'p', 'k', 'g', 't', '.', 'd', 'e', '\0',
+  /* "pko.ch", true */ 'p', 'k', 'o', '.', 'c', 'h', '\0',
+  /* "pkov.cz", true */ 'p', 'k', 'o', 'v', '.', 'c', 'z', '\0',
+  /* "pkphotobooths.co.uk", true */ 'p', 'k', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pl-cours.ch", true */ 'p', 'l', '-', 'c', 'o', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "pl.search.yahoo.com", false */ 'p', 'l', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "placasonline.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "placassinal.com.br", true */ 'p', 'l', 'a', 'c', 'a', 's', 's', 'i', 'n', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "placefade.com", true */ 'p', 'l', 'a', 'c', 'e', 'f', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "placehold.co", true */ 'p', 'l', 'a', 'c', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', '\0',
+  /* "placeralplato.com", true */ 'p', 'l', 'a', 'c', 'e', 'r', 'a', 'l', 'p', 'l', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "placker.com", false */ 'p', 'l', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plae.com.au", true */ 'p', 'l', 'a', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "plainjs.com", false */ 'p', 'l', 'a', 'i', 'n', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "plainmark.com", true */ 'p', 'l', 'a', 'i', 'n', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "plaintech.net.au", true */ 'p', 'l', 'a', 'i', 'n', 't', 'e', 'c', 'h', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "plaintray.com", true */ 'p', 'l', 'a', 'i', 'n', 't', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "plakbak.nl", true */ 'p', 'l', 'a', 'k', 'b', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "plan-immobilier.fr", true */ 'p', 'l', 'a', 'n', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "planboardapp.com", true */ 'p', 'l', 'a', 'n', 'b', 'o', 'a', 'r', 'd', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "planet-work.com", true */ 'p', 'l', 'a', 'n', 'e', 't', '-', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "planetasuboficial.com.br", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 's', 'u', 'b', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "planetau2.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'a', 'u', '2', '.', 'c', 'o', 'm', '\0',
+  /* "planetbeauty.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "planetbreath.ch", true */ 'p', 'l', 'a', 'n', 'e', 't', 'b', 'r', 'e', 'a', 't', 'h', '.', 'c', 'h', '\0',
+  /* "planete-cocoon.com", false */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'c', 'o', 'c', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "planete-lira.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 'l', 'i', 'r', 'a', '.', 'f', 'r', '\0',
+  /* "planete-secu.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', '-', 's', 'e', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "planeteroliste.com", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "planeteroliste.fr", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'r', 'o', 'l', 'i', 's', 't', 'e', '.', 'f', 'r', '\0',
+  /* "planetexpress.cc", true */ 'p', 'l', 'a', 'n', 'e', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'c', '\0',
+  /* "planetromeofoundation.org", true */ 'p', 'l', 'a', 'n', 'e', 't', 'r', 'o', 'm', 'e', 'o', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "planify.io", true */ 'p', 'l', 'a', 'n', 'i', 'f', 'y', '.', 'i', 'o', '\0',
+  /* "planitz.com", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "planitz.net", true */ 'p', 'l', 'a', 'n', 'i', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "planktonforhealth.co.uk", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "planktonholland.com", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "planktonholland.nl", true */ 'p', 'l', 'a', 'n', 'k', 't', 'o', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "planlos.net", true */ 'p', 'l', 'a', 'n', 'l', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "planmemberpartners.com", true */ 'p', 'l', 'a', 'n', 'm', 'e', 'm', 'b', 'e', 'r', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "planningexcellence.com.au", true */ 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "plant-gift.jp", true */ 'p', 'l', 'a', 'n', 't', '-', 'g', 'i', 'f', 't', '.', 'j', 'p', '\0',
+  /* "plantarum.com.br", true */ 'p', 'l', 'a', 'n', 't', 'a', 'r', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "plantastique.ch", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'h', '\0',
+  /* "plantastique.com", true */ 'p', 'l', 'a', 'n', 't', 'a', 's', 't', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "planteforum.no", true */ 'p', 'l', 'a', 'n', 't', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'o', '\0',
+  /* "plantroon.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "plantrustler.com", true */ 'p', 'l', 'a', 'n', 't', 'r', 'u', 's', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plaque-funeraire.fr", true */ 'p', 'l', 'a', 'q', 'u', 'e', '-', 'f', 'u', 'n', 'e', 'r', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "plassmann.ws", true */ 'p', 'l', 'a', 's', 's', 'm', 'a', 'n', 'n', '.', 'w', 's', '\0',
+  /* "plasti-pac.ch", true */ 'p', 'l', 'a', 's', 't', 'i', '-', 'p', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "plasticsurgeryartist.com", true */ 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "platformadmin.com", true */ 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "platinumpeek.com", true */ 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', 'p', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "platomania.nl", true */ 'p', 'l', 'a', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "platschi.net", true */ 'p', 'l', 'a', 't', 's', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "platten-nach-mass.de", true */ 'p', 'l', 'a', 't', 't', 'e', 'n', '-', 'n', 'a', 'c', 'h', '-', 'm', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "platterlauncher.com", true */ 'p', 'l', 'a', 't', 't', 'e', 'r', 'l', 'a', 'u', 'n', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plattner.club", true */ 'p', 'l', 'a', 't', 't', 'n', 'e', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "play.cash", true */ 'p', 'l', 'a', 'y', '.', 'c', 'a', 's', 'h', '\0',
+  /* "play.google.com", true */ 'p', 'l', 'a', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "playanka.com", true */ 'p', 'l', 'a', 'y', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "playawaycastles.co.uk", true */ 'p', 'l', 'a', 'y', 'a', 'w', 'a', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playdaysparties.co.uk", true */ 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playdreamcraft.com.br", true */ 'p', 'l', 'a', 'y', 'd', 'r', 'e', 'a', 'm', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "playform.cloud", true */ 'p', 'l', 'a', 'y', 'f', 'o', 'r', 'm', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "playhappywheelsunblocked.com", true */ 'p', 'l', 'a', 'y', 'h', 'a', 'p', 'p', 'y', 'w', 'h', 'e', 'e', 'l', 's', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "playkh.com", true */ 'p', 'l', 'a', 'y', 'k', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "playmfe.com", true */ 'p', 'l', 'a', 'y', 'm', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "playpirates.com", true */ 'p', 'l', 'a', 'y', 'p', 'i', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "playsnake.org", true */ 'p', 'l', 'a', 'y', 's', 'n', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "playsoundevents.be", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'b', 'e', '\0',
+  /* "playsource.co", true */ 'p', 'l', 'a', 'y', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '\0',
+  /* "playsprout.industries", false */ 'p', 'l', 'a', 'y', 's', 'p', 'r', 'o', 'u', 't', '.', 'i', 'n', 'd', 'u', 's', 't', 'r', 'i', 'e', 's', '\0',
+  /* "playtictactoe.org", true */ 'p', 'l', 'a', 'y', 't', 'i', 'c', 't', 'a', 'c', 't', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "playtimebouncycastles.co.uk", true */ 'p', 'l', 'a', 'y', 't', 'i', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "playwhyyza.com", true */ 'p', 'l', 'a', 'y', 'w', 'h', 'y', 'y', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "playzonecastles.co.uk", true */ 'p', 'l', 'a', 'y', 'z', 'o', 'n', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pld-entertainment.co.uk", true */ 'p', 'l', 'd', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pldx.org", true */ 'p', 'l', 'd', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "please-deny.me", true */ 'p', 'l', 'e', 'a', 's', 'e', '-', 'd', 'e', 'n', 'y', '.', 'm', 'e', '\0',
+  /* "pleaseuseansnisupportedbrowser.ml", true */ 'p', 'l', 'e', 'a', 's', 'e', 'u', 's', 'e', 'a', 'n', 's', 'n', 'i', 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'd', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'm', 'l', '\0',
+  /* "pleasure-science.com", true */ 'p', 'l', 'e', 'a', 's', 'u', 'r', 'e', '-', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pleine-conscience.ch", true */ 'p', 'l', 'e', 'i', 'n', 'e', '-', 'c', 'o', 'n', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "plen.io", true */ 'p', 'l', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "plenigo.com", true */ 'p', 'l', 'e', 'n', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "plexhome13.ddns.net", true */ 'p', 'l', 'e', 'x', 'h', 'o', 'm', 'e', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "plexi.dyndns.tv", true */ 'p', 'l', 'e', 'x', 'i', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 't', 'v', '\0',
+  /* "plexpy13.ddns.net", true */ 'p', 'l', 'e', 'x', 'p', 'y', '1', '3', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "plextv.de", true */ 'p', 'l', 'e', 'x', 't', 'v', '.', 'd', 'e', '\0',
+  /* "plexusmd.com", true */ 'p', 'l', 'e', 'x', 'u', 's', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plinc.co", true */ 'p', 'l', 'i', 'n', 'c', '.', 'c', 'o', '\0',
+  /* "pliosoft.com", true */ 'p', 'l', 'i', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plitu.de", true */ 'p', 'l', 'i', 't', 'u', '.', 'd', 'e', '\0',
+  /* "ploader.ru", false */ 'p', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "plochka.bg", true */ 'p', 'l', 'o', 'c', 'h', 'k', 'a', '.', 'b', 'g', '\0',
+  /* "plomberierenga.com", true */ 'p', 'l', 'o', 'm', 'b', 'e', 'r', 'i', 'e', 'r', 'e', 'n', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "plongee-phuket.fr", true */ 'p', 'l', 'o', 'n', 'g', 'e', 'e', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'f', 'r', '\0',
+  /* "ploofer.com", true */ 'p', 'l', 'o', 'o', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "plot.ly", true */ 'p', 'l', 'o', 't', '.', 'l', 'y', '\0',
+  /* "plr4wp.com", true */ 'p', 'l', 'r', '4', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "plsboop.me", true */ 'p', 'l', 's', 'b', 'o', 'o', 'p', '.', 'm', 'e', '\0',
+  /* "pluga.co", true */ 'p', 'l', 'u', 'g', 'a', '.', 'c', 'o', '\0',
+  /* "plugboard.xyz", true */ 'p', 'l', 'u', 'g', 'b', 'o', 'a', 'r', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "plugcubed.net", false */ 'p', 'l', 'u', 'g', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "pluggedhead.com", true */ 'p', 'l', 'u', 'g', 'g', 'e', 'd', 'h', 'e', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plugin-planet.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pluginfactory.io", true */ 'p', 'l', 'u', 'g', 'i', 'n', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "pluginsloaded.com", true */ 'p', 'l', 'u', 'g', 'i', 'n', 's', 'l', 'o', 'a', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "plumber-in-sandton.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'e', 'r', '-', 'i', 'n', '-', 's', 'a', 'n', 'd', 't', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "plumbingbenoni.co.za", true */ 'p', 'l', 'u', 'm', 'b', 'i', 'n', 'g', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "plumlocosoft.com", true */ 'p', 'l', 'u', 'm', 'l', 'o', 'c', 'o', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plumnet.ch", true */ 'p', 'l', 'u', 'm', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "plumpie.net", false */ 'p', 'l', 'u', 'm', 'p', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "plus-5.com", true */ 'p', 'l', 'u', 's', '-', '5', '.', 'c', 'o', 'm', '\0',
+  /* "plus.google.com", false */ 'p', 'l', 'u', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "plus.sandbox.google.com", true */ 'p', 'l', 'u', 's', '.', 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "plus1s.tk", true */ 'p', 'l', 'u', 's', '1', 's', '.', 't', 'k', '\0',
+  /* "plushev.com", true */ 'p', 'l', 'u', 's', 'h', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pluslink.co.jp", true */ 'p', 'l', 'u', 's', 'l', 'i', 'n', 'k', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "plusstreamfeed.appspot.com", true */ 'p', 'l', 'u', 's', 's', 't', 'r', 'e', 'a', 'm', 'f', 'e', 'e', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "plustech.id", true */ 'p', 'l', 'u', 's', 't', 'e', 'c', 'h', '.', 'i', 'd', '\0',
+  /* "pluta.net", true */ 'p', 'l', 'u', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "pluto.life", true */ 'p', 'l', 'u', 't', 'o', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "plutokorea.com", true */ 'p', 'l', 'u', 't', 'o', 'k', 'o', 'r', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "plutopia.ch", true */ 'p', 'l', 'u', 't', 'o', 'p', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "plymouthbouncycastles.co.uk", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "plymouthglassgallery.com", true */ 'p', 'l', 'y', 'm', 'o', 'u', 't', 'h', 'g', 'l', 'a', 's', 's', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "plzdontpwn.me", true */ 'p', 'l', 'z', 'd', 'o', 'n', 't', 'p', 'w', 'n', '.', 'm', 'e', '\0',
+  /* "plzenskybarcamp.cz", true */ 'p', 'l', 'z', 'e', 'n', 's', 'k', 'y', 'b', 'a', 'r', 'c', 'a', 'm', 'p', '.', 'c', 'z', '\0',
+  /* "plzh4x.me", true */ 'p', 'l', 'z', 'h', '4', 'x', '.', 'm', 'e', '\0',
+  /* "pm-onboarding-external-dev.azurewebsites.net", true */ 'p', 'm', '-', 'o', 'n', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '-', 'e', 'x', 't', 'e', 'r', 'n', 'a', 'l', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pm-partners-management-dev.azurewebsites.net", true */ 'p', 'm', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', 's', '-', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '-', 'd', 'e', 'v', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pm13.cz", true */ 'p', 'm', '1', '3', '.', 'c', 'z', '\0',
+  /* "pm13.org", true */ 'p', 'm', '1', '3', '.', 'o', 'r', 'g', '\0',
+  /* "pmalaty.com", true */ 'p', 'm', 'a', 'l', 'a', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pmarques.info", true */ 'p', 'm', 'a', 'r', 'q', 'u', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pmbc.org", true */ 'p', 'm', 'b', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "pmconference.ch", true */ 'p', 'm', 'c', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "pmctire.com", true */ 'p', 'm', 'c', 't', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pmessage.ch", true */ 'p', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'c', 'h', '\0',
+  /* "pmg-offshore-company.com", true */ 'p', 'm', 'g', '-', 'o', 'f', 'f', 's', 'h', 'o', 'r', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pmg-purchase.com", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pmg-purchase.net", true */ 'p', 'm', 'g', '-', 'p', 'u', 'r', 'c', 'h', 'a', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "pmklaassen.com", true */ 'p', 'm', 'k', 'l', 'a', 'a', 's', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pmoreau.org", true */ 'p', 'm', 'o', 'r', 'e', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pmp-art.com", true */ 'p', 'm', 'p', '-', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pmponline.de", true */ 'p', 'm', 'p', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "pmsacorp.com", true */ 'p', 'm', 's', 'a', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pmsf.eu", true */ 'p', 'm', 's', 'f', '.', 'e', 'u', '\0',
+  /* "pmt-documenten.nl", true */ 'p', 'm', 't', '-', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "pneuhaus-lemp.ch", true */ 'p', 'n', 'e', 'u', 'h', 'a', 'u', 's', '-', 'l', 'e', 'm', 'p', '.', 'c', 'h', '\0',
+  /* "pneusgppremium.com.br", true */ 'p', 'n', 'e', 'u', 's', 'g', 'p', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pnimmobilier.ch", true */ 'p', 'n', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "pnmhomecheckup.com", true */ 'p', 'n', 'm', 'h', 'o', 'm', 'e', 'c', 'h', 'e', 'c', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pnona.cz", true */ 'p', 'n', 'o', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "pnut.io", false */ 'p', 'n', 'u', 't', '.', 'i', 'o', '\0',
+  /* "poba.fr", true */ 'p', 'o', 'b', 'a', '.', 'f', 'r', '\0',
+  /* "pocatellonissanparts.com", true */ 'p', 'o', 'c', 'a', 't', 'e', 'l', 'l', 'o', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pochaneko.com", false */ 'p', 'o', 'c', 'h', 'a', 'n', 'e', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pocketfruity.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'r', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pocketfullofapps.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'f', 'u', 'l', 'l', 'o', 'f', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pocketinsure.com", true */ 'p', 'o', 'c', 'k', 'e', 't', 'i', 'n', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pocketmemories.net", true */ 'p', 'o', 'c', 'k', 'e', 't', 'm', 'e', 'm', 'o', 'r', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "pocobelli.ch", true */ 'p', 'o', 'c', 'o', 'b', 'e', 'l', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "podcast.style", true */ 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "podemos.info", true */ 'p', 'o', 'd', 'e', 'm', 'o', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "podia.com.gr", true */ 'p', 'o', 'd', 'i', 'a', '.', 'c', 'o', 'm', '.', 'g', 'r', '\0',
+  /* "podroof.com", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "podroof.com.au", true */ 'p', 'o', 'd', 'r', 'o', 'o', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "podshrink.de", true */ 'p', 'o', 'd', 's', 'h', 'r', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "poe.digital", true */ 'p', 'o', 'e', '.', 'd', 'i', 'g', 'i', 't', 'a', 'l', '\0',
+  /* "poed.com.au", true */ 'p', 'o', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "poed.net.au", true */ 'p', 'o', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "poedgirl.com", true */ 'p', 'o', 'e', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poeg.cz", true */ 'p', 'o', 'e', 'g', '.', 'c', 'z', '\0',
+  /* "pogoswine.com", true */ 'p', 'o', 'g', 'o', 's', 'w', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pogrebisky.net", true */ 'p', 'o', 'g', 'r', 'e', 'b', 'i', 's', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "poinsot.info", true */ 'p', 'o', 'i', 'n', 's', 'o', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pointaction.com", true */ 'p', 'o', 'i', 'n', 't', 'a', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pointhost.de", true */ 'p', 'o', 'i', 'n', 't', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "pointiswunderland.de", true */ 'p', 'o', 'i', 'n', 't', 'i', 's', 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "points4unitedway.com", true */ 'p', 'o', 'i', 'n', 't', 's', '4', 'u', 'n', 'i', 't', 'e', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "pointsixtyfive.com", true */ 'p', 'o', 'i', 'n', 't', 's', 'i', 'x', 't', 'y', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pointum.com", true */ 'p', 'o', 'i', 'n', 't', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "poiru.net", true */ 'p', 'o', 'i', 'r', 'u', '.', 'n', 'e', 't', '\0',
+  /* "poitiers-ttacc-86.eu.org", true */ 'p', 'o', 'i', 't', 'i', 'e', 'r', 's', '-', 't', 't', 'a', 'c', 'c', '-', '8', '6', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pojer.me", true */ 'p', 'o', 'j', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "pokalsocial.de", true */ 'p', 'o', 'k', 'a', 'l', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "pokefarm.com", true */ 'p', 'o', 'k', 'e', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pokeinthe.io", true */ 'p', 'o', 'k', 'e', 'i', 'n', 't', 'h', 'e', '.', 'i', 'o', '\0',
+  /* "pokemondb.net", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "pokemontabletopadventures.com", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'n', 't', 'a', 'b', 'l', 'e', 't', 'o', 'p', 'a', 'd', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pokemori.jp", true */ 'p', 'o', 'k', 'e', 'm', 'o', 'r', 'i', '.', 'j', 'p', '\0',
+  /* "pokepon.center", true */ 'p', 'o', 'k', 'e', 'p', 'o', 'n', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "pokl.cz", true */ 'p', 'o', 'k', 'l', '.', 'c', 'z', '\0',
+  /* "polaire.org", true */ 'p', 'o', 'l', 'a', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "polandb2b.directory", true */ 'p', 'o', 'l', 'a', 'n', 'd', 'b', '2', 'b', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "pole-emotion.ch", true */ 'p', 'o', 'l', 'e', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "poleacademie.com", true */ 'p', 'o', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "poleartschool.com", false */ 'p', 'o', 'l', 'e', 'a', 'r', 't', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poles4pilots.com", true */ 'p', 'o', 'l', 'e', 's', '4', 'p', 'i', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "policedriver.com", true */ 'p', 'o', 'l', 'i', 'c', 'e', 'd', 'r', 'i', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "polis.or.at", true */ 'p', 'o', 'l', 'i', 's', '.', 'o', 'r', '.', 'a', 't', '\0',
+  /* "polis.to", false */ 'p', 'o', 'l', 'i', 's', '.', 't', 'o', '\0',
+  /* "polish.directory", true */ 'p', 'o', 'l', 'i', 's', 'h', '.', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '\0',
+  /* "politeiaudesa.org", true */ 'p', 'o', 'l', 'i', 't', 'e', 'i', 'a', 'u', 'd', 'e', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "politik-bei-uns.de", true */ 'p', 'o', 'l', 'i', 't', 'i', 'k', '-', 'b', 'e', 'i', '-', 'u', 'n', 's', '.', 'd', 'e', '\0',
+  /* "polizeiwallis.ch", true */ 'p', 'o', 'l', 'i', 'z', 'e', 'i', 'w', 'a', 'l', 'l', 'i', 's', '.', 'c', 'h', '\0',
+  /* "polkam.go.id", false */ 'p', 'o', 'l', 'k', 'a', 'm', '.', 'g', 'o', '.', 'i', 'd', '\0',
+  /* "pollet-ghijs.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'i', 'j', 's', '.', 'b', 'e', '\0',
+  /* "pollet-ghys.be", true */ 'p', 'o', 'l', 'l', 'e', 't', '-', 'g', 'h', 'y', 's', '.', 'b', 'e', '\0',
+  /* "polletmera.com", true */ 'p', 'o', 'l', 'l', 'e', 't', 'm', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "pollingplace.uk", true */ 'p', 'o', 'l', 'l', 'i', 'n', 'g', 'p', 'l', 'a', 'c', 'e', '.', 'u', 'k', '\0',
+  /* "pollpodium.nl", true */ 'p', 'o', 'l', 'l', 'p', 'o', 'd', 'i', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "polsport.live", true */ 'p', 'o', 'l', 's', 'p', 'o', 'r', 't', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "poly-fast.com", true */ 'p', 'o', 'l', 'y', '-', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "polyfill.io", true */ 'p', 'o', 'l', 'y', 'f', 'i', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "polygamer.net", true */ 'p', 'o', 'l', 'y', 'g', 'a', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "polymake.org", true */ 'p', 'o', 'l', 'y', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "polymathematician.com", true */ 'p', 'o', 'l', 'y', 'm', 'a', 't', 'h', 'e', 'm', 'a', 't', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "polynomapp.com", true */ 'p', 'o', 'l', 'y', 'n', 'o', 'm', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "polypane.rocks", true */ 'p', 'o', 'l', 'y', 'p', 'a', 'n', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "polypet.com.sg", true */ 'p', 'o', 'l', 'y', 'p', 'e', 't', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "polytarian.com", true */ 'p', 'o', 'l', 'y', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "polytechecosystem.vc", true */ 'p', 'o', 'l', 'y', 't', 'e', 'c', 'h', 'e', 'c', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'v', 'c', '\0',
+  /* "pomar.club", false */ 'p', 'o', 'm', 'a', 'r', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "pomfe.co", true */ 'p', 'o', 'm', 'f', 'e', '.', 'c', 'o', '\0',
+  /* "pommedepain.fr", true */ 'p', 'o', 'm', 'm', 'e', 'd', 'e', 'p', 'a', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "pomocniczy.eu.org", true */ 'p', 'o', 'm', 'o', 'c', 'n', 'i', 'c', 'z', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "pompiers-martigny.ch", true */ 'p', 'o', 'm', 'p', 'i', 'e', 'r', 's', '-', 'm', 'a', 'r', 't', 'i', 'g', 'n', 'y', '.', 'c', 'h', '\0',
+  /* "pomsinoz.com", true */ 'p', 'o', 'm', 's', 'i', 'n', 'o', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "pondof.fish", true */ 'p', 'o', 'n', 'd', 'o', 'f', '.', 'f', 'i', 's', 'h', '\0',
+  /* "poneypourtous.com", true */ 'p', 'o', 'n', 'e', 'y', 'p', 'o', 'u', 'r', 't', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "poneytelecom.org", true */ 'p', 'o', 'n', 'e', 'y', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "ponga.se", true */ 'p', 'o', 'n', 'g', 'a', '.', 's', 'e', '\0',
+  /* "ponteus.com", true */ 'p', 'o', 'n', 't', 'e', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pontodogame.com.br", true */ 'p', 'o', 'n', 't', 'o', 'd', 'o', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pony-cl.co.jp", true */ 'p', 'o', 'n', 'y', '-', 'c', 'l', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "pony.tf", true */ 'p', 'o', 'n', 'y', '.', 't', 'f', '\0',
+  /* "ponychan.net", true */ 'p', 'o', 'n', 'y', 'c', 'h', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ponycyclepals.co.uk", true */ 'p', 'o', 'n', 'y', 'c', 'y', 'c', 'l', 'e', 'p', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ponyfoo.com", true */ 'p', 'o', 'n', 'y', 'f', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ponzi.life", true */ 'p', 'o', 'n', 'z', 'i', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "pookl.com", true */ 'p', 'o', 'o', 'k', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "poollicht.be", true */ 'p', 'o', 'o', 'l', 'l', 'i', 'c', 'h', 't', '.', 'b', 'e', '\0',
+  /* "poolvilla-margarita.net", false */ 'p', 'o', 'o', 'l', 'v', 'i', 'l', 'l', 'a', '-', 'm', 'a', 'r', 'g', 'a', 'r', 'i', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "poon.io", true */ 'p', 'o', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "poopjournal.rocks", true */ 'p', 'o', 'o', 'p', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "pop-corn.ro", true */ 'p', 'o', 'p', '-', 'c', 'o', 'r', 'n', '.', 'r', 'o', '\0',
+  /* "popcornpalacefundraising.com", true */ 'p', 'o', 'p', 'c', 'o', 'r', 'n', 'p', 'a', 'l', 'a', 'c', 'e', 'f', 'u', 'n', 'd', 'r', 'a', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "popcultureshack.com", true */ 'p', 'o', 'p', 'c', 'u', 'l', 't', 'u', 'r', 'e', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "popinga.it", true */ 'p', 'o', 'p', 'i', 'n', 'g', 'a', '.', 'i', 't', '\0',
+  /* "popkins.cf", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'c', 'f', '\0',
+  /* "popkins.ga", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'a', '\0',
+  /* "popkins.gq", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 'g', 'q', '\0',
+  /* "popkins.tk", true */ 'p', 'o', 'p', 'k', 'i', 'n', 's', '.', 't', 'k', '\0',
+  /* "popmagz.com", true */ 'p', 'o', 'p', 'm', 'a', 'g', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "popoway.cloud", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "popoway.me", true */ 'p', 'o', 'p', 'o', 'w', 'a', 'y', '.', 'm', 'e', '\0',
+  /* "poppetsphere.de", true */ 'p', 'o', 'p', 'p', 'e', 't', 's', 'p', 'h', 'e', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "population-ethics.com", true */ 'p', 'o', 'p', 'u', 'l', 'a', 't', 'i', 'o', 'n', '-', 'e', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "popupsoftplay.com", true */ 'p', 'o', 'p', 'u', 'p', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "poquvi.net", true */ 'p', 'o', 'q', 'u', 'v', 'i', '.', 'n', 'e', 't', '\0',
+  /* "porg.es", true */ 'p', 'o', 'r', 'g', '.', 'e', 's', '\0',
+  /* "pork.org.uk", true */ 'p', 'o', 'r', 'k', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "porn77.info", true */ 'p', 'o', 'r', 'n', '7', '7', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pornbase.info", true */ 'p', 'o', 'r', 'n', 'b', 'a', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pornbay.org", true */ 'p', 'o', 'r', 'n', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pornblog.org", true */ 'p', 'o', 'r', 'n', 'b', 'l', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "porncandi.com", true */ 'p', 'o', 'r', 'n', 'c', 'a', 'n', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "pornohub.su", true */ 'p', 'o', 'r', 'n', 'o', 'h', 'u', 'b', '.', 's', 'u', '\0',
+  /* "pornolab-net.appspot.com", false */ 'p', 'o', 'r', 'n', 'o', 'l', 'a', 'b', '-', 'n', 'e', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pornomens.be", true */ 'p', 'o', 'r', 'n', 'o', 'm', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "porschen.fr", true */ 'p', 'o', 'r', 's', 'c', 'h', 'e', 'n', '.', 'f', 'r', '\0',
+  /* "port.social", true */ 'p', 'o', 'r', 't', '.', 's', 'o', 'c', 'i', 'a', 'l', '\0',
+  /* "port443.hamburg", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "port443.se", true */ 'p', 'o', 'r', 't', '4', '4', '3', '.', 's', 'e', '\0',
+  /* "port67.org", true */ 'p', 'o', 'r', 't', '6', '7', '.', 'o', 'r', 'g', '\0',
+  /* "port80.hamburg", true */ 'p', 'o', 'r', 't', '8', '0', '.', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '\0',
+  /* "portailevangelique.ca", true */ 'p', 'o', 'r', 't', 'a', 'i', 'l', 'e', 'v', 'a', 'n', 'g', 'e', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'a', '\0',
+  /* "portal.tirol.gv.at", true */ 'p', 'o', 'r', 't', 'a', 'l', '.', 't', 'i', 'r', 'o', 'l', '.', 'g', 'v', '.', 'a', 't', '\0',
+  /* "portalcarriers.com", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'a', 'r', 'r', 'i', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "portalcentric.net", true */ 'p', 'o', 'r', 't', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "portalisapres.cl", true */ 'p', 'o', 'r', 't', 'a', 'l', 'i', 's', 'a', 'p', 'r', 'e', 's', '.', 'c', 'l', '\0',
+  /* "portalkla.com.br", true */ 'p', 'o', 'r', 't', 'a', 'l', 'k', 'l', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "portefeuillesignalen.nl", true */ 'p', 'o', 'r', 't', 'e', 'f', 'e', 'u', 'i', 'l', 'l', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "portercup.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'c', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "porterranchelectrical.com", true */ 'p', 'o', 'r', 't', 'e', 'r', 'r', 'a', 'n', 'c', 'h', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "portofacil.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "portofrotterdam.com", true */ 'p', 'o', 'r', 't', 'o', 'f', 'r', 'o', 't', 't', 'e', 'r', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "portosonline.pl", true */ 'p', 'o', 'r', 't', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "portraitsystem.biz", true */ 'p', 'o', 'r', 't', 'r', 'a', 'i', 't', 's', 'y', 's', 't', 'e', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "portsdebalears.gob.es", true */ 'p', 'o', 'r', 't', 's', 'd', 'e', 'b', 'a', 'l', 'e', 'a', 'r', 's', '.', 'g', 'o', 'b', '.', 'e', 's', '\0',
+  /* "portsmouthbouncycastles.co.uk", true */ 'p', 'o', 'r', 't', 's', 'm', 'o', 'u', 't', 'h', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "portugalsko.net", true */ 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 's', 'k', 'o', '.', 'n', 'e', 't', '\0',
+  /* "portvaletickets.com", true */ 'p', 'o', 'r', 't', 'v', 'a', 'l', 'e', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "porybox.com", true */ 'p', 'o', 'r', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "porzgmbh.de", true */ 'p', 'o', 'r', 'z', 'g', 'm', 'b', 'h', '.', 'd', 'e', '\0',
+  /* "posaunenchor-senden.de", true */ 'p', 'o', 's', 'a', 'u', 'n', 'e', 'n', 'c', 'h', 'o', 'r', '-', 's', 'e', 'n', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "posbank.co.uk", true */ 'p', 'o', 's', 'b', 'a', 'n', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "poseidonwaterproofing.com", true */ 'p', 'o', 's', 'e', 'i', 'd', 'o', 'n', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "poshcastles.co.uk", true */ 'p', 'o', 's', 'h', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "poshsecurity.com", true */ 'p', 'o', 's', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "positionus.io", true */ 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 'u', 's', '.', 'i', 'o', '\0',
+  /* "positive.com.cy", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'c', 'y', '\0',
+  /* "positivesobrietyinstitute.com", true */ 'p', 'o', 's', 'i', 't', 'i', 'v', 'e', 's', 'o', 'b', 'r', 'i', 'e', 't', 'y', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "posobota.cz", true */ 'p', 'o', 's', 'o', 'b', 'o', 't', 'a', '.', 'c', 'z', '\0',
+  /* "post-darwinian.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "post-darwinism.com", true */ 'p', 'o', 's', 't', '-', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "post.com.ar", true */ 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "post.io", true */ 'p', 'o', 's', 't', '.', 'i', 'o', '\0',
+  /* "post4me.at", true */ 'p', 'o', 's', 't', '4', 'm', 'e', '.', 'a', 't', '\0',
+  /* "postal.dk", true */ 'p', 'o', 's', 't', 'a', 'l', '.', 'd', 'k', '\0',
+  /* "postal3.es", true */ 'p', 'o', 's', 't', 'a', 'l', '3', '.', 'e', 's', '\0',
+  /* "postback.io", true */ 'p', 'o', 's', 't', 'b', 'a', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "postblue.info", true */ 'p', 'o', 's', 't', 'b', 'l', 'u', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "postbox.life", true */ 'p', 'o', 's', 't', 'b', 'o', 'x', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "postcardpayment.com", true */ 'p', 'o', 's', 't', 'c', 'a', 'r', 'd', 'p', 'a', 'y', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "postcode.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', '.', 'n', 'l', '\0',
+  /* "postcodegarant.nl", true */ 'p', 'o', 's', 't', 'c', 'o', 'd', 'e', 'g', 'a', 'r', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "postdarwinian.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "postdarwinism.com", true */ 'p', 'o', 's', 't', 'd', 'a', 'r', 'w', 'i', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "postdeck.de", true */ 'p', 'o', 's', 't', 'd', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "posteo.de", false */ 'p', 'o', 's', 't', 'e', 'o', '.', 'd', 'e', '\0',
+  /* "posters.win", true */ 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'w', 'i', 'n', '\0',
+  /* "posterspy.com", true */ 'p', 'o', 's', 't', 'e', 'r', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "postfalls-naturopathic.com", true */ 'p', 'o', 's', 't', 'f', 'a', 'l', 'l', 's', '-', 'n', 'a', 't', 'u', 'r', 'o', 'p', 'a', 't', 'h', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "postfinance.ch", true */ 'p', 'o', 's', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "postmatescode.com", true */ 'p', 'o', 's', 't', 'm', 'a', 't', 'e', 's', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "postn.eu", true */ 'p', 'o', 's', 't', 'n', '.', 'e', 'u', '\0',
+  /* "postpot.co.kr", true */ 'p', 'o', 's', 't', 'p', 'o', 't', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "posttigo.com", true */ 'p', 'o', 's', 't', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "potatiz.com", true */ 'p', 'o', 't', 'a', 't', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "potatofrom.space", false */ 'p', 'o', 't', 'a', 't', 'o', 'f', 'r', 'o', 'm', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "potatopro.com", true */ 'p', 'o', 't', 'a', 't', 'o', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "potbox.com", true */ 'p', 'o', 't', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "potentialproject.com", true */ 'p', 'o', 't', 'e', 'n', 't', 'i', 'a', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pothe.com", true */ 'p', 'o', 't', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pothe.de", true */ 'p', 'o', 't', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "potolok.am", true */ 'p', 'o', 't', 'o', 'l', 'o', 'k', '.', 'a', 'm', '\0',
+  /* "potomania.cz", true */ 'p', 'o', 't', 'o', 'm', 'a', 'n', 'i', 'a', '.', 'c', 'z', '\0',
+  /* "potpourrifestival.de", true */ 'p', 'o', 't', 'p', 'o', 'u', 'r', 'r', 'i', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "potrillionaires.com", true */ 'p', 'o', 't', 'r', 'i', 'l', 'l', 'i', 'o', 'n', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "potterscraftcider.com", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'c', 'r', 'a', 'f', 't', 'c', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pottersheartministry.org", true */ 'p', 'o', 't', 't', 'e', 'r', 's', 'h', 'e', 'a', 'r', 't', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pottshome.co.uk", true */ 'p', 'o', 't', 't', 's', 'h', 'o', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "potworowski.de", true */ 'p', 'o', 't', 'w', 'o', 'r', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "pouet.it", true */ 'p', 'o', 'u', 'e', 't', '.', 'i', 't', '\0',
+  /* "poupatempo.org", true */ 'p', 'o', 'u', 'p', 'a', 't', 'e', 'm', 'p', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "pourlesenfants.info", true */ 'p', 'o', 'u', 'r', 'l', 'e', 's', 'e', 'n', 'f', 'a', 'n', 't', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "pourout.org", true */ 'p', 'o', 'u', 'r', 'o', 'u', 't', '.', 'o', 'r', 'g', '\0',
+  /* "povareschka.ru", true */ 'p', 'o', 'v', 'a', 'r', 'e', 's', 'c', 'h', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "povesham.tk", true */ 'p', 'o', 'v', 'e', 's', 'h', 'a', 'm', '.', 't', 'k', '\0',
+  /* "powdersnow.top", true */ 'p', 'o', 'w', 'd', 'e', 'r', 's', 'n', 'o', 'w', '.', 't', 'o', 'p', '\0',
+  /* "power-coonies.de", true */ 'p', 'o', 'w', 'e', 'r', '-', 'c', 'o', 'o', 'n', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "power-fit.org", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "power-flowengineer.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 'f', 'l', 'o', 'w', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "power-tools24.com", true */ 'p', 'o', 'w', 'e', 'r', '-', 't', 'o', 'o', 'l', 's', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "powerb.ch", true */ 'p', 'o', 'w', 'e', 'r', 'b', '.', 'c', 'h', '\0',
+  /* "powercloud.technology", true */ 'p', 'o', 'w', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "powerdent.net.br", true */ 'p', 'o', 'w', 'e', 'r', 'd', 'e', 'n', 't', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "poweredbyiris.nl", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'i', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "poweredbypurdy.com", true */ 'p', 'o', 'w', 'e', 'r', 'e', 'd', 'b', 'y', 'p', 'u', 'r', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "powergridess.com", false */ 'p', 'o', 'w', 'e', 'r', 'g', 'r', 'i', 'd', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "powermeter.at", true */ 'p', 'o', 'w', 'e', 'r', 'm', 'e', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "powersergdatasystems.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'd', 'a', 't', 'a', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "powersergthisisthewebsitefuckyouscott.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'u', 'c', 'k', 'y', 'o', 'u', 's', 'c', 'o', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "powersergunited.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "powersergunited.org", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 'n', 'i', 't', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "powersergusercontent.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'e', 'r', 'g', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "powershellmagic.com", true */ 'p', 'o', 'w', 'e', 'r', 's', 'h', 'e', 'l', 'l', 'm', 'a', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "powerwellness-korecki.de", true */ 'p', 'o', 'w', 'e', 'r', 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'k', 'o', 'r', 'e', 'c', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "pozemedicale.org", true */ 'p', 'o', 'z', 'e', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "pozytywnyplan.pl", true */ 'p', 'o', 'z', 'y', 't', 'y', 'w', 'n', 'y', 'p', 'l', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "pozzo-balbi.com", true */ 'p', 'o', 'z', 'z', 'o', '-', 'b', 'a', 'l', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ppipe.net", true */ 'p', 'p', 'i', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ppmathis.ch", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'h', '\0',
+  /* "ppmathis.com", true */ 'p', 'p', 'm', 'a', 't', 'h', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ppmoon.com", true */ 'p', 'p', 'm', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ppoozl.com", true */ 'p', 'p', 'o', 'o', 'z', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "pptavmdata.org", true */ 'p', 'p', 't', 'a', 'v', 'm', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ppy.sh", true */ 'p', 'p', 'y', '.', 's', 'h', '\0',
+  /* "pr.search.yahoo.com", false */ 'p', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pr1sm.com", true */ 'p', 'r', '1', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "pr2studio.com", true */ 'p', 'r', '2', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prac.to", true */ 'p', 'r', 'a', 'c', '.', 't', 'o', '\0',
+  /* "pracowniatkanin.com", true */ 'p', 'r', 'a', 'c', 'o', 'w', 'n', 'i', 'a', 't', 'k', 'a', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "practicepanther.com", true */ 'p', 'r', 'a', 'c', 't', 'i', 'c', 'e', 'p', 'a', 'n', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "practo.com", true */ 'p', 'r', 'a', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prado.it", true */ 'p', 'r', 'a', 'd', 'o', '.', 'i', 't', '\0',
+  /* "praeparation-keppner.de", true */ 'p', 'r', 'a', 'e', 'p', 'a', 'r', 'a', 't', 'i', 'o', 'n', '-', 'k', 'e', 'p', 'p', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "praerien-racing.com", true */ 'p', 'r', 'a', 'e', 'r', 'i', 'e', 'n', '-', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "prague-swim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', '-', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0',
+  /* "praguepsychology.com", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "praguepsychology.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'z', '\0',
+  /* "pragueswim.cz", true */ 'p', 'r', 'a', 'g', 'u', 'e', 's', 'w', 'i', 'm', '.', 'c', 'z', '\0',
+  /* "prajwalkoirala.com", true */ 'p', 'r', 'a', 'j', 'w', 'a', 'l', 'k', 'o', 'i', 'r', 'a', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prakhar.uk", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', '.', 'u', 'k', '\0',
+  /* "prakharprasad.com", true */ 'p', 'r', 'a', 'k', 'h', 'a', 'r', 'p', 'r', 'a', 's', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "praxino.de", true */ 'p', 'r', 'a', 'x', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "praxis-dingeldey.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'd', 'i', 'n', 'g', 'e', 'l', 'd', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "praxis-familienglueck.de", true */ 'p', 'r', 'a', 'x', 'i', 's', '-', 'f', 'a', 'm', 'i', 'l', 'i', 'e', 'n', 'g', 'l', 'u', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "prayerrequest.com", true */ 'p', 'r', 'a', 'y', 'e', 'r', 'r', 'e', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prazeresdavida.com.br", true */ 'p', 'r', 'a', 'z', 'e', 'r', 'e', 's', 'd', 'a', 'v', 'i', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "prazynka.pl", true */ 'p', 'r', 'a', 'z', 'y', 'n', 'k', 'a', '.', 'p', 'l', '\0',
+  /* "prc-newmedia.com", true */ 'p', 'r', 'c', '-', 'n', 'e', 'w', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prc.gov", true */ 'p', 'r', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "precedecaritas.com.br", true */ 'p', 'r', 'e', 'c', 'e', 'd', 'e', 'c', 'a', 'r', 'i', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "preciouslife.fr", true */ 'p', 'r', 'e', 'c', 'i', 'o', 'u', 's', 'l', 'i', 'f', 'e', '.', 'f', 'r', '\0',
+  /* "preciscx.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'c', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "preciseassemblies.com", true */ 'p', 'r', 'e', 'c', 'i', 's', 'e', 'a', 's', 's', 'e', 'm', 'b', 'l', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "precode.eu", true */ 'p', 'r', 'e', 'c', 'o', 'd', 'e', '.', 'e', 'u', '\0',
+  /* "predoiu.ro", true */ 'p', 'r', 'e', 'd', 'o', 'i', 'u', '.', 'r', 'o', '\0',
+  /* "preexport.com", true */ 'p', 'r', 'e', 'e', 'x', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prefix.eu", true */ 'p', 'r', 'e', 'f', 'i', 'x', '.', 'e', 'u', '\0',
+  /* "pregunteleakaren.gov", true */ 'p', 'r', 'e', 'g', 'u', 'n', 't', 'e', 'l', 'e', 'a', 'k', 'a', 'r', 'e', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "preigu.de", true */ 'p', 'r', 'e', 'i', 'g', 'u', '.', 'd', 'e', '\0',
+  /* "preis-alarm.info", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "preis-alarm.org", true */ 'p', 'r', 'e', 'i', 's', '-', 'a', 'l', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "preisser-it.de", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "preisser.it", true */ 'p', 'r', 'e', 'i', 's', 's', 'e', 'r', '.', 'i', 't', '\0',
+  /* "prekladysanca.cz", true */ 'p', 'r', 'e', 'k', 'l', 'a', 'd', 'y', 's', 'a', 'n', 'c', 'a', '.', 'c', 'z', '\0',
+  /* "preloaded-hsts.badssl.com", true */ 'p', 'r', 'e', 'l', 'o', 'a', 'd', 'e', 'd', '-', 'h', 's', 't', 's', '.', 'b', 'a', 'd', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "preludes.org", true */ 'p', 'r', 'e', 'l', 'u', 'd', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "prelved.com", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "prelved.es", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'e', 's', '\0',
+  /* "prelved.fi", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'i', '\0',
+  /* "prelved.fr", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "prelved.it", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'i', 't', '\0',
+  /* "prelved.nl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "prelved.pl", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "prelved.se", true */ 'p', 'r', 'e', 'l', 'v', 'e', 'd', '.', 's', 'e', '\0',
+  /* "premaritalsex.info", true */ 'p', 'r', 'e', 'm', 'a', 'r', 'i', 't', 'a', 'l', 's', 'e', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "premierbouncycastles.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "premierevents.ie", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'e', 'v', 'e', 'n', 't', 's', '.', 'i', 'e', '\0',
+  /* "premierheart.com", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "premiership-predictors.co.uk", true */ 'p', 'r', 'e', 'm', 'i', 'e', 'r', 's', 'h', 'i', 'p', '-', 'p', 'r', 'e', 'd', 'i', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "premiumweb.co.id", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "premiumwebdesign.it", true */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'i', 't', '\0',
+  /* "premiumzweirad.de", false */ 'p', 'r', 'e', 'm', 'i', 'u', 'm', 'z', 'w', 'e', 'i', 'r', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "prenatalgeboortekaartjes.nl", true */ 'p', 'r', 'e', 'n', 'a', 't', 'a', 'l', 'g', 'e', 'b', 'o', 'o', 'r', 't', 'e', 'k', 'a', 'a', 'r', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "prenger.co", true */ 'p', 'r', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "prepaid-cards.xyz", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'c', 'a', 'r', 'd', 's', '.', 'x', 'y', 'z', '\0',
+  /* "prepaid-voip.nl", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', '-', 'v', 'o', 'i', 'p', '.', 'n', 'l', '\0',
+  /* "prepaidgirl.com", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'g', 'i', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "prepaidkredietkaart.be", true */ 'p', 'r', 'e', 'p', 'a', 'i', 'd', 'k', 'r', 'e', 'd', 'i', 'e', 't', 'k', 'a', 'a', 'r', 't', '.', 'b', 'e', '\0',
+  /* "prepare-job-hunting.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', '-', 'j', 'o', 'b', '-', 'h', 'u', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "preparedcapital.com", true */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "preparetheword.com", false */ 'p', 'r', 'e', 'p', 'a', 'r', 'e', 't', 'h', 'e', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "presbee.com", true */ 'p', 'r', 'e', 's', 'b', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "prescotonline.co.uk", true */ 'p', 'r', 'e', 's', 'c', 'o', 't', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prescriptionrex.com", true */ 'p', 'r', 'e', 's', 'c', 'r', 'i', 'p', 't', 'i', 'o', 'n', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "present-m.com", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', '-', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "presentesdegrife.com.br", true */ 'p', 'r', 'e', 's', 'e', 'n', 't', 'e', 's', 'd', 'e', 'g', 'r', 'i', 'f', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "president.bg", true */ 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'b', 'g', '\0',
+  /* "prespanok.sk", true */ 'p', 'r', 'e', 's', 'p', 'a', 'n', 'o', 'k', '.', 's', 'k', '\0',
+  /* "press-presse.ca", true */ 'p', 'r', 'e', 's', 's', '-', 'p', 'r', 'e', 's', 's', 'e', '.', 'c', 'a', '\0',
+  /* "presscenter.jp", true */ 'p', 'r', 'e', 's', 's', 'c', 'e', 'n', 't', 'e', 'r', '.', 'j', 'p', '\0',
+  /* "presses.ch", true */ 'p', 'r', 'e', 's', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "pressography.org", true */ 'p', 'r', 'e', 's', 's', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "pressrush.com", true */ 'p', 'r', 'e', 's', 's', 'r', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "pressureradio.com", true */ 'p', 'r', 'e', 's', 's', 'u', 'r', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prestburyscouts.org.uk", true */ 'p', 'r', 'e', 's', 't', 'b', 'u', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "prestige-car-location.ch", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'c', 'a', 'r', '-', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "prestige-portal.com", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "prestigebouncycastles.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prestigeeventshire.co.uk", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'e', 'v', 'e', 'n', 't', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prestigerepairs.com.au", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "prestigesigns.net", true */ 'p', 'r', 'e', 's', 't', 'i', 'g', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "prestonandsons.com.au", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'a', 'n', 'd', 's', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "prestonbrant.com", true */ 'p', 'r', 'e', 's', 't', 'o', 'n', 'b', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "pretachique.com.br", true */ 'p', 'r', 'e', 't', 'a', 'c', 'h', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pretix.eu", true */ 'p', 'r', 'e', 't', 'i', 'x', '.', 'e', 'u', '\0',
+  /* "pretrialservices.gov", true */ 'p', 'r', 'e', 't', 'r', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "pretty.hu", true */ 'p', 'r', 'e', 't', 't', 'y', '.', 'h', 'u', '\0',
+  /* "prettytunesapp.com", true */ 'p', 'r', 'e', 't', 't', 'y', 't', 'u', 'n', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "pretwolk.nl", true */ 'p', 'r', 'e', 't', 'w', 'o', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "pretzelx.com", true */ 'p', 'r', 'e', 't', 'z', 'e', 'l', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "prevenir.ch", true */ 'p', 'r', 'e', 'v', 'e', 'n', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "priceholic.com", true */ 'p', 'r', 'i', 'c', 'e', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "pricesniffer.co", true */ 'p', 'r', 'i', 'c', 'e', 's', 'n', 'i', 'f', 'f', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "prideindomination.com", true */ 'p', 'r', 'i', 'd', 'e', 'i', 'n', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pridetechdesign.com", true */ 'p', 'r', 'i', 'd', 'e', 't', 'e', 'c', 'h', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "prielwurmjaeger.de", true */ 'p', 'r', 'i', 'e', 'l', 'w', 'u', 'r', 'm', 'j', 'a', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "prifo.se", true */ 'p', 'r', 'i', 'f', 'o', '.', 's', 'e', '\0',
+  /* "primaconsulting.net", true */ 'p', 'r', 'i', 'm', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "primalinea.pro", true */ 'p', 'r', 'i', 'm', 'a', 'l', 'i', 'n', 'e', 'a', '.', 'p', 'r', 'o', '\0',
+  /* "primates.com", true */ 'p', 'r', 'i', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "primewho.org", true */ 'p', 'r', 'i', 'm', 'e', 'w', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "primordialsnooze.com", true */ 'p', 'r', 'i', 'm', 'o', 'r', 'd', 'i', 'a', 'l', 's', 'n', 'o', 'o', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "primotiles.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "primotilesandbathrooms.co.uk", true */ 'p', 'r', 'i', 'm', 'o', 't', 'i', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'a', 't', 'h', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "princeagency.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "princeofwhales.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 'o', 'f', 'w', 'h', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "princesparktouch.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 'p', 'a', 'r', 'k', 't', 'o', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "princessmargaretlotto.com", true */ 'p', 'r', 'i', 'n', 'c', 'e', 's', 's', 'm', 'a', 'r', 'g', 'a', 'r', 'e', 't', 'l', 'o', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "principalstest.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 's', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "principaltoolbox.com", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'a', 'l', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "principia-journal.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "principia-magazin.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "principia-online.de", true */ 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'i', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "princovi.cz", true */ 'p', 'r', 'i', 'n', 'c', 'o', 'v', 'i', '.', 'c', 'z', '\0',
+  /* "prinesdoma.at", true */ 'p', 'r', 'i', 'n', 'e', 's', 'd', 'o', 'm', 'a', '.', 'a', 't', '\0',
+  /* "prinice.org", true */ 'p', 'r', 'i', 'n', 'i', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "printeknologies.com", true */ 'p', 'r', 'i', 'n', 't', 'e', 'k', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "printerleasing.be", true */ 'p', 'r', 'i', 'n', 't', 'e', 'r', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'b', 'e', '\0',
+  /* "printexpress.cloud", true */ 'p', 'r', 'i', 'n', 't', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "printf.de", true */ 'p', 'r', 'i', 'n', 't', 'f', '.', 'd', 'e', '\0',
+  /* "printler.com", true */ 'p', 'r', 'i', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "printmet.com", true */ 'p', 'r', 'i', 'n', 't', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "prior-it.be", true */ 'p', 'r', 'i', 'o', 'r', '-', 'i', 't', '.', 'b', 'e', '\0',
+  /* "priorite-education.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'e', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "priorityelectric.net", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "prioritynissannewportnewsparts.com", true */ 'p', 'r', 'i', 'o', 'r', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 'n', 'e', 'w', 'p', 'o', 'r', 't', 'n', 'e', 'w', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pristal.eu", true */ 'p', 'r', 'i', 's', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "pristineevents.co.uk", true */ 'p', 'r', 'i', 's', 't', 'i', 'n', 'e', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "priv.im", true */ 'p', 'r', 'i', 'v', '.', 'i', 'm', '\0',
+  /* "priva.si", true */ 'p', 'r', 'i', 'v', 'a', '.', 's', 'i', '\0',
+  /* "privacy-week-vienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '-', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "privacy-week.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '-', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0',
+  /* "privacy.com", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privacybadger.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'b', 'a', 'd', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "privacyforjournalists.org.au", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'f', 'o', 'r', 'j', 'o', 'u', 'r', 'n', 'a', 'l', 'i', 's', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "privacyinternational.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "privacynow.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'n', 'o', 'w', '.', 'e', 'u', '\0',
+  /* "privacyscore.org", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 's', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "privacyweek.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'a', 't', '\0',
+  /* "privacyweek.de", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "privacyweek.eu", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', '.', 'e', 'u', '\0',
+  /* "privacyweekvienna.at", true */ 'p', 'r', 'i', 'v', 'a', 'c', 'y', 'w', 'e', 'e', 'k', 'v', 'i', 'e', 'n', 'n', 'a', '.', 'a', 't', '\0',
+  /* "privaday.de", true */ 'p', 'r', 'i', 'v', 'a', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "privasphere.com", true */ 'p', 'r', 'i', 'v', 'a', 's', 'p', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "privatebanks.uk", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'a', 'n', 'k', 's', '.', 'u', 'k', '\0',
+  /* "privatebin.info", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "privategiant.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "privateideas.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'd', 'e', 'a', 's', '.', 'd', 'e', '\0',
+  /* "privateimarketing.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'i', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "privatepokertour.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'o', 'k', 'e', 'r', 't', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "privatepropertymallorca.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'm', 'a', 'l', 'l', 'o', 'r', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "privaterelay.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'r', 'e', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privatestatic.com", false */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "privatewolke.com", true */ 'p', 'r', 'i', 'v', 'a', 't', 'e', 'w', 'o', 'l', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "privatfrei.de", true */ 'p', 'r', 'i', 'v', 'a', 't', 'f', 'r', 'e', 'i', '.', 'd', 'e', '\0',
+  /* "privea.fr", true */ 'p', 'r', 'i', 'v', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "priverify.com", true */ 'p', 'r', 'i', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "privu.me", true */ 'p', 'r', 'i', 'v', 'u', '.', 'm', 'e', '\0',
+  /* "prjktruby.com", true */ 'p', 'r', 'j', 'k', 't', 'r', 'u', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "prknje.com", true */ 'p', 'r', 'k', 'n', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "prlved.co.uk", true */ 'p', 'r', 'l', 'v', 'e', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "prnav.com", true */ 'p', 'r', 'n', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "pro-bike.ro", true */ 'p', 'r', 'o', '-', 'b', 'i', 'k', 'e', '.', 'r', 'o', '\0',
+  /* "pro-ing.com", true */ 'p', 'r', 'o', '-', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pro-link.eu", true */ 'p', 'r', 'o', '-', 'l', 'i', 'n', 'k', '.', 'e', 'u', '\0',
+  /* "pro-mile.pl", true */ 'p', 'r', 'o', '-', 'm', 'i', 'l', 'e', '.', 'p', 'l', '\0',
+  /* "pro-netz.de", true */ 'p', 'r', 'o', '-', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "pro-wiert.pl", true */ 'p', 'r', 'o', '-', 'w', 'i', 'e', 'r', 't', '.', 'p', 'l', '\0',
+  /* "proautorepairs.com.au", true */ 'p', 'r', 'o', 'a', 'u', 't', 'o', 'r', 'e', 'p', 'a', 'i', 'r', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "probase.ph", true */ 'p', 'r', 'o', 'b', 'a', 's', 'e', '.', 'p', 'h', '\0',
+  /* "probely.com", true */ 'p', 'r', 'o', 'b', 'e', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "probiv.biz", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'b', 'i', 'z', '\0',
+  /* "probiv.cc", true */ 'p', 'r', 'o', 'b', 'i', 'v', '.', 'c', 'c', '\0',
+  /* "procens.us", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', '.', 'u', 's', '\0',
+  /* "procensus.com", true */ 'p', 'r', 'o', 'c', 'e', 'n', 's', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "procert.ch", true */ 'p', 'r', 'o', 'c', 'e', 'r', 't', '.', 'c', 'h', '\0',
+  /* "processesinmotion.com", true */ 'p', 'r', 'o', 'c', 'e', 's', 's', 'e', 's', 'i', 'n', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "procharter.com", true */ 'p', 'r', 'o', 'c', 'h', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "procinorte.net", true */ 'p', 'r', 'o', 'c', 'i', 'n', 'o', 'r', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "proclib.org", true */ 'p', 'r', 'o', 'c', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "procrastinationland.com", true */ 'p', 'r', 'o', 'c', 'r', 'a', 's', 't', 'i', 'n', 'a', 't', 'i', 'o', 'n', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "proctorio.com", true */ 'p', 'r', 'o', 'c', 't', 'o', 'r', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "prodct.info", true */ 'p', 'r', 'o', 'd', 'c', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "prodigia.com", true */ 'p', 'r', 'o', 'd', 'i', 'g', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prodinger.com", true */ 'p', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "prodsim.ninja", true */ 'p', 'r', 'o', 'd', 's', 'i', 'm', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "producertools.io", true */ 'p', 'r', 'o', 'd', 'u', 'c', 'e', 'r', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "productbarcodes.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'a', 'r', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "productboard.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "productdesignsoftware.com.au", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'd', 'e', 's', 'i', 'g', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "productgap.com", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'g', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "productived.net", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "productpeo.pl", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 'p', 'e', 'o', '.', 'p', 'l', '\0',
+  /* "products4more.at", true */ 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '4', 'm', 'o', 'r', 'e', '.', 'a', 't', '\0',
+  /* "proefteksten.nl", false */ 'p', 'r', 'o', 'e', 'f', 't', 'e', 'k', 's', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "proemployeeprotection.com", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "proemployeeprotection.net", true */ 'p', 'r', 'o', 'e', 'm', 'p', 'l', 'o', 'y', 'e', 'e', 'p', 'r', 'o', 't', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "prof.ch", true */ 'p', 'r', 'o', 'f', '.', 'c', 'h', '\0',
+  /* "profection.biz", true */ 'p', 'r', 'o', 'f', 'e', 'c', 't', 'i', 'o', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "professionalboundaries.com", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 'b', 'o', 'u', 'n', 'd', 'a', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "professors.ee", true */ 'p', 'r', 'o', 'f', 'e', 's', 's', 'o', 'r', 's', '.', 'e', 'e', '\0',
+  /* "profidea.cz", true */ 'p', 'r', 'o', 'f', 'i', 'd', 'e', 'a', '.', 'c', 'z', '\0',
+  /* "profile.tf", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', '.', 't', 'f', '\0',
+  /* "profiles.google.com", true */ 'p', 'r', 'o', 'f', 'i', 'l', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "profinetz.de", true */ 'p', 'r', 'o', 'f', 'i', 'n', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "profitablewebprojects.com", true */ 'p', 'r', 'o', 'f', 'i', 't', 'a', 'b', 'l', 'e', 'w', 'e', 'b', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "profitopia.de", true */ 'p', 'r', 'o', 'f', 'i', 't', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "proft.eu", true */ 'p', 'r', 'o', 'f', 't', '.', 'e', 'u', '\0',
+  /* "progarm.org", true */ 'p', 'r', 'o', 'g', 'a', 'r', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "progeon.nl", true */ 'p', 'r', 'o', 'g', 'e', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "progg.no", true */ 'p', 'r', 'o', 'g', 'g', '.', 'n', 'o', '\0',
+  /* "proggersession.com", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "proggersession.de", true */ 'p', 'r', 'o', 'g', 'g', 'e', 'r', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "progiscad.com", true */ 'p', 'r', 'o', 'g', 'i', 's', 'c', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "progolfjourney.com", true */ 'p', 'r', 'o', 'g', 'o', 'l', 'f', 'j', 'o', 'u', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "programsupport300procent.com", true */ 'p', 'r', 'o', 'g', 'r', 'a', 'm', 's', 'u', 'p', 'p', 'o', 'r', 't', '3', '0', '0', 'p', 'r', 'o', 'c', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "progreso.pl", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 'o', '.', 'p', 'l', '\0',
+  /* "progress-linux.org", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '-', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "progress.photos", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'p', 'h', 'o', 't', 'o', 's', '\0',
+  /* "progressive.work", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "progressiveplanning.com", true */ 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', 'i', 'v', 'e', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "prohrcloud.com", true */ 'p', 'r', 'o', 'h', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "proj.org.cn", true */ 'p', 'r', 'o', 'j', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "project-rune.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 'r', 'u', 'n', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "project-splash.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 'p', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "project-stats.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '-', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "project.supply", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 's', 'u', 'p', 'p', 'l', 'y', '\0',
+  /* "projectarmy.net", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'a', 'r', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "projectbenson.com", false */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'e', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "projectblackbook.us", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'b', 'l', 'a', 'c', 'k', 'b', 'o', 'o', 'k', '.', 'u', 's', '\0',
+  /* "projectcastle.tech", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'c', 'a', 's', 't', 'l', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "projectforge.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'f', 'o', 'r', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "projectherogames.xyz", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'h', 'e', 'r', 'o', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "projectnom.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'n', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "projectsecretidentity.com", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "projectsecretidentity.org", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', 'e', 'c', 'r', 'e', 't', 'i', 'd', 'e', 'n', 't', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "projectte.ch", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 't', 'e', '.', 'c', 'h', '\0',
+  /* "projectunity.io", true */ 'p', 'r', 'o', 'j', 'e', 'c', 't', 'u', 'n', 'i', 't', 'y', '.', 'i', 'o', '\0',
+  /* "projekt-umbriel.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', '-', 'u', 'm', 'b', 'r', 'i', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "projektzentrisch.de", true */ 'p', 'r', 'o', 'j', 'e', 'k', 't', 'z', 'e', 'n', 't', 'r', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "projest.ch", true */ 'p', 'r', 'o', 'j', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "prok.pw", true */ 'p', 'r', 'o', 'k', '.', 'p', 'w', '\0',
+  /* "promedicalapplications.com", true */ 'p', 'r', 'o', 'm', 'e', 'd', 'i', 'c', 'a', 'l', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prometheanfire.net", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "prometheanfire.org", true */ 'p', 'r', 'o', 'm', 'e', 't', 'h', 'e', 'a', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "promhadan.com", true */ 'p', 'r', 'o', 'm', 'h', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "promisesaplus.com", true */ 'p', 'r', 'o', 'm', 'i', 's', 'e', 's', 'a', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "promocao.email", true */ 'p', 'r', 'o', 'm', 'o', 'c', 'a', 'o', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "promods.net", true */ 'p', 'r', 'o', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "promohunt.ru", true */ 'p', 'r', 'o', 'm', 'o', 'h', 'u', 'n', 't', '.', 'r', 'u', '\0',
+  /* "promolover.com", true */ 'p', 'r', 'o', 'm', 'o', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "promopony.com", true */ 'p', 'r', 'o', 'm', 'o', 'p', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "promoscuola.net", true */ 'p', 'r', 'o', 'm', 'o', 's', 'c', 'u', 'o', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "promoterms.com.au", true */ 'p', 'r', 'o', 'm', 'o', 't', 'e', 'r', 'm', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "promotiongeeks.com", false */ 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 'g', 'e', 'e', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pronto-intervento.net", true */ 'p', 'r', 'o', 'n', 't', 'o', '-', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "proobec.cz", true */ 'p', 'r', 'o', 'o', 'b', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "proofwiki.org", true */ 'p', 'r', 'o', 'o', 'f', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "proos.nl", true */ 'p', 'r', 'o', 'o', 's', '.', 'n', 'l', '\0',
+  /* "proovn.com", true */ 'p', 'r', 'o', 'o', 'v', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "propagandablog.de", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'a', 'b', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "propagandism.org", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 'n', 'd', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "propagationtools.com", true */ 'p', 'r', 'o', 'p', 'a', 'g', 'a', 't', 'i', 'o', 'n', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "propepper.net", true */ 'p', 'r', 'o', 'p', 'e', 'p', 'p', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "propershave.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 's', 'h', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "properticons.com", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "property-catalogue.eu", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '-', 'c', 'a', 't', 'a', 'l', 'o', 'g', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "propertygroup.pl", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0',
+  /* "propertyone.mk", true */ 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'o', 'n', 'e', '.', 'm', 'k', '\0',
+  /* "propipesystem.com", true */ 'p', 'r', 'o', 'p', 'i', 'p', 'e', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "proplan.co.il", true */ 'p', 'r', 'o', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "proposalonline.com", true */ 'p', 'r', 'o', 'p', 'o', 's', 'a', 'l', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "propr.no", true */ 'p', 'r', 'o', 'p', 'r', '.', 'n', 'o', '\0',
+  /* "propseller.com", true */ 'p', 'r', 'o', 'p', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "proseandleprechauns.com", true */ 'p', 'r', 'o', 's', 'e', 'a', 'n', 'd', 'l', 'e', 'p', 'r', 'e', 'c', 'h', 'a', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prosenseit.com", true */ 'p', 'r', 'o', 's', 'e', 'n', 's', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "proslimdiets.com", true */ 'p', 'r', 'o', 's', 'l', 'i', 'm', 'd', 'i', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prosocialmachines.com", true */ 'p', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'a', 'c', 'h', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prospanek.cz", true */ 'p', 'r', 'o', 's', 'p', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "prospo.co", true */ 'p', 'r', 'o', 's', 'p', 'o', '.', 'c', 'o', '\0',
+  /* "prostohobby.ru", true */ 'p', 'r', 'o', 's', 't', 'o', 'h', 'o', 'b', 'b', 'y', '.', 'r', 'u', '\0',
+  /* "prostye-recepty.com", true */ 'p', 'r', 'o', 's', 't', 'y', 'e', '-', 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "prot.ch", true */ 'p', 'r', 'o', 't', '.', 'c', 'h', '\0',
+  /* "proteapower.co.za", true */ 'p', 'r', 'o', 't', 'e', 'a', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "protecciondelconsumidor.gov", true */ 'p', 'r', 'o', 't', 'e', 'c', 'c', 'i', 'o', 'n', 'd', 'e', 'l', 'c', 'o', 'n', 's', 'u', 'm', 'i', 'd', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "protegetudescanso.com", true */ 'p', 'r', 'o', 't', 'e', 'g', 'e', 't', 'u', 'd', 'e', 's', 'c', 'a', 'n', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "proteinnuts.cz", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 'c', 'z', '\0',
+  /* "proteinnuts.sk", true */ 'p', 'r', 'o', 't', 'e', 'i', 'n', 'n', 'u', 't', 's', '.', 's', 'k', '\0',
+  /* "protempore.fr", true */ 'p', 'r', 'o', 't', 'e', 'm', 'p', 'o', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "proteus-eretes.nl", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 'e', 'r', 'e', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "proteus-tech.com", true */ 'p', 'r', 'o', 't', 'e', 'u', 's', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "proto-online.ru", true */ 'p', 'r', 'o', 't', 'o', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'u', '\0',
+  /* "protonmail.ch", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "protonmail.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "protonvpn.com", true */ 'p', 'r', 'o', 't', 'o', 'n', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "prototypefund.de", true */ 'p', 'r', 'o', 't', 'o', 't', 'y', 'p', 'e', 'f', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "protoxin.net", false */ 'p', 'r', 'o', 't', 'o', 'x', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "proust.ch", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'c', 'h', '\0',
+  /* "proust.media", false */ 'p', 'r', 'o', 'u', 's', 't', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "proustmedia.de", false */ 'p', 'r', 'o', 'u', 's', 't', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "provectus.de", true */ 'p', 'r', 'o', 'v', 'e', 'c', 't', 'u', 's', '.', 'd', 'e', '\0',
+  /* "proveits.me", false */ 'p', 'r', 'o', 'v', 'e', 'i', 't', 's', '.', 'm', 'e', '\0',
+  /* "provence-appartements.com", true */ 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '-', 'a', 'p', 'p', 'a', 'r', 't', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "providerlijst.com", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "providerlijst.nl", true */ 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', 'l', 'i', 'j', 's', 't', '.', 'n', 'l', '\0',
+  /* "provision-isr.nl", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', '-', 'i', 's', 'r', '.', 'n', 'l', '\0',
+  /* "provisionaldriving.com", true */ 'p', 'r', 'o', 'v', 'i', 's', 'i', 'o', 'n', 'a', 'l', 'd', 'r', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "provitec.com", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "provitec.de", true */ 'p', 'r', 'o', 'v', 'i', 't', 'e', 'c', '.', 'd', 'e', '\0',
+  /* "provokator.co.il", true */ 'p', 'r', 'o', 'v', 'o', 'k', 'a', 't', 'o', 'r', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "proweser.de", true */ 'p', 'r', 'o', 'w', 'e', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "prowise.com", true */ 'p', 'r', 'o', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "proxbox.net", true */ 'p', 'r', 'o', 'x', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "proximityradio.fr", true */ 'p', 'r', 'o', 'x', 'i', 'm', 'i', 't', 'y', 'r', 'a', 'd', 'i', 'o', '.', 'f', 'r', '\0',
+  /* "proxybay.co", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'c', 'o', '\0',
+  /* "proxybay.eu.org", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "proxybay.la", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'l', 'a', '\0',
+  /* "proxybay.one", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "proxybay.tv", true */ 'p', 'r', 'o', 'x', 'y', 'b', 'a', 'y', '.', 't', 'v', '\0',
+  /* "proxyportal.me", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'm', 'e', '\0',
+  /* "proxyportal.net", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "proxyportal.org", true */ 'p', 'r', 'o', 'x', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "proymaganadera.com", true */ 'p', 'r', 'o', 'y', 'm', 'a', 'g', 'a', 'n', 'a', 'd', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "prstatic.com", true */ 'p', 'r', 's', 't', 'a', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "prt.in.th", true */ 'p', 'r', 't', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "prtimes.com", true */ 'p', 'r', 't', 'i', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "prtpe.com", true */ 'p', 'r', 't', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pruma.com.br", true */ 'p', 'r', 'u', 'm', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "prvikvadrat.hr", true */ 'p', 'r', 'v', 'i', 'k', 'v', 'a', 'd', 'r', 'a', 't', '.', 'h', 'r', '\0',
+  /* "pryspry.com", true */ 'p', 'r', 'y', 's', 'p', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "przemas.pl", true */ 'p', 'r', 'z', 'e', 'm', 'a', 's', '.', 'p', 'l', '\0',
+  /* "ps-provider.co.jp", true */ 'p', 's', '-', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "ps-qa.com", true */ 'p', 's', '-', 'q', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ps-w.ru", true */ 'p', 's', '-', 'w', '.', 'r', 'u', '\0',
+  /* "ps-x.ru", true */ 'p', 's', '-', 'x', '.', 'r', 'u', '\0',
+  /* "ps4all.nl", true */ 'p', 's', '4', 'a', 'l', 'l', '.', 'n', 'l', '\0',
+  /* "psa.gov", true */ 'p', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "psb.cloud", true */ 'p', 's', 'b', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "psb1.org", true */ 'p', 's', 'b', '1', '.', 'o', 'r', 'g', '\0',
+  /* "psb1911.com", true */ 'p', 's', 'b', '1', '9', '1', '1', '.', 'c', 'o', 'm', '\0',
+  /* "psb4ukr.org", true */ 'p', 's', 'b', '4', 'u', 'k', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "psbarrett.com", true */ 'p', 's', 'b', 'a', 'r', 'r', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "psc.gov", true */ 'p', 's', 'c', '.', 'g', 'o', 'v', '\0',
+  /* "pschierl.com", true */ 'p', 's', 'c', 'h', 'i', 'e', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "psdsfn.com", true */ 'p', 's', 'd', 's', 'f', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pseta.ru", true */ 'p', 's', 'e', 't', 'a', '.', 'r', 'u', '\0',
+  /* "pseudo.coffee", true */ 'p', 's', 'e', 'u', 'd', 'o', '.', 'c', 'o', 'f', 'f', 'e', 'e', '\0',
+  /* "psicoexpansao.com.br", true */ 'p', 's', 'i', 'c', 'o', 'e', 'x', 'p', 'a', 'n', 's', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "psicologoforensebarcelona.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'b', 'a', 'r', 'c', 'e', 'l', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "psicologoforensemadrid.com", true */ 'p', 's', 'i', 'c', 'o', 'l', 'o', 'g', 'o', 'f', 'o', 'r', 'e', 'n', 's', 'e', 'm', 'a', 'd', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "psicosalud.online", true */ 'p', 's', 'i', 'c', 'o', 's', 'a', 'l', 'u', 'd', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "psm.org.ph", true */ 'p', 's', 'm', '.', 'o', 'r', 'g', '.', 'p', 'h', '\0',
+  /* "pson.ninja", true */ 'p', 's', 'o', 'n', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "psono.pw", true */ 'p', 's', 'o', 'n', 'o', '.', 'p', 'w', '\0',
+  /* "pssgcsim.org", true */ 'p', 's', 's', 'g', 'c', 's', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "pste.pw", true */ 'p', 's', 't', 'e', '.', 'p', 'w', '\0',
+  /* "pstrozniak.com", true */ 'p', 's', 't', 'r', 'o', 'z', 'n', 'i', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "psu.je", true */ 'p', 's', 'u', '.', 'j', 'e', '\0',
+  /* "psw-consulting.de", true */ 'p', 's', 'w', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "psw-group.de", true */ 'p', 's', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'e', '\0',
+  /* "psw.net", true */ 'p', 's', 'w', '.', 'n', 'e', 't', '\0',
+  /* "psxtr.com", true */ 'p', 's', 'x', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "psyao.ch", true */ 'p', 's', 'y', 'a', 'o', '.', 'c', 'h', '\0',
+  /* "psychedelia.com", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "psychedelics.org", true */ 'p', 's', 'y', 'c', 'h', 'e', 'd', 'e', 'l', 'i', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "psychiatrie-betreuung.ch", true */ 'p', 's', 'y', 'c', 'h', 'i', 'a', 't', 'r', 'i', 'e', '-', 'b', 'e', 't', 'r', 'e', 'u', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "psychic-healer-mariya-i-petrova-boyankinska-b-borovan-bg.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'c', '-', 'h', 'e', 'a', 'l', 'e', 'r', '-', 'm', 'a', 'r', 'i', 'y', 'a', '-', 'i', '-', 'p', 'e', 't', 'r', 'o', 'v', 'a', '-', 'b', 'o', 'y', 'a', 'n', 'k', 'i', 'n', 's', 'k', 'a', '-', 'b', '-', 'b', 'o', 'r', 'o', 'v', 'a', 'n', '-', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "psychintervention.com", true */ 'p', 's', 'y', 'c', 'h', 'i', 'n', 't', 'e', 'r', 'v', 'e', 'n', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "psycho-lobby.com", true */ 'p', 's', 'y', 'c', 'h', 'o', '-', 'l', 'o', 'b', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "psycho.space", true */ 'p', 's', 'y', 'c', 'h', 'o', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "psychoactive.com", true */ 'p', 's', 'y', 'c', 'h', 'o', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "psychotherapie-kp.de", true */ 'p', 's', 'y', 'c', 'h', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'i', 'e', '-', 'k', 'p', '.', 'd', 'e', '\0',
+  /* "psydix.org", true */ 'p', 's', 'y', 'd', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "psyk.yt", true */ 'p', 's', 'y', 'k', '.', 'y', 't', '\0',
+  /* "psylab.cc", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'c', 'c', '\0',
+  /* "psylab.re", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'r', 'e', '\0',
+  /* "psylab.vip", true */ 'p', 's', 'y', 'l', 'a', 'b', '.', 'v', 'i', 'p', '\0',
+  /* "psynapse.net.au", true */ 'p', 's', 'y', 'n', 'a', 'p', 's', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "pt-server.de", true */ 'p', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ptal.eu", true */ 'p', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "ptbi.org.pl", true */ 'p', 't', 'b', 'i', '.', 'o', 'r', 'g', '.', 'p', 'l', '\0',
+  /* "ptbx.co", true */ 'p', 't', 'b', 'x', '.', 'c', 'o', '\0',
+  /* "pterodactylus.cz", true */ 'p', 't', 'e', 'r', 'o', 'd', 'a', 'c', 't', 'y', 'l', 'u', 's', '.', 'c', 'z', '\0',
+  /* "ptgoldensun.com", true */ 'p', 't', 'g', 'o', 'l', 'd', 'e', 'n', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ptm.ro", false */ 'p', 't', 'm', '.', 'r', 'o', '\0',
+  /* "ptmarquees.ie", true */ 'p', 't', 'm', 'a', 'r', 'q', 'u', 'e', 'e', 's', '.', 'i', 'e', '\0',
+  /* "ptrbrs.nl", true */ 'p', 't', 'r', 'b', 'r', 's', '.', 'n', 'l', '\0',
+  /* "ptrl.ws", true */ 'p', 't', 'r', 'l', '.', 'w', 's', '\0',
+  /* "ptron.org", true */ 'p', 't', 'r', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ptrujillo.com", true */ 'p', 't', 'r', 'u', 'j', 'i', 'l', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "puac.de", true */ 'p', 'u', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "pub-online.ro", true */ 'p', 'u', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "pubi.me", true */ 'p', 'u', 'b', 'i', '.', 'm', 'e', '\0',
+  /* "publanda.nl", true */ 'p', 'u', 'b', 'l', 'a', 'n', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "public-g.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'g', '.', 'd', 'e', '\0',
+  /* "public-projects.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "public-projects.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'd', 'e', '\0',
+  /* "public-vocals.de", true */ 'p', 'u', 'b', 'l', 'i', 'c', '-', 'v', 'o', 'c', 'a', 'l', 's', '.', 'd', 'e', '\0',
+  /* "publiccarauctionscalifornia.com", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'c', 'a', 'r', 'a', 'u', 'c', 't', 'i', 'o', 'n', 's', 'c', 'a', 'l', 'i', 'f', 'o', 'r', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "publicintegrity.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'g', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "publicintelligence.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'n', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "publick.net", true */ 'p', 'u', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "publicsuffix.org", true */ 'p', 'u', 'b', 'l', 'i', 'c', 's', 'u', 'f', 'f', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "publiq.space", true */ 'p', 'u', 'b', 'l', 'i', 'q', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "pubreviews.com", true */ 'p', 'u', 'b', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pucchi.net", true */ 'p', 'u', 'c', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "puchunguis.com", true */ 'p', 'u', 'c', 'h', 'u', 'n', 'g', 'u', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "pucssa.org", true */ 'p', 'u', 'c', 's', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "puddis.de", true */ 'p', 'u', 'd', 'd', 'i', 's', '.', 'd', 'e', '\0',
+  /* "puetter.eu", true */ 'p', 'u', 'e', 't', 't', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "pugovka72.ru", true */ 'p', 'u', 'g', 'o', 'v', 'k', 'a', '7', '2', '.', 'r', 'u', '\0',
+  /* "puhka.me", true */ 'p', 'u', 'h', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "puikheid.nl", true */ 'p', 'u', 'i', 'k', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "puissancemac.ch", true */ 'p', 'u', 'i', 's', 's', 'a', 'n', 'c', 'e', 'm', 'a', 'c', '.', 'c', 'h', '\0',
+  /* "puli.com.br", true */ 'p', 'u', 'l', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "pulledporkheaven.com", true */ 'p', 'u', 'l', 'l', 'e', 'd', 'p', 'o', 'r', 'k', 'h', 'e', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "pulsedursley.co.uk", true */ 'p', 'u', 'l', 's', 'e', 'd', 'u', 'r', 's', 'l', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "pumperszene.com", true */ 'p', 'u', 'm', 'p', 'e', 'r', 's', 'z', 'e', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "puneflowermall.com", true */ 'p', 'u', 'n', 'e', 'f', 'l', 'o', 'w', 'e', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "punikonta.de", true */ 'p', 'u', 'n', 'i', 'k', 'o', 'n', 't', 'a', '.', 'd', 'e', '\0',
+  /* "punitsheth.com", true */ 'p', 'u', 'n', 'i', 't', 's', 'h', 'e', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "punkapoule.fr", true */ 'p', 'u', 'n', 'k', 'a', 'p', 'o', 'u', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "punkdns.top", true */ 'p', 'u', 'n', 'k', 'd', 'n', 's', '.', 't', 'o', 'p', '\0',
+  /* "punknews.org", true */ 'p', 'u', 'n', 'k', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "pupboss.com", true */ 'p', 'u', 'p', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puppet.pl", true */ 'p', 'u', 'p', 'p', 'e', 't', '.', 'p', 'l', '\0',
+  /* "purahealthyliving.com", true */ 'p', 'u', 'r', 'a', 'h', 'e', 'a', 'l', 't', 'h', 'y', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "purelunch.co.uk", true */ 'p', 'u', 'r', 'e', 'l', 'u', 'n', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purevapeofficial.com", true */ 'p', 'u', 'r', 'e', 'v', 'a', 'p', 'e', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "purikore.com", true */ 'p', 'u', 'r', 'i', 'k', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "purplebooth.co.uk", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'o', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purplebricksplc.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'b', 'r', 'i', 'c', 'k', 's', 'p', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "purplemoon.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'm', 'o', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "purpleplains.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'l', 'a', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "purplepr.bg", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'p', 'r', '.', 'b', 'g', '\0',
+  /* "purplestar.ch", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "purplestar.com", true */ 'p', 'u', 'r', 'p', 'l', 'e', 's', 't', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "purplewindows.net", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'n', 'e', 't', '\0',
+  /* "purplez.pw", true */ 'p', 'u', 'r', 'p', 'l', 'e', 'z', '.', 'p', 'w', '\0',
+  /* "purpspc.com", true */ 'p', 'u', 'r', 'p', 's', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "purrfect-box.co.uk", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', '-', 'b', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "purrfectboudoir.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'b', 'o', 'u', 'd', 'o', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectcams.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectmembersclub.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 'm', 'e', 'm', 'b', 'e', 'r', 's', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "purrfectswingers.com", true */ 'p', 'u', 'r', 'r', 'f', 'e', 'c', 't', 's', 'w', 'i', 'n', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puryearlaw.com", true */ 'p', 'u', 'r', 'y', 'e', 'a', 'r', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "pusatinkubatorbayi.com", true */ 'p', 'u', 's', 'a', 't', 'i', 'n', 'k', 'u', 'b', 'a', 't', 'o', 'r', 'b', 'a', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "put.moe", true */ 'p', 'u', 't', '.', 'm', 'o', 'e', '\0',
+  /* "put.re", true */ 'p', 'u', 't', '.', 'r', 'e', '\0',
+  /* "putatara.net", true */ 'p', 'u', 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "putney.io", true */ 'p', 'u', 't', 'n', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "puurwonengeldrop.nl", false */ 'p', 'u', 'u', 'r', 'w', 'o', 'n', 'e', 'n', 'g', 'e', 'l', 'd', 'r', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "puxlit.net", true */ 'p', 'u', 'x', 'l', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "puyallupnissanparts.com", true */ 'p', 'u', 'y', 'a', 'l', 'l', 'u', 'p', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "puyblanc.info", true */ 'p', 'u', 'y', 'b', 'l', 'a', 'n', 'c', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "puzz.gg", true */ 'p', 'u', 'z', 'z', '.', 'g', 'g', '\0',
+  /* "puzz.me", true */ 'p', 'u', 'z', 'z', '.', 'm', 'e', '\0',
+  /* "puzzle-welt.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', '-', 'w', 'e', 'l', 't', '.', 'c', 'h', '\0',
+  /* "puzzlepoint.ch", true */ 'p', 'u', 'z', 'z', 'l', 'e', 'p', 'o', 'i', 'n', 't', '.', 'c', 'h', '\0',
+  /* "pv-paderborn-now.de", true */ 'p', 'v', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '-', 'n', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "pvcvoordeel.nl", false */ 'p', 'v', 'c', 'v', 'o', 'o', 'r', 'd', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "pvmotorco.com", true */ 'p', 'v', 'm', 'o', 't', 'o', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pvpcraft.ca", true */ 'p', 'v', 'p', 'c', 'r', 'a', 'f', 't', '.', 'c', 'a', '\0',
+  /* "pvtschlag.com", true */ 'p', 'v', 't', 's', 'c', 'h', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "pwdsafe.com", true */ 'p', 'w', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pwe.vision", true */ 'p', 'w', 'e', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "pwfrance.com", true */ 'p', 'w', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pwi.agency", true */ 'p', 'w', 'i', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "pwnies.dk", true */ 'p', 'w', 'n', 'i', 'e', 's', '.', 'd', 'k', '\0',
+  /* "pwntr.com", true */ 'p', 'w', 'n', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "pwolk.com", true */ 'p', 'w', 'o', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "pxx.io", true */ 'p', 'x', 'x', '.', 'i', 'o', '\0',
+  /* "py-amf.org", true */ 'p', 'y', '-', 'a', 'm', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "py.search.yahoo.com", false */ 'p', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "pygarage.com", true */ 'p', 'y', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "pyjiaoyi.cf", true */ 'p', 'y', 'j', 'i', 'a', 'o', 'y', 'i', '.', 'c', 'f', '\0',
+  /* "pyopenssl.org", true */ 'p', 'y', 'o', 'p', 'e', 'n', 's', 's', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "pypa.io", true */ 'p', 'y', 'p', 'a', '.', 'i', 'o', '\0',
+  /* "pypi.io", true */ 'p', 'y', 'p', 'i', '.', 'i', 'o', '\0',
+  /* "pypi.org", true */ 'p', 'y', 'p', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "pypi.python.org", true */ 'p', 'y', 'p', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pyrotechnologie.de", true */ 'p', 'y', 'r', 'o', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "pyspace.org", true */ 'p', 'y', 's', 'p', 'a', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "python-hyper.org", true */ 'p', 'y', 't', 'h', 'o', 'n', '-', 'h', 'y', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "python.org", false */ 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "pyzlnar.com", true */ 'p', 'y', 'z', 'l', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "q-inn.com", true */ 'q', '-', 'i', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "q-inn.nl", true */ 'q', '-', 'i', 'n', 'n', '.', 'n', 'l', '\0',
+  /* "qa-brandywineglobal.com", true */ 'q', 'a', '-', 'b', 'r', 'a', 'n', 'd', 'y', 'w', 'i', 'n', 'e', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qa.stg.fedoraproject.org", true */ 'q', 'a', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "qaconstrucciones.com", true */ 'q', 'a', 'c', 'o', 'n', 's', 't', 'r', 'u', 'c', 'c', 'i', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qamrulhaque.com", true */ 'q', 'a', 'm', 'r', 'u', 'l', 'h', 'a', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qandavision.com", false */ 'q', 'a', 'n', 'd', 'a', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "qapital.com", true */ 'q', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qbeing.info", true */ 'q', 'b', 'e', 'i', 'n', 'g', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "qbiju.com.br", true */ 'q', 'b', 'i', 'j', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "qbin.io", true */ 'q', 'b', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "qbus.pl", true */ 'q', 'b', 'u', 's', '.', 'p', 'l', '\0',
+  /* "qc.search.yahoo.com", false */ 'q', 'c', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qccareerschool.com", false */ 'q', 'c', 'c', 'a', 'r', 'e', 'e', 'r', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qcdesignschool.com", true */ 'q', 'c', 'd', 'e', 's', 'i', 'g', 'n', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qceventplanning.com", false */ 'q', 'c', 'e', 'v', 'e', 'n', 't', 'p', 'l', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "qcloud.cz", true */ 'q', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'z', '\0',
+  /* "qcmakeupacademy.com", true */ 'q', 'c', 'm', 'a', 'k', 'e', 'u', 'p', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qcstudentcenter.com", false */ 'q', 'c', 's', 't', 'u', 'd', 'e', 'n', 't', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "qcstyleacademy.com", false */ 'q', 'c', 's', 't', 'y', 'l', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qctravelschool.com", false */ 'q', 'c', 't', 'r', 'a', 'v', 'e', 'l', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "qe2homelottery.com", true */ 'q', 'e', '2', 'h', 'o', 'm', 'e', 'l', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "qedcon.org", false */ 'q', 'e', 'd', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "qelectrotech.org", true */ 'q', 'e', 'l', 'e', 'c', 't', 'r', 'o', 't', 'e', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "qetesh.de", true */ 'q', 'e', 't', 'e', 's', 'h', '.', 'd', 'e', '\0',
+  /* "qetic.co.jp", true */ 'q', 'e', 't', 'i', 'c', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "qewc.com", true */ 'q', 'e', 'w', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "qgustavor.tk", true */ 'q', 'g', 'u', 's', 't', 'a', 'v', 'o', 'r', '.', 't', 'k', '\0',
+  /* "qhse-professionals.nl", true */ 'q', 'h', 's', 'e', '-', 'p', 'r', 'o', 'f', 'e', 's', 's', 'i', 'o', 'n', 'a', 'l', 's', '.', 'n', 'l', '\0',
+  /* "qianalysis.com", true */ 'q', 'i', 'a', 'n', 'a', 'l', 'y', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qifu.me", true */ 'q', 'i', 'f', 'u', '.', 'm', 'e', '\0',
+  /* "qifu.org.cn", true */ 'q', 'i', 'f', 'u', '.', 'o', 'r', 'g', '.', 'c', 'n', '\0',
+  /* "qimiao.io", true */ 'q', 'i', 'm', 'i', 'a', 'o', '.', 'i', 'o', '\0',
+  /* "qingpat.com", true */ 'q', 'i', 'n', 'g', 'p', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qingpei.me", false */ 'q', 'i', 'n', 'g', 'p', 'e', 'i', '.', 'm', 'e', '\0',
+  /* "qionouu.cn", true */ 'q', 'i', 'o', 'n', 'o', 'u', 'u', '.', 'c', 'n', '\0',
+  /* "qirinus.com", true */ 'q', 'i', 'r', 'i', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qitarabutrans.com", true */ 'q', 'i', 't', 'a', 'r', 'a', 'b', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qits.de", false */ 'q', 'i', 't', 's', '.', 'd', 'e', '\0',
+  /* "qivonline.pt", true */ 'q', 'i', 'v', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 't', '\0',
+  /* "qiwi.be", true */ 'q', 'i', 'w', 'i', '.', 'b', 'e', '\0',
+  /* "qixi.biz", true */ 'q', 'i', 'x', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "qkka.org", true */ 'q', 'k', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "qkmortgage.com", true */ 'q', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qldconservation.org.au", true */ 'q', 'l', 'd', 'c', 'o', 'n', 's', 'e', 'r', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "qledtech.com", true */ 'q', 'l', 'e', 'd', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qlrace.com", false */ 'q', 'l', 'r', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qm-marzahnnordwest.de", true */ 'q', 'm', '-', 'm', 'a', 'r', 'z', 'a', 'h', 'n', 'n', 'o', 'r', 'd', 'w', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "qochealth.com", true */ 'q', 'o', 'c', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qoohoot.com", true */ 'q', 'o', 'o', 'h', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qotw.net", true */ 'q', 'o', 't', 'w', '.', 'n', 'e', 't', '\0',
+  /* "qq-navi.com", true */ 'q', 'q', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "qqj.net", true */ 'q', 'q', 'j', '.', 'n', 'e', 't', '\0',
+  /* "qqvips.com", false */ 'q', 'q', 'v', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qrcontagion.com", true */ 'q', 'r', 'c', 'o', 'n', 't', 'a', 'g', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "qrpth.eu", true */ 'q', 'r', 'p', 't', 'h', '.', 'e', 'u', '\0',
+  /* "qtl.me", true */ 'q', 't', 'l', '.', 'm', 'e', '\0',
+  /* "qto.com", true */ 'q', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qtpass.org", true */ 'q', 't', 'p', 'a', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "qtpower.co.uk", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "qtpower.net", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "qtpower.org", true */ 'q', 't', 'p', 'o', 'w', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "qtvr.com", true */ 'q', 't', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "qtxh.net", true */ 'q', 't', 'x', 'h', '.', 'n', 'e', 't', '\0',
+  /* "quackerswaterproofing.com", true */ 'q', 'u', 'a', 'c', 'k', 'e', 'r', 's', 'w', 'a', 't', 'e', 'r', 'p', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "quaedam.org", true */ 'q', 'u', 'a', 'e', 'd', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "quaggan.co", true */ 'q', 'u', 'a', 'g', 'g', 'a', 'n', '.', 'c', 'o', '\0',
+  /* "quai10.org", false */ 'q', 'u', 'a', 'i', '1', '0', '.', 'o', 'r', 'g', '\0',
+  /* "quakelive.dk", false */ 'q', 'u', 'a', 'k', 'e', 'l', 'i', 'v', 'e', '.', 'd', 'k', '\0',
+  /* "qualite-ecole-et-formation.ch", true */ 'q', 'u', 'a', 'l', 'i', 't', 'e', '-', 'e', 'c', 'o', 'l', 'e', '-', 'e', 't', '-', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "quality-life.gr", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', '-', 'l', 'i', 'f', 'e', '.', 'g', 'r', '\0',
+  /* "qualityedgarsolutions.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'e', 'd', 'g', 'a', 'r', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qualityhomesystems.com", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'h', 'o', 'm', 'e', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qualityofcourse.com", false */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'o', 'f', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qualitypropertycare.co.uk", true */ 'q', 'u', 'a', 'l', 'i', 't', 'y', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "qualtrics.com", true */ 'q', 'u', 'a', 'l', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quanterra.ch", true */ 'q', 'u', 'a', 'n', 't', 'e', 'r', 'r', 'a', '.', 'c', 'h', '\0',
+  /* "quantor.dk", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', '.', 'd', 'k', '\0',
+  /* "quantoras.com", true */ 'q', 'u', 'a', 'n', 't', 'o', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quantum-lviv.pp.ua", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'l', 'v', 'i', 'v', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "quantum-mechanics.com", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '-', 'm', 'e', 'c', 'h', 'a', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quantum2.xyz", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', '2', '.', 'x', 'y', 'z', '\0',
+  /* "quantumfurball.net", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'f', 'u', 'r', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "quantumwebs.co", true */ 'q', 'u', 'a', 'n', 't', 'u', 'm', 'w', 'e', 'b', 's', '.', 'c', 'o', '\0',
+  /* "quanyin.eu.org", true */ 'q', 'u', 'a', 'n', 'y', 'i', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "quareal.ru", true */ 'q', 'u', 'a', 'r', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "quarryhillrentals.com", true */ 'q', 'u', 'a', 'r', 'r', 'y', 'h', 'i', 'l', 'l', 'r', 'e', 'n', 't', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quarterfull.com", true */ 'q', 'u', 'a', 'r', 't', 'e', 'r', 'f', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "quasarelectronics.co.uk", true */ 'q', 'u', 'a', 's', 'a', 'r', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "quasseldroid.info", true */ 'q', 'u', 'a', 's', 's', 'e', 'l', 'd', 'r', 'o', 'i', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "quatrefoiscent.fr", true */ 'q', 'u', 'a', 't', 'r', 'e', 'f', 'o', 'i', 's', 'c', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "qubes-os.org", true */ 'q', 'u', 'b', 'e', 's', '-', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "qubyte.codes", true */ 'q', 'u', 'b', 'y', 't', 'e', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "quchao.com", true */ 'q', 'u', 'c', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "queenshaflo.com", true */ 'q', 'u', 'e', 'e', 'n', 's', 'h', 'a', 'f', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "queensrdapartments.com.au", true */ 'q', 'u', 'e', 'e', 'n', 's', 'r', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "queer.party", true */ 'q', 'u', 'e', 'e', 'r', '.', 'p', 'a', 'r', 't', 'y', '\0',
+  /* "queercinema.ch", true */ 'q', 'u', 'e', 'e', 'r', 'c', 'i', 'n', 'e', 'm', 'a', '.', 'c', 'h', '\0',
+  /* "queercoders.com", false */ 'q', 'u', 'e', 'e', 'r', 'c', 'o', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quehacerencusco.com", true */ 'q', 'u', 'e', 'h', 'a', 'c', 'e', 'r', 'e', 'n', 'c', 'u', 's', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "quelleformation.net", true */ 'q', 'u', 'e', 'l', 'l', 'e', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "queminventou.com.br", true */ 'q', 'u', 'e', 'm', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "quemmeliga.com", true */ 'q', 'u', 'e', 'm', 'm', 'e', 'l', 'i', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "quentinchevre.ch", true */ 'q', 'u', 'e', 'n', 't', 'i', 'n', 'c', 'h', 'e', 'v', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "quera.ir", true */ 'q', 'u', 'e', 'r', 'a', '.', 'i', 'r', '\0',
+  /* "queroreceitasoberana.com.br", true */ 'q', 'u', 'e', 'r', 'o', 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'o', 'b', 'e', 'r', 'a', 'n', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "query-massage.com", true */ 'q', 'u', 'e', 'r', 'y', '-', 'm', 'a', 's', 's', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "question.com", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "questionable.host", true */ 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', '\0',
+  /* "questsocial.it", true */ 'q', 'u', 'e', 's', 't', 's', 'o', 'c', 'i', 'a', 'l', '.', 'i', 't', '\0',
+  /* "quevisiongrafica.com", true */ 'q', 'u', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'a', 'f', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "quic.fr", true */ 'q', 'u', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "quickboysvrouwen2.nl", true */ 'q', 'u', 'i', 'c', 'k', 'b', 'o', 'y', 's', 'v', 'r', 'o', 'u', 'w', 'e', 'n', '2', '.', 'n', 'l', '\0',
+  /* "quietapple.org", true */ 'q', 'u', 'i', 'e', 't', 'a', 'p', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "quikchange.net", true */ 'q', 'u', 'i', 'k', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "quikpay.com.au", true */ 'q', 'u', 'i', 'k', 'p', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "quikrmovies.to", true */ 'q', 'u', 'i', 'k', 'r', 'm', 'o', 'v', 'i', 'e', 's', '.', 't', 'o', '\0',
+  /* "quinnlabs.com", true */ 'q', 'u', 'i', 'n', 'n', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "quinoa24.com", true */ 'q', 'u', 'i', 'n', 'o', 'a', '2', '4', '.', 'c', 'o', 'm', '\0',
+  /* "quintessa.org", true */ 'q', 'u', 'i', 'n', 't', 'e', 's', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "quire.io", true */ 'q', 'u', 'i', 'r', 'e', '.', 'i', 'o', '\0',
+  /* "quizogames.com", true */ 'q', 'u', 'i', 'z', 'o', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "qul.link", true */ 'q', 'u', 'l', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "quli.nl", false */ 'q', 'u', 'l', 'i', '.', 'n', 'l', '\0',
+  /* "quocdesign.ch", true */ 'q', 'u', 'o', 'c', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'h', '\0',
+  /* "quotev.com", true */ 'q', 'u', 'o', 't', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "quppa.net", true */ 'q', 'u', 'p', 'p', 'a', '.', 'n', 'e', 't', '\0',
+  /* "quuz.org", true */ 'q', 'u', 'u', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "qvggroup.com", true */ 'q', 'v', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "qvi.st", true */ 'q', 'v', 'i', '.', 's', 't', '\0',
+  /* "qvitoo.com", true */ 'q', 'v', 'i', 't', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "qwans.nl", true */ 'q', 'w', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "qwant.com", true */ 'q', 'w', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "qwant.fr", true */ 'q', 'w', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "qwaser.fr", true */ 'q', 'w', 'a', 's', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "qwe7002.com", true */ 'q', 'w', 'e', '7', '0', '0', '2', '.', 'c', 'o', 'm', '\0',
+  /* "qweepi.de", true */ 'q', 'w', 'e', 'e', 'p', 'i', '.', 'd', 'e', '\0',
+  /* "qwertee.com", true */ 'q', 'w', 'e', 'r', 't', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "qwerty.work", true */ 'q', 'w', 'e', 'r', 't', 'y', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "qwikdash.com", true */ 'q', 'w', 'i', 'k', 'd', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "qxy.ch", true */ 'q', 'x', 'y', '.', 'c', 'h', '\0',
+  /* "r-core.org", true */ 'r', '-', 'c', 'o', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "r-cut.fr", true */ 'r', '-', 'c', 'u', 't', '.', 'f', 'r', '\0',
+  /* "r-rwebdesign.com", true */ 'r', '-', 'r', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "r0t.co", true */ 'r', '0', 't', '.', 'c', 'o', '\0',
+  /* "r0uzic.net", true */ 'r', '0', 'u', 'z', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "r2d2pc.com", true */ 'r', '2', 'd', '2', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "r3nt3r.com", true */ 'r', '3', 'n', 't', '3', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "r3s1stanc3.me", true */ 'r', '3', 's', '1', 's', 't', 'a', 'n', 'c', '3', '.', 'm', 'e', '\0',
+  /* "r40.us", true */ 'r', '4', '0', '.', 'u', 's', '\0',
+  /* "r6-team.ru", true */ 'r', '6', '-', 't', 'e', 'a', 'm', '.', 'r', 'u', '\0',
+  /* "r7h.at", true */ 'r', '7', 'h', '.', 'a', 't', '\0',
+  /* "r811.de", true */ 'r', '8', '1', '1', '.', 'd', 'e', '\0',
+  /* "ra-micro-koeln.de", true */ 'r', 'a', '-', 'm', 'i', 'c', 'r', 'o', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "ra.co.ke", true */ 'r', 'a', '.', 'c', 'o', '.', 'k', 'e', '\0',
+  /* "ra4wvpn.com", true */ 'r', 'a', '4', 'w', 'v', 'p', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "raah.co", true */ 'r', 'a', 'a', 'h', '.', 'c', 'o', '\0',
+  /* "rabbit.wales", false */ 'r', 'a', 'b', 'b', 'i', 't', '.', 'w', 'a', 'l', 'e', 's', '\0',
+  /* "rabbitvcactus.eu", true */ 'r', 'a', 'b', 'b', 'i', 't', 'v', 'c', 'a', 'c', 't', 'u', 's', '.', 'e', 'u', '\0',
+  /* "rabotaescort.com", true */ 'r', 'a', 'b', 'o', 't', 'a', 'e', 's', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rabynska.eu", true */ 'r', 'a', 'b', 'y', 'n', 's', 'k', 'a', '.', 'e', 'u', '\0',
+  /* "racasdecachorro.org", true */ 'r', 'a', 'c', 'a', 's', 'd', 'e', 'c', 'a', 'c', 'h', 'o', 'r', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "raccoltarifiuti.com", true */ 'r', 'a', 'c', 'c', 'o', 'l', 't', 'a', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "racermaster.xyz", true */ 'r', 'a', 'c', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "raceviewcycles.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'c', 'y', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raceviewequestrian.com", true */ 'r', 'a', 'c', 'e', 'v', 'i', 'e', 'w', 'e', 'q', 'u', 'e', 's', 't', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rachaelrussell.com", true */ 'r', 'a', 'c', 'h', 'a', 'e', 'l', 'r', 'u', 's', 's', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rachelchen.me", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "rachelreagan.com", true */ 'r', 'a', 'c', 'h', 'e', 'l', 'r', 'e', 'a', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rachelsbouncycastles.co.uk", true */ 'r', 'a', 'c', 'h', 'e', 'l', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rachida-dati.eu", true */ 'r', 'a', 'c', 'h', 'i', 'd', 'a', '-', 'd', 'a', 't', 'i', '.', 'e', 'u', '\0',
+  /* "racius.com", true */ 'r', 'a', 'c', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rackerlab.com", true */ 'r', 'a', 'c', 'k', 'e', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "racktear.com", true */ 'r', 'a', 'c', 'k', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "raconconsulting.co.uk", true */ 'r', 'a', 'c', 'o', 'n', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "racoo.net", true */ 'r', 'a', 'c', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "racunovodstvo-prina.si", true */ 'r', 'a', 'c', 'u', 'n', 'o', 'v', 'o', 'd', 's', 't', 'v', 'o', '-', 'p', 'r', 'i', 'n', 'a', '.', 's', 'i', '\0',
+  /* "rad-route.de", true */ 'r', 'a', 'd', '-', 'r', 'o', 'u', 't', 'e', '.', 'd', 'e', '\0',
+  /* "radar.sx", true */ 'r', 'a', 'd', 'a', 'r', '.', 's', 'x', '\0',
+  /* "radaravia.ru", true */ 'r', 'a', 'd', 'a', 'r', 'a', 'v', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "radcube.hu", true */ 'r', 'a', 'd', 'c', 'u', 'b', 'e', '.', 'h', 'u', '\0',
+  /* "raddavarden.nu", true */ 'r', 'a', 'd', 'd', 'a', 'v', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "radfieldhomecare.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "radfieldhomecarefranchising.co.uk", true */ 'r', 'a', 'd', 'f', 'i', 'e', 'l', 'd', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'f', 'r', 'a', 'n', 'c', 'h', 'i', 's', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "radical.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "radicaloptimism.org", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 'o', 'p', 't', 'i', 'm', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "radicalsub.com.br", true */ 'r', 'a', 'd', 'i', 'c', 'a', 'l', 's', 'u', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "radins.com", true */ 'r', 'a', 'd', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "radio-utopie.de", true */ 'r', 'a', 'd', 'i', 'o', '-', 'u', 't', 'o', 'p', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "radio1.ie", true */ 'r', 'a', 'd', 'i', 'o', '1', '.', 'i', 'e', '\0',
+  /* "radioilusion.es", true */ 'r', 'a', 'd', 'i', 'o', 'i', 'l', 'u', 's', 'i', 'o', 'n', '.', 'e', 's', '\0',
+  /* "radiom.fr", true */ 'r', 'a', 'd', 'i', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "radiomodem.dk", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'd', 'e', 'm', '.', 'd', 'k', '\0',
+  /* "radiomontebianco.it", true */ 'r', 'a', 'd', 'i', 'o', 'm', 'o', 'n', 't', 'e', 'b', 'i', 'a', 'n', 'c', 'o', '.', 'i', 't', '\0',
+  /* "radionicabg.com", true */ 'r', 'a', 'd', 'i', 'o', 'n', 'i', 'c', 'a', 'b', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "radiopolarniki.spb.ru", true */ 'r', 'a', 'd', 'i', 'o', 'p', 'o', 'l', 'a', 'r', 'n', 'i', 'k', 'i', '.', 's', 'p', 'b', '.', 'r', 'u', '\0',
+  /* "radiormi.com", true */ 'r', 'a', 'd', 'i', 'o', 'r', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "radis-adopt.com", true */ 'r', 'a', 'd', 'i', 's', '-', 'a', 'd', 'o', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "radondetectionandcontrol.com", true */ 'r', 'a', 'd', 'o', 'n', 'd', 'e', 't', 'e', 'c', 't', 'i', 'o', 'n', 'a', 'n', 'd', 'c', 'o', 'n', 't', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "radreisetraumtreibstoff.de", true */ 'r', 'a', 'd', 'r', 'e', 'i', 's', 'e', 't', 'r', 'a', 'u', 'm', 't', 'r', 'e', 'i', 'b', 's', 't', 'o', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "radtke.bayern", true */ 'r', 'a', 'd', 't', 'k', 'e', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "radyn.com", true */ 'r', 'a', 'd', 'y', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "raeu.me", true */ 'r', 'a', 'e', 'u', '.', 'm', 'e', '\0',
+  /* "raeven.nl", true */ 'r', 'a', 'e', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rafaelmagalhaesweb.com", true */ 'r', 'a', 'f', 'a', 'e', 'l', 'm', 'a', 'g', 'a', 'l', 'h', 'a', 'e', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "rafey.xyz", true */ 'r', 'a', 'f', 'e', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "rafting-japan.com", true */ 'r', 'a', 'f', 't', 'i', 'n', 'g', '-', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rage-overload.ch", true */ 'r', 'a', 'g', 'e', '-', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '.', 'c', 'h', '\0',
+  /* "rage.rip", true */ 'r', 'a', 'g', 'e', '.', 'r', 'i', 'p', '\0',
+  /* "rage4.com", true */ 'r', 'a', 'g', 'e', '4', '.', 'c', 'o', 'm', '\0',
+  /* "raghavdua.in", true */ 'r', 'a', 'g', 'h', 'a', 'v', 'd', 'u', 'a', '.', 'i', 'n', '\0',
+  /* "ragnaroktop.com.br", true */ 'r', 'a', 'g', 'n', 'a', 'r', 'o', 'k', 't', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rahamasin.eu", true */ 'r', 'a', 'h', 'a', 'm', 'a', 's', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "raiffeisen-kosovo.com", true */ 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '-', 'k', 'o', 's', 'o', 'v', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "railgun.ac", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'a', 'c', '\0',
+  /* "railgun.com.cn", true */ 'r', 'a', 'i', 'l', 'g', 'u', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "railjob.cn", true */ 'r', 'a', 'i', 'l', 'j', 'o', 'b', '.', 'c', 'n', '\0',
+  /* "railyardurgentcare.com", true */ 'r', 'a', 'i', 'l', 'y', 'a', 'r', 'd', 'u', 'r', 'g', 'e', 'n', 't', 'c', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rainbowbay.org", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'b', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "rainbowinflatables.co.uk", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rainbowstore.com.au", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rainbowstore.com.ua", true */ 'r', 'a', 'i', 'n', 'b', 'o', 'w', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "rainforest.engineering", true */ 'r', 'a', 'i', 'n', 'f', 'o', 'r', 'e', 's', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "rainpaper.com", true */ 'r', 'a', 'i', 'n', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rainville.me", true */ 'r', 'a', 'i', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'm', 'e', '\0',
+  /* "rainway.io", true */ 'r', 'a', 'i', 'n', 'w', 'a', 'y', '.', 'i', 'o', '\0',
+  /* "raiseyourflag.com", true */ 'r', 'a', 'i', 's', 'e', 'y', 'o', 'u', 'r', 'f', 'l', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "raissarobles.com", true */ 'r', 'a', 'i', 's', 's', 'a', 'r', 'o', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raitza.de", true */ 'r', 'a', 'i', 't', 'z', 'a', '.', 'd', 'e', '\0',
+  /* "rajyogarishikesh.com", true */ 'r', 'a', 'j', 'y', 'o', 'g', 'a', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rak-business-service.com", true */ 'r', 'a', 'k', '-', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rakugokai.net", true */ 'r', 'a', 'k', 'u', 'g', 'o', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ralf-huebscher.de", true */ 'r', 'a', 'l', 'f', '-', 'h', 'u', 'e', 'b', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ralfs-zusizone.de", true */ 'r', 'a', 'l', 'f', 's', '-', 'z', 'u', 's', 'i', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "rally-base.com", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rally-base.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0',
+  /* "rally-base.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0',
+  /* "rally-results.eu", true */ 'r', 'a', 'l', 'l', 'y', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'e', 'u', '\0',
+  /* "rally-vysledky.cz", true */ 'r', 'a', 'l', 'l', 'y', '-', 'v', 'y', 's', 'l', 'e', 'd', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "rallybase.cz", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'c', 'z', '\0',
+  /* "rallybase.eu", true */ 'r', 'a', 'l', 'l', 'y', 'b', 'a', 's', 'e', '.', 'e', 'u', '\0',
+  /* "rallycycling.com", true */ 'r', 'a', 'l', 'l', 'y', 'c', 'y', 'c', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ralph.bike", true */ 'r', 'a', 'l', 'p', 'h', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "ralphwoessner.com", true */ 'r', 'a', 'l', 'p', 'h', 'w', 'o', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ram-it.nl", true */ 'r', 'a', 'm', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "ram.nl", true */ 'r', 'a', 'm', '.', 'n', 'l', '\0',
+  /* "ramatola.uk", true */ 'r', 'a', 'm', 'a', 't', 'o', 'l', 'a', '.', 'u', 'k', '\0',
+  /* "rambii.de", true */ 'r', 'a', 'm', 'b', 'i', 'i', '.', 'd', 'e', '\0',
+  /* "ramblingrf.tech", true */ 'r', 'a', 'm', 'b', 'l', 'i', 'n', 'g', 'r', 'f', '.', 't', 'e', 'c', 'h', '\0',
+  /* "rametrix.com", true */ 'r', 'a', 'm', 'e', 't', 'r', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ramov.com", true */ 'r', 'a', 'm', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "ramrecha.com", true */ 'r', 'a', 'm', 'r', 'e', 'c', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ramsor-gaming.de", true */ 'r', 'a', 'm', 's', 'o', 'r', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "randc.org", true */ 'r', 'a', 'n', 'd', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "random-samplings.org", true */ 'r', 'a', 'n', 'd', 'o', 'm', '-', 's', 'a', 'm', 'p', 'l', 'i', 'n', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "randomadversary.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'a', 'd', 'v', 'e', 'r', 's', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "randombit.eu", false */ 'r', 'a', 'n', 'd', 'o', 'm', 'b', 'i', 't', '.', 'e', 'u', '\0',
+  /* "randomdysfunctions.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'd', 'y', 's', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "randomkoalafacts.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'k', 'o', 'a', 'l', 'a', 'f', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "randomprecision.co.uk", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'p', 'r', 'e', 'c', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "randomquotesapp.com", true */ 'r', 'a', 'n', 'd', 'o', 'm', 'q', 'u', 'o', 't', 'e', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "randy.su", true */ 'r', 'a', 'n', 'd', 'y', '.', 's', 'u', '\0',
+  /* "rangde.org", true */ 'r', 'a', 'n', 'g', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ranking-deli.jp", true */ 'r', 'a', 'n', 'k', 'i', 'n', 'g', '-', 'd', 'e', 'l', 'i', '.', 'j', 'p', '\0',
+  /* "ranson.com.au", true */ 'r', 'a', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rantanda.com", true */ 'r', 'a', 'n', 't', 'a', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ranyeh.com", true */ 'r', 'a', 'n', 'y', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ranzbak.nl", true */ 'r', 'a', 'n', 'z', 'b', 'a', 'k', '.', 'n', 'l', '\0',
+  /* "rapenroer.com", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rapenroer.nl", true */ 'r', 'a', 'p', 'e', 'n', 'r', 'o', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "raphael.li", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', '.', 'l', 'i', '\0',
+  /* "raphaelcasazza.ch", true */ 'r', 'a', 'p', 'h', 'a', 'e', 'l', 'c', 'a', 's', 'a', 'z', 'z', 'a', '.', 'c', 'h', '\0',
+  /* "rapidapp.io", true */ 'r', 'a', 'p', 'i', 'd', 'a', 'p', 'p', '.', 'i', 'o', '\0',
+  /* "rapido.nu", true */ 'r', 'a', 'p', 'i', 'd', 'o', '.', 'n', 'u', '\0',
+  /* "rapidshit.net", true */ 'r', 'a', 'p', 'i', 'd', 's', 'h', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "rapidstone.com", true */ 'r', 'a', 'p', 'i', 'd', 's', 't', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raraflora.com.au", true */ 'r', 'a', 'r', 'a', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rareative.com", true */ 'r', 'a', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raryosu.info", true */ 'r', 'a', 'r', 'y', 'o', 's', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rasagiline.com", true */ 'r', 'a', 's', 'a', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rascals-castles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rascalscastles.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rascalscastlesdoncaster.co.uk", true */ 'r', 'a', 's', 'c', 'a', 'l', 's', 'c', 'a', 's', 't', 'l', 'e', 's', 'd', 'o', 'n', 'c', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rasebo.ro", true */ 'r', 'a', 's', 'e', 'b', 'o', '.', 'r', 'o', '\0',
+  /* "raspass.me", true */ 'r', 'a', 's', 'p', 'a', 's', 's', '.', 'm', 'e', '\0',
+  /* "raspberry.us", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', '.', 'u', 's', '\0',
+  /* "raspberryultradrops.com", true */ 'r', 'a', 's', 'p', 'b', 'e', 'r', 'r', 'y', 'u', 'l', 't', 'r', 'a', 'd', 'r', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rastreie.net", true */ 'r', 'a', 's', 't', 'r', 'e', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rasty.cz", true */ 'r', 'a', 's', 't', 'y', '.', 'c', 'z', '\0',
+  /* "ratd.net", true */ 'r', 'a', 't', 'd', '.', 'n', 'e', 't', '\0',
+  /* "ratebridge.com", true */ 'r', 'a', 't', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rathbonesonline.com", true */ 'r', 'a', 't', 'h', 'b', 'o', 'n', 'e', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rathgeb.org", true */ 'r', 'a', 't', 'h', 'g', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "rathorian.fr", true */ 'r', 'a', 't', 'h', 'o', 'r', 'i', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "rationalcreation.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rationalism.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rationalops.com", true */ 'r', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rattenkot.io", true */ 'r', 'a', 't', 't', 'e', 'n', 'k', 'o', 't', '.', 'i', 'o', '\0',
+  /* "raulrivero.es", true */ 'r', 'a', 'u', 'l', 'r', 'i', 'v', 'e', 'r', 'o', '.', 'e', 's', '\0',
+  /* "raumzeitlabor.de", false */ 'r', 'a', 'u', 'm', 'z', 'e', 'i', 't', 'l', 'a', 'b', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "rauros.net", true */ 'r', 'a', 'u', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "rautermods.net", true */ 'r', 'a', 'u', 't', 'e', 'r', 'm', 'o', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "ravchat.com", true */ 'r', 'a', 'v', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "raven.dog", true */ 'r', 'a', 'v', 'e', 'n', '.', 'd', 'o', 'g', '\0',
+  /* "ravenger.net", true */ 'r', 'a', 'v', 'e', 'n', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "ravensbuch.de", true */ 'r', 'a', 'v', 'e', 'n', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "ravhaaglanden.org", true */ 'r', 'a', 'v', 'h', 'a', 'a', 'g', 'l', 'a', 'n', 'd', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ravindran.me", true */ 'r', 'a', 'v', 'i', 'n', 'd', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "ravis.org", true */ 'r', 'a', 'v', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rawsec.net", true */ 'r', 'a', 'w', 's', 'e', 'c', '.', 'n', 'e', 't', '\0',
+  /* "raxion.cf", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 'c', 'f', '\0',
+  /* "raxion.tk", true */ 'r', 'a', 'x', 'i', 'o', 'n', '.', 't', 'k', '\0',
+  /* "ray-home.de", true */ 'r', 'a', 'y', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "ray-works.de", true */ 'r', 'a', 'y', '-', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "rayiris.com", true */ 'r', 'a', 'y', 'i', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "raykitchenware.com", true */ 'r', 'a', 'y', 'k', 'i', 't', 'c', 'h', 'e', 'n', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raymcbride.com", true */ 'r', 'a', 'y', 'm', 'c', 'b', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "raymd.de", true */ 'r', 'a', 'y', 'm', 'd', '.', 'd', 'e', '\0',
+  /* "raymii.org", true */ 'r', 'a', 'y', 'm', 'i', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "raymondelooff.nl", true */ 'r', 'a', 'y', 'm', 'o', 'n', 'd', 'e', 'l', 'o', 'o', 'f', 'f', '.', 'n', 'l', '\0',
+  /* "rayworks.de", true */ 'r', 'a', 'y', 'w', 'o', 'r', 'k', 's', '.', 'd', 'e', '\0',
+  /* "razberry.kr", true */ 'r', 'a', 'z', 'b', 'e', 'r', 'r', 'y', '.', 'k', 'r', '\0',
+  /* "rb-china.net", true */ 'r', 'b', '-', 'c', 'h', 'i', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "rbensch.com", true */ 'r', 'b', 'e', 'n', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rbflote.lv", true */ 'r', 'b', 'f', 'l', 'o', 't', 'e', '.', 'l', 'v', '\0',
+  /* "rbltracker.com", true */ 'r', 'b', 'l', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rbmafrica.co.za", true */ 'r', 'b', 'm', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "rbnet.xyz", true */ 'r', 'b', 'n', 'e', 't', '.', 'x', 'y', 'z', '\0',
+  /* "rbran.com", true */ 'r', 'b', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rbtvshitstorm.is", true */ 'r', 'b', 't', 'v', 's', 'h', 'i', 't', 's', 't', 'o', 'r', 'm', '.', 'i', 's', '\0',
+  /* "rburchell.com", true */ 'r', 'b', 'u', 'r', 'c', 'h', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rbxcatalog.com", true */ 'r', 'b', 'x', 'c', 'a', 't', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rc-offi.net", true */ 'r', 'c', '-', 'o', 'f', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rc-shop.ch", true */ 'r', 'c', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "rc7.ch", true */ 'r', 'c', '7', '.', 'c', 'h', '\0',
+  /* "rca.fr", true */ 'r', 'c', 'a', '.', 'f', 'r', '\0',
+  /* "rcdocuments.com", true */ 'r', 'c', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rchrdsn.uk", true */ 'r', 'c', 'h', 'r', 'd', 's', 'n', '.', 'u', 'k', '\0',
+  /* "rclsm.net", true */ 'r', 'c', 'l', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "rcmlinx.com", true */ 'r', 'c', 'm', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rcmurphy.com", true */ 'r', 'c', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rcnitrotalk.com", true */ 'r', 'c', 'n', 'i', 't', 'r', 'o', 't', 'a', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rcraigmurphy.com", true */ 'r', 'c', 'r', 'a', 'i', 'g', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rcx.io", true */ 'r', 'c', 'x', '.', 'i', 'o', '\0',
+  /* "rdh.asia", true */ 'r', 'd', 'h', '.', 'a', 's', 'i', 'a', '\0',
+  /* "rdl.at", false */ 'r', 'd', 'l', '.', 'a', 't', '\0',
+  /* "rdns.cc", true */ 'r', 'd', 'n', 's', '.', 'c', 'c', '\0',
+  /* "re-curi.com", true */ 'r', 'e', '-', 'c', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "re-wilding.com", true */ 'r', 'e', '-', 'w', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "reachrss.com", true */ 'r', 'e', 'a', 'c', 'h', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reaconverter.com", true */ 'r', 'e', 'a', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "react-db.com", true */ 'r', 'e', 'a', 'c', 't', '-', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "reactivarte.es", true */ 'r', 'e', 'a', 'c', 't', 'i', 'v', 'a', 'r', 't', 'e', '.', 'e', 's', '\0',
+  /* "read.sc", true */ 'r', 'e', 'a', 'd', '.', 's', 'c', '\0',
+  /* "reades.co.uk", true */ 'r', 'e', 'a', 'd', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "readheadcopywriting.com", true */ 'r', 'e', 'a', 'd', 'h', 'e', 'a', 'd', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "readingandmath.org", true */ 'r', 'e', 'a', 'd', 'i', 'n', 'g', 'a', 'n', 'd', 'm', 'a', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "readism.io", true */ 'r', 'e', 'a', 'd', 'i', 's', 'm', '.', 'i', 'o', '\0',
+  /* "readonly.de", true */ 'r', 'e', 'a', 'd', 'o', 'n', 'l', 'y', '.', 'd', 'e', '\0',
+  /* "readouble.com", false */ 'r', 'e', 'a', 'd', 'o', 'u', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "readtldr.com", true */ 'r', 'e', 'a', 'd', 't', 'l', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "readysell.net", true */ 'r', 'e', 'a', 'd', 'y', 's', 'e', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "readytongue.com", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'n', 'g', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "readytowear.es", true */ 'r', 'e', 'a', 'd', 'y', 't', 'o', 'w', 'e', 'a', 'r', '.', 'e', 's', '\0',
+  /* "reaganlibrary.gov", true */ 'r', 'e', 'a', 'g', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "real-bits.com", true */ 'r', 'e', 'a', 'l', '-', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "real-digital.co.uk", true */ 'r', 'e', 'a', 'l', '-', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "real-it.nl", true */ 'r', 'e', 'a', 'l', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "realcapoeira.ru", true */ 'r', 'e', 'a', 'l', 'c', 'a', 'p', 'o', 'e', 'i', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "realestateonehowell.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "realestateradioshow.com", true */ 'r', 'e', 'a', 'l', 'e', 's', 't', 'a', 't', 'e', 'r', 'a', 'd', 'i', 'o', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "realfamilyincest.com", true */ 'r', 'e', 'a', 'l', 'f', 'a', 'm', 'i', 'l', 'y', 'i', 'n', 'c', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "realgarant-shop.de", false */ 'r', 'e', 'a', 'l', 'g', 'a', 'r', 'a', 'n', 't', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "realhorsegirls.net", true */ 'r', 'e', 'a', 'l', 'h', 'o', 'r', 's', 'e', 'g', 'i', 'r', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "realhost.name", true */ 'r', 'e', 'a', 'l', 'h', 'o', 's', 't', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "realitea.co.uk", true */ 'r', 'e', 'a', 'l', 'i', 't', 'e', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reality.news", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '.', 'n', 'e', 'w', 's', '\0',
+  /* "reality0ne.com", false */ 'r', 'e', 'a', 'l', 'i', 't', 'y', '0', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "realitycrazy.com", true */ 'r', 'e', 'a', 'l', 'i', 't', 'y', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "reallifeforums.com", true */ 'r', 'e', 'a', 'l', 'l', 'i', 'f', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "realloc.me", true */ 'r', 'e', 'a', 'l', 'l', 'o', 'c', '.', 'm', 'e', '\0',
+  /* "really-simple-ssl.com", true */ 'r', 'e', 'a', 'l', 'l', 'y', '-', 's', 'i', 'm', 'p', 'l', 'e', '-', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "really.ai", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'a', 'i', '\0',
+  /* "really.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "reallyreally.io", true */ 'r', 'e', 'a', 'l', 'l', 'y', 'r', 'e', 'a', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "realmofespionage.xyz", true */ 'r', 'e', 'a', 'l', 'm', 'o', 'f', 'e', 's', 'p', 'i', 'o', 'n', 'a', 'g', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "realnewhomes.com", true */ 'r', 'e', 'a', 'l', 'n', 'e', 'w', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "realum.com", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "realum.de", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "realum.eu", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "realum.net", true */ 'r', 'e', 'a', 'l', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "realwaycome.com", true */ 'r', 'e', 'a', 'l', 'w', 'a', 'y', 'c', 'o', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "realwildart.com", true */ 'r', 'e', 'a', 'l', 'w', 'i', 'l', 'd', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "realworldholidays.co.uk", true */ 'r', 'e', 'a', 'l', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 'l', 'i', 'd', 'a', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reancos.report", true */ 'r', 'e', 'a', 'n', 'c', 'o', 's', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "reanimated.eu", true */ 'r', 'e', 'a', 'n', 'i', 'm', 'a', 't', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "reath.me", true */ 'r', 'e', 'a', 't', 'h', '.', 'm', 'e', '\0',
+  /* "reaven.nl", true */ 'r', 'e', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rebane2001.com", true */ 'r', 'e', 'b', 'a', 'n', 'e', '2', '0', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "rebelessex.com", true */ 'r', 'e', 'b', 'e', 'l', 'e', 's', 's', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rebelz.se", true */ 'r', 'e', 'b', 'e', 'l', 'z', '.', 's', 'e', '\0',
+  /* "rebirthia.me", true */ 'r', 'e', 'b', 'i', 'r', 't', 'h', 'i', 'a', '.', 'm', 'e', '\0',
+  /* "reboxetine.com", true */ 'r', 'e', 'b', 'o', 'x', 'e', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reboxonline.com", true */ 'r', 'e', 'b', 'o', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "recantoshop.com", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "recantoshop.com.br", true */ 'r', 'e', 'c', 'a', 'n', 't', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "recapp.ch", true */ 'r', 'e', 'c', 'a', 'p', 'p', '.', 'c', 'h', '\0',
+  /* "receitas-de-bolos.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', '-', 'd', 'e', '-', 'b', 'o', 'l', 'o', 's', '.', 'p', 't', '\0',
+  /* "receitasdebacalhau.pt", true */ 'r', 'e', 'c', 'e', 'i', 't', 'a', 's', 'd', 'e', 'b', 'a', 'c', 'a', 'l', 'h', 'a', 'u', '.', 'p', 't', '\0',
+  /* "receptionsbook.com", true */ 'r', 'e', 'c', 'e', 'p', 't', 'i', 'o', 'n', 's', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "recepty.eu", false */ 'r', 'e', 'c', 'e', 'p', 't', 'y', '.', 'e', 'u', '\0',
+  /* "recetasdecocinaideal.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'd', 'e', 'c', 'o', 'c', 'i', 'n', 'a', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "recetasfacilesdehacer.com", true */ 'r', 'e', 'c', 'e', 't', 'a', 's', 'f', 'a', 'c', 'i', 'l', 'e', 's', 'd', 'e', 'h', 'a', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rechat.com", true */ 'r', 'e', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rechenknaecht.de", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'k', 'n', 'a', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "rechenwerk.net", true */ 'r', 'e', 'c', 'h', 'e', 'n', 'w', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "recht-freundlich.de", true */ 'r', 'e', 'c', 'h', 't', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'l', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "rechtenliteratuurleiden.nl", true */ 'r', 'e', 'c', 'h', 't', 'e', 'n', 'l', 'i', 't', 'e', 'r', 'a', 't', 'u', 'u', 'r', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rechtsanwaeltin-vollmer.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'e', 'l', 't', 'i', 'n', '-', 'v', 'o', 'l', 'l', 'm', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rechtsanwalt-koeppen-feucht.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'a', 'n', 'w', 'a', 'l', 't', '-', 'k', 'o', 'e', 'p', 'p', 'e', 'n', '-', 'f', 'e', 'u', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "rechtschreibpruefung24.de", true */ 'r', 'e', 'c', 'h', 't', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'p', 'r', 'u', 'e', 'f', 'u', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "reclamebureau-ultrax.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 'b', 'u', 'r', 'e', 'a', 'u', '-', 'u', 'l', 't', 'r', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "reclametoolz.nl", true */ 'r', 'e', 'c', 'l', 'a', 'm', 'e', 't', 'o', 'o', 'l', 'z', '.', 'n', 'l', '\0',
+  /* "reclusiam.net", true */ 'r', 'e', 'c', 'l', 'u', 's', 'i', 'a', 'm', '.', 'n', 'e', 't', '\0',
+  /* "recmon.hu", true */ 'r', 'e', 'c', 'm', 'o', 'n', '.', 'h', 'u', '\0',
+  /* "reco-studio.de", true */ 'r', 'e', 'c', 'o', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'd', 'e', '\0',
+  /* "recolic.net", true */ 'r', 'e', 'c', 'o', 'l', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "recommended.reviews", true */ 'r', 'e', 'c', 'o', 'm', 'm', 'e', 'n', 'd', 'e', 'd', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "recompiled.org", true */ 'r', 'e', 'c', 'o', 'm', 'p', 'i', 'l', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "recon-networks.com", true */ 'r', 'e', 'c', 'o', 'n', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recordeuropa.com", false */ 'r', 'e', 'c', 'o', 'r', 'd', 'e', 'u', 'r', 'o', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "recoveringspirit.com", true */ 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'i', 'n', 'g', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "recreation.gov", true */ 'r', 'e', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', '.', 'g', 'o', 'v', '\0',
+  /* "recreoviral.com", true */ 'r', 'e', 'c', 'r', 'e', 'o', 'v', 'i', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "recruitmade.jp", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'a', 'd', 'e', '.', 'j', 'p', '\0',
+  /* "recruitsecuritytraining.co.uk", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "recruitsecuritytraining.com", true */ 'r', 'e', 'c', 'r', 'u', 'i', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rectoraudiparts.com", true */ 'r', 'e', 'c', 't', 'o', 'r', 'a', 'u', 'd', 'i', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recuerdafilms.com", true */ 'r', 'e', 'c', 'u', 'e', 'r', 'd', 'a', 'f', 'i', 'l', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "recurly.com", true */ 'r', 'e', 'c', 'u', 'r', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "recyclingpromotions.us", true */ 'r', 'e', 'c', 'y', 'c', 'l', 'i', 'n', 'g', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'u', 's', '\0',
+  /* "red-t-shirt.ru", true */ 'r', 'e', 'd', '-', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'r', 'u', '\0',
+  /* "redable.hosting", true */ 'r', 'e', 'd', 'a', 'b', 'l', 'e', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "redb.cz", true */ 'r', 'e', 'd', 'b', '.', 'c', 'z', '\0',
+  /* "redballoonsecurity.com", true */ 'r', 'e', 'd', 'b', 'a', 'l', 'l', 'o', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "redburn.com", true */ 'r', 'e', 'd', 'b', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "redcomet.org", true */ 'r', 'e', 'd', 'c', 'o', 'm', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "redcone.net", true */ 'r', 'e', 'd', 'c', 'o', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "redcorus.com", true */ 'r', 'e', 'd', 'c', 'o', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redd.it", true */ 'r', 'e', 'd', 'd', '.', 'i', 't', '\0',
+  /* "reddingo.at", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'a', 't', '\0',
+  /* "reddingo.be", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'b', 'e', '\0',
+  /* "reddingo.ch", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'h', '\0',
+  /* "reddingo.com", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reddingo.com.au", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "reddingo.de", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "reddingo.es", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 's', '\0',
+  /* "reddingo.eu", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'e', 'u', '\0',
+  /* "reddingo.fr", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'f', 'r', '\0',
+  /* "reddingo.it", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'i', 't', '\0',
+  /* "reddingo.jp", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'j', 'p', '\0',
+  /* "reddingo.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "reddingo.nz", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 'o', '.', 'n', 'z', '\0',
+  /* "reddingsbrigade-zwolle.nl", true */ 'r', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'r', 'i', 'g', 'a', 'd', 'e', '-', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "reddit2kindle.com", true */ 'r', 'e', 'd', 'd', 'i', 't', '2', 'k', 'i', 'n', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reddraggone9.com", true */ 'r', 'e', 'd', 'd', 'r', 'a', 'g', 'g', 'o', 'n', 'e', '9', '.', 'c', 'o', 'm', '\0',
+  /* "rede-reim.de", true */ 'r', 'e', 'd', 'e', '-', 'r', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "redeemingbeautyminerals.com", true */ 'r', 'e', 'd', 'e', 'e', 'm', 'i', 'n', 'g', 'b', 'e', 'a', 'u', 't', 'y', 'm', 'i', 'n', 'e', 'r', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redessantaluzia.com.br", true */ 'r', 'e', 'd', 'e', 's', 's', 'a', 'n', 't', 'a', 'l', 'u', 'z', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "redgatesoftware.co.uk", true */ 'r', 'e', 'd', 'g', 'a', 't', 'e', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "redheeler.com.br", true */ 'r', 'e', 'd', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "redigest.it", true */ 'r', 'e', 'd', 'i', 'g', 'e', 's', 't', '.', 'i', 't', '\0',
+  /* "redir.me", true */ 'r', 'e', 'd', 'i', 'r', '.', 'm', 'e', '\0',
+  /* "redirect.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "redirect.stg.fedoraproject.org", true */ 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "rediske.me", true */ 'r', 'e', 'd', 'i', 's', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "redit.com", true */ 'r', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "redivis.com", true */ 'r', 'e', 'd', 'i', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "redizoo.com", true */ 'r', 'e', 'd', 'i', 'z', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "redletter.link", true */ 'r', 'e', 'd', 'l', 'e', 't', 't', 'e', 'r', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "redlink.de", true */ 'r', 'e', 'd', 'l', 'i', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "redneragenturen.org", true */ 'r', 'e', 'd', 'n', 'e', 'r', 'a', 'g', 'e', 'n', 't', 'u', 'r', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "rednoseday.com", true */ 'r', 'e', 'd', 'n', 'o', 's', 'e', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rednsx.org", true */ 'r', 'e', 'd', 'n', 's', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "redperegrine.com", true */ 'r', 'e', 'd', 'p', 'e', 'r', 'e', 'g', 'r', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "redprice.by", true */ 'r', 'e', 'd', 'p', 'r', 'i', 'c', 'e', '.', 'b', 'y', '\0',
+  /* "redshield.co", true */ 'r', 'e', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', '\0',
+  /* "redshiftcybersecurity.co.za", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'c', 'y', 'b', 'e', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "redshiftlabs.com.au", true */ 'r', 'e', 'd', 's', 'h', 'i', 'f', 't', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "redshoeswalking.net", true */ 'r', 'e', 'd', 's', 'h', 'o', 'e', 's', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "redsicom.com", true */ 'r', 'e', 'd', 's', 'i', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "redstoner.com", true */ 'r', 'e', 'd', 's', 't', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "redteam-pentesting.de", true */ 'r', 'e', 'd', 't', 'e', 'a', 'm', '-', 'p', 'e', 'n', 't', 'e', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "reducerin.ro", true */ 'r', 'e', 'd', 'u', 'c', 'e', 'r', 'i', 'n', '.', 'r', 'o', '\0',
+  /* "redwoodpaddle.es", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'e', 's', '\0',
+  /* "redwoodpaddle.pt", true */ 'r', 'e', 'd', 'w', 'o', 'o', 'd', 'p', 'a', 'd', 'd', 'l', 'e', '.', 'p', 't', '\0',
+  /* "redzurl.com", true */ 'r', 'e', 'd', 'z', 'u', 'r', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "reed-sensor.com", true */ 'r', 'e', 'e', 'd', '-', 's', 'e', 'n', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "reedloden.com", true */ 'r', 'e', 'e', 'd', 'l', 'o', 'd', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reepay.com", true */ 'r', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "reeson.at", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'a', 't', '\0',
+  /* "reeson.de", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "reeson.info", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "reeson.org", true */ 'r', 'e', 'e', 's', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "reevoo.com", true */ 'r', 'e', 'e', 'v', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reezer.org", true */ 'r', 'e', 'e', 'z', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ref1oct.nl", true */ 'r', 'e', 'f', '1', 'o', 'c', 't', '.', 'n', 'l', '\0',
+  /* "refactor.zone", true */ 'r', 'e', 'f', 'a', 'c', 't', 'o', 'r', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "refficience.com", true */ 'r', 'e', 'f', 'f', 'i', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "refill-roboter.de", true */ 'r', 'e', 'f', 'i', 'l', 'l', '-', 'r', 'o', 'b', 'o', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "reflexions.co", true */ 'r', 'e', 'f', 'l', 'e', 'x', 'i', 'o', 'n', 's', '.', 'c', 'o', '\0',
+  /* "refood-cascaiscpr.eu", true */ 'r', 'e', 'f', 'o', 'o', 'd', '-', 'c', 'a', 's', 'c', 'a', 'i', 's', 'c', 'p', 'r', '.', 'e', 'u', '\0',
+  /* "reforesttheplanet.com", true */ 'r', 'e', 'f', 'o', 'r', 'e', 's', 't', 't', 'h', 'e', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "refreshingserum.com", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'i', 'n', 'g', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "refreshliving.us", true */ 'r', 'e', 'f', 'r', 'e', 's', 'h', 'l', 'i', 'v', 'i', 'n', 'g', '.', 'u', 's', '\0',
+  /* "refundo.cz", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 'c', 'z', '\0',
+  /* "refundo.sk", true */ 'r', 'e', 'f', 'u', 'n', 'd', 'o', '.', 's', 'k', '\0',
+  /* "regain.us", true */ 'r', 'e', 'g', 'a', 'i', 'n', '.', 'u', 's', '\0',
+  /* "regalcapitalwi.com", true */ 'r', 'e', 'g', 'a', 'l', 'c', 'a', 'p', 'i', 't', 'a', 'l', 'w', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "regalosymuestrasgratis.com", true */ 'r', 'e', 'g', 'a', 'l', 'o', 's', 'y', 'm', 'u', 'e', 's', 't', 'r', 'a', 's', 'g', 'r', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "regalpaintingfdl.com", true */ 'r', 'e', 'g', 'a', 'l', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'f', 'd', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "reganclassics.co.uk", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "reganclassics.com", true */ 'r', 'e', 'g', 'a', 'n', 'c', 'l', 'a', 's', 's', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reganparty.com", true */ 'r', 'e', 'g', 'a', 'n', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "regar42.fr", false */ 'r', 'e', 'g', 'a', 'r', '4', '2', '.', 'f', 'r', '\0',
+  /* "regily.com", true */ 'r', 'e', 'g', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "regime-maigrir-vite.com", true */ 'r', 'e', 'g', 'i', 'm', 'e', '-', 'm', 'a', 'i', 'g', 'r', 'i', 'r', '-', 'v', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "regiobeveland.nl", true */ 'r', 'e', 'g', 'i', 'o', 'b', 'e', 'v', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "regionalbasementandcrawlspacerepair.com", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 'a', 'n', 'd', 'c', 'r', 'a', 'w', 'l', 's', 'p', 'a', 'c', 'e', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "regionalcoalition.org", true */ 'r', 'e', 'g', 'i', 'o', 'n', 'a', 'l', 'c', 'o', 'a', 'l', 'i', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "regiosalland.nl", true */ 'r', 'e', 'g', 'i', 'o', 's', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "regiovertrieb.de", false */ 'r', 'e', 'g', 'i', 'o', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "register.gov.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "registerforevent.co.uk", true */ 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'f', 'o', 'r', 'e', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "registrar.io", true */ 'r', 'e', 'g', 'i', 's', 't', 'r', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "regmyr.se", true */ 'r', 'e', 'g', 'm', 'y', 'r', '.', 's', 'e', '\0',
+  /* "regnix.net", true */ 'r', 'e', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "regnr.info", true */ 'r', 'e', 'g', 'n', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "regolithmedia.com", true */ 'r', 'e', 'g', 'o', 'l', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "regraph.de", true */ 'r', 'e', 'g', 'r', 'a', 'p', 'h', '.', 'd', 'e', '\0',
+  /* "regsec.com", true */ 'r', 'e', 'g', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "regulations.gov", true */ 'r', 'e', 'g', 'u', 'l', 'a', 't', 'i', 'o', 'n', 's', '.', 'g', 'o', 'v', '\0',
+  /* "reha-honpo.jp", true */ 'r', 'e', 'h', 'a', '-', 'h', 'o', 'n', 'p', 'o', '.', 'j', 'p', '\0',
+  /* "rehabili-shigoto.com", true */ 'r', 'e', 'h', 'a', 'b', 'i', 'l', 'i', '-', 's', 'h', 'i', 'g', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rehabphilippines.com", true */ 'r', 'e', 'h', 'a', 'b', 'p', 'h', 'i', 'l', 'i', 'p', 'p', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rehabthailand.com", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rehabthailand.org", true */ 'r', 'e', 'h', 'a', 'b', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rei.ki", true */ 'r', 'e', 'i', '.', 'k', 'i', '\0',
+  /* "reichel-steinmetz.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', '-', 's', 't', 'e', 'i', 'n', 'm', 'e', 't', 'z', '.', 'd', 'e', '\0',
+  /* "reichelt-cloud.de", true */ 'r', 'e', 'i', 'c', 'h', 'e', 'l', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "reichl-online.net", true */ 'r', 'e', 'i', 'c', 'h', 'l', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "reidasbombas.com", true */ 'r', 'e', 'i', 'd', 'a', 's', 'b', 'o', 'm', 'b', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reiki-coaching.nl", false */ 'r', 'e', 'i', 'k', 'i', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "reilly.io", true */ 'r', 'e', 'i', 'l', 'l', 'y', '.', 'i', 'o', '\0',
+  /* "reimaginebelonging.de", true */ 'r', 'e', 'i', 'm', 'a', 'g', 'i', 'n', 'e', 'b', 'e', 'l', 'o', 'n', 'g', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "reimann.me", true */ 'r', 'e', 'i', 'm', 'a', 'n', 'n', '.', 'm', 'e', '\0',
+  /* "reimers.de", true */ 'r', 'e', 'i', 'm', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "reimu.ink", false */ 'r', 'e', 'i', 'm', 'u', '.', 'i', 'n', 'k', '\0',
+  /* "rein.kr", true */ 'r', 'e', 'i', 'n', '.', 'k', 'r', '\0',
+  /* "reinaertvandecruys.me", false */ 'r', 'e', 'i', 'n', 'a', 'e', 'r', 't', 'v', 'a', 'n', 'd', 'e', 'c', 'r', 'u', 'y', 's', '.', 'm', 'e', '\0',
+  /* "reinaldudras.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', '.', 'e', 'e', '\0',
+  /* "reinaldudrasfamily.ee", true */ 'r', 'e', 'i', 'n', 'a', 'l', 'd', 'u', 'd', 'r', 'a', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'e', 'e', '\0',
+  /* "reineberthe.ch", true */ 'r', 'e', 'i', 'n', 'e', 'b', 'e', 'r', 't', 'h', 'e', '.', 'c', 'h', '\0',
+  /* "reinencaressa.be", true */ 'r', 'e', 'i', 'n', 'e', 'n', 'c', 'a', 'r', 'e', 's', 's', 'a', '.', 'b', 'e', '\0',
+  /* "reinfer.io", true */ 'r', 'e', 'i', 'n', 'f', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "reinhard.codes", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "reinhardtsgrimma.de", true */ 'r', 'e', 'i', 'n', 'h', 'a', 'r', 'd', 't', 's', 'g', 'r', 'i', 'm', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "reinierjonker.nl", true */ 'r', 'e', 'i', 'n', 'i', 'e', 'r', 'j', 'o', 'n', 'k', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "reinoldus.ddns.net", true */ 'r', 'e', 'i', 'n', 'o', 'l', 'd', 'u', 's', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "reinout.nu", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', '.', 'n', 'u', '\0',
+  /* "reinouthoornweg.nl", true */ 'r', 'e', 'i', 'n', 'o', 'u', 't', 'h', 'o', 'o', 'r', 'n', 'w', 'e', 'g', '.', 'n', 'l', '\0',
+  /* "reisekosten-gorilla.com", true */ 'r', 'e', 'i', 's', 'e', 'k', 'o', 's', 't', 'e', 'n', '-', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reishunger.de", true */ 'r', 'e', 'i', 's', 'h', 'u', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rejahrehim.com", true */ 'r', 'e', 'j', 'a', 'h', 'r', 'e', 'h', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rejushiiplotter.ru", true */ 'r', 'e', 'j', 'u', 's', 'h', 'i', 'i', 'p', 'l', 'o', 't', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "rekorsanat.com.tr", true */ 'r', 'e', 'k', 'o', 'r', 's', 'a', 'n', 'a', 't', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "relates.link", true */ 'r', 'e', 'l', 'a', 't', 'e', 's', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "relatethesport.com", false */ 'r', 'e', 'l', 'a', 't', 'e', 't', 'h', 'e', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "relatic.net", true */ 'r', 'e', 'l', 'a', 't', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "relax.hn", true */ 'r', 'e', 'l', 'a', 'x', '.', 'h', 'n', '\0',
+  /* "relaxdom.net", true */ 'r', 'e', 'l', 'a', 'x', 'd', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "relaxhavefun.com", true */ 'r', 'e', 'l', 'a', 'x', 'h', 'a', 'v', 'e', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "relaxpointhyncice.cz", true */ 'r', 'e', 'l', 'a', 'x', 'p', 'o', 'i', 'n', 't', 'h', 'y', 'n', 'c', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "relaybox.io", true */ 'r', 'e', 'l', 'a', 'y', 'b', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "release-monitoring.org", true */ 'r', 'e', 'l', 'e', 'a', 's', 'e', '-', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "reliancebank.bank", true */ 'r', 'e', 'l', 'i', 'a', 'n', 'c', 'e', 'b', 'a', 'n', 'k', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "religiousforums.com", true */ 'r', 'e', 'l', 'i', 'g', 'i', 'o', 'u', 's', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "relsak.cz", true */ 'r', 'e', 'l', 's', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "rem0te.net", true */ 'r', 'e', 'm', '0', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "remambo.jp", true */ 'r', 'e', 'm', 'a', 'm', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "remedioparaherpes.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 'p', 'a', 'r', 'a', 'h', 'e', 'r', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "remedioscaserosparalacistitis.com", true */ 'r', 'e', 'm', 'e', 'd', 'i', 'o', 's', 'c', 'a', 's', 'e', 'r', 'o', 's', 'p', 'a', 'r', 'a', 'l', 'a', 'c', 'i', 's', 't', 'i', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "remedyrehab.com", true */ 'r', 'e', 'm', 'e', 'd', 'y', 'r', 'e', 'h', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "remejeanne.com", true */ 'r', 'e', 'm', 'e', 'j', 'e', 'a', 'n', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rememberthemilk.com", false */ 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "remodelwithlegacy.com", true */ 'r', 'e', 'm', 'o', 'd', 'e', 'l', 'w', 'i', 't', 'h', 'l', 'e', 'g', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "remonti.info", true */ 'r', 'e', 'm', 'o', 'n', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "remote.so", true */ 'r', 'e', 'm', 'o', 't', 'e', '.', 's', 'o', '\0',
+  /* "remoteutilities.com", true */ 'r', 'e', 'm', 'o', 't', 'e', 'u', 't', 'i', 'l', 'i', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "removedrepo.com", true */ 'r', 'e', 'm', 'o', 'v', 'e', 'd', 'r', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "renascentia.asia", true */ 'r', 'e', 'n', 'a', 's', 'c', 'e', 'n', 't', 'i', 'a', '.', 'a', 's', 'i', 'a', '\0',
+  /* "renaultclubticino.ch", true */ 'r', 'e', 'n', 'a', 'u', 'l', 't', 'c', 'l', 'u', 'b', 't', 'i', 'c', 'i', 'n', 'o', '.', 'c', 'h', '\0',
+  /* "renderloop.com", true */ 'r', 'e', 'n', 'd', 'e', 'r', 'l', 'o', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rene-schwarz.com", true */ 'r', 'e', 'n', 'e', '-', 's', 'c', 'h', 'w', 'a', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rene-stolp.de", true */ 'r', 'e', 'n', 'e', '-', 's', 't', 'o', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "renearends.nl", true */ 'r', 'e', 'n', 'e', 'a', 'r', 'e', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "reneleu.ch", true */ 'r', 'e', 'n', 'e', 'l', 'e', 'u', '.', 'c', 'h', '\0',
+  /* "renem.net", false */ 'r', 'e', 'n', 'e', 'm', '.', 'n', 'e', 't', '\0',
+  /* "renerehelse.no", false */ 'r', 'e', 'n', 'e', 'r', 'e', 'h', 'e', 'l', 's', 'e', '.', 'n', 'o', '\0',
+  /* "reneschmidt.de", true */ 'r', 'e', 'n', 'e', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0',
+  /* "renewablefreedom.org", true */ 'r', 'e', 'n', 'e', 'w', 'a', 'b', 'l', 'e', 'f', 'r', 'e', 'e', 'd', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "renezuo.com", true */ 'r', 'e', 'n', 'e', 'z', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "renkenlaw.com", true */ 'r', 'e', 'n', 'k', 'e', 'n', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "renlen.nl", true */ 'r', 'e', 'n', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rennfire.org", true */ 'r', 'e', 'n', 'n', 'f', 'i', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "renov8sa.co.za", true */ 'r', 'e', 'n', 'o', 'v', '8', 's', 'a', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "renrenche.com", false */ 'r', 'e', 'n', 'r', 'e', 'n', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rens.nu", true */ 'r', 'e', 'n', 's', '.', 'n', 'u', '\0',
+  /* "rent-a-coder.de", true */ 'r', 'e', 'n', 't', '-', 'a', '-', 'c', 'o', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rentacaramerica.com", true */ 'r', 'e', 'n', 't', 'a', 'c', 'a', 'r', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rentasweb.gob.ar", true */ 'r', 'e', 'n', 't', 'a', 's', 'w', 'e', 'b', '.', 'g', 'o', 'b', '.', 'a', 'r', '\0',
+  /* "rentinsingapore.com.sg", true */ 'r', 'e', 'n', 't', 'i', 'n', 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "rentourhomeinprovence.com", true */ 'r', 'e', 'n', 't', 'o', 'u', 'r', 'h', 'o', 'm', 'e', 'i', 'n', 'p', 'r', 'o', 'v', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "renuo.ch", false */ 'r', 'e', 'n', 'u', 'o', '.', 'c', 'h', '\0',
+  /* "reorz.com", true */ 'r', 'e', 'o', 'r', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "reox.at", false */ 'r', 'e', 'o', 'x', '.', 'a', 't', '\0',
+  /* "repaik.com", true */ 'r', 'e', 'p', 'a', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "repair.by", true */ 'r', 'e', 'p', 'a', 'i', 'r', '.', 'b', 'y', '\0',
+  /* "repaper.org", true */ 'r', 'e', 'p', 'a', 'p', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "repaxan.com", true */ 'r', 'e', 'p', 'a', 'x', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repex.co.il", true */ 'r', 'e', 'p', 'e', 'x', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "replaceits.me", true */ 'r', 'e', 'p', 'l', 'a', 'c', 'e', 'i', 't', 's', '.', 'm', 'e', '\0',
+  /* "replicagunsswords.com", false */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 'g', 'u', 'n', 's', 's', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "replicaswiss.nl", true */ 'r', 'e', 'p', 'l', 'i', 'c', 'a', 's', 'w', 'i', 's', 's', '.', 'n', 'l', '\0',
+  /* "report-uri.com", true */ 'r', 'e', 'p', 'o', 'r', 't', '-', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "reporting.gov", false */ 'r', 'e', 'p', 'o', 'r', 't', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "reporturi.com", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "reporturi.io", true */ 'r', 'e', 'p', 'o', 'r', 't', 'u', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "reposaarenkuva.fi", true */ 'r', 'e', 'p', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'k', 'u', 'v', 'a', '.', 'f', 'i', '\0',
+  /* "reproduciblescience.org", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 'i', 'b', 'l', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "reproductive-revolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', '-', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reproductiverevolution.com", true */ 'r', 'e', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'v', 'e', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reprogramming-predators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', '-', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reprogrammingpredators.com", true */ 'r', 'e', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'i', 'n', 'g', 'p', 'r', 'e', 'd', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reprozip.org", true */ 'r', 'e', 'p', 'r', 'o', 'z', 'i', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "repsomelt.com", true */ 'r', 'e', 'p', 's', 'o', 'm', 'e', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "reptrax.com", true */ 'r', 'e', 'p', 't', 'r', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "republic.gr", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'g', 'r', '\0',
+  /* "republique.org", true */ 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "repugnant-conclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', '-', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repugnantconclusion.com", true */ 'r', 'e', 'p', 'u', 'g', 'n', 'a', 'n', 't', 'c', 'o', 'n', 'c', 'l', 'u', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "repustate.com", true */ 'r', 'e', 'p', 'u', 's', 't', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reputationweaver.com", true */ 'r', 'e', 'p', 'u', 't', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'a', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "reqrut.net", true */ 'r', 'e', 'q', 'r', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "request-trent.com", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', '-', 't', 'r', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "requestr.co.uk", true */ 'r', 'e', 'q', 'u', 'e', 's', 't', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "resama.eu", true */ 'r', 'e', 's', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "resc.la", true */ 'r', 'e', 's', 'c', '.', 'l', 'a', '\0',
+  /* "rescms-secure.com", true */ 'r', 'e', 's', 'c', 'm', 's', '-', 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "research.facebook.com", false */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "researchgate.net", true */ 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 'g', 'a', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "reseausyndic.ca", true */ 'r', 'e', 's', 'e', 'a', 'u', 's', 'y', 'n', 'd', 'i', 'c', '.', 'c', 'a', '\0',
+  /* "reservar-un-hotel.com", true */ 'r', 'e', 's', 'e', 'r', 'v', 'a', 'r', '-', 'u', 'n', '-', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "residence-simoncelli.com", true */ 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '-', 's', 'i', 'm', 'o', 'n', 'c', 'e', 'l', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "resist.ca", true */ 'r', 'e', 's', 'i', 's', 't', '.', 'c', 'a', '\0',
+  /* "resolvefa.co.uk", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "resolvefa.com", true */ 'r', 'e', 's', 'o', 'l', 'v', 'e', 'f', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "resoplus.ch", true */ 'r', 'e', 's', 'o', 'p', 'l', 'u', 's', '.', 'c', 'h', '\0',
+  /* "resortohshima.com", true */ 'r', 'e', 's', 'o', 'r', 't', 'o', 'h', 's', 'h', 'i', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "resoundpro.ca", true */ 'r', 'e', 's', 'o', 'u', 'n', 'd', 'p', 'r', 'o', '.', 'c', 'a', '\0',
+  /* "resourceconnect.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "resourceguruapp.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 'g', 'u', 'r', 'u', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "resources.flowfinity.com", true */ 'r', 'e', 's', 'o', 'u', 'r', 'c', 'e', 's', '.', 'f', 'l', 'o', 'w', 'f', 'i', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "respectmyprivacy.eu", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "respectmyprivacy.net", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0',
+  /* "respectmyprivacy.nl", true */ 'r', 'e', 's', 'p', 'e', 'c', 't', 'm', 'y', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'n', 'l', '\0',
+  /* "respon.jp", true */ 'r', 'e', 's', 'p', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "responer.com", true */ 'r', 'e', 's', 'p', 'o', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "responsibledisclosure.nl", false */ 'r', 'e', 's', 'p', 'o', 'n', 's', 'i', 'b', 'l', 'e', 'd', 'i', 's', 'c', 'l', 'o', 's', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "respostas.com.br", true */ 'r', 'e', 's', 'p', 'o', 's', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "restaurant-mangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "restaurant-oregano.de", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'o', 'r', 'e', 'g', 'a', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "restaurant-rosengarten.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '-', 'r', 'o', 's', 'e', 'n', 'g', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "restaurantesimonetti.com.br", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'e', 's', 'i', 'm', 'o', 'n', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "restaurantmangal.ch", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "restauranttester.at", true */ 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', 't', 'e', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "rester-a-domicile.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', '-', 'd', 'o', 'm', 'i', 'c', 'i', 'l', 'e', '.', 'c', 'h', '\0',
+  /* "rester-autonome-chez-soi.ch", true */ 'r', 'e', 's', 't', 'e', 'r', '-', 'a', 'u', 't', 'o', 'n', 'o', 'm', 'e', '-', 'c', 'h', 'e', 'z', '-', 's', 'o', 'i', '.', 'c', 'h', '\0',
+  /* "restioson.me", true */ 'r', 'e', 's', 't', 'i', 'o', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "restoran-radovce.me", true */ 'r', 'e', 's', 't', 'o', 'r', 'a', 'n', '-', 'r', 'a', 'd', 'o', 'v', 'c', 'e', '.', 'm', 'e', '\0',
+  /* "restoreresearchstudy.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'e', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', 's', 't', 'u', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "restoruns.com", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "restoruns.xyz", true */ 'r', 'e', 's', 't', 'o', 'r', 'u', 'n', 's', '.', 'x', 'y', 'z', '\0',
+  /* "restrealitaet.de", false */ 'r', 'e', 's', 't', 'r', 'e', 'a', 'l', 'i', 't', 'a', 'e', 't', '.', 'd', 'e', '\0',
+  /* "restrito.org", true */ 'r', 'e', 's', 't', 'r', 'i', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "resursedigitale.ro", true */ 'r', 'e', 's', 'u', 'r', 's', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', 'e', '.', 'r', 'o', '\0',
+  /* "retcor.net", true */ 'r', 'e', 't', 'c', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "retetenoi.net", true */ 'r', 'e', 't', 'e', 't', 'e', 'n', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "reto.ch", true */ 'r', 'e', 't', 'o', '.', 'c', 'h', '\0',
+  /* "reto.com", true */ 'r', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "reto.io", true */ 'r', 'e', 't', 'o', '.', 'i', 'o', '\0',
+  /* "retogroup.com", true */ 'r', 'e', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "retokromer.ch", true */ 'r', 'e', 't', 'o', 'k', 'r', 'o', 'm', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "retro.rocks", true */ 'r', 'e', 't', 'r', 'o', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "retro.sx", true */ 'r', 'e', 't', 'r', 'o', '.', 's', 'x', '\0',
+  /* "retrofitlab.com", true */ 'r', 'e', 't', 'r', 'o', 'f', 'i', 't', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "retroity.net", true */ 'r', 'e', 't', 'r', 'o', 'i', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "retropage.co", true */ 'r', 'e', 't', 'r', 'o', 'p', 'a', 'g', 'e', '.', 'c', 'o', '\0',
+  /* "retroroundup.com", true */ 'r', 'e', 't', 'r', 'o', 'r', 'o', 'u', 'n', 'd', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "retrotracks.net", true */ 'r', 'e', 't', 'r', 'o', 't', 'r', 'a', 'c', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "retrowave.eu", true */ 'r', 'e', 't', 'r', 'o', 'w', 'a', 'v', 'e', '.', 'e', 'u', '\0',
+  /* "rets.org.br", true */ 'r', 'e', 't', 's', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "reucon.com", false */ 'r', 'e', 'u', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "reulitz.de", true */ 'r', 'e', 'u', 'l', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "reussirsavie.info", true */ 'r', 'e', 'u', 's', 's', 'i', 'r', 's', 'a', 'v', 'i', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "reuter-profishop.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 'p', 'r', 'o', 'f', 'i', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "reuter-shop.com", true */ 'r', 'e', 'u', 't', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "reuter.de", true */ 'r', 'e', 'u', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "revamed.com", false */ 'r', 'e', 'v', 'a', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "revapost.fr", true */ 'r', 'e', 'v', 'a', 'p', 'o', 's', 't', '.', 'f', 'r', '\0',
+  /* "revayd.net", true */ 'r', 'e', 'v', 'a', 'y', 'd', '.', 'n', 'e', 't', '\0',
+  /* "revensoftware.com", true */ 'r', 'e', 'v', 'e', 'n', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "reverencestudios.com", true */ 'r', 'e', 'v', 'e', 'r', 'e', 'n', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reverse.design", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', '.', 'd', 'e', 's', 'i', 'g', 'n', '\0',
+  /* "reverseaustralia.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'a', 'u', 's', 't', 'r', 'a', 'l', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reversecanada.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'c', 'a', 'n', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "reverseloansolutions.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 'l', 'o', 'a', 'n', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "reversesouthafrica.com", true */ 'r', 'e', 'v', 'e', 'r', 's', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "review.jp", true */ 'r', 'e', 'v', 'i', 'e', 'w', '.', 'j', 'p', '\0',
+  /* "revisionnotes.xyz", true */ 'r', 'e', 'v', 'i', 's', 'i', 'o', 'n', 'n', 'o', 't', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "revistapequenosolhares.com.br", true */ 'r', 'e', 'v', 'i', 's', 't', 'a', 'p', 'e', 'q', 'u', 'e', 'n', 'o', 's', 'o', 'l', 'h', 'a', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "revivalinhisword.com", true */ 'r', 'e', 'v', 'i', 'v', 'a', 'l', 'i', 'n', 'h', 'i', 's', 'w', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "revivingtheredeemed.org", true */ 'r', 'e', 'v', 'i', 'v', 'i', 'n', 'g', 't', 'h', 'e', 'r', 'e', 'd', 'e', 'e', 'm', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "revlect.com", true */ 'r', 'e', 'v', 'l', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "revolt.tv", true */ 'r', 'e', 'v', 'o', 'l', 't', '.', 't', 'v', '\0',
+  /* "revthefox.co.uk", true */ 'r', 'e', 'v', 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rewardingexcellence.com", true */ 'r', 'e', 'w', 'a', 'r', 'd', 'i', 'n', 'g', 'e', 'x', 'c', 'e', 'l', 'l', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rewrite3.com", true */ 'r', 'e', 'w', 'r', 'i', 't', 'e', '3', '.', 'c', 'o', 'm', '\0',
+  /* "rex.st", true */ 'r', 'e', 'x', '.', 's', 't', '\0',
+  /* "rex.tc", true */ 'r', 'e', 'x', '.', 't', 'c', '\0',
+  /* "rezexpert.com", true */ 'r', 'e', 'z', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rezosup.net", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rezosup.org", true */ 'r', 'e', 'z', 'o', 's', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "rezultant.ru", true */ 'r', 'e', 'z', 'u', 'l', 't', 'a', 'n', 't', '.', 'r', 'u', '\0',
+  /* "rezun.cloud", true */ 'r', 'e', 'z', 'u', 'n', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "rf.tn", true */ 'r', 'f', '.', 't', 'n', '\0',
+  /* "rfeif.org", true */ 'r', 'f', 'e', 'i', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "rgavmf.ru", true */ 'r', 'g', 'a', 'v', 'm', 'f', '.', 'r', 'u', '\0',
+  /* "rgbinnovation.com", true */ 'r', 'g', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rgcomportement.fr", true */ 'r', 'g', 'c', 'o', 'm', 'p', 'o', 'r', 't', 'e', 'm', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "rgservers.com", true */ 'r', 'g', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rhees.nl", true */ 'r', 'h', 'e', 'e', 's', '.', 'n', 'l', '\0',
+  /* "rhein-liebe.de", true */ 'r', 'h', 'e', 'i', 'n', '-', 'l', 'i', 'e', 'b', 'e', '.', 'd', 'e', '\0',
+  /* "rheinneckarmetal.com", true */ 'r', 'h', 'e', 'i', 'n', 'n', 'e', 'c', 'k', 'a', 'r', 'm', 'e', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rheocube.com", true */ 'r', 'h', 'e', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rhese.net", true */ 'r', 'h', 'e', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rhetthenckel.com", true */ 'r', 'h', 'e', 't', 't', 'h', 'e', 'n', 'c', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rheuma-online.de", true */ 'r', 'h', 'e', 'u', 'm', 'a', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "rhinelander.ca", true */ 'r', 'h', 'i', 'n', 'e', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "rhinoceroses.org", true */ 'r', 'h', 'i', 'n', 'o', 'c', 'e', 'r', 'o', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rhiskiapril.com", true */ 'r', 'h', 'i', 's', 'k', 'i', 'a', 'p', 'r', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rhnet.at", true */ 'r', 'h', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "rhodenmanorcattery.co.uk", true */ 'r', 'h', 'o', 'd', 'e', 'n', 'm', 'a', 'n', 'o', 'r', 'c', 'a', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rhodes.ml", true */ 'r', 'h', 'o', 'd', 'e', 's', '.', 'm', 'l', '\0',
+  /* "rhodesianridgeback.com.br", true */ 'r', 'h', 'o', 'd', 'e', 's', 'i', 'a', 'n', 'r', 'i', 'd', 'g', 'e', 'b', 'a', 'c', 'k', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rhodri.io", true */ 'r', 'h', 'o', 'd', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "rhymeswithmogul.com", true */ 'r', 'h', 'y', 'm', 'e', 's', 'w', 'i', 't', 'h', 'm', 'o', 'g', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rhymix.org", true */ 'r', 'h', 'y', 'm', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "rhynl.io", true */ 'r', 'h', 'y', 'n', 'l', '.', 'i', 'o', '\0',
+  /* "rial.space", true */ 'r', 'i', 'a', 'l', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ribs.com", true */ 'r', 'i', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ricardo.nu", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', '.', 'n', 'u', '\0',
+  /* "ricardobalk.nl", true */ 'r', 'i', 'c', 'a', 'r', 'd', 'o', 'b', 'a', 'l', 'k', '.', 'n', 'l', '\0',
+  /* "ricaud.me", true */ 'r', 'i', 'c', 'a', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "riccy.org", true */ 'r', 'i', 'c', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "riceadvice.info", true */ 'r', 'i', 'c', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "richardb.me", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'b', '.', 'm', 'e', '\0',
+  /* "richardcrosby.co.uk", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'c', 'r', 'o', 's', 'b', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "richardhering.de", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'h', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "richardjgreen.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'j', 'g', 'r', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "richardlangworth.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'a', 'n', 'g', 'w', 'o', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "richardlugten.nl", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'l', 'u', 'g', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "richardrblocker.net", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'r', 'b', 'l', 'o', 'c', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "richardson.engineering", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "richardson.pictures", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "richardson.software", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "richardson.systems", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', 'o', 'n', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "richardwarrender.com", true */ 'r', 'i', 'c', 'h', 'a', 'r', 'd', 'w', 'a', 'r', 'r', 'e', 'n', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "richie.link", true */ 'r', 'i', 'c', 'h', 'i', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "richonrails.com", true */ 'r', 'i', 'c', 'h', 'o', 'n', 'r', 'a', 'i', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ricketyspace.net", true */ 'r', 'i', 'c', 'k', 'e', 't', 'y', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "ricki-z.com", true */ 'r', 'i', 'c', 'k', 'i', '-', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rickmartensen.nl", true */ 'r', 'i', 'c', 'k', 'm', 'a', 'r', 't', 'e', 'n', 's', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "ricknox.com", true */ 'r', 'i', 'c', 'k', 'n', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rickrongen.nl", true */ 'r', 'i', 'c', 'k', 'r', 'o', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rickscastles.co.uk", true */ 'r', 'i', 'c', 'k', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rickweijers.nl", true */ 'r', 'i', 'c', 'k', 'w', 'e', 'i', 'j', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "rickyromero.com", true */ 'r', 'i', 'c', 'k', 'y', 'r', 'o', 'm', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rico-brase.de", false */ 'r', 'i', 'c', 'o', '-', 'b', 'r', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "rico.ovh", true */ 'r', 'i', 'c', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "ricochet.im", true */ 'r', 'i', 'c', 'o', 'c', 'h', 'e', 't', '.', 'i', 'm', '\0',
+  /* "ricozienke.de", true */ 'r', 'i', 'c', 'o', 'z', 'i', 'e', 'n', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "riddims.co", true */ 'r', 'i', 'd', 'd', 'i', 'm', 's', '.', 'c', 'o', '\0',
+  /* "ride-up.com", true */ 'r', 'i', 'd', 'e', '-', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ridingboutique.de", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'b', 'o', 'u', 't', 'i', 'q', 'u', 'e', '.', 'd', 'e', '\0',
+  /* "ridingoklahoma.com", true */ 'r', 'i', 'd', 'i', 'n', 'g', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rienasemettre.fr", true */ 'r', 'i', 'e', 'n', 'a', 's', 'e', 'm', 'e', 't', 't', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "riesenmagnete.de", true */ 'r', 'i', 'e', 's', 'e', 'n', 'm', 'a', 'g', 'n', 'e', 't', 'e', '.', 'd', 'e', '\0',
+  /* "riesenweber.id.au", true */ 'r', 'i', 'e', 's', 'e', 'n', 'w', 'e', 'b', 'e', 'r', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "riesheating.com", true */ 'r', 'i', 'e', 's', 'h', 'e', 'a', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rievo.net", true */ 'r', 'i', 'e', 'v', 'o', '.', 'n', 'e', 't', '\0',
+  /* "riffreporter.de", true */ 'r', 'i', 'f', 'f', 'r', 'e', 'p', 'o', 'r', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rift.pictures", true */ 'r', 'i', 'f', 't', '.', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '\0',
+  /* "rigabeerbike.com", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rigabeerbike.lv", true */ 'r', 'i', 'g', 'a', 'b', 'e', 'e', 'r', 'b', 'i', 'k', 'e', '.', 'l', 'v', '\0',
+  /* "rigart-michael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', '-', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "rigartmichael.be", true */ 'r', 'i', 'g', 'a', 'r', 't', 'm', 'i', 'c', 'h', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "righettod.eu", true */ 'r', 'i', 'g', 'h', 'e', 't', 't', 'o', 'd', '.', 'e', 'u', '\0',
+  /* "righini.ch", true */ 'r', 'i', 'g', 'h', 'i', 'n', 'i', '.', 'c', 'h', '\0',
+  /* "rightbrain.training", true */ 'r', 'i', 'g', 'h', 't', 'b', 'r', 'a', 'i', 'n', '.', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '\0',
+  /* "rightcapital.com", true */ 'r', 'i', 'g', 'h', 't', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "righteousendeavour.com", true */ 'r', 'i', 'g', 'h', 't', 'e', 'o', 'u', 's', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rightstuff.link", true */ 'r', 'i', 'g', 'h', 't', 's', 't', 'u', 'f', 'f', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "righttobuy.gov.uk", true */ 'r', 'i', 'g', 'h', 't', 't', 'o', 'b', 'u', 'y', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "rijk-catering.nl", false */ 'r', 'i', 'j', 'k', '-', 'c', 'a', 't', 'e', 'r', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "rijschoolgevonden.nl", false */ 'r', 'i', 'j', 's', 'c', 'h', 'o', 'o', 'l', 'g', 'e', 'v', 'o', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rijsinkunst.nl", true */ 'r', 'i', 'j', 's', 'i', 'n', 'k', 'u', 'n', 's', 't', '.', 'n', 'l', '\0',
+  /* "rile5.com", true */ 'r', 'i', 'l', 'e', '5', '.', 'c', 'o', 'm', '\0',
+  /* "rileyevans.co.uk", true */ 'r', 'i', 'l', 'e', 'y', 'e', 'v', 'a', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rimax.vn", true */ 'r', 'i', 'm', 'a', 'x', '.', 'v', 'n', '\0',
+  /* "rimcountrymuseum.org", true */ 'r', 'i', 'm', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "rimeto.io", true */ 'r', 'i', 'm', 'e', 't', 'o', '.', 'i', 'o', '\0',
+  /* "rimo.site", true */ 'r', 'i', 'm', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "ringingliberty.com", true */ 'r', 'i', 'n', 'g', 'i', 'n', 'g', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rinj.se", true */ 'r', 'i', 'n', 'j', '.', 's', 'e', '\0',
+  /* "rinvex.com", true */ 'r', 'i', 'n', 'v', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rio-weimar.de", true */ 'r', 'i', 'o', '-', 'w', 'e', 'i', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "rioshop.com.br", true */ 'r', 'i', 'o', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rip-sport.cz", true */ 'r', 'i', 'p', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "ripmixmake.org", true */ 'r', 'i', 'p', 'm', 'i', 'x', 'm', 'a', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ripple.com", true */ 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ris.fi", true */ 'r', 'i', 's', '.', 'f', 'i', '\0',
+  /* "risada.nl", true */ 'r', 'i', 's', 'a', 'd', 'a', '.', 'n', 'l', '\0',
+  /* "risaphuketproperty.com", true */ 'r', 'i', 's', 'a', 'p', 'h', 'u', 'k', 'e', 't', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "riscascape.net", true */ 'r', 'i', 's', 'c', 'a', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rischard.org", true */ 'r', 'i', 's', 'c', 'h', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rise-technologies.com", true */ 'r', 'i', 's', 'e', '-', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "riseup.net", true */ 'r', 'i', 's', 'e', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rishikeshyoga.in", true */ 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', 'y', 'o', 'g', 'a', '.', 'i', 'n', '\0',
+  /* "risiinfo.com", true */ 'r', 'i', 's', 'i', 'i', 'n', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "risingsun.red", true */ 'r', 'i', 's', 'i', 'n', 'g', 's', 'u', 'n', '.', 'r', 'e', 'd', '\0',
+  /* "riskmitigation.ch", true */ 'r', 'i', 's', 'k', 'm', 'i', 't', 'i', 'g', 'a', 't', 'i', 'o', 'n', '.', 'c', 'h', '\0',
+  /* "risparmiare.info", true */ 'r', 'i', 's', 'p', 'a', 'r', 'm', 'i', 'a', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rissato.com.br", true */ 'r', 'i', 's', 's', 'a', 't', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "ristioja.ee", true */ 'r', 'i', 's', 't', 'i', 'o', 'j', 'a', '.', 'e', 'e', '\0',
+  /* "ristoarea.it", true */ 'r', 'i', 's', 't', 'o', 'a', 'r', 'e', 'a', '.', 'i', 't', '\0',
+  /* "ristorantefattoamano.eu", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "ristorantefattoamano.it", true */ 'r', 'i', 's', 't', 'o', 'r', 'a', 'n', 't', 'e', 'f', 'a', 't', 't', 'o', 'a', 'm', 'a', 'n', 'o', '.', 'i', 't', '\0',
+  /* "rittau.biz", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'b', 'i', 'z', '\0',
+  /* "rittau.org", true */ 'r', 'i', 't', 't', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "ritzlux.com.tw", true */ 'r', 'i', 't', 'z', 'l', 'u', 'x', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "rivaforum.de", true */ 'r', 'i', 'v', 'a', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "rivagecare.it", true */ 'r', 'i', 'v', 'a', 'g', 'e', 'c', 'a', 'r', 'e', '.', 'i', 't', '\0',
+  /* "rivalsa.cn", true */ 'r', 'i', 'v', 'a', 'l', 's', 'a', '.', 'c', 'n', '\0',
+  /* "rivastation.de", true */ 'r', 'i', 'v', 'a', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "riverbanktearooms.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'b', 'a', 'n', 'k', 't', 'e', 'a', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "riverford.co.uk", true */ 'r', 'i', 'v', 'e', 'r', 'f', 'o', 'r', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rivermendhealthcenters.com", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'e', 'n', 'd', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rivermist.com.au", true */ 'r', 'i', 'v', 'e', 'r', 'm', 'i', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "riversideauto.net", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'a', 'u', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "riversideradio.nl", true */ 'r', 'i', 'v', 'e', 'r', 's', 'i', 'd', 'e', 'r', 'a', 'd', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "riverstyxgame.com", true */ 'r', 'i', 'v', 'e', 'r', 's', 't', 'y', 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "riverweb.gr", true */ 'r', 'i', 'v', 'e', 'r', 'w', 'e', 'b', '.', 'g', 'r', '\0',
+  /* "rivierasaints.ch", true */ 'r', 'i', 'v', 'i', 'e', 'r', 'a', 's', 'a', 'i', 'n', 't', 's', '.', 'c', 'h', '\0',
+  /* "rivy.org", true */ 'r', 'i', 'v', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "rix.ninja", true */ 'r', 'i', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "rixter.com", true */ 'r', 'i', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "riyono.com", true */ 'r', 'i', 'y', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rizospastis.gr", true */ 'r', 'i', 'z', 'o', 's', 'p', 'a', 's', 't', 'i', 's', '.', 'g', 'r', '\0',
+  /* "rj-onderneemt.nl", true */ 'r', 'j', '-', 'o', 'n', 'd', 'e', 'r', 'n', 'e', 'e', 'm', 't', '.', 'n', 'l', '\0',
+  /* "rjnutrition.consulting", true */ 'r', 'j', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "rkc-hygrotherm.de", true */ 'r', 'k', 'c', '-', 'h', 'y', 'g', 'r', 'o', 't', 'h', 'e', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "rlalique.com", true */ 'r', 'l', 'a', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rld.org", true */ 'r', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "rlds.ch", true */ 'r', 'l', 'd', 's', '.', 'c', 'h', '\0',
+  /* "rleh.de", true */ 'r', 'l', 'e', 'h', '.', 'd', 'e', '\0',
+  /* "rlove.org", true */ 'r', 'l', 'o', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "rlsnet.ru", false */ 'r', 'l', 's', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "rm-it.de", true */ 'r', 'm', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "rmb.li", true */ 'r', 'm', 'b', '.', 'l', 'i', '\0',
+  /* "rmcbs.de", true */ 'r', 'm', 'c', 'b', 's', '.', 'd', 'e', '\0',
+  /* "rmdlingerie.com.br", true */ 'r', 'm', 'd', 'l', 'i', 'n', 'g', 'e', 'r', 'i', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rmf.io", true */ 'r', 'm', 'f', '.', 'i', 'o', '\0',
+  /* "rmit.me", true */ 'r', 'm', 'i', 't', '.', 'm', 'e', '\0',
+  /* "rmk.si", true */ 'r', 'm', 'k', '.', 's', 'i', '\0',
+  /* "rmmanfredi.com", true */ 'r', 'm', 'm', 'a', 'n', 'f', 'r', 'e', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rmpsolution.de", true */ 'r', 'm', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "rmrig.org", true */ 'r', 'm', 'r', 'i', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "rms.sexy", true */ 'r', 'm', 's', '.', 's', 'e', 'x', 'y', '\0',
+  /* "rmsides.com", true */ 'r', 'm', 's', 'i', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rmstudio.tw", true */ 'r', 'm', 's', 't', 'u', 'd', 'i', 'o', '.', 't', 'w', '\0',
+  /* "rmsupply.nl", true */ 'r', 'm', 's', 'u', 'p', 'p', 'l', 'y', '.', 'n', 'l', '\0',
+  /* "rnag.ie", true */ 'r', 'n', 'a', 'g', '.', 'i', 'e', '\0',
+  /* "rnb-storenbau.ch", true */ 'r', 'n', 'b', '-', 's', 't', 'o', 'r', 'e', 'n', 'b', 'a', 'u', '.', 'c', 'h', '\0',
+  /* "rngmeme.com", true */ 'r', 'n', 'g', 'm', 'e', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rnt.cl", true */ 'r', 'n', 't', '.', 'c', 'l', '\0',
+  /* "ro.search.yahoo.com", false */ 'r', 'o', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "roadguard.nl", true */ 'r', 'o', 'a', 'd', 'g', 'u', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "roadtopgm.com", true */ 'r', 'o', 'a', 'd', 't', 'o', 'p', 'g', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "roave.com", true */ 'r', 'o', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rob.uk.com", true */ 'r', 'o', 'b', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rob006.net", true */ 'r', 'o', 'b', '0', '0', '6', '.', 'n', 'e', 't', '\0',
+  /* "robandjanine.com", true */ 'r', 'o', 'b', 'a', 'n', 'd', 'j', 'a', 'n', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "robbertt.com", true */ 'r', 'o', 'b', 'b', 'e', 'r', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "robert-flynn.de", true */ 'r', 'o', 'b', 'e', 'r', 't', '-', 'f', 'l', 'y', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "robertabittle.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 'b', 'i', 't', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "robertattfield.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'a', 't', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "robertg.me", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', '.', 'm', 'e', '\0',
+  /* "robertglastra.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'g', 'l', 'a', 's', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "roberthurlbut.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'h', 'u', 'r', 'l', 'b', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "robertkrueger.de", true */ 'r', 'o', 'b', 'e', 'r', 't', 'k', 'r', 'u', 'e', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "robertlysik.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'l', 'y', 's', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "roberto-webhosting.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', '-', 'w', 'e', 'b', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "robertoentringer.com", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'e', 'n', 't', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "robertof.ovh", true */ 'r', 'o', 'b', 'e', 'r', 't', 'o', 'f', '.', 'o', 'v', 'h', '\0',
+  /* "robertreiser.photography", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'e', 'i', 's', 'e', 'r', '.', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '\0',
+  /* "robertrijnders.nl", true */ 'r', 'o', 'b', 'e', 'r', 't', 'r', 'i', 'j', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "robertsmits.be", true */ 'r', 'o', 'b', 'e', 'r', 't', 's', 'm', 'i', 't', 's', '.', 'b', 'e', '\0',
+  /* "robhorstmanshof.nl", true */ 'r', 'o', 'b', 'h', 'o', 'r', 's', 't', 'm', 'a', 'n', 's', 'h', 'o', 'f', '.', 'n', 'l', '\0',
+  /* "robin-novotny.com", true */ 'r', 'o', 'b', 'i', 'n', '-', 'n', 'o', 'v', 'o', 't', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "robin.co.kr", true */ 'r', 'o', 'b', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "robin.info", true */ 'r', 'o', 'b', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "robinadr.com", true */ 'r', 'o', 'b', 'i', 'n', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "robinevandenbos.nl", true */ 'r', 'o', 'b', 'i', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "robinflikkema.nl", true */ 'r', 'o', 'b', 'i', 'n', 'f', 'l', 'i', 'k', 'k', 'e', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "robinhoodbingo.com", true */ 'r', 'o', 'b', 'i', 'n', 'h', 'o', 'o', 'd', 'b', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "robinlinden.eu", true */ 'r', 'o', 'b', 'i', 'n', 'l', 'i', 'n', 'd', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "robinsonstrategy.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "robinsonyu.com", true */ 'r', 'o', 'b', 'i', 'n', 's', 'o', 'n', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "robinvdmarkt.nl", true */ 'r', 'o', 'b', 'i', 'n', 'v', 'd', 'm', 'a', 'r', 'k', 't', '.', 'n', 'l', '\0',
+  /* "robinwinslow.uk", true */ 'r', 'o', 'b', 'i', 'n', 'w', 'i', 'n', 's', 'l', 'o', 'w', '.', 'u', 'k', '\0',
+  /* "robjager-fotografie.nl", true */ 'r', 'o', 'b', 'j', 'a', 'g', 'e', 'r', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "robocop.no", true */ 'r', 'o', 'b', 'o', 'c', 'o', 'p', '.', 'n', 'o', '\0',
+  /* "robodeidentidad.gov", true */ 'r', 'o', 'b', 'o', 'd', 'e', 'i', 'd', 'e', 'n', 't', 'i', 'd', 'a', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "robohash.org", true */ 'r', 'o', 'b', 'o', 'h', 'a', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "robot.car", true */ 'r', 'o', 'b', 'o', 't', '.', 'c', 'a', 'r', '\0',
+  /* "robotattack.org", true */ 'r', 'o', 'b', 'o', 't', 'a', 't', 't', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "robotham.org", true */ 'r', 'o', 'b', 'o', 't', 'h', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "robototes.com", true */ 'r', 'o', 'b', 'o', 't', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "robots-ju.ch", true */ 'r', 'o', 'b', 'o', 't', 's', '-', 'j', 'u', '.', 'c', 'h', '\0',
+  /* "robpol86.com", true */ 'r', 'o', 'b', 'p', 'o', 'l', '8', '6', '.', 'c', 'o', 'm', '\0',
+  /* "robspc.repair", true */ 'r', 'o', 'b', 's', 'p', 'c', '.', 'r', 'e', 'p', 'a', 'i', 'r', '\0',
+  /* "robspeed.rocks", true */ 'r', 'o', 'b', 's', 'p', 'e', 'e', 'd', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "robu.in", true */ 'r', 'o', 'b', 'u', '.', 'i', 'n', '\0',
+  /* "robud.info", true */ 'r', 'o', 'b', 'u', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rocka.me", true */ 'r', 'o', 'c', 'k', 'a', '.', 'm', 'e', '\0',
+  /* "rockagogo.com", true */ 'r', 'o', 'c', 'k', 'a', 'g', 'o', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rockbankland.com.au", true */ 'r', 'o', 'c', 'k', 'b', 'a', 'n', 'k', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rockcanyonbank.com", true */ 'r', 'o', 'c', 'k', 'c', 'a', 'n', 'y', 'o', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rockcellar.ch", true */ 'r', 'o', 'c', 'k', 'c', 'e', 'l', 'l', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "rockenfuerlachenhelfen.de", true */ 'r', 'o', 'c', 'k', 'e', 'n', 'f', 'u', 'e', 'r', 'l', 'a', 'c', 'h', 'e', 'n', 'h', 'e', 'l', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rocketr.net", true */ 'r', 'o', 'c', 'k', 'e', 't', 'r', '.', 'n', 'e', 't', '\0',
+  /* "rockfax.com", true */ 'r', 'o', 'c', 'k', 'f', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rockhounds.co.za", true */ 'r', 'o', 'c', 'k', 'h', 'o', 'u', 'n', 'd', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "rockinronniescastles.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 'n', 'r', 'o', 'n', 'n', 'i', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rockitinflatables.co.uk", true */ 'r', 'o', 'c', 'k', 'i', 't', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rockpesado.com.br", true */ 'r', 'o', 'c', 'k', 'p', 'e', 's', 'a', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rockthebabybump.com", true */ 'r', 'o', 'c', 'k', 't', 'h', 'e', 'b', 'a', 'b', 'y', 'b', 'u', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rockuse.com.br", true */ 'r', 'o', 'c', 'k', 'u', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "rockymountainspice.com", true */ 'r', 'o', 'c', 'k', 'y', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 's', 'p', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rocssti.net", true */ 'r', 'o', 'c', 's', 's', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rodeobull.biz", true */ 'r', 'o', 'd', 'e', 'o', 'b', 'u', 'l', 'l', '.', 'b', 'i', 'z', '\0',
+  /* "rodeohire.com", true */ 'r', 'o', 'd', 'e', 'o', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rodeosales.co.uk", true */ 'r', 'o', 'd', 'e', 'o', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rodevlaggen.nl", true */ 'r', 'o', 'd', 'e', 'v', 'l', 'a', 'g', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rodichi.net", true */ 'r', 'o', 'd', 'i', 'c', 'h', 'i', '.', 'n', 'e', 't', '\0',
+  /* "rodolfo.gs", true */ 'r', 'o', 'd', 'o', 'l', 'f', 'o', '.', 'g', 's', '\0',
+  /* "rodomonte.org", true */ 'r', 'o', 'd', 'o', 'm', 'o', 'n', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "rodrigocarvalho.blog.br", true */ 'r', 'o', 'd', 'r', 'i', 'g', 'o', 'c', 'a', 'r', 'v', 'a', 'l', 'h', 'o', '.', 'b', 'l', 'o', 'g', '.', 'b', 'r', '\0',
+  /* "rodzina-kupiec.eu.org", true */ 'r', 'o', 'd', 'z', 'i', 'n', 'a', '-', 'k', 'u', 'p', 'i', 'e', 'c', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "roeckx.be", true */ 'r', 'o', 'e', 'c', 'k', 'x', '.', 'b', 'e', '\0',
+  /* "roeitijd.nl", true */ 'r', 'o', 'e', 'i', 't', 'i', 'j', 'd', '.', 'n', 'l', '\0',
+  /* "roeldevries.me", true */ 'r', 'o', 'e', 'l', 'd', 'e', 'v', 'r', 'i', 'e', 's', '.', 'm', 'e', '\0',
+  /* "roelf.org", true */ 'r', 'o', 'e', 'l', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "roelhollander.eu", true */ 'r', 'o', 'e', 'l', 'h', 'o', 'l', 'l', 'a', 'n', 'd', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "roelof.io", true */ 'r', 'o', 'e', 'l', 'o', 'f', '.', 'i', 'o', '\0',
+  /* "roelsworld.eu", true */ 'r', 'o', 'e', 'l', 's', 'w', 'o', 'r', 'l', 'd', '.', 'e', 'u', '\0',
+  /* "roemhild.de", true */ 'r', 'o', 'e', 'm', 'h', 'i', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "roerstaafjes.nl", true */ 'r', 'o', 'e', 'r', 's', 't', 'a', 'a', 'f', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "roessner-network-solutions.com", false */ 'r', 'o', 'e', 's', 's', 'n', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roffe.nu", true */ 'r', 'o', 'f', 'f', 'e', '.', 'n', 'u', '\0',
+  /* "rofl.com.ua", true */ 'r', 'o', 'f', 'l', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "roflcopter.fr", true */ 'r', 'o', 'f', 'l', 'c', 'o', 'p', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "rogagym.com", true */ 'r', 'o', 'g', 'a', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "rogeiro.net", true */ 'r', 'o', 'g', 'e', 'i', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "roger101.com", true */ 'r', 'o', 'g', 'e', 'r', '1', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "rogerdat.ovh", true */ 'r', 'o', 'g', 'e', 'r', 'd', 'a', 't', '.', 'o', 'v', 'h', '\0',
+  /* "rogerhub.com", true */ 'r', 'o', 'g', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "rogerriendeau.ca", true */ 'r', 'o', 'g', 'e', 'r', 'r', 'i', 'e', 'n', 'd', 'e', 'a', 'u', '.', 'c', 'a', '\0',
+  /* "rogersaam.ch", true */ 'r', 'o', 'g', 'e', 'r', 's', 'a', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "rogersremovals.co.uk", true */ 'r', 'o', 'g', 'e', 'r', 's', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rogersvilleumc.org", true */ 'r', 'o', 'g', 'e', 'r', 's', 'v', 'i', 'l', 'l', 'e', 'u', 'm', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "rognhaugen.no", true */ 'r', 'o', 'g', 'n', 'h', 'a', 'u', 'g', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "rogue-e.xyz", true */ 'r', 'o', 'g', 'u', 'e', '-', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "roguefinancial.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "roguefortgame.com", true */ 'r', 'o', 'g', 'u', 'e', 'f', 'o', 'r', 't', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "roguesignal.net", true */ 'r', 'o', 'g', 'u', 'e', 's', 'i', 'g', 'n', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "roguetechhub.org", true */ 'r', 'o', 'g', 'u', 'e', 't', 'e', 'c', 'h', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "rohedaten.de", true */ 'r', 'o', 'h', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rohitagr.com", true */ 'r', 'o', 'h', 'i', 't', 'a', 'g', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rointe.online", true */ 'r', 'o', 'i', 'n', 't', 'e', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "roiscroll.com", true */ 'r', 'o', 'i', 's', 'c', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "rokki.ch", true */ 'r', 'o', 'k', 'k', 'i', '.', 'c', 'h', '\0',
+  /* "rokort.dk", true */ 'r', 'o', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "rokudenashi.de", true */ 'r', 'o', 'k', 'u', 'd', 'e', 'n', 'a', 's', 'h', 'i', '.', 'd', 'e', '\0',
+  /* "roland.io", true */ 'r', 'o', 'l', 'a', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "rolandkolodziej.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'k', 'o', 'l', 'o', 'd', 'z', 'i', 'e', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "rolandreed.cn", true */ 'r', 'o', 'l', 'a', 'n', 'd', 'r', 'e', 'e', 'd', '.', 'c', 'n', '\0',
+  /* "rolandszabo.com", true */ 'r', 'o', 'l', 'a', 'n', 'd', 's', 'z', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rolliwelt.de", true */ 'r', 'o', 'l', 'l', 'i', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "rolodato.com", true */ 'r', 'o', 'l', 'o', 'd', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "roma-servizi.it", true */ 'r', 'o', 'm', 'a', '-', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "romab.com", true */ 'r', 'o', 'm', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "roman-pavlik.cz", true */ 'r', 'o', 'm', 'a', 'n', '-', 'p', 'a', 'v', 'l', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "romande-entretien.ch", true */ 'r', 'o', 'm', 'a', 'n', 'd', 'e', '-', 'e', 'n', 't', 'r', 'e', 't', 'i', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "romanpavlodar.kz", true */ 'r', 'o', 'm', 'a', 'n', 'p', 'a', 'v', 'l', 'o', 'd', 'a', 'r', '.', 'k', 'z', '\0',
+  /* "romantelychko.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'e', 'l', 'y', 'c', 'h', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "romantic-quotes.co.uk", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', '-', 'q', 'u', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "romanticschemermovie.com", true */ 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 's', 'c', 'h', 'e', 'm', 'e', 'r', 'm', 'o', 'v', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "romarin.es", true */ 'r', 'o', 'm', 'a', 'r', 'i', 'n', '.', 'e', 's', '\0',
+  /* "rome.dating", true */ 'r', 'o', 'm', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "rommelwood.de", true */ 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'o', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "rondommen.nl", true */ 'r', 'o', 'n', 'd', 'o', 'm', 'm', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rondouin.fr", true */ 'r', 'o', 'n', 'd', 'o', 'u', 'i', 'n', '.', 'f', 'r', '\0',
+  /* "rondreis-planner.nl", true */ 'r', 'o', 'n', 'd', 'r', 'e', 'i', 's', '-', 'p', 'l', 'a', 'n', 'n', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "roninf.ch", true */ 'r', 'o', 'n', 'i', 'n', 'f', '.', 'c', 'h', '\0',
+  /* "ronomon.com", true */ 'r', 'o', 'n', 'o', 'm', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "roo.ie", true */ 'r', 'o', 'o', '.', 'i', 'e', '\0',
+  /* "roofingomaha.com", true */ 'r', 'o', 'o', 'f', 'i', 'n', 'g', 'o', 'm', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "roofsandbasements.com", true */ 'r', 'o', 'o', 'f', 's', 'a', 'n', 'd', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rool.me", true */ 'r', 'o', 'o', 'l', '.', 'm', 'e', '\0',
+  /* "room208.org", true */ 'r', 'o', 'o', 'm', '2', '0', '8', '.', 'o', 'r', 'g', '\0',
+  /* "room2d.com", true */ 'r', 'o', 'o', 'm', '2', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "room3b.eu", true */ 'r', 'o', 'o', 'm', '3', 'b', '.', 'e', 'u', '\0',
+  /* "roombase.nl", true */ 'r', 'o', 'o', 'm', 'b', 'a', 's', 'e', '.', 'n', 'l', '\0',
+  /* "roomhub.jp", true */ 'r', 'o', 'o', 'm', 'h', 'u', 'b', '.', 'j', 'p', '\0',
+  /* "roomongo.com", true */ 'r', 'o', 'o', 'm', 'o', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rooneytours.nl", true */ 'r', 'o', 'o', 'n', 'e', 'y', 't', 'o', 'u', 'r', 's', '.', 'n', 'l', '\0',
+  /* "roosabels.nl", false */ 'r', 'o', 'o', 's', 'a', 'b', 'e', 'l', 's', '.', 'n', 'l', '\0',
+  /* "roosteroriginals.com", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roosterpgplus.nl", true */ 'r', 'o', 'o', 's', 't', 'e', 'r', 'p', 'g', 'p', 'l', 'u', 's', '.', 'n', 'l', '\0',
+  /* "root.bg", true */ 'r', 'o', 'o', 't', '.', 'b', 'g', '\0',
+  /* "root.eu.org", true */ 'r', 'o', 'o', 't', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "rootcamp.net", true */ 'r', 'o', 'o', 't', 'c', 'a', 'm', 'p', '.', 'n', 'e', 't', '\0',
+  /* "rootcommand.com", true */ 'r', 'o', 'o', 't', 'c', 'o', 'm', 'm', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rootear.com", true */ 'r', 'o', 'o', 't', 'e', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rootedlifemontessori.com", true */ 'r', 'o', 'o', 't', 'e', 'd', 'l', 'i', 'f', 'e', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rootlair.com", true */ 'r', 'o', 'o', 't', 'l', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rootrelativity.com", true */ 'r', 'o', 'o', 't', 'r', 'e', 'l', 'a', 't', 'i', 'v', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "roots-example-project.com", true */ 'r', 'o', 'o', 't', 's', '-', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "roots.io", true */ 'r', 'o', 'o', 't', 's', '.', 'i', 'o', '\0',
+  /* "rootsandrain.com", true */ 'r', 'o', 'o', 't', 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "rootsbar.fr", true */ 'r', 'o', 'o', 't', 's', 'b', 'a', 'r', '.', 'f', 'r', '\0',
+  /* "rootscope.co.uk", true */ 'r', 'o', 'o', 't', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rootswitch.com", true */ 'r', 'o', 'o', 't', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rootusers.com", true */ 'r', 'o', 'o', 't', 'u', 's', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "roryneville.com", true */ 'r', 'o', 'r', 'y', 'n', 'e', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rosabellas.co.uk", true */ 'r', 'o', 's', 'a', 'b', 'e', 'l', 'l', 'a', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rosbass.ru", true */ 'r', 'o', 's', 'b', 'a', 's', 's', '.', 'r', 'u', '\0',
+  /* "rose-prism.org", true */ 'r', 'o', 's', 'e', '-', 'p', 'r', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "rosehosting.reviews", true */ 'r', 'o', 's', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'e', 'v', 'i', 'e', 'w', 's', '\0',
+  /* "roseitsolutions.co.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "roseitsolutions.uk", true */ 'r', 'o', 's', 'e', 'i', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'u', 'k', '\0',
+  /* "roseliere.ch", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "roseliere.com", true */ 'r', 'o', 's', 'e', 'l', 'i', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "roseluna.com", true */ 'r', 'o', 's', 'e', 'l', 'u', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "rosemariefloydballet.com", true */ 'r', 'o', 's', 'e', 'm', 'a', 'r', 'i', 'e', 'f', 'l', 'o', 'y', 'd', 'b', 'a', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rosenheimsingles.de", true */ 'r', 'o', 's', 'e', 'n', 'h', 'e', 'i', 'm', 's', 'i', 'n', 'g', 'l', 'e', 's', '.', 'd', 'e', '\0',
+  /* "rosenkeller.org", true */ 'r', 'o', 's', 'e', 'n', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "roseofyork.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "roseofyorkbooking.com", true */ 'r', 'o', 's', 'e', 'o', 'f', 'y', 'o', 'r', 'k', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rosesciences.com", true */ 'r', 'o', 's', 'e', 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rosevillefacialplasticsurgery.com", true */ 'r', 'o', 's', 'e', 'v', 'i', 'l', 'l', 'e', 'f', 'a', 'c', 'i', 'a', 'l', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "rosewoodranch.com", true */ 'r', 'o', 's', 'e', 'w', 'o', 'o', 'd', 'r', 'a', 'n', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "rosi-royal.com", true */ 'r', 'o', 's', 'i', '-', 'r', 'o', 'y', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "roslynpad.net", true */ 'r', 'o', 's', 'l', 'y', 'n', 'p', 'a', 'd', '.', 'n', 'e', 't', '\0',
+  /* "rosset.me", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'm', 'e', '\0',
+  /* "rosset.net", true */ 'r', 'o', 's', 's', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "rossiworld.com", true */ 'r', 'o', 's', 's', 'i', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rosslug.org.uk", true */ 'r', 'o', 's', 's', 'l', 'u', 'g', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "rot47.net", true */ 'r', 'o', 't', '4', '7', '.', 'n', 'e', 't', '\0',
+  /* "roten.email", true */ 'r', 'o', 't', 'e', 'n', '.', 'e', 'm', 'a', 'i', 'l', '\0',
+  /* "rothkranz.net", true */ 'r', 'o', 't', 'h', 'k', 'r', 'a', 'n', 'z', '.', 'n', 'e', 't', '\0',
+  /* "rothnater.ch", true */ 'r', 'o', 't', 'h', 'n', 'a', 't', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "rotol.me", true */ 'r', 'o', 't', 'o', 'l', '.', 'm', 'e', '\0',
+  /* "rottweil-hilft.de", true */ 'r', 'o', 't', 't', 'w', 'e', 'i', 'l', '-', 'h', 'i', 'l', 'f', 't', '.', 'd', 'e', '\0',
+  /* "rotunneling.net", true */ 'r', 'o', 't', 'u', 'n', 'n', 'e', 'l', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "rotzonline.com", true */ 'r', 'o', 't', 'z', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rougechocolat.fr", true */ 'r', 'o', 'u', 'g', 'e', 'c', 'h', 'o', 'c', 'o', 'l', 'a', 't', '.', 'f', 'r', '\0',
+  /* "roughgrain.com", true */ 'r', 'o', 'u', 'g', 'h', 'g', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "roulinfo.ch", true */ 'r', 'o', 'u', 'l', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "roulons-autrement.com", true */ 'r', 'o', 'u', 'l', 'o', 'n', 's', '-', 'a', 'u', 't', 'r', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rounda.it", true */ 'r', 'o', 'u', 'n', 'd', 'a', '.', 'i', 't', '\0',
+  /* "roundcube.mayfirst.org", false */ 'r', 'o', 'u', 'n', 'd', 'c', 'u', 'b', 'e', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "roussos.cc", true */ 'r', 'o', 'u', 's', 's', 'o', 's', '.', 'c', 'c', '\0',
+  /* "rout0r.org", true */ 'r', 'o', 'u', 't', '0', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "routeragency.com", true */ 'r', 'o', 'u', 't', 'e', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "routerclub.ru", true */ 'r', 'o', 'u', 't', 'e', 'r', 'c', 'l', 'u', 'b', '.', 'r', 'u', '\0',
+  /* "routetracker.co", true */ 'r', 'o', 'u', 't', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "rove3d.com", true */ 'r', 'o', 'v', 'e', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rowancasting.ie", true */ 'r', 'o', 'w', 'a', 'n', 'c', 'a', 's', 't', 'i', 'n', 'g', '.', 'i', 'e', '\0',
+  /* "rowankaag.nl", true */ 'r', 'o', 'w', 'a', 'n', 'k', 'a', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "rowlog.com", true */ 'r', 'o', 'w', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rows.io", true */ 'r', 'o', 'w', 's', '.', 'i', 'o', '\0',
+  /* "roxiesbouncycastlehire.co.uk", true */ 'r', 'o', 'x', 'i', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "roxtri.cz", true */ 'r', 'o', 'x', 't', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "royal-mangal.ch", true */ 'r', 'o', 'y', 'a', 'l', '-', 'm', 'a', 'n', 'g', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "royal-rangers.de", true */ 'r', 'o', 'y', 'a', 'l', '-', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "royalacademy.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "royalbluewa3.cc", true */ 'r', 'o', 'y', 'a', 'l', 'b', 'l', 'u', 'e', 'w', 'a', '3', '.', 'c', 'c', '\0',
+  /* "royalcitytaxi.ca", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'a', '\0',
+  /* "royalcitytaxi.com", true */ 'r', 'o', 'y', 'a', 'l', 'c', 'i', 't', 'y', 't', 'a', 'x', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "royalmarinesassociation.org.uk", true */ 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "royalnissanparts.com", true */ 'r', 'o', 'y', 'a', 'l', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "royalpalacenogent.fr", true */ 'r', 'o', 'y', 'a', 'l', 'p', 'a', 'l', 'a', 'c', 'e', 'n', 'o', 'g', 'e', 'n', 't', '.', 'f', 'r', '\0',
+  /* "royalrangers.fi", true */ 'r', 'o', 'y', 'a', 'l', 'r', 'a', 'n', 'g', 'e', 'r', 's', '.', 'f', 'i', '\0',
+  /* "royalty-market.com", true */ 'r', 'o', 'y', 'a', 'l', 't', 'y', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "royalvisiongroup.com", true */ 'r', 'o', 'y', 'a', 'l', 'v', 'i', 's', 'i', 'o', 'n', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rozhodce.cz", true */ 'r', 'o', 'z', 'h', 'o', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "rpadovani.com", true */ 'r', 'p', 'a', 'd', 'o', 'v', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rpgmaker.es", true */ 'r', 'p', 'g', 'm', 'a', 'k', 'e', 'r', '.', 'e', 's', '\0',
+  /* "rpherbig.com", true */ 'r', 'p', 'h', 'e', 'r', 'b', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rpine.net", true */ 'r', 'p', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rpy.xyz", true */ 'r', 'p', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "rq-labo.jp", true */ 'r', 'q', '-', 'l', 'a', 'b', 'o', '.', 'j', 'p', '\0',
+  /* "rr105.de", true */ 'r', 'r', '1', '0', '5', '.', 'd', 'e', '\0',
+  /* "rraesthetics.com", true */ 'r', 'r', 'a', 'e', 's', 't', 'h', 'e', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rrdesignsuisse.com", true */ 'r', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', 'u', 'i', 's', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rrg-partner.ch", true */ 'r', 'r', 'g', '-', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "rring.me", true */ 'r', 'r', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "rro.rs", true */ 'r', 'r', 'o', '.', 'r', 's', '\0',
+  /* "rrom.me", true */ 'r', 'r', 'o', 'm', '.', 'm', 'e', '\0',
+  /* "rrudnik.com", true */ 'r', 'r', 'u', 'd', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rrwolfe.com", true */ 'r', 'r', 'w', 'o', 'l', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rsap.ca", true */ 'r', 's', 'a', 'p', '.', 'c', 'a', '\0',
+  /* "rsauget.fr", true */ 'r', 's', 'a', 'u', 'g', 'e', 't', '.', 'f', 'r', '\0',
+  /* "rsgcard.com", true */ 'r', 's', 'g', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rsi.im", false */ 'r', 's', 'i', '.', 'i', 'm', '\0',
+  /* "rsingermd.com", true */ 'r', 's', 'i', 'n', 'g', 'e', 'r', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "rskuipers.com", true */ 'r', 's', 'k', 'u', 'i', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rsl.gd", true */ 'r', 's', 'l', '.', 'g', 'd', '\0',
+  /* "rsm-intern.de", true */ 'r', 's', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "rsm-liga.de", true */ 'r', 's', 'm', '-', 'l', 'i', 'g', 'a', '.', 'd', 'e', '\0',
+  /* "rss.sh", false */ 'r', 's', 's', '.', 's', 'h', '\0',
+  /* "rssr.se", true */ 'r', 's', 's', 'r', '.', 's', 'e', '\0',
+  /* "rstraining.co.uk", true */ 'r', 's', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rstsecuritygroup.co.uk", true */ 'r', 's', 't', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rsttraining.co.uk", true */ 'r', 's', 't', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rsvaachen.de", true */ 'r', 's', 'v', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rsync.eu", false */ 'r', 's', 'y', 'n', 'c', '.', 'e', 'u', '\0',
+  /* "rtate.ca", true */ 'r', 't', 'a', 't', 'e', '.', 'c', 'a', '\0',
+  /* "rtate.se", true */ 'r', 't', 'a', 't', 'e', '.', 's', 'e', '\0',
+  /* "rtcx.net", true */ 'r', 't', 'c', 'x', '.', 'n', 'e', 't', '\0',
+  /* "rtd.uk.com", true */ 'r', 't', 'd', '.', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "rte.eu", true */ 'r', 't', 'e', '.', 'e', 'u', '\0',
+  /* "rte2fm.ie", true */ 'r', 't', 'e', '2', 'f', 'm', '.', 'i', 'e', '\0',
+  /* "rteaertel.ie", true */ 'r', 't', 'e', 'a', 'e', 'r', 't', 'e', 'l', '.', 'i', 'e', '\0',
+  /* "rtechservices.io", true */ 'r', 't', 'e', 'c', 'h', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0',
+  /* "rteinternational.ie", true */ 'r', 't', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'i', 'e', '\0',
+  /* "rtejr.ie", true */ 'r', 't', 'e', 'j', 'r', '.', 'i', 'e', '\0',
+  /* "rtek.se", true */ 'r', 't', 'e', 'k', '.', 's', 'e', '\0',
+  /* "rtenews.eu", true */ 'r', 't', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "rteone.ie", true */ 'r', 't', 'e', 'o', 'n', 'e', '.', 'i', 'e', '\0',
+  /* "rteplayer.com", true */ 'r', 't', 'e', 'p', 'l', 'a', 'y', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rtesport.eu", true */ 'r', 't', 'e', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "rtfpessoa.xyz", true */ 'r', 't', 'f', 'p', 'e', 's', 's', 'o', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "rtho.me", true */ 'r', 't', 'h', 'o', '.', 'm', 'e', '\0',
+  /* "rtrinflatables.co.uk", true */ 'r', 't', 'r', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rtsr.ch", true */ 'r', 't', 's', 'r', '.', 'c', 'h', '\0',
+  /* "rtvi.com", true */ 'r', 't', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "rtwcourse.com", true */ 'r', 't', 'w', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ru-sprachstudio.ch", true */ 'r', 'u', '-', 's', 'p', 'r', 'a', 'c', 'h', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "ru.search.yahoo.com", false */ 'r', 'u', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ruanmi.de", true */ 'r', 'u', 'a', 'n', 'm', 'i', '.', 'd', 'e', '\0',
+  /* "rubberfurs.org", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'f', 'u', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "rubberlegscastles.co.uk", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'l', 'e', 'g', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rubbermaidoutlet.com", true */ 'r', 'u', 'b', 'b', 'e', 'r', 'm', 'a', 'i', 'd', 'o', 'u', 't', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rubbix.net", true */ 'r', 'u', 'b', 'b', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "rubbleremovalsbenoni.co.za", true */ 'r', 'u', 'b', 'b', 'l', 'e', 'r', 'e', 'm', 'o', 'v', 'a', 'l', 's', 'b', 'e', 'n', 'o', 'n', 'i', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "ruben.am", true */ 'r', 'u', 'b', 'e', 'n', '.', 'a', 'm', '\0',
+  /* "rubenbarbero.com", true */ 'r', 'u', 'b', 'e', 'n', 'b', 'a', 'r', 'b', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rubenkruisselbrink.nl", true */ 'r', 'u', 'b', 'e', 'n', 'k', 'r', 'u', 'i', 's', 's', 'e', 'l', 'b', 'r', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "rublacklist.net", true */ 'r', 'u', 'b', 'l', 'a', 'c', 'k', 'l', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "ruby-auf-schienen.de", true */ 'r', 'u', 'b', 'y', '-', 'a', 'u', 'f', '-', 's', 'c', 'h', 'i', 'e', 'n', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rubyist.today", true */ 'r', 'u', 'b', 'y', 'i', 's', 't', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "rubymartin.com.au", true */ 'r', 'u', 'b', 'y', 'm', 'a', 'r', 't', 'i', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "rubyquincunx.com", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "rubyquincunx.org", true */ 'r', 'u', 'b', 'y', 'q', 'u', 'i', 'n', 'c', 'u', 'n', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "rubytune.com", true */ 'r', 'u', 'b', 'y', 't', 'u', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rucnerobene.eu", true */ 'r', 'u', 'c', 'n', 'e', 'r', 'o', 'b', 'e', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "ruconsole.com", true */ 'r', 'u', 'c', 'o', 'n', 's', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rud.is", true */ 'r', 'u', 'd', '.', 'i', 's', '\0',
+  /* "rudd-o.com", true */ 'r', 'u', 'd', 'd', '-', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rudelune.fr", true */ 'r', 'u', 'd', 'e', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "ruderverein-gelsenkirchen.de", true */ 'r', 'u', 'd', 'e', 'r', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'g', 'e', 'l', 's', 'e', 'n', 'k', 'i', 'r', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "rudloff.pro", false */ 'r', 'u', 'd', 'l', 'o', 'f', 'f', '.', 'p', 'r', 'o', '\0',
+  /* "rudolph.life", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "rudolphmarketing.com", true */ 'r', 'u', 'd', 'o', 'l', 'p', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "rudrastyh.com", true */ 'r', 'u', 'd', 'r', 'a', 's', 't', 'y', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ruedirrenggli.ch", true */ 'r', 'u', 'e', 'd', 'i', 'r', 'r', 'e', 'n', 'g', 'g', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "rueg.eu", true */ 'r', 'u', 'e', 'g', '.', 'e', 'u', '\0',
+  /* "ruerte.net", true */ 'r', 'u', 'e', 'r', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rufabula-com.appspot.com", true */ 'r', 'u', 'f', 'a', 'b', 'u', 'l', 'a', '-', 'c', 'o', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ruffbeatz.com", true */ 'r', 'u', 'f', 'f', 'b', 'e', 'a', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "rugby.video", true */ 'r', 'u', 'g', 'b', 'y', '.', 'v', 'i', 'd', 'e', 'o', '\0',
+  /* "rugk.dedyn.io", true */ 'r', 'u', 'g', 'k', '.', 'd', 'e', 'd', 'y', 'n', '.', 'i', 'o', '\0',
+  /* "ruh-veit.de", true */ 'r', 'u', 'h', '-', 'v', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "ruhrmobil-e.de", true */ 'r', 'u', 'h', 'r', 'm', 'o', 'b', 'i', 'l', '-', 'e', '.', 'd', 'e', '\0',
+  /* "ruhrnalist.de", true */ 'r', 'u', 'h', 'r', 'n', 'a', 'l', 'i', 's', 't', '.', 'd', 'e', '\0',
+  /* "ruht.ro", true */ 'r', 'u', 'h', 't', '.', 'r', 'o', '\0',
+  /* "ruigomes.me", true */ 'r', 'u', 'i', 'g', 'o', 'm', 'e', 's', '.', 'm', 'e', '\0',
+  /* "ruiming.me", false */ 'r', 'u', 'i', 'm', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "ruja.dk", true */ 'r', 'u', 'j', 'a', '.', 'd', 'k', '\0',
+  /* "ruk.ca", true */ 'r', 'u', 'k', '.', 'c', 'a', '\0',
+  /* "rukhaiyar.com", true */ 'r', 'u', 'k', 'h', 'a', 'i', 'y', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rullzer.com", true */ 'r', 'u', 'l', 'l', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "rulu.co", true */ 'r', 'u', 'l', 'u', '.', 'c', 'o', '\0',
+  /* "rulu.tv", true */ 'r', 'u', 'l', 'u', '.', 't', 'v', '\0',
+  /* "rulutv.com", true */ 'r', 'u', 'l', 'u', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "rumlager.de", true */ 'r', 'u', 'm', 'l', 'a', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "rummel-platz.de", true */ 'r', 'u', 'm', 'm', 'e', 'l', '-', 'p', 'l', 'a', 't', 'z', '.', 'd', 'e', '\0',
+  /* "rumplesinflatables.co.uk", true */ 'r', 'u', 'm', 'p', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rumtaste.com", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rumtaste.de", true */ 'r', 'u', 'm', 't', 'a', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "run-forrest.run", true */ 'r', 'u', 'n', '-', 'f', 'o', 'r', 'r', 'e', 's', 't', '.', 'r', 'u', 'n', '\0',
+  /* "runagain.ch", true */ 'r', 'u', 'n', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "runebet.com", true */ 'r', 'u', 'n', 'e', 'b', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "runklesecurity.com", true */ 'r', 'u', 'n', 'k', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "runnergrapher.com", true */ 'r', 'u', 'n', 'n', 'e', 'r', 'g', 'r', 'a', 'p', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "runreport.fr", true */ 'r', 'u', 'n', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "runschrauger.com", true */ 'r', 'u', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "runvs.io", true */ 'r', 'u', 'n', 'v', 's', '.', 'i', 'o', '\0',
+  /* "ruobiyi.com", true */ 'r', 'u', 'o', 'b', 'i', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ruri.io", true */ 'r', 'u', 'r', 'i', '.', 'i', 'o', '\0',
+  /* "rus-trip.ru", true */ 'r', 'u', 's', '-', 't', 'r', 'i', 'p', '.', 'r', 'u', '\0',
+  /* "rusempire.ru", true */ 'r', 'u', 's', 'e', 'm', 'p', 'i', 'r', 'e', '.', 'r', 'u', '\0',
+  /* "rushball.net", true */ 'r', 'u', 's', 'h', 'b', 'a', 'l', 'l', '.', 'n', 'e', 't', '\0',
+  /* "rushiiworks.com", true */ 'r', 'u', 's', 'h', 'i', 'i', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rushpoppershop.co.uk", true */ 'r', 'u', 's', 'h', 'p', 'o', 'p', 'p', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "rusi-ns.ca", true */ 'r', 'u', 's', 'i', '-', 'n', 's', '.', 'c', 'a', '\0',
+  /* "ruskod.net", true */ 'r', 'u', 's', 'k', 'o', 'd', '.', 'n', 'e', 't', '\0',
+  /* "rusl.net", true */ 'r', 'u', 's', 'l', '.', 'n', 'e', 't', '\0',
+  /* "russellandbrowns.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'a', 'n', 'd', 'b', 'r', 'o', 'w', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russellupevents.co.uk", true */ 'r', 'u', 's', 's', 'e', 'l', 'l', 'u', 'p', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russia.dating", true */ 'r', 'u', 's', 's', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "russianorthodoxchurch.co.uk", true */ 'r', 'u', 's', 's', 'i', 'a', 'n', 'o', 'r', 't', 'h', 'o', 'd', 'o', 'x', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "russt.me", true */ 'r', 'u', 's', 's', 't', '.', 'm', 'e', '\0',
+  /* "rust.mn", true */ 'r', 'u', 's', 't', '.', 'm', 'n', '\0',
+  /* "rustable.com", true */ 'r', 'u', 's', 't', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rustbyexample.com", true */ 'r', 'u', 's', 't', 'b', 'y', 'e', 'x', 'a', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rustyrambles.com", true */ 'r', 'u', 's', 't', 'y', 'r', 'a', 'm', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rusxakep.com", true */ 'r', 'u', 's', 'x', 'a', 'k', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rutgerschimmel.nl", true */ 'r', 'u', 't', 'g', 'e', 'r', 's', 'c', 'h', 'i', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "rutiger.com", true */ 'r', 'u', 't', 'i', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ruurdboomsma.nl", true */ 'r', 'u', 'u', 'r', 'd', 'b', 'o', 'o', 'm', 's', 'm', 'a', '.', 'n', 'l', '\0',
+  /* "ruwhof.net", true */ 'r', 'u', 'w', 'h', 'o', 'f', '.', 'n', 'e', 't', '\0',
+  /* "rv-jpshop.com", true */ 'r', 'v', '-', 'j', 'p', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "rva-asbestgroep.nl", true */ 'r', 'v', 'a', '-', 'a', 's', 'b', 'e', 's', 't', 'g', 'r', 'o', 'e', 'p', '.', 'n', 'l', '\0',
+  /* "rvg.zone", true */ 'r', 'v', 'g', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "rvnoel.net", true */ 'r', 'v', 'n', 'o', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "rvolve.net", true */ 'r', 'v', 'o', 'l', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "rvsa2bevestigingen.nl", true */ 'r', 'v', 's', 'a', '2', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rvsa4bevestigingen.nl", true */ 'r', 'v', 's', 'a', '4', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rvsbevestigingen.nl", true */ 'r', 'v', 's', 'b', 'e', 'v', 'e', 's', 't', 'i', 'g', 'i', 'n', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "rw.search.yahoo.com", false */ 'r', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "rwanderlust.com", false */ 'r', 'w', 'a', 'n', 'd', 'e', 'r', 'l', 'u', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rwky.net", true */ 'r', 'w', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "rws-vertriebsportal.de", true */ 'r', 'w', 's', '-', 'v', 'e', 'r', 't', 'r', 'i', 'e', 'b', 's', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "rx-contact.com", false */ 'r', 'x', '-', 'c', 'o', 'n', 't', 'a', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "rxbn.de", true */ 'r', 'x', 'b', 'n', '.', 'd', 'e', '\0',
+  /* "rxbusiness.com", true */ 'r', 'x', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "rxcheck.com", true */ 'r', 'x', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ryan-goldstein.com", true */ 'r', 'y', 'a', 'n', '-', 'g', 'o', 'l', 'd', 's', 't', 'e', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ryanbritton.com", true */ 'r', 'y', 'a', 'n', 'b', 'r', 'i', 't', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ryanhowell.io", true */ 'r', 'y', 'a', 'n', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'i', 'o', '\0',
+  /* "ryankearney.com", false */ 'r', 'y', 'a', 'n', 'k', 'e', 'a', 'r', 'n', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ryanmcdonough.co.uk", true */ 'r', 'y', 'a', 'n', 'm', 'c', 'd', 'o', 'n', 'o', 'u', 'g', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ryazan-region.ru", true */ 'r', 'y', 'a', 'z', 'a', 'n', '-', 'r', 'e', 'g', 'i', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "rybox.info", true */ 'r', 'y', 'b', 'o', 'x', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "rychlikoderi.cz", true */ 'r', 'y', 'c', 'h', 'l', 'i', 'k', 'o', 'd', 'e', 'r', 'i', '.', 'c', 'z', '\0',
+  /* "ryejuice.sytes.net", true */ 'r', 'y', 'e', 'j', 'u', 'i', 'c', 'e', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "rylore.com", true */ 'r', 'y', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "rynekpierwotny.pl", true */ 'r', 'y', 'n', 'e', 'k', 'p', 'i', 'e', 'r', 'w', 'o', 't', 'n', 'y', '.', 'p', 'l', '\0',
+  /* "rythgs.co", false */ 'r', 'y', 't', 'h', 'g', 's', '.', 'c', 'o', '\0',
+  /* "ryu22e.org", true */ 'r', 'y', 'u', '2', '2', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ryuu.es", true */ 'r', 'y', 'u', 'u', '.', 'e', 's', '\0',
+  /* "ryzhov.me", true */ 'r', 'y', 'z', 'h', 'o', 'v', '.', 'm', 'e', '\0',
+  /* "rzentarzewski.net", true */ 'r', 'z', 'e', 'n', 't', 'a', 'r', 'z', 'e', 'w', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "s-c.se", true */ 's', '-', 'c', '.', 's', 'e', '\0',
+  /* "s-cubed.net", true */ 's', '-', 'c', 'u', 'b', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "s-ip-media.de", true */ 's', '-', 'i', 'p', '-', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "s-mainte.com", true */ 's', '-', 'm', 'a', 'i', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "s-mdb.com", true */ 's', '-', 'm', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "s-on.li", true */ 's', '-', 'o', 'n', '.', 'l', 'i', '\0',
+  /* "s007.co", true */ 's', '0', '0', '7', '.', 'c', 'o', '\0',
+  /* "s13d.fr", true */ 's', '1', '3', 'd', '.', 'f', 'r', '\0',
+  /* "s16e.no", true */ 's', '1', '6', 'e', '.', 'n', 'o', '\0',
+  /* "s2member.com", true */ 's', '2', 'm', 'e', 'm', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "s3cur3.it", true */ 's', '3', 'c', 'u', 'r', '3', '.', 'i', 't', '\0',
+  /* "s3gfault.com", true */ 's', '3', 'g', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "s404.de", true */ 's', '4', '0', '4', '.', 'd', 'e', '\0',
+  /* "s4db.net", true */ 's', '4', 'd', 'b', '.', 'n', 'e', 't', '\0',
+  /* "s4tips.com", true */ 's', '4', 't', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "s4ur0n.com", true */ 's', '4', 'u', 'r', '0', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "s8a.us", true */ 's', '8', 'a', '.', 'u', 's', '\0',
+  /* "s95.de", true */ 's', '9', '5', '.', 'd', 'e', '\0',
+  /* "sa-blog.net", true */ 's', 'a', '-', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "sa-mp.ro", true */ 's', 'a', '-', 'm', 'p', '.', 'r', 'o', '\0',
+  /* "saabpartsdistribution.com", true */ 's', 'a', 'a', 'b', 'p', 'a', 'r', 't', 's', 'd', 'i', 's', 't', 'r', 'i', 'b', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "saamhorigheidsfonds.nl", false */ 's', 'a', 'a', 'm', 'h', 'o', 'r', 'i', 'g', 'h', 'e', 'i', 'd', 's', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "saba-piserver.info", true */ 's', 'a', 'b', 'a', '-', 'p', 'i', 's', 'e', 'r', 'v', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sabahattin-gucukoglu.com", true */ 's', 'a', 'b', 'a', 'h', 'a', 't', 't', 'i', 'n', '-', 'g', 'u', 'c', 'u', 'k', 'o', 'g', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "sabatek.pl", true */ 's', 'a', 'b', 'a', 't', 'e', 'k', '.', 'p', 'l', '\0',
+  /* "sabrinajoiasprontaentrega.com.br", true */ 's', 'a', 'b', 'r', 'i', 'n', 'a', 'j', 'o', 'i', 'a', 's', 'p', 'r', 'o', 'n', 't', 'a', 'e', 'n', 't', 'r', 'e', 'g', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sacaentradas.com", true */ 's', 'a', 'c', 'a', 'e', 'n', 't', 'r', 'a', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saccani.net", true */ 's', 'a', 'c', 'c', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sackers.com", true */ 's', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sackmesser.ch", true */ 's', 'a', 'c', 'k', 'm', 'e', 's', 's', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "saclier.at", true */ 's', 'a', 'c', 'l', 'i', 'e', 'r', '.', 'a', 't', '\0',
+  /* "saco-ceso.com", true */ 's', 'a', 'c', 'o', '-', 'c', 'e', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sacred-knights.net", true */ 's', 'a', 'c', 'r', 'e', 'd', '-', 'k', 'n', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "sadbox.es", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'e', 's', '\0',
+  /* "sadbox.org", true */ 's', 'a', 'd', 'b', 'o', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "sadhawkict.org", true */ 's', 'a', 'd', 'h', 'a', 'w', 'k', 'i', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "sadmansh.com", true */ 's', 'a', 'd', 'm', 'a', 'n', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "saengsook.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "saengsuk.com", true */ 's', 'a', 'e', 'n', 'g', 's', 'u', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "safar.sk", true */ 's', 'a', 'f', 'a', 'r', '.', 's', 'k', '\0',
+  /* "safcstore.com", true */ 's', 'a', 'f', 'c', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "safe.moe", true */ 's', 'a', 'f', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "safe.space", true */ 's', 'a', 'f', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "safebasements.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "safebasementsnorthdakota.com", true */ 's', 'a', 'f', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', 's', 'n', 'o', 'r', 't', 'h', 'd', 'a', 'k', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "safebuyerscheme.co.uk", true */ 's', 'a', 'f', 'e', 'b', 'u', 'y', 'e', 'r', 's', 'c', 'h', 'e', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "safecar.gov", false */ 's', 'a', 'f', 'e', 'c', 'a', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "safedevice.net", true */ 's', 'a', 'f', 'e', 'd', 'e', 'v', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "safegold.ca", true */ 's', 'a', 'f', 'e', 'g', 'o', 'l', 'd', '.', 'c', 'a', '\0',
+  /* "safegroup.pl", true */ 's', 'a', 'f', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'p', 'l', '\0',
+  /* "safeinfra.nl", true */ 's', 'a', 'f', 'e', 'i', 'n', 'f', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "safeme.ga", true */ 's', 'a', 'f', 'e', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "safer-networking.org", true */ 's', 'a', 'f', 'e', 'r', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "saferchildren.eu", false */ 's', 'a', 'f', 'e', 'r', 'c', 'h', 'i', 'l', 'd', 'r', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "saferedirect.link", true */ 's', 'a', 'f', 'e', 'r', 'e', 'd', 'i', 'r', 'e', 'c', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "saferpost.com", true */ 's', 'a', 'f', 'e', 'r', 'p', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "safescan.com", true */ 's', 'a', 'f', 'e', 's', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "safesecret.info", true */ 's', 'a', 'f', 'e', 's', 'e', 'c', 'r', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "safetext.me", true */ 's', 'a', 'f', 'e', 't', 'e', 'x', 't', '.', 'm', 'e', '\0',
+  /* "safetycloud.me", true */ 's', 'a', 'f', 'e', 't', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'm', 'e', '\0',
+  /* "safezone.cc", true */ 's', 'a', 'f', 'e', 'z', 'o', 'n', 'e', '.', 'c', 'c', '\0',
+  /* "safire.ac.za", true */ 's', 'a', 'f', 'i', 'r', 'e', '.', 'a', 'c', '.', 'z', 'a', '\0',
+  /* "sagedocumentmanager.com", true */ 's', 'a', 'g', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sagemontchurch.org", true */ 's', 'a', 'g', 'e', 'm', 'o', 'n', 't', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "sagerus.com", true */ 's', 'a', 'g', 'e', 'r', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sagsmarseille.com", true */ 's', 'a', 'g', 's', 'm', 'a', 'r', 's', 'e', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sahar.io", true */ 's', 'a', 'h', 'a', 'r', '.', 'i', 'o', '\0',
+  /* "sahb.dk", true */ 's', 'a', 'h', 'b', '.', 'd', 'k', '\0',
+  /* "sahkotyot.eu", true */ 's', 'a', 'h', 'k', 'o', 't', 'y', 'o', 't', '.', 'e', 'u', '\0',
+  /* "said.id", true */ 's', 'a', 'i', 'd', '.', 'i', 'd', '\0',
+  /* "said.my.id", true */ 's', 'a', 'i', 'd', '.', 'm', 'y', '.', 'i', 'd', '\0',
+  /* "saier.me", true */ 's', 'a', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "saifoundation.in", true */ 's', 'a', 'i', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "saigonflowers.com", true */ 's', 'a', 'i', 'g', 'o', 'n', 'f', 'l', 'o', 'w', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saikarra.com", true */ 's', 'a', 'i', 'k', 'a', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saikou.moe", true */ 's', 'a', 'i', 'k', 'o', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "saikouji.tokushima.jp", true */ 's', 'a', 'i', 'k', 'o', 'u', 'j', 'i', '.', 't', 'o', 'k', 'u', 's', 'h', 'i', 'm', 'a', '.', 'j', 'p', '\0',
+  /* "sailormoonevents.org", false */ 's', 'a', 'i', 'l', 'o', 'r', 'm', 'o', 'o', 'n', 'e', 'v', 'e', 'n', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "saimoe.moe", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "saimoe.org", true */ 's', 'a', 'i', 'm', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sainetworks.net", true */ 's', 'a', 'i', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'n', 'e', 't', '\0',
+  /* "saintaardvarkthecarpeted.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'a', 'r', 'd', 'v', 'a', 'r', 'k', 't', 'h', 'e', 'c', 'a', 'r', 'p', 'e', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "saintanthonyscorner.com", true */ 's', 'a', 'i', 'n', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 's', 'c', 'o', 'r', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sainth.de", true */ 's', 'a', 'i', 'n', 't', 'h', '.', 'd', 'e', '\0',
+  /* "saintsrobotics.com", true */ 's', 'a', 'i', 'n', 't', 's', 'r', 'o', 'b', 'o', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saipariwar.com", true */ 's', 'a', 'i', 'p', 'a', 'r', 'i', 'w', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "saiputra.com", true */ 's', 'a', 'i', 'p', 'u', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saitrance.com", true */ 's', 'a', 'i', 't', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saiyasu-search.com", true */ 's', 'a', 'i', 'y', 'a', 's', 'u', '-', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sakostacloud.de", true */ 's', 'a', 'k', 'o', 's', 't', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "sakuraflores.com.br", true */ 's', 'a', 'k', 'u', 'r', 'a', 'f', 'l', 'o', 'r', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "salaervergleich.com", true */ 's', 'a', 'l', 'a', 'e', 'r', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "salde.net", true */ 's', 'a', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sale4ru.ru", true */ 's', 'a', 'l', 'e', '4', 'r', 'u', '.', 'r', 'u', '\0',
+  /* "saleaks.org", true */ 's', 'a', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "salearnership.co.za", true */ 's', 'a', 'l', 'e', 'a', 'r', 'n', 'e', 'r', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "salensmotors-usedcars.be", true */ 's', 'a', 'l', 'e', 'n', 's', 'm', 'o', 't', 'o', 'r', 's', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "salesflare.com", true */ 's', 'a', 'l', 'e', 's', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "salesmachine.io", true */ 's', 'a', 'l', 'e', 's', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "salishseawhalewatching.ca", true */ 's', 'a', 'l', 'i', 's', 'h', 's', 'e', 'a', 'w', 'h', 'a', 'l', 'e', 'w', 'a', 't', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "salixcode.com", true */ 's', 'a', 'l', 'i', 'x', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "salle-quali.fr", true */ 's', 'a', 'l', 'l', 'e', '-', 'q', 'u', 'a', 'l', 'i', '.', 'f', 'r', '\0',
+  /* "sallydowns.name", true */ 's', 'a', 'l', 'l', 'y', 'd', 'o', 'w', 'n', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "salmo23.com.br", true */ 's', 'a', 'l', 'm', 'o', '2', '3', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "salmododia.net", true */ 's', 'a', 'l', 'm', 'o', 'd', 'o', 'd', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "salmonella.co.uk", true */ 's', 'a', 'l', 'm', 'o', 'n', 'e', 'l', 'l', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "salmonrecovery.gov", true */ 's', 'a', 'l', 'm', 'o', 'n', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "salmonvision.com.tw", true */ 's', 'a', 'l', 'm', 'o', 'n', 'v', 'i', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "salmos91.com", true */ 's', 'a', 'l', 'm', 'o', 's', '9', '1', '.', 'c', 'o', 'm', '\0',
+  /* "salmotierra-salvatierra.com", true */ 's', 'a', 'l', 'm', 'o', 't', 'i', 'e', 'r', 'r', 'a', '-', 's', 'a', 'l', 'v', 'a', 't', 'i', 'e', 'r', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "salon-claudia.ch", true */ 's', 'a', 'l', 'o', 'n', '-', 'c', 'l', 'a', 'u', 'd', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "salon-minipli.de", true */ 's', 'a', 'l', 'o', 'n', '-', 'm', 'i', 'n', 'i', 'p', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "salon.io", false */ 's', 'a', 'l', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "salonestella.it", true */ 's', 'a', 'l', 'o', 'n', 'e', 's', 't', 'e', 'l', 'l', 'a', '.', 'i', 't', '\0',
+  /* "salonsantebienetre.ch", true */ 's', 'a', 'l', 'o', 'n', 's', 'a', 'n', 't', 'e', 'b', 'i', 'e', 'n', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "salsa-straubing.de", true */ 's', 'a', 'l', 's', 'a', '-', 's', 't', 'r', 'a', 'u', 'b', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "saltbythesea.com", true */ 's', 'a', 'l', 't', 'b', 'y', 't', 'h', 'e', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saltercane.com", false */ 's', 'a', 'l', 't', 'e', 'r', 'c', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saltro.nl", true */ 's', 'a', 'l', 't', 'r', 'o', '.', 'n', 'l', '\0',
+  /* "saltstack.cz", true */ 's', 'a', 'l', 't', 's', 't', 'a', 'c', 'k', '.', 'c', 'z', '\0',
+  /* "salud.top", false */ 's', 'a', 'l', 'u', 'd', '.', 't', 'o', 'p', '\0',
+  /* "saludsexualmasculina.org", true */ 's', 'a', 'l', 'u', 'd', 's', 'e', 'x', 'u', 'a', 'l', 'm', 'a', 's', 'c', 'u', 'l', 'i', 'n', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "saludsis.mil.co", true */ 's', 'a', 'l', 'u', 'd', 's', 'i', 's', '.', 'm', 'i', 'l', '.', 'c', 'o', '\0',
+  /* "salutethepig.com", true */ 's', 'a', 'l', 'u', 't', 'e', 't', 'h', 'e', 'p', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "salverainha.org", true */ 's', 'a', 'l', 'v', 'e', 'r', 'a', 'i', 'n', 'h', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sam-football.fr", true */ 's', 'a', 'm', '-', 'f', 'o', 'o', 't', 'b', 'a', 'l', 'l', '.', 'f', 'r', '\0',
+  /* "samanthahumphreysstudio.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', 's', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "samanthasgeckos.com", true */ 's', 'a', 'm', 'a', 'n', 't', 'h', 'a', 's', 'g', 'e', 'c', 'k', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samappleton.com", true */ 's', 'a', 'm', 'a', 'p', 'p', 'l', 'e', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "samaritainsmeyrin.ch", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'i', 'n', 's', 'm', 'e', 'y', 'r', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "samaritansnet.org", true */ 's', 'a', 'm', 'a', 'r', 'i', 't', 'a', 'n', 's', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "samatva-yogalaya.com", true */ 's', 'a', 'm', 'a', 't', 'v', 'a', '-', 'y', 'o', 'g', 'a', 'l', 'a', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "samba.org", true */ 's', 'a', 'm', 'b', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sambaa.com.br", true */ 's', 'a', 'm', 'b', 'a', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sambaash.com", true */ 's', 'a', 'm', 'b', 'a', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sambeso.net", true */ 's', 'a', 'm', 'b', 'e', 's', 'o', '.', 'n', 'e', 't', '\0',
+  /* "samegoal.com", true */ 's', 'a', 'm', 'e', 'g', 'o', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "samel.de", true */ 's', 'a', 'm', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "samenwerkingsportaal.nl", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "samenwerkingsportaal.tk", true */ 's', 'a', 'm', 'e', 'n', 'w', 'e', 'r', 'k', 'i', 'n', 'g', 's', 'p', 'o', 'r', 't', 'a', 'a', 'l', '.', 't', 'k', '\0',
+  /* "sameworks.com", true */ 's', 'a', 'm', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samgrayson.me", true */ 's', 'a', 'm', 'g', 'r', 'a', 'y', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "samifar.in", true */ 's', 'a', 'm', 'i', 'f', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "samizdat.cz", true */ 's', 'a', 'm', 'i', 'z', 'd', 'a', 't', '.', 'c', 'z', '\0',
+  /* "samkelleher.com", true */ 's', 'a', 'm', 'k', 'e', 'l', 'l', 'e', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "saml-gateway.org", true */ 's', 'a', 'm', 'l', '-', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "samm.com.au", true */ 's', 'a', 'm', 'm', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sammyjohnson.com", false */ 's', 'a', 'm', 'm', 'y', 'j', 'o', 'h', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sammyservers.com", true */ 's', 'a', 'm', 'm', 'y', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samp.im", true */ 's', 'a', 'm', 'p', '.', 'i', 'm', '\0',
+  /* "samsonova.de", true */ 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', 'a', '.', 'd', 'e', '\0',
+  /* "samsungphonegenerator.xyz", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'p', 'h', 'o', 'n', 'e', 'g', 'e', 'n', 'e', 'r', 'a', 't', 'o', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "samsungxoa.com", true */ 's', 'a', 'm', 's', 'u', 'n', 'g', 'x', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "samuelkeeley.com", true */ 's', 'a', 'm', 'u', 'e', 'l', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "samuellaulhau.fr", true */ 's', 'a', 'm', 'u', 'e', 'l', 'l', 'a', 'u', 'l', 'h', 'a', 'u', '.', 'f', 'r', '\0',
+  /* "samui-samui.de", true */ 's', 'a', 'm', 'u', 'i', '-', 's', 'a', 'm', 'u', 'i', '.', 'd', 'e', '\0',
+  /* "samuirehabcenter.com", true */ 's', 'a', 'm', 'u', 'i', 'r', 'e', 'h', 'a', 'b', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "samvanderkris.com", true */ 's', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "samwilberforce.com", true */ 's', 'a', 'm', 'w', 'i', 'l', 'b', 'e', 'r', 'f', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "samwu.tw", false */ 's', 'a', 'm', 'w', 'u', '.', 't', 'w', '\0',
+  /* "samyerkes.com", true */ 's', 'a', 'm', 'y', 'e', 'r', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sana-store.com", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sana-store.cz", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'z', '\0',
+  /* "sana-store.sk", true */ 's', 'a', 'n', 'a', '-', 's', 't', 'o', 'r', 'e', '.', 's', 'k', '\0',
+  /* "sanandreasstories.com", true */ 's', 'a', 'n', 'a', 'n', 'd', 'r', 'e', 'a', 's', 's', 't', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sanasport.cz", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 'c', 'z', '\0',
+  /* "sanasport.sk", true */ 's', 'a', 'n', 'a', 's', 'p', 'o', 'r', 't', '.', 's', 'k', '\0',
+  /* "sanatorii-sverdlovskoy-oblasti.ru", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'i', '-', 's', 'v', 'e', 'r', 'd', 'l', 'o', 'v', 's', 'k', 'o', 'y', '-', 'o', 'b', 'l', 'a', 's', 't', 'i', '.', 'r', 'u', '\0',
+  /* "sanatorionosti.com.ar", true */ 's', 'a', 'n', 'a', 't', 'o', 'r', 'i', 'o', 'n', 'o', 's', 't', 'i', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "sanchez.adv.br", true */ 's', 'a', 'n', 'c', 'h', 'e', 'z', '.', 'a', 'd', 'v', '.', 'b', 'r', '\0',
+  /* "sancy.de", true */ 's', 'a', 'n', 'c', 'y', '.', 'd', 'e', '\0',
+  /* "sand-islets.de", true */ 's', 'a', 'n', 'd', '-', 'i', 's', 'l', 'e', 't', 's', '.', 'd', 'e', '\0',
+  /* "sandalj.com", true */ 's', 'a', 'n', 'd', 'a', 'l', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "sandbagexpress.com", true */ 's', 'a', 'n', 'd', 'b', 'a', 'g', 'e', 'x', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sandbox.mydigipass.com", false */ 's', 'a', 'n', 'd', 'b', 'o', 'x', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sandburner.net", true */ 's', 'a', 'n', 'd', 'b', 'u', 'r', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sanderdorigo.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'd', 'o', 'r', 'i', 'g', 'o', '.', 'n', 'l', '\0',
+  /* "sanderknape.com", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'n', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sanderkoenders.eu", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "sanderkoenders.nl", true */ 's', 'a', 'n', 'd', 'e', 'r', 'k', 'o', 'e', 'n', 'd', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "sandervankasteel.nl", false */ 's', 'a', 'n', 'd', 'e', 'r', 'v', 'a', 'n', 'k', 'a', 's', 't', 'e', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "sandhaufen.tk", true */ 's', 'a', 'n', 'd', 'h', 'a', 'u', 'f', 'e', 'n', '.', 't', 'k', '\0',
+  /* "sandmanintel.com", true */ 's', 'a', 'n', 'd', 'm', 'a', 'n', 'i', 'n', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sandmarc.cz", true */ 's', 'a', 'n', 'd', 'm', 'a', 'r', 'c', '.', 'c', 'z', '\0',
+  /* "sandobygg.se", true */ 's', 'a', 'n', 'd', 'o', 'b', 'y', 'g', 'g', '.', 's', 'e', '\0',
+  /* "sandogruppen.se", true */ 's', 'a', 'n', 'd', 'o', 'g', 'r', 'u', 'p', 'p', 'e', 'n', '.', 's', 'e', '\0',
+  /* "sandor.wtf", true */ 's', 'a', 'n', 'd', 'o', 'r', '.', 'w', 't', 'f', '\0',
+  /* "sandrainden.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sandraindenfotografie.nl", true */ 's', 'a', 'n', 'd', 'r', 'a', 'i', 'n', 'd', 'e', 'n', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "sandrolittke.de", true */ 's', 'a', 'n', 'd', 'r', 'o', 'l', 'i', 't', 't', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "sandyrobsonhypnotherapy.co.uk", true */ 's', 'a', 'n', 'd', 'y', 'r', 'o', 'b', 's', 'o', 'n', 'h', 'y', 'p', 'n', 'o', 't', 'h', 'e', 'r', 'a', 'p', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sanepsychologen.nl", true */ 's', 'a', 'n', 'e', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sanex.ca", false */ 's', 'a', 'n', 'e', 'x', '.', 'c', 'a', '\0',
+  /* "sanglierhurlant.fr", true */ 's', 'a', 'n', 'g', 'l', 'i', 'e', 'r', 'h', 'u', 'r', 'l', 'a', 'n', 't', '.', 'f', 'r', '\0',
+  /* "sangwon.io", true */ 's', 'a', 'n', 'g', 'w', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "sanilodge.com", true */ 's', 'a', 'n', 'i', 'l', 'o', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sanitairwinkel.be", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "sanitairwinkel.com", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sanitairwinkel.nl", true */ 's', 'a', 'n', 'i', 't', 'a', 'i', 'r', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "sanooktiew.com", false */ 's', 'a', 'n', 'o', 'o', 'k', 't', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "sanpham-balea.org", true */ 's', 'a', 'n', 'p', 'h', 'a', 'm', '-', 'b', 'a', 'l', 'e', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sanradon.by", true */ 's', 'a', 'n', 'r', 'a', 'd', 'o', 'n', '.', 'b', 'y', '\0',
+  /* "sanskritiyoga.com", true */ 's', 'a', 'n', 's', 'k', 'r', 'i', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sansonehowell.com", true */ 's', 'a', 'n', 's', 'o', 'n', 'e', 'h', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "santafemacas.com.br", true */ 's', 'a', 'n', 't', 'a', 'f', 'e', 'm', 'a', 'c', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "santanderideas.com", true */ 's', 'a', 'n', 't', 'a', 'n', 'd', 'e', 'r', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "santenatureetcie.com", true */ 's', 'a', 'n', 't', 'e', 'n', 'a', 't', 'u', 'r', 'e', 'e', 't', 'c', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "santevie.ch", true */ 's', 'a', 'n', 't', 'e', 'v', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "santmark.com", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "santmark.eu", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'e', 'u', '\0',
+  /* "santmark.fi", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'f', 'i', '\0',
+  /* "santmark.info", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "santmark.net", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "santmark.org", true */ 's', 'a', 'n', 't', 'm', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "santodomingocg.org", true */ 's', 'a', 'n', 't', 'o', 'd', 'o', 'm', 'i', 'n', 'g', 'o', 'c', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "santojuken.co.jp", true */ 's', 'a', 'n', 't', 'o', 'j', 'u', 'k', 'e', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "santorinibbs.com", true */ 's', 'a', 'n', 't', 'o', 'r', 'i', 'n', 'i', 'b', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sanvitolocapobus.com", true */ 's', 'a', 'n', 'v', 'i', 't', 'o', 'l', 'o', 'c', 'a', 'p', 'o', 'b', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saoneth.pl", true */ 's', 'a', 'o', 'n', 'e', 't', 'h', '.', 'p', 'l', '\0',
+  /* "saorsat.com", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "saorsat.ie", true */ 's', 'a', 'o', 'r', 's', 'a', 't', '.', 'i', 'e', '\0',
+  /* "saorview.com", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "saorviewconnect.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'i', 'e', '\0',
+  /* "saorviewconnected.ie", true */ 's', 'a', 'o', 'r', 'v', 'i', 'e', 'w', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'e', 'd', '.', 'i', 'e', '\0',
+  /* "sapac.es", true */ 's', 'a', 'p', 'a', 'c', '.', 'e', 's', '\0',
+  /* "sapereaude.com.pl", true */ 's', 'a', 'p', 'e', 'r', 'e', 'a', 'u', 'd', 'e', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "sapien-ci.com", true */ 's', 'a', 'p', 'i', 'e', 'n', '-', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sapience.com", true */ 's', 'a', 'p', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sapk.fr", true */ 's', 'a', 'p', 'k', '.', 'f', 'r', '\0',
+  /* "saposute-s.jp", true */ 's', 'a', 'p', 'o', 's', 'u', 't', 'e', '-', 's', '.', 'j', 'p', '\0',
+  /* "sapporobeer.com", true */ 's', 'a', 'p', 'p', 'o', 'r', 'o', 'b', 'e', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sapprendre.ch", true */ 's', 'a', 'p', 'p', 'r', 'e', 'n', 'd', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "sapuncheta.com", true */ 's', 'a', 'p', 'u', 'n', 'c', 'h', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saq.com", true */ 's', 'a', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "sarahbeckettharpist.com", true */ 's', 'a', 'r', 'a', 'h', 'b', 'e', 'c', 'k', 'e', 't', 't', 'h', 'a', 'r', 'p', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sarahlicity.co.uk", false */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sarahlicity.me.uk", true */ 's', 'a', 'r', 'a', 'h', 'l', 'i', 'c', 'i', 't', 'y', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "sarahs-roestcafe.de", false */ 's', 'a', 'r', 'a', 'h', 's', '-', 'r', 'o', 'e', 's', 't', 'c', 'a', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "sarahvictor.co.uk", true */ 's', 'a', 'r', 'a', 'h', 'v', 'i', 'c', 't', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sarariman.com", true */ 's', 'a', 'r', 'a', 'r', 'i', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sarasturdivant.com", true */ 's', 'a', 'r', 'a', 's', 't', 'u', 'r', 'd', 'i', 'v', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sardegnatirocini.it", true */ 's', 'a', 'r', 'd', 'e', 'g', 'n', 'a', 't', 'i', 'r', 'o', 'c', 'i', 'n', 'i', '.', 'i', 't', '\0',
+  /* "sarink.eu", true */ 's', 'a', 'r', 'i', 'n', 'k', '.', 'e', 'u', '\0',
+  /* "sarkarikhoj.com", true */ 's', 'a', 'r', 'k', 'a', 'r', 'i', 'k', 'h', 'o', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "sarkisozleri.us", true */ 's', 'a', 'r', 'k', 'i', 's', 'o', 'z', 'l', 'e', 'r', 'i', '.', 'u', 's', '\0',
+  /* "saro.me", true */ 's', 'a', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "saronno5stelle.it", true */ 's', 'a', 'r', 'o', 'n', 'n', 'o', '5', 's', 't', 'e', 'l', 'l', 'e', '.', 'i', 't', '\0',
+  /* "sarpsb.org", true */ 's', 'a', 'r', 'p', 's', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sarumtechnologies.com", true */ 's', 'a', 'r', 'u', 'm', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sas-snowboarding.sk", true */ 's', 'a', 's', '-', 's', 'n', 'o', 'w', 'b', 'o', 'a', 'r', 'd', 'i', 'n', 'g', '.', 's', 'k', '\0',
+  /* "sash.pw", true */ 's', 'a', 's', 'h', '.', 'p', 'w', '\0',
+  /* "sashaokun.com", true */ 's', 'a', 's', 'h', 'a', 'o', 'k', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sashascollections.com", true */ 's', 'a', 's', 'h', 'a', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saskpension.com", true */ 's', 'a', 's', 'k', 'p', 'e', 'n', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sastd.com", true */ 's', 'a', 's', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sasyabapi.com", true */ 's', 'a', 's', 'y', 'a', 'b', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sat4all.com", true */ 's', 'a', 't', '4', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "satai.dk", true */ 's', 'a', 't', 'a', 'i', '.', 'd', 'k', '\0',
+  /* "saterdalen.net", true */ 's', 'a', 't', 'e', 'r', 'd', 'a', 'l', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "satimagingcorp.com", true */ 's', 'a', 't', 'i', 'm', 'a', 'g', 'i', 'n', 'g', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "satinn.pl", true */ 's', 'a', 't', 'i', 'n', 'n', '.', 'p', 'l', '\0',
+  /* "satmd.de", true */ 's', 'a', 't', 'm', 'd', '.', 'd', 'e', '\0',
+  /* "saturn.pl", true */ 's', 'a', 't', 'u', 'r', 'n', '.', 'p', 'l', '\0',
+  /* "saudavel.com.vc", true */ 's', 'a', 'u', 'd', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '.', 'v', 'c', '\0',
+  /* "saudeealimentos.com", true */ 's', 'a', 'u', 'd', 'e', 'e', 'a', 'l', 'i', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "saudeintimadamulher.com.br", true */ 's', 'a', 'u', 'd', 'e', 'i', 'n', 't', 'i', 'm', 'a', 'd', 'a', 'm', 'u', 'l', 'h', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "saudenoclique.com.br", true */ 's', 'a', 'u', 'd', 'e', 'n', 'o', 'c', 'l', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sauenytt.no", true */ 's', 'a', 'u', 'e', 'n', 'y', 't', 't', '.', 'n', 'o', '\0',
+  /* "sauer-systems.net", true */ 's', 'a', 'u', 'e', 'r', '-', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "sauerland-schnittgruen.de", true */ 's', 'a', 'u', 'e', 'r', 'l', 'a', 'n', 'd', '-', 's', 'c', 'h', 'n', 'i', 't', 't', 'g', 'r', 'u', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "saulchristie.com", true */ 's', 'a', 'u', 'l', 'c', 'h', 'r', 'i', 's', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon-de-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'd', 'e', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon-france.com", true */ 's', 'a', 'u', 'm', 'o', 'n', '-', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saumon.io", true */ 's', 'a', 'u', 'm', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "saumondefrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'd', 'e', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "saumonfrance.fr", true */ 's', 'a', 'u', 'm', 'o', 'n', 'f', 'r', 'a', 'n', 'c', 'e', '.', 'f', 'r', '\0',
+  /* "saunahats.eu", true */ 's', 'a', 'u', 'n', 'a', 'h', 'a', 't', 's', '.', 'e', 'u', '\0',
+  /* "saunas.fr", true */ 's', 'a', 'u', 'n', 'a', 's', '.', 'f', 'r', '\0',
+  /* "saurel.me", true */ 's', 'a', 'u', 'r', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "savacloud.com", true */ 's', 'a', 'v', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "savageorgiev.com", true */ 's', 'a', 'v', 'a', 'g', 'e', 'o', 'r', 'g', 'i', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "savannahtasteexperience.com", true */ 's', 'a', 'v', 'a', 'n', 'n', 'a', 'h', 't', 'a', 's', 't', 'e', 'e', 'x', 'p', 'e', 'r', 'i', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "save-me-aachen.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'a', 'a', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "save-me-koeln.de", true */ 's', 'a', 'v', 'e', '-', 'm', 'e', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "savecrypto.org", true */ 's', 'a', 'v', 'e', 'c', 'r', 'y', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "savekorea.net", true */ 's', 'a', 'v', 'e', 'k', 'o', 'r', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "savemoneyonenergy.com", true */ 's', 'a', 'v', 'e', 'm', 'o', 'n', 'e', 'y', 'o', 'n', 'e', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "savenet.org", true */ 's', 'a', 'v', 'e', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "saveora.com", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "saveora.shop", true */ 's', 'a', 'v', 'e', 'o', 'r', 'a', '.', 's', 'h', 'o', 'p', '\0',
+  /* "savetheinternet.eu", true */ 's', 'a', 'v', 'e', 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "savic.com", true */ 's', 'a', 'v', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "savingbytes.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'b', 'y', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "savinggoliath.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 'g', 'o', 'l', 'i', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "savingsbondwizard.gov", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'b', 'o', 'n', 'd', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "savingsomegreen.com", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 'o', 'm', 'e', 'g', 'r', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "savingsstoreonline.ca", true */ 's', 'a', 'v', 'i', 'n', 'g', 's', 's', 't', 'o', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'a', '\0',
+  /* "savisasolutions.co.za", true */ 's', 'a', 'v', 'i', 's', 'a', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "savvytime.com", true */ 's', 'a', 'v', 'v', 'y', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sawyerroofing.com", true */ 's', 'a', 'w', 'y', 'e', 'r', 'r', 'o', 'o', 'f', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "saxojoe.co.uk", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "saxojoe.de", true */ 's', 'a', 'x', 'o', 'j', 'o', 'e', '.', 'd', 'e', '\0',
+  /* "saxol-group.com", true */ 's', 'a', 'x', 'o', 'l', '-', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "saxoncreative.com", true */ 's', 'a', 'x', 'o', 'n', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "saxwereld.nl", true */ 's', 'a', 'x', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "sayprepay.com", true */ 's', 'a', 'y', 'p', 'r', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sayura.net", true */ 's', 'a', 'y', 'u', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "saz.sh", true */ 's', 'a', 'z', '.', 's', 'h', '\0',
+  /* "sazuz.cz", true */ 's', 'a', 'z', 'u', 'z', '.', 'c', 'z', '\0',
+  /* "sb-group.dk", true */ 's', 'b', '-', 'g', 'r', 'o', 'u', 'p', '.', 'd', 'k', '\0',
+  /* "sb-tuning.ru", true */ 's', 'b', '-', 't', 'u', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "sb.im", true */ 's', 'b', '.', 'i', 'm', '\0',
+  /* "sb.sb", true */ 's', 'b', '.', 's', 'b', '\0',
+  /* "sb0.io", true */ 's', 'b', '0', '.', 'i', 'o', '\0',
+  /* "sbanken.no", true */ 's', 'b', 'a', 'n', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sber.us", true */ 's', 'b', 'e', 'r', '.', 'u', 's', '\0',
+  /* "sberbank.ch", true */ 's', 'b', 'e', 'r', 'b', 'a', 'n', 'k', '.', 'c', 'h', '\0',
+  /* "sbf888.com", true */ 's', 'b', 'f', '8', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "sbiewald.de", true */ 's', 'b', 'i', 'e', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "sbirecruitment.co.in", true */ 's', 'b', 'i', 'r', 'e', 'c', 'r', 'u', 'i', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "sbit.com.br", true */ 's', 'b', 'i', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sblum.de", true */ 's', 'b', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "sbo-dresden.de", true */ 's', 'b', 'o', '-', 'd', 'r', 'e', 's', 'd', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "sbr.red", true */ 's', 'b', 'r', '.', 'r', 'e', 'd', '\0',
+  /* "sbsavings.bank", true */ 's', 'b', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'b', 'a', 'n', 'k', '\0',
+  /* "sbsnursery.co.uk", true */ 's', 'b', 's', 'n', 'u', 'r', 's', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sbssoft.ru", true */ 's', 'b', 's', 's', 'o', 'f', 't', '.', 'r', 'u', '\0',
+  /* "sbytes.info", true */ 's', 'b', 'y', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "scalaire.com", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scalaire.fr", true */ 's', 'c', 'a', 'l', 'a', 'i', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "scalesbiolab.com", true */ 's', 'c', 'a', 'l', 'e', 's', 'b', 'i', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "scaling.solutions", true */ 's', 'c', 'a', 'l', 'i', 'n', 'g', '.', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '\0',
+  /* "scallywagsbouncycastles.co.uk", true */ 's', 'c', 'a', 'l', 'l', 'y', 'w', 'a', 'g', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scamblockplus.org", true */ 's', 'c', 'a', 'm', 'b', 'l', 'o', 'c', 'k', 'p', 'l', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "scandicom.fi", true */ 's', 'c', 'a', 'n', 'd', 'i', 'c', 'o', 'm', '.', 'f', 'i', '\0',
+  /* "scandinavia.dating", true */ 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "scangeo.net", true */ 's', 'c', 'a', 'n', 'g', 'e', 'o', '.', 'n', 'e', 't', '\0',
+  /* "scanleasing.net", true */ 's', 'c', 'a', 'n', 'l', 'e', 'a', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "scanpay.dk", true */ 's', 'c', 'a', 'n', 'p', 'a', 'y', '.', 'd', 'k', '\0',
+  /* "scatsbouncingcastles.ie", true */ 's', 'c', 'a', 't', 's', 'b', 'o', 'u', 'n', 'c', 'i', 'n', 'g', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "scelec.com.au", true */ 's', 'c', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "scenastu.pl", true */ 's', 'c', 'e', 'n', 'a', 's', 't', 'u', '.', 'p', 'l', '\0',
+  /* "scenester.tv", false */ 's', 'c', 'e', 'n', 'e', 's', 't', 'e', 'r', '.', 't', 'v', '\0',
+  /* "scenicbyways.info", true */ 's', 'c', 'e', 'n', 'i', 'c', 'b', 'y', 'w', 'a', 'y', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "scepticism.com", true */ 's', 'c', 'e', 'p', 't', 'i', 'c', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sceptique.eu", true */ 's', 'c', 'e', 'p', 't', 'i', 'q', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "schadevergoedingen.eu", true */ 's', 'c', 'h', 'a', 'd', 'e', 'v', 'e', 'r', 'g', 'o', 'e', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "schalkoortbv.nl", true */ 's', 'c', 'h', 'a', 'l', 'k', 'o', 'o', 'r', 't', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "schallert.com", true */ 's', 'c', 'h', 'a', 'l', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schamlosharmlos.de", true */ 's', 'c', 'h', 'a', 'm', 'l', 'o', 's', 'h', 'a', 'r', 'm', 'l', 'o', 's', '.', 'd', 'e', '\0',
+  /* "schaper-sport.com", true */ 's', 'c', 'h', 'a', 'p', 'e', 'r', '-', 's', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schatzibaers.de", true */ 's', 'c', 'h', 'a', 't', 'z', 'i', 'b', 'a', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "schawe.me", true */ 's', 'c', 'h', 'a', 'w', 'e', '.', 'm', 'e', '\0',
+  /* "schd.io", true */ 's', 'c', 'h', 'd', '.', 'i', 'o', '\0',
+  /* "scheduleme.io", true */ 's', 'c', 'h', 'e', 'd', 'u', 'l', 'e', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "scheemadigital.com", true */ 's', 'c', 'h', 'e', 'e', 'm', 'a', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "schefczyk.com", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "schefczyk.de", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "schefczyk.eu", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'e', 'u', '\0',
+  /* "schefczyk.net", true */ 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'n', 'e', 't', '\0',
+  /* "scheidtweiler.de", true */ 's', 'c', 'h', 'e', 'i', 'd', 't', 'w', 'e', 'i', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "scheinlichter.de", true */ 's', 'c', 'h', 'e', 'i', 'n', 'l', 'i', 'c', 'h', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "schelberts.de", true */ 's', 'c', 'h', 'e', 'l', 'b', 'e', 'r', 't', 's', '.', 'd', 'e', '\0',
+  /* "schellevis.net", true */ 's', 'c', 'h', 'e', 'l', 'l', 'e', 'v', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "schenkes.de", true */ 's', 'c', 'h', 'e', 'n', 'k', 'e', 's', '.', 'd', 'e', '\0',
+  /* "scherfke.de", true */ 's', 'c', 'h', 'e', 'r', 'f', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "scheuchenstuel.at", true */ 's', 'c', 'h', 'e', 'u', 'c', 'h', 'e', 'n', 's', 't', 'u', 'e', 'l', '.', 'a', 't', '\0',
+  /* "schier.info", true */ 's', 'c', 'h', 'i', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schildbach.de", true */ 's', 'c', 'h', 'i', 'l', 'd', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "schippendale.de", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'n', 'd', 'a', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "schippers-it.nl", true */ 's', 'c', 'h', 'i', 'p', 'p', 'e', 'r', 's', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "schizoids.net", true */ 's', 'c', 'h', 'i', 'z', 'o', 'i', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "schlabbi.com", false */ 's', 'c', 'h', 'l', 'a', 'b', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "schlachter.ca", true */ 's', 'c', 'h', 'l', 'a', 'c', 'h', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "schlafguru.com", true */ 's', 'c', 'h', 'l', 'a', 'f', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "schlagenhauf.info", true */ 's', 'c', 'h', 'l', 'a', 'g', 'e', 'n', 'h', 'a', 'u', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schlagma.de", true */ 's', 'c', 'h', 'l', 'a', 'g', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "schlarp.com", true */ 's', 'c', 'h', 'l', 'a', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "schlechtewitze.com", true */ 's', 'c', 'h', 'l', 'e', 'c', 'h', 't', 'e', 'w', 'i', 't', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "schlossereieder.at", true */ 's', 'c', 'h', 'l', 'o', 's', 's', 'e', 'r', 'e', 'i', 'e', 'd', 'e', 'r', '.', 'a', 't', '\0',
+  /* "schlueter-software.de", true */ 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '-', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "schmaeh-coaching.ch", true */ 's', 'c', 'h', 'm', 'a', 'e', 'h', '-', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "schmelzle.io", true */ 's', 'c', 'h', 'm', 'e', 'l', 'z', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "schmetterlingsapp.at", true */ 's', 'c', 'h', 'm', 'e', 't', 't', 'e', 'r', 'l', 'i', 'n', 'g', 's', 'a', 'p', 'p', '.', 'a', 't', '\0',
+  /* "schmidthomes.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "schmidtplasticsurgery.com", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "schmidttulskie.de", true */ 's', 'c', 'h', 'm', 'i', 'd', 't', 't', 'u', 'l', 's', 'k', 'i', 'e', '.', 'd', 'e', '\0',
+  /* "schmitt-max.com", true */ 's', 'c', 'h', 'm', 'i', 't', 't', '-', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "schmitz.link", true */ 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "schnegg.name", true */ 's', 'c', 'h', 'n', 'e', 'g', 'g', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "schneids.me", true */ 's', 'c', 'h', 'n', 'e', 'i', 'd', 's', '.', 'm', 'e', '\0',
+  /* "schnellno.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "schnellsuche.de", true */ 's', 'c', 'h', 'n', 'e', 'l', 'l', 's', 'u', 'c', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "schnouki.net", true */ 's', 'c', 'h', 'n', 'o', 'u', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "schnyder-werbung.ch", true */ 's', 'c', 'h', 'n', 'y', 'd', 'e', 'r', '-', 'w', 'e', 'r', 'b', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "schoeck-elektro.de", true */ 's', 'c', 'h', 'o', 'e', 'c', 'k', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "schoepski.de", true */ 's', 'c', 'h', 'o', 'e', 'p', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "schoknecht.net", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "schoknecht.one", true */ 's', 'c', 'h', 'o', 'k', 'n', 'e', 'c', 'h', 't', '.', 'o', 'n', 'e', '\0',
+  /* "schokokeks.org", true */ 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "scholarly.com.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "scholarly.ph", true */ 's', 'c', 'h', 'o', 'l', 'a', 'r', 'l', 'y', '.', 'p', 'h', '\0',
+  /* "scholierenvervoerzeeland.nl", true */ 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "schont.org", true */ 's', 'c', 'h', 'o', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "school.in.th", true */ 's', 'c', 'h', 'o', 'o', 'l', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "schooli.io", true */ 's', 'c', 'h', 'o', 'o', 'l', 'i', '.', 'i', 'o', '\0',
+  /* "schoolotzyv.ru", true */ 's', 'c', 'h', 'o', 'o', 'l', 'o', 't', 'z', 'y', 'v', '.', 'r', 'u', '\0',
+  /* "schoolze.com", true */ 's', 'c', 'h', 'o', 'o', 'l', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "schopenhauer-institut.de", true */ 's', 'c', 'h', 'o', 'p', 'e', 'n', 'h', 'a', 'u', 'e', 'r', '-', 'i', 'n', 's', 't', 'i', 't', 'u', 't', '.', 'd', 'e', '\0',
+  /* "schorel.ovh", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "schorelweb.nl", true */ 's', 'c', 'h', 'o', 'r', 'e', 'l', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "schraebanowicz.net", true */ 's', 'c', 'h', 'r', 'a', 'e', 'b', 'a', 'n', 'o', 'w', 'i', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "schrauger.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "schrauger.info", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "schrauger.net", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "schrauger.org", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "schrauger.run", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'r', 'u', 'n', '\0',
+  /* "schraugerrun.com", true */ 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', 'r', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "schreibers.ca", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', 's', '.', 'c', 'a', '\0',
+  /* "schreibnacht.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'b', 'n', 'a', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "schreinerei-jahreis.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'j', 'a', 'h', 'r', 'e', 'i', 's', '.', 'd', 'e', '\0',
+  /* "schreinerei-wortmann.de", true */ 's', 'c', 'h', 'r', 'e', 'i', 'n', 'e', 'r', 'e', 'i', '-', 'w', 'o', 'r', 't', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "schrenkinzl.at", true */ 's', 'c', 'h', 'r', 'e', 'n', 'k', 'i', 'n', 'z', 'l', '.', 'a', 't', '\0',
+  /* "schritt4fit.de", true */ 's', 'c', 'h', 'r', 'i', 't', 't', '4', 'f', 'i', 't', '.', 'd', 'e', '\0',
+  /* "schrodingersscat.com", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schrodingersscat.org", true */ 's', 'c', 'h', 'r', 'o', 'd', 'i', 'n', 'g', 'e', 'r', 's', 's', 'c', 'a', 't', '.', 'o', 'r', 'g', '\0',
+  /* "schroeder-immobilien-sundern.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'd', 'e', 'r', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "schroepfi.de", true */ 's', 'c', 'h', 'r', 'o', 'e', 'p', 'f', 'i', '.', 'd', 'e', '\0',
+  /* "schrolm.de", true */ 's', 'c', 'h', 'r', 'o', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "schsrch.org", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "schsrch.xyz", true */ 's', 'c', 'h', 's', 'r', 'c', 'h', '.', 'x', 'y', 'z', '\0',
+  /* "schtiehve.duckdns.org", true */ 's', 'c', 'h', 't', 'i', 'e', 'h', 'v', 'e', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "schubergphilis.com", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 'g', 'p', 'h', 'i', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "schubertgmbh-ingelheim.de", true */ 's', 'c', 'h', 'u', 'b', 'e', 'r', 't', 'g', 'm', 'b', 'h', '-', 'i', 'n', 'g', 'e', 'l', 'h', 'e', 'i', 'm', '.', 'd', 'e', '\0',
+  /* "schuhbeck.tk", true */ 's', 'c', 'h', 'u', 'h', 'b', 'e', 'c', 'k', '.', 't', 'k', '\0',
+  /* "schuhwerkstatt.at", true */ 's', 'c', 'h', 'u', 'h', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'a', 't', '\0',
+  /* "schul-bar.de", true */ 's', 'c', 'h', 'u', 'l', '-', 'b', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schulderinsky.de", true */ 's', 'c', 'h', 'u', 'l', 'd', 'e', 'r', 'i', 'n', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "schuler.st", true */ 's', 'c', 'h', 'u', 'l', 'e', 'r', '.', 's', 't', '\0',
+  /* "schulfotograf-deinfoto.ch", true */ 's', 'c', 'h', 'u', 'l', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'd', 'e', 'i', 'n', 'f', 'o', 't', 'o', '.', 'c', 'h', '\0',
+  /* "schull.ch", true */ 's', 'c', 'h', 'u', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "schum.world", true */ 's', 'c', 'h', 'u', 'm', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "schumanandmonnet.eu", true */ 's', 'c', 'h', 'u', 'm', 'a', 'n', 'a', 'n', 'd', 'm', 'o', 'n', 'n', 'e', 't', '.', 'e', 'u', '\0',
+  /* "schummar.de", true */ 's', 'c', 'h', 'u', 'm', 'm', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schunako.ch", true */ 's', 'c', 'h', 'u', 'n', 'a', 'k', 'o', '.', 'c', 'h', '\0',
+  /* "schurkenstaat.net", true */ 's', 'c', 'h', 'u', 'r', 'k', 'e', 'n', 's', 't', 'a', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "schutznetze24.de", true */ 's', 'c', 'h', 'u', 't', 'z', 'n', 'e', 't', 'z', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "schutzwerk.com", true */ 's', 'c', 'h', 'u', 't', 'z', 'w', 'e', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "schwabenhaus-ka.de", true */ 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', 'h', 'a', 'u', 's', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "schwanke.in", true */ 's', 'c', 'h', 'w', 'a', 'n', 'k', 'e', '.', 'i', 'n', '\0',
+  /* "schwarzegar.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'g', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "schwarzer.it", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 'r', '.', 'i', 't', '\0',
+  /* "schwarzes-muenchen.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'e', 's', '-', 'm', 'u', 'e', 'n', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "schwarzhenri.ch", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'h', 'e', 'n', 'r', 'i', '.', 'c', 'h', '\0',
+  /* "schwarztrade.cz", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 't', 'r', 'a', 'd', 'e', '.', 'c', 'z', '\0',
+  /* "schwarzwald-flirt.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', '-', 'f', 'l', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "schwarzwaldcon.de", true */ 's', 'c', 'h', 'w', 'a', 'r', 'z', 'w', 'a', 'l', 'd', 'c', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "schwedenhaus.ag", true */ 's', 'c', 'h', 'w', 'e', 'd', 'e', 'n', 'h', 'a', 'u', 's', '.', 'a', 'g', '\0',
+  /* "schwinabart.com", true */ 's', 'c', 'h', 'w', 'i', 'n', 'a', 'b', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "schwinger.me", true */ 's', 'c', 'h', 'w', 'i', 'n', 'g', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "schwinnbike.ru", true */ 's', 'c', 'h', 'w', 'i', 'n', 'n', 'b', 'i', 'k', 'e', '.', 'r', 'u', '\0',
+  /* "schwuppengrillen.de", true */ 's', 'c', 'h', 'w', 'u', 'p', 'p', 'e', 'n', 'g', 'r', 'i', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "sci-internet.tk", true */ 's', 'c', 'i', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "science-network.ch", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'h', '\0',
+  /* "science-questions.org", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 'q', 'u', 'e', 's', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "science-texts.de", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '-', 't', 'e', 'x', 't', 's', '.', 'd', 'e', '\0',
+  /* "science360.gov", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', '3', '6', '0', '.', 'g', 'o', 'v', '\0',
+  /* "scienceminnesota.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'm', 'i', 'n', 'n', 'e', 's', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sciencesolutions.eu", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'e', 'u', '\0',
+  /* "sciencex.com", true */ 's', 'c', 'i', 'e', 'n', 'c', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "scifi.fyi", true */ 's', 'c', 'i', 'f', 'i', '.', 'f', 'y', 'i', '\0',
+  /* "scimage.com", true */ 's', 'c', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scintilla.nl", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', '.', 'n', 'l', '\0',
+  /* "scintillating.stream", true */ 's', 'c', 'i', 'n', 't', 'i', 'l', 'l', 'a', 't', 'i', 'n', 'g', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "scionasset.com", true */ 's', 'c', 'i', 'o', 'n', 'a', 's', 's', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scis.com.ua", true */ 's', 'c', 'i', 's', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "scistarter.com", true */ 's', 'c', 'i', 's', 't', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "scitopia.me", true */ 's', 'c', 'i', 't', 'o', 'p', 'i', 'a', '.', 'm', 'e', '\0',
+  /* "sckc.stream", true */ 's', 'c', 'k', 'c', '.', 's', 't', 'r', 'e', 'a', 'm', '\0',
+  /* "scm-2017.org", true */ 's', 'c', 'm', '-', '2', '0', '1', '7', '.', 'o', 'r', 'g', '\0',
+  /* "scoolcode.com", true */ 's', 'c', 'o', 'o', 'l', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scooterservis.com", true */ 's', 'c', 'o', 'o', 't', 'e', 'r', 's', 'e', 'r', 'v', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "scootfleet.com", true */ 's', 'c', 'o', 'o', 't', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scopea.fr", true */ 's', 'c', 'o', 'p', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "scorobudem.ru", true */ 's', 'c', 'o', 'r', 'o', 'b', 'u', 'd', 'e', 'm', '.', 'r', 'u', '\0',
+  /* "scorocode.ru", true */ 's', 'c', 'o', 'r', 'o', 'c', 'o', 'd', 'e', '.', 'r', 'u', '\0',
+  /* "scorp13.com", true */ 's', 'c', 'o', 'r', 'p', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "scottgruber.me", true */ 's', 'c', 'o', 't', 't', 'g', 'r', 'u', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "scottgthomas.com", true */ 's', 'c', 'o', 't', 't', 'g', 't', 'h', 'o', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "scotthel.me", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', '.', 'm', 'e', '\0',
+  /* "scotthelme.co.uk", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scotthelme.com", true */ 's', 'c', 'o', 't', 't', 'h', 'e', 'l', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scottstorey.co.uk", true */ 's', 'c', 'o', 't', 't', 's', 't', 'o', 'r', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scottynordstrom.org", false */ 's', 'c', 'o', 't', 't', 'y', 'n', 'o', 'r', 'd', 's', 't', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "scoutdb.ch", true */ 's', 'c', 'o', 'u', 't', 'd', 'b', '.', 'c', 'h', '\0',
+  /* "scoutingridderkerk.nl", true */ 's', 'c', 'o', 'u', 't', 'i', 'n', 'g', 'r', 'i', 'd', 'd', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "scoutnet.de", true */ 's', 'c', 'o', 'u', 't', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "scp-trens.notaires.fr", true */ 's', 'c', 'p', '-', 't', 'r', 'e', 'n', 's', '.', 'n', 'o', 't', 'a', 'i', 'r', 'e', 's', '.', 'f', 'r', '\0',
+  /* "scp500.com", true */ 's', 'c', 'p', '5', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "scpartyentertainment.co.uk", true */ 's', 'c', 'p', 'a', 'r', 't', 'y', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scrambox.com", true */ 's', 'c', 'r', 'a', 'm', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "scramget.com", true */ 's', 'c', 'r', 'a', 'm', 'g', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scramsoft.com", true */ 's', 'c', 'r', 'a', 'm', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "scrap.tf", true */ 's', 'c', 'r', 'a', 'p', '.', 't', 'f', '\0',
+  /* "scrayos.net", true */ 's', 'c', 'r', 'a', 'y', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "scredible.com", true */ 's', 'c', 'r', 'e', 'd', 'i', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "screen64.tk", true */ 's', 'c', 'r', 'e', 'e', 'n', '6', '4', '.', 't', 'k', '\0',
+  /* "screenlight.tv", true */ 's', 'c', 'r', 'e', 'e', 'n', 'l', 'i', 'g', 'h', 't', '.', 't', 'v', '\0',
+  /* "screenparadigm.com", true */ 's', 'c', 'r', 'e', 'e', 'n', 'p', 'a', 'r', 'a', 'd', 'i', 'g', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "scripo-bay.com", true */ 's', 'c', 'r', 'i', 'p', 'o', '-', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "script.google.com", true */ 's', 'c', 'r', 'i', 'p', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "scriptgates.ru", true */ 's', 'c', 'r', 'i', 'p', 't', 'g', 'a', 't', 'e', 's', '.', 'r', 'u', '\0',
+  /* "scriptum.gr", true */ 's', 'c', 'r', 'i', 'p', 't', 'u', 'm', '.', 'g', 'r', '\0',
+  /* "scrisulfacebine.ro", true */ 's', 'c', 'r', 'i', 's', 'u', 'l', 'f', 'a', 'c', 'e', 'b', 'i', 'n', 'e', '.', 'r', 'o', '\0',
+  /* "scruffymen.com", true */ 's', 'c', 'r', 'u', 'f', 'f', 'y', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "scrumbleship.com", true */ 's', 'c', 'r', 'u', 'm', 'b', 'l', 'e', 's', 'h', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "scrumstack.co.uk", true */ 's', 'c', 'r', 'u', 'm', 's', 't', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scryfall.com", true */ 's', 'c', 'r', 'y', 'f', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "scs-simulatoren.de", true */ 's', 'c', 's', '-', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "scswam.com", true */ 's', 'c', 's', 'w', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sctrainingllc.com", true */ 's', 'c', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 'l', 'l', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "scubadiving-phuket.com", true */ 's', 'c', 'u', 'b', 'a', 'd', 'i', 'v', 'i', 'n', 'g', '-', 'p', 'h', 'u', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sculpture.support", true */ 's', 'c', 'u', 'l', 'p', 't', 'u', 'r', 'e', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0',
+  /* "scuolaguidalame.ch", true */ 's', 'c', 'u', 'o', 'l', 'a', 'g', 'u', 'i', 'd', 'a', 'l', 'a', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "scw.com", true */ 's', 'c', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "scw.nz", true */ 's', 'c', 'w', '.', 'n', 'z', '\0',
+  /* "scwilliams.co.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "scwilliams.uk", true */ 's', 'c', 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', '.', 'u', 'k', '\0',
+  /* "sd.af", true */ 's', 'd', '.', 'a', 'f', '\0',
+  /* "sdcardrecovery.de", true */ 's', 'd', 'c', 'a', 'r', 'd', 'r', 'e', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'd', 'e', '\0',
+  /* "sdho.org", true */ 's', 'd', 'h', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "sdns.fr", true */ 's', 'd', 'n', 's', '.', 'f', 'r', '\0',
+  /* "sdsi.us", true */ 's', 'd', 's', 'i', '.', 'u', 's', '\0',
+  /* "sdsmanagement.me", true */ 's', 'd', 's', 'm', 'a', 'n', 'a', 'g', 'e', 'm', 'e', 'n', 't', '.', 'm', 'e', '\0',
+  /* "sdsmt.engineering", true */ 's', 'd', 's', 'm', 't', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "sdvigpress.org", true */ 's', 'd', 'v', 'i', 'g', 'p', 'r', 'e', 's', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sdvx.net", true */ 's', 'd', 'v', 'x', '.', 'n', 'e', 't', '\0',
+  /* "se.search.yahoo.com", false */ 's', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sea-godzilla.com", true */ 's', 'e', 'a', '-', 'g', 'o', 'd', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "seacam-store.com", true */ 's', 'e', 'a', 'c', 'a', 'm', '-', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seafood.co.nz", true */ 's', 'e', 'a', 'f', 'o', 'o', 'd', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "seaholmwines.com", true */ 's', 'e', 'a', 'h', 'o', 'l', 'm', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sealbaker.com", true */ 's', 'e', 'a', 'l', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sealtitebasement.com", true */ 's', 'e', 'a', 'l', 't', 'i', 't', 'e', 'b', 'a', 's', 'e', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "seamless.no", true */ 's', 'e', 'a', 'm', 'l', 'e', 's', 's', '.', 'n', 'o', '\0',
+  /* "seanholcroft.co.uk", true */ 's', 'e', 'a', 'n', 'h', 'o', 'l', 'c', 'r', 'o', 'f', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "seankilgarriff.com", true */ 's', 'e', 'a', 'n', 'k', 'i', 'l', 'g', 'a', 'r', 'r', 'i', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "seanstrout.com", true */ 's', 'e', 'a', 'n', 's', 't', 'r', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "seansyardservice.com", true */ 's', 'e', 'a', 'n', 's', 'y', 'a', 'r', 'd', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seaplayhomes.com", true */ 's', 'e', 'a', 'p', 'l', 'a', 'y', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "search-job-in.com", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'j', 'o', 'b', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "search-one.de", true */ 's', 'e', 'a', 'r', 'c', 'h', '-', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "search.gov", true */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'g', 'o', 'v', '\0',
+  /* "search.yahoo.com", false */ 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "searchbrothers.at", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'a', 't', '\0',
+  /* "searchbrothers.ch", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "searchbrothers.co.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "searchbrothers.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "searchbrothers.de", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "searchbrothers.dk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'd', 'k', '\0',
+  /* "searchbrothers.es", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "searchbrothers.fr", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "searchbrothers.it", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'i', 't', '\0',
+  /* "searchbrothers.nl", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "searchbrothers.ru", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'r', 'u', '\0',
+  /* "searchbrothers.uk", true */ 's', 'e', 'a', 'r', 'c', 'h', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', '.', 'u', 'k', '\0',
+  /* "searchdatalogy.com", true */ 's', 'e', 'a', 'r', 'c', 'h', 'd', 'a', 't', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "searchgov.gov.il", true */ 's', 'e', 'a', 'r', 'c', 'h', 'g', 'o', 'v', '.', 'g', 'o', 'v', '.', 'i', 'l', '\0',
+  /* "seareytraining.com", true */ 's', 'e', 'a', 'r', 'e', 'y', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "seasons.nu", false */ 's', 'e', 'a', 's', 'o', 'n', 's', '.', 'n', 'u', '\0',
+  /* "seatbeltpledge.com", true */ 's', 'e', 'a', 't', 'b', 'e', 'l', 't', 'p', 'l', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seattle-life.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', '-', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "seattlefabrication.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'f', 'a', 'b', 'r', 'i', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seattlemesh.net", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'm', 'e', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "seattleprivacy.org", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "seattlewalkinbathtubs.com", true */ 's', 'e', 'a', 't', 't', 'l', 'e', 'w', 'a', 'l', 'k', 'i', 'n', 'b', 'a', 't', 'h', 't', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "seb-mgl.de", true */ 's', 'e', 'b', '-', 'm', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "sebascelis.com", true */ 's', 'e', 'b', 'a', 's', 'c', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sebastiaandouma.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'a', 'n', 'd', 'o', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sebastian-janich.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'j', 'a', 'n', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sebastian-kraus.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'k', 'r', 'a', 'u', 's', '.', 'm', 'e', '\0',
+  /* "sebastian-lutsch.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 'l', 'u', 't', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sebastian-schmidt.me", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '-', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'm', 'e', '\0',
+  /* "sebastian.expert", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "sebastianblade.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sebastianboegl.de", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'n', 'b', 'o', 'e', 'g', 'l', '.', 'd', 'e', '\0',
+  /* "sebastiaperis.com", true */ 's', 'e', 'b', 'a', 's', 't', 'i', 'a', 'p', 'e', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sebi.cf", true */ 's', 'e', 'b', 'i', '.', 'c', 'f', '\0',
+  /* "sebi.org", true */ 's', 'e', 'b', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "sec-mails.de", true */ 's', 'e', 'c', '-', 'm', 'a', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "sec-research.com", true */ 's', 'e', 'c', '-', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sec-wiki.com", true */ 's', 'e', 'c', '-', 'w', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sec.ec", true */ 's', 'e', 'c', '.', 'e', 'c', '\0',
+  /* "sec.gd", true */ 's', 'e', 'c', '.', 'g', 'd', '\0',
+  /* "sec3ure.co.uk", true */ 's', 'e', 'c', '3', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "secanje.nl", true */ 's', 'e', 'c', 'a', 'n', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "secboom.com", true */ 's', 'e', 'c', 'b', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "seccom.ch", true */ 's', 'e', 'c', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "seccomp.ru", true */ 's', 'e', 'c', 'c', 'o', 'm', 'p', '.', 'r', 'u', '\0',
+  /* "secctexasgiving.org", false */ 's', 'e', 'c', 'c', 't', 'e', 'x', 'a', 's', 'g', 'i', 'v', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "secgui.de", true */ 's', 'e', 'c', 'g', 'u', 'i', '.', 'd', 'e', '\0',
+  /* "sech.me", true */ 's', 'e', 'c', 'h', '.', 'm', 'e', '\0',
+  /* "secitem.at", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'a', 't', '\0',
+  /* "secitem.eu", true */ 's', 'e', 'c', 'i', 't', 'e', 'm', '.', 'e', 'u', '\0',
+  /* "secnews.gr", true */ 's', 'e', 'c', 'n', 'e', 'w', 's', '.', 'g', 'r', '\0',
+  /* "secomo.org", true */ 's', 'e', 'c', 'o', 'm', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "seconfig.sytes.net", true */ 's', 'e', 'c', 'o', 'n', 'f', 'i', 'g', '.', 's', 'y', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "secpatrol.de", true */ 's', 'e', 'c', 'p', 'a', 't', 'r', 'o', 'l', '.', 'd', 'e', '\0',
+  /* "secretar.is", true */ 's', 'e', 'c', 'r', 'e', 't', 'a', 'r', '.', 'i', 's', '\0',
+  /* "secretofanah.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'o', 'f', 'a', 'n', 'a', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "secretpanties.com", true */ 's', 'e', 'c', 'r', 'e', 't', 'p', 'a', 'n', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secretsanta.fr", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'a', 'n', 't', 'a', '.', 'f', 'r', '\0',
+  /* "secretserveronline.com", true */ 's', 'e', 'c', 'r', 'e', 't', 's', 'e', 'r', 'v', 'e', 'r', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "secretum.tech", true */ 's', 'e', 'c', 'r', 'e', 't', 'u', 'm', '.', 't', 'e', 'c', 'h', '\0',
+  /* "sectelligence.nl", true */ 's', 'e', 'c', 't', 'e', 'l', 'l', 'i', 'g', 'e', 'n', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "sectio-aurea.org", true */ 's', 'e', 'c', 't', 'i', 'o', '-', 'a', 'u', 'r', 'e', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "section-31.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '-', '3', '1', '.', 'o', 'r', 'g', '\0',
+  /* "section.io", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "section508.gov", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', '5', '0', '8', '.', 'g', 'o', 'v', '\0',
+  /* "sectionw2s.org", true */ 's', 'e', 'c', 't', 'i', 'o', 'n', 'w', '2', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sector5.xyz", true */ 's', 'e', 'c', 't', 'o', 'r', '5', '.', 'x', 'y', 'z', '\0',
+  /* "secumail.nl", true */ 's', 'e', 'c', 'u', 'm', 'a', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "secundity.nl", true */ 's', 'e', 'c', 'u', 'n', 'd', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "securai.de", true */ 's', 'e', 'c', 'u', 'r', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "secure-graphic.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'r', 'a', 'p', 'h', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "secure-gw.de", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 'g', 'w', '.', 'd', 'e', '\0',
+  /* "secure-server-hosting.com", true */ 's', 'e', 'c', 'u', 'r', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "secure.advancepayroll.com.au", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'a', 'd', 'v', 'a', 'n', 'c', 'e', 'p', 'a', 'y', 'r', 'o', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "secure.chat", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'h', 'a', 't', '\0',
+  /* "secure.co.hu", true */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'c', 'o', '.', 'h', 'u', '\0',
+  /* "secure.facebook.com", false */ 's', 'e', 'c', 'u', 'r', 'e', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securedrop.org", true */ 's', 'e', 'c', 'u', 'r', 'e', 'd', 'r', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "secureesolutions.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secureheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secureideas.com", false */ 's', 'e', 'c', 'u', 'r', 'e', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securejabber.me", true */ 's', 'e', 'c', 'u', 'r', 'e', 'j', 'a', 'b', 'b', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "securelect-inspection.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 'l', 'e', 'c', 't', '-', 'i', 'n', 's', 'p', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "secureonline.co", true */ 's', 'e', 'c', 'u', 'r', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "securethe.news", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', '.', 'n', 'e', 'w', 's', '\0',
+  /* "securetheorem.com", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'h', 'e', 'o', 'r', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "securetronic.ch", true */ 's', 'e', 'c', 'u', 'r', 'e', 't', 'r', 'o', 'n', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "securi-tay.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', '-', 't', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "securify.nl", true */ 's', 'e', 'c', 'u', 'r', 'i', 'f', 'y', '.', 'n', 'l', '\0',
+  /* "securiscan.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "security-24-7.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', '2', '4', '-', '7', '.', 'c', 'o', 'm', '\0',
+  /* "security-brokers.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '-', 'b', 'r', 'o', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "security.gives", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'i', 'v', 'e', 's', '\0',
+  /* "security.google.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "security.love", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "security201.co.uk", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "security201.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '2', '0', '1', '.', 'c', 'o', 'm', '\0',
+  /* "securitybrief.asia", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'a', 's', 'i', 'a', '\0',
+  /* "securitybrief.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "securitybrief.com.au", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "securitybrief.eu", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'b', 'r', 'i', 'e', 'f', '.', 'e', 'u', '\0',
+  /* "securityfest.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "securityheaders.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securityheaders.io", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'h', 'e', 'a', 'd', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "securityinet.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'i', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "securitykey.co", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', '.', 'c', 'o', '\0',
+  /* "securitymap.wiki", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'm', 'a', 'p', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "securitypluspro.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'l', 'u', 's', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "securityprimes.in", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'p', 'r', 'i', 'm', 'e', 's', '.', 'i', 'n', '\0',
+  /* "securitysnobs.com", false */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 'n', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "securitystrata.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "securitystreak.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 's', 't', 'r', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securitytalk.pl", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 't', 'a', 'l', 'k', '.', 'p', 'l', '\0',
+  /* "securitywatch.co.nz", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "securitywithnick.com", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'n', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "securitywithoutborders.org", true */ 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'w', 'i', 't', 'h', 'o', 'u', 't', 'b', 'o', 'r', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "securocloud.com", true */ 's', 'e', 'c', 'u', 'r', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "secutrans.com", true */ 's', 'e', 'c', 'u', 't', 'r', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "secuvera.de", true */ 's', 'e', 'c', 'u', 'v', 'e', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "secwall.me", true */ 's', 'e', 'c', 'w', 'a', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "secwise.nl", true */ 's', 'e', 'c', 'w', 'i', 's', 'e', '.', 'n', 'l', '\0',
+  /* "sedeusquiser.net", true */ 's', 'e', 'd', 'e', 'u', 's', 'q', 'u', 'i', 's', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sedussa.ro", true */ 's', 'e', 'd', 'u', 's', 's', 'a', '.', 'r', 'o', '\0',
+  /* "seeclop.ch", true */ 's', 'e', 'e', 'c', 'l', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "seedalpha.com", true */ 's', 'e', 'e', 'd', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "seedbox.fr", true */ 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "seedsofangelica.net", true */ 's', 'e', 'e', 'd', 's', 'o', 'f', 'a', 'n', 'g', 'e', 'l', 'i', 'c', 'a', '.', 'n', 'e', 't', '\0',
+  /* "seekers.ch", true */ 's', 'e', 'e', 'k', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "seeks.ru", true */ 's', 'e', 'e', 'k', 's', '.', 'r', 'u', '\0',
+  /* "seekthe.net", true */ 's', 'e', 'e', 'k', 't', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "seemeagain.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 'g', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seemeasaperson.com", true */ 's', 'e', 'e', 'm', 'e', 'a', 's', 'a', 'p', 'e', 'r', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "seesuite.com", true */ 's', 'e', 'e', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seewhatididhere.com", true */ 's', 'e', 'e', 'w', 'h', 'a', 't', 'i', 'd', 'i', 'd', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seeworkdone.com", true */ 's', 'e', 'e', 'w', 'o', 'r', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sefru.de", true */ 's', 'e', 'f', 'r', 'u', '.', 'd', 'e', '\0',
+  /* "seg-leipzig.org", true */ 's', 'e', 'g', '-', 'l', 'e', 'i', 'p', 'z', 'i', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "segitz.de", true */ 's', 'e', 'g', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "segmetic.com", true */ 's', 'e', 'g', 'm', 'e', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "segulink.com", true */ 's', 'e', 'g', 'u', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "segurosbalboa.com.ec", false */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'b', 'a', 'l', 'b', 'o', 'a', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "segurosocial.gov", true */ 's', 'e', 'g', 'u', 'r', 'o', 's', 'o', 'c', 'i', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "seguroviagem.srv.br", true */ 's', 'e', 'g', 'u', 'r', 'o', 'v', 'i', 'a', 'g', 'e', 'm', '.', 's', 'r', 'v', '.', 'b', 'r', '\0',
+  /* "sehnenweh.org", true */ 's', 'e', 'h', 'n', 'e', 'n', 'w', 'e', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "seida.at", true */ 's', 'e', 'i', 'd', 'a', '.', 'a', 't', '\0',
+  /* "seifried.org", true */ 's', 'e', 'i', 'f', 'r', 'i', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "seikatu-navi.com", true */ 's', 'e', 'i', 'k', 'a', 't', 'u', '-', 'n', 'a', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "seinfeldquote.com", true */ 's', 'e', 'i', 'n', 'f', 'e', 'l', 'd', 'q', 'u', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seiryokuzai-ch.com", true */ 's', 'e', 'i', 'r', 'y', 'o', 'k', 'u', 'z', 'a', 'i', '-', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "seitai-taiyou.com", true */ 's', 'e', 'i', 't', 'a', 'i', '-', 't', 'a', 'i', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "seitenwaelzer.de", true */ 's', 'e', 'i', 't', 'e', 'n', 'w', 'a', 'e', 'l', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "sekisonn.com", true */ 's', 'e', 'k', 'i', 's', 'o', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "selbys.net.au", true */ 's', 'e', 'l', 'b', 'y', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "selco-himejiminami.com", true */ 's', 'e', 'l', 'c', 'o', '-', 'h', 'i', 'm', 'e', 'j', 'i', 'm', 'i', 'n', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "selected-properties.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'd', '-', 'p', 'r', 'o', 'p', 'e', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selectel.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "selectel.ru", true */ 's', 'e', 'l', 'e', 'c', 't', 'e', 'l', '.', 'r', 'u', '\0',
+  /* "selectorders.com", true */ 's', 'e', 'l', 'e', 'c', 't', 'o', 'r', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selegiline.com", true */ 's', 'e', 'l', 'e', 'g', 'i', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "selent.me", true */ 's', 'e', 'l', 'e', 'n', 't', '.', 'm', 'e', '\0',
+  /* "self-evident.org", true */ 's', 'e', 'l', 'f', '-', 'e', 'v', 'i', 'd', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "self-signed.com", true */ 's', 'e', 'l', 'f', '-', 's', 'i', 'g', 'n', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "self.nu", true */ 's', 'e', 'l', 'f', '.', 'n', 'u', '\0',
+  /* "selfassess.govt.nz", true */ 's', 'e', 'l', 'f', 'a', 's', 's', 'e', 's', 's', '.', 'g', 'o', 'v', 't', '.', 'n', 'z', '\0',
+  /* "selfdestruct.net", true */ 's', 'e', 'l', 'f', 'd', 'e', 's', 't', 'r', 'u', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "selfhosters.com", true */ 's', 'e', 'l', 'f', 'h', 'o', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selfici.com", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "selfici.cz", true */ 's', 'e', 'l', 'f', 'i', 'c', 'i', '.', 'c', 'z', '\0',
+  /* "selfishness.com", true */ 's', 'e', 'l', 'f', 'i', 's', 'h', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "selfloath.in", true */ 's', 'e', 'l', 'f', 'l', 'o', 'a', 't', 'h', '.', 'i', 'n', '\0',
+  /* "selfmade4u.de", true */ 's', 'e', 'l', 'f', 'm', 'a', 'd', 'e', '4', 'u', '.', 'd', 'e', '\0',
+  /* "selkiemckatrick.com", true */ 's', 'e', 'l', 'k', 'i', 'e', 'm', 'c', 'k', 'a', 't', 'r', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sellajoch.com", true */ 's', 'e', 'l', 'l', 'a', 'j', 'o', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sellguard.pl", true */ 's', 'e', 'l', 'l', 'g', 'u', 'a', 'r', 'd', '.', 'p', 'l', '\0',
+  /* "sellme.biz", true */ 's', 'e', 'l', 'l', 'm', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "seltendoof.de", true */ 's', 'e', 'l', 't', 'e', 'n', 'd', 'o', 'o', 'f', '.', 'd', 'e', '\0',
+  /* "semacode.com", true */ 's', 'e', 'm', 'a', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "semaflex.it", true */ 's', 'e', 'm', 'a', 'f', 'l', 'e', 'x', '.', 'i', 't', '\0',
+  /* "semaphore-studios.com", true */ 's', 'e', 'm', 'a', 'p', 'h', 'o', 'r', 'e', '-', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sementes.gratis", true */ 's', 'e', 'm', 'e', 'n', 't', 'e', 's', '.', 'g', 'r', 'a', 't', 'i', 's', '\0',
+  /* "semianalog.com", true */ 's', 'e', 'm', 'i', 'a', 'n', 'a', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "seminariruum.ee", true */ 's', 'e', 'm', 'i', 'n', 'a', 'r', 'i', 'r', 'u', 'u', 'm', '.', 'e', 'e', '\0',
+  /* "semiocast.com", true */ 's', 'e', 'm', 'i', 'o', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "semjonov.de", true */ 's', 'e', 'm', 'j', 'o', 'n', 'o', 'v', '.', 'd', 'e', '\0',
+  /* "semmlers.com", true */ 's', 'e', 'm', 'm', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "semox.de", true */ 's', 'e', 'm', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "semps-2fa.de", true */ 's', 'e', 'm', 'p', 's', '-', '2', 'f', 'a', '.', 'd', 'e', '\0',
+  /* "semps-threema.de", true */ 's', 'e', 'm', 'p', 's', '-', 't', 'h', 'r', 'e', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "semyonov.su", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 's', 'u', '\0',
+  /* "semyonov.us", true */ 's', 'e', 'm', 'y', 'o', 'n', 'o', 'v', '.', 'u', 's', '\0',
+  /* "senarius.de", true */ 's', 'e', 'n', 'a', 'r', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "sendai-sisters.com", true */ 's', 'e', 'n', 'd', 'a', 'i', '-', 's', 'i', 's', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sendc.at", true */ 's', 'e', 'n', 'd', 'c', '.', 'a', 't', '\0',
+  /* "sendcat.com", true */ 's', 'e', 'n', 'd', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sendinvoice.nl", true */ 's', 'e', 'n', 'd', 'i', 'n', 'v', 'o', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "sendonce.io", true */ 's', 'e', 'n', 'd', 'o', 'n', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "sendthisfile.com", true */ 's', 'e', 'n', 'd', 't', 'h', 'i', 's', 'f', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sendway.com", true */ 's', 'e', 'n', 'd', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sendya.me", true */ 's', 'e', 'n', 'd', 'y', 'a', '.', 'm', 'e', '\0',
+  /* "sengokulife.com", true */ 's', 'e', 'n', 'g', 'o', 'k', 'u', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seniors.singles", true */ 's', 'e', 'n', 'i', 'o', 'r', 's', '.', 's', 'i', 'n', 'g', 'l', 'e', 's', '\0',
+  /* "senmendai-reform.com", true */ 's', 'e', 'n', 'm', 'e', 'n', 'd', 'a', 'i', '-', 'r', 'e', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "senmonsyoku.top", true */ 's', 'e', 'n', 'm', 'o', 'n', 's', 'y', 'o', 'k', 'u', '.', 't', 'o', 'p', '\0',
+  /* "senorcontento.com", true */ 's', 'e', 'n', 'o', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sensebridge.com", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sensebridge.net", true */ 's', 'e', 'n', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sensepixel.com", true */ 's', 'e', 'n', 's', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "senshudo.tv", true */ 's', 'e', 'n', 's', 'h', 'u', 'd', 'o', '.', 't', 'v', '\0',
+  /* "sensualism.com", true */ 's', 'e', 'n', 's', 'u', 'a', 'l', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sentinel.gov", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "sentinelproject.io", true */ 's', 'e', 'n', 't', 'i', 'n', 'e', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "sentry.io", true */ 's', 'e', 'n', 't', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "senzaparole.de", true */ 's', 'e', 'n', 'z', 'a', 'p', 'a', 'r', 'o', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "seo-analyse.com", true */ 's', 'e', 'o', '-', 'a', 'n', 'a', 'l', 'y', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seo-linz.at", true */ 's', 'e', 'o', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "seo-nerd.de", true */ 's', 'e', 'o', '-', 'n', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "seo-portal.de", true */ 's', 'e', 'o', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "seo.consulting", true */ 's', 'e', 'o', '.', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '\0',
+  /* "seo.london", true */ 's', 'e', 'o', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "seo.tl", true */ 's', 'e', 'o', '.', 't', 'l', '\0',
+  /* "seoagentur2go.de", true */ 's', 'e', 'o', 'a', 'g', 'e', 'n', 't', 'u', 'r', '2', 'g', 'o', '.', 'd', 'e', '\0',
+  /* "seoarchive.org", true */ 's', 'e', 'o', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "seocomposer.com", true */ 's', 'e', 'o', 'c', 'o', 'm', 'p', 'o', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "seogeek.nl", true */ 's', 'e', 'o', 'g', 'e', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "seohochschule.de", true */ 's', 'e', 'o', 'h', 'o', 'c', 'h', 's', 'c', 'h', 'u', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "seoinc.com", true */ 's', 'e', 'o', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "seoium.com", true */ 's', 'e', 'o', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "seokay.com", true */ 's', 'e', 'o', 'k', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "seolib.org", true */ 's', 'e', 'o', 'l', 'i', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "seomen.biz", true */ 's', 'e', 'o', 'm', 'e', 'n', '.', 'b', 'i', 'z', '\0',
+  /* "seon.me", true */ 's', 'e', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "seoprovider.nl", true */ 's', 'e', 'o', 'p', 'r', 'o', 'v', 'i', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "seoquake.com", true */ 's', 'e', 'o', 'q', 'u', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "seosof.com", true */ 's', 'e', 'o', 's', 'o', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "seoul.dating", true */ 's', 'e', 'o', 'u', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "seouniversity.org", true */ 's', 'e', 'o', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "sepalandseed.com", true */ 's', 'e', 'p', 'a', 'l', 'a', 'n', 'd', 's', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sephr.com", true */ 's', 'e', 'p', 'h', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sepie.gob.es", true */ 's', 'e', 'p', 'i', 'e', '.', 'g', 'o', 'b', '.', 'e', 's', '\0',
+  /* "seppelec.com", true */ 's', 'e', 'p', 'p', 'e', 'l', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "seproco.com", true */ 's', 'e', 'p', 'r', 'o', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "septakkordeon.de", true */ 's', 'e', 'p', 't', 'a', 'k', 'k', 'o', 'r', 'd', 'e', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "septfinance.ch", true */ 's', 'e', 'p', 't', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "septillion.cn", true */ 's', 'e', 'p', 't', 'i', 'l', 'l', 'i', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "septs.pw", true */ 's', 'e', 'p', 't', 's', '.', 'p', 'w', '\0',
+  /* "sequencing.com", true */ 's', 'e', 'q', 'u', 'e', 'n', 'c', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sequiturs.com", true */ 's', 'e', 'q', 'u', 'i', 't', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sera.jp", true */ 's', 'e', 'r', 'a', '.', 'j', 'p', '\0',
+  /* "serafin.tech", true */ 's', 'e', 'r', 'a', 'f', 'i', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "seraph.tokyo", true */ 's', 'e', 'r', 'a', 'p', 'h', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "serbanpaun.ro", true */ 's', 'e', 'r', 'b', 'a', 'n', 'p', 'a', 'u', 'n', '.', 'r', 'o', '\0',
+  /* "sereema.com", true */ 's', 'e', 'r', 'e', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "serenaden.at", true */ 's', 'e', 'r', 'e', 'n', 'a', 'd', 'e', 'n', '.', 'a', 't', '\0',
+  /* "serf.io", true */ 's', 'e', 'r', 'f', '.', 'i', 'o', '\0',
+  /* "sergefonville.nl", true */ 's', 'e', 'r', 'g', 'e', 'f', 'o', 'n', 'v', 'i', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "sergeyreznikov.com", true */ 's', 'e', 'r', 'g', 'e', 'y', 'r', 'e', 'z', 'n', 'i', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "sergije-stanic.me", true */ 's', 'e', 'r', 'g', 'i', 'j', 'e', '-', 's', 't', 'a', 'n', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "sergiosantoro.it", true */ 's', 'e', 'r', 'g', 'i', 'o', 's', 'a', 'n', 't', 'o', 'r', 'o', '.', 'i', 't', '\0',
+  /* "sergos.de", true */ 's', 'e', 'r', 'g', 'o', 's', '.', 'd', 'e', '\0',
+  /* "serienstream.to", true */ 's', 'e', 'r', 'i', 'e', 'n', 's', 't', 'r', 'e', 'a', 'm', '.', 't', 'o', '\0',
+  /* "serigraphs.co.uk", true */ 's', 'e', 'r', 'i', 'g', 'r', 'a', 'p', 'h', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "seriousclimbing.com", true */ 's', 'e', 'r', 'i', 'o', 'u', 's', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sernate.com", true */ 's', 'e', 'r', 'n', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "serpenteq.com", true */ 's', 'e', 'r', 'p', 'e', 'n', 't', 'e', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "serrano-chris.ch", true */ 's', 'e', 'r', 'r', 'a', 'n', 'o', '-', 'c', 'h', 'r', 'i', 's', '.', 'c', 'h', '\0',
+  /* "servdiscount.com", true */ 's', 'e', 'r', 'v', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "serve-a.com.au", true */ 's', 'e', 'r', 'v', 'e', '-', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "servea.com.au", true */ 's', 'e', 'r', 'v', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "serveatechnologies.com", true */ 's', 'e', 'r', 'v', 'e', 'a', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "servecrypt.net", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'n', 'e', 't', '\0',
+  /* "servecrypt.ru", true */ 's', 'e', 'r', 'v', 'e', 'c', 'r', 'y', 'p', 't', '.', 'r', 'u', '\0',
+  /* "servemnaction.org", true */ 's', 'e', 'r', 'v', 'e', 'm', 'n', 'a', 'c', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "servepublic.com", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "servepublic.org", true */ 's', 'e', 'r', 'v', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "server-bg.net", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'b', 'g', '.', 'n', 'e', 't', '\0',
+  /* "server-daten.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "server-datenrettung.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'd', 'a', 't', 'e', 'n', 'r', 'e', 't', 't', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "server-eye.de", true */ 's', 'e', 'r', 'v', 'e', 'r', '-', 'e', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "server.pk", true */ 's', 'e', 'r', 'v', 'e', 'r', '.', 'p', 'k', '\0',
+  /* "serveradminz.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'a', 'd', 'm', 'i', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "serverco.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "serverd.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "serverfrog.de", true */ 's', 'e', 'r', 'v', 'e', 'r', 'f', 'r', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "serverlog.net", true */ 's', 'e', 'r', 'v', 'e', 'r', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "serveroffline.net", false */ 's', 'e', 'r', 'v', 'e', 'r', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "servers4all.co.uk", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', '4', 'a', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "serversftw.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'f', 't', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "serverstuff.info", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 't', 'u', 'f', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "serversuit.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 's', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "servertastic.com", true */ 's', 'e', 'r', 'v', 'e', 'r', 't', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "servethecity-karlsruhe.de", true */ 's', 'e', 'r', 'v', 'e', 't', 'h', 'e', 'c', 'i', 't', 'y', '-', 'k', 'a', 'r', 'l', 's', 'r', 'u', 'h', 'e', '.', 'd', 'e', '\0',
+  /* "servgate.jp", true */ 's', 'e', 'r', 'v', 'g', 'a', 't', 'e', '.', 'j', 'p', '\0',
+  /* "service.gov.uk", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "serviceboss.de", true */ 's', 'e', 'r', 'v', 'i', 'c', 'e', 'b', 'o', 's', 's', '.', 'd', 'e', '\0',
+  /* "serviettenhaus.de", true */ 's', 'e', 'r', 'v', 'i', 'e', 't', 't', 'e', 'n', 'h', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "servingbaby.com", true */ 's', 'e', 'r', 'v', 'i', 'n', 'g', 'b', 'a', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "servious.org", true */ 's', 'e', 'r', 'v', 'i', 'o', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "servpanel.de", false */ 's', 'e', 'r', 'v', 'p', 'a', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "serw.org", true */ 's', 'e', 'r', 'w', '.', 'o', 'r', 'g', '\0',
+  /* "seryox.com", true */ 's', 'e', 'r', 'y', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sesslerimmo.ch", true */ 's', 'e', 's', 's', 'l', 'e', 'r', 'i', 'm', 'm', 'o', '.', 'c', 'h', '\0',
+  /* "setfix.de", true */ 's', 'e', 't', 'f', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "sethcaplan.com", true */ 's', 'e', 't', 'h', 'c', 'a', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sethvargo.com", true */ 's', 'e', 't', 'h', 'v', 'a', 'r', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "seti-germany.de", true */ 's', 'e', 't', 'i', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "setkit.net", true */ 's', 'e', 't', 'k', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "settberg.de", true */ 's', 'e', 't', 't', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "setterirlandes.com.br", true */ 's', 'e', 't', 't', 'e', 'r', 'i', 'r', 'l', 'a', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "settleapp.co", true */ 's', 'e', 't', 't', 'l', 'e', 'a', 'p', 'p', '.', 'c', 'o', '\0',
+  /* "setuid0.kr", true */ 's', 'e', 't', 'u', 'i', 'd', '0', '.', 'k', 'r', '\0',
+  /* "setyoursite.nl", true */ 's', 'e', 't', 'y', 'o', 'u', 'r', 's', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "seven-purple.com", true */ 's', 'e', 'v', 'e', 'n', '-', 'p', 'u', 'r', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sevencooks.com", true */ 's', 'e', 'v', 'e', 'n', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sevenet.pl", true */ 's', 'e', 'v', 'e', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "sevenhillsapartments.com.au", true */ 's', 'e', 'v', 'e', 'n', 'h', 'i', 'l', 'l', 's', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sevenmatches.com", true */ 's', 'e', 'v', 'e', 'n', 'm', 'a', 't', 'c', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "severine-trousselard.com", true */ 's', 'e', 'v', 'e', 'r', 'i', 'n', 'e', '-', 't', 'r', 'o', 'u', 's', 's', 'e', 'l', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "severntrentinsuranceportal.com", true */ 's', 'e', 'v', 'e', 'r', 'n', 't', 'r', 'e', 'n', 't', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sevinci.ch", true */ 's', 'e', 'v', 'i', 'n', 'c', 'i', '.', 'c', 'h', '\0',
+  /* "sevsey.ru", true */ 's', 'e', 'v', 's', 'e', 'y', '.', 'r', 'u', '\0',
+  /* "sevsopr.ru", true */ 's', 'e', 'v', 's', 'o', 'p', 'r', '.', 'r', 'u', '\0',
+  /* "sewafineseam.com", true */ 's', 'e', 'w', 'a', 'f', 'i', 'n', 'e', 's', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sewinginsight.com", true */ 's', 'e', 'w', 'i', 'n', 'g', 'i', 'n', 's', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sewoo.co.uk", true */ 's', 'e', 'w', 'o', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sex-education.com", true */ 's', 'e', 'x', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sexaki.com", true */ 's', 'e', 'x', 'a', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sexgarage.de", true */ 's', 'e', 'x', 'g', 'a', 'r', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "sexmobil.de", true */ 's', 'e', 'x', 'm', 'o', 'b', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "sexocomgravidas.com", true */ 's', 'e', 'x', 'o', 'c', 'o', 'm', 'g', 'r', 'a', 'v', 'i', 'd', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sexpay.net", true */ 's', 'e', 'x', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "sexservice.io", true */ 's', 'e', 'x', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'i', 'o', '\0',
+  /* "sexshopfacil.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'f', 'a', 'c', 'i', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sexshopnet.com.br", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sexshopsgay.com", true */ 's', 'e', 'x', 's', 'h', 'o', 'p', 's', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sexwork.net", true */ 's', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "sexy-store.nl", true */ 's', 'e', 'x', 'y', '-', 's', 't', 'o', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "seyfarth.de", true */ 's', 'e', 'y', 'f', 'a', 'r', 't', 'h', '.', 'd', 'e', '\0',
+  /* "seyr.it", true */ 's', 'e', 'y', 'r', '.', 'i', 't', '\0',
+  /* "seyr.me", true */ 's', 'e', 'y', 'r', '.', 'm', 'e', '\0',
+  /* "sfaturiit.ro", true */ 's', 'f', 'a', 't', 'u', 'r', 'i', 'i', 't', '.', 'r', 'o', '\0',
+  /* "sfdev.ovh", true */ 's', 'f', 'd', 'e', 'v', '.', 'o', 'v', 'h', '\0',
+  /* "sfg-nordholz.de", true */ 's', 'f', 'g', '-', 'n', 'o', 'r', 'd', 'h', 'o', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "sfile.eu", true */ 's', 'f', 'i', 'l', 'e', '.', 'e', 'u', '\0',
+  /* "sfirat-haomer.com", true */ 's', 'f', 'i', 'r', 'a', 't', '-', 'h', 'a', 'o', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sfleisure.com", true */ 's', 'f', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sfo-fog.ch", true */ 's', 'f', 'o', '-', 'f', 'o', 'g', '.', 'c', 'h', '\0',
+  /* "sft-framework.org", true */ 's', 'f', 't', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sftool.gov", true */ 's', 'f', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "sg-elektro.de", true */ 's', 'g', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "sg.search.yahoo.com", false */ 's', 'g', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sgb.co", true */ 's', 'g', 'b', '.', 'c', 'o', '\0',
+  /* "sgroup-hitoduma.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'h', 'i', 't', 'o', 'd', 'u', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sgroup-rec.com", true */ 's', 'g', 'r', 'o', 'u', 'p', '-', 'r', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "sgtcodfish.com", true */ 's', 'g', 't', 'c', 'o', 'd', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sgthotshot.com", true */ 's', 'g', 't', 'h', 'o', 't', 's', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sgtsnookums.net", true */ 's', 'g', 't', 's', 'n', 'o', 'o', 'k', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "sgtt.ch", true */ 's', 'g', 't', 't', '.', 'c', 'h', '\0',
+  /* "sh-heppelmann.de", true */ 's', 'h', '-', 'h', 'e', 'p', 'p', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "sh-network.de", false */ 's', 'h', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "sh0rt.in", true */ 's', 'h', '0', 'r', 't', '.', 'i', 'n', '\0',
+  /* "sh4y.com", true */ 's', 'h', '4', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shaaaaaaaaaaaaa.com", true */ 's', 'h', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shad.waw.pl", true */ 's', 'h', 'a', 'd', '.', 'w', 'a', 'w', '.', 'p', 'l', '\0',
+  /* "shadesofgrayadr.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'a', 'd', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shadesofgraylaw.com", true */ 's', 'h', 'a', 'd', 'e', 's', 'o', 'f', 'g', 'r', 'a', 'y', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "shadigee.org", true */ 's', 'h', 'a', 'd', 'i', 'g', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "shadowict.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "shadowict.tech", true */ 's', 'h', 'a', 'd', 'o', 'w', 'i', 'c', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "shadowkitsune.net", true */ 's', 'h', 'a', 'd', 'o', 'w', 'k', 'i', 't', 's', 'u', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "shadowlurker.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 'l', 'u', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shadowsing.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "shadowsocks.com", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shadowsocks.com.au", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shadowsocks.com.hk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "shadowsocks.la", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 'l', 'a', '\0',
+  /* "shadowsocks.software", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'o', 'c', 'k', 's', '.', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '\0',
+  /* "shadowsworldonline.co.uk", true */ 's', 'h', 'a', 'd', 'o', 'w', 's', 'w', 'o', 'r', 'l', 'd', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shag-shag.ru", true */ 's', 'h', 'a', 'g', '-', 's', 'h', 'a', 'g', '.', 'r', 'u', '\0',
+  /* "shaharyaranjum.com", true */ 's', 'h', 'a', 'h', 'a', 'r', 'y', 'a', 'r', 'a', 'n', 'j', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "shaicoleman.com", true */ 's', 'h', 'a', 'i', 'c', 'o', 'l', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shaitan.eu", true */ 's', 'h', 'a', 'i', 't', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "shakan.ch", true */ 's', 'h', 'a', 'k', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "shaken-kyoto.jp", true */ 's', 'h', 'a', 'k', 'e', 'n', '-', 'k', 'y', 'o', 't', 'o', '.', 'j', 'p', '\0',
+  /* "shaken110.com", true */ 's', 'h', 'a', 'k', 'e', 'n', '1', '1', '0', '.', 'c', 'o', 'm', '\0',
+  /* "shakepeers.org", false */ 's', 'h', 'a', 'k', 'e', 'p', 'e', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shakes4u.com", true */ 's', 'h', 'a', 'k', 'e', 's', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "shakespearesolutions.com.au", false */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "shakespearevet.com", true */ 's', 'h', 'a', 'k', 'e', 's', 'p', 'e', 'a', 'r', 'e', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "shalott.org", true */ 's', 'h', 'a', 'l', 'o', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "shamara.info", true */ 's', 'h', 'a', 'm', 'a', 'r', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "shamariki.ru", true */ 's', 'h', 'a', 'm', 'a', 'r', 'i', 'k', 'i', '.', 'r', 'u', '\0',
+  /* "shamka.ru", true */ 's', 'h', 'a', 'm', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "shan.io", false */ 's', 'h', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "shanae.nl", true */ 's', 'h', 'a', 'n', 'a', 'e', '.', 'n', 'l', '\0',
+  /* "shanetully.com", true */ 's', 'h', 'a', 'n', 'e', 't', 'u', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shanewadleigh.com", true */ 's', 'h', 'a', 'n', 'e', 'w', 'a', 'd', 'l', 'e', 'i', 'g', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "shannoneichorn.com", true */ 's', 'h', 'a', 'n', 'n', 'o', 'n', 'e', 'i', 'c', 'h', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shansing.cn", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'n', '\0',
+  /* "shansing.com", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "shansing.net", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "shansing.space", true */ 's', 'h', 'a', 'n', 's', 'i', 'n', 'g', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "sharanyamunsi.net", true */ 's', 'h', 'a', 'r', 'a', 'n', 'y', 'a', 'm', 'u', 'n', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sharedhost.de", true */ 's', 'h', 'a', 'r', 'e', 'd', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "shareeri.com", true */ 's', 'h', 'a', 'r', 'e', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sharemessage.net", true */ 's', 'h', 'a', 'r', 'e', 'm', 'e', 's', 's', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "shareoffice.ch", true */ 's', 'h', 'a', 'r', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "shareoine.com", true */ 's', 'h', 'a', 'r', 'e', 'o', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sharepointdrive.com", true */ 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sharescope.co.uk", false */ 's', 'h', 'a', 'r', 'e', 's', 'c', 'o', 'p', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shareselecttools.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'e', 'l', 'e', 'c', 't', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sharesplitter.com", true */ 's', 'h', 'a', 'r', 'e', 's', 'p', 'l', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sharevari.com", true */ 's', 'h', 'a', 'r', 'e', 'v', 'a', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shareworx.net", true */ 's', 'h', 'a', 'r', 'e', 'w', 'o', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "shariahlawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shariahlawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'h', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "sharialawcenter.com", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sharialawcenter.org", true */ 's', 'h', 'a', 'r', 'i', 'a', 'l', 'a', 'w', 'c', 'e', 'n', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "sharperedge.pw", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', '.', 'p', 'w', '\0',
+  /* "sharperedgecomputers.com", true */ 's', 'h', 'a', 'r', 'p', 'e', 'r', 'e', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sharu.me", true */ 's', 'h', 'a', 'r', 'u', '.', 'm', 'e', '\0',
+  /* "sharvey.ca", true */ 's', 'h', 'a', 'r', 'v', 'e', 'y', '.', 'c', 'a', '\0',
+  /* "shasso.com", true */ 's', 'h', 'a', 's', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "shatorin.com", true */ 's', 'h', 'a', 't', 'o', 'r', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shaun.net", true */ 's', 'h', 'a', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "shaundanielz.com", true */ 's', 'h', 'a', 'u', 'n', 'd', 'a', 'n', 'i', 'e', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "shaunharker.com", true */ 's', 'h', 'a', 'u', 'n', 'h', 'a', 'r', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shav.it", true */ 's', 'h', 'a', 'v', '.', 'i', 't', '\0',
+  /* "shawcentral.ca", false */ 's', 'h', 'a', 'w', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'a', '\0',
+  /* "shawnhogan.com", true */ 's', 'h', 'a', 'w', 'n', 'h', 'o', 'g', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shawnstarrcustomhomes.com", true */ 's', 'h', 'a', 'w', 'n', 's', 't', 'a', 'r', 'r', 'c', 'u', 's', 't', 'o', 'm', 'h', 'o', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shawnwilson.info", true */ 's', 'h', 'a', 'w', 'n', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "shazbots.org", true */ 's', 'h', 'a', 'z', 'b', 'o', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shazzlemd.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shazzlepro.com", true */ 's', 'h', 'a', 'z', 'z', 'l', 'e', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "sheaf.site", true */ 's', 'h', 'e', 'a', 'f', '.', 's', 'i', 't', 'e', '\0',
+  /* "shearcomfort.com", true */ 's', 'h', 'e', 'a', 'r', 'c', 'o', 'm', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sheehyinfinitioftysonsparts.com", true */ 's', 'h', 'e', 'e', 'h', 'y', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'y', 's', 'o', 'n', 's', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sheepfriends.com", true */ 's', 'h', 'e', 'e', 'p', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shehata.com", true */ 's', 'h', 'e', 'h', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sheilasdrivingschool.com", true */ 's', 'h', 'e', 'i', 'l', 'a', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "shelfordsandstaplefordscouts.org.uk", true */ 's', 'h', 'e', 'l', 'f', 'o', 'r', 'd', 's', 'a', 'n', 'd', 's', 't', 'a', 'p', 'l', 'e', 'f', 'o', 'r', 'd', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "shellday.cc", true */ 's', 'h', 'e', 'l', 'l', 'd', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "shelleystoybox.com", true */ 's', 'h', 'e', 'l', 'l', 'e', 'y', 's', 't', 'o', 'y', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "shellfire.de", true */ 's', 'h', 'e', 'l', 'l', 'f', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "shellj.me", true */ 's', 'h', 'e', 'l', 'l', 'j', '.', 'm', 'e', '\0',
+  /* "shellshock.eu", true */ 's', 'h', 'e', 'l', 'l', 's', 'h', 'o', 'c', 'k', '.', 'e', 'u', '\0',
+  /* "shellvatore.us", true */ 's', 'h', 'e', 'l', 'l', 'v', 'a', 't', 'o', 'r', 'e', '.', 'u', 's', '\0',
+  /* "shemissed.me", true */ 's', 'h', 'e', 'm', 'i', 's', 's', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "shemsconseils.ma", true */ 's', 'h', 'e', 'm', 's', 'c', 'o', 'n', 's', 'e', 'i', 'l', 's', '.', 'm', 'a', '\0',
+  /* "shenghaiautoparts.com", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shenghaiautoparts.net", true */ 's', 'h', 'e', 'n', 'g', 'h', 'a', 'i', 'a', 'u', 't', 'o', 'p', 'a', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "shentengtu.idv.tw", true */ 's', 'h', 'e', 'n', 't', 'e', 'n', 'g', 't', 'u', '.', 'i', 'd', 'v', '.', 't', 'w', '\0',
+  /* "shenyuqi.com", false */ 's', 'h', 'e', 'n', 'y', 'u', 'q', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sherbers.de", true */ 's', 'h', 'e', 'r', 'b', 'e', 'r', 's', '.', 'd', 'e', '\0',
+  /* "shethbox.com", true */ 's', 'h', 'e', 't', 'h', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "shevronpatriot.ru", true */ 's', 'h', 'e', 'v', 'r', 'o', 'n', 'p', 'a', 't', 'r', 'i', 'o', 't', '.', 'r', 'u', '\0',
+  /* "shft.cl", true */ 's', 'h', 'f', 't', '.', 'c', 'l', '\0',
+  /* "shgt.jp", true */ 's', 'h', 'g', 't', '.', 'j', 'p', '\0',
+  /* "shh-listen.com", true */ 's', 'h', 'h', '-', 'l', 'i', 's', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shh.sh", true */ 's', 'h', 'h', '.', 's', 'h', '\0',
+  /* "shiawasedo.co.jp", true */ 's', 'h', 'i', 'a', 'w', 'a', 's', 'e', 'd', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "shibainu.com.br", true */ 's', 'h', 'i', 'b', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shichibukai.net", true */ 's', 'h', 'i', 'c', 'h', 'i', 'b', 'u', 'k', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "shieldcomputer.com", true */ 's', 'h', 'i', 'e', 'l', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shieldofachilles.in", true */ 's', 'h', 'i', 'e', 'l', 'd', 'o', 'f', 'a', 'c', 'h', 'i', 'l', 'l', 'e', 's', '.', 'i', 'n', '\0',
+  /* "shift-record.com", true */ 's', 'h', 'i', 'f', 't', '-', 'r', 'e', 'c', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shift-to.co.jp", true */ 's', 'h', 'i', 'f', 't', '-', 't', 'o', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "shiftdevices.com", true */ 's', 'h', 'i', 'f', 't', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shiftj.is", true */ 's', 'h', 'i', 'f', 't', 'j', '.', 'i', 's', '\0',
+  /* "shiftleft.org", true */ 's', 'h', 'i', 'f', 't', 'l', 'e', 'f', 't', '.', 'o', 'r', 'g', '\0',
+  /* "shijing.me", true */ 's', 'h', 'i', 'j', 'i', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "shikimori.one", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'n', 'e', '\0',
+  /* "shikimori.org", true */ 's', 'h', 'i', 'k', 'i', 'm', 'o', 'r', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "shikinobi.com", true */ 's', 'h', 'i', 'k', 'i', 'n', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shimi.net", true */ 's', 'h', 'i', 'm', 'i', '.', 'n', 'e', 't', '\0',
+  /* "shimo.im", true */ 's', 'h', 'i', 'm', 'o', '.', 'i', 'm', '\0',
+  /* "shin-inc.jp", true */ 's', 'h', 'i', 'n', '-', 'i', 'n', 'c', '.', 'j', 'p', '\0',
+  /* "shinghoi.com", true */ 's', 'h', 'i', 'n', 'g', 'h', 'o', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shining.gifts", true */ 's', 'h', 'i', 'n', 'i', 'n', 'g', '.', 'g', 'i', 'f', 't', 's', '\0',
+  /* "shinko-osaka.jp", true */ 's', 'h', 'i', 'n', 'k', 'o', '-', 'o', 's', 'a', 'k', 'a', '.', 'j', 'p', '\0',
+  /* "shinnyosangha.org", false */ 's', 'h', 'i', 'n', 'n', 'y', 'o', 's', 'a', 'n', 'g', 'h', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "shinobi-fansub.ro", true */ 's', 'h', 'i', 'n', 'o', 'b', 'i', '-', 'f', 'a', 'n', 's', 'u', 'b', '.', 'r', 'o', '\0',
+  /* "shinonome-lab.eu.org", true */ 's', 'h', 'i', 'n', 'o', 'n', 'o', 'm', 'e', '-', 'l', 'a', 'b', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "shintoism.com", true */ 's', 'h', 'i', 'n', 't', 'o', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "shinyuu.net", true */ 's', 'h', 'i', 'n', 'y', 'u', 'u', '.', 'n', 'e', 't', '\0',
+  /* "shipard.com", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shipard.cz", true */ 's', 'h', 'i', 'p', 'a', 'r', 'd', '.', 'c', 'z', '\0',
+  /* "shipcloud.io", true */ 's', 'h', 'i', 'p', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "shiroki-k.net", true */ 's', 'h', 'i', 'r', 'o', 'k', 'i', '-', 'k', '.', 'n', 'e', 't', '\0',
+  /* "shirt2go.shop", true */ 's', 'h', 'i', 'r', 't', '2', 'g', 'o', '.', 's', 'h', 'o', 'p', '\0',
+  /* "shirtsofholland.com", true */ 's', 'h', 'i', 'r', 't', 's', 'o', 'f', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shiseki.top", true */ 's', 'h', 'i', 's', 'e', 'k', 'i', '.', 't', 'o', 'p', '\0',
+  /* "shishamania.de", true */ 's', 'h', 'i', 's', 'h', 'a', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "shishkin.link", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "shishkin.us", true */ 's', 'h', 'i', 's', 'h', 'k', 'i', 'n', '.', 'u', 's', '\0',
+  /* "shishlik.net", true */ 's', 'h', 'i', 's', 'h', 'l', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "shitagi-shop.com", true */ 's', 'h', 'i', 't', 'a', 'g', 'i', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "shitbeast.institute", true */ 's', 'h', 'i', 't', 'b', 'e', 'a', 's', 't', '.', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '\0',
+  /* "shitmybradsays.com", true */ 's', 'h', 'i', 't', 'm', 'y', 'b', 'r', 'a', 'd', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shitposts.se", true */ 's', 'h', 'i', 't', 'p', 'o', 's', 't', 's', '.', 's', 'e', '\0',
+  /* "shitproductions.org", true */ 's', 'h', 'i', 't', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "shitsta.in", true */ 's', 'h', 'i', 't', 's', 't', 'a', '.', 'i', 'n', '\0',
+  /* "shk.im", true */ 's', 'h', 'k', '.', 'i', 'm', '\0',
+  /* "shlemenkov.by", true */ 's', 'h', 'l', 'e', 'm', 'e', 'n', 'k', 'o', 'v', '.', 'b', 'y', '\0',
+  /* "shobhanayogsadan.com", true */ 's', 'h', 'o', 'b', 'h', 'a', 'n', 'a', 'y', 'o', 'g', 's', 'a', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shock.ee", true */ 's', 'h', 'o', 'c', 'k', '.', 'e', 'e', '\0',
+  /* "shockercityservices.com", true */ 's', 'h', 'o', 'c', 'k', 'e', 'r', 'c', 'i', 't', 'y', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "shodan.io", true */ 's', 'h', 'o', 'd', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "shoemuse.com", true */ 's', 'h', 'o', 'e', 'm', 'u', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "shoestringeventing.co.uk", true */ 's', 'h', 'o', 'e', 's', 't', 'r', 'i', 'n', 'g', 'e', 'v', 'e', 'n', 't', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "shokola.com", true */ 's', 'h', 'o', 'k', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shome.de", true */ 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "shooter.dog", true */ 's', 'h', 'o', 'o', 't', 'e', 'r', '.', 'd', 'o', 'g', '\0',
+  /* "shootpooloklahoma.com", true */ 's', 'h', 'o', 'o', 't', 'p', 'o', 'o', 'l', 'o', 'k', 'l', 'a', 'h', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "shop-s.net", true */ 's', 'h', 'o', 'p', '-', 's', '.', 'n', 'e', 't', '\0',
+  /* "shopapi.cz", true */ 's', 'h', 'o', 'p', 'a', 'p', 'i', '.', 'c', 'z', '\0',
+  /* "shopatkei.com", true */ 's', 'h', 'o', 'p', 'a', 't', 'k', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shopbakersnook.com", true */ 's', 'h', 'o', 'p', 'b', 'a', 'k', 'e', 'r', 's', 'n', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "shopcoupon.co.za", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "shopcoupons.co.id", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "shopcoupons.my", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'm', 'y', '\0',
+  /* "shopcoupons.ph", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 'p', 'h', '\0',
+  /* "shopcoupons.sg", true */ 's', 'h', 'o', 'p', 'c', 'o', 'u', 'p', 'o', 'n', 's', '.', 's', 'g', '\0',
+  /* "shopdopastor.com.br", true */ 's', 'h', 'o', 'p', 'd', 'o', 'p', 'a', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shopifycloud.com", true */ 's', 'h', 'o', 'p', 'i', 'f', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "shopkini.com", true */ 's', 'h', 'o', 'p', 'k', 'i', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "shoplandia.co", true */ 's', 'h', 'o', 'p', 'l', 'a', 'n', 'd', 'i', 'a', '.', 'c', 'o', '\0',
+  /* "shoppia.se", true */ 's', 'h', 'o', 'p', 'p', 'i', 'a', '.', 's', 'e', '\0',
+  /* "shopping24.de", true */ 's', 'h', 'o', 'p', 'p', 'i', 'n', 'g', '2', '4', '.', 'd', 'e', '\0',
+  /* "shoppr.dk", true */ 's', 'h', 'o', 'p', 'p', 'r', '.', 'd', 'k', '\0',
+  /* "shoprsc.com", true */ 's', 'h', 'o', 'p', 'r', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "shopsouthafrican.com", true */ 's', 'h', 'o', 'p', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "shoptec.sk", true */ 's', 'h', 'o', 'p', 't', 'e', 'c', '.', 's', 'k', '\0',
+  /* "shorebreaksecurity.com", true */ 's', 'h', 'o', 'r', 'e', 'b', 'r', 'e', 'a', 'k', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "shortdiary.me", true */ 's', 'h', 'o', 'r', 't', 'd', 'i', 'a', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "shortpath.com", true */ 's', 'h', 'o', 'r', 't', 'p', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "shoshin-aikido.de", true */ 's', 'h', 'o', 's', 'h', 'i', 'n', '-', 'a', 'i', 'k', 'i', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "shota.vip", true */ 's', 'h', 'o', 't', 'a', '.', 'v', 'i', 'p', '\0',
+  /* "shotbow.net", true */ 's', 'h', 'o', 't', 'b', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "shotonwhat.com", true */ 's', 'h', 'o', 't', 'o', 'n', 'w', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "shotpixonline.com.br", true */ 's', 'h', 'o', 't', 'p', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "show-saratov.ru", false */ 's', 'h', 'o', 'w', '-', 's', 'a', 'r', 'a', 't', 'o', 'v', '.', 'r', 'u', '\0',
+  /* "showbits.net", true */ 's', 'h', 'o', 'w', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "showdepiscinas.com.br", true */ 's', 'h', 'o', 'w', 'd', 'e', 'p', 'i', 's', 'c', 'i', 'n', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "shower.im", true */ 's', 'h', 'o', 'w', 'e', 'r', '.', 'i', 'm', '\0',
+  /* "showmax.com", true */ 's', 'h', 'o', 'w', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "showroom.de", true */ 's', 'h', 'o', 'w', 'r', 'o', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "showsonar.com", true */ 's', 'h', 'o', 'w', 's', 'o', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shrike.me", false */ 's', 'h', 'r', 'i', 'k', 'e', '.', 'm', 'e', '\0',
+  /* "shrinidhiclinic.in", true */ 's', 'h', 'r', 'i', 'n', 'i', 'd', 'h', 'i', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'i', 'n', '\0',
+  /* "shrinkhub.com", true */ 's', 'h', 'r', 'i', 'n', 'k', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "shrub.ca", true */ 's', 'h', 'r', 'u', 'b', '.', 'c', 'a', '\0',
+  /* "shtorku.com", true */ 's', 'h', 't', 'o', 'r', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "shu-fu.net", true */ 's', 'h', 'u', '-', 'f', 'u', '.', 'n', 'e', 't', '\0',
+  /* "shu-kin.net", true */ 's', 'h', 'u', '-', 'k', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "shulan.moe", true */ 's', 'h', 'u', 'l', 'a', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "shuro.de", true */ 's', 'h', 'u', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "shushu.media", true */ 's', 'h', 'u', 's', 'h', 'u', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "shutter-shower.com", true */ 's', 'h', 'u', 't', 't', 'e', 'r', '-', 's', 'h', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "shux.pro", true */ 's', 'h', 'u', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "si-benelux.nl", true */ 's', 'i', '-', 'b', 'e', 'n', 'e', 'l', 'u', 'x', '.', 'n', 'l', '\0',
+  /* "si.to", true */ 's', 'i', '.', 't', 'o', '\0',
+  /* "siamojo.com", true */ 's', 'i', 'a', 'm', 'o', 'j', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "siamsnus.com", true */ 's', 'i', 'a', 'm', 's', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "siao-mei.com", true */ 's', 'i', 'a', 'o', '-', 'm', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sibfk.org", true */ 's', 'i', 'b', 'f', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sibrenvasse.nl", true */ 's', 'i', 'b', 'r', 'e', 'n', 'v', 'a', 's', 's', 'e', '.', 'n', 'l', '\0',
+  /* "siciliadisinfestazioni.it", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'd', 'i', 's', 'i', 'n', 'f', 'e', 's', 't', 'a', 'z', 'i', 'o', 'n', 'i', '.', 'i', 't', '\0',
+  /* "siciliamconsulting.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'm', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sicilianbalm.com", true */ 's', 'i', 'c', 'i', 'l', 'i', 'a', 'n', 'b', 'a', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sicken.eu", true */ 's', 'i', 'c', 'k', 'e', 'n', '.', 'e', 'u', '\0',
+  /* "sicklepod.com", true */ 's', 'i', 'c', 'k', 'l', 'e', 'p', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "siconnect.us", true */ 's', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'u', 's', '\0',
+  /* "sidelka-tver.ru", true */ 's', 'i', 'd', 'e', 'l', 'k', 'a', '-', 't', 'v', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "sidepodcast.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sidepodcastdaily.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'd', 'a', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sidepodcastextra.com", true */ 's', 'i', 'd', 'e', 'p', 'o', 'd', 'c', 'a', 's', 't', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sideshowbarker.net", true */ 's', 'i', 'd', 'e', 's', 'h', 'o', 'w', 'b', 'a', 'r', 'k', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "sidium.de", true */ 's', 'i', 'd', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "sidnicio.us", true */ 's', 'i', 'd', 'n', 'i', 'c', 'i', 'o', '.', 'u', 's', '\0',
+  /* "sidonge.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sidongkim.com", true */ 's', 'i', 'd', 'o', 'n', 'g', 'k', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sidpod.ru", true */ 's', 'i', 'd', 'p', 'o', 'd', '.', 'r', 'u', '\0',
+  /* "siegemund-frankfurt.de", true */ 's', 'i', 'e', 'g', 'e', 'm', 'u', 'n', 'd', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "sieh.es", true */ 's', 'i', 'e', 'h', '.', 'e', 's', '\0',
+  /* "sientemendoza.com.ar", true */ 's', 'i', 'e', 'n', 't', 'e', 'm', 'e', 'n', 'd', 'o', 'z', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "sieulog.com", true */ 's', 'i', 'e', 'u', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "siewert-kau.de", true */ 's', 'i', 'e', 'w', 'e', 'r', 't', '-', 'k', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "sift-tool.org", true */ 's', 'i', 'f', 't', '-', 't', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "sig6.org", true */ 's', 'i', 'g', '6', '.', 'o', 'r', 'g', '\0',
+  /* "sigabrt.org", true */ 's', 'i', 'g', 'a', 'b', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "siggerudklatreklubb.no", true */ 's', 'i', 'g', 'g', 'e', 'r', 'u', 'd', 'k', 'l', 'a', 't', 'r', 'e', 'k', 'l', 'u', 'b', 'b', '.', 'n', 'o', '\0',
+  /* "sightcure.jp", true */ 's', 'i', 'g', 'h', 't', 'c', 'u', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "sighup.nz", true */ 's', 'i', 'g', 'h', 'u', 'p', '.', 'n', 'z', '\0',
+  /* "sigismonda.ch", true */ 's', 'i', 'g', 'i', 's', 'm', 'o', 'n', 'd', 'a', '.', 'c', 'h', '\0',
+  /* "sigma-signalisation.com", true */ 's', 'i', 'g', 'm', 'a', '-', 's', 'i', 'g', 'n', 'a', 'l', 'i', 's', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sigmalux.sarl", true */ 's', 'i', 'g', 'm', 'a', 'l', 'u', 'x', '.', 's', 'a', 'r', 'l', '\0',
+  /* "sign.io", true */ 's', 'i', 'g', 'n', '.', 'i', 'o', '\0',
+  /* "signaltransmitter.de", true */ 's', 'i', 'g', 'n', 'a', 'l', 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "signere.com", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "signere.no", true */ 's', 'i', 'g', 'n', 'e', 'r', 'e', '.', 'n', 'o', '\0',
+  /* "significados.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "significados.com.br", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'd', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "significantbanter.com", true */ 's', 'i', 'g', 'n', 'i', 'f', 'i', 'c', 'a', 'n', 't', 'b', 'a', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "signing-milter.org", true */ 's', 'i', 'g', 'n', 'i', 'n', 'g', '-', 'm', 'i', 'l', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "signix.net", true */ 's', 'i', 'g', 'n', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "signslabelstapesandmore.com", false */ 's', 'i', 'g', 'n', 's', 'l', 'a', 'b', 'e', 'l', 's', 't', 'a', 'p', 'e', 's', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "signtul.com", false */ 's', 'i', 'g', 'n', 't', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sigsegv.run", true */ 's', 'i', 'g', 's', 'e', 'g', 'v', '.', 'r', 'u', 'n', '\0',
+  /* "sigterm.sh", true */ 's', 'i', 'g', 't', 'e', 'r', 'm', '.', 's', 'h', '\0',
+  /* "siikarantacamping.fi", true */ 's', 'i', 'i', 'k', 'a', 'r', 'a', 'n', 't', 'a', 'c', 'a', 'm', 'p', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "siirtutkusu.com", true */ 's', 'i', 'i', 'r', 't', 'u', 't', 'k', 'u', 's', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "sijmenschoon.nl", true */ 's', 'i', 'j', 'm', 'e', 'n', 's', 'c', 'h', 'o', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "sikevux.se", true */ 's', 'i', 'k', 'e', 'v', 'u', 'x', '.', 's', 'e', '\0',
+  /* "sikko.biz", true */ 's', 'i', 'k', 'k', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "siku-shop.ch", true */ 's', 'i', 'k', 'u', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "silashes.com", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "silashes.ru", true */ 's', 'i', 'l', 'a', 's', 'h', 'e', 's', '.', 'r', 'u', '\0',
+  /* "silentexplosion.de", true */ 's', 'i', 'l', 'e', 'n', 't', 'e', 'x', 'p', 'l', 'o', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "silentkernel.fr", false */ 's', 'i', 'l', 'e', 'n', 't', 'k', 'e', 'r', 'n', 'e', 'l', '.', 'f', 'r', '\0',
+  /* "silentmode.com", true */ 's', 'i', 'l', 'e', 'n', 't', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "silentundo.org", true */ 's', 'i', 'l', 'e', 'n', 't', 'u', 'n', 'd', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "siliconchip.me", true */ 's', 'i', 'l', 'i', 'c', 'o', 'n', 'c', 'h', 'i', 'p', '.', 'm', 'e', '\0',
+  /* "silkebaekken.no", true */ 's', 'i', 'l', 'k', 'e', 'b', 'a', 'e', 'k', 'k', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sillisalaatti.fi", true */ 's', 'i', 'l', 'l', 'i', 's', 'a', 'l', 'a', 'a', 't', 't', 'i', '.', 'f', 'i', '\0',
+  /* "sillysnapz.co.uk", true */ 's', 'i', 'l', 'l', 'y', 's', 'n', 'a', 'p', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "siloportem.net", true */ 's', 'i', 'l', 'o', 'p', 'o', 'r', 't', 'e', 'm', '.', 'n', 'e', 't', '\0',
+  /* "silqueskineyeserum.com", true */ 's', 'i', 'l', 'q', 'u', 'e', 's', 'k', 'i', 'n', 'e', 'y', 'e', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "silsha.me", true */ 's', 'i', 'l', 's', 'h', 'a', '.', 'm', 'e', '\0',
+  /* "silv.me", true */ 's', 'i', 'l', 'v', '.', 'm', 'e', '\0',
+  /* "silver-heart.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', '-', 'h', 'e', 'a', 'r', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "silverback.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'a', 'c', 'k', '.', 'i', 's', '\0',
+  /* "silverbowflyshop.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'b', 'o', 'w', 'f', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "silverdragonart.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'd', 'r', 'a', 'g', 'o', 'n', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "silvergoldbull.be", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'e', '\0',
+  /* "silvergoldbull.by", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'b', 'y', '\0',
+  /* "silvergoldbull.ca", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "silvergoldbull.cl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'l', '\0',
+  /* "silvergoldbull.cm", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'm', '\0',
+  /* "silvergoldbull.cn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'n', '\0',
+  /* "silvergoldbull.co", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "silvergoldbull.co.il", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "silvergoldbull.co.no", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'n', 'o', '\0',
+  /* "silvergoldbull.co.tz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 't', 'z', '\0',
+  /* "silvergoldbull.co.uk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "silvergoldbull.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "silvergoldbull.com.ar", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "silvergoldbull.com.au", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "silvergoldbull.com.mt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'o', 'm', '.', 'm', 't', '\0',
+  /* "silvergoldbull.cr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'r', '\0',
+  /* "silvergoldbull.cz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'c', 'z', '\0',
+  /* "silvergoldbull.de", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "silvergoldbull.do", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'd', 'o', '\0',
+  /* "silvergoldbull.ec", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'c', '\0',
+  /* "silvergoldbull.ee", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 'e', '\0',
+  /* "silvergoldbull.es", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'e', 's', '\0',
+  /* "silvergoldbull.fi", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'f', 'i', '\0',
+  /* "silvergoldbull.gd", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'd', '\0',
+  /* "silvergoldbull.ge", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'e', '\0',
+  /* "silvergoldbull.gl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'l', '\0',
+  /* "silvergoldbull.gr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 'r', '\0',
+  /* "silvergoldbull.gt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'g', 't', '\0',
+  /* "silvergoldbull.hk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'k', '\0',
+  /* "silvergoldbull.hn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'n', '\0',
+  /* "silvergoldbull.hu", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'h', 'u', '\0',
+  /* "silvergoldbull.id", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'd', '\0',
+  /* "silvergoldbull.in", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 'n', '\0',
+  /* "silvergoldbull.is", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 's', '\0',
+  /* "silvergoldbull.it", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'i', 't', '\0',
+  /* "silvergoldbull.kr", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'r', '\0',
+  /* "silvergoldbull.ky", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'k', 'y', '\0',
+  /* "silvergoldbull.li", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'i', '\0',
+  /* "silvergoldbull.lt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 't', '\0',
+  /* "silvergoldbull.lv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'l', 'v', '\0',
+  /* "silvergoldbull.ma", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'a', '\0',
+  /* "silvergoldbull.mk", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'k', '\0',
+  /* "silvergoldbull.ml", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'l', '\0',
+  /* "silvergoldbull.mw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'm', 'w', '\0',
+  /* "silvergoldbull.nz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'n', 'z', '\0',
+  /* "silvergoldbull.ph", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'h', '\0',
+  /* "silvergoldbull.pl", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 'l', '\0',
+  /* "silvergoldbull.pt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'p', 't', '\0',
+  /* "silvergoldbull.qa", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'q', 'a', '\0',
+  /* "silvergoldbull.rs", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'r', 's', '\0',
+  /* "silvergoldbull.se", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'e', '\0',
+  /* "silvergoldbull.si", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'i', '\0',
+  /* "silvergoldbull.sv", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 's', 'v', '\0',
+  /* "silvergoldbull.tj", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'j', '\0',
+  /* "silvergoldbull.tn", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'n', '\0',
+  /* "silvergoldbull.tt", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 't', '\0',
+  /* "silvergoldbull.tw", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 't', 'w', '\0',
+  /* "silvergoldbull.uy", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'y', '\0',
+  /* "silvergoldbull.uz", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'u', 'z', '\0',
+  /* "silvergoldbull.ws", true */ 's', 'i', 'l', 'v', 'e', 'r', 'g', 'o', 'l', 'd', 'b', 'u', 'l', 'l', '.', 'w', 's', '\0',
+  /* "silverlinkz.net", true */ 's', 'i', 'l', 'v', 'e', 'r', 'l', 'i', 'n', 'k', 'z', '.', 'n', 'e', 't', '\0',
+  /* "silverseen.com", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 'e', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "silverstartup.sk", true */ 's', 'i', 'l', 'v', 'e', 'r', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 's', 'k', '\0',
+  /* "silverwind.io", true */ 's', 'i', 'l', 'v', 'e', 'r', 'w', 'i', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "silviamacallister.com", true */ 's', 'i', 'l', 'v', 'i', 'a', 'm', 'a', 'c', 'a', 'l', 'l', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "silvine.xyz", true */ 's', 'i', 'l', 'v', 'i', 'n', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "sim-karten.net", true */ 's', 'i', 'm', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sim-sim.appspot.com", true */ 's', 'i', 'm', '-', 's', 'i', 'm', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sim4seed.org", true */ 's', 'i', 'm', '4', 's', 'e', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "simam.de", true */ 's', 'i', 'm', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "simbeton.nl", true */ 's', 'i', 'm', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "simbolo.co.uk", false */ 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "simeonoff.ninja", true */ 's', 'i', 'm', 'e', 'o', 'n', 'o', 'f', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "simetal.ch", true */ 's', 'i', 'm', 'e', 't', 'a', 'l', '.', 'c', 'h', '\0',
+  /* "simfed.org", true */ 's', 'i', 'm', 'f', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "simivalleyelectrical.com", true */ 's', 'i', 'm', 'i', 'v', 'a', 'l', 'l', 'e', 'y', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "simlau.net", true */ 's', 'i', 'm', 'l', 'a', 'u', '.', 'n', 'e', 't', '\0',
+  /* "simmis.fr", true */ 's', 'i', 'm', 'm', 'i', 's', '.', 'f', 'r', '\0',
+  /* "simoesgoulart.com.br", true */ 's', 'i', 'm', 'o', 'e', 's', 'g', 'o', 'u', 'l', 'a', 'r', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "simon-hofmann.org", true */ 's', 'i', 'm', 'o', 'n', '-', 'h', 'o', 'f', 'm', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "simon-mueller.de", true */ 's', 'i', 'm', 'o', 'n', '-', 'm', 'u', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "simon.lc", true */ 's', 'i', 'm', 'o', 'n', '.', 'l', 'c', '\0',
+  /* "simonberard.garden", true */ 's', 'i', 'm', 'o', 'n', 'b', 'e', 'r', 'a', 'r', 'd', '.', 'g', 'a', 'r', 'd', 'e', 'n', '\0',
+  /* "simonbondo.dk", true */ 's', 'i', 'm', 'o', 'n', 'b', 'o', 'n', 'd', 'o', '.', 'd', 'k', '\0',
+  /* "simoncommunity.org.uk", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'm', 'm', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "simoncook.org", true */ 's', 'i', 'm', 'o', 'n', 'c', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "simonfischer.info", true */ 's', 'i', 'm', 'o', 'n', 'f', 'i', 's', 'c', 'h', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "simonhirscher.de", true */ 's', 'i', 'm', 'o', 'n', 'h', 'i', 'r', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "simonkjellberg.com", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "simonkjellberg.se", true */ 's', 'i', 'm', 'o', 'n', 'k', 'j', 'e', 'l', 'l', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "simonlyabonnement.nl", true */ 's', 'i', 'm', 'o', 'n', 'l', 'y', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "simonpaarlberg.com", true */ 's', 'i', 'm', 'o', 'n', 'p', 'a', 'a', 'r', 'l', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "simonreich.de", true */ 's', 'i', 'm', 'o', 'n', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "simonschmitt.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'c', 'h', 'm', 'i', 't', 't', '.', 'c', 'h', '\0',
+  /* "simonsmh.cc", true */ 's', 'i', 'm', 'o', 'n', 's', 'm', 'h', '.', 'c', 'c', '\0',
+  /* "simonspeich.ch", true */ 's', 'i', 'm', 'o', 'n', 's', 'p', 'e', 'i', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "simonsreich.de", true */ 's', 'i', 'm', 'o', 'n', 's', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "simontaite.com", true */ 's', 'i', 'm', 'o', 'n', 't', 'a', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simonwessel.net", true */ 's', 'i', 'm', 'o', 'n', 'w', 'e', 's', 's', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "simonwoodside.com", true */ 's', 'i', 'm', 'o', 'n', 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simpbx.net", true */ 's', 'i', 'm', 'p', 'b', 'x', '.', 'n', 'e', 't', '\0',
+  /* "simpel.be", true */ 's', 'i', 'm', 'p', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "simpeo.fr", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'f', 'r', '\0',
+  /* "simpeo.org", true */ 's', 'i', 'm', 'p', 'e', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "simphony.cz", true */ 's', 'i', 'm', 'p', 'h', 'o', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "simpip.com", true */ 's', 'i', 'm', 'p', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "simple.com", false */ 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simplecontacts.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'c', 'o', 'n', 't', 'a', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simplednscrypt.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 'd', 'n', 's', 'c', 'r', 'y', 'p', 't', '.', 'o', 'r', 'g', '\0',
+  /* "simpleindianrecipes.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'd', 'i', 'a', 'n', 'r', 'e', 'c', 'i', 'p', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simpleinout.com", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "simpleinvoices.io", true */ 's', 'i', 'm', 'p', 'l', 'e', 'i', 'n', 'v', 'o', 'i', 'c', 'e', 's', '.', 'i', 'o', '\0',
+  /* "simplesamlphp.org", true */ 's', 'i', 'm', 'p', 'l', 'e', 's', 'a', 'm', 'l', 'p', 'h', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "simpletax.ca", true */ 's', 'i', 'm', 'p', 'l', 'e', 't', 'a', 'x', '.', 'c', 'a', '\0',
+  /* "simplewire.de", true */ 's', 'i', 'm', 'p', 'l', 'e', 'w', 'i', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "simplexgame.net", true */ 's', 'i', 'm', 'p', 'l', 'e', 'x', 'g', 'a', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "simplia.cz", true */ 's', 'i', 'm', 'p', 'l', 'i', 'a', '.', 'c', 'z', '\0',
+  /* "simplicitypvp.net", true */ 's', 'i', 'm', 'p', 'l', 'i', 'c', 'i', 't', 'y', 'p', 'v', 'p', '.', 'n', 'e', 't', '\0',
+  /* "simplidesigns.nl", true */ 's', 'i', 'm', 'p', 'l', 'i', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'n', 'l', '\0',
+  /* "simplifylivelove.com", true */ 's', 'i', 'm', 'p', 'l', 'i', 'f', 'y', 'l', 'i', 'v', 'e', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simply.scot", true */ 's', 'i', 'm', 'p', 'l', 'y', '.', 's', 'c', 'o', 't', '\0',
+  /* "simplycharlottemason.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'h', 'a', 'r', 'l', 'o', 't', 't', 'e', 'm', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "simplycloud.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "simplyfixit.co.uk", true */ 's', 'i', 'm', 'p', 'l', 'y', 'f', 'i', 'x', 'i', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "simplyhelen.de", true */ 's', 'i', 'm', 'p', 'l', 'y', 'h', 'e', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "simplylovejesus.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 'l', 'o', 'v', 'e', 'j', 'e', 's', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "simplymozzo.se", true */ 's', 'i', 'm', 'p', 'l', 'y', 'm', 'o', 'z', 'z', 'o', '.', 's', 'e', '\0',
+  /* "simplystudio.com", true */ 's', 'i', 'm', 'p', 'l', 'y', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "simpte.com", true */ 's', 'i', 'm', 'p', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "simpul.nl", true */ 's', 'i', 'm', 'p', 'u', 'l', '.', 'n', 'l', '\0',
+  /* "simsnieuws.nl", true */ 's', 'i', 'm', 's', 'n', 'i', 'e', 'u', 'w', 's', '.', 'n', 'l', '\0',
+  /* "simukti.net", true */ 's', 'i', 'm', 'u', 'k', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "simumiehet.com", true */ 's', 'i', 'm', 'u', 'm', 'i', 'e', 'h', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "simus.fr", true */ 's', 'i', 'm', 'u', 's', '.', 'f', 'r', '\0',
+  /* "sin-nombre-alleria.de", true */ 's', 'i', 'n', '-', 'n', 'o', 'm', 'b', 'r', 'e', '-', 'a', 'l', 'l', 'e', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "sin.swiss", true */ 's', 'i', 'n', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "sinaryuda.web.id", true */ 's', 'i', 'n', 'a', 'r', 'y', 'u', 'd', 'a', '.', 'w', 'e', 'b', '.', 'i', 'd', '\0',
+  /* "sinatrafamily.com", true */ 's', 'i', 'n', 'a', 't', 'r', 'a', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sinefili.com", true */ 's', 'i', 'n', 'e', 'f', 'i', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sinergy.ch", true */ 's', 'i', 'n', 'e', 'r', 'g', 'y', '.', 'c', 'h', '\0',
+  /* "sinfield.com", false */ 's', 'i', 'n', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "singaporemint.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'o', 'r', 'e', 'm', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "singapurfirma.com", true */ 's', 'i', 'n', 'g', 'a', 'p', 'u', 'r', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "singee.site", true */ 's', 'i', 'n', 'g', 'e', 'e', '.', 's', 'i', 't', 'e', '\0',
+  /* "singel.ch", true */ 's', 'i', 'n', 'g', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "singerwang.com", true */ 's', 'i', 'n', 'g', 'e', 'r', 'w', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "single-in-stuttgart.de", true */ 's', 'i', 'n', 'g', 'l', 'e', '-', 'i', 'n', '-', 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "singles-aus-hamburg.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'a', 'u', 's', '-', 'h', 'a', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "singles-berlin.de", true */ 's', 'i', 'n', 'g', 'l', 'e', 's', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "singleuse.link", true */ 's', 'i', 'n', 'g', 'l', 'e', 'u', 's', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "singlu10.org", false */ 's', 'i', 'n', 'g', 'l', 'u', '1', '0', '.', 'o', 'r', 'g', '\0',
+  /* "sinkip.com", true */ 's', 'i', 'n', 'k', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sinktank.de", true */ 's', 'i', 'n', 'k', 't', 'a', 'n', 'k', '.', 'd', 'e', '\0',
+  /* "sinnersprojects.ro", true */ 's', 'i', 'n', 'n', 'e', 'r', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'r', 'o', '\0',
+  /* "sinnovate.de", true */ 's', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "sinomod.com", true */ 's', 'i', 'n', 'o', 'm', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sinonimos.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sinonimosonline.com", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sinonimosonline.com.br", true */ 's', 'i', 'n', 'o', 'n', 'i', 'm', 'o', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sinoscandinavia.se", true */ 's', 'i', 'n', 'o', 's', 'c', 'a', 'n', 'd', 'i', 'n', 'a', 'v', 'i', 'a', '.', 's', 'e', '\0',
+  /* "sinquin.eu", true */ 's', 'i', 'n', 'q', 'u', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "sint-joris.nl", true */ 's', 'i', 'n', 't', '-', 'j', 'o', 'r', 'i', 's', '.', 'n', 'l', '\0',
+  /* "sinterama.biz", true */ 's', 'i', 'n', 't', 'e', 'r', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "sintesysglobal.com", true */ 's', 'i', 'n', 't', 'e', 's', 'y', 's', 'g', 'l', 'o', 'b', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sinuelovirtual.com.br", true */ 's', 'i', 'n', 'u', 'e', 'l', 'o', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sion.moe", true */ 's', 'i', 'o', 'n', '.', 'm', 'o', 'e', '\0',
+  /* "siraweb.org", true */ 's', 'i', 'r', 'a', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sirbouncealotcastles.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'a', 'l', 'o', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sirbouncelot.co.uk", true */ 's', 'i', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'l', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sirburton.com", true */ 's', 'i', 'r', 'b', 'u', 'r', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sirena.co.jp", true */ 's', 'i', 'r', 'e', 'n', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "sirenslove.com", true */ 's', 'i', 'r', 'e', 'n', 's', 'l', 'o', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "siriuspup.com", true */ 's', 'i', 'r', 'i', 'u', 's', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "siroop.ch", true */ 's', 'i', 'r', 'o', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "sirtaptap.com", true */ 's', 'i', 'r', 't', 'a', 'p', 't', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sirtuins.com", true */ 's', 'i', 'r', 't', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sistel.es", true */ 's', 'i', 's', 't', 'e', 'l', '.', 'e', 's', '\0',
+  /* "sistem-maklumat.com", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sistem-maklumat.com.my", true */ 's', 'i', 's', 't', 'e', 'm', '-', 'm', 'a', 'k', 'l', 'u', 'm', 'a', 't', '.', 'c', 'o', 'm', '.', 'm', 'y', '\0',
+  /* "sistemy48.ru", false */ 's', 'i', 's', 't', 'e', 'm', 'y', '4', '8', '.', 'r', 'u', '\0',
+  /* "sistersurprise.de", true */ 's', 'i', 's', 't', 'e', 'r', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'd', 'e', '\0',
+  /* "sistimiki-anaparastasi.gr", true */ 's', 'i', 's', 't', 'i', 'm', 'i', 'k', 'i', '-', 'a', 'n', 'a', 'p', 'a', 'r', 'a', 's', 't', 'a', 's', 'i', '.', 'g', 'r', '\0',
+  /* "sisv.eu", true */ 's', 'i', 's', 'v', '.', 'e', 'u', '\0',
+  /* "sit-brn.ru", true */ 's', 'i', 't', '-', 'b', 'r', 'n', '.', 'r', 'u', '\0',
+  /* "sit.ec", true */ 's', 'i', 't', '.', 'e', 'c', '\0',
+  /* "sitc.sk", true */ 's', 'i', 't', 'c', '.', 's', 'k', '\0',
+  /* "sitecloudify.com", true */ 's', 'i', 't', 'e', 'c', 'l', 'o', 'u', 'd', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sitecuatui.com", true */ 's', 'i', 't', 'e', 'c', 'u', 'a', 't', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sitedrive.fi", true */ 's', 'i', 't', 'e', 'd', 'r', 'i', 'v', 'e', '.', 'f', 'i', '\0',
+  /* "sitehoster.org", true */ 's', 'i', 't', 'e', 'h', 'o', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "siterencontre.me", true */ 's', 'i', 't', 'e', 'r', 'e', 'n', 'c', 'o', 'n', 't', 'r', 'e', '.', 'm', 'e', '\0',
+  /* "sites.google.com", true */ 's', 'i', 't', 'e', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sitesko.de", true */ 's', 'i', 't', 'e', 's', 'k', 'o', '.', 'd', 'e', '\0',
+  /* "sitsy.ru", false */ 's', 'i', 't', 's', 'y', '.', 'r', 'u', '\0',
+  /* "sivyerge.com", true */ 's', 'i', 'v', 'y', 'e', 'r', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sixpackholubice.cz", true */ 's', 'i', 'x', 'p', 'a', 'c', 'k', 'h', 'o', 'l', 'u', 'b', 'i', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "sixtwentyten.com", true */ 's', 'i', 'x', 't', 'w', 'e', 'n', 't', 'y', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sj-leisure.com", true */ 's', 'j', '-', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sja-se-training.com", true */ 's', 'j', 'a', '-', 's', 'e', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sjd.is", true */ 's', 'j', 'd', '.', 'i', 's', '\0',
+  /* "sjdaws.com", true */ 's', 'j', 'd', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sjleisure.co.uk", true */ 's', 'j', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sjoorm.com", true */ 's', 'j', 'o', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sjsc.fr", true */ 's', 'j', 's', 'c', '.', 'f', 'r', '\0',
+  /* "sk-net.cz", true */ 's', 'k', '-', 'n', 'e', 't', '.', 'c', 'z', '\0',
+  /* "skanvordoff.ru", true */ 's', 'k', 'a', 'n', 'v', 'o', 'r', 'd', 'o', 'f', 'f', '.', 'r', 'u', '\0',
+  /* "skarox.com", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "skarox.ee", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'e', '\0',
+  /* "skarox.eu", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'e', 'u', '\0',
+  /* "skarox.net", true */ 's', 'k', 'a', 'r', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "skatclub-beratzhausen.de", true */ 's', 'k', 'a', 't', 'c', 'l', 'u', 'b', '-', 'b', 'e', 'r', 'a', 't', 'z', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "skates.guru", true */ 's', 'k', 'a', 't', 'e', 's', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "skatingchina.com", true */ 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "skatn.de", true */ 's', 'k', 'a', 't', 'n', '.', 'd', 'e', '\0',
+  /* "skazka.ru", true */ 's', 'k', 'a', 'z', 'k', 'a', '.', 'r', 'u', '\0',
+  /* "skday.com", true */ 's', 'k', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "skeeley.com", true */ 's', 'k', 'e', 'e', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "skei.org", true */ 's', 'k', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "skepticalsports.com", true */ 's', 'k', 'e', 'p', 't', 'i', 'c', 'a', 'l', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sketchmyroom.com", true */ 's', 'k', 'e', 't', 'c', 'h', 'm', 'y', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "sketchywebsite.net", true */ 's', 'k', 'e', 't', 'c', 'h', 'y', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "skhire.co.uk", true */ 's', 'k', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "skhoop.cz", true */ 's', 'k', 'h', 'o', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "skia.org", false */ 's', 'k', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "skifairview.com", true */ 's', 'k', 'i', 'f', 'a', 'i', 'r', 'v', 'i', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "skigebied.nl", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 'd', '.', 'n', 'l', '\0',
+  /* "skigebiete-test.de", true */ 's', 'k', 'i', 'g', 'e', 'b', 'i', 'e', 't', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "skile.ru", true */ 's', 'k', 'i', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "skilldetector.com", true */ 's', 'k', 'i', 'l', 'l', 'd', 'e', 't', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skilletfood.com", true */ 's', 'k', 'i', 'l', 'l', 'e', 't', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skillled.com", true */ 's', 'k', 'i', 'l', 'l', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skills2services.com", true */ 's', 'k', 'i', 'l', 'l', 's', '2', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skillseo.com", true */ 's', 'k', 'i', 'l', 'l', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "skimming.net", true */ 's', 'k', 'i', 'm', 'm', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "skinbet.co", true */ 's', 'k', 'i', 'n', 'b', 'e', 't', '.', 'c', 'o', '\0',
+  /* "skincases.co", true */ 's', 'k', 'i', 'n', 'c', 'a', 's', 'e', 's', '.', 'c', 'o', '\0',
+  /* "skincontracts.co", true */ 's', 'k', 'i', 'n', 'c', 'o', 'n', 't', 'r', 'a', 'c', 't', 's', '.', 'c', 'o', '\0',
+  /* "sking.io", true */ 's', 'k', 'i', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "skingame.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "skingames.co", true */ 's', 'k', 'i', 'n', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', '\0',
+  /* "skinmarket.co", true */ 's', 'k', 'i', 'n', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', '\0',
+  /* "skinpwrd.com", true */ 's', 'k', 'i', 'n', 'p', 'w', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "skins.net", true */ 's', 'k', 'i', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "skipfault.com", true */ 's', 'k', 'i', 'p', 'f', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "skipperinnovations.com", true */ 's', 'k', 'i', 'p', 'p', 'e', 'r', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skischule-wildewiese.de", true */ 's', 'k', 'i', 's', 'c', 'h', 'u', 'l', 'e', '-', 'w', 'i', 'l', 'd', 'e', 'w', 'i', 'e', 's', 'e', '.', 'd', 'e', '\0',
+  /* "skks.cz", true */ 's', 'k', 'k', 's', '.', 'c', 'z', '\0',
+  /* "sklepsamsung.pl", true */ 's', 'k', 'l', 'e', 'p', 's', 'a', 'm', 's', 'u', 'n', 'g', '.', 'p', 'l', '\0',
+  /* "sklotechnik.cz", true */ 's', 'k', 'l', 'o', 't', 'e', 'c', 'h', 'n', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "skocia.net", true */ 's', 'k', 'o', 'c', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "skoda-im-dialog.de", true */ 's', 'k', 'o', 'd', 'a', '-', 'i', 'm', '-', 'd', 'i', 'a', 'l', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "skogsbruket.fi", true */ 's', 'k', 'o', 'g', 's', 'b', 'r', 'u', 'k', 'e', 't', '.', 'f', 'i', '\0',
+  /* "skogskultur.fi", true */ 's', 'k', 'o', 'g', 's', 'k', 'u', 'l', 't', 'u', 'r', '.', 'f', 'i', '\0',
+  /* "skol.bzh", true */ 's', 'k', 'o', 'l', '.', 'b', 'z', 'h', '\0',
+  /* "skolem.de", true */ 's', 'k', 'o', 'l', 'e', 'm', '.', 'd', 'e', '\0',
+  /* "skoleniphp.cz", true */ 's', 'k', 'o', 'l', 'e', 'n', 'i', 'p', 'h', 'p', '.', 'c', 'z', '\0',
+  /* "skommettiamo.it", true */ 's', 'k', 'o', 'm', 'm', 'e', 't', 't', 'i', 'a', 'm', 'o', '.', 'i', 't', '\0',
+  /* "skontakt.cz", true */ 's', 'k', 'o', 'n', 't', 'a', 'k', 't', '.', 'c', 'z', '\0',
+  /* "skontorp-enterprise.no", true */ 's', 'k', 'o', 'n', 't', 'o', 'r', 'p', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'n', 'o', '\0',
+  /* "skortekaas.nl", false */ 's', 'k', 'o', 'r', 't', 'e', 'k', 'a', 'a', 's', '.', 'n', 'l', '\0',
+  /* "skory.us", true */ 's', 'k', 'o', 'r', 'y', '.', 'u', 's', '\0',
+  /* "skou.dk", true */ 's', 'k', 'o', 'u', '.', 'd', 'k', '\0',
+  /* "skram.de", true */ 's', 'k', 'r', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "skryptersi.pl", true */ 's', 'k', 'r', 'y', 'p', 't', 'e', 'r', 's', 'i', '.', 'p', 'l', '\0',
+  /* "sktan.com", true */ 's', 'k', 't', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sktsolution.com", false */ 's', 'k', 't', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "skuldwyrm.no", true */ 's', 'k', 'u', 'l', 'd', 'w', 'y', 'r', 'm', '.', 'n', 'o', '\0',
+  /* "skwile-cafe.com", true */ 's', 'k', 'w', 'i', 'l', 'e', '-', 'c', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skyanchor.com", true */ 's', 'k', 'y', 'a', 'n', 'c', 'h', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skybound.link", true */ 's', 'k', 'y', 'b', 'o', 'u', 'n', 'd', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "skydragoness.com", true */ 's', 'k', 'y', 'd', 'r', 'a', 'g', 'o', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skydrive.live.com", false */ 's', 'k', 'y', 'd', 'r', 'i', 'v', 'e', '.', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skylgenet.nl", true */ 's', 'k', 'y', 'l', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "skylightcreative.com.au", true */ 's', 'k', 'y', 'l', 'i', 'g', 'h', 't', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "skylinertech.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 'r', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "skylineservers.com", true */ 's', 'k', 'y', 'l', 'i', 'n', 'e', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "skyloisirs.ch", true */ 's', 'k', 'y', 'l', 'o', 'i', 's', 'i', 'r', 's', '.', 'c', 'h', '\0',
+  /* "skyminds.net", true */ 's', 'k', 'y', 'm', 'i', 'n', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "skynet233.ch", true */ 's', 'k', 'y', 'n', 'e', 't', '2', '3', '3', '.', 'c', 'h', '\0',
+  /* "skynetnetwork.eu.org", true */ 's', 'k', 'y', 'n', 'e', 't', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "skynetz.tk", true */ 's', 'k', 'y', 'n', 'e', 't', 'z', '.', 't', 'k', '\0',
+  /* "skype.com", true */ 's', 'k', 'y', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "skypoker.com", true */ 's', 'k', 'y', 'p', 'o', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "skyquid.co.uk", true */ 's', 'k', 'y', 'q', 'u', 'i', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "skyris.co", true */ 's', 'k', 'y', 'r', 'i', 's', '.', 'c', 'o', '\0',
+  /* "skys-entertainment.com", true */ 's', 'k', 'y', 's', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "skysuite.nl", true */ 's', 'k', 'y', 's', 'u', 'i', 't', 'e', '.', 'n', 'l', '\0',
+  /* "skyvault.io", true */ 's', 'k', 'y', 'v', 'a', 'u', 'l', 't', '.', 'i', 'o', '\0',
+  /* "skyzimba.com.br", true */ 's', 'k', 'y', 'z', 'i', 'm', 'b', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sl0.us", true */ 's', 'l', '0', '.', 'u', 's', '\0',
+  /* "slack-files.com", true */ 's', 'l', 'a', 'c', 'k', '-', 'f', 'i', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slack.com", true */ 's', 'l', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sladic.si", false */ 's', 'l', 'a', 'd', 'i', 'c', '.', 's', 'i', '\0',
+  /* "slainvet.net", true */ 's', 'l', 'a', 'i', 'n', 'v', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "slamdjapan.com", true */ 's', 'l', 'a', 'm', 'd', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "slamix.nl", true */ 's', 'l', 'a', 'm', 'i', 'x', '.', 'n', 'l', '\0',
+  /* "slane.cn", true */ 's', 'l', 'a', 'n', 'e', '.', 'c', 'n', '\0',
+  /* "slangbellor.com", true */ 's', 'l', 'a', 'n', 'g', 'b', 'e', 'l', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slapen17.nl", true */ 's', 'l', 'a', 'p', 'e', 'n', '1', '7', '.', 'n', 'l', '\0',
+  /* "slash32.co.uk", true */ 's', 'l', 'a', 's', 'h', '3', '2', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slash64.co.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slash64.com", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "slash64.uk", true */ 's', 'l', 'a', 's', 'h', '6', '4', '.', 'u', 'k', '\0',
+  /* "slashbits.no", true */ 's', 'l', 'a', 's', 'h', 'b', 'i', 't', 's', '.', 'n', 'o', '\0',
+  /* "slatemc.fun", true */ 's', 'l', 'a', 't', 'e', 'm', 'c', '.', 'f', 'u', 'n', '\0',
+  /* "slatop.org", true */ 's', 'l', 'a', 't', 'o', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "slaughter.com", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slaughterhouse.fr", true */ 's', 'l', 'a', 'u', 'g', 'h', 't', 'e', 'r', 'h', 'o', 'u', 's', 'e', '.', 'f', 'r', '\0',
+  /* "slavasveta.info", true */ 's', 'l', 'a', 'v', 'a', 's', 'v', 'e', 't', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "slaws.io", true */ 's', 'l', 'a', 'w', 's', '.', 'i', 'o', '\0',
+  /* "sleeplessbeastie.eu", true */ 's', 'l', 'e', 'e', 'p', 'l', 'e', 's', 's', 'b', 'e', 'a', 's', 't', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "sleepmap.de", true */ 's', 'l', 'e', 'e', 'p', 'm', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "sleepstar.co.uk", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sleepstar.de", true */ 's', 'l', 'e', 'e', 'p', 's', 't', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "sleio.com", true */ 's', 'l', 'e', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "slever.cz", true */ 's', 'l', 'e', 'v', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "slevermann.de", true */ 's', 'l', 'e', 'v', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "slevomat.cz", true */ 's', 'l', 'e', 'v', 'o', 'm', 'a', 't', '.', 'c', 'z', '\0',
+  /* "sliceone.com", true */ 's', 'l', 'i', 'c', 'e', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "slicklines.co.uk", true */ 's', 'l', 'i', 'c', 'k', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slidebatch.com", true */ 's', 'l', 'i', 'd', 'e', 'b', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "slides.zone", true */ 's', 'l', 'i', 'd', 'e', 's', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "slik.ai", true */ 's', 'l', 'i', 'k', '.', 'a', 'i', '\0',
+  /* "slimk1nd.nl", true */ 's', 'l', 'i', 'm', 'k', '1', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "slimmerbouwen.be", true */ 's', 'l', 'i', 'm', 'm', 'e', 'r', 'b', 'o', 'u', 'w', 'e', 'n', '.', 'b', 'e', '\0',
+  /* "slimspots.com", true */ 's', 'l', 'i', 'm', 's', 'p', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slingo-sta.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '-', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "slingo.com", true */ 's', 'l', 'i', 'n', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "slingooriginals.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "slingoweb.com", true */ 's', 'l', 'i', 'n', 'g', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "slink.hr", true */ 's', 'l', 'i', 'n', 'k', '.', 'h', 'r', '\0',
+  /* "slip-gaming.tk", true */ 's', 'l', 'i', 'p', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 't', 'k', '\0',
+  /* "slneighbors.org", true */ 's', 'l', 'n', 'e', 'i', 'g', 'h', 'b', 'o', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "slo-net.net", true */ 's', 'l', 'o', '-', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "slo-tech.com", true */ 's', 'l', 'o', '-', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sloancom.com", true */ 's', 'l', 'o', 'a', 'n', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "slopeedge.com", true */ 's', 'l', 'o', 'p', 'e', 'e', 'd', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "slotboss.co.uk", true */ 's', 'l', 'o', 't', 'b', 'o', 's', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "slotcar.com", false */ 's', 'l', 'o', 't', 'c', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slotfara.com", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "slotfara.net", true */ 's', 'l', 'o', 't', 'f', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "sloths.org", true */ 's', 'l', 'o', 't', 'h', 's', '.', 'o', 'r', 'g', '\0',
+  /* "slotlist.info", true */ 's', 'l', 'o', 't', 'l', 'i', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "slovenskycestovatel.sk", true */ 's', 'l', 'o', 'v', 'e', 'n', 's', 'k', 'y', 'c', 'e', 's', 't', 'o', 'v', 'a', 't', 'e', 'l', '.', 's', 'k', '\0',
+  /* "slow.zone", true */ 's', 'l', 'o', 'w', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "slowb.ro", true */ 's', 'l', 'o', 'w', 'b', '.', 'r', 'o', '\0',
+  /* "slowfood.es", true */ 's', 'l', 'o', 'w', 'f', 'o', 'o', 'd', '.', 'e', 's', '\0',
+  /* "slowgames.xyz", true */ 's', 'l', 'o', 'w', 'g', 'a', 'm', 'e', 's', '.', 'x', 'y', 'z', '\0',
+  /* "slowsociety.org", true */ 's', 'l', 'o', 'w', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "slpower.com", true */ 's', 'l', 'p', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "slrd-isperih.com", true */ 's', 'l', 'r', 'd', '-', 'i', 's', 'p', 'e', 'r', 'i', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "slse.ca", true */ 's', 'l', 's', 'e', '.', 'c', 'a', '\0',
+  /* "sluimann.de", true */ 's', 'l', 'u', 'i', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "sluitkampzeist.nl", false */ 's', 'l', 'u', 'i', 't', 'k', 'a', 'm', 'p', 'z', 'e', 'i', 's', 't', '.', 'n', 'l', '\0',
+  /* "slvh.fr", true */ 's', 'l', 'v', 'h', '.', 'f', 'r', '\0',
+  /* "slwilde.ca", true */ 's', 'l', 'w', 'i', 'l', 'd', 'e', '.', 'c', 'a', '\0',
+  /* "slxh.eu", true */ 's', 'l', 'x', 'h', '.', 'e', 'u', '\0',
+  /* "slxh.nl", true */ 's', 'l', 'x', 'h', '.', 'n', 'l', '\0',
+  /* "sm.ms", true */ 's', 'm', '.', 'm', 's', '\0',
+  /* "sm2016.ch", true */ 's', 'm', '2', '0', '1', '6', '.', 'c', 'h', '\0',
+  /* "sma-gift.com", true */ 's', 'm', 'a', '-', 'g', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "smackhappy.com", true */ 's', 'm', 'a', 'c', 'k', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smalldogbreeds.net", true */ 's', 'm', 'a', 'l', 'l', 'd', 'o', 'g', 'b', 'r', 'e', 'e', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "smallhadroncollider.com", true */ 's', 'm', 'a', 'l', 'l', 'h', 'a', 'd', 'r', 'o', 'n', 'c', 'o', 'l', 'l', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "smallpath.me", true */ 's', 'm', 'a', 'l', 'l', 'p', 'a', 't', 'h', '.', 'm', 'e', '\0',
+  /* "smallplanet.ch", true */ 's', 'm', 'a', 'l', 'l', 'p', 'l', 'a', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "smalltalkconsulting.com", true */ 's', 'm', 'a', 'l', 'l', 't', 'a', 'l', 'k', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smaltimento-rifiuti.org", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '-', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "smaltimento.napoli.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', '.', 'n', 'a', 'p', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "smaltimentoamianto.latina.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'a', 'm', 'i', 'a', 'n', 't', 'o', '.', 'l', 'a', 't', 'i', 'n', 'a', '.', 'i', 't', '\0',
+  /* "smaltimentorifiuti.veneto.it", true */ 's', 'm', 'a', 'l', 't', 'i', 'm', 'e', 'n', 't', 'o', 'r', 'i', 'f', 'i', 'u', 't', 'i', '.', 'v', 'e', 'n', 'e', 't', 'o', '.', 'i', 't', '\0',
+  /* "smares.de", true */ 's', 'm', 'a', 'r', 'e', 's', '.', 'd', 'e', '\0',
+  /* "smart-cp.jp", true */ 's', 'm', 'a', 'r', 't', '-', 'c', 'p', '.', 'j', 'p', '\0',
+  /* "smart-informatics.com", true */ 's', 'm', 'a', 'r', 't', '-', 'i', 'n', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smart-shapes.co.uk", true */ 's', 'm', 'a', 'r', 't', '-', 's', 'h', 'a', 'p', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smart-wohnen.net", true */ 's', 'm', 'a', 'r', 't', '-', 'w', 'o', 'h', 'n', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "smart.gov", true */ 's', 'm', 'a', 'r', 't', '.', 'g', 'o', 'v', '\0',
+  /* "smartairkey.com", true */ 's', 'm', 'a', 'r', 't', 'a', 'i', 'r', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smartandcom.ch", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "smartandhappychild.ro", true */ 's', 'm', 'a', 'r', 't', 'a', 'n', 'd', 'h', 'a', 'p', 'p', 'y', 'c', 'h', 'i', 'l', 'd', '.', 'r', 'o', '\0',
+  /* "smartbiz.vn", true */ 's', 'm', 'a', 'r', 't', 'b', 'i', 'z', '.', 'v', 'n', '\0',
+  /* "smartcheck.gov", true */ 's', 'm', 'a', 'r', 't', 'c', 'h', 'e', 'c', 'k', '.', 'g', 'o', 'v', '\0',
+  /* "smartest-trading.com", true */ 's', 'm', 'a', 'r', 't', 'e', 's', 't', '-', 't', 'r', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smartfit.cz", true */ 's', 'm', 'a', 'r', 't', 'f', 'i', 't', '.', 'c', 'z', '\0',
+  /* "smartftp.com", true */ 's', 'm', 'a', 'r', 't', 'f', 't', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "smarthdd.com", true */ 's', 'm', 'a', 'r', 't', 'h', 'd', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "smarthinking.nl", true */ 's', 'm', 'a', 'r', 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "smarthouse.de", true */ 's', 'm', 'a', 'r', 't', 'h', 'o', 'u', 's', 'e', '.', 'd', 'e', '\0',
+  /* "smartit.pro", true */ 's', 'm', 'a', 'r', 't', 'i', 't', '.', 'p', 'r', 'o', '\0',
+  /* "smartjoin.style", true */ 's', 'm', 'a', 'r', 't', 'j', 'o', 'i', 'n', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "smartlend.se", true */ 's', 'm', 'a', 'r', 't', 'l', 'e', 'n', 'd', '.', 's', 'e', '\0',
+  /* "smartlocksmith.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'c', 'k', 's', 'm', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogreturns.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 'r', 'e', 't', 'u', 'r', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogstock.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 's', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "smartlogtower.com", true */ 's', 'm', 'a', 'r', 't', 'l', 'o', 'g', 't', 'o', 'w', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "smartmeal.ru", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 'a', 'l', '.', 'r', 'u', '\0',
+  /* "smartmessages.net", true */ 's', 'm', 'a', 'r', 't', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "smartmomsmartideas.com", true */ 's', 'm', 'a', 'r', 't', 'm', 'o', 'm', 's', 'm', 'a', 'r', 't', 'i', 'd', 'e', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smartpass.government.ae", true */ 's', 'm', 'a', 'r', 't', 'p', 'a', 's', 's', '.', 'g', 'o', 'v', 'e', 'r', 'n', 'm', 'e', 'n', 't', '.', 'a', 'e', '\0',
+  /* "smartpolicingplatform.com", true */ 's', 'm', 'a', 'r', 't', 'p', 'o', 'l', 'i', 'c', 'i', 'n', 'g', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "smartrade.tech", true */ 's', 'm', 'a', 'r', 't', 'r', 'a', 'd', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "smartshiftme.com", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'f', 't', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartship.co.jp", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'i', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "smartshoppers.es", true */ 's', 'm', 'a', 'r', 't', 's', 'h', 'o', 'p', 'p', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "smartsparrow.com", true */ 's', 'm', 'a', 'r', 't', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smartvideo.io", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'd', 'e', 'o', '.', 'i', 'o', '\0',
+  /* "smartviewing.com", true */ 's', 'm', 'a', 'r', 't', 'v', 'i', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "smartwelve.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'e', 'l', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartwritingservice.com", true */ 's', 'm', 'a', 'r', 't', 'w', 'r', 'i', 't', 'i', 'n', 'g', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "smartwurk.nl", true */ 's', 'm', 'a', 'r', 't', 'w', 'u', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "smash-gg.club", true */ 's', 'm', 'a', 's', 'h', '-', 'g', 'g', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "smatch.com", true */ 's', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "smb445.com", true */ 's', 'm', 'b', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "smdavis.us", true */ 's', 'm', 'd', 'a', 'v', 'i', 's', '.', 'u', 's', '\0',
+  /* "smdcn.net", true */ 's', 'm', 'd', 'c', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sme-gmbh.net", true */ 's', 'm', 'e', '-', 'g', 'm', 'b', 'h', '.', 'n', 'e', 't', '\0',
+  /* "smeetsengraas.com", true */ 's', 'm', 'e', 'e', 't', 's', 'e', 'n', 'g', 'r', 'a', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smeso.it", true */ 's', 'm', 'e', 's', 'o', '.', 'i', 't', '\0',
+  /* "smi-a.me", true */ 's', 'm', 'i', '-', 'a', '.', 'm', 'e', '\0',
+  /* "smiatek.name", true */ 's', 'm', 'i', 'a', 't', 'e', 'k', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "smileandpay.com", true */ 's', 'm', 'i', 'l', 'e', 'a', 'n', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smiledirectsales.com", true */ 's', 'm', 'i', 'l', 'e', 'd', 'i', 'r', 'e', 'c', 't', 's', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smilessoftplay.co.uk", true */ 's', 'm', 'i', 'l', 'e', 's', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smime.io", true */ 's', 'm', 'i', 'm', 'e', '.', 'i', 'o', '\0',
+  /* "smimea.info", true */ 's', 'm', 'i', 'm', 'e', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "smipty.cn", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'n', '\0',
+  /* "smipty.com", true */ 's', 'm', 'i', 'p', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "smit.com.ua", true */ 's', 'm', 'i', 't', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "smithandcanova.co.uk", false */ 's', 'm', 'i', 't', 'h', 'a', 'n', 'd', 'c', 'a', 'n', 'o', 'v', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smkw.com", false */ 's', 'm', 'k', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smm.im", true */ 's', 'm', 'm', '.', 'i', 'm', '\0',
+  /* "smoo.st", true */ 's', 'm', 'o', 'o', '.', 's', 't', '\0',
+  /* "smoothgesturesplus.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'g', 'e', 's', 't', 'u', 'r', 'e', 's', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smoothics.at", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'a', 't', '\0',
+  /* "smoothics.com", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "smoothics.eu", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'e', 'u', '\0',
+  /* "smoothics.mobi", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "smoothics.net", true */ 's', 'm', 'o', 'o', 't', 'h', 'i', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "smorgasblog.ie", true */ 's', 'm', 'o', 'r', 'g', 'a', 's', 'b', 'l', 'o', 'g', '.', 'i', 'e', '\0',
+  /* "smow.com", true */ 's', 'm', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "smow.de", true */ 's', 'm', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "smpetrey.com", true */ 's', 'm', 'p', 'e', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sms1.ro", true */ 's', 'm', 's', '1', '.', 'r', 'o', '\0',
+  /* "smsappointment.com", true */ 's', 'm', 's', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "smsg-dev.ch", true */ 's', 'm', 's', 'g', '-', 'd', 'e', 'v', '.', 'c', 'h', '\0',
+  /* "smskeywords.co.uk", true */ 's', 'm', 's', 'k', 'e', 'y', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "smsprivacy.org", true */ 's', 'm', 's', 'p', 'r', 'i', 'v', 'a', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "smuncensored.com", true */ 's', 'm', 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "smutba.se", true */ 's', 'm', 'u', 't', 'b', 'a', '.', 's', 'e', '\0',
+  /* "smutek.net", true */ 's', 'm', 'u', 't', 'e', 'k', '.', 'n', 'e', 't', '\0',
+  /* "snafarms.com", true */ 's', 'n', 'a', 'f', 'a', 'r', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snafu.cz", true */ 's', 'n', 'a', 'f', 'u', '.', 'c', 'z', '\0',
+  /* "snakafya.com", true */ 's', 'n', 'a', 'k', 'a', 'f', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "snake.dog", true */ 's', 'n', 'a', 'k', 'e', '.', 'd', 'o', 'g', '\0',
+  /* "snap.com", true */ 's', 'n', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "snapappointments.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 'o', 'i', 'n', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snapappts.com", true */ 's', 'n', 'a', 'p', 'a', 'p', 'p', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "snapfinance.com", true */ 's', 'n', 'a', 'p', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snapserv.ch", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'c', 'h', '\0',
+  /* "snapserv.net", true */ 's', 'n', 'a', 'p', 's', 'e', 'r', 'v', '.', 'n', 'e', 't', '\0',
+  /* "snaptools.io", true */ 's', 'n', 'a', 'p', 't', 'o', 'o', 'l', 's', '.', 'i', 'o', '\0',
+  /* "snarf.in", true */ 's', 'n', 'a', 'r', 'f', '.', 'i', 'n', '\0',
+  /* "snatch.com.ua", true */ 's', 'n', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "snazel.co.uk", true */ 's', 'n', 'a', 'z', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "snazzie.nl", true */ 's', 'n', 'a', 'z', 'z', 'i', 'e', '.', 'n', 'l', '\0',
+  /* "sncdn.com", true */ 's', 'n', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sndbouncycastles.co.uk", true */ 's', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sneak.berlin", true */ 's', 'n', 'e', 'a', 'k', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "sneaker.date", true */ 's', 'n', 'e', 'a', 'k', 'e', 'r', '.', 'd', 'a', 't', 'e', '\0',
+  /* "sneakpod.de", true */ 's', 'n', 'e', 'a', 'k', 'p', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "sneakynote.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sneakypaw.com", true */ 's', 'n', 'e', 'a', 'k', 'y', 'p', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "sneberger.cz", false */ 's', 'n', 'e', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "sneed.company", true */ 's', 'n', 'e', 'e', 'd', '.', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '\0',
+  /* "sneed.it", true */ 's', 'n', 'e', 'e', 'd', '.', 'i', 't', '\0',
+  /* "sneedit.com", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sneedit.de", true */ 's', 'n', 'e', 'e', 'd', 'i', 't', '.', 'd', 'e', '\0',
+  /* "sneeuwhoogtes.eu", true */ 's', 'n', 'e', 'e', 'u', 'w', 'h', 'o', 'o', 'g', 't', 'e', 's', '.', 'e', 'u', '\0',
+  /* "sneezry.com", true */ 's', 'n', 'e', 'e', 'z', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "snel4u.nl", true */ 's', 'n', 'e', 'l', '4', 'u', '.', 'n', 'l', '\0',
+  /* "snelbv.nl", true */ 's', 'n', 'e', 'l', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "snelshops.nl", true */ 's', 'n', 'e', 'l', 's', 'h', 'o', 'p', 's', '.', 'n', 'l', '\0',
+  /* "snelwebshop.nl", true */ 's', 'n', 'e', 'l', 'w', 'e', 'b', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "snelxboxlivegold.nl", true */ 's', 'n', 'e', 'l', 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "snerith.com", true */ 's', 'n', 'e', 'r', 'i', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "snfdata.com", false */ 's', 'n', 'f', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sniderman.eu.org", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'e', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "sniderman.pro", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'p', 'r', 'o', '\0',
+  /* "sniderman.us", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'u', 's', '\0',
+  /* "sniderman.xyz", true */ 's', 'n', 'i', 'd', 'e', 'r', 'm', 'a', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "sniep.net", true */ 's', 'n', 'i', 'e', 'p', '.', 'n', 'e', 't', '\0',
+  /* "snight.co", true */ 's', 'n', 'i', 'g', 'h', 't', '.', 'c', 'o', '\0',
+  /* "snille.com", true */ 's', 'n', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snip.run", true */ 's', 'n', 'i', 'p', '.', 'r', 'u', 'n', '\0',
+  /* "snl.no", true */ 's', 'n', 'l', '.', 'n', 'o', '\0',
+  /* "snod.land", true */ 's', 'n', 'o', 'd', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "snote.io", true */ 's', 'n', 'o', 't', 'e', '.', 'i', 'o', '\0',
+  /* "snoupon.com", true */ 's', 'n', 'o', 'u', 'p', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "snovey.com", true */ 's', 'n', 'o', 'v', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "snow-online.com", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snow-online.de", true */ 's', 'n', 'o', 'w', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "snow.dog", true */ 's', 'n', 'o', 'w', '.', 'd', 'o', 'g', '\0',
+  /* "snowalerts.eu", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'e', 'u', '\0',
+  /* "snowalerts.nl", true */ 's', 'n', 'o', 'w', 'a', 'l', 'e', 'r', 't', 's', '.', 'n', 'l', '\0',
+  /* "snowchamps.nl", true */ 's', 'n', 'o', 'w', 'c', 'h', 'a', 'm', 'p', 's', '.', 'n', 'l', '\0',
+  /* "snowcrestdesign.com", true */ 's', 'n', 'o', 'w', 'c', 'r', 'e', 's', 't', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "snowdy.dk", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'd', 'k', '\0',
+  /* "snowdy.link", true */ 's', 'n', 'o', 'w', 'd', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "snowhaze.ch", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'h', '\0',
+  /* "snowhaze.com", true */ 's', 'n', 'o', 'w', 'h', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "snowplane.net", true */ 's', 'n', 'o', 'w', 'p', 'l', 'a', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "snowraven.de", true */ 's', 'n', 'o', 'w', 'r', 'a', 'v', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "snrub.co", true */ 's', 'n', 'r', 'u', 'b', '.', 'c', 'o', '\0',
+  /* "snuff.porn", true */ 's', 'n', 'u', 'f', 'f', '.', 'p', 'o', 'r', 'n', '\0',
+  /* "snughealth.org.uk", true */ 's', 'n', 'u', 'g', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "sny.no", true */ 's', 'n', 'y', '.', 'n', 'o', '\0',
+  /* "so-healthy.co.uk", true */ 's', 'o', '-', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "so.is-a-cpa.com", true */ 's', 'o', '.', 'i', 's', '-', 'a', '-', 'c', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "soapitup.com.au", true */ 's', 'o', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sobaya-gohei.com", true */ 's', 'o', 'b', 'a', 'y', 'a', '-', 'g', 'o', 'h', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "sobelift.com", true */ 's', 'o', 'b', 'e', 'l', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sobie.ch", true */ 's', 'o', 'b', 'i', 'e', '.', 'c', 'h', '\0',
+  /* "sobieray.dyndns.org", true */ 's', 'o', 'b', 'i', 'e', 'r', 'a', 'y', '.', 'd', 'y', 'n', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sobinski.pl", false */ 's', 'o', 'b', 'i', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "sobotkama.eu", true */ 's', 'o', 'b', 'o', 't', 'k', 'a', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "soc.net", true */ 's', 'o', 'c', '.', 'n', 'e', 't', '\0',
+  /* "socal-babes.com", true */ 's', 'o', 'c', 'a', 'l', '-', 'b', 'a', 'b', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "soccersavings.com", true */ 's', 'o', 'c', 'c', 'e', 'r', 's', 'a', 'v', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "soccorso-stradale.org", true */ 's', 'o', 'c', 'c', 'o', 'r', 's', 'o', '-', 's', 't', 'r', 'a', 'd', 'a', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sochi-sochno.ru", true */ 's', 'o', 'c', 'h', 'i', '-', 's', 'o', 'c', 'h', 'n', 'o', '.', 'r', 'u', '\0',
+  /* "soci.ml", true */ 's', 'o', 'c', 'i', '.', 'm', 'l', '\0',
+  /* "social-events.net", false */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "social-media-strategies.it", true */ 's', 'o', 'c', 'i', 'a', 'l', '-', 'm', 'e', 'd', 'i', 'a', '-', 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', 's', '.', 'i', 't', '\0',
+  /* "socialdj.de", true */ 's', 'o', 'c', 'i', 'a', 'l', 'd', 'j', '.', 'd', 'e', '\0',
+  /* "socialhams.net", true */ 's', 'o', 'c', 'i', 'a', 'l', 'h', 'a', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "socialmedia.ro", true */ 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', '.', 'r', 'o', '\0',
+  /* "socialnitro.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'i', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "socialnous.co", true */ 's', 'o', 'c', 'i', 'a', 'l', 'n', 'o', 'u', 's', '.', 'c', 'o', '\0',
+  /* "socialrank.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'r', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "socialsecurity.gov", false */ 's', 'o', 'c', 'i', 'a', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "socialweblearning.com", true */ 's', 'o', 'c', 'i', 'a', 'l', 'w', 'e', 'b', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "societyhilldance.com", true */ 's', 'o', 'c', 'i', 'e', 't', 'y', 'h', 'i', 'l', 'l', 'd', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "socioambiental.org", true */ 's', 'o', 'c', 'i', 'o', 'a', 'm', 'b', 'i', 'e', 'n', 't', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "sociobiology.com", true */ 's', 'o', 'c', 'i', 'o', 'b', 'i', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sociopathy.org", true */ 's', 'o', 'c', 'i', 'o', 'p', 'a', 't', 'h', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "sockeye.io", true */ 's', 'o', 'c', 'k', 'e', 'y', 'e', '.', 'i', 'o', '\0',
+  /* "sockscap64.com", true */ 's', 'o', 'c', 'k', 's', 'c', 'a', 'p', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "socoastal.com", true */ 's', 'o', 'c', 'o', 'a', 's', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sodafilm.de", true */ 's', 'o', 'd', 'a', 'f', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "sodexam.pro", true */ 's', 'o', 'd', 'e', 'x', 'a', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "sodi.nl", true */ 's', 'o', 'd', 'i', '.', 'n', 'l', '\0',
+  /* "sodiao.cc", true */ 's', 'o', 'd', 'i', 'a', 'o', '.', 'c', 'c', '\0',
+  /* "soe-server.com", true */ 's', 'o', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sofa-rockers.org", true */ 's', 'o', 'f', 'a', '-', 'r', 'o', 'c', 'k', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sofabedshop.de", true */ 's', 'o', 'f', 'a', 'b', 'e', 'd', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "sofiavanmoorsel.com", true */ 's', 'o', 'f', 'i', 'a', 'v', 'a', 'n', 'm', 'o', 'o', 'r', 's', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sofort.com", true */ 's', 'o', 'f', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sofortueberweisung.de", true */ 's', 'o', 'f', 'o', 'r', 't', 'u', 'e', 'b', 'e', 'r', 'w', 'e', 'i', 's', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "softandbouncy.co.uk", true */ 's', 'o', 'f', 't', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softanka.com", true */ 's', 'o', 'f', 't', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "softballrampage.com", true */ 's', 'o', 'f', 't', 'b', 'a', 'l', 'l', 'r', 'a', 'm', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "softclean.pt", true */ 's', 'o', 'f', 't', 'c', 'l', 'e', 'a', 'n', '.', 'p', 't', '\0',
+  /* "softcreatr.de", true */ 's', 'o', 'f', 't', 'c', 'r', 'e', 'a', 't', 'r', '.', 'd', 'e', '\0',
+  /* "softplay4hire.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '4', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softplaynation.co.uk", true */ 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', 'n', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "softprayog.in", true */ 's', 'o', 'f', 't', 'p', 'r', 'a', 'y', 'o', 'g', '.', 'i', 'n', '\0',
+  /* "softrobot.se", true */ 's', 'o', 'f', 't', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0',
+  /* "softtennis-zenei.com", true */ 's', 'o', 'f', 't', 't', 'e', 'n', 'n', 'i', 's', '-', 'z', 'e', 'n', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "software.rocks", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "softwarebetrieb.de", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'b', 'e', 't', 'r', 'i', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "softwaredesign.foundation", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '\0',
+  /* "softwarevoortherapeuten.nl", true */ 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', 'v', 'o', 'o', 'r', 't', 'h', 'e', 'r', 'a', 'p', 'e', 'u', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "softwerk-edv.de", true */ 's', 'o', 'f', 't', 'w', 'e', 'r', 'k', '-', 'e', 'd', 'v', '.', 'd', 'e', '\0',
+  /* "sogola.com", true */ 's', 'o', 'g', 'o', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sogravatas.com.br", true */ 's', 'o', 'g', 'r', 'a', 'v', 'a', 't', 'a', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sogutma.com.tr", true */ 's', 'o', 'g', 'u', 't', 'm', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "soia.ca", true */ 's', 'o', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "soinvett.com", true */ 's', 'o', 'i', 'n', 'v', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "soju.fi", true */ 's', 'o', 'j', 'u', '.', 'f', 'i', '\0',
+  /* "sokche.com", true */ 's', 'o', 'k', 'c', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sokietech.com", true */ 's', 'o', 'k', 'i', 'e', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sokkenhoek.nl", true */ 's', 'o', 'k', 'k', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "sokolkarvina.cz", true */ 's', 'o', 'k', 'o', 'l', 'k', 'a', 'r', 'v', 'i', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "sol-computers.es", true */ 's', 'o', 'l', '-', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 's', '.', 'e', 's', '\0',
+  /* "sol24.net", true */ 's', 'o', 'l', '2', '4', '.', 'n', 'e', 't', '\0',
+  /* "solacyre.ch", true */ 's', 'o', 'l', 'a', 'c', 'y', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "solanum-games.com", true */ 's', 'o', 'l', 'a', 'n', 'u', 'm', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solar-aydinlatma.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'a', 'y', 'd', 'i', 'n', 'l', 'a', 't', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "solar-ec.com", true */ 's', 'o', 'l', 'a', 'r', '-', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "solariiknight.org", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'k', 'n', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "solariilacheie.ro", true */ 's', 'o', 'l', 'a', 'r', 'i', 'i', 'l', 'a', 'c', 'h', 'e', 'i', 'e', '.', 'r', 'o', '\0',
+  /* "solarplan-berlin.de", true */ 's', 'o', 'l', 'a', 'r', 'p', 'l', 'a', 'n', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "soldecom.com", true */ 's', 'o', 'l', 'd', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "soldout-app.com", true */ 's', 'o', 'l', 'd', 'o', 'u', 't', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sole-erdwaermetauscher.de", true */ 's', 'o', 'l', 'e', '-', 'e', 'r', 'd', 'w', 'a', 'e', 'r', 'm', 'e', 't', 'a', 'u', 's', 'c', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "soledadpenades.com", true */ 's', 'o', 'l', 'e', 'd', 'a', 'd', 'p', 'e', 'n', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solentbubblesandbounce.co.uk", true */ 's', 'o', 'l', 'e', 'n', 't', 'b', 'u', 'b', 'b', 'l', 'e', 's', 'a', 'n', 'd', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "soleria.eu", true */ 's', 'o', 'l', 'e', 'r', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "solfegiator.ch", true */ 's', 'o', 'l', 'f', 'e', 'g', 'i', 'a', 't', 'o', 'r', '.', 'c', 'h', '\0',
+  /* "soli.cafe", true */ 's', 'o', 'l', 'i', '.', 'c', 'a', 'f', 'e', '\0',
+  /* "solicafe.at", true */ 's', 'o', 'l', 'i', 'c', 'a', 'f', 'e', '.', 'a', 't', '\0',
+  /* "solidimage.com.br", true */ 's', 'o', 'l', 'i', 'd', 'i', 'm', 'a', 'g', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "solidshield.com", true */ 's', 'o', 'l', 'i', 'd', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "solidwebnetworks.co.uk", true */ 's', 'o', 'l', 'i', 'd', 'w', 'e', 'b', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solihullcarnival.co.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solihullinflatables.com", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "solihulllionsclub.org.uk", true */ 's', 'o', 'l', 'i', 'h', 'u', 'l', 'l', 'l', 'i', 'o', 'n', 's', 'c', 'l', 'u', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "solipym.net", true */ 's', 'o', 'l', 'i', 'p', 'y', 'm', '.', 'n', 'e', 't', '\0',
+  /* "solisrey.es", true */ 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0',
+  /* "solit.systems", true */ 's', 'o', 'l', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "solmek.co.uk", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "solmek.com", true */ 's', 'o', 'l', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "solomisael.com", true */ 's', 'o', 'l', 'o', 'm', 'i', 's', 'a', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "solomo.pt", true */ 's', 'o', 'l', 'o', 'm', 'o', '.', 'p', 't', '\0',
+  /* "solonotizie24.it", true */ 's', 'o', 'l', 'o', 'n', 'o', 't', 'i', 'z', 'i', 'e', '2', '4', '.', 'i', 't', '\0',
+  /* "solos.im", true */ 's', 'o', 'l', 'o', 's', '.', 'i', 'm', '\0',
+  /* "solsocog.de", true */ 's', 'o', 'l', 's', 'o', 'c', 'o', 'g', '.', 'd', 'e', '\0',
+  /* "soluphant.de", true */ 's', 'o', 'l', 'u', 'p', 'h', 'a', 'n', 't', '.', 'd', 'e', '\0',
+  /* "solus-project.com", true */ 's', 'o', 'l', 'u', 's', '-', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "solutionhoisthire.com.au", true */ 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 'h', 'o', 'i', 's', 't', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "solve-it.se", true */ 's', 'o', 'l', 'v', 'e', '-', 'i', 't', '.', 's', 'e', '\0',
+  /* "solved.tips", true */ 's', 'o', 'l', 'v', 'e', 'd', '.', 't', 'i', 'p', 's', '\0',
+  /* "solvemethod.com", true */ 's', 'o', 'l', 'v', 'e', 'm', 'e', 't', 'h', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "solvops.com", true */ 's', 'o', 'l', 'v', 'o', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "somaini.li", true */ 's', 'o', 'm', 'a', 'i', 'n', 'i', '.', 'l', 'i', '\0',
+  /* "somali-derp.com", true */ 's', 'o', 'm', 'a', 'l', 'i', '-', 'd', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "somaliagenda.com", true */ 's', 'o', 'm', 'a', 'l', 'i', 'a', 'g', 'e', 'n', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "somanao.com", true */ 's', 'o', 'm', 'a', 'n', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "somcase.com.br", true */ 's', 'o', 'm', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "somebodycares.org", true */ 's', 'o', 'm', 'e', 'b', 'o', 'd', 'y', 'c', 'a', 'r', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "somecrazy.com", true */ 's', 'o', 'm', 'e', 'c', 'r', 'a', 'z', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "somethingsimilar.com", true */ 's', 'o', 'm', 'e', 't', 'h', 'i', 'n', 'g', 's', 'i', 'm', 'i', 'l', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "somuchbetterwithage.com", true */ 's', 'o', 'm', 'u', 'c', 'h', 'b', 'e', 't', 't', 'e', 'r', 'w', 'i', 't', 'h', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "somweyr.de", true */ 's', 'o', 'm', 'w', 'e', 'y', 'r', '.', 'd', 'e', '\0',
+  /* "sona-gaming.com", true */ 's', 'o', 'n', 'a', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sonacupalova.cz", true */ 's', 'o', 'n', 'a', 'c', 'u', 'p', 'a', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "sonarqube.com", false */ 's', 'o', 'n', 'a', 'r', 'q', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sondergaard.de", true */ 's', 'o', 'n', 'd', 'e', 'r', 'g', 'a', 'a', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "songsmp3.co", true */ 's', 'o', 'n', 'g', 's', 'm', 'p', '3', '.', 'c', 'o', '\0',
+  /* "songsthatsavedyourlife.com", true */ 's', 'o', 'n', 'g', 's', 't', 'h', 'a', 't', 's', 'a', 'v', 'e', 'd', 'y', 'o', 'u', 'r', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "songzhuolun.com", true */ 's', 'o', 'n', 'g', 'z', 'h', 'u', 'o', 'l', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "soniafauville.com", true */ 's', 'o', 'n', 'i', 'a', 'f', 'a', 'u', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sonixonline.com", true */ 's', 'o', 'n', 'i', 'x', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sonja-daniels.com", true */ 's', 'o', 'n', 'j', 'a', '-', 'd', 'a', 'n', 'i', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sonja-kowa.de", true */ 's', 'o', 'n', 'j', 'a', '-', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "sonoecoracao.com.br", true */ 's', 'o', 'n', 'o', 'e', 'c', 'o', 'r', 'a', 'c', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sonyunlock.nu", true */ 's', 'o', 'n', 'y', 'u', 'n', 'l', 'o', 'c', 'k', '.', 'n', 'u', '\0',
+  /* "soohealthy.nl", true */ 's', 'o', 'o', 'h', 'e', 'a', 'l', 't', 'h', 'y', '.', 'n', 'l', '\0',
+  /* "soomee.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '.', 'b', 'e', '\0',
+  /* "soomee1.be", true */ 's', 'o', 'o', 'm', 'e', 'e', '1', '.', 'b', 'e', '\0',
+  /* "soontm.de", false */ 's', 'o', 'o', 'n', 't', 'm', '.', 'd', 'e', '\0',
+  /* "soopure.nl", true */ 's', 'o', 'o', 'p', 'u', 'r', 'e', '.', 'n', 'l', '\0',
+  /* "soph.us", true */ 's', 'o', 'p', 'h', '.', 'u', 's', '\0',
+  /* "sopheos.com", false */ 's', 'o', 'p', 'h', 'e', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sopher.io", true */ 's', 'o', 'p', 'h', 'e', 'r', '.', 'i', 'o', '\0',
+  /* "sophiaandmatt.co.uk", true */ 's', 'o', 'p', 'h', 'i', 'a', 'a', 'n', 'd', 'm', 'a', 't', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sophiakligys.com", true */ 's', 'o', 'p', 'h', 'i', 'a', 'k', 'l', 'i', 'g', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sophieandtrey.com", true */ 's', 'o', 'p', 'h', 'i', 'e', 'a', 'n', 'd', 't', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "soprabalao.com.br", true */ 's', 'o', 'p', 'r', 'a', 'b', 'a', 'l', 'a', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sor.so", true */ 's', 'o', 'r', '.', 's', 'o', '\0',
+  /* "sorakumo.jp", true */ 's', 'o', 'r', 'a', 'k', 'u', 'm', 'o', '.', 'j', 'p', '\0',
+  /* "sorcix.com", true */ 's', 'o', 'r', 'c', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sorellecollection.com.au", true */ 's', 'o', 'r', 'e', 'l', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sorenstudios.com", true */ 's', 'o', 'r', 'e', 'n', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sorex.photo", true */ 's', 'o', 'r', 'e', 'x', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "sorincocorada.ro", true */ 's', 'o', 'r', 'i', 'n', 'c', 'o', 'c', 'o', 'r', 'a', 'd', 'a', '.', 'r', 'o', '\0',
+  /* "sorinmuntean.ro", true */ 's', 'o', 'r', 'i', 'n', 'm', 'u', 'n', 't', 'e', 'a', 'n', '.', 'r', 'o', '\0',
+  /* "sorn.service.gov.uk", true */ 's', 'o', 'r', 'n', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "sorrowfulunfounded.com", true */ 's', 'o', 'r', 'r', 'o', 'w', 'f', 'u', 'l', 'u', 'n', 'f', 'o', 'u', 'n', 'd', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "soruly.com", true */ 's', 'o', 'r', 'u', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sorz.org", true */ 's', 'o', 'r', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "sos-idraulico.it", true */ 's', 'o', 's', '-', 'i', 'd', 'r', 'a', 'u', 'l', 'i', 'c', 'o', '.', 'i', 't', '\0',
+  /* "sos.sk", false */ 's', 'o', 's', '.', 's', 'k', '\0',
+  /* "sosecu.red", true */ 's', 'o', 's', 'e', 'c', 'u', '.', 'r', 'e', 'd', '\0',
+  /* "sosoftplay.co.uk", true */ 's', 'o', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sospromotions.com.au", true */ 's', 'o', 's', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "sostacancun.com", true */ 's', 'o', 's', 't', 'a', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sosteric.si", true */ 's', 'o', 's', 't', 'e', 'r', 'i', 'c', '.', 's', 'i', '\0',
+  /* "sotadb.info", true */ 's', 'o', 't', 'a', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sotar.us", true */ 's', 'o', 't', 'a', 'r', '.', 'u', 's', '\0',
+  /* "sotavasara.net", true */ 's', 'o', 't', 'a', 'v', 'a', 's', 'a', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "sotiran.com", true */ 's', 'o', 't', 'i', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sotoasobi.net", true */ 's', 'o', 't', 'o', 'a', 's', 'o', 'b', 'i', '.', 'n', 'e', 't', '\0',
+  /* "sou-co.jp", true */ 's', 'o', 'u', '-', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "soubriquet.org", true */ 's', 'o', 'u', 'b', 'r', 'i', 'q', 'u', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "soufastnet.com.br", true */ 's', 'o', 'u', 'f', 'a', 's', 't', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sougi-review.top", true */ 's', 'o', 'u', 'g', 'i', '-', 'r', 'e', 'v', 'i', 'e', 'w', '.', 't', 'o', 'p', '\0',
+  /* "souki.cz", true */ 's', 'o', 'u', 'k', 'i', '.', 'c', 'z', '\0',
+  /* "soukodou.jp", true */ 's', 'o', 'u', 'k', 'o', 'd', 'o', 'u', '.', 'j', 'p', '\0',
+  /* "soul-source.co.uk", true */ 's', 'o', 'u', 'l', '-', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "soulcrazy.org", true */ 's', 'o', 'u', 'l', 'c', 'r', 'a', 'z', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "soulmate.dating", true */ 's', 'o', 'u', 'l', 'm', 'a', 't', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "soulogic.com", false */ 's', 'o', 'u', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "soumikghosh.com", true */ 's', 'o', 'u', 'm', 'i', 'k', 'g', 'h', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "soumya92.me", true */ 's', 'o', 'u', 'm', 'y', 'a', '9', '2', '.', 'm', 'e', '\0',
+  /* "soundabout.nl", true */ 's', 'o', 'u', 'n', 'd', 'a', 'b', 'o', 'u', 't', '.', 'n', 'l', '\0',
+  /* "soundedj.com.br", true */ 's', 'o', 'u', 'n', 'd', 'e', 'd', 'j', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "soundeo.com", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "soundeo.net", true */ 's', 'o', 'u', 'n', 'd', 'e', 'o', '.', 'n', 'e', 't', '\0',
+  /* "soundgasm.net", true */ 's', 'o', 'u', 'n', 'd', 'g', 'a', 's', 'm', '.', 'n', 'e', 't', '\0',
+  /* "soundhunter.xyz", false */ 's', 'o', 'u', 'n', 'd', 'h', 'u', 'n', 't', 'e', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "soundsecurity.io", true */ 's', 'o', 'u', 'n', 'd', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 'o', '\0',
+  /* "sour.is", true */ 's', 'o', 'u', 'r', '.', 'i', 's', '\0',
+  /* "souravsaha.com", true */ 's', 'o', 'u', 'r', 'a', 'v', 's', 'a', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sourcebox.be", true */ 's', 'o', 'u', 'r', 'c', 'e', 'b', 'o', 'x', '.', 'b', 'e', '\0',
+  /* "sourcecode.love", true */ 's', 'o', 'u', 'r', 'c', 'e', 'c', 'o', 'd', 'e', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "sourcely.net", true */ 's', 'o', 'u', 'r', 'c', 'e', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "sourceway.de", true */ 's', 'o', 'u', 'r', 'c', 'e', 'w', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "souris.ch", true */ 's', 'o', 'u', 'r', 'i', 's', '.', 'c', 'h', '\0',
+  /* "sous-surveillance.net", true */ 's', 'o', 'u', 's', '-', 's', 'u', 'r', 'v', 'e', 'i', 'l', 'l', 'a', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "southafrican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "southambouncycastle.co.uk", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "southamerican.dating", true */ 's', 'o', 'u', 't', 'h', 'a', 'm', 'e', 'r', 'i', 'c', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "southbankregister.com.au", true */ 's', 'o', 'u', 't', 'h', 'b', 'a', 'n', 'k', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "southcoastkitesurf.co.uk", true */ 's', 'o', 'u', 't', 'h', 'c', 'o', 'a', 's', 't', 'k', 'i', 't', 'e', 's', 'u', 'r', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "southernmost.us", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'm', 'o', 's', 't', '.', 'u', 's', '\0',
+  /* "southernutahinfluencers.com", true */ 's', 'o', 'u', 't', 'h', 'e', 'r', 'n', 'u', 't', 'a', 'h', 'i', 'n', 'f', 'l', 'u', 'e', 'n', 'c', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southlakenissanparts.com", true */ 's', 'o', 'u', 't', 'h', 'l', 'a', 'k', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southmelbourne.apartments", true */ 's', 'o', 'u', 't', 'h', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '\0',
+  /* "southmorangtownhouses.com.au", true */ 's', 'o', 'u', 't', 'h', 'm', 'o', 'r', 'a', 'n', 'g', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "southside-crew.com", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 'c', 'r', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "southside-tuning-day.de", true */ 's', 'o', 'u', 't', 'h', 's', 'i', 'd', 'e', '-', 't', 'u', 'n', 'i', 'n', 'g', '-', 'd', 'a', 'y', '.', 'd', 'e', '\0',
+  /* "southwaymotors.com", true */ 's', 'o', 'u', 't', 'h', 'w', 'a', 'y', 'm', 'o', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "southwestrda.org.uk", true */ 's', 'o', 'u', 't', 'h', 'w', 'e', 's', 't', 'r', 'd', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "soutien-naissance.com", true */ 's', 'o', 'u', 't', 'i', 'e', 'n', '-', 'n', 'a', 'i', 's', 's', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "soved.eu", true */ 's', 'o', 'v', 'e', 'd', '.', 'e', 'u', '\0',
+  /* "soybase.org", true */ 's', 'o', 'y', 'b', 'a', 's', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "sozai-good.com", true */ 's', 'o', 'z', 'a', 'i', '-', 'g', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sozialy.com", true */ 's', 'o', 'z', 'i', 'a', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sozon.ca", true */ 's', 'o', 'z', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "sp-sephiroth.jp", true */ 's', 'p', '-', 's', 'e', 'p', 'h', 'i', 'r', 'o', 't', 'h', '.', 'j', 'p', '\0',
+  /* "sp.com.pl", true */ 's', 'p', '.', 'c', 'o', 'm', '.', 'p', 'l', '\0',
+  /* "space-it.de", true */ 's', 'p', 'a', 'c', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "spacebaseapp.com", true */ 's', 'p', 'a', 'c', 'e', 'b', 'a', 's', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "spacecafe.org", true */ 's', 'p', 'a', 'c', 'e', 'c', 'a', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "spacedirectory.org", true */ 's', 'p', 'a', 'c', 'e', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "spacehighway.ms", true */ 's', 'p', 'a', 'c', 'e', 'h', 'i', 'g', 'h', 'w', 'a', 'y', '.', 'm', 's', '\0',
+  /* "spacehost.de", false */ 's', 'p', 'a', 'c', 'e', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "spacelabs.io", true */ 's', 'p', 'a', 'c', 'e', 'l', 'a', 'b', 's', '.', 'i', 'o', '\0',
+  /* "spacepage.be", true */ 's', 'p', 'a', 'c', 'e', 'p', 'a', 'g', 'e', '.', 'b', 'e', '\0',
+  /* "spaceweather.live", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "spaceweatherlive.com", true */ 's', 'p', 'a', 'c', 'e', 'w', 'e', 'a', 't', 'h', 'e', 'r', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spackova.cz", true */ 's', 'p', 'a', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "spahireleeds.co.uk", true */ 's', 'p', 'a', 'h', 'i', 'r', 'e', 'l', 'e', 'e', 'd', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "spaid.xyz", true */ 's', 'p', 'a', 'i', 'd', '.', 'x', 'y', 'z', '\0',
+  /* "spam.lol", true */ 's', 'p', 'a', 'm', '.', 'l', 'o', 'l', '\0',
+  /* "spamdrain.com", true */ 's', 'p', 'a', 'm', 'd', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "spamwc.de", true */ 's', 'p', 'a', 'm', 'w', 'c', '.', 'd', 'e', '\0',
+  /* "sparanoid.com", true */ 's', 'p', 'a', 'r', 'a', 'n', 'o', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sparkasse.de", true */ 's', 'p', 'a', 'r', 'k', 'a', 's', 's', 'e', '.', 'd', 'e', '\0',
+  /* "sparkbase.cn", true */ 's', 'p', 'a', 'r', 'k', 'b', 'a', 's', 'e', '.', 'c', 'n', '\0',
+  /* "sparkforautism.org", true */ 's', 'p', 'a', 'r', 'k', 'f', 'o', 'r', 'a', 'u', 't', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "sparklebastard.com", true */ 's', 'p', 'a', 'r', 'k', 'l', 'e', 'b', 'a', 's', 't', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sparkwood.org", true */ 's', 'p', 'a', 'r', 'k', 'w', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sparta-solutions.de", true */ 's', 'p', 'a', 'r', 't', 'a', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'd', 'e', '\0',
+  /* "spartaconsulting.fi", true */ 's', 'p', 'a', 'r', 't', 'a', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'f', 'i', '\0',
+  /* "spartantheatre.org", true */ 's', 'p', 'a', 'r', 't', 'a', 'n', 't', 'h', 'e', 'a', 't', 'r', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "spasicilia.it", true */ 's', 'p', 'a', 's', 'i', 'c', 'i', 'l', 'i', 'a', '.', 'i', 't', '\0',
+  /* "spatzenwerkstatt.de", true */ 's', 'p', 'a', 't', 'z', 'e', 'n', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "spawn.cz", true */ 's', 'p', 'a', 'w', 'n', '.', 'c', 'z', '\0',
+  /* "spaysy.com", true */ 's', 'p', 'a', 'y', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "spaziobenedetti.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'b', 'e', 'n', 'e', 'd', 'e', 't', 't', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spaziopervoi.com.br", true */ 's', 'p', 'a', 'z', 'i', 'o', 'p', 'e', 'r', 'v', 'o', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spdepartamentos.com.br", true */ 's', 'p', 'd', 'e', 'p', 'a', 'r', 't', 'a', 'm', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "spdf.net", true */ 's', 'p', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "spearfishingmx.com", true */ 's', 'p', 'e', 'a', 'r', 'f', 'i', 's', 'h', 'i', 'n', 'g', 'm', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "speciesism.com", true */ 's', 'p', 'e', 'c', 'i', 'e', 's', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "spectrosoftware.de", true */ 's', 'p', 'e', 'c', 't', 'r', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "spedplus.com.br", false */ 's', 'p', 'e', 'd', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "speech-balloon.com", true */ 's', 'p', 'e', 'e', 'c', 'h', '-', 'b', 'a', 'l', 'l', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "speechmate.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "speechndraw.com", true */ 's', 'p', 'e', 'e', 'c', 'h', 'n', 'd', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "speeddate.it", false */ 's', 'p', 'e', 'e', 'd', 'd', 'a', 't', 'e', '.', 'i', 't', '\0',
+  /* "speedracer.ca", true */ 's', 'p', 'e', 'e', 'd', 'r', 'a', 'c', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "speeds.vip", true */ 's', 'p', 'e', 'e', 'd', 's', '.', 'v', 'i', 'p', '\0',
+  /* "speedsportofhull.co.uk", true */ 's', 'p', 'e', 'e', 'd', 's', 'p', 'o', 'r', 't', 'o', 'f', 'h', 'u', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "speedtailors.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'a', 'i', 'l', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "speedtest-russia.com", true */ 's', 'p', 'e', 'e', 'd', 't', 'e', 's', 't', '-', 'r', 'u', 's', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "speedychat.it", true */ 's', 'p', 'e', 'e', 'd', 'y', 'c', 'h', 'a', 't', '.', 'i', 't', '\0',
+  /* "speerpunt.info", true */ 's', 'p', 'e', 'e', 'r', 'p', 'u', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "speich.net", true */ 's', 'p', 'e', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "spek.tech", true */ 's', 'p', 'e', 'k', '.', 't', 'e', 'c', 'h', '\0',
+  /* "spellcheck24.net", true */ 's', 'p', 'e', 'l', 'l', 'c', 'h', 'e', 'c', 'k', '2', '4', '.', 'n', 'e', 't', '\0',
+  /* "spendwise.com.au", true */ 's', 'p', 'e', 'n', 'd', 'w', 'i', 's', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "spenglerei-shop.de", true */ 's', 'p', 'e', 'n', 'g', 'l', 'e', 'r', 'e', 'i', '-', 's', 'h', 'o', 'p', '.', 'd', 'e', '\0',
+  /* "sperohub.com", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "sperohub.lt", true */ 's', 'p', 'e', 'r', 'o', 'h', 'u', 'b', '.', 'l', 't', '\0',
+  /* "sperrstun.de", true */ 's', 'p', 'e', 'r', 'r', 's', 't', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "spesys-services.fr", true */ 's', 'p', 'e', 's', 'y', 's', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "sphereblur.com", true */ 's', 'p', 'h', 'e', 'r', 'e', 'b', 'l', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "spherenix.org", true */ 's', 'p', 'h', 'e', 'r', 'e', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "spicydog.org", true */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "spicydog.tk", false */ 's', 'p', 'i', 'c', 'y', 'd', 'o', 'g', '.', 't', 'k', '\0',
+  /* "spicymatch.com", true */ 's', 'p', 'i', 'c', 'y', 'm', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "spidermail.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'm', 'a', 'i', 'l', '.', 't', 'k', '\0',
+  /* "spidernet.tk", true */ 's', 'p', 'i', 'd', 'e', 'r', 'n', 'e', 't', '.', 't', 'k', '\0',
+  /* "spideroak.com", true */ 's', 'p', 'i', 'd', 'e', 'r', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "spiders.org.ua", true */ 's', 'p', 'i', 'd', 'e', 'r', 's', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "spielezar.ch", true */ 's', 'p', 'i', 'e', 'l', 'e', 'z', 'a', 'r', '.', 'c', 'h', '\0',
+  /* "spielland.ch", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'h', '\0',
+  /* "spiellawine.de", true */ 's', 'p', 'i', 'e', 'l', 'l', 'a', 'w', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "spiet.nl", true */ 's', 'p', 'i', 'e', 't', '.', 'n', 'l', '\0',
+  /* "spiff.eu", true */ 's', 'p', 'i', 'f', 'f', '.', 'e', 'u', '\0',
+  /* "spiga.ch", true */ 's', 'p', 'i', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "spillersfamily.net", true */ 's', 'p', 'i', 'l', 'l', 'e', 'r', 's', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "spilogkoder.dk", true */ 's', 'p', 'i', 'l', 'o', 'g', 'k', 'o', 'd', 'e', 'r', '.', 'd', 'k', '\0',
+  /* "spinalien.net", true */ 's', 'p', 'i', 'n', 'a', 'l', 'i', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "spingenie.com", true */ 's', 'p', 'i', 'n', 'g', 'e', 'n', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spinner.dnshome.de", true */ 's', 'p', 'i', 'n', 'n', 'e', 'r', '.', 'd', 'n', 's', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "spins.fedoraproject.org", true */ 's', 'p', 'i', 'n', 's', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "spinspin.wtf", true */ 's', 'p', 'i', 'n', 's', 'p', 'i', 'n', '.', 'w', 't', 'f', '\0',
+  /* "spiralschneiderkaufen.de", true */ 's', 'p', 'i', 'r', 'a', 'l', 's', 'c', 'h', 'n', 'e', 'i', 'd', 'e', 'r', 'k', 'a', 'u', 'f', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "spirella-shop.ch", true */ 's', 'p', 'i', 'r', 'e', 'l', 'l', 'a', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "spiritbionic.ro", true */ 's', 'p', 'i', 'r', 'i', 't', 'b', 'i', 'o', 'n', 'i', 'c', '.', 'r', 'o', '\0',
+  /* "spiritual.dating", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "spiritualife.net", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "spiritualregression.com.au", true */ 's', 'p', 'i', 'r', 'i', 't', 'u', 'a', 'l', 'r', 'e', 'g', 'r', 'e', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "spisbilligt.dk", true */ 's', 'p', 'i', 's', 'b', 'i', 'l', 'l', 'i', 'g', 't', '.', 'd', 'k', '\0',
+  /* "spitfireuav.com", true */ 's', 'p', 'i', 't', 'f', 'i', 'r', 'e', 'u', 'a', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "splarty.net", true */ 's', 'p', 'l', 'a', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "splendidspoon.com", true */ 's', 'p', 'l', 'e', 'n', 'd', 'i', 'd', 's', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "splendorservizi.it", true */ 's', 'p', 'l', 'e', 'n', 'd', 'o', 'r', 's', 'e', 'r', 'v', 'i', 'z', 'i', '.', 'i', 't', '\0',
+  /* "splikity.com", true */ 's', 'p', 'l', 'i', 'k', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "splitdna.com", true */ 's', 'p', 'l', 'i', 't', 'd', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "splitreflection.com", true */ 's', 'p', 'l', 'i', 't', 'r', 'e', 'f', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "splunk.net", true */ 's', 'p', 'l', 'u', 'n', 'k', '.', 'n', 'e', 't', '\0',
+  /* "spodelime.com", true */ 's', 'p', 'o', 'd', 'e', 'l', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spoketwist.com", true */ 's', 'p', 'o', 'k', 'e', 't', 'w', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "spolwind.de", true */ 's', 'p', 'o', 'l', 'w', 'i', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "spom.net", true */ 's', 'p', 'o', 'm', '.', 'n', 'e', 't', '\0',
+  /* "spon.cz", true */ 's', 'p', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "sponc.de", true */ 's', 'p', 'o', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "spongepowered.org", true */ 's', 'p', 'o', 'n', 'g', 'e', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sponsor.network", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "sponsorowani.pl", true */ 's', 'p', 'o', 'n', 's', 'o', 'r', 'o', 'w', 'a', 'n', 'i', '.', 'p', 'l', '\0',
+  /* "spontex.org", true */ 's', 'p', 'o', 'n', 't', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "spoofhaus.com", true */ 's', 'p', 'o', 'o', 'f', 'h', 'a', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "spookbook.net", true */ 's', 'p', 'o', 'o', 'k', 'b', 'o', 'o', 'k', '.', 'n', 'e', 't', '\0',
+  /* "spookquest.com", true */ 's', 'p', 'o', 'o', 'k', 'q', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "spoopy.link", true */ 's', 'p', 'o', 'o', 'p', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "sporcard.com", true */ 's', 'p', 'o', 'r', 'c', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "spornkuller.de", true */ 's', 'p', 'o', 'r', 'n', 'k', 'u', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "sport-in-sundern.de", true */ 's', 'p', 'o', 'r', 't', '-', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "sport-potreby.cz", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "sport-potreby.sk", true */ 's', 'p', 'o', 'r', 't', '-', 'p', 'o', 't', 'r', 'e', 'b', 'y', '.', 's', 'k', '\0',
+  /* "sport-socken.net", true */ 's', 'p', 'o', 'r', 't', '-', 's', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sporter.com", true */ 's', 'p', 'o', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sportflash.info", true */ 's', 'p', 'o', 'r', 't', 'f', 'l', 'a', 's', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sportnesia.com", true */ 's', 'p', 'o', 'r', 't', 'n', 'e', 's', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sportovnidum.cz", true */ 's', 'p', 'o', 'r', 't', 'o', 'v', 'n', 'i', 'd', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "sportparks.com", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sportparks.org", true */ 's', 'p', 'o', 'r', 't', 'p', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sportressofblogitude.com", true */ 's', 'p', 'o', 'r', 't', 'r', 'e', 's', 's', 'o', 'f', 'b', 'l', 'o', 'g', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sports.dating", true */ 's', 'p', 'o', 'r', 't', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "sportsmansblog.com", true */ 's', 'p', 'o', 'r', 't', 's', 'm', 'a', 'n', 's', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sportstraineradvisor.com", true */ 's', 'p', 'o', 'r', 't', 's', 't', 'r', 'a', 'i', 'n', 'e', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sportugalia.ru", true */ 's', 'p', 'o', 'r', 't', 'u', 'g', 'a', 'l', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "sportxt.ru", true */ 's', 'p', 'o', 'r', 't', 'x', 't', '.', 'r', 'u', '\0',
+  /* "spotlightsrule.com", true */ 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', 's', 'r', 'u', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spotupload.com", true */ 's', 'p', 'o', 't', 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sprachfreudehoch3.de", true */ 's', 'p', 'r', 'a', 'c', 'h', 'f', 'r', 'e', 'u', 'd', 'e', 'h', 'o', 'c', 'h', '3', '.', 'd', 'e', '\0',
+  /* "spreadsheets.google.com", true */ 's', 'p', 'r', 'e', 'a', 'd', 's', 'h', 'e', 'e', 't', 's', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "spreadthenews.eu", true */ 's', 'p', 'r', 'e', 'a', 'd', 't', 'h', 'e', 'n', 'e', 'w', 's', '.', 'e', 'u', '\0',
+  /* "spree.co.za", true */ 's', 'p', 'r', 'e', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "spreed.me", true */ 's', 'p', 'r', 'e', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "spricknet.de", true */ 's', 'p', 'r', 'i', 'c', 'k', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "sprigings.com", true */ 's', 'p', 'r', 'i', 'g', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "springerundpartner.de", true */ 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', 'u', 'n', 'd', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "springfieldbricks.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 'f', 'i', 'e', 'l', 'd', 'b', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "springsoffthegrid.com", true */ 's', 'p', 'r', 'i', 'n', 'g', 's', 'o', 'f', 'f', 't', 'h', 'e', 'g', 'r', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "sprock.io", false */ 's', 'p', 'r', 'o', 'c', 'k', '.', 'i', 'o', '\0',
+  /* "sproing.ca", true */ 's', 'p', 'r', 'o', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "spron.in", true */ 's', 'p', 'r', 'o', 'n', '.', 'i', 'n', '\0',
+  /* "sprucecreekclubs.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'c', 'l', 'u', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sprucecreekgcc.com", true */ 's', 'p', 'r', 'u', 'c', 'e', 'c', 'r', 'e', 'e', 'k', 'g', 'c', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "sprueche-zum-valentinstag.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'm', '-', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 's', 't', 'a', 'g', '.', 'd', 'e', '\0',
+  /* "sprueche-zur-geburt.info", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'g', 'e', 'b', 'u', 'r', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sprueche-zur-hochzeit.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'h', 'o', 'c', 'h', 'z', 'e', 'i', 't', '.', 'd', 'e', '\0',
+  /* "sprueche-zur-konfirmation.de", true */ 's', 'p', 'r', 'u', 'e', 'c', 'h', 'e', '-', 'z', 'u', 'r', '-', 'k', 'o', 'n', 'f', 'i', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "sps-lehrgang.de", true */ 's', 'p', 's', '-', 'l', 'e', 'h', 'r', 'g', 'a', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "sptk.org", true */ 's', 'p', 't', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "spuffin.com", true */ 's', 'p', 'u', 'f', 'f', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "spufpowered.com", true */ 's', 'p', 'u', 'f', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "spunkt.fr", true */ 's', 'p', 'u', 'n', 'k', 't', '.', 'f', 'r', '\0',
+  /* "spur.com.br", true */ 's', 'p', 'u', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sputnik1net.org", true */ 's', 'p', 'u', 't', 'n', 'i', 'k', '1', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "spydar007.com", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'c', 'o', 'm', '\0',
+  /* "spydar007.net", true */ 's', 'p', 'y', 'd', 'a', 'r', '0', '0', '7', '.', 'n', 'e', 't', '\0',
+  /* "spydersec.com", true */ 's', 'p', 'y', 'd', 'e', 'r', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "spykedigital.com", true */ 's', 'p', 'y', 'k', 'e', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "spyprofit.ru", true */ 's', 'p', 'y', 'p', 'r', 'o', 'f', 'i', 't', '.', 'r', 'u', '\0',
+  /* "sqetsa.com", true */ 's', 'q', 'e', 't', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sql-und-xml.de", true */ 's', 'q', 'l', '-', 'u', 'n', 'd', '-', 'x', 'm', 'l', '.', 'd', 'e', '\0',
+  /* "sqlapius.net", true */ 's', 'q', 'l', 'a', 'p', 'i', 'u', 's', '.', 'n', 'e', 't', '\0',
+  /* "sqlfeatures.com", true */ 's', 'q', 'l', 'f', 'e', 'a', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sqr-training.com", true */ 's', 'q', 'r', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sqroot.eu", true */ 's', 'q', 'r', 'o', 'o', 't', '.', 'e', 'u', '\0',
+  /* "sqshq.de", true */ 's', 'q', 's', 'h', 'q', '.', 'd', 'e', '\0',
+  /* "squadlinx.com", true */ 's', 'q', 'u', 'a', 'd', 'l', 'i', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "square-gaming.org", true */ 's', 'q', 'u', 'a', 'r', 'e', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "square-src.de", false */ 's', 'q', 'u', 'a', 'r', 'e', '-', 's', 'r', 'c', '.', 'd', 'e', '\0',
+  /* "square.com", false */ 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "squarelab.it", true */ 's', 'q', 'u', 'a', 'r', 'e', 'l', 'a', 'b', '.', 'i', 't', '\0',
+  /* "squareonebgc.com.ph", true */ 's', 'q', 'u', 'a', 'r', 'e', 'o', 'n', 'e', 'b', 'g', 'c', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "squareup.com", false */ 's', 'q', 'u', 'a', 'r', 'e', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "squawk.cc", true */ 's', 'q', 'u', 'a', 'w', 'k', '.', 'c', 'c', '\0',
+  /* "squeezemetrics.com", true */ 's', 'q', 'u', 'e', 'e', 'z', 'e', 'm', 'e', 't', 'r', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "squido.ch", true */ 's', 'q', 'u', 'i', 'd', 'o', '.', 'c', 'h', '\0',
+  /* "squidparty.com", true */ 's', 'q', 'u', 'i', 'd', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "squirex2.com", true */ 's', 'q', 'u', 'i', 'r', 'e', 'x', '2', '.', 'c', 'o', 'm', '\0',
+  /* "sr-cs.net", true */ 's', 'r', '-', 'c', 's', '.', 'n', 'e', 't', '\0',
+  /* "sr33.com", true */ 's', 'r', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "srandom.com", true */ 's', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "srbija-nekretnine.org", true */ 's', 'r', 'b', 'i', 'j', 'a', '-', 'n', 'e', 'k', 'r', 'e', 't', 'n', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "src.fedoraproject.org", true */ 's', 'r', 'c', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "srchub.org", true */ 's', 'r', 'c', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "sreeharis.tk", true */ 's', 'r', 'e', 'e', 'h', 'a', 'r', 'i', 's', '.', 't', 'k', '\0',
+  /* "srinivasan.io", true */ 's', 'r', 'i', 'n', 'i', 'v', 'a', 's', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "sro.center", true */ 's', 'r', 'o', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "srolim.com", true */ 's', 'r', 'o', 'l', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "srrdb.com", true */ 's', 'r', 'r', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "srroddy.com", true */ 's', 'r', 'r', 'o', 'd', 'd', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "srv.so", true */ 's', 'r', 'v', '.', 's', 'o', '\0',
+  /* "srvc.io", true */ 's', 'r', 'v', 'c', '.', 'i', 'o', '\0',
+  /* "ss-x.ru", true */ 's', 's', '-', 'x', '.', 'r', 'u', '\0',
+  /* "ss.com", true */ 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ss.lt", true */ 's', 's', '.', 'l', 't', '\0',
+  /* "ss.lv", true */ 's', 's', '.', 'l', 'v', '\0',
+  /* "ss.ua", true */ 's', 's', '.', 'u', 'a', '\0',
+  /* "ss64.com", true */ 's', 's', '6', '4', '.', 'c', 'o', 'm', '\0',
+  /* "ss64.org", true */ 's', 's', '6', '4', '.', 'o', 'r', 'g', '\0',
+  /* "ss88.uk", true */ 's', 's', '8', '8', '.', 'u', 'k', '\0',
+  /* "ssa.gov", false */ 's', 's', 'a', '.', 'g', 'o', 'v', '\0',
+  /* "ssbkk.ru", true */ 's', 's', 'b', 'k', 'k', '.', 'r', 'u', '\0',
+  /* "ssbrm.ch", true */ 's', 's', 'b', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "sscd.no", true */ 's', 's', 'c', 'd', '.', 'n', 'o', '\0',
+  /* "ssdax.com", false */ 's', 's', 'd', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ssenberg.nl", true */ 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "ssh-keys.online", true */ 's', 's', 'h', '-', 'k', 'e', 'y', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "ssh-vault.com", true */ 's', 's', 'h', '-', 'v', 'a', 'u', 'l', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sshool.at", true */ 's', 's', 'h', 'o', 'o', 'l', '.', 'a', 't', '\0',
+  /* "ssky.cn", true */ 's', 's', 'k', 'y', '.', 'c', 'n', '\0',
+  /* "ssl-zertifikate.de", true */ 's', 's', 'l', '-', 'z', 'e', 'r', 't', 'i', 'f', 'i', 'k', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "ssl.do", true */ 's', 's', 'l', '.', 'd', 'o', '\0',
+  /* "ssl.doctor", true */ 's', 's', 'l', '.', 'd', 'o', 'c', 't', 'o', 'r', '\0',
+  /* "ssl.google-analytics.com", true */ 's', 's', 'l', '.', 'g', 'o', 'o', 'g', 'l', 'e', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ssl.md", true */ 's', 's', 'l', '.', 'm', 'd', '\0',
+  /* "ssl247.co.uk", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ssl247.com.mx", true */ 's', 's', 'l', '2', '4', '7', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "ssl247.de", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'e', '\0',
+  /* "ssl247.dk", true */ 's', 's', 'l', '2', '4', '7', '.', 'd', 'k', '\0',
+  /* "ssl888.com", true */ 's', 's', 'l', '8', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "sslcertificaten.nl", true */ 's', 's', 'l', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "sslcheck.nl", true */ 's', 's', 'l', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "ssldecoder.org", true */ 's', 's', 'l', 'd', 'e', 'c', 'o', 'd', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "ssldev.net", true */ 's', 's', 'l', 'd', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "sslmate.com", true */ 's', 's', 'l', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "sslok.com", true */ 's', 's', 'l', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "sslping.com", true */ 's', 's', 'l', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sslpoint.com", true */ 's', 's', 'l', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ssls.cz", true */ 's', 's', 'l', 's', '.', 'c', 'z', '\0',
+  /* "sslsurvey.de", true */ 's', 's', 'l', 's', 'u', 'r', 'v', 'e', 'y', '.', 'd', 'e', '\0',
+  /* "sslzilla.de", true */ 's', 's', 'l', 'z', 'i', 'l', 'l', 'a', '.', 'd', 'e', '\0',
+  /* "ssnet.vip", true */ 's', 's', 'n', 'e', 't', '.', 'v', 'i', 'p', '\0',
+  /* "ssrvpn.tech", true */ 's', 's', 'r', 'v', 'p', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "sss3s.com", true */ 's', 's', 's', '3', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sstaging.com", true */ 's', 's', 't', 'a', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sstewartgallus.com", true */ 's', 's', 't', 'e', 'w', 'a', 'r', 't', 'g', 'a', 'l', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ssuiteoffice.com", true */ 's', 's', 'u', 'i', 't', 'e', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ssuitesoft.com", true */ 's', 's', 'u', 'i', 't', 'e', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "st-kilian-markt-erlbach.de", true */ 's', 't', '-', 'k', 'i', 'l', 'i', 'a', 'n', '-', 'm', 'a', 'r', 'k', 't', '-', 'e', 'r', 'l', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "st-news.de", true */ 's', 't', '-', 'n', 'e', 'w', 's', '.', 'd', 'e', '\0',
+  /* "st-steuern.de", true */ 's', 't', '-', 's', 't', 'e', 'u', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "staatschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0',
+  /* "staatsschutz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', '.', 'a', 't', '\0',
+  /* "staatsschutzgesetz.at", true */ 's', 't', 'a', 'a', 't', 's', 's', 'c', 'h', 'u', 't', 'z', 'g', 'e', 's', 'e', 't', 'z', '.', 'a', 't', '\0',
+  /* "stablelib.com", true */ 's', 't', 'a', 'b', 'l', 'e', 'l', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "staceyhankeinc.com", true */ 's', 't', 'a', 'c', 'e', 'y', 'h', 'a', 'n', 'k', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stackhub.cc", true */ 's', 't', 'a', 'c', 'k', 'h', 'u', 'b', '.', 'c', 'c', '\0',
+  /* "stackptr.com", true */ 's', 't', 'a', 'c', 'k', 'p', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stacktile.io", false */ 's', 't', 'a', 'c', 'k', 't', 'i', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "stackunderflow.com", true */ 's', 't', 'a', 'c', 'k', 'u', 'n', 'd', 'e', 'r', 'f', 'l', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "stadm.com", true */ 's', 't', 'a', 'd', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stadsbygd.info", true */ 's', 't', 'a', 'd', 's', 'b', 'y', 'g', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stadt-apotheke-muensingen.de", true */ 's', 't', 'a', 'd', 't', '-', 'a', 'p', 'o', 't', 'h', 'e', 'k', 'e', '-', 'm', 'u', 'e', 'n', 's', 'i', 'n', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stadterneuerung-hwb.de", true */ 's', 't', 'a', 'd', 't', 'e', 'r', 'n', 'e', 'u', 'e', 'r', 'u', 'n', 'g', '-', 'h', 'w', 'b', '.', 'd', 'e', '\0',
+  /* "stadtpapa.de", true */ 's', 't', 'a', 'd', 't', 'p', 'a', 'p', 'a', '.', 'd', 'e', '\0',
+  /* "stadtplan-ilmenau.de", true */ 's', 't', 'a', 'd', 't', 'p', 'l', 'a', 'n', '-', 'i', 'l', 'm', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "stage-props-blank-guns.com", false */ 's', 't', 'a', 'g', 'e', '-', 'p', 'r', 'o', 'p', 's', '-', 'b', 'l', 'a', 'n', 'k', '-', 'g', 'u', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stage.wepay.com", false */ 's', 't', 'a', 'g', 'e', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stage4.ch", true */ 's', 't', 'a', 'g', 'e', '4', '.', 'c', 'h', '\0',
+  /* "stageirites.com", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stageirites.fr", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "stageirites.org", true */ 's', 't', 'a', 'g', 'e', 'i', 'r', 'i', 't', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "stagingjobshq.com", true */ 's', 't', 'a', 'g', 'i', 'n', 'g', 'j', 'o', 'b', 's', 'h', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "stagstickets.co.uk", true */ 's', 't', 'a', 'g', 's', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stahlfors.com", true */ 's', 't', 'a', 'h', 'l', 'f', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stainedglass.net.au", true */ 's', 't', 'a', 'i', 'n', 'e', 'd', 'g', 'l', 'a', 's', 's', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "stair.ch", true */ 's', 't', 'a', 'i', 'r', '.', 'c', 'h', '\0',
+  /* "stairfallgames.com", true */ 's', 't', 'a', 'i', 'r', 'f', 'a', 'l', 'l', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stairlin.com", true */ 's', 't', 'a', 'i', 'r', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stalder.work", true */ 's', 't', 'a', 'l', 'd', 'e', 'r', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "stalker-shop.com", true */ 's', 't', 'a', 'l', 'k', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "stalkr.net", true */ 's', 't', 'a', 'l', 'k', 'r', '.', 'n', 'e', 't', '\0',
+  /* "stamboommuller.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "stamboomvanderwal.nl", true */ 's', 't', 'a', 'm', 'b', 'o', 'o', 'm', 'v', 'a', 'n', 'd', 'e', 'r', 'w', 'a', 'l', '.', 'n', 'l', '\0',
+  /* "stameystreet.com", true */ 's', 't', 'a', 'm', 'e', 'y', 's', 't', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stamkassa.nl", true */ 's', 't', 'a', 'm', 'k', 'a', 's', 's', 'a', '.', 'n', 'l', '\0',
+  /* "stammtisch.domains", true */ 's', 't', 'a', 'm', 'm', 't', 'i', 's', 'c', 'h', '.', 'd', 'o', 'm', 'a', 'i', 'n', 's', '\0',
+  /* "stampederadon.com", true */ 's', 't', 'a', 'm', 'p', 'e', 'd', 'e', 'r', 'a', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "standagainstspying.org", true */ 's', 't', 'a', 'n', 'd', 'a', 'g', 'a', 'i', 'n', 's', 't', 's', 'p', 'y', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "standardequipment.com", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 'e', 'q', 'u', 'i', 'p', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "standards.gov", true */ 's', 't', 'a', 'n', 'd', 'a', 'r', 'd', 's', '.', 'g', 'o', 'v', '\0',
+  /* "standoutbooks.com", true */ 's', 't', 'a', 'n', 'd', 'o', 'u', 't', 'b', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stanthonymaryclaret.org", true */ 's', 't', 'a', 'n', 't', 'h', 'o', 'n', 'y', 'm', 'a', 'r', 'y', 'c', 'l', 'a', 'r', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "star-citizen.wiki", true */ 's', 't', 'a', 'r', '-', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "star-killer.net", true */ 's', 't', 'a', 'r', '-', 'k', 'i', 'l', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "star-stuff.de", true */ 's', 't', 'a', 'r', '-', 's', 't', 'u', 'f', 'f', '.', 'd', 'e', '\0',
+  /* "starcafe.me", true */ 's', 't', 'a', 'r', 'c', 'a', 'f', 'e', '.', 'm', 'e', '\0',
+  /* "starcomproj.com", true */ 's', 't', 'a', 'r', 'c', 'o', 'm', 'p', 'r', 'o', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "stardanceacademy.net", true */ 's', 't', 'a', 'r', 'd', 'a', 'n', 'c', 'e', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'e', 't', '\0',
+  /* "stardeeps.net", true */ 's', 't', 'a', 'r', 'd', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "stardust-entertainments.co.uk", true */ 's', 't', 'a', 'r', 'd', 'u', 's', 't', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starfm.de", true */ 's', 't', 'a', 'r', 'f', 'm', '.', 'd', 'e', '\0',
+  /* "stargarder-jungs.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'r', 'd', 'e', 'r', '-', 'j', 'u', 'n', 'g', 's', '.', 'd', 'e', '\0',
+  /* "stargazer.de", true */ 's', 't', 'a', 'r', 'g', 'a', 'z', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stari.co", true */ 's', 't', 'a', 'r', 'i', '.', 'c', 'o', '\0',
+  /* "starina.ru", true */ 's', 't', 'a', 'r', 'i', 'n', 'a', '.', 'r', 'u', '\0',
+  /* "starka.st", true */ 's', 't', 'a', 'r', 'k', 'a', '.', 's', 't', '\0',
+  /* "starkbim.com", true */ 's', 't', 'a', 'r', 'k', 'b', 'i', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "starlightentertainmentdevon.co.uk", true */ 's', 't', 'a', 'r', 'l', 'i', 'g', 'h', 't', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', 'd', 'e', 'v', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starlim.co.in", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "starlim.org", true */ 's', 't', 'a', 'r', 'l', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "starpeak.org", true */ 's', 't', 'a', 'r', 'p', 'e', 'a', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "starphotoboothsni.co.uk", true */ 's', 't', 'a', 'r', 'p', 'h', 'o', 't', 'o', 'b', 'o', 'o', 't', 'h', 's', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "starplatinum.jp", true */ 's', 't', 'a', 'r', 'p', 'l', 'a', 't', 'i', 'n', 'u', 'm', '.', 'j', 'p', '\0',
+  /* "starquake.nl", true */ 's', 't', 'a', 'r', 'q', 'u', 'a', 'k', 'e', '.', 'n', 'l', '\0',
+  /* "starsam80.net", true */ 's', 't', 'a', 'r', 's', 'a', 'm', '8', '0', '.', 'n', 'e', 't', '\0',
+  /* "starsbattle.net", true */ 's', 't', 'a', 'r', 's', 'b', 'a', 't', 't', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "starstreak.net", true */ 's', 't', 'a', 'r', 's', 't', 'r', 'e', 'a', 'k', '.', 'n', 'e', 't', '\0',
+  /* "startaninflatablebusiness.com", true */ 's', 't', 'a', 'r', 't', 'a', 'n', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "startlab.sk", true */ 's', 't', 'a', 'r', 't', 'l', 'a', 'b', '.', 's', 'k', '\0',
+  /* "startpage.com", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "startpage.info", true */ 's', 't', 'a', 'r', 't', 'p', 'a', 'g', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "startrek.in", true */ 's', 't', 'a', 'r', 't', 'r', 'e', 'k', '.', 'i', 'n', '\0',
+  /* "starttraffic.com", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "starttraffic.uk", true */ 's', 't', 'a', 'r', 't', 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'u', 'k', '\0',
+  /* "startup.melbourne", true */ 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "startuplevel.com", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'l', 'e', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "startuppeople.co.uk", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "startupum.ru", true */ 's', 't', 'a', 'r', 't', 'u', 'p', 'u', 'm', '.', 'r', 'u', '\0',
+  /* "starwatches.eu", true */ 's', 't', 'a', 'r', 'w', 'a', 't', 'c', 'h', 'e', 's', '.', 'e', 'u', '\0',
+  /* "starwins.co.uk", true */ 's', 't', 'a', 'r', 'w', 'i', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stassi.ch", true */ 's', 't', 'a', 's', 's', 'i', '.', 'c', 'h', '\0',
+  /* "stastka.ch", true */ 's', 't', 'a', 's', 't', 'k', 'a', '.', 'c', 'h', '\0',
+  /* "stat.ink", true */ 's', 't', 'a', 't', '.', 'i', 'n', 'k', '\0',
+  /* "state-of-body-and-mind.com", true */ 's', 't', 'a', 't', 'e', '-', 'o', 'f', '-', 'b', 'o', 'd', 'y', '-', 'a', 'n', 'd', '-', 'm', 'i', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "statecollegemortgages.com", true */ 's', 't', 'a', 't', 'e', 'c', 'o', 'l', 'l', 'e', 'g', 'e', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "static-692b8c32.de", true */ 's', 't', 'a', 't', 'i', 'c', '-', '6', '9', '2', 'b', '8', 'c', '3', '2', '.', 'd', 'e', '\0',
+  /* "static-myfxee-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'e', 'e', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static-myfxoau-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'a', 'u', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static-myfxouk-808795.c.cdn77.org", true */ 's', 't', 'a', 't', 'i', 'c', '-', 'm', 'y', 'f', 'x', 'o', 'u', 'k', '-', '8', '0', '8', '7', '9', '5', '.', 'c', '.', 'c', 'd', 'n', '7', '7', '.', 'o', 'r', 'g', '\0',
+  /* "static.wepay.com", false */ 's', 't', 'a', 't', 'i', 'c', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stationa.ch", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', '.', 'c', 'h', '\0',
+  /* "stationary-traveller.eu", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'a', 'r', 'y', '-', 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "stationcharlie.co.za", true */ 's', 't', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'r', 'l', 'i', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "statistikian.com", true */ 's', 't', 'a', 't', 'i', 's', 't', 'i', 'k', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "statofus.com", true */ 's', 't', 'a', 't', 'o', 'f', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stats.g.doubleclick.net", true */ 's', 't', 'a', 't', 's', '.', 'g', '.', 'd', 'o', 'u', 'b', 'l', 'e', 'c', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "status2u.com", true */ 's', 't', 'a', 't', 'u', 's', '2', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "statuscode.ch", true */ 's', 't', 'a', 't', 'u', 's', 'c', 'o', 'd', 'e', '.', 'c', 'h', '\0',
+  /* "stav.io", true */ 's', 't', 'a', 'v', '.', 'i', 'o', '\0',
+  /* "stavros.ovh", true */ 's', 't', 'a', 'v', 'r', 'o', 's', '.', 'o', 'v', 'h', '\0',
+  /* "staxflax.tk", true */ 's', 't', 'a', 'x', 'f', 'l', 'a', 'x', '.', 't', 'k', '\0',
+  /* "stay.black", true */ 's', 't', 'a', 'y', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "stayme.cz", true */ 's', 't', 'a', 'y', 'm', 'e', '.', 'c', 'z', '\0',
+  /* "stb-schefczyk.de", true */ 's', 't', 'b', '-', 's', 'c', 'h', 'e', 'f', 'c', 'z', 'y', 'k', '.', 'd', 'e', '\0',
+  /* "stb-strzyzewski.de", true */ 's', 't', 'b', '-', 's', 't', 'r', 'z', 'y', 'z', 'e', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "stbennett.org", true */ 's', 't', 'b', 'e', 'n', 'n', 'e', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "stcu.org", true */ 's', 't', 'c', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "std-home-test.com", true */ 's', 't', 'd', '-', 'h', 'o', 'm', 'e', '-', 't', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stderr.cc", true */ 's', 't', 'd', 'e', 'r', 'r', '.', 'c', 'c', '\0',
+  /* "stdrc.cc", true */ 's', 't', 'd', 'r', 'c', '.', 'c', 'c', '\0',
+  /* "steakovercooked.com", true */ 's', 't', 'e', 'a', 'k', 'o', 'v', 'e', 'r', 'c', 'o', 'o', 'k', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stealsaga.net", true */ 's', 't', 'e', 'a', 'l', 's', 'a', 'g', 'a', '.', 'n', 'e', 't', '\0',
+  /* "steamdb.info", true */ 's', 't', 'e', 'a', 'm', 'd', 'b', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "steamerrors.com", true */ 's', 't', 'e', 'a', 'm', 'e', 'r', 'r', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steamgifts.com", true */ 's', 't', 'e', 'a', 'm', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steampress.io", true */ 's', 't', 'e', 'a', 'm', 'p', 'r', 'e', 's', 's', '.', 'i', 'o', '\0',
+  /* "steamscore.info", true */ 's', 't', 'e', 'a', 'm', 's', 'c', 'o', 'r', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "steamtrades.com", true */ 's', 't', 'e', 'a', 'm', 't', 'r', 'a', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "steborio.pw", true */ 's', 't', 'e', 'b', 'o', 'r', 'i', 'o', '.', 'p', 'w', '\0',
+  /* "steckel.cc", true */ 's', 't', 'e', 'c', 'k', 'e', 'l', '.', 'c', 'c', '\0',
+  /* "steckregal-super.de", false */ 's', 't', 'e', 'c', 'k', 'r', 'e', 'g', 'a', 'l', '-', 's', 'u', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stedb.eu", true */ 's', 't', 'e', 'd', 'b', '.', 'e', 'u', '\0',
+  /* "stedbg.net", true */ 's', 't', 'e', 'd', 'b', 'g', '.', 'n', 'e', 't', '\0',
+  /* "steef389.eu", true */ 's', 't', 'e', 'e', 'f', '3', '8', '9', '.', 'e', 'u', '\0',
+  /* "steelephys.com.au", true */ 's', 't', 'e', 'e', 'l', 'e', 'p', 'h', 'y', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "steemit.com", true */ 's', 't', 'e', 'e', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "steenackers.be", true */ 's', 't', 'e', 'e', 'n', 'a', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "stefan-bayer.eu", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 'b', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "stefan-schlueter.de", true */ 's', 't', 'e', 'f', 'a', 'n', '-', 's', 'c', 'h', 'l', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stefanbayer.de", true */ 's', 't', 'e', 'f', 'a', 'n', 'b', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "stefanovski.io", false */ 's', 't', 'e', 'f', 'a', 'n', 'o', 'v', 's', 'k', 'i', '.', 'i', 'o', '\0',
+  /* "stefanvanburen.xyz", true */ 's', 't', 'e', 'f', 'a', 'n', 'v', 'a', 'n', 'b', 'u', 'r', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "stefany.eu", true */ 's', 't', 'e', 'f', 'a', 'n', 'y', '.', 'e', 'u', '\0',
+  /* "steidlewirt.de", true */ 's', 't', 'e', 'i', 'd', 'l', 'e', 'w', 'i', 'r', 't', '.', 'd', 'e', '\0',
+  /* "steigerplank.com", false */ 's', 't', 'e', 'i', 'g', 'e', 'r', 'p', 'l', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "steinbergmedia.de", true */ 's', 't', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'm', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "steinibox.de", true */ 's', 't', 'e', 'i', 'n', 'i', 'b', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "steklein.de", true */ 's', 't', 'e', 'k', 'l', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "stella-artis-ensemble.at", true */ 's', 't', 'e', 'l', 'l', 'a', '-', 'a', 'r', 't', 'i', 's', '-', 'e', 'n', 's', 'e', 'm', 'b', 'l', 'e', '.', 'a', 't', '\0',
+  /* "stellanova-planeten.de", false */ 's', 't', 'e', 'l', 'l', 'a', 'n', 'o', 'v', 'a', '-', 'p', 'l', 'a', 'n', 'e', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stellarium-gornergrat.ch", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'i', 'u', 'm', '-', 'g', 'o', 'r', 'n', 'e', 'r', 'g', 'r', 'a', 't', '.', 'c', 'h', '\0',
+  /* "stellarvale.net", true */ 's', 't', 'e', 'l', 'l', 'a', 'r', 'v', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "stellen.ch", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "stelleninserate.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 'i', 'n', 's', 'e', 'r', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "stellenticket.de", true */ 's', 't', 'e', 'l', 'l', 'e', 'n', 't', 'i', 'c', 'k', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stellmacher.name", true */ 's', 't', 'e', 'l', 'l', 'm', 'a', 'c', 'h', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "stem.is", true */ 's', 't', 'e', 'm', '.', 'i', 's', '\0',
+  /* "stembureauledenindenhaag.nl", true */ 's', 't', 'e', 'm', 'b', 'u', 'r', 'e', 'a', 'u', 'l', 'e', 'd', 'e', 'n', 'i', 'n', 'd', 'e', 'n', 'h', 'a', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "stemsims.com", true */ 's', 't', 'e', 'm', 's', 'i', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stening.co", true */ 's', 't', 'e', 'n', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "stenzhorn-cloud.de", true */ 's', 't', 'e', 'n', 'z', 'h', 'o', 'r', 'n', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "stepanvanek.cz", true */ 's', 't', 'e', 'p', 'a', 'n', 'v', 'a', 'n', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "steph3n.me", true */ 's', 't', 'e', 'p', 'h', '3', 'n', '.', 'm', 'e', '\0',
+  /* "stephan-matthiesen.de", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', '-', 'm', 'a', 't', 't', 'h', 'i', 'e', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "stephane-huc.net", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'e', '-', 'h', 'u', 'c', '.', 'n', 'e', 't', '\0',
+  /* "stephanieschreiber.com", true */ 's', 't', 'e', 'p', 'h', 'a', 'n', 'i', 'e', 's', 'c', 'h', 'r', 'e', 'i', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stephenhaunts.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'a', 'u', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephenhorler.com.au", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'h', 'o', 'r', 'l', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "stephenj.co.uk", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stephenjvoiceovers.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'j', 'v', 'o', 'i', 'c', 'e', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephenperreira.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 'p', 'e', 'r', 'r', 'e', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "stephenschrauger.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stephenschrauger.info", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stephenschrauger.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "stephenschrauger.org", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'c', 'h', 'r', 'a', 'u', 'g', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "stephenskory.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'k', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stephensol.is", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', '.', 'i', 's', '\0',
+  /* "stephensolis.com", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stephensolis.net", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "stephensolisrey.es", true */ 's', 't', 'e', 'p', 'h', 'e', 'n', 's', 'o', 'l', 'i', 's', 'r', 'e', 'y', '.', 'e', 's', '\0',
+  /* "stephsolis.net", true */ 's', 't', 'e', 'p', 'h', 's', 'o', 'l', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "stephspace.net", true */ 's', 't', 'e', 'p', 'h', 's', 'p', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "steplogictalent.com", true */ 's', 't', 'e', 'p', 'l', 'o', 'g', 'i', 'c', 't', 'a', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stepstone.dk", true */ 's', 't', 'e', 'p', 's', 't', 'o', 'n', 'e', '.', 'd', 'k', '\0',
+  /* "stepsweb.com", true */ 's', 't', 'e', 'p', 's', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "ster-enzo.nl", true */ 's', 't', 'e', 'r', '-', 'e', 'n', 'z', 'o', '.', 'n', 'l', '\0',
+  /* "sterchi-fromages.ch", true */ 's', 't', 'e', 'r', 'c', 'h', 'i', '-', 'f', 'r', 'o', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "stereo.lu", true */ 's', 't', 'e', 'r', 'e', 'o', '.', 'l', 'u', '\0',
+  /* "stereochro.me", false */ 's', 't', 'e', 'r', 'e', 'o', 'c', 'h', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "stern-freunde.de", true */ 's', 't', 'e', 'r', 'n', '-', 'f', 'r', 'e', 'u', 'n', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "stern.koeln", true */ 's', 't', 'e', 'r', 'n', '.', 'k', 'o', 'e', 'l', 'n', '\0',
+  /* "sternen-sitzberg.ch", true */ 's', 't', 'e', 'r', 'n', 'e', 'n', '-', 's', 'i', 't', 'z', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "sternplastic.com", true */ 's', 't', 'e', 'r', 'n', 'p', 'l', 'a', 's', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stesti.cz", true */ 's', 't', 'e', 's', 't', 'i', '.', 'c', 'z', '\0',
+  /* "stetspa.it", true */ 's', 't', 'e', 't', 's', 'p', 'a', '.', 'i', 't', '\0',
+  /* "steuerkanzlei-edel.de", true */ 's', 't', 'e', 'u', 'e', 'r', 'k', 'a', 'n', 'z', 'l', 'e', 'i', '-', 'e', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "steuerseminare-graf.de", true */ 's', 't', 'e', 'u', 'e', 'r', 's', 'e', 'm', 'i', 'n', 'a', 'r', 'e', '-', 'g', 'r', 'a', 'f', '.', 'd', 'e', '\0',
+  /* "steve.kiwi", true */ 's', 't', 'e', 'v', 'e', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "steveborba.com", true */ 's', 't', 'e', 'v', 'e', 'b', 'o', 'r', 'b', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "stevedesmond.ca", true */ 's', 't', 'e', 'v', 'e', 'd', 'e', 's', 'm', 'o', 'n', 'd', '.', 'c', 'a', '\0',
+  /* "stevedoggett.com", true */ 's', 't', 'e', 'v', 'e', 'd', 'o', 'g', 'g', 'e', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stevegrav.es", true */ 's', 't', 'e', 'v', 'e', 'g', 'r', 'a', 'v', '.', 'e', 's', '\0',
+  /* "stevenberg.net", true */ 's', 't', 'e', 'v', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0',
+  /* "stevengoodpaster.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'g', 'o', 'o', 'd', 'p', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stevenhumphrey.uk", true */ 's', 't', 'e', 'v', 'e', 'n', 'h', 'u', 'm', 'p', 'h', 'r', 'e', 'y', '.', 'u', 'k', '\0',
+  /* "stevenkwan.me", true */ 's', 't', 'e', 'v', 'e', 'n', 'k', 'w', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "stevens.se", true */ 's', 't', 'e', 'v', 'e', 'n', 's', '.', 's', 'e', '\0',
+  /* "stevenski.com", false */ 's', 't', 'e', 'v', 'e', 'n', 's', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "steventress.com", true */ 's', 't', 'e', 'v', 'e', 'n', 't', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stevenwooding.com", true */ 's', 't', 'e', 'v', 'e', 'n', 'w', 'o', 'o', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "stevenz.science", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 's', 'c', 'i', 'e', 'n', 'c', 'e', '\0',
+  /* "stevenz.xyz", true */ 's', 't', 'e', 'v', 'e', 'n', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "stevesdrivingschooltyneside.com", true */ 's', 't', 'e', 'v', 'e', 's', 'd', 'r', 'i', 'v', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'o', 'l', 't', 'y', 'n', 'e', 's', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stewartswines.com", true */ 's', 't', 'e', 'w', 'a', 'r', 't', 's', 'w', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stewonet.nl", true */ 's', 't', 'e', 'w', 'o', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "steyaert.be", false */ 's', 't', 'e', 'y', 'a', 'e', 'r', 't', '.', 'b', 'e', '\0',
+  /* "stforex.com", true */ 's', 't', 'f', 'o', 'r', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stfw.info", true */ 's', 't', 'f', 'w', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "stichtingliab.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 'l', 'i', 'a', 'b', '.', 'n', 'l', '\0',
+  /* "stichtingscholierenvervoerzeeland.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 'c', 'h', 'o', 'l', 'i', 'e', 'r', 'e', 'n', 'v', 'e', 'r', 'v', 'o', 'e', 'r', 'z', 'e', 'e', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "stichtingsticky.nl", true */ 's', 't', 'i', 'c', 'h', 't', 'i', 'n', 'g', 's', 't', 'i', 'c', 'k', 'y', '.', 'n', 'l', '\0',
+  /* "stick2bike.de", true */ 's', 't', 'i', 'c', 'k', '2', 'b', 'i', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "stickergiant.com", true */ 's', 't', 'i', 'c', 'k', 'e', 'r', 'g', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stickies.io", true */ 's', 't', 'i', 'c', 'k', 'i', 'e', 's', '.', 'i', 'o', '\0',
+  /* "stickmanventures.com", false */ 's', 't', 'i', 'c', 'k', 'm', 'a', 'n', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stift-kremsmuenster.at", true */ 's', 't', 'i', 'f', 't', '-', 'k', 'r', 'e', 'm', 's', 'm', 'u', 'e', 'n', 's', 't', 'e', 'r', '.', 'a', 't', '\0',
+  /* "stigharder.com", true */ 's', 't', 'i', 'g', 'h', 'a', 'r', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stijnbelmans.be", true */ 's', 't', 'i', 'j', 'n', 'b', 'e', 'l', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0',
+  /* "stijnodink.nl", true */ 's', 't', 'i', 'j', 'n', 'o', 'd', 'i', 'n', 'k', '.', 'n', 'l', '\0',
+  /* "stikic.me", true */ 's', 't', 'i', 'k', 'i', 'c', '.', 'm', 'e', '\0',
+  /* "stikkie.me", true */ 's', 't', 'i', 'k', 'k', 'i', 'e', '.', 'm', 'e', '\0',
+  /* "stikonas.eu", false */ 's', 't', 'i', 'k', 'o', 'n', 'a', 's', '.', 'e', 'u', '\0',
+  /* "stilartmoebel.de", true */ 's', 't', 'i', 'l', 'a', 'r', 't', 'm', 'o', 'e', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "stillyarts.com", false */ 's', 't', 'i', 'l', 'l', 'y', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stilmobil.se", true */ 's', 't', 'i', 'l', 'm', 'o', 'b', 'i', 'l', '.', 's', 'e', '\0',
+  /* "stimmgabel.lu", true */ 's', 't', 'i', 'm', 'm', 'g', 'a', 'b', 'e', 'l', '.', 'l', 'u', '\0',
+  /* "stin.hr", true */ 's', 't', 'i', 'n', '.', 'h', 'r', '\0',
+  /* "stintup.com", true */ 's', 't', 'i', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "stipsan.me", true */ 's', 't', 'i', 'p', 's', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "stirling.co", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "stirlingpoon.com", true */ 's', 't', 'i', 'r', 'l', 'i', 'n', 'g', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stitchfiddle.com", true */ 's', 't', 'i', 't', 'c', 'h', 'f', 'i', 'd', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stitthappens.com", true */ 's', 't', 'i', 't', 't', 'h', 'a', 'p', 'p', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stivesbouncycastlehire.co.uk", true */ 's', 't', 'i', 'v', 'e', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stjohnin.com", true */ 's', 't', 'j', 'o', 'h', 'n', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "stjohnmiami.org", true */ 's', 't', 'j', 'o', 'h', 'n', 'm', 'i', 'a', 'm', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "stjohnsc.com", true */ 's', 't', 'j', 'o', 'h', 'n', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stlu.de", true */ 's', 't', 'l', 'u', '.', 'd', 'e', '\0',
+  /* "stlucasmuseum.org", true */ 's', 't', 'l', 'u', 'c', 'a', 's', 'm', 'u', 's', 'e', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "stlukesbrandon.org", true */ 's', 't', 'l', 'u', 'k', 'e', 's', 'b', 'r', 'a', 'n', 'd', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "stm-net.de", true */ 's', 't', 'm', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stmlearning.com", true */ 's', 't', 'm', 'l', 'e', 'a', 'r', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "stmsolutions.pl", true */ 's', 't', 'm', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'p', 'l', '\0',
+  /* "stneotsbouncycastlehire.co.uk", true */ 's', 't', 'n', 'e', 'o', 't', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stnl.de", false */ 's', 't', 'n', 'l', '.', 'd', 'e', '\0',
+  /* "stockpile.com", true */ 's', 't', 'o', 'c', 'k', 'p', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stockrow.com", true */ 's', 't', 'o', 'c', 'k', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "stocktrader.com", true */ 's', 't', 'o', 'c', 'k', 't', 'r', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stodieck.com", true */ 's', 't', 'o', 'd', 'i', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "stoebermehl.at", true */ 's', 't', 'o', 'e', 'b', 'e', 'r', 'm', 'e', 'h', 'l', '.', 'a', 't', '\0',
+  /* "stoffelen.nl", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stoffelnet.de", true */ 's', 't', 'o', 'f', 'f', 'e', 'l', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "stoianlawfirm.com", true */ 's', 't', 'o', 'i', 'a', 'n', 'l', 'a', 'w', 'f', 'i', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stolina.de", false */ 's', 't', 'o', 'l', 'i', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "stolkpotplanten.nl", true */ 's', 't', 'o', 'l', 'k', 'p', 'o', 't', 'p', 'l', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stolkschepen.nl", true */ 's', 't', 'o', 'l', 'k', 's', 'c', 'h', 'e', 'p', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "stomadental.com", true */ 's', 't', 'o', 'm', 'a', 'd', 'e', 'n', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "stonedworms.de", true */ 's', 't', 'o', 'n', 'e', 'd', 'w', 'o', 'r', 'm', 's', '.', 'd', 'e', '\0',
+  /* "stonefusion.org.uk", true */ 's', 't', 'o', 'n', 'e', 'f', 'u', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "stonehammerhead.org", true */ 's', 't', 'o', 'n', 'e', 'h', 'a', 'm', 'm', 'e', 'r', 'h', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "stonemain.eu", true */ 's', 't', 'o', 'n', 'e', 'm', 'a', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "stonewuu.com", true */ 's', 't', 'o', 'n', 'e', 'w', 'u', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "stony.com", true */ 's', 't', 'o', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "stonystratford.org", true */ 's', 't', 'o', 'n', 'y', 's', 't', 'r', 'a', 't', 'f', 'o', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "stopakwardhandshakes.org", true */ 's', 't', 'o', 'p', 'a', 'k', 'w', 'a', 'r', 'd', 'h', 'a', 'n', 'd', 's', 'h', 'a', 'k', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "stopbullying.gov", true */ 's', 't', 'o', 'p', 'b', 'u', 'l', 'l', 'y', 'i', 'n', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "stopfraud.gov", true */ 's', 't', 'o', 'p', 'f', 'r', 'a', 'u', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "stopthethyroidmadness.com", true */ 's', 't', 'o', 'p', 't', 'h', 'e', 't', 'h', 'y', 'r', 'o', 'i', 'd', 'm', 'a', 'd', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stordbatlag.no", true */ 's', 't', 'o', 'r', 'd', 'b', 'a', 't', 'l', 'a', 'g', '.', 'n', 'o', '\0',
+  /* "store10.de", false */ 's', 't', 'o', 'r', 'e', '1', '0', '.', 'd', 'e', '\0',
+  /* "storedsafe.com", true */ 's', 't', 'o', 'r', 'e', 'd', 's', 'a', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "storgom.ua", false */ 's', 't', 'o', 'r', 'g', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "stormi.io", true */ 's', 't', 'o', 'r', 'm', 'i', '.', 'i', 'o', '\0',
+  /* "stormwatcher.org", true */ 's', 't', 'o', 'r', 'm', 'w', 'a', 't', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "storvann.net", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'e', 't', '\0',
+  /* "storvann.no", true */ 's', 't', 'o', 'r', 'v', 'a', 'n', 'n', '.', 'n', 'o', '\0',
+  /* "storycollective.film", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'i', 'l', 'm', '\0',
+  /* "storycollective.nl", true */ 's', 't', 'o', 'r', 'y', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "storyland.ie", true */ 's', 't', 'o', 'r', 'y', 'l', 'a', 'n', 'd', '.', 'i', 'e', '\0',
+  /* "storysift.news", true */ 's', 't', 'o', 'r', 'y', 's', 'i', 'f', 't', '.', 'n', 'e', 'w', 's', '\0',
+  /* "storytime.hu", true */ 's', 't', 'o', 'r', 'y', 't', 'i', 'm', 'e', '.', 'h', 'u', '\0',
+  /* "stoxford.com", true */ 's', 't', 'o', 'x', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stpatricksguild.com", true */ 's', 't', 'p', 'a', 't', 'r', 'i', 'c', 'k', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "straatderzotten.nl", true */ 's', 't', 'r', 'a', 'a', 't', 'd', 'e', 'r', 'z', 'o', 't', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "strahlende-augen.info", true */ 's', 't', 'r', 'a', 'h', 'l', 'e', 'n', 'd', 'e', '-', 'a', 'u', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "straka.name", true */ 's', 't', 'r', 'a', 'k', 'a', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "strangemusicinc.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "strangeplace.net", true */ 's', 't', 'r', 'a', 'n', 'g', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "strate.io", true */ 's', 't', 'r', 'a', 't', 'e', '.', 'i', 'o', '\0',
+  /* "strategiclivingblog.com", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'c', 'l', 'i', 'v', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "strategie-zone.de", true */ 's', 't', 'r', 'a', 't', 'e', 'g', 'i', 'e', '-', 'z', 'o', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "strathewerd.de", true */ 's', 't', 'r', 'a', 't', 'h', 'e', 'w', 'e', 'r', 'd', '.', 'd', 'e', '\0',
+  /* "stratmann-b.de", true */ 's', 't', 'r', 'a', 't', 'm', 'a', 'n', 'n', '-', 'b', '.', 'd', 'e', '\0',
+  /* "straubis.org", true */ 's', 't', 'r', 'a', 'u', 'b', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "strauser.com", true */ 's', 't', 'r', 'a', 'u', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stravers.shoes", true */ 's', 't', 'r', 'a', 'v', 'e', 'r', 's', '.', 's', 'h', 'o', 'e', 's', '\0',
+  /* "stream-ing.xyz", true */ 's', 't', 'r', 'e', 'a', 'm', '-', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "streamchan.org", true */ 's', 't', 'r', 'e', 'a', 'm', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "streamdesk.ca", true */ 's', 't', 'r', 'e', 'a', 'm', 'd', 'e', 's', 'k', '.', 'c', 'a', '\0',
+  /* "streamer.tips", true */ 's', 't', 'r', 'e', 'a', 'm', 'e', 'r', '.', 't', 'i', 'p', 's', '\0',
+  /* "streamingeverywhere.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'i', 'n', 'g', 'e', 'v', 'e', 'r', 'y', 'w', 'h', 'e', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "streamlineautogroup.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'l', 'i', 'n', 'e', 'a', 'u', 't', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "streampanel.net", true */ 's', 't', 'r', 'e', 'a', 'm', 'p', 'a', 'n', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "streamthemeeting.com", true */ 's', 't', 'r', 'e', 'a', 'm', 't', 'h', 'e', 'm', 'e', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "streamzilla.com", true */ 's', 't', 'r', 'e', 'a', 'm', 'z', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "street-smart-home.de", true */ 's', 't', 'r', 'e', 'e', 't', '-', 's', 'm', 'a', 'r', 't', '-', 'h', 'o', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "streetdancecenter.com", true */ 's', 't', 'r', 'e', 'e', 't', 'd', 'a', 'n', 'c', 'e', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "streets.mn", true */ 's', 't', 'r', 'e', 'e', 't', 's', '.', 'm', 'n', '\0',
+  /* "streetspotr.com", true */ 's', 't', 'r', 'e', 'e', 't', 's', 'p', 'o', 't', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "streetview.wien", true */ 's', 't', 'r', 'e', 'e', 't', 'v', 'i', 'e', 'w', '.', 'w', 'i', 'e', 'n', '\0',
+  /* "strefapi.com", true */ 's', 't', 'r', 'e', 'f', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "strehl.tk", true */ 's', 't', 'r', 'e', 'h', 'l', '.', 't', 'k', '\0',
+  /* "streklhof.at", true */ 's', 't', 'r', 'e', 'k', 'l', 'h', 'o', 'f', '.', 'a', 't', '\0',
+  /* "strengthroots.com", true */ 's', 't', 'r', 'e', 'n', 'g', 't', 'h', 'r', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "stressfreehousehold.com", true */ 's', 't', 'r', 'e', 's', 's', 'f', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'h', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "stretchmyan.us", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0',
+  /* "stretchpc.com", true */ 's', 't', 'r', 'e', 't', 'c', 'h', 'p', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "stricted.net", true */ 's', 't', 'r', 'i', 'c', 't', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "strictlynormal.com", true */ 's', 't', 'r', 'i', 'c', 't', 'l', 'y', 'n', 'o', 'r', 'm', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "strijkshop.be", true */ 's', 't', 'r', 'i', 'j', 'k', 's', 'h', 'o', 'p', '.', 'b', 'e', '\0',
+  /* "stringtoolbox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stringvox.com", true */ 's', 't', 'r', 'i', 'n', 'g', 'v', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "stripe.com", true */ 's', 't', 'r', 'i', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "striptizer.tk", true */ 's', 't', 'r', 'i', 'p', 't', 'i', 'z', 'e', 'r', '.', 't', 'k', '\0',
+  /* "strm.hu", true */ 's', 't', 'r', 'm', '.', 'h', 'u', '\0',
+  /* "strobeltobias.de", true */ 's', 't', 'r', 'o', 'b', 'e', 'l', 't', 'o', 'b', 'i', 'a', 's', '.', 'd', 'e', '\0',
+  /* "strobeto.de", true */ 's', 't', 'r', 'o', 'b', 'e', 't', 'o', '.', 'd', 'e', '\0',
+  /* "strobotti.com", true */ 's', 't', 'r', 'o', 'b', 'o', 't', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "stroginohelp.ru", true */ 's', 't', 'r', 'o', 'g', 'i', 'n', 'o', 'h', 'e', 'l', 'p', '.', 'r', 'u', '\0',
+  /* "strom.family", true */ 's', 't', 'r', 'o', 'm', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "strongrandom.com", false */ 's', 't', 'r', 'o', 'n', 'g', 'r', 'a', 'n', 'd', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "strozik.de", true */ 's', 't', 'r', 'o', 'z', 'i', 'k', '.', 'd', 'e', '\0',
+  /* "structurally.net", true */ 's', 't', 'r', 'u', 'c', 't', 'u', 'r', 'a', 'l', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "strugee.net", true */ 's', 't', 'r', 'u', 'g', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "strutta.me", true */ 's', 't', 'r', 'u', 't', 't', 'a', '.', 'm', 'e', '\0',
+  /* "struxureon.com", true */ 's', 't', 'r', 'u', 'x', 'u', 'r', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "strydom.me.uk", true */ 's', 't', 'r', 'y', 'd', 'o', 'm', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "stt.wiki", true */ 's', 't', 't', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "stuartbell.co.uk", true */ 's', 't', 'u', 'a', 'r', 't', 'b', 'e', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stuarts.xyz", true */ 's', 't', 'u', 'a', 'r', 't', 's', '.', 'x', 'y', 'z', '\0',
+  /* "stuco.co", true */ 's', 't', 'u', 'c', 'o', '.', 'c', 'o', '\0',
+  /* "stucydee.nl", true */ 's', 't', 'u', 'c', 'y', 'd', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "studenckiemetody.pl", true */ 's', 't', 'u', 'd', 'e', 'n', 'c', 'k', 'i', 'e', 'm', 'e', 't', 'o', 'd', 'y', '.', 'p', 'l', '\0',
+  /* "student-eshop.cz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 'c', 'z', '\0',
+  /* "student-eshop.sk", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '-', 'e', 's', 'h', 'o', 'p', '.', 's', 'k', '\0',
+  /* "student.andover.edu", true */ 's', 't', 'u', 'd', 'e', 'n', 't', '.', 'a', 'n', 'd', 'o', 'v', 'e', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "studentforums.biz", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'f', 'o', 'r', 'u', 'm', 's', '.', 'b', 'i', 'z', '\0',
+  /* "studentite.bg", false */ 's', 't', 'u', 'd', 'e', 'n', 't', 'i', 't', 'e', '.', 'b', 'g', '\0',
+  /* "studentloans.gov", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'l', 'o', 'a', 'n', 's', '.', 'g', 'o', 'v', '\0',
+  /* "studentrightsadvocate.org", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 'r', 'i', 'g', 'h', 't', 's', 'a', 'd', 'v', 'o', 'c', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "studenttenant.com", true */ 's', 't', 'u', 'd', 'e', 'n', 't', 't', 'e', 'n', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "studer.su", true */ 's', 't', 'u', 'd', 'e', 'r', '.', 's', 'u', '\0',
+  /* "studiemeter.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'm', 'e', 't', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "studienportal.eu", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 'p', 'o', 'r', 't', 'a', 'l', '.', 'e', 'u', '\0',
+  /* "studienservice.de", true */ 's', 't', 'u', 'd', 'i', 'e', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "studiereader.nl", true */ 's', 't', 'u', 'd', 'i', 'e', 'r', 'e', 'a', 'd', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "studio-architetto.com", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'a', 'r', 'c', 'h', 'i', 't', 'e', 't', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "studio-fotografico.ru", true */ 's', 't', 'u', 'd', 'i', 'o', '-', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'c', 'o', '.', 'r', 'u', '\0',
+  /* "studiodentisticosanmarco.it", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'n', 't', 'i', 's', 't', 'i', 'c', 'o', 's', 'a', 'n', 'm', 'a', 'r', 'c', 'o', '.', 'i', 't', '\0',
+  /* "studiodewit.nl", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'e', 'w', 'i', 't', '.', 'n', 'l', '\0',
+  /* "studiodoprazer.com.br", true */ 's', 't', 'u', 'd', 'i', 'o', 'd', 'o', 'p', 'r', 'a', 'z', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "studiograou.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'g', 'r', 'a', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "studiokicca.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'k', 'i', 'c', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "studiomarcella.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'm', 'a', 'r', 'c', 'e', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "studionowystyl.pl", true */ 's', 't', 'u', 'd', 'i', 'o', 'n', 'o', 'w', 'y', 's', 't', 'y', 'l', '.', 'p', 'l', '\0',
+  /* "studioriehl.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'r', 'i', 'e', 'h', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "studiostawki.com", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'a', 'w', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "studiostudio.net", true */ 's', 't', 'u', 'd', 'i', 'o', 's', 't', 'u', 'd', 'i', 'o', '.', 'n', 'e', 't', '\0',
+  /* "studiotheatrestains.fr", true */ 's', 't', 'u', 'd', 'i', 'o', 't', 'h', 'e', 'a', 't', 'r', 'e', 's', 't', 'a', 'i', 'n', 's', '.', 'f', 'r', '\0',
+  /* "studiovaud.com", true */ 's', 't', 'u', 'd', 'i', 'o', 'v', 'a', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "studium.cz", true */ 's', 't', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'z', '\0',
+  /* "studlan.no", true */ 's', 't', 'u', 'd', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "studport.rv.ua", true */ 's', 't', 'u', 'd', 'p', 'o', 'r', 't', '.', 'r', 'v', '.', 'u', 'a', '\0',
+  /* "studyabroadstation.com", true */ 's', 't', 'u', 'd', 'y', 'a', 'b', 'r', 'o', 'a', 'd', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "studying-neet.com", true */ 's', 't', 'u', 'd', 'y', 'i', 'n', 'g', '-', 'n', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stuermer.me", true */ 's', 't', 'u', 'e', 'r', 'm', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "stuetzredli.ch", true */ 's', 't', 'u', 'e', 't', 'z', 'r', 'e', 'd', 'l', 'i', '.', 'c', 'h', '\0',
+  /* "stuff-fibre.co.nz", true */ 's', 't', 'u', 'f', 'f', '-', 'f', 'i', 'b', 'r', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "stuffi.fr", true */ 's', 't', 'u', 'f', 'f', 'i', '.', 'f', 'r', '\0',
+  /* "stuka-art.de", true */ 's', 't', 'u', 'k', 'a', '-', 'a', 'r', 't', '.', 'd', 'e', '\0',
+  /* "stulda.cz", true */ 's', 't', 'u', 'l', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "stumeta.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '.', 'd', 'e', '\0',
+  /* "stumeta2018.de", true */ 's', 't', 'u', 'm', 'e', 't', 'a', '2', '0', '1', '8', '.', 'd', 'e', '\0',
+  /* "stumf.si", true */ 's', 't', 'u', 'm', 'f', '.', 's', 'i', '\0',
+  /* "stuntmen.xyz", true */ 's', 't', 'u', 'n', 't', 'm', 'e', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "stupidstatetricks.com", true */ 's', 't', 'u', 'p', 'i', 'd', 's', 't', 'a', 't', 'e', 't', 'r', 'i', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sturbi.de", true */ 's', 't', 'u', 'r', 'b', 'i', '.', 'd', 'e', '\0',
+  /* "sturge.co.uk", true */ 's', 't', 'u', 'r', 'g', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "stutelage.com", true */ 's', 't', 'u', 't', 'e', 'l', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "stuttgart-gablenberg.de", true */ 's', 't', 'u', 't', 't', 'g', 'a', 'r', 't', '-', 'g', 'a', 'b', 'l', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "stuudium.com", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "stuudium.life", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "stuudium.pro", true */ 's', 't', 'u', 'u', 'd', 'i', 'u', 'm', '.', 'p', 'r', 'o', '\0',
+  /* "stuur.nl", false */ 's', 't', 'u', 'u', 'r', '.', 'n', 'l', '\0',
+  /* "stuvel.eu", true */ 's', 't', 'u', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "stw-group.at", true */ 's', 't', 'w', '-', 'g', 'r', 'o', 'u', 'p', '.', 'a', 't', '\0',
+  /* "stygium.net", false */ 's', 't', 'y', 'g', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "styleci.io", true */ 's', 't', 'y', 'l', 'e', 'c', 'i', '.', 'i', 'o', '\0',
+  /* "stylecollective.us", true */ 's', 't', 'y', 'l', 'e', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'v', 'e', '.', 'u', 's', '\0',
+  /* "stylefast.com.au", true */ 's', 't', 'y', 'l', 'e', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "styles.pm", true */ 's', 't', 'y', 'l', 'e', 's', '.', 'p', 'm', '\0',
+  /* "stylett.ru", true */ 's', 't', 'y', 'l', 'e', 't', 't', '.', 'r', 'u', '\0',
+  /* "stylewish.me", true */ 's', 't', 'y', 'l', 'e', 'w', 'i', 's', 'h', '.', 'm', 'e', '\0',
+  /* "styloeart.com", true */ 's', 't', 'y', 'l', 'o', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "stypr.com", true */ 's', 't', 'y', 'p', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "stytt.com", true */ 's', 't', 'y', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "su1ph3r.io", true */ 's', 'u', '1', 'p', 'h', '3', 'r', '.', 'i', 'o', '\0',
+  /* "suareforma.com", true */ 's', 'u', 'a', 'r', 'e', 'f', 'o', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "suave.io", true */ 's', 'u', 'a', 'v', 'e', '.', 'i', 'o', '\0',
+  /* "sub-net.at", true */ 's', 'u', 'b', '-', 'n', 'e', 't', '.', 'a', 't', '\0',
+  /* "sub.media", true */ 's', 'u', 'b', '.', 'm', 'e', 'd', 'i', 'a', '\0',
+  /* "subastasdecarros.net", true */ 's', 'u', 'b', 'a', 's', 't', 'a', 's', 'd', 'e', 'c', 'a', 'r', 'r', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "subdev.org", true */ 's', 'u', 'b', 'd', 'e', 'v', '.', 'o', 'r', 'g', '\0',
+  /* "sublevel.net", false */ 's', 'u', 'b', 'l', 'e', 'v', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "sublimebits.com", true */ 's', 'u', 'b', 'l', 'i', 'm', 'e', 'b', 'i', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "submedia.tv", true */ 's', 'u', 'b', 'm', 'e', 'd', 'i', 'a', '.', 't', 'v', '\0',
+  /* "submelon.tech", true */ 's', 'u', 'b', 'm', 'e', 'l', 'o', 'n', '.', 't', 'e', 'c', 'h', '\0',
+  /* "subohm.com", true */ 's', 'u', 'b', 'o', 'h', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "suborbital.io", true */ 's', 'u', 'b', 'o', 'r', 'b', 'i', 't', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "subrain.com", true */ 's', 'u', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "subrosa.io", false */ 's', 'u', 'b', 'r', 'o', 's', 'a', '.', 'i', 'o', '\0',
+  /* "subseq.net", false */ 's', 'u', 'b', 's', 'e', 'q', '.', 'n', 'e', 't', '\0',
+  /* "substitutealert.com", true */ 's', 'u', 'b', 's', 't', 'i', 't', 'u', 't', 'e', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "subterfuge.io", true */ 's', 'u', 'b', 't', 'e', 'r', 'f', 'u', 'g', 'e', '.', 'i', 'o', '\0',
+  /* "suburban-landscape.net", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', '-', 'l', 'a', 'n', 'd', 's', 'c', 'a', 'p', 'e', '.', 'n', 'e', 't', '\0',
+  /* "suburbaninfinitioftroyparts.com", true */ 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'i', 'n', 'f', 'i', 'n', 'i', 't', 'i', 'o', 'f', 't', 'r', 'o', 'y', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "subzerolosangeles.com", true */ 's', 'u', 'b', 'z', 'e', 'r', 'o', 'l', 'o', 's', 'a', 'n', 'g', 'e', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "succ.in", true */ 's', 'u', 'c', 'c', '.', 'i', 'n', '\0',
+  /* "suche.org", true */ 's', 'u', 'c', 'h', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "suchmaschinen-werkstatt.de", true */ 's', 'u', 'c', 'h', 'm', 'a', 's', 'c', 'h', 'i', 'n', 'e', 'n', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "suchprogrammer.net", true */ 's', 'u', 'c', 'h', 'p', 'r', 'o', 'g', 'r', 'a', 'm', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "suckmyan.us", false */ 's', 'u', 'c', 'k', 'm', 'y', 'a', 'n', '.', 'u', 's', '\0',
+  /* "sudaraka.org", true */ 's', 'u', 'd', 'a', 'r', 'a', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "sudmotor-occasions.be", true */ 's', 'u', 'd', 'm', 'o', 't', 'o', 'r', '-', 'o', 'c', 'c', 'a', 's', 'i', 'o', 'n', 's', '.', 'b', 'e', '\0',
+  /* "sudo.ws", true */ 's', 'u', 'd', 'o', '.', 'w', 's', '\0',
+  /* "sudoschool.com", true */ 's', 'u', 'd', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "suelyonjones.com", true */ 's', 'u', 'e', 'l', 'y', 'o', 'n', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "suempresa.cloud", true */ 's', 'u', 'e', 'm', 'p', 'r', 'e', 's', 'a', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "suevia-ka.de", true */ 's', 'u', 'e', 'v', 'i', 'a', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "sufix.cz", true */ 's', 'u', 'f', 'i', 'x', '.', 'c', 'z', '\0',
+  /* "sugarandcloth.com", true */ 's', 'u', 'g', 'a', 'r', 'a', 'n', 'd', 'c', 'l', 'o', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "sugarbrother.com", true */ 's', 'u', 'g', 'a', 'r', 'b', 'r', 'o', 't', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sugarcitycon.com", true */ 's', 'u', 'g', 'a', 'r', 'c', 'i', 't', 'y', 'c', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sugarshin.net", true */ 's', 'u', 'g', 'a', 'r', 's', 'h', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "suggea.com", true */ 's', 'u', 'g', 'g', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "suggestim.ch", true */ 's', 'u', 'g', 'g', 'e', 's', 't', 'i', 'm', '.', 'c', 'h', '\0',
+  /* "suiranfes.com", true */ 's', 'u', 'i', 'r', 'a', 'n', 'f', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sujoydhar.in", true */ 's', 'u', 'j', 'o', 'y', 'd', 'h', 'a', 'r', '.', 'i', 'n', '\0',
+  /* "suki.moe", true */ 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "sukrie.net", true */ 's', 'u', 'k', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "suksit.com", true */ 's', 'u', 'k', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "sulian.me", true */ 's', 'u', 'l', 'i', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "suluvir.com", true */ 's', 'u', 'l', 'u', 'v', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sumguy.com", true */ 's', 'u', 'm', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "summa-prefis.com", true */ 's', 'u', 'm', 'm', 'a', '-', 'p', 'r', 'e', 'f', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "summa.eu", false */ 's', 'u', 'm', 'm', 'a', '.', 'e', 'u', '\0',
+  /* "summercampthailand.com", true */ 's', 'u', 'm', 'm', 'e', 'r', 'c', 'a', 'm', 'p', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "summitmasters.net", true */ 's', 'u', 'm', 'm', 'i', 't', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sumthing.com", true */ 's', 'u', 'm', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "sunboxstore.jp", true */ 's', 'u', 'n', 'b', 'o', 'x', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "sunbritetv.com", true */ 's', 'u', 'n', 'b', 'r', 'i', 't', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "sundanceusa.com", true */ 's', 'u', 'n', 'd', 'a', 'n', 'c', 'e', 'u', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sundaycooks.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'c', 'o', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sundayfundayjapan.com", true */ 's', 'u', 'n', 'd', 'a', 'y', 'f', 'u', 'n', 'd', 'a', 'y', 'j', 'a', 'p', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sunfeathers.net", true */ 's', 'u', 'n', 'f', 'e', 'a', 't', 'h', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sunfox.cz", true */ 's', 'u', 'n', 'f', 'o', 'x', '.', 'c', 'z', '\0',
+  /* "sunfulong.me", true */ 's', 'u', 'n', 'f', 'u', 'l', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "sunjaydhama.com", true */ 's', 'u', 'n', 'j', 'a', 'y', 'd', 'h', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "sunn.ie", true */ 's', 'u', 'n', 'n', '.', 'i', 'e', '\0',
+  /* "sunsetwx.com", true */ 's', 'u', 'n', 's', 'e', 't', 'w', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "sunshinesf.org", true */ 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 's', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "sunsmartresorts.com", true */ 's', 'u', 'n', 's', 'm', 'a', 'r', 't', 'r', 'e', 's', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sunstar.bg", true */ 's', 'u', 'n', 's', 't', 'a', 'r', '.', 'b', 'g', '\0',
+  /* "supa.sexy", true */ 's', 'u', 'p', 'a', '.', 's', 'e', 'x', 'y', '\0',
+  /* "supastuds.com", true */ 's', 'u', 'p', 'a', 's', 't', 'u', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "super-o-blog.com", true */ 's', 'u', 'p', 'e', 'r', '-', 'o', '-', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "superbouncebouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "superbowlkneel.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 'o', 'w', 'l', 'k', 'n', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "superbshare.com", true */ 's', 'u', 'p', 'e', 'r', 'b', 's', 'h', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "supercalorias.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 'l', 'o', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "supercastlesadelaide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'a', 'd', 'e', 'l', 'a', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlesbrisbane.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'b', 'r', 'i', 's', 'b', 'a', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlesmelbourne.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessouthsydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'o', 'u', 't', 'h', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessunshinecoast.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'u', 'n', 's', 'h', 'i', 'n', 'e', 'c', 'o', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercastlessydney.com.au", true */ 's', 'u', 'p', 'e', 'r', 'c', 'a', 's', 't', 'l', 'e', 's', 's', 'y', 'd', 'n', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "supercentenarian.com", true */ 's', 'u', 'p', 'e', 'r', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "supercinebattle.fr", true */ 's', 'u', 'p', 'e', 'r', 'c', 'i', 'n', 'e', 'b', 'a', 't', 't', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "superguide.com.au", true */ 's', 'u', 'p', 'e', 'r', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "superhappiness.com", true */ 's', 'u', 'p', 'e', 'r', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "superhome.com.au", true */ 's', 'u', 'p', 'e', 'r', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "superkonsult.se", true */ 's', 'u', 'p', 'e', 'r', 'k', 'o', 'n', 's', 'u', 'l', 't', '.', 's', 'e', '\0',
+  /* "supermarx.nl", true */ 's', 'u', 'p', 'e', 'r', 'm', 'a', 'r', 'x', '.', 'n', 'l', '\0',
+  /* "supermil.ch", true */ 's', 'u', 'p', 'e', 'r', 'm', 'i', 'l', '.', 'c', 'h', '\0',
+  /* "supern0va.net", true */ 's', 'u', 'p', 'e', 'r', 'n', '0', 'v', 'a', '.', 'n', 'e', 't', '\0',
+  /* "supernt.lt", true */ 's', 'u', 'p', 'e', 'r', 'n', 't', '.', 'l', 't', '\0',
+  /* "supersahnetorten.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'a', 'h', 'n', 'e', 't', 'o', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "supersec.es", true */ 's', 'u', 'p', 'e', 'r', 's', 'e', 'c', '.', 'e', 's', '\0',
+  /* "supersole.net", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "supersonnig-festival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', '-', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "supersonnigfestival.de", true */ 's', 'u', 'p', 'e', 'r', 's', 'o', 'n', 'n', 'i', 'g', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "supersteosbouncycastles.com", true */ 's', 'u', 'p', 'e', 'r', 's', 't', 'e', 'o', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "supersu.kr", true */ 's', 'u', 'p', 'e', 'r', 's', 'u', '.', 'k', 'r', '\0',
+  /* "superswingtrainer.com", true */ 's', 'u', 'p', 'e', 'r', 's', 'w', 'i', 'n', 'g', 't', 'r', 'a', 'i', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "supertasker.org", true */ 's', 'u', 'p', 'e', 'r', 't', 'a', 's', 'k', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "supeuro.com", true */ 's', 'u', 'p', 'e', 'u', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "supplementler.com", true */ 's', 'u', 'p', 'p', 'l', 'e', 'm', 'e', 'n', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "supplies24.at", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'a', 't', '\0',
+  /* "supplies24.es", true */ 's', 'u', 'p', 'p', 'l', 'i', 'e', 's', '2', '4', '.', 'e', 's', '\0',
+  /* "support.mayfirst.org", false */ 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'm', 'a', 'y', 'f', 'i', 'r', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "supportdesk.nu", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'd', 'e', 's', 'k', '.', 'n', 'u', '\0',
+  /* "supportericking.org", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'e', 'r', 'i', 'c', 'k', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "supportme123.com", true */ 's', 'u', 'p', 'p', 'o', 'r', 't', 'm', 'e', '1', '2', '3', '.', 'c', 'o', 'm', '\0',
+  /* "suprem.biz", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'b', 'i', 'z', '\0',
+  /* "suprem.ch", true */ 's', 'u', 'p', 'r', 'e', 'm', '.', 'c', 'h', '\0',
+  /* "supriville.com.br", true */ 's', 'u', 'p', 'r', 'i', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "sur-v.com", true */ 's', 'u', 'r', '-', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "surao.cz", true */ 's', 'u', 'r', 'a', 'o', '.', 'c', 'z', '\0',
+  /* "sure-it.de", true */ 's', 'u', 'r', 'e', '-', 'i', 't', '.', 'd', 'e', '\0',
+  /* "suretone.co.za", true */ 's', 'u', 'r', 'e', 't', 'o', 'n', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "surgenet.nl", true */ 's', 'u', 'r', 'g', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "surgeongeneral.gov", true */ 's', 'u', 'r', 'g', 'e', 'o', 'n', 'g', 'e', 'n', 'e', 'r', 'a', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "surgicalassociateswny.com", true */ 's', 'u', 'r', 'g', 'i', 'c', 'a', 'l', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'e', 's', 'w', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "surkatty.org", true */ 's', 'u', 'r', 'k', 'a', 't', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "surpreem.com", true */ 's', 'u', 'r', 'p', 'r', 'e', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "survature.com", true */ 's', 'u', 'r', 'v', 'a', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "surveymill.co.uk", true */ 's', 'u', 'r', 'v', 'e', 'y', 'm', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "survivalmonkey.com", true */ 's', 'u', 'r', 'v', 'i', 'v', 'a', 'l', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "survivebox.fr", true */ 's', 'u', 'r', 'v', 'i', 'v', 'e', 'b', 'o', 'x', '.', 'f', 'r', '\0',
+  /* "susanbpilates.co", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', '\0',
+  /* "susanbpilates.com", true */ 's', 'u', 's', 'a', 'n', 'b', 'p', 'i', 'l', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "susann-kerk.de", true */ 's', 'u', 's', 'a', 'n', 'n', '-', 'k', 'e', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "susanna-komischke.de", true */ 's', 'u', 's', 'a', 'n', 'n', 'a', '-', 'k', 'o', 'm', 'i', 's', 'c', 'h', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "susastudentenjobs.de", true */ 's', 'u', 's', 'a', 's', 't', 'u', 'd', 'e', 'n', 't', 'e', 'n', 'j', 'o', 'b', 's', '.', 'd', 'e', '\0',
+  /* "susc.org.uk", true */ 's', 'u', 's', 'c', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "suseasky.com", true */ 's', 'u', 's', 'e', 'a', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "sush.us", true */ 's', 'u', 's', 'h', '.', 'u', 's', '\0',
+  /* "sushi.roma.it", true */ 's', 'u', 's', 'h', 'i', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "sushifrick.de", true */ 's', 'u', 's', 'h', 'i', 'f', 'r', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "sushikatze.de", true */ 's', 'u', 's', 'h', 'i', 'k', 'a', 't', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "susosudon.com", true */ 's', 'u', 's', 'o', 's', 'u', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "suspension-shop.com", true */ 's', 'u', 's', 'p', 'e', 'n', 's', 'i', 'o', 'n', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sussexwebdesigns.co.uk", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "sussexwebsites.info", true */ 's', 'u', 's', 's', 'e', 'x', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "sustainabilityknowledgegroup.com", true */ 's', 'u', 's', 't', 'a', 'i', 'n', 'a', 'b', 'i', 'l', 'i', 't', 'y', 'k', 'n', 'o', 'w', 'l', 'e', 'd', 'g', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "sustsol.com", true */ 's', 'u', 's', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "sutas.market", true */ 's', 'u', 't', 'a', 's', '.', 'm', 'a', 'r', 'k', 'e', 't', '\0',
+  /* "suts.co.uk", true */ 's', 'u', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "suttonbouncycastles.co.uk", true */ 's', 'u', 't', 't', 'o', 'n', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "suuria.de", true */ 's', 'u', 'u', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "suvidhaapay.com", true */ 's', 'u', 'v', 'i', 'd', 'h', 'a', 'a', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "suwalls.com", true */ 's', 'u', 'w', 'a', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "suzi3d.com", true */ 's', 'u', 'z', 'i', '3', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "suzukimarinepress.com", true */ 's', 'u', 'z', 'u', 'k', 'i', 'm', 'a', 'r', 'i', 'n', 'e', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "sv-1966-medenbach.de", true */ 's', 'v', '-', '1', '9', '6', '6', '-', 'm', 'e', 'd', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "sv-turm-hohenlimburg.de", true */ 's', 'v', '-', 't', 'u', 'r', 'm', '-', 'h', 'o', 'h', 'e', 'n', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "sv.search.yahoo.com", false */ 's', 'v', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "svadobkajuvi.sk", true */ 's', 'v', 'a', 'd', 'o', 'b', 'k', 'a', 'j', 'u', 'v', 'i', '.', 's', 'k', '\0',
+  /* "svager.cz", true */ 's', 'v', 'a', 'g', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "svantner.sk", true */ 's', 'v', 'a', 'n', 't', 'n', 'e', 'r', '.', 's', 'k', '\0',
+  /* "svarnyjunak.cz", true */ 's', 'v', 'a', 'r', 'n', 'y', 'j', 'u', 'n', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "svarovani.tk", true */ 's', 'v', 'a', 'r', 'o', 'v', 'a', 'n', 'i', '.', 't', 'k', '\0',
+  /* "svc-sitec.com", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "svc-sitec.com.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "svc-sitec.mx", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'm', 'x', '\0',
+  /* "svc-sitec.org", true */ 's', 'v', 'c', '-', 's', 'i', 't', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "svdb.co", false */ 's', 'v', 'd', 'b', '.', 'c', 'o', '\0',
+  /* "svdreamcatcher.com", true */ 's', 'v', 'd', 'r', 'e', 'a', 'm', 'c', 'a', 't', 'c', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sve-hosting.nl", true */ 's', 'v', 'e', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "sveinerik.org", true */ 's', 'v', 'e', 'i', 'n', 'e', 'r', 'i', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "svendubbeld.nl", true */ 's', 'v', 'e', 'n', 'd', 'u', 'b', 'b', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "sveneckelmann.de", true */ 's', 'v', 'e', 'n', 'e', 'c', 'k', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "svenjaundchristian.de", true */ 's', 'v', 'e', 'n', 'j', 'a', 'u', 'n', 'd', 'c', 'h', 'r', 'i', 's', 't', 'i', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "svennd.be", true */ 's', 'v', 'e', 'n', 'n', 'd', '.', 'b', 'e', '\0',
+  /* "svetandroida.cz", true */ 's', 'v', 'e', 't', 'a', 'n', 'd', 'r', 'o', 'i', 'd', 'a', '.', 'c', 'z', '\0',
+  /* "svetlilo.com", true */ 's', 'v', 'e', 't', 'l', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "svetzitrka.cz", false */ 's', 'v', 'e', 't', 'z', 'i', 't', 'r', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "svijet-medija.hr", true */ 's', 'v', 'i', 'j', 'e', 't', '-', 'm', 'e', 'd', 'i', 'j', 'a', '.', 'h', 'r', '\0',
+  /* "sviz.pro", true */ 's', 'v', 'i', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "svj-stochovska.cz", true */ 's', 'v', 'j', '-', 's', 't', 'o', 'c', 'h', 'o', 'v', 's', 'k', 'a', '.', 'c', 'z', '\0',
+  /* "svjvn.cz", true */ 's', 'v', 'j', 'v', 'n', '.', 'c', 'z', '\0',
+  /* "svm-basketball.de", true */ 's', 'v', 'm', '-', 'b', 'a', 's', 'k', 'e', 't', 'b', 'a', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "svm-it.eu", true */ 's', 'v', 'm', '-', 'i', 't', '.', 'e', 'u', '\0',
+  /* "sw-servers.net", true */ 's', 'w', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "sw33tp34.com", true */ 's', 'w', '3', '3', 't', 'p', '3', '4', '.', 'c', 'o', 'm', '\0',
+  /* "swacp.com", true */ 's', 'w', 'a', 'c', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "swansdoor.org", true */ 's', 'w', 'a', 'n', 's', 'd', 'o', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "swapadoodle.com", true */ 's', 'w', 'a', 'p', 'a', 'd', 'o', 'o', 'd', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swarfarm.com", true */ 's', 'w', 'a', 'r', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "swarlys-server.de", true */ 's', 'w', 'a', 'r', 'l', 'y', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "swarmation.com", true */ 's', 'w', 'a', 'r', 'm', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "swat4stats.com", true */ 's', 'w', 'a', 't', '4', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "swattransport.ae", true */ 's', 'w', 'a', 't', 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'a', 'e', '\0',
+  /* "sway-cdn.com", true */ 's', 'w', 'a', 'y', '-', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sway.com", true */ 's', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "swd.agency", true */ 's', 'w', 'd', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "swedishhost.com", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "swedishhost.se", true */ 's', 'w', 'e', 'd', 'i', 's', 'h', 'h', 'o', 's', 't', '.', 's', 'e', '\0',
+  /* "sweep-me.net", true */ 's', 'w', 'e', 'e', 'p', '-', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "sweepay.ch", true */ 's', 'w', 'e', 'e', 'p', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "sweetair.com", true */ 's', 'w', 'e', 'e', 't', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "sweetgood.de", true */ 's', 'w', 'e', 'e', 't', 'g', 'o', 'o', 'd', '.', 'd', 'e', '\0',
+  /* "sweetll.me", false */ 's', 'w', 'e', 'e', 't', 'l', 'l', '.', 'm', 'e', '\0',
+  /* "sweetvanilla.jp", true */ 's', 'w', 'e', 'e', 't', 'v', 'a', 'n', 'i', 'l', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "swehack.org", true */ 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sweharris.org", true */ 's', 'w', 'e', 'h', 'a', 'r', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "swfloshatraining.com", true */ 's', 'w', 'f', 'l', 'o', 's', 'h', 'a', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "swfmax.com", true */ 's', 'w', 'f', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "swift-devedge.de", true */ 's', 'w', 'i', 'f', 't', '-', 'd', 'e', 'v', 'e', 'd', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "swiftconf.com", true */ 's', 'w', 'i', 'f', 't', 'c', 'o', 'n', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "swiftqueue.com", true */ 's', 'w', 'i', 'f', 't', 'q', 'u', 'e', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swilly.org", true */ 's', 'w', 'i', 'l', 'l', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "swimbee.nl", true */ 's', 'w', 'i', 'm', 'b', 'e', 'e', '.', 'n', 'l', '\0',
+  /* "swimturk.com.tr", true */ 's', 'w', 'i', 'm', 't', 'u', 'r', 'k', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "swimwear365.co.uk", true */ 's', 'w', 'i', 'm', 'w', 'e', 'a', 'r', '3', '6', '5', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "swineson.me", true */ 's', 'w', 'i', 'n', 'e', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "swingmonkey.com", true */ 's', 'w', 'i', 'n', 'g', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "swipetv.ie", true */ 's', 'w', 'i', 'p', 'e', 't', 'v', '.', 'i', 'e', '\0',
+  /* "swiss-apartments.com", true */ 's', 'w', 'i', 's', 's', '-', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "swiss-connection.net", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "swiss-cyber-experts.ch", true */ 's', 'w', 'i', 's', 's', '-', 'c', 'y', 'b', 'e', 'r', '-', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "swisscannabis.club", true */ 's', 'w', 'i', 's', 's', 'c', 'a', 'n', 'n', 'a', 'b', 'i', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "swissdojo.ch", true */ 's', 'w', 'i', 's', 's', 'd', 'o', 'j', 'o', '.', 'c', 'h', '\0',
+  /* "swisselement365.com", true */ 's', 'w', 'i', 's', 's', 'e', 'l', 'e', 'm', 'e', 'n', 't', '3', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "swissentreprises.ch", true */ 's', 'w', 'i', 's', 's', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'i', 's', 'e', 's', '.', 'c', 'h', '\0',
+  /* "swissfreshaircan.ch", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'h', '\0',
+  /* "swissfreshaircan.com", true */ 's', 'w', 'i', 's', 's', 'f', 'r', 'e', 's', 'h', 'a', 'i', 'r', 'c', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "swissid.ch", true */ 's', 'w', 'i', 's', 's', 'i', 'd', '.', 'c', 'h', '\0',
+  /* "swisslinux.org", true */ 's', 'w', 'i', 's', 's', 'l', 'i', 'n', 'u', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "swisswebhelp.ch", true */ 's', 'w', 'i', 's', 's', 'w', 'e', 'b', 'h', 'e', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "swissxperts.ch", true */ 's', 'w', 'i', 's', 's', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'h', '\0',
+  /* "switch.moe", true */ 's', 'w', 'i', 't', 'c', 'h', '.', 'm', 'o', 'e', '\0',
+  /* "switzerland-family-office.com", true */ 's', 'w', 'i', 't', 'z', 'e', 'r', 'l', 'a', 'n', 'd', '-', 'f', 'a', 'm', 'i', 'l', 'y', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "swordfeng.xyz", true */ 's', 'w', 'o', 'r', 'd', 'f', 'e', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "swuosa.org", true */ 's', 'w', 'u', 'o', 's', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "swvaux.com", true */ 's', 'w', 'v', 'a', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "swyn.net", true */ 's', 'w', 'y', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sy24.ru", true */ 's', 'y', '2', '4', '.', 'r', 'u', '\0',
+  /* "syajvo.if.ua", true */ 's', 'y', 'a', 'j', 'v', 'o', '.', 'i', 'f', '.', 'u', 'a', '\0',
+  /* "sycamorememphis.org", true */ 's', 'y', 'c', 'a', 'm', 'o', 'r', 'e', 'm', 'e', 'm', 'p', 'h', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "sychov.pro", true */ 's', 'y', 'c', 'h', 'o', 'v', '.', 'p', 'r', 'o', '\0',
+  /* "sydney-sehen.com", true */ 's', 'y', 'd', 'n', 'e', 'y', '-', 's', 'e', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "sydney.dating", true */ 's', 'y', 'd', 'n', 'e', 'y', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "syenar.net", true */ 's', 'y', 'e', 'n', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "syezd.com.au", true */ 's', 'y', 'e', 'z', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "syha.org.uk", true */ 's', 'y', 'h', 'a', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "syhost.at", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'a', 't', '\0',
+  /* "syhost.ch", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'c', 'h', '\0',
+  /* "syhost.de", true */ 's', 'y', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "sykepleien.no", false */ 's', 'y', 'k', 'e', 'p', 'l', 'e', 'i', 'e', 'n', '.', 'n', 'o', '\0',
+  /* "sylaps.com", true */ 's', 'y', 'l', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "syleam.in", true */ 's', 'y', 'l', 'e', 'a', 'm', '.', 'i', 'n', '\0',
+  /* "syllogi.xyz", true */ 's', 'y', 'l', 'l', 'o', 'g', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "sylvaindurand.fr", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "sylvaindurand.org", true */ 's', 'y', 'l', 'v', 'a', 'i', 'n', 'd', 'u', 'r', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "sylvan.me", true */ 's', 'y', 'l', 'v', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "sylvangarden.net", true */ 's', 'y', 'l', 'v', 'a', 'n', 'g', 'a', 'r', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "sylve.ch", true */ 's', 'y', 'l', 'v', 'e', '.', 'c', 'h', '\0',
+  /* "symb.ch", true */ 's', 'y', 'm', 'b', '.', 'c', 'h', '\0',
+  /* "symbiose-bien-etre.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'b', 'i', 'e', 'n', '-', 'e', 't', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "symbiose-com.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "symbiose-immobilier.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "symbiose.com", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "symbiosecom.ch", true */ 's', 'y', 'm', 'b', 'i', 'o', 's', 'e', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "symeda.de", true */ 's', 'y', 'm', 'e', 'd', 'a', '.', 'd', 'e', '\0',
+  /* "symphonos.it", true */ 's', 'y', 'm', 'p', 'h', 'o', 'n', 'o', 's', '.', 'i', 't', '\0',
+  /* "symptome-erklaert.de", true */ 's', 'y', 'm', 'p', 't', 'o', 'm', 'e', '-', 'e', 'r', 'k', 'l', 'a', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "synabi.com", true */ 's', 'y', 'n', 'a', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "synaptickz.me", true */ 's', 'y', 'n', 'a', 'p', 't', 'i', 'c', 'k', 'z', '.', 'm', 'e', '\0',
+  /* "synatra.co", true */ 's', 'y', 'n', 'a', 't', 'r', 'a', '.', 'c', 'o', '\0',
+  /* "sync-it.no", true */ 's', 'y', 'n', 'c', '-', 'i', 't', '.', 'n', 'o', '\0',
+  /* "syncaddict.net", true */ 's', 'y', 'n', 'c', 'a', 'd', 'd', 'i', 'c', 't', '.', 'n', 'e', 't', '\0',
+  /* "synchrocube.com", true */ 's', 'y', 'n', 'c', 'h', 'r', 'o', 'c', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "synchtu.be", false */ 's', 'y', 'n', 'c', 'h', 't', 'u', '.', 'b', 'e', '\0',
+  /* "syncmylife.net", false */ 's', 'y', 'n', 'c', 'm', 'y', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "syncrise.co.jp", true */ 's', 'y', 'n', 'c', 'r', 'i', 's', 'e', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "syndic-discount.fr", false */ 's', 'y', 'n', 'd', 'i', 'c', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'f', 'r', '\0',
+  /* "syneart.com", true */ 's', 'y', 'n', 'e', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "synecek11.cz", true */ 's', 'y', 'n', 'e', 'c', 'e', 'k', '1', '1', '.', 'c', 'z', '\0',
+  /* "synergyflare.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'f', 'l', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "synergyworkingdogclub.com", true */ 's', 'y', 'n', 'e', 'r', 'g', 'y', 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'd', 'o', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "synfin.org", true */ 's', 'y', 'n', 'f', 'i', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "synony.me", true */ 's', 'y', 'n', 'o', 'n', 'y', '.', 'm', 'e', '\0',
+  /* "synotna.eu", true */ 's', 'y', 'n', 'o', 't', 'n', 'a', '.', 'e', 'u', '\0',
+  /* "syntaxnightmare.com", true */ 's', 'y', 'n', 't', 'a', 'x', 'n', 'i', 'g', 'h', 't', 'm', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "syntheticmotoroil.org", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'c', 'm', 'o', 't', 'o', 'r', 'o', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "synthetik.com", true */ 's', 'y', 'n', 't', 'h', 'e', 't', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "syriatalk.biz", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'b', 'i', 'z', '\0',
+  /* "syriatalk.org", true */ 's', 'y', 'r', 'i', 'a', 't', 'a', 'l', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "sys.tf", true */ 's', 'y', 's', '.', 't', 'f', '\0',
+  /* "sysadm.guru", true */ 's', 'y', 's', 'a', 'd', 'm', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "sysadmin.pm", false */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'p', 'm', '\0',
+  /* "sysadmin.xyz", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "sysadmins.ro", true */ 's', 'y', 's', 'a', 'd', 'm', 'i', 'n', 's', '.', 'r', 'o', '\0',
+  /* "sysctl.se", true */ 's', 'y', 's', 'c', 't', 'l', '.', 's', 'e', '\0',
+  /* "sysert.tv", false */ 's', 'y', 's', 'e', 'r', 't', '.', 't', 'v', '\0',
+  /* "sysmike.de", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "sysmike.net", true */ 's', 'y', 's', 'm', 'i', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "systea.fr", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "systea.net", true */ 's', 'y', 's', 't', 'e', 'a', '.', 'n', 'e', 't', '\0',
+  /* "system-m.de", true */ 's', 'y', 's', 't', 'e', 'm', '-', 'm', '.', 'd', 'e', '\0',
+  /* "system.cf", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'f', '\0',
+  /* "system.is", true */ 's', 'y', 's', 't', 'e', 'm', '.', 'i', 's', '\0',
+  /* "system12.pl", true */ 's', 'y', 's', 't', 'e', 'm', '1', '2', '.', 'p', 'l', '\0',
+  /* "system365.eu", true */ 's', 'y', 's', 't', 'e', 'm', '3', '6', '5', '.', 'e', 'u', '\0',
+  /* "systemd.ch", true */ 's', 'y', 's', 't', 'e', 'm', 'd', '.', 'c', 'h', '\0',
+  /* "systemeprod.fr", true */ 's', 'y', 's', 't', 'e', 'm', 'e', 'p', 'r', 'o', 'd', '.', 'f', 'r', '\0',
+  /* "systemintegra.ru", true */ 's', 'y', 's', 't', 'e', 'm', 'i', 'n', 't', 'e', 'g', 'r', 'a', '.', 'r', 'u', '\0',
+  /* "systemli.org", true */ 's', 'y', 's', 't', 'e', 'm', 'l', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "systemreboot.net", true */ 's', 'y', 's', 't', 'e', 'm', 'r', 'e', 'b', 'o', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "systemspace.link", true */ 's', 'y', 's', 't', 'e', 'm', 's', 'p', 'a', 'c', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "systoolbox.net", true */ 's', 'y', 's', 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "sysystems.cz", true */ 's', 'y', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'z', '\0',
+  /* "syt3.net", true */ 's', 'y', 't', '3', '.', 'n', 'e', 't', '\0',
+  /* "syy.im", true */ 's', 'y', 'y', '.', 'i', 'm', '\0',
+  /* "syzygy-tables.info", true */ 's', 'y', 'z', 'y', 'g', 'y', '-', 't', 'a', 'b', 'l', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "szagun.net", true */ 's', 'z', 'a', 'g', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "szamitogepdepo.com", true */ 's', 'z', 'a', 'm', 'i', 't', 'o', 'g', 'e', 'p', 'd', 'e', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "szaydon.me", false */ 's', 'z', 'a', 'y', 'd', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "szczot3k.pl", true */ 's', 'z', 'c', 'z', 'o', 't', '3', 'k', '.', 'p', 'l', '\0',
+  /* "szechenyi2020.hu", true */ 's', 'z', 'e', 'c', 'h', 'e', 'n', 'y', 'i', '2', '0', '2', '0', '.', 'h', 'u', '\0',
+  /* "szentistvanpt.sk", true */ 's', 'z', 'e', 'n', 't', 'i', 's', 't', 'v', 'a', 'n', 'p', 't', '.', 's', 'k', '\0',
+  /* "szerelem.love", true */ 's', 'z', 'e', 'r', 'e', 'l', 'e', 'm', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "szongott.net", true */ 's', 'z', 'o', 'n', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "szunia.com", true */ 's', 'z', 'u', 'n', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "szybkiebieganie.pl", true */ 's', 'z', 'y', 'b', 'k', 'i', 'e', 'b', 'i', 'e', 'g', 'a', 'n', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "szyndler.ch", true */ 's', 'z', 'y', 'n', 'd', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "t-hawk.com", true */ 't', '-', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "t-net.org.hu", true */ 't', '-', 'n', 'e', 't', '.', 'o', 'r', 'g', '.', 'h', 'u', '\0',
+  /* "t-point.eu", true */ 't', '-', 'p', 'o', 'i', 'n', 't', '.', 'e', 'u', '\0',
+  /* "t-shirts4less.nl", true */ 't', '-', 's', 'h', 'i', 'r', 't', 's', '4', 'l', 'e', 's', 's', '.', 'n', 'l', '\0',
+  /* "t-stonegroup.com", true */ 't', '-', 's', 't', 'o', 'n', 'e', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "t.facebook.com", false */ 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "t0ne.net", false */ 't', '0', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "t12u.com", true */ 't', '1', '2', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "t2000headphones.com", true */ 't', '2', '0', '0', '0', 'h', 'e', 'a', 'd', 'p', 'h', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "t2000laserpointers.com", true */ 't', '2', '0', '0', '0', 'l', 'a', 's', 'e', 'r', 'p', 'o', 'i', 'n', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "t23m-navi.jp", false */ 't', '2', '3', 'm', '-', 'n', 'a', 'v', 'i', '.', 'j', 'p', '\0',
+  /* "t2i.nl", true */ 't', '2', 'i', '.', 'n', 'l', '\0',
+  /* "t47.io", true */ 't', '4', '7', '.', 'i', 'o', '\0',
+  /* "t7e.de", false */ 't', '7', 'e', '.', 'd', 'e', '\0',
+  /* "ta-65.com", true */ 't', 'a', '-', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "ta-sports.net", true */ 't', 'a', '-', 's', 'p', 'o', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "ta65.com", true */ 't', 'a', '6', '5', '.', 'c', 'o', 'm', '\0',
+  /* "taabe.net", true */ 't', 'a', 'a', 'b', 'e', '.', 'n', 'e', 't', '\0',
+  /* "taartenfeesies.nl", true */ 't', 'a', 'a', 'r', 't', 'e', 'n', 'f', 'e', 'e', 's', 'i', 'e', 's', '.', 'n', 'l', '\0',
+  /* "tab.watch", true */ 't', 'a', 'b', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "tabernadovinho.com.br", true */ 't', 'a', 'b', 'e', 'r', 'n', 'a', 'd', 'o', 'v', 'i', 'n', 'h', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "taberu-fujitsubo.com", true */ 't', 'a', 'b', 'e', 'r', 'u', '-', 'f', 'u', 'j', 'i', 't', 's', 'u', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tabino.top", true */ 't', 'a', 'b', 'i', 'n', 'o', '.', 't', 'o', 'p', '\0',
+  /* "tabithawebb.co.uk", true */ 't', 'a', 'b', 'i', 't', 'h', 'a', 'w', 'e', 'b', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tabla-periodica.com", true */ 't', 'a', 'b', 'l', 'a', '-', 'p', 'e', 'r', 'i', 'o', 'd', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tabledusud.be", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'b', 'e', '\0',
+  /* "tabledusud.nl", true */ 't', 'a', 'b', 'l', 'e', 'd', 'u', 's', 'u', 'd', '.', 'n', 'l', '\0',
+  /* "tablescraps.com", true */ 't', 'a', 'b', 'l', 'e', 's', 'c', 'r', 'a', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tablet.facebook.com", false */ 't', 'a', 'b', 'l', 'e', 't', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tablotv.com", false */ 't', 'a', 'b', 'l', 'o', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "taborsky.cz", true */ 't', 'a', 'b', 'o', 'r', 's', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "tac-volley.com", true */ 't', 'a', 'c', '-', 'v', 'o', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tacklog.com", true */ 't', 'a', 'c', 'k', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tacoma-games.com", true */ 't', 'a', 'c', 'o', 'm', 'a', '-', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tacomafia.net", false */ 't', 'a', 'c', 'o', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "tacotown.tk", true */ 't', 'a', 'c', 'o', 't', 'o', 'w', 'n', '.', 't', 'k', '\0',
+  /* "tacticalsquare.com", true */ 't', 'a', 'c', 't', 'i', 'c', 'a', 'l', 's', 'q', 'u', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tadata.me", true */ 't', 'a', 'd', 'a', 't', 'a', '.', 'm', 'e', '\0',
+  /* "tadcastercircuit.org.uk", true */ 't', 'a', 'd', 'c', 'a', 's', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'u', 'i', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "tadtadya.com", true */ 't', 'a', 'd', 't', 'a', 'd', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tadu.de", true */ 't', 'a', 'd', 'u', '.', 'd', 'e', '\0',
+  /* "tagdocumentary.com", true */ 't', 'a', 'g', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tagesmutter-in-bilm.de", true */ 't', 'a', 'g', 'e', 's', 'm', 'u', 't', 't', 'e', 'r', '-', 'i', 'n', '-', 'b', 'i', 'l', 'm', '.', 'd', 'e', '\0',
+  /* "taggedpdf.com", false */ 't', 'a', 'g', 'g', 'e', 'd', 'p', 'd', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "taglioepiega.com", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "taglioepiega.eu", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'e', 'u', '\0',
+  /* "taglioepiega.it", true */ 't', 'a', 'g', 'l', 'i', 'o', 'e', 'p', 'i', 'e', 'g', 'a', '.', 'i', 't', '\0',
+  /* "tahf.net", true */ 't', 'a', 'h', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tahosa.co", true */ 't', 'a', 'h', 'o', 's', 'a', '.', 'c', 'o', '\0',
+  /* "tahosalodge.org", true */ 't', 'a', 'h', 'o', 's', 'a', 'l', 'o', 'd', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "taidu.news", true */ 't', 'a', 'i', 'd', 'u', '.', 'n', 'e', 'w', 's', '\0',
+  /* "tailandfur.com", true */ 't', 'a', 'i', 'l', 'a', 'n', 'd', 'f', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tailpuff.net", true */ 't', 'a', 'i', 'l', 'p', 'u', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tails.boum.org", true */ 't', 'a', 'i', 'l', 's', '.', 'b', 'o', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "taim.io", true */ 't', 'a', 'i', 'm', '.', 'i', 'o', '\0',
+  /* "taishon.nagoya", true */ 't', 'a', 'i', 's', 'h', 'o', 'n', '.', 'n', 'a', 'g', 'o', 'y', 'a', '\0',
+  /* "taiwan.dating", true */ 't', 'a', 'i', 'w', 'a', 'n', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "taiwantour.info", true */ 't', 'a', 'i', 'w', 'a', 'n', 't', 'o', 'u', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "taiyouko-hatuden.net", true */ 't', 'a', 'i', 'y', 'o', 'u', 'k', 'o', '-', 'h', 'a', 't', 'u', 'd', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tajper.pl", true */ 't', 'a', 'j', 'p', 'e', 'r', '.', 'p', 'l', '\0',
+  /* "take1give1.com", false */ 't', 'a', 'k', 'e', '1', 'g', 'i', 'v', 'e', '1', '.', 'c', 'o', 'm', '\0',
+  /* "takebonus.com", true */ 't', 'a', 'k', 'e', 'b', 'o', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "takedownthissite.com", true */ 't', 'a', 'k', 'e', 'd', 'o', 'w', 'n', 't', 'h', 'i', 's', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "takeitoffline.co.uk", true */ 't', 'a', 'k', 'e', 'i', 't', 'o', 'f', 'f', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "takemoto-ped.com", true */ 't', 'a', 'k', 'e', 'm', 'o', 't', 'o', '-', 'p', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "taken.pl", true */ 't', 'a', 'k', 'e', 'n', '.', 'p', 'l', '\0',
+  /* "takeshifujimoto.com", true */ 't', 'a', 'k', 'e', 's', 'h', 'i', 'f', 'u', 'j', 'i', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "takinet.kr", true */ 't', 'a', 'k', 'i', 'n', 'e', 't', '.', 'k', 'r', '\0',
+  /* "takk.pl", true */ 't', 'a', 'k', 'k', '.', 'p', 'l', '\0',
+  /* "takkaaaaa.com", true */ 't', 'a', 'k', 'k', 'a', 'a', 'a', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "takuto.de", true */ 't', 'a', 'k', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "takuyaphotos.com", true */ 't', 'a', 'k', 'u', 'y', 'a', 'p', 'h', 'o', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "talado.gr", false */ 't', 'a', 'l', 'a', 'd', 'o', '.', 'g', 'r', '\0',
+  /* "talentcast.nl", false */ 't', 'a', 'l', 'e', 'n', 't', 'c', 'a', 's', 't', '.', 'n', 'l', '\0',
+  /* "talenthero.io", true */ 't', 'a', 'l', 'e', 'n', 't', 'h', 'e', 'r', 'o', '.', 'i', 'o', '\0',
+  /* "talentos.pt", true */ 't', 'a', 'l', 'e', 'n', 't', 'o', 's', '.', 'p', 't', '\0',
+  /* "taler.net", true */ 't', 'a', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "talideon.com", false */ 't', 'a', 'l', 'i', 'd', 'e', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "talk.google.com", true */ 't', 'a', 'l', 'k', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "talk.xyz", true */ 't', 'a', 'l', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "talkgadget.google.com", true */ 't', 'a', 'l', 'k', 'g', 'a', 'd', 'g', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "talkreal.net", true */ 't', 'a', 'l', 'k', 'r', 'e', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "talktodarcy.com", true */ 't', 'a', 'l', 'k', 't', 'o', 'd', 'a', 'r', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "talkwithyourbaby.org", true */ 't', 'a', 'l', 'k', 'w', 'i', 't', 'h', 'y', 'o', 'u', 'r', 'b', 'a', 'b', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "tallcraft.com", true */ 't', 'a', 'l', 'l', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "talldude.net", true */ 't', 'a', 'l', 'l', 'd', 'u', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "talltreeskv.com.au", true */ 't', 'a', 'l', 'l', 't', 'r', 'e', 'e', 's', 'k', 'v', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "talon.rip", true */ 't', 'a', 'l', 'o', 'n', '.', 'r', 'i', 'p', '\0',
+  /* "talsi.eu", true */ 't', 'a', 'l', 's', 'i', '.', 'e', 'u', '\0',
+  /* "talun.de", true */ 't', 'a', 'l', 'u', 'n', '.', 'd', 'e', '\0',
+  /* "tam7t.com", true */ 't', 'a', 'm', '7', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tamasszabo.net", true */ 't', 'a', 'm', 'a', 's', 's', 'z', 'a', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tamchunho.com", true */ 't', 'a', 'm', 'c', 'h', 'u', 'n', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tamindir.com", true */ 't', 'a', 'm', 'i', 'n', 'd', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tammy.pro", true */ 't', 'a', 'm', 'm', 'y', '.', 'p', 'r', 'o', '\0',
+  /* "tampabaybusinesslistings.com", true */ 't', 'a', 'm', 'p', 'a', 'b', 'a', 'y', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', 'l', 'i', 's', 't', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tanak3n.xyz", true */ 't', 'a', 'n', 'a', 'k', '3', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "tancredi.nl", true */ 't', 'a', 'n', 'c', 'r', 'e', 'd', 'i', '.', 'n', 'l', '\0',
+  /* "tandblekningidag.com", true */ 't', 'a', 'n', 'd', 'b', 'l', 'e', 'k', 'n', 'i', 'n', 'g', 'i', 'd', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tangiblesecurity.com", true */ 't', 'a', 'n', 'g', 'i', 'b', 'l', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tango-cats.de", true */ 't', 'a', 'n', 'g', 'o', '-', 'c', 'a', 't', 's', '.', 'd', 'e', '\0',
+  /* "tango-ouest.com", true */ 't', 'a', 'n', 'g', 'o', '-', 'o', 'u', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tangoalpha.co.uk", true */ 't', 'a', 'n', 'g', 'o', 'a', 'l', 'p', 'h', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tanhit.com", true */ 't', 'a', 'n', 'h', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "taniku-succulent.com", true */ 't', 'a', 'n', 'i', 'k', 'u', '-', 's', 'u', 'c', 'c', 'u', 'l', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tankski.co.uk", true */ 't', 'a', 'n', 'k', 's', 'k', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tannenhof-moelln.de", true */ 't', 'a', 'n', 'n', 'e', 'n', 'h', 'o', 'f', '-', 'm', 'o', 'e', 'l', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "tantalos.nl", true */ 't', 'a', 'n', 't', 'a', 'l', 'o', 's', '.', 'n', 'l', '\0',
+  /* "tantei100.net", true */ 't', 'a', 'n', 't', 'e', 'i', '1', '0', '0', '.', 'n', 'e', 't', '\0',
+  /* "tanto259.name", true */ 't', 'a', 'n', 't', 'o', '2', '5', '9', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "tanz.info", true */ 't', 'a', 'n', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tanzhijun.com", true */ 't', 'a', 'n', 'z', 'h', 'i', 'j', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "taoburee.com", true */ 't', 'a', 'o', 'b', 'u', 'r', 'e', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tapestries.tk", true */ 't', 'a', 'p', 'e', 's', 't', 'r', 'i', 'e', 's', '.', 't', 'k', '\0',
+  /* "taqsim.jp", true */ 't', 'a', 'q', 's', 'i', 'm', '.', 'j', 'p', '\0',
+  /* "taquilla.com", true */ 't', 'a', 'q', 'u', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "taqun.club", true */ 't', 'a', 'q', 'u', 'n', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "taranis.re", true */ 't', 'a', 'r', 'a', 'n', 'i', 's', '.', 'r', 'e', '\0',
+  /* "tarantul.org.ua", true */ 't', 'a', 'r', 'a', 'n', 't', 'u', 'l', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "tarasecurity.co.uk", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tarasecurity.com", true */ 't', 'a', 'r', 'a', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tarasevich.by", true */ 't', 'a', 'r', 'a', 's', 'e', 'v', 'i', 'c', 'h', '.', 'b', 'y', '\0',
+  /* "taravancil.com", false */ 't', 'a', 'r', 'a', 'v', 'a', 'n', 'c', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tardis.io", true */ 't', 'a', 'r', 'd', 'i', 's', '.', 'i', 'o', '\0',
+  /* "tardybaker.com", true */ 't', 'a', 'r', 'd', 'y', 'b', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tarek.link", true */ 't', 'a', 'r', 'e', 'k', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "targimieszkaniowe.net", true */ 't', 'a', 'r', 'g', 'i', 'm', 'i', 'e', 's', 'z', 'k', 'a', 'n', 'i', 'o', 'w', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tarik.io", true */ 't', 'a', 'r', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "tarsan.cz", true */ 't', 'a', 'r', 's', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "tarsashaz-biztositas.hu", true */ 't', 'a', 'r', 's', 'a', 's', 'h', 'a', 'z', '-', 'b', 'i', 'z', 't', 'o', 's', 'i', 't', 'a', 's', '.', 'h', 'u', '\0',
+  /* "tartaneagle.org.uk", true */ 't', 'a', 'r', 't', 'a', 'n', 'e', 'a', 'g', 'l', 'e', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "tartanhamedshop.com.br", true */ 't', 'a', 'r', 't', 'a', 'n', 'h', 'a', 'm', 'e', 'd', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "taskin.me", true */ 't', 'a', 's', 'k', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "taskotron.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "taskotron.stg.fedoraproject.org", true */ 't', 'a', 's', 'k', 'o', 't', 'r', 'o', 'n', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "taskstream.com", true */ 't', 'a', 's', 'k', 's', 't', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "taskulu.com", true */ 't', 'a', 's', 'k', 'u', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tasta.ro", true */ 't', 'a', 's', 't', 'a', '.', 'r', 'o', '\0',
+  /* "tasticfilm.com", true */ 't', 'a', 's', 't', 'i', 'c', 'f', 'i', 'l', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tastycake.net", true */ 't', 'a', 's', 't', 'y', 'c', 'a', 'k', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tastystakes.com", true */ 't', 'a', 's', 't', 'y', 's', 't', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tat2grl85.com", true */ 't', 'a', 't', '2', 'g', 'r', 'l', '8', '5', '.', 'c', 'o', 'm', '\0',
+  /* "tatara.ne.jp", true */ 't', 'a', 't', 'a', 'r', 'a', '.', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "tateesq.com", true */ 't', 'a', 't', 'e', 'e', 's', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "tatiloley.com", true */ 't', 'a', 't', 'i', 'l', 'o', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tatort-fanpage.de", true */ 't', 'a', 't', 'o', 'r', 't', '-', 'f', 'a', 'n', 'p', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tatsidou.gr", true */ 't', 'a', 't', 's', 'i', 'd', 'o', 'u', '.', 'g', 'r', '\0',
+  /* "tattoo.dating", true */ 't', 'a', 't', 't', 'o', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "tavolaquadrada.com.br", true */ 't', 'a', 'v', 'o', 'l', 'a', 'q', 'u', 'a', 'd', 'r', 'a', 'd', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tavsys.net", true */ 't', 'a', 'v', 's', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "taxaroo.com", true */ 't', 'a', 'x', 'a', 'r', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "taxaudit.com", true */ 't', 'a', 'x', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "taxi-24std.de", true */ 't', 'a', 'x', 'i', '-', '2', '4', 's', 't', 'd', '.', 'd', 'e', '\0',
+  /* "taxi-chamonix.fr", true */ 't', 'a', 'x', 'i', '-', 'c', 'h', 'a', 'm', 'o', 'n', 'i', 'x', '.', 'f', 'r', '\0',
+  /* "taxi-collectif.ch", true */ 't', 'a', 'x', 'i', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0',
+  /* "taxicollectif.ch", true */ 't', 'a', 'x', 'i', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', '.', 'c', 'h', '\0',
+  /* "taxiindenbosch.nl", true */ 't', 'a', 'x', 'i', 'i', 'n', 'd', 'e', 'n', 'b', 'o', 's', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "taxis-collectifs.ch", true */ 't', 'a', 'x', 'i', 's', '-', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0',
+  /* "taxisafmatosinhos.pt", true */ 't', 'a', 'x', 'i', 's', 'a', 'f', 'm', 'a', 't', 'o', 's', 'i', 'n', 'h', 'o', 's', '.', 'p', 't', '\0',
+  /* "taxiscollectifs.ch", true */ 't', 'a', 'x', 'i', 's', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'f', 's', '.', 'c', 'h', '\0',
+  /* "taxlab.co.nz", true */ 't', 'a', 'x', 'l', 'a', 'b', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "taxmadras.com", true */ 't', 'a', 'x', 'm', 'a', 'd', 'r', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "taxspeaker.com", true */ 't', 'a', 'x', 's', 'p', 'e', 'a', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "taxsquirrel.com", true */ 't', 'a', 'x', 's', 'q', 'u', 'i', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "taylorpearson.me", false */ 't', 'a', 'y', 'l', 'o', 'r', 'p', 'e', 'a', 'r', 's', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "taylors-castles.co.uk", true */ 't', 'a', 'y', 'l', 'o', 'r', 's', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "taysonvodao.fr", true */ 't', 'a', 'y', 's', 'o', 'n', 'v', 'o', 'd', 'a', 'o', '.', 'f', 'r', '\0',
+  /* "tazemama.biz", true */ 't', 'a', 'z', 'e', 'm', 'a', 'm', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "tb-devel.de", true */ 't', 'b', '-', 'd', 'e', 'v', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tb-itf.de", true */ 't', 'b', '-', 'i', 't', 'f', '.', 'd', 'e', '\0',
+  /* "tbarter.com", false */ 't', 'b', 'a', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tbitc.ch", true */ 't', 'b', 'i', 't', 'c', '.', 'c', 'h', '\0',
+  /* "tbonejs.org", true */ 't', 'b', 'o', 'n', 'e', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "tbrindus.ca", true */ 't', 'b', 'r', 'i', 'n', 'd', 'u', 's', '.', 'c', 'a', '\0',
+  /* "tbrss.com", true */ 't', 'b', 'r', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tbs-certificates.co.uk", true */ 't', 'b', 's', '-', 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tbtech.cz", true */ 't', 'b', 't', 'e', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "tbuchloh.de", true */ 't', 'b', 'u', 'c', 'h', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "tc-st-leonard.ch", true */ 't', 'c', '-', 's', 't', '-', 'l', 'e', 'o', 'n', 'a', 'r', 'd', '.', 'c', 'h', '\0',
+  /* "tc.nz", true */ 't', 'c', '.', 'n', 'z', '\0',
+  /* "tcacademy.co.uk", true */ 't', 'c', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tcb-a.org", true */ 't', 'c', 'b', '-', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tcb-b.org", true */ 't', 'c', 'b', '-', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "tcf.org", true */ 't', 'c', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "tcgrepublic.com", true */ 't', 'c', 'g', 'r', 'e', 'p', 'u', 'b', 'l', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tchebb.me", true */ 't', 'c', 'h', 'e', 'b', 'b', '.', 'm', 'e', '\0',
+  /* "tchnics.de", true */ 't', 'c', 'h', 'n', 'i', 'c', 's', '.', 'd', 'e', '\0',
+  /* "tchoukball.ch", true */ 't', 'c', 'h', 'o', 'u', 'k', 'b', 'a', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "tcnapplications.com", true */ 't', 'c', 'n', 'a', 'p', 'p', 'l', 'i', 'c', 'a', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tcptun.com", true */ 't', 'c', 'p', 't', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tdchrom.com", true */ 't', 'd', 'c', 'h', 'r', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tdfbfoundation.org", true */ 't', 'd', 'f', 'b', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "tdrcartuchos.com.br", true */ 't', 'd', 'r', 'c', 'a', 'r', 't', 'u', 'c', 'h', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tdrs.info", true */ 't', 'd', 'r', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tdsinflatables.co.uk", true */ 't', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tdude.co", true */ 't', 'd', 'u', 'd', 'e', '.', 'c', 'o', '\0',
+  /* "teabagdesign.co.uk", true */ 't', 'e', 'a', 'b', 'a', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "teachercreatedmaterials.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'c', 'r', 'e', 'a', 't', 'e', 'd', 'm', 'a', 't', 'e', 'r', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teacherph.com", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "teacherph.net", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'h', '.', 'n', 'e', 't', '\0',
+  /* "teacherpowered.org", true */ 't', 'e', 'a', 'c', 'h', 'e', 'r', 'p', 'o', 'w', 'e', 'r', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "teachingcopyright.com", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "teachingcopyright.net", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "teachingcopyright.org", true */ 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', 'c', 'o', 'p', 'y', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "teachmeplease.com", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teachmeplease.ru", true */ 't', 'e', 'a', 'c', 'h', 'm', 'e', 'p', 'l', 'e', 'a', 's', 'e', '.', 'r', 'u', '\0',
+  /* "teachpeople.org", true */ 't', 'e', 'a', 'c', 'h', 'p', 'e', 'o', 'p', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "teachwithouttears.com", true */ 't', 'e', 'a', 'c', 'h', 'w', 'i', 't', 'h', 'o', 'u', 't', 't', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teahut.net", true */ 't', 'e', 'a', 'h', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "team-azerty.com", true */ 't', 'e', 'a', 'm', '-', 'a', 'z', 'e', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "team-bbd.com", true */ 't', 'e', 'a', 'm', '-', 'b', 'b', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "team-pancake.eu", true */ 't', 'e', 'a', 'm', '-', 'p', 'a', 'n', 'c', 'a', 'k', 'e', '.', 'e', 'u', '\0',
+  /* "team3482.com", true */ 't', 'e', 'a', 'm', '3', '4', '8', '2', '.', 'c', 'o', 'm', '\0',
+  /* "teamassists.com", true */ 't', 'e', 'a', 'm', 'a', 's', 's', 'i', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teambeam.at", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'a', 't', '\0',
+  /* "teambeam.ch", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'h', '\0',
+  /* "teambeam.com", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "teambeam.de", true */ 't', 'e', 'a', 'm', 'b', 'e', 'a', 'm', '.', 'd', 'e', '\0',
+  /* "teambition.com", true */ 't', 'e', 'a', 'm', 'b', 'i', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "teamcombat.com", true */ 't', 'e', 'a', 'm', 'c', 'o', 'm', 'b', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "teamdaylo.xyz", true */ 't', 'e', 'a', 'm', 'd', 'a', 'y', 'l', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "teamliquidpro.com", true */ 't', 'e', 'a', 'm', 'l', 'i', 'q', 'u', 'i', 'd', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "teammathics.com", true */ 't', 'e', 'a', 'm', 'm', 'a', 't', 'h', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teamnetsol.com", true */ 't', 'e', 'a', 'm', 'n', 'e', 't', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "teamnissannorthparts.com", true */ 't', 'e', 'a', 'm', 'n', 'i', 's', 's', 'a', 'n', 'n', 'o', 'r', 't', 'h', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teamnorthgermany.de", true */ 't', 'e', 'a', 'm', 'n', 'o', 'r', 't', 'h', 'g', 'e', 'r', 'm', 'a', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "teampaddymurphy.ch", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'c', 'h', '\0',
+  /* "teampaddymurphy.ie", true */ 't', 'e', 'a', 'm', 'p', 'a', 'd', 'd', 'y', 'm', 'u', 'r', 'p', 'h', 'y', '.', 'i', 'e', '\0',
+  /* "teamtouring.net", true */ 't', 'e', 'a', 'm', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "teamtrack.uk", true */ 't', 'e', 'a', 'm', 't', 'r', 'a', 'c', 'k', '.', 'u', 'k', '\0',
+  /* "teamupturn.com", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "teamupturn.org", true */ 't', 'e', 'a', 'm', 'u', 'p', 't', 'u', 'r', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "teamx-gaming.de", true */ 't', 'e', 'a', 'm', 'x', '-', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "teaparty.id", true */ 't', 'e', 'a', 'p', 'a', 'r', 't', 'y', '.', 'i', 'd', '\0',
+  /* "teasenetwork.com", true */ 't', 'e', 'a', 's', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "teaser-trailer.com", true */ 't', 'e', 'a', 's', 'e', 'r', '-', 't', 'r', 'a', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "teatrarium.com", true */ 't', 'e', 'a', 't', 'r', 'a', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tec3000.ch", true */ 't', 'e', 'c', '3', '0', '0', '0', '.', 'c', 'h', '\0',
+  /* "tecart-cloud.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "tecart-system.de", true */ 't', 'e', 'c', 'a', 'r', 't', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'd', 'e', '\0',
+  /* "tecartcrm.de", true */ 't', 'e', 'c', 'a', 'r', 't', 'c', 'r', 'm', '.', 'd', 'e', '\0',
+  /* "tech-blogger.net", true */ 't', 'e', 'c', 'h', '-', 'b', 'l', 'o', 'g', 'g', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tech-clips.com", true */ 't', 'e', 'c', 'h', '-', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tech-director.ru", true */ 't', 'e', 'c', 'h', '-', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "tech-essential.com", true */ 't', 'e', 'c', 'h', '-', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tech-rat.com", true */ 't', 'e', 'c', 'h', '-', 'r', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tech-seminar.jp", true */ 't', 'e', 'c', 'h', '-', 's', 'e', 'm', 'i', 'n', 'a', 'r', '.', 'j', 'p', '\0',
+  /* "tech-value.eu", true */ 't', 'e', 'c', 'h', '-', 'v', 'a', 'l', 'u', 'e', '.', 'e', 'u', '\0',
+  /* "tech-zealots.com", true */ 't', 'e', 'c', 'h', '-', 'z', 'e', 'a', 'l', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "techace.jp", true */ 't', 'e', 'c', 'h', 'a', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "techademy.nl", true */ 't', 'e', 'c', 'h', 'a', 'd', 'e', 'm', 'y', '.', 'n', 'l', '\0',
+  /* "techarea.fr", true */ 't', 'e', 'c', 'h', 'a', 'r', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "techbrown.com", true */ 't', 'e', 'c', 'h', 'b', 'r', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "techcentric.com", false */ 't', 'e', 'c', 'h', 'c', 'e', 'n', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "techcracky.com", true */ 't', 'e', 'c', 'h', 'c', 'r', 'a', 'c', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techcultivation.de", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "techcultivation.net", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "techcultivation.org", false */ 't', 'e', 'c', 'h', 'c', 'u', 'l', 't', 'i', 'v', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "techday.co.nz", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "techday.com", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techday.com.au", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "techday.eu", true */ 't', 'e', 'c', 'h', 'd', 'a', 'y', '.', 'e', 'u', '\0',
+  /* "techdirt.com", true */ 't', 'e', 'c', 'h', 'd', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "techendeavors.com", true */ 't', 'e', 'c', 'h', 'e', 'n', 'd', 'e', 'a', 'v', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "techhappy.ca", true */ 't', 'e', 'c', 'h', 'h', 'a', 'p', 'p', 'y', '.', 'c', 'a', '\0',
+  /* "techinet.pl", true */ 't', 'e', 'c', 'h', 'i', 'n', 'e', 't', '.', 'p', 'l', '\0',
+  /* "techjoe.co", true */ 't', 'e', 'c', 'h', 'j', 'o', 'e', '.', 'c', 'o', '\0',
+  /* "techmajesty.com", true */ 't', 'e', 'c', 'h', 'm', 'a', 'j', 'e', 's', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "techmasters.io", true */ 't', 'e', 'c', 'h', 'm', 'a', 's', 't', 'e', 'r', 's', '.', 'i', 'o', '\0',
+  /* "techmunchies.net", false */ 't', 'e', 'c', 'h', 'm', 'u', 'n', 'c', 'h', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "technicabv.nl", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'b', 'v', '.', 'n', 'l', '\0',
+  /* "technicalforensic.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'f', 'o', 'r', 'e', 'n', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "technicallyeasy.net", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'l', 'y', 'e', 'a', 's', 'y', '.', 'n', 'e', 't', '\0',
+  /* "technicalpenguins.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'c', 'a', 'l', 'p', 'e', 'n', 'g', 'u', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "technifocal.com", true */ 't', 'e', 'c', 'h', 'n', 'i', 'f', 'o', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "technikrom.org", true */ 't', 'e', 'c', 'h', 'n', 'i', 'k', 'r', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "technoinfogroup.it", true */ 't', 'e', 'c', 'h', 'n', 'o', 'i', 'n', 'f', 'o', 'g', 'r', 'o', 'u', 'p', '.', 'i', 't', '\0',
+  /* "technologie-innovation.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', '-', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "technologyand.me", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 'a', 'n', 'd', '.', 'm', 'e', '\0',
+  /* "technologysi.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "technoparcepsilon.fr", true */ 't', 'e', 'c', 'h', 'n', 'o', 'p', 'a', 'r', 'c', 'e', 'p', 's', 'i', 'l', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "technoscoots.com", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'c', 'o', 'o', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "technosorcery.net", true */ 't', 'e', 'c', 'h', 'n', 'o', 's', 'o', 'r', 'c', 'e', 'r', 'y', '.', 'n', 'e', 't', '\0',
+  /* "technotonic.co.uk", true */ 't', 'e', 'c', 'h', 'n', 'o', 't', 'o', 'n', 'i', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "techold.ru", true */ 't', 'e', 'c', 'h', 'o', 'l', 'd', '.', 'r', 'u', '\0',
+  /* "techorbiter.com", true */ 't', 'e', 'c', 'h', 'o', 'r', 'b', 'i', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "techosmarcelo.com.ar", true */ 't', 'e', 'c', 'h', 'o', 's', 'm', 'a', 'r', 'c', 'e', 'l', 'o', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "techpivot.net", true */ 't', 'e', 'c', 'h', 'p', 'i', 'v', 'o', 't', '.', 'n', 'e', 't', '\0',
+  /* "techpro.net.br", true */ 't', 'e', 'c', 'h', 'p', 'r', 'o', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "techshift.eu", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'e', 'u', '\0',
+  /* "techshift.nl", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 'n', 'l', '\0',
+  /* "techshift.se", true */ 't', 'e', 'c', 'h', 's', 'h', 'i', 'f', 't', '.', 's', 'e', '\0',
+  /* "techtalks.no", true */ 't', 'e', 'c', 'h', 't', 'a', 'l', 'k', 's', '.', 'n', 'o', '\0',
+  /* "techtuts.info", true */ 't', 'e', 'c', 'h', 't', 'u', 't', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "techunit.org", true */ 't', 'e', 'c', 'h', 'u', 'n', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "techvalue.gr", true */ 't', 'e', 'c', 'h', 'v', 'a', 'l', 'u', 'e', '.', 'g', 'r', '\0',
+  /* "techviewforum.com", true */ 't', 'e', 'c', 'h', 'v', 'i', 'e', 'w', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "techwayz.com", true */ 't', 'e', 'c', 'h', 'w', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "techwords.io", true */ 't', 'e', 'c', 'h', 'w', 'o', 'r', 'd', 's', '.', 'i', 'o', '\0',
+  /* "tecit.ch", true */ 't', 'e', 'c', 'i', 't', '.', 'c', 'h', '\0',
+  /* "tecne.ws", true */ 't', 'e', 'c', 'n', 'e', '.', 'w', 's', '\0',
+  /* "tecnoarea.com.ar", true */ 't', 'e', 'c', 'n', 'o', 'a', 'r', 'e', 'a', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "tecnobrasilloja.com.br", true */ 't', 'e', 'c', 'n', 'o', 'b', 'r', 'a', 's', 'i', 'l', 'l', 'o', 'j', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tecnodritte.it", true */ 't', 'e', 'c', 'n', 'o', 'd', 'r', 'i', 't', 't', 'e', '.', 'i', 't', '\0',
+  /* "tecyt.com", true */ 't', 'e', 'c', 'y', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tedb.us", true */ 't', 'e', 'd', 'b', '.', 'u', 's', '\0',
+  /* "teddy.ch", true */ 't', 'e', 'd', 'd', 'y', '.', 'c', 'h', '\0',
+  /* "teddybradford.com", true */ 't', 'e', 'd', 'd', 'y', 'b', 'r', 'a', 'd', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "teddylu.info", true */ 't', 'e', 'd', 'd', 'y', 'l', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tedeh.net", true */ 't', 'e', 'd', 'e', 'h', '.', 'n', 'e', 't', '\0',
+  /* "tedsdivingsystem.com", true */ 't', 'e', 'd', 's', 'd', 'i', 'v', 'i', 'n', 'g', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tee-idf.net", true */ 't', 'e', 'e', '-', 'i', 'd', 'f', '.', 'n', 'e', 't', '\0',
+  /* "teebeedee.org", true */ 't', 'e', 'e', 'b', 'e', 'e', 'd', 'e', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "teedb.de", true */ 't', 'e', 'e', 'd', 'b', '.', 'd', 'e', '\0',
+  /* "teemo.gg", true */ 't', 'e', 'e', 'm', 'o', '.', 'g', 'g', '\0',
+  /* "teemperor.de", true */ 't', 'e', 'e', 'm', 'p', 'e', 'r', 'o', 'r', '.', 'd', 'e', '\0',
+  /* "teemulintula.fi", true */ 't', 'e', 'e', 'm', 'u', 'l', 'i', 'n', 't', 'u', 'l', 'a', '.', 'f', 'i', '\0',
+  /* "teencounseling.com", true */ 't', 'e', 'e', 'n', 'c', 'o', 'u', 'n', 's', 'e', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "teeplelaw.com", true */ 't', 'e', 'e', 'p', 'l', 'e', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "teeworlds-friends.de", true */ 't', 'e', 'e', 'w', 'o', 'r', 'l', 'd', 's', '-', 'f', 'r', 'i', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "tefek.cz", true */ 't', 'e', 'f', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tege-elektronik.hu", true */ 't', 'e', 'g', 'e', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', 'n', 'i', 'k', '.', 'h', 'u', '\0',
+  /* "tehcrayz.com", true */ 't', 'e', 'h', 'c', 'r', 'a', 'y', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "tehplace.club", true */ 't', 'e', 'h', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tehrabbitt.com", false */ 't', 'e', 'h', 'r', 'a', 'b', 'b', 'i', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tehranperfume.com", true */ 't', 'e', 'h', 'r', 'a', 'n', 'p', 'e', 'r', 'f', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teixobactin.com", true */ 't', 'e', 'i', 'x', 'o', 'b', 'a', 'c', 't', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tejarat98.com", true */ 't', 'e', 'j', 'a', 'r', 'a', 't', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "tekiro.com", true */ 't', 'e', 'k', 'i', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "teknemodus.com.au", true */ 't', 'e', 'k', 'n', 'e', 'm', 'o', 'd', 'u', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "teknik.io", true */ 't', 'e', 'k', 'n', 'i', 'k', '.', 'i', 'o', '\0',
+  /* "teknogeek.id", true */ 't', 'e', 'k', 'n', 'o', 'g', 'e', 'e', 'k', '.', 'i', 'd', '\0',
+  /* "tekstschrijvers.net", true */ 't', 'e', 'k', 's', 't', 's', 'c', 'h', 'r', 'i', 'j', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "tektuts.com", true */ 't', 'e', 'k', 't', 'u', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tekuteku.jp", true */ 't', 'e', 'k', 'u', 't', 'e', 'k', 'u', '.', 'j', 'p', '\0',
+  /* "tele-alarme.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "tele-assistance.ch", true */ 't', 'e', 'l', 'e', '-', 'a', 's', 's', 'i', 's', 't', 'a', 'n', 'c', 'e', '.', 'c', 'h', '\0',
+  /* "tele-online.com", true */ 't', 'e', 'l', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "telealarme.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "telealarmevalais.ch", true */ 't', 'e', 'l', 'e', 'a', 'l', 'a', 'r', 'm', 'e', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "telecamera.pro", false */ 't', 'e', 'l', 'e', 'c', 'a', 'm', 'e', 'r', 'a', '.', 'p', 'r', 'o', '\0',
+  /* "telecharger-open-office.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'o', 'p', 'e', 'n', '-', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "telecharger-winrar.com", true */ 't', 'e', 'l', 'e', 'c', 'h', 'a', 'r', 'g', 'e', 'r', '-', 'w', 'i', 'n', 'r', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "telecomwestland.nl", true */ 't', 'e', 'l', 'e', 'c', 'o', 'm', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "teledivi.com", true */ 't', 'e', 'l', 'e', 'd', 'i', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "telefon.report", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "telefoncek.si", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'c', 'e', 'k', '.', 's', 'i', '\0',
+  /* "telefonkonferenz.ch", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'k', 'o', 'n', 'f', 'e', 'r', 'e', 'n', 'z', '.', 'c', 'h', '\0',
+  /* "telefonni-ustredna.cz", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 'n', 'i', '-', 'u', 's', 't', 'r', 'e', 'd', 'n', 'a', '.', 'c', 'z', '\0',
+  /* "telefonseelsorge-paderborn.de", true */ 't', 'e', 'l', 'e', 'f', 'o', 'n', 's', 'e', 'e', 'l', 's', 'o', 'r', 'g', 'e', '-', 'p', 'a', 'd', 'e', 'r', 'b', 'o', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "telefoonabonnement.nl", true */ 't', 'e', 'l', 'e', 'f', 'o', 'o', 'n', 'a', 'b', 'o', 'n', 'n', 'e', 'm', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "telehealthventures.com", false */ 't', 'e', 'l', 'e', 'h', 'e', 'a', 'l', 't', 'h', 'v', 'e', 'n', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teleogistic.net", true */ 't', 'e', 'l', 'e', 'o', 'g', 'i', 's', 't', 'i', 'c', '.', 'n', 'e', 't', '\0',
+  /* "telepass.me", true */ 't', 'e', 'l', 'e', 'p', 'a', 's', 's', '.', 'm', 'e', '\0',
+  /* "telling.xyz", true */ 't', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "telly.site", true */ 't', 'e', 'l', 'l', 'y', '.', 's', 'i', 't', 'e', '\0',
+  /* "tellygames.com", true */ 't', 'e', 'l', 'l', 'y', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teloo.pl", true */ 't', 'e', 'l', 'o', 'o', '.', 'p', 'l', '\0',
+  /* "telos-analytics.com", true */ 't', 'e', 'l', 'o', 's', '-', 'a', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "telugu4u.net", true */ 't', 'e', 'l', 'u', 'g', 'u', '4', 'u', '.', 'n', 'e', 't', '\0',
+  /* "tem.li", true */ 't', 'e', 'm', '.', 'l', 'i', '\0',
+  /* "temizmama.com", true */ 't', 'e', 'm', 'i', 'z', 'm', 'a', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "temp.pm", true */ 't', 'e', 'm', 'p', '.', 'p', 'm', '\0',
+  /* "tempdomain.ml", true */ 't', 'e', 'm', 'p', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'm', 'l', '\0',
+  /* "template-parks.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', '-', 'p', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "templateinvaders.com", true */ 't', 'e', 'm', 'p', 'l', 'a', 't', 'e', 'i', 'n', 'v', 'a', 'd', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "temptraining.ru", false */ 't', 'e', 'm', 'p', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "tempus-aquilae.de", true */ 't', 'e', 'm', 'p', 'u', 's', '-', 'a', 'q', 'u', 'i', 'l', 'a', 'e', '.', 'd', 'e', '\0',
+  /* "tenable.com.au", true */ 't', 'e', 'n', 'a', 'b', 'l', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tenberg.com", true */ 't', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tenbos.ch", true */ 't', 'e', 'n', 'b', 'o', 's', '.', 'c', 'h', '\0',
+  /* "tendermaster.com.ua", true */ 't', 'e', 'n', 'd', 'e', 'r', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "tenderstem.co.uk", true */ 't', 'e', 'n', 'd', 'e', 'r', 's', 't', 'e', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tendomag.com", true */ 't', 'e', 'n', 'd', 'o', 'm', 'a', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tenenz.com", true */ 't', 'e', 'n', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "tengu.cloud", true */ 't', 'e', 'n', 'g', 'u', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "tenisservis.eu", true */ 't', 'e', 'n', 'i', 's', 's', 'e', 'r', 'v', 'i', 's', '.', 'e', 'u', '\0',
+  /* "tenkofx.com", true */ 't', 'e', 'n', 'k', 'o', 'f', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tennisadmin.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'a', 'd', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tennismindgame.com", true */ 't', 'e', 'n', 'n', 'i', 's', 'm', 'i', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tenpolab.com", true */ 't', 'e', 'n', 'p', 'o', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tenseapp.pl", true */ 't', 'e', 'n', 's', 'e', 'a', 'p', 'p', '.', 'p', 'l', '\0',
+  /* "tenshoku-hanashi.com", true */ 't', 'e', 'n', 's', 'h', 'o', 'k', 'u', '-', 'h', 'a', 'n', 'a', 's', 'h', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tent.io", true */ 't', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "tenta.com", true */ 't', 'e', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tentabrowser.com", true */ 't', 'e', 'n', 't', 'a', 'b', 'r', 'o', 'w', 's', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tentations-voyages.com", false */ 't', 'e', 'n', 't', 'a', 't', 'i', 'o', 'n', 's', '-', 'v', 'o', 'y', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tenthousandcoffees.com", true */ 't', 'e', 'n', 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'c', 'o', 'f', 'f', 'e', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tenyx.de", true */ 't', 'e', 'n', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "teodio.cl", true */ 't', 'e', 'o', 'd', 'i', 'o', '.', 'c', 'l', '\0',
+  /* "teoskanta.fi", true */ 't', 'e', 'o', 's', 'k', 'a', 'n', 't', 'a', '.', 'f', 'i', '\0',
+  /* "tepid.org", true */ 't', 'e', 'p', 'i', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tepitus.de", true */ 't', 'e', 'p', 'i', 't', 'u', 's', '.', 'd', 'e', '\0',
+  /* "tequilazor.com", true */ 't', 'e', 'q', 'u', 'i', 'l', 'a', 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "teracloud.at", true */ 't', 'e', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'a', 't', '\0',
+  /* "teranacreative.com", true */ 't', 'e', 'r', 'a', 'n', 'a', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "teranga.ch", true */ 't', 'e', 'r', 'a', 'n', 'g', 'a', '.', 'c', 'h', '\0',
+  /* "teriiphotography.com", true */ 't', 'e', 'r', 'i', 'i', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "terlindung.com", true */ 't', 'e', 'r', 'l', 'i', 'n', 'd', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "terminalvelocity.co.nz", true */ 't', 'e', 'r', 'm', 'i', 'n', 'a', 'l', 'v', 'e', 'l', 'o', 'c', 'i', 't', 'y', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "termitemounds.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'e', 'm', 'o', 'u', 'n', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "termitinitus.org", true */ 't', 'e', 'r', 'm', 'i', 't', 'i', 'n', 'i', 't', 'u', 's', '.', 'o', 'r', 'g', '\0',
+  /* "terrab.de", false */ 't', 'e', 'r', 'r', 'a', 'b', '.', 'd', 'e', '\0',
+  /* "terracloud.de", false */ 't', 'e', 'r', 'r', 'a', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "terraelectronica.ru", true */ 't', 'e', 'r', 'r', 'a', 'e', 'l', 'e', 'c', 't', 'r', 'o', 'n', 'i', 'c', 'a', '.', 'r', 'u', '\0',
+  /* "terrafinanz.de", true */ 't', 'e', 'r', 'r', 'a', 'f', 'i', 'n', 'a', 'n', 'z', '.', 'd', 'e', '\0',
+  /* "terraform.io", true */ 't', 'e', 'r', 'r', 'a', 'f', 'o', 'r', 'm', '.', 'i', 'o', '\0',
+  /* "terragni-sarasin.ch", true */ 't', 'e', 'r', 'r', 'a', 'g', 'n', 'i', '-', 's', 'a', 'r', 'a', 's', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "terrainator.com", true */ 't', 'e', 'r', 'r', 'a', 'i', 'n', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "terralimno.com", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "terralimno.eu", true */ 't', 'e', 'r', 'r', 'a', 'l', 'i', 'm', 'n', 'o', '.', 'e', 'u', '\0',
+  /* "terraluna.space", true */ 't', 'e', 'r', 'r', 'a', 'l', 'u', 'n', 'a', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "terrastaffinggroup.com", false */ 't', 'e', 'r', 'r', 'a', 's', 't', 'a', 'f', 'f', 'i', 'n', 'g', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "terraweb.net", true */ 't', 'e', 'r', 'r', 'a', 'w', 'e', 'b', '.', 'n', 'e', 't', '\0',
+  /* "terrazoo.de", true */ 't', 'e', 'r', 'r', 'a', 'z', 'o', 'o', '.', 'd', 'e', '\0',
+  /* "terresmagiques.com", true */ 't', 'e', 'r', 'r', 'e', 's', 'm', 'a', 'g', 'i', 'q', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "terrty.net", true */ 't', 'e', 'r', 'r', 't', 'y', '.', 'n', 'e', 't', '\0',
+  /* "tes.com", true */ 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tesche.biz", true */ 't', 'e', 's', 'c', 'h', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "teschenhausen.com", true */ 't', 'e', 's', 'c', 'h', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tescoirelandpayslips.com", true */ 't', 'e', 's', 'c', 'o', 'i', 'r', 'e', 'l', 'a', 'n', 'd', 'p', 'a', 'y', 's', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tescolide.cz", true */ 't', 'e', 's', 'c', 'o', 'l', 'i', 'd', 'e', '.', 'c', 'z', '\0',
+  /* "tescoludia.sk", true */ 't', 'e', 's', 'c', 'o', 'l', 'u', 'd', 'i', 'a', '.', 's', 'k', '\0',
+  /* "teskalabs.com", true */ 't', 'e', 's', 'k', 'a', 'l', 'a', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tesoro.pr", true */ 't', 'e', 's', 'o', 'r', 'o', '.', 'p', 'r', '\0',
+  /* "tessai.ga", true */ 't', 'e', 's', 's', 'a', 'i', '.', 'g', 'a', '\0',
+  /* "test.de", true */ 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "testadren.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "testadron.com", true */ 't', 'e', 's', 't', 'a', 'd', 'r', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "testbawks.com", true */ 't', 'e', 's', 't', 'b', 'a', 'w', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "testbirds.cz", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 'c', 'z', '\0',
+  /* "testbirds.sk", true */ 't', 'e', 's', 't', 'b', 'i', 'r', 'd', 's', '.', 's', 'k', '\0',
+  /* "testgeomed.ro", true */ 't', 'e', 's', 't', 'g', 'e', 'o', 'm', 'e', 'd', '.', 'r', 'o', '\0',
+  /* "testi.info", true */ 't', 'e', 's', 't', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "testingbot.com", false */ 't', 'e', 's', 't', 'i', 'n', 'g', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "testnode.xyz", false */ 't', 'e', 's', 't', 'n', 'o', 'd', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "testomato.com", true */ 't', 'e', 's', 't', 'o', 'm', 'a', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "testosterone-complex.com", true */ 't', 'e', 's', 't', 'o', 's', 't', 'e', 'r', 'o', 'n', 'e', '-', 'c', 'o', 'm', 'p', 'l', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "testpornsite.com", true */ 't', 'e', 's', 't', 'p', 'o', 'r', 'n', 's', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "testsuite.org", true */ 't', 'e', 's', 't', 's', 'u', 'i', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "testuje.net", true */ 't', 'e', 's', 't', 'u', 'j', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tetedelacourse.ch", true */ 't', 'e', 't', 'e', 'd', 'e', 'l', 'a', 'c', 'o', 'u', 'r', 's', 'e', '.', 'c', 'h', '\0',
+  /* "tetrarch.co", true */ 't', 'e', 't', 'r', 'a', 'r', 'c', 'h', '.', 'c', 'o', '\0',
+  /* "tetsugakunomichi.jp", true */ 't', 'e', 't', 's', 'u', 'g', 'a', 'k', 'u', 'n', 'o', 'm', 'i', 'c', 'h', 'i', '.', 'j', 'p', '\0',
+  /* "tetsumaki.net", true */ 't', 'e', 't', 's', 'u', 'm', 'a', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "teuniz.nl", true */ 't', 'e', 'u', 'n', 'i', 'z', '.', 'n', 'l', '\0',
+  /* "teunstuinposters.nl", true */ 't', 'e', 'u', 'n', 's', 't', 'u', 'i', 'n', 'p', 'o', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "teva-li.com", true */ 't', 'e', 'v', 'a', '-', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tewarilab.co.uk", true */ 't', 'e', 'w', 'a', 'r', 'i', 'l', 'a', 'b', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tewkesburybouncycastles.co.uk", true */ 't', 'e', 'w', 'k', 'e', 's', 'b', 'u', 'r', 'y', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "texasllcpros.com", true */ 't', 'e', 'x', 'a', 's', 'l', 'l', 'c', 'p', 'r', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "texaspaintingandgutters.com", true */ 't', 'e', 'x', 'a', 's', 'p', 'a', 'i', 'n', 't', 'i', 'n', 'g', 'a', 'n', 'd', 'g', 'u', 't', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "texastwostepdivorce.com", true */ 't', 'e', 'x', 'a', 's', 't', 'w', 'o', 's', 't', 'e', 'p', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "texasvolunteerattorneys.org", true */ 't', 'e', 'x', 'a', 's', 'v', 'o', 'l', 'u', 'n', 't', 'e', 'e', 'r', 'a', 't', 't', 'o', 'r', 'n', 'e', 'y', 's', '.', 'o', 'r', 'g', '\0',
+  /* "texby.com", true */ 't', 'e', 'x', 'b', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "texhnolyze.net", true */ 't', 'e', 'x', 'h', 'n', 'o', 'l', 'y', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "text-shirt.com", true */ 't', 'e', 'x', 't', '-', 's', 'h', 'i', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "textburst.com", true */ 't', 'e', 'x', 't', 'b', 'u', 'r', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "texter-linz.at", true */ 't', 'e', 'x', 't', 'e', 'r', '-', 'l', 'i', 'n', 'z', '.', 'a', 't', '\0',
+  /* "texterseo.at", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'a', 't', '\0',
+  /* "texterseo.de", true */ 't', 'e', 'x', 't', 'e', 'r', 's', 'e', 'o', '.', 'd', 'e', '\0',
+  /* "textpedia.org", true */ 't', 'e', 'x', 't', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "textualapp.com", true */ 't', 'e', 'x', 't', 'u', 'a', 'l', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "texture.net.au", true */ 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "texus.me", true */ 't', 'e', 'x', 'u', 's', '.', 'm', 'e', '\0',
+  /* "texy.info", true */ 't', 'e', 'x', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "teysens.com", true */ 't', 'e', 'y', 's', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "teyssedre.ca", true */ 't', 'e', 'y', 's', 's', 'e', 'd', 'r', 'e', '.', 'c', 'a', '\0',
+  /* "tezcam.tk", true */ 't', 'e', 'z', 'c', 'a', 'm', '.', 't', 'k', '\0',
+  /* "tf-network.de", true */ 't', 'f', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "tf2b.com", true */ 't', 'f', '2', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tf2calculator.com", true */ 't', 'f', '2', 'c', 'a', 'l', 'c', 'u', 'l', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tfg-bouncycastles.com", true */ 't', 'f', 'g', '-', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tfle.xyz", true */ 't', 'f', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "tflite.com", true */ 't', 'f', 'l', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tfnapps.de", true */ 't', 'f', 'n', 'a', 'p', 'p', 's', '.', 'd', 'e', '\0',
+  /* "tfx.com.br", true */ 't', 'f', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tfx.pt", true */ 't', 'f', 'x', '.', 'p', 't', '\0',
+  /* "tfxstartup.com", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tfxstartup.com.br", true */ 't', 'f', 'x', 's', 't', 'a', 'r', 't', 'u', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tgamobility.co.uk", true */ 't', 'g', 'a', 'm', 'o', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tgbyte.com", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tgbyte.de", true */ 't', 'g', 'b', 'y', 't', 'e', '.', 'd', 'e', '\0',
+  /* "tgexport.eu", true */ 't', 'g', 'e', 'x', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "tgmkanis.com", true */ 't', 'g', 'm', 'k', 'a', 'n', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tgod.co", true */ 't', 'g', 'o', 'd', '.', 'c', 'o', '\0',
+  /* "tgtv.tn", true */ 't', 'g', 't', 'v', '.', 't', 'n', '\0',
+  /* "tgui.eu", true */ 't', 'g', 'u', 'i', '.', 'e', 'u', '\0',
+  /* "tgui.net", true */ 't', 'g', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tgw.com", true */ 't', 'g', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "th.search.yahoo.com", false */ 't', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thablubb.de", true */ 't', 'h', 'a', 'b', 'l', 'u', 'b', 'b', '.', 'd', 'e', '\0',
+  /* "thaedal.net", true */ 't', 'h', 'a', 'e', 'd', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "thai.dating", true */ 't', 'h', 'a', 'i', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "thai.land", false */ 't', 'h', 'a', 'i', '.', 'l', 'a', 'n', 'd', '\0',
+  /* "thaianthro.com", true */ 't', 'h', 'a', 'i', 'a', 'n', 't', 'h', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thaicyberpoint.com", true */ 't', 'h', 'a', 'i', 'c', 'y', 'b', 'e', 'r', 'p', 'o', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thaiforest.ch", true */ 't', 'h', 'a', 'i', 'f', 'o', 'r', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "thaihomecooking.com", true */ 't', 'h', 'a', 'i', 'h', 'o', 'm', 'e', 'c', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thailandpharmacy.net", true */ 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'n', 'e', 't', '\0',
+  /* "thairehabassociation.com", true */ 't', 'h', 'a', 'i', 'r', 'e', 'h', 'a', 'b', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thajskyraj.com", true */ 't', 'h', 'a', 'j', 's', 'k', 'y', 'r', 'a', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "thalan.fr", true */ 't', 'h', 'a', 'l', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "thalgott.net", true */ 't', 'h', 'a', 'l', 'g', 'o', 't', 't', '.', 'n', 'e', 't', '\0',
+  /* "thalhammer.it", true */ 't', 'h', 'a', 'l', 'h', 'a', 'm', 'm', 'e', 'r', '.', 'i', 't', '\0',
+  /* "thalskarth.com", true */ 't', 'h', 'a', 'l', 's', 'k', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thamesfamilydentistry.com", true */ 't', 'h', 'a', 'm', 'e', 's', 'f', 'a', 'm', 'i', 'l', 'y', 'd', 'e', 'n', 't', 'i', 's', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thanabh.at", true */ 't', 'h', 'a', 'n', 'a', 'b', 'h', '.', 'a', 't', '\0',
+  /* "thanatoid.net", true */ 't', 'h', 'a', 'n', 'a', 't', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "thanhthinhbui.com", true */ 't', 'h', 'a', 'n', 'h', 't', 'h', 'i', 'n', 'h', 'b', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "thatgudstuff.com", true */ 't', 'h', 'a', 't', 'g', 'u', 'd', 's', 't', 'u', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "thatpodcast.io", true */ 't', 'h', 'a', 't', 'p', 'o', 'd', 'c', 'a', 's', 't', '.', 'i', 'o', '\0',
+  /* "thatquiz.org", true */ 't', 'h', 'a', 't', 'q', 'u', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "thca.ca", true */ 't', 'h', 'c', 'a', '.', 'c', 'a', '\0',
+  /* "thcpbees.co.uk", true */ 't', 'h', 'c', 'p', 'b', 'e', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "the-body-shop.hu", false */ 't', 'h', 'e', '-', 'b', 'o', 'd', 'y', '-', 's', 'h', 'o', 'p', '.', 'h', 'u', '\0',
+  /* "the-earth-yui.net", false */ 't', 'h', 'e', '-', 'e', 'a', 'r', 't', 'h', '-', 'y', 'u', 'i', '.', 'n', 'e', 't', '\0',
+  /* "the-hemingway-code.de", true */ 't', 'h', 'e', '-', 'h', 'e', 'm', 'i', 'n', 'g', 'w', 'a', 'y', '-', 'c', 'o', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "the-mystery.org", true */ 't', 'h', 'e', '-', 'm', 'y', 's', 't', 'e', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "the-paddies.de", true */ 't', 'h', 'e', '-', 'p', 'a', 'd', 'd', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "the-pcca.org", true */ 't', 'h', 'e', '-', 'p', 'c', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "the-webmaster.com", true */ 't', 'h', 'e', '-', 'w', 'e', 'b', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "the-zenti.de", true */ 't', 'h', 'e', '-', 'z', 'e', 'n', 't', 'i', '.', 'd', 'e', '\0',
+  /* "the2f.de", true */ 't', 'h', 'e', '2', 'f', '.', 'd', 'e', '\0',
+  /* "the3musketeers.biz", true */ 't', 'h', 'e', '3', 'm', 'u', 's', 'k', 'e', 't', 'e', 'e', 'r', 's', '.', 'b', 'i', 'z', '\0',
+  /* "theankhlife.com", true */ 't', 'h', 'e', 'a', 'n', 'k', 'h', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebakers.com.br", true */ 't', 'h', 'e', 'b', 'a', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "thebasebk.org", true */ 't', 'h', 'e', 'b', 'a', 's', 'e', 'b', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "thebcm.co.uk", true */ 't', 'h', 'e', 'b', 'c', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebest.ch", true */ 't', 'h', 'e', 'b', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "thebestfun.co.uk", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebestsavingsplan.com", true */ 't', 'h', 'e', 'b', 'e', 's', 't', 's', 'a', 'v', 'i', 'n', 'g', 's', 'p', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thebigbitch.nl", true */ 't', 'h', 'e', 'b', 'i', 'g', 'b', 'i', 't', 'c', 'h', '.', 'n', 'l', '\0',
+  /* "thebigdatacompany.com", true */ 't', 'h', 'e', 'b', 'i', 'g', 'd', 'a', 't', 'a', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thebigwave.de", true */ 't', 'h', 'e', 'b', 'i', 'g', 'w', 'a', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "thebikeinsurer.co.uk", true */ 't', 'h', 'e', 'b', 'i', 'k', 'e', 'i', 'n', 's', 'u', 'r', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebimhub.com", true */ 't', 'h', 'e', 'b', 'i', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thebit.link", true */ 't', 'h', 'e', 'b', 'i', 't', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "theblackknightsings.com", true */ 't', 'h', 'e', 'b', 'l', 'a', 'c', 'k', 'k', 'n', 'i', 'g', 'h', 't', 's', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thebodyprinciple.com", true */ 't', 'h', 'e', 'b', 'o', 'd', 'y', 'p', 'r', 'i', 'n', 'c', 'i', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebouncedepartment.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'd', 'e', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thebouncyman.co.uk", true */ 't', 'h', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'm', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theboxofcarlos.com", true */ 't', 'h', 'e', 'b', 'o', 'x', 'o', 'f', 'c', 'a', 'r', 'l', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thebreakhotel.com", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thebreakroom.org", true */ 't', 'h', 'e', 'b', 'r', 'e', 'a', 'k', 'r', 'o', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "thebte.com", true */ 't', 'h', 'e', 'b', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thebuffalotavern.com", true */ 't', 'h', 'e', 'b', 'u', 'f', 'f', 'a', 'l', 'o', 't', 'a', 'v', 'e', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thecandidforum.com", true */ 't', 'h', 'e', 'c', 'a', 'n', 'd', 'i', 'd', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thecarolingconnection.com", true */ 't', 'h', 'e', 'c', 'a', 'r', 'o', 'l', 'i', 'n', 'g', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thecherryship.ch", true */ 't', 'h', 'e', 'c', 'h', 'e', 'r', 'r', 'y', 's', 'h', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "theciderlink.com.au", true */ 't', 'h', 'e', 'c', 'i', 'd', 'e', 'r', 'l', 'i', 'n', 'k', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thecitizens.com", true */ 't', 'h', 'e', 'c', 'i', 't', 'i', 'z', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thecitywarehouse.clothing", true */ 't', 'h', 'e', 'c', 'i', 't', 'y', 'w', 'a', 'r', 'e', 'h', 'o', 'u', 's', 'e', '.', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '\0',
+  /* "theclimbingunit.com", true */ 't', 'h', 'e', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', 'u', 'n', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thecloudmigrator.com", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'm', 'i', 'g', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thecloudrevolution.net", true */ 't', 'h', 'e', 'c', 'l', 'o', 'u', 'd', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "thecoffeepod.co.uk", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 'p', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thecoffeesuperstore.com", true */ 't', 'h', 'e', 'c', 'o', 'f', 'f', 'e', 'e', 's', 'u', 'p', 'e', 'r', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecolumnist.net", true */ 't', 'h', 'e', 'c', 'o', 'l', 'u', 'm', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "thecondobuyers.com", true */ 't', 'h', 'e', 'c', 'o', 'n', 'd', 'o', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thecozycastle.com", true */ 't', 'h', 'e', 'c', 'o', 'z', 'y', 'c', 'a', 's', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecrazytravel.com", true */ 't', 'h', 'e', 'c', 'r', 'a', 'z', 'y', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thecrew-exchange.com", true */ 't', 'h', 'e', 'c', 'r', 'e', 'w', '-', 'e', 'x', 'c', 'h', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thecrochetcottage.net", true */ 't', 'h', 'e', 'c', 'r', 'o', 'c', 'h', 'e', 't', 'c', 'o', 't', 't', 'a', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thecskr.in", true */ 't', 'h', 'e', 'c', 's', 'k', 'r', '.', 'i', 'n', '\0',
+  /* "thecsw.com", true */ 't', 'h', 'e', 'c', 's', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "thecuppacakery.co.uk", true */ 't', 'h', 'e', 'c', 'u', 'p', 'p', 'a', 'c', 'a', 'k', 'e', 'r', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thecuriouscat.net", true */ 't', 'h', 'e', 'c', 'u', 'r', 'i', 'o', 'u', 's', 'c', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "thecustomizewindows.com", true */ 't', 'h', 'e', 'c', 'u', 's', 't', 'o', 'm', 'i', 'z', 'e', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thedailyupvote.com", true */ 't', 'h', 'e', 'd', 'a', 'i', 'l', 'y', 'u', 'p', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedark1337.com", true */ 't', 'h', 'e', 'd', 'a', 'r', 'k', '1', '3', '3', '7', '.', 'c', 'o', 'm', '\0',
+  /* "thederminstitute.com", true */ 't', 'h', 'e', 'd', 'e', 'r', 'm', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedevilwearswibra.nl", true */ 't', 'h', 'e', 'd', 'e', 'v', 'i', 'l', 'w', 'e', 'a', 'r', 's', 'w', 'i', 'b', 'r', 'a', '.', 'n', 'l', '\0',
+  /* "thedevrycommonsbrasil.com", false */ 't', 'h', 'e', 'd', 'e', 'v', 'r', 'y', 'c', 'o', 'm', 'm', 'o', 'n', 's', 'b', 'r', 'a', 's', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thediaryofadam.com", true */ 't', 'h', 'e', 'd', 'i', 'a', 'r', 'y', 'o', 'f', 'a', 'd', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thedisc.nl", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', '.', 'n', 'l', '\0',
+  /* "thediscovine.com", true */ 't', 'h', 'e', 'd', 'i', 's', 'c', 'o', 'v', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedocumentrefinery.com", true */ 't', 'h', 'e', 'd', 'o', 'c', 'u', 'm', 'e', 'n', 't', 'r', 'e', 'f', 'i', 'n', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thedominatorsclan.com", true */ 't', 'h', 'e', 'd', 'o', 'm', 'i', 'n', 'a', 't', 'o', 'r', 's', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thedreamtravelgroup.co.uk", true */ 't', 'h', 'e', 'd', 'r', 'e', 'a', 'm', 't', 'r', 'a', 'v', 'e', 'l', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thedrinks.co", true */ 't', 'h', 'e', 'd', 'r', 'i', 'n', 'k', 's', '.', 'c', 'o', '\0',
+  /* "thedronechart.com", true */ 't', 'h', 'e', 'd', 'r', 'o', 'n', 'e', 'c', 'h', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thedrunkencabbage.com", true */ 't', 'h', 'e', 'd', 'r', 'u', 'n', 'k', 'e', 'n', 'c', 'a', 'b', 'b', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thedutchmarketers.com", true */ 't', 'h', 'e', 'd', 'u', 't', 'c', 'h', 'm', 'a', 'r', 'k', 'e', 't', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theebookkeepers.co.za", true */ 't', 'h', 'e', 'e', 'b', 'o', 'o', 'k', 'k', 'e', 'e', 'p', 'e', 'r', 's', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "theeducationchannel.info", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'c', 'h', 'a', 'n', 'n', 'e', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "theeducationdirectory.org", true */ 't', 'h', 'e', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', 'd', 'i', 'r', 'e', 'c', 't', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theevergreen.me", true */ 't', 'h', 'e', 'e', 'v', 'e', 'r', 'g', 'r', 'e', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "theexpatriate.de", true */ 't', 'h', 'e', 'e', 'x', 'p', 'a', 't', 'r', 'i', 'a', 't', 'e', '.', 'd', 'e', '\0',
+  /* "thefanimatrix.net", true */ 't', 'h', 'e', 'f', 'a', 'n', 'i', 'm', 'a', 't', 'r', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thefbstalker.com", true */ 't', 'h', 'e', 'f', 'b', 's', 't', 'a', 'l', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "theferrarista.com", true */ 't', 'h', 'e', 'f', 'e', 'r', 'r', 'a', 'r', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "theflyingbear.net", true */ 't', 'h', 'e', 'f', 'l', 'y', 'i', 'n', 'g', 'b', 'e', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "thefnafarchive.org", true */ 't', 'h', 'e', 'f', 'n', 'a', 'f', 'a', 'r', 'c', 'h', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "thefox.com.fr", true */ 't', 'h', 'e', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'f', 'r', '\0',
+  /* "thefrk.pw", true */ 't', 'h', 'e', 'f', 'r', 'k', '.', 'p', 'w', '\0',
+  /* "thefunfirm.co.uk", true */ 't', 'h', 'e', 'f', 'u', 'n', 'f', 'i', 'r', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thegarrowcompany.com", true */ 't', 'h', 'e', 'g', 'a', 'r', 'r', 'o', 'w', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegcccoin.com", true */ 't', 'h', 'e', 'g', 'c', 'c', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thegeekdiary.com", true */ 't', 'h', 'e', 'g', 'e', 'e', 'k', 'd', 'i', 'a', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegioinano.com", true */ 't', 'h', 'e', 'g', 'i', 'o', 'i', 'n', 'a', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thegraciousgourmet.com", true */ 't', 'h', 'e', 'g', 'r', 'a', 'c', 'i', 'o', 'u', 's', 'g', 'o', 'u', 'r', 'm', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thegrape.ro", true */ 't', 'h', 'e', 'g', 'r', 'a', 'p', 'e', '.', 'r', 'o', '\0',
+  /* "thegreatplains.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'a', 't', 'p', 'l', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thegreenfields.se", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'f', 'i', 'e', 'l', 'd', 's', '.', 's', 'e', '\0',
+  /* "thegreenmanpottery.com", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 'm', 'a', 'n', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thegreens.us", true */ 't', 'h', 'e', 'g', 'r', 'e', 'e', 'n', 's', '.', 'u', 's', '\0',
+  /* "thegvoffice.net", true */ 't', 'h', 'e', 'g', 'v', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thegym.org", true */ 't', 'h', 'e', 'g', 'y', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "thehackerblog.com", true */ 't', 'h', 'e', 'h', 'a', 'c', 'k', 'e', 'r', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thehaxbys.co.uk", true */ 't', 'h', 'e', 'h', 'a', 'x', 'b', 'y', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thehiddenbay.cc", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'c', 'c', '\0',
+  /* "thehiddenbay.info", true */ 't', 'h', 'e', 'h', 'i', 'd', 'd', 'e', 'n', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "thehivedesign.org", true */ 't', 'h', 'e', 'h', 'i', 'v', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "thehomeicreate.com", true */ 't', 'h', 'e', 'h', 'o', 'm', 'e', 'i', 'c', 'r', 'e', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thehookup.be", true */ 't', 'h', 'e', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'b', 'e', '\0',
+  /* "theidiotboard.com", true */ 't', 'h', 'e', 'i', 'd', 'i', 'o', 't', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "theinflatables-ni.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '-', 'n', 'i', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theinflatablesne.co.uk", true */ 't', 'h', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theinitium.com", true */ 't', 'h', 'e', 'i', 'n', 'i', 't', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theintercept.com", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'c', 'e', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "theinternationalgeekconspiracy.eu", true */ 't', 'h', 'e', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', 'g', 'e', 'e', 'k', 'c', 'o', 'n', 's', 'p', 'i', 'r', 'a', 'c', 'y', '.', 'e', 'u', '\0',
+  /* "thejacksoninstitute.com.au", true */ 't', 'h', 'e', 'j', 'a', 'c', 'k', 's', 'o', 'n', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thekev.in", true */ 't', 'h', 'e', 'k', 'e', 'v', '.', 'i', 'n', '\0',
+  /* "thekeymusic.com", true */ 't', 'h', 'e', 'k', 'e', 'y', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "thekingofhate.com", true */ 't', 'h', 'e', 'k', 'i', 'n', 'g', 'o', 'f', 'h', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thekrewserver.com", true */ 't', 'h', 'e', 'k', 'r', 'e', 'w', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thelaimlife.com", true */ 't', 'h', 'e', 'l', 'a', 'i', 'm', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelanscape.com", true */ 't', 'h', 'e', 'l', 'a', 'n', 's', 'c', 'a', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelastsurprise.com", true */ 't', 'h', 'e', 'l', 'a', 's', 't', 's', 'u', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelefthand.org", true */ 't', 'h', 'e', 'l', 'e', 'f', 't', 'h', 'a', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "thelinuxspace.com", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 's', 'p', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thelinuxtree.net", true */ 't', 'h', 'e', 'l', 'i', 'n', 'u', 'x', 't', 'r', 'e', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thelittlecraft.com", true */ 't', 'h', 'e', 'l', 'i', 't', 't', 'l', 'e', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thelocals.ru", true */ 't', 'h', 'e', 'l', 'o', 'c', 'a', 'l', 's', '.', 'r', 'u', '\0',
+  /* "thelonelyones.co.uk", true */ 't', 'h', 'e', 'l', 'o', 'n', 'e', 'l', 'y', 'o', 'n', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "themacoaching.nl", true */ 't', 'h', 'e', 'm', 'a', 'c', 'o', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "themarshallproject.org", true */ 't', 'h', 'e', 'm', 'a', 'r', 's', 'h', 'a', 'l', 'l', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "themeaudit.com", true */ 't', 'h', 'e', 'm', 'e', 'a', 'u', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "themecraft.studio", true */ 't', 'h', 'e', 'm', 'e', 'c', 'r', 'a', 'f', 't', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "themetacity.com", true */ 't', 'h', 'e', 'm', 'e', 't', 'a', 'c', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "themilanlife.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "themillerslive.com", true */ 't', 'h', 'e', 'm', 'i', 'l', 'l', 'e', 'r', 's', 'l', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "themist.cz", true */ 't', 'h', 'e', 'm', 'i', 's', 't', '.', 'c', 'z', '\0',
+  /* "themoep.at", true */ 't', 'h', 'e', 'm', 'o', 'e', 'p', '.', 'a', 't', '\0',
+  /* "themoneyconverter.com", true */ 't', 'h', 'e', 'm', 'o', 'n', 'e', 'y', 'c', 'o', 'n', 'v', 'e', 'r', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "themonthly.com.au", true */ 't', 'h', 'e', 'm', 'o', 'n', 't', 'h', 'l', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "themostexpensiveworkofart.com", true */ 't', 'h', 'e', 'm', 'o', 's', 't', 'e', 'x', 'p', 'e', 'n', 's', 'i', 'v', 'e', 'w', 'o', 'r', 'k', 'o', 'f', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "themusecollaborative.org", true */ 't', 'h', 'e', 'm', 'u', 's', 'e', 'c', 'o', 'l', 'l', 'a', 'b', 'o', 'r', 'a', 't', 'i', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "themusicinnoise.net", true */ 't', 'h', 'e', 'm', 'u', 's', 'i', 'c', 'i', 'n', 'n', 'o', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "thenanfang.com", true */ 't', 'h', 'e', 'n', 'a', 'n', 'f', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thenarcissisticlife.com", true */ 't', 'h', 'e', 'n', 'a', 'r', 'c', 'i', 's', 's', 'i', 's', 't', 'i', 'c', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thenexwork.com", true */ 't', 'h', 'e', 'n', 'e', 'x', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thenib.com", true */ 't', 'h', 'e', 'n', 'i', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thenichecast.com", true */ 't', 'h', 'e', 'n', 'i', 'c', 'h', 'e', 'c', 'a', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thenocman.com", true */ 't', 'h', 'e', 'n', 'o', 'c', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "theobromos.fr", true */ 't', 'h', 'e', 'o', 'b', 'r', 'o', 'm', 'o', 's', '.', 'f', 'r', '\0',
+  /* "theocharis.org", true */ 't', 'h', 'e', 'o', 'c', 'h', 'a', 'r', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "theodorahome.co", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', '\0',
+  /* "theodorahome.com.br", true */ 't', 'h', 'e', 'o', 'd', 'o', 'r', 'a', 'h', 'o', 'm', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "theofleck.com", true */ 't', 'h', 'e', 'o', 'f', 'l', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "theojones.name", true */ 't', 'h', 'e', 'o', 'j', 'o', 'n', 'e', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "theokonst.tk", true */ 't', 'h', 'e', 'o', 'k', 'o', 'n', 's', 't', '.', 't', 'k', '\0',
+  /* "theokouzelis.com", true */ 't', 'h', 'e', 'o', 'k', 'o', 'u', 'z', 'e', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theoldbrewhouse.info", true */ 't', 'h', 'e', 'o', 'l', 'd', 'b', 'r', 'e', 'w', 'h', 'o', 'u', 's', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "theoriginalbit.com", true */ 't', 'h', 'e', 'o', 'r', 'i', 'g', 'i', 'n', 'a', 'l', 'b', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "theory-test-online.co.uk", true */ 't', 'h', 'e', 'o', 'r', 'y', '-', 't', 'e', 's', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theory.org", true */ 't', 'h', 'e', 'o', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theoscure.eu", true */ 't', 'h', 'e', 'o', 's', 'c', 'u', 'r', 'e', '.', 'e', 'u', '\0',
+  /* "theosophie-afrique.org", true */ 't', 'h', 'e', 'o', 's', 'o', 'p', 'h', 'i', 'e', '-', 'a', 'f', 'r', 'i', 'q', 'u', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "theoutline.com", true */ 't', 'h', 'e', 'o', 'u', 't', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theoverfly.co", true */ 't', 'h', 'e', 'o', 'v', 'e', 'r', 'f', 'l', 'y', '.', 'c', 'o', '\0',
+  /* "thepaffy.de", true */ 't', 'h', 'e', 'p', 'a', 'f', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "thepartner.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'n', 'e', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepartydoctors.co.uk", true */ 't', 'h', 'e', 'p', 'a', 'r', 't', 'y', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepasteb.in", true */ 't', 'h', 'e', 'p', 'a', 's', 't', 'e', 'b', '.', 'i', 'n', '\0',
+  /* "thepathsofdiscovery.com", true */ 't', 'h', 'e', 'p', 'a', 't', 'h', 's', 'o', 'f', 'd', 'i', 's', 'c', 'o', 'v', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepaulagcompany.com", true */ 't', 'h', 'e', 'p', 'a', 'u', 'l', 'a', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepaymentscompany.com", true */ 't', 'h', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thepb.in", true */ 't', 'h', 'e', 'p', 'b', '.', 'i', 'n', '\0',
+  /* "thepeninsulaires.com", true */ 't', 'h', 'e', 'p', 'e', 'n', 'i', 'n', 's', 'u', 'l', 'a', 'i', 'r', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thephonecaseplace.com", true */ 't', 'h', 'e', 'p', 'h', 'o', 'n', 'e', 'c', 'a', 's', 'e', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thephp.cc", true */ 't', 'h', 'e', 'p', 'h', 'p', '.', 'c', 'c', '\0',
+  /* "thepiabo.ovh", true */ 't', 'h', 'e', 'p', 'i', 'a', 'b', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "thepieslicer.com", true */ 't', 'h', 'e', 'p', 'i', 'e', 's', 'l', 'i', 'c', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thepiratesociety.org", true */ 't', 'h', 'e', 'p', 'i', 'r', 'a', 't', 'e', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "theplasticsurgerycenterofnashville.com", true */ 't', 'h', 'e', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', 'c', 'e', 'n', 't', 'e', 'r', 'o', 'f', 'n', 'a', 's', 'h', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theplaydaysbus.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 'd', 'a', 'y', 's', 'b', 'u', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theplayspot.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'a', 'y', 's', 'p', 'o', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theploughharborne.co.uk", true */ 't', 'h', 'e', 'p', 'l', 'o', 'u', 'g', 'h', 'h', 'a', 'r', 'b', 'o', 'r', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theposhfudgecompany.co.uk", true */ 't', 'h', 'e', 'p', 'o', 's', 'h', 'f', 'u', 'd', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thepostoffice.ro", true */ 't', 'h', 'e', 'p', 'o', 's', 't', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'r', 'o', '\0',
+  /* "thepromisemusic.com", true */ 't', 'h', 'e', 'p', 'r', 'o', 'm', 'i', 's', 'e', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "theragran.co.id", true */ 't', 'h', 'e', 'r', 'a', 'g', 'r', 'a', 'n', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "theralino.de", true */ 't', 'h', 'e', 'r', 'a', 'l', 'i', 'n', 'o', '.', 'd', 'e', '\0',
+  /* "theramo.re", true */ 't', 'h', 'e', 'r', 'a', 'm', 'o', '.', 'r', 'e', '\0',
+  /* "therapynotes.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "therapyportal.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "therapysxm.com", true */ 't', 'h', 'e', 'r', 'a', 'p', 'y', 's', 'x', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "therealcost.gov", true */ 't', 'h', 'e', 'r', 'e', 'a', 'l', 'c', 'o', 's', 't', '.', 'g', 'o', 'v', '\0',
+  /* "theresa-mayer.eu", true */ 't', 'h', 'e', 'r', 'e', 's', 'a', '-', 'm', 'a', 'y', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "therevenge.me", true */ 't', 'h', 'e', 'r', 'e', 'v', 'e', 'n', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "therewill.be", true */ 't', 'h', 'e', 'r', 'e', 'w', 'i', 'l', 'l', '.', 'b', 'e', '\0',
+  /* "thermity.com", true */ 't', 'h', 'e', 'r', 'm', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thermolamina.nl", true */ 't', 'h', 'e', 'r', 'm', 'o', 'l', 'a', 'm', 'i', 'n', 'a', '.', 'n', 'l', '\0',
+  /* "theroks.com", true */ 't', 'h', 'e', 'r', 'o', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theroyalmarinescharity.org.uk", true */ 't', 'h', 'e', 'r', 'o', 'y', 'a', 'l', 'm', 'a', 'r', 'i', 'n', 'e', 's', 'c', 'h', 'a', 'r', 'i', 't', 'y', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "theruizes.com", true */ 't', 'h', 'e', 'r', 'u', 'i', 'z', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theruleslawyer.net", true */ 't', 'h', 'e', 'r', 'u', 'l', 'e', 's', 'l', 'a', 'w', 'y', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "therumfordcitizen.com", true */ 't', 'h', 'e', 'r', 'u', 'm', 'f', 'o', 'r', 'd', 'c', 'i', 't', 'i', 'z', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thesalonthing.com", false */ 't', 'h', 'e', 's', 'a', 'l', 'o', 'n', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thesaturdaypaper.com.au", true */ 't', 'h', 'e', 's', 'a', 't', 'u', 'r', 'd', 'a', 'y', 'p', 'a', 'p', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "theschool.jp", true */ 't', 'h', 'e', 's', 'c', 'h', 'o', 'o', 'l', '.', 'j', 'p', '\0',
+  /* "thesecondsposts.com", true */ 't', 'h', 'e', 's', 'e', 'c', 'o', 'n', 'd', 's', 'p', 'o', 's', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "theseed.io", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', '.', 'i', 'o', '\0',
+  /* "theseedbox.xyz", true */ 't', 'h', 'e', 's', 'e', 'e', 'd', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "theseletarmall.com", true */ 't', 'h', 'e', 's', 'e', 'l', 'e', 't', 'a', 'r', 'm', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "theseoframework.com", true */ 't', 'h', 'e', 's', 'e', 'o', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "theseosystem.com", true */ 't', 'h', 'e', 's', 'e', 'o', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thesession.org", false */ 't', 'h', 'e', 's', 'e', 's', 's', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "theshadestore.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'd', 'e', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thesharedbrain.ch", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "thesharedbrain.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'd', 'b', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thesharepointfarm.com", true */ 't', 'h', 'e', 's', 'h', 'a', 'r', 'e', 'p', 'o', 'i', 'n', 't', 'f', 'a', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theshine.pl", true */ 't', 'h', 'e', 's', 'h', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "thesignalco.com.au", true */ 't', 'h', 'e', 's', 'i', 'g', 'n', 'a', 'l', 'c', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thesisgeek.com", true */ 't', 'h', 'e', 's', 'i', 's', 'g', 'e', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thesishelp.net", true */ 't', 'h', 'e', 's', 'i', 's', 'h', 'e', 'l', 'p', '.', 'n', 'e', 't', '\0',
+  /* "thesled.net", true */ 't', 'h', 'e', 's', 'l', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "thesocialmediacentral.com", true */ 't', 'h', 'e', 's', 'o', 'c', 'i', 'a', 'l', 'm', 'e', 'd', 'i', 'a', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thestoritplace.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'i', 't', 'p', 'l', 'a', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thestory.ie", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', '.', 'i', 'e', '\0',
+  /* "thestoryshack.com", true */ 't', 'h', 'e', 's', 't', 'o', 'r', 'y', 's', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "thestrategyagency.com.au", true */ 't', 'h', 'e', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thestyle.city", true */ 't', 'h', 'e', 's', 't', 'y', 'l', 'e', '.', 'c', 'i', 't', 'y', '\0',
+  /* "thesuppercircle.com", true */ 't', 'h', 'e', 's', 'u', 'p', 'p', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "theswissbay.ch", true */ 't', 'h', 'e', 's', 'w', 'i', 's', 's', 'b', 'a', 'y', '.', 'c', 'h', '\0',
+  /* "thetapirsmouth.com", true */ 't', 'h', 'e', 't', 'a', 'p', 'i', 'r', 's', 'm', 'o', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thetenscrolls.com", true */ 't', 'h', 'e', 't', 'e', 'n', 's', 'c', 'r', 'o', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thetomharling.com", true */ 't', 'h', 'e', 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thetrendspotter.net", true */ 't', 'h', 'e', 't', 'r', 'e', 'n', 'd', 's', 'p', 'o', 't', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "thetruthhurvitz.com", true */ 't', 'h', 'e', 't', 'r', 'u', 't', 'h', 'h', 'u', 'r', 'v', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "thetuxkeeper.de", false */ 't', 'h', 'e', 't', 'u', 'x', 'k', 'e', 'e', 'p', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "theunitedstates.io", true */ 't', 'h', 'e', 'u', 'n', 'i', 't', 'e', 'd', 's', 't', 'a', 't', 'e', 's', '.', 'i', 'o', '\0',
+  /* "thevacweb.com", true */ 't', 'h', 'e', 'v', 'a', 'c', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "thevalentineconstitution.com", true */ 't', 'h', 'e', 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'c', 'o', 'n', 's', 't', 'i', 't', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thevgg.com", false */ 't', 'h', 'e', 'v', 'g', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thevoid.one", true */ 't', 'h', 'e', 'v', 'o', 'i', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "thewebdexter.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'd', 'e', 'x', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thewebflash.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 'f', 'l', 'a', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thewebsitedoctors.co.uk", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'o', 'c', 't', 'o', 'r', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thewebsitemarketingagency.com", true */ 't', 'h', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thewhitehat.club", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "thewhiterabbit.space", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'e', 'r', 'a', 'b', 'b', 'i', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "thewhitneypaige.com", true */ 't', 'h', 'e', 'w', 'h', 'i', 't', 'n', 'e', 'y', 'p', 'a', 'i', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thewindow.com", true */ 't', 'h', 'e', 'w', 'i', 'n', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "thewoodkid.com.au", true */ 't', 'h', 'e', 'w', 'o', 'o', 'd', 'k', 'i', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "theworldsend.eu", true */ 't', 'h', 'e', 'w', 'o', 'r', 'l', 'd', 's', 'e', 'n', 'd', '.', 'e', 'u', '\0',
+  /* "thexfactorgames.com", true */ 't', 'h', 'e', 'x', 'f', 'a', 'c', 't', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thexme.de", true */ 't', 'h', 'e', 'x', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "theyachtteam.com", true */ 't', 'h', 'e', 'y', 'a', 'c', 'h', 't', 't', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "theyarnhookup.com", false */ 't', 'h', 'e', 'y', 'a', 'r', 'n', 'h', 'o', 'o', 'k', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "theyear199x.org", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', '1', '9', '9', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "theyearinpictures.co.uk", true */ 't', 'h', 'e', 'y', 'e', 'a', 'r', 'i', 'n', 'p', 'i', 'c', 't', 'u', 'r', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "theyosh.nl", true */ 't', 'h', 'e', 'y', 'o', 's', 'h', '.', 'n', 'l', '\0',
+  /* "thezero.org", true */ 't', 'h', 'e', 'z', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "thezillersathenshotel.com", true */ 't', 'h', 'e', 'z', 'i', 'l', 'l', 'e', 'r', 's', 'a', 't', 'h', 'e', 'n', 's', 'h', 'o', 't', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "thibaultwalle.com", true */ 't', 'h', 'i', 'b', 'a', 'u', 'l', 't', 'w', 'a', 'l', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "thibautcharles.net", true */ 't', 'h', 'i', 'b', 'a', 'u', 't', 'c', 'h', 'a', 'r', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "thiepcuoidep.com", true */ 't', 'h', 'i', 'e', 'p', 'c', 'u', 'o', 'i', 'd', 'e', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thierry-daellenbach.com", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', '-', 'd', 'a', 'e', 'l', 'l', 'e', 'n', 'b', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thierrybasset.ch", true */ 't', 'h', 'i', 'e', 'r', 'r', 'y', 'b', 'a', 's', 's', 'e', 't', '.', 'c', 'h', '\0',
+  /* "thijsslop.nl", true */ 't', 'h', 'i', 'j', 's', 's', 'l', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "thijsvanderveen.net", true */ 't', 'h', 'i', 'j', 's', 'v', 'a', 'n', 'd', 'e', 'r', 'v', 'e', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "thingies.site", true */ 't', 'h', 'i', 'n', 'g', 'i', 'e', 's', '.', 's', 'i', 't', 'e', '\0',
+  /* "thinkindifferent.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'd', 'i', 'f', 'f', 'e', 'r', 'e', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "thinkingandcomputing.com", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'a', 'n', 'd', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thinkingplanet.net", true */ 't', 'h', 'i', 'n', 'k', 'i', 'n', 'g', 'p', 'l', 'a', 'n', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "thinklikeanentrepreneur.com", true */ 't', 'h', 'i', 'n', 'k', 'l', 'i', 'k', 'e', 'a', 'n', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thinkmarketing.ca", true */ 't', 'h', 'i', 'n', 'k', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'a', '\0',
+  /* "thinkquality.nl", true */ 't', 'h', 'i', 'n', 'k', 'q', 'u', 'a', 'l', 'i', 't', 'y', '.', 'n', 'l', '\0',
+  /* "thinkrealty.com", true */ 't', 'h', 'i', 'n', 'k', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thinkswap.com", true */ 't', 'h', 'i', 'n', 'k', 's', 'w', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thinktux.net", true */ 't', 'h', 'i', 'n', 'k', 't', 'u', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thirdworld.moe", true */ 't', 'h', 'i', 'r', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "thiry-automobiles.net", true */ 't', 'h', 'i', 'r', 'y', '-', 'a', 'u', 't', 'o', 'm', 'o', 'b', 'i', 'l', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "thisbrownman.com", true */ 't', 'h', 'i', 's', 'b', 'r', 'o', 'w', 'n', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thiscloudiscrap.com", false */ 't', 'h', 'i', 's', 'c', 'l', 'o', 'u', 'd', 'i', 's', 'c', 'r', 'a', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "thiscode.works", true */ 't', 'h', 'i', 's', 'c', 'o', 'd', 'e', '.', 'w', 'o', 'r', 'k', 's', '\0',
+  /* "thisfreelife.gov", true */ 't', 'h', 'i', 's', 'f', 'r', 'e', 'e', 'l', 'i', 'f', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "thisishugo.com", false */ 't', 'h', 'i', 's', 'i', 's', 'h', 'u', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thisistheserver.com", true */ 't', 'h', 'i', 's', 'i', 's', 't', 'h', 'e', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thisiswhywemom.com", true */ 't', 'h', 'i', 's', 'i', 's', 'w', 'h', 'y', 'w', 'e', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "thismumdoesntknowbest.com", true */ 't', 'h', 'i', 's', 'm', 'u', 'm', 'd', 'o', 'e', 's', 'n', 't', 'k', 'n', 'o', 'w', 'b', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thisoldearth.com", true */ 't', 'h', 'i', 's', 'o', 'l', 'd', 'e', 'a', 'r', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thisserver.dontexist.net", true */ 't', 'h', 'i', 's', 's', 'e', 'r', 'v', 'e', 'r', '.', 'd', 'o', 'n', 't', 'e', 'x', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "thistleandleaves.com", true */ 't', 'h', 'i', 's', 't', 'l', 'e', 'a', 'n', 'd', 'l', 'e', 'a', 'v', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thm.vn", true */ 't', 'h', 'm', '.', 'v', 'n', '\0',
+  /* "thole.org", true */ 't', 'h', 'o', 'l', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "thom4s.info", true */ 't', 'h', 'o', 'm', '4', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "thomalaudan.de", true */ 't', 'h', 'o', 'm', 'a', 'l', 'a', 'u', 'd', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "thomas-bertran.com", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'b', 'e', 'r', 't', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thomas-fahle.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'f', 'a', 'h', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "thomas-grobelny.de", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 'g', 'r', 'o', 'b', 'e', 'l', 'n', 'y', '.', 'd', 'e', '\0',
+  /* "thomas-suchon.fr", true */ 't', 'h', 'o', 'm', 'a', 's', '-', 's', 'u', 'c', 'h', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "thomasbeckers.be", true */ 't', 'h', 'o', 'm', 'a', 's', 'b', 'e', 'c', 'k', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "thomasetsophie.fr", true */ 't', 'h', 'o', 'm', 'a', 's', 'e', 't', 's', 'o', 'p', 'h', 'i', 'e', '.', 'f', 'r', '\0',
+  /* "thomasfoster.co", true */ 't', 'h', 'o', 'm', 'a', 's', 'f', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "thomasgriffin.io", true */ 't', 'h', 'o', 'm', 'a', 's', 'g', 'r', 'i', 'f', 'f', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "thomashunter.name", false */ 't', 'h', 'o', 'm', 'a', 's', 'h', 'u', 'n', 't', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "thomasmcfly.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'm', 'c', 'f', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thomassen.sh", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 'e', 'n', '.', 's', 'h', '\0',
+  /* "thomasstevensmusic.com", true */ 't', 'h', 'o', 'm', 'a', 's', 's', 't', 'e', 'v', 'e', 'n', 's', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "thomastimepieces.com.au", true */ 't', 'h', 'o', 'm', 'a', 's', 't', 'i', 'm', 'e', 'p', 'i', 'e', 'c', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "thomasvochten.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 'o', 'c', 'h', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thomasvt.xyz", true */ 't', 'h', 'o', 'm', 'a', 's', 'v', 't', '.', 'x', 'y', 'z', '\0',
+  /* "thomaswoo.com", true */ 't', 'h', 'o', 'm', 'a', 's', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "thomsonscleaning.co.uk", true */ 't', 'h', 'o', 'm', 's', 'o', 'n', 's', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thomspooren.nl", true */ 't', 'h', 'o', 'm', 's', 'p', 'o', 'o', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "thomwiggers.nl", true */ 't', 'h', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "thor.edu", true */ 't', 'h', 'o', 'r', '.', 'e', 'd', 'u', '\0',
+  /* "thorbis.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thorbiswebsitedesign.com", true */ 't', 'h', 'o', 'r', 'b', 'i', 's', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "thorgames.nl", true */ 't', 'h', 'o', 'r', 'g', 'a', 'm', 'e', 's', '.', 'n', 'l', '\0',
+  /* "thoroquel.org", true */ 't', 'h', 'o', 'r', 'o', 'q', 'u', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "thorsten-schaefer.com", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thorstenschaefer.name", true */ 't', 'h', 'o', 'r', 's', 't', 'e', 'n', 's', 'c', 'h', 'a', 'e', 'f', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "thosci.com", true */ 't', 'h', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "thot.space", true */ 't', 'h', 'o', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "thotpublicidad.com", true */ 't', 'h', 'o', 't', 'p', 'u', 'b', 'l', 'i', 'c', 'i', 'd', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "thoughtlessleaders.online", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 'l', 'e', 's', 's', 'l', 'e', 'a', 'd', 'e', 'r', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "thoughtsynth.com", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "thoughtsynth.net", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "thoughtsynth.org", true */ 't', 'h', 'o', 'u', 'g', 'h', 't', 's', 'y', 'n', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "thouni.de", true */ 't', 'h', 'o', 'u', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "thousandoakselectrical.com", true */ 't', 'h', 'o', 'u', 's', 'a', 'n', 'd', 'o', 'a', 'k', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "threatcentral.io", true */ 't', 'h', 'r', 'e', 'a', 't', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'i', 'o', '\0',
+  /* "threebrothersbrewing.com", true */ 't', 'h', 'r', 'e', 'e', 'b', 'r', 'o', 't', 'h', 'e', 'r', 's', 'b', 'r', 'e', 'w', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "threecrownsllp.com", true */ 't', 'h', 'r', 'e', 'e', 'c', 'r', 'o', 'w', 'n', 's', 'l', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "threedpro.me", true */ 't', 'h', 'r', 'e', 'e', 'd', 'p', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "threefours.net", true */ 't', 'h', 'r', 'e', 'e', 'f', 'o', 'u', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "threelions.ch", true */ 't', 'h', 'r', 'e', 'e', 'l', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "thriftdiving.com", true */ 't', 'h', 'r', 'i', 'f', 't', 'd', 'i', 'v', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "thrivesummit.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thriveta.com", true */ 't', 'h', 'r', 'i', 'v', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "throttlerz.in", true */ 't', 'h', 'r', 'o', 't', 't', 'l', 'e', 'r', 'z', '.', 'i', 'n', '\0',
+  /* "throughtheglass.photo", true */ 't', 'h', 'r', 'o', 'u', 'g', 'h', 't', 'h', 'e', 'g', 'l', 'a', 's', 's', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "throwaway.link", true */ 't', 'h', 'r', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "throwpass.com", true */ 't', 'h', 'r', 'o', 'w', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thrx.net", true */ 't', 'h', 'r', 'x', '.', 'n', 'e', 't', '\0',
+  /* "thues.eu", true */ 't', 'h', 'u', 'e', 's', '.', 'e', 'u', '\0',
+  /* "thuisverpleging-meerdael.be", true */ 't', 'h', 'u', 'i', 's', 'v', 'e', 'r', 'p', 'l', 'e', 'g', 'i', 'n', 'g', '-', 'm', 'e', 'e', 'r', 'd', 'a', 'e', 'l', '.', 'b', 'e', '\0',
+  /* "thullbery.com", true */ 't', 'h', 'u', 'l', 'l', 'b', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thunderfield-boat.co.uk", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'i', 'e', 'l', 'd', '-', 'b', 'o', 'a', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "thunderfox.nl", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'f', 'o', 'x', '.', 'n', 'l', '\0',
+  /* "thunderkeys.net", true */ 't', 'h', 'u', 'n', 'd', 'e', 'r', 'k', 'e', 'y', 's', '.', 'n', 'e', 't', '\0',
+  /* "thundr.eu", true */ 't', 'h', 'u', 'n', 'd', 'r', '.', 'e', 'u', '\0',
+  /* "thunraz.com", true */ 't', 'h', 'u', 'n', 'r', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "thusoy.com", false */ 't', 'h', 'u', 's', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "thuthuatios.com", true */ 't', 'h', 'u', 't', 'h', 'u', 'a', 't', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "thuviensoft.com", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "thuviensoft.net", true */ 't', 'h', 'u', 'v', 'i', 'e', 'n', 's', 'o', 'f', 't', '.', 'n', 'e', 't', '\0',
+  /* "thw-bernburg.de", true */ 't', 'h', 'w', '-', 'b', 'e', 'r', 'n', 'b', 'u', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "thxandbye.de", true */ 't', 'h', 'x', 'a', 'n', 'd', 'b', 'y', 'e', '.', 'd', 'e', '\0',
+  /* "thyngster.com", true */ 't', 'h', 'y', 'n', 'g', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "thynx.io", true */ 't', 'h', 'y', 'n', 'x', '.', 'i', 'o', '\0',
+  /* "ti-js.com", true */ 't', 'i', '-', 'j', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ti-pla.net", true */ 't', 'i', '-', 'p', 'l', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ti-planet.org", true */ 't', 'i', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tiacollection.com", true */ 't', 'i', 'a', 'c', 'o', 'l', 'l', 'e', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tiagonunes.pt", true */ 't', 'i', 'a', 'g', 'o', 'n', 'u', 'n', 'e', 's', '.', 'p', 't', '\0',
+  /* "tiaki.org", true */ 't', 'i', 'a', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tianeptine.com", true */ 't', 'i', 'a', 'n', 'e', 'p', 't', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tianshili.me", true */ 't', 'i', 'a', 'n', 's', 'h', 'i', 'l', 'i', '.', 'm', 'e', '\0',
+  /* "tianxicaipiao.com", true */ 't', 'i', 'a', 'n', 'x', 'i', 'c', 'a', 'i', 'p', 'i', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tibbitshall.ca", true */ 't', 'i', 'b', 'b', 'i', 't', 's', 'h', 'a', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "tibipg.com", true */ 't', 'i', 'b', 'i', 'p', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tibovanheule.site", true */ 't', 'i', 'b', 'o', 'v', 'a', 'n', 'h', 'e', 'u', 'l', 'e', '.', 's', 'i', 't', 'e', '\0',
+  /* "ticfleet.com", true */ 't', 'i', 'c', 'f', 'l', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ticketluck.com", true */ 't', 'i', 'c', 'k', 'e', 't', 'l', 'u', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ticketmates.com.au", true */ 't', 'i', 'c', 'k', 'e', 't', 'm', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "ticketpro.ca", true */ 't', 'i', 'c', 'k', 'e', 't', 'p', 'r', 'o', '.', 'c', 'a', '\0',
+  /* "ticketslover.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'l', 'o', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ticketsmate.com", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ticketsource.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ticketsource.eu", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'e', 'u', '\0',
+  /* "ticketsource.us", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', '.', 'u', 's', '\0',
+  /* "ticketsourcebeta.co.uk", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'o', 'u', 'r', 'c', 'e', 'b', 'e', 't', 'a', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ticketsvergleichen.de", true */ 't', 'i', 'c', 'k', 'e', 't', 's', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tickit.ca", true */ 't', 'i', 'c', 'k', 'i', 't', '.', 'c', 'a', '\0',
+  /* "tid.jp", true */ 't', 'i', 'd', '.', 'j', 'p', '\0',
+  /* "tie-online.org", true */ 't', 'i', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tielectric.ch", true */ 't', 'i', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'c', 'h', '\0',
+  /* "tiendafetichista.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'f', 'e', 't', 'i', 'c', 'h', 'i', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tiendavertigo.com", true */ 't', 'i', 'e', 'n', 'd', 'a', 'v', 'e', 'r', 't', 'i', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tiens-ib.cz", true */ 't', 'i', 'e', 'n', 's', '-', 'i', 'b', '.', 'c', 'z', '\0',
+  /* "tier-1-entrepreneur.com", true */ 't', 'i', 'e', 'r', '-', '1', '-', 'e', 'n', 't', 'r', 'e', 'p', 'r', 'e', 'n', 'e', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tierarztpraxis-bogenhausen.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'b', 'o', 'g', 'e', 'n', 'h', 'a', 'u', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tierarztpraxis-weinert.de", true */ 't', 'i', 'e', 'r', 'a', 'r', 'z', 't', 'p', 'r', 'a', 'x', 'i', 's', '-', 'w', 'e', 'i', 'n', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "tiernanx.com", true */ 't', 'i', 'e', 'r', 'n', 'a', 'n', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ties.com", true */ 't', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tiew.pl", true */ 't', 'i', 'e', 'w', '.', 'p', 'l', '\0',
+  /* "tifan.net", true */ 't', 'i', 'f', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tiffanytravels.com", true */ 't', 'i', 'f', 'f', 'a', 'n', 'y', 't', 'r', 'a', 'v', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tigerchef.com", true */ 't', 'i', 'g', 'e', 'r', 'c', 'h', 'e', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "tigerdile.com", true */ 't', 'i', 'g', 'e', 'r', 'd', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tiggeriffic.com", true */ 't', 'i', 'g', 'g', 'e', 'r', 'i', 'f', 'f', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tiihosen.fi", true */ 't', 'i', 'i', 'h', 'o', 's', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "tijden.nu", true */ 't', 'i', 'j', 'd', 'e', 'n', '.', 'n', 'u', '\0',
+  /* "tijo.ch", true */ 't', 'i', 'j', 'o', '.', 'c', 'h', '\0',
+  /* "tik.edu.ee", true */ 't', 'i', 'k', '.', 'e', 'd', 'u', '.', 'e', 'e', '\0',
+  /* "tik.help", true */ 't', 'i', 'k', '.', 'h', 'e', 'l', 'p', '\0',
+  /* "tiki-god.co.uk", true */ 't', 'i', 'k', 'i', '-', 'g', 'o', 'd', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tiledailyshop.com", true */ 't', 'i', 'l', 'e', 'd', 'a', 'i', 'l', 'y', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tilesbay.com", true */ 't', 'i', 'l', 'e', 's', 'b', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tileyourvisit.pt", true */ 't', 'i', 'l', 'e', 'y', 'o', 'u', 'r', 'v', 'i', 's', 'i', 't', '.', 'p', 't', '\0',
+  /* "tiliaze.be", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'e', '\0',
+  /* "tiliaze.biz", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "tiliaze.eu", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'e', 'u', '\0',
+  /* "tiliaze.info", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tiliaze.net", true */ 't', 'i', 'l', 'i', 'a', 'z', 'e', '.', 'n', 'e', 't', '\0',
+  /* "till.im", true */ 't', 'i', 'l', 'l', '.', 'i', 'm', '\0',
+  /* "tillberg.us", true */ 't', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'u', 's', '\0',
+  /* "tilleysbouncycastles.co.uk", true */ 't', 'i', 'l', 'l', 'e', 'y', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tillseasyscore.com", true */ 't', 'i', 'l', 'l', 's', 'e', 'a', 's', 'y', 's', 'c', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tiltedwindmillcrafts.com", true */ 't', 'i', 'l', 't', 'e', 'd', 'w', 'i', 'n', 'd', 'm', 'i', 'l', 'l', 'c', 'r', 'a', 'f', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "timbarlotta.com", true */ 't', 'i', 'm', 'b', 'a', 'r', 'l', 'o', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "timberkel.com", true */ 't', 'i', 'm', 'b', 'e', 'r', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "timbishopartist.com", true */ 't', 'i', 'm', 'b', 'i', 's', 'h', 'o', 'p', 'a', 'r', 't', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "timco.cloud", true */ 't', 'i', 'm', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "timdebruijn.nl", true */ 't', 'i', 'm', 'd', 'e', 'b', 'r', 'u', 'i', 'j', 'n', '.', 'n', 'l', '\0',
+  /* "timdeneau.com", true */ 't', 'i', 'm', 'd', 'e', 'n', 'e', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "timdoug.com", true */ 't', 'i', 'm', 'd', 'o', 'u', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "time2060.ru", true */ 't', 'i', 'm', 'e', '2', '0', '6', '0', '.', 'r', 'u', '\0',
+  /* "time22.com", true */ 't', 'i', 'm', 'e', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "timeauction.hk", true */ 't', 'i', 'm', 'e', 'a', 'u', 'c', 't', 'i', 'o', 'n', '.', 'h', 'k', '\0',
+  /* "timebox.tk", true */ 't', 'i', 'm', 'e', 'b', 'o', 'x', '.', 't', 'k', '\0',
+  /* "timeglass.de", true */ 't', 'i', 'm', 'e', 'g', 'l', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "timer.fit", true */ 't', 'i', 'm', 'e', 'r', '.', 'f', 'i', 't', '\0',
+  /* "timersuite.com", true */ 't', 'i', 'm', 'e', 'r', 's', 'u', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "timetab.org", true */ 't', 'i', 'm', 'e', 't', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "timetotrade.com", true */ 't', 'i', 'm', 'e', 't', 'o', 't', 'r', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "timewasters.nl", true */ 't', 'i', 'm', 'e', 'w', 'a', 's', 't', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "timfiedler.net", true */ 't', 'i', 'm', 'f', 'i', 'e', 'd', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "timing.com.br", true */ 't', 'i', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "timmersgems.com", true */ 't', 'i', 'm', 'm', 'e', 'r', 's', 'g', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "timmy.im", true */ 't', 'i', 'm', 'm', 'y', '.', 'i', 'm', '\0',
+  /* "timmy.ws", true */ 't', 'i', 'm', 'm', 'y', '.', 'w', 's', '\0',
+  /* "timmyrs.de", true */ 't', 'i', 'm', 'm', 'y', 'r', 's', '.', 'd', 'e', '\0',
+  /* "timoxbrow.com", true */ 't', 'i', 'm', 'o', 'x', 'b', 'r', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "timroes.de", true */ 't', 'i', 'm', 'r', 'o', 'e', 's', '.', 'd', 'e', '\0',
+  /* "timstoffel.net", false */ 't', 'i', 'm', 's', 't', 'o', 'f', 'f', 'e', 'l', '.', 'n', 'e', 't', '\0',
+  /* "timtaubert.de", true */ 't', 'i', 'm', 't', 'a', 'u', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "timtelfer.com", true */ 't', 'i', 'm', 't', 'e', 'l', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "timtj.ca", true */ 't', 'i', 'm', 't', 'j', '.', 'c', 'a', '\0',
+  /* "timvivian.ca", true */ 't', 'i', 'm', 'v', 'i', 'v', 'i', 'a', 'n', '.', 'c', 'a', '\0',
+  /* "timweb.ca", true */ 't', 'i', 'm', 'w', 'e', 'b', '.', 'c', 'a', '\0',
+  /* "timysewyn.be", true */ 't', 'i', 'm', 'y', 's', 'e', 'w', 'y', 'n', '.', 'b', 'e', '\0',
+  /* "tinastahlschmidt.de", true */ 't', 'i', 'n', 'a', 's', 't', 'a', 'h', 'l', 's', 'c', 'h', 'm', 'i', 'd', 't', '.', 'd', 'e', '\0',
+  /* "tinf15b4.de", true */ 't', 'i', 'n', 'f', '1', '5', 'b', '4', '.', 'd', 'e', '\0',
+  /* "tinfoilsecurity.com", false */ 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tinfoleak.com", true */ 't', 'i', 'n', 'f', 'o', 'l', 'e', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tinker.career", true */ 't', 'i', 'n', 'k', 'e', 'r', '.', 'c', 'a', 'r', 'e', 'e', 'r', '\0',
+  /* "tinkerboard.org", true */ 't', 'i', 'n', 'k', 'e', 'r', 'b', 'o', 'a', 'r', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tinkertry.com", true */ 't', 'i', 'n', 'k', 'e', 'r', 't', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tinte24.de", true */ 't', 'i', 'n', 't', 'e', '2', '4', '.', 'd', 'e', '\0',
+  /* "tintencenter.com", true */ 't', 'i', 'n', 't', 'e', 'n', 'c', 'e', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tintenfix.net", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'i', 'x', '.', 'n', 'e', 't', '\0',
+  /* "tintenfux.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'f', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "tintenland.de", true */ 't', 'i', 'n', 't', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "tinyhousefinance.com.au", true */ 't', 'i', 'n', 'y', 'h', 'o', 'u', 's', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tinylan.com", true */ 't', 'i', 'n', 'y', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tinyspeck.com", true */ 't', 'i', 'n', 'y', 's', 'p', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tinyssh.com", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tinyssh.org", true */ 't', 'i', 'n', 'y', 's', 's', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "tinytownsoftplay.co.uk", true */ 't', 'i', 'n', 'y', 't', 'o', 'w', 'n', 's', 'o', 'f', 't', 'p', 'l', 'a', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tinyvpn.net", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tinyvpn.org", true */ 't', 'i', 'n', 'y', 'v', 'p', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "tioat.net", true */ 't', 'i', 'o', 'a', 't', '.', 'n', 'e', 't', '\0',
+  /* "tipaki.gr", true */ 't', 'i', 'p', 'a', 'k', 'i', '.', 'g', 'r', '\0',
+  /* "tipbox.is", true */ 't', 'i', 'p', 'b', 'o', 'x', '.', 'i', 's', '\0',
+  /* "tipiakers.club", true */ 't', 'i', 'p', 'i', 'a', 'k', 'e', 'r', 's', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tiplanet.org", true */ 't', 'i', 'p', 'l', 'a', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tipoftheday.tips", true */ 't', 'i', 'p', 'o', 'f', 't', 'h', 'e', 'd', 'a', 'y', '.', 't', 'i', 'p', 's', '\0',
+  /* "tipps-fuer-den-haushalt.de", true */ 't', 'i', 'p', 'p', 's', '-', 'f', 'u', 'e', 'r', '-', 'd', 'e', 'n', '-', 'h', 'a', 'u', 's', 'h', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "tippspiel.cc", true */ 't', 'i', 'p', 'p', 's', 'p', 'i', 'e', 'l', '.', 'c', 'c', '\0',
+  /* "tippytoad.com", true */ 't', 'i', 'p', 'p', 'y', 't', 'o', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tipsacademicos.com", true */ 't', 'i', 'p', 's', 'a', 'c', 'a', 'd', 'e', 'm', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tir-pistolet-chexbres.ch", true */ 't', 'i', 'r', '-', 'p', 'i', 's', 't', 'o', 'l', 'e', 't', '-', 'c', 'h', 'e', 'x', 'b', 'r', 'e', 's', '.', 'c', 'h', '\0',
+  /* "tircentrale.net", true */ 't', 'i', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tirionnetwork.de", true */ 't', 'i', 'r', 'i', 'o', 'n', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'd', 'e', '\0',
+  /* "tiroler-kupferschmiede.com", true */ 't', 'i', 'r', 'o', 'l', 'e', 'r', '-', 'k', 'u', 'p', 'f', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'e', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tirs4ne.ch", true */ 't', 'i', 'r', 's', '4', 'n', 'e', '.', 'c', 'h', '\0',
+  /* "tism.in", true */ 't', 'i', 's', 'm', '.', 'i', 'n', '\0',
+  /* "tissot-mayenfisch.com", true */ 't', 'i', 's', 's', 'o', 't', '-', 'm', 'a', 'y', 'e', 'n', 'f', 'i', 's', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tiste.org", true */ 't', 'i', 's', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tit.systems", true */ 't', 'i', 't', '.', 's', 'y', 's', 't', 'e', 'm', 's', '\0',
+  /* "titanous.com", true */ 't', 'i', 't', 'a', 'n', 'o', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "titelseite.ch", true */ 't', 'i', 't', 'e', 'l', 's', 'e', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "titiansgirlphotography.com", true */ 't', 'i', 't', 'i', 'a', 'n', 's', 'g', 'i', 'r', 'l', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tittelbach.at", false */ 't', 'i', 't', 't', 'e', 'l', 'b', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "titusetcompagnies.net", true */ 't', 'i', 't', 'u', 's', 'e', 't', 'c', 'o', 'm', 'p', 'a', 'g', 'n', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "tivido.nl", true */ 't', 'i', 'v', 'i', 'd', 'o', '.', 'n', 'l', '\0',
+  /* "tjandpals.com", true */ 't', 'j', 'a', 'n', 'd', 'p', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tjenestetorvet.dk", true */ 't', 'j', 'e', 'n', 'e', 's', 't', 'e', 't', 'o', 'r', 'v', 'e', 't', '.', 'd', 'k', '\0',
+  /* "tjkcastles.uk", true */ 't', 'j', 'k', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'u', 'k', '\0',
+  /* "tjl.rocks", true */ 't', 'j', 'l', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "tjp.ch", true */ 't', 'j', 'p', '.', 'c', 'h', '\0',
+  /* "tjs.me", true */ 't', 'j', 's', '.', 'm', 'e', '\0',
+  /* "tjsbouncycastles.co.uk", true */ 't', 'j', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tjullrich.de", true */ 't', 'j', 'u', 'l', 'l', 'r', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "tkacz.pro", true */ 't', 'k', 'a', 'c', 'z', '.', 'p', 'r', 'o', '\0',
+  /* "tkanemoto.com", true */ 't', 'k', 'a', 'n', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tkat.ch", true */ 't', 'k', 'a', 't', '.', 'c', 'h', '\0',
+  /* "tkgpm.com", true */ 't', 'k', 'g', 'p', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tkjg.fi", true */ 't', 'k', 'j', 'g', '.', 'f', 'i', '\0',
+  /* "tkn.me", true */ 't', 'k', 'n', '.', 'm', 'e', '\0',
+  /* "tkts.cl", true */ 't', 'k', 't', 's', '.', 'c', 'l', '\0',
+  /* "tkusano.jp", true */ 't', 'k', 'u', 's', 'a', 'n', 'o', '.', 'j', 'p', '\0',
+  /* "tkw01536.de", true */ 't', 'k', 'w', '0', '1', '5', '3', '6', '.', 'd', 'e', '\0',
+  /* "tlach.cz", true */ 't', 'l', 'a', 'c', 'h', '.', 'c', 'z', '\0',
+  /* "tlca.org", true */ 't', 'l', 'c', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tlcnet.info", true */ 't', 'l', 'c', 'n', 'e', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tlehseasyads.com", true */ 't', 'l', 'e', 'h', 's', 'e', 'a', 's', 'y', 'a', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tlo.xyz", true */ 't', 'l', 'o', '.', 'x', 'y', 'z', '\0',
+  /* "tloxygen.com", true */ 't', 'l', 'o', 'x', 'y', 'g', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tls-proxy.de", true */ 't', 'l', 's', '-', 'p', 'r', 'o', 'x', 'y', '.', 'd', 'e', '\0',
+  /* "tls.builders", true */ 't', 'l', 's', '.', 'b', 'u', 'i', 'l', 'd', 'e', 'r', 's', '\0',
+  /* "tls.care", true */ 't', 'l', 's', '.', 'c', 'a', 'r', 'e', '\0',
+  /* "tls1914.org", true */ 't', 'l', 's', '1', '9', '1', '4', '.', 'o', 'r', 'g', '\0',
+  /* "tlsrobot.se", true */ 't', 'l', 's', 'r', 'o', 'b', 'o', 't', '.', 's', 'e', '\0',
+  /* "tlthings.net", true */ 't', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "tlys.de", true */ 't', 'l', 'y', 's', '.', 'd', 'e', '\0',
+  /* "tm.id.au", true */ 't', 'm', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "tmberg.cf", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'c', 'f', '\0',
+  /* "tmberg.ga", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'a', '\0',
+  /* "tmberg.gq", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'g', 'q', '\0',
+  /* "tmberg.ml", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 'm', 'l', '\0',
+  /* "tmberg.tk", true */ 't', 'm', 'b', 'e', 'r', 'g', '.', 't', 'k', '\0',
+  /* "tmc.com.mt", true */ 't', 'm', 'c', '.', 'c', 'o', 'm', '.', 'm', 't', '\0',
+  /* "tmconnects.com", true */ 't', 'm', 'c', 'o', 'n', 'n', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tmcpromotions.co.uk", true */ 't', 'm', 'c', 'p', 'r', 'o', 'm', 'o', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tmcreationweb.com", true */ 't', 'm', 'c', 'r', 'e', 'a', 't', 'i', 'o', 'n', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "tmdb.biz", true */ 't', 'm', 'd', 'b', '.', 'b', 'i', 'z', '\0',
+  /* "tmf.ru", true */ 't', 'm', 'f', '.', 'r', 'u', '\0',
+  /* "tmhr.moe", true */ 't', 'm', 'h', 'r', '.', 'm', 'o', 'e', '\0',
+  /* "tmi-products.eu", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'c', 't', 's', '.', 'e', 'u', '\0',
+  /* "tmi-produkter.se", true */ 't', 'm', 'i', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', 'r', '.', 's', 'e', '\0',
+  /* "tmi.news", true */ 't', 'm', 'i', '.', 'n', 'e', 'w', 's', '\0',
+  /* "tmin.cf", true */ 't', 'm', 'i', 'n', '.', 'c', 'f', '\0',
+  /* "tmm.cx", true */ 't', 'm', 'm', '.', 'c', 'x', '\0',
+  /* "tmonitoring.com", true */ 't', 'm', 'o', 'n', 'i', 't', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tmpraider.net", true */ 't', 'm', 'p', 'r', 'a', 'i', 'd', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tmpsantos.com.br", true */ 't', 'm', 'p', 's', 'a', 'n', 't', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tmtopup.com", true */ 't', 'm', 't', 'o', 'p', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tn0.club", true */ 't', 'n', '0', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "tnes.dk", true */ 't', 'n', 'e', 's', '.', 'd', 'k', '\0',
+  /* "tniad.mil.id", false */ 't', 'n', 'i', 'a', 'd', '.', 'm', 'i', 'l', '.', 'i', 'd', '\0',
+  /* "tntmobi.com", true */ 't', 'n', 't', 'm', 'o', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tny.link", true */ 't', 'n', 'y', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "toad.ga", true */ 't', 'o', 'a', 'd', '.', 'g', 'a', '\0',
+  /* "toast.al", false */ 't', 'o', 'a', 's', 't', '.', 'a', 'l', '\0',
+  /* "tob-rulez.de", true */ 't', 'o', 'b', '-', 'r', 'u', 'l', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "tobacco.gov", true */ 't', 'o', 'b', 'a', 'c', 'c', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "tobedo.net", true */ 't', 'o', 'b', 'e', 'd', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tobi-mayer.de", true */ 't', 'o', 'b', 'i', '-', 'm', 'a', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tobias-bauer.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'b', 'a', 'u', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tobias-haenel.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'h', 'a', 'e', 'n', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tobias-kluge.com", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tobias-kluge.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'k', 'l', 'u', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tobias-picha.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'p', 'i', 'c', 'h', 'a', '.', 'd', 'e', '\0',
+  /* "tobias-weidhase.de", true */ 't', 'o', 'b', 'i', 'a', 's', '-', 'w', 'e', 'i', 'd', 'h', 'a', 's', 'e', '.', 'd', 'e', '\0',
+  /* "tobias.gr", true */ 't', 'o', 'b', 'i', 'a', 's', '.', 'g', 'r', '\0',
+  /* "tobiasbergius.se", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'e', 'r', 'g', 'i', 'u', 's', '.', 's', 'e', '\0',
+  /* "tobiasbrunner.net", true */ 't', 'o', 'b', 'i', 'a', 's', 'b', 'r', 'u', 'n', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tobiasconradi.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'c', 'o', 'n', 'r', 'a', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tobiashorvath.com", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tobiashorvath.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'h', 'o', 'r', 'v', 'a', 't', 'h', '.', 'd', 'e', '\0',
+  /* "tobiaskorf.de", true */ 't', 'o', 'b', 'i', 'a', 's', 'k', 'o', 'r', 'f', '.', 'd', 'e', '\0',
+  /* "tobiassachs.de", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 'c', 'h', 's', '.', 'd', 'e', '\0',
+  /* "tobiassattler.com", true */ 't', 'o', 'b', 'i', 'a', 's', 's', 'a', 't', 't', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tobiemilford.com", true */ 't', 'o', 'b', 'i', 'e', 'm', 'i', 'l', 'f', 'o', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tobis-rundfluege.de", true */ 't', 'o', 'b', 'i', 's', '-', 'r', 'u', 'n', 'd', 'f', 'l', 'u', 'e', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tobis-webservice.de", true */ 't', 'o', 'b', 'i', 's', '-', 'w', 'e', 'b', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'd', 'e', '\0',
+  /* "tobischo.de", true */ 't', 'o', 'b', 'i', 's', 'c', 'h', 'o', '.', 'd', 'e', '\0',
+  /* "tobisworld.ch", true */ 't', 'o', 'b', 'i', 's', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "tobyschrapel.com", true */ 't', 'o', 'b', 'y', 's', 'c', 'h', 'r', 'a', 'p', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tobyx.com", true */ 't', 'o', 'b', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tobyx.de", true */ 't', 'o', 'b', 'y', 'x', '.', 'd', 'e', '\0',
+  /* "tobyx.eu", true */ 't', 'o', 'b', 'y', 'x', '.', 'e', 'u', '\0',
+  /* "tobyx.net", true */ 't', 'o', 'b', 'y', 'x', '.', 'n', 'e', 't', '\0',
+  /* "tobyx.org", true */ 't', 'o', 'b', 'y', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "tocaro.im", true */ 't', 'o', 'c', 'a', 'r', 'o', '.', 'i', 'm', '\0',
+  /* "toccoig.com", true */ 't', 'o', 'c', 'c', 'o', 'i', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tochi-urikata.net", true */ 't', 'o', 'c', 'h', 'i', '-', 'u', 'r', 'i', 'k', 'a', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "todaciencia.com", true */ 't', 'o', 'd', 'a', 'c', 'i', 'e', 'n', 'c', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "todamateria.com.br", true */ 't', 'o', 'd', 'a', 'm', 'a', 't', 'e', 'r', 'i', 'a', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "todaymeow.com", true */ 't', 'o', 'd', 'a', 'y', 'm', 'e', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "todocracy.com", true */ 't', 'o', 'd', 'o', 'c', 'r', 'a', 'c', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "todoescine.com", true */ 't', 'o', 'd', 'o', 'e', 's', 'c', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "todoist.com", true */ 't', 'o', 'd', 'o', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "todon.fr", true */ 't', 'o', 'd', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "toeglhofer.at", true */ 't', 'o', 'e', 'g', 'l', 'h', 'o', 'f', 'e', 'r', '.', 'a', 't', '\0',
+  /* "toeightycountries.com", true */ 't', 'o', 'e', 'i', 'g', 'h', 't', 'y', 'c', 'o', 'u', 'n', 't', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tofa-koeln.de", true */ 't', 'o', 'f', 'a', '-', 'k', 'o', 'e', 'l', 'n', '.', 'd', 'e', '\0',
+  /* "tofe.io", true */ 't', 'o', 'f', 'e', '.', 'i', 'o', '\0',
+  /* "tofilmhub.com", true */ 't', 'o', 'f', 'i', 'l', 'm', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "togech.jp", true */ 't', 'o', 'g', 'e', 'c', 'h', '.', 'j', 'p', '\0',
+  /* "togetter.com", true */ 't', 'o', 'g', 'e', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "toheb.de", true */ 't', 'o', 'h', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "tohokinemakan.tk", true */ 't', 'o', 'h', 'o', 'k', 'i', 'n', 'e', 'm', 'a', 'k', 'a', 'n', '.', 't', 'k', '\0',
+  /* "tojeto.eu", true */ 't', 'o', 'j', 'e', 't', 'o', '.', 'e', 'u', '\0',
+  /* "tokage.me", true */ 't', 'o', 'k', 'a', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "tokaido-kun.jp", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '-', 'k', 'u', 'n', '.', 'j', 'p', '\0',
+  /* "tokaido.com", true */ 't', 'o', 'k', 'a', 'i', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tokainafb.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'f', 'b', '.', 'n', 'e', 't', '\0',
+  /* "tokainakurasi.net", true */ 't', 'o', 'k', 'a', 'i', 'n', 'a', 'k', 'u', 'r', 'a', 's', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tokbijouxs.com.br", true */ 't', 'o', 'k', 'b', 'i', 'j', 'o', 'u', 'x', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tokic.hr", true */ 't', 'o', 'k', 'i', 'c', '.', 'h', 'r', '\0',
+  /* "tokio.fi", true */ 't', 'o', 'k', 'i', 'o', '.', 'f', 'i', '\0',
+  /* "tokke.dk", true */ 't', 'o', 'k', 'k', 'e', '.', 'd', 'k', '\0',
+  /* "tokobungaasryflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'a', 's', 'r', 'y', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadijambi.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'j', 'a', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadilampung.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'l', 'a', 'm', 'p', 'u', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tokobungadipadangflorist.com", true */ 't', 'o', 'k', 'o', 'b', 'u', 'n', 'g', 'a', 'd', 'i', 'p', 'a', 'd', 'a', 'n', 'g', 'f', 'l', 'o', 'r', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tokototech.com", true */ 't', 'o', 'k', 'o', 't', 'o', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tokumei.co", true */ 't', 'o', 'k', 'u', 'm', 'e', 'i', '.', 'c', 'o', '\0',
+  /* "tokyo-onkyo.jp", true */ 't', 'o', 'k', 'y', 'o', '-', 'o', 'n', 'k', 'y', 'o', '.', 'j', 'p', '\0',
+  /* "tokyo-powerstation.com", true */ 't', 'o', 'k', 'y', 'o', '-', 'p', 'o', 'w', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tokyo.dating", true */ 't', 'o', 'k', 'y', 'o', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "tokyomakino.com", true */ 't', 'o', 'k', 'y', 'o', 'm', 'a', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tokyovipper.com", true */ 't', 'o', 'k', 'y', 'o', 'v', 'i', 'p', 'p', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tolboe.com", true */ 't', 'o', 'l', 'b', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toleressea.fr", true */ 't', 'o', 'l', 'e', 'r', 'e', 's', 's', 'e', 'a', '.', 'f', 'r', '\0',
+  /* "toles-sur-mesure.fr", true */ 't', 'o', 'l', 'e', 's', '-', 's', 'u', 'r', '-', 'm', 'e', 's', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "tolle-wolke.de", true */ 't', 'o', 'l', 'l', 'e', '-', 'w', 'o', 'l', 'k', 'e', '.', 'd', 'e', '\0',
+  /* "tollfreeproxy.com", true */ 't', 'o', 'l', 'l', 'f', 'r', 'e', 'e', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tom-geiger.de", true */ 't', 'o', 'm', '-', 'g', 'e', 'i', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tom-kunze.de", true */ 't', 'o', 'm', '-', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "tom-maxwell.com", true */ 't', 'o', 'm', '-', 'm', 'a', 'x', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tom.horse", true */ 't', 'o', 'm', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "tomabrafix.de", true */ 't', 'o', 'm', 'a', 'b', 'r', 'a', 'f', 'i', 'x', '.', 'd', 'e', '\0',
+  /* "tomandshirley.com", true */ 't', 'o', 'm', 'a', 'n', 'd', 's', 'h', 'i', 'r', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tomasjacik.cz", true */ 't', 'o', 'm', 'a', 's', 'j', 'a', 'c', 'i', 'k', '.', 'c', 'z', '\0',
+  /* "tomaskavalek.cz", true */ 't', 'o', 'm', 'a', 's', 'k', 'a', 'v', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tomaspialek.cz", true */ 't', 'o', 'm', 'a', 's', 'p', 'i', 'a', 'l', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "tomatenaufdenaugen.de", true */ 't', 'o', 'm', 'a', 't', 'e', 'n', 'a', 'u', 'f', 'd', 'e', 'n', 'a', 'u', 'g', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "tomatis-nantes.com", true */ 't', 'o', 'm', 'a', 't', 'i', 's', '-', 'n', 'a', 'n', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tomaw.net", true */ 't', 'o', 'm', 'a', 'w', '.', 'n', 'e', 't', '\0',
+  /* "tomaz.eu", true */ 't', 'o', 'm', 'a', 'z', '.', 'e', 'u', '\0',
+  /* "tombaker.me", true */ 't', 'o', 'm', 'b', 'a', 'k', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "tomberek.info", true */ 't', 'o', 'm', 'b', 'e', 'r', 'e', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "tombrossman.com", true */ 't', 'o', 'm', 'b', 'r', 'o', 's', 's', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tomcort.com", true */ 't', 'o', 'm', 'c', 'o', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomdudfield.com", true */ 't', 'o', 'm', 'd', 'u', 'd', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tomend.es", true */ 't', 'o', 'm', 'e', 'n', 'd', '.', 'e', 's', '\0',
+  /* "tomershemesh.me", true */ 't', 'o', 'm', 'e', 'r', 's', 'h', 'e', 'm', 'e', 's', 'h', '.', 'm', 'e', '\0',
+  /* "tomfisher.eu", true */ 't', 'o', 'm', 'f', 'i', 's', 'h', 'e', 'r', '.', 'e', 'u', '\0',
+  /* "tomharling.co.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tomharling.uk", true */ 't', 'o', 'm', 'h', 'a', 'r', 'l', 'i', 'n', 'g', '.', 'u', 'k', '\0',
+  /* "tomharris.tech", true */ 't', 'o', 'm', 'h', 'a', 'r', 'r', 'i', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "tomi.cc", true */ 't', 'o', 'm', 'i', '.', 'c', 'c', '\0',
+  /* "tomica.me", true */ 't', 'o', 'm', 'i', 'c', 'a', '.', 'm', 'e', '\0',
+  /* "tomiler.com", true */ 't', 'o', 'm', 'i', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tomjans.nl", true */ 't', 'o', 'm', 'j', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "tomjonsson.se", true */ 't', 'o', 'm', 'j', 'o', 'n', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "tomkunze.de", true */ 't', 'o', 'm', 'k', 'u', 'n', 'z', 'e', '.', 'd', 'e', '\0',
+  /* "tomli.blog", true */ 't', 'o', 'm', 'l', 'i', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "tommic.eu", true */ 't', 'o', 'm', 'm', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "tommy-bordas.fr", true */ 't', 'o', 'm', 'm', 'y', '-', 'b', 'o', 'r', 'd', 'a', 's', '.', 'f', 'r', '\0',
+  /* "tomnatt.com", true */ 't', 'o', 'm', 'n', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomo.gr", false */ 't', 'o', 'm', 'o', '.', 'g', 'r', '\0',
+  /* "tomochun.net", true */ 't', 'o', 'm', 'o', 'c', 'h', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tomravinmd.com", true */ 't', 'o', 'm', 'r', 'a', 'v', 'i', 'n', 'm', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tomrei.com", true */ 't', 'o', 'm', 'r', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tomrichards.net", true */ 't', 'o', 'm', 'r', 'i', 'c', 'h', 'a', 'r', 'd', 's', '.', 'n', 'e', 't', '\0',
+  /* "tomschlick.com", true */ 't', 'o', 'm', 's', 'c', 'h', 'l', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "tomssl.com", true */ 't', 'o', 'm', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tomticket.com", true */ 't', 'o', 'm', 't', 'i', 'c', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tomudding.com", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tomudding.nl", true */ 't', 'o', 'm', 'u', 'd', 'd', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "tomvote.com", true */ 't', 'o', 'm', 'v', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tomwassenberg.com", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tomwassenberg.nl", true */ 't', 'o', 'm', 'w', 'a', 's', 's', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "tomwiggers.nl", false */ 't', 'o', 'm', 'w', 'i', 'g', 'g', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "tomwilson.io", true */ 't', 'o', 'm', 'w', 'i', 'l', 's', 'o', 'n', '.', 'i', 'o', '\0',
+  /* "tomyork.net", true */ 't', 'o', 'm', 'y', 'o', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "tonabor.ru", true */ 't', 'o', 'n', 'a', 'b', 'o', 'r', '.', 'r', 'u', '\0',
+  /* "tonage.de", true */ 't', 'o', 'n', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "tondles.com", true */ 't', 'o', 'n', 'd', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tonegidoarchief.nl", true */ 't', 'o', 'n', 'e', 'g', 'i', 'd', 'o', 'a', 'r', 'c', 'h', 'i', 'e', 'f', '.', 'n', 'l', '\0',
+  /* "toner24.at", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'a', 't', '\0',
+  /* "toner24.co.uk", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "toner24.es", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'e', 's', '\0',
+  /* "toner24.fr", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'f', 'r', '\0',
+  /* "toner24.it", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'i', 't', '\0',
+  /* "toner24.nl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'n', 'l', '\0',
+  /* "toner24.pl", true */ 't', 'o', 'n', 'e', 'r', '2', '4', '.', 'p', 'l', '\0',
+  /* "tonerdepot.de", true */ 't', 'o', 'n', 'e', 'r', 'd', 'e', 'p', 'o', 't', '.', 'd', 'e', '\0',
+  /* "tonerjet.at", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'a', 't', '\0',
+  /* "tonerjet.co.uk", true */ 't', 'o', 'n', 'e', 'r', 'j', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tonerklick.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'l', 'i', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "tonerkurier.de", true */ 't', 'o', 'n', 'e', 'r', 'k', 'u', 'r', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tonermaus.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'a', 'u', 's', '.', 'd', 'e', '\0',
+  /* "tonermonster.de", true */ 't', 'o', 'n', 'e', 'r', 'm', 'o', 'n', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "tonex.de", true */ 't', 'o', 'n', 'e', 'x', '.', 'd', 'e', '\0',
+  /* "tonex.nl", true */ 't', 'o', 'n', 'e', 'x', '.', 'n', 'l', '\0',
+  /* "tonkinson.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tonkinwilsonvillenissanparts.com", true */ 't', 'o', 'n', 'k', 'i', 'n', 'w', 'i', 'l', 's', 'o', 'n', 'v', 'i', 'l', 'l', 'e', 'n', 'i', 's', 's', 'a', 'n', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tonsit.com", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tonsit.org", true */ 't', 'o', 'n', 's', 'i', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tonyarcieri.com", true */ 't', 'o', 'n', 'y', 'a', 'r', 'c', 'i', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tonymanning.com", false */ 't', 'o', 'n', 'y', 'm', 'a', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tonytan.cn", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'c', 'n', '\0',
+  /* "tonytan.io", true */ 't', 'o', 'n', 'y', 't', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "tonytron.com.br", true */ 't', 'o', 'n', 'y', 't', 'r', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tonyw.xyz", true */ 't', 'o', 'n', 'y', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "tonywebster.com", true */ 't', 'o', 'n', 'y', 'w', 'e', 'b', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "too.gy", true */ 't', 'o', 'o', '.', 'g', 'y', '\0',
+  /* "toobug.net", true */ 't', 'o', 'o', 'b', 'u', 'g', '.', 'n', 'e', 't', '\0',
+  /* "toolbox.ninja", false */ 't', 'o', 'o', 'l', 'b', 'o', 'x', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "toom.io", true */ 't', 'o', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "toonpool.com", true */ 't', 'o', 'o', 'n', 'p', 'o', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "toool.nl", true */ 't', 'o', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "toool.org", true */ 't', 'o', 'o', 'o', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "tooti.biz", true */ 't', 'o', 'o', 't', 'i', '.', 'b', 'i', 'z', '\0',
+  /* "top-obaly.cz", true */ 't', 'o', 'p', '-', 'o', 'b', 'a', 'l', 'y', '.', 'c', 'z', '\0',
+  /* "top-opakowania.pl", true */ 't', 'o', 'p', '-', 'o', 'p', 'a', 'k', 'o', 'w', 'a', 'n', 'i', 'a', '.', 'p', 'l', '\0',
+  /* "top-solar-info.de", true */ 't', 'o', 'p', '-', 's', 'o', 'l', 'a', 'r', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "top10mountainbikes.info", true */ 't', 'o', 'p', '1', '0', 'm', 'o', 'u', 'n', 't', 'a', 'i', 'n', 'b', 'i', 'k', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "top9.fr", true */ 't', 'o', 'p', '9', '.', 'f', 'r', '\0',
+  /* "topanlage.de", true */ 't', 'o', 'p', 'a', 'n', 'l', 'a', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "topaxi.ch", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'h', '\0',
+  /* "topaxi.codes", true */ 't', 'o', 'p', 'a', 'x', 'i', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "topbargains.com.au", false */ 't', 'o', 'p', 'b', 'a', 'r', 'g', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "topbounce.com", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "topbouncycastles.co.uk", true */ 't', 'o', 'p', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topbrakes.com", true */ 't', 'o', 'p', 'b', 'r', 'a', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topclassfun.ie", true */ 't', 'o', 'p', 'c', 'l', 'a', 's', 's', 'f', 'u', 'n', '.', 'i', 'e', '\0',
+  /* "topdesk.net", true */ 't', 'o', 'p', 'd', 'e', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "topdevbox.net", true */ 't', 'o', 'p', 'd', 'e', 'v', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "topdogsinflatables.co.uk", true */ 't', 'o', 'p', 'd', 'o', 'g', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topeng-emas.com", true */ 't', 'o', 'p', 'e', 'n', 'g', '-', 'e', 'm', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topfivepercent.co.uk", true */ 't', 'o', 'p', 'f', 'i', 'v', 'e', 'p', 'e', 'r', 'c', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "topicit.net", true */ 't', 'o', 'p', 'i', 'c', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "topirishcasinos.com", true */ 't', 'o', 'p', 'i', 'r', 'i', 's', 'h', 'c', 'a', 's', 'i', 'n', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "topjobs.ch", true */ 't', 'o', 'p', 'j', 'o', 'b', 's', '.', 'c', 'h', '\0',
+  /* "toplist.eu", true */ 't', 'o', 'p', 'l', 'i', 's', 't', '.', 'e', 'u', '\0',
+  /* "topnotepad.com", true */ 't', 'o', 'p', 'n', 'o', 't', 'e', 'p', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "topodin.com", true */ 't', 'o', 'p', 'o', 'd', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "topprice.ua", true */ 't', 'o', 'p', 'p', 'r', 'i', 'c', 'e', '.', 'u', 'a', '\0',
+  /* "topshelfcommercial.com", true */ 't', 'o', 'p', 's', 'h', 'e', 'l', 'f', 'c', 'o', 'm', 'm', 'e', 'r', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "topspeedgolf.com", false */ 't', 'o', 'p', 's', 'p', 'e', 'e', 'd', 'g', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "toptec.net.br", true */ 't', 'o', 'p', 't', 'e', 'c', '.', 'n', 'e', 't', '.', 'b', 'r', '\0',
+  /* "toptexture.com", true */ 't', 'o', 'p', 't', 'e', 'x', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toptheto.com", true */ 't', 'o', 'p', 't', 'h', 'e', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "topwin.la", true */ 't', 'o', 'p', 'w', 'i', 'n', '.', 'l', 'a', '\0',
+  /* "toracon.org", true */ 't', 'o', 'r', 'a', 'c', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "torbay.ga", true */ 't', 'o', 'r', 'b', 'a', 'y', '.', 'g', 'a', '\0',
+  /* "torbe.es", true */ 't', 'o', 'r', 'b', 'e', '.', 'e', 's', '\0',
+  /* "torchantifa.org", true */ 't', 'o', 'r', 'c', 'h', 'a', 'n', 't', 'i', 'f', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "toretame.jp", true */ 't', 'o', 'r', 'e', 't', 'a', 'm', 'e', '.', 'j', 'p', '\0',
+  /* "toretfaction.net", true */ 't', 'o', 'r', 'e', 't', 'f', 'a', 'c', 't', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tormentedradio.com", true */ 't', 'o', 'r', 'm', 'e', 'n', 't', 'e', 'd', 'r', 'a', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "torn1.se", true */ 't', 'o', 'r', 'n', '1', '.', 's', 'e', '\0',
+  /* "torontocorporatelimo.services", true */ 't', 'o', 'r', 'o', 'n', 't', 'o', 'c', 'o', 'r', 'p', 'o', 'r', 'a', 't', 'e', 'l', 'i', 'm', 'o', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "torproject.org", false */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "torprojects.com", true */ 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "torquato.de", false */ 't', 'o', 'r', 'q', 'u', 'a', 't', 'o', '.', 'd', 'e', '\0',
+  /* "torrent.fedoraproject.org", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "torrent.is", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 's', '\0',
+  /* "torrentgamesps2.info", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'g', 'a', 'm', 'e', 's', 'p', 's', '2', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "torrentpier.me", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'p', 'i', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "torrentz2.eu", true */ 't', 'o', 'r', 'r', 'e', 'n', 't', 'z', '2', '.', 'e', 'u', '\0',
+  /* "torresygutierrez.com", true */ 't', 'o', 'r', 'r', 'e', 's', 'y', 'g', 'u', 't', 'i', 'e', 'r', 'r', 'e', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "torretzalam.com", true */ 't', 'o', 'r', 'r', 'e', 't', 'z', 'a', 'l', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "torservers.net", true */ 't', 'o', 'r', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "torsten-schmitz.net", true */ 't', 'o', 'r', 's', 't', 'e', 'n', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'n', 'e', 't', '\0',
+  /* "torstensenf.de", true */ 't', 'o', 'r', 's', 't', 'e', 'n', 's', 'e', 'n', 'f', '.', 'd', 'e', '\0',
+  /* "tortoises-turtles.com", true */ 't', 'o', 'r', 't', 'o', 'i', 's', 'e', 's', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tortugan.com.br", true */ 't', 'o', 'r', 't', 'u', 'g', 'a', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "tosainu.com.br", true */ 't', 'o', 's', 'a', 'i', 'n', 'u', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "toscer.me", true */ 't', 'o', 's', 'c', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "toschool.com.br", true */ 't', 'o', 's', 'c', 'h', 'o', 'o', 'l', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "toshkov.com", true */ 't', 'o', 's', 'h', 'k', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "tosteberg.se", true */ 't', 'o', 's', 't', 'e', 'b', 'e', 'r', 'g', '.', 's', 'e', '\0',
+  /* "tostu.de", true */ 't', 'o', 's', 't', 'u', '.', 'd', 'e', '\0',
+  /* "totaku.ru", true */ 't', 'o', 't', 'a', 'k', 'u', '.', 'r', 'u', '\0',
+  /* "totalbeauty.co.uk", true */ 't', 'o', 't', 'a', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "totalbike.com.br", true */ 't', 'o', 't', 'a', 'l', 'b', 'i', 'k', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "totalcarcheck.co.uk", true */ 't', 'o', 't', 'a', 'l', 'c', 'a', 'r', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "totalchecklist.com", true */ 't', 'o', 't', 'a', 'l', 'c', 'h', 'e', 'c', 'k', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "totalforcegym.com", true */ 't', 'o', 't', 'a', 'l', 'f', 'o', 'r', 'c', 'e', 'g', 'y', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "totalhomecareinc.com", true */ 't', 'o', 't', 'a', 'l', 'h', 'o', 'm', 'e', 'c', 'a', 'r', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "totallylegitimatehosting.ru", true */ 't', 'o', 't', 'a', 'l', 'l', 'y', 'l', 'e', 'g', 'i', 't', 'i', 'm', 'a', 't', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'r', 'u', '\0',
+  /* "totalpahire.com", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "totalparts.com.au", true */ 't', 'o', 't', 'a', 'l', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "totalprint.hu", true */ 't', 'o', 't', 'a', 'l', 'p', 'r', 'i', 'n', 't', '.', 'h', 'u', '\0',
+  /* "totaltriathlon.com", true */ 't', 'o', 't', 'a', 'l', 't', 'r', 'i', 'a', 't', 'h', 'l', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "totem-international.com", true */ 't', 'o', 't', 'e', 'm', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "totobetty.com", true */ 't', 'o', 't', 'o', 'b', 'e', 't', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "touch.facebook.com", false */ 't', 'o', 'u', 'c', 'h', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "touch.mail.ru", true */ 't', 'o', 'u', 'c', 'h', '.', 'm', 'a', 'i', 'l', '.', 'r', 'u', '\0',
+  /* "touchoflife.in", true */ 't', 'o', 'u', 'c', 'h', 'o', 'f', 'l', 'i', 'f', 'e', '.', 'i', 'n', '\0',
+  /* "touchscreentills.com", true */ 't', 'o', 'u', 'c', 'h', 's', 'c', 'r', 'e', 'e', 'n', 't', 'i', 'l', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tougetu.com", true */ 't', 'o', 'u', 'g', 'e', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "touhou.cc", true */ 't', 'o', 'u', 'h', 'o', 'u', '.', 'c', 'c', '\0',
+  /* "toujours-actif.com", true */ 't', 'o', 'u', 'j', 'o', 'u', 'r', 's', '-', 'a', 'c', 't', 'i', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "tounyou-raku.com", true */ 't', 'o', 'u', 'n', 'y', 'o', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "touray-enterprise.ch", true */ 't', 'o', 'u', 'r', 'a', 'y', '-', 'e', 'n', 't', 'e', 'r', 'p', 'r', 'i', 's', 'e', '.', 'c', 'h', '\0',
+  /* "tourismwithme.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'm', 'w', 'i', 't', 'h', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tourispo.com", true */ 't', 'o', 'u', 'r', 'i', 's', 'p', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tournevis.ch", true */ 't', 'o', 'u', 'r', 'n', 'e', 'v', 'i', 's', '.', 'c', 'h', '\0',
+  /* "tourtransferitaly.it", true */ 't', 'o', 'u', 'r', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 't', 'a', 'l', 'y', '.', 'i', 't', '\0',
+  /* "tous-travaux.ch", true */ 't', 'o', 'u', 's', '-', 't', 'r', 'a', 'v', 'a', 'u', 'x', '.', 'c', 'h', '\0',
+  /* "toushi-exe.com", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'e', 'x', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toushi-return.xyz", true */ 't', 'o', 'u', 's', 'h', 'i', '-', 'r', 'e', 't', 'u', 'r', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "touslesdrivers.com", true */ 't', 'o', 'u', 's', 'l', 'e', 's', 'd', 'r', 'i', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tousproducteurs.fr", true */ 't', 'o', 'u', 's', 'p', 'r', 'o', 'd', 'u', 'c', 't', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "tout-art.ch", true */ 't', 'o', 'u', 't', '-', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "toutart.ch", true */ 't', 'o', 'u', 't', 'a', 'r', 't', '.', 'c', 'h', '\0',
+  /* "toutenmusic.fr", true */ 't', 'o', 'u', 't', 'e', 'n', 'm', 'u', 's', 'i', 'c', '.', 'f', 'r', '\0',
+  /* "toutmonexam.fr", true */ 't', 'o', 'u', 't', 'm', 'o', 'n', 'e', 'x', 'a', 'm', '.', 'f', 'r', '\0',
+  /* "tovare.com", true */ 't', 'o', 'v', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "toverland-tickets.nl", true */ 't', 'o', 'v', 'e', 'r', 'l', 'a', 'n', 'd', '-', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'n', 'l', '\0',
+  /* "towandalibrary.org", true */ 't', 'o', 'w', 'a', 'n', 'd', 'a', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "towaway.ru", true */ 't', 'o', 'w', 'a', 'w', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "townandcountryus.com", true */ 't', 'o', 'w', 'n', 'a', 'n', 'd', 'c', 'o', 'u', 'n', 't', 'r', 'y', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "townhousedevelopments.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'd', 'e', 'v', 'e', 'l', 'o', 'p', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "townhouseregister.com.au", true */ 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "townofbridgewater.ca", true */ 't', 'o', 'w', 'n', 'o', 'f', 'b', 'r', 'i', 'd', 'g', 'e', 'w', 'a', 't', 'e', 'r', '.', 'c', 'a', '\0',
+  /* "towywebdesigns.uk", true */ 't', 'o', 'w', 'y', 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'u', 'k', '\0',
+  /* "tox.im", true */ 't', 'o', 'x', '.', 'i', 'm', '\0',
+  /* "toxicboot.com", true */ 't', 'o', 'x', 'i', 'c', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "toymania.de", true */ 't', 'o', 'y', 'm', 'a', 'n', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "toysperiod.com", true */ 't', 'o', 'y', 's', 'p', 'e', 'r', 'i', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tp-iryuubun.com", true */ 't', 'p', '-', 'i', 'r', 'y', 'u', 'u', 'b', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tp-kabushiki.com", true */ 't', 'p', '-', 'k', 'a', 'b', 'u', 's', 'h', 'i', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tp-kyouyufudousan.com", true */ 't', 'p', '-', 'k', 'y', 'o', 'u', 'y', 'u', 'f', 'u', 'd', 'o', 'u', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tp-law.jp", true */ 't', 'p', '-', 'l', 'a', 'w', '.', 'j', 'p', '\0',
+  /* "tpansino.com", true */ 't', 'p', 'a', 'n', 's', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tpbproxy.co", true */ 't', 'p', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'c', 'o', '\0',
+  /* "tpbunblocked.org", true */ 't', 'p', 'b', 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "tpidg.us", true */ 't', 'p', 'i', 'd', 'g', '.', 'u', 's', '\0',
+  /* "tpolemis.com", true */ 't', 'p', 'o', 'l', 'e', 'm', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tpp.chat", true */ 't', 'p', 'p', '.', 'c', 'h', 'a', 't', '\0',
+  /* "tppleague.me", false */ 't', 'p', 'p', 'l', 'e', 'a', 'g', 'u', 'e', '.', 'm', 'e', '\0',
+  /* "tqdev.com", true */ 't', 'q', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "tr.search.yahoo.com", false */ 't', 'r', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tr0n.net", true */ 't', 'r', '0', 'n', '.', 'n', 'e', 't', '\0',
+  /* "traas.org", true */ 't', 'r', 'a', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "trabajarenperu.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'p', 'e', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "trabajarenremoto.com", true */ 't', 'r', 'a', 'b', 'a', 'j', 'a', 'r', 'e', 'n', 'r', 'e', 'm', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trabbel.org", true */ 't', 'r', 'a', 'b', 'b', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "tracalada.cl", true */ 't', 'r', 'a', 'c', 'a', 'l', 'a', 'd', 'a', '.', 'c', 'l', '\0',
+  /* "trace.guru", true */ 't', 'r', 'a', 'c', 'e', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "tracelight.io", true */ 't', 'r', 'a', 'c', 'e', 'l', 'i', 'g', 'h', 't', '.', 'i', 'o', '\0',
+  /* "traceroute.guru", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "traceroute.link", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "traceroute.network", true */ 't', 'r', 'a', 'c', 'e', 'r', 'o', 'u', 't', 'e', '.', 'n', 'e', 't', 'w', 'o', 'r', 'k', '\0',
+  /* "traces.ml", true */ 't', 'r', 'a', 'c', 'e', 's', '.', 'm', 'l', '\0',
+  /* "tracetracker.no", true */ 't', 'r', 'a', 'c', 'e', 't', 'r', 'a', 'c', 'k', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "tracfinancialservices.com", true */ 't', 'r', 'a', 'c', 'f', 'i', 'n', 'a', 'n', 'c', 'i', 'a', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tracinsurance.com", true */ 't', 'r', 'a', 'c', 'i', 'n', 's', 'u', 'r', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trackchair.com", true */ 't', 'r', 'a', 'c', 'k', 'c', 'h', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trackdomains.com", true */ 't', 'r', 'a', 'c', 'k', 'd', 'o', 'm', 'a', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trackersimulator.org", true */ 't', 'r', 'a', 'c', 'k', 'e', 'r', 's', 'i', 'm', 'u', 'l', 'a', 't', 'o', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "trackeye.dk", true */ 't', 'r', 'a', 'c', 'k', 'e', 'y', 'e', '.', 'd', 'k', '\0',
+  /* "trackmeet.io", true */ 't', 'r', 'a', 'c', 'k', 'm', 'e', 'e', 't', '.', 'i', 'o', '\0',
+  /* "trackrecordpro.co.uk", true */ 't', 'r', 'a', 'c', 'k', 'r', 'e', 'c', 'o', 'r', 'd', 'p', 'r', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tractorpumps.com", true */ 't', 'r', 'a', 'c', 't', 'o', 'r', 'p', 'u', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trade.gov.uk", true */ 't', 'r', 'a', 'd', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "tradedesk.co.za", true */ 't', 'r', 'a', 'd', 'e', 'd', 'e', 's', 'k', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "tradeinvent.co.uk", true */ 't', 'r', 'a', 'd', 'e', 'i', 'n', 'v', 'e', 'n', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trademan.ky", true */ 't', 'r', 'a', 'd', 'e', 'm', 'a', 'n', '.', 'k', 'y', '\0',
+  /* "traderjoe-cloud.de", true */ 't', 'r', 'a', 'd', 'e', 'r', 'j', 'o', 'e', '-', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "tradietrove.com.au", true */ 't', 'r', 'a', 'd', 'i', 'e', 't', 'r', 'o', 'v', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "tradinews.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tradinews.fr", true */ 't', 'r', 'a', 'd', 'i', 'n', 'e', 'w', 's', '.', 'f', 'r', '\0',
+  /* "tradingbhavishya.com", true */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'b', 'h', 'a', 'v', 'i', 's', 'h', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tradingrooms.com", false */ 't', 'r', 'a', 'd', 'i', 'n', 'g', 'r', 'o', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "traditionsvivantesenimages.ch", true */ 't', 'r', 'a', 'd', 'i', 't', 'i', 'o', 'n', 's', 'v', 'i', 'v', 'a', 'n', 't', 'e', 's', 'e', 'n', 'i', 'm', 'a', 'g', 'e', 's', '.', 'c', 'h', '\0',
+  /* "tradiz.org", true */ 't', 'r', 'a', 'd', 'i', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "traeningsprojekt.dk", false */ 't', 'r', 'a', 'e', 'n', 'i', 'n', 'g', 's', 'p', 'r', 'o', 'j', 'e', 'k', 't', '.', 'd', 'k', '\0',
+  /* "trafarm.ro", true */ 't', 'r', 'a', 'f', 'a', 'r', 'm', '.', 'r', 'o', '\0',
+  /* "traffic.az", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', '.', 'a', 'z', '\0',
+  /* "trafficmanager.xxx", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'm', 'a', 'n', 'a', 'g', 'e', 'r', '.', 'x', 'x', 'x', '\0',
+  /* "trafficologyblueprint.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'o', 'l', 'o', 'g', 'y', 'b', 'l', 'u', 'e', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trafficpixel.tk", true */ 't', 'r', 'a', 'f', 'f', 'i', 'c', 'p', 'i', 'x', 'e', 'l', '.', 't', 'k', '\0',
+  /* "traffixdevices.com", true */ 't', 'r', 'a', 'f', 'f', 'i', 'x', 'd', 'e', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tragmi.ch", true */ 't', 'r', 'a', 'g', 'm', 'i', '.', 'c', 'h', '\0',
+  /* "trailerparty.com", true */ 't', 'r', 'a', 'i', 'l', 'e', 'r', 'p', 'a', 'r', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "trailforks.com", true */ 't', 'r', 'a', 'i', 'l', 'f', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "train-track.co.uk", true */ 't', 'r', 'a', 'i', 'n', '-', 't', 'r', 'a', 'c', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trainex.org", true */ 't', 'r', 'a', 'i', 'n', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "trainhornforums.com", true */ 't', 'r', 'a', 'i', 'n', 'h', 'o', 'r', 'n', 'f', 'o', 'r', 'u', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trainiac.com.au", true */ 't', 'r', 'a', 'i', 'n', 'i', 'a', 'c', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trainings-handschuhe-test.de", true */ 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', 's', '-', 'h', 'a', 'n', 'd', 's', 'c', 'h', 'u', 'h', 'e', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "trainline.at", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'a', 't', '\0',
+  /* "trainline.cn", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'n', '\0',
+  /* "trainline.com.br", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "trainline.com.pt", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'p', 't', '\0',
+  /* "trainline.cz", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'z', '\0',
+  /* "trainline.de", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "trainline.dk", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'k', '\0',
+  /* "trainline.es", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 's', '\0',
+  /* "trainline.eu", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'e', 'u', '\0',
+  /* "trainline.fr", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "trainline.io", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 'o', '\0',
+  /* "trainline.it", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'i', 't', '\0',
+  /* "trainline.nl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'l', '\0',
+  /* "trainline.no", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'o', '\0',
+  /* "trainline.pl", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "trainline.se", true */ 't', 'r', 'a', 'i', 'n', 'l', 'i', 'n', 'e', '.', 's', 'e', '\0',
+  /* "trainsgoodplanesbad.com", true */ 't', 'r', 'a', 'i', 'n', 's', 'g', 'o', 'o', 'd', 'p', 'l', 'a', 'n', 'e', 's', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "traista.ru", true */ 't', 'r', 'a', 'i', 's', 't', 'a', '.', 'r', 'u', '\0',
+  /* "trajano.net", true */ 't', 'r', 'a', 'j', 'a', 'n', 'o', '.', 'n', 'e', 't', '\0',
+  /* "tran.pw", true */ 't', 'r', 'a', 'n', '.', 'p', 'w', '\0',
+  /* "trancendances.fr", true */ 't', 'r', 'a', 'n', 'c', 'e', 'n', 'd', 'a', 'n', 'c', 'e', 's', '.', 'f', 'r', '\0',
+  /* "trangcongnghe.com", true */ 't', 'r', 'a', 'n', 'g', 'c', 'o', 'n', 'g', 'n', 'g', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trangell.com", true */ 't', 'r', 'a', 'n', 'g', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tranglenull.xyz", true */ 't', 'r', 'a', 'n', 'g', 'l', 'e', 'n', 'u', 'l', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "transacid.de", true */ 't', 'r', 'a', 'n', 's', 'a', 'c', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "transappealrights.com", true */ 't', 'r', 'a', 'n', 's', 'a', 'p', 'p', 'e', 'a', 'l', 'r', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "transcend.org", true */ 't', 'r', 'a', 'n', 's', 'c', 'e', 'n', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "transcricentro.pt", true */ 't', 'r', 'a', 'n', 's', 'c', 'r', 'i', 'c', 'e', 'n', 't', 'r', 'o', '.', 'p', 't', '\0',
+  /* "transfer.pw", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'p', 'w', '\0',
+  /* "transferio.nl", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 'i', 'o', '.', 'n', 'l', '\0',
+  /* "transfers.do", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', '.', 'd', 'o', '\0',
+  /* "transferserver.at", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'e', 'r', 'v', 'e', 'r', '.', 'a', 't', '\0',
+  /* "transfersummit.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', 's', 'u', 'm', 'm', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "transfigurewizard.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'g', 'u', 'r', 'e', 'w', 'i', 'z', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "transfile.fr", true */ 't', 'r', 'a', 'n', 's', 'f', 'i', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "transformaniatime.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 'n', 'i', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "transformations-magazin.com", true */ 't', 'r', 'a', 'n', 's', 'f', 'o', 'r', 'm', 'a', 't', 'i', 'o', 'n', 's', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "transhumanism.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transhumanist.co.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transhumanist.com", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "transhumanist.net", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "transhumanist.org", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "transhumanist.uk", true */ 't', 'r', 'a', 'n', 's', 'h', 'u', 'm', 'a', 'n', 'i', 's', 't', '.', 'u', 'k', '\0',
+  /* "transitownplaza.com", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'o', 'w', 'n', 'p', 'l', 'a', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "transitpoint.us", true */ 't', 'r', 'a', 'n', 's', 'i', 't', 'p', 'o', 'i', 'n', 't', '.', 'u', 's', '\0',
+  /* "translate.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "translate.googleapis.com", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "translate.stg.fedoraproject.org", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', '.', 's', 't', 'g', '.', 'f', 'e', 'd', 'o', 'r', 'a', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "translateblender.ru", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'e', 'b', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "translatoruk.co.uk", true */ 't', 'r', 'a', 'n', 's', 'l', 'a', 't', 'o', 'r', 'u', 'k', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "transmarttouring.com", true */ 't', 'r', 'a', 'n', 's', 'm', 'a', 'r', 't', 't', 'o', 'u', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "transmisjeonline.pl", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 's', 'j', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'l', '\0',
+  /* "transmithe.net", true */ 't', 'r', 'a', 'n', 's', 'm', 'i', 't', 'h', 'e', '.', 'n', 'e', 't', '\0',
+  /* "transnexus.com", true */ 't', 'r', 'a', 'n', 's', 'n', 'e', 'x', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "transparentcorp.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'a', 'r', 'e', 'n', 't', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "transport.eu", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', '.', 'e', 'u', '\0',
+  /* "transporterlock.com", true */ 't', 'r', 'a', 'n', 's', 'p', 'o', 'r', 't', 'e', 'r', 'l', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "transsexualpantyhose.com", true */ 't', 'r', 'a', 'n', 's', 's', 'e', 'x', 'u', 'a', 'l', 'p', 'a', 'n', 't', 'y', 'h', 'o', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "transverify.com", true */ 't', 'r', 'a', 'n', 's', 'v', 'e', 'r', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "trashnothing.com", true */ 't', 'r', 'a', 's', 'h', 'n', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "trask.no", true */ 't', 'r', 'a', 's', 'k', '.', 'n', 'o', '\0',
+  /* "traslocare.roma.it", true */ 't', 'r', 'a', 's', 'l', 'o', 'c', 'a', 'r', 'e', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "trauertexte.info", true */ 't', 'r', 'a', 'u', 'e', 'r', 't', 'e', 'x', 't', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "traut.cloud", true */ 't', 'r', 'a', 'u', 't', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "travador.com", true */ 't', 'r', 'a', 'v', 'a', 'd', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "travaux-toiture-idf.fr", true */ 't', 'r', 'a', 'v', 'a', 'u', 'x', '-', 't', 'o', 'i', 't', 'u', 'r', 'e', '-', 'i', 'd', 'f', '.', 'f', 'r', '\0',
+  /* "travel-dealz.de", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 'd', 'e', 'a', 'l', 'z', '.', 'd', 'e', '\0',
+  /* "travel-to-nature.ch", true */ 't', 'r', 'a', 'v', 'e', 'l', '-', 't', 'o', '-', 'n', 'a', 't', 'u', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "travel365.it", true */ 't', 'r', 'a', 'v', 'e', 'l', '3', '6', '5', '.', 'i', 't', '\0',
+  /* "travelarmenia.org", true */ 't', 'r', 'a', 'v', 'e', 'l', 'a', 'r', 'm', 'e', 'n', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "traveling-thailand.info", true */ 't', 'r', 'a', 'v', 'e', 'l', 'i', 'n', 'g', '-', 't', 'h', 'a', 'i', 'l', 'a', 'n', 'd', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "travellers.dating", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'e', 'r', 's', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "travelling.expert", true */ 't', 'r', 'a', 'v', 'e', 'l', 'l', 'i', 'n', 'g', '.', 'e', 'x', 'p', 'e', 'r', 't', '\0',
+  /* "travelmyth.ie", true */ 't', 'r', 'a', 'v', 'e', 'l', 'm', 'y', 't', 'h', '.', 'i', 'e', '\0',
+  /* "travelogue.jp", true */ 't', 'r', 'a', 'v', 'e', 'l', 'o', 'g', 'u', 'e', '.', 'j', 'p', '\0',
+  /* "travelpricecheck.com", true */ 't', 'r', 'a', 'v', 'e', 'l', 'p', 'r', 'i', 'c', 'e', 'c', 'h', 'e', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "travi.org", true */ 't', 'r', 'a', 'v', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "travisf.net", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', '.', 'n', 'e', 't', '\0',
+  /* "travisforte.io", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'o', 'r', 't', 'e', '.', 'i', 'o', '\0',
+  /* "travisfranck.com", true */ 't', 'r', 'a', 'v', 'i', 's', 'f', 'r', 'a', 'n', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "travler.net", true */ 't', 'r', 'a', 'v', 'l', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "trbanka.com", true */ 't', 'r', 'b', 'a', 'n', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "treasurydirect.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'd', 'i', 'r', 'e', 'c', 't', '.', 'g', 'o', 'v', '\0',
+  /* "treasuryhunt.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 'h', 'u', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "treasuryscams.gov", true */ 't', 'r', 'e', 'a', 's', 'u', 'r', 'y', 's', 'c', 'a', 'm', 's', '.', 'g', 'o', 'v', '\0',
+  /* "treebaglia.xyz", true */ 't', 'r', 'e', 'e', 'b', 'a', 'g', 'l', 'i', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "treehousebydesign.com", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'b', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "treehouseresort.nl", true */ 't', 'r', 'e', 'e', 'h', 'o', 'u', 's', 'e', 'r', 'e', 's', 'o', 'r', 't', '.', 'n', 'l', '\0',
+  /* "trees.chat", true */ 't', 'r', 'e', 'e', 's', '.', 'c', 'h', 'a', 't', '\0',
+  /* "treeschat.com", true */ 't', 'r', 'e', 'e', 's', 'c', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trefcon.cz", true */ 't', 'r', 'e', 'f', 'c', 'o', 'n', '.', 'c', 'z', '\0',
+  /* "trefpuntdemeent.nl", true */ 't', 'r', 'e', 'f', 'p', 'u', 'n', 't', 'd', 'e', 'm', 'e', 'e', 'n', 't', '.', 'n', 'l', '\0',
+  /* "treinaweb.com.br", false */ 't', 'r', 'e', 'i', 'n', 'a', 'w', 'e', 'b', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "treinonerd.com", true */ 't', 'r', 'e', 'i', 'n', 'o', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "trek-planet.ru", true */ 't', 'r', 'e', 'k', '-', 'p', 'l', 'a', 'n', 'e', 't', '.', 'r', 'u', '\0',
+  /* "trekfriend.com", true */ 't', 'r', 'e', 'k', 'f', 'r', 'i', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "tremlor.com", true */ 't', 'r', 'e', 'm', 'l', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "tremolosoftware.com", true */ 't', 'r', 'e', 'm', 'o', 'l', 'o', 's', 'o', 'f', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tremoureux.fr", true */ 't', 'r', 'e', 'm', 'o', 'u', 'r', 'e', 'u', 'x', '.', 'f', 'r', '\0',
+  /* "trendingpulse.com", true */ 't', 'r', 'e', 'n', 'd', 'i', 'n', 'g', 'p', 'u', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trendisland.de", true */ 't', 'r', 'e', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "trendkraft.de", true */ 't', 'r', 'e', 'n', 'd', 'k', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "trendydips.com", true */ 't', 'r', 'e', 'n', 'd', 'y', 'd', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trendykids.cz", true */ 't', 'r', 'e', 'n', 'd', 'y', 'k', 'i', 'd', 's', '.', 'c', 'z', '\0',
+  /* "trenta.io", true */ 't', 'r', 'e', 'n', 't', 'a', '.', 'i', 'o', '\0',
+  /* "trentmaydew.com", true */ 't', 'r', 'e', 'n', 't', 'm', 'a', 'y', 'd', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "tresorit.com", true */ 't', 'r', 'e', 's', 'o', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tresorsecurity.com", true */ 't', 'r', 'e', 's', 'o', 'r', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tretail.net", true */ 't', 'r', 'e', 't', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tretkowski.de", true */ 't', 'r', 'e', 't', 'k', 'o', 'w', 's', 'k', 'i', '.', 'd', 'e', '\0',
+  /* "trewe.eu", true */ 't', 'r', 'e', 'w', 'e', '.', 'e', 'u', '\0',
+  /* "trhastane.com", true */ 't', 'r', 'h', 'a', 's', 't', 'a', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "triage.com", true */ 't', 'r', 'i', 'a', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "triageo.com.au", true */ 't', 'r', 'i', 'a', 'g', 'e', 'o', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trialcentralnet.com", true */ 't', 'r', 'i', 'a', 'l', 'c', 'e', 'n', 't', 'r', 'a', 'l', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trianglecastles.co.uk", true */ 't', 'r', 'i', 'a', 'n', 'g', 'l', 'e', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tribac.de", true */ 't', 'r', 'i', 'b', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "tribaldos.com", true */ 't', 'r', 'i', 'b', 'a', 'l', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tribut.de", true */ 't', 'r', 'i', 'b', 'u', 't', '.', 'd', 'e', '\0',
+  /* "tributh.net", true */ 't', 'r', 'i', 'b', 'u', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "trickedguys.com", true */ 't', 'r', 'i', 'c', 'k', 'e', 'd', 'g', 'u', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "triddi.com", true */ 't', 'r', 'i', 'd', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "trident-online.de", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "tridentflood.com", true */ 't', 'r', 'i', 'd', 'e', 'n', 't', 'f', 'l', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "trietment.com", true */ 't', 'r', 'i', 'e', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "trigardon-rg.de", true */ 't', 'r', 'i', 'g', 'a', 'r', 'd', 'o', 'n', '-', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "trigular.de", true */ 't', 'r', 'i', 'g', 'u', 'l', 'a', 'r', '.', 'd', 'e', '\0',
+  /* "trik.es", false */ 't', 'r', 'i', 'k', '.', 'e', 's', '\0',
+  /* "trim-a-slab.com", true */ 't', 'r', 'i', 'm', '-', 'a', '-', 's', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "trimage.org", true */ 't', 'r', 'i', 'm', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "trimarchimanuele.it", true */ 't', 'r', 'i', 'm', 'a', 'r', 'c', 'h', 'i', 'm', 'a', 'n', 'u', 'e', 'l', 'e', '.', 'i', 't', '\0',
+  /* "trinary.ca", true */ 't', 'r', 'i', 'n', 'a', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "trineco.com", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trineco.fi", true */ 't', 'r', 'i', 'n', 'e', 'c', 'o', '.', 'f', 'i', '\0',
+  /* "trinitytechdev.com", true */ 't', 'r', 'i', 'n', 'i', 't', 'y', 't', 'e', 'c', 'h', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "trink-und-partyspiele.de", true */ 't', 'r', 'i', 'n', 'k', '-', 'u', 'n', 'd', '-', 'p', 'a', 'r', 't', 'y', 's', 'p', 'i', 'e', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "trinnes.net", true */ 't', 'r', 'i', 'n', 'n', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "trio.online", true */ 't', 'r', 'i', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "triop.se", true */ 't', 'r', 'i', 'o', 'p', '.', 's', 'e', '\0',
+  /* "trior.net", true */ 't', 'r', 'i', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "tripcombi.com", true */ 't', 'r', 'i', 'p', 'c', 'o', 'm', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "triple-mmm.de", true */ 't', 'r', 'i', 'p', 'l', 'e', '-', 'm', 'm', 'm', '.', 'd', 'e', '\0',
+  /* "tripseats.com", true */ 't', 'r', 'i', 'p', 's', 'e', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tripsinc.com", true */ 't', 'r', 'i', 'p', 's', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "trisportas.lt", true */ 't', 'r', 'i', 's', 'p', 'o', 'r', 't', 'a', 's', '.', 'l', 't', '\0',
+  /* "trixati.org.ua", true */ 't', 'r', 'i', 'x', 'a', 't', 'i', '.', 'o', 'r', 'g', '.', 'u', 'a', '\0',
+  /* "trixexpressweb.nl", true */ 't', 'r', 'i', 'x', 'e', 'x', 'p', 'r', 'e', 's', 's', 'w', 'e', 'b', '.', 'n', 'l', '\0',
+  /* "triz.co.uk", true */ 't', 'r', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trizone.com.au", true */ 't', 'r', 'i', 'z', 'o', 'n', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "trkpuls.tk", true */ 't', 'r', 'k', 'p', 'u', 'l', 's', '.', 't', 'k', '\0',
+  /* "trockendock.ch", true */ 't', 'r', 'o', 'c', 'k', 'e', 'n', 'd', 'o', 'c', 'k', '.', 'c', 'h', '\0',
+  /* "troedel-trolle.de", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', '-', 't', 'r', 'o', 'l', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "troedelhannes.at", true */ 't', 'r', 'o', 'e', 'd', 'e', 'l', 'h', 'a', 'n', 'n', 'e', 's', '.', 'a', 't', '\0',
+  /* "troianet.com.br", true */ 't', 'r', 'o', 'i', 'a', 'n', 'e', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "troisdorf-gestalten.de", true */ 't', 'r', 'o', 'i', 's', 'd', 'o', 'r', 'f', '-', 'g', 'e', 's', 't', 'a', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "trollingeffects.org", true */ 't', 'r', 'o', 'l', 'l', 'i', 'n', 'g', 'e', 'f', 'f', 'e', 'c', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "trollmoa.se", true */ 't', 'r', 'o', 'l', 'l', 'm', 'o', 'a', '.', 's', 'e', '\0',
+  /* "trommelwirbel.com", true */ 't', 'r', 'o', 'm', 'm', 'e', 'l', 'w', 'i', 'r', 'b', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tronatic-studio.com", true */ 't', 'r', 'o', 'n', 'a', 't', 'i', 'c', '-', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trondelan.no", true */ 't', 'r', 'o', 'n', 'd', 'e', 'l', 'a', 'n', '.', 'n', 'o', '\0',
+  /* "tronflix.com", true */ 't', 'r', 'o', 'n', 'f', 'l', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "trophee-discount.com", true */ 't', 'r', 'o', 'p', 'h', 'e', 'e', '-', 'd', 'i', 's', 'c', 'o', 'u', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tropicalserver.com", true */ 't', 'r', 'o', 'p', 'i', 'c', 'a', 'l', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trotec.com", true */ 't', 'r', 'o', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "trouweninoverijssel.nl", true */ 't', 'r', 'o', 'u', 'w', 'e', 'n', 'i', 'n', 'o', 'v', 'e', 'r', 'i', 'j', 's', 's', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "trovaprezzi.it", true */ 't', 'r', 'o', 'v', 'a', 'p', 'r', 'e', 'z', 'z', 'i', '.', 'i', 't', '\0',
+  /* "troyfawkes.com", true */ 't', 'r', 'o', 'y', 'f', 'a', 'w', 'k', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "troyhuntsucks.com", true */ 't', 'r', 'o', 'y', 'h', 'u', 'n', 't', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trs.tn", true */ 't', 'r', 's', '.', 't', 'n', '\0',
+  /* "trtltravel.com", true */ 't', 'r', 't', 'l', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "tru.ltd", true */ 't', 'r', 'u', '.', 'l', 't', 'd', '\0',
+  /* "truckersmp.com", true */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "truckerswereld.nl", false */ 't', 'r', 'u', 'c', 'k', 'e', 'r', 's', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "truckstop-magazin.de", false */ 't', 'r', 'u', 'c', 'k', 's', 't', 'o', 'p', '-', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "true-itk.de", true */ 't', 'r', 'u', 'e', '-', 'i', 't', 'k', '.', 'd', 'e', '\0',
+  /* "trueblueessentials.com", true */ 't', 'r', 'u', 'e', 'b', 'l', 'u', 'e', 'e', 's', 's', 'e', 'n', 't', 'i', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trueinstincts.ca", true */ 't', 'r', 'u', 'e', 'i', 'n', 's', 't', 'i', 'n', 'c', 't', 's', '.', 'c', 'a', '\0',
+  /* "truejob.com", true */ 't', 'r', 'u', 'e', 'j', 'o', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "truekey.com", true */ 't', 'r', 'u', 'e', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "truerizm.ru", true */ 't', 'r', 'u', 'e', 'r', 'i', 'z', 'm', '.', 'r', 'u', '\0',
+  /* "truestaradvisors.com", true */ 't', 'r', 'u', 'e', 's', 't', 'a', 'r', 'a', 'd', 'v', 'i', 's', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "truesteamachievements.com", true */ 't', 'r', 'u', 'e', 's', 't', 'e', 'a', 'm', 'a', 'c', 'h', 'i', 'e', 'v', 'e', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "truestor.com", true */ 't', 'r', 'u', 'e', 's', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trueteaching.com", true */ 't', 'r', 'u', 'e', 't', 'e', 'a', 'c', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "truetrophies.com", true */ 't', 'r', 'u', 'e', 't', 'r', 'o', 'p', 'h', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trufflemonkey.co.uk", true */ 't', 'r', 'u', 'f', 'f', 'l', 'e', 'm', 'o', 'n', 'k', 'e', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "trulance.com", true */ 't', 'r', 'u', 'l', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trumanlibrary.org", true */ 't', 'r', 'u', 'm', 'a', 'n', 'l', 'i', 'b', 'r', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "trumeet.top", true */ 't', 'r', 'u', 'm', 'e', 'e', 't', '.', 't', 'o', 'p', '\0',
+  /* "trunk-show.net", true */ 't', 'r', 'u', 'n', 'k', '-', 's', 'h', 'o', 'w', '.', 'n', 'e', 't', '\0',
+  /* "truserve.org", true */ 't', 'r', 'u', 's', 'e', 'r', 'v', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "trush.in", true */ 't', 'r', 'u', 's', 'h', '.', 'i', 'n', '\0',
+  /* "trusitio.com", true */ 't', 'r', 'u', 's', 'i', 't', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "trustcase.com", true */ 't', 'r', 'u', 's', 't', 'c', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "trustfield.ch", true */ 't', 'r', 'u', 's', 't', 'f', 'i', 'e', 'l', 'd', '.', 'c', 'h', '\0',
+  /* "truthmessages.pw", true */ 't', 'r', 'u', 't', 'h', 'm', 'e', 's', 's', 'a', 'g', 'e', 's', '.', 'p', 'w', '\0',
+  /* "trw-reseller.com", true */ 't', 'r', 'w', '-', 'r', 'e', 's', 'e', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "trybabyschoice.com", true */ 't', 'r', 'y', 'b', 'a', 'b', 'y', 's', 'c', 'h', 'o', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousdiet.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 'd', 'i', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousskincream.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 'c', 'r', 'e', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tryfabulousskinserum.com", true */ 't', 'r', 'y', 'f', 'a', 'b', 'u', 'l', 'o', 'u', 's', 's', 'k', 'i', 'n', 's', 'e', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tryhard.cz", true */ 't', 'r', 'y', 'h', 'a', 'r', 'd', '.', 'c', 'z', '\0',
+  /* "trymegadrol.com", true */ 't', 'r', 'y', 'm', 'e', 'g', 'a', 'd', 'r', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "trynta.com", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "trynta.net", true */ 't', 'r', 'y', 'n', 't', 'a', '.', 'n', 'e', 't', '\0',
+  /* "tryupdates.com", true */ 't', 'r', 'y', 'u', 'p', 'd', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trywesayyes.com", true */ 't', 'r', 'y', 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "trzepak.pl", true */ 't', 'r', 'z', 'e', 'p', 'a', 'k', '.', 'p', 'l', '\0',
+  /* "ts-publishers.com", true */ 't', 's', '-', 'p', 'u', 'b', 'l', 'i', 's', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tsa-sucks.com", true */ 't', 's', 'a', '-', 's', 'u', 'c', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tschuermans.be", true */ 't', 's', 'c', 'h', 'u', 'e', 'r', 'm', 'a', 'n', 's', '.', 'b', 'e', '\0',
+  /* "tsedryk.ca", true */ 't', 's', 'e', 'd', 'r', 'y', 'k', '.', 'c', 'a', '\0',
+  /* "tsgbit.net", true */ 't', 's', 'g', 'b', 'i', 't', '.', 'n', 'e', 't', '\0',
+  /* "tsicons.com", true */ 't', 's', 'i', 'c', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tsigaradiko.com", true */ 't', 's', 'i', 'g', 'a', 'r', 'a', 'd', 'i', 'k', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tsironis-olivenoel.de", true */ 't', 's', 'i', 'r', 'o', 'n', 'i', 's', '-', 'o', 'l', 'i', 'v', 'e', 'n', 'o', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "tsng-stg.tk", true */ 't', 's', 'n', 'g', '-', 's', 't', 'g', '.', 't', 'k', '\0',
+  /* "tsng.co.jp", true */ 't', 's', 'n', 'g', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "tstrubberstamp.com", true */ 't', 's', 't', 'r', 'u', 'b', 'b', 'e', 'r', 's', 't', 'a', 'm', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "tsugi.fr", true */ 't', 's', 'u', 'g', 'i', '.', 'f', 'r', '\0',
+  /* "tsukhani.com", true */ 't', 's', 'u', 'k', 'h', 'a', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsuki.moe", true */ 't', 's', 'u', 'k', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "tsukuba.style", true */ 't', 's', 'u', 'k', 'u', 'b', 'a', '.', 's', 't', 'y', 'l', 'e', '\0',
+  /* "tsumegumi.com", true */ 't', 's', 'u', 'm', 'e', 'g', 'u', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsumi.it", true */ 't', 's', 'u', 'm', 'i', '.', 'i', 't', '\0',
+  /* "tsumi.moe", true */ 't', 's', 'u', 'm', 'i', '.', 'm', 'o', 'e', '\0',
+  /* "tsundere.moe", true */ 't', 's', 'u', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "tsura.org", true */ 't', 's', 'u', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "tsuyuzakihiroyuki.com", true */ 't', 's', 'u', 'y', 'u', 'z', 'a', 'k', 'i', 'h', 'i', 'r', 'o', 'y', 'u', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tsv-1894.de", true */ 't', 's', 'v', '-', '1', '8', '9', '4', '.', 'd', 'e', '\0',
+  /* "ttb.gov", true */ 't', 't', 'b', '.', 'g', 'o', 'v', '\0',
+  /* "ttbonline.gov", true */ 't', 't', 'b', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "ttcaarberg.ch", true */ 't', 't', 'c', 'a', 'a', 'r', 'b', 'e', 'r', 'g', '.', 'c', 'h', '\0',
+  /* "ttcf.ca", true */ 't', 't', 'c', 'f', '.', 'c', 'a', '\0',
+  /* "ttchan.org", true */ 't', 't', 'c', 'h', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ttdsevaonline.com", true */ 't', 't', 'd', 's', 'e', 'v', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ttll.de", true */ 't', 't', 'l', 'l', '.', 'd', 'e', '\0',
+  /* "ttsoft.pl", true */ 't', 't', 's', 'o', 'f', 't', '.', 'p', 'l', '\0',
+  /* "ttsweb.org", true */ 't', 't', 's', 'w', 'e', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "ttt.tt", true */ 't', 't', 't', '.', 't', 't', '\0',
+  /* "ttuwiki.ee", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'e', 'e', '\0',
+  /* "ttuwiki.org", true */ 't', 't', 'u', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tty.space", true */ 't', 't', 'y', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "ttz.im", true */ 't', 't', 'z', '.', 'i', 'm', '\0',
+  /* "tu6.pm", true */ 't', 'u', '6', '.', 'p', 'm', '\0',
+  /* "tubanten.nl", true */ 't', 'u', 'b', 'a', 'n', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "tube.tools", true */ 't', 'u', 'b', 'e', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "tubejack.nl", true */ 't', 'u', 'b', 'e', 'j', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "tubeju.com", true */ 't', 'u', 'b', 'e', 'j', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tuberecht.de", true */ 't', 'u', 'b', 'e', 'r', 'e', 'c', 'h', 't', '.', 'd', 'e', '\0',
+  /* "tubs4fun.co.uk", true */ 't', 'u', 'b', 's', '4', 'f', 'u', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tubul.net", true */ 't', 'u', 'b', 'u', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tucny.com", true */ 't', 'u', 'c', 'n', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "tucsonfcu.com", true */ 't', 'u', 'c', 's', 'o', 'n', 'f', 'c', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tucuxi.org", true */ 't', 'u', 'c', 'u', 'x', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tudiennhakhoa.com", true */ 't', 'u', 'd', 'i', 'e', 'n', 'n', 'h', 'a', 'k', 'h', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tudorproject.org", true */ 't', 'u', 'd', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tueche.com.ar", true */ 't', 'u', 'e', 'c', 'h', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "tufilo.com", true */ 't', 'u', 'f', 'i', 'l', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tuincentersnaet.be", true */ 't', 'u', 'i', 'n', 'c', 'e', 'n', 't', 'e', 'r', 's', 'n', 'a', 'e', 't', '.', 'b', 'e', '\0',
+  /* "tuingereedschappen.net", false */ 't', 'u', 'i', 'n', 'g', 'e', 'r', 'e', 'e', 'd', 's', 'c', 'h', 'a', 'p', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "tuitle.com", true */ 't', 'u', 'i', 't', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tuja.hu", true */ 't', 'u', 'j', 'a', '.', 'h', 'u', '\0',
+  /* "tulsameetingroom.com", true */ 't', 'u', 'l', 's', 'a', 'm', 'e', 'e', 't', 'i', 'n', 'g', 'r', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "tumagiri.net", true */ 't', 'u', 'm', 'a', 'g', 'i', 'r', 'i', '.', 'n', 'e', 't', '\0',
+  /* "tumblenfun.com", true */ 't', 'u', 'm', 'b', 'l', 'e', 'n', 'f', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tumedico.es", true */ 't', 'u', 'm', 'e', 'd', 'i', 'c', 'o', '.', 'e', 's', '\0',
+  /* "tumelum.de", true */ 't', 'u', 'm', 'e', 'l', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "tuminauskas.lt", true */ 't', 'u', 'm', 'i', 'n', 'a', 'u', 's', 'k', 'a', 's', '.', 'l', 't', '\0',
+  /* "tumutanzi.com", true */ 't', 'u', 'm', 'u', 't', 'a', 'n', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tune-web.de", true */ 't', 'u', 'n', 'e', '-', 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "tunefish-entertainment.de", true */ 't', 'u', 'n', 'e', 'f', 'i', 's', 'h', '-', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'd', 'e', '\0',
+  /* "tuner.cloud", true */ 't', 'u', 'n', 'e', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "tuning-werkstatt-nuernberg.de", true */ 't', 'u', 'n', 'i', 'n', 'g', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '-', 'n', 'u', 'e', 'r', 'n', 'b', 'e', 'r', 'g', '.', 'd', 'e', '\0',
+  /* "tuningblog.eu", false */ 't', 'u', 'n', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'e', 'u', '\0',
+  /* "tunnelblick.net", true */ 't', 'u', 'n', 'n', 'e', 'l', 'b', 'l', 'i', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "tunnelwatch.com", true */ 't', 'u', 'n', 'n', 'e', 'l', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "tuntitili.fi", true */ 't', 'u', 'n', 't', 'i', 't', 'i', 'l', 'i', '.', 'f', 'i', '\0',
+  /* "tupa-germania.ru", true */ 't', 'u', 'p', 'a', '-', 'g', 'e', 'r', 'm', 'a', 'n', 'i', 'a', '.', 'r', 'u', '\0',
+  /* "tupeuxpastest.ch", true */ 't', 'u', 'p', 'e', 'u', 'x', 'p', 'a', 's', 't', 'e', 's', 't', '.', 'c', 'h', '\0',
+  /* "tuppenceworth.ie", true */ 't', 'u', 'p', 'p', 'e', 'n', 'c', 'e', 'w', 'o', 'r', 't', 'h', '.', 'i', 'e', '\0',
+  /* "turbobit.ch", true */ 't', 'u', 'r', 'b', 'o', 'b', 'i', 't', '.', 'c', 'h', '\0',
+  /* "turigum.com", true */ 't', 'u', 'r', 'i', 'g', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "turismo.cl", true */ 't', 'u', 'r', 'i', 's', 'm', 'o', '.', 'c', 'l', '\0',
+  /* "turkish.dating", true */ 't', 'u', 'r', 'k', 'i', 's', 'h', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "turncircles.com", true */ 't', 'u', 'r', 'n', 'c', 'i', 'r', 'c', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turnoffthelights.com", true */ 't', 'u', 'r', 'n', 'o', 'f', 'f', 't', 'h', 'e', 'l', 'i', 'g', 'h', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turnonsocial.com", true */ 't', 'u', 'r', 'n', 'o', 'n', 's', 'o', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "turpinpesage.fr", true */ 't', 'u', 'r', 'p', 'i', 'n', 'p', 'e', 's', 'a', 'g', 'e', '.', 'f', 'r', '\0',
+  /* "tursiae.org", true */ 't', 'u', 'r', 's', 'i', 'a', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "turtle.ai", true */ 't', 'u', 'r', 't', 'l', 'e', '.', 'a', 'i', '\0',
+  /* "turtleduckstudios.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'd', 'u', 'c', 'k', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "turtlepwr.com", true */ 't', 'u', 'r', 't', 'l', 'e', 'p', 'w', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "turtles.ga", true */ 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'g', 'a', '\0',
+  /* "tutanota.com", true */ 't', 'u', 't', 'a', 'n', 'o', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tuto-craft.com", true */ 't', 'u', 't', 'o', '-', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "tutoragency.org", true */ 't', 'u', 't', 'o', 'r', 'a', 'g', 'e', 'n', 'c', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "tutorialinux.com", true */ 't', 'u', 't', 'o', 'r', 'i', 'a', 'l', 'i', 'n', 'u', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "tutorio.ga", true */ 't', 'u', 't', 'o', 'r', 'i', 'o', '.', 'g', 'a', '\0',
+  /* "tuts4you.com", true */ 't', 'u', 't', 's', '4', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "tuttimundi.org", true */ 't', 'u', 't', 't', 'i', 'm', 'u', 'n', 'd', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "tuttoandroid.net", true */ 't', 'u', 't', 't', 'o', 'a', 'n', 'd', 'r', 'o', 'i', 'd', '.', 'n', 'e', 't', '\0',
+  /* "tuvangoicuoc.com", true */ 't', 'u', 'v', 'a', 'n', 'g', 'o', 'i', 'c', 'u', 'o', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "tuxcloud.net", true */ 't', 'u', 'x', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'e', 't', '\0',
+  /* "tuxflow.de", true */ 't', 'u', 'x', 'f', 'l', 'o', 'w', '.', 'd', 'e', '\0',
+  /* "tuxgeo.com", false */ 't', 'u', 'x', 'g', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "tuxie.com", true */ 't', 'u', 'x', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "tuxlife.net", true */ 't', 'u', 'x', 'l', 'i', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "tuxpeliculas.com", true */ 't', 'u', 'x', 'p', 'e', 'l', 'i', 'c', 'u', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "tuxplace.nl", true */ 't', 'u', 'x', 'p', 'l', 'a', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "tuxtimo.me", true */ 't', 'u', 'x', 't', 'i', 'm', 'o', '.', 'm', 'e', '\0',
+  /* "tuzaijidi.com", true */ 't', 'u', 'z', 'a', 'i', 'j', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "tv2vie.org", false */ 't', 'v', '2', 'v', 'i', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "tvbeugels.nl", false */ 't', 'v', 'b', 'e', 'u', 'g', 'e', 'l', 's', '.', 'n', 'l', '\0',
+  /* "tvc.red", true */ 't', 'v', 'c', '.', 'r', 'e', 'd', '\0',
+  /* "tvcal.net", true */ 't', 'v', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "tvcmarketing.com", true */ 't', 'v', 'c', 'm', 'a', 'r', 'k', 'e', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "tver-msk.ru", true */ 't', 'v', 'e', 'r', '-', 'm', 's', 'k', '.', 'r', 'u', '\0',
+  /* "tverskaya-outlet.ru", true */ 't', 'v', 'e', 'r', 's', 'k', 'a', 'y', 'a', '-', 'o', 'u', 't', 'l', 'e', 't', '.', 'r', 'u', '\0',
+  /* "tvoru.com.ua", true */ 't', 'v', 'o', 'r', 'u', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "tvs-virtual.cz", true */ 't', 'v', 's', '-', 'v', 'i', 'r', 't', 'u', 'a', 'l', '.', 'c', 'z', '\0',
+  /* "tvsheerenhoek.nl", true */ 't', 'v', 's', 'h', 'e', 'e', 'r', 'e', 'n', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "tw.search.yahoo.com", false */ 't', 'w', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twaka.com", true */ 't', 'w', 'a', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "twb.berlin", true */ 't', 'w', 'b', '.', 'b', 'e', 'r', 'l', 'i', 'n', '\0',
+  /* "twd2.me", true */ 't', 'w', 'd', '2', '.', 'm', 'e', '\0',
+  /* "twd2.net", false */ 't', 'w', 'd', '2', '.', 'n', 'e', 't', '\0',
+  /* "tweakers.net", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', '.', 'n', 'e', 't', '\0',
+  /* "tweakersbadge.nl", true */ 't', 'w', 'e', 'a', 'k', 'e', 'r', 's', 'b', 'a', 'd', 'g', 'e', '.', 'n', 'l', '\0',
+  /* "tweaktown.com", true */ 't', 'w', 'e', 'a', 'k', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twelve.rocks", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "twelve.today", true */ 't', 'w', 'e', 'l', 'v', 'e', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "twem.ddns.net", true */ 't', 'w', 'e', 'm', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "twenty71.com", true */ 't', 'w', 'e', 'n', 't', 'y', '7', '1', '.', 'c', 'o', 'm', '\0',
+  /* "twentymilliseconds.com", true */ 't', 'w', 'e', 'n', 't', 'y', 'm', 'i', 'l', 'l', 'i', 's', 'e', 'c', 'o', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twilleys.com", true */ 't', 'w', 'i', 'l', 'l', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twincitynissantxparts.com", true */ 't', 'w', 'i', 'n', 'c', 'i', 't', 'y', 'n', 'i', 's', 's', 'a', 'n', 't', 'x', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twinkseason.com", true */ 't', 'w', 'i', 'n', 'k', 's', 'e', 'a', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twisata.com", true */ 't', 'w', 'i', 's', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "twistapp.com", true */ 't', 'w', 'i', 's', 't', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "twisted-brains.org", true */ 't', 'w', 'i', 's', 't', 'e', 'd', '-', 'b', 'r', 'a', 'i', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "twistedwave.com", true */ 't', 'w', 'i', 's', 't', 'e', 'd', 'w', 'a', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "twisto.cz", true */ 't', 'w', 'i', 's', 't', 'o', '.', 'c', 'z', '\0',
+  /* "twit-guide.com", true */ 't', 'w', 'i', 't', '-', 'g', 'u', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "twitter.com", false */ 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "twitteroauth.com", true */ 't', 'w', 'i', 't', 't', 'e', 'r', 'o', 'a', 'u', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "twizzkidzinflatables.co.uk", true */ 't', 'w', 'i', 'z', 'z', 'k', 'i', 'd', 'z', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "twlan.org", true */ 't', 'w', 'l', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "twodadsgames.com", true */ 't', 'w', 'o', 'd', 'a', 'd', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "twofactorauth.org", true */ 't', 'w', 'o', 'f', 'a', 'c', 't', 'o', 'r', 'a', 'u', 't', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "twohuo.com", true */ 't', 'w', 'o', 'h', 'u', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twojfaktum.pl", true */ 't', 'w', 'o', 'j', 'f', 'a', 'k', 't', 'u', 'm', '.', 'p', 'l', '\0',
+  /* "twolanedesign.com", true */ 't', 'w', 'o', 'l', 'a', 'n', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "twoo.com", true */ 't', 'w', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "twopif.net", true */ 't', 'w', 'o', 'p', 'i', 'f', '.', 'n', 'e', 't', '\0',
+  /* "tworaz.net", true */ 't', 'w', 'o', 'r', 'a', 'z', '.', 'n', 'e', 't', '\0',
+  /* "twun.io", true */ 't', 'w', 'u', 'n', '.', 'i', 'o', '\0',
+  /* "twuni.org", true */ 't', 'w', 'u', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "txcap.org", true */ 't', 'x', 'c', 'a', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "txdivorce.org", true */ 't', 'x', 'd', 'i', 'v', 'o', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "txi.su", true */ 't', 'x', 'i', '.', 's', 'u', '\0',
+  /* "txlrs.org", true */ 't', 'x', 'l', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "txm.pl", true */ 't', 'x', 'm', '.', 'p', 'l', '\0',
+  /* "tyche.io", true */ 't', 'y', 'c', 'h', 'e', '.', 'i', 'o', '\0',
+  /* "tycjt.vip", true */ 't', 'y', 'c', 'j', 't', '.', 'v', 'i', 'p', '\0',
+  /* "tyil.nl", true */ 't', 'y', 'i', 'l', '.', 'n', 'l', '\0',
+  /* "tyil.work", true */ 't', 'y', 'i', 'l', '.', 'w', 'o', 'r', 'k', '\0',
+  /* "tyl.io", true */ 't', 'y', 'l', '.', 'i', 'o', '\0',
+  /* "tyler.rs", true */ 't', 'y', 'l', 'e', 'r', '.', 'r', 's', '\0',
+  /* "tylerdavies.net", true */ 't', 'y', 'l', 'e', 'r', 'd', 'a', 'v', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "tylerfreedman.com", true */ 't', 'y', 'l', 'e', 'r', 'f', 'r', 'e', 'e', 'd', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "tylerharcourt.ca", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'c', 'a', '\0',
+  /* "tylerharcourt.net", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'n', 'e', 't', '\0',
+  /* "tylerharcourt.org", true */ 't', 'y', 'l', 'e', 'r', 'h', 'a', 'r', 'c', 'o', 'u', 'r', 't', '.', 'o', 'r', 'g', '\0',
+  /* "tyleromeara.com", true */ 't', 'y', 'l', 'e', 'r', 'o', 'm', 'e', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "tylerschmidtke.com", true */ 't', 'y', 'l', 'e', 'r', 's', 'c', 'h', 'm', 'i', 'd', 't', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "type1joe.com", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "type1joe.net", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0',
+  /* "type1joe.org", true */ 't', 'y', 'p', 'e', '1', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "typeblog.net", true */ 't', 'y', 'p', 'e', 'b', 'l', 'o', 'g', '.', 'n', 'e', 't', '\0',
+  /* "typecodes.com", true */ 't', 'y', 'p', 'e', 'c', 'o', 'd', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "typehub.net", true */ 't', 'y', 'p', 'e', 'h', 'u', 'b', '.', 'n', 'e', 't', '\0',
+  /* "typeonejoe.com", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "typeonejoe.net", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'n', 'e', 't', '\0',
+  /* "typeonejoe.org", true */ 't', 'y', 'p', 'e', 'o', 'n', 'e', 'j', 'o', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "typeria.net", true */ 't', 'y', 'p', 'e', 'r', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "typewolf.com", true */ 't', 'y', 'p', 'e', 'w', 'o', 'l', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "typing.com", true */ 't', 'y', 'p', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "typist.tech", true */ 't', 'y', 'p', 'i', 's', 't', '.', 't', 'e', 'c', 'h', '\0',
+  /* "typo3.com", true */ 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "tyroremotes.co.uk", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "tyroremotes.es", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'e', 's', '\0',
+  /* "tyroremotes.fr", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'f', 'r', '\0',
+  /* "tyroremotes.nl", true */ 't', 'y', 'r', 'o', 'r', 'e', 'm', 'o', 't', 'e', 's', '.', 'n', 'l', '\0',
+  /* "tysox.de", true */ 't', 'y', 's', 'o', 'x', '.', 'd', 'e', '\0',
+  /* "tyuo-keibi.co.jp", true */ 't', 'y', 'u', 'o', '-', 'k', 'e', 'i', 'b', 'i', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "tzifas.com", true */ 't', 'z', 'i', 'f', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "u-master.net", true */ 'u', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "u-tokyo.club", true */ 'u', '-', 't', 'o', 'k', 'y', 'o', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "u.nu", true */ 'u', '.', 'n', 'u', '\0',
+  /* "u03.fr", true */ 'u', '0', '3', '.', 'f', 'r', '\0',
+  /* "u1100.com", true */ 'u', '1', '1', '0', '0', '.', 'c', 'o', 'm', '\0',
+  /* "u1144.com", true */ 'u', '1', '1', '4', '4', '.', 'c', 'o', 'm', '\0',
+  /* "u2fanlife.com", true */ 'u', '2', 'f', 'a', 'n', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "u2fsecuritykeys.com", true */ 'u', '2', 'f', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', 'k', 'e', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "u4mh-dev-accesscontroller.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'a', 'c', 'c', 'e', 's', 's', 'c', 'o', 'n', 't', 'r', 'o', 'l', 'l', 'e', 'r', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "u4mh-dev-portal.azurewebsites.net", true */ 'u', '4', 'm', 'h', '-', 'd', 'e', 'v', '-', 'p', 'o', 'r', 't', 'a', 'l', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "u5b.de", false */ 'u', '5', 'b', '.', 'd', 'e', '\0',
+  /* "u5r.nl", true */ 'u', '5', 'r', '.', 'n', 'l', '\0',
+  /* "ua.search.yahoo.com", false */ 'u', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uae-company-service.com", true */ 'u', 'a', 'e', '-', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '-', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "uangteman.com", true */ 'u', 'a', 'n', 'g', 't', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uasmi.com", false */ 'u', 'a', 's', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uat-activesg.com", true */ 'u', 'a', 't', '-', 'a', 'c', 't', 'i', 'v', 'e', 's', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "uatgootax.ru", true */ 'u', 'a', 't', 'g', 'o', 'o', 't', 'a', 'x', '.', 'r', 'u', '\0',
+  /* "ub3rk1tten.com", false */ 'u', 'b', '3', 'r', 'k', '1', 't', 't', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ubalert.com", true */ 'u', 'b', 'a', 'l', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ubanquity.com", true */ 'u', 'b', 'a', 'n', 'q', 'u', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "uberboxen.net", true */ 'u', 'b', 'e', 'r', 'b', 'o', 'x', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "ubermail.me", true */ 'u', 'b', 'e', 'r', 'm', 'a', 'i', 'l', '.', 'm', 'e', '\0',
+  /* "ubertt.org", true */ 'u', 'b', 'e', 'r', 't', 't', '.', 'o', 'r', 'g', '\0',
+  /* "uberwald.de", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "uberwald.ws", true */ 'u', 'b', 'e', 'r', 'w', 'a', 'l', 'd', '.', 'w', 's', '\0',
+  /* "ubineering.de", true */ 'u', 'b', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "ublaboo.org", true */ 'u', 'b', 'l', 'a', 'b', 'o', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "ubtce.com", true */ 'u', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ucac.nz", false */ 'u', 'c', 'a', 'c', '.', 'n', 'z', '\0',
+  /* "ucangiller.com", true */ 'u', 'c', 'a', 'n', 'g', 'i', 'l', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ucch.be", true */ 'u', 'c', 'c', 'h', '.', 'b', 'e', '\0',
+  /* "ucfirst.nl", true */ 'u', 'c', 'f', 'i', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "uchargeapp.com", true */ 'u', 'c', 'h', 'a', 'r', 'g', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "uclanmasterplan.co.uk", true */ 'u', 'c', 'l', 'a', 'n', 'm', 'a', 's', 't', 'e', 'r', 'p', 'l', 'a', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ucppe.org", true */ 'u', 'c', 'p', 'p', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ucrdatatool.gov", true */ 'u', 'c', 'r', 'd', 'a', 't', 'a', 't', 'o', 'o', 'l', '.', 'g', 'o', 'v', '\0',
+  /* "uctarna.online", true */ 'u', 'c', 't', 'a', 'r', 'n', 'a', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "udbhav.me", true */ 'u', 'd', 'b', 'h', 'a', 'v', '.', 'm', 'e', '\0',
+  /* "udo-luetkemeier.de", true */ 'u', 'd', 'o', '-', 'l', 'u', 'e', 't', 'k', 'e', 'm', 'e', 'i', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "udomain.net", true */ 'u', 'd', 'o', 'm', 'a', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "udp.sh", false */ 'u', 'd', 'p', '.', 's', 'h', '\0',
+  /* "udruga-point.hr", true */ 'u', 'd', 'r', 'u', 'g', 'a', '-', 'p', 'o', 'i', 'n', 't', '.', 'h', 'r', '\0',
+  /* "ueba1085.jp", true */ 'u', 'e', 'b', 'a', '1', '0', '8', '5', '.', 'j', 'p', '\0',
+  /* "ueberwachungspaket.at", true */ 'u', 'e', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '.', 'a', 't', '\0',
+  /* "uedaviolin.com", true */ 'u', 'e', 'd', 'a', 'v', 'i', 'o', 'l', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uel-thompson-okanagan.ca", true */ 'u', 'e', 'l', '-', 't', 'h', 'o', 'm', 'p', 's', 'o', 'n', '-', 'o', 'k', 'a', 'n', 'a', 'g', 'a', 'n', '.', 'c', 'a', '\0',
+  /* "ueni.com", true */ 'u', 'e', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uerdingen.info", true */ 'u', 'e', 'r', 'd', 'i', 'n', 'g', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "uesociedadlimitada.com", true */ 'u', 'e', 's', 'o', 'c', 'i', 'e', 'd', 'a', 'd', 'l', 'i', 'm', 'i', 't', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "uevan.com", true */ 'u', 'e', 'v', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uex.im", true */ 'u', 'e', 'x', '.', 'i', 'm', '\0',
+  /* "ufanisi.mx", true */ 'u', 'f', 'a', 'n', 'i', 's', 'i', '.', 'm', 'x', '\0',
+  /* "ufindme.at", true */ 'u', 'f', 'i', 'n', 'd', 'm', 'e', '.', 'a', 't', '\0',
+  /* "uflixit.com", true */ 'u', 'f', 'l', 'i', 'x', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ufo.moe", true */ 'u', 'f', 'o', '.', 'm', 'o', 'e', '\0',
+  /* "ufplanets.com", true */ 'u', 'f', 'p', 'l', 'a', 'n', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "ugcdn.com", true */ 'u', 'g', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "uggedal.com", true */ 'u', 'g', 'g', 'e', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "uhc.gg", true */ 'u', 'h', 'c', '.', 'g', 'g', '\0',
+  /* "uhrenlux.de", true */ 'u', 'h', 'r', 'e', 'n', 'l', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "uhuru-market.com", true */ 'u', 'h', 'u', 'r', 'u', '-', 'm', 'a', 'r', 'k', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ui8.net", true */ 'u', 'i', '8', '.', 'n', 'e', 't', '\0',
+  /* "uicchy.com", true */ 'u', 'i', 'c', 'c', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "uiop.link", true */ 'u', 'i', 'o', 'p', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "uitgeverij-deviant.nl", true */ 'u', 'i', 't', 'g', 'e', 'v', 'e', 'r', 'i', 'j', '-', 'd', 'e', 'v', 'i', 'a', 'n', 't', '.', 'n', 'l', '\0',
+  /* "ujob.com.cn", true */ 'u', 'j', 'o', 'b', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "uk.dating", true */ 'u', 'k', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "uk.search.yahoo.com", false */ 'u', 'k', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ukchemicalresearch.org", false */ 'u', 'k', 'c', 'h', 'e', 'm', 'i', 'c', 'a', 'l', 'r', 'e', 's', 'e', 'a', 'r', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "ukclimbing.com", true */ 'u', 'k', 'c', 'l', 'i', 'm', 'b', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ukdefencejournal.org.uk", true */ 'u', 'k', 'd', 'e', 'f', 'e', 'n', 'c', 'e', 'j', 'o', 'u', 'r', 'n', 'a', 'l', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "ukhas.net", true */ 'u', 'k', 'h', 'a', 's', '.', 'n', 'e', 't', '\0',
+  /* "ukhillwalking.com", true */ 'u', 'k', 'h', 'i', 'l', 'l', 'w', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "ukkeyholdingcompany.co.uk", true */ 'u', 'k', 'k', 'e', 'y', 'h', 'o', 'l', 'd', 'i', 'n', 'g', 'c', 'o', 'm', 'p', 'a', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukmeetandgreet.com", true */ 'u', 'k', 'm', 'e', 'e', 't', 'a', 'n', 'd', 'g', 'r', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ukmortgagecompare.co.uk", true */ 'u', 'k', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 'c', 'o', 'm', 'p', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukooku.com", true */ 'u', 'k', 'o', 'o', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ukozliku.cz", true */ 'u', 'k', 'o', 'z', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0',
+  /* "ukpirate.org", true */ 'u', 'k', 'p', 'i', 'r', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ukrainians.ch", true */ 'u', 'k', 'r', 'a', 'i', 'n', 'i', 'a', 'n', 's', '.', 'c', 'h', '\0',
+  /* "ukrigging.net", true */ 'u', 'k', 'r', 'i', 'g', 'g', 'i', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "ukrnet.co.uk", true */ 'u', 'k', 'r', 'n', 'e', 't', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "ukwct.org.uk", true */ 'u', 'k', 'w', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "ulabox.com", true */ 'u', 'l', 'a', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "ulalau.com", true */ 'u', 'l', 'a', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "uli-eckhardt.de", true */ 'u', 'l', 'i', '-', 'e', 'c', 'k', 'h', 'a', 'r', 'd', 't', '.', 'd', 'e', '\0',
+  /* "ullah.se", true */ 'u', 'l', 'l', 'a', 'h', '.', 's', 'e', '\0',
+  /* "ulrik.moe", true */ 'u', 'l', 'r', 'i', 'k', '.', 'm', 'o', 'e', '\0',
+  /* "ultieme.be", false */ 'u', 'l', 't', 'i', 'e', 'm', 'e', '.', 'b', 'e', '\0',
+  /* "ultima-ratio.at", true */ 'u', 'l', 't', 'i', 'm', 'a', '-', 'r', 'a', 't', 'i', 'o', '.', 'a', 't', '\0',
+  /* "ultimateanu.com", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'a', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "ultimatemafia.net", true */ 'u', 'l', 't', 'i', 'm', 'a', 't', 'e', 'm', 'a', 'f', 'i', 'a', '.', 'n', 'e', 't', '\0',
+  /* "ultratechlp.com", true */ 'u', 'l', 't', 'r', 'a', 't', 'e', 'c', 'h', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "umassfive.coop", true */ 'u', 'm', 'a', 's', 's', 'f', 'i', 'v', 'e', '.', 'c', 'o', 'o', 'p', '\0',
+  /* "umbricht.li", true */ 'u', 'm', 'b', 'r', 'i', 'c', 'h', 't', '.', 'l', 'i', '\0',
+  /* "umenlisam.com", true */ 'u', 'm', 'e', 'n', 'l', 'i', 's', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "umisonoda.com", true */ 'u', 'm', 'i', 's', 'o', 'n', 'o', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "umkmjogja.com", true */ 'u', 'm', 'k', 'm', 'j', 'o', 'g', 'j', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ump45.moe", true */ 'u', 'm', 'p', '4', '5', '.', 'm', 'o', 'e', '\0',
+  /* "un-zero-un.fr", true */ 'u', 'n', '-', 'z', 'e', 'r', 'o', '-', 'u', 'n', '.', 'f', 'r', '\0',
+  /* "unapp.me", true */ 'u', 'n', 'a', 'p', 'p', '.', 'm', 'e', '\0',
+  /* "unbelievableplaces.de", true */ 'u', 'n', 'b', 'e', 'l', 'i', 'e', 'v', 'a', 'b', 'l', 'e', 'p', 'l', 'a', 'c', 'e', 's', '.', 'd', 'e', '\0',
+  /* "unblockall.xyz", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'a', 'l', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "unblocked.at", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'a', 't', '\0',
+  /* "unblocked.bet", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'e', 't', '\0',
+  /* "unblocked.bid", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'i', 'd', '\0',
+  /* "unblocked.blue", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'b', 'l', 'u', 'e', '\0',
+  /* "unblocked.cam", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'c', 'a', 'm', '\0',
+  /* "unblocked.ink", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'i', 'n', 'k', '\0',
+  /* "unblocked.live", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "unblocked.one", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'o', 'n', 'e', '\0',
+  /* "unblocked.pl", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'l', '\0',
+  /* "unblocked.pro", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', '\0',
+  /* "unblocked.pub", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'p', 'u', 'b', '\0',
+  /* "unblocked.uno", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'u', 'n', 'o', '\0',
+  /* "unblocked.vc", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'c', '\0',
+  /* "unblocked.vip", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', '.', 'v', 'i', 'p', '\0',
+  /* "unblockedbay.info", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'e', 'd', 'b', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "unblockweb.co", true */ 'u', 'n', 'b', 'l', 'o', 'c', 'k', 'w', 'e', 'b', '.', 'c', 'o', '\0',
+  /* "uncensoreddns.dk", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'd', 'k', '\0',
+  /* "uncensoreddns.org", true */ 'u', 'n', 'c', 'e', 'n', 's', 'o', 'r', 'e', 'd', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "undeadbrains.de", true */ 'u', 'n', 'd', 'e', 'a', 'd', 'b', 'r', 'a', 'i', 'n', 's', '.', 'd', 'e', '\0',
+  /* "undecidable.de", true */ 'u', 'n', 'd', 'e', 'c', 'i', 'd', 'a', 'b', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "underbridgeleisure.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'b', 'r', 'i', 'd', 'g', 'e', 'l', 'e', 'i', 's', 'u', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "undercovercondoms.co.uk", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "undercovercondoms.com", true */ 'u', 'n', 'd', 'e', 'r', 'c', 'o', 'v', 'e', 'r', 'c', 'o', 'n', 'd', 'o', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "underlined.fr", true */ 'u', 'n', 'd', 'e', 'r', 'l', 'i', 'n', 'e', 'd', '.', 'f', 'r', '\0',
+  /* "undernet.uy", false */ 'u', 'n', 'd', 'e', 'r', 'n', 'e', 't', '.', 'u', 'y', '\0',
+  /* "underskatten.tk", true */ 'u', 'n', 'd', 'e', 'r', 's', 'k', 'a', 't', 't', 'e', 'n', '.', 't', 'k', '\0',
+  /* "undo.co.il", true */ 'u', 'n', 'd', 'o', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "undone.me", true */ 'u', 'n', 'd', 'o', 'n', 'e', '.', 'm', 'e', '\0',
+  /* "unearaigneeauplafond.fr", false */ 'u', 'n', 'e', 'a', 'r', 'a', 'i', 'g', 'n', 'e', 'e', 'a', 'u', 'p', 'l', 'a', 'f', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "unerosesurlalune.fr", true */ 'u', 'n', 'e', 'r', 'o', 's', 'e', 's', 'u', 'r', 'l', 'a', 'l', 'u', 'n', 'e', '.', 'f', 'r', '\0',
+  /* "unfettered.net", false */ 'u', 'n', 'f', 'e', 't', 't', 'e', 'r', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "unfuddle.cn", true */ 'u', 'n', 'f', 'u', 'd', 'd', 'l', 'e', '.', 'c', 'n', '\0',
+  /* "unga.dk", true */ 'u', 'n', 'g', 'a', '.', 'd', 'k', '\0',
+  /* "ungegamere.dk", true */ 'u', 'n', 'g', 'e', 'g', 'a', 'm', 'e', 'r', 'e', '.', 'd', 'k', '\0',
+  /* "unicef-karten.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', '-', 'k', 'a', 'r', 't', 'e', 'n', '.', 'a', 't', '\0',
+  /* "unicef.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', '.', 'p', 'l', '\0',
+  /* "unicefcards.at", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'a', 't', '\0',
+  /* "unicefcards.cz", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'c', 'z', '\0',
+  /* "unicefcards.gr", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'g', 'r', '\0',
+  /* "unicefcards.it", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'i', 't', '\0',
+  /* "unicefcards.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 'n', 'l', '\0',
+  /* "unicefcards.sk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'a', 'r', 'd', 's', '.', 's', 'k', '\0',
+  /* "unicefcestitke.rs", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'c', 'e', 's', 't', 'i', 't', 'k', 'e', '.', 'r', 's', '\0',
+  /* "unicefkaarten.nl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'a', 'r', 't', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "unicefkartkidlafirm.pl", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'a', 'r', 't', 'k', 'i', 'd', 'l', 'a', 'f', 'i', 'r', 'm', '.', 'p', 'l', '\0',
+  /* "unicefkepeslapok.hu", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'e', 'p', 'e', 's', 'l', 'a', 'p', 'o', 'k', '.', 'h', 'u', '\0',
+  /* "unicefkort.dk", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'k', 'o', 'r', 't', '.', 'd', 'k', '\0',
+  /* "unicefvoscilnice.si", true */ 'u', 'n', 'i', 'c', 'e', 'f', 'v', 'o', 's', 'c', 'i', 'l', 'n', 'i', 'c', 'e', '.', 's', 'i', '\0',
+  /* "unicorn.melbourne", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "unicorncloud.org", true */ 'u', 'n', 'i', 'c', 'o', 'r', 'n', 'c', 'l', 'o', 'u', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "unicredit.ba", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'b', 'a', '\0',
+  /* "unicredit.ro", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', '.', 'r', 'o', '\0',
+  /* "unicreditbank.hu", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'h', 'u', '\0',
+  /* "unicreditbank.rs", true */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 's', '\0',
+  /* "unicreditbank.ru", false */ 'u', 'n', 'i', 'c', 'r', 'e', 'd', 'i', 't', 'b', 'a', 'n', 'k', '.', 'r', 'u', '\0',
+  /* "unieducar.org.br", true */ 'u', 'n', 'i', 'e', 'd', 'u', 'c', 'a', 'r', '.', 'o', 'r', 'g', '.', 'b', 'r', '\0',
+  /* "uniekglas.nl", true */ 'u', 'n', 'i', 'e', 'k', 'g', 'l', 'a', 's', '.', 'n', 'l', '\0',
+  /* "uniform-agri.com", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', '-', 'a', 'g', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "uniformebateriasheliar.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'b', 'a', 't', 'e', 'r', 'i', 'a', 's', 'h', 'e', 'l', 'i', 'a', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniformehope.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniformespousoalegre.com.br", true */ 'u', 'n', 'i', 'f', 'o', 'r', 'm', 'e', 's', 'p', 'o', 'u', 's', 'o', 'a', 'l', 'e', 'g', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "unikoingold.com", true */ 'u', 'n', 'i', 'k', 'o', 'i', 'n', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "unikrn.com", true */ 'u', 'n', 'i', 'k', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "unila.edu.br", true */ 'u', 'n', 'i', 'l', 'a', '.', 'e', 'd', 'u', '.', 'b', 'r', '\0',
+  /* "unionplat.ru", true */ 'u', 'n', 'i', 'o', 'n', 'p', 'l', 'a', 't', '.', 'r', 'u', '\0',
+  /* "unipig.de", true */ 'u', 'n', 'i', 'p', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "uniprimebr.com.br", true */ 'u', 'n', 'i', 'p', 'r', 'i', 'm', 'e', 'b', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uniq.site", true */ 'u', 'n', 'i', 'q', '.', 's', 'i', 't', 'e', '\0',
+  /* "unique-bouncy-castles.co.uk", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'b', 'o', 'u', 'n', 'c', 'y', '-', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "unique-pathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0',
+  /* "unique-pathways.com", true */ 'u', 'n', 'i', 'q', 'u', 'e', '-', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uniquepathways.ch", true */ 'u', 'n', 'i', 'q', 'u', 'e', 'p', 'a', 't', 'h', 'w', 'a', 'y', 's', '.', 'c', 'h', '\0',
+  /* "unirenter.ru", true */ 'u', 'n', 'i', 'r', 'e', 'n', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "unit7jazz.com", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "unit7jazz.org", true */ 'u', 'n', 'i', 't', '7', 'j', 'a', 'z', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "unite-ka.de", true */ 'u', 'n', 'i', 't', 'e', '-', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "united-schools.net", true */ 'u', 'n', 'i', 't', 'e', 'd', '-', 's', 'c', 'h', 'o', 'o', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "united.com", false */ 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "unitedadmins.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'a', 'd', 'm', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unitedpsychological.com", true */ 'u', 'n', 'i', 't', 'e', 'd', 'p', 's', 'y', 'c', 'h', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "unitel2000.de", true */ 'u', 'n', 'i', 't', 'e', 'l', '2', '0', '0', '0', '.', 'd', 'e', '\0',
+  /* "univercite.ch", true */ 'u', 'n', 'i', 'v', 'e', 'r', 'c', 'i', 't', 'e', '.', 'c', 'h', '\0',
+  /* "universal-happiness.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', '-', 'h', 'a', 'p', 'p', 'i', 'n', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "universalcarremote.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'c', 'a', 'r', 'r', 'e', 'm', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "universalpaymentgateway.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'a', 'l', 'p', 'a', 'y', 'm', 'e', 'n', 't', 'g', 'a', 't', 'e', 'w', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "universeinform.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'e', 'i', 'n', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "universogay.com", true */ 'u', 'n', 'i', 'v', 'e', 'r', 's', 'o', 'g', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "univitale.fr", true */ 'u', 'n', 'i', 'v', 'i', 't', 'a', 'l', 'e', '.', 'f', 'r', '\0',
+  /* "unix.se", true */ 'u', 'n', 'i', 'x', '.', 's', 'e', '\0',
+  /* "unixadm.org", true */ 'u', 'n', 'i', 'x', 'a', 'd', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "unixattic.com", true */ 'u', 'n', 'i', 'x', 'a', 't', 't', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "unixcorn.org", false */ 'u', 'n', 'i', 'x', 'c', 'o', 'r', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "unixforum.org", true */ 'u', 'n', 'i', 'x', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "unixtime.date", true */ 'u', 'n', 'i', 'x', 't', 'i', 'm', 'e', '.', 'd', 'a', 't', 'e', '\0',
+  /* "unlax.com", true */ 'u', 'n', 'l', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "unleash.pw", true */ 'u', 'n', 'l', 'e', 'a', 's', 'h', '.', 'p', 'w', '\0',
+  /* "unli.xyz", true */ 'u', 'n', 'l', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "unlockboot.com", false */ 'u', 'n', 'l', 'o', 'c', 'k', 'b', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "unlocken.nl", true */ 'u', 'n', 'l', 'o', 'c', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "unmanaged.space", true */ 'u', 'n', 'm', 'a', 'n', 'a', 'g', 'e', 'd', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "unmonito.red", true */ 'u', 'n', 'm', 'o', 'n', 'i', 't', 'o', '.', 'r', 'e', 'd', '\0',
+  /* "uno-pizza.ru", true */ 'u', 'n', 'o', '-', 'p', 'i', 'z', 'z', 'a', '.', 'r', 'u', '\0',
+  /* "unobrindes.com.br", true */ 'u', 'n', 'o', 'b', 'r', 'i', 'n', 'd', 'e', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "unoccupyabq.org", true */ 'u', 'n', 'o', 'c', 'c', 'u', 'p', 'y', 'a', 'b', 'q', '.', 'o', 'r', 'g', '\0',
+  /* "unpkg.com", true */ 'u', 'n', 'p', 'k', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "unpossible.xyz", true */ 'u', 'n', 'p', 'o', 's', 's', 'i', 'b', 'l', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "unpr.dk", true */ 'u', 'n', 'p', 'r', '.', 'd', 'k', '\0',
+  /* "unquote.li", true */ 'u', 'n', 'q', 'u', 'o', 't', 'e', '.', 'l', 'i', '\0',
+  /* "unrealircd.org", true */ 'u', 'n', 'r', 'e', 'a', 'l', 'i', 'r', 'c', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "unrelated.net.au", true */ 'u', 'n', 'r', 'e', 'l', 'a', 't', 'e', 'd', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "unripple.com", true */ 'u', 'n', 'r', 'i', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "unruh.fr", true */ 'u', 'n', 'r', 'u', 'h', '.', 'f', 'r', '\0',
+  /* "uns.vn", true */ 'u', 'n', 's', '.', 'v', 'n', '\0',
+  /* "unsacsurledos.com", true */ 'u', 'n', 's', 'a', 'c', 's', 'u', 'r', 'l', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unschoolrules.com", true */ 'u', 'n', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'u', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unsee.cc", true */ 'u', 'n', 's', 'e', 'e', '.', 'c', 'c', '\0',
+  /* "unseen.is", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 'i', 's', '\0',
+  /* "unseen.tw", true */ 'u', 'n', 's', 'e', 'e', 'n', '.', 't', 'w', '\0',
+  /* "unser-gartenforum.de", true */ 'u', 'n', 's', 'e', 'r', '-', 'g', 'a', 'r', 't', 'e', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "unsuspicious.click", true */ 'u', 'n', 's', 'u', 's', 'p', 'i', 'c', 'i', 'o', 'u', 's', '.', 'c', 'l', 'i', 'c', 'k', '\0',
+  /* "unterfrankenclan.de", true */ 'u', 'n', 't', 'e', 'r', 'f', 'r', 'a', 'n', 'k', 'e', 'n', 'c', 'l', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "unterkunft.guru", true */ 'u', 'n', 't', 'e', 'r', 'k', 'u', 'n', 'f', 't', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "unterschicht.tv", true */ 'u', 'n', 't', 'e', 'r', 's', 'c', 'h', 'i', 'c', 'h', 't', '.', 't', 'v', '\0',
+  /* "untethereddog.com", true */ 'u', 'n', 't', 'e', 't', 'h', 'e', 'r', 'e', 'd', 'd', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "untoldstory.eu", true */ 'u', 'n', 't', 'o', 'l', 'd', 's', 't', 'o', 'r', 'y', '.', 'e', 'u', '\0',
+  /* "unun.fi", true */ 'u', 'n', 'u', 'n', '.', 'f', 'i', '\0',
+  /* "unusualhatclub.com", true */ 'u', 'n', 'u', 's', 'u', 'a', 'l', 'h', 'a', 't', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "unveiledgnosis.com", true */ 'u', 'n', 'v', 'e', 'i', 'l', 'e', 'd', 'g', 'n', 'o', 's', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "unworthy.ml", true */ 'u', 'n', 'w', 'o', 'r', 't', 'h', 'y', '.', 'm', 'l', '\0',
+  /* "unx.dk", true */ 'u', 'n', 'x', '.', 'd', 'k', '\0',
+  /* "unxicdellum.cat", true */ 'u', 'n', 'x', 'i', 'c', 'd', 'e', 'l', 'l', 'u', 'm', '.', 'c', 'a', 't', '\0',
+  /* "upandclear.org", true */ 'u', 'p', 'a', 'n', 'd', 'c', 'l', 'e', 'a', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "upani.net", true */ 'u', 'p', 'a', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "upay.ru", true */ 'u', 'p', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "upbad.com", true */ 'u', 'p', 'b', 'a', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "upbeatrobot.com", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "upbeatrobot.eu", true */ 'u', 'p', 'b', 'e', 'a', 't', 'r', 'o', 'b', 'o', 't', '.', 'e', 'u', '\0',
+  /* "upd.jp", true */ 'u', 'p', 'd', '.', 'j', 'p', '\0',
+  /* "upgamerengine.com", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "upgamerengine.com.br", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "upgamerengine.net", true */ 'u', 'p', 'g', 'a', 'm', 'e', 'r', 'e', 'n', 'g', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "upgauged.com", true */ 'u', 'p', 'g', 'a', 'u', 'g', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "upitnik.rs", true */ 'u', 'p', 'i', 't', 'n', 'i', 'k', '.', 'r', 's', '\0',
+  /* "uplaqui.com.br", true */ 'u', 'p', 'l', 'a', 'q', 'u', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "uplinklabs.net", true */ 'u', 'p', 'l', 'i', 'n', 'k', 'l', 'a', 'b', 's', '.', 'n', 'e', 't', '\0',
+  /* "upload.cat", true */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'c', 'a', 't', '\0',
+  /* "upload.facebook.com", false */ 'u', 'p', 'l', 'o', 'a', 'd', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "uploadbeta.com", true */ 'u', 'p', 'l', 'o', 'a', 'd', 'b', 'e', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "upmchealthsecurity.us", true */ 'u', 'p', 'm', 'c', 'h', 'e', 'a', 'l', 't', 'h', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'u', 's', '\0',
+  /* "upnext.io", true */ 'u', 'p', 'n', 'e', 'x', 't', '.', 'i', 'o', '\0',
+  /* "upperbeaconsfield.org.au", true */ 'u', 'p', 'p', 'e', 'r', 'b', 'e', 'a', 'c', 'o', 'n', 's', 'f', 'i', 'e', 'l', 'd', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "upplevelse.com", true */ 'u', 'p', 'p', 'l', 'e', 'v', 'e', 'l', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "upr-info.org", true */ 'u', 'p', 'r', '-', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "upr.com.ua", true */ 'u', 'p', 'r', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "upsiteseo.com", true */ 'u', 'p', 's', 'i', 't', 'e', 's', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uptimed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "uptimenotguaranteed.com", true */ 'u', 'p', 't', 'i', 'm', 'e', 'n', 'o', 't', 'g', 'u', 'a', 'r', 'a', 'n', 't', 'e', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "uptodateinteriors.com", true */ 'u', 'p', 't', 'o', 'd', 'a', 't', 'e', 'i', 'n', 't', 'e', 'r', 'i', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptogood.org", true */ 'u', 'p', 't', 'o', 'g', 'o', 'o', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "uptoon.jp", true */ 'u', 'p', 't', 'o', 'o', 'n', '.', 'j', 'p', '\0',
+  /* "uptownlocators.com", true */ 'u', 'p', 't', 'o', 'w', 'n', 'l', 'o', 'c', 'a', 't', 'o', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptrends.com", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uptrends.de", true */ 'u', 'p', 't', 'r', 'e', 'n', 'd', 's', '.', 'd', 'e', '\0',
+  /* "upundit.com", true */ 'u', 'p', 'u', 'n', 'd', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "upwork.com", true */ 'u', 'p', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ur.nl", true */ 'u', 'r', '.', 'n', 'l', '\0',
+  /* "ur2.pw", true */ 'u', 'r', '2', '.', 'p', 'w', '\0',
+  /* "urbackups.com", true */ 'u', 'r', 'b', 'a', 'c', 'k', 'u', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "urbalex.ch", true */ 'u', 'r', 'b', 'a', 'l', 'e', 'x', '.', 'c', 'h', '\0',
+  /* "urban-culture.fr", true */ 'u', 'r', 'b', 'a', 'n', '-', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "urban-karuizawa.co.jp", true */ 'u', 'r', 'b', 'a', 'n', '-', 'k', 'a', 'r', 'u', 'i', 'z', 'a', 'w', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "urban.melbourne", true */ 'u', 'r', 'b', 'a', 'n', '.', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '\0',
+  /* "urbanesecurity.com", true */ 'u', 'r', 'b', 'a', 'n', 'e', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "urbanfi.sh", true */ 'u', 'r', 'b', 'a', 'n', 'f', 'i', '.', 's', 'h', '\0',
+  /* "urbanguerillas.de", true */ 'u', 'r', 'b', 'a', 'n', 'g', 'u', 'e', 'r', 'i', 'l', 'l', 'a', 's', '.', 'd', 'e', '\0',
+  /* "urbanietz-immobilien.de", true */ 'u', 'r', 'b', 'a', 'n', 'i', 'e', 't', 'z', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "urbanmelbourne.info", true */ 'u', 'r', 'b', 'a', 'n', 'm', 'e', 'l', 'b', 'o', 'u', 'r', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "urbannewsservice.com", true */ 'u', 'r', 'b', 'a', 'n', 'n', 'e', 'w', 's', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "urbansparrow.in", true */ 'u', 'r', 'b', 'a', 'n', 's', 'p', 'a', 'r', 'r', 'o', 'w', '.', 'i', 'n', '\0',
+  /* "urbanwildlifealliance.org", true */ 'u', 'r', 'b', 'a', 'n', 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'l', 'l', 'i', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "urbexdk.nl", true */ 'u', 'r', 'b', 'e', 'x', 'd', 'k', '.', 'n', 'l', '\0',
+  /* "urcentral.com", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "urcentral.net", true */ 'u', 'r', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "ureka.org", true */ 'u', 'r', 'e', 'k', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "urgences-valais.ch", true */ 'u', 'r', 'g', 'e', 'n', 'c', 'e', 's', '-', 'v', 'a', 'l', 'a', 'i', 's', '.', 'c', 'h', '\0',
+  /* "uripura.de", true */ 'u', 'r', 'i', 'p', 'u', 'r', 'a', '.', 'd', 'e', '\0',
+  /* "urist1011.ru", true */ 'u', 'r', 'i', 's', 't', '1', '0', '1', '1', '.', 'r', 'u', '\0',
+  /* "url.cab", true */ 'u', 'r', 'l', '.', 'c', 'a', 'b', '\0',
+  /* "url.fi", true */ 'u', 'r', 'l', '.', 'f', 'i', '\0',
+  /* "url.fm", true */ 'u', 'r', 'l', '.', 'f', 'm', '\0',
+  /* "url.rw", true */ 'u', 'r', 'l', '.', 'r', 'w', '\0',
+  /* "url0.eu", true */ 'u', 'r', 'l', '0', '.', 'e', 'u', '\0',
+  /* "urlachershop.com.br", true */ 'u', 'r', 'l', 'a', 'c', 'h', 'e', 'r', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "urlaub-leitner.at", true */ 'u', 'r', 'l', 'a', 'u', 'b', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'a', 't', '\0',
+  /* "urlscan.io", true */ 'u', 'r', 'l', 's', 'c', 'a', 'n', '.', 'i', 'o', '\0',
+  /* "urology.wiki", true */ 'u', 'r', 'o', 'l', 'o', 'g', 'y', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "ursa-minor-beta.org", true */ 'u', 'r', 's', 'a', '-', 'm', 'i', 'n', 'o', 'r', '-', 'b', 'e', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ursae.co", true */ 'u', 'r', 's', 'a', 'e', '.', 'c', 'o', '\0',
+  /* "urspringer.de", true */ 'u', 'r', 's', 'p', 'r', 'i', 'n', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "ursuslibris.hu", true */ 'u', 'r', 's', 'u', 's', 'l', 'i', 'b', 'r', 'i', 's', '.', 'h', 'u', '\0',
+  /* "urukproject.org", true */ 'u', 'r', 'u', 'k', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "usaa.com", false */ 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "usabackground.com", true */ 'u', 's', 'a', 'b', 'a', 'c', 'k', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "usability.gov", true */ 'u', 's', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "usaestaonline.com", true */ 'u', 's', 'a', 'e', 's', 't', 'a', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usafuelservice.com", true */ 'u', 's', 'a', 'f', 'u', 'e', 'l', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usajobs.com", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "usajobs.gov", true */ 'u', 's', 'a', 'j', 'o', 'b', 's', '.', 'g', 'o', 'v', '\0',
+  /* "usakitchensandflooring.com", true */ 'u', 's', 'a', 'k', 'i', 't', 'c', 'h', 'e', 'n', 's', 'a', 'n', 'd', 'f', 'l', 'o', 'o', 'r', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "usap.gov", false */ 'u', 's', 'a', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "usbcraft.com", true */ 'u', 's', 'b', 'c', 'r', 'a', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "usbevents.co.uk", true */ 'u', 's', 'b', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "uscloud.nl", true */ 'u', 's', 'c', 'l', 'o', 'u', 'd', '.', 'n', 'l', '\0',
+  /* "usd.de", true */ 'u', 's', 'd', '.', 'd', 'e', '\0',
+  /* "usds.gov", true */ 'u', 's', 'd', 's', '.', 'g', 'o', 'v', '\0',
+  /* "use.be", true */ 'u', 's', 'e', '.', 'b', 'e', '\0',
+  /* "usebean.com", true */ 'u', 's', 'e', 'b', 'e', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "usedesk.ru", true */ 'u', 's', 'e', 'd', 'e', 's', 'k', '.', 'r', 'u', '\0',
+  /* "usedu.us", true */ 'u', 's', 'e', 'd', 'u', '.', 'u', 's', '\0',
+  /* "useresponse.com", true */ 'u', 's', 'e', 'r', 'e', 's', 'p', 'o', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "usetypo3.com", true */ 'u', 's', 'e', 't', 'y', 'p', 'o', '3', '.', 'c', 'o', 'm', '\0',
+  /* "useyourloaf.com", true */ 'u', 's', 'e', 'y', 'o', 'u', 'r', 'l', 'o', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "usgande.com", true */ 'u', 's', 'g', 'a', 'n', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ushandbookapp.com", true */ 'u', 's', 'h', 'a', 'n', 'd', 'b', 'o', 'o', 'k', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "ushare.ch", true */ 'u', 's', 'h', 'a', 'r', 'e', '.', 'c', 'h', '\0',
+  /* "usimmigration.us", true */ 'u', 's', 'i', 'm', 'm', 'i', 'g', 'r', 'a', 't', 'i', 'o', 'n', '.', 'u', 's', '\0',
+  /* "usipvd.ch", true */ 'u', 's', 'i', 'p', 'v', 'd', '.', 'c', 'h', '\0',
+  /* "usitcolours.bg", true */ 'u', 's', 'i', 't', 'c', 'o', 'l', 'o', 'u', 'r', 's', '.', 'b', 'g', '\0',
+  /* "usleep.net", true */ 'u', 's', 'l', 'e', 'e', 'p', '.', 'n', 'e', 't', '\0',
+  /* "usmint.gov", true */ 'u', 's', 'm', 'i', 'n', 't', '.', 'g', 'o', 'v', '\0',
+  /* "usparklodging.com", true */ 'u', 's', 'p', 'a', 'r', 'k', 'l', 'o', 'd', 'g', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "uspsoig.gov", true */ 'u', 's', 'p', 's', 'o', 'i', 'g', '.', 'g', 'o', 'v', '\0',
+  /* "ussm.gov", true */ 'u', 's', 's', 'm', '.', 'g', 'o', 'v', '\0',
+  /* "ussuka.com", true */ 'u', 's', 's', 'u', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "ust.space", true */ 'u', 's', 't', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "usualbeings.com", true */ 'u', 's', 'u', 'a', 'l', 'b', 'e', 'i', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "uswitch.com", true */ 'u', 's', 'w', 'i', 't', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ut-addicted.com", true */ 'u', 't', '-', 'a', 'd', 'd', 'i', 'c', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "utahfireinfo.gov", true */ 'u', 't', 'a', 'h', 'f', 'i', 'r', 'e', 'i', 'n', 'f', 'o', '.', 'g', 'o', 'v', '\0',
+  /* "utahlocal.net", true */ 'u', 't', 'a', 'h', 'l', 'o', 'c', 'a', 'l', '.', 'n', 'e', 't', '\0',
+  /* "utdsgda.com", true */ 'u', 't', 'd', 's', 'g', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "utepils.de", true */ 'u', 't', 'e', 'p', 'i', 'l', 's', '.', 'd', 'e', '\0',
+  /* "utilia.tools", true */ 'u', 't', 'i', 'l', 'i', 'a', '.', 't', 'o', 'o', 'l', 's', '\0',
+  /* "utilitarian.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "utilitarian.net", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "utilitarian.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "utilitarianism.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "utilitarianism.org", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', 'i', 's', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "utilitarismo.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'a', 'r', 'i', 's', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "utilitronium.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'r', 'o', 'n', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "utilityapi.com", true */ 'u', 't', 'i', 'l', 'i', 't', 'y', 'a', 'p', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "utitreatment.com", true */ 'u', 't', 'i', 't', 'r', 'e', 'a', 't', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "utonia.ch", true */ 'u', 't', 'o', 'n', 'i', 'a', '.', 'c', 'h', '\0',
+  /* "utopialgb.org.uk", true */ 'u', 't', 'o', 'p', 'i', 'a', 'l', 'g', 'b', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "utopicestudios.com", true */ 'u', 't', 'o', 'p', 'i', 'c', 'e', 's', 't', 'u', 'd', 'i', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "utox.io", true */ 'u', 't', 'o', 'x', '.', 'i', 'o', '\0',
+  /* "utugnn.ru", true */ 'u', 't', 'u', 'g', 'n', 'n', '.', 'r', 'u', '\0',
+  /* "utw.me", true */ 'u', 't', 'w', '.', 'm', 'e', '\0',
+  /* "utzon.net", true */ 'u', 't', 'z', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "uuit.nl", true */ 'u', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "uvocorp.com", true */ 'u', 'v', 'o', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "uwac.co.uk", true */ 'u', 'w', 'a', 'c', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "uwfreelanceopticien.nl", true */ 'u', 'w', 'f', 'r', 'e', 'e', 'l', 'a', 'n', 'c', 'e', 'o', 'p', 't', 'i', 'c', 'i', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "uwimonacs.org.jm", true */ 'u', 'w', 'i', 'm', 'o', 'n', 'a', 'c', 's', '.', 'o', 'r', 'g', '.', 'j', 'm', '\0',
+  /* "uxtechnologist.com", true */ 'u', 'x', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "uy.search.yahoo.com", false */ 'u', 'y', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uz.search.yahoo.com", false */ 'u', 'z', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "uzaymedya.com.tr", true */ 'u', 'z', 'a', 'y', 'm', 'e', 'd', 'y', 'a', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "v-d-p.net", true */ 'v', '-', 'd', '-', 'p', '.', 'n', 'e', 't', '\0',
+  /* "v-tek.fi", true */ 'v', '-', 't', 'e', 'k', '.', 'f', 'i', '\0',
+  /* "v-u-z.ru", true */ 'v', '-', 'u', '-', 'z', '.', 'r', 'u', '\0',
+  /* "v1sit0r.ru", true */ 'v', '1', 's', 'i', 't', '0', 'r', '.', 'r', 'u', '\0',
+  /* "v2bv.net", true */ 'v', '2', 'b', 'v', '.', 'n', 'e', 't', '\0',
+  /* "v2bv.win", true */ 'v', '2', 'b', 'v', '.', 'w', 'i', 'n', '\0',
+  /* "v2ex.com", true */ 'v', '2', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "va-reitartikel.com", true */ 'v', 'a', '-', 'r', 'e', 'i', 't', 'a', 'r', 't', 'i', 'k', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vacationscostarica.com", true */ 'v', 'a', 'c', 'a', 't', 'i', 'o', 'n', 's', 'c', 'o', 's', 't', 'a', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vaccines.gov", true */ 'v', 'a', 'c', 'c', 'i', 'n', 'e', 's', '.', 'g', 'o', 'v', '\0',
+  /* "vaclavambroz.cz", true */ 'v', 'a', 'c', 'l', 'a', 'v', 'a', 'm', 'b', 'r', 'o', 'z', '.', 'c', 'z', '\0',
+  /* "vacuumpump.co.id", true */ 'v', 'a', 'c', 'u', 'u', 'm', 'p', 'u', 'm', 'p', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vadennissanofhiltonheadparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'l', 't', 'o', 'n', 'h', 'e', 'a', 'd', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vadennissanofhinesvilleparts.com", true */ 'v', 'a', 'd', 'e', 'n', 'n', 'i', 's', 's', 'a', 'n', 'o', 'f', 'h', 'i', 'n', 'e', 's', 'v', 'i', 'l', 'l', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vaew.com", true */ 'v', 'a', 'e', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vagabond.fr", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', '.', 'f', 'r', '\0',
+  /* "vagabondgal.com", true */ 'v', 'a', 'g', 'a', 'b', 'o', 'n', 'd', 'g', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vagaerg.com", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vagaerg.net", true */ 'v', 'a', 'g', 'a', 'e', 'r', 'g', '.', 'n', 'e', 't', '\0',
+  /* "vagmour.eu", true */ 'v', 'a', 'g', 'm', 'o', 'u', 'r', '.', 'e', 'u', '\0',
+  /* "vagpartsdb.com", true */ 'v', 'a', 'g', 'p', 'a', 'r', 't', 's', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "vagrantcloud.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vagrantup.com", true */ 'v', 'a', 'g', 'r', 'a', 'n', 't', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "vaindil.com", true */ 'v', 'a', 'i', 'n', 'd', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vakantiedetective.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "vakantienet.nl", true */ 'v', 'a', 'k', 'a', 'n', 't', 'i', 'e', 'n', 'e', 't', '.', 'n', 'l', '\0',
+  /* "vakuutuskanava.fi", true */ 'v', 'a', 'k', 'u', 'u', 't', 'u', 's', 'k', 'a', 'n', 'a', 'v', 'a', '.', 'f', 'i', '\0',
+  /* "val-sec.com", true */ 'v', 'a', 'l', '-', 's', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "valasi.eu", true */ 'v', 'a', 'l', 'a', 's', 'i', '.', 'e', 'u', '\0',
+  /* "valbonne-consulting.com", true */ 'v', 'a', 'l', 'b', 'o', 'n', 'n', 'e', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "valenciadevops.me", true */ 'v', 'a', 'l', 'e', 'n', 'c', 'i', 'a', 'd', 'e', 'v', 'o', 'p', 's', '.', 'm', 'e', '\0',
+  /* "valentin-sundermann.de", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', '-', 's', 'u', 'n', 'd', 'e', 'r', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "valentinberclaz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'b', 'e', 'r', 'c', 'l', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "valentineapparel.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'a', 'p', 'p', 'a', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "valentineforpresident.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'f', 'o', 'r', 'p', 'r', 'e', 's', 'i', 'd', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "valentinera.in", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 'r', 'a', '.', 'i', 'n', '\0',
+  /* "valentinesongs.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'e', 's', 'o', 'n', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "valentinritz.com", true */ 'v', 'a', 'l', 'e', 'n', 't', 'i', 'n', 'r', 'i', 't', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "valeriansaliou.name", true */ 'v', 'a', 'l', 'e', 'r', 'i', 'a', 'n', 's', 'a', 'l', 'i', 'o', 'u', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "vales.io", true */ 'v', 'a', 'l', 'e', 's', '.', 'i', 'o', '\0',
+  /* "valesdev.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'e', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "valesdigital.com", true */ 'v', 'a', 'l', 'e', 's', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "validatis.com", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "validator.nu", true */ 'v', 'a', 'l', 'i', 'd', 'a', 't', 'o', 'r', '.', 'n', 'u', '\0',
+  /* "validbrands.com", true */ 'v', 'a', 'l', 'i', 'd', 'b', 'r', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "valika.ee", true */ 'v', 'a', 'l', 'i', 'k', 'a', '.', 'e', 'e', '\0',
+  /* "valis.sx", true */ 'v', 'a', 'l', 'i', 's', '.', 's', 'x', '\0',
+  /* "valkohattu.fi", true */ 'v', 'a', 'l', 'k', 'o', 'h', 'a', 't', 't', 'u', '.', 'f', 'i', '\0',
+  /* "valkor.pro", true */ 'v', 'a', 'l', 'k', 'o', 'r', '.', 'p', 'r', 'o', '\0',
+  /* "vallei-veluwe.nl", true */ 'v', 'a', 'l', 'l', 'e', 'i', '-', 'v', 'e', 'l', 'u', 'w', 'e', '.', 'n', 'l', '\0',
+  /* "valleyautofair.com", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'a', 'u', 't', 'o', 'f', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "valleycode.net", true */ 'v', 'a', 'l', 'l', 'e', 'y', 'c', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "vallutaja.eu", true */ 'v', 'a', 'l', 'l', 'u', 't', 'a', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "valokuva-albumi.fi", true */ 'v', 'a', 'l', 'o', 'k', 'u', 'v', 'a', '-', 'a', 'l', 'b', 'u', 'm', 'i', '.', 'f', 'i', '\0',
+  /* "valopv.be", true */ 'v', 'a', 'l', 'o', 'p', 'v', '.', 'b', 'e', '\0',
+  /* "valordolarblue.com.ar", true */ 'v', 'a', 'l', 'o', 'r', 'd', 'o', 'l', 'a', 'r', 'b', 'l', 'u', 'e', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "valorem-tax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', '-', 't', 'a', 'x', '.', 'c', 'h', '\0',
+  /* "valoremtax.ch", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'h', '\0',
+  /* "valoremtax.com", true */ 'v', 'a', 'l', 'o', 'r', 'e', 'm', 't', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "valshamar.is", true */ 'v', 'a', 'l', 's', 'h', 'a', 'm', 'a', 'r', '.', 'i', 's', '\0',
+  /* "valsk.is", true */ 'v', 'a', 'l', 's', 'k', '.', 'i', 's', '\0',
+  /* "valskis.lt", true */ 'v', 'a', 'l', 's', 'k', 'i', 's', '.', 'l', 't', '\0',
+  /* "valtoaho.com", true */ 'v', 'a', 'l', 't', 'o', 'a', 'h', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "valueng.com", true */ 'v', 'a', 'l', 'u', 'e', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "valueseed.net", true */ 'v', 'a', 'l', 'u', 'e', 's', 'e', 'e', 'd', '.', 'n', 'e', 't', '\0',
+  /* "vamosfalardesaude.pt", true */ 'v', 'a', 'm', 'o', 's', 'f', 'a', 'l', 'a', 'r', 'd', 'e', 's', 'a', 'u', 'd', 'e', '.', 'p', 't', '\0',
+  /* "vampyrium.com", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vampyrium.net", false */ 'v', 'a', 'm', 'p', 'y', 'r', 'i', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "van11y.net", true */ 'v', 'a', 'n', '1', '1', 'y', '.', 'n', 'e', 't', '\0',
+  /* "vanbinnenuit.nl", true */ 'v', 'a', 'n', 'b', 'i', 'n', 'n', 'e', 'n', 'u', 'i', 't', '.', 'n', 'l', '\0',
+  /* "vancouvercosmeticsurgery.ca", true */ 'v', 'a', 'n', 'c', 'o', 'u', 'v', 'e', 'r', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "vandalfsen.me", true */ 'v', 'a', 'n', 'd', 'a', 'l', 'f', 's', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "vandam.io", true */ 'v', 'a', 'n', 'd', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "vandenbroeck-usedcars.be", true */ 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'r', 'o', 'e', 'c', 'k', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vandeput.be", true */ 'v', 'a', 'n', 'd', 'e', 'p', 'u', 't', '.', 'b', 'e', '\0',
+  /* "vanderkrieken.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'i', 'e', 'k', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vanderkroon.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'k', 'r', 'o', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "vandermeer.frl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'm', 'e', 'e', 'r', '.', 'f', 'r', 'l', '\0',
+  /* "vanderrijt.nl", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'r', 'i', 'j', 't', '.', 'n', 'l', '\0',
+  /* "vanderziel.org", true */ 'v', 'a', 'n', 'd', 'e', 'r', 'z', 'i', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "vaneigenkweek.be", true */ 'v', 'a', 'n', 'e', 'i', 'g', 'e', 'n', 'k', 'w', 'e', 'e', 'k', '.', 'b', 'e', '\0',
+  /* "vanessabalibridal.com", true */ 'v', 'a', 'n', 'e', 's', 's', 'a', 'b', 'a', 'l', 'i', 'b', 'r', 'i', 'd', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vanetv.com", true */ 'v', 'a', 'n', 'e', 't', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vangeluwedeberlaere.be", true */ 'v', 'a', 'n', 'g', 'e', 'l', 'u', 'w', 'e', 'd', 'e', 'b', 'e', 'r', 'l', 'a', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "vanhoudt-usedcars.be", true */ 'v', 'a', 'n', 'h', 'o', 'u', 'd', 't', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vanhoutte.be", false */ 'v', 'a', 'n', 'h', 'o', 'u', 't', 't', 'e', '.', 'b', 'e', '\0',
+  /* "vanhove.biz", true */ 'v', 'a', 'n', 'h', 'o', 'v', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "vanlaanen.com", true */ 'v', 'a', 'n', 'l', 'a', 'a', 'n', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vanmalland.com", true */ 'v', 'a', 'n', 'm', 'a', 'l', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vannaos.com", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vannaos.net", true */ 'v', 'a', 'n', 'n', 'a', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "vanohaker.ru", true */ 'v', 'a', 'n', 'o', 'h', 'a', 'k', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "vanouwerkerk.net", true */ 'v', 'a', 'n', 'o', 'u', 'w', 'e', 'r', 'k', 'e', 'r', 'k', '.', 'n', 'e', 't', '\0',
+  /* "vante.me", true */ 'v', 'a', 'n', 't', 'e', '.', 'm', 'e', '\0',
+  /* "vantien.com", true */ 'v', 'a', 'n', 't', 'i', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vantru.is", true */ 'v', 'a', 'n', 't', 'r', 'u', '.', 'i', 's', '\0',
+  /* "vanvoro.us", false */ 'v', 'a', 'n', 'v', 'o', 'r', 'o', '.', 'u', 's', '\0',
+  /* "vanwunnik.com", true */ 'v', 'a', 'n', 'w', 'u', 'n', 'n', 'i', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vapecom-shop.com", true */ 'v', 'a', 'p', 'e', 'c', 'o', 'm', '-', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "vapehour.com", true */ 'v', 'a', 'p', 'e', 'h', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vapemania.eu", true */ 'v', 'a', 'p', 'e', 'm', 'a', 'n', 'i', 'a', '.', 'e', 'u', '\0',
+  /* "vaperolles.ch", true */ 'v', 'a', 'p', 'e', 'r', 'o', 'l', 'l', 'e', 's', '.', 'c', 'h', '\0',
+  /* "vapesense.co.uk", true */ 'v', 'a', 'p', 'e', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vaphone.co", true */ 'v', 'a', 'p', 'h', 'o', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "vapor.cloud", false */ 'v', 'a', 'p', 'o', 'r', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vapordepot.jp", true */ 'v', 'a', 'p', 'o', 'r', 'd', 'e', 'p', 'o', 't', '.', 'j', 'p', '\0',
+  /* "varcare.jp", true */ 'v', 'a', 'r', 'c', 'a', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "varden.info", true */ 'v', 'a', 'r', 'd', 'e', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vareillefoundation.fr", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "vareillefoundation.org", true */ 'v', 'a', 'r', 'e', 'i', 'l', 'l', 'e', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "varghese.de", true */ 'v', 'a', 'r', 'g', 'h', 'e', 's', 'e', '.', 'd', 'e', '\0',
+  /* "variable.agency", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'e', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "variablyconstant.com", true */ 'v', 'a', 'r', 'i', 'a', 'b', 'l', 'y', 'c', 'o', 'n', 's', 't', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "variag-group.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'g', 'r', 'o', 'u', 'p', '.', 'r', 'u', '\0',
+  /* "variag-montazh.ru", true */ 'v', 'a', 'r', 'i', 'a', 'g', '-', 'm', 'o', 'n', 't', 'a', 'z', 'h', '.', 'r', 'u', '\0',
+  /* "varicoseveinssolution.com", true */ 'v', 'a', 'r', 'i', 'c', 'o', 's', 'e', 'v', 'e', 'i', 'n', 's', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "varimedoma.com", true */ 'v', 'a', 'r', 'i', 'm', 'e', 'd', 'o', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "varshathacker.com", true */ 'v', 'a', 'r', 's', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "varta.io", true */ 'v', 'a', 'r', 't', 'a', '.', 'i', 'o', '\0',
+  /* "varunagw.com", false */ 'v', 'a', 'r', 'u', 'n', 'a', 'g', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "varunpriolkar.com", true */ 'v', 'a', 'r', 'u', 'n', 'p', 'r', 'i', 'o', 'l', 'k', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "varvy.com", true */ 'v', 'a', 'r', 'v', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vascomm.co.id", true */ 'v', 'a', 's', 'c', 'o', 'm', 'm', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vashel.us", true */ 'v', 'a', 's', 'h', 'e', 'l', '.', 'u', 's', '\0',
+  /* "vasileruscior.ro", true */ 'v', 'a', 's', 'i', 'l', 'e', 'r', 'u', 's', 'c', 'i', 'o', 'r', '.', 'r', 'o', '\0',
+  /* "vaskulitis-info.de", true */ 'v', 'a', 's', 'k', 'u', 'l', 'i', 't', 'i', 's', '-', 'i', 'n', 'f', 'o', '.', 'd', 'e', '\0',
+  /* "vasports.com.au", true */ 'v', 'a', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "vastgoedcultuurfonds.nl", true */ 'v', 'a', 's', 't', 'g', 'o', 'e', 'd', 'c', 'u', 'l', 't', 'u', 'u', 'r', 'f', 'o', 'n', 'd', 's', '.', 'n', 'l', '\0',
+  /* "vasyharan.com", true */ 'v', 'a', 's', 'y', 'h', 'a', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vat-eu.com", true */ 'v', 'a', 't', '-', 'e', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "vatelecom.dk", true */ 'v', 'a', 't', 'e', 'l', 'e', 'c', 'o', 'm', '.', 'd', 'k', '\0',
+  /* "vattulainen.fi", true */ 'v', 'a', 't', 't', 'u', 'l', 'a', 'i', 'n', 'e', 'n', '.', 'f', 'i', '\0',
+  /* "vaud-fleurs.ch", true */ 'v', 'a', 'u', 'd', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "vault21.net", true */ 'v', 'a', 'u', 'l', 't', '2', '1', '.', 'n', 'e', 't', '\0',
+  /* "vaultproject.io", true */ 'v', 'a', 'u', 'l', 't', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'i', 'o', '\0',
+  /* "vaur.fr", true */ 'v', 'a', 'u', 'r', '.', 'f', 'r', '\0',
+  /* "vavai.net", true */ 'v', 'a', 'v', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "vavel.com", true */ 'v', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vavouchers.com", true */ 'v', 'a', 'v', 'o', 'u', 'c', 'h', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vawebsite.co", true */ 'v', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'c', 'o', '\0',
+  /* "vaygren.com", true */ 'v', 'a', 'y', 'g', 'r', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vazue.com", true */ 'v', 'a', 'z', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vbazile.com", true */ 'v', 'b', 'a', 'z', 'i', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vbcdn.com", true */ 'v', 'b', 'c', 'd', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vbestreviews.com", true */ 'v', 'b', 'e', 's', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vbh2o.com", true */ 'v', 'b', 'h', '2', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vc.gg", true */ 'v', 'c', '.', 'g', 'g', '\0',
+  /* "vcam.org", true */ 'v', 'c', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "vccmurah.net", true */ 'v', 'c', 'c', 'm', 'u', 'r', 'a', 'h', '.', 'n', 'e', 't', '\0',
+  /* "vcdn.xyz", true */ 'v', 'c', 'd', 'n', '.', 'x', 'y', 'z', '\0',
+  /* "vcelin-na-doliku.cz", true */ 'v', 'c', 'e', 'l', 'i', 'n', '-', 'n', 'a', '-', 'd', 'o', 'l', 'i', 'k', 'u', '.', 'c', 'z', '\0',
+  /* "vcf.gov", true */ 'v', 'c', 'f', '.', 'g', 'o', 'v', '\0',
+  /* "vcientertainment.com", false */ 'v', 'c', 'i', 'e', 'n', 't', 'e', 'r', 't', 'a', 'i', 'n', 'm', 'e', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vcmi.download", true */ 'v', 'c', 'm', 'i', '.', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', '\0',
+  /* "vconcept.ch", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'c', 'h', '\0',
+  /* "vconcept.me", true */ 'v', 'c', 'o', 'n', 'c', 'e', 'p', 't', '.', 'm', 'e', '\0',
+  /* "vcsjones.codes", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "vcsjones.com", true */ 'v', 'c', 's', 'j', 'o', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vcti.cloud", true */ 'v', 'c', 't', 'i', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vd42.net", true */ 'v', 'd', '4', '2', '.', 'n', 'e', 't', '\0',
+  /* "vdbongard.com", true */ 'v', 'd', 'b', 'o', 'n', 'g', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vdcomp.cz", true */ 'v', 'd', 'c', 'o', 'm', 'p', '.', 'c', 'z', '\0',
+  /* "vdemuzere.be", true */ 'v', 'd', 'e', 'm', 'u', 'z', 'e', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "vdesc.com", true */ 'v', 'd', 'e', 's', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vdisk24.de", true */ 'v', 'd', 'i', 's', 'k', '2', '4', '.', 'd', 'e', '\0',
+  /* "vdownloader.com", true */ 'v', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vdrpro.com", true */ 'v', 'd', 'r', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ve.search.yahoo.com", false */ 'v', 'e', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "ve3oat.ca", true */ 'v', 'e', '3', 'o', 'a', 't', '.', 'c', 'a', '\0',
+  /* "vea.re", true */ 'v', 'e', 'a', '.', 'r', 'e', '\0',
+  /* "veblr.com", false */ 'v', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vecerkaracing.cz", true */ 'v', 'e', 'c', 'e', 'r', 'k', 'a', 'r', 'a', 'c', 'i', 'n', 'g', '.', 'c', 'z', '\0',
+  /* "vecozo.nl", true */ 'v', 'e', 'c', 'o', 'z', 'o', '.', 'n', 'l', '\0',
+  /* "vectorwish.com", true */ 'v', 'e', 'c', 't', 'o', 'r', 'w', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vectro.me", true */ 'v', 'e', 'c', 't', 'r', 'o', '.', 'm', 'e', '\0',
+  /* "veg-leiden.nl", true */ 'v', 'e', 'g', '-', 'l', 'e', 'i', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "vegalitarian.org", true */ 'v', 'e', 'g', 'a', 'l', 'i', 't', 'a', 'r', 'i', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vegane-proteine.com", true */ 'v', 'e', 'g', 'a', 'n', 'e', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "veganforum.org", true */ 'v', 'e', 'g', 'a', 'n', 'f', 'o', 'r', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "veganism.co.uk", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "veganism.com", true */ 'v', 'e', 'g', 'a', 'n', 'i', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vegepa.com", true */ 'v', 'e', 'g', 'e', 'p', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "veglog.com", true */ 'v', 'e', 'g', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vehicleenquiry.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 'e', 'n', 'q', 'u', 'i', 'r', 'y', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "vehicletax.service.gov.uk", true */ 'v', 'e', 'h', 'i', 'c', 'l', 'e', 't', 'a', 'x', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "veii.de", true */ 'v', 'e', 'i', 'i', '.', 'd', 'e', '\0',
+  /* "veil-framework.com", true */ 'v', 'e', 'i', 'l', '-', 'f', 'r', 'a', 'm', 'e', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "veke.fi", true */ 'v', 'e', 'k', 'e', '.', 'f', 'i', '\0',
+  /* "vekenz.com", true */ 'v', 'e', 'k', 'e', 'n', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "velasense.com", true */ 'v', 'e', 'l', 'a', 's', 'e', 'n', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "velonustraduction.com", true */ 'v', 'e', 'l', 'o', 'n', 'u', 's', 't', 'r', 'a', 'd', 'u', 'c', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "velotyretz.fr", true */ 'v', 'e', 'l', 'o', 't', 'y', 'r', 'e', 't', 'z', '.', 'f', 'r', '\0',
+  /* "venalytics.com", true */ 'v', 'e', 'n', 'a', 'l', 'y', 't', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vendigital.com", true */ 'v', 'e', 'n', 'd', 'i', 'g', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vendorconnect.nyc", true */ 'v', 'e', 'n', 'd', 'o', 'r', 'c', 'o', 'n', 'n', 'e', 'c', 't', '.', 'n', 'y', 'c', '\0',
+  /* "vendserve.eu", true */ 'v', 'e', 'n', 'd', 's', 'e', 'r', 'v', 'e', '.', 'e', 'u', '\0',
+  /* "venicecomputerrepair.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'c', 'o', 'm', 'p', 'u', 't', 'e', 'r', 'r', 'e', 'p', 'a', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "venicefloridawebsitedesign.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'f', 'l', 'o', 'r', 'i', 'd', 'a', 'w', 'e', 'b', 's', 'i', 't', 'e', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "venicerealdeal.com", true */ 'v', 'e', 'n', 'i', 'c', 'e', 'r', 'e', 'a', 'l', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "venirextra.com", true */ 'v', 'e', 'n', 'i', 'r', 'e', 'x', 't', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "venirideal.com", true */ 'v', 'e', 'n', 'i', 'r', 'i', 'd', 'e', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "venninvestorplatform.com", true */ 'v', 'e', 'n', 'n', 'i', 'n', 'v', 'e', 's', 't', 'o', 'r', 'p', 'l', 'a', 't', 'f', 'o', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "ventesprivees-fr.com", true */ 'v', 'e', 'n', 't', 'e', 's', 'p', 'r', 'i', 'v', 'e', 'e', 's', '-', 'f', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "ventizo.com", true */ 'v', 'e', 'n', 't', 'i', 'z', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "venturum.com", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "venturum.de", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "venturum.eu", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'e', 'u', '\0',
+  /* "venturum.net", true */ 'v', 'e', 'n', 't', 'u', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "vera.bg", true */ 'v', 'e', 'r', 'a', '.', 'b', 'g', '\0',
+  /* "veramagazine.jp", true */ 'v', 'e', 'r', 'a', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 'j', 'p', '\0',
+  /* "verberne.nu", true */ 'v', 'e', 'r', 'b', 'e', 'r', 'n', 'e', '.', 'n', 'u', '\0',
+  /* "verbierfestival.com", true */ 'v', 'e', 'r', 'b', 'i', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "verdict.gg", true */ 'v', 'e', 'r', 'd', 'i', 'c', 't', '.', 'g', 'g', '\0',
+  /* "verduccies.com", true */ 'v', 'e', 'r', 'd', 'u', 'c', 'c', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verein-kiekin.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', '-', 'k', 'i', 'e', 'k', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "vereinlandwege.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 'l', 'a', 'n', 'd', 'w', 'e', 'g', 'e', '.', 'd', 'e', '\0',
+  /* "vereinscheck.de", true */ 'v', 'e', 'r', 'e', 'i', 'n', 's', 'c', 'h', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "verfassungsklage.at", true */ 'v', 'e', 'r', 'f', 'a', 's', 's', 'u', 'n', 'g', 's', 'k', 'l', 'a', 'g', 'e', '.', 'a', 't', '\0',
+  /* "vergeaccessories.com", true */ 'v', 'e', 'r', 'g', 'e', 'a', 'c', 'c', 'e', 's', 's', 'o', 'r', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verhovs.ky", true */ 'v', 'e', 'r', 'h', 'o', 'v', 's', '.', 'k', 'y', '\0',
+  /* "verifyos.com", true */ 'v', 'e', 'r', 'i', 'f', 'y', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "veriny.tf", true */ 'v', 'e', 'r', 'i', 'n', 'y', '.', 't', 'f', '\0',
+  /* "veriomed.com", true */ 'v', 'e', 'r', 'i', 'o', 'm', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "veritafineviolins.com", true */ 'v', 'e', 'r', 'i', 't', 'a', 'f', 'i', 'n', 'e', 'v', 'i', 'o', 'l', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verizonguidelines.com", true */ 'v', 'e', 'r', 'i', 'z', 'o', 'n', 'g', 'u', 'i', 'd', 'e', 'l', 'i', 'n', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verliebt-in-bw.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'b', 'w', '.', 'd', 'e', '\0',
+  /* "verliebt-in-niedersachsen.de", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'b', 't', '-', 'i', 'n', '-', 'n', 'i', 'e', 'd', 'e', 'r', 's', 'a', 'c', 'h', 's', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "verliefde-jongens.nl", true */ 'v', 'e', 'r', 'l', 'i', 'e', 'f', 'd', 'e', '-', 'j', 'o', 'n', 'g', 'e', 'n', 's', '.', 'n', 'l', '\0',
+  /* "vermeerdealers.com", true */ 'v', 'e', 'r', 'm', 'e', 'e', 'r', 'd', 'e', 'a', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vermogeninkaart.nl", true */ 'v', 'e', 'r', 'm', 'o', 'g', 'e', 'n', 'i', 'n', 'k', 'a', 'a', 'r', 't', '.', 'n', 'l', '\0',
+  /* "vermuetje.nl", true */ 'v', 'e', 'r', 'm', 'u', 'e', 't', 'j', 'e', '.', 'n', 'l', '\0',
+  /* "vernaeve-usedcars.be", true */ 'v', 'e', 'r', 'n', 'a', 'e', 'v', 'e', '-', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vernonatvclub.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'a', 't', 'v', 'c', 'l', 'u', 'b', '.', 'c', 'a', '\0',
+  /* "vernonchan.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'c', 'h', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vernonfilmsociety.bc.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 'l', 'm', 's', 'o', 'c', 'i', 'e', 't', 'y', '.', 'b', 'c', '.', 'c', 'a', '\0',
+  /* "vernonfishandgame.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'f', 'i', 's', 'h', 'a', 'n', 'd', 'g', 'a', 'm', 'e', '.', 'c', 'a', '\0',
+  /* "vernonhouseofhope.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'h', 'o', 'u', 's', 'e', 'o', 'f', 'h', 'o', 'p', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vernonsecureselfstorage.ca", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'e', 'c', 'u', 'r', 'e', 's', 'e', 'l', 'f', 's', 't', 'o', 'r', 'a', 'g', 'e', '.', 'c', 'a', '\0',
+  /* "vernonspeedskatingclub.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 's', 'p', 'e', 'e', 'd', 's', 'k', 'a', 't', 'i', 'n', 'g', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "vernonwintercarnival.com", true */ 'v', 'e', 'r', 'n', 'o', 'n', 'w', 'i', 'n', 't', 'e', 'r', 'c', 'a', 'r', 'n', 'i', 'v', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "veronique-schmitz.de", true */ 'v', 'e', 'r', 'o', 'n', 'i', 'q', 'u', 'e', '-', 's', 'c', 'h', 'm', 'i', 't', 'z', '.', 'd', 'e', '\0',
+  /* "verrerie-mousseline.org", true */ 'v', 'e', 'r', 'r', 'e', 'r', 'i', 'e', '-', 'm', 'o', 'u', 's', 's', 'e', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "vers.one", true */ 'v', 'e', 'r', 's', '.', 'o', 'n', 'e', '\0',
+  /* "versagercloud.de", true */ 'v', 'e', 'r', 's', 'a', 'g', 'e', 'r', 'c', 'l', 'o', 'u', 'd', '.', 'd', 'e', '\0',
+  /* "versbeton.nl", true */ 'v', 'e', 'r', 's', 'b', 'e', 't', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "versicherungskontor.net", true */ 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', 's', 'k', 'o', 'n', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "verspai.de", true */ 'v', 'e', 'r', 's', 'p', 'a', 'i', '.', 'd', 'e', '\0',
+  /* "verstraetenusedcars.be", true */ 'v', 'e', 'r', 's', 't', 'r', 'a', 'e', 't', 'e', 'n', 'u', 's', 'e', 'd', 'c', 'a', 'r', 's', '.', 'b', 'e', '\0',
+  /* "vertebrates.com", true */ 'v', 'e', 'r', 't', 'e', 'b', 'r', 'a', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "verteilergetriebe.info", true */ 'v', 'e', 'r', 't', 'e', 'i', 'l', 'e', 'r', 'g', 'e', 't', 'r', 'i', 'e', 'b', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vertikar.net", true */ 'v', 'e', 'r', 't', 'i', 'k', 'a', 'r', '.', 'n', 'e', 't', '\0',
+  /* "vertner.net", true */ 'v', 'e', 'r', 't', 'n', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "veryapt.com", true */ 'v', 'e', 'r', 'y', 'a', 'p', 't', '.', 'c', 'o', 'm', '\0',
+  /* "verymelon.de", true */ 'v', 'e', 'r', 'y', 'm', 'e', 'l', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "verzick.com", true */ 'v', 'e', 'r', 'z', 'i', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ves.vn.ua", true */ 'v', 'e', 's', '.', 'v', 'n', '.', 'u', 'a', '\0',
+  /* "vescudero.net", true */ 'v', 'e', 's', 'c', 'u', 'd', 'e', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "veslosada.com", true */ 'v', 'e', 's', 'l', 'o', 's', 'a', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vespacascadia.com", true */ 'v', 'e', 's', 'p', 'a', 'c', 'a', 's', 'c', 'a', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "veterinario.roma.it", true */ 'v', 'e', 't', 'e', 'r', 'i', 'n', 'a', 'r', 'i', 'o', '.', 'r', 'o', 'm', 'a', '.', 'i', 't', '\0',
+  /* "vetforum.co", true */ 'v', 'e', 't', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', '\0',
+  /* "vetinte.eu", true */ 'v', 'e', 't', 'i', 'n', 't', 'e', '.', 'e', 'u', '\0',
+  /* "vetofish.com", true */ 'v', 'e', 't', 'o', 'f', 'i', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vets.gov", true */ 'v', 'e', 't', 's', '.', 'g', 'o', 'v', '\0',
+  /* "veverusak.cz", true */ 'v', 'e', 'v', 'e', 'r', 'u', 's', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "vfdworld.com", true */ 'v', 'f', 'd', 'w', 'o', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vfn-nrw.de", true */ 'v', 'f', 'n', '-', 'n', 'r', 'w', '.', 'd', 'e', '\0',
+  /* "vgerak.com", true */ 'v', 'g', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vgolos.zt.ua", true */ 'v', 'g', 'o', 'l', 'o', 's', '.', 'z', 't', '.', 'u', 'a', '\0',
+  /* "vgropp.de", true */ 'v', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "vhummel.nl", true */ 'v', 'h', 'u', 'm', 'm', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "viacdn.org", true */ 'v', 'i', 'a', 'c', 'd', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "viafinance.cz", true */ 'v', 'i', 'a', 'f', 'i', 'n', 'a', 'n', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "viaggio-in-cina.it", true */ 'v', 'i', 'a', 'g', 'g', 'i', 'o', '-', 'i', 'n', '-', 'c', 'i', 'n', 'a', '.', 'i', 't', '\0',
+  /* "viaje-a-china.com", true */ 'v', 'i', 'a', 'j', 'e', '-', 'a', '-', 'c', 'h', 'i', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vialibido.com.br", true */ 'v', 'i', 'a', 'l', 'i', 'b', 'i', 'd', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vialorran.com", true */ 'v', 'i', 'a', 'l', 'o', 'r', 'r', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "viaprinto.de", true */ 'v', 'i', 'a', 'p', 'r', 'i', 'n', 't', 'o', '.', 'd', 'e', '\0',
+  /* "vibrant-america.com", true */ 'v', 'i', 'b', 'r', 'a', 'n', 't', '-', 'a', 'm', 'e', 'r', 'i', 'c', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vibrashop.com.br", true */ 'v', 'i', 'b', 'r', 'a', 's', 'h', 'o', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vichiya.com", true */ 'v', 'i', 'c', 'h', 'i', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vician.cz", false */ 'v', 'i', 'c', 'i', 'a', 'n', '.', 'c', 'z', '\0',
+  /* "viciousflora.com", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'f', 'l', 'o', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "viciousviscosity.xyz", true */ 'v', 'i', 'c', 'i', 'o', 'u', 's', 'v', 'i', 's', 'c', 'o', 's', 'i', 't', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "viclab.se", true */ 'v', 'i', 'c', 'l', 'a', 'b', '.', 's', 'e', '\0',
+  /* "victorcanera.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'c', 'a', 'n', 'e', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "victordiaz.me", true */ 'v', 'i', 'c', 't', 'o', 'r', 'd', 'i', 'a', 'z', '.', 'm', 'e', '\0',
+  /* "victoreriksson.se", true */ 'v', 'i', 'c', 't', 'o', 'r', 'e', 'r', 'i', 'k', 's', 's', 'o', 'n', '.', 's', 'e', '\0',
+  /* "victorgbustamante.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'g', 'b', 'u', 's', 't', 'a', 'm', 'a', 'n', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "victorhawk.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'h', 'a', 'w', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "victoriaartist.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'a', 'r', 't', 'i', 's', 't', '.', 'r', 'u', '\0',
+  /* "victoriastudio.ru", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 's', 't', 'u', 'd', 'i', 'o', '.', 'r', 'u', '\0',
+  /* "victoriaville.ca", true */ 'v', 'i', 'c', 't', 'o', 'r', 'i', 'a', 'v', 'i', 'l', 'l', 'e', '.', 'c', 'a', '\0',
+  /* "victorjacobs.com", true */ 'v', 'i', 'c', 't', 'o', 'r', 'j', 'a', 'c', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "victornet.de", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "victornilsson.pw", true */ 'v', 'i', 'c', 't', 'o', 'r', 'n', 'i', 'l', 's', 's', 'o', 'n', '.', 'p', 'w', '\0',
+  /* "vicyu.com", true */ 'v', 'i', 'c', 'y', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "vid-immobilien.de", true */ 'v', 'i', 'd', '-', 'i', 'm', 'm', 'o', 'b', 'i', 'l', 'i', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "vida-it.com", true */ 'v', 'i', 'd', 'a', '-', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vida.es", true */ 'v', 'i', 'd', 'a', '.', 'e', 's', '\0',
+  /* "vidbooster.com", true */ 'v', 'i', 'd', 'b', 'o', 'o', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vide-dressing.org", false */ 'v', 'i', 'd', 'e', '-', 'd', 'r', 'e', 's', 's', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "vide-greniers.org", false */ 'v', 'i', 'd', 'e', '-', 'g', 'r', 'e', 'n', 'i', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vide-maisons.org", false */ 'v', 'i', 'd', 'e', '-', 'm', 'a', 'i', 's', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "videnskabsklubben.dk", true */ 'v', 'i', 'd', 'e', 'n', 's', 'k', 'a', 'b', 's', 'k', 'l', 'u', 'b', 'b', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "videogamesartwork.com", true */ 'v', 'i', 'd', 'e', 'o', 'g', 'a', 'm', 'e', 's', 'a', 'r', 't', 'w', 'o', 'r', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "videoseyredin.net", true */ 'v', 'i', 'd', 'e', 'o', 's', 'e', 'y', 'r', 'e', 'd', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "videosqr.com", true */ 'v', 'i', 'd', 'e', 'o', 's', 'q', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "videov.tk", true */ 'v', 'i', 'd', 'e', 'o', 'v', '.', 't', 'k', '\0',
+  /* "vidiproject.com", true */ 'v', 'i', 'd', 'i', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vidister.de", true */ 'v', 'i', 'd', 'i', 's', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "viditut.com", true */ 'v', 'i', 'd', 'i', 't', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vidkovaomara.si", true */ 'v', 'i', 'd', 'k', 'o', 'v', 'a', 'o', 'm', 'a', 'r', 'a', '.', 's', 'i', '\0',
+  /* "vidlyoficial.com", true */ 'v', 'i', 'd', 'l', 'y', 'o', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vieaw.com", true */ 'v', 'i', 'e', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vieclam24h.vn", false */ 'v', 'i', 'e', 'c', 'l', 'a', 'm', '2', '4', 'h', '.', 'v', 'n', '\0',
+  /* "viekelis.lt", false */ 'v', 'i', 'e', 'k', 'e', 'l', 'i', 's', '.', 'l', 't', '\0',
+  /* "viemeister.com", true */ 'v', 'i', 'e', 'm', 'e', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "viemontante.be", true */ 'v', 'i', 'e', 'm', 'o', 'n', 't', 'a', 'n', 't', 'e', '.', 'b', 'e', '\0',
+  /* "viennan.net", true */ 'v', 'i', 'e', 'n', 'n', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vientos.coop", true */ 'v', 'i', 'e', 'n', 't', 'o', 's', '.', 'c', 'o', 'o', 'p', '\0',
+  /* "viepixel.at", true */ 'v', 'i', 'e', 'p', 'i', 'x', 'e', 'l', '.', 'a', 't', '\0',
+  /* "vierdaagsehotel.nl", true */ 'v', 'i', 'e', 'r', 'd', 'a', 'a', 'g', 's', 'e', 'h', 'o', 't', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "vierpfeile.de", true */ 'v', 'i', 'e', 'r', 'p', 'f', 'e', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "vierpluseins.wtf", true */ 'v', 'i', 'e', 'r', 'p', 'l', 'u', 's', 'e', 'i', 'n', 's', '.', 'w', 't', 'f', '\0',
+  /* "vietnam-lifer.com", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', '-', 'l', 'i', 'f', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vietnamese.dating", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'e', 's', 'e', '.', 'd', 'a', 't', 'i', 'n', 'g', '\0',
+  /* "vietnamhost.vn", false */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'h', 'o', 's', 't', '.', 'v', 'n', '\0',
+  /* "vietnamwomenveterans.org", true */ 'v', 'i', 'e', 't', 'n', 'a', 'm', 'w', 'o', 'm', 'e', 'n', 'v', 'e', 't', 'e', 'r', 'a', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vieux.pro", true */ 'v', 'i', 'e', 'u', 'x', '.', 'p', 'r', 'o', '\0',
+  /* "viewbook.com", true */ 'v', 'i', 'e', 'w', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "viewmyrecords.com", true */ 'v', 'i', 'e', 'w', 'm', 'y', 'r', 'e', 'c', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "viewsea.com", true */ 'v', 'i', 'e', 'w', 's', 'e', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "viga.me", true */ 'v', 'i', 'g', 'a', '.', 'm', 'e', '\0',
+  /* "vigenebio.com", true */ 'v', 'i', 'g', 'e', 'n', 'e', 'b', 'i', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vigilantnow.com", true */ 'v', 'i', 'g', 'i', 'l', 'a', 'n', 't', 'n', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vigliano.ovh", true */ 'v', 'i', 'g', 'l', 'i', 'a', 'n', 'o', '.', 'o', 'v', 'h', '\0',
+  /* "vigo-krankenversicherung.de", true */ 'v', 'i', 'g', 'o', '-', 'k', 'r', 'a', 'n', 'k', 'e', 'n', 'v', 'e', 'r', 's', 'i', 'c', 'h', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "vigo-tarife.de", true */ 'v', 'i', 'g', 'o', '-', 't', 'a', 'r', 'i', 'f', 'e', '.', 'd', 'e', '\0',
+  /* "vigour.us", true */ 'v', 'i', 'g', 'o', 'u', 'r', '.', 'u', 's', '\0',
+  /* "vigoxatelier.tech", true */ 'v', 'i', 'g', 'o', 'x', 'a', 't', 'e', 'l', 'i', 'e', 'r', '.', 't', 'e', 'c', 'h', '\0',
+  /* "vigrey.com", true */ 'v', 'i', 'g', 'r', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "viikko.eu", true */ 'v', 'i', 'i', 'k', 'k', 'o', '.', 'e', 'u', '\0',
+  /* "vijay-international.com", true */ 'v', 'i', 'j', 'a', 'y', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vijverbenodigdheden.nl", true */ 'v', 'i', 'j', 'v', 'e', 'r', 'b', 'e', 'n', 'o', 'd', 'i', 'g', 'd', 'h', 'e', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "vik.im", true */ 'v', 'i', 'k', '.', 'i', 'm', '\0',
+  /* "vikashkumar.me", true */ 'v', 'i', 'k', 'a', 's', 'h', 'k', 'u', 'm', 'a', 'r', '.', 'm', 'e', '\0',
+  /* "viking-style.ru", true */ 'v', 'i', 'k', 'i', 'n', 'g', '-', 's', 't', 'y', 'l', 'e', '.', 'r', 'u', '\0',
+  /* "vikings.net", true */ 'v', 'i', 'k', 'i', 'n', 'g', 's', '.', 'n', 'e', 't', '\0',
+  /* "vikodek.com", true */ 'v', 'i', 'k', 'o', 'd', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "viktorprevaric.eu", true */ 'v', 'i', 'k', 't', 'o', 'r', 'p', 'r', 'e', 'v', 'a', 'r', 'i', 'c', '.', 'e', 'u', '\0',
+  /* "viladochurrasco.com.br", true */ 'v', 'i', 'l', 'a', 'd', 'o', 'c', 'h', 'u', 'r', 'r', 'a', 's', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villa-gockel.de", true */ 'v', 'i', 'l', 'l', 'a', '-', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "villa-romantica-zillertal.at", true */ 'v', 'i', 'l', 'l', 'a', '-', 'r', 'o', 'm', 'a', 'n', 't', 'i', 'c', 'a', '-', 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', '.', 'a', 't', '\0',
+  /* "villafiore.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'f', 'i', 'o', 'r', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villageunique.com.br", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'u', 'n', 'i', 'q', 'u', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "villagockel.de", true */ 'v', 'i', 'l', 'l', 'a', 'g', 'o', 'c', 'k', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "villainsclothing.com.au", true */ 'v', 'i', 'l', 'l', 'a', 'i', 'n', 's', 'c', 'l', 'o', 't', 'h', 'i', 'n', 'g', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "villasenor.online", true */ 'v', 'i', 'l', 'l', 'a', 's', 'e', 'n', 'o', 'r', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "villasfinistere.fr", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'i', 'n', 'i', 's', 't', 'e', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "villasforsale-bali.com", true */ 'v', 'i', 'l', 'l', 'a', 's', 'f', 'o', 'r', 's', 'a', 'l', 'e', '-', 'b', 'a', 'l', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "villek.fi", true */ 'v', 'i', 'l', 'l', 'e', 'k', '.', 'f', 'i', '\0',
+  /* "villenavedornon.fr", true */ 'v', 'i', 'l', 'l', 'e', 'n', 'a', 'v', 'e', 'd', 'o', 'r', 'n', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "vilog.me", true */ 'v', 'i', 'l', 'o', 'g', '.', 'm', 'e', '\0',
+  /* "viltsu.net", true */ 'v', 'i', 'l', 't', 's', 'u', '.', 'n', 'e', 't', '\0',
+  /* "vima.ch", true */ 'v', 'i', 'm', 'a', '.', 'c', 'h', '\0',
+  /* "vimeo.com", true */ 'v', 'i', 'm', 'e', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vinagro.sk", true */ 'v', 'i', 'n', 'a', 'g', 'r', 'o', '.', 's', 'k', '\0',
+  /* "vinarstvimodryhrozen.cz", true */ 'v', 'i', 'n', 'a', 'r', 's', 't', 'v', 'i', 'm', 'o', 'd', 'r', 'y', 'h', 'r', 'o', 'z', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "vincentcox.com", false */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'c', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "vincentpancol.com", true */ 'v', 'i', 'n', 'c', 'e', 'n', 't', 'p', 'a', 'n', 'c', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vincitraining.com", true */ 'v', 'i', 'n', 'c', 'i', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "vineright.com", true */ 'v', 'i', 'n', 'e', 'r', 'i', 'g', 'h', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vinicius.sl", true */ 'v', 'i', 'n', 'i', 'c', 'i', 'u', 's', '.', 's', 'l', '\0',
+  /* "vinilosdecorativos.net", true */ 'v', 'i', 'n', 'i', 'l', 'o', 's', 'd', 'e', 'c', 'o', 'r', 'a', 't', 'i', 'v', 'o', 's', '.', 'n', 'e', 't', '\0',
+  /* "vinner.com.au", true */ 'v', 'i', 'n', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "vinolli.de", true */ 'v', 'i', 'n', 'o', 'l', 'l', 'i', '.', 'd', 'e', '\0',
+  /* "vinovum.net", true */ 'v', 'i', 'n', 'o', 'v', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "vintagecaskandbarrel.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'c', 'a', 's', 'k', 'a', 'n', 'd', 'b', 'a', 'r', 'r', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vintagejeeps.net", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'j', 'e', 'e', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "vintageportgifts.co.uk", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 'p', 'o', 'r', 't', 'g', 'i', 'f', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vintagetrailerbuyers.com", true */ 'v', 'i', 'n', 't', 'a', 'g', 'e', 't', 'r', 'a', 'i', 'l', 'e', 'r', 'b', 'u', 'y', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vintazh.net", true */ 'v', 'i', 'n', 't', 'a', 'z', 'h', '.', 'n', 'e', 't', '\0',
+  /* "vinticom.ch", true */ 'v', 'i', 'n', 't', 'i', 'c', 'o', 'm', '.', 'c', 'h', '\0',
+  /* "vintock.com", true */ 'v', 'i', 'n', 't', 'o', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "vinyculture.com", true */ 'v', 'i', 'n', 'y', 'c', 'u', 'l', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vinzite.com", true */ 'v', 'i', 'n', 'z', 'i', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "violet-letter.delivery", true */ 'v', 'i', 'o', 'l', 'e', 't', '-', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', 'l', 'i', 'v', 'e', 'r', 'y', '\0',
+  /* "violetraven.co.uk", true */ 'v', 'i', 'o', 'l', 'e', 't', 'r', 'a', 'v', 'e', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "violin4fun.nl", true */ 'v', 'i', 'o', 'l', 'i', 'n', '4', 'f', 'u', 'n', '.', 'n', 'l', '\0',
+  /* "vionicbeach.com", true */ 'v', 'i', 'o', 'n', 'i', 'c', 'b', 'e', 'a', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "vip8522.com", true */ 'v', 'i', 'p', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vipi.es", true */ 'v', 'i', 'p', 'i', '.', 'e', 's', '\0',
+  /* "vipnettikasinoklubi.com", true */ 'v', 'i', 'p', 'n', 'e', 't', 't', 'i', 'k', 'a', 's', 'i', 'n', 'o', 'k', 'l', 'u', 'b', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "viptamin.eu", true */ 'v', 'i', 'p', 't', 'a', 'm', 'i', 'n', '.', 'e', 'u', '\0',
+  /* "viptamol.com", true */ 'v', 'i', 'p', 't', 'a', 'm', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vir-tec.eu", true */ 'v', 'i', 'r', '-', 't', 'e', 'c', '.', 'e', 'u', '\0',
+  /* "viralboombox.xyz", true */ 'v', 'i', 'r', 'a', 'l', 'b', 'o', 'o', 'm', 'b', 'o', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "viralpop.it", true */ 'v', 'i', 'r', 'a', 'l', 'p', 'o', 'p', '.', 'i', 't', '\0',
+  /* "virgopolymer.com", true */ 'v', 'i', 'r', 'g', 'o', 'p', 'o', 'l', 'y', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "virial.de", true */ 'v', 'i', 'r', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "viridis-milites.cz", true */ 'v', 'i', 'r', 'i', 'd', 'i', 's', '-', 'm', 'i', 'l', 'i', 't', 'e', 's', '.', 'c', 'z', '\0',
+  /* "virtualcustoms.tech", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'c', 'u', 's', 't', 'o', 'm', 's', '.', 't', 'e', 'c', 'h', '\0',
+  /* "virtualdesignmedia.com", false */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'd', 'e', 's', 'i', 'g', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "virtuallifestyle.nl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'l', 'i', 'f', 'e', 's', 't', 'y', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "virtualmt2.pl", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'm', 't', '2', '.', 'p', 'l', '\0',
+  /* "virtualsanity.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 's', 'a', 'n', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "virtualvaults.com", true */ 'v', 'i', 'r', 't', 'u', 'a', 'l', 'v', 'a', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "virtubox.net", true */ 'v', 'i', 'r', 't', 'u', 'b', 'o', 'x', '.', 'n', 'e', 't', '\0',
+  /* "virtusaero.com", true */ 'v', 'i', 'r', 't', 'u', 's', 'a', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "virvum.ch", true */ 'v', 'i', 'r', 'v', 'u', 'm', '.', 'c', 'h', '\0',
+  /* "visa-shinsei.com", true */ 'v', 'i', 's', 'a', '-', 's', 'h', 'i', 'n', 's', 'e', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "visaexpert.co.za", true */ 'v', 'i', 's', 'a', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "visalogy.com", true */ 'v', 'i', 's', 'a', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "visaop.com", true */ 'v', 'i', 's', 'a', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "visapourailleurs.fr", true */ 'v', 'i', 's', 'a', 'p', 'o', 'u', 'r', 'a', 'i', 'l', 'l', 'e', 'u', 'r', 's', '.', 'f', 'r', '\0',
+  /* "visaya.com.co", true */ 'v', 'i', 's', 'a', 'y', 'a', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "viscoelastico.com.br", true */ 'v', 'i', 's', 'c', 'o', 'e', 'l', 'a', 's', 't', 'i', 'c', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "viscopic.com", true */ 'v', 'i', 's', 'c', 'o', 'p', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vishwashantiyoga.com", true */ 'v', 'i', 's', 'h', 'w', 'a', 's', 'h', 'a', 'n', 't', 'i', 'y', 'o', 'g', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "visibox.nl", true */ 'v', 'i', 's', 'i', 'b', 'o', 'x', '.', 'n', 'l', '\0',
+  /* "visikom.de", true */ 'v', 'i', 's', 'i', 'k', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "visioflux-premium.com", true */ 'v', 'i', 's', 'i', 'o', 'f', 'l', 'u', 'x', '-', 'p', 'r', 'e', 'm', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "visionarymedia.nl", true */ 'v', 'i', 's', 'i', 'o', 'n', 'a', 'r', 'y', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "visionless.me", false */ 'v', 'i', 's', 'i', 'o', 'n', 'l', 'e', 's', 's', '.', 'm', 'e', '\0',
+  /* "visiontree-beta.eu", true */ 'v', 'i', 's', 'i', 'o', 'n', 't', 'r', 'e', 'e', '-', 'b', 'e', 't', 'a', '.', 'e', 'u', '\0',
+  /* "visistruct.com", true */ 'v', 'i', 's', 'i', 's', 't', 'r', 'u', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "visitkangaroovalley.com.au", true */ 'v', 'i', 's', 'i', 't', 'k', 'a', 'n', 'g', 'a', 'r', 'o', 'o', 'v', 'a', 'l', 'l', 'e', 'y', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "visor.ph", true */ 'v', 'i', 's', 'o', 'r', '.', 'p', 'h', '\0',
+  /* "vispaleistexel.nl", true */ 'v', 'i', 's', 'p', 'a', 'l', 'e', 'i', 's', 't', 'e', 'x', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "vistaalmar.es", true */ 'v', 'i', 's', 't', 'a', 'a', 'l', 'm', 'a', 'r', '.', 'e', 's', '\0',
+  /* "vistastylebuilder.com", false */ 'v', 'i', 's', 't', 'a', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vistb.me", true */ 'v', 'i', 's', 't', 'b', '.', 'm', 'e', '\0',
+  /* "visual-cockpit.com", true */ 'v', 'i', 's', 'u', 'a', 'l', '-', 'c', 'o', 'c', 'k', 'p', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "visualideas.org", true */ 'v', 'i', 's', 'u', 'a', 'l', 'i', 'd', 'e', 'a', 's', '.', 'o', 'r', 'g', '\0',
+  /* "visudira.com", true */ 'v', 'i', 's', 'u', 'd', 'i', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "vitahook.pw", true */ 'v', 'i', 't', 'a', 'h', 'o', 'o', 'k', '.', 'p', 'w', '\0',
+  /* "vital-tel.co.uk", true */ 'v', 'i', 't', 'a', 'l', '-', 't', 'e', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vitalamin.at", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'a', 't', '\0',
+  /* "vitalamin.ch", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "vitalamin.com", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vitalamin.de", true */ 'v', 'i', 't', 'a', 'l', 'a', 'm', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "vitalismaatjes.nl", true */ 'v', 'i', 't', 'a', 'l', 'i', 's', 'm', 'a', 'a', 't', 'j', 'e', 's', '.', 'n', 'l', '\0',
+  /* "vitalthings.de", true */ 'v', 'i', 't', 'a', 'l', 't', 'h', 'i', 'n', 'g', 's', '.', 'd', 'e', '\0',
+  /* "vitalyzhukphoto.com", true */ 'v', 'i', 't', 'a', 'l', 'y', 'z', 'h', 'u', 'k', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vitaminler.com", true */ 'v', 'i', 't', 'a', 'm', 'i', 'n', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "vitapingu.de", true */ 'v', 'i', 't', 'a', 'p', 'i', 'n', 'g', 'u', '.', 'd', 'e', '\0',
+  /* "vitastic.nl", true */ 'v', 'i', 't', 'a', 's', 't', 'i', 'c', '.', 'n', 'l', '\0',
+  /* "viteoscrm.ch", true */ 'v', 'i', 't', 'e', 'o', 's', 'c', 'r', 'm', '.', 'c', 'h', '\0',
+  /* "vitkausk.as", true */ 'v', 'i', 't', 'k', 'a', 'u', 's', 'k', '.', 'a', 's', '\0',
+  /* "vitkutny.cz", true */ 'v', 'i', 't', 'k', 'u', 't', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "vitoye.com", true */ 'v', 'i', 't', 'o', 'y', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vitra-vcare.co.uk", true */ 'v', 'i', 't', 'r', 'a', '-', 'v', 'c', 'a', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vitrado.de", true */ 'v', 'i', 't', 'r', 'a', 'd', 'o', '.', 'd', 'e', '\0',
+  /* "vitsoft.by", true */ 'v', 'i', 't', 's', 'o', 'f', 't', '.', 'b', 'y', '\0',
+  /* "vivaldi.club", true */ 'v', 'i', 'v', 'a', 'l', 'd', 'i', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "vivamusic.es", true */ 'v', 'i', 'v', 'a', 'm', 'u', 's', 'i', 'c', '.', 'e', 's', '\0',
+  /* "vivanosports.com.br", true */ 'v', 'i', 'v', 'a', 'n', 'o', 's', 'p', 'o', 'r', 't', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vivatv.com.tw", true */ 'v', 'i', 'v', 'a', 't', 'v', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "vivendi.de", true */ 'v', 'i', 'v', 'e', 'n', 'd', 'i', '.', 'd', 'e', '\0',
+  /* "vivianmaier.cn", true */ 'v', 'i', 'v', 'i', 'a', 'n', 'm', 'a', 'i', 'e', 'r', '.', 'c', 'n', '\0',
+  /* "vivid-academy.com", true */ 'v', 'i', 'v', 'i', 'd', '-', 'a', 'c', 'a', 'd', 'e', 'm', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vividinflatables.co.uk", true */ 'v', 'i', 'v', 'i', 'd', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "vividlumen.com", true */ 'v', 'i', 'v', 'i', 'd', 'l', 'u', 'm', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "viviennevandenbos.nl", true */ 'v', 'i', 'v', 'i', 'e', 'n', 'n', 'e', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "vivirenelmundo.com", true */ 'v', 'i', 'v', 'i', 'r', 'e', 'n', 'e', 'l', 'm', 'u', 'n', 'd', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vivo.sx", true */ 'v', 'i', 'v', 'o', '.', 's', 'x', '\0',
+  /* "vizards.cc", true */ 'v', 'i', 'z', 'a', 'r', 'd', 's', '.', 'c', 'c', '\0',
+  /* "vize.ai", true */ 'v', 'i', 'z', 'e', '.', 'a', 'i', '\0',
+  /* "vizional.com", true */ 'v', 'i', 'z', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vizzboard.com", true */ 'v', 'i', 'z', 'z', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vjeff.com", true */ 'v', 'j', 'e', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "vjeff.net", true */ 'v', 'j', 'e', 'f', 'f', '.', 'n', 'e', 't', '\0',
+  /* "vk4wip.org.au", true */ 'v', 'k', '4', 'w', 'i', 'p', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "vkennke.org", true */ 'v', 'k', 'e', 'n', 'n', 'k', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "vkino.com", false */ 'v', 'k', 'i', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vkirichenko.name", true */ 'v', 'k', 'i', 'r', 'i', 'c', 'h', 'e', 'n', 'k', 'o', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "vkox.com", true */ 'v', 'k', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "vksportphoto.com", true */ 'v', 'k', 's', 'p', 'o', 'r', 't', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vladimiroff.org", true */ 'v', 'l', 'a', 'd', 'i', 'm', 'i', 'r', 'o', 'f', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "vladislavstoyanov.com", true */ 'v', 'l', 'a', 'd', 'i', 's', 'l', 'a', 'v', 's', 't', 'o', 'y', 'a', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vldkn.net", true */ 'v', 'l', 'd', 'k', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vleij.com", true */ 'v', 'l', 'e', 'i', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "vleij.family", true */ 'v', 'l', 'e', 'i', 'j', '.', 'f', 'a', 'm', 'i', 'l', 'y', '\0',
+  /* "vleij.se", true */ 'v', 'l', 'e', 'i', 'j', '.', 's', 'e', '\0',
+  /* "vliegensvlug.services", true */ 'v', 'l', 'i', 'e', 'g', 'e', 'n', 's', 'v', 'l', 'u', 'g', '.', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '\0',
+  /* "vloeck.de", true */ 'v', 'l', 'o', 'e', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "vlovgr.se", true */ 'v', 'l', 'o', 'v', 'g', 'r', '.', 's', 'e', '\0',
+  /* "vlsk.eu", true */ 'v', 'l', 's', 'k', '.', 'e', 'u', '\0',
+  /* "vlsm.se", true */ 'v', 'l', 's', 'm', '.', 's', 'e', '\0',
+  /* "vlvvl.com", true */ 'v', 'l', 'v', 'v', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "vm-0.com", true */ 'v', 'm', '-', '0', '.', 'c', 'o', 'm', '\0',
+  /* "vm-co.ch", true */ 'v', 'm', '-', 'c', 'o', '.', 'c', 'h', '\0',
+  /* "vmc.co.id", true */ 'v', 'm', 'c', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "vmem.jp", false */ 'v', 'm', 'e', 'm', '.', 'j', 'p', '\0',
+  /* "vmgirls.com", true */ 'v', 'm', 'g', 'i', 'r', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vmhydro.ru", false */ 'v', 'm', 'h', 'y', 'd', 'r', 'o', '.', 'r', 'u', '\0',
+  /* "vmis.nl", true */ 'v', 'm', 'i', 's', '.', 'n', 'l', '\0',
+  /* "vmoagents.com", false */ 'v', 'm', 'o', 'a', 'g', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vmoe.info", true */ 'v', 'm', 'o', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "vmug.pl", true */ 'v', 'm', 'u', 'g', '.', 'p', 'l', '\0',
+  /* "vn.search.yahoo.com", false */ 'v', 'n', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "vnd.cloud", true */ 'v', 'n', 'd', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "vnvisa.center", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'c', 'e', 'n', 't', 'e', 'r', '\0',
+  /* "vnvisa.ru", true */ 'v', 'n', 'v', 'i', 's', 'a', '.', 'r', 'u', '\0',
+  /* "vocab.guru", true */ 'v', 'o', 'c', 'a', 'b', '.', 'g', 'u', 'r', 'u', '\0',
+  /* "vocaloid.my", true */ 'v', 'o', 'c', 'a', 'l', 'o', 'i', 'd', '.', 'm', 'y', '\0',
+  /* "vocalviews.com", true */ 'v', 'o', 'c', 'a', 'l', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vodpay.com", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vodpay.net", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "vodpay.org", true */ 'v', 'o', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "vogler.name", true */ 'v', 'o', 'g', 'l', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "voice-of-design.com", true */ 'v', 'o', 'i', 'c', 'e', '-', 'o', 'f', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "voicu.ch", true */ 'v', 'o', 'i', 'c', 'u', '.', 'c', 'h', '\0',
+  /* "void-it.nl", true */ 'v', 'o', 'i', 'd', '-', 'i', 't', '.', 'n', 'l', '\0',
+  /* "void-zero.com", true */ 'v', 'o', 'i', 'd', '-', 'z', 'e', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "voidpay.com", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "voidpay.net", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'n', 'e', 't', '\0',
+  /* "voidpay.org", true */ 'v', 'o', 'i', 'd', 'p', 'a', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "voidptr.eu", true */ 'v', 'o', 'i', 'd', 'p', 't', 'r', '.', 'e', 'u', '\0',
+  /* "voids.org", true */ 'v', 'o', 'i', 'd', 's', '.', 'o', 'r', 'g', '\0',
+  /* "voidshift.com", true */ 'v', 'o', 'i', 'd', 's', 'h', 'i', 'f', 't', '.', 'c', 'o', 'm', '\0',
+  /* "voipkb.com", true */ 'v', 'o', 'i', 'p', 'k', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "voipsun.com", true */ 'v', 'o', 'i', 'p', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vokativy.cz", false */ 'v', 'o', 'k', 'a', 't', 'i', 'v', 'y', '.', 'c', 'z', '\0',
+  /* "vokeapp.com", true */ 'v', 'o', 'k', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "volcanconcretos.com", true */ 'v', 'o', 'l', 'c', 'a', 'n', 'c', 'o', 'n', 'c', 'r', 'e', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "volga.us", true */ 'v', 'o', 'l', 'g', 'a', '.', 'u', 's', '\0',
+  /* "volgavibes.ru", false */ 'v', 'o', 'l', 'g', 'a', 'v', 'i', 'b', 'e', 's', '.', 'r', 'u', '\0',
+  /* "voliere-info.nl", false */ 'v', 'o', 'l', 'i', 'e', 'r', 'e', '-', 'i', 'n', 'f', 'o', '.', 'n', 'l', '\0',
+  /* "volker-gropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', '-', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "volkergropp.de", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'g', 'r', 'o', 'p', 'p', '.', 'd', 'e', '\0',
+  /* "volkerwesselstransfer.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 't', 'r', 'a', 'n', 's', 'f', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "volkerwesselswave.nl", true */ 'v', 'o', 'l', 'k', 'e', 'r', 'w', 'e', 's', 's', 'e', 'l', 's', 'w', 'a', 'v', 'e', '.', 'n', 'l', '\0',
+  /* "volkswurst.de", true */ 'v', 'o', 'l', 'k', 's', 'w', 'u', 'r', 's', 't', '.', 'd', 'e', '\0',
+  /* "vollans.id.au", true */ 'v', 'o', 'l', 'l', 'a', 'n', 's', '.', 'i', 'd', '.', 'a', 'u', '\0',
+  /* "voloevents.com", true */ 'v', 'o', 'l', 'o', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "volta.io", true */ 'v', 'o', 'l', 't', 'a', '.', 'i', 'o', '\0',
+  /* "voltimax.com", true */ 'v', 'o', 'l', 't', 'i', 'm', 'a', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "volto.io", true */ 'v', 'o', 'l', 't', 'o', '.', 'i', 'o', '\0',
+  /* "voltotc.com", true */ 'v', 'o', 'l', 't', 'o', 't', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vonauw.com", true */ 'v', 'o', 'n', 'a', 'u', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "vonborstelboerner.de", true */ 'v', 'o', 'n', 'b', 'o', 'r', 's', 't', 'e', 'l', 'b', 'o', 'e', 'r', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "vonedelmann.de", false */ 'v', 'o', 'n', 'e', 'd', 'e', 'l', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "vongerlach.at", true */ 'v', 'o', 'n', 'g', 'e', 'r', 'l', 'a', 'c', 'h', '.', 'a', 't', '\0',
+  /* "vonniehudson.com", true */ 'v', 'o', 'n', 'n', 'i', 'e', 'h', 'u', 'd', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vonski.pl", true */ 'v', 'o', 'n', 's', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "voodoochile.at", true */ 'v', 'o', 'o', 'd', 'o', 'o', 'c', 'h', 'i', 'l', 'e', '.', 'a', 't', '\0',
+  /* "vop.li", true */ 'v', 'o', 'p', '.', 'l', 'i', '\0',
+  /* "vorkbaard.nl", true */ 'v', 'o', 'r', 'k', 'b', 'a', 'a', 'r', 'd', '.', 'n', 'l', '\0',
+  /* "vorlicek.de", true */ 'v', 'o', 'r', 'l', 'i', 'c', 'e', 'k', '.', 'd', 'e', '\0',
+  /* "vorm2.com", true */ 'v', 'o', 'r', 'm', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vos-fleurs.ch", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'h', '\0',
+  /* "vos-fleurs.com", true */ 'v', 'o', 's', '-', 'f', 'l', 'e', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vosgym.jp", true */ 'v', 'o', 's', 'g', 'y', 'm', '.', 'j', 'p', '\0',
+  /* "vosky.fr", true */ 'v', 'o', 's', 'k', 'y', '.', 'f', 'r', '\0',
+  /* "vostronet.com", true */ 'v', 'o', 's', 't', 'r', 'o', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "voter-info.uk", true */ 'v', 'o', 't', 'e', 'r', '-', 'i', 'n', 'f', 'o', '.', 'u', 'k', '\0',
+  /* "votercircle.com", true */ 'v', 'o', 't', 'e', 'r', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voterstartingpoint.uk", true */ 'v', 'o', 't', 'e', 'r', 's', 't', 'a', 'r', 't', 'i', 'n', 'g', 'p', 'o', 'i', 'n', 't', '.', 'u', 'k', '\0',
+  /* "votocek.cz", true */ 'v', 'o', 't', 'o', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "votockova.cz", true */ 'v', 'o', 't', 'o', 'c', 'k', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "votoot.com", true */ 'v', 'o', 't', 'o', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "votre-site-internet.ch", true */ 'v', 'o', 't', 'r', 'e', '-', 's', 'i', 't', 'e', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', '.', 'c', 'h', '\0',
+  /* "vow.vn", true */ 'v', 'o', 'w', '.', 'v', 'n', '\0',
+  /* "voxfilmeonline.net", true */ 'v', 'o', 'x', 'f', 'i', 'l', 'm', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'n', 'e', 't', '\0',
+  /* "voxml.com", true */ 'v', 'o', 'x', 'm', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "voxographe.com", false */ 'v', 'o', 'x', 'o', 'g', 'r', 'a', 'p', 'h', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voyage-martinique.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', '-', 'm', 'a', 'r', 't', 'i', 'n', 'i', 'q', 'u', 'e', '.', 'f', 'r', '\0',
+  /* "voyageforum.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 'f', 'o', 'r', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "voyagesaufildespages.be", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'a', 'u', 'f', 'i', 'l', 'd', 'e', 's', 'p', 'a', 'g', 'e', 's', '.', 'b', 'e', '\0',
+  /* "voyageschine.com", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'c', 'h', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "voyagesdetective.fr", true */ 'v', 'o', 'y', 'a', 'g', 'e', 's', 'd', 'e', 't', 'e', 'c', 't', 'i', 'v', 'e', '.', 'f', 'r', '\0',
+  /* "vozami.com", true */ 'v', 'o', 'z', 'a', 'm', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "vpc-display.com", true */ 'v', 'p', 'c', '-', 'd', 'i', 's', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "vpn.black", true */ 'v', 'p', 'n', '.', 'b', 'l', 'a', 'c', 'k', '\0',
+  /* "vpn.ht", true */ 'v', 'p', 'n', '.', 'h', 't', '\0',
+  /* "vpnservice.nl", true */ 'v', 'p', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'n', 'l', '\0',
+  /* "vpnzoom.com", true */ 'v', 'p', 'n', 'z', 'o', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "vpsboard.com", true */ 'v', 'p', 's', 'b', 'o', 'a', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vpsdream.dk", true */ 'v', 'p', 's', 'd', 'r', 'e', 'a', 'm', '.', 'd', 'k', '\0',
+  /* "vrandopulo.ru", true */ 'v', 'r', 'a', 'n', 'd', 'o', 'p', 'u', 'l', 'o', '.', 'r', 'u', '\0',
+  /* "vranjske.co.rs", true */ 'v', 'r', 'a', 'n', 'j', 's', 'k', 'e', '.', 'c', 'o', '.', 'r', 's', '\0',
+  /* "vreeman.com", true */ 'v', 'r', 'e', 'e', 'm', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vriesdonkow.be", true */ 'v', 'r', 'i', 'e', 's', 'd', 'o', 'n', 'k', 'o', 'w', '.', 'b', 'e', '\0',
+  /* "vrijgezellen-feest.com", true */ 'v', 'r', 'i', 'j', 'g', 'e', 'z', 'e', 'l', 'l', 'e', 'n', '-', 'f', 'e', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "vrlaid.com", false */ 'v', 'r', 'l', 'a', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "vroedvrouwella.be", true */ 'v', 'r', 'o', 'e', 'd', 'v', 'r', 'o', 'u', 'w', 'e', 'l', 'l', 'a', '.', 'b', 'e', '\0',
+  /* "vrsgames.com.mx", true */ 'v', 'r', 's', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "vrsystem.com.br", true */ 'v', 'r', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "vrtak-cz.net", true */ 'v', 'r', 't', 'a', 'k', '-', 'c', 'z', '.', 'n', 'e', 't', '\0',
+  /* "vrzl.pro", true */ 'v', 'r', 'z', 'l', '.', 'p', 'r', 'o', '\0',
+  /* "vsamsonov.com", true */ 'v', 's', 'a', 'm', 's', 'o', 'n', 'o', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "vscale.io", true */ 'v', 's', 'c', 'a', 'l', 'e', '.', 'i', 'o', '\0',
+  /* "vsean.net", true */ 'v', 's', 'e', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "vserver-preis-vergleich.de", true */ 'v', 's', 'e', 'r', 'v', 'e', 'r', '-', 'p', 'r', 'e', 'i', 's', '-', 'v', 'e', 'r', 'g', 'l', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "vsesrazu-raiffeisen.ru", true */ 'v', 's', 'e', 's', 'r', 'a', 'z', 'u', '-', 'r', 'a', 'i', 'f', 'f', 'e', 'i', 's', 'e', 'n', '.', 'r', 'u', '\0',
+  /* "vsl-defi.ch", true */ 'v', 's', 'l', '-', 'd', 'e', 'f', 'i', '.', 'c', 'h', '\0',
+  /* "vssnederland.nl", true */ 'v', 's', 's', 'n', 'e', 'd', 'e', 'r', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "vstehn.ru", true */ 'v', 's', 't', 'e', 'h', 'n', '.', 'r', 'u', '\0',
+  /* "vsund.de", true */ 'v', 's', 'u', 'n', 'd', '.', 'd', 'e', '\0',
+  /* "vsx.ch", true */ 'v', 's', 'x', '.', 'c', 'h', '\0',
+  /* "vuakhuyenmai.vn", true */ 'v', 'u', 'a', 'k', 'h', 'u', 'y', 'e', 'n', 'm', 'a', 'i', '.', 'v', 'n', '\0',
+  /* "vubey.yt", true */ 'v', 'u', 'b', 'e', 'y', '.', 'y', 't', '\0',
+  /* "vuljespaarpot.nl", true */ 'v', 'u', 'l', 'j', 'e', 's', 'p', 'a', 'a', 'r', 'p', 'o', 't', '.', 'n', 'l', '\0',
+  /* "vulnerability.ch", true */ 'v', 'u', 'l', 'n', 'e', 'r', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'h', '\0',
+  /* "vulners.com", true */ 'v', 'u', 'l', 'n', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vulnscan.org", true */ 'v', 'u', 'l', 'n', 's', 'c', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vulpine.club", true */ 'v', 'u', 'l', 'p', 'i', 'n', 'e', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "vumetric.com", true */ 'v', 'u', 'm', 'e', 't', 'r', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "vuojolahti.fi", true */ 'v', 'u', 'o', 'j', 'o', 'l', 'a', 'h', 't', 'i', '.', 'f', 'i', '\0',
+  /* "vuosaarenmontessoritalo.fi", true */ 'v', 'u', 'o', 's', 'a', 'a', 'r', 'e', 'n', 'm', 'o', 'n', 't', 'e', 's', 's', 'o', 'r', 'i', 't', 'a', 'l', 'o', '.', 'f', 'i', '\0',
+  /* "vuvanhon.com", true */ 'v', 'u', 'v', 'a', 'n', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "vux.li", true */ 'v', 'u', 'x', '.', 'l', 'i', '\0',
+  /* "vuzi.fr", true */ 'v', 'u', 'z', 'i', '.', 'f', 'r', '\0',
+  /* "vvdbronckhorst.nl", true */ 'v', 'v', 'd', 'b', 'r', 'o', 'n', 'c', 'k', 'h', 'o', 'r', 's', 't', '.', 'n', 'l', '\0',
+  /* "vw-touranclub.cz", true */ 'v', 'w', '-', 't', 'o', 'u', 'r', 'a', 'n', 'c', 'l', 'u', 'b', '.', 'c', 'z', '\0',
+  /* "vwbusje.com", true */ 'v', 'w', 'b', 'u', 's', 'j', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "vwittich.de", true */ 'v', 'w', 'i', 't', 't', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "vwoforangeparts.com", true */ 'v', 'w', 'o', 'f', 'o', 'r', 'a', 'n', 'g', 'e', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "vwsoft.de", true */ 'v', 'w', 's', 'o', 'f', 't', '.', 'd', 'e', '\0',
+  /* "vww-8522.com", true */ 'v', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "vxst.org", true */ 'v', 'x', 's', 't', '.', 'o', 'r', 'g', '\0',
+  /* "vybeministry.org", true */ 'v', 'y', 'b', 'e', 'm', 'i', 'n', 'i', 's', 't', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "vyber-odhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', '-', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "vyberodhadce.cz", true */ 'v', 'y', 'b', 'e', 'r', 'o', 'd', 'h', 'a', 'd', 'c', 'e', '.', 'c', 'z', '\0',
+  /* "vyplnto.cz", true */ 'v', 'y', 'p', 'l', 'n', 't', 'o', '.', 'c', 'z', '\0',
+  /* "vyshivanochka.in.ua", true */ 'v', 'y', 's', 'h', 'i', 'v', 'a', 'n', 'o', 'c', 'h', 'k', 'a', '.', 'i', 'n', '.', 'u', 'a', '\0',
+  /* "vysko.cz", true */ 'v', 'y', 's', 'k', 'o', '.', 'c', 'z', '\0',
+  /* "vyskocil.eu", true */ 'v', 'y', 's', 'k', 'o', 'c', 'i', 'l', '.', 'e', 'u', '\0',
+  /* "vyvygen.org", true */ 'v', 'y', 'v', 'y', 'g', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "vyzner.cz", true */ 'v', 'y', 'z', 'n', 'e', 'r', '.', 'c', 'z', '\0',
+  /* "vzis.org", true */ 'v', 'z', 'i', 's', '.', 'o', 'r', 'g', '\0',
+  /* "vztekloun.cz", true */ 'v', 'z', 't', 'e', 'k', 'l', 'o', 'u', 'n', '.', 'c', 'z', '\0',
+  /* "w-p-k.de", true */ 'w', '-', 'p', '-', 'k', '.', 'd', 'e', '\0',
+  /* "w-spotlight.appspot.com", true */ 'w', '-', 's', 'p', 'o', 't', 'l', 'i', 'g', 'h', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "w-w-auto.de", true */ 'w', '-', 'w', '-', 'a', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "w.wiki", true */ 'w', '.', 'w', 'i', 'k', 'i', '\0',
+  /* "w10club.com", true */ 'w', '1', '0', 'c', 'l', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "w3ctag.org", true */ 'w', '3', 'c', 't', 'a', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "w3n.org", true */ 'w', '3', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "w4.no", true */ 'w', '4', '.', 'n', 'o', '\0',
+  /* "w4b.in", true */ 'w', '4', 'b', '.', 'i', 'n', '\0',
+  /* "w4eg.de", true */ 'w', '4', 'e', 'g', '.', 'd', 'e', '\0',
+  /* "w5gfe.org", true */ 'w', '5', 'g', 'f', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "w7k.de", true */ 'w', '7', 'k', '.', 'd', 'e', '\0',
+  /* "w9rld.com", true */ 'w', '9', 'r', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wa-stromerzeuger.de", true */ 'w', 'a', '-', 's', 't', 'r', 'o', 'm', 'e', 'r', 'z', 'e', 'u', 'g', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "waaw.tv", true */ 'w', 'a', 'a', 'w', '.', 't', 'v', '\0',
+  /* "wabatam.com", true */ 'w', 'a', 'b', 'a', 't', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wachter.biz", true */ 'w', 'a', 'c', 'h', 't', 'e', 'r', '.', 'b', 'i', 'z', '\0',
+  /* "wacky.one", true */ 'w', 'a', 'c', 'k', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "wadidi.com", true */ 'w', 'a', 'd', 'i', 'd', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wadsworth.gallery", true */ 'w', 'a', 'd', 's', 'w', 'o', 'r', 't', 'h', '.', 'g', 'a', 'l', 'l', 'e', 'r', 'y', '\0',
+  /* "wadvisor.com", true */ 'w', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "waelisch.de", true */ 'w', 'a', 'e', 'l', 'i', 's', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "waelti.xxx", true */ 'w', 'a', 'e', 'l', 't', 'i', '.', 'x', 'x', 'x', '\0',
+  /* "waf.ninja", true */ 'w', 'a', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wafa4hw.com", true */ 'w', 'a', 'f', 'a', '4', 'h', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "wafairhaven.com.au", true */ 'w', 'a', 'f', 'a', 'i', 'r', 'h', 'a', 'v', 'e', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "waffle.at", true */ 'w', 'a', 'f', 'f', 'l', 'e', '.', 'a', 't', '\0',
+  /* "wafni.com", true */ 'w', 'a', 'f', 'n', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wahidhasan.com", true */ 'w', 'a', 'h', 'i', 'd', 'h', 'a', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wahlman.org", true */ 'w', 'a', 'h', 'l', 'm', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wahrnehmungswelt.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', '.', 'd', 'e', '\0',
+  /* "wahrnehmungswelten.de", true */ 'w', 'a', 'h', 'r', 'n', 'e', 'h', 'm', 'u', 'n', 'g', 's', 'w', 'e', 'l', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wai-in.com", true */ 'w', 'a', 'i', '-', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "waigel.org", true */ 'w', 'a', 'i', 'g', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "wail.net", true */ 'w', 'a', 'i', 'l', '.', 'n', 'e', 't', '\0',
+  /* "wait.jp", true */ 'w', 'a', 'i', 't', '.', 'j', 'p', '\0',
+  /* "waiterwheels.com", true */ 'w', 'a', 'i', 't', 'e', 'r', 'w', 'h', 'e', 'e', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "waits.io", true */ 'w', 'a', 'i', 't', 's', '.', 'i', 'o', '\0',
+  /* "waixingrenfuli.vip", true */ 'w', 'a', 'i', 'x', 'i', 'n', 'g', 'r', 'e', 'n', 'f', 'u', 'l', 'i', '.', 'v', 'i', 'p', '\0',
+  /* "wak.io", true */ 'w', 'a', 'k', '.', 'i', 'o', '\0',
+  /* "waka-mono.com", true */ 'w', 'a', 'k', 'a', '-', 'm', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "waka88.com", true */ 'w', 'a', 'k', 'a', '8', '8', '.', 'c', 'o', 'm', '\0',
+  /* "wakamiyasumiyosi.com", true */ 'w', 'a', 'k', 'a', 'm', 'i', 'y', 'a', 's', 'u', 'm', 'i', 'y', 'o', 's', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wakatime.com", true */ 'w', 'a', 'k', 'a', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "walk.onl", true */ 'w', 'a', 'l', 'k', '.', 'o', 'n', 'l', '\0',
+  /* "walkhighlandsandislands.com", true */ 'w', 'a', 'l', 'k', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 's', 'a', 'n', 'd', 'i', 's', 'l', 'a', 'n', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "walkingforhealth.org.uk", true */ 'w', 'a', 'l', 'k', 'i', 'n', 'g', 'f', 'o', 'r', 'h', 'e', 'a', 'l', 't', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "walksedona.com", true */ 'w', 'a', 'l', 'k', 's', 'e', 'd', 'o', 'n', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wallabies.org", true */ 'w', 'a', 'l', 'l', 'a', 'b', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wallace-group.net", true */ 'w', 'a', 'l', 'l', 'a', 'c', 'e', '-', 'g', 'r', 'o', 'u', 'p', '.', 'n', 'e', 't', '\0',
+  /* "wallet.google.com", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wallet.pp.ua", true */ 'w', 'a', 'l', 'l', 'e', 't', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "wallethub.com", false */ 'w', 'a', 'l', 'l', 'e', 't', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "walletnames.com", true */ 'w', 'a', 'l', 'l', 'e', 't', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wallingford.cc", true */ 'w', 'a', 'l', 'l', 'i', 'n', 'g', 'f', 'o', 'r', 'd', '.', 'c', 'c', '\0',
+  /* "wallpaperup.com", true */ 'w', 'a', 'l', 'l', 'p', 'a', 'p', 'e', 'r', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "walls.de", true */ 'w', 'a', 'l', 'l', 's', '.', 'd', 'e', '\0',
+  /* "walls.io", true */ 'w', 'a', 'l', 'l', 's', '.', 'i', 'o', '\0',
+  /* "wallysmasterblaster.com.au", true */ 'w', 'a', 'l', 'l', 'y', 's', 'm', 'a', 's', 't', 'e', 'r', 'b', 'l', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "walnutgaming.com", true */ 'w', 'a', 'l', 'n', 'u', 't', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "walnutis.net", true */ 'w', 'a', 'l', 'n', 'u', 't', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "walravensax.nl", true */ 'w', 'a', 'l', 'r', 'a', 'v', 'e', 'n', 's', 'a', 'x', '.', 'n', 'l', '\0',
+  /* "walruses.org", true */ 'w', 'a', 'l', 'r', 'u', 's', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "waltellis.com", true */ 'w', 'a', 'l', 't', 'e', 'l', 'l', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wan.pp.ua", false */ 'w', 'a', 'n', '.', 'p', 'p', '.', 'u', 'a', '\0',
+  /* "wander.al", true */ 'w', 'a', 'n', 'd', 'e', 'r', '.', 'a', 'l', '\0',
+  /* "wandercue.com", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'c', 'u', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wandervoll.ch", true */ 'w', 'a', 'n', 'd', 'e', 'r', 'v', 'o', 'l', 'l', '.', 'c', 'h', '\0',
+  /* "wane.co", true */ 'w', 'a', 'n', 'e', '.', 'c', 'o', '\0',
+  /* "wangjiatun.com.tw", true */ 'w', 'a', 'n', 'g', 'j', 'i', 'a', 't', 'u', 'n', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "wangqiliang.com", true */ 'w', 'a', 'n', 'g', 'q', 'i', 'l', 'i', 'a', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wangql.cn", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'c', 'n', '\0',
+  /* "wangql.net", true */ 'w', 'a', 'n', 'g', 'q', 'l', '.', 'n', 'e', 't', '\0',
+  /* "wangqr.tk", true */ 'w', 'a', 'n', 'g', 'q', 'r', '.', 't', 'k', '\0',
+  /* "wangyue.blog", true */ 'w', 'a', 'n', 'g', 'y', 'u', 'e', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "wantshow.com.br", true */ 'w', 'a', 'n', 't', 's', 'h', 'o', 'w', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "wanybug.cn", true */ 'w', 'a', 'n', 'y', 'b', 'u', 'g', '.', 'c', 'n', '\0',
+  /* "waonui.io", true */ 'w', 'a', 'o', 'n', 'u', 'i', '.', 'i', 'o', '\0',
+  /* "wapking.live", true */ 'w', 'a', 'p', 'k', 'i', 'n', 'g', '.', 'l', 'i', 'v', 'e', '\0',
+  /* "wardow.com", true */ 'w', 'a', 'r', 'd', 'o', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "warebouncycastles.co.uk", true */ 'w', 'a', 'r', 'e', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "warekon.com", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "warekon.dk", true */ 'w', 'a', 'r', 'e', 'k', 'o', 'n', '.', 'd', 'k', '\0',
+  /* "warenits.at", true */ 'w', 'a', 'r', 'e', 'n', 'i', 't', 's', '.', 'a', 't', '\0',
+  /* "warezaddict.com", true */ 'w', 'a', 'r', 'e', 'z', 'a', 'd', 'd', 'i', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wargameexclusive.com", true */ 'w', 'a', 'r', 'g', 'a', 'm', 'e', 'e', 'x', 'c', 'l', 'u', 's', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "warhaggis.com", true */ 'w', 'a', 'r', 'h', 'a', 'g', 'g', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warmestwishes.ca", true */ 'w', 'a', 'r', 'm', 'e', 's', 't', 'w', 'i', 's', 'h', 'e', 's', '.', 'c', 'a', '\0',
+  /* "warmlyyours.com", false */ 'w', 'a', 'r', 'm', 'l', 'y', 'y', 'o', 'u', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warmservers.com", true */ 'w', 'a', 'r', 'm', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "warr.ath.cx", true */ 'w', 'a', 'r', 'r', '.', 'a', 't', 'h', '.', 'c', 'x', '\0',
+  /* "warringtonkidsbouncycastles.co.uk", true */ 'w', 'a', 'r', 'r', 'i', 'n', 'g', 't', 'o', 'n', 'k', 'i', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "warschild.org", true */ 'w', 'a', 'r', 's', 'c', 'h', 'i', 'l', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "wartorngalaxy.com", true */ 'w', 'a', 'r', 't', 'o', 'r', 'n', 'g', 'a', 'l', 'a', 'x', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wasatchconstables.com", true */ 'w', 'a', 's', 'a', 't', 'c', 'h', 'c', 'o', 'n', 's', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "waschpark-hantschel.de", true */ 'w', 'a', 's', 'c', 'h', 'p', 'a', 'r', 'k', '-', 'h', 'a', 'n', 't', 's', 'c', 'h', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "wasema.com", true */ 'w', 'a', 's', 'e', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wasfestes.de", true */ 'w', 'a', 's', 'f', 'e', 's', 't', 'e', 's', '.', 'd', 'e', '\0',
+  /* "washingtonregisteredagent.io", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', 'e', 'd', 'a', 'g', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "washingtonviews.com", true */ 'w', 'a', 's', 'h', 'i', 'n', 'g', 't', 'o', 'n', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wasi-net.de", true */ 'w', 'a', 's', 'i', '-', 'n', 'e', 't', '.', 'd', 'e', '\0',
+  /* "wasielewski.com.de", true */ 'w', 'a', 's', 'i', 'e', 'l', 'e', 'w', 's', 'k', 'i', '.', 'c', 'o', 'm', '.', 'd', 'e', '\0',
+  /* "wasil.org", true */ 'w', 'a', 's', 'i', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "waslh.com", true */ 'w', 'a', 's', 'l', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "wasserspucker.de", true */ 'w', 'a', 's', 's', 'e', 'r', 's', 'p', 'u', 'c', 'k', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wassibauer.com", true */ 'w', 'a', 's', 's', 'i', 'b', 'a', 'u', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wassim.is", true */ 'w', 'a', 's', 's', 'i', 'm', '.', 'i', 's', '\0',
+  /* "wastrel.ch", true */ 'w', 'a', 's', 't', 'r', 'e', 'l', '.', 'c', 'h', '\0',
+  /* "watashi.bid", true */ 'w', 'a', 't', 'a', 's', 'h', 'i', '.', 'b', 'i', 'd', '\0',
+  /* "watch-wiki.org", true */ 'w', 'a', 't', 'c', 'h', '-', 'w', 'i', 'k', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "watchface.watch", true */ 'w', 'a', 't', 'c', 'h', 'f', 'a', 'c', 'e', '.', 'w', 'a', 't', 'c', 'h', '\0',
+  /* "watchfreeonline.co.uk", true */ 'w', 'a', 't', 'c', 'h', 'f', 'r', 'e', 'e', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "watchinventory.com", true */ 'w', 'a', 't', 'c', 'h', 'i', 'n', 'v', 'e', 'n', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "watchparts-and-tools-okayama.co.jp", true */ 'w', 'a', 't', 'c', 'h', 'p', 'a', 'r', 't', 's', '-', 'a', 'n', 'd', '-', 't', 'o', 'o', 'l', 's', '-', 'o', 'k', 'a', 'y', 'a', 'm', 'a', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "watchstyle.com", true */ 'w', 'a', 't', 'c', 'h', 's', 't', 'y', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "watchtv-online.pw", true */ 'w', 'a', 't', 'c', 'h', 't', 'v', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'p', 'w', '\0',
+  /* "waterfedpole.com", true */ 'w', 'a', 't', 'e', 'r', 'f', 'e', 'd', 'p', 'o', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "waterleeftinbeek.nl", true */ 'w', 'a', 't', 'e', 'r', 'l', 'e', 'e', 'f', 't', 'i', 'n', 'b', 'e', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "watermonitor.gov", true */ 'w', 'a', 't', 'e', 'r', 'm', 'o', 'n', 'i', 't', 'o', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "watersb.org", true */ 'w', 'a', 't', 'e', 'r', 's', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "waterschaplimburg.nl", true */ 'w', 'a', 't', 'e', 'r', 's', 'c', 'h', 'a', 'p', 'l', 'i', 'm', 'b', 'u', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "watertrails.io", true */ 'w', 'a', 't', 'e', 'r', 't', 'r', 'a', 'i', 'l', 's', '.', 'i', 'o', '\0',
+  /* "waterworkscondos.com", true */ 'w', 'a', 't', 'e', 'r', 'w', 'o', 'r', 'k', 's', 'c', 'o', 'n', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "watsonwork.me", true */ 'w', 'a', 't', 's', 'o', 'n', 'w', 'o', 'r', 'k', '.', 'm', 'e', '\0',
+  /* "wattechweb.com", true */ 'w', 'a', 't', 't', 'e', 'c', 'h', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wave-ola.es", true */ 'w', 'a', 'v', 'e', '-', 'o', 'l', 'a', '.', 'e', 's', '\0',
+  /* "wavesoftime.com", true */ 'w', 'a', 'v', 'e', 's', 'o', 'f', 't', 'i', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "waveum.com", true */ 'w', 'a', 'v', 'e', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wawak.pl", true */ 'w', 'a', 'w', 'a', 'k', '.', 'p', 'l', '\0',
+  /* "waylaydesign.com", true */ 'w', 'a', 'y', 'l', 'a', 'y', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wayne.cloud", false */ 'w', 'a', 'y', 'n', 'e', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "wayohoo.com", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wayohoo.net", true */ 'w', 'a', 'y', 'o', 'h', 'o', 'o', '.', 'n', 'e', 't', '\0',
+  /* "waytt.cf", true */ 'w', 'a', 'y', 't', 't', '.', 'c', 'f', '\0',
+  /* "waze.com", true */ 'w', 'a', 'z', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wbci.us", true */ 'w', 'b', 'c', 'i', '.', 'u', 's', '\0',
+  /* "wbg-vs.de", true */ 'w', 'b', 'g', '-', 'v', 's', '.', 'd', 'e', '\0',
+  /* "wbit.co.il", true */ 'w', 'b', 'i', 't', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "wbt-solutions.ch", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'h', '\0',
+  /* "wbt-solutions.net", true */ 'w', 'b', 't', '-', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "wbuntu.com", true */ 'w', 'b', 'u', 'n', 't', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "wbvb.nl", true */ 'w', 'b', 'v', 'b', '.', 'n', 'l', '\0',
+  /* "wbx.support", true */ 'w', 'b', 'x', '.', 's', 'u', 'p', 'p', 'o', 'r', 't', '\0',
+  /* "wcbook.ru", true */ 'w', 'c', 'b', 'o', 'o', 'k', '.', 'r', 'u', '\0',
+  /* "wcn.life", true */ 'w', 'c', 'n', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "wd627.com", true */ 'w', 'd', '6', '2', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wd976.com", true */ 'w', 'd', '9', '7', '6', '.', 'c', 'o', 'm', '\0',
+  /* "wdbflowersevents.co.uk", true */ 'w', 'd', 'b', 'f', 'l', 'o', 'w', 'e', 'r', 's', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wdbgroup.co.uk", true */ 'w', 'd', 'b', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wdesk.com", true */ 'w', 'd', 'e', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wdmg.com.ua", true */ 'w', 'd', 'm', 'g', '.', 'c', 'o', 'm', '.', 'u', 'a', '\0',
+  /* "wdodelta.nl", true */ 'w', 'd', 'o', 'd', 'e', 'l', 't', 'a', '.', 'n', 'l', '\0',
+  /* "wdrl.info", true */ 'w', 'd', 'r', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wdt.cz", false */ 'w', 'd', 't', '.', 'c', 'z', '\0',
+  /* "wdt.io", true */ 'w', 'd', 't', '.', 'i', 'o', '\0',
+  /* "we-bb.com", true */ 'w', 'e', '-', 'b', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "we-run-linux.de", true */ 'w', 'e', '-', 'r', 'u', 'n', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "we-use-linux.de", true */ 'w', 'e', '-', 'u', 's', 'e', '-', 'l', 'i', 'n', 'u', 'x', '.', 'd', 'e', '\0',
+  /* "weacceptbitcoin.gr", true */ 'w', 'e', 'a', 'c', 'c', 'e', 'p', 't', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'g', 'r', '\0',
+  /* "wealthcentral.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'c', 'e', 'n', 't', 'r', 'a', 'l', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wealthfactory.com", false */ 'w', 'e', 'a', 'l', 't', 'h', 'f', 'a', 'c', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wealthprojector.com", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wealthprojector.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'p', 'r', 'o', 'j', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wealthreport.com.au", true */ 'w', 'e', 'a', 'l', 't', 'h', 'r', 'e', 'p', 'o', 'r', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wearandcare.net", true */ 'w', 'e', 'a', 'r', 'a', 'n', 'd', 'c', 'a', 'r', 'e', '.', 'n', 'e', 't', '\0',
+  /* "weare1inspirit.com", true */ 'w', 'e', 'a', 'r', 'e', '1', 'i', 'n', 's', 'p', 'i', 'r', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wearedisneyland.com", true */ 'w', 'e', 'a', 'r', 'e', 'd', 'i', 's', 'n', 'e', 'y', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wearegenki.com", true */ 'w', 'e', 'a', 'r', 'e', 'g', 'e', 'n', 'k', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wearepapermill.co", true */ 'w', 'e', 'a', 'r', 'e', 'p', 'a', 'p', 'e', 'r', 'm', 'i', 'l', 'l', '.', 'c', 'o', '\0',
+  /* "wearesouthafricans.com", true */ 'w', 'e', 'a', 'r', 'e', 's', 'o', 'u', 't', 'h', 'a', 'f', 'r', 'i', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wearewithyou.org", true */ 'w', 'e', 'a', 'r', 'e', 'w', 'i', 't', 'h', 'y', 'o', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "wearvr.com", true */ 'w', 'e', 'a', 'r', 'v', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weather-and-climate.com", false */ 'w', 'e', 'a', 't', 'h', 'e', 'r', '-', 'a', 'n', 'd', '-', 'c', 'l', 'i', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weathermyway.rocks", true */ 'w', 'e', 'a', 't', 'h', 'e', 'r', 'm', 'y', 'w', 'a', 'y', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "web-adminy.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'm', 'i', 'n', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "web-advisor.co.uk", true */ 'w', 'e', 'b', '-', 'a', 'd', 'v', 'i', 's', 'o', 'r', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "web-design.co.il", true */ 'w', 'e', 'b', '-', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "web-hotel.gr", true */ 'w', 'e', 'b', '-', 'h', 'o', 't', 'e', 'l', '.', 'g', 'r', '\0',
+  /* "web-kouza.com", true */ 'w', 'e', 'b', '-', 'k', 'o', 'u', 'z', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "web-mail.info", true */ 'w', 'e', 'b', '-', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "web-redacteuren.nl", true */ 'w', 'e', 'b', '-', 'r', 'e', 'd', 'a', 'c', 't', 'e', 'u', 'r', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "web-wave.jp", true */ 'w', 'e', 'b', '-', 'w', 'a', 'v', 'e', '.', 'j', 'p', '\0',
+  /* "web.bzh", true */ 'w', 'e', 'b', '.', 'b', 'z', 'h', '\0',
+  /* "web.cc", false */ 'w', 'e', 'b', '.', 'c', 'c', '\0',
+  /* "web.de", true */ 'w', 'e', 'b', '.', 'd', 'e', '\0',
+  /* "web2033.com", true */ 'w', 'e', 'b', '2', '0', '3', '3', '.', 'c', 'o', 'm', '\0',
+  /* "web2ldap.de", true */ 'w', 'e', 'b', '2', 'l', 'd', 'a', 'p', '.', 'd', 'e', '\0',
+  /* "web2screen.tv", true */ 'w', 'e', 'b', '2', 's', 'c', 'r', 'e', 'e', 'n', '.', 't', 'v', '\0',
+  /* "web404.net", true */ 'w', 'e', 'b', '4', '0', '4', '.', 'n', 'e', 't', '\0',
+  /* "webaeon.org", true */ 'w', 'e', 'b', 'a', 'e', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "webaholic.co.in", true */ 'w', 'e', 'b', 'a', 'h', 'o', 'l', 'i', 'c', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "webais.ru", true */ 'w', 'e', 'b', 'a', 'i', 's', '.', 'r', 'u', '\0',
+  /* "webambacht.nl", true */ 'w', 'e', 'b', 'a', 'm', 'b', 'a', 'c', 'h', 't', '.', 'n', 'l', '\0',
+  /* "webandmore.de", false */ 'w', 'e', 'b', 'a', 'n', 'd', 'm', 'o', 'r', 'e', '.', 'd', 'e', '\0',
+  /* "webapky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "webappky.cz", true */ 'w', 'e', 'b', 'a', 'p', 'p', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "webartex.ru", true */ 'w', 'e', 'b', 'a', 'r', 't', 'e', 'x', '.', 'r', 'u', '\0',
+  /* "webbhuset.se", false */ 'w', 'e', 'b', 'b', 'h', 'u', 's', 'e', 't', '.', 's', 'e', '\0',
+  /* "webbiz.co.uk", true */ 'w', 'e', 'b', 'b', 'i', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webbuzz.com.au", true */ 'w', 'e', 'b', 'b', 'u', 'z', 'z', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "webcamtoy.com", true */ 'w', 'e', 'b', 'c', 'a', 'm', 't', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "webcatchers.nl", true */ 'w', 'e', 'b', 'c', 'a', 't', 'c', 'h', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "webclimbers.ch", true */ 'w', 'e', 'b', 'c', 'l', 'i', 'm', 'b', 'e', 'r', 's', '.', 'c', 'h', '\0',
+  /* "webcollect.org.uk", true */ 'w', 'e', 'b', 'c', 'o', 'l', 'l', 'e', 'c', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "webcontentspinning.com", true */ 'w', 'e', 'b', 'c', 'o', 'n', 't', 'e', 'n', 't', 's', 'p', 'i', 'n', 'n', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "webcookies.org", true */ 'w', 'e', 'b', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'o', 'r', 'g', '\0',
+  /* "webcrm.com", true */ 'w', 'e', 'b', 'c', 'r', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "webdesign-st.de", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', '-', 's', 't', '.', 'd', 'e', '\0',
+  /* "webdesigneauclaire.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'a', 'u', 'c', 'l', 'a', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "webdesignerinwarwickshire.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', 'i', 'n', 'w', 'a', 'r', 'w', 'i', 'c', 'k', 's', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webdesignplay.com", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "webdesignplayground.io", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 'p', 'l', 'a', 'y', 'g', 'r', 'o', 'u', 'n', 'd', '.', 'i', 'o', '\0',
+  /* "webdesignssussex.co.uk", true */ 'w', 'e', 'b', 'd', 'e', 's', 'i', 'g', 'n', 's', 's', 'u', 's', 's', 'e', 'x', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webdev-quiz.de", true */ 'w', 'e', 'b', 'd', 'e', 'v', '-', 'q', 'u', 'i', 'z', '.', 'd', 'e', '\0',
+  /* "webdevops.io", true */ 'w', 'e', 'b', 'd', 'e', 'v', 'o', 'p', 's', '.', 'i', 'o', '\0',
+  /* "webdosh.com", true */ 'w', 'e', 'b', 'd', 'o', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "webduck.nl", true */ 'w', 'e', 'b', 'd', 'u', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "webergrillrestaurant.com", true */ 'w', 'e', 'b', 'e', 'r', 'g', 'r', 'i', 'l', 'l', 'r', 'e', 's', 't', 'a', 'u', 'r', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webexp.biz", true */ 'w', 'e', 'b', 'e', 'x', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "webfilings-eu-mirror.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '-', 'm', 'i', 'r', 'r', 'o', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings-eu.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings-mirror-hrd.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '-', 'm', 'i', 'r', 'r', 'o', 'r', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfilings.appspot.com", true */ 'w', 'e', 'b', 'f', 'i', 'l', 'i', 'n', 'g', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webfox.com.br", true */ 'w', 'e', 'b', 'f', 'o', 'x', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "webgarten.ch", true */ 'w', 'e', 'b', 'g', 'a', 'r', 't', 'e', 'n', '.', 'c', 'h', '\0',
+  /* "webgears.com", true */ 'w', 'e', 'b', 'g', 'e', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webhelyesarcu.hu", true */ 'w', 'e', 'b', 'h', 'e', 'l', 'y', 'e', 's', 'a', 'r', 'c', 'u', '.', 'h', 'u', '\0',
+  /* "webhostplan.info", true */ 'w', 'e', 'b', 'h', 'o', 's', 't', 'p', 'l', 'a', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webinnovation.ie", true */ 'w', 'e', 'b', 'i', 'n', 'n', 'o', 'v', 'a', 't', 'i', 'o', 'n', '.', 'i', 'e', '\0',
+  /* "webjobposting.com", true */ 'w', 'e', 'b', 'j', 'o', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "webkeks.org", true */ 'w', 'e', 'b', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "weblagring.se", true */ 'w', 'e', 'b', 'l', 'a', 'g', 'r', 'i', 'n', 'g', '.', 's', 'e', '\0',
+  /* "weblate.org", true */ 'w', 'e', 'b', 'l', 'a', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "webless.com", true */ 'w', 'e', 'b', 'l', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webliberty.ru", true */ 'w', 'e', 'b', 'l', 'i', 'b', 'e', 'r', 't', 'y', '.', 'r', 'u', '\0',
+  /* "weblogic.pl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'i', 'c', '.', 'p', 'l', '\0',
+  /* "weblogzwolle.nl", true */ 'w', 'e', 'b', 'l', 'o', 'g', 'z', 'w', 'o', 'l', 'l', 'e', '.', 'n', 'l', '\0',
+  /* "webmail.gigahost.dk", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'g', 'i', 'g', 'a', 'h', 'o', 's', 't', '.', 'd', 'k', '\0',
+  /* "webmail.info", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webmail.onlime.ch", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'o', 'n', 'l', 'i', 'm', 'e', '.', 'c', 'h', '\0',
+  /* "webmail.schokokeks.org", false */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 's', 'c', 'h', 'o', 'k', 'o', 'k', 'e', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "webmail.xalqbank.az", true */ 'w', 'e', 'b', 'm', 'a', 'i', 'l', '.', 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '.', 'a', 'z', '\0',
+  /* "webmandesign.eu", true */ 'w', 'e', 'b', 'm', 'a', 'n', 'd', 'e', 's', 'i', 'g', 'n', '.', 'e', 'u', '\0',
+  /* "webmax.com.tr", true */ 'w', 'e', 'b', 'm', 'a', 'x', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "webmedpharmacy.co.uk", true */ 'w', 'e', 'b', 'm', 'e', 'd', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "webmel.com", true */ 'w', 'e', 'b', 'm', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "webmetering.at", true */ 'w', 'e', 'b', 'm', 'e', 't', 'e', 'r', 'i', 'n', 'g', '.', 'a', 't', '\0',
+  /* "webmotelli.fi", true */ 'w', 'e', 'b', 'm', 'o', 't', 'e', 'l', 'l', 'i', '.', 'f', 'i', '\0',
+  /* "webnetmail4u.com", true */ 'w', 'e', 'b', 'n', 'e', 't', 'm', 'a', 'i', 'l', '4', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "webneuch.ch", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'h', '\0',
+  /* "webneuch.com", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "webneuch.eu", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'e', 'u', '\0',
+  /* "webneuch.fr", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'f', 'r', '\0',
+  /* "webneuch.info", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "webneuch.swiss", true */ 'w', 'e', 'b', 'n', 'e', 'u', 'c', 'h', '.', 's', 'w', 'i', 's', 's', '\0',
+  /* "webnoob.net", true */ 'w', 'e', 'b', 'n', 'o', 'o', 'b', '.', 'n', 'e', 't', '\0',
+  /* "webogram.org", false */ 'w', 'e', 'b', 'o', 'g', 'r', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "webpostingmart.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webpostingpro.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'p', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "webpostingreviews.com", true */ 'w', 'e', 'b', 'p', 'o', 's', 't', 'i', 'n', 'g', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webproguru.com", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'g', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "webproxy.pw", true */ 'w', 'e', 'b', 'p', 'r', 'o', 'x', 'y', '.', 'p', 'w', '\0',
+  /* "webpubsub.com", true */ 'w', 'e', 'b', 'p', 'u', 'b', 's', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "webqueens.com", true */ 'w', 'e', 'b', 'q', 'u', 'e', 'e', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webrentcars.com", true */ 'w', 'e', 'b', 'r', 'e', 'n', 't', 'c', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "webreport.fr", true */ 'w', 'e', 'b', 'r', 'e', 'p', 'o', 'r', 't', '.', 'f', 'r', '\0',
+  /* "webreslist.com", true */ 'w', 'e', 'b', 'r', 'e', 's', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webs4all.ro", false */ 'w', 'e', 'b', 's', '4', 'a', 'l', 'l', '.', 'r', 'o', '\0',
+  /* "websectools.com", true */ 'w', 'e', 'b', 's', 'e', 'c', 't', 'o', 'o', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "websecurity.is", true */ 'w', 'e', 'b', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'i', 's', '\0',
+  /* "webseitendesigner.com", false */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "webseitenserver.com", true */ 'w', 'e', 'b', 's', 'e', 'i', 't', 'e', 'n', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "websenat.de", true */ 'w', 'e', 'b', 's', 'e', 'n', 'a', 't', '.', 'd', 'e', '\0',
+  /* "websharks.org", true */ 'w', 'e', 'b', 's', 'h', 'a', 'r', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "websiteadvice.com.au", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'a', 'd', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "websiteforlease.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'f', 'o', 'r', 'l', 'e', 'a', 's', 'e', '.', 'c', 'a', '\0',
+  /* "websiteout.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'c', 'a', '\0',
+  /* "websiteout.net", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'o', 'u', 't', '.', 'n', 'e', 't', '\0',
+  /* "websiterent.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 'r', 'e', 'n', 't', '.', 'c', 'a', '\0',
+  /* "websites4business.ca", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '4', 'b', 'u', 's', 'i', 'n', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "websitesdallas.com", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'd', 'a', 'l', 'l', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "websiteservice.pro", true */ 'w', 'e', 'b', 's', 'i', 't', 'e', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'p', 'r', 'o', '\0',
+  /* "webslake.com", true */ 'w', 'e', 'b', 's', 'l', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "webspiral.jp", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'a', 'l', '.', 'j', 'p', '\0',
+  /* "webspire.tech", true */ 'w', 'e', 'b', 's', 'p', 'i', 'r', 'e', '.', 't', 'e', 'c', 'h', '\0',
+  /* "webstore.be", false */ 'w', 'e', 'b', 's', 't', 'o', 'r', 'e', '.', 'b', 'e', '\0',
+  /* "webstu.be", true */ 'w', 'e', 'b', 's', 't', 'u', '.', 'b', 'e', '\0',
+  /* "webstudio-n.com", true */ 'w', 'e', 'b', 's', 't', 'u', 'd', 'i', 'o', '-', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "webstylemedia.com", true */ 'w', 'e', 'b', 's', 't', 'y', 'l', 'e', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "websvetaines.lt", true */ 'w', 'e', 'b', 's', 'v', 'e', 't', 'a', 'i', 'n', 'e', 's', '.', 'l', 't', '\0',
+  /* "webtalis.nl", true */ 'w', 'e', 'b', 't', 'a', 'l', 'i', 's', '.', 'n', 'l', '\0',
+  /* "webtasarim.pw", true */ 'w', 'e', 'b', 't', 'a', 's', 'a', 'r', 'i', 'm', '.', 'p', 'w', '\0',
+  /* "webtek.nu", true */ 'w', 'e', 'b', 't', 'e', 'k', '.', 'n', 'u', '\0',
+  /* "webtheapp.com", true */ 'w', 'e', 'b', 't', 'h', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "webtobesocial.de", true */ 'w', 'e', 'b', 't', 'o', 'b', 'e', 's', 'o', 'c', 'i', 'a', 'l', '.', 'd', 'e', '\0',
+  /* "webtorrent.io", true */ 'w', 'e', 'b', 't', 'o', 'r', 'r', 'e', 'n', 't', '.', 'i', 'o', '\0',
+  /* "webtrh.cz", true */ 'w', 'e', 'b', 't', 'r', 'h', '.', 'c', 'z', '\0',
+  /* "webtropia.com", false */ 'w', 'e', 'b', 't', 'r', 'o', 'p', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "webukhost.com", true */ 'w', 'e', 'b', 'u', 'k', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "webwinkelwestland.nl", true */ 'w', 'e', 'b', 'w', 'i', 'n', 'k', 'e', 'l', 'w', 'e', 's', 't', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "webwit.nl", true */ 'w', 'e', 'b', 'w', 'i', 't', '.', 'n', 'l', '\0',
+  /* "webwolf.co.za", true */ 'w', 'e', 'b', 'w', 'o', 'l', 'f', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "webyazilimankara.com", true */ 'w', 'e', 'b', 'y', 'a', 'z', 'i', 'l', 'i', 'm', 'a', 'n', 'k', 'a', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "webzanem.com", true */ 'w', 'e', 'b', 'z', 'a', 'n', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wecleanbins.com", true */ 'w', 'e', 'c', 'l', 'e', 'a', 'n', 'b', 'i', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wecobble.com", true */ 'w', 'e', 'c', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wedding-m.jp", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', '-', 'm', '.', 'j', 'p', '\0',
+  /* "weddingfantasy.ru", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 'f', 'a', 'n', 't', 'a', 's', 'y', '.', 'r', 'u', '\0',
+  /* "weddingsbynoon.co.uk", true */ 'w', 'e', 'd', 'd', 'i', 'n', 'g', 's', 'b', 'y', 'n', 'o', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "weddywood.ru", true */ 'w', 'e', 'd', 'd', 'y', 'w', 'o', 'o', 'd', '.', 'r', 'u', '\0',
+  /* "wedos.com", true */ 'w', 'e', 'd', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weeblr.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weeblrpress.com", true */ 'w', 'e', 'e', 'b', 'l', 'r', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weedypedia.de", true */ 'w', 'e', 'e', 'd', 'y', 'p', 'e', 'd', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "week.report", true */ 'w', 'e', 'e', 'k', '.', 'r', 'e', 'p', 'o', 'r', 't', '\0',
+  /* "weekdone.com", true */ 'w', 'e', 'e', 'k', 'd', 'o', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weekly-residence.com", true */ 'w', 'e', 'e', 'k', 'l', 'y', '-', 'r', 'e', 's', 'i', 'd', 'e', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "weeknummers.be", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'b', 'e', '\0',
+  /* "weeknummers.nl", true */ 'w', 'e', 'e', 'k', 'n', 'u', 'm', 'm', 'e', 'r', 's', '.', 'n', 'l', '\0',
+  /* "weemake.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', '.', 'f', 'r', '\0',
+  /* "weemakers.fr", true */ 'w', 'e', 'e', 'm', 'a', 'k', 'e', 'r', 's', '.', 'f', 'r', '\0',
+  /* "weepycat.com", true */ 'w', 'e', 'e', 'p', 'y', 'c', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "weerda.fr", true */ 'w', 'e', 'e', 'r', 'd', 'a', '.', 'f', 'r', '\0',
+  /* "weerstationgiethoorn.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 'o', 'n', 'g', 'i', 'e', 't', 'h', 'o', 'o', 'r', 'n', '.', 'n', 'l', '\0',
+  /* "weerstatistieken.nl", true */ 'w', 'e', 'e', 'r', 's', 't', 'a', 't', 'i', 's', 't', 'i', 'e', 'k', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "wefinanceinc.com", true */ 'w', 'e', 'f', 'i', 'n', 'a', 'n', 'c', 'e', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "wefitboilers.com", true */ 'w', 'e', 'f', 'i', 't', 'b', 'o', 'i', 'l', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weggeweest.nl", true */ 'w', 'e', 'g', 'g', 'e', 'w', 'e', 'e', 's', 't', '.', 'n', 'l', '\0',
+  /* "wegner.no", true */ 'w', 'e', 'g', 'n', 'e', 'r', '.', 'n', 'o', '\0',
+  /* "wegotcookies.com", true */ 'w', 'e', 'g', 'o', 't', 'c', 'o', 'o', 'k', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wegvielfalt.de", true */ 'w', 'e', 'g', 'v', 'i', 'e', 'l', 'f', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "wehostdnn.com", true */ 'w', 'e', 'h', 'o', 's', 't', 'd', 'n', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "weibomiaopai.com", true */ 'w', 'e', 'i', 'b', 'o', 'm', 'i', 'a', 'o', 'p', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "weicn.org", true */ 'w', 'e', 'i', 'c', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "weideheuvel.org", true */ 'w', 'e', 'i', 'd', 'e', 'h', 'e', 'u', 'v', 'e', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "weidmannfibertechnology.com", true */ 'w', 'e', 'i', 'd', 'm', 'a', 'n', 'n', 'f', 'i', 'b', 'e', 'r', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "weigelia.nl", true */ 'w', 'e', 'i', 'g', 'e', 'l', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "weightreviews.com", true */ 'w', 'e', 'i', 'g', 'h', 't', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weils.net", true */ 'w', 'e', 'i', 'l', 's', '.', 'n', 'e', 't', '\0',
+  /* "weimaraner.com.br", true */ 'w', 'e', 'i', 'm', 'a', 'r', 'a', 'n', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "weimz.com", true */ 'w', 'e', 'i', 'm', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wein.cc", true */ 'w', 'e', 'i', 'n', '.', 'c', 'c', '\0',
+  /* "wein.co.kr", true */ 'w', 'e', 'i', 'n', '.', 'c', 'o', '.', 'k', 'r', '\0',
+  /* "weinbergerlawgroup.com", true */ 'w', 'e', 'i', 'n', 'b', 'e', 'r', 'g', 'e', 'r', 'l', 'a', 'w', 'g', 'r', 'o', 'u', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "weinhandel-preissler.de", true */ 'w', 'e', 'i', 'n', 'h', 'a', 'n', 'd', 'e', 'l', '-', 'p', 'r', 'e', 'i', 's', 's', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weirdesigns.com", true */ 'w', 'e', 'i', 'r', 'd', 'e', 's', 'i', 'g', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "weirdserver.com", true */ 'w', 'e', 'i', 'r', 'd', 's', 'e', 'r', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "weisse-liste.de", true */ 'w', 'e', 'i', 's', 's', 'e', '-', 'l', 'i', 's', 't', 'e', '.', 'd', 'e', '\0',
+  /* "weissman.agency", true */ 'w', 'e', 'i', 's', 's', 'm', 'a', 'n', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "weiterbildung-vdz.de", true */ 'w', 'e', 'i', 't', 'e', 'r', 'b', 'i', 'l', 'd', 'u', 'n', 'g', '-', 'v', 'd', 'z', '.', 'd', 'e', '\0',
+  /* "weizenke.im", true */ 'w', 'e', 'i', 'z', 'e', 'n', 'k', 'e', '.', 'i', 'm', '\0',
+  /* "weizenspr.eu", true */ 'w', 'e', 'i', 'z', 'e', 'n', 's', 'p', 'r', '.', 'e', 'u', '\0',
+  /* "welches-kinderfahrrad.de", true */ 'w', 'e', 'l', 'c', 'h', 'e', 's', '-', 'k', 'i', 'n', 'd', 'e', 'r', 'f', 'a', 'h', 'r', 'r', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "welcome-tahiti.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 't', 'a', 'h', 'i', 't', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "welcome-werkstatt.com", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "welcome-werkstatt.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '-', 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', '.', 'd', 'e', '\0',
+  /* "welcome26.ch", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', '2', '6', '.', 'c', 'h', '\0',
+  /* "welcomehelp.de", true */ 'w', 'e', 'l', 'c', 'o', 'm', 'e', 'h', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "weldwp.com", true */ 'w', 'e', 'l', 'd', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wellacapability.com", true */ 'w', 'e', 'l', 'l', 'a', 'c', 'a', 'p', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wellbeing360.com.au", true */ 'w', 'e', 'l', 'l', 'b', 'e', 'i', 'n', 'g', '3', '6', '0', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wellcom.co.il", true */ 'w', 'e', 'l', 'l', 'c', 'o', 'm', '.', 'c', 'o', '.', 'i', 'l', '\0',
+  /* "welldrake.com", true */ 'w', 'e', 'l', 'l', 'd', 'r', 'a', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wellensteyn.ru", true */ 'w', 'e', 'l', 'l', 'e', 'n', 's', 't', 'e', 'y', 'n', '.', 'r', 'u', '\0',
+  /* "weller.pm", true */ 'w', 'e', 'l', 'l', 'e', 'r', '.', 'p', 'm', '\0',
+  /* "wellist.com", true */ 'w', 'e', 'l', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wellness-gutschein.de", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', '-', 'g', 'u', 't', 's', 'c', 'h', 'e', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "wellnesscheck.net", true */ 'w', 'e', 'l', 'l', 'n', 'e', 's', 's', 'c', 'h', 'e', 'c', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wellopp.com", true */ 'w', 'e', 'l', 'l', 'o', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wellsplasticsurgery.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'l', 'a', 's', 't', 'i', 'c', 's', 'u', 'r', 'g', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wellspringcamps.com", true */ 'w', 'e', 'l', 'l', 's', 'p', 'r', 'i', 'n', 'g', 'c', 'a', 'm', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "welovejobs.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "welovemail.com", true */ 'w', 'e', 'l', 'o', 'v', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "welsh.com.br", true */ 'w', 'e', 'l', 's', 'h', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "welteneroberer.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'e', 'r', 'o', 'b', 'e', 'r', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weltengilde.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'g', 'i', 'l', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "weltenhueter.de", true */ 'w', 'e', 'l', 't', 'e', 'n', 'h', 'u', 'e', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "weltverschwoerung.de", true */ 'w', 'e', 'l', 't', 'v', 'e', 'r', 's', 'c', 'h', 'w', 'o', 'e', 'r', 'u', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "welzijnkoggenland.nl", true */ 'w', 'e', 'l', 'z', 'i', 'j', 'n', 'k', 'o', 'g', 'g', 'e', 'n', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "wemakemenus.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'm', 'e', 'n', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wemakeonlinereviews.com", true */ 'w', 'e', 'm', 'a', 'k', 'e', 'o', 'n', 'l', 'i', 'n', 'e', 'r', 'e', 'v', 'i', 'e', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wendigo.pl", true */ 'w', 'e', 'n', 'd', 'i', 'g', 'o', '.', 'p', 'l', '\0',
+  /* "wendu.me", true */ 'w', 'e', 'n', 'd', 'u', '.', 'm', 'e', '\0',
+  /* "wenger-shop.ch", true */ 'w', 'e', 'n', 'g', 'e', 'r', '-', 's', 'h', 'o', 'p', '.', 'c', 'h', '\0',
+  /* "wenjs.me", true */ 'w', 'e', 'n', 'j', 's', '.', 'm', 'e', '\0',
+  /* "wenode.net", true */ 'w', 'e', 'n', 'o', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wepay.com", false */ 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wepay.in.th", true */ 'w', 'e', 'p', 'a', 'y', '.', 'i', 'n', '.', 't', 'h', '\0',
+  /* "weplaynaked.dk", true */ 'w', 'e', 'p', 'l', 'a', 'y', 'n', 'a', 'k', 'e', 'd', '.', 'd', 'k', '\0',
+  /* "wer-kommt-her.de", true */ 'w', 'e', 'r', '-', 'k', 'o', 'm', 'm', 't', '-', 'h', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werally.com", true */ 'w', 'e', 'r', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "werbefotograf-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werbefotografie-leitner.de", true */ 'w', 'e', 'r', 'b', 'e', 'f', 'o', 't', 'o', 'g', 'r', 'a', 'f', 'i', 'e', '-', 'l', 'e', 'i', 't', 'n', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werbewelt-tv.de", true */ 'w', 'e', 'r', 'b', 'e', 'w', 'e', 'l', 't', '-', 't', 'v', '.', 'd', 'e', '\0',
+  /* "werbik.at", true */ 'w', 'e', 'r', 'b', 'i', 'k', '.', 'a', 't', '\0',
+  /* "werehub.org", true */ 'w', 'e', 'r', 'e', 'h', 'u', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "wereldkoffie.eu", true */ 'w', 'e', 'r', 'e', 'l', 'd', 'k', 'o', 'f', 'f', 'i', 'e', '.', 'e', 'u', '\0',
+  /* "werk-34.de", true */ 'w', 'e', 'r', 'k', '-', '3', '4', '.', 'd', 'e', '\0',
+  /* "werkemotion.com", true */ 'w', 'e', 'r', 'k', 'e', 'm', 'o', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "werken-bij-inwork.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', '-', 'b', 'i', 'j', '-', 'i', 'n', 'w', 'o', 'r', 'k', '.', 'n', 'l', '\0',
+  /* "werkenbijdfzs.nl", true */ 'w', 'e', 'r', 'k', 'e', 'n', 'b', 'i', 'j', 'd', 'f', 'z', 's', '.', 'n', 'l', '\0',
+  /* "werkgroepderdewereld.nl", true */ 'w', 'e', 'r', 'k', 'g', 'r', 'o', 'e', 'p', 'd', 'e', 'r', 'd', 'e', 'w', 'e', 'r', 'e', 'l', 'd', '.', 'n', 'l', '\0',
+  /* "werkinc.de", true */ 'w', 'e', 'r', 'k', 'i', 'n', 'c', '.', 'd', 'e', '\0',
+  /* "werkkrew.xyz", true */ 'w', 'e', 'r', 'k', 'k', 'r', 'e', 'w', '.', 'x', 'y', 'z', '\0',
+  /* "werkstattkinder.de", true */ 'w', 'e', 'r', 'k', 's', 't', 'a', 't', 't', 'k', 'i', 'n', 'd', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "werktor.com", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "werktor.net", true */ 'w', 'e', 'r', 'k', 't', 'o', 'r', '.', 'n', 'e', 't', '\0',
+  /* "werner-ema.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 'e', 'm', 'a', '.', 'd', 'e', '\0',
+  /* "werner-schaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wernerschaeffer.de", true */ 'w', 'e', 'r', 'n', 'e', 'r', 's', 'c', 'h', 'a', 'e', 'f', 'f', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wertheimer-burgrock.de", true */ 'w', 'e', 'r', 't', 'h', 'e', 'i', 'm', 'e', 'r', '-', 'b', 'u', 'r', 'g', 'r', 'o', 'c', 'k', '.', 'd', 'e', '\0',
+  /* "werwolf-live.de", true */ 'w', 'e', 'r', 'w', 'o', 'l', 'f', '-', 'l', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "wesayyesprogram.com", true */ 'w', 'e', 's', 'a', 'y', 'y', 'e', 's', 'p', 'r', 'o', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wesecom.com", true */ 'w', 'e', 's', 'e', 'c', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wesell.asia", true */ 'w', 'e', 's', 'e', 'l', 'l', '.', 'a', 's', 'i', 'a', '\0',
+  /* "weserv.nl", true */ 'w', 'e', 's', 'e', 'r', 'v', '.', 'n', 'l', '\0',
+  /* "wesleycabus.be", true */ 'w', 'e', 's', 'l', 'e', 'y', 'c', 'a', 'b', 'u', 's', '.', 'b', 'e', '\0',
+  /* "wesreportportal.com", true */ 'w', 'e', 's', 'r', 'e', 'p', 'o', 'r', 't', 'p', 'o', 'r', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wessner.co", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'c', 'o', '\0',
+  /* "wessner.org", true */ 'w', 'e', 's', 's', 'n', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "west-wind.net", true */ 'w', 'e', 's', 't', '-', 'w', 'i', 'n', 'd', '.', 'n', 'e', 't', '\0',
+  /* "westcarrollton.org", true */ 'w', 'e', 's', 't', 'c', 'a', 'r', 'r', 'o', 'l', 'l', 't', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "westcentenaryscouts.org.au", true */ 'w', 'e', 's', 't', 'c', 'e', 'n', 't', 'e', 'n', 'a', 'r', 'y', 's', 'c', 'o', 'u', 't', 's', '.', 'o', 'r', 'g', '.', 'a', 'u', '\0',
+  /* "westcoastcastles.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'a', 's', 't', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "westcountrystalking.com", true */ 'w', 'e', 's', 't', 'c', 'o', 'u', 'n', 't', 'r', 'y', 's', 't', 'a', 'l', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "westendwifi.net", true */ 'w', 'e', 's', 't', 'e', 'n', 'd', 'w', 'i', 'f', 'i', '.', 'n', 'e', 't', '\0',
+  /* "westeros.hu", true */ 'w', 'e', 's', 't', 'e', 'r', 'o', 's', '.', 'h', 'u', '\0',
+  /* "westhighlandwhiteterrier.com.br", true */ 'w', 'e', 's', 't', 'h', 'i', 'g', 'h', 'l', 'a', 'n', 'd', 'w', 'h', 'i', 't', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "westhillselectrical.com", true */ 'w', 'e', 's', 't', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "westlakevillageelectrical.com", true */ 'w', 'e', 's', 't', 'l', 'a', 'k', 'e', 'v', 'i', 'l', 'l', 'a', 'g', 'e', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "westlights.net", true */ 'w', 'e', 's', 't', 'l', 'i', 'g', 'h', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "westmead.org", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', '.', 'o', 'r', 'g', '\0',
+  /* "westmeadapartments.com.au", true */ 'w', 'e', 's', 't', 'm', 'e', 'a', 'd', 'a', 'p', 'a', 'r', 't', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "westmidlandsbouncycastlehire.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "westmidlandsinflatables.co.uk", true */ 'w', 'e', 's', 't', 'm', 'i', 'd', 'l', 'a', 'n', 'd', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "westsuburbanbank.com", true */ 'w', 'e', 's', 't', 's', 'u', 'b', 'u', 'r', 'b', 'a', 'n', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "westtulsa.com", true */ 'w', 'e', 's', 't', 't', 'u', 'l', 's', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "westwood.no", true */ 'w', 'e', 's', 't', 'w', 'o', 'o', 'd', '.', 'n', 'o', '\0',
+  /* "wetherbymethodist.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'm', 'e', 't', 'h', 'o', 'd', 'i', 's', 't', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "wetherbyweather.org.uk", true */ 'w', 'e', 't', 'h', 'e', 'r', 'b', 'y', 'w', 'e', 'a', 't', 'h', 'e', 'r', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "wetofu.top", true */ 'w', 'e', 't', 'o', 'f', 'u', '.', 't', 'o', 'p', '\0',
+  /* "wevenues.com", true */ 'w', 'e', 'v', 'e', 'n', 'u', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wexfordbouncycastles.ie", true */ 'w', 'e', 'x', 'f', 'o', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'i', 'e', '\0',
+  /* "weyland-yutani.org", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '-', 'y', 'u', 't', 'a', 'n', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "weyland.tech", true */ 'w', 'e', 'y', 'l', 'a', 'n', 'd', '.', 't', 'e', 'c', 'h', '\0',
+  /* "wf-bigsky-master.appspot.com", true */ 'w', 'f', '-', 'b', 'i', 'g', 's', 'k', 'y', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-demo-eu.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'e', 'u', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-demo-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'e', 'm', 'o', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-dogfood-hrd.appspot.com", true */ 'w', 'f', '-', 'd', 'o', 'g', 'f', 'o', 'o', 'd', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-hosting.de", true */ 'w', 'f', '-', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "wf-pentest.appspot.com", true */ 'w', 'f', '-', 'p', 'e', 'n', 't', 'e', 's', 't', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-staging-hr.appspot.com", true */ 'w', 'f', '-', 's', 't', 'a', 'g', 'i', 'n', 'g', '-', 'h', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-training-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-training-master.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wf-trial-hrd.appspot.com", true */ 'w', 'f', '-', 't', 'r', 'i', 'a', 'l', '-', 'h', 'r', 'd', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wfh.ovh", true */ 'w', 'f', 'h', '.', 'o', 'v', 'h', '\0',
+  /* "wfh.se", true */ 'w', 'f', 'h', '.', 's', 'e', '\0',
+  /* "wg3k.us", true */ 'w', 'g', '3', 'k', '.', 'u', 's', '\0',
+  /* "wgom.org", true */ 'w', 'g', 'o', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "wgraphics.ru", true */ 'w', 'g', 'r', 'a', 'p', 'h', 'i', 'c', 's', '.', 'r', 'u', '\0',
+  /* "wh-guide.de", true */ 'w', 'h', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "whanau.org", true */ 'w', 'h', 'a', 'n', 'a', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "whatagreatwebsite.net", true */ 'w', 'h', 'a', 't', 'a', 'g', 'r', 'e', 'a', 't', 'w', 'e', 'b', 's', 'i', 't', 'e', '.', 'n', 'e', 't', '\0',
+  /* "whatanime.ga", true */ 'w', 'h', 'a', 't', 'a', 'n', 'i', 'm', 'e', '.', 'g', 'a', '\0',
+  /* "whatarepatentsfor.com", true */ 'w', 'h', 'a', 't', 'a', 'r', 'e', 'p', 'a', 't', 'e', 'n', 't', 's', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "whatisl.ovh", true */ 'w', 'h', 'a', 't', 'i', 's', 'l', '.', 'o', 'v', 'h', '\0',
+  /* "whatismyipaddress.ca", true */ 'w', 'h', 'a', 't', 'i', 's', 'm', 'y', 'i', 'p', 'a', 'd', 'd', 'r', 'e', 's', 's', '.', 'c', 'a', '\0',
+  /* "whatsahoy.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'h', 'o', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whatsapp.com", true */ 'w', 'h', 'a', 't', 's', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "whatsmychaincert.com", true */ 'w', 'h', 'a', 't', 's', 'm', 'y', 'c', 'h', 'a', 'i', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "whatsupgold.com.tw", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'g', 'o', 'l', 'd', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "whatsupoutdoor.com", true */ 'w', 'h', 'a', 't', 's', 'u', 'p', 'o', 'u', 't', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "whatwebcando.today", true */ 'w', 'h', 'a', 't', 'w', 'e', 'b', 'c', 'a', 'n', 'd', 'o', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "whatwg.org", true */ 'w', 'h', 'a', 't', 'w', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "whd-guide.de", true */ 'w', 'h', 'd', '-', 'g', 'u', 'i', 'd', 'e', '.', 'd', 'e', '\0',
+  /* "wheatgra.in", true */ 'w', 'h', 'e', 'a', 't', 'g', 'r', 'a', '.', 'i', 'n', '\0',
+  /* "wheatley.nl", true */ 'w', 'h', 'e', 'a', 't', 'l', 'e', 'y', '.', 'n', 'l', '\0',
+  /* "wheeler.kiwi.nz", true */ 'w', 'h', 'e', 'e', 'l', 'e', 'r', '.', 'k', 'i', 'w', 'i', '.', 'n', 'z', '\0',
+  /* "wheelwide.co.uk", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'i', 'd', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wheelwork.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'o', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wheelwright.org", true */ 'w', 'h', 'e', 'e', 'l', 'w', 'r', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "when-release.com", true */ 'w', 'h', 'e', 'n', '-', 'r', 'e', 'l', 'e', 'a', 's', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "when.fm", true */ 'w', 'h', 'e', 'n', '.', 'f', 'm', '\0',
+  /* "where2trip.com", true */ 'w', 'h', 'e', 'r', 'e', '2', 't', 'r', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "whereiszakir.com", true */ 'w', 'h', 'e', 'r', 'e', 'i', 's', 'z', 'a', 'k', 'i', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wherephoto.com", false */ 'w', 'h', 'e', 'r', 'e', 'p', 'h', 'o', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "whey-protein.ch", true */ 'w', 'h', 'e', 'y', '-', 'p', 'r', 'o', 't', 'e', 'i', 'n', '.', 'c', 'h', '\0',
+  /* "whiletrue.run", true */ 'w', 'h', 'i', 'l', 'e', 't', 'r', 'u', 'e', '.', 'r', 'u', 'n', '\0',
+  /* "whing.org", true */ 'w', 'h', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "whipnic.com", true */ 'w', 'h', 'i', 'p', 'n', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "whisky-circle.info", true */ 'w', 'h', 'i', 's', 'k', 'y', '-', 'c', 'i', 'r', 'c', 'l', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "whiskynerd.ca", true */ 'w', 'h', 'i', 's', 'k', 'y', 'n', 'e', 'r', 'd', '.', 'c', 'a', '\0',
+  /* "whisp.ly", false */ 'w', 'h', 'i', 's', 'p', '.', 'l', 'y', '\0',
+  /* "whispeer.de", true */ 'w', 'h', 'i', 's', 'p', 'e', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "whisperinghoperanch.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'i', 'n', 'g', 'h', 'o', 'p', 'e', 'r', 'a', 'n', 'c', 'h', '.', 'o', 'r', 'g', '\0',
+  /* "whisperlab.org", true */ 'w', 'h', 'i', 's', 'p', 'e', 'r', 'l', 'a', 'b', '.', 'o', 'r', 'g', '\0',
+  /* "whistleb.com", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "whistleblower.gov", true */ 'w', 'h', 'i', 's', 't', 'l', 'e', 'b', 'l', 'o', 'w', 'e', 'r', '.', 'g', 'o', 'v', '\0',
+  /* "whitby-brewery.com", true */ 'w', 'h', 'i', 't', 'b', 'y', '-', 'b', 'r', 'e', 'w', 'e', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whitealps.at", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'a', 't', '\0',
+  /* "whitealps.be", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'b', 'e', '\0',
+  /* "whitealps.ch", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'c', 'h', '\0',
+  /* "whitealps.de", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'd', 'e', '\0',
+  /* "whitealps.fr", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'f', 'r', '\0',
+  /* "whitealps.net", true */ 'w', 'h', 'i', 't', 'e', 'a', 'l', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "whitefm.ch", true */ 'w', 'h', 'i', 't', 'e', 'f', 'm', '.', 'c', 'h', '\0',
+  /* "whitehathackers.com.br", true */ 'w', 'h', 'i', 't', 'e', 'h', 'a', 't', 'h', 'a', 'c', 'k', 'e', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "whitehouse.gov", true */ 'w', 'h', 'i', 't', 'e', 'h', 'o', 'u', 's', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "whiteink.com", true */ 'w', 'h', 'i', 't', 'e', 'i', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "whitejaguars.com", true */ 'w', 'h', 'i', 't', 'e', 'j', 'a', 'g', 'u', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "whitelabelcashback.nl", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 'c', 'a', 's', 'h', 'b', 'a', 'c', 'k', '.', 'n', 'l', '\0',
+  /* "whitelabeltickets.com", true */ 'w', 'h', 'i', 't', 'e', 'l', 'a', 'b', 'e', 'l', 't', 'i', 'c', 'k', 'e', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "whitepharmacy.co.uk", true */ 'w', 'h', 'i', 't', 'e', 'p', 'h', 'a', 'r', 'm', 'a', 'c', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "whiteroom.agency", true */ 'w', 'h', 'i', 't', 'e', 'r', 'o', 'o', 'm', '.', 'a', 'g', 'e', 'n', 'c', 'y', '\0',
+  /* "whiteshadowimperium.com", true */ 'w', 'h', 'i', 't', 'e', 's', 'h', 'a', 'd', 'o', 'w', 'i', 'm', 'p', 'e', 'r', 'i', 'u', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "whitkirkartsguild.com", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'a', 'r', 't', 's', 'g', 'u', 'i', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "whitkirkchurch.org.uk", true */ 'w', 'h', 'i', 't', 'k', 'i', 'r', 'k', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "whizzzbang.co.uk", true */ 'w', 'h', 'i', 'z', 'z', 'z', 'b', 'a', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "whmcs.hosting", true */ 'w', 'h', 'm', 'c', 's', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "who-calledme.com", true */ 'w', 'h', 'o', '-', 'c', 'a', 'l', 'l', 'e', 'd', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "who.pm", true */ 'w', 'h', 'o', '.', 'p', 'm', '\0',
+  /* "whocalld.com", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "whocalled.us", true */ 'w', 'h', 'o', 'c', 'a', 'l', 'l', 'e', 'd', '.', 'u', 's', '\0',
+  /* "whoimg.com", true */ 'w', 'h', 'o', 'i', 'm', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whoisthenightking.com", true */ 'w', 'h', 'o', 'i', 's', 't', 'h', 'e', 'n', 'i', 'g', 'h', 't', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whoiswp.com", true */ 'w', 'h', 'o', 'i', 's', 'w', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wholelotofbounce.co.uk", false */ 'w', 'h', 'o', 'l', 'e', 'l', 'o', 't', 'o', 'f', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wholesalecbd.com", true */ 'w', 'h', 'o', 'l', 'e', 's', 'a', 'l', 'e', 'c', 'b', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wholikes.us", true */ 'w', 'h', 'o', 'l', 'i', 'k', 'e', 's', '.', 'u', 's', '\0',
+  /* "whoneedstobeprimaried.today", true */ 'w', 'h', 'o', 'n', 'e', 'e', 'd', 's', 't', 'o', 'b', 'e', 'p', 'r', 'i', 'm', 'a', 'r', 'i', 'e', 'd', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "whonix.org", true */ 'w', 'h', 'o', 'n', 'i', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "whoownsmyavailability.com", true */ 'w', 'h', 'o', 'o', 'w', 'n', 's', 'm', 'y', 'a', 'v', 'a', 'i', 'l', 'a', 'b', 'i', 'l', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "whoturgled.com", true */ 'w', 'h', 'o', 't', 'u', 'r', 'g', 'l', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "why-brexit.uk", true */ 'w', 'h', 'y', '-', 'b', 'r', 'e', 'x', 'i', 't', '.', 'u', 'k', '\0',
+  /* "whyopencomputing.ch", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "whyopencomputing.com", true */ 'w', 'h', 'y', 'o', 'p', 'e', 'n', 'c', 'o', 'm', 'p', 'u', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "whyworldhot.com", true */ 'w', 'h', 'y', 'w', 'o', 'r', 'l', 'd', 'h', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wiapply.com", true */ 'w', 'i', 'a', 'p', 'p', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wibbe.link", true */ 'w', 'i', 'b', 'b', 'e', '.', 'l', 'i', 'n', 'k', '\0',
+  /* "wiberg.nu", true */ 'w', 'i', 'b', 'e', 'r', 'g', '.', 'n', 'u', '\0',
+  /* "wickrath.net", true */ 'w', 'i', 'c', 'k', 'r', 'a', 't', 'h', '.', 'n', 'e', 't', '\0',
+  /* "widdleguy.com", true */ 'w', 'i', 'd', 'd', 'l', 'e', 'g', 'u', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wideboxmacau.com", false */ 'w', 'i', 'd', 'e', 'b', 'o', 'x', 'm', 'a', 'c', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "widegab.com", true */ 'w', 'i', 'd', 'e', 'g', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wideinfo.org", true */ 'w', 'i', 'd', 'e', 'i', 'n', 'f', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "widemann.de", true */ 'w', 'i', 'd', 'e', 'm', 'a', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "widememory.com", true */ 'w', 'i', 'd', 'e', 'm', 'e', 'm', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "widenews.org", true */ 'w', 'i', 'd', 'e', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "widmer.bz", true */ 'w', 'i', 'd', 'm', 'e', 'r', '.', 'b', 'z', '\0',
+  /* "widsl.de", true */ 'w', 'i', 'd', 's', 'l', '.', 'd', 'e', '\0',
+  /* "wiebetaaltdat.nl", true */ 'w', 'i', 'e', 'b', 'e', 't', 'a', 'a', 'l', 't', 'd', 'a', 't', '.', 'n', 'l', '\0',
+  /* "wieckiewicz.org", true */ 'w', 'i', 'e', 'c', 'k', 'i', 'e', 'w', 'i', 'c', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "wiedmeyer.de", true */ 'w', 'i', 'e', 'd', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wiedu.net", true */ 'w', 'i', 'e', 'd', 'u', '.', 'n', 'e', 't', '\0',
+  /* "wiegedaten.de", true */ 'w', 'i', 'e', 'g', 'e', 'd', 'a', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wien52.at", true */ 'w', 'i', 'e', 'n', '5', '2', '.', 'a', 't', '\0',
+  /* "wieneck-bauelemente.de", true */ 'w', 'i', 'e', 'n', 'e', 'c', 'k', '-', 'b', 'a', 'u', 'e', 'l', 'e', 'm', 'e', 'n', 't', 'e', '.', 'd', 'e', '\0',
+  /* "wienergyjobs.com", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'g', 'y', 'j', 'o', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wienerwichtelchallenge.at", true */ 'w', 'i', 'e', 'n', 'e', 'r', 'w', 'i', 'c', 'h', 't', 'e', 'l', 'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e', '.', 'a', 't', '\0',
+  /* "wieobensounten.de", true */ 'w', 'i', 'e', 'o', 'b', 'e', 'n', 's', 'o', 'u', 'n', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wifi-hack.com", true */ 'w', 'i', 'f', 'i', '-', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wifi-names.com", true */ 'w', 'i', 'f', 'i', '-', 'n', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wifimask.com", true */ 'w', 'i', 'f', 'i', 'm', 'a', 's', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wifipineapple.com", true */ 'w', 'i', 'f', 'i', 'p', 'i', 'n', 'e', 'a', 'p', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wifirst.net", true */ 'w', 'i', 'f', 'i', 'r', 's', 't', '.', 'n', 'e', 't', '\0',
+  /* "wifree.lv", true */ 'w', 'i', 'f', 'r', 'e', 'e', '.', 'l', 'v', '\0',
+  /* "wigggle.it", true */ 'w', 'i', 'g', 'g', 'g', 'l', 'e', '.', 'i', 't', '\0',
+  /* "wigle.net", true */ 'w', 'i', 'g', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wiiaam.com", true */ 'w', 'i', 'i', 'a', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "wiimotion.de", true */ 'w', 'i', 'i', 'm', 'o', 't', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "wijnservices.nl", false */ 'w', 'i', 'j', 'n', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'n', 'l', '\0',
+  /* "wiki-play.ru", true */ 'w', 'i', 'k', 'i', '-', 'p', 'l', 'a', 'y', '.', 'r', 'u', '\0',
+  /* "wiki.python.org", true */ 'w', 'i', 'k', 'i', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wikibooks.org", true */ 'w', 'i', 'k', 'i', 'b', 'o', 'o', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikibulz.com", true */ 'w', 'i', 'k', 'i', 'b', 'u', 'l', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wikidata.org", true */ 'w', 'i', 'k', 'i', 'd', 'a', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikidsystems.com", false */ 'w', 'i', 'k', 'i', 'd', 's', 'y', 's', 't', 'e', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wikileaks.com", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wikileaks.org", true */ 'w', 'i', 'k', 'i', 'l', 'e', 'a', 'k', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikimedia.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikimediafoundation.org", true */ 'w', 'i', 'k', 'i', 'm', 'e', 'd', 'i', 'a', 'f', 'o', 'u', 'n', 'd', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "wikimilk.org", true */ 'w', 'i', 'k', 'i', 'm', 'i', 'l', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wikinews.org", true */ 'w', 'i', 'k', 'i', 'n', 'e', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wikipedia.org", true */ 'w', 'i', 'k', 'i', 'p', 'e', 'd', 'i', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wikiquote.org", true */ 'w', 'i', 'k', 'i', 'q', 'u', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wikisource.org", true */ 'w', 'i', 'k', 'i', 's', 'o', 'u', 'r', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wikiversity.org", true */ 'w', 'i', 'k', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "wikivisually.com", true */ 'w', 'i', 'k', 'i', 'v', 'i', 's', 'u', 'a', 'l', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wikivoyage.org", true */ 'w', 'i', 'k', 'i', 'v', 'o', 'y', 'a', 'g', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wiktionary.org", true */ 'w', 'i', 'k', 't', 'i', 'o', 'n', 'a', 'r', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "wiktoriaslife.com", true */ 'w', 'i', 'k', 't', 'o', 'r', 'i', 'a', 's', 'l', 'i', 'f', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wilane.org", true */ 'w', 'i', 'l', 'a', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wilcodeboer.me", true */ 'w', 'i', 'l', 'c', 'o', 'd', 'e', 'b', 'o', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "wild-emotion-events.de", true */ 'w', 'i', 'l', 'd', '-', 'e', 'm', 'o', 't', 'i', 'o', 'n', '-', 'e', 'v', 'e', 'n', 't', 's', '.', 'd', 'e', '\0',
+  /* "wild-turtles.com", true */ 'w', 'i', 'l', 'd', '-', 't', 'u', 'r', 't', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wildbirds.dk", true */ 'w', 'i', 'l', 'd', 'b', 'i', 'r', 'd', 's', '.', 'd', 'k', '\0',
+  /* "wildboaratvparts.com", true */ 'w', 'i', 'l', 'd', 'b', 'o', 'a', 'r', 'a', 't', 'v', 'p', 'a', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wildcard.hu", true */ 'w', 'i', 'l', 'd', 'c', 'a', 'r', 'd', '.', 'h', 'u', '\0',
+  /* "wilddogdesign.co.uk", true */ 'w', 'i', 'l', 'd', 'd', 'o', 'g', 'd', 'e', 's', 'i', 'g', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wildlifeadaptationstrategy.gov", true */ 'w', 'i', 'l', 'd', 'l', 'i', 'f', 'e', 'a', 'd', 'a', 'p', 't', 'a', 't', 'i', 'o', 'n', 's', 't', 'r', 'a', 't', 'e', 'g', 'y', '.', 'g', 'o', 'v', '\0',
+  /* "wildnisfamilie.net", true */ 'w', 'i', 'l', 'd', 'n', 'i', 's', 'f', 'a', 'm', 'i', 'l', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wildtrip.blog", true */ 'w', 'i', 'l', 'd', 't', 'r', 'i', 'p', '.', 'b', 'l', 'o', 'g', '\0',
+  /* "wildwildtravel.com", true */ 'w', 'i', 'l', 'd', 'w', 'i', 'l', 'd', 't', 'r', 'a', 'v', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wilfrid-calixte.fr", true */ 'w', 'i', 'l', 'f', 'r', 'i', 'd', '-', 'c', 'a', 'l', 'i', 'x', 't', 'e', '.', 'f', 'r', '\0',
+  /* "wili.li", true */ 'w', 'i', 'l', 'i', '.', 'l', 'i', '\0',
+  /* "wiliquet.net", true */ 'w', 'i', 'l', 'i', 'q', 'u', 'e', 't', '.', 'n', 'e', 't', '\0',
+  /* "willbarnesphotography.co.uk", true */ 'w', 'i', 'l', 'l', 'b', 'a', 'r', 'n', 'e', 's', 'p', 'h', 'o', 't', 'o', 'g', 'r', 'a', 'p', 'h', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "willberg.bayern", true */ 'w', 'i', 'l', 'l', 'b', 'e', 'r', 'g', '.', 'b', 'a', 'y', 'e', 'r', 'n', '\0',
+  /* "willekeinden.nl", true */ 'w', 'i', 'l', 'l', 'e', 'k', 'e', 'i', 'n', 'd', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "willeminfo.ch", true */ 'w', 'i', 'l', 'l', 'e', 'm', 'i', 'n', 'f', 'o', '.', 'c', 'h', '\0',
+  /* "willems-kristiansen.dk", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', '-', 'k', 'r', 'i', 's', 't', 'i', 'a', 'n', 's', 'e', 'n', '.', 'd', 'k', '\0',
+  /* "willemsjort.be", true */ 'w', 'i', 'l', 'l', 'e', 'm', 's', 'j', 'o', 'r', 't', '.', 'b', 'e', '\0',
+  /* "willfarrell.ca", true */ 'w', 'i', 'l', 'l', 'f', 'a', 'r', 'r', 'e', 'l', 'l', '.', 'c', 'a', '\0',
+  /* "willi-graf-gymnasium.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'g', 'y', 'm', 'n', 'a', 's', 'i', 'u', 'm', '.', 'd', 'e', '\0',
+  /* "willi-graf-os.de", true */ 'w', 'i', 'l', 'l', 'i', '-', 'g', 'r', 'a', 'f', '-', 'o', 's', '.', 'd', 'e', '\0',
+  /* "williamboundsltd.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'b', 'o', 'u', 'n', 'd', 's', 'l', 't', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "williamfeely.info", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'f', 'e', 'e', 'l', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "williamjohngauthier.net", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 'j', 'o', 'h', 'n', 'g', 'a', 'u', 't', 'h', 'i', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "williamsonshore.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'o', 'n', 's', 'h', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "williamsportmortgages.com", true */ 'w', 'i', 'l', 'l', 'i', 'a', 'm', 's', 'p', 'o', 'r', 't', 'm', 'o', 'r', 't', 'g', 'a', 'g', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "willnorris.com", true */ 'w', 'i', 'l', 'l', 'n', 'o', 'r', 'r', 'i', 's', '.', 'c', 'o', 'm', '\0',
+  /* "willow.technology", true */ 'w', 'i', 'l', 'l', 'o', 'w', '.', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'y', '\0',
+  /* "willowdalechurch.ca", true */ 'w', 'i', 'l', 'l', 'o', 'w', 'd', 'a', 'l', 'e', 'c', 'h', 'u', 'r', 'c', 'h', '.', 'c', 'a', '\0',
+  /* "wills.co.tt", true */ 'w', 'i', 'l', 'l', 's', '.', 'c', 'o', '.', 't', 't', '\0',
+  /* "willstamper.name", true */ 'w', 'i', 'l', 'l', 's', 't', 'a', 'm', 'p', 'e', 'r', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "willywangstory.com", true */ 'w', 'i', 'l', 'l', 'y', 'w', 'a', 'n', 'g', 's', 't', 'o', 'r', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wilseyrealty.com", true */ 'w', 'i', 'l', 's', 'e', 'y', 'r', 'e', 'a', 'l', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wilsonovi.com", true */ 'w', 'i', 'l', 's', 'o', 'n', 'o', 'v', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wimachtendienk.com", true */ 'w', 'i', 'm', 'a', 'c', 'h', 't', 'e', 'n', 'd', 'i', 'e', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wimbo.nl", true */ 'w', 'i', 'm', 'b', 'o', '.', 'n', 'l', '\0',
+  /* "wimpernforyou.de", true */ 'w', 'i', 'm', 'p', 'e', 'r', 'n', 'f', 'o', 'r', 'y', 'o', 'u', '.', 'd', 'e', '\0',
+  /* "win7stylebuilder.com", false */ 'w', 'i', 'n', '7', 's', 't', 'y', 'l', 'e', 'b', 'u', 'i', 'l', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "winbuzzer.com", true */ 'w', 'i', 'n', 'b', 'u', 'z', 'z', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wind.moe", true */ 'w', 'i', 'n', 'd', '.', 'm', 'o', 'e', '\0',
+  /* "windelnkaufen24.de", true */ 'w', 'i', 'n', 'd', 'e', 'l', 'n', 'k', 'a', 'u', 'f', 'e', 'n', '2', '4', '.', 'd', 'e', '\0',
+  /* "windhaven.nl", false */ 'w', 'i', 'n', 'd', 'h', 'a', 'v', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "windholz.us", true */ 'w', 'i', 'n', 'd', 'h', 'o', 'l', 'z', '.', 'u', 's', '\0',
+  /* "windowcleaningexperts.net", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'c', 'l', 'e', 'a', 'n', 'i', 'n', 'g', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "windows10insider.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', '1', '0', 'i', 'n', 's', 'i', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "windowsnerd.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 'n', 'e', 'r', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "windowstech.it", true */ 'w', 'i', 'n', 'd', 'o', 'w', 's', 't', 'e', 'c', 'h', '.', 'i', 't', '\0',
+  /* "windowwellcovers.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'c', 'o', 'v', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "windowwellexperts.com", true */ 'w', 'i', 'n', 'd', 'o', 'w', 'w', 'e', 'l', 'l', 'e', 'x', 'p', 'e', 'r', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "windrunner.se", true */ 'w', 'i', 'n', 'd', 'r', 'u', 'n', 'n', 'e', 'r', '.', 's', 'e', '\0',
+  /* "windscribe.com", true */ 'w', 'i', 'n', 'd', 's', 'c', 'r', 'i', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "windsock-app.com", true */ 'w', 'i', 'n', 'd', 's', 'o', 'c', 'k', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "windwoodmedia.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "windwoodweb.com", true */ 'w', 'i', 'n', 'd', 'w', 'o', 'o', 'd', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "windycitydubfest.com", true */ 'w', 'i', 'n', 'd', 'y', 'c', 'i', 't', 'y', 'd', 'u', 'b', 'f', 'e', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wine-importer.ru", true */ 'w', 'i', 'n', 'e', '-', 'i', 'm', 'p', 'o', 'r', 't', 'e', 'r', '.', 'r', 'u', '\0',
+  /* "winebid.com", true */ 'w', 'i', 'n', 'e', 'b', 'i', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "wineworksonline.com", true */ 'w', 'i', 'n', 'e', 'w', 'o', 'r', 'k', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "winfieldchen.me", true */ 'w', 'i', 'n', 'f', 'i', 'e', 'l', 'd', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "winghill.com", false */ 'w', 'i', 'n', 'g', 'h', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "winhistory-forum.net", true */ 'w', 'i', 'n', 'h', 'i', 's', 't', 'o', 'r', 'y', '-', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'e', 't', '\0',
+  /* "winmodels.org", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'o', 'r', 'g', '\0',
+  /* "winmodels.ru", true */ 'w', 'i', 'n', 'm', 'o', 'd', 'e', 'l', 's', '.', 'r', 'u', '\0',
+  /* "winphonemetro.com", true */ 'w', 'i', 'n', 'p', 'h', 'o', 'n', 'e', 'm', 'e', 't', 'r', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "winsome.world", true */ 'w', 'i', 'n', 's', 'o', 'm', 'e', '.', 'w', 'o', 'r', 'l', 'd', '\0',
+  /* "wint.global", true */ 'w', 'i', 'n', 't', '.', 'g', 'l', 'o', 'b', 'a', 'l', '\0',
+  /* "winter-elektro.de", true */ 'w', 'i', 'n', 't', 'e', 'r', '-', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "winter.engineering", false */ 'w', 'i', 'n', 't', 'e', 'r', '.', 'e', 'n', 'g', 'i', 'n', 'e', 'e', 'r', 'i', 'n', 'g', '\0',
+  /* "winterbergwebcams.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'b', 'e', 'r', 'g', 'w', 'e', 'b', 'c', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "winterfeldt.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'f', 'e', 'l', 'd', 't', '.', 'd', 'e', '\0',
+  /* "winterhillbank.com", true */ 'w', 'i', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', 'b', 'a', 'n', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "wintermeyer-consulting.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '-', 'c', 'o', 'n', 's', 'u', 'l', 't', 'i', 'n', 'g', '.', 'd', 'e', '\0',
+  /* "wintermeyer.de", true */ 'w', 'i', 'n', 't', 'e', 'r', 'm', 'e', 'y', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "winterschoen.nl", true */ 'w', 'i', 'n', 't', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "wintodoor.com", true */ 'w', 'i', 'n', 't', 'o', 'd', 'o', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wipswiss.ch", true */ 'w', 'i', 'p', 's', 'w', 'i', 's', 's', '.', 'c', 'h', '\0',
+  /* "wir-bewegen.sh", true */ 'w', 'i', 'r', '-', 'b', 'e', 'w', 'e', 'g', 'e', 'n', '.', 's', 'h', '\0',
+  /* "wirbatz.org", true */ 'w', 'i', 'r', 'b', 'a', 't', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "wircon-int.net", true */ 'w', 'i', 'r', 'c', 'o', 'n', '-', 'i', 'n', 't', '.', 'n', 'e', 't', '\0',
+  /* "wiredcut.com", true */ 'w', 'i', 'r', 'e', 'd', 'c', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wireheading.com", true */ 'w', 'i', 'r', 'e', 'h', 'e', 'a', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wireless-emergency-stop.com", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', '-', 'e', 'm', 'e', 'r', 'g', 'e', 'n', 'c', 'y', '-', 's', 't', 'o', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wirelesswatch.com.au", true */ 'w', 'i', 'r', 'e', 'l', 'e', 's', 's', 'w', 'a', 't', 'c', 'h', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wireshark.org", true */ 'w', 'i', 'r', 'e', 's', 'h', 'a', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wiretime.de", true */ 'w', 'i', 'r', 'e', 't', 'i', 'm', 'e', '.', 'd', 'e', '\0',
+  /* "wiretrip.io", true */ 'w', 'i', 'r', 'e', 't', 'r', 'i', 'p', '.', 'i', 'o', '\0',
+  /* "wirhabenspass.de", true */ 'w', 'i', 'r', 'h', 'a', 'b', 'e', 'n', 's', 'p', 'a', 's', 's', '.', 'd', 'e', '\0',
+  /* "wirkstoffreich.de", true */ 'w', 'i', 'r', 'k', 's', 't', 'o', 'f', 'f', 'r', 'e', 'i', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "wirralbouncycastles.co.uk", true */ 'w', 'i', 'r', 'r', 'a', 'l', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wirsol.com", true */ 'w', 'i', 'r', 's', 'o', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wis.no", true */ 'w', 'i', 's', '.', 'n', 'o', '\0',
+  /* "wisdomize.me", true */ 'w', 'i', 's', 'd', 'o', 'm', 'i', 'z', 'e', '.', 'm', 'e', '\0',
+  /* "wiseflat.com", true */ 'w', 'i', 's', 'e', 'f', 'l', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wisper.net.au", true */ 'w', 'i', 's', 'p', 'e', 'r', '.', 'n', 'e', 't', '.', 'a', 'u', '\0',
+  /* "wispsuperfoods.com", true */ 'w', 'i', 's', 'p', 's', 'u', 'p', 'e', 'r', 'f', 'o', 'o', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wisv.ch", true */ 'w', 'i', 's', 'v', '.', 'c', 'h', '\0',
+  /* "wisweb.no", true */ 'w', 'i', 's', 'w', 'e', 'b', '.', 'n', 'o', '\0',
+  /* "wit.ai", true */ 'w', 'i', 't', '.', 'a', 'i', '\0',
+  /* "witae.com", true */ 'w', 'i', 't', 'a', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "withgoogle.com", true */ 'w', 'i', 't', 'h', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "withinsecurity.com", true */ 'w', 'i', 't', 'h', 'i', 'n', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "withlocals.com", true */ 'w', 'i', 't', 'h', 'l', 'o', 'c', 'a', 'l', 's', '.', 'c', 'o', 'm', '\0',
+  /* "withoutacrystalball.com", true */ 'w', 'i', 't', 'h', 'o', 'u', 't', 'a', 'c', 'r', 'y', 's', 't', 'a', 'l', 'b', 'a', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "withyoutube.com", true */ 'w', 'i', 't', 'h', 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "witneywaterpolo.org.uk", true */ 'w', 'i', 't', 'n', 'e', 'y', 'w', 'a', 't', 'e', 'r', 'p', 'o', 'l', 'o', '.', 'o', 'r', 'g', '.', 'u', 'k', '\0',
+  /* "witt-international.co.uk", true */ 'w', 'i', 't', 't', '-', 'i', 'n', 't', 'e', 'r', 'n', 'a', 't', 'i', 'o', 'n', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wittepapaver.nl", true */ 'w', 'i', 't', 't', 'e', 'p', 'a', 'p', 'a', 'v', 'e', 'r', '.', 'n', 'l', '\0',
+  /* "witting.co", true */ 'w', 'i', 't', 't', 'i', 'n', 'g', '.', 'c', 'o', '\0',
+  /* "witway.nl", false */ 'w', 'i', 't', 'w', 'a', 'y', '.', 'n', 'l', '\0',
+  /* "wivoc.nl", true */ 'w', 'i', 'v', 'o', 'c', '.', 'n', 'l', '\0',
+  /* "wiz.at", true */ 'w', 'i', 'z', '.', 'a', 't', '\0',
+  /* "wiz.farm", true */ 'w', 'i', 'z', '.', 'f', 'a', 'r', 'm', '\0',
+  /* "wizard.gov", true */ 'w', 'i', 'z', 'a', 'r', 'd', '.', 'g', 'o', 'v', '\0',
+  /* "wizardbouncycastles.co.uk", true */ 'w', 'i', 'z', 'a', 'r', 'd', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wizardspire.com", true */ 'w', 'i', 'z', 'a', 'r', 'd', 's', 'p', 'i', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wizzley.com", false */ 'w', 'i', 'z', 'z', 'l', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wizzr.nl", true */ 'w', 'i', 'z', 'z', 'r', '.', 'n', 'l', '\0',
+  /* "wj0666.com", true */ 'w', 'j', '0', '6', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "wjbolles.com", true */ 'w', 'j', 'b', 'o', 'l', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wje-online.de", true */ 'w', 'j', 'e', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'd', 'e', '\0',
+  /* "wjg.ca", true */ 'w', 'j', 'g', '.', 'c', 'a', '\0',
+  /* "wjg.dk", true */ 'w', 'j', 'g', '.', 'd', 'k', '\0',
+  /* "wjglerum.nl", true */ 'w', 'j', 'g', 'l', 'e', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "wjm2038.me", true */ 'w', 'j', 'm', '2', '0', '3', '8', '.', 'm', 'e', '\0',
+  /* "wk577.com", true */ 'w', 'k', '5', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wkennington.com", true */ 'w', 'k', 'e', 'n', 'n', 'i', 'n', 'g', 't', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "wkv.com", true */ 'w', 'k', 'v', '.', 'c', 'o', 'm', '\0',
+  /* "wkz.io", true */ 'w', 'k', 'z', '.', 'i', 'o', '\0',
+  /* "wlaws.com", true */ 'w', 'l', 'a', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wlci.gov", true */ 'w', 'l', 'c', 'i', '.', 'g', 'o', 'v', '\0',
+  /* "wlog.it", true */ 'w', 'l', 'o', 'g', '.', 'i', 't', '\0',
+  /* "wlsme.org", true */ 'w', 'l', 's', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "wlt.ca", true */ 'w', 'l', 't', '.', 'c', 'a', '\0',
+  /* "wltix.com", true */ 'w', 'l', 't', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wm-talk.net", true */ 'w', 'm', '-', 't', 'a', 'l', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wmaccess.com", true */ 'w', 'm', 'a', 'c', 'c', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wmfusercontent.org", true */ 'w', 'm', 'f', 'u', 's', 'e', 'r', 'c', 'o', 'n', 't', 'e', 'n', 't', '.', 'o', 'r', 'g', '\0',
+  /* "wmkowa.de", true */ 'w', 'm', 'k', 'o', 'w', 'a', '.', 'd', 'e', '\0',
+  /* "wmustore.com", true */ 'w', 'm', 'u', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wnmed.com.au", true */ 'w', 'n', 'm', 'e', 'd', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wnu.com", true */ 'w', 'n', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "wo-ist-elvira.net", true */ 'w', 'o', '-', 'i', 's', 't', '-', 'e', 'l', 'v', 'i', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "wo2forum.nl", true */ 'w', 'o', '2', 'f', 'o', 'r', 'u', 'm', '.', 'n', 'l', '\0',
+  /* "wobble.ninja", true */ 'w', 'o', 'b', 'b', 'l', 'e', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wobblywotnotz.co.uk", true */ 'w', 'o', 'b', 'b', 'l', 'y', 'w', 'o', 't', 'n', 'o', 't', 'z', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wochennummern.de", true */ 'w', 'o', 'c', 'h', 'e', 'n', 'n', 'u', 'm', 'm', 'e', 'r', 'n', '.', 'd', 'e', '\0',
+  /* "wod-stavby.cz", true */ 'w', 'o', 'd', '-', 's', 't', 'a', 'v', 'b', 'y', '.', 'c', 'z', '\0',
+  /* "wodboss.com", true */ 'w', 'o', 'd', 'b', 'o', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wodinaz.com", true */ 'w', 'o', 'd', 'i', 'n', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "wodka-division.de", true */ 'w', 'o', 'd', 'k', 'a', '-', 'd', 'i', 'v', 'i', 's', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "woelkchen.me", true */ 'w', 'o', 'e', 'l', 'k', 'c', 'h', 'e', 'n', '.', 'm', 'e', '\0',
+  /* "wofford-ecs.org", true */ 'w', 'o', 'f', 'f', 'o', 'r', 'd', '-', 'e', 'c', 's', '.', 'o', 'r', 'g', '\0',
+  /* "woffs.de", true */ 'w', 'o', 'f', 'f', 's', '.', 'd', 'e', '\0',
+  /* "wogo.org", true */ 'w', 'o', 'g', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "woheni.de", true */ 'w', 'o', 'h', 'e', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "wohlgemuth.rocks", true */ 'w', 'o', 'h', 'l', 'g', 'e', 'm', 'u', 't', 'h', '.', 'r', 'o', 'c', 'k', 's', '\0',
+  /* "wohnbegleitung.ch", true */ 'w', 'o', 'h', 'n', 'b', 'e', 'g', 'l', 'e', 'i', 't', 'u', 'n', 'g', '.', 'c', 'h', '\0',
+  /* "wohnsitz-ausland.com", true */ 'w', 'o', 'h', 'n', 's', 'i', 't', 'z', '-', 'a', 'u', 's', 'l', 'a', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "woi.vision", true */ 'w', 'o', 'i', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "wokeai.net", true */ 'w', 'o', 'k', 'e', 'a', 'i', '.', 'n', 'e', 't', '\0',
+  /* "wolf-squad.de", false */ 'w', 'o', 'l', 'f', '-', 's', 'q', 'u', 'a', 'd', '.', 'd', 'e', '\0',
+  /* "wolfachtal-alpaka.de", true */ 'w', 'o', 'l', 'f', 'a', 'c', 'h', 't', 'a', 'l', '-', 'a', 'l', 'p', 'a', 'k', 'a', '.', 'd', 'e', '\0',
+  /* "wolferstetterkeller.de", true */ 'w', 'o', 'l', 'f', 'e', 'r', 's', 't', 'e', 't', 't', 'e', 'r', 'k', 'e', 'l', 'l', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wolfgang-braun.info", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'b', 'r', 'a', 'u', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wolfgang-kerschbaumer.at", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'a', 't', '\0',
+  /* "wolfgang-kerschbaumer.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wolfgang-kerschbaumer.net", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'k', 'e', 'r', 's', 'c', 'h', 'b', 'a', 'u', 'm', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "wolfgang-ziegler.com", true */ 'w', 'o', 'l', 'f', 'g', 'a', 'n', 'g', '-', 'z', 'i', 'e', 'g', 'l', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wolfie.ovh", true */ 'w', 'o', 'l', 'f', 'i', 'e', '.', 'o', 'v', 'h', '\0',
+  /* "wolfpa.ws", true */ 'w', 'o', 'l', 'f', 'p', 'a', '.', 'w', 's', '\0',
+  /* "wolfram.io", true */ 'w', 'o', 'l', 'f', 'r', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "wolfsden.cz", true */ 'w', 'o', 'l', 'f', 's', 'd', 'e', 'n', '.', 'c', 'z', '\0',
+  /* "wolfy1339.com", true */ 'w', 'o', 'l', 'f', 'y', '1', '3', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "wolkenspeicher.org", true */ 'w', 'o', 'l', 'k', 'e', 'n', 's', 'p', 'e', 'i', 'c', 'h', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "wollekorb.de", true */ 'w', 'o', 'l', 'l', 'e', 'k', 'o', 'r', 'b', '.', 'd', 'e', '\0',
+  /* "wollongongbaptist.hopto.org", true */ 'w', 'o', 'l', 'l', 'o', 'n', 'g', 'o', 'n', 'g', 'b', 'a', 'p', 't', 'i', 's', 't', '.', 'h', 'o', 'p', 't', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "wollwerk.org", true */ 'w', 'o', 'l', 'l', 'w', 'e', 'r', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "wolszon.me", true */ 'w', 'o', 'l', 's', 'z', 'o', 'n', '.', 'm', 'e', '\0',
+  /* "womb.city", true */ 'w', 'o', 'm', 'b', '.', 'c', 'i', 't', 'y', '\0',
+  /* "wombatalla.com.au", true */ 'w', 'o', 'm', 'b', 'a', 't', 'a', 'l', 'l', 'a', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "wombats.net", true */ 'w', 'o', 'm', 'b', 'a', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "women-only.net", true */ 'w', 'o', 'm', 'e', 'n', '-', 'o', 'n', 'l', 'y', '.', 'n', 'e', 't', '\0',
+  /* "womenshairlossproject.com", true */ 'w', 'o', 'm', 'e', 'n', 's', 'h', 'a', 'i', 'r', 'l', 'o', 's', 's', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wonabo.com", true */ 'w', 'o', 'n', 'a', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wonderbill.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'b', 'i', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wondergorilla.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'g', 'o', 'r', 'i', 'l', 'l', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wonderhost.info", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 's', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wonderhowto.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'h', 'o', 'w', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wonderlandmovies.de", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'l', 'a', 'n', 'd', 'm', 'o', 'v', 'i', 'e', 's', '.', 'd', 'e', '\0',
+  /* "wondermags.com", true */ 'w', 'o', 'n', 'd', 'e', 'r', 'm', 'a', 'g', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wondershift.biz", true */ 'w', 'o', 'n', 'd', 'e', 'r', 's', 'h', 'i', 'f', 't', '.', 'b', 'i', 'z', '\0',
+  /* "woodbury.io", true */ 'w', 'o', 'o', 'd', 'b', 'u', 'r', 'y', '.', 'i', 'o', '\0',
+  /* "woodev.us", true */ 'w', 'o', 'o', 'd', 'e', 'v', '.', 'u', 's', '\0',
+  /* "woodlandhillselectrical.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'h', 'i', 'l', 'l', 's', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "woodlandsmetro.church", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'm', 'e', 't', 'r', 'o', '.', 'c', 'h', 'u', 'r', 'c', 'h', '\0',
+  /* "woodlandsvale.uk", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 's', 'v', 'a', 'l', 'e', '.', 'u', 'k', '\0',
+  /* "woodlandwindows.com", true */ 'w', 'o', 'o', 'd', 'l', 'a', 'n', 'd', 'w', 'i', 'n', 'd', 'o', 'w', 's', '.', 'c', 'o', 'm', '\0',
+  /* "woodomat.com", true */ 'w', 'o', 'o', 'd', 'o', 'm', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "woodsidepottery.ca", true */ 'w', 'o', 'o', 'd', 's', 'i', 'd', 'e', 'p', 'o', 't', 't', 'e', 'r', 'y', '.', 'c', 'a', '\0',
+  /* "woof.gq", true */ 'w', 'o', 'o', 'f', '.', 'g', 'q', '\0',
+  /* "woohooyeah.nl", true */ 'w', 'o', 'o', 'h', 'o', 'o', 'y', 'e', 'a', 'h', '.', 'n', 'l', '\0',
+  /* "woontegelwinkel.nl", true */ 'w', 'o', 'o', 'n', 't', 'e', 'g', 'e', 'l', 'w', 'i', 'n', 'k', 'e', 'l', '.', 'n', 'l', '\0',
+  /* "wooplagaming.com", true */ 'w', 'o', 'o', 'p', 'l', 'a', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wootware.co.za", true */ 'w', 'o', 'o', 't', 'w', 'a', 'r', 'e', '.', 'c', 'o', '.', 'z', 'a', '\0',
+  /* "worcade.net", true */ 'w', 'o', 'r', 'c', 'a', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "worcesterbouncycastlehire.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 'h', 'i', 'r', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worcesterbouncycastles.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worcesterdance.org", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'd', 'a', 'n', 'c', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "worcesterfestival.co.uk", true */ 'w', 'o', 'r', 'c', 'e', 's', 't', 'e', 'r', 'f', 'e', 's', 't', 'i', 'v', 'a', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "word-grabber.com", true */ 'w', 'o', 'r', 'd', '-', 'g', 'r', 'a', 'b', 'b', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordbits.net", true */ 'w', 'o', 'r', 'd', 'b', 'i', 't', 's', '.', 'n', 'e', 't', '\0',
+  /* "wordcounter.net", true */ 'w', 'o', 'r', 'd', 'c', 'o', 'u', 'n', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "wordher.com", true */ 'w', 'o', 'r', 'd', 'h', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordplay.one", true */ 'w', 'o', 'r', 'd', 'p', 'l', 'a', 'y', '.', 'o', 'n', 'e', '\0',
+  /* "wordpress.com", false */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wordpresspro.cl", true */ 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', 'p', 'r', 'o', '.', 'c', 'l', '\0',
+  /* "wordsmart.it", true */ 'w', 'o', 'r', 'd', 's', 'm', 'a', 'r', 't', '.', 'i', 't', '\0',
+  /* "wordsofamaster.com", true */ 'w', 'o', 'r', 'd', 's', 'o', 'f', 'a', 'm', 'a', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wordspy.com", true */ 'w', 'o', 'r', 'd', 's', 'p', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wordxtra.net", true */ 'w', 'o', 'r', 'd', 'x', 't', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "work-in-progress.website", true */ 'w', 'o', 'r', 'k', '-', 'i', 'n', '-', 'p', 'r', 'o', 'g', 'r', 'e', 's', 's', '.', 'w', 'e', 'b', 's', 'i', 't', 'e', '\0',
+  /* "workcelerator.com", true */ 'w', 'o', 'r', 'k', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "workcloud.jp", true */ 'w', 'o', 'r', 'k', 'c', 'l', 'o', 'u', 'd', '.', 'j', 'p', '\0',
+  /* "workingmachine.info", true */ 'w', 'o', 'r', 'k', 'i', 'n', 'g', 'm', 'a', 'c', 'h', 'i', 'n', 'e', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "workplaces.online", true */ 'w', 'o', 'r', 'k', 'p', 'l', 'a', 'c', 'e', 's', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "workraw.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "workray.com", true */ 'w', 'o', 'r', 'k', 'r', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "works-ginan.jp", true */ 'w', 'o', 'r', 'k', 's', '-', 'g', 'i', 'n', 'a', 'n', '.', 'j', 'p', '\0',
+  /* "worksofwyoming.org", true */ 'w', 'o', 'r', 'k', 's', 'o', 'f', 'w', 'y', 'o', 'm', 'i', 'n', 'g', '.', 'o', 'r', 'g', '\0',
+  /* "workwithgo.com", true */ 'w', 'o', 'r', 'k', 'w', 'i', 't', 'h', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "world-education-association.org", true */ 'w', 'o', 'r', 'l', 'd', '-', 'e', 'd', 'u', 'c', 'a', 't', 'i', 'o', 'n', '-', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "world-in-my-eyes.com", true */ 'w', 'o', 'r', 'l', 'd', '-', 'i', 'n', '-', 'm', 'y', '-', 'e', 'y', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldchess.london", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'h', 'e', 's', 's', '.', 'l', 'o', 'n', 'd', 'o', 'n', '\0',
+  /* "worldcigars.com.br", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'i', 'g', 'a', 'r', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "worldcrafts.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'r', 'a', 'f', 't', 's', '.', 'o', 'r', 'g', '\0',
+  /* "worldcubeassociation.org", true */ 'w', 'o', 'r', 'l', 'd', 'c', 'u', 'b', 'e', 'a', 's', 's', 'o', 'c', 'i', 'a', 't', 'i', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "worldessays.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldeventscalendars.com", true */ 'w', 'o', 'r', 'l', 'd', 'e', 'v', 'e', 'n', 't', 's', 'c', 'a', 'l', 'e', 'n', 'd', 'a', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldnettps.com", true */ 'w', 'o', 'r', 'l', 'd', 'n', 'e', 't', 't', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldofbelia.de", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'b', 'e', 'l', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "worldofparties.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'p', 'a', 'r', 't', 'i', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worldofterra.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 't', 'e', 'r', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "worldofvnc.net", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'v', 'n', 'c', '.', 'n', 'e', 't', '\0',
+  /* "worldofwobble.co.uk", true */ 'w', 'o', 'r', 'l', 'd', 'o', 'f', 'w', 'o', 'b', 'b', 'l', 'e', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "worldpovertysolutions.org", true */ 'w', 'o', 'r', 'l', 'd', 'p', 'o', 'v', 'e', 'r', 't', 'y', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "worldsgreatestazuredemo.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'g', 'r', 'e', 'a', 't', 'e', 's', 't', 'a', 'z', 'u', 'r', 'e', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "worldsoccerclips.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 'o', 'c', 'c', 'e', 'r', 'c', 'l', 'i', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "worldstone777.com", true */ 'w', 'o', 'r', 'l', 'd', 's', 't', 'o', 'n', 'e', '7', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wormbytes.ca", true */ 'w', 'o', 'r', 'm', 'b', 'y', 't', 'e', 's', '.', 'c', 'a', '\0',
+  /* "wormdisk.net", true */ 'w', 'o', 'r', 'm', 'd', 'i', 's', 'k', '.', 'n', 'e', 't', '\0',
+  /* "wormholevpn.net", true */ 'w', 'o', 'r', 'm', 'h', 'o', 'l', 'e', 'v', 'p', 'n', '.', 'n', 'e', 't', '\0',
+  /* "worst.horse", false */ 'w', 'o', 'r', 's', 't', '.', 'h', 'o', 'r', 's', 'e', '\0',
+  /* "wort-suchen.de", true */ 'w', 'o', 'r', 't', '-', 's', 'u', 'c', 'h', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "woshiluo.site", true */ 'w', 'o', 's', 'h', 'i', 'l', 'u', 'o', '.', 's', 'i', 't', 'e', '\0',
+  /* "wot-tudasbazis.hu", true */ 'w', 'o', 't', '-', 't', 'u', 'd', 'a', 's', 'b', 'a', 'z', 'i', 's', '.', 'h', 'u', '\0',
+  /* "wotra-register.com", true */ 'w', 'o', 't', 'r', 'a', '-', 'r', 'e', 'g', 'i', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "woudenberg.nl", true */ 'w', 'o', 'u', 'd', 'e', 'n', 'b', 'e', 'r', 'g', '.', 'n', 'l', '\0',
+  /* "woufbox.com", true */ 'w', 'o', 'u', 'f', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "woutergeraedts.nl", true */ 'w', 'o', 'u', 't', 'e', 'r', 'g', 'e', 'r', 'a', 'e', 'd', 't', 's', '.', 'n', 'l', '\0',
+  /* "woutervdb.com", true */ 'w', 'o', 'u', 't', 'e', 'r', 'v', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wow-travel.eu", true */ 'w', 'o', 'w', '-', 't', 'r', 'a', 'v', 'e', 'l', '.', 'e', 'u', '\0',
+  /* "wowaffixes.info", true */ 'w', 'o', 'w', 'a', 'f', 'f', 'i', 'x', 'e', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wowbouncycastles.co.uk", true */ 'w', 'o', 'w', 'b', 'o', 'u', 'n', 'c', 'y', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wowhelp.it", true */ 'w', 'o', 'w', 'h', 'e', 'l', 'p', '.', 'i', 't', '\0',
+  /* "wowjs.co.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wowjs.org", true */ 'w', 'o', 'w', 'j', 's', '.', 'o', 'r', 'g', '\0',
+  /* "wowjs.uk", true */ 'w', 'o', 'w', 'j', 's', '.', 'u', 'k', '\0',
+  /* "wownmedia.com", true */ 'w', 'o', 'w', 'n', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wozalapha.com", true */ 'w', 'o', 'z', 'a', 'l', 'a', 'p', 'h', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "wp-bullet.com", true */ 'w', 'p', '-', 'b', 'u', 'l', 'l', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wp-master.org", true */ 'w', 'p', '-', 'm', 'a', 's', 't', 'e', 'r', '.', 'o', 'r', 'g', '\0',
+  /* "wp-mix.com", true */ 'w', 'p', '-', 'm', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wp-securehosting.com", true */ 'w', 'p', '-', 's', 'e', 'c', 'u', 'r', 'e', 'h', 'o', 's', 't', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "wp-site1.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '1', '.', 'c', 'o', 'm', '\0',
+  /* "wp-site2.com", true */ 'w', 'p', '-', 's', 'i', 't', 'e', '2', '.', 'c', 'o', 'm', '\0',
+  /* "wp-tao.com", true */ 'w', 'p', '-', 't', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wpac.de", true */ 'w', 'p', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "wpandup.org", true */ 'w', 'p', 'a', 'n', 'd', 'u', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "wpcharged.nz", true */ 'w', 'p', 'c', 'h', 'a', 'r', 'g', 'e', 'd', '.', 'n', 'z', '\0',
+  /* "wpdesigner.ir", true */ 'w', 'p', 'd', 'e', 's', 'i', 'g', 'n', 'e', 'r', '.', 'i', 'r', '\0',
+  /* "wpdirecto.com", true */ 'w', 'p', 'd', 'i', 'r', 'e', 'c', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wpenhance.com", true */ 'w', 'p', 'e', 'n', 'h', 'a', 'n', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wpg-inc.com", true */ 'w', 'p', 'g', '-', 'i', 'n', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "wphostingblog.nl", true */ 'w', 'p', 'h', 'o', 's', 't', 'i', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'n', 'l', '\0',
+  /* "wpinfos.de", true */ 'w', 'p', 'i', 'n', 'f', 'o', 's', '.', 'd', 'e', '\0',
+  /* "wpinter.com", true */ 'w', 'p', 'i', 'n', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wpldn.uk", true */ 'w', 'p', 'l', 'd', 'n', '.', 'u', 'k', '\0',
+  /* "wpletter.de", false */ 'w', 'p', 'l', 'e', 't', 't', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "wpmeetup-berlin.de", true */ 'w', 'p', 'm', 'e', 'e', 't', 'u', 'p', '-', 'b', 'e', 'r', 'l', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "wpostats.com", true */ 'w', 'p', 'o', 's', 't', 'a', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wprevs.com", true */ 'w', 'p', 'r', 'e', 'v', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpscans.com", true */ 'w', 'p', 's', 'c', 'a', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpserp.com", true */ 'w', 'p', 's', 'e', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wpsharks.com", true */ 'w', 'p', 's', 'h', 'a', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wpsnelheid.nl", true */ 'w', 'p', 's', 'n', 'e', 'l', 'h', 'e', 'i', 'd', '.', 'n', 'l', '\0',
+  /* "wpsono.com", true */ 'w', 'p', 's', 'o', 'n', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "wptotal.com", true */ 'w', 'p', 't', 'o', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wpvulndb.com", true */ 'w', 'p', 'v', 'u', 'l', 'n', 'd', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wr.su", true */ 'w', 'r', '.', 's', 'u', '\0',
+  /* "wrapitup.co.uk", true */ 'w', 'r', 'a', 'p', 'i', 't', 'u', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wrara.org", true */ 'w', 'r', 'a', 'r', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "wrc-results.com", true */ 'w', 'r', 'c', '-', 'r', 'e', 's', 'u', 'l', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wrdcfiles.ca", true */ 'w', 'r', 'd', 'c', 'f', 'i', 'l', 'e', 's', '.', 'c', 'a', '\0',
+  /* "wrenwrites.com", true */ 'w', 'r', 'e', 'n', 'w', 'r', 'i', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wrfu.co.nz", true */ 'w', 'r', 'f', 'u', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "wrgms.com", true */ 'w', 'r', 'g', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wriedts.de", true */ 'w', 'r', 'i', 'e', 'd', 't', 's', '.', 'd', 'e', '\0',
+  /* "write-right.net", true */ 'w', 'r', 'i', 't', 'e', '-', 'r', 'i', 'g', 'h', 't', '.', 'n', 'e', 't', '\0',
+  /* "writeandedit-for-you.com", true */ 'w', 'r', 'i', 't', 'e', 'a', 'n', 'd', 'e', 'd', 'i', 't', '-', 'f', 'o', 'r', '-', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "writecustomessay.com", true */ 'w', 'r', 'i', 't', 'e', 'c', 'u', 's', 't', 'o', 'm', 'e', 's', 's', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "writemyessay.info", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "writemyessays.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'e', 's', 's', 'a', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "writemypaperhub.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 'p', 'a', 'p', 'e', 'r', 'h', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "writemytermpapers.com", true */ 'w', 'r', 'i', 't', 'e', 'm', 'y', 't', 'e', 'r', 'm', 'p', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "writeoff.me", true */ 'w', 'r', 'i', 't', 'e', 'o', 'f', 'f', '.', 'm', 'e', '\0',
+  /* "writepride.com", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'i', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "writepro.net", true */ 'w', 'r', 'i', 't', 'e', 'p', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "writereditor.com", true */ 'w', 'r', 'i', 't', 'e', 'r', 'e', 'd', 'i', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "writing-expert.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'e', 'x', 'p', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "writing-job-online.com", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', '-', 'j', 'o', 'b', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "writingcities.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 'c', 'i', 't', 'i', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "writingtoserve.net", true */ 'w', 'r', 'i', 't', 'i', 'n', 'g', 't', 'o', 's', 'e', 'r', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wrksheet.com", true */ 'w', 'r', 'k', 's', 'h', 'e', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wroffle.com", true */ 'w', 'r', 'o', 'f', 'f', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "wromeapp.com", true */ 'w', 'r', 'o', 'm', 'e', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wrongware.cz", true */ 'w', 'r', 'o', 'n', 'g', 'w', 'a', 'r', 'e', '.', 'c', 'z', '\0',
+  /* "wrp.gov", true */ 'w', 'r', 'p', '.', 'g', 'o', 'v', '\0',
+  /* "wsa.poznan.pl", true */ 'w', 's', 'a', '.', 'p', 'o', 'z', 'n', 'a', 'n', '.', 'p', 'l', '\0',
+  /* "wsb-immo.at", true */ 'w', 's', 'b', '-', 'i', 'm', 'm', 'o', '.', 'a', 't', '\0',
+  /* "wscales.com", true */ 'w', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wsdcapital.com", true */ 'w', 's', 'd', 'c', 'a', 'p', 'i', 't', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "wselektro.de", true */ 'w', 's', 'e', 'l', 'e', 'k', 't', 'r', 'o', '.', 'd', 'e', '\0',
+  /* "wsgvet.com", true */ 'w', 's', 'g', 'v', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wss.com.ve", true */ 'w', 's', 's', '.', 'c', 'o', 'm', '.', 'v', 'e', '\0',
+  /* "wsspalluto.de", true */ 'w', 's', 's', 'p', 'a', 'l', 'l', 'u', 't', 'o', '.', 'd', 'e', '\0',
+  /* "wssv.ch", true */ 'w', 's', 's', 'v', '.', 'c', 'h', '\0',
+  /* "wstudio.ch", true */ 'w', 's', 't', 'u', 'd', 'i', 'o', '.', 'c', 'h', '\0',
+  /* "wstx.com", true */ 'w', 's', 't', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "wsv-grafenau.de", true */ 'w', 's', 'v', '-', 'g', 'r', 'a', 'f', 'e', 'n', 'a', 'u', '.', 'd', 'e', '\0',
+  /* "wsyy.info", true */ 'w', 's', 'y', 'y', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "wt-server3.de", true */ 'w', 't', '-', 's', 'e', 'r', 'v', 'e', 'r', '3', '.', 'd', 'e', '\0',
+  /* "wtf.ninja", true */ 'w', 't', 'f', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "wtfismyip.com", true */ 'w', 't', 'f', 'i', 's', 'm', 'y', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "wth.in", true */ 'w', 't', 'h', '.', 'i', 'n', '\0',
+  /* "wtpmj.com", true */ 'w', 't', 'p', 'm', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "wtw.io", true */ 'w', 't', 'w', '.', 'i', 'o', '\0',
+  /* "wubify.com", true */ 'w', 'u', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wuerfel.wf", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', '.', 'w', 'f', '\0',
+  /* "wuerfelmail.de", true */ 'w', 'u', 'e', 'r', 'f', 'e', 'l', 'm', 'a', 'i', 'l', '.', 'd', 'e', '\0',
+  /* "wufu.org", false */ 'w', 'u', 'f', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "wufupay.com", true */ 'w', 'u', 'f', 'u', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wug.jp", true */ 'w', 'u', 'g', '.', 'j', 'p', '\0',
+  /* "wug.news", true */ 'w', 'u', 'g', '.', 'n', 'e', 'w', 's', '\0',
+  /* "wuji.cz", true */ 'w', 'u', 'j', 'i', '.', 'c', 'z', '\0',
+  /* "wukongmusic.us", false */ 'w', 'u', 'k', 'o', 'n', 'g', 'm', 'u', 's', 'i', 'c', '.', 'u', 's', '\0',
+  /* "wumbo.cf", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'f', '\0',
+  /* "wumbo.co.nz", true */ 'w', 'u', 'm', 'b', 'o', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "wumbo.ga", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'a', '\0',
+  /* "wumbo.gq", true */ 'w', 'u', 'm', 'b', 'o', '.', 'g', 'q', '\0',
+  /* "wumbo.kiwi", true */ 'w', 'u', 'm', 'b', 'o', '.', 'k', 'i', 'w', 'i', '\0',
+  /* "wumbo.ml", true */ 'w', 'u', 'm', 'b', 'o', '.', 'm', 'l', '\0',
+  /* "wumbo.tk", true */ 'w', 'u', 'm', 'b', 'o', '.', 't', 'k', '\0',
+  /* "wunderkarten.de", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'k', 'a', 'r', 't', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "wunderlist.com", true */ 'w', 'u', 'n', 'd', 'e', 'r', 'l', 'i', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "wundi.net", true */ 'w', 'u', 'n', 'd', 'i', '.', 'n', 'e', 't', '\0',
+  /* "wutianyi.com", true */ 'w', 'u', 't', 'i', 'a', 'n', 'y', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wuyue.photo", true */ 'w', 'u', 'y', 'u', 'e', '.', 'p', 'h', 'o', 't', 'o', '\0',
+  /* "wv-n.de", true */ 'w', 'v', '-', 'n', '.', 'd', 'e', '\0',
+  /* "wvg.myds.me", true */ 'w', 'v', 'g', '.', 'm', 'y', 'd', 's', '.', 'm', 'e', '\0',
+  /* "wvw-8522.com", true */ 'w', 'v', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "wvw698.com", true */ 'w', 'v', 'w', '6', '9', '8', '.', 'c', 'o', 'm', '\0',
+  /* "wweforums.net", true */ 'w', 'w', 'e', 'f', 'o', 'r', 'u', 'm', 's', '.', 'n', 'e', 't', '\0',
+  /* "wweichen.com.cn", true */ 'w', 'w', 'e', 'i', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '.', 'c', 'n', '\0',
+  /* "wwgc2011.se", true */ 'w', 'w', 'g', 'c', '2', '0', '1', '1', '.', 's', 'e', '\0',
+  /* "wwv-8522.com", true */ 'w', 'w', 'v', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "www-33445.com", true */ 'w', 'w', 'w', '-', '3', '3', '4', '4', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www-49889.com", true */ 'w', 'w', 'w', '-', '4', '9', '8', '8', '9', '.', 'c', 'o', 'm', '\0',
+  /* "www-62755.com", true */ 'w', 'w', 'w', '-', '6', '2', '7', '5', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www-8522.am", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'a', 'm', '\0',
+  /* "www-8522.com", true */ 'w', 'w', 'w', '-', '8', '5', '2', '2', '.', 'c', 'o', 'm', '\0',
+  /* "www.aclu.org", false */ 'w', 'w', 'w', '.', 'a', 'c', 'l', 'u', '.', 'o', 'r', 'g', '\0',
+  /* "www.airbnb.com", true */ 'w', 'w', 'w', '.', 'a', 'i', 'r', 'b', 'n', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "www.amazon.ca", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'a', '\0',
+  /* "www.amazon.cn", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'n', '\0',
+  /* "www.amazon.co.jp", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "www.amazon.co.uk", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.amazon.com", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.amazon.com.au", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "www.amazon.com.br", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "www.amazon.com.mx", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "www.amazon.de", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "www.amazon.es", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'e', 's', '\0',
+  /* "www.amazon.fr", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "www.amazon.it", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'i', 't', '\0',
+  /* "www.amazon.nl", true */ 'w', 'w', 'w', '.', 'a', 'm', 'a', 'z', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "www.apollo-auto.com", false */ 'w', 'w', 'w', '.', 'a', 'p', 'o', 'l', 'l', 'o', '-', 'a', 'u', 't', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "www.banking.co.at", false */ 'w', 'w', 'w', '.', 'b', 'a', 'n', 'k', 'i', 'n', 'g', '.', 'c', 'o', '.', 'a', 't', '\0',
+  /* "www.braintreepayments.com", false */ 'w', 'w', 'w', '.', 'b', 'r', 'a', 'i', 'n', 't', 'r', 'e', 'e', 'p', 'a', 'y', 'm', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.calyxinstitute.org", false */ 'w', 'w', 'w', '.', 'c', 'a', 'l', 'y', 'x', 'i', 'n', 's', 't', 'i', 't', 'u', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "www.capitainetrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 'i', 't', 'a', 'i', 'n', 'e', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.captaintrain.com", false */ 'w', 'w', 'w', '.', 'c', 'a', 'p', 't', 'a', 'i', 'n', 't', 'r', 'a', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.cnet.com", true */ 'w', 'w', 'w', '.', 'c', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.dropbox.com", true */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "www.dropcam.com", false */ 'w', 'w', 'w', '.', 'd', 'r', 'o', 'p', 'c', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "www.entropia.de", false */ 'w', 'w', 'w', '.', 'e', 'n', 't', 'r', 'o', 'p', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "www.eternalgoth.co.uk", true */ 'w', 'w', 'w', '.', 'e', 't', 'e', 'r', 'n', 'a', 'l', 'g', 'o', 't', 'h', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.etsy.com", true */ 'w', 'w', 'w', '.', 'e', 't', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.evernote.com", false */ 'w', 'w', 'w', '.', 'e', 'v', 'e', 'r', 'n', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.facebook.com", false */ 'w', 'w', 'w', '.', 'f', 'a', 'c', 'e', 'b', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.fastmail.com", true */ 'w', 'w', 'w', '.', 'f', 'a', 's', 't', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.getcloak.com", false */ 'w', 'w', 'w', '.', 'g', 'e', 't', 'c', 'l', 'o', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.gmail.com", false */ 'w', 'w', 'w', '.', 'g', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.googlemail.com", false */ 'w', 'w', 'w', '.', 'g', 'o', 'o', 'g', 'l', 'e', 'm', 'a', 'i', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.gov.uk", false */ 'w', 'w', 'w', '.', 'g', 'o', 'v', '.', 'u', 'k', '\0',
+  /* "www.grc.com", false */ 'w', 'w', 'w', '.', 'g', 'r', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "www.healthcare.gov", false */ 'w', 'w', 'w', '.', 'h', 'e', 'a', 'l', 't', 'h', 'c', 'a', 'r', 'e', '.', 'g', 'o', 'v', '\0',
+  /* "www.heliosnet.com", true */ 'w', 'w', 'w', '.', 'h', 'e', 'l', 'i', 'o', 's', 'n', 'e', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.history.pe", true */ 'w', 'w', 'w', '.', 'h', 'i', 's', 't', 'o', 'r', 'y', '.', 'p', 'e', '\0',
+  /* "www.hyatt.com", false */ 'w', 'w', 'w', '.', 'h', 'y', 'a', 't', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.icann.org", false */ 'w', 'w', 'w', '.', 'i', 'c', 'a', 'n', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "www.intercom.io", true */ 'w', 'w', 'w', '.', 'i', 'n', 't', 'e', 'r', 'c', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "www.irccloud.com", false */ 'w', 'w', 'w', '.', 'i', 'r', 'c', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "www.lastpass.com", false */ 'w', 'w', 'w', '.', 'l', 'a', 's', 't', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.linode.com", false */ 'w', 'w', 'w', '.', 'l', 'i', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.lookout.com", false */ 'w', 'w', 'w', '.', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.makeyourlaws.org", true */ 'w', 'w', 'w', '.', 'm', 'a', 'k', 'e', 'y', 'o', 'u', 'r', 'l', 'a', 'w', 's', '.', 'o', 'r', 'g', '\0',
+  /* "www.messenger.com", true */ 'w', 'w', 'w', '.', 'm', 'e', 's', 's', 'e', 'n', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.mydigipass.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'd', 'i', 'g', 'i', 'p', 'a', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.mylookout.com", false */ 'w', 'w', 'w', '.', 'm', 'y', 'l', 'o', 'o', 'k', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "www.noisebridge.net", true */ 'w', 'w', 'w', '.', 'n', 'o', 'i', 's', 'e', 'b', 'r', 'i', 'd', 'g', 'e', '.', 'n', 'e', 't', '\0',
+  /* "www.opsmate.com", true */ 'w', 'w', 'w', '.', 'o', 'p', 's', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.paypal.com", false */ 'w', 'w', 'w', '.', 'p', 'a', 'y', 'p', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "www.python.org", true */ 'w', 'w', 'w', '.', 'p', 'y', 't', 'h', 'o', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "www.rememberthemilk.com", true */ 'w', 'w', 'w', '.', 'r', 'e', 'm', 'e', 'm', 'b', 'e', 'r', 't', 'h', 'e', 'm', 'i', 'l', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "www.simbolo.co.uk", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'b', 'o', 'l', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "www.simple.com", false */ 'w', 'w', 'w', '.', 's', 'i', 'm', 'p', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "www.theguardian.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'g', 'u', 'a', 'r', 'd', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "www.therapynotes.com", true */ 'w', 'w', 'w', '.', 't', 'h', 'e', 'r', 'a', 'p', 'y', 'n', 'o', 't', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www.tinfoilsecurity.com", false */ 'w', 'w', 'w', '.', 't', 'i', 'n', 'f', 'o', 'i', 'l', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.torproject.org", false */ 'w', 'w', 'w', '.', 't', 'o', 'r', 'p', 'r', 'o', 'j', 'e', 'c', 't', '.', 'o', 'r', 'g', '\0',
+  /* "www.tumblr.com", false */ 'w', 'w', 'w', '.', 't', 'u', 'm', 'b', 'l', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.twitter.com", false */ 'w', 'w', 'w', '.', 't', 'w', 'i', 't', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "www.united.com", true */ 'w', 'w', 'w', '.', 'u', 'n', 'i', 't', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "www.usaa.com", false */ 'w', 'w', 'w', '.', 'u', 's', 'a', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "www.vino75.com", false */ 'w', 'w', 'w', '.', 'v', 'i', 'n', 'o', '7', '5', '.', 'c', 'o', 'm', '\0',
+  /* "www.wepay.com", false */ 'w', 'w', 'w', '.', 'w', 'e', 'p', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "www.wordpress.com", false */ 'w', 'w', 'w', '.', 'w', 'o', 'r', 'd', 'p', 'r', 'e', 's', 's', '.', 'c', 'o', 'm', '\0',
+  /* "www68277.com", true */ 'w', 'w', 'w', '6', '8', '2', '7', '7', '.', 'c', 'o', 'm', '\0',
+  /* "wxcafe.net", true */ 'w', 'x', 'c', 'a', 'f', 'e', '.', 'n', 'e', 't', '\0',
+  /* "wxh.jp", true */ 'w', 'x', 'h', '.', 'j', 'p', '\0',
+  /* "wxrlab.com", true */ 'w', 'x', 'r', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "wxster.com", true */ 'w', 'x', 's', 't', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "wy6.org", true */ 'w', 'y', '6', '.', 'o', 'r', 'g', '\0',
+  /* "wyam.io", true */ 'w', 'y', 'a', 'm', '.', 'i', 'o', '\0',
+  /* "wyday.com", true */ 'w', 'y', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "wyeworks.com", true */ 'w', 'y', 'e', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "wygibanki.pl", true */ 'w', 'y', 'g', 'i', 'b', 'a', 'n', 'k', 'i', '.', 'p', 'l', '\0',
+  /* "wygodnie.pl", true */ 'w', 'y', 'g', 'o', 'd', 'n', 'i', 'e', '.', 'p', 'l', '\0',
+  /* "wynterhill.co.uk", true */ 'w', 'y', 'n', 't', 'e', 'r', 'h', 'i', 'l', 'l', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "wypemagazine.se", true */ 'w', 'y', 'p', 'e', 'm', 'a', 'g', 'a', 'z', 'i', 'n', 'e', '.', 's', 'e', '\0',
+  /* "wyssmuller.ch", true */ 'w', 'y', 's', 's', 'm', 'u', 'l', 'l', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "wyu.cc", true */ 'w', 'y', 'u', '.', 'c', 'c', '\0',
+  /* "wyzwaniemilosci.com", true */ 'w', 'y', 'z', 'w', 'a', 'n', 'i', 'e', 'm', 'i', 'l', 'o', 's', 'c', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "wzrd.in", true */ 'w', 'z', 'r', 'd', '.', 'i', 'n', '\0',
+  /* "wzyboy.org", true */ 'w', 'z', 'y', 'b', 'o', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "x-iweb.ru", true */ 'x', '-', 'i', 'w', 'e', 'b', '.', 'r', 'u', '\0',
+  /* "x-lan.be", true */ 'x', '-', 'l', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "x-pertservice.com", true */ 'x', '-', 'p', 'e', 'r', 't', 's', 'e', 'r', 'v', 'i', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "x.io", true */ 'x', '.', 'i', 'o', '\0',
+  /* "x.st", true */ 'x', '.', 's', 't', '\0',
+  /* "x0r.be", true */ 'x', '0', 'r', '.', 'b', 'e', '\0',
+  /* "x13.com", true */ 'x', '1', '3', '.', 'c', 'o', 'm', '\0',
+  /* "x1616.tk", true */ 'x', '1', '6', '1', '6', '.', 't', 'k', '\0',
+  /* "x2d2.de", true */ 'x', '2', 'd', '2', '.', 'd', 'e', '\0',
+  /* "x378.ch", true */ 'x', '3', '7', '8', '.', 'c', 'h', '\0',
+  /* "x509.io", true */ 'x', '5', '0', '9', '.', 'i', 'o', '\0',
+  /* "x64architecture.com", true */ 'x', '6', '4', 'a', 'r', 'c', 'h', 'i', 't', 'e', 'c', 't', 'u', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "x69.biz", true */ 'x', '6', '9', '.', 'b', 'i', 'z', '\0',
+  /* "x69x.net", true */ 'x', '6', '9', 'x', '.', 'n', 'e', 't', '\0',
+  /* "x7plus.com", true */ 'x', '7', 'p', 'l', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xa.search.yahoo.com", false */ 'x', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xa1.uk", true */ 'x', 'a', '1', '.', 'u', 'k', '\0',
+  /* "xalqbank-online.az", true */ 'x', 'a', 'l', 'q', 'b', 'a', 'n', 'k', '-', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'a', 'z', '\0',
+  /* "xatr0z.org", false */ 'x', 'a', 't', 'r', '0', 'z', '.', 'o', 'r', 'g', '\0',
+  /* "xawen.net", true */ 'x', 'a', 'w', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xbb.hk", true */ 'x', 'b', 'b', '.', 'h', 'k', '\0',
+  /* "xbb.li", true */ 'x', 'b', 'b', '.', 'l', 'i', '\0',
+  /* "xblau.com", true */ 'x', 'b', 'l', 'a', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xboxdownloadthat.com", true */ 'x', 'b', 'o', 'x', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 't', 'h', 'a', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xboxlivegoldshop.nl", true */ 'x', 'b', 'o', 'x', 'l', 'i', 'v', 'e', 'g', 'o', 'l', 'd', 's', 'h', 'o', 'p', '.', 'n', 'l', '\0',
+  /* "xboxonex.shop", true */ 'x', 'b', 'o', 'x', 'o', 'n', 'e', 'x', '.', 's', 'h', 'o', 'p', '\0',
+  /* "xbrlsuccess.appspot.com", true */ 'x', 'b', 'r', 'l', 's', 'u', 'c', 'c', 'e', 's', 's', '.', 'a', 'p', 'p', 's', 'p', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xbt.co", true */ 'x', 'b', 't', '.', 'c', 'o', '\0',
+  /* "xbtce.com", true */ 'x', 'b', 't', 'c', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xbtmusic.org", false */ 'x', 'b', 't', 'm', 'u', 's', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "xcelerator.ninja", true */ 'x', 'c', 'e', 'l', 'e', 'r', 'a', 't', 'o', 'r', '.', 'n', 'i', 'n', 'j', 'a', '\0',
+  /* "xcentricmold.com", true */ 'x', 'c', 'e', 'n', 't', 'r', 'i', 'c', 'm', 'o', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xclirion-support.de", true */ 'x', 'c', 'l', 'i', 'r', 'i', 'o', 'n', '-', 's', 'u', 'p', 'p', 'o', 'r', 't', '.', 'd', 'e', '\0',
+  /* "xcorpsolutions.com", true */ 'x', 'c', 'o', 'r', 'p', 's', 'o', 'l', 'u', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xd.cm", true */ 'x', 'd', '.', 'c', 'm', '\0',
+  /* "xd.fi", true */ 'x', 'd', '.', 'f', 'i', '\0',
+  /* "xdavidhu.me", true */ 'x', 'd', 'a', 'v', 'i', 'd', 'h', 'u', '.', 'm', 'e', '\0',
+  /* "xdeftor.com", true */ 'x', 'd', 'e', 'f', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xdty.org", true */ 'x', 'd', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "xecure.zone", true */ 'x', 'e', 'c', 'u', 'r', 'e', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "xecureit.com", true */ 'x', 'e', 'c', 'u', 'r', 'e', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xeedbeam.me", true */ 'x', 'e', 'e', 'd', 'b', 'e', 'a', 'm', '.', 'm', 'e', '\0',
+  /* "xega.org", true */ 'x', 'e', 'g', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xehost.com", true */ 'x', 'e', 'h', 'o', 's', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xenomedia.nl", true */ 'x', 'e', 'n', 'o', 'm', 'e', 'd', 'i', 'a', '.', 'n', 'l', '\0',
+  /* "xenophile.name", true */ 'x', 'e', 'n', 'o', 'p', 'h', 'i', 'l', 'e', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "xenosphere.tk", true */ 'x', 'e', 'n', 'o', 's', 'p', 'h', 'e', 'r', 'e', '.', 't', 'k', '\0',
+  /* "xenotropegames.com", true */ 'x', 'e', 'n', 'o', 't', 'r', 'o', 'p', 'e', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xenoworld.de", true */ 'x', 'e', 'n', 'o', 'w', 'o', 'r', 'l', 'd', '.', 'd', 'e', '\0',
+  /* "xerblade.com", true */ 'x', 'e', 'r', 'b', 'l', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xerhost.de", true */ 'x', 'e', 'r', 'h', 'o', 's', 't', '.', 'd', 'e', '\0',
+  /* "xetown.com", true */ 'x', 'e', 't', 'o', 'w', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xfce.space", true */ 'x', 'f', 'c', 'e', '.', 's', 'p', 'a', 'c', 'e', '\0',
+  /* "xferion.com", true */ 'x', 'f', 'e', 'r', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xfix.pw", true */ 'x', 'f', 'i', 'x', '.', 'p', 'w', '\0',
+  /* "xfrag-networks.com", false */ 'x', 'f', 'r', 'a', 'g', '-', 'n', 'e', 't', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xg3n1us.de", false */ 'x', 'g', '3', 'n', '1', 'u', 's', '.', 'd', 'e', '\0',
+  /* "xgame.com.tr", true */ 'x', 'g', 'a', 'm', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "xgclan.com", true */ 'x', 'g', 'c', 'l', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xgn.es", true */ 'x', 'g', 'n', '.', 'e', 's', '\0',
+  /* "xhadius.de", true */ 'x', 'h', 'a', 'd', 'i', 'u', 's', '.', 'd', 'e', '\0',
+  /* "xho.me", true */ 'x', 'h', 'o', '.', 'm', 'e', '\0',
+  /* "xiamenshipbuilding.com", true */ 'x', 'i', 'a', 'm', 'e', 'n', 's', 'h', 'i', 'p', 'b', 'u', 'i', 'l', 'd', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xiamuzi.com", true */ 'x', 'i', 'a', 'm', 'u', 'z', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xiangblog.com", true */ 'x', 'i', 'a', 'n', 'g', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xiangweiqing.co.uk", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'i', 'q', 'i', 'n', 'g', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "xiangwenquan.me", true */ 'x', 'i', 'a', 'n', 'g', 'w', 'e', 'n', 'q', 'u', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "xiaofengsky.com", true */ 'x', 'i', 'a', 'o', 'f', 'e', 'n', 'g', 's', 'k', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "xiaoguo.net", false */ 'x', 'i', 'a', 'o', 'g', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "xiaolan.me", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "xiaolanglang.net", true */ 'x', 'i', 'a', 'o', 'l', 'a', 'n', 'g', 'l', 'a', 'n', 'g', '.', 'n', 'e', 't', '\0',
+  /* "xiaomi.eu", true */ 'x', 'i', 'a', 'o', 'm', 'i', '.', 'e', 'u', '\0',
+  /* "xiaoniaoyou.com", true */ 'x', 'i', 'a', 'o', 'n', 'i', 'a', 'o', 'y', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xiaowutou.com", true */ 'x', 'i', 'a', 'o', 'w', 'u', 't', 'o', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "xiaoyu.net", true */ 'x', 'i', 'a', 'o', 'y', 'u', '.', 'n', 'e', 't', '\0',
+  /* "xiazhanjian.com", true */ 'x', 'i', 'a', 'z', 'h', 'a', 'n', 'j', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xichtsbuch.de", true */ 'x', 'i', 'c', 'h', 't', 's', 'b', 'u', 'c', 'h', '.', 'd', 'e', '\0',
+  /* "xichuangke.com", false */ 'x', 'i', 'c', 'h', 'u', 'a', 'n', 'g', 'k', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xicreative.net", true */ 'x', 'i', 'c', 'r', 'e', 'a', 't', 'i', 'v', 'e', '.', 'n', 'e', 't', '\0',
+  /* "xight.org", true */ 'x', 'i', 'g', 'h', 't', '.', 'o', 'r', 'g', '\0',
+  /* "xilef.org", true */ 'x', 'i', 'l', 'e', 'f', '.', 'o', 'r', 'g', '\0',
+  /* "xiliant.com", true */ 'x', 'i', 'l', 'i', 'a', 'n', 't', '.', 'c', 'o', 'm', '\0',
+  /* "xilkoi.net", true */ 'x', 'i', 'l', 'k', 'o', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ximage.me", false */ 'x', 'i', 'm', 'a', 'g', 'e', '.', 'm', 'e', '\0',
+  /* "ximbo.net", true */ 'x', 'i', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "xingiahanvisa.net", true */ 'x', 'i', 'n', 'g', 'i', 'a', 'h', 'a', 'n', 'v', 'i', 's', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xiqi.us", true */ 'x', 'i', 'q', 'i', '.', 'u', 's', '\0',
+  /* "xirion.net", true */ 'x', 'i', 'r', 'i', 'o', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xiyu.it", false */ 'x', 'i', 'y', 'u', '.', 'i', 't', '\0',
+  /* "xj8876.com", true */ 'x', 'j', '8', '8', '7', '6', '.', 'c', 'o', 'm', '\0',
+  /* "xjd.vision", true */ 'x', 'j', 'd', '.', 'v', 'i', 's', 'i', 'o', 'n', '\0',
+  /* "xjjeeps.com", true */ 'x', 'j', 'j', 'e', 'e', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xjoin.de", true */ 'x', 'j', 'o', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "xjpvictor.info", true */ 'x', 'j', 'p', 'v', 'i', 'c', 't', 'o', 'r', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xkblog.xyz", true */ 'x', 'k', 'b', 'l', 'o', 'g', '.', 'x', 'y', 'z', '\0',
+  /* "xkcd.pw", true */ 'x', 'k', 'c', 'd', '.', 'p', 'w', '\0',
+  /* "xkviz.net", true */ 'x', 'k', 'v', 'i', 'z', '.', 'n', 'e', 't', '\0',
+  /* "xlaff.com", true */ 'x', 'l', 'a', 'f', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "xlan.be", true */ 'x', 'l', 'a', 'n', '.', 'b', 'e', '\0',
+  /* "xlange.com", true */ 'x', 'l', 'a', 'n', 'g', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xlboo.com", true */ 'x', 'l', 'b', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xlfblog.com", true */ 'x', 'l', 'f', 'b', 'l', 'o', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xlinar.com", true */ 'x', 'l', 'i', 'n', 'a', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xmedius.ca", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'a', '\0',
+  /* "xmedius.com", false */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xmedius.eu", true */ 'x', 'm', 'e', 'd', 'i', 'u', 's', '.', 'e', 'u', '\0',
+  /* "xmenrevolution.com", true */ 'x', 'm', 'e', 'n', 'r', 'e', 'v', 'o', 'l', 'u', 't', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xmerak.com", true */ 'x', 'm', 'e', 'r', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "xmiui.com", true */ 'x', 'm', 'i', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xmlbeam.org", true */ 'x', 'm', 'l', 'b', 'e', 'a', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "xmonk.org", false */ 'x', 'm', 'o', 'n', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "xmpp.dk", true */ 'x', 'm', 'p', 'p', '.', 'd', 'k', '\0',
+  /* "xmppwocky.net", true */ 'x', 'm', 'p', 'p', 'w', 'o', 'c', 'k', 'y', '.', 'n', 'e', 't', '\0',
+  /* "xmr.to", true */ 'x', 'm', 'r', '.', 't', 'o', '\0',
+  /* "xn----7sbmucgqdbgwwc5e9b.xn--p1ai", true */ 'x', 'n', '-', '-', '-', '-', '7', 's', 'b', 'm', 'u', 'c', 'g', 'q', 'd', 'b', 'g', 'w', 'w', 'c', '5', 'e', '9', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn----8hcdn2ankm1bfq.com", true */ 'x', 'n', '-', '-', '-', '-', '8', 'h', 'c', 'd', 'n', '2', 'a', 'n', 'k', 'm', '1', 'b', 'f', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "xn--0kq33cz5c8wmwrqqw1d.com", true */ 'x', 'n', '-', '-', '0', 'k', 'q', '3', '3', 'c', 'z', '5', 'c', '8', 'w', 'm', 'w', 'r', 'q', 'q', 'w', '1', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--3lqp21gwna.cn", true */ 'x', 'n', '-', '-', '3', 'l', 'q', 'p', '2', '1', 'g', 'w', 'n', 'a', '.', 'c', 'n', '\0',
+  /* "xn--6x6a.life", true */ 'x', 'n', '-', '-', '6', 'x', '6', 'a', '.', 'l', 'i', 'f', 'e', '\0',
+  /* "xn--79q87uvkclvgd56ahq5a.net", true */ 'x', 'n', '-', '-', '7', '9', 'q', '8', '7', 'u', 'v', 'k', 'c', 'l', 'v', 'g', 'd', '5', '6', 'a', 'h', 'q', '5', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--7ca.co", true */ 'x', 'n', '-', '-', '7', 'c', 'a', '.', 'c', 'o', '\0',
+  /* "xn--7xa.google.com", true */ 'x', 'n', '-', '-', '7', 'x', 'a', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--80aaagmgvmvmcuoq7r.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'a', 'a', 'g', 'm', 'g', 'v', 'm', 'v', 'm', 'c', 'u', 'o', 'q', '7', 'r', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--80anogxed.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'n', 'o', 'g', 'x', 'e', 'd', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--80azelb.xn--p1ai", true */ 'x', 'n', '-', '-', '8', '0', 'a', 'z', 'e', 'l', 'b', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'i', '\0',
+  /* "xn--88j2fy28hbxmnnf9zlw5buzd.com", true */ 'x', 'n', '-', '-', '8', '8', 'j', '2', 'f', 'y', '2', '8', 'h', 'b', 'x', 'm', 'n', 'n', 'f', '9', 'z', 'l', 'w', '5', 'b', 'u', 'z', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--8dry00a7se89ay98epsgxxq.com", true */ 'x', 'n', '-', '-', '8', 'd', 'r', 'y', '0', '0', 'a', '7', 's', 'e', '8', '9', 'a', 'y', '9', '8', 'e', 'p', 's', 'g', 'x', 'x', 'q', '.', 'c', 'o', 'm', '\0',
+  /* "xn--8mr166hf6s.xn--fiqs8s", true */ 'x', 'n', '-', '-', '8', 'm', 'r', '1', '6', '6', 'h', 'f', '6', 's', '.', 'x', 'n', '-', '-', 'f', 'i', 'q', 's', '8', 's', '\0',
+  /* "xn--90accgba6bldkcbb7a.xn--p1acf", true */ 'x', 'n', '-', '-', '9', '0', 'a', 'c', 'c', 'g', 'b', 'a', '6', 'b', 'l', 'd', 'k', 'c', 'b', 'b', '7', 'a', '.', 'x', 'n', '-', '-', 'p', '1', 'a', 'c', 'f', '\0',
+  /* "xn--allgu-biker-o8a.de", true */ 'x', 'n', '-', '-', 'a', 'l', 'l', 'g', 'u', '-', 'b', 'i', 'k', 'e', 'r', '-', 'o', '8', 'a', '.', 'd', 'e', '\0',
+  /* "xn--aviao-dra1a.pt", true */ 'x', 'n', '-', '-', 'a', 'v', 'i', 'a', 'o', '-', 'd', 'r', 'a', '1', 'a', '.', 'p', 't', '\0',
+  /* "xn--baron-bonzenbru-elb.com", true */ 'x', 'n', '-', '-', 'b', 'a', 'r', 'o', 'n', '-', 'b', 'o', 'n', 'z', 'e', 'n', 'b', 'r', 'u', '-', 'e', 'l', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--berwachungspaket-izb.at", true */ 'x', 'n', '-', '-', 'b', 'e', 'r', 'w', 'a', 'c', 'h', 'u', 'n', 'g', 's', 'p', 'a', 'k', 'e', 't', '-', 'i', 'z', 'b', '.', 'a', 't', '\0',
+  /* "xn--brneruhr-0za.ch", true */ 'x', 'n', '-', '-', 'b', 'r', 'n', 'e', 'r', 'u', 'h', 'r', '-', '0', 'z', 'a', '.', 'c', 'h', '\0',
+  /* "xn--cck4ax91r.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '4', 'a', 'x', '9', '1', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cck7f515h.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', '7', 'f', '5', '1', '5', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cckdrt0kwb4g3cnh.com", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'd', 'r', 't', '0', 'k', 'w', 'b', '4', 'g', '3', 'c', 'n', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--cckvb1cwa0c5br5e2d2711k.net", true */ 'x', 'n', '-', '-', 'c', 'c', 'k', 'v', 'b', '1', 'c', 'w', 'a', '0', 'c', '5', 'b', 'r', '5', 'e', '2', 'd', '2', '7', '1', '1', 'k', '.', 'n', 'e', 't', '\0',
+  /* "xn--cctsgy36bnvprwpekc.com", true */ 'x', 'n', '-', '-', 'c', 'c', 't', 's', 'g', 'y', '3', '6', 'b', 'n', 'v', 'p', 'r', 'w', 'p', 'e', 'k', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xn--d1acj9c.xn--90ais", true */ 'x', 'n', '-', '-', 'd', '1', 'a', 'c', 'j', '9', 'c', '.', 'x', 'n', '-', '-', '9', '0', 'a', 'i', 's', '\0',
+  /* "xn--dcko6fsa5b1a8gyicbc.biz", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'o', '6', 'f', 's', 'a', '5', 'b', '1', 'a', '8', 'g', 'y', 'i', 'c', 'b', 'c', '.', 'b', 'i', 'z', '\0',
+  /* "xn--dckya4a0bya6x.com", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "xn--dckya4a0bya6x.jp", true */ 'x', 'n', '-', '-', 'd', 'c', 'k', 'y', 'a', '4', 'a', '0', 'b', 'y', 'a', '6', 'x', '.', 'j', 'p', '\0',
+  /* "xn--detrkl13b9sbv53j.com", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'c', 'o', 'm', '\0',
+  /* "xn--detrkl13b9sbv53j.org", true */ 'x', 'n', '-', '-', 'd', 'e', 't', 'r', 'k', 'l', '1', '3', 'b', '9', 's', 'b', 'v', '5', '3', 'j', '.', 'o', 'r', 'g', '\0',
+  /* "xn--dmonenjger-q5ag.net", true */ 'x', 'n', '-', '-', 'd', 'm', 'o', 'n', 'e', 'n', 'j', 'g', 'e', 'r', '-', 'q', '5', 'a', 'g', '.', 'n', 'e', 't', '\0',
+  /* "xn--dragni-g1a.de", true */ 'x', 'n', '-', '-', 'd', 'r', 'a', 'g', 'n', 'i', '-', 'g', '1', 'a', '.', 'd', 'e', '\0',
+  /* "xn--e--0g4aiy1b8rmfg3o.jp", true */ 'x', 'n', '-', '-', 'e', '-', '-', '0', 'g', '4', 'a', 'i', 'y', '1', 'b', '8', 'r', 'm', 'f', 'g', '3', 'o', '.', 'j', 'p', '\0',
+  /* "xn--e--4h4axau6ld4lna0g.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', '4', 'h', '4', 'a', 'x', 'a', 'u', '6', 'l', 'd', '4', 'l', 'n', 'a', '0', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--e--ig4a4c3f6bvc5et632i.com", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'i', 'g', '4', 'a', '4', 'c', '3', 'f', '6', 'b', 'v', 'c', '5', 'e', 't', '6', '3', '2', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "xn--e--k83a5h244w54gttk.xyz", true */ 'x', 'n', '-', '-', 'e', '-', '-', 'k', '8', '3', 'a', '5', 'h', '2', '4', '4', 'w', '5', '4', 'g', 't', 't', 'k', '.', 'x', 'y', 'z', '\0',
+  /* "xn--ecki0cd0bu9a4nsjb.com", true */ 'x', 'n', '-', '-', 'e', 'c', 'k', 'i', '0', 'c', 'd', '0', 'b', 'u', '9', 'a', '4', 'n', 's', 'j', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--erklderbarenben-slbh.dk", true */ 'x', 'n', '-', '-', 'e', 'r', 'k', 'l', 'd', 'e', 'r', 'b', 'a', 'r', 'e', 'n', 'b', 'e', 'n', '-', 's', 'l', 'b', 'h', '.', 'd', 'k', '\0',
+  /* "xn--f9jh4f4b4993b66s.tokyo", true */ 'x', 'n', '-', '-', 'f', '9', 'j', 'h', '4', 'f', '4', 'b', '4', '9', '9', '3', 'b', '6', '6', 's', '.', 't', 'o', 'k', 'y', 'o', '\0',
+  /* "xn--fischereiverein-mnsterhausen-i7c.de", true */ 'x', 'n', '-', '-', 'f', 'i', 's', 'c', 'h', 'e', 'r', 'e', 'i', 'v', 'e', 'r', 'e', 'i', 'n', '-', 'm', 'n', 's', 't', 'e', 'r', 'h', 'a', 'u', 's', 'e', 'n', '-', 'i', '7', 'c', '.', 'd', 'e', '\0',
+  /* "xn--grnderlehrstuhl-0vb.de", true */ 'x', 'n', '-', '-', 'g', 'r', 'n', 'd', 'e', 'r', 'l', 'e', 'h', 'r', 's', 't', 'u', 'h', 'l', '-', '0', 'v', 'b', '.', 'd', 'e', '\0',
+  /* "xn--hfk-allgu-schwaben-stb.de", true */ 'x', 'n', '-', '-', 'h', 'f', 'k', '-', 'a', 'l', 'l', 'g', 'u', '-', 's', 'c', 'h', 'w', 'a', 'b', 'e', 'n', '-', 's', 't', 'b', '.', 'd', 'e', '\0',
+  /* "xn--hllrigl-90a.at", true */ 'x', 'n', '-', '-', 'h', 'l', 'l', 'r', 'i', 'g', 'l', '-', '9', '0', 'a', '.', 'a', 't', '\0',
+  /* "xn--i2ru8q2qg.com", true */ 'x', 'n', '-', '-', 'i', '2', 'r', 'u', '8', 'q', '2', 'q', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--internetlnen-1cb.com", true */ 'x', 'n', '-', '-', 'i', 'n', 't', 'e', 'r', 'n', 'e', 't', 'l', 'n', 'e', 'n', '-', '1', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--jbs-tna.de", true */ 'x', 'n', '-', '-', 'j', 'b', 's', '-', 't', 'n', 'a', '.', 'd', 'e', '\0',
+  /* "xn--jda.tk", true */ 'x', 'n', '-', '-', 'j', 'd', 'a', '.', 't', 'k', '\0',
+  /* "xn--jp8hx8f.ws", true */ 'x', 'n', '-', '-', 'j', 'p', '8', 'h', 'x', '8', 'f', '.', 'w', 's', '\0',
+  /* "xn--jywq5uqwqxhd2onsij.jp", true */ 'x', 'n', '-', '-', 'j', 'y', 'w', 'q', '5', 'u', 'q', 'w', 'q', 'x', 'h', 'd', '2', 'o', 'n', 's', 'i', 'j', '.', 'j', 'p', '\0',
+  /* "xn--kda.tk", true */ 'x', 'n', '-', '-', 'k', 'd', 'a', '.', 't', 'k', '\0',
+  /* "xn--knstler-n2a.tips", false */ 'x', 'n', '-', '-', 'k', 'n', 's', 't', 'l', 'e', 'r', '-', 'n', '2', 'a', '.', 't', 'i', 'p', 's', '\0',
+  /* "xn--ktha-kamrater-pfba.se", true */ 'x', 'n', '-', '-', 'k', 't', 'h', 'a', '-', 'k', 'a', 'm', 'r', 'a', 't', 'e', 'r', '-', 'p', 'f', 'b', 'a', '.', 's', 'e', '\0',
+  /* "xn--lna-2000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '2', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0',
+  /* "xn--lna-4000-9za.nu", true */ 'x', 'n', '-', '-', 'l', 'n', 'a', '-', '4', '0', '0', '0', '-', '9', 'z', 'a', '.', 'n', 'u', '\0',
+  /* "xn--love-un4c7e0d4a.com", true */ 'x', 'n', '-', '-', 'l', 'o', 'v', 'e', '-', 'u', 'n', '4', 'c', '7', 'e', '0', 'd', '4', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--lsaupp-iua.se", true */ 'x', 'n', '-', '-', 'l', 's', 'a', 'u', 'p', 'p', '-', 'i', 'u', 'a', '.', 's', 'e', '\0',
+  /* "xn--lsupp-mra.net", true */ 'x', 'n', '-', '-', 'l', 's', 'u', 'p', 'p', '-', 'm', 'r', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--manuela-stsser-psb.de", true */ 'x', 'n', '-', '-', 'm', 'a', 'n', 'u', 'e', 'l', 'a', '-', 's', 't', 's', 's', 'e', 'r', '-', 'p', 's', 'b', '.', 'd', 'e', '\0',
+  /* "xn--maraa-rta.org", true */ 'x', 'n', '-', '-', 'm', 'a', 'r', 'a', 'a', '-', 'r', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xn--mentaltraining-fr-musiker-uwc.ch", true */ 'x', 'n', '-', '-', 'm', 'e', 'n', 't', 'a', 'l', 't', 'r', 'a', 'i', 'n', 'i', 'n', 'g', '-', 'f', 'r', '-', 'm', 'u', 's', 'i', 'k', 'e', 'r', '-', 'u', 'w', 'c', '.', 'c', 'h', '\0',
+  /* "xn--mgbbh2a9fub.xn--ngbc5azd", false */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'b', 'h', '2', 'a', '9', 'f', 'u', 'b', '.', 'x', 'n', '-', '-', 'n', 'g', 'b', 'c', '5', 'a', 'z', 'd', '\0',
+  /* "xn--mgbmmp7eub.com", true */ 'x', 'n', '-', '-', 'm', 'g', 'b', 'm', 'm', 'p', '7', 'e', 'u', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--mllers-wxa.info", true */ 'x', 'n', '-', '-', 'm', 'l', 'l', 'e', 'r', 's', '-', 'w', 'x', 'a', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xn--n8j7dygrbu0c31a5861bq8qb.com", true */ 'x', 'n', '-', '-', 'n', '8', 'j', '7', 'd', 'y', 'g', 'r', 'b', 'u', '0', 'c', '3', '1', 'a', '5', '8', '6', '1', 'b', 'q', '8', 'q', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--n8jp5083dnzs.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 'p', '5', '0', '8', '3', 'd', 'n', 'z', 's', '.', 'n', 'e', 't', '\0',
+  /* "xn--n8jtcugp92n4wc738f.net", true */ 'x', 'n', '-', '-', 'n', '8', 'j', 't', 'c', 'u', 'g', 'p', '9', '2', 'n', '4', 'w', 'c', '7', '3', '8', 'f', '.', 'n', 'e', 't', '\0',
+  /* "xn--o77hka.ga", true */ 'x', 'n', '-', '-', 'o', '7', '7', 'h', 'k', 'a', '.', 'g', 'a', '\0',
+  /* "xn--pbt947am3ab71g.com", true */ 'x', 'n', '-', '-', 'p', 'b', 't', '9', '4', '7', 'a', 'm', '3', 'a', 'b', '7', '1', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "xn--pe-bka.ee", true */ 'x', 'n', '-', '-', 'p', 'e', '-', 'b', 'k', 'a', '.', 'e', 'e', '\0',
+  /* "xn--pq1a637b.xn--6qq986b3xl", true */ 'x', 'n', '-', '-', 'p', 'q', '1', 'a', '6', '3', '7', 'b', '.', 'x', 'n', '-', '-', '6', 'q', 'q', '9', '8', '6', 'b', '3', 'x', 'l', '\0',
+  /* "xn--q9jb1h5dvcspke3218b9mn4p0c.com", true */ 'x', 'n', '-', '-', 'q', '9', 'j', 'b', '1', 'h', '5', 'd', 'v', 'c', 's', 'p', 'k', 'e', '3', '2', '1', '8', 'b', '9', 'm', 'n', '4', 'p', '0', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xn--qckss0j.tk", true */ 'x', 'n', '-', '-', 'q', 'c', 'k', 's', 's', '0', 'j', '.', 't', 'k', '\0',
+  /* "xn--r77hya.ga", true */ 'x', 'n', '-', '-', 'r', '7', '7', 'h', 'y', 'a', '.', 'g', 'a', '\0',
+  /* "xn--r8jzaf7977b09e.com", true */ 'x', 'n', '-', '-', 'r', '8', 'j', 'z', 'a', 'f', '7', '9', '7', '7', 'b', '0', '9', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--rdiger-kuhlmann-zvb.de", true */ 'x', 'n', '-', '-', 'r', 'd', 'i', 'g', 'e', 'r', '-', 'k', 'u', 'h', 'l', 'm', 'a', 'n', 'n', '-', 'z', 'v', 'b', '.', 'd', 'e', '\0',
+  /* "xn--rlcus7b3d.xn--xkc2dl3a5ee0h", true */ 'x', 'n', '-', '-', 'r', 'l', 'c', 'u', 's', '7', 'b', '3', 'd', '.', 'x', 'n', '-', '-', 'x', 'k', 'c', '2', 'd', 'l', '3', 'a', '5', 'e', 'e', '0', 'h', '\0',
+  /* "xn--roselire-60a.ch", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'h', '\0',
+  /* "xn--roselire-60a.com", true */ 'x', 'n', '-', '-', 'r', 'o', 's', 'e', 'l', 'i', 'r', 'e', '-', '6', '0', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--rt-cja.eu", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'e', 'u', '\0',
+  /* "xn--rt-cja.ie", true */ 'x', 'n', '-', '-', 'r', 't', '-', 'c', 'j', 'a', '.', 'i', 'e', '\0',
+  /* "xn--rtter-kva.eu", true */ 'x', 'n', '-', '-', 'r', 't', 't', 'e', 'r', '-', 'k', 'v', 'a', '.', 'e', 'u', '\0',
+  /* "xn--ruanmller-u9a.com", true */ 'x', 'n', '-', '-', 'r', 'u', 'a', 'n', 'm', 'l', 'l', 'e', 'r', '-', 'u', '9', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--sdkwa9azd389v01ya.com", true */ 'x', 'n', '-', '-', 's', 'd', 'k', 'w', 'a', '9', 'a', 'z', 'd', '3', '8', '9', 'v', '0', '1', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xn--seelenwchter-mcb.eu", true */ 'x', 'n', '-', '-', 's', 'e', 'e', 'l', 'e', 'n', 'w', 'c', 'h', 't', 'e', 'r', '-', 'm', 'c', 'b', '.', 'e', 'u', '\0',
+  /* "xn--spenijmazania-yhc.pl", true */ 'x', 'n', '-', '-', 's', 'p', 'e', 'n', 'i', 'j', 'm', 'a', 'z', 'a', 'n', 'i', 'a', '-', 'y', 'h', 'c', '.', 'p', 'l', '\0',
+  /* "xn--t-oha.lv", true */ 'x', 'n', '-', '-', 't', '-', 'o', 'h', 'a', '.', 'l', 'v', '\0',
+  /* "xn--t8j4aa4nkg1h9bwcvud.com", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'k', 'g', '1', 'h', '9', 'b', 'w', 'c', 'v', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xn--t8j4aa4nyhxa7duezbl49aqg5546e264d.net", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'y', 'h', 'x', 'a', '7', 'd', 'u', 'e', 'z', 'b', 'l', '4', '9', 'a', 'q', 'g', '5', '5', '4', '6', 'e', '2', '6', '4', 'd', '.', 'n', 'e', 't', '\0',
+  /* "xn--t8j4aa4nzg3a5euoxcwee.xyz", true */ 'x', 'n', '-', '-', 't', '8', 'j', '4', 'a', 'a', '4', 'n', 'z', 'g', '3', 'a', '5', 'e', 'u', 'o', 'x', 'c', 'w', 'e', 'e', '.', 'x', 'y', 'z', '\0',
+  /* "xn--tda.ml", true */ 'x', 'n', '-', '-', 't', 'd', 'a', '.', 'm', 'l', '\0',
+  /* "xn--thorme-6uaf.ca", true */ 'x', 'n', '-', '-', 't', 'h', 'o', 'r', 'm', 'e', '-', '6', 'u', 'a', 'f', '.', 'c', 'a', '\0',
+  /* "xn--tigreray-i1a.org", true */ 'x', 'n', '-', '-', 't', 'i', 'g', 'r', 'e', 'r', 'a', 'y', '-', 'i', '1', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "xn--u9j0ia6hb7347cg8wavz0avb0e.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', '0', 'i', 'a', '6', 'h', 'b', '7', '3', '4', '7', 'c', 'g', '8', 'w', 'a', 'v', 'z', '0', 'a', 'v', 'b', '0', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "xn--u9jv84l7ea468b.com", true */ 'x', 'n', '-', '-', 'u', '9', 'j', 'v', '8', '4', 'l', '7', 'e', 'a', '4', '6', '8', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "xn--uort9oqoaj00bv04d.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 't', '9', 'o', 'q', 'o', 'a', 'j', '0', '0', 'b', 'v', '0', '4', 'd', '.', 'b', 'i', 'z', '\0',
+  /* "xn--uorz58b8p0bpwa.biz", true */ 'x', 'n', '-', '-', 'u', 'o', 'r', 'z', '5', '8', 'b', '8', 'p', '0', 'b', 'p', 'w', 'a', '.', 'b', 'i', 'z', '\0',
+  /* "xn--v-wfa35g.ro", true */ 'x', 'n', '-', '-', 'v', '-', 'w', 'f', 'a', '3', '5', 'g', '.', 'r', 'o', '\0',
+  /* "xn--v6q426ishax2a.xyz", true */ 'x', 'n', '-', '-', 'v', '6', 'q', '4', '2', '6', 'i', 's', 'h', 'a', 'x', '2', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xn--vck8crc010pu14e.biz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '0', '1', '0', 'p', 'u', '1', '4', 'e', '.', 'b', 'i', 'z', '\0',
+  /* "xn--vck8crc655y34ioha.net", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', '6', '5', '5', 'y', '3', '4', 'i', 'o', 'h', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xn--vck8crcu789ajtaj92eura.xyz", true */ 'x', 'n', '-', '-', 'v', 'c', 'k', '8', 'c', 'r', 'c', 'u', '7', '8', '9', 'a', 'j', 't', 'a', 'j', '9', '2', 'e', 'u', 'r', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xn--werner-schffer-fib.de", true */ 'x', 'n', '-', '-', 'w', 'e', 'r', 'n', 'e', 'r', '-', 's', 'c', 'h', 'f', 'f', 'e', 'r', '-', 'f', 'i', 'b', '.', 'd', 'e', '\0',
+  /* "xn--xz1a.jp", true */ 'x', 'n', '-', '-', 'x', 'z', '1', 'a', '.', 'j', 'p', '\0',
+  /* "xn--y8j148r.xn--q9jyb4c", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '1', '4', '8', 'r', '.', 'x', 'n', '-', '-', 'q', '9', 'j', 'y', 'b', '4', 'c', '\0',
+  /* "xn--y8j2eb5631a4qf5n0h.com", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '2', 'e', 'b', '5', '6', '3', '1', 'a', '4', 'q', 'f', '5', 'n', '0', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xn--y8j5gq14rbdd.net", true */ 'x', 'n', '-', '-', 'y', '8', 'j', '5', 'g', 'q', '1', '4', 'r', 'b', 'd', 'd', '.', 'n', 'e', 't', '\0',
+  /* "xn--zettlmeil-n1a.de", true */ 'x', 'n', '-', '-', 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 'l', '-', 'n', '1', 'a', '.', 'd', 'e', '\0',
+  /* "xn5.de", true */ 'x', 'n', '5', '.', 'd', 'e', '\0',
+  /* "xnaas.info", true */ 'x', 'n', 'a', 'a', 's', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "xnet-x.net", true */ 'x', 'n', 'e', 't', '-', 'x', '.', 'n', 'e', 't', '\0',
+  /* "xng.io", true */ 'x', 'n', 'g', '.', 'i', 'o', '\0',
+  /* "xninja.xyz", true */ 'x', 'n', 'i', 'n', 'j', 'a', '.', 'x', 'y', 'z', '\0',
+  /* "xnode.org", true */ 'x', 'n', 'o', 'd', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "xntrik.wtf", true */ 'x', 'n', 't', 'r', 'i', 'k', '.', 'w', 't', 'f', '\0',
+  /* "xo.tc", true */ 'x', 'o', '.', 't', 'c', '\0',
+  /* "xolphin.nl", true */ 'x', 'o', 'l', 'p', 'h', 'i', 'n', '.', 'n', 'l', '\0',
+  /* "xombitgames.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'g', 'a', 'm', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xombitmusic.com", true */ 'x', 'o', 'm', 'b', 'i', 't', 'm', 'u', 's', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "xonn.de", true */ 'x', 'o', 'n', 'n', '.', 'd', 'e', '\0',
+  /* "xotika.tv", true */ 'x', 'o', 't', 'i', 'k', 'a', '.', 't', 'v', '\0',
+  /* "xp2.de", true */ 'x', 'p', '2', '.', 'd', 'e', '\0',
+  /* "xpd.se", true */ 'x', 'p', 'd', '.', 's', 'e', '\0',
+  /* "xpenology-fr.net", true */ 'x', 'p', 'e', 'n', 'o', 'l', 'o', 'g', 'y', '-', 'f', 'r', '.', 'n', 'e', 't', '\0',
+  /* "xperidia.com", true */ 'x', 'p', 'e', 'r', 'i', 'd', 'i', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "xpj.bet", true */ 'x', 'p', 'j', '.', 'b', 'e', 't', '\0',
+  /* "xpjcunkuan.com", true */ 'x', 'p', 'j', 'c', 'u', 'n', 'k', 'u', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xpletus.nl", true */ 'x', 'p', 'l', 'e', 't', 'u', 's', '.', 'n', 'l', '\0',
+  /* "xplore-dna.net", true */ 'x', 'p', 'l', 'o', 'r', 'e', '-', 'd', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "xpressprint.com.br", true */ 'x', 'p', 'r', 'e', 's', 's', 'p', 'r', 'i', 'n', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "xps2pdf.co.uk", true */ 'x', 'p', 's', '2', 'p', 'd', 'f', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "xqin.net", true */ 'x', 'q', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xr.cx", true */ 'x', 'r', '.', 'c', 'x', '\0',
+  /* "xrippedhd.com", true */ 'x', 'r', 'i', 'p', 'p', 'e', 'd', 'h', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "xrockx.de", true */ 'x', 'r', 'o', 'c', 'k', 'x', '.', 'd', 'e', '\0',
+  /* "xroot.org", true */ 'x', 'r', 'o', 'o', 't', '.', 'o', 'r', 'g', '\0',
+  /* "xs2a.no", true */ 'x', 's', '2', 'a', '.', 'n', 'o', '\0',
+  /* "xscancun.com", true */ 'x', 's', 'c', 'a', 'n', 'c', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xscapers.com", true */ 'x', 's', 'c', 'a', 'p', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xsmobile.de", true */ 'x', 's', 'm', 'o', 'b', 'i', 'l', 'e', '.', 'd', 'e', '\0',
+  /* "xss.ht", true */ 'x', 's', 's', '.', 'h', 't', '\0',
+  /* "xss.sk", true */ 'x', 's', 's', '.', 's', 'k', '\0',
+  /* "xsstime.nl", true */ 'x', 's', 's', 't', 'i', 'm', 'e', '.', 'n', 'l', '\0',
+  /* "xsyds.cn", true */ 'x', 's', 'y', 'd', 's', '.', 'c', 'n', '\0',
+  /* "xsz.jp", true */ 'x', 's', 'z', '.', 'j', 'p', '\0',
+  /* "xt.om", true */ 'x', 't', '.', 'o', 'm', '\0',
+  /* "xtarget.ru", true */ 'x', 't', 'a', 'r', 'g', 'e', 't', '.', 'r', 'u', '\0',
+  /* "xtom.chat", true */ 'x', 't', 'o', 'm', '.', 'c', 'h', 'a', 't', '\0',
+  /* "xtom.com", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "xtom.com.hk", true */ 'x', 't', 'o', 'm', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "xtom.io", true */ 'x', 't', 'o', 'm', '.', 'i', 'o', '\0',
+  /* "xtreme-servers.eu", true */ 'x', 't', 'r', 'e', 'm', 'e', '-', 's', 'e', 'r', 'v', 'e', 'r', 's', '.', 'e', 'u', '\0',
+  /* "xtremebouncepartyhire.com.au", true */ 'x', 't', 'r', 'e', 'm', 'e', 'b', 'o', 'u', 'n', 'c', 'e', 'p', 'a', 'r', 't', 'y', 'h', 'i', 'r', 'e', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "xtremegaming.it", true */ 'x', 't', 'r', 'e', 'm', 'e', 'g', 'a', 'm', 'i', 'n', 'g', '.', 'i', 't', '\0',
+  /* "xtronics.com", true */ 'x', 't', 'r', 'o', 'n', 'i', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "xts.bike", true */ 'x', 't', 's', '.', 'b', 'i', 'k', 'e', '\0',
+  /* "xts3636.net", true */ 'x', 't', 's', '3', '6', '3', '6', '.', 'n', 'e', 't', '\0',
+  /* "xtu2.com", true */ 'x', 't', 'u', '2', '.', 'c', 'o', 'm', '\0',
+  /* "xtzone.be", true */ 'x', 't', 'z', 'o', 'n', 'e', '.', 'b', 'e', '\0',
+  /* "xuab.net", true */ 'x', 'u', 'a', 'b', '.', 'n', 'e', 't', '\0',
+  /* "xubo666.com", true */ 'x', 'u', 'b', 'o', '6', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "xuc.me", true */ 'x', 'u', 'c', '.', 'm', 'e', '\0',
+  /* "xuming.studio", true */ 'x', 'u', 'm', 'i', 'n', 'g', '.', 's', 't', 'u', 'd', 'i', 'o', '\0',
+  /* "xuntier.ch", true */ 'x', 'u', 'n', 't', 'i', 'e', 'r', '.', 'c', 'h', '\0',
+  /* "xupeng.me", true */ 'x', 'u', 'p', 'e', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "xuri.me", false */ 'x', 'u', 'r', 'i', '.', 'm', 'e', '\0',
+  /* "xvt-blog.tk", true */ 'x', 'v', 't', '-', 'b', 'l', 'o', 'g', '.', 't', 'k', '\0',
+  /* "xwalck.se", true */ 'x', 'w', 'a', 'l', 'c', 'k', '.', 's', 'e', '\0',
+  /* "xx0r.eu", true */ 'x', 'x', '0', 'r', '.', 'e', 'u', '\0',
+  /* "xxffo.com", true */ 'x', 'x', 'f', 'f', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "xxiz.com", true */ 'x', 'x', 'i', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "xxx3dbdsm.com", true */ 'x', 'x', 'x', '3', 'd', 'b', 'd', 's', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "xxxladyboysporn.com", true */ 'x', 'x', 'x', 'l', 'a', 'd', 'y', 'b', 'o', 'y', 's', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "xyfun.net", true */ 'x', 'y', 'f', 'u', 'n', '.', 'n', 'e', 't', '\0',
+  /* "xyndrac.net", true */ 'x', 'y', 'n', 'd', 'r', 'a', 'c', '.', 'n', 'e', 't', '\0',
+  /* "xyngular-health.com", true */ 'x', 'y', 'n', 'g', 'u', 'l', 'a', 'r', '-', 'h', 'e', 'a', 'l', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "xynta.ch", true */ 'x', 'y', 'n', 't', 'a', '.', 'c', 'h', '\0',
+  /* "xyyp.mn", true */ 'x', 'y', 'y', 'p', '.', 'm', 'n', '\0',
+  /* "xyzulu.hosting", true */ 'x', 'y', 'z', 'u', 'l', 'u', '.', 'h', 'o', 's', 't', 'i', 'n', 'g', '\0',
+  /* "xzclip.cn", true */ 'x', 'z', 'c', 'l', 'i', 'p', '.', 'c', 'n', '\0',
+  /* "y11n.net", true */ 'y', '1', '1', 'n', '.', 'n', 'e', 't', '\0',
+  /* "yaay.com.br", true */ 'y', 'a', 'a', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yabuisha.jp", true */ 'y', 'a', 'b', 'u', 'i', 's', 'h', 'a', '.', 'j', 'p', '\0',
+  /* "yaccin.com", true */ 'y', 'a', 'c', 'c', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yachigoya.com", true */ 'y', 'a', 'c', 'h', 'i', 'g', 'o', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yacobo.com", true */ 'y', 'a', 'c', 'o', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yado-furu.com", true */ 'y', 'a', 'd', 'o', '-', 'f', 'u', 'r', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "yafuoku.ru", true */ 'y', 'a', 'f', 'u', 'o', 'k', 'u', '.', 'r', 'u', '\0',
+  /* "yagihiro.tech", true */ 'y', 'a', 'g', 'i', 'h', 'i', 'r', 'o', '.', 't', 'e', 'c', 'h', '\0',
+  /* "yaharu.ru", true */ 'y', 'a', 'h', 'a', 'r', 'u', '.', 'r', 'u', '\0',
+  /* "yahvehyireh.com", true */ 'y', 'a', 'h', 'v', 'e', 'h', 'y', 'i', 'r', 'e', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yak.is", true */ 'y', 'a', 'k', '.', 'i', 's', '\0',
+  /* "yakaz.com", true */ 'y', 'a', 'k', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "yakmade.com", true */ 'y', 'a', 'k', 'm', 'a', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "yakmoo.se", true */ 'y', 'a', 'k', 'm', 'o', 'o', '.', 's', 'e', '\0',
+  /* "yal.sh", true */ 'y', 'a', 'l', '.', 's', 'h', '\0',
+  /* "yalla.jp", true */ 'y', 'a', 'l', 'l', 'a', '.', 'j', 'p', '\0',
+  /* "yallamotor.com", true */ 'y', 'a', 'l', 'l', 'a', 'm', 'o', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yalook.com", true */ 'y', 'a', 'l', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "yama.su", true */ 'y', 'a', 'm', 'a', '.', 's', 'u', '\0',
+  /* "yamadaya.tv", true */ 'y', 'a', 'm', 'a', 'd', 'a', 'y', 'a', '.', 't', 'v', '\0',
+  /* "yamaken.jp", true */ 'y', 'a', 'm', 'a', 'k', 'e', 'n', '.', 'j', 'p', '\0',
+  /* "yamashita-clinic.org", true */ 'y', 'a', 'm', 'a', 's', 'h', 'i', 't', 'a', '-', 'c', 'l', 'i', 'n', 'i', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "yame2.com", true */ 'y', 'a', 'm', 'e', '2', '.', 'c', 'o', 'm', '\0',
+  /* "yamm.io", true */ 'y', 'a', 'm', 'm', '.', 'i', 'o', '\0',
+  /* "yanaduday.com", true */ 'y', 'a', 'n', 'a', 'd', 'u', 'd', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yandere.moe", true */ 'y', 'a', 'n', 'd', 'e', 'r', 'e', '.', 'm', 'o', 'e', '\0',
+  /* "yangjingwen.cn", true */ 'y', 'a', 'n', 'g', 'j', 'i', 'n', 'g', 'w', 'e', 'n', '.', 'c', 'n', '\0',
+  /* "yanngraf.ch", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'h', '\0',
+  /* "yanngraf.com", true */ 'y', 'a', 'n', 'n', 'g', 'r', 'a', 'f', '.', 'c', 'o', 'm', '\0',
+  /* "yanovich.net", true */ 'y', 'a', 'n', 'o', 'v', 'i', 'c', 'h', '.', 'n', 'e', 't', '\0',
+  /* "yanqiyu.info", true */ 'y', 'a', 'n', 'q', 'i', 'y', 'u', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yantrasthal.com", true */ 'y', 'a', 'n', 't', 'r', 'a', 's', 't', 'h', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "yaoidreams.com", true */ 'y', 'a', 'o', 'i', 'd', 'r', 'e', 'a', 'm', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yapbreak.fr", true */ 'y', 'a', 'p', 'b', 'r', 'e', 'a', 'k', '.', 'f', 'r', '\0',
+  /* "yarcom.ru", false */ 'y', 'a', 'r', 'c', 'o', 'm', '.', 'r', 'u', '\0',
+  /* "yarogneva.ru", true */ 'y', 'a', 'r', 'o', 'g', 'n', 'e', 'v', 'a', '.', 'r', 'u', '\0',
+  /* "yarravilletownhouses.com.au", true */ 'y', 'a', 'r', 'r', 'a', 'v', 'i', 'l', 'l', 'e', 't', 'o', 'w', 'n', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "yaru.one", true */ 'y', 'a', 'r', 'u', '.', 'o', 'n', 'e', '\0',
+  /* "yatesun.com", true */ 'y', 'a', 't', 'e', 's', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yatorie.net", true */ 'y', 'a', 't', 'o', 'r', 'i', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yatsuenpoon.com", true */ 'y', 'a', 't', 's', 'u', 'e', 'n', 'p', 'o', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yaup.tk", true */ 'y', 'a', 'u', 'p', '.', 't', 'k', '\0',
+  /* "yawen.tw", true */ 'y', 'a', 'w', 'e', 'n', '.', 't', 'w', '\0',
+  /* "yawnbox.com", true */ 'y', 'a', 'w', 'n', 'b', 'o', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yaxim.org", true */ 'y', 'a', 'x', 'i', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "ybin.me", true */ 'y', 'b', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "ybresson.com", true */ 'y', 'b', 'r', 'e', 's', 's', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ybsul.com", true */ 'y', 'b', 's', 'u', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ybti.net", true */ 'y', 'b', 't', 'i', '.', 'n', 'e', 't', '\0',
+  /* "ycaaz.com", true */ 'y', 'c', 'a', 'a', 'z', '.', 'c', 'o', 'm', '\0',
+  /* "ych.art", true */ 'y', 'c', 'h', '.', 'a', 'r', 't', '\0',
+  /* "ychon.com", true */ 'y', 'c', 'h', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "ychong.com", true */ 'y', 'c', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yclan.net", true */ 'y', 'c', 'l', 'a', 'n', '.', 'n', 'e', 't', '\0',
+  /* "yeapdata.com", true */ 'y', 'e', 'a', 'p', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yeesker.com", true */ 'y', 'e', 'e', 's', 'k', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yellowpages.ee", true */ 'y', 'e', 'l', 'l', 'o', 'w', 'p', 'a', 'g', 'e', 's', '.', 'e', 'e', '\0',
+  /* "yelp.at", true */ 'y', 'e', 'l', 'p', '.', 'a', 't', '\0',
+  /* "yelp.be", true */ 'y', 'e', 'l', 'p', '.', 'b', 'e', '\0',
+  /* "yelp.ca", true */ 'y', 'e', 'l', 'p', '.', 'c', 'a', '\0',
+  /* "yelp.ch", true */ 'y', 'e', 'l', 'p', '.', 'c', 'h', '\0',
+  /* "yelp.cl", true */ 'y', 'e', 'l', 'p', '.', 'c', 'l', '\0',
+  /* "yelp.co.jp", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'j', 'p', '\0',
+  /* "yelp.co.nz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "yelp.co.uk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yelp.com", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yelp.com.ar", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "yelp.com.au", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "yelp.com.br", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yelp.com.hk", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'h', 'k', '\0',
+  /* "yelp.com.mx", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'm', 'x', '\0',
+  /* "yelp.com.ph", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 'p', 'h', '\0',
+  /* "yelp.com.sg", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 's', 'g', '\0',
+  /* "yelp.com.tr", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "yelp.com.tw", true */ 'y', 'e', 'l', 'p', '.', 'c', 'o', 'm', '.', 't', 'w', '\0',
+  /* "yelp.cz", true */ 'y', 'e', 'l', 'p', '.', 'c', 'z', '\0',
+  /* "yelp.de", true */ 'y', 'e', 'l', 'p', '.', 'd', 'e', '\0',
+  /* "yelp.dk", true */ 'y', 'e', 'l', 'p', '.', 'd', 'k', '\0',
+  /* "yelp.es", true */ 'y', 'e', 'l', 'p', '.', 'e', 's', '\0',
+  /* "yelp.fi", true */ 'y', 'e', 'l', 'p', '.', 'f', 'i', '\0',
+  /* "yelp.fr", true */ 'y', 'e', 'l', 'p', '.', 'f', 'r', '\0',
+  /* "yelp.ie", true */ 'y', 'e', 'l', 'p', '.', 'i', 'e', '\0',
+  /* "yelp.it", true */ 'y', 'e', 'l', 'p', '.', 'i', 't', '\0',
+  /* "yelp.my", true */ 'y', 'e', 'l', 'p', '.', 'm', 'y', '\0',
+  /* "yelp.nl", true */ 'y', 'e', 'l', 'p', '.', 'n', 'l', '\0',
+  /* "yelp.no", true */ 'y', 'e', 'l', 'p', '.', 'n', 'o', '\0',
+  /* "yelp.pl", true */ 'y', 'e', 'l', 'p', '.', 'p', 'l', '\0',
+  /* "yelp.pt", true */ 'y', 'e', 'l', 'p', '.', 'p', 't', '\0',
+  /* "yelp.se", true */ 'y', 'e', 'l', 'p', '.', 's', 'e', '\0',
+  /* "yemalu.com", true */ 'y', 'e', 'm', 'a', 'l', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "yemektarifleri.com", true */ 'y', 'e', 'm', 'e', 'k', 't', 'a', 'r', 'i', 'f', 'l', 'e', 'r', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "yennhi.co", true */ 'y', 'e', 'n', 'n', 'h', 'i', '.', 'c', 'o', '\0',
+  /* "yep-pro.ch", true */ 'y', 'e', 'p', '-', 'p', 'r', 'o', '.', 'c', 'h', '\0',
+  /* "yepbitcoin.com", true */ 'y', 'e', 'p', 'b', 'i', 't', 'c', 'o', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yephy.com", true */ 'y', 'e', 'p', 'h', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yesiammaisey.me", true */ 'y', 'e', 's', 'i', 'a', 'm', 'm', 'a', 'i', 's', 'e', 'y', '.', 'm', 'e', '\0',
+  /* "yeswehack.com", true */ 'y', 'e', 's', 'w', 'e', 'h', 'a', 'c', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "yetii.net", true */ 'y', 'e', 't', 'i', 'i', '.', 'n', 'e', 't', '\0',
+  /* "yetzt.me", false */ 'y', 'e', 't', 'z', 't', '.', 'm', 'e', '\0',
+  /* "yeu.io", true */ 'y', 'e', 'u', '.', 'i', 'o', '\0',
+  /* "yfengs.moe", true */ 'y', 'f', 'e', 'n', 'g', 's', '.', 'm', 'o', 'e', '\0',
+  /* "yhaupenthal.org", true */ 'y', 'h', 'a', 'u', 'p', 'e', 'n', 't', 'h', 'a', 'l', '.', 'o', 'r', 'g', '\0',
+  /* "yhb.io", true */ 'y', 'h', 'b', '.', 'i', 'o', '\0',
+  /* "yhong.me", true */ 'y', 'h', 'o', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "yhwj.top", true */ 'y', 'h', 'w', 'j', '.', 't', 'o', 'p', '\0',
+  /* "yibaoweilong.top", true */ 'y', 'i', 'b', 'a', 'o', 'w', 'e', 'i', 'l', 'o', 'n', 'g', '.', 't', 'o', 'p', '\0',
+  /* "yicknam.my", true */ 'y', 'i', 'c', 'k', 'n', 'a', 'm', '.', 'm', 'y', '\0',
+  /* "yii2.cc", true */ 'y', 'i', 'i', '2', '.', 'c', 'c', '\0',
+  /* "yikeyong.com", true */ 'y', 'i', 'k', 'e', 'y', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yin8888.tv", true */ 'y', 'i', 'n', '8', '8', '8', '8', '.', 't', 'v', '\0',
+  /* "yinfor.com", true */ 'y', 'i', 'n', 'f', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yinga.ga", true */ 'y', 'i', 'n', 'g', 'a', '.', 'g', 'a', '\0',
+  /* "yingatech.com", true */ 'y', 'i', 'n', 'g', 'a', 't', 'e', 'c', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yinglinda.love", true */ 'y', 'i', 'n', 'g', 'l', 'i', 'n', 'd', 'a', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "yinlei.org", true */ 'y', 'i', 'n', 'l', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "yiyuanzhong.com", true */ 'y', 'i', 'y', 'u', 'a', 'n', 'z', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yiz96.com", true */ 'y', 'i', 'z', '9', '6', '.', 'c', 'o', 'm', '\0',
+  /* "yjsoft.me", true */ 'y', 'j', 's', 'o', 'f', 't', '.', 'm', 'e', '\0',
+  /* "yjsw.sh.cn", true */ 'y', 'j', 's', 'w', '.', 's', 'h', '.', 'c', 'n', '\0',
+  /* "yksityisyydensuoja.fi", true */ 'y', 'k', 's', 'i', 't', 'y', 'i', 's', 'y', 'y', 'd', 'e', 'n', 's', 'u', 'o', 'j', 'a', '.', 'f', 'i', '\0',
+  /* "ylilauta.org", true */ 'y', 'l', 'i', 'l', 'a', 'u', 't', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "ylinternal.com", true */ 'y', 'l', 'i', 'n', 't', 'e', 'r', 'n', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "ymarion.de", true */ 'y', 'm', 'a', 'r', 'i', 'o', 'n', '.', 'd', 'e', '\0',
+  /* "ymblaw.com", true */ 'y', 'm', 'b', 'l', 'a', 'w', '.', 'c', 'o', 'm', '\0',
+  /* "ympl.de", true */ 'y', 'm', 'p', 'l', '.', 'd', 'e', '\0',
+  /* "ymtsonline.org", true */ 'y', 'm', 't', 's', 'o', 'n', 'l', 'i', 'n', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "ynode.com", true */ 'y', 'n', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "yobai-grouprec.jp", true */ 'y', 'o', 'b', 'a', 'i', '-', 'g', 'r', 'o', 'u', 'p', 'r', 'e', 'c', '.', 'j', 'p', '\0',
+  /* "yobai28.com", true */ 'y', 'o', 'b', 'a', 'i', '2', '8', '.', 'c', 'o', 'm', '\0',
+  /* "yobbelwobbel.de", true */ 'y', 'o', 'b', 'b', 'e', 'l', 'w', 'o', 'b', 'b', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "yobify.com", true */ 'y', 'o', 'b', 'i', 'f', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yoga-prive.de", true */ 'y', 'o', 'g', 'a', '-', 'p', 'r', 'i', 'v', 'e', '.', 'd', 'e', '\0',
+  /* "yoga-school.xyz", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'o', 'o', 'l', '.', 'x', 'y', 'z', '\0',
+  /* "yoga-schwerin.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'c', 'h', 'w', 'e', 'r', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "yoga-sky.de", true */ 'y', 'o', 'g', 'a', '-', 's', 'k', 'y', '.', 'd', 'e', '\0',
+  /* "yoga-zentrum-narayani.de", true */ 'y', 'o', 'g', 'a', '-', 'z', 'e', 'n', 't', 'r', 'u', 'm', '-', 'n', 'a', 'r', 'a', 'y', 'a', 'n', 'i', '.', 'd', 'e', '\0',
+  /* "yogabhawnamission.com", true */ 'y', 'o', 'g', 'a', 'b', 'h', 'a', 'w', 'n', 'a', 'm', 'i', 's', 's', 'i', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yogananda-roma.org", true */ 'y', 'o', 'g', 'a', 'n', 'a', 'n', 'd', 'a', '-', 'r', 'o', 'm', 'a', '.', 'o', 'r', 'g', '\0',
+  /* "yogaschoolrishikesh.com", true */ 'y', 'o', 'g', 'a', 's', 'c', 'h', 'o', 'o', 'l', 'r', 'i', 's', 'h', 'i', 'k', 'e', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "yogoeasy.com", true */ 'y', 'o', 'g', 'o', 'e', 'a', 's', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yoibyoin.info", true */ 'y', 'o', 'i', 'b', 'y', 'o', 'i', 'n', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yoimise.net", true */ 'y', 'o', 'i', 'm', 'i', 's', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yoitoko.city", true */ 'y', 'o', 'i', 't', 'o', 'k', 'o', '.', 'c', 'i', 't', 'y', '\0',
+  /* "yoitsu.moe", true */ 'y', 'o', 'i', 't', 's', 'u', '.', 'm', 'o', 'e', '\0',
+  /* "yokohama-legaloffice.jp", true */ 'y', 'o', 'k', 'o', 'h', 'a', 'm', 'a', '-', 'l', 'e', 'g', 'a', 'l', 'o', 'f', 'f', 'i', 'c', 'e', '.', 'j', 'p', '\0',
+  /* "yolo.jetzt", true */ 'y', 'o', 'l', 'o', '.', 'j', 'e', 't', 'z', 't', '\0',
+  /* "yolobert.de", true */ 'y', 'o', 'l', 'o', 'b', 'e', 'r', 't', '.', 'd', 'e', '\0',
+  /* "yolocelebs.com", false */ 'y', 'o', 'l', 'o', 'c', 'e', 'l', 'e', 'b', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yolops.net", true */ 'y', 'o', 'l', 'o', 'p', 's', '.', 'n', 'e', 't', '\0',
+  /* "yombo.net", true */ 'y', 'o', 'm', 'b', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yomena.in", true */ 'y', 'o', 'm', 'e', 'n', 'a', '.', 'i', 'n', '\0',
+  /* "yoonas.com", true */ 'y', 'o', 'o', 'n', 'a', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yooooex.com", true */ 'y', 'o', 'o', 'o', 'o', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yoramvandevelde.net", true */ 'y', 'o', 'r', 'a', 'm', 'v', 'a', 'n', 'd', 'e', 'v', 'e', 'l', 'd', 'e', '.', 'n', 'e', 't', '\0',
+  /* "yorcom.nl", false */ 'y', 'o', 'r', 'c', 'o', 'm', '.', 'n', 'l', '\0',
+  /* "yorcool.nl", true */ 'y', 'o', 'r', 'c', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "yorkshiredalesinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'd', 'a', 'l', 'e', 's', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yorkshireinflatables.co.uk", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 'i', 'n', 'f', 'l', 'a', 't', 'a', 'b', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yorkshireterrier.com.br", true */ 'y', 'o', 'r', 'k', 's', 'h', 'i', 'r', 'e', 't', 'e', 'r', 'r', 'i', 'e', 'r', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "yorname.ml", true */ 'y', 'o', 'r', 'n', 'a', 'm', 'e', '.', 'm', 'l', '\0',
+  /* "yosbeda.com", true */ 'y', 'o', 's', 'b', 'e', 'd', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yosemo.de", true */ 'y', 'o', 's', 'e', 'm', 'o', '.', 'd', 'e', '\0',
+  /* "yosheenetwork.fr", true */ 'y', 'o', 's', 'h', 'e', 'e', 'n', 'e', 't', 'w', 'o', 'r', 'k', '.', 'f', 'r', '\0',
+  /* "yoshibaworks.com", true */ 'y', 'o', 's', 'h', 'i', 'b', 'a', 'w', 'o', 'r', 'k', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yoshitsugu.net", true */ 'y', 'o', 's', 'h', 'i', 't', 's', 'u', 'g', 'u', '.', 'n', 'e', 't', '\0',
+  /* "yospos.org", true */ 'y', 'o', 's', 'p', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "yoticonnections.com", true */ 'y', 'o', 't', 'i', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'i', 'o', 'n', 's', '.', 'c', 'o', 'm', '\0',
+  /* "yotilab.com", true */ 'y', 'o', 't', 'i', 'l', 'a', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "yotta-zetta.com", true */ 'y', 'o', 't', 't', 'a', '-', 'z', 'e', 't', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "yotubaiotona.net", true */ 'y', 'o', 't', 'u', 'b', 'a', 'i', 'o', 't', 'o', 'n', 'a', '.', 'n', 'e', 't', '\0',
+  /* "youcancraft.de", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'c', 'r', 'a', 'f', 't', '.', 'd', 'e', '\0',
+  /* "youcanfuckoff.xyz", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'f', 'u', 'c', 'k', 'o', 'f', 'f', '.', 'x', 'y', 'z', '\0',
+  /* "youcanmakeit.at", true */ 'y', 'o', 'u', 'c', 'a', 'n', 'm', 'a', 'k', 'e', 'i', 't', '.', 'a', 't', '\0',
+  /* "youcruit.com", true */ 'y', 'o', 'u', 'c', 'r', 'u', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "youdamom.com", false */ 'y', 'o', 'u', 'd', 'a', 'm', 'o', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "youdowell.com", true */ 'y', 'o', 'u', 'd', 'o', 'w', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "youdungoofd.com", true */ 'y', 'o', 'u', 'd', 'u', 'n', 'g', 'o', 'o', 'f', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "youftp.tk", true */ 'y', 'o', 'u', 'f', 't', 'p', '.', 't', 'k', '\0',
+  /* "yougee.ml", true */ 'y', 'o', 'u', 'g', 'e', 'e', '.', 'm', 'l', '\0',
+  /* "youhacked.me", true */ 'y', 'o', 'u', 'h', 'a', 'c', 'k', 'e', 'd', '.', 'm', 'e', '\0',
+  /* "youhavewords.com", true */ 'y', 'o', 'u', 'h', 'a', 'v', 'e', 'w', 'o', 'r', 'd', 's', '.', 'c', 'o', 'm', '\0',
+  /* "youhua.ru", true */ 'y', 'o', 'u', 'h', 'u', 'a', '.', 'r', 'u', '\0',
+  /* "youkaryote.com", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "youkaryote.org", true */ 'y', 'o', 'u', 'k', 'a', 'r', 'y', 'o', 't', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "youkok2.com", true */ 'y', 'o', 'u', 'k', 'o', 'k', '2', '.', 'c', 'o', 'm', '\0',
+  /* "youlend.com", true */ 'y', 'o', 'u', 'l', 'e', 'n', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "youmonit.me", true */ 'y', 'o', 'u', 'm', 'o', 'n', 'i', 't', '.', 'm', 'e', '\0',
+  /* "youms.de", true */ 'y', 'o', 'u', 'm', 's', '.', 'd', 'e', '\0',
+  /* "young-sheldon.com", true */ 'y', 'o', 'u', 'n', 'g', '-', 's', 'h', 'e', 'l', 'd', 'o', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "youngdogs.org", true */ 'y', 'o', 'u', 'n', 'g', 'd', 'o', 'g', 's', '.', 'o', 'r', 'g', '\0',
+  /* "youngfree.cn", true */ 'y', 'o', 'u', 'n', 'g', 'f', 'r', 'e', 'e', '.', 'c', 'n', '\0',
+  /* "youngsook.com", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "youngsook.org", true */ 'y', 'o', 'u', 'n', 'g', 's', 'o', 'o', 'k', '.', 'o', 'r', 'g', '\0',
+  /* "youpark.no", true */ 'y', 'o', 'u', 'p', 'a', 'r', 'k', '.', 'n', 'o', '\0',
+  /* "youran.me", true */ 'y', 'o', 'u', 'r', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "yourciso.com", true */ 'y', 'o', 'u', 'r', 'c', 'i', 's', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yourcopywriter.it", true */ 'y', 'o', 'u', 'r', 'c', 'o', 'p', 'y', 'w', 'r', 'i', 't', 'e', 'r', '.', 'i', 't', '\0',
+  /* "yourdaddy.dk", true */ 'y', 'o', 'u', 'r', 'd', 'a', 'd', 'd', 'y', '.', 'd', 'k', '\0',
+  /* "yourforex.org", true */ 'y', 'o', 'u', 'r', 'f', 'o', 'r', 'e', 'x', '.', 'o', 'r', 'g', '\0',
+  /* "yourgames.tv", true */ 'y', 'o', 'u', 'r', 'g', 'a', 'm', 'e', 's', '.', 't', 'v', '\0',
+  /* "yoursbookstore.jp", true */ 'y', 'o', 'u', 'r', 's', 'b', 'o', 'o', 'k', 's', 't', 'o', 'r', 'e', '.', 'j', 'p', '\0',
+  /* "yourself.today", true */ 'y', 'o', 'u', 'r', 's', 'e', 'l', 'f', '.', 't', 'o', 'd', 'a', 'y', '\0',
+  /* "yourticketbooking.com", true */ 'y', 'o', 'u', 'r', 't', 'i', 'c', 'k', 'e', 't', 'b', 'o', 'o', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "youruseragent.info", true */ 'y', 'o', 'u', 'r', 'u', 's', 'e', 'r', 'a', 'g', 'e', 'n', 't', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yout.com", true */ 'y', 'o', 'u', 't', '.', 'c', 'o', 'm', '\0',
+  /* "youth2009.org", true */ 'y', 'o', 'u', 't', 'h', '2', '0', '0', '9', '.', 'o', 'r', 'g', '\0',
+  /* "youtous.me", true */ 'y', 'o', 'u', 't', 'o', 'u', 's', '.', 'm', 'e', '\0',
+  /* "youtsuu-raku.com", true */ 'y', 'o', 'u', 't', 's', 'u', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "youtube.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "youtubedownloader.com", true */ 'y', 'o', 'u', 't', 'u', 'b', 'e', 'd', 'o', 'w', 'n', 'l', 'o', 'a', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "youwatchporn.com", true */ 'y', 'o', 'u', 'w', 'a', 't', 'c', 'h', 'p', 'o', 'r', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yoxall.me.uk", true */ 'y', 'o', 'x', 'a', 'l', 'l', '.', 'm', 'e', '.', 'u', 'k', '\0',
+  /* "yoyoost.duckdns.org", true */ 'y', 'o', 'y', 'o', 'o', 's', 't', '.', 'd', 'u', 'c', 'k', 'd', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "ypart.eu", true */ 'y', 'p', 'a', 'r', 't', '.', 'e', 'u', '\0',
+  /* "ypcs.fi", true */ 'y', 'p', 'c', 's', '.', 'f', 'i', '\0',
+  /* "ypid.de", true */ 'y', 'p', 'i', 'd', '.', 'd', 'e', '\0',
+  /* "yplanapp.com", true */ 'y', 'p', 'l', 'a', 'n', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yqjf68.com", true */ 'y', 'q', 'j', 'f', '6', '8', '.', 'c', 'o', 'm', '\0',
+  /* "yr166166.com", true */ 'y', 'r', '1', '6', '6', '1', '6', '6', '.', 'c', 'o', 'm', '\0',
+  /* "yryz.net", true */ 'y', 'r', 'y', 'z', '.', 'n', 'e', 't', '\0',
+  /* "ys-shop.biz", true */ 'y', 's', '-', 's', 'h', 'o', 'p', '.', 'b', 'i', 'z', '\0',
+  /* "ysicorp.com", true */ 'y', 's', 'i', 'c', 'o', 'r', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yslbeauty.com", true */ 'y', 's', 'l', 'b', 'e', 'a', 'u', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ytb.zone", true */ 'y', 't', 'b', '.', 'z', 'o', 'n', 'e', '\0',
+  /* "ytbmp3.com", true */ 'y', 't', 'b', 'm', 'p', '3', '.', 'c', 'o', 'm', '\0',
+  /* "ytbmp4.com", true */ 'y', 't', 'b', 'm', 'p', '4', '.', 'c', 'o', 'm', '\0',
+  /* "ytec.ca", true */ 'y', 't', 'e', 'c', '.', 'c', 'a', '\0',
+  /* "ythyth.com", true */ 'y', 't', 'h', 'y', 't', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "ytpak.com", true */ 'y', 't', 'p', 'a', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "ytpak.pk", true */ 'y', 't', 'p', 'a', 'k', '.', 'p', 'k', '\0',
+  /* "ytreza.fr", true */ 'y', 't', 'r', 'e', 'z', 'a', '.', 'f', 'r', '\0',
+  /* "ytuquelees.net", true */ 'y', 't', 'u', 'q', 'u', 'e', 'l', 'e', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "yu.gg", false */ 'y', 'u', '.', 'g', 'g', '\0',
+  /* "yu.vc", true */ 'y', 'u', '.', 'v', 'c', '\0',
+  /* "yuan.ga", true */ 'y', 'u', 'a', 'n', '.', 'g', 'a', '\0',
+  /* "yuanben.io", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', '.', 'i', 'o', '\0',
+  /* "yuanbenlian.com", true */ 'y', 'u', 'a', 'n', 'b', 'e', 'n', 'l', 'i', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yubi.co", true */ 'y', 'u', 'b', 'i', '.', 'c', 'o', '\0',
+  /* "yubicloud.io", true */ 'y', 'u', 'b', 'i', 'c', 'l', 'o', 'u', 'd', '.', 'i', 'o', '\0',
+  /* "yubico.ae", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 'e', '\0',
+  /* "yubico.at", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'a', 't', '\0',
+  /* "yubico.be", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'e', '\0',
+  /* "yubico.biz", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'b', 'i', 'z', '\0',
+  /* "yubico.cloud", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'l', 'o', 'u', 'd', '\0',
+  /* "yubico.co.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "yubico.co.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yubico.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yubico.dk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'd', 'k', '\0',
+  /* "yubico.es", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'e', 's', '\0',
+  /* "yubico.fi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'f', 'i', '\0',
+  /* "yubico.in", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', '\0',
+  /* "yubico.info", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "yubico.io", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'i', 'o', '\0',
+  /* "yubico.mobi", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'm', 'o', 'b', 'i', '\0',
+  /* "yubico.net", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yubico.online", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'n', 'l', 'i', 'n', 'e', '\0',
+  /* "yubico.org", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "yubico.sg", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 's', 'g', '\0',
+  /* "yubico.uk", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "yubico.us", true */ 'y', 'u', 'b', 'i', 'c', 'o', '.', 'u', 's', '\0',
+  /* "yubicodemo.com", true */ 'y', 'u', 'b', 'i', 'c', 'o', 'd', 'e', 'm', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "yubikey.ae", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 'e', '\0',
+  /* "yubikey.asia", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 's', 'i', 'a', '\0',
+  /* "yubikey.at", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'a', 't', '\0',
+  /* "yubikey.com", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "yubikey.dk", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'd', 'k', '\0',
+  /* "yubikey.fi", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'f', 'i', '\0',
+  /* "yubikey.io", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'i', 'o', '\0',
+  /* "yubikey.org", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "yubikey.sg", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 's', 'g', '\0',
+  /* "yubikey.us", true */ 'y', 'u', 'b', 'i', 'k', 'e', 'y', '.', 'u', 's', '\0',
+  /* "yubiking.com", true */ 'y', 'u', 'b', 'i', 'k', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "yue.la", true */ 'y', 'u', 'e', '.', 'l', 'a', '\0',
+  /* "yue2.net", true */ 'y', 'u', 'e', '2', '.', 'n', 'e', 't', '\0',
+  /* "yugege.cf", true */ 'y', 'u', 'g', 'e', 'g', 'e', '.', 'c', 'f', '\0',
+  /* "yuhuo.org", true */ 'y', 'u', 'h', 'u', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "yuka.one", true */ 'y', 'u', 'k', 'a', '.', 'o', 'n', 'e', '\0',
+  /* "yuki.xyz", true */ 'y', 'u', 'k', 'i', '.', 'x', 'y', 'z', '\0',
+  /* "yukonconnector.com", true */ 'y', 'u', 'k', 'o', 'n', 'c', 'o', 'n', 'n', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "yukonlip.com", true */ 'y', 'u', 'k', 'o', 'n', 'l', 'i', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "yukontec.com", true */ 'y', 'u', 'k', 'o', 'n', 't', 'e', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "yumeconcert.com", true */ 'y', 'u', 'm', 'e', 'c', 'o', 'n', 'c', 'e', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "yuna.love", true */ 'y', 'u', 'n', 'a', '.', 'l', 'o', 'v', 'e', '\0',
+  /* "yuna.tg", true */ 'y', 'u', 'n', 'a', '.', 't', 'g', '\0',
+  /* "yunity.org", true */ 'y', 'u', 'n', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "yunjishou.pro", true */ 'y', 'u', 'n', 'j', 'i', 's', 'h', 'o', 'u', '.', 'p', 'r', 'o', '\0',
+  /* "yuricarlenzoli.it", true */ 'y', 'u', 'r', 'i', 'c', 'a', 'r', 'l', 'e', 'n', 'z', 'o', 'l', 'i', '.', 'i', 't', '\0',
+  /* "yurikirin.me", true */ 'y', 'u', 'r', 'i', 'k', 'i', 'r', 'i', 'n', '.', 'm', 'e', '\0',
+  /* "yurimoens.be", true */ 'y', 'u', 'r', 'i', 'm', 'o', 'e', 'n', 's', '.', 'b', 'e', '\0',
+  /* "yurinet.org", true */ 'y', 'u', 'r', 'i', 'n', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "yusa.me", true */ 'y', 'u', 's', 'a', '.', 'm', 'e', '\0',
+  /* "yutakato.net", true */ 'y', 'u', 't', 'a', 'k', 'a', 't', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yutangyun.com", true */ 'y', 'u', 't', 'a', 'n', 'g', 'y', 'u', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yutuo.net", true */ 'y', 'u', 't', 'u', 'o', '.', 'n', 'e', 't', '\0',
+  /* "yuwei.org", true */ 'y', 'u', 'w', 'e', 'i', '.', 'o', 'r', 'g', '\0',
+  /* "yuxingxin.com", true */ 'y', 'u', 'x', 'i', 'n', 'g', 'x', 'i', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "yuxuan.org", true */ 'y', 'u', 'x', 'u', 'a', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "yuyu.io", true */ 'y', 'u', 'y', 'u', '.', 'i', 'o', '\0',
+  /* "yuzu.tk", true */ 'y', 'u', 'z', 'u', '.', 't', 'k', '\0',
+  /* "yveshield.com", true */ 'y', 'v', 'e', 's', 'h', 'i', 'e', 'l', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "yveslegendre.fr", true */ 'y', 'v', 'e', 's', 'l', 'e', 'g', 'e', 'n', 'd', 'r', 'e', '.', 'f', 'r', '\0',
+  /* "yvesx.com", true */ 'y', 'v', 'e', 's', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "yvonnehaeusser.de", true */ 'y', 'v', 'o', 'n', 'n', 'e', 'h', 'a', 'e', 'u', 's', 's', 'e', 'r', '.', 'd', 'e', '\0',
+  /* "yyc.city", true */ 'y', 'y', 'c', '.', 'c', 'i', 't', 'y', '\0',
+  /* "yyyy.xyz", true */ 'y', 'y', 'y', 'y', '.', 'x', 'y', 'z', '\0',
+  /* "yzimroni.net", true */ 'y', 'z', 'i', 'm', 'r', 'o', 'n', 'i', '.', 'n', 'e', 't', '\0',
+  /* "z-coder.com", true */ 'z', '-', 'c', 'o', 'd', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "z-konzept-nutrition.ru", true */ 'z', '-', 'k', 'o', 'n', 'z', 'e', 'p', 't', '-', 'n', 'u', 't', 'r', 'i', 't', 'i', 'o', 'n', '.', 'r', 'u', '\0',
+  /* "z-vector.com", true */ 'z', '-', 'v', 'e', 'c', 't', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "z.ai", true */ 'z', '.', 'a', 'i', '\0',
+  /* "z0rro.net", true */ 'z', '0', 'r', 'r', 'o', '.', 'n', 'e', 't', '\0',
+  /* "z1h.de", true */ 'z', '1', 'h', '.', 'd', 'e', '\0',
+  /* "z33.ch", true */ 'z', '3', '3', '.', 'c', 'h', '\0',
+  /* "z4k.de", true */ 'z', '4', 'k', '.', 'd', 'e', '\0',
+  /* "z99944x.xyz", true */ 'z', '9', '9', '9', '4', '4', 'x', '.', 'x', 'y', 'z', '\0',
+  /* "za.search.yahoo.com", false */ 'z', 'a', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zaalleatherwear.nl", false */ 'z', 'a', 'a', 'l', 'l', 'e', 'a', 't', 'h', 'e', 'r', 'w', 'e', 'a', 'r', '.', 'n', 'l', '\0',
+  /* "zabszk.net", true */ 'z', 'a', 'b', 's', 'z', 'k', '.', 'n', 'e', 't', '\0',
+  /* "zabukovnik.net", true */ 'z', 'a', 'b', 'u', 'k', 'o', 'v', 'n', 'i', 'k', '.', 'n', 'e', 't', '\0',
+  /* "zacarias.com.ar", true */ 'z', 'a', 'c', 'a', 'r', 'i', 'a', 's', '.', 'c', 'o', 'm', '.', 'a', 'r', '\0',
+  /* "zacavi.com.br", true */ 'z', 'a', 'c', 'a', 'v', 'i', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zach.codes", true */ 'z', 'a', 'c', 'h', '.', 'c', 'o', 'd', 'e', 's', '\0',
+  /* "zacharopoulos.eu", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'e', 'u', '\0',
+  /* "zacharopoulos.me", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'm', 'e', '\0',
+  /* "zacharopoulos.org", false */ 'z', 'a', 'c', 'h', 'a', 'r', 'o', 'p', 'o', 'u', 'l', 'o', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zachaysan.com", true */ 'z', 'a', 'c', 'h', 'a', 'y', 's', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zachborboa.com", true */ 'z', 'a', 'c', 'h', 'b', 'o', 'r', 'b', 'o', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zachgibbens.org", true */ 'z', 'a', 'c', 'h', 'g', 'i', 'b', 'b', 'e', 'n', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zachpeters.org", true */ 'z', 'a', 'c', 'h', 'p', 'e', 't', 'e', 'r', 's', '.', 'o', 'r', 'g', '\0',
+  /* "zaclys.com", true */ 'z', 'a', 'c', 'l', 'y', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zadarkside.ro", true */ 'z', 'a', 'd', 'a', 'r', 'k', 's', 'i', 'd', 'e', '.', 'r', 'o', '\0',
+  /* "zadroweb.com", true */ 'z', 'a', 'd', 'r', 'o', 'w', 'e', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "zafirus.name", true */ 'z', 'a', 'f', 'i', 'r', 'u', 's', '.', 'n', 'a', 'm', 'e', '\0',
+  /* "zahe.me", true */ 'z', 'a', 'h', 'e', '.', 'm', 'e', '\0',
+  /* "zahyantechnologies.com", false */ 'z', 'a', 'h', 'y', 'a', 'n', 't', 'e', 'c', 'h', 'n', 'o', 'l', 'o', 'g', 'i', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zaidan.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'd', 'e', '\0',
+  /* "zaidan.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', '.', 'e', 'u', '\0',
+  /* "zaidanfood.com", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zaidanfood.eu", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'f', 'o', 'o', 'd', '.', 'e', 'u', '\0',
+  /* "zaidanlebensmittelhandel.de", true */ 'z', 'a', 'i', 'd', 'a', 'n', 'l', 'e', 'b', 'e', 'n', 's', 'm', 'i', 't', 't', 'e', 'l', 'h', 'a', 'n', 'd', 'e', 'l', '.', 'd', 'e', '\0',
+  /* "zajazd.biz", true */ 'z', 'a', 'j', 'a', 'z', 'd', '.', 'b', 'i', 'z', '\0',
+  /* "zakcutner.uk", true */ 'z', 'a', 'k', 'c', 'u', 't', 'n', 'e', 'r', '.', 'u', 'k', '\0',
+  /* "zakladam.cz", true */ 'z', 'a', 'k', 'l', 'a', 'd', 'a', 'm', '.', 'c', 'z', '\0',
+  /* "zakmccrac.de", true */ 'z', 'a', 'k', 'm', 'c', 'c', 'r', 'a', 'c', '.', 'd', 'e', '\0',
+  /* "zakr.es", true */ 'z', 'a', 'k', 'r', '.', 'e', 's', '\0',
+  /* "zakspartiesandevents.com", true */ 'z', 'a', 'k', 's', 'p', 'a', 'r', 't', 'i', 'e', 's', 'a', 'n', 'd', 'e', 'v', 'e', 'n', 't', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zalamea.ph", true */ 'z', 'a', 'l', 'a', 'm', 'e', 'a', '.', 'p', 'h', '\0',
+  /* "zalan.do", true */ 'z', 'a', 'l', 'a', 'n', '.', 'd', 'o', '\0',
+  /* "zamis.net", true */ 'z', 'a', 'm', 'i', 's', '.', 'n', 'e', 't', '\0',
+  /* "zamocosmeticos.com.br", true */ 'z', 'a', 'm', 'o', 'c', 'o', 's', 'm', 'e', 't', 'i', 'c', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zamow.co", true */ 'z', 'a', 'm', 'o', 'w', '.', 'c', 'o', '\0',
+  /* "zandcell.com", true */ 'z', 'a', 'n', 'd', 'c', 'e', 'l', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zanthra.com", true */ 'z', 'a', 'n', 't', 'h', 'r', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zapier.com", true */ 'z', 'a', 'p', 'i', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zappbuildapps.com", false */ 'z', 'a', 'p', 'p', 'b', 'u', 'i', 'l', 'd', 'a', 'p', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zaratan.fr", true */ 'z', 'a', 'r', 'a', 't', 'a', 'n', '.', 'f', 'r', '\0',
+  /* "zargaripour.com", true */ 'z', 'a', 'r', 'g', 'a', 'r', 'i', 'p', 'o', 'u', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zarmarket.org", true */ 'z', 'a', 'r', 'm', 'a', 'r', 'k', 'e', 't', '.', 'o', 'r', 'g', '\0',
+  /* "zarpo.com.br", true */ 'z', 'a', 'r', 'p', 'o', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zary.me", true */ 'z', 'a', 'r', 'y', '.', 'm', 'e', '\0',
+  /* "zaufanatrzeciastrona.pl", true */ 'z', 'a', 'u', 'f', 'a', 'n', 'a', 't', 'r', 'z', 'e', 'c', 'i', 'a', 's', 't', 'r', 'o', 'n', 'a', '.', 'p', 'l', '\0',
+  /* "zavec.com.ec", true */ 'z', 'a', 'v', 'e', 'c', '.', 'c', 'o', 'm', '.', 'e', 'c', '\0',
+  /* "zavetaji.lv", true */ 'z', 'a', 'v', 'e', 't', 'a', 'j', 'i', '.', 'l', 'v', '\0',
+  /* "zawo-electric.de", true */ 'z', 'a', 'w', 'o', '-', 'e', 'l', 'e', 'c', 't', 'r', 'i', 'c', '.', 'd', 'e', '\0',
+  /* "zberger.com", true */ 'z', 'b', 'e', 'r', 'g', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zbetcheck.in", true */ 'z', 'b', 'e', 't', 'c', 'h', 'e', 'c', 'k', '.', 'i', 'n', '\0',
+  /* "zbp.at", false */ 'z', 'b', 'p', '.', 'a', 't', '\0',
+  /* "zbrane-doplnky.cz", true */ 'z', 'b', 'r', 'a', 'n', 'e', '-', 'd', 'o', 'p', 'l', 'n', 'k', 'y', '.', 'c', 'z', '\0',
+  /* "zby.io", true */ 'z', 'b', 'y', '.', 'i', 'o', '\0',
+  /* "zbyga.cz", true */ 'z', 'b', 'y', 'g', 'a', '.', 'c', 'z', '\0',
+  /* "zbyte.it", false */ 'z', 'b', 'y', 't', 'e', '.', 'i', 't', '\0',
+  /* "zcarot.com", true */ 'z', 'c', 'a', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zcarrot.com", true */ 'z', 'c', 'a', 'r', 'r', 'o', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zcgram.com", true */ 'z', 'c', 'g', 'r', 'a', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zcon.nl", true */ 'z', 'c', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "zcr.ca", true */ 'z', 'c', 'r', '.', 'c', 'a', '\0',
+  /* "zdbl.de", true */ 'z', 'd', 'b', 'l', '.', 'd', 'e', '\0',
+  /* "zdenekspacek.cz", true */ 'z', 'd', 'e', 'n', 'e', 'k', 's', 'p', 'a', 'c', 'e', 'k', '.', 'c', 'z', '\0',
+  /* "zdorovayasimya.com", true */ 'z', 'd', 'o', 'r', 'o', 'v', 'a', 'y', 'a', 's', 'i', 'm', 'y', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zdravesteny.cz", true */ 'z', 'd', 'r', 'a', 'v', 'e', 's', 't', 'e', 'n', 'y', '.', 'c', 'z', '\0',
+  /* "zdrojak.cz", true */ 'z', 'd', 'r', 'o', 'j', 'a', 'k', '.', 'c', 'z', '\0',
+  /* "zdx.ch", true */ 'z', 'd', 'x', '.', 'c', 'h', '\0',
+  /* "ze3kr.com", true */ 'z', 'e', '3', 'k', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zeb.fun", true */ 'z', 'e', 'b', '.', 'f', 'u', 'n', '\0',
+  /* "zebedeescastles.co.uk", true */ 'z', 'e', 'b', 'e', 'd', 'e', 'e', 's', 'c', 'a', 's', 't', 'l', 'e', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zeds-official.com", true */ 'z', 'e', 'd', 's', '-', 'o', 'f', 'f', 'i', 'c', 'i', 'a', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zeebrieshoekvanholland.nl", true */ 'z', 'e', 'e', 'b', 'r', 'i', 'e', 's', 'h', 'o', 'e', 'k', 'v', 'a', 'n', 'h', 'o', 'l', 'l', 'a', 'n', 'd', '.', 'n', 'l', '\0',
+  /* "zeel.com", true */ 'z', 'e', 'e', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zeguigui.com", true */ 'z', 'e', 'g', 'u', 'i', 'g', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zehdenick-bleibt-bunt.de", true */ 'z', 'e', 'h', 'd', 'e', 'n', 'i', 'c', 'k', '-', 'b', 'l', 'e', 'i', 'b', 't', '-', 'b', 'u', 'n', 't', '.', 'd', 'e', '\0',
+  /* "zeilenmethans.nl", true */ 'z', 'e', 'i', 'l', 'e', 'n', 'm', 'e', 't', 'h', 'a', 'n', 's', '.', 'n', 'l', '\0',
+  /* "zeilles.nu", true */ 'z', 'e', 'i', 'l', 'l', 'e', 's', '.', 'n', 'u', '\0',
+  /* "zeitoununiversity.org", true */ 'z', 'e', 'i', 't', 'o', 'u', 'n', 'u', 'n', 'i', 'v', 'e', 'r', 's', 'i', 't', 'y', '.', 'o', 'r', 'g', '\0',
+  /* "zeitpunkt-kulturmagazin.de", true */ 'z', 'e', 'i', 't', 'p', 'u', 'n', 'k', 't', '-', 'k', 'u', 'l', 't', 'u', 'r', 'm', 'a', 'g', 'a', 'z', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "zekinteractive.com", true */ 'z', 'e', 'k', 'i', 'n', 't', 'e', 'r', 'a', 'c', 't', 'i', 'v', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zelezny.uk", false */ 'z', 'e', 'l', 'e', 'z', 'n', 'y', '.', 'u', 'k', '\0',
+  /* "zelfrijdendeautos.com", true */ 'z', 'e', 'l', 'f', 'r', 'i', 'j', 'd', 'e', 'n', 'd', 'e', 'a', 'u', 't', 'o', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zellari.ru", true */ 'z', 'e', 'l', 'l', 'a', 'r', 'i', '.', 'r', 'u', '\0',
+  /* "zeloz.xyz", true */ 'z', 'e', 'l', 'o', 'z', '.', 'x', 'y', 'z', '\0',
+  /* "zemlova.cz", true */ 'z', 'e', 'm', 'l', 'o', 'v', 'a', '.', 'c', 'z', '\0',
+  /* "zen-diez.de", true */ 'z', 'e', 'n', '-', 'd', 'i', 'e', 'z', '.', 'd', 'e', '\0',
+  /* "zen-ume.com", true */ 'z', 'e', 'n', '-', 'u', 'm', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zenfusion.fr", true */ 'z', 'e', 'n', 'f', 'u', 's', 'i', 'o', 'n', '.', 'f', 'r', '\0',
+  /* "zenics.co.uk", true */ 'z', 'e', 'n', 'i', 'c', 's', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zenithmedia.ca", true */ 'z', 'e', 'n', 'i', 't', 'h', 'm', 'e', 'd', 'i', 'a', '.', 'c', 'a', '\0',
+  /* "zenk-security.com", true */ 'z', 'e', 'n', 'k', '-', 's', 'e', 'c', 'u', 'r', 'i', 't', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "zenlogic.com", true */ 'z', 'e', 'n', 'l', 'o', 'g', 'i', 'c', '.', 'c', 'o', 'm', '\0',
+  /* "zenmate.com.tr", true */ 'z', 'e', 'n', 'm', 'a', 't', 'e', '.', 'c', 'o', 'm', '.', 't', 'r', '\0',
+  /* "zeno-system.com", true */ 'z', 'e', 'n', 'o', '-', 's', 'y', 's', 't', 'e', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zenofa.co.id", true */ 'z', 'e', 'n', 'o', 'f', 'a', '.', 'c', 'o', '.', 'i', 'd', '\0',
+  /* "zentask.io", true */ 'z', 'e', 'n', 't', 'a', 's', 'k', '.', 'i', 'o', '\0',
+  /* "zenvideocloud.com", true */ 'z', 'e', 'n', 'v', 'i', 'd', 'e', 'o', 'c', 'l', 'o', 'u', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zenycosta.com", true */ 'z', 'e', 'n', 'y', 'c', 'o', 's', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zepect.com", true */ 'z', 'e', 'p', 'e', 'c', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zeplin.io", true */ 'z', 'e', 'p', 'l', 'i', 'n', '.', 'i', 'o', '\0',
+  /* "zer0-day.pw", true */ 'z', 'e', 'r', '0', '-', 'd', 'a', 'y', '.', 'p', 'w', '\0',
+  /* "zer0.de", true */ 'z', 'e', 'r', '0', '.', 'd', 'e', '\0',
+  /* "zero-sum.xyz", true */ 'z', 'e', 'r', 'o', '-', 's', 'u', 'm', '.', 'x', 'y', 'z', '\0',
+  /* "zerobounce.net", true */ 'z', 'e', 'r', 'o', 'b', 'o', 'u', 'n', 'c', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zerocool.io", true */ 'z', 'e', 'r', 'o', 'c', 'o', 'o', 'l', '.', 'i', 'o', '\0',
+  /* "zerofy.de", true */ 'z', 'e', 'r', 'o', 'f', 'y', '.', 'd', 'e', '\0',
+  /* "zeroling.com", true */ 'z', 'e', 'r', 'o', 'l', 'i', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zeronet.io", true */ 'z', 'e', 'r', 'o', 'n', 'e', 't', '.', 'i', 'o', '\0',
+  /* "zeropush.com", true */ 'z', 'e', 'r', 'o', 'p', 'u', 's', 'h', '.', 'c', 'o', 'm', '\0',
+  /* "zerossl.com", true */ 'z', 'e', 'r', 'o', 's', 's', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zertif.info", true */ 'z', 'e', 'r', 't', 'i', 'f', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zertitude.com", true */ 'z', 'e', 'r', 't', 'i', 't', 'u', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zeryn.net", true */ 'z', 'e', 'r', 'y', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zespia.tw", false */ 'z', 'e', 's', 'p', 'i', 'a', '.', 't', 'w', '\0',
+  /* "zestylemon.co.uk", true */ 'z', 'e', 's', 't', 'y', 'l', 'e', 'm', 'o', 'n', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zetamode.com", true */ 'z', 'e', 't', 'a', 'm', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zetorzeszow.pl", false */ 'z', 'e', 't', 'o', 'r', 'z', 'e', 's', 'z', 'o', 'w', '.', 'p', 'l', '\0',
+  /* "zetrov.pl", true */ 'z', 'e', 't', 'r', 'o', 'v', '.', 'p', 'l', '\0',
+  /* "zettaplan.ru", true */ 'z', 'e', 't', 't', 'a', 'p', 'l', 'a', 'n', '.', 'r', 'u', '\0',
+  /* "zettlmeissl.de", true */ 'z', 'e', 't', 't', 'l', 'm', 'e', 'i', 's', 's', 'l', '.', 'd', 'e', '\0',
+  /* "zeug.co", true */ 'z', 'e', 'u', 'g', '.', 'c', 'o', '\0',
+  /* "zevelev.net", true */ 'z', 'e', 'v', 'e', 'l', 'e', 'v', '.', 'n', 'e', 't', '\0',
+  /* "zewtie.com", true */ 'z', 'e', 'w', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zfast.com.br", true */ 'z', 'f', 'a', 's', 't', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zfly.me", true */ 'z', 'f', 'l', 'y', '.', 'm', 'e', '\0',
+  /* "zfo.gg", true */ 'z', 'f', 'o', '.', 'g', 'g', '\0',
+  /* "zfree.co.nz", true */ 'z', 'f', 'r', 'e', 'e', '.', 'c', 'o', '.', 'n', 'z', '\0',
+  /* "zgrep.org", true */ 'z', 'g', 'r', 'e', 'p', '.', 'o', 'r', 'g', '\0',
+  /* "zh.search.yahoo.com", false */ 'z', 'h', '.', 's', 'e', 'a', 'r', 'c', 'h', '.', 'y', 'a', 'h', 'o', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhang-hao.com", true */ 'z', 'h', 'a', 'n', 'g', '-', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhang.nz", true */ 'z', 'h', 'a', 'n', 'g', '.', 'n', 'z', '\0',
+  /* "zhanghao.me", true */ 'z', 'h', 'a', 'n', 'g', 'h', 'a', 'o', '.', 'm', 'e', '\0',
+  /* "zhangsidan.com", true */ 'z', 'h', 'a', 'n', 'g', 's', 'i', 'd', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhangyuhao.com", true */ 'z', 'h', 'a', 'n', 'g', 'y', 'u', 'h', 'a', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zhangzifan.com", true */ 'z', 'h', 'a', 'n', 'g', 'z', 'i', 'f', 'a', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhaofeng.li", true */ 'z', 'h', 'a', 'o', 'f', 'e', 'n', 'g', '.', 'l', 'i', '\0',
+  /* "zhaoxixiangban.cc", true */ 'z', 'h', 'a', 'o', 'x', 'i', 'x', 'i', 'a', 'n', 'g', 'b', 'a', 'n', '.', 'c', 'c', '\0',
+  /* "zhen-chen.com", true */ 'z', 'h', 'e', 'n', '-', 'c', 'h', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zhengjie.com", true */ 'z', 'h', 'e', 'n', 'g', 'j', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zhiku8.com", true */ 'z', 'h', 'i', 'k', 'u', '8', '.', 'c', 'o', 'm', '\0',
+  /* "zhima.io", true */ 'z', 'h', 'i', 'm', 'a', '.', 'i', 'o', '\0',
+  /* "zhitanska.com", true */ 'z', 'h', 'i', 't', 'a', 'n', 's', 'k', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zhovner.com", true */ 'z', 'h', 'o', 'v', 'n', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zhuji.com", true */ 'z', 'h', 'u', 'j', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zhujicaihong.com", true */ 'z', 'h', 'u', 'j', 'i', 'c', 'a', 'i', 'h', 'o', 'n', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zi.is", true */ 'z', 'i', '.', 'i', 's', '\0',
+  /* "ziegler-family.com", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'f', 'a', 'm', 'i', 'l', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "ziegler-heizung-frankfurt.de", true */ 'z', 'i', 'e', 'g', 'l', 'e', 'r', '-', 'h', 'e', 'i', 'z', 'u', 'n', 'g', '-', 'f', 'r', 'a', 'n', 'k', 'f', 'u', 'r', 't', '.', 'd', 'e', '\0',
+  /* "ziemlich-zackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', '-', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "ziemlichzackig.de", true */ 'z', 'i', 'e', 'm', 'l', 'i', 'c', 'h', 'z', 'a', 'c', 'k', 'i', 'g', '.', 'd', 'e', '\0',
+  /* "zigi.io", true */ 'z', 'i', 'g', 'i', '.', 'i', 'o', '\0',
+  /* "zigzagmart.com", true */ 'z', 'i', 'g', 'z', 'a', 'g', 'm', 'a', 'r', 't', '.', 'c', 'o', 'm', '\0',
+  /* "ziin.de", false */ 'z', 'i', 'i', 'n', '.', 'd', 'e', '\0',
+  /* "zijung.me", true */ 'z', 'i', 'j', 'u', 'n', 'g', '.', 'm', 'e', '\0',
+  /* "zillertaleralpen.net", true */ 'z', 'i', 'l', 'l', 'e', 'r', 't', 'a', 'l', 'e', 'r', 'a', 'l', 'p', 'e', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zilon.com.co", true */ 'z', 'i', 'l', 'o', 'n', '.', 'c', 'o', 'm', '.', 'c', 'o', '\0',
+  /* "zilore.com", true */ 'z', 'i', 'l', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zilsen.com", true */ 'z', 'i', 'l', 's', 'e', 'n', '.', 'c', 'o', 'm', '\0',
+  /* "zima.io", true */ 'z', 'i', 'm', 'a', '.', 'i', 'o', '\0',
+  /* "zimiao.moe", true */ 'z', 'i', 'm', 'i', 'a', 'o', '.', 'm', 'o', 'e', '\0',
+  /* "zingarastore.com", true */ 'z', 'i', 'n', 'g', 'a', 'r', 'a', 's', 't', 'o', 'r', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zingjerijk.nl", true */ 'z', 'i', 'n', 'g', 'j', 'e', 'r', 'i', 'j', 'k', '.', 'n', 'l', '\0',
+  /* "zinniamay.com", true */ 'z', 'i', 'n', 'n', 'i', 'a', 'm', 'a', 'y', '.', 'c', 'o', 'm', '\0',
+  /* "zinoui.com", true */ 'z', 'i', 'n', 'o', 'u', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "ziondrive.com.br", true */ 'z', 'i', 'o', 'n', 'd', 'r', 'i', 'v', 'e', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zionvps.com", false */ 'z', 'i', 'o', 'n', 'v', 'p', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zip.ch", true */ 'z', 'i', 'p', '.', 'c', 'h', '\0',
+  /* "ziptie.com", true */ 'z', 'i', 'p', 't', 'i', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zircode.com", true */ 'z', 'i', 'r', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "ziroh.be", true */ 'z', 'i', 'r', 'o', 'h', '.', 'b', 'e', '\0',
+  /* "zittingskalender.be", true */ 'z', 'i', 't', 't', 'i', 'n', 'g', 's', 'k', 'a', 'l', 'e', 'n', 'd', 'e', 'r', '.', 'b', 'e', '\0',
+  /* "zivava.ge", true */ 'z', 'i', 'v', 'a', 'v', 'a', '.', 'g', 'e', '\0',
+  /* "zivmergers.com", true */ 'z', 'i', 'v', 'm', 'e', 'r', 'g', 'e', 'r', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zivver.com", true */ 'z', 'i', 'v', 'v', 'e', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zivyruzenec.cz", false */ 'z', 'i', 'v', 'y', 'r', 'u', 'z', 'e', 'n', 'e', 'c', '.', 'c', 'z', '\0',
+  /* "zixiao.wang", true */ 'z', 'i', 'x', 'i', 'a', 'o', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "zixo.sk", true */ 'z', 'i', 'x', 'o', '.', 's', 'k', '\0',
+  /* "zk.gd", true */ 'z', 'k', '.', 'g', 'd', '\0',
+  /* "zk9.nl", true */ 'z', 'k', '9', '.', 'n', 'l', '\0',
+  /* "zkrypt.cc", true */ 'z', 'k', 'r', 'y', 'p', 't', '.', 'c', 'c', '\0',
+  /* "zlatakus.cz", true */ 'z', 'l', 'a', 't', 'a', 'k', 'u', 's', '.', 'c', 'z', '\0',
+  /* "zlatosnadno.cz", true */ 'z', 'l', 'a', 't', 'o', 's', 'n', 'a', 'd', 'n', 'o', '.', 'c', 'z', '\0',
+  /* "zlavomat.sk", true */ 'z', 'l', 'a', 'v', 'o', 'm', 'a', 't', '.', 's', 'k', '\0',
+  /* "zlc1994.com", true */ 'z', 'l', 'c', '1', '9', '9', '4', '.', 'c', 'o', 'm', '\0',
+  /* "zlima12.com", true */ 'z', 'l', 'i', 'm', 'a', '1', '2', '.', 'c', 'o', 'm', '\0',
+  /* "znation.nl", true */ 'z', 'n', 'a', 't', 'i', 'o', 'n', '.', 'n', 'l', '\0',
+  /* "zning.net.cn", true */ 'z', 'n', 'i', 'n', 'g', '.', 'n', 'e', 't', '.', 'c', 'n', '\0',
+  /* "zockenbiszumumfallen.de", true */ 'z', 'o', 'c', 'k', 'e', 'n', 'b', 'i', 's', 'z', 'u', 'm', 'u', 'm', 'f', 'a', 'l', 'l', 'e', 'n', '.', 'd', 'e', '\0',
+  /* "zodiacohouses.com", true */ 'z', 'o', 'd', 'i', 'a', 'c', 'o', 'h', 'o', 'u', 's', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zoeller.me", true */ 'z', 'o', 'e', 'l', 'l', 'e', 'r', '.', 'm', 'e', '\0',
+  /* "zohar.shop", true */ 'z', 'o', 'h', 'a', 'r', '.', 's', 'h', 'o', 'p', '\0',
+  /* "zohar.wang", true */ 'z', 'o', 'h', 'a', 'r', '.', 'w', 'a', 'n', 'g', '\0',
+  /* "zoigl.club", true */ 'z', 'o', 'i', 'g', 'l', '.', 'c', 'l', 'u', 'b', '\0',
+  /* "zojadravai.com", true */ 'z', 'o', 'j', 'a', 'd', 'r', 'a', 'v', 'a', 'i', '.', 'c', 'o', 'm', '\0',
+  /* "zoki.art", true */ 'z', 'o', 'k', 'i', '.', 'a', 'r', 't', '\0',
+  /* "zollihood.ch", true */ 'z', 'o', 'l', 'l', 'i', 'h', 'o', 'o', 'd', '.', 'c', 'h', '\0',
+  /* "zolokar.xyz", true */ 'z', 'o', 'l', 'o', 'k', 'a', 'r', '.', 'x', 'y', 'z', '\0',
+  /* "zombiesecured.com", true */ 'z', 'o', 'm', 'b', 'i', 'e', 's', 'e', 'c', 'u', 'r', 'e', 'd', '.', 'c', 'o', 'm', '\0',
+  /* "zomerschoen.nl", true */ 'z', 'o', 'm', 'e', 'r', 's', 'c', 'h', 'o', 'e', 'n', '.', 'n', 'l', '\0',
+  /* "zonadebolsa.es", true */ 'z', 'o', 'n', 'a', 'd', 'e', 'b', 'o', 'l', 's', 'a', '.', 'e', 's', '\0',
+  /* "zone-produkte.de", false */ 'z', 'o', 'n', 'e', '-', 'p', 'r', 'o', 'd', 'u', 'k', 't', 'e', '.', 'd', 'e', '\0',
+  /* "zone39.com", true */ 'z', 'o', 'n', 'e', '3', '9', '.', 'c', 'o', 'm', '\0',
+  /* "zonecb.com", true */ 'z', 'o', 'n', 'e', 'c', 'b', '.', 'c', 'o', 'm', '\0',
+  /* "zonemaster.fr", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "zonemaster.net", true */ 'z', 'o', 'n', 'e', 'm', 'a', 's', 't', 'e', 'r', '.', 'n', 'e', 't', '\0',
+  /* "zonesec.org", true */ 'z', 'o', 'n', 'e', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+  /* "zonglovani.info", true */ 'z', 'o', 'n', 'g', 'l', 'o', 'v', 'a', 'n', 'i', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zoo.city", true */ 'z', 'o', 'o', '.', 'c', 'i', 't', 'y', '\0',
+  /* "zoofit.com.au", true */ 'z', 'o', 'o', 'f', 'i', 't', '.', 'c', 'o', 'm', '.', 'a', 'u', '\0',
+  /* "zooish.net", true */ 'z', 'o', 'o', 'i', 's', 'h', '.', 'n', 'e', 't', '\0',
+  /* "zoola.io", true */ 'z', 'o', 'o', 'l', 'a', '.', 'i', 'o', '\0',
+  /* "zoological-gardens.eu", true */ 'z', 'o', 'o', 'l', 'o', 'g', 'i', 'c', 'a', 'l', '-', 'g', 'a', 'r', 'd', 'e', 'n', 's', '.', 'e', 'u', '\0',
+  /* "zoom.earth", true */ 'z', 'o', 'o', 'm', '.', 'e', 'a', 'r', 't', 'h', '\0',
+  /* "zoomek.com", true */ 'z', 'o', 'o', 'm', 'e', 'k', '.', 'c', 'o', 'm', '\0',
+  /* "zoomseoservices.com", true */ 'z', 'o', 'o', 'm', 's', 'e', 'o', 's', 'e', 'r', 'v', 'i', 'c', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zooom.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "zooom2.azurewebsites.net", true */ 'z', 'o', 'o', 'o', 'm', '2', '.', 'a', 'z', 'u', 'r', 'e', 'w', 'e', 'b', 's', 'i', 't', 'e', 's', '.', 'n', 'e', 't', '\0',
+  /* "zooparadies.eu", true */ 'z', 'o', 'o', 'p', 'a', 'r', 'a', 'd', 'i', 'e', 's', '.', 'e', 'u', '\0',
+  /* "zootime.net", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zootime.org", true */ 'z', 'o', 'o', 't', 'i', 'm', 'e', '.', 'o', 'r', 'g', '\0',
+  /* "zoowiki.us", true */ 'z', 'o', 'o', 'w', 'i', 'k', 'i', '.', 'u', 's', '\0',
+  /* "zooxdata.com", true */ 'z', 'o', 'o', 'x', 'd', 'a', 't', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zopy.com.br", true */ 'z', 'o', 'p', 'y', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zopyx.com", true */ 'z', 'o', 'p', 'y', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zor.com", true */ 'z', 'o', 'r', '.', 'c', 'o', 'm', '\0',
+  /* "zorgclustertool.nl", true */ 'z', 'o', 'r', 'g', 'c', 'l', 'u', 's', 't', 'e', 'r', 't', 'o', 'o', 'l', '.', 'n', 'l', '\0',
+  /* "zorium.org", true */ 'z', 'o', 'r', 'i', 'u', 'm', '.', 'o', 'r', 'g', '\0',
+  /* "zorntt.fr", true */ 'z', 'o', 'r', 'n', 't', 't', '.', 'f', 'r', '\0',
+  /* "zorz.info", true */ 'z', 'o', 'r', 'z', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zotero.org", true */ 'z', 'o', 't', 'e', 'r', 'o', '.', 'o', 'r', 'g', '\0',
+  /* "zouk.info", true */ 'z', 'o', 'u', 'k', '.', 'i', 'n', 'f', 'o', '\0',
+  /* "zravypapir.cz", true */ 'z', 'r', 'a', 'v', 'y', 'p', 'a', 'p', 'i', 'r', '.', 'c', 'z', '\0',
+  /* "zrn.in", false */ 'z', 'r', 'n', '.', 'i', 'n', '\0',
+  /* "zrniecka-pre-sny.sk", true */ 'z', 'r', 'n', 'i', 'e', 'c', 'k', 'a', '-', 'p', 'r', 'e', '-', 's', 'n', 'y', '.', 's', 'k', '\0',
+  /* "zscales.com", true */ 'z', 's', 'c', 'a', 'l', 'e', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zserver.fr", true */ 'z', 's', 'e', 'r', 'v', 'e', 'r', '.', 'f', 'r', '\0',
+  /* "zskomenskeho.cz", true */ 'z', 's', 'k', 'o', 'm', 'e', 'n', 's', 'k', 'e', 'h', 'o', '.', 'c', 'z', '\0',
+  /* "zsoltsandor.me", true */ 'z', 's', 'o', 'l', 't', 's', 'a', 'n', 'd', 'o', 'r', '.', 'm', 'e', '\0',
+  /* "zsrbcs.com", true */ 'z', 's', 'r', 'b', 'c', 's', '.', 'c', 'o', 'm', '\0',
+  /* "zten.org", true */ 'z', 't', 'e', 'n', '.', 'o', 'r', 'g', '\0',
+  /* "ztjuh.tk", true */ 'z', 't', 'j', 'u', 'h', '.', 't', 'k', '\0',
+  /* "zuan-in.net", true */ 'z', 'u', 'a', 'n', '-', 'i', 'n', '.', 'n', 'e', 't', '\0',
+  /* "zuckerfloh.de", true */ 'z', 'u', 'c', 'k', 'e', 'r', 'f', 'l', 'o', 'h', '.', 'd', 'e', '\0',
+  /* "zuefle.net", true */ 'z', 'u', 'e', 'f', 'l', 'e', '.', 'n', 'e', 't', '\0',
+  /* "zug-anwalt.de", true */ 'z', 'u', 'g', '-', 'a', 'n', 'w', 'a', 'l', 't', '.', 'd', 'e', '\0',
+  /* "zug.fr", true */ 'z', 'u', 'g', '.', 'f', 'r', '\0',
+  /* "zug.io", true */ 'z', 'u', 'g', '.', 'i', 'o', '\0',
+  /* "zughilfen-test.de", true */ 'z', 'u', 'g', 'h', 'i', 'l', 'f', 'e', 'n', '-', 't', 'e', 's', 't', '.', 'd', 'e', '\0',
+  /* "zuiacg.com", true */ 'z', 'u', 'i', 'a', 'c', 'g', '.', 'c', 'o', 'm', '\0',
+  /* "zukix.com", true */ 'z', 'u', 'k', 'i', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zulu.ro", true */ 'z', 'u', 'l', 'u', '.', 'r', 'o', '\0',
+  /* "zulu7.com", true */ 'z', 'u', 'l', 'u', '7', '.', 'c', 'o', 'm', '\0',
+  /* "zund-app.com", true */ 'z', 'u', 'n', 'd', '-', 'a', 'p', 'p', '.', 'c', 'o', 'm', '\0',
+  /* "zundapp529.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', '5', '2', '9', '.', 'n', 'l', '\0',
+  /* "zundappachterhoek.nl", true */ 'z', 'u', 'n', 'd', 'a', 'p', 'p', 'a', 'c', 'h', 't', 'e', 'r', 'h', 'o', 'e', 'k', '.', 'n', 'l', '\0',
+  /* "zuolan.me", true */ 'z', 'u', 'o', 'l', 'a', 'n', '.', 'm', 'e', '\0',
+  /* "zup.me", true */ 'z', 'u', 'p', '.', 'm', 'e', '\0',
+  /* "zupago.com", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zupago.pe", true */ 'z', 'u', 'p', 'a', 'g', 'o', '.', 'p', 'e', '\0',
+  /* "zuppy.pm", true */ 'z', 'u', 'p', 'p', 'y', '.', 'p', 'm', '\0',
+  /* "zuralski.net", true */ 'z', 'u', 'r', 'a', 'l', 's', 'k', 'i', '.', 'n', 'e', 't', '\0',
+  /* "zurgl.com", true */ 'z', 'u', 'r', 'g', 'l', '.', 'c', 'o', 'm', '\0',
+  /* "zurickrelogios.com.br", true */ 'z', 'u', 'r', 'i', 'c', 'k', 'r', 'e', 'l', 'o', 'g', 'i', 'o', 's', '.', 'c', 'o', 'm', '.', 'b', 'r', '\0',
+  /* "zurret.de", true */ 'z', 'u', 'r', 'r', 'e', 't', '.', 'd', 'e', '\0',
+  /* "zusjesvandenbos.nl", true */ 'z', 'u', 's', 'j', 'e', 's', 'v', 'a', 'n', 'd', 'e', 'n', 'b', 'o', 's', '.', 'n', 'l', '\0',
+  /* "zutsu-raku.com", true */ 'z', 'u', 't', 's', 'u', '-', 'r', 'a', 'k', 'u', '.', 'c', 'o', 'm', '\0',
+  /* "zuzumba.es", true */ 'z', 'u', 'z', 'u', 'm', 'b', 'a', '.', 'e', 's', '\0',
+  /* "zvps.uk", true */ 'z', 'v', 'p', 's', '.', 'u', 'k', '\0',
+  /* "zvxr.net", true */ 'z', 'v', 'x', 'r', '.', 'n', 'e', 't', '\0',
+  /* "zvz.im", true */ 'z', 'v', 'z', '.', 'i', 'm', '\0',
+  /* "zwalcz-cellulit.com", true */ 'z', 'w', 'a', 'l', 'c', 'z', '-', 'c', 'e', 'l', 'l', 'u', 'l', 'i', 't', '.', 'c', 'o', 'm', '\0',
+  /* "zwartendijkstalling.nl", true */ 'z', 'w', 'a', 'r', 't', 'e', 'n', 'd', 'i', 'j', 'k', 's', 't', 'a', 'l', 'l', 'i', 'n', 'g', '.', 'n', 'l', '\0',
+  /* "zwb3.de", true */ 'z', 'w', 'b', '3', '.', 'd', 'e', '\0',
+  /* "zwerimex.com", true */ 'z', 'w', 'e', 'r', 'i', 'm', 'e', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zwollemag.nl", true */ 'z', 'w', 'o', 'l', 'l', 'e', 'm', 'a', 'g', '.', 'n', 'l', '\0',
+  /* "zwy.ch", true */ 'z', 'w', 'y', '.', 'c', 'h', '\0',
+  /* "zx6rninja.de", true */ 'z', 'x', '6', 'r', 'n', 'i', 'n', 'j', 'a', '.', 'd', 'e', '\0',
+  /* "zx7r.de", true */ 'z', 'x', '7', 'r', '.', 'd', 'e', '\0',
+  /* "zxity.co.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'c', 'o', '.', 'u', 'k', '\0',
+  /* "zxity.ltd", true */ 'z', 'x', 'i', 't', 'y', '.', 'l', 't', 'd', '\0',
+  /* "zxity.uk", true */ 'z', 'x', 'i', 't', 'y', '.', 'u', 'k', '\0',
+  /* "zxtcode.com", true */ 'z', 'x', 't', 'c', 'o', 'd', 'e', '.', 'c', 'o', 'm', '\0',
+  /* "zybbo.com", true */ 'z', 'y', 'b', 'b', 'o', '.', 'c', 'o', 'm', '\0',
+  /* "zyciedlazwierzat.pl", true */ 'z', 'y', 'c', 'i', 'e', 'd', 'l', 'a', 'z', 'w', 'i', 'e', 'r', 'z', 'a', 't', '.', 'p', 'l', '\0',
+  /* "zymmm.com", true */ 'z', 'y', 'm', 'm', 'm', '.', 'c', 'o', 'm', '\0',
+  /* "zypern-firma.com", true */ 'z', 'y', 'p', 'e', 'r', 'n', '-', 'f', 'i', 'r', 'm', 'a', '.', 'c', 'o', 'm', '\0',
+  /* "zypr.pw", true */ 'z', 'y', 'p', 'r', '.', 'p', 'w', '\0',
+  /* "zyria.de", true */ 'z', 'y', 'r', 'i', 'a', '.', 'd', 'e', '\0',
+  /* "zyul.ddns.net", true */ 'z', 'y', 'u', 'l', '.', 'd', 'd', 'n', 's', '.', 'n', 'e', 't', '\0',
+  /* "zyzardx.com", true */ 'z', 'y', 'z', 'a', 'r', 'd', 'x', '.', 'c', 'o', 'm', '\0',
+  /* "zzsec.org", true */ 'z', 'z', 's', 'e', 'c', '.', 'o', 'r', 'g', '\0',
+};
+
+struct nsSTSPreload
+{
+  const uint32_t mHostIndex : 31;
+  const uint32_t mIncludeSubdomains : 1;
+};
+
+static const nsSTSPreload kSTSPreloadList[] = {
+  { 0, true },
+  { 8, true },
+  { 20, true },
+  { 32, true },
+  { 54, true },
+  { 67, true },
+  { 75, true },
+  { 85, true },
+  { 97, true },
+  { 108, true },
+  { 129, true },
+  { 148, true },
+  { 156, true },
+  { 167, true },
+  { 178, true },
+  { 197, true },
+  { 215, true },
+  { 226, true },
+  { 236, true },
+  { 248, true },
+  { 258, true },
+  { 269, true },
+  { 278, true },
+  { 285, true },
+  { 291, true },
+  { 298, true },
+  { 306, true },
+  { 318, true },
+  { 325, true },
+  { 333, true },
+  { 347, true },
+  { 358, true },
+  { 366, true },
+  { 373, true },
+  { 380, true },
+  { 388, true },
+  { 394, true },
+  { 400, true },
+  { 415, true },
+  { 423, true },
+  { 432, true },
+  { 441, true },
+  { 450, true },
+  { 459, true },
+  { 474, true },
+  { 482, true },
+  { 490, true },
+  { 500, true },
+  { 509, true },
+  { 520, true },
+  { 532, true },
+  { 540, false },
+  { 548, true },
+  { 561, true },
+  { 569, true },
+  { 578, true },
+  { 586, true },
+  { 593, true },
+  { 602, true },
+  { 620, true },
+  { 638, true },
+  { 648, true },
+  { 661, true },
+  { 675, true },
+  { 690, true },
+  { 700, false },
+  { 723, true },
+  { 734, true },
+  { 748, true },
+  { 759, true },
+  { 779, true },
+  { 795, true },
+  { 811, true },
+  { 823, true },
+  { 835, true },
+  { 847, true },
+  { 872, true },
+  { 880, true },
+  { 891, true },
+  { 899, true },
+  { 907, true },
+  { 915, true },
+  { 923, true },
+  { 935, true },
+  { 945, true },
+  { 955, true },
+  { 964, true },
+  { 974, true },
+  { 995, true },
+  { 1006, true },
+  { 1031, true },
+  { 1056, true },
+  { 1071, true },
+  { 1085, true },
+  { 1100, true },
+  { 1114, true },
+  { 1124, true },
+  { 1136, true },
+  { 1154, true },
+  { 1166, true },
+  { 1177, true },
+  { 1188, true },
+  { 1198, true },
+  { 1205, true },
+  { 1214, true },
+  { 1227, true },
+  { 1252, true },
+  { 1263, true },
+  { 1272, true },
+  { 1286, true },
+  { 1311, true },
+  { 1336, true },
+  { 1344, true },
+  { 1352, true },
+  { 1362, true },
+  { 1387, true },
+  { 1412, true },
+  { 1430, true },
+  { 1441, true },
+  { 1466, true },
+  { 1477, false },
+  { 1493, true },
+  { 1504, true },
+  { 1529, false },
+  { 1540, true },
+  { 1553, true },
+  { 1564, true },
+  { 1574, true },
+  { 1584, true },
+  { 1592, false },
+  { 1604, true },
+  { 1614, true },
+  { 1630, true },
+  { 1655, true },
+  { 1680, true },
+  { 1705, true },
+  { 1720, true },
+  { 1742, true },
+  { 1759, true },
+  { 1782, true },
+  { 1795, true },
+  { 1809, true },
+  { 1816, true },
+  { 1831, true },
+  { 1842, true },
+  { 1864, true },
+  { 1874, true },
+  { 1886, true },
+  { 1893, false },
+  { 1904, true },
+  { 1911, true },
+  { 1919, true },
+  { 1937, false },
+  { 1946, true },
+  { 1955, true },
+  { 1966, true },
+  { 1977, false },
+  { 1983, true },
+  { 1996, true },
+  { 2006, true },
+  { 2020, true },
+  { 2027, true },
+  { 2034, true },
+  { 2041, true },
+  { 2052, true },
+  { 2064, true },
+  { 2081, true },
+  { 2098, true },
+  { 2116, true },
+  { 2135, true },
+  { 2163, true },
+  { 2179, true },
+  { 2206, true },
+  { 2220, true },
+  { 2231, true },
+  { 2243, true },
+  { 2250, true },
+  { 2256, true },
+  { 2270, true },
+  { 2285, true },
+  { 2292, true },
+  { 2305, true },
+  { 2314, true },
+  { 2325, true },
+  { 2334, true },
+  { 2344, true },
+  { 2355, true },
+  { 2367, true },
+  { 2378, true },
+  { 2390, true },
+  { 2398, true },
+  { 2408, true },
+  { 2419, true },
+  { 2437, true },
+  { 2452, true },
+  { 2461, true },
+  { 2469, true },
+  { 2477, true },
+  { 2488, true },
+  { 2496, true },
+  { 2509, true },
+  { 2525, true },
+  { 2543, true },
+  { 2554, true },
+  { 2563, true },
+  { 2576, true },
+  { 2586, true },
+  { 2596, true },
+  { 2605, true },
+  { 2613, true },
+  { 2626, true },
+  { 2636, true },
+  { 2648, true },
+  { 2660, true },
+  { 2669, true },
+  { 2678, true },
+  { 2687, true },
+  { 2698, true },
+  { 2709, true },
+  { 2720, true },
+  { 2729, true },
+  { 2743, true },
+  { 2750, true },
+  { 2761, true },
+  { 2770, true },
+  { 2792, true },
+  { 2813, true },
+  { 2822, true },
+  { 2834, true },
+  { 2848, true },
+  { 2858, true },
+  { 2873, true },
+  { 2881, true },
+  { 2898, true },
+  { 2907, true },
+  { 2920, false },
+  { 2929, true },
+  { 2948, true },
+  { 2961, true },
+  { 2973, true },
+  { 2981, true },
+  { 2992, true },
+  { 2999, true },
+  { 3008, true },
+  { 3016, true },
+  { 3026, true },
+  { 3036, true },
+  { 3049, true },
+  { 3060, true },
+  { 3079, true },
+  { 3090, true },
+  { 3109, true },
+  { 3127, true },
+  { 3146, true },
+  { 3158, true },
+  { 3172, true },
+  { 3184, true },
+  { 3195, true },
+  { 3208, true },
+  { 3219, true },
+  { 3229, true },
+  { 3238, true },
+  { 3246, true },
+  { 3261, true },
+  { 3269, true },
+  { 3279, true },
+  { 3297, true },
+  { 3323, true },
+  { 3330, true },
+  { 3340, true },
+  { 3352, true },
+  { 3366, true },
+  { 3379, true },
+  { 3399, true },
+  { 3414, true },
+  { 3434, true },
+  { 3454, true },
+  { 3463, true },
+  { 3474, true },
+  { 3484, true },
+  { 3492, true },
+  { 3502, true },
+  { 3517, true },
+  { 3528, true },
+  { 3539, true },
+  { 3549, true },
+  { 3563, true },
+  { 3577, true },
+  { 3587, true },
+  { 3596, true },
+  { 3615, true },
+  { 3624, true },
+  { 3638, true },
+  { 3646, true },
+  { 3653, true },
+  { 3667, true },
+  { 3686, true },
+  { 3697, true },
+  { 3710, true },
+  { 3720, true },
+  { 3733, true },
+  { 3745, true },
+  { 3757, true },
+  { 3768, true },
+  { 3787, true },
+  { 3794, false },
+  { 3804, true },
+  { 3814, true },
+  { 3825, true },
+  { 3836, true },
+  { 3846, true },
+  { 3859, true },
+  { 3892, true },
+  { 3905, true },
+  { 3914, true },
+  { 3924, true },
+  { 3935, true },
+  { 3949, true },
+  { 3964, false },
+  { 3977, true },
+  { 3992, true },
+  { 4001, true },
+  { 4011, true },
+  { 4019, true },
+  { 4030, true },
+  { 4045, true },
+  { 4055, true },
+  { 4064, true },
+  { 4083, true },
+  { 4095, true },
+  { 4106, true },
+  { 4118, true },
+  { 4125, true },
+  { 4135, true },
+  { 4141, true },
+  { 4151, true },
+  { 4159, true },
+  { 4168, true },
+  { 4179, true },
+  { 4195, true },
+  { 4204, true },
+  { 4215, true },
+  { 4228, true },
+  { 4237, true },
+  { 4249, true },
+  { 4260, true },
+  { 4268, true },
+  { 4280, true },
+  { 4292, true },
+  { 4302, true },
+  { 4312, true },
+  { 4325, true },
+  { 4335, true },
+  { 4374, true },
+  { 4383, true },
+  { 4394, true },
+  { 4406, true },
+  { 4416, true },
+  { 4426, true },
+  { 4443, true },
+  { 4471, true },
+  { 4478, true },
+  { 4484, true },
+  { 4494, false },
+  { 4501, true },
+  { 4516, true },
+  { 4528, true },
+  { 4540, true },
+  { 4552, true },
+  { 4564, true },
+  { 4576, true },
+  { 4588, true },
+  { 4599, true },
+  { 4610, true },
+  { 4622, true },
+  { 4630, true },
+  { 4646, true },
+  { 4659, true },
+  { 4675, true },
+  { 4682, true },
+  { 4689, true },
+  { 4698, true },
+  { 4708, true },
+  { 4715, true },
+  { 4725, true },
+  { 4737, true },
+  { 4748, true },
+  { 4760, true },
+  { 4777, true },
+  { 4791, true },
+  { 4804, true },
+  { 4815, true },
+  { 4829, false },
+  { 4836, true },
+  { 4845, true },
+  { 4866, true },
+  { 4881, true },
+  { 4893, true },
+  { 4902, true },
+  { 4915, true },
+  { 4927, true },
+  { 4938, true },
+  { 4950, true },
+  { 4961, true },
+  { 4969, true },
+  { 4985, true },
+  { 4998, true },
+  { 5015, true },
+  { 5024, true },
+  { 5031, true },
+  { 5044, true },
+  { 5065, true },
+  { 5080, true },
+  { 5089, true },
+  { 5097, true },
+  { 5107, false },
+  { 5120, true },
+  { 5134, true },
+  { 5144, true },
+  { 5197, false },
+  { 5205, true },
+  { 5219, true },
+  { 5230, true },
+  { 5241, true },
+  { 5252, true },
+  { 5264, true },
+  { 5276, true },
+  { 5285, true },
+  { 5295, true },
+  { 5308, true },
+  { 5322, true },
+  { 5332, true },
+  { 5342, true },
+  { 5350, true },
+  { 5357, true },
+  { 5385, true },
+  { 5397, true },
+  { 5422, true },
+  { 5434, true },
+  { 5443, true },
+  { 5465, true },
+  { 5476, true },
+  { 5502, true },
+  { 5512, true },
+  { 5535, true },
+  { 5557, true },
+  { 5569, true },
+  { 5586, true },
+  { 5594, true },
+  { 5605, true },
+  { 5613, true },
+  { 5632, true },
+  { 5640, true },
+  { 5651, true },
+  { 5661, true },
+  { 5676, true },
+  { 5693, true },
+  { 5707, true },
+  { 5721, true },
+  { 5745, true },
+  { 5762, true },
+  { 5772, true },
+  { 5790, true },
+  { 5808, true },
+  { 5819, true },
+  { 5831, true },
+  { 5844, true },
+  { 5868, true },
+  { 5885, true },
+  { 5895, true },
+  { 5905, true },
+  { 5921, false },
+  { 5937, true },
+  { 5952, true },
+  { 5967, true },
+  { 5975, false },
+  { 5985, true },
+  { 6009, true },
+  { 6029, true },
+  { 6054, true },
+  { 6071, true },
+  { 6086, true },
+  { 6101, true },
+  { 6120, true },
+  { 6131, true },
+  { 6160, true },
+  { 6169, true },
+  { 6181, true },
+  { 6201, true },
+  { 6222, true },
+  { 6235, true },
+  { 6251, true },
+  { 6261, true },
+  { 6268, true },
+  { 6297, true },
+  { 6320, true },
+  { 6330, true },
+  { 6344, true },
+  { 6355, true },
+  { 6372, true },
+  { 6384, true },
+  { 6399, false },
+  { 6409, true },
+  { 6422, false },
+  { 6437, true },
+  { 6455, true },
+  { 6483, true },
+  { 6497, true },
+  { 6519, true },
+  { 6538, true },
+  { 6548, true },
+  { 6562, true },
+  { 6574, true },
+  { 6585, true },
+  { 6596, true },
+  { 6611, true },
+  { 6630, true },
+  { 6642, true },
+  { 6666, true },
+  { 6684, true },
+  { 6695, true },
+  { 6709, true },
+  { 6722, true },
+  { 6734, true },
+  { 6746, true },
+  { 6768, true },
+  { 6777, false },
+  { 6789, true },
+  { 6802, true },
+  { 6812, true },
+  { 6831, true },
+  { 6844, true },
+  { 6857, true },
+  { 6868, true },
+  { 6879, true },
+  { 6901, true },
+  { 6920, true },
+  { 6934, true },
+  { 6950, true },
+  { 6969, true },
+  { 6986, true },
+  { 7002, true },
+  { 7019, true },
+  { 7035, true },
+  { 7060, true },
+  { 7085, true },
+  { 7101, true },
+  { 7120, true },
+  { 7137, true },
+  { 7153, true },
+  { 7170, true },
+  { 7186, true },
+  { 7208, true },
+  { 7232, true },
+  { 7256, true },
+  { 7275, true },
+  { 7293, true },
+  { 7304, false },
+  { 7312, true },
+  { 7335, true },
+  { 7359, true },
+  { 7371, true },
+  { 7383, true },
+  { 7397, true },
+  { 7411, true },
+  { 7426, true },
+  { 7438, true },
+  { 7457, true },
+  { 7470, true },
+  { 7482, true },
+  { 7493, true },
+  { 7521, true },
+  { 7538, true },
+  { 7573, true },
+  { 7596, true },
+  { 7614, true },
+  { 7638, true },
+  { 7651, true },
+  { 7664, true },
+  { 7677, true },
+  { 7686, true },
+  { 7695, true },
+  { 7706, true },
+  { 7729, true },
+  { 7744, true },
+  { 7756, true },
+  { 7775, true },
+  { 7787, true },
+  { 7799, true },
+  { 7818, true },
+  { 7840, true },
+  { 7853, true },
+  { 7870, true },
+  { 7889, true },
+  { 7904, true },
+  { 7924, true },
+  { 7938, true },
+  { 7946, true },
+  { 7965, true },
+  { 7976, true },
+  { 7990, true },
+  { 8009, true },
+  { 8032, true },
+  { 8056, true },
+  { 8075, true },
+  { 8090, true },
+  { 8107, true },
+  { 8131, true },
+  { 8144, true },
+  { 8170, true },
+  { 8186, true },
+  { 8204, true },
+  { 8222, true },
+  { 8243, true },
+  { 8263, true },
+  { 8288, true },
+  { 8310, true },
+  { 8326, true },
+  { 8341, true },
+  { 8360, true },
+  { 8379, true },
+  { 8402, true },
+  { 8413, true },
+  { 8432, true },
+  { 8447, true },
+  { 8465, true },
+  { 8479, true },
+  { 8498, true },
+  { 8508, true },
+  { 8515, false },
+  { 8524, true },
+  { 8536, true },
+  { 8557, true },
+  { 8569, true },
+  { 8582, true },
+  { 8598, true },
+  { 8612, true },
+  { 8633, true },
+  { 8645, true },
+  { 8666, true },
+  { 8677, true },
+  { 8688, true },
+  { 8701, true },
+  { 8719, true },
+  { 8730, true },
+  { 8745, false },
+  { 8754, false },
+  { 8765, true },
+  { 8775, true },
+  { 8791, true },
+  { 8806, true },
+  { 8818, true },
+  { 8833, true },
+  { 8852, true },
+  { 8863, true },
+  { 8874, true },
+  { 8891, true },
+  { 8912, true },
+  { 8922, true },
+  { 8936, true },
+  { 8946, true },
+  { 8962, true },
+  { 8978, true },
+  { 8990, true },
+  { 9001, true },
+  { 9026, true },
+  { 9038, true },
+  { 9048, true },
+  { 9061, true },
+  { 9073, true },
+  { 9088, true },
+  { 9108, true },
+  { 9123, true },
+  { 9149, true },
+  { 9170, true },
+  { 9187, false },
+  { 9197, true },
+  { 9214, true },
+  { 9231, true },
+  { 9247, true },
+  { 9272, true },
+  { 9296, true },
+  { 9311, true },
+  { 9325, true },
+  { 9339, false },
+  { 9352, true },
+  { 9360, true },
+  { 9369, true },
+  { 9384, true },
+  { 9393, false },
+  { 9409, true },
+  { 9423, true },
+  { 9435, true },
+  { 9450, true },
+  { 9463, true },
+  { 9475, true },
+  { 9487, true },
+  { 9499, true },
+  { 9511, true },
+  { 9523, true },
+  { 9531, true },
+  { 9542, true },
+  { 9559, true },
+  { 9574, true },
+  { 9592, true },
+  { 9607, true },
+  { 9621, true },
+  { 9635, true },
+  { 9652, true },
+  { 9661, true },
+  { 9678, true },
+  { 9694, true },
+  { 9709, true },
+  { 9724, true },
+  { 9733, true },
+  { 9758, true },
+  { 9771, true },
+  { 9792, true },
+  { 9807, true },
+  { 9828, true },
+  { 9837, true },
+  { 9847, true },
+  { 9872, true },
+  { 9884, true },
+  { 9903, true },
+  { 9915, true },
+  { 9934, true },
+  { 9953, true },
+  { 9972, true },
+  { 9985, true },
+  { 9997, true },
+  { 10012, true },
+  { 10027, true },
+  { 10043, true },
+  { 10054, true },
+  { 10066, false },
+  { 10077, true },
+  { 10090, true },
+  { 10102, true },
+  { 10116, true },
+  { 10131, true },
+  { 10151, true },
+  { 10164, true },
+  { 10184, true },
+  { 10194, true },
+  { 10216, true },
+  { 10233, true },
+  { 10242, true },
+  { 10256, true },
+  { 10268, true },
+  { 10294, true },
+  { 10321, true },
+  { 10347, true },
+  { 10358, true },
+  { 10371, true },
+  { 10385, true },
+  { 10398, true },
+  { 10409, true },
+  { 10424, true },
+  { 10448, true },
+  { 10465, true },
+  { 10493, false },
+  { 10507, true },
+  { 10531, true },
+  { 10541, true },
+  { 10553, true },
+  { 10565, true },
+  { 10576, true },
+  { 10588, true },
+  { 10597, true },
+  { 10611, true },
+  { 10621, true },
+  { 10635, true },
+  { 10654, true },
+  { 10677, true },
+  { 10688, true },
+  { 10698, true },
+  { 10715, true },
+  { 10727, false },
+  { 10742, true },
+  { 10755, true },
+  { 10772, true },
+  { 10786, true },
+  { 10800, true },
+  { 10814, true },
+  { 10822, true },
+  { 10837, true },
+  { 10858, true },
+  { 10876, true },
+  { 10894, true },
+  { 10909, true },
+  { 10925, true },
+  { 10942, true },
+  { 10959, true },
+  { 10980, true },
+  { 10991, true },
+  { 11014, true },
+  { 11027, true },
+  { 11038, true },
+  { 11047, true },
+  { 11063, true },
+  { 11079, true },
+  { 11098, true },
+  { 11119, true },
+  { 11133, true },
+  { 11156, true },
+  { 11189, true },
+  { 11215, true },
+  { 11249, true },
+  { 11268, true },
+  { 11288, true },
+  { 11301, true },
+  { 11328, true },
+  { 11339, true },
+  { 11350, true },
+  { 11370, true },
+  { 11381, true },
+  { 11399, true },
+  { 11417, true },
+  { 11439, false },
+  { 11458, true },
+  { 11478, true },
+  { 11492, true },
+  { 11516, true },
+  { 11535, true },
+  { 11556, true },
+  { 11577, true },
+  { 11597, true },
+  { 11607, true },
+  { 11615, true },
+  { 11631, true },
+  { 11641, true },
+  { 11651, true },
+  { 11661, true },
+  { 11674, true },
+  { 11687, true },
+  { 11698, true },
+  { 11712, true },
+  { 11726, true },
+  { 11736, true },
+  { 11746, true },
+  { 11756, true },
+  { 11766, true },
+  { 11776, true },
+  { 11786, true },
+  { 11796, true },
+  { 11806, true },
+  { 11817, true },
+  { 11834, true },
+  { 11851, true },
+  { 11866, true },
+  { 11884, true },
+  { 11900, true },
+  { 11910, true },
+  { 11918, true },
+  { 11930, true },
+  { 11938, true },
+  { 11948, true },
+  { 11963, true },
+  { 11975, false },
+  { 11986, true },
+  { 11996, true },
+  { 12013, true },
+  { 12030, true },
+  { 12043, true },
+  { 12053, true },
+  { 12070, true },
+  { 12086, true },
+  { 12106, true },
+  { 12117, true },
+  { 12126, true },
+  { 12140, true },
+  { 12152, true },
+  { 12167, true },
+  { 12179, true },
+  { 12190, true },
+  { 12202, true },
+  { 12217, true },
+  { 12227, true },
+  { 12236, true },
+  { 12250, true },
+  { 12272, true },
+  { 12290, true },
+  { 12310, true },
+  { 12342, true },
+  { 12353, true },
+  { 12365, true },
+  { 12382, true },
+  { 12406, true },
+  { 12435, true },
+  { 12460, true },
+  { 12481, true },
+  { 12510, true },
+  { 12524, true },
+  { 12552, true },
+  { 12571, true },
+  { 12593, true },
+  { 12610, true },
+  { 12626, true },
+  { 12641, true },
+  { 12649, true },
+  { 12664, true },
+  { 12674, true },
+  { 12685, true },
+  { 12693, true },
+  { 12707, true },
+  { 12727, true },
+  { 12745, true },
+  { 12761, true },
+  { 12773, true },
+  { 12788, true },
+  { 12802, true },
+  { 12815, true },
+  { 12823, true },
+  { 12832, true },
+  { 12851, true },
+  { 12865, true },
+  { 12881, true },
+  { 12890, true },
+  { 12907, true },
+  { 12915, true },
+  { 12948, true },
+  { 12965, true },
+  { 12982, true },
+  { 12999, false },
+  { 13015, true },
+  { 13033, true },
+  { 13048, true },
+  { 13062, true },
+  { 13082, true },
+  { 13095, true },
+  { 13109, true },
+  { 13117, true },
+  { 13125, true },
+  { 13138, true },
+  { 13152, false },
+  { 13166, true },
+  { 13188, true },
+  { 13200, true },
+  { 13210, true },
+  { 13221, true },
+  { 13231, true },
+  { 13245, true },
+  { 13259, true },
+  { 13271, true },
+  { 13283, true },
+  { 13295, true },
+  { 13307, true },
+  { 13328, true },
+  { 13354, true },
+  { 13363, true },
+  { 13375, true },
+  { 13384, true },
+  { 13398, true },
+  { 13411, true },
+  { 13426, true },
+  { 13437, true },
+  { 13448, true },
+  { 13460, true },
+  { 13473, true },
+  { 13492, true },
+  { 13506, true },
+  { 13516, true },
+  { 13533, true },
+  { 13545, true },
+  { 13561, true },
+  { 13569, true },
+  { 13589, true },
+  { 13599, false },
+  { 13609, false },
+  { 13617, true },
+  { 13627, true },
+  { 13636, true },
+  { 13650, true },
+  { 13661, true },
+  { 13674, true },
+  { 13688, true },
+  { 13696, true },
+  { 13708, true },
+  { 13720, true },
+  { 13744, true },
+  { 13761, true },
+  { 13780, true },
+  { 13790, true },
+  { 13802, true },
+  { 13821, false },
+  { 13830, true },
+  { 13844, true },
+  { 13854, true },
+  { 13868, true },
+  { 13875, true },
+  { 13887, true },
+  { 13900, true },
+  { 13911, true },
+  { 13922, true },
+  { 13937, true },
+  { 13948, true },
+  { 13959, true },
+  { 13966, true },
+  { 13980, true },
+  { 14001, true },
+  { 14012, true },
+  { 14024, true },
+  { 14033, true },
+  { 14043, true },
+  { 14061, true },
+  { 14081, true },
+  { 14104, true },
+  { 14119, true },
+  { 14134, true },
+  { 14151, true },
+  { 14166, true },
+  { 14179, true },
+  { 14194, true },
+  { 14206, true },
+  { 14216, true },
+  { 14229, true },
+  { 14248, true },
+  { 14261, true },
+  { 14277, true },
+  { 14288, true },
+  { 14299, true },
+  { 14314, true },
+  { 14341, true },
+  { 14354, true },
+  { 14367, false },
+  { 14384, true },
+  { 14394, true },
+  { 14417, true },
+  { 14430, true },
+  { 14440, true },
+  { 14451, true },
+  { 14463, true },
+  { 14474, true },
+  { 14485, true },
+  { 14507, true },
+  { 14518, true },
+  { 14529, true },
+  { 14559, true },
+  { 14575, true },
+  { 14600, true },
+  { 14630, true },
+  { 14641, true },
+  { 14662, true },
+  { 14673, true },
+  { 14684, true },
+  { 14711, true },
+  { 14723, true },
+  { 14741, true },
+  { 14752, true },
+  { 14764, true },
+  { 14781, true },
+  { 14799, true },
+  { 14808, true },
+  { 14822, true },
+  { 14832, true },
+  { 14843, true },
+  { 14855, true },
+  { 14877, true },
+  { 14887, true },
+  { 14897, true },
+  { 14908, true },
+  { 14926, true },
+  { 14937, true },
+  { 14947, true },
+  { 14962, true },
+  { 14979, true },
+  { 14995, true },
+  { 15008, true },
+  { 15019, true },
+  { 15033, false },
+  { 15059, false },
+  { 15070, false },
+  { 15087, true },
+  { 15097, true },
+  { 15109, true },
+  { 15118, true },
+  { 15137, true },
+  { 15160, true },
+  { 15170, true },
+  { 15183, true },
+  { 15195, true },
+  { 15204, true },
+  { 15221, true },
+  { 15228, true },
+  { 15243, true },
+  { 15267, true },
+  { 15283, true },
+  { 15308, true },
+  { 15333, true },
+  { 15358, true },
+  { 15370, true },
+  { 15392, true },
+  { 15402, true },
+  { 15414, true },
+  { 15426, true },
+  { 15439, true },
+  { 15466, true },
+  { 15494, true },
+  { 15509, true },
+  { 15522, true },
+  { 15536, true },
+  { 15550, true },
+  { 15565, true },
+  { 15581, false },
+  { 15597, true },
+  { 15617, true },
+  { 15637, true },
+  { 15651, true },
+  { 15672, true },
+  { 15685, true },
+  { 15701, true },
+  { 15716, true },
+  { 15733, true },
+  { 15747, true },
+  { 15759, true },
+  { 15770, true },
+  { 15780, true },
+  { 15791, true },
+  { 15810, true },
+  { 15825, true },
+  { 15837, true },
+  { 15849, true },
+  { 15861, true },
+  { 15875, true },
+  { 15893, true },
+  { 15902, true },
+  { 15914, true },
+  { 15933, true },
+  { 15946, true },
+  { 15962, true },
+  { 15973, true },
+  { 15982, true },
+  { 15993, true },
+  { 16011, true },
+  { 16025, true },
+  { 16040, true },
+  { 16050, true },
+  { 16064, true },
+  { 16088, true },
+  { 16097, true },
+  { 16113, true },
+  { 16126, true },
+  { 16144, true },
+  { 16164, true },
+  { 16184, true },
+  { 16205, true },
+  { 16224, true },
+  { 16238, true },
+  { 16252, true },
+  { 16265, true },
+  { 16279, true },
+  { 16294, true },
+  { 16309, true },
+  { 16327, true },
+  { 16345, true },
+  { 16369, true },
+  { 16384, true },
+  { 16402, true },
+  { 16412, true },
+  { 16429, true },
+  { 16447, true },
+  { 16462, true },
+  { 16480, true },
+  { 16494, true },
+  { 16508, true },
+  { 16522, true },
+  { 16535, true },
+  { 16547, true },
+  { 16562, true },
+  { 16576, true },
+  { 16591, true },
+  { 16601, true },
+  { 16615, false },
+  { 16630, true },
+  { 16639, true },
+  { 16656, true },
+  { 16671, true },
+  { 16685, true },
+  { 16699, true },
+  { 16713, true },
+  { 16727, true },
+  { 16743, true },
+  { 16755, true },
+  { 16768, true },
+  { 16788, true },
+  { 16801, true },
+  { 16814, true },
+  { 16841, true },
+  { 16856, true },
+  { 16877, true },
+  { 16896, true },
+  { 16908, true },
+  { 16922, true },
+  { 16936, true },
+  { 16948, true },
+  { 16963, true },
+  { 16973, true },
+  { 16991, true },
+  { 17000, true },
+  { 17015, true },
+  { 17029, true },
+  { 17043, true },
+  { 17052, true },
+  { 17067, true },
+  { 17081, true },
+  { 17093, true },
+  { 17115, true },
+  { 17127, true },
+  { 17150, true },
+  { 17171, true },
+  { 17191, true },
+  { 17203, true },
+  { 17219, true },
+  { 17233, true },
+  { 17250, true },
+  { 17268, true },
+  { 17281, true },
+  { 17293, true },
+  { 17304, true },
+  { 17315, false },
+  { 17331, true },
+  { 17351, true },
+  { 17369, true },
+  { 17389, true },
+  { 17407, true },
+  { 17432, true },
+  { 17454, true },
+  { 17474, true },
+  { 17490, true },
+  { 17503, true },
+  { 17526, true },
+  { 17548, true },
+  { 17564, true },
+  { 17576, true },
+  { 17596, true },
+  { 17609, true },
+  { 17623, true },
+  { 17636, true },
+  { 17644, true },
+  { 17668, true },
+  { 17681, true },
+  { 17698, true },
+  { 17716, true },
+  { 17734, true },
+  { 17747, true },
+  { 17765, true },
+  { 17787, true },
+  { 17804, true },
+  { 17834, true },
+  { 17858, true },
+  { 17874, true },
+  { 17898, true },
+  { 17917, true },
+  { 17930, true },
+  { 17946, true },
+  { 17958, true },
+  { 17972, true },
+  { 17981, true },
+  { 17996, true },
+  { 18010, true },
+  { 18024, true },
+  { 18037, true },
+  { 18055, true },
+  { 18074, true },
+  { 18090, true },
+  { 18103, true },
+  { 18124, true },
+  { 18148, true },
+  { 18178, true },
+  { 18194, true },
+  { 18213, true },
+  { 18226, true },
+  { 18248, true },
+  { 18265, true },
+  { 18286, true },
+  { 18306, true },
+  { 18326, true },
+  { 18344, true },
+  { 18360, true },
+  { 18378, true },
+  { 18392, true },
+  { 18405, true },
+  { 18418, false },
+  { 18431, true },
+  { 18443, true },
+  { 18466, true },
+  { 18476, true },
+  { 18501, true },
+  { 18514, true },
+  { 18528, true },
+  { 18542, true },
+  { 18557, true },
+  { 18574, true },
+  { 18594, false },
+  { 18610, true },
+  { 18619, true },
+  { 18634, true },
+  { 18652, true },
+  { 18677, true },
+  { 18691, true },
+  { 18705, true },
+  { 18731, true },
+  { 18746, true },
+  { 18770, true },
+  { 18784, true },
+  { 18800, true },
+  { 18812, true },
+  { 18826, true },
+  { 18837, true },
+  { 18847, true },
+  { 18861, true },
+  { 18878, true },
+  { 18902, true },
+  { 18924, true },
+  { 18937, true },
+  { 18948, true },
+  { 18961, true },
+  { 18975, true },
+  { 18992, true },
+  { 19006, true },
+  { 19014, true },
+  { 19026, true },
+  { 19042, true },
+  { 19057, true },
+  { 19071, true },
+  { 19085, true },
+  { 19097, true },
+  { 19115, true },
+  { 19132, true },
+  { 19150, true },
+  { 19168, true },
+  { 19187, true },
+  { 19203, true },
+  { 19215, true },
+  { 19229, true },
+  { 19251, true },
+  { 19265, true },
+  { 19282, true },
+  { 19294, true },
+  { 19306, true },
+  { 19325, true },
+  { 19339, true },
+  { 19353, true },
+  { 19368, true },
+  { 19389, true },
+  { 19401, true },
+  { 19412, true },
+  { 19422, true },
+  { 19434, true },
+  { 19445, true },
+  { 19457, true },
+  { 19474, true },
+  { 19500, true },
+  { 19514, true },
+  { 19526, true },
+  { 19534, true },
+  { 19545, true },
+  { 19553, true },
+  { 19561, true },
+  { 19569, true },
+  { 19577, true },
+  { 19590, true },
+  { 19598, true },
+  { 19605, true },
+  { 19615, true },
+  { 19626, true },
+  { 19645, true },
+  { 19658, true },
+  { 19671, true },
+  { 19685, true },
+  { 19697, true },
+  { 19710, true },
+  { 19724, true },
+  { 19738, true },
+  { 19758, true },
+  { 19776, true },
+  { 19788, true },
+  { 19800, true },
+  { 19809, true },
+  { 19835, true },
+  { 19857, true },
+  { 19884, true },
+  { 19912, true },
+  { 19937, true },
+  { 19944, true },
+  { 19959, true },
+  { 19982, true },
+  { 20004, true },
+  { 20027, true },
+  { 20045, true },
+  { 20058, true },
+  { 20067, true },
+  { 20084, true },
+  { 20097, true },
+  { 20113, true },
+  { 20126, true },
+  { 20140, true },
+  { 20151, true },
+  { 20161, true },
+  { 20172, true },
+  { 20182, true },
+  { 20193, true },
+  { 20202, true },
+  { 20222, true },
+  { 20249, true },
+  { 20265, true },
+  { 20281, true },
+  { 20306, true },
+  { 20333, true },
+  { 20361, true },
+  { 20398, true },
+  { 20429, true },
+  { 20448, true },
+  { 20463, true },
+  { 20483, true },
+  { 20495, true },
+  { 20516, true },
+  { 20536, true },
+  { 20562, true },
+  { 20574, true },
+  { 20587, true },
+  { 20596, true },
+  { 20605, true },
+  { 20615, true },
+  { 20622, true },
+  { 20640, true },
+  { 20665, true },
+  { 20684, true },
+  { 20701, true },
+  { 20724, true },
+  { 20740, true },
+  { 20751, true },
+  { 20762, true },
+  { 20771, true },
+  { 20787, true },
+  { 20802, true },
+  { 20822, true },
+  { 20841, true },
+  { 20874, true },
+  { 20884, true },
+  { 20899, true },
+  { 20913, true },
+  { 20934, true },
+  { 20944, true },
+  { 20971, true },
+  { 20988, true },
+  { 20999, true },
+  { 21018, true },
+  { 21040, true },
+  { 21050, true },
+  { 21064, true },
+  { 21081, true },
+  { 21105, true },
+  { 21114, true },
+  { 21125, true },
+  { 21145, true },
+  { 21164, true },
+  { 21177, true },
+  { 21188, true },
+  { 21200, true },
+  { 21218, true },
+  { 21233, true },
+  { 21255, true },
+  { 21272, true },
+  { 21284, false },
+  { 21295, true },
+  { 21314, true },
+  { 21328, true },
+  { 21346, true },
+  { 21364, true },
+  { 21383, true },
+  { 21405, true },
+  { 21419, true },
+  { 21434, true },
+  { 21448, true },
+  { 21462, true },
+  { 21477, true },
+  { 21487, true },
+  { 21507, true },
+  { 21522, false },
+  { 21553, true },
+  { 21564, false },
+  { 21588, true },
+  { 21609, true },
+  { 21627, true },
+  { 21642, true },
+  { 21653, true },
+  { 21671, true },
+  { 21693, false },
+  { 21704, true },
+  { 21721, true },
+  { 21740, true },
+  { 21756, true },
+  { 21769, true },
+  { 21777, true },
+  { 21794, true },
+  { 21807, true },
+  { 21818, true },
+  { 21833, true },
+  { 21845, true },
+  { 21864, true },
+  { 21882, true },
+  { 21893, true },
+  { 21903, true },
+  { 21918, true },
+  { 21935, true },
+  { 21947, true },
+  { 21969, true },
+  { 21984, true },
+  { 22001, true },
+  { 22022, true },
+  { 22038, true },
+  { 22055, true },
+  { 22072, true },
+  { 22086, true },
+  { 22101, true },
+  { 22116, true },
+  { 22130, true },
+  { 22146, true },
+  { 22166, true },
+  { 22180, true },
+  { 22197, true },
+  { 22214, true },
+  { 22231, true },
+  { 22243, true },
+  { 22261, true },
+  { 22278, true },
+  { 22293, true },
+  { 22310, true },
+  { 22326, true },
+  { 22341, true },
+  { 22355, true },
+  { 22372, true },
+  { 22390, true },
+  { 22406, true },
+  { 22419, true },
+  { 22433, true },
+  { 22444, true },
+  { 22457, true },
+  { 22471, true },
+  { 22489, true },
+  { 22507, true },
+  { 22524, true },
+  { 22543, true },
+  { 22558, true },
+  { 22578, true },
+  { 22592, true },
+  { 22612, true },
+  { 22627, true },
+  { 22638, true },
+  { 22651, true },
+  { 22665, true },
+  { 22681, true },
+  { 22696, true },
+  { 22705, true },
+  { 22719, true },
+  { 22736, true },
+  { 22752, true },
+  { 22771, true },
+  { 22782, true },
+  { 22795, true },
+  { 22806, true },
+  { 22820, true },
+  { 22842, true },
+  { 22854, true },
+  { 22877, true },
+  { 22892, true },
+  { 22907, true },
+  { 22921, true },
+  { 22938, true },
+  { 22956, true },
+  { 22966, true },
+  { 22981, true },
+  { 23002, true },
+  { 23022, true },
+  { 23042, true },
+  { 23053, true },
+  { 23066, true },
+  { 23077, true },
+  { 23086, true },
+  { 23101, true },
+  { 23116, true },
+  { 23130, true },
+  { 23143, true },
+  { 23155, true },
+  { 23163, true },
+  { 23178, true },
+  { 23193, true },
+  { 23215, true },
+  { 23233, true },
+  { 23248, false },
+  { 23261, true },
+  { 23279, true },
+  { 23296, true },
+  { 23319, true },
+  { 23337, false },
+  { 23346, true },
+  { 23356, true },
+  { 23367, true },
+  { 23377, true },
+  { 23388, true },
+  { 23400, true },
+  { 23416, true },
+  { 23431, true },
+  { 23453, true },
+  { 23468, true },
+  { 23485, true },
+  { 23502, true },
+  { 23522, true },
+  { 23533, true },
+  { 23544, true },
+  { 23562, true },
+  { 23594, true },
+  { 23621, true },
+  { 23635, true },
+  { 23646, true },
+  { 23659, true },
+  { 23671, true },
+  { 23685, true },
+  { 23695, true },
+  { 23709, true },
+  { 23723, true },
+  { 23738, true },
+  { 23752, true },
+  { 23770, true },
+  { 23782, true },
+  { 23811, true },
+  { 23823, true },
+  { 23841, true },
+  { 23861, true },
+  { 23880, true },
+  { 23900, true },
+  { 23916, true },
+  { 23939, true },
+  { 23957, true },
+  { 23975, true },
+  { 23989, true },
+  { 24011, true },
+  { 24028, false },
+  { 24052, true },
+  { 24064, true },
+  { 24075, true },
+  { 24088, true },
+  { 24103, true },
+  { 24115, true },
+  { 24127, true },
+  { 24139, true },
+  { 24150, true },
+  { 24159, true },
+  { 24175, true },
+  { 24192, true },
+  { 24211, true },
+  { 24222, true },
+  { 24238, true },
+  { 24257, true },
+  { 24278, true },
+  { 24295, true },
+  { 24307, true },
+  { 24320, true },
+  { 24330, true },
+  { 24339, true },
+  { 24349, true },
+  { 24361, true },
+  { 24373, true },
+  { 24386, true },
+  { 24404, true },
+  { 24421, true },
+  { 24440, true },
+  { 24457, true },
+  { 24473, true },
+  { 24490, true },
+  { 24500, true },
+  { 24510, true },
+  { 24522, true },
+  { 24533, true },
+  { 24544, true },
+  { 24567, true },
+  { 24588, true },
+  { 24608, true },
+  { 24623, true },
+  { 24643, true },
+  { 24660, true },
+  { 24681, true },
+  { 24698, true },
+  { 24708, true },
+  { 24722, true },
+  { 24737, true },
+  { 24752, true },
+  { 24770, true },
+  { 24785, true },
+  { 24800, true },
+  { 24811, true },
+  { 24823, true },
+  { 24833, true },
+  { 24851, true },
+  { 24872, true },
+  { 24898, true },
+  { 24917, true },
+  { 24936, true },
+  { 24964, true },
+  { 24976, true },
+  { 24992, true },
+  { 25013, true },
+  { 25029, true },
+  { 25043, true },
+  { 25058, true },
+  { 25068, true },
+  { 25084, true },
+  { 25097, true },
+  { 25110, true },
+  { 25127, true },
+  { 25144, true },
+  { 25160, false },
+  { 25167, true },
+  { 25178, true },
+  { 25190, true },
+  { 25200, true },
+  { 25212, true },
+  { 25225, true },
+  { 25238, true },
+  { 25254, true },
+  { 25266, true },
+  { 25277, true },
+  { 25284, true },
+  { 25295, true },
+  { 25305, true },
+  { 25317, true },
+  { 25328, true },
+  { 25339, false },
+  { 25347, true },
+  { 25357, true },
+  { 25375, true },
+  { 25389, true },
+  { 25401, true },
+  { 25415, false },
+  { 25429, true },
+  { 25445, true },
+  { 25459, true },
+  { 25474, true },
+  { 25493, true },
+  { 25514, true },
+  { 25539, true },
+  { 25548, true },
+  { 25566, true },
+  { 25577, true },
+  { 25585, true },
+  { 25597, true },
+  { 25620, true },
+  { 25633, true },
+  { 25652, true },
+  { 25678, true },
+  { 25690, true },
+  { 25706, true },
+  { 25719, true },
+  { 25735, false },
+  { 25751, true },
+  { 25767, false },
+  { 25782, false },
+  { 25795, true },
+  { 25807, true },
+  { 25823, true },
+  { 25835, true },
+  { 25848, true },
+  { 25864, true },
+  { 25878, true },
+  { 25890, true },
+  { 25901, true },
+  { 25910, true },
+  { 25920, true },
+  { 25933, true },
+  { 25943, true },
+  { 25959, true },
+  { 25968, true },
+  { 25988, true },
+  { 25995, true },
+  { 26007, true },
+  { 26020, true },
+  { 26042, false },
+  { 26058, true },
+  { 26077, true },
+  { 26085, true },
+  { 26101, true },
+  { 26112, true },
+  { 26133, true },
+  { 26143, true },
+  { 26157, true },
+  { 26166, true },
+  { 26176, true },
+  { 26187, true },
+  { 26198, true },
+  { 26209, true },
+  { 26220, true },
+  { 26232, true },
+  { 26248, true },
+  { 26265, false },
+  { 26282, true },
+  { 26304, true },
+  { 26328, true },
+  { 26354, true },
+  { 26375, true },
+  { 26388, true },
+  { 26400, true },
+  { 26414, true },
+  { 26433, true },
+  { 26454, true },
+  { 26466, true },
+  { 26480, true },
+  { 26504, true },
+  { 26536, true },
+  { 26549, true },
+  { 26562, true },
+  { 26576, true },
+  { 26591, true },
+  { 26604, true },
+  { 26620, true },
+  { 26637, true },
+  { 26648, true },
+  { 26657, true },
+  { 26671, true },
+  { 26684, true },
+  { 26698, true },
+  { 26711, true },
+  { 26723, true },
+  { 26737, true },
+  { 26749, true },
+  { 26770, true },
+  { 26778, false },
+  { 26796, true },
+  { 26819, true },
+  { 26846, true },
+  { 26861, true },
+  { 26879, false },
+  { 26900, false },
+  { 26913, true },
+  { 26921, true },
+  { 26935, true },
+  { 26949, true },
+  { 26961, true },
+  { 26981, true },
+  { 26994, true },
+  { 27007, true },
+  { 27019, true },
+  { 27036, true },
+  { 27048, true },
+  { 27075, true },
+  { 27084, true },
+  { 27098, true },
+  { 27106, true },
+  { 27123, true },
+  { 27136, true },
+  { 27149, true },
+  { 27162, true },
+  { 27181, true },
+  { 27193, true },
+  { 27203, true },
+  { 27225, true },
+  { 27242, true },
+  { 27256, true },
+  { 27267, true },
+  { 27280, true },
+  { 27293, true },
+  { 27309, true },
+  { 27330, true },
+  { 27354, true },
+  { 27366, true },
+  { 27380, true },
+  { 27404, true },
+  { 27419, true },
+  { 27442, true },
+  { 27455, false },
+  { 27471, true },
+  { 27488, true },
+  { 27514, true },
+  { 27527, true },
+  { 27546, true },
+  { 27552, true },
+  { 27564, true },
+  { 27578, true },
+  { 27591, true },
+  { 27601, true },
+  { 27612, true },
+  { 27628, true },
+  { 27640, true },
+  { 27651, true },
+  { 27661, true },
+  { 27678, true },
+  { 27692, true },
+  { 27701, true },
+  { 27720, true },
+  { 27732, false },
+  { 27744, true },
+  { 27757, true },
+  { 27768, true },
+  { 27797, true },
+  { 27823, true },
+  { 27839, true },
+  { 27852, true },
+  { 27866, true },
+  { 27881, true },
+  { 27892, true },
+  { 27902, true },
+  { 27925, true },
+  { 27941, true },
+  { 27951, true },
+  { 27967, true },
+  { 27979, false },
+  { 27998, true },
+  { 28022, true },
+  { 28050, true },
+  { 28063, true },
+  { 28077, false },
+  { 28089, true },
+  { 28102, true },
+  { 28112, true },
+  { 28126, true },
+  { 28137, true },
+  { 28155, true },
+  { 28168, true },
+  { 28182, true },
+  { 28194, true },
+  { 28206, true },
+  { 28222, true },
+  { 28238, true },
+  { 28261, true },
+  { 28275, true },
+  { 28291, true },
+  { 28315, false },
+  { 28331, true },
+  { 28342, true },
+  { 28351, true },
+  { 28360, true },
+  { 28374, true },
+  { 28382, true },
+  { 28396, true },
+  { 28406, true },
+  { 28419, true },
+  { 28428, true },
+  { 28439, true },
+  { 28459, true },
+  { 28472, true },
+  { 28481, true },
+  { 28503, true },
+  { 28516, true },
+  { 28526, true },
+  { 28538, true },
+  { 28560, true },
+  { 28575, true },
+  { 28591, true },
+  { 28608, true },
+  { 28622, true },
+  { 28634, true },
+  { 28647, true },
+  { 28673, true },
+  { 28688, true },
+  { 28706, true },
+  { 28726, true },
+  { 28739, true },
+  { 28752, true },
+  { 28770, true },
+  { 28782, true },
+  { 28796, true },
+  { 28810, true },
+  { 28819, true },
+  { 28839, true },
+  { 28851, true },
+  { 28869, true },
+  { 28889, true },
+  { 28913, true },
+  { 28939, true },
+  { 28959, true },
+  { 28968, true },
+  { 28978, true },
+  { 28991, true },
+  { 29004, true },
+  { 29016, true },
+  { 29042, true },
+  { 29052, true },
+  { 29067, true },
+  { 29081, true },
+  { 29093, true },
+  { 29107, true },
+  { 29125, true },
+  { 29143, true },
+  { 29163, true },
+  { 29188, true },
+  { 29198, true },
+  { 29214, true },
+  { 29232, true },
+  { 29243, true },
+  { 29259, true },
+  { 29279, true },
+  { 29287, true },
+  { 29309, true },
+  { 29324, true },
+  { 29335, true },
+  { 29345, true },
+  { 29367, true },
+  { 29382, true },
+  { 29401, true },
+  { 29414, false },
+  { 29429, true },
+  { 29449, true },
+  { 29460, true },
+  { 29470, true },
+  { 29488, true },
+  { 29502, true },
+  { 29514, true },
+  { 29532, true },
+  { 29541, true },
+  { 29552, true },
+  { 29572, true },
+  { 29583, true },
+  { 29603, true },
+  { 29623, true },
+  { 29635, true },
+  { 29647, false },
+  { 29661, true },
+  { 29673, true },
+  { 29690, true },
+  { 29700, true },
+  { 29713, false },
+  { 29728, true },
+  { 29740, true },
+  { 29753, true },
+  { 29765, true },
+  { 29777, true },
+  { 29797, true },
+  { 29811, true },
+  { 29824, true },
+  { 29838, true },
+  { 29850, true },
+  { 29868, true },
+  { 29880, true },
+  { 29891, true },
+  { 29902, true },
+  { 29913, true },
+  { 29926, true },
+  { 29939, true },
+  { 29954, true },
+  { 29967, true },
+  { 29978, true },
+  { 30000, true },
+  { 30023, true },
+  { 30034, true },
+  { 30049, true },
+  { 30063, true },
+  { 30079, true },
+  { 30090, true },
+  { 30100, true },
+  { 30121, true },
+  { 30132, true },
+  { 30141, true },
+  { 30161, true },
+  { 30180, true },
+  { 30194, true },
+  { 30201, true },
+  { 30212, true },
+  { 30229, true },
+  { 30243, true },
+  { 30253, true },
+  { 30266, true },
+  { 30279, true },
+  { 30291, true },
+  { 30303, true },
+  { 30320, true },
+  { 30331, true },
+  { 30344, true },
+  { 30357, true },
+  { 30367, true },
+  { 30379, true },
+  { 30397, true },
+  { 30407, true },
+  { 30421, true },
+  { 30438, true },
+  { 30448, true },
+  { 30464, true },
+  { 30475, true },
+  { 30484, true },
+  { 30495, true },
+  { 30506, true },
+  { 30517, true },
+  { 30528, true },
+  { 30542, true },
+  { 30557, true },
+  { 30576, true },
+  { 30600, true },
+  { 30618, true },
+  { 30637, true },
+  { 30654, true },
+  { 30666, true },
+  { 30682, true },
+  { 30697, true },
+  { 30712, true },
+  { 30731, true },
+  { 30747, true },
+  { 30760, true },
+  { 30779, true },
+  { 30801, true },
+  { 30827, true },
+  { 30842, true },
+  { 30855, true },
+  { 30866, true },
+  { 30876, true },
+  { 30886, true },
+  { 30896, false },
+  { 30906, true },
+  { 30921, true },
+  { 30931, true },
+  { 30940, true },
+  { 30959, true },
+  { 30976, true },
+  { 30988, true },
+  { 31000, true },
+  { 31018, true },
+  { 31032, true },
+  { 31046, true },
+  { 31056, true },
+  { 31063, true },
+  { 31073, true },
+  { 31083, true },
+  { 31091, false },
+  { 31100, true },
+  { 31116, true },
+  { 31140, true },
+  { 31165, true },
+  { 31187, true },
+  { 31205, true },
+  { 31218, true },
+  { 31238, true },
+  { 31251, true },
+  { 31272, true },
+  { 31289, true },
+  { 31312, true },
+  { 31342, true },
+  { 31357, true },
+  { 31381, true },
+  { 31397, true },
+  { 31414, true },
+  { 31432, true },
+  { 31446, true },
+  { 31471, true },
+  { 31496, true },
+  { 31518, true },
+  { 31531, true },
+  { 31551, true },
+  { 31567, true },
+  { 31587, true },
+  { 31599, true },
+  { 31619, true },
+  { 31633, true },
+  { 31654, true },
+  { 31666, true },
+  { 31683, true },
+  { 31693, true },
+  { 31706, true },
+  { 31715, true },
+  { 31725, true },
+  { 31734, true },
+  { 31742, true },
+  { 31754, true },
+  { 31769, true },
+  { 31778, false },
+  { 31787, false },
+  { 31807, true },
+  { 31828, true },
+  { 31838, true },
+  { 31845, true },
+  { 31861, true },
+  { 31877, true },
+  { 31892, true },
+  { 31901, true },
+  { 31909, true },
+  { 31925, true },
+  { 31935, true },
+  { 31955, true },
+  { 31973, true },
+  { 32000, true },
+  { 32020, true },
+  { 32034, true },
+  { 32055, true },
+  { 32082, true },
+  { 32101, true },
+  { 32118, true },
+  { 32136, true },
+  { 32164, true },
+  { 32187, true },
+  { 32202, true },
+  { 32220, true },
+  { 32228, true },
+  { 32243, true },
+  { 32257, true },
+  { 32268, true },
+  { 32277, true },
+  { 32298, true },
+  { 32318, true },
+  { 32338, true },
+  { 32348, true },
+  { 32364, true },
+  { 32376, true },
+  { 32391, true },
+  { 32403, true },
+  { 32418, true },
+  { 32433, true },
+  { 32445, true },
+  { 32468, true },
+  { 32475, true },
+  { 32488, true },
+  { 32501, true },
+  { 32524, true },
+  { 32542, true },
+  { 32564, true },
+  { 32585, true },
+  { 32605, true },
+  { 32622, true },
+  { 32648, true },
+  { 32661, true },
+  { 32678, true },
+  { 32687, true },
+  { 32709, true },
+  { 32727, true },
+  { 32739, true },
+  { 32752, true },
+  { 32766, true },
+  { 32778, true },
+  { 32790, true },
+  { 32800, true },
+  { 32814, true },
+  { 32824, true },
+  { 32839, true },
+  { 32854, true },
+  { 32865, true },
+  { 32878, true },
+  { 32896, true },
+  { 32915, true },
+  { 32927, true },
+  { 32953, true },
+  { 32967, true },
+  { 32989, true },
+  { 33002, true },
+  { 33018, true },
+  { 33033, true },
+  { 33045, true },
+  { 33053, true },
+  { 33073, true },
+  { 33091, true },
+  { 33112, true },
+  { 33133, true },
+  { 33147, true },
+  { 33163, true },
+  { 33175, true },
+  { 33188, false },
+  { 33199, true },
+  { 33213, true },
+  { 33225, true },
+  { 33237, true },
+  { 33249, true },
+  { 33261, true },
+  { 33276, true },
+  { 33286, true },
+  { 33296, true },
+  { 33312, true },
+  { 33321, true },
+  { 33331, true },
+  { 33346, true },
+  { 33368, true },
+  { 33379, true },
+  { 33404, true },
+  { 33419, true },
+  { 33432, true },
+  { 33451, true },
+  { 33466, true },
+  { 33480, true },
+  { 33496, true },
+  { 33508, true },
+  { 33520, true },
+  { 33536, true },
+  { 33555, true },
+  { 33574, true },
+  { 33586, true },
+  { 33599, true },
+  { 33614, true },
+  { 33634, true },
+  { 33645, true },
+  { 33660, true },
+  { 33673, true },
+  { 33691, true },
+  { 33721, true },
+  { 33744, true },
+  { 33757, true },
+  { 33772, false },
+  { 33780, true },
+  { 33792, true },
+  { 33814, true },
+  { 33831, true },
+  { 33841, true },
+  { 33851, true },
+  { 33859, true },
+  { 33873, true },
+  { 33889, true },
+  { 33913, true },
+  { 33945, true },
+  { 33966, true },
+  { 33976, true },
+  { 33993, true },
+  { 34014, false },
+  { 34034, true },
+  { 34063, true },
+  { 34079, true },
+  { 34101, true },
+  { 34119, true },
+  { 34134, true },
+  { 34160, true },
+  { 34179, true },
+  { 34197, true },
+  { 34223, true },
+  { 34245, true },
+  { 34263, true },
+  { 34285, true },
+  { 34297, true },
+  { 34308, true },
+  { 34330, true },
+  { 34343, true },
+  { 34359, true },
+  { 34377, true },
+  { 34394, true },
+  { 34412, true },
+  { 34425, true },
+  { 34446, true },
+  { 34471, true },
+  { 34496, true },
+  { 34514, true },
+  { 34528, true },
+  { 34543, true },
+  { 34561, true },
+  { 34586, true },
+  { 34611, true },
+  { 34635, true },
+  { 34648, true },
+  { 34663, true },
+  { 34683, true },
+  { 34697, true },
+  { 34714, true },
+  { 34742, true },
+  { 34765, true },
+  { 34780, true },
+  { 34793, true },
+  { 34806, true },
+  { 34819, true },
+  { 34843, true },
+  { 34862, true },
+  { 34878, true },
+  { 34891, true },
+  { 34904, true },
+  { 34920, true },
+  { 34939, true },
+  { 34960, true },
+  { 34989, true },
+  { 34999, true },
+  { 35012, true },
+  { 35025, true },
+  { 35037, true },
+  { 35055, true },
+  { 35063, true },
+  { 35072, false },
+  { 35088, true },
+  { 35104, true },
+  { 35114, true },
+  { 35134, true },
+  { 35146, true },
+  { 35167, true },
+  { 35184, true },
+  { 35202, true },
+  { 35212, true },
+  { 35224, true },
+  { 35232, true },
+  { 35243, true },
+  { 35254, true },
+  { 35272, true },
+  { 35280, true },
+  { 35292, true },
+  { 35301, true },
+  { 35310, false },
+  { 35322, false },
+  { 35334, true },
+  { 35358, true },
+  { 35376, true },
+  { 35396, true },
+  { 35407, true },
+  { 35420, true },
+  { 35429, true },
+  { 35443, true },
+  { 35465, true },
+  { 35475, true },
+  { 35484, true },
+  { 35495, true },
+  { 35503, true },
+  { 35513, true },
+  { 35522, true },
+  { 35534, true },
+  { 35546, true },
+  { 35555, true },
+  { 35566, true },
+  { 35574, true },
+  { 35584, true },
+  { 35595, false },
+  { 35607, true },
+  { 35620, true },
+  { 35641, true },
+  { 35653, true },
+  { 35668, true },
+  { 35681, true },
+  { 35689, true },
+  { 35705, false },
+  { 35715, true },
+  { 35738, true },
+  { 35762, true },
+  { 35771, true },
+  { 35779, true },
+  { 35806, true },
+  { 35814, true },
+  { 35821, true },
+  { 35838, true },
+  { 35857, true },
+  { 35878, true },
+  { 35889, true },
+  { 35898, true },
+  { 35907, true },
+  { 35924, true },
+  { 35942, true },
+  { 35953, true },
+  { 35969, true },
+  { 35981, true },
+  { 35992, true },
+  { 36003, true },
+  { 36014, true },
+  { 36026, true },
+  { 36038, false },
+  { 36047, true },
+  { 36063, true },
+  { 36072, true },
+  { 36081, true },
+  { 36091, true },
+  { 36101, true },
+  { 36112, true },
+  { 36121, true },
+  { 36131, true },
+  { 36146, true },
+  { 36156, true },
+  { 36182, true },
+  { 36194, true },
+  { 36212, true },
+  { 36226, true },
+  { 36237, true },
+  { 36268, true },
+  { 36288, false },
+  { 36304, true },
+  { 36322, false },
+  { 36342, true },
+  { 36354, true },
+  { 36364, true },
+  { 36374, true },
+  { 36386, true },
+  { 36399, true },
+  { 36409, true },
+  { 36423, true },
+  { 36432, true },
+  { 36442, true },
+  { 36452, true },
+  { 36461, true },
+  { 36469, true },
+  { 36479, true },
+  { 36491, true },
+  { 36503, true },
+  { 36515, true },
+  { 36525, true },
+  { 36541, true },
+  { 36555, true },
+  { 36572, true },
+  { 36588, true },
+  { 36603, true },
+  { 36615, true },
+  { 36623, true },
+  { 36634, false },
+  { 36644, true },
+  { 36661, true },
+  { 36673, true },
+  { 36695, true },
+  { 36702, true },
+  { 36711, true },
+  { 36719, true },
+  { 36729, true },
+  { 36743, true },
+  { 36773, true },
+  { 36788, true },
+  { 36797, true },
+  { 36811, true },
+  { 36823, true },
+  { 36844, true },
+  { 36859, true },
+  { 36871, true },
+  { 36886, true },
+  { 36910, true },
+  { 36927, true },
+  { 36944, true },
+  { 36962, true },
+  { 36975, true },
+  { 36987, true },
+  { 37010, true },
+  { 37021, true },
+  { 37030, true },
+  { 37041, true },
+  { 37066, true },
+  { 37082, true },
+  { 37096, true },
+  { 37116, true },
+  { 37131, true },
+  { 37149, true },
+  { 37167, true },
+  { 37182, true },
+  { 37196, true },
+  { 37211, true },
+  { 37230, true },
+  { 37245, true },
+  { 37266, true },
+  { 37279, true },
+  { 37295, true },
+  { 37319, true },
+  { 37329, true },
+  { 37339, true },
+  { 37348, true },
+  { 37357, true },
+  { 37367, true },
+  { 37378, true },
+  { 37403, true },
+  { 37432, true },
+  { 37445, true },
+  { 37455, true },
+  { 37470, true },
+  { 37484, true },
+  { 37501, false },
+  { 37509, false },
+  { 37518, true },
+  { 37532, true },
+  { 37539, false },
+  { 37556, true },
+  { 37571, true },
+  { 37583, true },
+  { 37598, true },
+  { 37608, true },
+  { 37627, true },
+  { 37644, true },
+  { 37656, false },
+  { 37663, true },
+  { 37689, true },
+  { 37702, true },
+  { 37714, true },
+  { 37733, true },
+  { 37760, true },
+  { 37781, true },
+  { 37795, true },
+  { 37810, true },
+  { 37834, true },
+  { 37843, true },
+  { 37855, true },
+  { 37867, true },
+  { 37881, true },
+  { 37896, true },
+  { 37908, true },
+  { 37917, true },
+  { 37936, true },
+  { 37952, true },
+  { 37970, true },
+  { 37987, true },
+  { 38006, true },
+  { 38036, true },
+  { 38046, true },
+  { 38063, true },
+  { 38076, true },
+  { 38094, true },
+  { 38104, true },
+  { 38121, true },
+  { 38143, true },
+  { 38156, true },
+  { 38172, true },
+  { 38182, true },
+  { 38195, true },
+  { 38209, true },
+  { 38223, true },
+  { 38235, true },
+  { 38255, true },
+  { 38270, true },
+  { 38286, true },
+  { 38314, true },
+  { 38328, true },
+  { 38343, true },
+  { 38357, true },
+  { 38366, true },
+  { 38377, true },
+  { 38395, true },
+  { 38409, true },
+  { 38424, true },
+  { 38436, true },
+  { 38448, true },
+  { 38462, true },
+  { 38479, true },
+  { 38490, true },
+  { 38501, true },
+  { 38512, true },
+  { 38525, true },
+  { 38548, true },
+  { 38563, true },
+  { 38578, false },
+  { 38594, true },
+  { 38616, true },
+  { 38634, true },
+  { 38651, true },
+  { 38669, true },
+  { 38688, true },
+  { 38699, true },
+  { 38712, true },
+  { 38729, true },
+  { 38749, true },
+  { 38776, true },
+  { 38803, true },
+  { 38821, true },
+  { 38839, true },
+  { 38851, true },
+  { 38860, true },
+  { 38873, true },
+  { 38889, true },
+  { 38911, true },
+  { 38928, true },
+  { 38950, true },
+  { 38970, true },
+  { 38987, true },
+  { 39002, true },
+  { 39021, true },
+  { 39036, true },
+  { 39050, true },
+  { 39061, true },
+  { 39084, true },
+  { 39096, true },
+  { 39109, true },
+  { 39122, true },
+  { 39135, true },
+  { 39153, true },
+  { 39171, true },
+  { 39189, true },
+  { 39206, true },
+  { 39231, true },
+  { 39243, true },
+  { 39257, true },
+  { 39274, true },
+  { 39294, true },
+  { 39304, true },
+  { 39320, true },
+  { 39333, true },
+  { 39346, true },
+  { 39362, true },
+  { 39375, true },
+  { 39388, true },
+  { 39401, true },
+  { 39410, true },
+  { 39427, true },
+  { 39438, true },
+  { 39449, true },
+  { 39463, true },
+  { 39474, true },
+  { 39491, true },
+  { 39501, true },
+  { 39515, true },
+  { 39528, true },
+  { 39537, true },
+  { 39546, true },
+  { 39556, true },
+  { 39569, true },
+  { 39580, true },
+  { 39594, true },
+  { 39604, true },
+  { 39614, true },
+  { 39625, true },
+  { 39648, true },
+  { 39674, true },
+  { 39694, true },
+  { 39714, true },
+  { 39736, true },
+  { 39751, true },
+  { 39764, true },
+  { 39783, true },
+  { 39811, true },
+  { 39820, true },
+  { 39841, true },
+  { 39861, true },
+  { 39871, true },
+  { 39897, true },
+  { 39918, true },
+  { 39935, true },
+  { 39955, true },
+  { 39974, true },
+  { 39989, true },
+  { 40001, true },
+  { 40014, true },
+  { 40026, true },
+  { 40046, true },
+  { 40064, true },
+  { 40075, true },
+  { 40092, true },
+  { 40105, true },
+  { 40118, true },
+  { 40129, true },
+  { 40142, true },
+  { 40154, true },
+  { 40171, true },
+  { 40185, true },
+  { 40216, true },
+  { 40226, true },
+  { 40238, true },
+  { 40251, true },
+  { 40262, true },
+  { 40273, true },
+  { 40287, false },
+  { 40305, true },
+  { 40322, true },
+  { 40338, true },
+  { 40353, true },
+  { 40377, true },
+  { 40393, true },
+  { 40421, true },
+  { 40440, true },
+  { 40450, true },
+  { 40463, true },
+  { 40485, true },
+  { 40496, true },
+  { 40519, true },
+  { 40543, true },
+  { 40556, true },
+  { 40567, true },
+  { 40584, true },
+  { 40600, true },
+  { 40616, true },
+  { 40631, true },
+  { 40647, true },
+  { 40662, true },
+  { 40677, true },
+  { 40694, true },
+  { 40713, true },
+  { 40725, true },
+  { 40752, true },
+  { 40764, true },
+  { 40782, false },
+  { 40794, true },
+  { 40803, true },
+  { 40812, true },
+  { 40821, true },
+  { 40840, true },
+  { 40852, true },
+  { 40866, true },
+  { 40881, true },
+  { 40898, true },
+  { 40914, true },
+  { 40924, true },
+  { 40933, true },
+  { 40951, true },
+  { 40962, true },
+  { 40974, true },
+  { 40982, true },
+  { 41000, true },
+  { 41010, true },
+  { 41027, true },
+  { 41038, true },
+  { 41052, true },
+  { 41070, true },
+  { 41080, true },
+  { 41087, true },
+  { 41114, true },
+  { 41123, true },
+  { 41137, true },
+  { 41150, true },
+  { 41164, true },
+  { 41174, true },
+  { 41187, true },
+  { 41211, false },
+  { 41222, true },
+  { 41240, true },
+  { 41265, true },
+  { 41272, true },
+  { 41284, true },
+  { 41296, true },
+  { 41317, true },
+  { 41330, true },
+  { 41347, false },
+  { 41367, true },
+  { 41379, true },
+  { 41395, true },
+  { 41407, true },
+  { 41426, true },
+  { 41439, false },
+  { 41453, true },
+  { 41466, true },
+  { 41486, true },
+  { 41499, true },
+  { 41516, true },
+  { 41530, true },
+  { 41548, true },
+  { 41568, true },
+  { 41588, true },
+  { 41604, true },
+  { 41616, true },
+  { 41630, true },
+  { 41645, true },
+  { 41658, true },
+  { 41667, true },
+  { 41685, true },
+  { 41695, true },
+  { 41712, true },
+  { 41733, true },
+  { 41756, false },
+  { 41775, true },
+  { 41786, true },
+  { 41794, true },
+  { 41805, true },
+  { 41819, true },
+  { 41838, true },
+  { 41864, true },
+  { 41887, true },
+  { 41912, true },
+  { 41926, true },
+  { 41943, true },
+  { 41959, true },
+  { 41972, true },
+  { 41983, true },
+  { 41993, true },
+  { 42009, true },
+  { 42023, true },
+  { 42036, true },
+  { 42050, true },
+  { 42063, true },
+  { 42077, true },
+  { 42092, true },
+  { 42104, true },
+  { 42119, true },
+  { 42138, true },
+  { 42157, true },
+  { 42174, true },
+  { 42190, true },
+  { 42210, true },
+  { 42227, true },
+  { 42243, true },
+  { 42253, true },
+  { 42268, true },
+  { 42286, true },
+  { 42299, true },
+  { 42314, true },
+  { 42327, true },
+  { 42343, true },
+  { 42357, true },
+  { 42371, true },
+  { 42390, true },
+  { 42403, true },
+  { 42423, true },
+  { 42435, true },
+  { 42458, true },
+  { 42470, true },
+  { 42493, true },
+  { 42506, true },
+  { 42521, true },
+  { 42538, true },
+  { 42550, true },
+  { 42566, true },
+  { 42591, true },
+  { 42602, true },
+  { 42614, true },
+  { 42629, true },
+  { 42657, false },
+  { 42676, true },
+  { 42691, true },
+  { 42707, true },
+  { 42718, true },
+  { 42728, true },
+  { 42741, true },
+  { 42757, true },
+  { 42770, true },
+  { 42780, true },
+  { 42791, true },
+  { 42802, true },
+  { 42813, true },
+  { 42824, true },
+  { 42835, true },
+  { 42846, true },
+  { 42857, true },
+  { 42885, true },
+  { 42907, false },
+  { 42921, true },
+  { 42933, true },
+  { 42953, true },
+  { 42970, true },
+  { 42996, true },
+  { 43005, true },
+  { 43017, true },
+  { 43029, true },
+  { 43040, true },
+  { 43068, false },
+  { 43087, true },
+  { 43101, true },
+  { 43111, true },
+  { 43122, true },
+  { 43149, true },
+  { 43170, true },
+  { 43181, true },
+  { 43191, true },
+  { 43218, true },
+  { 43233, true },
+  { 43245, true },
+  { 43256, true },
+  { 43277, false },
+  { 43292, true },
+  { 43305, true },
+  { 43315, true },
+  { 43326, true },
+  { 43339, true },
+  { 43350, true },
+  { 43362, true },
+  { 43377, true },
+  { 43391, true },
+  { 43405, true },
+  { 43427, true },
+  { 43440, true },
+  { 43455, true },
+  { 43474, true },
+  { 43495, true },
+  { 43505, true },
+  { 43519, true },
+  { 43539, true },
+  { 43559, true },
+  { 43569, true },
+  { 43582, true },
+  { 43596, true },
+  { 43610, true },
+  { 43627, true },
+  { 43645, true },
+  { 43664, true },
+  { 43677, true },
+  { 43692, true },
+  { 43713, true },
+  { 43725, true },
+  { 43743, true },
+  { 43764, true },
+  { 43784, true },
+  { 43802, true },
+  { 43820, true },
+  { 43838, true },
+  { 43852, true },
+  { 43865, true },
+  { 43884, false },
+  { 43898, true },
+  { 43929, true },
+  { 43948, true },
+  { 43958, true },
+  { 43977, true },
+  { 43988, true },
+  { 43998, true },
+  { 44014, true },
+  { 44029, true },
+  { 44053, true },
+  { 44068, true },
+  { 44082, true },
+  { 44104, true },
+  { 44118, true },
+  { 44131, true },
+  { 44144, true },
+  { 44157, true },
+  { 44174, true },
+  { 44187, true },
+  { 44204, true },
+  { 44234, true },
+  { 44253, true },
+  { 44262, true },
+  { 44276, true },
+  { 44292, true },
+  { 44303, true },
+  { 44321, true },
+  { 44337, true },
+  { 44357, true },
+  { 44371, true },
+  { 44387, true },
+  { 44396, true },
+  { 44417, true },
+  { 44438, true },
+  { 44456, true },
+  { 44466, true },
+  { 44495, true },
+  { 44523, true },
+  { 44540, true },
+  { 44566, true },
+  { 44581, true },
+  { 44603, true },
+  { 44626, true },
+  { 44634, true },
+  { 44643, true },
+  { 44654, true },
+  { 44664, true },
+  { 44677, true },
+  { 44687, true },
+  { 44706, true },
+  { 44723, true },
+  { 44732, true },
+  { 44749, true },
+  { 44766, true },
+  { 44791, true },
+  { 44804, true },
+  { 44824, true },
+  { 44845, true },
+  { 44855, true },
+  { 44867, true },
+  { 44878, true },
+  { 44888, true },
+  { 44901, true },
+  { 44914, true },
+  { 44924, true },
+  { 44945, true },
+  { 44958, true },
+  { 44976, true },
+  { 44997, true },
+  { 45016, true },
+  { 45040, true },
+  { 45066, true },
+  { 45086, true },
+  { 45104, true },
+  { 45119, true },
+  { 45134, true },
+  { 45150, true },
+  { 45169, true },
+  { 45187, true },
+  { 45203, true },
+  { 45221, true },
+  { 45244, true },
+  { 45266, true },
+  { 45283, true },
+  { 45297, true },
+  { 45323, true },
+  { 45341, true },
+  { 45359, true },
+  { 45381, true },
+  { 45397, true },
+  { 45411, true },
+  { 45428, true },
+  { 45448, true },
+  { 45459, true },
+  { 45472, true },
+  { 45484, true },
+  { 45496, true },
+  { 45508, true },
+  { 45524, true },
+  { 45535, true },
+  { 45550, true },
+  { 45562, true },
+  { 45570, true },
+  { 45589, true },
+  { 45602, true },
+  { 45624, true },
+  { 45642, true },
+  { 45651, true },
+  { 45671, true },
+  { 45682, true },
+  { 45704, true },
+  { 45721, true },
+  { 45736, true },
+  { 45748, true },
+  { 45766, true },
+  { 45780, true },
+  { 45809, true },
+  { 45825, true },
+  { 45844, true },
+  { 45865, true },
+  { 45882, true },
+  { 45896, true },
+  { 45910, true },
+  { 45923, true },
+  { 45935, true },
+  { 45946, true },
+  { 45956, true },
+  { 45986, false },
+  { 46011, true },
+  { 46027, true },
+  { 46040, true },
+  { 46051, true },
+  { 46070, true },
+  { 46097, true },
+  { 46109, true },
+  { 46124, true },
+  { 46141, true },
+  { 46159, true },
+  { 46177, true },
+  { 46186, true },
+  { 46202, true },
+  { 46222, true },
+  { 46233, true },
+  { 46253, true },
+  { 46273, true },
+  { 46292, true },
+  { 46311, true },
+  { 46329, true },
+  { 46346, true },
+  { 46372, true },
+  { 46388, true },
+  { 46402, true },
+  { 46414, true },
+  { 46425, true },
+  { 46440, true },
+  { 46453, true },
+  { 46471, true },
+  { 46489, true },
+  { 46497, false },
+  { 46506, true },
+  { 46520, true },
+  { 46534, true },
+  { 46548, true },
+  { 46565, true },
+  { 46577, true },
+  { 46592, true },
+  { 46600, true },
+  { 46614, true },
+  { 46625, true },
+  { 46637, true },
+  { 46651, true },
+  { 46666, true },
+  { 46676, true },
+  { 46685, true },
+  { 46698, true },
+  { 46711, true },
+  { 46725, true },
+  { 46735, true },
+  { 46748, true },
+  { 46759, false },
+  { 46779, true },
+  { 46791, true },
+  { 46814, true },
+  { 46832, true },
+  { 46850, true },
+  { 46862, true },
+  { 46877, true },
+  { 46886, true },
+  { 46901, true },
+  { 46914, true },
+  { 46926, true },
+  { 46940, true },
+  { 46955, true },
+  { 46970, true },
+  { 46988, true },
+  { 47001, true },
+  { 47012, true },
+  { 47022, true },
+  { 47034, true },
+  { 47053, true },
+  { 47073, true },
+  { 47086, true },
+  { 47105, true },
+  { 47115, true },
+  { 47130, true },
+  { 47149, true },
+  { 47170, true },
+  { 47182, true },
+  { 47197, true },
+  { 47212, true },
+  { 47220, true },
+  { 47235, true },
+  { 47250, true },
+  { 47263, true },
+  { 47273, true },
+  { 47285, true },
+  { 47300, true },
+  { 47317, true },
+  { 47342, true },
+  { 47358, true },
+  { 47387, true },
+  { 47409, true },
+  { 47425, true },
+  { 47444, true },
+  { 47467, true },
+  { 47483, true },
+  { 47507, true },
+  { 47528, true },
+  { 47537, true },
+  { 47550, true },
+  { 47571, true },
+  { 47592, true },
+  { 47621, true },
+  { 47631, true },
+  { 47645, true },
+  { 47665, true },
+  { 47685, true },
+  { 47702, true },
+  { 47716, true },
+  { 47731, true },
+  { 47742, true },
+  { 47758, true },
+  { 47784, true },
+  { 47797, true },
+  { 47811, true },
+  { 47830, true },
+  { 47845, false },
+  { 47864, false },
+  { 47882, true },
+  { 47894, true },
+  { 47908, true },
+  { 47920, true },
+  { 47938, true },
+  { 47953, true },
+  { 47975, true },
+  { 47987, true },
+  { 47997, true },
+  { 48009, true },
+  { 48019, true },
+  { 48034, true },
+  { 48050, true },
+  { 48069, true },
+  { 48091, true },
+  { 48109, true },
+  { 48124, true },
+  { 48137, true },
+  { 48164, true },
+  { 48184, true },
+  { 48198, false },
+  { 48210, true },
+  { 48225, true },
+  { 48246, true },
+  { 48262, true },
+  { 48277, true },
+  { 48289, true },
+  { 48318, true },
+  { 48329, true },
+  { 48343, true },
+  { 48358, true },
+  { 48368, true },
+  { 48376, true },
+  { 48393, true },
+  { 48415, true },
+  { 48435, true },
+  { 48452, true },
+  { 48470, true },
+  { 48484, true },
+  { 48504, true },
+  { 48516, true },
+  { 48525, true },
+  { 48540, true },
+  { 48555, true },
+  { 48569, true },
+  { 48586, true },
+  { 48601, true },
+  { 48612, true },
+  { 48630, true },
+  { 48640, true },
+  { 48663, true },
+  { 48677, true },
+  { 48693, true },
+  { 48715, true },
+  { 48733, true },
+  { 48745, true },
+  { 48756, true },
+  { 48768, true },
+  { 48783, true },
+  { 48795, true },
+  { 48812, true },
+  { 48826, true },
+  { 48856, true },
+  { 48867, false },
+  { 48880, true },
+  { 48892, true },
+  { 48910, true },
+  { 48924, true },
+  { 48936, true },
+  { 48953, true },
+  { 48971, true },
+  { 48982, true },
+  { 48995, true },
+  { 49011, true },
+  { 49023, true },
+  { 49046, true },
+  { 49065, true },
+  { 49078, true },
+  { 49094, true },
+  { 49102, true },
+  { 49114, true },
+  { 49124, true },
+  { 49137, true },
+  { 49159, true },
+  { 49182, true },
+  { 49204, true },
+  { 49220, true },
+  { 49238, true },
+  { 49255, true },
+  { 49279, true },
+  { 49299, true },
+  { 49315, true },
+  { 49327, true },
+  { 49354, true },
+  { 49370, true },
+  { 49386, true },
+  { 49397, true },
+  { 49409, true },
+  { 49424, true },
+  { 49433, true },
+  { 49447, true },
+  { 49462, true },
+  { 49472, true },
+  { 49485, true },
+  { 49499, true },
+  { 49516, true },
+  { 49527, true },
+  { 49536, true },
+  { 49547, true },
+  { 49559, true },
+  { 49573, true },
+  { 49586, true },
+  { 49600, true },
+  { 49613, true },
+  { 49631, true },
+  { 49649, true },
+  { 49662, true },
+  { 49673, true },
+  { 49687, true },
+  { 49699, true },
+  { 49710, true },
+  { 49721, true },
+  { 49734, true },
+  { 49746, true },
+  { 49757, true },
+  { 49776, true },
+  { 49797, true },
+  { 49813, true },
+  { 49828, true },
+  { 49842, true },
+  { 49859, true },
+  { 49879, true },
+  { 49904, true },
+  { 49922, true },
+  { 49934, true },
+  { 49946, true },
+  { 49958, true },
+  { 49971, true },
+  { 49980, true },
+  { 49995, true },
+  { 50009, true },
+  { 50022, true },
+  { 50034, true },
+  { 50044, true },
+  { 50058, true },
+  { 50073, true },
+  { 50093, true },
+  { 50116, true },
+  { 50135, true },
+  { 50149, true },
+  { 50160, true },
+  { 50174, true },
+  { 50185, true },
+  { 50196, true },
+  { 50206, true },
+  { 50220, true },
+  { 50230, true },
+  { 50241, true },
+  { 50253, true },
+  { 50266, true },
+  { 50277, true },
+  { 50289, true },
+  { 50300, true },
+  { 50315, true },
+  { 50327, true },
+  { 50340, true },
+  { 50354, true },
+  { 50366, true },
+  { 50380, true },
+  { 50392, true },
+  { 50405, true },
+  { 50416, true },
+  { 50427, true },
+  { 50452, true },
+  { 50468, false },
+  { 50480, true },
+  { 50497, true },
+  { 50511, true },
+  { 50524, true },
+  { 50535, true },
+  { 50546, true },
+  { 50565, true },
+  { 50580, true },
+  { 50591, true },
+  { 50607, true },
+  { 50617, true },
+  { 50627, true },
+  { 50641, true },
+  { 50658, true },
+  { 50669, true },
+  { 50683, true },
+  { 50695, true },
+  { 50705, true },
+  { 50714, true },
+  { 50728, true },
+  { 50747, true },
+  { 50764, true },
+  { 50785, true },
+  { 50808, true },
+  { 50825, true },
+  { 50848, true },
+  { 50861, true },
+  { 50874, true },
+  { 50886, true },
+  { 50898, true },
+  { 50912, true },
+  { 50925, true },
+  { 50938, true },
+  { 50954, true },
+  { 50968, true },
+  { 50985, true },
+  { 51002, true },
+  { 51015, true },
+  { 51028, true },
+  { 51041, true },
+  { 51054, true },
+  { 51067, true },
+  { 51080, true },
+  { 51093, true },
+  { 51106, true },
+  { 51119, true },
+  { 51132, true },
+  { 51145, true },
+  { 51158, true },
+  { 51171, true },
+  { 51184, true },
+  { 51203, true },
+  { 51218, true },
+  { 51232, true },
+  { 51245, true },
+  { 51256, true },
+  { 51272, true },
+  { 51290, true },
+  { 51302, true },
+  { 51315, true },
+  { 51337, true },
+  { 51357, true },
+  { 51369, true },
+  { 51392, true },
+  { 51416, true },
+  { 51434, true },
+  { 51454, true },
+  { 51467, true },
+  { 51486, true },
+  { 51502, true },
+  { 51516, true },
+  { 51531, true },
+  { 51552, true },
+  { 51574, true },
+  { 51586, true },
+  { 51597, true },
+  { 51616, true },
+  { 51635, true },
+  { 51650, true },
+  { 51666, true },
+  { 51679, true },
+  { 51694, true },
+  { 51712, true },
+  { 51728, true },
+  { 51744, true },
+  { 51770, true },
+  { 51785, true },
+  { 51804, true },
+  { 51814, true },
+  { 51828, true },
+  { 51842, true },
+  { 51857, true },
+  { 51876, true },
+  { 51885, true },
+  { 51911, true },
+  { 51928, true },
+  { 51958, true },
+  { 51969, true },
+  { 51985, true },
+  { 51995, true },
+  { 52011, true },
+  { 52030, true },
+  { 52051, true },
+  { 52065, true },
+  { 52081, true },
+  { 52103, true },
+  { 52114, true },
+  { 52139, true },
+  { 52151, true },
+  { 52162, true },
+  { 52173, true },
+  { 52187, true },
+  { 52207, true },
+  { 52222, true },
+  { 52237, true },
+  { 52256, true },
+  { 52269, true },
+  { 52279, true },
+  { 52293, true },
+  { 52313, true },
+  { 52335, true },
+  { 52354, true },
+  { 52368, true },
+  { 52382, true },
+  { 52390, true },
+  { 52403, true },
+  { 52417, true },
+  { 52432, true },
+  { 52446, true },
+  { 52459, true },
+  { 52475, true },
+  { 52486, true },
+  { 52495, true },
+  { 52503, true },
+  { 52518, true },
+  { 52530, true },
+  { 52546, true },
+  { 52568, true },
+  { 52582, true },
+  { 52597, true },
+  { 52613, true },
+  { 52625, true },
+  { 52639, true },
+  { 52655, true },
+  { 52667, false },
+  { 52683, false },
+  { 52700, true },
+  { 52713, true },
+  { 52725, true },
+  { 52738, true },
+  { 52753, true },
+  { 52770, true },
+  { 52786, true },
+  { 52804, true },
+  { 52819, true },
+  { 52835, true },
+  { 52849, true },
+  { 52867, true },
+  { 52892, true },
+  { 52908, true },
+  { 52923, true },
+  { 52933, true },
+  { 52953, true },
+  { 52966, true },
+  { 52982, true },
+  { 52998, true },
+  { 53018, true },
+  { 53035, true },
+  { 53053, true },
+  { 53064, true },
+  { 53073, true },
+  { 53082, true },
+  { 53091, true },
+  { 53103, true },
+  { 53119, true },
+  { 53135, true },
+  { 53146, true },
+  { 53159, true },
+  { 53174, true },
+  { 53188, true },
+  { 53198, true },
+  { 53212, true },
+  { 53226, true },
+  { 53238, true },
+  { 53250, true },
+  { 53275, true },
+  { 53291, true },
+  { 53315, true },
+  { 53328, true },
+  { 53342, true },
+  { 53355, true },
+  { 53376, true },
+  { 53396, true },
+  { 53410, true },
+  { 53425, true },
+  { 53448, true },
+  { 53466, true },
+  { 53475, true },
+  { 53486, true },
+  { 53496, true },
+  { 53506, true },
+  { 53517, true },
+  { 53538, true },
+  { 53555, true },
+  { 53573, true },
+  { 53589, true },
+  { 53614, true },
+  { 53636, true },
+  { 53649, true },
+  { 53662, true },
+  { 53673, true },
+  { 53684, true },
+  { 53692, true },
+  { 53711, true },
+  { 53721, true },
+  { 53734, true },
+  { 53762, true },
+  { 53779, true },
+  { 53792, true },
+  { 53817, true },
+  { 53825, true },
+  { 53834, true },
+  { 53852, true },
+  { 53864, true },
+  { 53873, true },
+  { 53891, true },
+  { 53901, true },
+  { 53918, true },
+  { 53931, true },
+  { 53944, true },
+  { 53956, true },
+  { 53972, true },
+  { 53981, true },
+  { 53992, true },
+  { 54003, true },
+  { 54018, true },
+  { 54038, true },
+  { 54051, true },
+  { 54063, true },
+  { 54075, true },
+  { 54091, true },
+  { 54101, true },
+  { 54112, true },
+  { 54126, true },
+  { 54140, true },
+  { 54164, true },
+  { 54177, true },
+  { 54188, true },
+  { 54208, true },
+  { 54230, true },
+  { 54246, true },
+  { 54264, true },
+  { 54286, true },
+  { 54308, true },
+  { 54323, true },
+  { 54339, true },
+  { 54350, true },
+  { 54372, true },
+  { 54390, true },
+  { 54400, true },
+  { 54414, true },
+  { 54423, true },
+  { 54432, true },
+  { 54445, true },
+  { 54461, true },
+  { 54476, true },
+  { 54496, true },
+  { 54513, true },
+  { 54524, true },
+  { 54543, true },
+  { 54562, true },
+  { 54574, true },
+  { 54591, true },
+  { 54605, true },
+  { 54632, true },
+  { 54645, false },
+  { 54653, true },
+  { 54663, true },
+  { 54674, true },
+  { 54691, true },
+  { 54705, true },
+  { 54715, true },
+  { 54725, true },
+  { 54735, true },
+  { 54745, true },
+  { 54759, true },
+  { 54775, true },
+  { 54798, true },
+  { 54815, true },
+  { 54826, true },
+  { 54838, true },
+  { 54857, true },
+  { 54873, true },
+  { 54883, true },
+  { 54897, true },
+  { 54907, true },
+  { 54921, true },
+  { 54941, true },
+  { 54961, true },
+  { 54976, true },
+  { 54996, true },
+  { 55006, true },
+  { 55034, true },
+  { 55049, true },
+  { 55064, true },
+  { 55079, true },
+  { 55094, true },
+  { 55108, true },
+  { 55120, true },
+  { 55136, true },
+  { 55147, true },
+  { 55159, true },
+  { 55170, true },
+  { 55196, true },
+  { 55214, true },
+  { 55228, true },
+  { 55242, true },
+  { 55262, true },
+  { 55279, true },
+  { 55291, true },
+  { 55317, true },
+  { 55329, true },
+  { 55344, true },
+  { 55358, true },
+  { 55386, true },
+  { 55403, true },
+  { 55411, true },
+  { 55426, true },
+  { 55439, true },
+  { 55453, true },
+  { 55467, true },
+  { 55481, true },
+  { 55493, true },
+  { 55503, true },
+  { 55512, true },
+  { 55523, true },
+  { 55533, true },
+  { 55543, true },
+  { 55552, true },
+  { 55561, true },
+  { 55573, true },
+  { 55599, true },
+  { 55609, true },
+  { 55619, false },
+  { 55629, true },
+  { 55642, true },
+  { 55651, true },
+  { 55663, true },
+  { 55674, true },
+  { 55690, true },
+  { 55710, true },
+  { 55728, true },
+  { 55746, true },
+  { 55764, true },
+  { 55782, true },
+  { 55795, true },
+  { 55807, true },
+  { 55819, true },
+  { 55837, true },
+  { 55849, true },
+  { 55863, true },
+  { 55877, true },
+  { 55885, true },
+  { 55902, true },
+  { 55917, true },
+  { 55926, true },
+  { 55947, true },
+  { 55957, true },
+  { 55971, true },
+  { 55984, true },
+  { 56003, true },
+  { 56029, true },
+  { 56043, true },
+  { 56050, true },
+  { 56060, true },
+  { 56082, true },
+  { 56110, true },
+  { 56132, true },
+  { 56142, true },
+  { 56152, true },
+  { 56163, true },
+  { 56175, true },
+  { 56183, true },
+  { 56199, true },
+  { 56214, true },
+  { 56235, true },
+  { 56254, true },
+  { 56272, true },
+  { 56290, true },
+  { 56306, true },
+  { 56324, true },
+  { 56344, true },
+  { 56361, true },
+  { 56375, true },
+  { 56391, true },
+  { 56406, true },
+  { 56423, true },
+  { 56448, true },
+  { 56472, true },
+  { 56496, true },
+  { 56523, true },
+  { 56549, true },
+  { 56571, true },
+  { 56585, true },
+  { 56610, true },
+  { 56638, true },
+  { 56660, true },
+  { 56684, true },
+  { 56710, true },
+  { 56732, true },
+  { 56747, true },
+  { 56768, true },
+  { 56791, true },
+  { 56811, true },
+  { 56827, true },
+  { 56851, true },
+  { 56880, true },
+  { 56900, true },
+  { 56920, true },
+  { 56942, true },
+  { 56961, true },
+  { 56989, true },
+  { 57012, true },
+  { 57035, true },
+  { 57067, true },
+  { 57090, true },
+  { 57108, true },
+  { 57129, true },
+  { 57150, true },
+  { 57172, true },
+  { 57194, true },
+  { 57220, true },
+  { 57241, true },
+  { 57260, true },
+  { 57292, true },
+  { 57323, true },
+  { 57353, true },
+  { 57384, true },
+  { 57408, true },
+  { 57429, true },
+  { 57450, true },
+  { 57472, true },
+  { 57500, true },
+  { 57518, true },
+  { 57538, true },
+  { 57552, true },
+  { 57568, true },
+  { 57593, true },
+  { 57625, true },
+  { 57645, true },
+  { 57672, true },
+  { 57701, true },
+  { 57734, true },
+  { 57765, true },
+  { 57798, true },
+  { 57827, true },
+  { 57861, true },
+  { 57888, true },
+  { 57920, true },
+  { 57948, true },
+  { 57978, true },
+  { 58005, true },
+  { 58034, true },
+  { 58063, true },
+  { 58092, true },
+  { 58123, true },
+  { 58156, true },
+  { 58178, true },
+  { 58215, true },
+  { 58238, true },
+  { 58255, true },
+  { 58279, true },
+  { 58303, true },
+  { 58332, true },
+  { 58354, true },
+  { 58381, true },
+  { 58408, true },
+  { 58439, true },
+  { 58465, true },
+  { 58488, true },
+  { 58517, true },
+  { 58534, true },
+  { 58551, true },
+  { 58572, true },
+  { 58591, true },
+  { 58619, true },
+  { 58638, true },
+  { 58658, true },
+  { 58676, true },
+  { 58703, true },
+  { 58720, true },
+  { 58738, true },
+  { 58759, true },
+  { 58776, true },
+  { 58793, true },
+  { 58812, true },
+  { 58831, true },
+  { 58848, true },
+  { 58860, true },
+  { 58878, true },
+  { 58891, true },
+  { 58907, true },
+  { 58917, false },
+  { 58939, false },
+  { 58964, false },
+  { 58988, true },
+  { 59013, true },
+  { 59036, true },
+  { 59064, true },
+  { 59074, true },
+  { 59087, true },
+  { 59112, true },
+  { 59130, true },
+  { 59142, false },
+  { 59156, true },
+  { 59166, true },
+  { 59179, true },
+  { 59189, true },
+  { 59199, true },
+  { 59209, true },
+  { 59219, true },
+  { 59229, true },
+  { 59239, true },
+  { 59249, true },
+  { 59263, true },
+  { 59280, true },
+  { 59289, true },
+  { 59303, true },
+  { 59321, true },
+  { 59333, true },
+  { 59344, true },
+  { 59356, true },
+  { 59363, true },
+  { 59397, true },
+  { 59422, true },
+  { 59436, true },
+  { 59447, true },
+  { 59462, true },
+  { 59470, true },
+  { 59484, true },
+  { 59491, true },
+  { 59498, false },
+  { 59518, false },
+  { 59527, true },
+  { 59537, true },
+  { 59548, true },
+  { 59569, true },
+  { 59588, true },
+  { 59613, true },
+  { 59635, true },
+  { 59650, true },
+  { 59662, true },
+  { 59677, true },
+  { 59696, true },
+  { 59721, true },
+  { 59741, true },
+  { 59757, true },
+  { 59770, true },
+  { 59785, true },
+  { 59803, true },
+  { 59818, true },
+  { 59829, true },
+  { 59844, true },
+  { 59857, true },
+  { 59871, true },
+  { 59883, true },
+  { 59896, true },
+  { 59910, true },
+  { 59925, true },
+  { 59942, true },
+  { 59955, true },
+  { 59977, true },
+  { 59993, true },
+  { 60009, true },
+  { 60022, true },
+  { 60034, true },
+  { 60058, true },
+  { 60073, true },
+  { 60088, true },
+  { 60098, true },
+  { 60107, true },
+  { 60129, true },
+  { 60141, true },
+  { 60166, true },
+  { 60190, true },
+  { 60209, true },
+  { 60223, true },
+  { 60239, true },
+  { 60258, true },
+  { 60275, true },
+  { 60290, true },
+  { 60309, true },
+  { 60332, true },
+  { 60353, true },
+  { 60363, true },
+  { 60373, true },
+  { 60393, true },
+  { 60405, true },
+  { 60425, true },
+  { 60443, true },
+  { 60463, true },
+  { 60491, false },
+  { 60504, true },
+  { 60518, true },
+  { 60536, true },
+  { 60550, true },
+  { 60567, true },
+  { 60584, true },
+  { 60600, true },
+  { 60609, true },
+  { 60624, true },
+  { 60640, true },
+  { 60650, true },
+  { 60669, true },
+  { 60690, true },
+  { 60710, true },
+  { 60727, true },
+  { 60742, true },
+  { 60751, true },
+  { 60759, true },
+  { 60766, true },
+  { 60783, true },
+  { 60799, true },
+  { 60818, true },
+  { 60828, true },
+  { 60843, true },
+  { 60857, true },
+  { 60871, true },
+  { 60886, true },
+  { 60901, true },
+  { 60915, true },
+  { 60929, true },
+  { 60944, true },
+  { 60955, false },
+  { 60971, false },
+  { 60988, true },
+  { 60999, true },
+  { 61013, true },
+  { 61024, true },
+  { 61034, true },
+  { 61044, true },
+  { 61064, true },
+  { 61084, true },
+  { 61095, true },
+  { 61110, true },
+  { 61129, true },
+  { 61148, true },
+  { 61165, true },
+  { 61177, true },
+  { 61196, true },
+  { 61210, true },
+  { 61228, true },
+  { 61244, true },
+  { 61259, true },
+  { 61271, true },
+  { 61284, true },
+  { 61298, true },
+  { 61313, true },
+  { 61324, true },
+  { 61335, true },
+  { 61351, true },
+  { 61377, true },
+  { 61393, true },
+  { 61409, true },
+  { 61426, true },
+  { 61444, true },
+  { 61459, true },
+  { 61475, true },
+  { 61492, true },
+  { 61505, true },
+  { 61521, true },
+  { 61537, true },
+  { 61551, true },
+  { 61566, false },
+  { 61574, true },
+  { 61597, true },
+  { 61623, true },
+  { 61637, true },
+  { 61652, true },
+  { 61674, true },
+  { 61684, true },
+  { 61698, true },
+  { 61722, true },
+  { 61735, true },
+  { 61760, true },
+  { 61777, true },
+  { 61803, true },
+  { 61819, true },
+  { 61844, true },
+  { 61872, true },
+  { 61899, true },
+  { 61910, true },
+  { 61924, true },
+  { 61952, true },
+  { 61965, true },
+  { 61990, true },
+  { 62005, true },
+  { 62037, true },
+  { 62053, true },
+  { 62069, true },
+  { 62093, true },
+  { 62112, true },
+  { 62128, true },
+  { 62155, true },
+  { 62178, true },
+  { 62196, true },
+  { 62220, true },
+  { 62234, true },
+  { 62248, true },
+  { 62270, true },
+  { 62277, true },
+  { 62284, true },
+  { 62302, true },
+  { 62317, true },
+  { 62332, true },
+  { 62345, true },
+  { 62358, true },
+  { 62370, true },
+  { 62383, true },
+  { 62398, true },
+  { 62418, true },
+  { 62435, true },
+  { 62457, true },
+  { 62474, true },
+  { 62489, false },
+  { 62506, true },
+  { 62521, true },
+  { 62538, true },
+  { 62565, true },
+  { 62577, true },
+  { 62592, true },
+  { 62614, true },
+  { 62628, true },
+  { 62647, true },
+  { 62665, true },
+  { 62679, true },
+  { 62687, true },
+  { 62703, true },
+  { 62718, true },
+  { 62727, true },
+  { 62739, true },
+  { 62752, true },
+  { 62764, true },
+  { 62778, true },
+  { 62793, true },
+  { 62808, true },
+  { 62823, true },
+  { 62832, true },
+  { 62848, true },
+  { 62865, true },
+  { 62889, true },
+  { 62904, true },
+  { 62920, true },
+  { 62926, true },
+  { 62932, true },
+  { 62942, true },
+  { 62955, true },
+  { 62972, true },
+  { 62984, true },
+  { 62997, true },
+  { 63007, true },
+  { 63019, true },
+  { 63039, true },
+  { 63051, true },
+  { 63063, true },
+  { 63076, true },
+  { 63089, true },
+  { 63110, true },
+  { 63123, true },
+  { 63135, true },
+  { 63151, true },
+  { 63161, false },
+  { 63168, true },
+  { 63183, true },
+  { 63197, true },
+  { 63206, true },
+  { 63221, true },
+  { 63231, true },
+  { 63243, true },
+  { 63251, true },
+  { 63260, true },
+  { 63278, true },
+  { 63291, true },
+  { 63299, true },
+  { 63309, true },
+  { 63319, true },
+  { 63329, true },
+  { 63337, true },
+  { 63345, true },
+  { 63354, true },
+  { 63363, true },
+  { 63381, true },
+  { 63399, true },
+  { 63421, true },
+  { 63442, true },
+  { 63452, true },
+  { 63469, true },
+  { 63478, true },
+  { 63496, true },
+  { 63511, true },
+  { 63526, true },
+  { 63555, true },
+  { 63567, true },
+  { 63584, true },
+  { 63599, true },
+  { 63611, true },
+  { 63629, true },
+  { 63639, true },
+  { 63653, true },
+  { 63676, true },
+  { 63709, true },
+  { 63723, true },
+  { 63739, true },
+  { 63759, true },
+  { 63771, true },
+  { 63782, false },
+  { 63798, true },
+  { 63809, true },
+  { 63822, true },
+  { 63840, true },
+  { 63860, true },
+  { 63874, true },
+  { 63896, true },
+  { 63921, false },
+  { 63934, true },
+  { 63943, true },
+  { 63956, true },
+  { 63974, true },
+  { 63989, true },
+  { 64000, true },
+  { 64010, true },
+  { 64031, true },
+  { 64041, true },
+  { 64060, true },
+  { 64072, true },
+  { 64087, true },
+  { 64116, true },
+  { 64145, true },
+  { 64166, true },
+  { 64180, true },
+  { 64196, true },
+  { 64232, true },
+  { 64249, true },
+  { 64263, true },
+  { 64271, true },
+  { 64284, true },
+  { 64296, true },
+  { 64308, true },
+  { 64324, true },
+  { 64338, true },
+  { 64360, true },
+  { 64379, true },
+  { 64395, true },
+  { 64408, true },
+  { 64434, true },
+  { 64453, true },
+  { 64471, true },
+  { 64491, true },
+  { 64506, true },
+  { 64521, true },
+  { 64539, true },
+  { 64555, true },
+  { 64566, true },
+  { 64584, false },
+  { 64594, true },
+  { 64616, true },
+  { 64630, true },
+  { 64653, true },
+  { 64669, true },
+  { 64687, true },
+  { 64703, true },
+  { 64712, true },
+  { 64728, true },
+  { 64742, true },
+  { 64755, true },
+  { 64771, true },
+  { 64782, true },
+  { 64795, false },
+  { 64803, true },
+  { 64816, true },
+  { 64831, true },
+  { 64844, true },
+  { 64862, true },
+  { 64894, true },
+  { 64910, false },
+  { 64930, true },
+  { 64944, true },
+  { 64958, true },
+  { 64973, true },
+  { 64981, true },
+  { 64997, true },
+  { 65025, true },
+  { 65040, true },
+  { 65051, true },
+  { 65064, true },
+  { 65076, true },
+  { 65089, true },
+  { 65101, true },
+  { 65114, true },
+  { 65135, true },
+  { 65148, true },
+  { 65168, false },
+  { 65190, true },
+  { 65217, true },
+  { 65237, true },
+  { 65260, true },
+  { 65283, true },
+  { 65307, true },
+  { 65334, true },
+  { 65360, true },
+  { 65374, true },
+  { 65387, true },
+  { 65403, true },
+  { 65415, true },
+  { 65443, true },
+  { 65455, true },
+  { 65467, true },
+  { 65492, true },
+  { 65506, true },
+  { 65520, true },
+  { 65532, true },
+  { 65544, true },
+  { 65567, true },
+  { 65581, true },
+  { 65599, true },
+  { 65614, true },
+  { 65635, true },
+  { 65649, true },
+  { 65662, true },
+  { 65676, true },
+  { 65695, true },
+  { 65710, true },
+  { 65739, true },
+  { 65755, true },
+  { 65773, true },
+  { 65786, true },
+  { 65802, true },
+  { 65813, true },
+  { 65825, true },
+  { 65838, true },
+  { 65851, true },
+  { 65862, true },
+  { 65875, true },
+  { 65884, true },
+  { 65898, true },
+  { 65907, true },
+  { 65924, true },
+  { 65933, true },
+  { 65950, true },
+  { 65959, true },
+  { 65967, true },
+  { 65975, true },
+  { 65984, true },
+  { 65993, true },
+  { 66004, true },
+  { 66015, true },
+  { 66024, true },
+  { 66034, true },
+  { 66045, true },
+  { 66058, true },
+  { 66082, true },
+  { 66092, true },
+  { 66101, true },
+  { 66111, true },
+  { 66121, true },
+  { 66132, true },
+  { 66142, true },
+  { 66151, true },
+  { 66160, true },
+  { 66171, true },
+  { 66185, true },
+  { 66194, true },
+  { 66208, true },
+  { 66221, true },
+  { 66236, true },
+  { 66248, true },
+  { 66261, true },
+  { 66271, true },
+  { 66281, false },
+  { 66294, true },
+  { 66304, true },
+  { 66319, true },
+  { 66333, true },
+  { 66351, true },
+  { 66366, true },
+  { 66385, true },
+  { 66401, true },
+  { 66415, true },
+  { 66431, true },
+  { 66443, true },
+  { 66454, true },
+  { 66467, true },
+  { 66481, true },
+  { 66491, true },
+  { 66509, true },
+  { 66520, true },
+  { 66529, true },
+  { 66539, true },
+  { 66551, true },
+  { 66567, true },
+  { 66581, true },
+  { 66586, true },
+  { 66598, true },
+  { 66614, true },
+  { 66623, true },
+  { 66632, true },
+  { 66640, true },
+  { 66647, true },
+  { 66653, true },
+  { 66663, true },
+  { 66672, true },
+  { 66681, true },
+  { 66691, true },
+  { 66720, true },
+  { 66735, false },
+  { 66755, true },
+  { 66762, true },
+  { 66772, true },
+  { 66787, true },
+  { 66800, true },
+  { 66813, true },
+  { 66826, true },
+  { 66844, true },
+  { 66865, true },
+  { 66885, true },
+  { 66898, true },
+  { 66914, true },
+  { 66933, true },
+  { 66945, true },
+  { 66963, true },
+  { 66975, true },
+  { 66988, true },
+  { 67000, true },
+  { 67012, true },
+  { 67023, true },
+  { 67033, true },
+  { 67044, true },
+  { 67056, true },
+  { 67067, true },
+  { 67078, true },
+  { 67092, true },
+  { 67107, true },
+  { 67125, true },
+  { 67144, true },
+  { 67158, true },
+  { 67173, true },
+  { 67188, true },
+  { 67203, true },
+  { 67223, false },
+  { 67239, true },
+  { 67259, true },
+  { 67267, true },
+  { 67278, false },
+  { 67288, true },
+  { 67300, true },
+  { 67314, true },
+  { 67330, true },
+  { 67344, true },
+  { 67360, true },
+  { 67380, true },
+  { 67392, true },
+  { 67404, true },
+  { 67415, true },
+  { 67439, true },
+  { 67458, true },
+  { 67471, true },
+  { 67479, true },
+  { 67498, true },
+  { 67512, true },
+  { 67529, true },
+  { 67556, false },
+  { 67572, true },
+  { 67586, true },
+  { 67603, true },
+  { 67614, true },
+  { 67626, true },
+  { 67641, true },
+  { 67653, true },
+  { 67669, true },
+  { 67688, true },
+  { 67707, true },
+  { 67715, true },
+  { 67727, true },
+  { 67744, true },
+  { 67755, true },
+  { 67769, true },
+  { 67781, true },
+  { 67794, true },
+  { 67807, true },
+  { 67827, true },
+  { 67837, true },
+  { 67854, true },
+  { 67873, false },
+  { 67892, true },
+  { 67910, true },
+  { 67922, true },
+  { 67946, true },
+  { 67957, true },
+  { 67969, true },
+  { 67984, true },
+  { 68001, true },
+  { 68025, true },
+  { 68036, true },
+  { 68050, true },
+  { 68068, true },
+  { 68080, true },
+  { 68096, true },
+  { 68116, true },
+  { 68127, true },
+  { 68143, true },
+  { 68159, true },
+  { 68179, true },
+  { 68196, true },
+  { 68211, true },
+  { 68235, true },
+  { 68249, true },
+  { 68264, true },
+  { 68287, true },
+  { 68315, true },
+  { 68334, true },
+  { 68352, true },
+  { 68369, true },
+  { 68387, true },
+  { 68401, true },
+  { 68412, true },
+  { 68438, true },
+  { 68457, true },
+  { 68472, true },
+  { 68488, true },
+  { 68498, true },
+  { 68517, true },
+  { 68531, true },
+  { 68552, true },
+  { 68568, false },
+  { 68593, true },
+  { 68618, true },
+  { 68636, true },
+  { 68655, true },
+  { 68681, false },
+  { 68695, true },
+  { 68713, true },
+  { 68729, true },
+  { 68743, true },
+  { 68762, true },
+  { 68771, true },
+  { 68783, true },
+  { 68812, true },
+  { 68828, true },
+  { 68841, true },
+  { 68858, true },
+  { 68871, true },
+  { 68883, true },
+  { 68903, true },
+  { 68918, true },
+  { 68931, true },
+  { 68954, true },
+  { 68972, true },
+  { 68985, true },
+  { 68997, true },
+  { 69009, true },
+  { 69024, true },
+  { 69057, true },
+  { 69070, true },
+  { 69084, true },
+  { 69094, true },
+  { 69107, true },
+  { 69115, true },
+  { 69122, true },
+  { 69147, true },
+  { 69173, true },
+  { 69184, true },
+  { 69196, true },
+  { 69210, true },
+  { 69238, true },
+  { 69251, true },
+  { 69272, true },
+  { 69284, true },
+  { 69308, true },
+  { 69326, true },
+  { 69344, true },
+  { 69359, true },
+  { 69385, true },
+  { 69401, true },
+  { 69418, true },
+  { 69444, true },
+  { 69456, true },
+  { 69478, true },
+  { 69492, true },
+  { 69512, true },
+  { 69538, true },
+  { 69548, true },
+  { 69561, true },
+  { 69582, true },
+  { 69604, true },
+  { 69624, true },
+  { 69638, false },
+  { 69652, true },
+  { 69668, true },
+  { 69692, true },
+  { 69707, true },
+  { 69718, true },
+  { 69735, true },
+  { 69748, true },
+  { 69757, true },
+  { 69766, true },
+  { 69781, true },
+  { 69803, true },
+  { 69826, true },
+  { 69850, true },
+  { 69873, true },
+  { 69897, true },
+  { 69916, true },
+  { 69929, true },
+  { 69947, false },
+  { 69962, true },
+  { 69973, true },
+  { 69985, true },
+  { 69994, true },
+  { 70011, true },
+  { 70025, true },
+  { 70039, true },
+  { 70053, true },
+  { 70067, true },
+  { 70081, true },
+  { 70094, true },
+  { 70107, true },
+  { 70122, true },
+  { 70138, true },
+  { 70148, true },
+  { 70158, true },
+  { 70168, true },
+  { 70178, true },
+  { 70191, true },
+  { 70204, true },
+  { 70227, true },
+  { 70239, true },
+  { 70250, true },
+  { 70273, true },
+  { 70287, true },
+  { 70297, true },
+  { 70306, true },
+  { 70319, false },
+  { 70332, true },
+  { 70345, true },
+  { 70362, true },
+  { 70395, true },
+  { 70414, true },
+  { 70428, true },
+  { 70442, true },
+  { 70454, true },
+  { 70470, true },
+  { 70489, true },
+  { 70503, true },
+  { 70520, true },
+  { 70533, true },
+  { 70547, true },
+  { 70558, true },
+  { 70587, true },
+  { 70604, true },
+  { 70618, true },
+  { 70638, true },
+  { 70673, true },
+  { 70695, true },
+  { 70718, true },
+  { 70731, true },
+  { 70741, true },
+  { 70759, true },
+  { 70780, true },
+  { 70796, true },
+  { 70807, true },
+  { 70818, true },
+  { 70830, true },
+  { 70842, true },
+  { 70853, true },
+  { 70873, true },
+  { 70886, true },
+  { 70898, true },
+  { 70913, true },
+  { 70931, true },
+  { 70945, true },
+  { 70965, true },
+  { 70991, true },
+  { 71022, true },
+  { 71033, true },
+  { 71062, true },
+  { 71080, true },
+  { 71097, true },
+  { 71120, true },
+  { 71148, true },
+  { 71163, true },
+  { 71172, true },
+  { 71190, true },
+  { 71205, true },
+  { 71219, true },
+  { 71240, true },
+  { 71257, true },
+  { 71273, true },
+  { 71286, true },
+  { 71310, true },
+  { 71323, true },
+  { 71344, true },
+  { 71362, true },
+  { 71389, true },
+  { 71406, true },
+  { 71426, true },
+  { 71445, true },
+  { 71462, true },
+  { 71476, true },
+  { 71507, true },
+  { 71519, true },
+  { 71531, true },
+  { 71548, true },
+  { 71563, true },
+  { 71576, true },
+  { 71588, true },
+  { 71601, true },
+  { 71624, true },
+  { 71636, true },
+  { 71648, true },
+  { 71660, true },
+  { 71673, true },
+  { 71690, true },
+  { 71702, true },
+  { 71717, true },
+  { 71736, true },
+  { 71749, true },
+  { 71760, true },
+  { 71772, true },
+  { 71782, true },
+  { 71798, true },
+  { 71814, true },
+  { 71829, true },
+  { 71841, true },
+  { 71853, true },
+  { 71873, true },
+  { 71886, true },
+  { 71904, true },
+  { 71919, true },
+  { 71948, true },
+  { 71969, true },
+  { 71987, true },
+  { 72012, true },
+  { 72029, true },
+  { 72054, true },
+  { 72074, true },
+  { 72091, true },
+  { 72104, true },
+  { 72115, true },
+  { 72123, true },
+  { 72136, true },
+  { 72154, true },
+  { 72168, true },
+  { 72180, true },
+  { 72196, true },
+  { 72213, true },
+  { 72232, true },
+  { 72245, true },
+  { 72262, true },
+  { 72274, true },
+  { 72291, true },
+  { 72302, true },
+  { 72315, true },
+  { 72339, true },
+  { 72353, true },
+  { 72368, true },
+  { 72383, true },
+  { 72403, true },
+  { 72427, true },
+  { 72444, true },
+  { 72455, true },
+  { 72466, true },
+  { 72478, false },
+  { 72488, true },
+  { 72501, false },
+  { 72512, true },
+  { 72528, true },
+  { 72543, true },
+  { 72574, true },
+  { 72611, true },
+  { 72626, true },
+  { 72643, true },
+  { 72653, true },
+  { 72660, true },
+  { 72669, true },
+  { 72703, true },
+  { 72719, true },
+  { 72739, true },
+  { 72757, true },
+  { 72775, true },
+  { 72789, true },
+  { 72800, true },
+  { 72810, true },
+  { 72821, true },
+  { 72836, true },
+  { 72847, true },
+  { 72856, true },
+  { 72868, true },
+  { 72894, true },
+  { 72911, true },
+  { 72918, true },
+  { 72935, true },
+  { 72944, true },
+  { 72960, true },
+  { 72968, true },
+  { 72976, false },
+  { 72984, true },
+  { 72995, true },
+  { 73009, true },
+  { 73016, true },
+  { 73025, true },
+  { 73044, true },
+  { 73051, true },
+  { 73058, true },
+  { 73065, true },
+  { 73078, false },
+  { 73098, true },
+  { 73111, true },
+  { 73124, true },
+  { 73141, true },
+  { 73149, true },
+  { 73163, true },
+  { 73171, true },
+  { 73181, true },
+  { 73196, true },
+  { 73210, true },
+  { 73224, true },
+  { 73237, true },
+  { 73248, true },
+  { 73256, true },
+  { 73266, true },
+  { 73277, true },
+  { 73296, true },
+  { 73309, true },
+  { 73318, true },
+  { 73339, true },
+  { 73358, true },
+  { 73372, true },
+  { 73388, true },
+  { 73405, true },
+  { 73423, true },
+  { 73434, true },
+  { 73447, true },
+  { 73462, false },
+  { 73472, true },
+  { 73483, true },
+  { 73502, false },
+  { 73515, true },
+  { 73528, true },
+  { 73539, true },
+  { 73557, true },
+  { 73573, true },
+  { 73584, true },
+  { 73602, true },
+  { 73610, true },
+  { 73624, true },
+  { 73640, true },
+  { 73656, true },
+  { 73666, true },
+  { 73677, true },
+  { 73697, true },
+  { 73717, false },
+  { 73734, true },
+  { 73750, false },
+  { 73765, true },
+  { 73775, true },
+  { 73787, true },
+  { 73799, true },
+  { 73827, true },
+  { 73841, true },
+  { 73860, true },
+  { 73877, true },
+  { 73896, true },
+  { 73914, true },
+  { 73928, true },
+  { 73943, true },
+  { 73958, true },
+  { 73979, true },
+  { 73996, true },
+  { 74014, true },
+  { 74031, true },
+  { 74051, true },
+  { 74076, true },
+  { 74088, true },
+  { 74101, true },
+  { 74114, true },
+  { 74127, true },
+  { 74137, true },
+  { 74151, true },
+  { 74166, true },
+  { 74179, true },
+  { 74193, true },
+  { 74206, true },
+  { 74224, true },
+  { 74243, true },
+  { 74261, true },
+  { 74272, true },
+  { 74286, true },
+  { 74303, true },
+  { 74318, true },
+  { 74332, true },
+  { 74346, true },
+  { 74359, true },
+  { 74382, true },
+  { 74403, true },
+  { 74413, true },
+  { 74432, true },
+  { 74448, true },
+  { 74465, true },
+  { 74481, true },
+  { 74497, true },
+  { 74522, true },
+  { 74537, true },
+  { 74547, true },
+  { 74562, true },
+  { 74576, true },
+  { 74588, true },
+  { 74611, true },
+  { 74622, true },
+  { 74638, true },
+  { 74650, false },
+  { 74658, true },
+  { 74670, true },
+  { 74691, true },
+  { 74701, true },
+  { 74709, true },
+  { 74720, true },
+  { 74728, true },
+  { 74739, true },
+  { 74748, true },
+  { 74756, true },
+  { 74764, true },
+  { 74779, true },
+  { 74793, true },
+  { 74807, false },
+  { 74827, true },
+  { 74835, true },
+  { 74843, true },
+  { 74860, true },
+  { 74874, true },
+  { 74894, true },
+  { 74906, true },
+  { 74920, true },
+  { 74929, false },
+  { 74949, true },
+  { 74963, true },
+  { 74981, true },
+  { 75001, true },
+  { 75009, true },
+  { 75036, true },
+  { 75049, true },
+  { 75067, true },
+  { 75086, true },
+  { 75102, true },
+  { 75115, true },
+  { 75136, true },
+  { 75154, true },
+  { 75171, true },
+  { 75183, true },
+  { 75194, false },
+  { 75212, true },
+  { 75230, true },
+  { 75250, true },
+  { 75262, true },
+  { 75283, true },
+  { 75295, true },
+  { 75307, true },
+  { 75323, true },
+  { 75337, true },
+  { 75353, true },
+  { 75372, true },
+  { 75385, true },
+  { 75404, true },
+  { 75419, false },
+  { 75432, true },
+  { 75446, true },
+  { 75465, true },
+  { 75481, true },
+  { 75501, false },
+  { 75515, true },
+  { 75531, true },
+  { 75548, true },
+  { 75566, true },
+  { 75585, true },
+  { 75597, true },
+  { 75615, true },
+  { 75636, true },
+  { 75646, true },
+  { 75659, true },
+  { 75669, true },
+  { 75688, true },
+  { 75705, true },
+  { 75718, true },
+  { 75732, true },
+  { 75745, true },
+  { 75758, true },
+  { 75774, true },
+  { 75789, true },
+  { 75814, true },
+  { 75835, true },
+  { 75847, true },
+  { 75861, true },
+  { 75880, true },
+  { 75890, true },
+  { 75907, true },
+  { 75916, true },
+  { 75935, true },
+  { 75952, true },
+  { 75967, true },
+  { 75987, true },
+  { 76015, true },
+  { 76033, true },
+  { 76047, true },
+  { 76067, true },
+  { 76085, true },
+  { 76101, true },
+  { 76121, true },
+  { 76156, true },
+  { 76170, true },
+  { 76187, true },
+  { 76205, true },
+  { 76215, true },
+  { 76245, true },
+  { 76260, true },
+  { 76273, true },
+  { 76284, true },
+  { 76296, true },
+  { 76310, true },
+  { 76326, true },
+  { 76341, true },
+  { 76359, true },
+  { 76375, true },
+  { 76404, true },
+  { 76412, true },
+  { 76423, true },
+  { 76437, true },
+  { 76453, true },
+  { 76470, true },
+  { 76485, true },
+  { 76502, true },
+  { 76517, true },
+  { 76537, true },
+  { 76557, true },
+  { 76583, true },
+  { 76598, true },
+  { 76610, true },
+  { 76624, false },
+  { 76634, true },
+  { 76648, true },
+  { 76665, true },
+  { 76690, true },
+  { 76707, true },
+  { 76724, true },
+  { 76742, true },
+  { 76761, true },
+  { 76770, true },
+  { 76779, true },
+  { 76798, true },
+  { 76809, true },
+  { 76825, true },
+  { 76840, true },
+  { 76857, true },
+  { 76871, true },
+  { 76884, true },
+  { 76894, true },
+  { 76906, false },
+  { 76917, true },
+  { 76928, true },
+  { 76936, true },
+  { 76944, true },
+  { 76955, true },
+  { 76969, true },
+  { 76979, true },
+  { 77002, true },
+  { 77017, true },
+  { 77038, true },
+  { 77059, true },
+  { 77083, true },
+  { 77105, true },
+  { 77126, true },
+  { 77147, true },
+  { 77168, true },
+  { 77189, true },
+  { 77210, true },
+  { 77231, false },
+  { 77247, true },
+  { 77260, true },
+  { 77279, true },
+  { 77295, true },
+  { 77310, true },
+  { 77331, true },
+  { 77344, false },
+  { 77365, true },
+  { 77379, true },
+  { 77398, true },
+  { 77424, true },
+  { 77444, true },
+  { 77466, true },
+  { 77480, true },
+  { 77492, true },
+  { 77510, true },
+  { 77528, true },
+  { 77551, true },
+  { 77564, true },
+  { 77584, true },
+  { 77613, true },
+  { 77639, true },
+  { 77670, true },
+  { 77692, true },
+  { 77715, true },
+  { 77731, true },
+  { 77745, true },
+  { 77763, true },
+  { 77776, true },
+  { 77788, true },
+  { 77804, true },
+  { 77827, true },
+  { 77857, true },
+  { 77868, true },
+  { 77893, true },
+  { 77911, true },
+  { 77922, true },
+  { 77939, true },
+  { 77950, true },
+  { 77963, true },
+  { 77977, true },
+  { 77990, true },
+  { 78007, true },
+  { 78024, true },
+  { 78052, true },
+  { 78067, true },
+  { 78086, true },
+  { 78114, true },
+  { 78128, true },
+  { 78145, true },
+  { 78157, true },
+  { 78169, true },
+  { 78193, true },
+  { 78203, true },
+  { 78214, true },
+  { 78229, true },
+  { 78242, true },
+  { 78251, false },
+  { 78273, true },
+  { 78284, true },
+  { 78292, false },
+  { 78308, true },
+  { 78323, true },
+  { 78339, true },
+  { 78356, true },
+  { 78370, true },
+  { 78387, true },
+  { 78402, true },
+  { 78419, true },
+  { 78437, true },
+  { 78449, true },
+  { 78469, true },
+  { 78494, true },
+  { 78505, true },
+  { 78529, true },
+  { 78553, true },
+  { 78577, true },
+  { 78615, true },
+  { 78639, true },
+  { 78669, true },
+  { 78685, true },
+  { 78700, true },
+  { 78710, true },
+  { 78719, true },
+  { 78735, true },
+  { 78750, true },
+  { 78763, true },
+  { 78782, true },
+  { 78803, true },
+  { 78828, true },
+  { 78843, true },
+  { 78852, true },
+  { 78863, true },
+  { 78876, false },
+  { 78886, true },
+  { 78905, true },
+  { 78919, true },
+  { 78938, true },
+  { 78966, true },
+  { 78993, true },
+  { 79008, true },
+  { 79023, true },
+  { 79032, true },
+  { 79054, false },
+  { 79076, true },
+  { 79088, true },
+  { 79107, true },
+  { 79123, true },
+  { 79143, true },
+  { 79158, true },
+  { 79169, true },
+  { 79185, true },
+  { 79203, true },
+  { 79221, false },
+  { 79237, true },
+  { 79256, true },
+  { 79281, true },
+  { 79305, true },
+  { 79328, false },
+  { 79342, true },
+  { 79355, true },
+  { 79367, true },
+  { 79375, true },
+  { 79393, true },
+  { 79412, true },
+  { 79420, true },
+  { 79432, true },
+  { 79441, true },
+  { 79456, true },
+  { 79474, true },
+  { 79489, true },
+  { 79502, true },
+  { 79514, true },
+  { 79526, true },
+  { 79547, true },
+  { 79565, true },
+  { 79585, true },
+  { 79607, true },
+  { 79618, true },
+  { 79636, true },
+  { 79646, true },
+  { 79657, true },
+  { 79674, true },
+  { 79689, true },
+  { 79707, true },
+  { 79724, true },
+  { 79739, true },
+  { 79756, true },
+  { 79770, true },
+  { 79784, true },
+  { 79800, true },
+  { 79819, true },
+  { 79836, true },
+  { 79853, true },
+  { 79870, true },
+  { 79887, false },
+  { 79902, true },
+  { 79929, true },
+  { 79949, true },
+  { 79981, true },
+  { 80001, true },
+  { 80023, true },
+  { 80043, true },
+  { 80062, true },
+  { 80083, false },
+  { 80102, true },
+  { 80121, true },
+  { 80138, true },
+  { 80158, true },
+  { 80179, true },
+  { 80205, true },
+  { 80225, true },
+  { 80243, true },
+  { 80261, true },
+  { 80284, true },
+  { 80303, true },
+  { 80322, true },
+  { 80344, true },
+  { 80361, true },
+  { 80386, true },
+  { 80409, true },
+  { 80432, true },
+  { 80454, true },
+  { 80475, true },
+  { 80495, true },
+  { 80512, true },
+  { 80539, true },
+  { 80562, true },
+  { 80585, true },
+  { 80603, true },
+  { 80619, true },
+  { 80636, true },
+  { 80652, true },
+  { 80666, true },
+  { 80679, true },
+  { 80716, false },
+  { 80727, true },
+  { 80745, true },
+  { 80765, true },
+  { 80788, true },
+  { 80813, false },
+  { 80844, true },
+  { 80859, true },
+  { 80882, true },
+  { 80896, true },
+  { 80910, true },
+  { 80928, true },
+  { 80942, true },
+  { 80953, true },
+  { 80963, true },
+  { 80972, true },
+  { 80983, true },
+  { 80995, true },
+  { 81011, true },
+  { 81021, true },
+  { 81030, true },
+  { 81042, true },
+  { 81056, true },
+  { 81075, true },
+  { 81093, true },
+  { 81110, true },
+  { 81129, true },
+  { 81150, true },
+  { 81160, true },
+  { 81174, true },
+  { 81184, true },
+  { 81191, true },
+  { 81204, true },
+  { 81221, true },
+  { 81239, true },
+  { 81250, false },
+  { 81258, true },
+  { 81279, true },
+  { 81290, true },
+  { 81304, true },
+  { 81330, true },
+  { 81343, true },
+  { 81354, true },
+  { 81373, true },
+  { 81385, true },
+  { 81402, false },
+  { 81420, true },
+  { 81433, true },
+  { 81445, true },
+  { 81458, true },
+  { 81469, true },
+  { 81482, true },
+  { 81496, true },
+  { 81504, true },
+  { 81517, true },
+  { 81533, false },
+  { 81544, true },
+  { 81558, true },
+  { 81576, true },
+  { 81585, true },
+  { 81601, true },
+  { 81614, true },
+  { 81632, true },
+  { 81649, true },
+  { 81667, true },
+  { 81679, true },
+  { 81690, true },
+  { 81699, true },
+  { 81707, true },
+  { 81721, true },
+  { 81728, true },
+  { 81746, true },
+  { 81759, true },
+  { 81773, true },
+  { 81785, true },
+  { 81802, true },
+  { 81814, true },
+  { 81824, true },
+  { 81831, true },
+  { 81842, true },
+  { 81854, true },
+  { 81870, true },
+  { 81879, true },
+  { 81889, true },
+  { 81901, true },
+  { 81912, true },
+  { 81926, true },
+  { 81937, true },
+  { 81962, true },
+  { 81979, true },
+  { 82004, true },
+  { 82027, true },
+  { 82041, true },
+  { 82053, true },
+  { 82062, true },
+  { 82070, true },
+  { 82088, true },
+  { 82099, true },
+  { 82114, true },
+  { 82133, true },
+  { 82152, true },
+  { 82171, true },
+  { 82187, true },
+  { 82200, true },
+  { 82214, true },
+  { 82226, false },
+  { 82242, true },
+  { 82256, true },
+  { 82266, true },
+  { 82285, true },
+  { 82299, true },
+  { 82313, true },
+  { 82330, true },
+  { 82350, true },
+  { 82367, true },
+  { 82387, true },
+  { 82400, true },
+  { 82415, true },
+  { 82429, true },
+  { 82442, true },
+  { 82456, true },
+  { 82474, true },
+  { 82489, true },
+  { 82509, true },
+  { 82532, true },
+  { 82545, true },
+  { 82553, true },
+  { 82559, true },
+  { 82573, true },
+  { 82587, true },
+  { 82600, true },
+  { 82609, true },
+  { 82623, true },
+  { 82637, true },
+  { 82650, true },
+  { 82663, false },
+  { 82683, true },
+  { 82700, true },
+  { 82716, true },
+  { 82730, true },
+  { 82745, true },
+  { 82760, true },
+  { 82781, true },
+  { 82804, true },
+  { 82820, true },
+  { 82833, true },
+  { 82846, true },
+  { 82866, true },
+  { 82885, true },
+  { 82901, true },
+  { 82928, true },
+  { 82948, true },
+  { 82969, true },
+  { 82982, true },
+  { 82996, true },
+  { 83016, true },
+  { 83028, true },
+  { 83042, true },
+  { 83063, true },
+  { 83074, true },
+  { 83091, true },
+  { 83104, true },
+  { 83121, true },
+  { 83130, true },
+  { 83156, true },
+  { 83174, true },
+  { 83196, true },
+  { 83206, true },
+  { 83231, true },
+  { 83249, true },
+  { 83264, true },
+  { 83278, true },
+  { 83287, true },
+  { 83306, true },
+  { 83325, true },
+  { 83337, true },
+  { 83353, true },
+  { 83375, true },
+  { 83393, true },
+  { 83412, true },
+  { 83425, true },
+  { 83433, true },
+  { 83451, true },
+  { 83467, true },
+  { 83488, true },
+  { 83508, true },
+  { 83521, true },
+  { 83535, true },
+  { 83550, true },
+  { 83569, true },
+  { 83594, true },
+  { 83609, true },
+  { 83623, true },
+  { 83642, true },
+  { 83661, true },
+  { 83678, true },
+  { 83693, true },
+  { 83706, true },
+  { 83730, true },
+  { 83743, true },
+  { 83758, true },
+  { 83774, true },
+  { 83786, true },
+  { 83803, true },
+  { 83818, true },
+  { 83841, true },
+  { 83857, true },
+  { 83879, true },
+  { 83892, true },
+  { 83902, true },
+  { 83917, true },
+  { 83940, true },
+  { 83959, true },
+  { 83971, true },
+  { 83989, true },
+  { 84008, true },
+  { 84034, false },
+  { 84042, true },
+  { 84055, true },
+  { 84064, true },
+  { 84077, true },
+  { 84087, true },
+  { 84099, true },
+  { 84115, true },
+  { 84132, true },
+  { 84153, true },
+  { 84170, true },
+  { 84195, true },
+  { 84221, true },
+  { 84232, false },
+  { 84242, true },
+  { 84253, false },
+  { 84265, true },
+  { 84289, true },
+  { 84311, true },
+  { 84327, true },
+  { 84346, true },
+  { 84358, true },
+  { 84375, true },
+  { 84389, true },
+  { 84400, true },
+  { 84417, true },
+  { 84427, false },
+  { 84439, true },
+  { 84466, true },
+  { 84484, true },
+  { 84500, true },
+  { 84520, true },
+  { 84534, true },
+  { 84550, true },
+  { 84567, true },
+  { 84589, true },
+  { 84604, true },
+  { 84626, true },
+  { 84638, true },
+  { 84651, true },
+  { 84664, true },
+  { 84679, true },
+  { 84700, true },
+  { 84713, true },
+  { 84735, true },
+  { 84752, true },
+  { 84774, true },
+  { 84790, true },
+  { 84804, true },
+  { 84819, true },
+  { 84845, true },
+  { 84861, true },
+  { 84876, true },
+  { 84901, true },
+  { 84917, true },
+  { 84932, true },
+  { 84945, true },
+  { 84960, true },
+  { 84974, true },
+  { 84986, true },
+  { 85001, true },
+  { 85010, true },
+  { 85022, true },
+  { 85039, true },
+  { 85049, true },
+  { 85058, true },
+  { 85071, true },
+  { 85085, true },
+  { 85096, true },
+  { 85107, true },
+  { 85122, true },
+  { 85133, true },
+  { 85153, true },
+  { 85173, true },
+  { 85189, true },
+  { 85204, true },
+  { 85218, true },
+  { 85233, true },
+  { 85245, true },
+  { 85258, true },
+  { 85273, true },
+  { 85284, true },
+  { 85298, true },
+  { 85312, true },
+  { 85326, true },
+  { 85342, true },
+  { 85361, true },
+  { 85376, true },
+  { 85392, true },
+  { 85402, true },
+  { 85415, true },
+  { 85424, true },
+  { 85436, true },
+  { 85448, true },
+  { 85460, true },
+  { 85478, true },
+  { 85489, true },
+  { 85505, true },
+  { 85516, true },
+  { 85528, true },
+  { 85542, true },
+  { 85557, true },
+  { 85570, true },
+  { 85584, true },
+  { 85601, true },
+  { 85609, true },
+  { 85629, true },
+  { 85647, true },
+  { 85659, true },
+  { 85671, true },
+  { 85684, true },
+  { 85695, false },
+  { 85715, true },
+  { 85727, true },
+  { 85736, true },
+  { 85744, true },
+  { 85760, true },
+  { 85776, true },
+  { 85790, true },
+  { 85801, true },
+  { 85811, true },
+  { 85826, true },
+  { 85834, true },
+  { 85847, false },
+  { 85867, true },
+  { 85876, true },
+  { 85890, true },
+  { 85910, true },
+  { 85934, true },
+  { 85958, true },
+  { 85979, true },
+  { 85987, true },
+  { 86004, true },
+  { 86025, true },
+  { 86035, true },
+  { 86048, true },
+  { 86067, true },
+  { 86089, true },
+  { 86103, true },
+  { 86114, true },
+  { 86137, true },
+  { 86159, true },
+  { 86181, true },
+  { 86194, true },
+  { 86202, false },
+  { 86212, true },
+  { 86242, true },
+  { 86269, true },
+  { 86282, true },
+  { 86295, false },
+  { 86309, true },
+  { 86325, true },
+  { 86338, true },
+  { 86355, true },
+  { 86374, true },
+  { 86394, true },
+  { 86403, true },
+  { 86414, true },
+  { 86425, true },
+  { 86438, true },
+  { 86455, true },
+  { 86469, false },
+  { 86487, true },
+  { 86495, true },
+  { 86511, true },
+  { 86521, true },
+  { 86532, false },
+  { 86547, true },
+  { 86560, true },
+  { 86576, true },
+  { 86589, true },
+  { 86603, true },
+  { 86618, false },
+  { 86633, true },
+  { 86647, true },
+  { 86659, true },
+  { 86669, true },
+  { 86681, true },
+  { 86694, true },
+  { 86709, true },
+  { 86722, true },
+  { 86735, true },
+  { 86748, true },
+  { 86760, false },
+  { 86783, false },
+  { 86807, true },
+  { 86824, true },
+  { 86836, true },
+  { 86850, true },
+  { 86863, true },
+  { 86877, true },
+  { 86893, true },
+  { 86908, true },
+  { 86925, true },
+  { 86936, true },
+  { 86948, true },
+  { 86959, true },
+  { 86974, true },
+  { 86992, true },
+  { 87004, true },
+  { 87018, true },
+  { 87029, true },
+  { 87039, true },
+  { 87050, true },
+  { 87069, true },
+  { 87088, true },
+  { 87105, true },
+  { 87115, true },
+  { 87137, true },
+  { 87151, true },
+  { 87170, true },
+  { 87185, true },
+  { 87201, true },
+  { 87211, true },
+  { 87221, true },
+  { 87233, true },
+  { 87247, true },
+  { 87280, true },
+  { 87295, true },
+  { 87320, true },
+  { 87339, true },
+  { 87353, true },
+  { 87367, true },
+  { 87380, true },
+  { 87395, true },
+  { 87412, true },
+  { 87428, true },
+  { 87442, true },
+  { 87459, true },
+  { 87472, true },
+  { 87485, true },
+  { 87498, true },
+  { 87518, false },
+  { 87530, true },
+  { 87542, true },
+  { 87559, true },
+  { 87570, true },
+  { 87588, true },
+  { 87607, true },
+  { 87615, true },
+  { 87622, true },
+  { 87638, true },
+  { 87651, true },
+  { 87664, true },
+  { 87676, false },
+  { 87688, true },
+  { 87699, true },
+  { 87721, true },
+  { 87741, true },
+  { 87753, true },
+  { 87765, true },
+  { 87778, true },
+  { 87795, true },
+  { 87813, true },
+  { 87827, false },
+  { 87842, true },
+  { 87857, true },
+  { 87878, true },
+  { 87891, true },
+  { 87907, true },
+  { 87923, true },
+  { 87937, true },
+  { 87950, true },
+  { 87966, true },
+  { 87983, true },
+  { 87996, true },
+  { 88020, true },
+  { 88042, true },
+  { 88062, true },
+  { 88081, true },
+  { 88095, true },
+  { 88107, true },
+  { 88118, true },
+  { 88134, true },
+  { 88150, true },
+  { 88171, true },
+  { 88193, true },
+  { 88214, true },
+  { 88234, true },
+  { 88261, true },
+  { 88280, true },
+  { 88294, true },
+  { 88311, true },
+  { 88323, true },
+  { 88343, true },
+  { 88356, true },
+  { 88382, true },
+  { 88396, true },
+  { 88420, true },
+  { 88441, true },
+  { 88467, true },
+  { 88488, true },
+  { 88505, true },
+  { 88526, true },
+  { 88544, true },
+  { 88566, true },
+  { 88589, true },
+  { 88609, true },
+  { 88627, true },
+  { 88644, true },
+  { 88654, true },
+  { 88661, true },
+  { 88683, true },
+  { 88694, true },
+  { 88710, true },
+  { 88720, true },
+  { 88735, true },
+  { 88748, true },
+  { 88769, true },
+  { 88789, true },
+  { 88803, true },
+  { 88819, true },
+  { 88831, true },
+  { 88846, true },
+  { 88866, true },
+  { 88876, true },
+  { 88892, true },
+  { 88909, true },
+  { 88921, true },
+  { 88933, true },
+  { 88949, true },
+  { 88966, true },
+  { 88979, true },
+  { 88988, true },
+  { 89010, true },
+  { 89018, true },
+  { 89033, true },
+  { 89050, true },
+  { 89071, true },
+  { 89093, true },
+  { 89103, true },
+  { 89121, true },
+  { 89135, true },
+  { 89155, true },
+  { 89178, true },
+  { 89210, true },
+  { 89237, true },
+  { 89256, true },
+  { 89270, true },
+  { 89304, true },
+  { 89314, true },
+  { 89338, true },
+  { 89351, true },
+  { 89383, true },
+  { 89409, true },
+  { 89445, true },
+  { 89474, true },
+  { 89489, true },
+  { 89508, true },
+  { 89528, true },
+  { 89547, false },
+  { 89569, true },
+  { 89593, true },
+  { 89609, true },
+  { 89633, true },
+  { 89649, true },
+  { 89673, true },
+  { 89690, true },
+  { 89702, true },
+  { 89714, true },
+  { 89729, true },
+  { 89756, true },
+  { 89784, true },
+  { 89810, true },
+  { 89827, true },
+  { 89852, true },
+  { 89866, true },
+  { 89886, true },
+  { 89911, true },
+  { 89933, true },
+  { 89958, true },
+  { 89987, true },
+  { 90009, false },
+  { 90024, true },
+  { 90047, true },
+  { 90070, true },
+  { 90094, true },
+  { 90109, true },
+  { 90125, true },
+  { 90140, true },
+  { 90154, true },
+  { 90172, true },
+  { 90194, true },
+  { 90216, true },
+  { 90241, true },
+  { 90257, false },
+  { 90282, true },
+  { 90306, true },
+  { 90333, true },
+  { 90357, false },
+  { 90378, true },
+  { 90392, true },
+  { 90415, true },
+  { 90423, true },
+  { 90437, false },
+  { 90451, true },
+  { 90466, true },
+  { 90484, true },
+  { 90502, true },
+  { 90521, true },
+  { 90541, true },
+  { 90557, true },
+  { 90576, true },
+  { 90599, true },
+  { 90616, true },
+  { 90640, true },
+  { 90656, false },
+  { 90673, true },
+  { 90696, true },
+  { 90714, true },
+  { 90732, true },
+  { 90750, true },
+  { 90777, true },
+  { 90801, true },
+  { 90822, false },
+  { 90844, true },
+  { 90857, true },
+  { 90874, true },
+  { 90888, true },
+  { 90910, true },
+  { 90920, true },
+  { 90934, true },
+  { 90953, true },
+  { 90964, true },
+  { 90978, true },
+  { 90989, true },
+  { 91000, true },
+  { 91011, true },
+  { 91024, true },
+  { 91039, true },
+  { 91058, true },
+  { 91073, true },
+  { 91088, true },
+  { 91109, true },
+  { 91126, true },
+  { 91142, true },
+  { 91156, true },
+  { 91169, true },
+  { 91180, true },
+  { 91195, true },
+  { 91208, true },
+  { 91219, true },
+  { 91238, true },
+  { 91256, true },
+  { 91274, true },
+  { 91294, true },
+  { 91318, true },
+  { 91337, true },
+  { 91366, true },
+  { 91386, true },
+  { 91405, true },
+  { 91423, true },
+  { 91435, true },
+  { 91449, true },
+  { 91462, true },
+  { 91485, true },
+  { 91498, true },
+  { 91515, true },
+  { 91533, true },
+  { 91554, true },
+  { 91571, true },
+  { 91581, true },
+  { 91597, true },
+  { 91615, true },
+  { 91628, true },
+  { 91655, true },
+  { 91673, true },
+  { 91694, true },
+  { 91709, true },
+  { 91724, false },
+  { 91758, true },
+  { 91776, true },
+  { 91792, true },
+  { 91817, true },
+  { 91837, true },
+  { 91853, true },
+  { 91868, true },
+  { 91891, true },
+  { 91908, true },
+  { 91929, false },
+  { 91952, true },
+  { 91976, true },
+  { 91998, true },
+  { 92015, true },
+  { 92028, true },
+  { 92050, true },
+  { 92068, true },
+  { 92081, true },
+  { 92102, true },
+  { 92117, true },
+  { 92132, true },
+  { 92149, true },
+  { 92160, true },
+  { 92173, true },
+  { 92187, false },
+  { 92226, true },
+  { 92236, true },
+  { 92256, true },
+  { 92269, true },
+  { 92281, true },
+  { 92299, true },
+  { 92315, true },
+  { 92329, true },
+  { 92346, true },
+  { 92364, true },
+  { 92383, false },
+  { 92398, true },
+  { 92418, false },
+  { 92434, true },
+  { 92443, true },
+  { 92462, true },
+  { 92481, true },
+  { 92492, true },
+  { 92504, true },
+  { 92526, true },
+  { 92538, true },
+  { 92552, true },
+  { 92568, true },
+  { 92580, true },
+  { 92608, true },
+  { 92631, true },
+  { 92645, true },
+  { 92657, true },
+  { 92666, true },
+  { 92683, true },
+  { 92697, true },
+  { 92714, true },
+  { 92735, true },
+  { 92745, true },
+  { 92761, true },
+  { 92776, true },
+  { 92796, true },
+  { 92810, true },
+  { 92826, true },
+  { 92842, true },
+  { 92852, true },
+  { 92868, true },
+  { 92885, true },
+  { 92902, false },
+  { 92914, true },
+  { 92926, true },
+  { 92938, true },
+  { 92952, true },
+  { 92964, true },
+  { 92987, true },
+  { 93012, true },
+  { 93032, true },
+  { 93049, true },
+  { 93061, true },
+  { 93071, true },
+  { 93088, true },
+  { 93100, true },
+  { 93111, true },
+  { 93121, true },
+  { 93141, true },
+  { 93153, true },
+  { 93165, true },
+  { 93181, true },
+  { 93200, true },
+  { 93213, true },
+  { 93227, true },
+  { 93239, true },
+  { 93258, true },
+  { 93270, true },
+  { 93280, true },
+  { 93294, true },
+  { 93326, true },
+  { 93351, true },
+  { 93368, true },
+  { 93388, true },
+  { 93405, true },
+  { 93425, true },
+  { 93446, true },
+  { 93459, true },
+  { 93470, true },
+  { 93494, true },
+  { 93515, true },
+  { 93538, true },
+  { 93552, true },
+  { 93565, true },
+  { 93582, true },
+  { 93594, true },
+  { 93606, true },
+  { 93620, true },
+  { 93642, true },
+  { 93662, true },
+  { 93687, true },
+  { 93708, true },
+  { 93722, true },
+  { 93744, true },
+  { 93760, true },
+  { 93784, true },
+  { 93796, true },
+  { 93805, true },
+  { 93815, true },
+  { 93836, true },
+  { 93857, true },
+  { 93880, true },
+  { 93896, false },
+  { 93915, true },
+  { 93935, true },
+  { 93948, true },
+  { 93959, true },
+  { 93973, true },
+  { 93982, true },
+  { 93994, true },
+  { 94008, true },
+  { 94028, true },
+  { 94044, true },
+  { 94060, true },
+  { 94078, true },
+  { 94094, true },
+  { 94109, true },
+  { 94127, true },
+  { 94148, true },
+  { 94171, true },
+  { 94189, true },
+  { 94207, true },
+  { 94234, true },
+  { 94251, true },
+  { 94269, true },
+  { 94287, true },
+  { 94298, true },
+  { 94315, true },
+  { 94344, true },
+  { 94357, true },
+  { 94370, true },
+  { 94381, true },
+  { 94401, true },
+  { 94419, true },
+  { 94437, true },
+  { 94453, true },
+  { 94461, true },
+  { 94484, true },
+  { 94503, true },
+  { 94520, true },
+  { 94530, false },
+  { 94545, true },
+  { 94555, true },
+  { 94567, true },
+  { 94579, true },
+  { 94592, true },
+  { 94601, true },
+  { 94624, true },
+  { 94639, true },
+  { 94647, true },
+  { 94660, true },
+  { 94679, true },
+  { 94690, true },
+  { 94715, true },
+  { 94727, true },
+  { 94738, true },
+  { 94751, true },
+  { 94761, true },
+  { 94776, true },
+  { 94790, true },
+  { 94804, true },
+  { 94815, true },
+  { 94827, true },
+  { 94834, true },
+  { 94846, true },
+  { 94853, false },
+  { 94873, true },
+  { 94885, true },
+  { 94899, true },
+  { 94910, true },
+  { 94926, true },
+  { 94943, true },
+  { 94962, true },
+  { 94979, false },
+  { 94992, true },
+  { 95010, true },
+  { 95027, true },
+  { 95053, true },
+  { 95066, true },
+  { 95080, true },
+  { 95094, true },
+  { 95112, true },
+  { 95124, true },
+  { 95141, true },
+  { 95160, true },
+  { 95175, true },
+  { 95189, true },
+  { 95200, true },
+  { 95212, true },
+  { 95226, true },
+  { 95245, true },
+  { 95258, true },
+  { 95271, true },
+  { 95283, true },
+  { 95305, true },
+  { 95318, true },
+  { 95345, true },
+  { 95361, true },
+  { 95377, true },
+  { 95396, true },
+  { 95415, true },
+  { 95435, true },
+  { 95451, true },
+  { 95467, true },
+  { 95481, true },
+  { 95491, true },
+  { 95506, true },
+  { 95519, true },
+  { 95533, true },
+  { 95541, true },
+  { 95549, true },
+  { 95564, true },
+  { 95583, true },
+  { 95596, true },
+  { 95615, true },
+  { 95636, true },
+  { 95663, true },
+  { 95683, false },
+  { 95701, true },
+  { 95718, true },
+  { 95736, true },
+  { 95755, true },
+  { 95774, true },
+  { 95794, true },
+  { 95816, true },
+  { 95835, true },
+  { 95850, true },
+  { 95868, true },
+  { 95883, true },
+  { 95902, true },
+  { 95921, true },
+  { 95940, true },
+  { 95956, true },
+  { 95973, true },
+  { 95989, true },
+  { 96009, true },
+  { 96021, true },
+  { 96037, true },
+  { 96051, true },
+  { 96061, true },
+  { 96073, true },
+  { 96089, true },
+  { 96110, false },
+  { 96129, true },
+  { 96150, true },
+  { 96159, true },
+  { 96174, true },
+  { 96191, true },
+  { 96208, true },
+  { 96227, true },
+  { 96241, true },
+  { 96249, true },
+  { 96258, true },
+  { 96267, true },
+  { 96282, true },
+  { 96297, true },
+  { 96314, true },
+  { 96328, true },
+  { 96340, true },
+  { 96355, true },
+  { 96363, true },
+  { 96372, true },
+  { 96392, true },
+  { 96403, true },
+  { 96414, true },
+  { 96435, true },
+  { 96456, true },
+  { 96467, true },
+  { 96479, true },
+  { 96496, true },
+  { 96507, true },
+  { 96516, true },
+  { 96530, true },
+  { 96542, true },
+  { 96555, false },
+  { 96570, true },
+  { 96592, true },
+  { 96602, true },
+  { 96616, false },
+  { 96630, true },
+  { 96655, true },
+  { 96665, true },
+  { 96680, true },
+  { 96695, true },
+  { 96709, true },
+  { 96721, true },
+  { 96740, true },
+  { 96754, true },
+  { 96769, true },
+  { 96781, true },
+  { 96804, true },
+  { 96816, true },
+  { 96839, true },
+  { 96859, true },
+  { 96872, true },
+  { 96889, true },
+  { 96908, true },
+  { 96916, true },
+  { 96929, true },
+  { 96946, true },
+  { 96962, true },
+  { 96990, true },
+  { 97009, true },
+  { 97032, true },
+  { 97057, true },
+  { 97084, true },
+  { 97094, true },
+  { 97104, true },
+  { 97111, true },
+  { 97134, true },
+  { 97151, true },
+  { 97165, true },
+  { 97179, true },
+  { 97200, true },
+  { 97209, true },
+  { 97227, true },
+  { 97235, false },
+  { 97242, true },
+  { 97253, true },
+  { 97270, true },
+  { 97278, true },
+  { 97292, true },
+  { 97307, true },
+  { 97321, true },
+  { 97334, true },
+  { 97352, false },
+  { 97363, true },
+  { 97379, false },
+  { 97389, false },
+  { 97405, true },
+  { 97418, true },
+  { 97432, true },
+  { 97446, true },
+  { 97462, true },
+  { 97478, true },
+  { 97500, true },
+  { 97518, true },
+  { 97532, true },
+  { 97549, true },
+  { 97567, true },
+  { 97581, true },
+  { 97595, true },
+  { 97610, true },
+  { 97625, true },
+  { 97645, false },
+  { 97661, true },
+  { 97677, true },
+  { 97690, true },
+  { 97704, true },
+  { 97717, true },
+  { 97747, true },
+  { 97759, true },
+  { 97788, true },
+  { 97798, true },
+  { 97808, true },
+  { 97824, true },
+  { 97832, true },
+  { 97842, true },
+  { 97853, true },
+  { 97861, true },
+  { 97876, true },
+  { 97885, true },
+  { 97895, true },
+  { 97903, false },
+  { 97918, true },
+  { 97935, true },
+  { 97951, true },
+  { 97966, true },
+  { 97979, true },
+  { 97990, true },
+  { 98011, true },
+  { 98034, true },
+  { 98050, true },
+  { 98063, true },
+  { 98070, true },
+  { 98087, true },
+  { 98096, true },
+  { 98104, true },
+  { 98113, true },
+  { 98127, true },
+  { 98135, true },
+  { 98154, false },
+  { 98174, true },
+  { 98187, true },
+  { 98197, true },
+  { 98209, true },
+  { 98222, true },
+  { 98230, true },
+  { 98248, true },
+  { 98257, true },
+  { 98266, true },
+  { 98275, true },
+  { 98283, true },
+  { 98309, true },
+  { 98324, true },
+  { 98332, true },
+  { 98346, true },
+  { 98365, true },
+  { 98384, true },
+  { 98398, true },
+  { 98410, true },
+  { 98419, true },
+  { 98430, true },
+  { 98441, true },
+  { 98452, true },
+  { 98464, false },
+  { 98473, false },
+  { 98493, false },
+  { 98516, true },
+  { 98526, true },
+  { 98542, true },
+  { 98560, true },
+  { 98577, true },
+  { 98597, true },
+  { 98621, true },
+  { 98634, true },
+  { 98648, true },
+  { 98664, true },
+  { 98674, true },
+  { 98686, true },
+  { 98700, true },
+  { 98718, true },
+  { 98737, true },
+  { 98754, true },
+  { 98770, true },
+  { 98784, true },
+  { 98803, true },
+  { 98816, true },
+  { 98828, true },
+  { 98843, true },
+  { 98850, true },
+  { 98861, true },
+  { 98872, true },
+  { 98880, true },
+  { 98890, true },
+  { 98904, true },
+  { 98922, true },
+  { 98937, true },
+  { 98953, true },
+  { 98969, true },
+  { 98990, true },
+  { 99004, true },
+  { 99023, true },
+  { 99045, true },
+  { 99057, true },
+  { 99080, true },
+  { 99103, true },
+  { 99114, true },
+  { 99136, false },
+  { 99158, true },
+  { 99177, true },
+  { 99193, true },
+  { 99211, true },
+  { 99226, true },
+  { 99243, true },
+  { 99259, true },
+  { 99276, true },
+  { 99293, true },
+  { 99312, true },
+  { 99327, true },
+  { 99346, true },
+  { 99358, true },
+  { 99373, true },
+  { 99396, true },
+  { 99414, true },
+  { 99438, true },
+  { 99460, true },
+  { 99478, true },
+  { 99495, true },
+  { 99514, true },
+  { 99539, true },
+  { 99568, true },
+  { 99581, true },
+  { 99593, true },
+  { 99603, true },
+  { 99612, true },
+  { 99624, true },
+  { 99634, true },
+  { 99643, true },
+  { 99652, true },
+  { 99661, true },
+  { 99670, true },
+  { 99680, true },
+  { 99690, true },
+  { 99699, true },
+  { 99708, true },
+  { 99721, true },
+  { 99741, true },
+  { 99750, true },
+  { 99760, true },
+  { 99768, true },
+  { 99775, true },
+  { 99791, true },
+  { 99799, true },
+  { 99810, true },
+  { 99817, true },
+  { 99830, true },
+  { 99844, true },
+  { 99851, true },
+  { 99861, true },
+  { 99872, true },
+  { 99882, false },
+  { 99897, true },
+  { 99911, true },
+  { 99925, true },
+  { 99937, true },
+  { 99954, true },
+  { 99972, true },
+  { 99983, true },
+  { 99997, true },
+  { 100009, true },
+  { 100022, true },
+  { 100035, true },
+  { 100055, true },
+  { 100074, true },
+  { 100092, true },
+  { 100105, true },
+  { 100123, true },
+  { 100137, true },
+  { 100152, true },
+  { 100166, true },
+  { 100183, true },
+  { 100209, true },
+  { 100223, true },
+  { 100245, true },
+  { 100266, true },
+  { 100283, true },
+  { 100298, true },
+  { 100312, true },
+  { 100327, true },
+  { 100338, true },
+  { 100351, true },
+  { 100364, true },
+  { 100378, true },
+  { 100388, true },
+  { 100399, true },
+  { 100418, true },
+  { 100433, true },
+  { 100448, true },
+  { 100475, true },
+  { 100496, true },
+  { 100516, true },
+  { 100528, true },
+  { 100538, true },
+  { 100551, true },
+  { 100563, true },
+  { 100574, true },
+  { 100591, true },
+  { 100599, true },
+  { 100613, true },
+  { 100624, true },
+  { 100633, true },
+  { 100649, true },
+  { 100657, true },
+  { 100665, true },
+  { 100673, true },
+  { 100684, true },
+  { 100692, true },
+  { 100706, true },
+  { 100721, true },
+  { 100748, true },
+  { 100766, true },
+  { 100793, true },
+  { 100803, true },
+  { 100812, true },
+  { 100826, true },
+  { 100854, true },
+  { 100865, true },
+  { 100876, true },
+  { 100885, true },
+  { 100895, true },
+  { 100902, true },
+  { 100916, true },
+  { 100930, true },
+  { 100941, true },
+  { 100954, true },
+  { 100961, true },
+  { 100969, true },
+  { 100984, true },
+  { 101000, true },
+  { 101010, true },
+  { 101023, true },
+  { 101037, true },
+  { 101051, true },
+  { 101065, true },
+  { 101070, true },
+  { 101075, true },
+  { 101083, true },
+  { 101090, true },
+  { 101099, true },
+  { 101106, true },
+  { 101136, true },
+  { 101143, true },
+  { 101155, true },
+  { 101162, true },
+  { 101173, true },
+  { 101180, true },
+  { 101187, true },
+  { 101193, true },
+  { 101209, true },
+  { 101216, true },
+  { 101228, true },
+  { 101242, true },
+  { 101269, true },
+  { 101301, true },
+  { 101315, true },
+  { 101332, true },
+  { 101340, true },
+  { 101348, true },
+  { 101368, true },
+  { 101390, true },
+  { 101401, true },
+  { 101412, true },
+  { 101423, true },
+  { 101434, true },
+  { 101445, true },
+  { 101457, true },
+  { 101467, true },
+  { 101486, true },
+  { 101502, true },
+  { 101519, true },
+  { 101527, true },
+  { 101544, true },
+  { 101559, true },
+  { 101585, true },
+  { 101606, true },
+  { 101619, true },
+  { 101634, true },
+  { 101649, true },
+  { 101665, true },
+  { 101684, true },
+  { 101701, true },
+  { 101717, false },
+  { 101727, true },
+  { 101740, true },
+  { 101750, true },
+  { 101761, true },
+  { 101780, true },
+  { 101795, true },
+  { 101810, true },
+  { 101823, true },
+  { 101831, true },
+  { 101849, true },
+  { 101861, false },
+  { 101873, true },
+  { 101887, true },
+  { 101899, true },
+  { 101912, true },
+  { 101928, true },
+  { 101942, true },
+  { 101963, true },
+  { 101975, true },
+  { 101992, true },
+  { 102005, true },
+  { 102017, true },
+  { 102035, true },
+  { 102045, true },
+  { 102058, true },
+  { 102077, true },
+  { 102107, true },
+  { 102117, true },
+  { 102128, true },
+  { 102141, true },
+  { 102153, true },
+  { 102167, true },
+  { 102184, true },
+  { 102196, true },
+  { 102214, true },
+  { 102245, true },
+  { 102259, true },
+  { 102278, true },
+  { 102287, true },
+  { 102305, true },
+  { 102319, true },
+  { 102335, true },
+  { 102349, true },
+  { 102368, true },
+  { 102386, true },
+  { 102404, true },
+  { 102420, true },
+  { 102440, true },
+  { 102461, true },
+  { 102482, true },
+  { 102498, true },
+  { 102514, true },
+  { 102530, true },
+  { 102549, true },
+  { 102564, false },
+  { 102585, false },
+  { 102605, true },
+  { 102625, true },
+  { 102641, true },
+  { 102660, true },
+  { 102675, true },
+  { 102693, true },
+  { 102709, true },
+  { 102726, true },
+  { 102745, true },
+  { 102764, true },
+  { 102782, true },
+  { 102798, true },
+  { 102809, false },
+  { 102819, true },
+  { 102834, true },
+  { 102843, true },
+  { 102855, true },
+  { 102883, true },
+  { 102901, true },
+  { 102918, true },
+  { 102927, true },
+  { 102941, true },
+  { 102960, true },
+  { 102978, true },
+  { 102990, true },
+  { 103000, true },
+  { 103010, true },
+  { 103023, true },
+  { 103038, true },
+  { 103053, true },
+  { 103068, true },
+  { 103083, true },
+  { 103102, true },
+  { 103119, true },
+  { 103127, true },
+  { 103141, true },
+  { 103156, true },
+  { 103167, true },
+  { 103177, true },
+  { 103211, true },
+  { 103223, true },
+  { 103234, true },
+  { 103251, true },
+  { 103261, true },
+  { 103271, true },
+  { 103284, true },
+  { 103296, false },
+  { 103310, true },
+  { 103328, true },
+  { 103341, true },
+  { 103352, true },
+  { 103368, true },
+  { 103386, true },
+  { 103404, true },
+  { 103415, true },
+  { 103433, true },
+  { 103448, true },
+  { 103462, true },
+  { 103477, true },
+  { 103491, true },
+  { 103506, true },
+  { 103522, true },
+  { 103534, true },
+  { 103551, true },
+  { 103563, true },
+  { 103592, true },
+  { 103625, true },
+  { 103637, true },
+  { 103649, true },
+  { 103666, true },
+  { 103678, true },
+  { 103693, true },
+  { 103702, true },
+  { 103720, true },
+  { 103729, true },
+  { 103742, true },
+  { 103754, true },
+  { 103766, true },
+  { 103783, true },
+  { 103796, true },
+  { 103811, true },
+  { 103825, true },
+  { 103840, true },
+  { 103852, false },
+  { 103866, true },
+  { 103876, true },
+  { 103891, true },
+  { 103911, true },
+  { 103929, true },
+  { 103942, true },
+  { 103956, true },
+  { 103970, true },
+  { 103983, true },
+  { 103996, true },
+  { 104011, true },
+  { 104031, true },
+  { 104045, true },
+  { 104054, true },
+  { 104067, true },
+  { 104078, true },
+  { 104090, true },
+  { 104105, true },
+  { 104119, true },
+  { 104133, true },
+  { 104147, true },
+  { 104161, true },
+  { 104181, true },
+  { 104202, true },
+  { 104220, true },
+  { 104234, true },
+  { 104245, true },
+  { 104265, true },
+  { 104280, false },
+  { 104292, true },
+  { 104305, true },
+  { 104321, true },
+  { 104334, true },
+  { 104347, true },
+  { 104360, true },
+  { 104387, true },
+  { 104398, true },
+  { 104413, true },
+  { 104439, true },
+  { 104459, true },
+  { 104473, true },
+  { 104486, false },
+  { 104500, true },
+  { 104514, false },
+  { 104531, true },
+  { 104556, true },
+  { 104568, true },
+  { 104585, true },
+  { 104602, true },
+  { 104615, true },
+  { 104629, true },
+  { 104642, true },
+  { 104654, true },
+  { 104670, true },
+  { 104697, true },
+  { 104727, true },
+  { 104749, true },
+  { 104768, true },
+  { 104787, false },
+  { 104799, true },
+  { 104813, true },
+  { 104829, true },
+  { 104844, true },
+  { 104856, true },
+  { 104871, true },
+  { 104891, true },
+  { 104910, true },
+  { 104926, true },
+  { 104942, true },
+  { 104957, true },
+  { 104974, true },
+  { 104988, true },
+  { 105003, true },
+  { 105018, true },
+  { 105033, true },
+  { 105055, true },
+  { 105075, true },
+  { 105093, true },
+  { 105111, true },
+  { 105126, true },
+  { 105142, true },
+  { 105159, true },
+  { 105179, true },
+  { 105193, true },
+  { 105209, true },
+  { 105227, true },
+  { 105240, true },
+  { 105255, true },
+  { 105274, true },
+  { 105291, true },
+  { 105304, true },
+  { 105318, true },
+  { 105333, true },
+  { 105349, true },
+  { 105368, true },
+  { 105389, true },
+  { 105406, true },
+  { 105422, true },
+  { 105438, true },
+  { 105457, true },
+  { 105477, true },
+  { 105488, true },
+  { 105500, true },
+  { 105513, true },
+  { 105530, true },
+  { 105546, true },
+  { 105553, true },
+  { 105568, true },
+  { 105584, true },
+  { 105610, true },
+  { 105623, true },
+  { 105643, true },
+  { 105654, true },
+  { 105672, true },
+  { 105686, true },
+  { 105698, true },
+  { 105711, true },
+  { 105722, true },
+  { 105730, true },
+  { 105738, true },
+  { 105760, true },
+  { 105777, true },
+  { 105794, true },
+  { 105805, true },
+  { 105813, true },
+  { 105825, true },
+  { 105838, true },
+  { 105848, true },
+  { 105860, true },
+  { 105868, true },
+  { 105877, true },
+  { 105888, true },
+  { 105899, true },
+  { 105914, true },
+  { 105924, true },
+  { 105935, true },
+  { 105948, true },
+  { 105967, true },
+  { 105989, true },
+  { 105997, true },
+  { 106009, true },
+  { 106023, true },
+  { 106034, true },
+  { 106042, true },
+  { 106054, true },
+  { 106062, true },
+  { 106073, true },
+  { 106083, true },
+  { 106091, false },
+  { 106099, false },
+  { 106115, true },
+  { 106128, true },
+  { 106143, true },
+  { 106160, true },
+  { 106169, true },
+  { 106191, true },
+  { 106212, true },
+  { 106226, true },
+  { 106234, true },
+  { 106247, true },
+  { 106260, true },
+  { 106270, true },
+  { 106281, false },
+  { 106301, true },
+  { 106316, true },
+  { 106328, true },
+  { 106341, true },
+  { 106353, true },
+  { 106365, true },
+  { 106379, false },
+  { 106400, true },
+  { 106411, true },
+  { 106425, true },
+  { 106439, true },
+  { 106453, true },
+  { 106470, true },
+  { 106485, true },
+  { 106499, true },
+  { 106513, true },
+  { 106527, true },
+  { 106541, true },
+  { 106555, true },
+  { 106570, true },
+  { 106592, true },
+  { 106604, true },
+  { 106618, true },
+  { 106631, true },
+  { 106649, true },
+  { 106664, true },
+  { 106678, true },
+  { 106694, true },
+  { 106709, true },
+  { 106721, true },
+  { 106733, true },
+  { 106745, true },
+  { 106777, true },
+  { 106787, true },
+  { 106805, true },
+  { 106818, true },
+  { 106833, true },
+  { 106847, true },
+  { 106867, true },
+  { 106880, true },
+  { 106893, true },
+  { 106902, true },
+  { 106923, true },
+  { 106936, true },
+  { 106946, true },
+  { 106959, true },
+  { 106980, true },
+  { 106990, true },
+  { 107010, true },
+  { 107029, true },
+  { 107050, true },
+  { 107063, true },
+  { 107078, true },
+  { 107090, true },
+  { 107103, true },
+  { 107118, true },
+  { 107133, true },
+  { 107152, true },
+  { 107171, true },
+  { 107196, true },
+  { 107213, true },
+  { 107236, true },
+  { 107248, true },
+  { 107256, true },
+  { 107268, true },
+  { 107279, true },
+  { 107294, true },
+  { 107310, true },
+  { 107317, true },
+  { 107324, true },
+  { 107348, true },
+  { 107358, true },
+  { 107375, true },
+  { 107398, true },
+  { 107411, true },
+  { 107426, true },
+  { 107446, true },
+  { 107462, true },
+  { 107473, true },
+  { 107483, true },
+  { 107495, true },
+  { 107506, true },
+  { 107517, true },
+  { 107530, true },
+  { 107547, true },
+  { 107568, true },
+  { 107578, true },
+  { 107594, true },
+  { 107609, true },
+  { 107625, true },
+  { 107642, true },
+  { 107658, true },
+  { 107675, true },
+  { 107689, true },
+  { 107704, true },
+  { 107720, true },
+  { 107735, true },
+  { 107746, true },
+  { 107756, true },
+  { 107765, true },
+  { 107775, true },
+  { 107786, true },
+  { 107796, true },
+  { 107807, true },
+  { 107820, true },
+  { 107830, true },
+  { 107842, true },
+  { 107853, true },
+  { 107866, true },
+  { 107878, true },
+  { 107902, true },
+  { 107915, true },
+  { 107943, true },
+  { 107966, true },
+  { 107978, true },
+  { 107992, true },
+  { 108002, true },
+  { 108016, true },
+  { 108032, true },
+  { 108044, true },
+  { 108055, true },
+  { 108067, true },
+  { 108083, true },
+  { 108094, true },
+  { 108102, true },
+  { 108115, true },
+  { 108131, true },
+  { 108144, true },
+  { 108157, true },
+  { 108177, true },
+  { 108188, true },
+  { 108209, true },
+  { 108225, true },
+  { 108247, true },
+  { 108267, true },
+  { 108288, true },
+  { 108307, true },
+  { 108319, true },
+  { 108331, true },
+  { 108346, true },
+  { 108361, true },
+  { 108371, true },
+  { 108386, true },
+  { 108400, true },
+  { 108415, true },
+  { 108424, true },
+  { 108435, true },
+  { 108452, true },
+  { 108465, true },
+  { 108479, true },
+  { 108491, true },
+  { 108506, true },
+  { 108528, true },
+  { 108539, true },
+  { 108558, true },
+  { 108579, true },
+  { 108591, true },
+  { 108601, true },
+  { 108617, true },
+  { 108625, true },
+  { 108642, true },
+  { 108652, true },
+  { 108665, true },
+  { 108689, true },
+  { 108710, true },
+  { 108735, true },
+  { 108757, true },
+  { 108769, true },
+  { 108782, true },
+  { 108799, true },
+  { 108816, true },
+  { 108828, true },
+  { 108841, true },
+  { 108853, true },
+  { 108866, true },
+  { 108879, true },
+  { 108890, true },
+  { 108904, true },
+  { 108922, true },
+  { 108940, true },
+  { 108951, true },
+  { 108963, true },
+  { 108978, true },
+  { 109000, true },
+  { 109018, true },
+  { 109035, true },
+  { 109049, true },
+  { 109063, false },
+  { 109078, true },
+  { 109092, true },
+  { 109108, true },
+  { 109127, true },
+  { 109141, true },
+  { 109151, true },
+  { 109159, true },
+  { 109177, true },
+  { 109206, true },
+  { 109217, true },
+  { 109236, true },
+  { 109249, true },
+  { 109274, true },
+  { 109297, true },
+  { 109312, true },
+  { 109332, true },
+  { 109353, true },
+  { 109366, true },
+  { 109378, true },
+  { 109389, true },
+  { 109414, true },
+  { 109435, true },
+  { 109448, true },
+  { 109460, true },
+  { 109472, true },
+  { 109482, true },
+  { 109499, true },
+  { 109519, true },
+  { 109531, true },
+  { 109555, true },
+  { 109576, true },
+  { 109596, true },
+  { 109616, true },
+  { 109639, true },
+  { 109672, true },
+  { 109698, true },
+  { 109720, true },
+  { 109737, true },
+  { 109758, true },
+  { 109772, true },
+  { 109788, true },
+  { 109807, true },
+  { 109833, true },
+  { 109843, true },
+  { 109853, true },
+  { 109866, true },
+  { 109889, true },
+  { 109901, true },
+  { 109915, true },
+  { 109925, true },
+  { 109935, true },
+  { 109944, true },
+  { 109962, true },
+  { 109973, true },
+  { 109991, true },
+  { 110004, true },
+  { 110032, true },
+  { 110044, true },
+  { 110061, true },
+  { 110083, true },
+  { 110092, true },
+  { 110109, true },
+  { 110121, true },
+  { 110135, true },
+  { 110153, true },
+  { 110174, true },
+  { 110188, true },
+  { 110215, true },
+  { 110241, true },
+  { 110259, true },
+  { 110276, true },
+  { 110301, true },
+  { 110321, true },
+  { 110346, true },
+  { 110360, true },
+  { 110375, true },
+  { 110390, true },
+  { 110400, false },
+  { 110414, true },
+  { 110427, true },
+  { 110448, true },
+  { 110457, true },
+  { 110482, true },
+  { 110498, true },
+  { 110511, true },
+  { 110537, true },
+  { 110550, true },
+  { 110568, true },
+  { 110599, true },
+  { 110628, true },
+  { 110639, true },
+  { 110649, true },
+  { 110672, true },
+  { 110695, true },
+  { 110722, false },
+  { 110736, true },
+  { 110751, true },
+  { 110765, true },
+  { 110782, true },
+  { 110797, true },
+  { 110816, true },
+  { 110835, true },
+  { 110857, true },
+  { 110872, true },
+  { 110886, true },
+  { 110900, true },
+  { 110910, true },
+  { 110919, true },
+  { 110936, true },
+  { 110945, true },
+  { 110955, true },
+  { 110993, true },
+  { 111012, true },
+  { 111027, true },
+  { 111038, true },
+  { 111050, true },
+  { 111068, true },
+  { 111093, true },
+  { 111123, true },
+  { 111136, true },
+  { 111153, true },
+  { 111164, true },
+  { 111172, true },
+  { 111183, false },
+  { 111192, true },
+  { 111202, true },
+  { 111215, true },
+  { 111225, true },
+  { 111239, true },
+  { 111248, true },
+  { 111261, true },
+  { 111283, false },
+  { 111308, true },
+  { 111326, true },
+  { 111343, false },
+  { 111367, true },
+  { 111381, true },
+  { 111400, true },
+  { 111427, true },
+  { 111439, true },
+  { 111451, true },
+  { 111463, true },
+  { 111471, true },
+  { 111480, true },
+  { 111494, true },
+  { 111517, true },
+  { 111534, true },
+  { 111550, false },
+  { 111562, true },
+  { 111574, true },
+  { 111585, true },
+  { 111595, true },
+  { 111607, true },
+  { 111621, true },
+  { 111635, true },
+  { 111647, true },
+  { 111657, true },
+  { 111671, true },
+  { 111688, true },
+  { 111706, true },
+  { 111718, true },
+  { 111730, true },
+  { 111742, true },
+  { 111751, true },
+  { 111762, true },
+  { 111774, true },
+  { 111788, true },
+  { 111798, true },
+  { 111811, true },
+  { 111823, true },
+  { 111839, true },
+  { 111861, true },
+  { 111874, true },
+  { 111884, true },
+  { 111898, true },
+  { 111907, true },
+  { 111919, true },
+  { 111930, true },
+  { 111937, true },
+  { 111950, true },
+  { 111962, true },
+  { 111974, true },
+  { 111997, true },
+  { 112006, true },
+  { 112015, true },
+  { 112026, true },
+  { 112042, true },
+  { 112052, true },
+  { 112066, true },
+  { 112073, true },
+  { 112090, true },
+  { 112101, true },
+  { 112114, true },
+  { 112125, true },
+  { 112139, true },
+  { 112148, true },
+  { 112168, true },
+  { 112206, true },
+  { 112218, true },
+  { 112227, true },
+  { 112238, true },
+  { 112249, true },
+  { 112259, true },
+  { 112273, true },
+  { 112291, true },
+  { 112309, true },
+  { 112325, true },
+  { 112340, true },
+  { 112354, true },
+  { 112366, true },
+  { 112381, true },
+  { 112395, true },
+  { 112411, true },
+  { 112425, true },
+  { 112441, true },
+  { 112454, true },
+  { 112471, true },
+  { 112489, true },
+  { 112506, true },
+  { 112516, true },
+  { 112538, true },
+  { 112547, true },
+  { 112559, true },
+  { 112582, true },
+  { 112605, true },
+  { 112616, true },
+  { 112637, true },
+  { 112662, true },
+  { 112677, true },
+  { 112703, true },
+  { 112728, true },
+  { 112761, true },
+  { 112789, true },
+  { 112818, true },
+  { 112834, true },
+  { 112846, true },
+  { 112859, true },
+  { 112871, true },
+  { 112882, true },
+  { 112893, true },
+  { 112910, true },
+  { 112935, true },
+  { 112950, true },
+  { 112963, true },
+  { 112985, true },
+  { 113010, true },
+  { 113026, true },
+  { 113057, false },
+  { 113069, true },
+  { 113081, true },
+  { 113093, true },
+  { 113109, true },
+  { 113123, true },
+  { 113138, true },
+  { 113156, true },
+  { 113165, true },
+  { 113179, true },
+  { 113201, true },
+  { 113215, true },
+  { 113230, true },
+  { 113247, true },
+  { 113270, true },
+  { 113287, true },
+  { 113305, true },
+  { 113324, true },
+  { 113337, true },
+  { 113347, true },
+  { 113359, true },
+  { 113371, true },
+  { 113386, true },
+  { 113400, false },
+  { 113413, false },
+  { 113427, true },
+  { 113439, true },
+  { 113453, true },
+  { 113464, true },
+  { 113475, true },
+  { 113487, true },
+  { 113499, true },
+  { 113511, true },
+  { 113526, true },
+  { 113540, true },
+  { 113561, true },
+  { 113573, true },
+  { 113586, true },
+  { 113598, true },
+  { 113614, true },
+  { 113630, false },
+  { 113643, true },
+  { 113654, false },
+  { 113671, true },
+  { 113693, true },
+  { 113713, false },
+  { 113725, true },
+  { 113742, true },
+  { 113758, true },
+  { 113782, true },
+  { 113800, true },
+  { 113814, true },
+  { 113829, true },
+  { 113846, true },
+  { 113874, true },
+  { 113899, true },
+  { 113915, true },
+  { 113936, true },
+  { 113958, true },
+  { 113974, true },
+  { 113990, true },
+  { 114005, true },
+  { 114020, true },
+  { 114043, true },
+  { 114057, true },
+  { 114083, true },
+  { 114103, true },
+  { 114121, true },
+  { 114136, true },
+  { 114158, true },
+  { 114187, true },
+  { 114208, true },
+  { 114227, true },
+  { 114246, true },
+  { 114262, true },
+  { 114289, true },
+  { 114305, true },
+  { 114326, true },
+  { 114339, true },
+  { 114352, true },
+  { 114369, true },
+  { 114379, true },
+  { 114391, false },
+  { 114408, true },
+  { 114427, true },
+  { 114435, true },
+  { 114447, true },
+  { 114457, true },
+  { 114476, true },
+  { 114493, true },
+  { 114510, true },
+  { 114520, true },
+  { 114534, true },
+  { 114548, true },
+  { 114565, true },
+  { 114573, true },
+  { 114592, true },
+  { 114605, true },
+  { 114614, true },
+  { 114625, true },
+  { 114643, true },
+  { 114655, true },
+  { 114666, true },
+  { 114676, true },
+  { 114687, true },
+  { 114697, true },
+  { 114705, true },
+  { 114722, true },
+  { 114732, true },
+  { 114745, true },
+  { 114759, true },
+  { 114770, true },
+  { 114783, true },
+  { 114792, true },
+  { 114804, false },
+  { 114812, true },
+  { 114823, true },
+  { 114834, true },
+  { 114847, true },
+  { 114860, true },
+  { 114874, true },
+  { 114893, true },
+  { 114909, true },
+  { 114933, true },
+  { 114945, true },
+  { 114959, true },
+  { 114975, true },
+  { 114989, true },
+  { 115009, true },
+  { 115032, true },
+  { 115052, true },
+  { 115063, true },
+  { 115079, true },
+  { 115089, true },
+  { 115101, true },
+  { 115114, true },
+  { 115128, true },
+  { 115144, true },
+  { 115164, true },
+  { 115178, true },
+  { 115186, true },
+  { 115204, true },
+  { 115215, true },
+  { 115228, true },
+  { 115240, true },
+  { 115255, true },
+  { 115273, true },
+  { 115290, true },
+  { 115305, true },
+  { 115324, false },
+  { 115338, true },
+  { 115352, true },
+  { 115369, true },
+  { 115387, true },
+  { 115405, true },
+  { 115426, false },
+  { 115448, true },
+  { 115470, true },
+  { 115486, true },
+  { 115510, true },
+  { 115527, true },
+  { 115548, true },
+  { 115564, true },
+  { 115578, true },
+  { 115597, true },
+  { 115616, true },
+  { 115643, true },
+  { 115670, true },
+  { 115691, true },
+  { 115717, true },
+  { 115738, true },
+  { 115758, true },
+  { 115784, true },
+  { 115802, true },
+  { 115814, true },
+  { 115825, true },
+  { 115836, true },
+  { 115852, true },
+  { 115864, true },
+  { 115878, true },
+  { 115895, true },
+  { 115916, true },
+  { 115931, false },
+  { 115951, true },
+  { 115977, true },
+  { 116004, true },
+  { 116032, true },
+  { 116059, true },
+  { 116081, true },
+  { 116091, true },
+  { 116104, true },
+  { 116112, true },
+  { 116124, true },
+  { 116132, true },
+  { 116145, true },
+  { 116162, true },
+  { 116182, true },
+  { 116205, true },
+  { 116217, true },
+  { 116229, true },
+  { 116242, true },
+  { 116256, true },
+  { 116279, true },
+  { 116298, true },
+  { 116320, true },
+  { 116338, true },
+  { 116357, true },
+  { 116376, true },
+  { 116394, true },
+  { 116404, true },
+  { 116415, true },
+  { 116425, true },
+  { 116442, true },
+  { 116454, true },
+  { 116464, true },
+  { 116485, true },
+  { 116495, true },
+  { 116506, true },
+  { 116525, true },
+  { 116540, true },
+  { 116558, true },
+  { 116577, true },
+  { 116600, true },
+  { 116607, true },
+  { 116620, true },
+  { 116633, true },
+  { 116643, true },
+  { 116661, true },
+  { 116685, true },
+  { 116709, true },
+  { 116718, true },
+  { 116735, false },
+  { 116755, true },
+  { 116774, true },
+  { 116782, false },
+  { 116792, true },
+  { 116806, true },
+  { 116832, true },
+  { 116845, true },
+  { 116862, true },
+  { 116870, true },
+  { 116878, true },
+  { 116894, true },
+  { 116901, true },
+  { 116914, true },
+  { 116923, true },
+  { 116933, true },
+  { 116953, true },
+  { 116964, true },
+  { 116973, false },
+  { 116988, true },
+  { 117007, true },
+  { 117016, true },
+  { 117025, true },
+  { 117039, true },
+  { 117053, true },
+  { 117063, true },
+  { 117080, true },
+  { 117092, true },
+  { 117101, true },
+  { 117108, true },
+  { 117120, true },
+  { 117137, true },
+  { 117145, false },
+  { 117153, true },
+  { 117161, true },
+  { 117168, true },
+  { 117179, true },
+  { 117192, true },
+  { 117199, true },
+  { 117210, true },
+  { 117221, true },
+  { 117231, true },
+  { 117244, true },
+  { 117259, true },
+  { 117276, true },
+  { 117291, true },
+  { 117303, true },
+  { 117315, true },
+  { 117327, true },
+  { 117342, true },
+  { 117353, true },
+  { 117363, true },
+  { 117381, true },
+  { 117390, true },
+  { 117402, true },
+  { 117408, false },
+  { 117428, true },
+  { 117437, true },
+  { 117445, true },
+  { 117454, true },
+  { 117468, true },
+  { 117480, true },
+  { 117495, true },
+  { 117502, true },
+  { 117514, true },
+  { 117524, true },
+  { 117534, true },
+  { 117551, true },
+  { 117569, true },
+  { 117581, true },
+  { 117598, true },
+  { 117610, true },
+  { 117620, true },
+  { 117634, true },
+  { 117647, false },
+  { 117663, true },
+  { 117679, true },
+  { 117687, true },
+  { 117695, true },
+  { 117709, true },
+  { 117722, true },
+  { 117741, true },
+  { 117755, true },
+  { 117771, true },
+  { 117789, true },
+  { 117802, true },
+  { 117815, true },
+  { 117830, true },
+  { 117846, true },
+  { 117874, true },
+  { 117886, true },
+  { 117902, true },
+  { 117911, true },
+  { 117936, false },
+  { 117953, true },
+  { 117966, true },
+  { 117979, false },
+  { 117988, true },
+  { 117998, true },
+  { 118008, true },
+  { 118030, true },
+  { 118040, true },
+  { 118050, true },
+  { 118066, true },
+  { 118082, true },
+  { 118094, true },
+  { 118106, true },
+  { 118121, true },
+  { 118135, true },
+  { 118149, true },
+  { 118161, true },
+  { 118183, true },
+  { 118207, true },
+  { 118224, true },
+  { 118232, true },
+  { 118243, true },
+  { 118257, true },
+  { 118270, true },
+  { 118290, true },
+  { 118304, true },
+  { 118320, true },
+  { 118328, true },
+  { 118342, true },
+  { 118363, true },
+  { 118378, true },
+  { 118397, false },
+  { 118414, true },
+  { 118428, true },
+  { 118447, true },
+  { 118462, true },
+  { 118478, true },
+  { 118493, true },
+  { 118504, true },
+  { 118527, true },
+  { 118539, true },
+  { 118549, true },
+  { 118570, true },
+  { 118588, true },
+  { 118609, true },
+  { 118626, true },
+  { 118647, true },
+  { 118662, true },
+  { 118679, true },
+  { 118697, true },
+  { 118709, true },
+  { 118727, true },
+  { 118743, true },
+  { 118760, true },
+  { 118780, true },
+  { 118798, true },
+  { 118817, true },
+  { 118842, true },
+  { 118864, true },
+  { 118878, true },
+  { 118893, true },
+  { 118911, true },
+  { 118927, true },
+  { 118942, true },
+  { 118964, true },
+  { 118979, true },
+  { 118994, true },
+  { 119012, true },
+  { 119027, true },
+  { 119041, true },
+  { 119055, true },
+  { 119070, true },
+  { 119084, false },
+  { 119097, true },
+  { 119111, true },
+  { 119125, true },
+  { 119153, true },
+  { 119172, true },
+  { 119186, true },
+  { 119205, false },
+  { 119217, true },
+  { 119229, true },
+  { 119243, true },
+  { 119256, true },
+  { 119275, true },
+  { 119293, true },
+  { 119309, true },
+  { 119317, true },
+  { 119328, true },
+  { 119342, true },
+  { 119357, true },
+  { 119380, true },
+  { 119396, true },
+  { 119409, true },
+  { 119428, true },
+  { 119439, true },
+  { 119448, true },
+  { 119464, true },
+  { 119479, true },
+  { 119500, true },
+  { 119511, true },
+  { 119526, true },
+  { 119537, true },
+  { 119550, true },
+  { 119563, true },
+  { 119575, true },
+  { 119600, true },
+  { 119614, true },
+  { 119625, true },
+  { 119644, true },
+  { 119653, true },
+  { 119662, true },
+  { 119675, true },
+  { 119690, true },
+  { 119705, true },
+  { 119722, true },
+  { 119739, true },
+  { 119756, true },
+  { 119767, true },
+  { 119781, true },
+  { 119795, true },
+  { 119822, true },
+  { 119831, true },
+  { 119844, true },
+  { 119855, true },
+  { 119864, true },
+  { 119873, true },
+  { 119882, true },
+  { 119898, true },
+  { 119917, true },
+  { 119942, true },
+  { 119960, true },
+  { 119967, true },
+  { 119986, false },
+  { 119997, true },
+  { 120012, true },
+  { 120023, true },
+  { 120038, true },
+  { 120052, true },
+  { 120063, true },
+  { 120087, true },
+  { 120099, true },
+  { 120119, true },
+  { 120130, true },
+  { 120140, true },
+  { 120152, true },
+  { 120169, true },
+  { 120182, true },
+  { 120194, true },
+  { 120205, true },
+  { 120216, true },
+  { 120228, true },
+  { 120237, true },
+  { 120258, true },
+  { 120272, true },
+  { 120288, false },
+  { 120300, true },
+  { 120317, true },
+  { 120332, true },
+  { 120344, true },
+  { 120354, true },
+  { 120373, true },
+  { 120382, true },
+  { 120391, true },
+  { 120407, true },
+  { 120428, true },
+  { 120445, true },
+  { 120474, true },
+  { 120492, true },
+  { 120509, true },
+  { 120528, false },
+  { 120543, true },
+  { 120556, true },
+  { 120569, true },
+  { 120581, true },
+  { 120592, true },
+  { 120604, true },
+  { 120623, true },
+  { 120630, true },
+  { 120649, true },
+  { 120658, false },
+  { 120681, true },
+  { 120697, true },
+  { 120714, true },
+  { 120724, true },
+  { 120737, true },
+  { 120748, true },
+  { 120760, true },
+  { 120771, true },
+  { 120784, true },
+  { 120794, true },
+  { 120805, true },
+  { 120822, true },
+  { 120834, true },
+  { 120852, true },
+  { 120866, true },
+  { 120884, true },
+  { 120899, true },
+  { 120919, true },
+  { 120933, true },
+  { 120953, true },
+  { 120969, true },
+  { 120989, true },
+  { 121003, true },
+  { 121024, true },
+  { 121041, true },
+  { 121058, true },
+  { 121075, true },
+  { 121092, true },
+  { 121109, true },
+  { 121128, true },
+  { 121146, true },
+  { 121164, true },
+  { 121178, true },
+  { 121189, true },
+  { 121203, false },
+  { 121222, true },
+  { 121233, true },
+  { 121252, true },
+  { 121266, true },
+  { 121277, true },
+  { 121287, true },
+  { 121295, true },
+  { 121308, true },
+  { 121324, true },
+  { 121344, true },
+  { 121367, true },
+  { 121392, true },
+  { 121410, true },
+  { 121419, true },
+  { 121433, true },
+  { 121450, true },
+  { 121470, true },
+  { 121484, true },
+  { 121505, true },
+  { 121524, true },
+  { 121543, false },
+  { 121561, true },
+  { 121573, true },
+  { 121585, true },
+  { 121600, true },
+  { 121616, true },
+  { 121626, true },
+  { 121636, true },
+  { 121650, true },
+  { 121666, true },
+  { 121681, true },
+  { 121695, true },
+  { 121705, true },
+  { 121714, true },
+  { 121729, true },
+  { 121747, true },
+  { 121774, true },
+  { 121784, true },
+  { 121794, true },
+  { 121802, true },
+  { 121815, true },
+  { 121828, true },
+  { 121840, true },
+  { 121853, true },
+  { 121872, true },
+  { 121887, false },
+  { 121897, false },
+  { 121914, true },
+  { 121924, true },
+  { 121940, true },
+  { 121953, true },
+  { 121963, true },
+  { 121976, true },
+  { 121990, true },
+  { 122011, true },
+  { 122033, true },
+  { 122062, true },
+  { 122081, true },
+  { 122091, true },
+  { 122110, true },
+  { 122130, true },
+  { 122139, true },
+  { 122160, true },
+  { 122170, true },
+  { 122182, true },
+  { 122197, true },
+  { 122212, true },
+  { 122220, false },
+  { 122233, true },
+  { 122254, true },
+  { 122266, true },
+  { 122280, true },
+  { 122294, true },
+  { 122306, true },
+  { 122320, true },
+  { 122333, true },
+  { 122346, true },
+  { 122359, true },
+  { 122380, true },
+  { 122392, true },
+  { 122401, true },
+  { 122416, true },
+  { 122428, true },
+  { 122442, true },
+  { 122458, true },
+  { 122467, true },
+  { 122485, true },
+  { 122501, true },
+  { 122515, true },
+  { 122525, true },
+  { 122535, true },
+  { 122550, true },
+  { 122572, true },
+  { 122588, false },
+  { 122597, true },
+  { 122611, true },
+  { 122621, true },
+  { 122641, true },
+  { 122658, true },
+  { 122669, true },
+  { 122683, true },
+  { 122699, true },
+  { 122715, true },
+  { 122737, true },
+  { 122749, true },
+  { 122771, true },
+  { 122789, true },
+  { 122797, true },
+  { 122812, true },
+  { 122823, true },
+  { 122837, true },
+  { 122852, true },
+  { 122866, true },
+  { 122875, true },
+  { 122883, true },
+  { 122894, true },
+  { 122905, true },
+  { 122914, true },
+  { 122936, true },
+  { 122946, true },
+  { 122964, true },
+  { 122978, true },
+  { 122991, true },
+  { 123005, true },
+  { 123029, true },
+  { 123037, true },
+  { 123046, true },
+  { 123055, true },
+  { 123068, true },
+  { 123083, true },
+  { 123090, true },
+  { 123105, false },
+  { 123117, true },
+  { 123125, true },
+  { 123148, true },
+  { 123170, true },
+  { 123194, true },
+  { 123210, true },
+  { 123225, true },
+  { 123238, true },
+  { 123256, true },
+  { 123268, true },
+  { 123283, true },
+  { 123296, true },
+  { 123307, true },
+  { 123318, false },
+  { 123329, false },
+  { 123339, false },
+  { 123350, false },
+  { 123361, false },
+  { 123373, true },
+  { 123389, true },
+  { 123396, true },
+  { 123407, true },
+  { 123422, true },
+  { 123434, true },
+  { 123444, true },
+  { 123454, true },
+  { 123471, true },
+  { 123483, true },
+  { 123494, true },
+  { 123512, true },
+  { 123521, true },
+  { 123530, true },
+  { 123542, true },
+  { 123552, true },
+  { 123568, true },
+  { 123585, true },
+  { 123595, true },
+  { 123609, false },
+  { 123628, true },
+  { 123642, true },
+  { 123656, true },
+  { 123678, true },
+  { 123696, true },
+  { 123714, true },
+  { 123729, true },
+  { 123748, true },
+  { 123756, true },
+  { 123771, true },
+  { 123787, true },
+  { 123797, true },
+  { 123808, true },
+  { 123821, true },
+  { 123836, true },
+  { 123845, true },
+  { 123865, true },
+  { 123874, true },
+  { 123889, true },
+  { 123900, true },
+  { 123915, true },
+  { 123931, true },
+  { 123949, true },
+  { 123960, true },
+  { 123970, true },
+  { 123983, true },
+  { 124003, true },
+  { 124023, false },
+  { 124032, true },
+  { 124042, true },
+  { 124055, true },
+  { 124066, true },
+  { 124081, true },
+  { 124094, true },
+  { 124106, true },
+  { 124124, true },
+  { 124134, true },
+  { 124143, true },
+  { 124153, true },
+  { 124162, true },
+  { 124173, true },
+  { 124185, true },
+  { 124193, true },
+  { 124207, false },
+  { 124214, true },
+  { 124224, true },
+  { 124238, true },
+  { 124250, true },
+  { 124260, true },
+  { 124270, true },
+  { 124286, true },
+  { 124300, true },
+  { 124314, true },
+  { 124329, true },
+  { 124336, true },
+  { 124349, true },
+  { 124369, false },
+  { 124384, true },
+  { 124400, true },
+  { 124415, true },
+  { 124435, true },
+  { 124455, true },
+  { 124472, true },
+  { 124484, true },
+  { 124492, true },
+  { 124506, true },
+  { 124521, false },
+  { 124531, true },
+  { 124539, true },
+  { 124556, true },
+  { 124567, true },
+  { 124581, true },
+  { 124589, true },
+  { 124596, true },
+  { 124606, true },
+  { 124614, true },
+  { 124629, true },
+  { 124642, true },
+  { 124652, true },
+  { 124662, true },
+  { 124672, true },
+  { 124682, true },
+  { 124692, true },
+  { 124708, true },
+  { 124723, true },
+  { 124738, true },
+  { 124755, true },
+  { 124766, true },
+  { 124774, true },
+  { 124788, true },
+  { 124801, true },
+  { 124818, true },
+  { 124839, true },
+  { 124854, true },
+  { 124874, true },
+  { 124891, true },
+  { 124904, true },
+  { 124924, true },
+  { 124934, true },
+  { 124946, true },
+  { 124960, true },
+  { 124969, true },
+  { 124978, true },
+  { 124995, true },
+  { 125005, true },
+  { 125014, false },
+  { 125025, true },
+  { 125034, true },
+  { 125045, true },
+  { 125052, true },
+  { 125063, true },
+  { 125070, true },
+  { 125079, true },
+  { 125087, true },
+  { 125095, true },
+  { 125102, true },
+  { 125109, true },
+  { 125123, true },
+  { 125137, true },
+  { 125151, true },
+  { 125174, true },
+  { 125199, true },
+  { 125217, true },
+  { 125235, true },
+  { 125249, true },
+  { 125260, true },
+  { 125269, true },
+  { 125286, true },
+  { 125304, true },
+  { 125316, true },
+  { 125334, true },
+  { 125347, true },
+  { 125356, true },
+  { 125373, true },
+  { 125390, true },
+  { 125408, true },
+  { 125424, true },
+  { 125436, true },
+  { 125451, true },
+  { 125464, true },
+  { 125476, true },
+  { 125507, true },
+  { 125534, true },
+  { 125565, true },
+  { 125594, true },
+  { 125612, true },
+  { 125629, false },
+  { 125642, false },
+  { 125661, true },
+  { 125676, true },
+  { 125692, true },
+  { 125708, true },
+  { 125720, true },
+  { 125733, true },
+  { 125746, false },
+  { 125758, true },
+  { 125769, true },
+  { 125786, true },
+  { 125796, false },
+  { 125814, true },
+  { 125827, true },
+  { 125846, true },
+  { 125863, true },
+  { 125876, false },
+  { 125890, true },
+  { 125906, true },
+  { 125925, true },
+  { 125936, true },
+  { 125950, true },
+  { 125959, true },
+  { 125978, true },
+  { 125988, true },
+  { 125995, true },
+  { 126024, true },
+  { 126046, true },
+  { 126067, true },
+  { 126094, true },
+  { 126114, true },
+  { 126122, true },
+  { 126133, true },
+  { 126145, true },
+  { 126165, false },
+  { 126182, true },
+  { 126193, true },
+  { 126207, true },
+  { 126215, true },
+  { 126226, true },
+  { 126235, true },
+  { 126246, true },
+  { 126258, true },
+  { 126274, false },
+  { 126289, true },
+  { 126310, true },
+  { 126320, true },
+  { 126335, true },
+  { 126351, true },
+  { 126363, true },
+  { 126375, true },
+  { 126392, true },
+  { 126407, true },
+  { 126425, true },
+  { 126437, true },
+  { 126452, true },
+  { 126471, true },
+  { 126485, true },
+  { 126496, true },
+  { 126514, true },
+  { 126528, true },
+  { 126541, true },
+  { 126553, true },
+  { 126562, true },
+  { 126573, true },
+  { 126589, true },
+  { 126612, true },
+  { 126624, true },
+  { 126640, true },
+  { 126657, true },
+  { 126669, true },
+  { 126687, true },
+  { 126701, true },
+  { 126715, true },
+  { 126733, true },
+  { 126755, true },
+  { 126766, true },
+  { 126784, true },
+  { 126797, true },
+  { 126815, true },
+  { 126840, true },
+  { 126853, true },
+  { 126868, true },
+  { 126882, true },
+  { 126895, true },
+  { 126908, true },
+  { 126930, true },
+  { 126946, true },
+  { 126959, true },
+  { 126970, true },
+  { 126984, true },
+  { 126993, true },
+  { 127004, true },
+  { 127018, true },
+  { 127029, true },
+  { 127048, true },
+  { 127060, true },
+  { 127084, true },
+  { 127102, true },
+  { 127123, true },
+  { 127140, true },
+  { 127155, false },
+  { 127168, true },
+  { 127174, true },
+  { 127184, true },
+  { 127198, true },
+  { 127210, true },
+  { 127220, true },
+  { 127230, true },
+  { 127242, true },
+  { 127271, true },
+  { 127287, true },
+  { 127302, true },
+  { 127321, true },
+  { 127334, true },
+  { 127347, true },
+  { 127358, true },
+  { 127373, true },
+  { 127384, true },
+  { 127399, true },
+  { 127415, true },
+  { 127430, true },
+  { 127452, false },
+  { 127467, true },
+  { 127486, true },
+  { 127505, true },
+  { 127534, true },
+  { 127545, true },
+  { 127561, true },
+  { 127573, true },
+  { 127595, true },
+  { 127604, true },
+  { 127615, true },
+  { 127630, true },
+  { 127645, true },
+  { 127656, true },
+  { 127673, true },
+  { 127688, true },
+  { 127699, true },
+  { 127721, true },
+  { 127744, true },
+  { 127761, true },
+  { 127777, true },
+  { 127794, true },
+  { 127807, true },
+  { 127818, true },
+  { 127831, true },
+  { 127840, true },
+  { 127852, true },
+  { 127863, true },
+  { 127877, true },
+  { 127887, true },
+  { 127900, true },
+  { 127916, true },
+  { 127930, true },
+  { 127939, true },
+  { 127953, true },
+  { 127971, true },
+  { 127988, false },
+  { 127996, true },
+  { 128005, true },
+  { 128018, true },
+  { 128035, true },
+  { 128048, true },
+  { 128058, true },
+  { 128070, true },
+  { 128080, true },
+  { 128089, true },
+  { 128096, true },
+  { 128116, true },
+  { 128138, true },
+  { 128146, true },
+  { 128156, true },
+  { 128163, true },
+  { 128178, true },
+  { 128184, true },
+  { 128201, true },
+  { 128210, true },
+  { 128219, true },
+  { 128228, true },
+  { 128243, true },
+  { 128251, true },
+  { 128263, true },
+  { 128271, true },
+  { 128294, true },
+  { 128314, true },
+  { 128332, true },
+  { 128352, true },
+  { 128363, true },
+  { 128372, true },
+  { 128388, true },
+  { 128402, true },
+  { 128413, true },
+  { 128426, true },
+  { 128439, true },
+  { 128448, true },
+  { 128470, true },
+  { 128481, false },
+  { 128488, true },
+  { 128499, true },
+  { 128512, true },
+  { 128524, true },
+  { 128537, true },
+  { 128550, true },
+  { 128561, true },
+  { 128576, true },
+  { 128590, true },
+  { 128600, true },
+  { 128610, true },
+  { 128619, true },
+  { 128630, true },
+  { 128639, false },
+  { 128651, true },
+  { 128664, true },
+  { 128675, true },
+  { 128691, true },
+  { 128700, true },
+  { 128710, true },
+  { 128722, true },
+  { 128731, true },
+  { 128741, true },
+  { 128752, true },
+  { 128767, true },
+  { 128784, true },
+  { 128801, true },
+  { 128811, true },
+  { 128834, true },
+  { 128848, true },
+  { 128859, true },
+  { 128870, true },
+  { 128892, true },
+  { 128905, true },
+  { 128920, true },
+  { 128933, true },
+  { 128948, true },
+  { 128962, true },
+  { 128988, true },
+  { 128999, true },
+  { 129010, true },
+  { 129026, true },
+  { 129035, true },
+  { 129046, true },
+  { 129061, true },
+  { 129090, true },
+  { 129103, true },
+  { 129119, true },
+  { 129133, true },
+  { 129161, true },
+  { 129180, true },
+  { 129196, true },
+  { 129217, true },
+  { 129229, false },
+  { 129247, true },
+  { 129257, false },
+  { 129268, true },
+  { 129278, true },
+  { 129299, true },
+  { 129317, true },
+  { 129327, true },
+  { 129348, true },
+  { 129364, true },
+  { 129374, true },
+  { 129393, true },
+  { 129400, true },
+  { 129410, true },
+  { 129420, true },
+  { 129432, true },
+  { 129447, true },
+  { 129461, true },
+  { 129478, true },
+  { 129491, true },
+  { 129504, true },
+  { 129523, true },
+  { 129538, true },
+  { 129553, true },
+  { 129564, true },
+  { 129576, true },
+  { 129591, true },
+  { 129605, true },
+  { 129618, true },
+  { 129627, true },
+  { 129636, true },
+  { 129648, true },
+  { 129664, true },
+  { 129678, true },
+  { 129694, true },
+  { 129710, true },
+  { 129726, true },
+  { 129736, true },
+  { 129756, true },
+  { 129775, true },
+  { 129797, true },
+  { 129814, true },
+  { 129830, true },
+  { 129851, true },
+  { 129881, true },
+  { 129913, true },
+  { 129946, true },
+  { 129977, true },
+  { 129998, true },
+  { 130022, true },
+  { 130030, true },
+  { 130049, true },
+  { 130069, true },
+  { 130085, true },
+  { 130103, true },
+  { 130120, true },
+  { 130139, true },
+  { 130163, true },
+  { 130182, true },
+  { 130200, true },
+  { 130217, true },
+  { 130239, true },
+  { 130255, true },
+  { 130275, true },
+  { 130295, true },
+  { 130311, true },
+  { 130328, true },
+  { 130350, true },
+  { 130367, true },
+  { 130383, true },
+  { 130400, true },
+  { 130415, true },
+  { 130431, true },
+  { 130450, true },
+  { 130467, true },
+  { 130489, true },
+  { 130511, true },
+  { 130533, true },
+  { 130552, true },
+  { 130567, true },
+  { 130584, true },
+  { 130598, true },
+  { 130611, true },
+  { 130624, true },
+  { 130640, true },
+  { 130672, true },
+  { 130694, true },
+  { 130704, true },
+  { 130721, false },
+  { 130736, true },
+  { 130751, true },
+  { 130762, true },
+  { 130772, true },
+  { 130787, true },
+  { 130801, true },
+  { 130819, true },
+  { 130837, true },
+  { 130850, true },
+  { 130866, true },
+  { 130878, true },
+  { 130893, true },
+  { 130912, true },
+  { 130928, false },
+  { 130938, false },
+  { 130947, true },
+  { 130969, true },
+  { 130989, true },
+  { 131010, true },
+  { 131026, true },
+  { 131040, true },
+  { 131054, true },
+  { 131065, true },
+  { 131086, true },
+  { 131107, true },
+  { 131123, true },
+  { 131143, true },
+  { 131154, true },
+  { 131167, true },
+  { 131189, true },
+  { 131213, true },
+  { 131222, false },
+  { 131239, true },
+  { 131248, true },
+  { 131261, true },
+  { 131275, true },
+  { 131286, true },
+  { 131307, true },
+  { 131318, true },
+  { 131329, true },
+  { 131345, true },
+  { 131358, true },
+  { 131371, true },
+  { 131393, true },
+  { 131412, true },
+  { 131425, true },
+  { 131436, true },
+  { 131456, true },
+  { 131465, true },
+  { 131480, true },
+  { 131489, true },
+  { 131501, true },
+  { 131514, true },
+  { 131524, true },
+  { 131533, true },
+  { 131556, true },
+  { 131569, true },
+  { 131586, true },
+  { 131602, true },
+  { 131613, true },
+  { 131630, true },
+  { 131655, true },
+  { 131682, true },
+  { 131709, true },
+  { 131721, true },
+  { 131732, true },
+  { 131749, true },
+  { 131765, true },
+  { 131776, true },
+  { 131785, true },
+  { 131798, true },
+  { 131811, true },
+  { 131831, true },
+  { 131844, true },
+  { 131867, true },
+  { 131884, true },
+  { 131899, true },
+  { 131922, true },
+  { 131936, true },
+  { 131946, true },
+  { 131961, true },
+  { 131982, true },
+  { 131992, true },
+  { 132008, true },
+  { 132018, true },
+  { 132032, true },
+  { 132056, true },
+  { 132073, true },
+  { 132087, true },
+  { 132113, true },
+  { 132130, true },
+  { 132149, true },
+  { 132182, true },
+  { 132204, true },
+  { 132224, true },
+  { 132233, true },
+  { 132241, true },
+  { 132262, true },
+  { 132269, true },
+  { 132289, true },
+  { 132300, true },
+  { 132312, true },
+  { 132325, true },
+  { 132339, true },
+  { 132356, true },
+  { 132373, false },
+  { 132386, true },
+  { 132404, true },
+  { 132419, true },
+  { 132436, true },
+  { 132447, true },
+  { 132465, true },
+  { 132481, true },
+  { 132505, true },
+  { 132515, true },
+  { 132528, true },
+  { 132538, true },
+  { 132554, true },
+  { 132568, true },
+  { 132587, true },
+  { 132611, true },
+  { 132623, true },
+  { 132638, true },
+  { 132654, true },
+  { 132665, true },
+  { 132685, true },
+  { 132706, true },
+  { 132719, true },
+  { 132730, true },
+  { 132742, true },
+  { 132762, true },
+  { 132776, true },
+  { 132792, true },
+  { 132819, true },
+  { 132845, true },
+  { 132869, true },
+  { 132892, true },
+  { 132915, true },
+  { 132927, true },
+  { 132941, true },
+  { 132952, true },
+  { 132967, true },
+  { 132982, true },
+  { 132995, true },
+  { 133004, true },
+  { 133013, true },
+  { 133027, true },
+  { 133039, false },
+  { 133067, true },
+  { 133080, true },
+  { 133089, true },
+  { 133100, true },
+  { 133124, true },
+  { 133134, true },
+  { 133150, true },
+  { 133160, true },
+  { 133172, true },
+  { 133184, true },
+  { 133207, false },
+  { 133221, false },
+  { 133236, true },
+  { 133251, true },
+  { 133275, true },
+  { 133296, true },
+  { 133318, true },
+  { 133338, true },
+  { 133358, true },
+  { 133368, true },
+  { 133380, true },
+  { 133406, true },
+  { 133420, true },
+  { 133437, true },
+  { 133450, true },
+  { 133478, true },
+  { 133490, true },
+  { 133506, false },
+  { 133530, true },
+  { 133548, true },
+  { 133565, true },
+  { 133584, true },
+  { 133610, true },
+  { 133634, true },
+  { 133655, true },
+  { 133671, true },
+  { 133681, true },
+  { 133697, true },
+  { 133713, true },
+  { 133732, true },
+  { 133751, true },
+  { 133768, true },
+  { 133784, true },
+  { 133798, true },
+  { 133816, true },
+  { 133834, true },
+  { 133857, true },
+  { 133867, true },
+  { 133885, true },
+  { 133893, true },
+  { 133905, true },
+  { 133922, true },
+  { 133939, true },
+  { 133947, true },
+  { 133964, true },
+  { 133978, true },
+  { 133989, true },
+  { 134001, true },
+  { 134021, true },
+  { 134040, true },
+  { 134056, true },
+  { 134076, true },
+  { 134094, true },
+  { 134109, true },
+  { 134127, true },
+  { 134138, true },
+  { 134151, true },
+  { 134162, true },
+  { 134177, true },
+  { 134195, true },
+  { 134210, true },
+  { 134222, true },
+  { 134240, true },
+  { 134256, true },
+  { 134271, true },
+  { 134289, true },
+  { 134307, true },
+  { 134326, true },
+  { 134345, true },
+  { 134358, true },
+  { 134368, true },
+  { 134378, true },
+  { 134392, true },
+  { 134402, true },
+  { 134418, true },
+  { 134429, true },
+  { 134448, true },
+  { 134462, true },
+  { 134472, true },
+  { 134488, true },
+  { 134507, true },
+  { 134517, true },
+  { 134536, true },
+  { 134548, true },
+  { 134558, true },
+  { 134570, true },
+  { 134581, true },
+  { 134591, true },
+  { 134606, true },
+  { 134622, true },
+  { 134635, true },
+  { 134648, true },
+  { 134671, true },
+  { 134695, true },
+  { 134712, true },
+  { 134727, true },
+  { 134740, true },
+  { 134763, true },
+  { 134793, false },
+  { 134805, true },
+  { 134818, true },
+  { 134832, true },
+  { 134842, true },
+  { 134855, true },
+  { 134870, true },
+  { 134890, true },
+  { 134904, true },
+  { 134914, true },
+  { 134929, true },
+  { 134944, true },
+  { 134968, true },
+  { 134991, true },
+  { 135007, true },
+  { 135025, true },
+  { 135036, true },
+  { 135045, true },
+  { 135054, true },
+  { 135066, true },
+  { 135089, false },
+  { 135106, true },
+  { 135119, true },
+  { 135131, true },
+  { 135139, true },
+  { 135155, true },
+  { 135163, true },
+  { 135179, true },
+  { 135194, true },
+  { 135228, true },
+  { 135252, true },
+  { 135267, true },
+  { 135283, true },
+  { 135299, true },
+  { 135313, true },
+  { 135335, true },
+  { 135351, true },
+  { 135365, true },
+  { 135379, true },
+  { 135391, true },
+  { 135406, true },
+  { 135420, true },
+  { 135440, true },
+  { 135450, true },
+  { 135467, true },
+  { 135479, true },
+  { 135490, true },
+  { 135501, true },
+  { 135515, true },
+  { 135531, true },
+  { 135548, true },
+  { 135567, true },
+  { 135577, true },
+  { 135592, true },
+  { 135615, true },
+  { 135636, true },
+  { 135655, true },
+  { 135673, true },
+  { 135691, true },
+  { 135705, true },
+  { 135720, true },
+  { 135736, true },
+  { 135756, true },
+  { 135776, true },
+  { 135793, true },
+  { 135812, true },
+  { 135830, true },
+  { 135851, true },
+  { 135869, true },
+  { 135886, true },
+  { 135906, true },
+  { 135923, true },
+  { 135940, true },
+  { 135958, true },
+  { 135976, true },
+  { 135989, true },
+  { 136005, true },
+  { 136020, true },
+  { 136033, true },
+  { 136047, true },
+  { 136066, true },
+  { 136077, true },
+  { 136090, true },
+  { 136104, true },
+  { 136115, true },
+  { 136128, true },
+  { 136138, true },
+  { 136153, true },
+  { 136167, true },
+  { 136179, true },
+  { 136197, true },
+  { 136208, true },
+  { 136229, true },
+  { 136247, true },
+  { 136272, true },
+  { 136285, true },
+  { 136301, true },
+  { 136307, true },
+  { 136315, true },
+  { 136336, true },
+  { 136345, true },
+  { 136355, true },
+  { 136379, true },
+  { 136391, true },
+  { 136414, true },
+  { 136439, true },
+  { 136451, true },
+  { 136467, true },
+  { 136480, true },
+  { 136492, true },
+  { 136504, true },
+  { 136520, true },
+  { 136539, true },
+  { 136550, true },
+  { 136569, true },
+  { 136584, true },
+  { 136597, true },
+  { 136617, true },
+  { 136632, true },
+  { 136648, true },
+  { 136659, true },
+  { 136677, true },
+  { 136686, true },
+  { 136697, true },
+  { 136708, true },
+  { 136719, true },
+  { 136729, true },
+  { 136746, true },
+  { 136760, true },
+  { 136772, true },
+  { 136788, true },
+  { 136798, true },
+  { 136807, true },
+  { 136821, true },
+  { 136844, true },
+  { 136854, true },
+  { 136864, true },
+  { 136877, true },
+  { 136887, true },
+  { 136899, true },
+  { 136908, true },
+  { 136919, false },
+  { 136932, true },
+  { 136944, true },
+  { 136958, true },
+  { 136970, true },
+  { 136980, true },
+  { 136994, true },
+  { 137006, true },
+  { 137028, true },
+  { 137035, true },
+  { 137048, true },
+  { 137060, true },
+  { 137072, true },
+  { 137084, true },
+  { 137096, true },
+  { 137108, true },
+  { 137120, true },
+  { 137132, true },
+  { 137144, true },
+  { 137158, true },
+  { 137174, true },
+  { 137189, true },
+  { 137205, true },
+  { 137227, true },
+  { 137240, false },
+  { 137260, true },
+  { 137278, true },
+  { 137288, true },
+  { 137301, true },
+  { 137318, true },
+  { 137333, true },
+  { 137346, true },
+  { 137357, true },
+  { 137368, true },
+  { 137379, true },
+  { 137389, true },
+  { 137403, true },
+  { 137412, true },
+  { 137423, true },
+  { 137436, true },
+  { 137451, true },
+  { 137465, true },
+  { 137484, true },
+  { 137498, true },
+  { 137509, true },
+  { 137522, true },
+  { 137540, true },
+  { 137557, true },
+  { 137576, true },
+  { 137597, true },
+  { 137620, true },
+  { 137632, true },
+  { 137642, true },
+  { 137655, true },
+  { 137669, true },
+  { 137678, true },
+  { 137693, true },
+  { 137701, true },
+  { 137715, true },
+  { 137732, true },
+  { 137745, true },
+  { 137756, true },
+  { 137767, true },
+  { 137787, true },
+  { 137796, true },
+  { 137808, true },
+  { 137821, true },
+  { 137830, true },
+  { 137839, true },
+  { 137855, true },
+  { 137864, true },
+  { 137878, true },
+  { 137897, true },
+  { 137911, true },
+  { 137925, true },
+  { 137940, true },
+  { 137955, true },
+  { 137970, true },
+  { 137990, true },
+  { 138011, false },
+  { 138036, true },
+  { 138049, true },
+  { 138058, true },
+  { 138079, true },
+  { 138096, true },
+  { 138106, true },
+  { 138121, true },
+  { 138133, true },
+  { 138152, true },
+  { 138170, true },
+  { 138188, true },
+  { 138203, true },
+  { 138223, true },
+  { 138235, true },
+  { 138247, true },
+  { 138264, true },
+  { 138278, true },
+  { 138291, true },
+  { 138304, true },
+  { 138321, true },
+  { 138348, true },
+  { 138368, true },
+  { 138384, true },
+  { 138409, true },
+  { 138432, true },
+  { 138448, false },
+  { 138476, true },
+  { 138487, true },
+  { 138496, true },
+  { 138509, true },
+  { 138524, true },
+  { 138537, true },
+  { 138553, true },
+  { 138569, true },
+  { 138583, true },
+  { 138592, true },
+  { 138610, true },
+  { 138633, true },
+  { 138667, true },
+  { 138677, true },
+  { 138689, true },
+  { 138710, true },
+  { 138733, true },
+  { 138744, true },
+  { 138761, true },
+  { 138787, true },
+  { 138813, false },
+  { 138828, true },
+  { 138837, true },
+  { 138846, true },
+  { 138858, true },
+  { 138871, true },
+  { 138881, true },
+  { 138890, true },
+  { 138909, true },
+  { 138924, true },
+  { 138938, false },
+  { 138949, true },
+  { 138966, true },
+  { 138990, true },
+  { 139009, true },
+  { 139025, true },
+  { 139040, true },
+  { 139048, true },
+  { 139056, true },
+  { 139067, true },
+  { 139080, true },
+  { 139089, true },
+  { 139104, true },
+  { 139116, true },
+  { 139130, true },
+  { 139144, true },
+  { 139156, true },
+  { 139174, true },
+  { 139189, true },
+  { 139204, true },
+  { 139215, true },
+  { 139232, true },
+  { 139245, true },
+  { 139259, true },
+  { 139271, true },
+  { 139282, true },
+  { 139295, true },
+  { 139316, true },
+  { 139330, true },
+  { 139350, true },
+  { 139362, true },
+  { 139377, true },
+  { 139396, true },
+  { 139416, true },
+  { 139436, true },
+  { 139443, true },
+  { 139452, true },
+  { 139460, true },
+  { 139473, true },
+  { 139483, true },
+  { 139497, true },
+  { 139512, true },
+  { 139525, true },
+  { 139539, true },
+  { 139556, true },
+  { 139573, true },
+  { 139590, true },
+  { 139603, true },
+  { 139616, true },
+  { 139629, true },
+  { 139642, true },
+  { 139655, true },
+  { 139668, true },
+  { 139681, true },
+  { 139694, true },
+  { 139707, true },
+  { 139720, true },
+  { 139733, true },
+  { 139746, true },
+  { 139759, true },
+  { 139773, true },
+  { 139781, true },
+  { 139790, true },
+  { 139798, true },
+  { 139819, true },
+  { 139832, true },
+  { 139848, true },
+  { 139871, true },
+  { 139885, true },
+  { 139903, true },
+  { 139917, true },
+  { 139931, true },
+  { 139945, true },
+  { 139960, true },
+  { 139974, true },
+  { 139988, true },
+  { 140002, true },
+  { 140017, true },
+  { 140031, true },
+  { 140045, true },
+  { 140059, true },
+  { 140073, true },
+  { 140090, true },
+  { 140110, true },
+  { 140142, true },
+  { 140167, true },
+  { 140179, true },
+  { 140189, true },
+  { 140201, true },
+  { 140216, true },
+  { 140228, true },
+  { 140242, true },
+  { 140256, true },
+  { 140267, true },
+  { 140274, true },
+  { 140289, true },
+  { 140299, true },
+  { 140311, true },
+  { 140323, true },
+  { 140338, true },
+  { 140353, true },
+  { 140366, true },
+  { 140385, true },
+  { 140395, true },
+  { 140415, true },
+  { 140433, true },
+  { 140446, true },
+  { 140456, true },
+  { 140470, true },
+  { 140486, true },
+  { 140503, true },
+  { 140516, true },
+  { 140529, true },
+  { 140542, true },
+  { 140555, true },
+  { 140579, true },
+  { 140597, true },
+  { 140607, true },
+  { 140618, true },
+  { 140634, true },
+  { 140660, true },
+  { 140672, true },
+  { 140684, true },
+  { 140697, true },
+  { 140716, false },
+  { 140731, true },
+  { 140744, true },
+  { 140765, true },
+  { 140781, true },
+  { 140797, true },
+  { 140809, true },
+  { 140826, true },
+  { 140840, true },
+  { 140858, true },
+  { 140875, true },
+  { 140894, true },
+  { 140905, true },
+  { 140927, true },
+  { 140945, true },
+  { 140964, true },
+  { 140977, true },
+  { 140989, true },
+  { 141010, true },
+  { 141019, true },
+  { 141028, true },
+  { 141039, true },
+  { 141053, true },
+  { 141067, false },
+  { 141079, true },
+  { 141104, true },
+  { 141131, true },
+  { 141154, true },
+  { 141172, true },
+  { 141184, true },
+  { 141193, true },
+  { 141204, true },
+  { 141214, true },
+  { 141225, true },
+  { 141236, true },
+  { 141246, true },
+  { 141259, true },
+  { 141274, true },
+  { 141288, true },
+  { 141300, true },
+  { 141311, true },
+  { 141322, true },
+  { 141332, true },
+  { 141343, true },
+  { 141359, true },
+  { 141368, true },
+  { 141380, true },
+  { 141393, true },
+  { 141401, true },
+  { 141412, true },
+  { 141432, true },
+  { 141452, true },
+  { 141463, true },
+  { 141474, true },
+  { 141492, true },
+  { 141504, true },
+  { 141518, true },
+  { 141537, true },
+  { 141550, true },
+  { 141573, true },
+  { 141591, true },
+  { 141615, true },
+  { 141632, true },
+  { 141661, true },
+  { 141671, true },
+  { 141685, true },
+  { 141708, true },
+  { 141720, true },
+  { 141733, true },
+  { 141747, true },
+  { 141759, true },
+  { 141782, true },
+  { 141792, true },
+  { 141807, true },
+  { 141816, true },
+  { 141830, true },
+  { 141846, true },
+  { 141859, true },
+  { 141882, true },
+  { 141892, true },
+  { 141900, true },
+  { 141912, true },
+  { 141926, true },
+  { 141947, true },
+  { 141954, true },
+  { 141967, true },
+  { 141981, true },
+  { 141994, true },
+  { 142011, true },
+  { 142025, true },
+  { 142042, true },
+  { 142062, true },
+  { 142080, true },
+  { 142090, true },
+  { 142108, true },
+  { 142123, true },
+  { 142145, true },
+  { 142162, true },
+  { 142175, true },
+  { 142195, true },
+  { 142212, false },
+  { 142223, true },
+  { 142237, true },
+  { 142248, true },
+  { 142261, true },
+  { 142276, true },
+  { 142296, true },
+  { 142312, true },
+  { 142325, true },
+  { 142340, true },
+  { 142355, true },
+  { 142375, true },
+  { 142386, true },
+  { 142401, true },
+  { 142416, true },
+  { 142433, true },
+  { 142449, true },
+  { 142468, true },
+  { 142487, true },
+  { 142504, true },
+  { 142520, true },
+  { 142535, true },
+  { 142553, true },
+  { 142565, true },
+  { 142572, true },
+  { 142583, true },
+  { 142595, true },
+  { 142611, true },
+  { 142638, true },
+  { 142666, true },
+  { 142690, true },
+  { 142708, false },
+  { 142726, true },
+  { 142742, true },
+  { 142761, true },
+  { 142778, true },
+  { 142796, true },
+  { 142813, true },
+  { 142830, true },
+  { 142849, true },
+  { 142867, true },
+  { 142885, true },
+  { 142905, true },
+  { 142924, true },
+  { 142942, true },
+  { 142951, true },
+  { 142963, true },
+  { 142986, true },
+  { 142998, false },
+  { 143013, true },
+  { 143032, true },
+  { 143044, true },
+  { 143052, true },
+  { 143065, true },
+  { 143079, true },
+  { 143089, true },
+  { 143098, true },
+  { 143106, true },
+  { 143122, true },
+  { 143134, true },
+  { 143154, true },
+  { 143164, true },
+  { 143177, true },
+  { 143187, true },
+  { 143203, true },
+  { 143224, true },
+  { 143233, true },
+  { 143245, true },
+  { 143254, true },
+  { 143264, true },
+  { 143271, true },
+  { 143288, true },
+  { 143305, true },
+  { 143319, true },
+  { 143331, true },
+  { 143344, true },
+  { 143352, true },
+  { 143359, true },
+  { 143372, true },
+  { 143381, true },
+  { 143388, true },
+  { 143402, true },
+  { 143415, true },
+  { 143428, true },
+  { 143441, true },
+  { 143460, true },
+  { 143478, true },
+  { 143493, true },
+  { 143513, true },
+  { 143529, true },
+  { 143545, true },
+  { 143563, true },
+  { 143577, true },
+  { 143591, true },
+  { 143609, true },
+  { 143626, true },
+  { 143643, true },
+  { 143653, true },
+  { 143680, true },
+  { 143715, true },
+  { 143730, true },
+  { 143748, true },
+  { 143765, true },
+  { 143781, true },
+  { 143796, true },
+  { 143822, false },
+  { 143835, true },
+  { 143858, true },
+  { 143877, true },
+  { 143898, true },
+  { 143912, true },
+  { 143925, true },
+  { 143937, true },
+  { 143956, true },
+  { 143981, true },
+  { 144002, true },
+  { 144024, true },
+  { 144045, true },
+  { 144065, true },
+  { 144086, true },
+  { 144106, false },
+  { 144116, true },
+  { 144139, true },
+  { 144156, true },
+  { 144173, true },
+  { 144183, true },
+  { 144193, false },
+  { 144206, true },
+  { 144218, true },
+  { 144237, true },
+  { 144248, true },
+  { 144263, true },
+  { 144271, true },
+  { 144284, true },
+  { 144299, true },
+  { 144310, true },
+  { 144322, true },
+  { 144334, true },
+  { 144347, true },
+  { 144370, true },
+  { 144388, true },
+  { 144400, true },
+  { 144425, true },
+  { 144441, true },
+  { 144461, true },
+  { 144483, true },
+  { 144497, true },
+  { 144508, true },
+  { 144521, true },
+  { 144533, true },
+  { 144542, true },
+  { 144554, true },
+  { 144567, true },
+  { 144581, true },
+  { 144593, true },
+  { 144613, true },
+  { 144632, true },
+  { 144642, true },
+  { 144654, true },
+  { 144678, true },
+  { 144700, true },
+  { 144725, true },
+  { 144748, true },
+  { 144768, true },
+  { 144779, true },
+  { 144795, false },
+  { 144810, true },
+  { 144822, true },
+  { 144834, true },
+  { 144844, true },
+  { 144861, true },
+  { 144881, true },
+  { 144896, true },
+  { 144913, true },
+  { 144930, true },
+  { 144953, true },
+  { 144969, true },
+  { 144989, true },
+  { 145002, true },
+  { 145019, true },
+  { 145040, true },
+  { 145060, true },
+  { 145074, true },
+  { 145091, true },
+  { 145108, true },
+  { 145128, true },
+  { 145146, true },
+  { 145162, true },
+  { 145177, true },
+  { 145187, true },
+  { 145197, true },
+  { 145208, true },
+  { 145227, true },
+  { 145243, true },
+  { 145253, true },
+  { 145263, true },
+  { 145283, true },
+  { 145308, true },
+  { 145342, true },
+  { 145379, true },
+  { 145400, true },
+  { 145431, true },
+  { 145455, true },
+  { 145475, true },
+  { 145489, true },
+  { 145502, true },
+  { 145515, true },
+  { 145524, true },
+  { 145537, true },
+  { 145544, true },
+  { 145551, false },
+  { 145567, true },
+  { 145576, true },
+  { 145590, true },
+  { 145604, true },
+  { 145617, true },
+  { 145637, true },
+  { 145652, true },
+  { 145666, true },
+  { 145685, true },
+  { 145697, true },
+  { 145706, true },
+  { 145716, true },
+  { 145728, true },
+  { 145751, true },
+  { 145765, true },
+  { 145780, true },
+  { 145791, true },
+  { 145802, true },
+  { 145814, true },
+  { 145824, true },
+  { 145835, true },
+  { 145851, true },
+  { 145864, true },
+  { 145880, false },
+  { 145895, true },
+  { 145912, true },
+  { 145929, true },
+  { 145947, true },
+  { 145968, true },
+  { 145985, true },
+  { 146002, true },
+  { 146019, true },
+  { 146036, true },
+  { 146053, true },
+  { 146070, true },
+  { 146087, true },
+  { 146104, true },
+  { 146121, true },
+  { 146138, true },
+  { 146155, true },
+  { 146172, true },
+  { 146191, true },
+  { 146207, true },
+  { 146221, true },
+  { 146246, true },
+  { 146261, true },
+  { 146276, true },
+  { 146293, true },
+  { 146309, true },
+  { 146331, false },
+  { 146344, true },
+  { 146358, true },
+  { 146375, true },
+  { 146392, true },
+  { 146412, false },
+  { 146434, true },
+  { 146447, true },
+  { 146471, true },
+  { 146485, true },
+  { 146505, true },
+  { 146520, true },
+  { 146529, false },
+  { 146543, true },
+  { 146560, true },
+  { 146573, true },
+  { 146586, true },
+  { 146596, true },
+  { 146607, true },
+  { 146618, true },
+  { 146624, true },
+  { 146634, true },
+  { 146650, true },
+  { 146661, true },
+  { 146668, true },
+  { 146680, true },
+  { 146690, true },
+  { 146700, true },
+  { 146709, true },
+  { 146723, true },
+  { 146738, true },
+  { 146748, true },
+  { 146760, true },
+  { 146772, true },
+  { 146781, true },
+  { 146796, true },
+  { 146805, true },
+  { 146816, false },
+  { 146826, true },
+  { 146834, true },
+  { 146844, true },
+  { 146857, true },
+  { 146876, true },
+  { 146890, true },
+  { 146900, true },
+  { 146910, true },
+  { 146932, true },
+  { 146948, true },
+  { 146957, true },
+  { 146980, true },
+  { 146996, true },
+  { 147015, true },
+  { 147038, true },
+  { 147052, true },
+  { 147064, true },
+  { 147081, true },
+  { 147100, true },
+  { 147117, true },
+  { 147129, true },
+  { 147140, true },
+  { 147153, false },
+  { 147165, true },
+  { 147176, true },
+  { 147190, true },
+  { 147203, true },
+  { 147213, true },
+  { 147234, true },
+  { 147249, true },
+  { 147257, true },
+  { 147272, true },
+  { 147286, true },
+  { 147299, true },
+  { 147312, true },
+  { 147322, true },
+  { 147334, true },
+  { 147345, true },
+  { 147356, true },
+  { 147371, true },
+  { 147400, true },
+  { 147412, true },
+  { 147424, true },
+  { 147438, true },
+  { 147453, true },
+  { 147469, true },
+  { 147483, true },
+  { 147500, true },
+  { 147514, true },
+  { 147528, true },
+  { 147543, true },
+  { 147557, true },
+  { 147569, true },
+  { 147583, true },
+  { 147597, true },
+  { 147609, true },
+  { 147621, true },
+  { 147635, true },
+  { 147647, true },
+  { 147659, true },
+  { 147673, true },
+  { 147691, true },
+  { 147699, true },
+  { 147710, true },
+  { 147726, true },
+  { 147742, true },
+  { 147756, true },
+  { 147775, true },
+  { 147794, true },
+  { 147817, false },
+  { 147846, true },
+  { 147876, true },
+  { 147892, true },
+  { 147906, true },
+  { 147920, true },
+  { 147938, true },
+  { 147959, true },
+  { 147978, true },
+  { 147990, true },
+  { 148010, true },
+  { 148025, true },
+  { 148038, true },
+  { 148049, true },
+  { 148064, true },
+  { 148083, true },
+  { 148098, true },
+  { 148116, true },
+  { 148136, true },
+  { 148148, true },
+  { 148160, true },
+  { 148175, true },
+  { 148202, true },
+  { 148225, true },
+  { 148249, true },
+  { 148273, true },
+  { 148289, true },
+  { 148313, true },
+  { 148323, true },
+  { 148337, true },
+  { 148359, true },
+  { 148369, true },
+  { 148401, true },
+  { 148416, true },
+  { 148427, true },
+  { 148435, true },
+  { 148452, true },
+  { 148463, true },
+  { 148475, true },
+  { 148489, true },
+  { 148497, true },
+  { 148519, true },
+  { 148529, true },
+  { 148542, false },
+  { 148553, false },
+  { 148565, true },
+  { 148577, true },
+  { 148587, true },
+  { 148606, true },
+  { 148621, true },
+  { 148635, false },
+  { 148655, true },
+  { 148665, true },
+  { 148673, false },
+  { 148686, true },
+  { 148714, true },
+  { 148728, true },
+  { 148739, true },
+  { 148748, true },
+  { 148761, true },
+  { 148768, true },
+  { 148779, true },
+  { 148788, true },
+  { 148801, true },
+  { 148815, true },
+  { 148830, true },
+  { 148844, true },
+  { 148864, true },
+  { 148882, false },
+  { 148898, true },
+  { 148920, true },
+  { 148935, true },
+  { 148954, true },
+  { 148968, true },
+  { 148985, true },
+  { 148994, true },
+  { 149007, true },
+  { 149020, true },
+  { 149037, true },
+  { 149050, true },
+  { 149060, true },
+  { 149070, true },
+  { 149096, true },
+  { 149106, true },
+  { 149114, true },
+  { 149123, true },
+  { 149137, true },
+  { 149149, true },
+  { 149163, true },
+  { 149176, false },
+  { 149188, true },
+  { 149202, true },
+  { 149214, true },
+  { 149226, true },
+  { 149236, true },
+  { 149253, true },
+  { 149265, true },
+  { 149274, true },
+  { 149294, true },
+  { 149314, true },
+  { 149325, true },
+  { 149342, true },
+  { 149363, true },
+  { 149384, true },
+  { 149400, true },
+  { 149409, true },
+  { 149427, true },
+  { 149444, true },
+  { 149456, true },
+  { 149473, true },
+  { 149493, true },
+  { 149511, true },
+  { 149532, true },
+  { 149546, true },
+  { 149555, true },
+  { 149579, true },
+  { 149595, false },
+  { 149605, true },
+  { 149620, true },
+  { 149633, true },
+  { 149652, true },
+  { 149661, true },
+  { 149677, true },
+  { 149690, true },
+  { 149716, true },
+  { 149733, true },
+  { 149746, true },
+  { 149763, true },
+  { 149777, true },
+  { 149791, true },
+  { 149808, true },
+  { 149828, true },
+  { 149846, true },
+  { 149861, true },
+  { 149872, true },
+  { 149891, true },
+  { 149901, true },
+  { 149913, true },
+  { 149924, true },
+  { 149941, true },
+  { 149953, true },
+  { 149968, false },
+  { 149985, true },
+  { 149993, true },
+  { 150006, true },
+  { 150018, true },
+  { 150033, true },
+  { 150052, true },
+  { 150067, true },
+  { 150084, true },
+  { 150094, true },
+  { 150109, true },
+  { 150123, true },
+  { 150147, true },
+  { 150162, true },
+  { 150187, true },
+  { 150202, true },
+  { 150218, true },
+  { 150235, true },
+  { 150248, true },
+  { 150260, true },
+  { 150272, true },
+  { 150292, true },
+  { 150304, true },
+  { 150317, true },
+  { 150331, true },
+  { 150349, true },
+  { 150370, true },
+  { 150382, true },
+  { 150406, true },
+  { 150426, true },
+  { 150441, true },
+  { 150460, true },
+  { 150472, true },
+  { 150484, true },
+  { 150499, true },
+  { 150523, true },
+  { 150533, true },
+  { 150546, true },
+  { 150580, true },
+  { 150601, true },
+  { 150621, true },
+  { 150643, true },
+  { 150667, true },
+  { 150681, true },
+  { 150695, true },
+  { 150708, true },
+  { 150719, false },
+  { 150735, true },
+  { 150759, true },
+  { 150771, true },
+  { 150786, true },
+  { 150799, true },
+  { 150808, true },
+  { 150822, true },
+  { 150837, true },
+  { 150855, true },
+  { 150881, true },
+  { 150914, true },
+  { 150946, true },
+  { 150961, true },
+  { 150976, true },
+  { 150985, true },
+  { 150995, true },
+  { 151005, true },
+  { 151020, true },
+  { 151031, true },
+  { 151055, true },
+  { 151067, true },
+  { 151079, true },
+  { 151090, true },
+  { 151102, true },
+  { 151111, true },
+  { 151120, true },
+  { 151129, true },
+  { 151139, true },
+  { 151151, true },
+  { 151164, true },
+  { 151178, true },
+  { 151192, true },
+  { 151204, true },
+  { 151220, true },
+  { 151242, true },
+  { 151264, true },
+  { 151278, false },
+  { 151288, false },
+  { 151308, false },
+  { 151322, true },
+  { 151334, true },
+  { 151347, true },
+  { 151356, true },
+  { 151365, true },
+  { 151374, true },
+  { 151387, true },
+  { 151408, true },
+  { 151420, true },
+  { 151432, false },
+  { 151445, true },
+  { 151454, true },
+  { 151462, false },
+  { 151479, true },
+  { 151493, true },
+  { 151509, true },
+  { 151528, true },
+  { 151538, true },
+  { 151548, true },
+  { 151566, true },
+  { 151587, true },
+  { 151601, true },
+  { 151614, true },
+  { 151622, true },
+  { 151641, true },
+  { 151661, true },
+  { 151675, true },
+  { 151684, true },
+  { 151703, true },
+  { 151723, true },
+  { 151732, true },
+  { 151745, true },
+  { 151754, true },
+  { 151767, true },
+  { 151791, true },
+  { 151806, true },
+  { 151819, true },
+  { 151832, true },
+  { 151850, true },
+  { 151870, true },
+  { 151885, false },
+  { 151898, true },
+  { 151915, true },
+  { 151928, true },
+  { 151941, true },
+  { 151954, true },
+  { 151972, true },
+  { 151993, true },
+  { 152008, true },
+  { 152032, true },
+  { 152059, true },
+  { 152073, true },
+  { 152084, true },
+  { 152095, true },
+  { 152105, true },
+  { 152118, false },
+  { 152132, true },
+  { 152145, true },
+  { 152159, true },
+  { 152175, true },
+  { 152189, true },
+  { 152204, true },
+  { 152222, true },
+  { 152235, true },
+  { 152247, true },
+  { 152260, true },
+  { 152269, true },
+  { 152292, false },
+  { 152303, false },
+  { 152314, true },
+  { 152325, true },
+  { 152341, true },
+  { 152359, true },
+  { 152380, true },
+  { 152400, true },
+  { 152422, true },
+  { 152438, true },
+  { 152456, true },
+  { 152473, true },
+  { 152490, true },
+  { 152508, true },
+  { 152525, true },
+  { 152542, true },
+  { 152557, true },
+  { 152575, true },
+  { 152598, true },
+  { 152612, true },
+  { 152627, true },
+  { 152640, false },
+  { 152657, true },
+  { 152672, true },
+  { 152686, true },
+  { 152705, false },
+  { 152715, true },
+  { 152726, true },
+  { 152742, true },
+  { 152751, true },
+  { 152762, true },
+  { 152781, true },
+  { 152801, true },
+  { 152816, true },
+  { 152824, true },
+  { 152835, true },
+  { 152844, true },
+  { 152855, true },
+  { 152866, true },
+  { 152885, true },
+  { 152900, true },
+  { 152918, true },
+  { 152929, true },
+  { 152946, true },
+  { 152961, true },
+  { 152989, true },
+  { 152997, false },
+  { 153008, true },
+  { 153024, true },
+  { 153038, true },
+  { 153050, true },
+  { 153064, true },
+  { 153084, true },
+  { 153098, true },
+  { 153113, true },
+  { 153125, false },
+  { 153146, true },
+  { 153164, true },
+  { 153177, true },
+  { 153187, true },
+  { 153196, true },
+  { 153204, true },
+  { 153220, true },
+  { 153232, true },
+  { 153244, true },
+  { 153254, true },
+  { 153265, true },
+  { 153277, true },
+  { 153297, true },
+  { 153307, true },
+  { 153313, true },
+  { 153331, true },
+  { 153343, true },
+  { 153354, true },
+  { 153362, true },
+  { 153376, true },
+  { 153388, true },
+  { 153400, true },
+  { 153413, true },
+  { 153435, true },
+  { 153446, false },
+  { 153460, true },
+  { 153468, true },
+  { 153483, true },
+  { 153494, true },
+  { 153506, true },
+  { 153521, true },
+  { 153539, false },
+  { 153552, true },
+  { 153573, true },
+  { 153587, true },
+  { 153596, true },
+  { 153619, true },
+  { 153638, true },
+  { 153647, true },
+  { 153658, true },
+  { 153667, true },
+  { 153678, true },
+  { 153685, true },
+  { 153705, true },
+  { 153717, true },
+  { 153731, true },
+  { 153745, true },
+  { 153764, true },
+  { 153783, true },
+  { 153799, true },
+  { 153818, true },
+  { 153826, true },
+  { 153843, true },
+  { 153862, true },
+  { 153871, true },
+  { 153880, true },
+  { 153889, true },
+  { 153899, true },
+  { 153908, true },
+  { 153919, true },
+  { 153932, true },
+  { 153951, true },
+  { 153967, true },
+  { 153985, true },
+  { 153996, true },
+  { 154012, true },
+  { 154019, true },
+  { 154031, true },
+  { 154052, true },
+  { 154068, true },
+  { 154085, true },
+  { 154095, true },
+  { 154110, true },
+  { 154129, true },
+  { 154142, true },
+  { 154159, true },
+  { 154178, true },
+  { 154189, true },
+  { 154204, true },
+  { 154216, true },
+  { 154227, true },
+  { 154235, true },
+  { 154252, true },
+  { 154261, true },
+  { 154275, true },
+  { 154297, true },
+  { 154312, true },
+  { 154324, true },
+  { 154338, true },
+  { 154351, true },
+  { 154367, true },
+  { 154398, true },
+  { 154416, true },
+  { 154433, true },
+  { 154444, true },
+  { 154460, true },
+  { 154475, true },
+  { 154497, true },
+  { 154506, true },
+  { 154519, true },
+  { 154531, false },
+  { 154545, true },
+  { 154562, true },
+  { 154579, true },
+  { 154601, true },
+  { 154615, true },
+  { 154630, true },
+  { 154643, true },
+  { 154654, true },
+  { 154672, true },
+  { 154695, true },
+  { 154712, true },
+  { 154732, true },
+  { 154747, true },
+  { 154758, true },
+  { 154770, true },
+  { 154784, true },
+  { 154803, false },
+  { 154811, true },
+  { 154829, true },
+  { 154853, true },
+  { 154870, true },
+  { 154888, true },
+  { 154899, true },
+  { 154921, true },
+  { 154931, true },
+  { 154956, true },
+  { 154973, true },
+  { 154985, true },
+  { 155001, true },
+  { 155013, true },
+  { 155024, true },
+  { 155036, true },
+  { 155048, true },
+  { 155061, true },
+  { 155075, true },
+  { 155088, true },
+  { 155101, true },
+  { 155119, true },
+  { 155134, true },
+  { 155148, true },
+  { 155177, true },
+  { 155203, false },
+  { 155220, true },
+  { 155230, true },
+  { 155253, true },
+  { 155273, true },
+  { 155296, true },
+  { 155323, true },
+  { 155347, true },
+  { 155370, true },
+  { 155387, true },
+  { 155398, true },
+  { 155413, true },
+  { 155432, true },
+  { 155444, true },
+  { 155456, true },
+  { 155476, true },
+  { 155493, true },
+  { 155509, true },
+  { 155526, true },
+  { 155539, true },
+  { 155547, true },
+  { 155564, true },
+  { 155593, true },
+  { 155605, true },
+  { 155621, true },
+  { 155636, true },
+  { 155657, true },
+  { 155680, true },
+  { 155702, true },
+  { 155724, true },
+  { 155742, true },
+  { 155756, true },
+  { 155767, true },
+  { 155781, true },
+  { 155796, true },
+  { 155817, true },
+  { 155835, true },
+  { 155848, true },
+  { 155858, true },
+  { 155867, true },
+  { 155883, true },
+  { 155895, true },
+  { 155908, true },
+  { 155926, true },
+  { 155944, true },
+  { 155957, true },
+  { 155975, true },
+  { 155983, true },
+  { 155996, true },
+  { 156004, true },
+  { 156021, true },
+  { 156028, false },
+  { 156048, true },
+  { 156062, true },
+  { 156074, true },
+  { 156083, true },
+  { 156098, true },
+  { 156116, true },
+  { 156130, true },
+  { 156139, true },
+  { 156153, true },
+  { 156168, true },
+  { 156176, true },
+  { 156200, true },
+  { 156221, true },
+  { 156237, true },
+  { 156256, true },
+  { 156270, true },
+  { 156287, true },
+  { 156309, true },
+  { 156329, true },
+  { 156348, true },
+  { 156359, true },
+  { 156373, true },
+  { 156383, true },
+  { 156400, true },
+  { 156422, true },
+  { 156443, true },
+  { 156458, true },
+  { 156468, true },
+  { 156484, true },
+  { 156500, true },
+  { 156515, true },
+  { 156528, true },
+  { 156541, true },
+  { 156557, true },
+  { 156575, false },
+  { 156587, true },
+  { 156599, true },
+  { 156625, true },
+  { 156641, true },
+  { 156663, true },
+  { 156683, true },
+  { 156696, true },
+  { 156707, true },
+  { 156722, true },
+  { 156735, true },
+  { 156755, true },
+  { 156769, true },
+  { 156789, true },
+  { 156805, true },
+  { 156821, true },
+  { 156831, true },
+  { 156843, true },
+  { 156851, true },
+  { 156865, true },
+  { 156875, true },
+  { 156899, true },
+  { 156917, true },
+  { 156936, false },
+  { 156955, true },
+  { 156968, true },
+  { 156985, true },
+  { 156999, true },
+  { 157016, true },
+  { 157028, true },
+  { 157038, true },
+  { 157057, true },
+  { 157076, true },
+  { 157092, true },
+  { 157113, true },
+  { 157127, true },
+  { 157147, true },
+  { 157159, true },
+  { 157184, true },
+  { 157220, true },
+  { 157232, true },
+  { 157249, true },
+  { 157262, true },
+  { 157273, true },
+  { 157287, true },
+  { 157307, true },
+  { 157326, true },
+  { 157346, true },
+  { 157363, true },
+  { 157388, true },
+  { 157403, true },
+  { 157422, true },
+  { 157445, true },
+  { 157459, true },
+  { 157477, true },
+  { 157493, true },
+  { 157512, true },
+  { 157534, true },
+  { 157549, true },
+  { 157559, true },
+  { 157578, true },
+  { 157594, true },
+  { 157607, true },
+  { 157625, true },
+  { 157647, true },
+  { 157670, true },
+  { 157684, true },
+  { 157697, true },
+  { 157712, true },
+  { 157725, true },
+  { 157742, true },
+  { 157757, false },
+  { 157767, true },
+  { 157786, true },
+  { 157802, true },
+  { 157817, true },
+  { 157830, true },
+  { 157855, true },
+  { 157870, true },
+  { 157888, true },
+  { 157903, true },
+  { 157921, true },
+  { 157938, true },
+  { 157954, true },
+  { 157972, true },
+  { 157987, true },
+  { 158000, true },
+  { 158012, true },
+  { 158023, true },
+  { 158037, true },
+  { 158055, true },
+  { 158068, true },
+  { 158081, true },
+  { 158095, true },
+  { 158121, true },
+  { 158139, true },
+  { 158163, true },
+  { 158184, true },
+  { 158203, true },
+  { 158219, true },
+  { 158241, true },
+  { 158258, true },
+  { 158268, true },
+  { 158282, true },
+  { 158299, true },
+  { 158318, true },
+  { 158329, true },
+  { 158348, true },
+  { 158364, true },
+  { 158383, true },
+  { 158395, true },
+  { 158411, true },
+  { 158423, true },
+  { 158439, true },
+  { 158453, true },
+  { 158467, true },
+  { 158480, true },
+  { 158495, true },
+  { 158511, true },
+  { 158530, true },
+  { 158545, true },
+  { 158563, true },
+  { 158580, true },
+  { 158593, true },
+  { 158615, true },
+  { 158639, true },
+  { 158659, true },
+  { 158678, true },
+  { 158691, true },
+  { 158715, true },
+  { 158725, true },
+  { 158735, true },
+  { 158744, true },
+  { 158757, true },
+  { 158772, true },
+  { 158784, true },
+  { 158797, true },
+  { 158806, true },
+  { 158816, true },
+  { 158828, true },
+  { 158844, true },
+  { 158854, true },
+  { 158862, true },
+  { 158870, true },
+  { 158883, true },
+  { 158896, true },
+  { 158907, true },
+  { 158920, true },
+  { 158939, true },
+  { 158950, true },
+  { 158966, true },
+  { 158978, true },
+  { 158988, true },
+  { 159006, false },
+  { 159019, true },
+  { 159035, true },
+  { 159050, true },
+  { 159061, true },
+  { 159076, true },
+  { 159093, true },
+  { 159107, true },
+  { 159118, true },
+  { 159134, true },
+  { 159151, true },
+  { 159160, true },
+  { 159169, true },
+  { 159182, true },
+  { 159197, true },
+  { 159212, true },
+  { 159233, true },
+  { 159252, false },
+  { 159262, true },
+  { 159277, true },
+  { 159287, true },
+  { 159301, true },
+  { 159315, true },
+  { 159330, true },
+  { 159341, true },
+  { 159358, true },
+  { 159372, true },
+  { 159380, true },
+  { 159388, true },
+  { 159398, true },
+  { 159408, true },
+  { 159416, true },
+  { 159423, true },
+  { 159433, true },
+  { 159445, true },
+  { 159453, true },
+  { 159464, true },
+  { 159472, true },
+  { 159481, false },
+  { 159489, true },
+  { 159515, true },
+  { 159528, true },
+  { 159538, true },
+  { 159546, true },
+  { 159560, true },
+  { 159571, true },
+  { 159581, true },
+  { 159593, true },
+  { 159605, true },
+  { 159622, true },
+  { 159635, true },
+  { 159650, true },
+  { 159672, true },
+  { 159682, true },
+  { 159693, true },
+  { 159702, true },
+  { 159712, true },
+  { 159735, true },
+  { 159751, true },
+  { 159767, true },
+  { 159788, true },
+  { 159808, true },
+  { 159822, true },
+  { 159836, true },
+  { 159848, true },
+  { 159870, true },
+  { 159885, true },
+  { 159896, true },
+  { 159910, true },
+  { 159929, true },
+  { 159941, true },
+  { 159955, true },
+  { 159972, true },
+  { 159988, true },
+  { 160016, true },
+  { 160041, true },
+  { 160058, true },
+  { 160074, true },
+  { 160085, true },
+  { 160106, false },
+  { 160120, true },
+  { 160134, true },
+  { 160155, true },
+  { 160184, true },
+  { 160198, true },
+  { 160209, true },
+  { 160222, true },
+  { 160235, true },
+  { 160249, true },
+  { 160267, true },
+  { 160278, true },
+  { 160299, true },
+  { 160315, true },
+  { 160333, true },
+  { 160360, true },
+  { 160371, true },
+  { 160384, true },
+  { 160401, true },
+  { 160420, true },
+  { 160434, true },
+  { 160448, true },
+  { 160465, true },
+  { 160489, true },
+  { 160505, true },
+  { 160519, true },
+  { 160532, true },
+  { 160565, true },
+  { 160591, true },
+  { 160607, true },
+  { 160627, true },
+  { 160654, true },
+  { 160682, true },
+  { 160693, true },
+  { 160707, true },
+  { 160726, true },
+  { 160737, true },
+  { 160747, true },
+  { 160757, true },
+  { 160767, true },
+  { 160777, true },
+  { 160787, true },
+  { 160797, true },
+  { 160810, true },
+  { 160833, true },
+  { 160846, true },
+  { 160855, true },
+  { 160871, true },
+  { 160888, true },
+  { 160899, true },
+  { 160910, true },
+  { 160923, true },
+  { 160939, true },
+  { 160950, true },
+  { 160964, true },
+  { 160975, true },
+  { 160989, true },
+  { 161003, true },
+  { 161020, true },
+  { 161038, true },
+  { 161052, true },
+  { 161077, true },
+  { 161090, true },
+  { 161103, true },
+  { 161114, true },
+  { 161123, true },
+  { 161133, true },
+  { 161153, true },
+  { 161167, true },
+  { 161176, true },
+  { 161184, true },
+  { 161194, true },
+  { 161206, true },
+  { 161216, true },
+  { 161224, true },
+  { 161231, true },
+  { 161245, true },
+  { 161259, true },
+  { 161272, true },
+  { 161283, true },
+  { 161297, true },
+  { 161311, true },
+  { 161325, true },
+  { 161335, true },
+  { 161345, false },
+  { 161355, true },
+  { 161368, true },
+  { 161378, true },
+  { 161389, true },
+  { 161405, true },
+  { 161412, true },
+  { 161426, true },
+  { 161454, true },
+  { 161477, true },
+  { 161492, true },
+  { 161504, true },
+  { 161515, true },
+  { 161525, true },
+  { 161534, true },
+  { 161541, true },
+  { 161551, true },
+  { 161561, true },
+  { 161567, true },
+  { 161575, false },
+  { 161586, true },
+  { 161598, true },
+  { 161608, true },
+  { 161619, true },
+  { 161628, true },
+  { 161638, true },
+  { 161645, true },
+  { 161663, true },
+  { 161676, true },
+  { 161694, true },
+  { 161712, true },
+  { 161725, true },
+  { 161736, true },
+  { 161752, true },
+  { 161774, true },
+  { 161789, true },
+  { 161801, true },
+  { 161823, true },
+  { 161832, true },
+  { 161855, true },
+  { 161868, true },
+  { 161877, true },
+  { 161890, true },
+  { 161903, true },
+  { 161915, true },
+  { 161934, true },
+  { 161954, true },
+  { 161964, true },
+  { 161976, true },
+  { 161998, true },
+  { 162013, true },
+  { 162028, true },
+  { 162047, true },
+  { 162065, true },
+  { 162074, true },
+  { 162096, true },
+  { 162111, true },
+  { 162130, true },
+  { 162149, true },
+  { 162167, true },
+  { 162184, true },
+  { 162199, true },
+  { 162215, true },
+  { 162226, true },
+  { 162239, true },
+  { 162257, true },
+  { 162273, true },
+  { 162289, true },
+  { 162300, true },
+  { 162318, true },
+  { 162330, true },
+  { 162341, true },
+  { 162357, true },
+  { 162374, true },
+  { 162389, true },
+  { 162405, true },
+  { 162423, false },
+  { 162438, true },
+  { 162447, true },
+  { 162460, true },
+  { 162474, true },
+  { 162491, true },
+  { 162503, true },
+  { 162520, true },
+  { 162544, true },
+  { 162562, true },
+  { 162574, true },
+  { 162591, true },
+  { 162605, true },
+  { 162620, true },
+  { 162636, true },
+  { 162649, true },
+  { 162663, true },
+  { 162678, true },
+  { 162693, true },
+  { 162710, true },
+  { 162725, true },
+  { 162740, true },
+  { 162753, true },
+  { 162772, true },
+  { 162794, true },
+  { 162815, true },
+  { 162831, true },
+  { 162844, true },
+  { 162858, true },
+  { 162875, true },
+  { 162892, true },
+  { 162913, true },
+  { 162937, true },
+  { 162959, true },
+  { 162971, true },
+  { 162984, true },
+  { 162995, true },
+  { 163010, true },
+  { 163029, true },
+  { 163050, true },
+  { 163067, true },
+  { 163083, true },
+  { 163098, true },
+  { 163112, true },
+  { 163122, false },
+  { 163132, false },
+  { 163145, true },
+  { 163161, true },
+  { 163178, true },
+  { 163197, true },
+  { 163217, true },
+  { 163235, true },
+  { 163256, true },
+  { 163279, true },
+  { 163294, false },
+  { 163315, true },
+  { 163333, true },
+  { 163361, true },
+  { 163376, true },
+  { 163392, true },
+  { 163411, true },
+  { 163433, true },
+  { 163448, true },
+  { 163465, false },
+  { 163479, true },
+  { 163494, true },
+  { 163515, true },
+  { 163528, true },
+  { 163539, true },
+  { 163564, true },
+  { 163580, true },
+  { 163595, true },
+  { 163611, true },
+  { 163628, true },
+  { 163648, true },
+  { 163665, true },
+  { 163684, true },
+  { 163698, true },
+  { 163716, true },
+  { 163730, true },
+  { 163748, true },
+  { 163766, true },
+  { 163779, true },
+  { 163797, true },
+  { 163809, true },
+  { 163820, true },
+  { 163838, true },
+  { 163850, true },
+  { 163862, false },
+  { 163873, true },
+  { 163887, true },
+  { 163903, true },
+  { 163912, true },
+  { 163928, true },
+  { 163944, true },
+  { 163958, true },
+  { 163971, true },
+  { 163981, false },
+  { 163998, true },
+  { 164014, true },
+  { 164027, true },
+  { 164040, true },
+  { 164059, true },
+  { 164068, true },
+  { 164083, true },
+  { 164093, true },
+  { 164102, true },
+  { 164108, true },
+  { 164117, true },
+  { 164125, true },
+  { 164134, true },
+  { 164151, true },
+  { 164163, true },
+  { 164172, true },
+  { 164189, true },
+  { 164203, true },
+  { 164214, false },
+  { 164223, true },
+  { 164235, true },
+  { 164242, true },
+  { 164257, true },
+  { 164264, false },
+  { 164273, true },
+  { 164309, true },
+  { 164320, true },
+  { 164334, true },
+  { 164346, true },
+  { 164356, true },
+  { 164366, true },
+  { 164378, true },
+  { 164399, true },
+  { 164419, true },
+  { 164445, true },
+  { 164455, true },
+  { 164464, true },
+  { 164482, true },
+  { 164491, true },
+  { 164515, true },
+  { 164522, true },
+  { 164534, true },
+  { 164542, true },
+  { 164554, true },
+  { 164567, true },
+  { 164581, false },
+  { 164596, true },
+  { 164610, true },
+  { 164628, true },
+  { 164641, true },
+  { 164655, true },
+  { 164667, true },
+  { 164679, true },
+  { 164691, true },
+  { 164701, true },
+  { 164715, true },
+  { 164728, true },
+  { 164742, true },
+  { 164762, true },
+  { 164773, true },
+  { 164782, true },
+  { 164797, true },
+  { 164809, true },
+  { 164817, true },
+  { 164830, true },
+  { 164846, true },
+  { 164859, true },
+  { 164869, true },
+  { 164876, true },
+  { 164888, true },
+  { 164899, true },
+  { 164913, true },
+  { 164923, true },
+  { 164935, true },
+  { 164952, true },
+  { 164962, true },
+  { 164979, true },
+  { 164996, true },
+  { 165006, true },
+  { 165021, true },
+  { 165035, true },
+  { 165052, true },
+  { 165068, true },
+  { 165077, true },
+  { 165094, false },
+  { 165112, true },
+  { 165134, true },
+  { 165152, false },
+  { 165170, true },
+  { 165182, true },
+  { 165204, true },
+  { 165226, true },
+  { 165237, true },
+  { 165250, true },
+  { 165264, true },
+  { 165276, true },
+  { 165291, true },
+  { 165306, true },
+  { 165322, true },
+  { 165338, true },
+  { 165349, true },
+  { 165367, true },
+  { 165383, true },
+  { 165405, true },
+  { 165429, true },
+  { 165454, true },
+  { 165477, true },
+  { 165500, true },
+  { 165520, true },
+  { 165539, true },
+  { 165550, true },
+  { 165568, true },
+  { 165586, true },
+  { 165605, true },
+  { 165632, true },
+  { 165647, true },
+  { 165667, true },
+  { 165690, true },
+  { 165702, true },
+  { 165716, true },
+  { 165743, true },
+  { 165760, true },
+  { 165775, true },
+  { 165787, true },
+  { 165807, true },
+  { 165818, true },
+  { 165837, true },
+  { 165849, true },
+  { 165866, true },
+  { 165884, true },
+  { 165900, true },
+  { 165916, true },
+  { 165930, true },
+  { 165943, true },
+  { 165958, true },
+  { 165985, true },
+  { 165998, true },
+  { 166012, true },
+  { 166026, true },
+  { 166046, true },
+  { 166068, false },
+  { 166083, true },
+  { 166094, true },
+  { 166118, true },
+  { 166146, false },
+  { 166157, true },
+  { 166174, true },
+  { 166185, true },
+  { 166203, true },
+  { 166222, true },
+  { 166240, true },
+  { 166258, true },
+  { 166281, true },
+  { 166305, true },
+  { 166326, true },
+  { 166347, true },
+  { 166368, true },
+  { 166382, true },
+  { 166395, true },
+  { 166407, true },
+  { 166429, true },
+  { 166440, true },
+  { 166459, true },
+  { 166476, true },
+  { 166496, true },
+  { 166511, true },
+  { 166529, true },
+  { 166547, true },
+  { 166566, true },
+  { 166580, true },
+  { 166594, true },
+  { 166612, true },
+  { 166620, true },
+  { 166641, true },
+  { 166662, true },
+  { 166678, true },
+  { 166698, true },
+  { 166708, true },
+  { 166730, true },
+  { 166751, true },
+  { 166767, true },
+  { 166788, true },
+  { 166804, true },
+  { 166815, true },
+  { 166831, true },
+  { 166846, true },
+  { 166860, true },
+  { 166871, true },
+  { 166885, true },
+  { 166895, true },
+  { 166905, true },
+  { 166922, false },
+  { 166935, true },
+  { 166947, true },
+  { 166958, true },
+  { 166975, true },
+  { 166988, true },
+  { 166998, true },
+  { 167012, true },
+  { 167030, true },
+  { 167049, true },
+  { 167067, true },
+  { 167083, true },
+  { 167094, true },
+  { 167114, true },
+  { 167125, true },
+  { 167138, true },
+  { 167151, true },
+  { 167167, true },
+  { 167180, true },
+  { 167190, true },
+  { 167202, true },
+  { 167213, true },
+  { 167227, true },
+  { 167235, true },
+  { 167252, true },
+  { 167267, true },
+  { 167279, true },
+  { 167295, true },
+  { 167313, true },
+  { 167326, true },
+  { 167343, true },
+  { 167362, true },
+  { 167379, true },
+  { 167393, true },
+  { 167408, true },
+  { 167421, true },
+  { 167435, true },
+  { 167447, true },
+  { 167463, true },
+  { 167477, true },
+  { 167486, true },
+  { 167507, true },
+  { 167526, true },
+  { 167539, false },
+  { 167550, true },
+  { 167565, true },
+  { 167576, true },
+  { 167600, true },
+  { 167615, true },
+  { 167629, true },
+  { 167638, true },
+  { 167655, true },
+  { 167681, true },
+  { 167691, true },
+  { 167702, true },
+  { 167715, true },
+  { 167724, true },
+  { 167737, true },
+  { 167750, true },
+  { 167761, true },
+  { 167774, true },
+  { 167788, true },
+  { 167799, true },
+  { 167816, true },
+  { 167825, true },
+  { 167849, true },
+  { 167856, true },
+  { 167870, true },
+  { 167877, true },
+  { 167889, true },
+  { 167896, true },
+  { 167908, true },
+  { 167917, true },
+  { 167932, true },
+  { 167947, true },
+  { 167960, true },
+  { 167980, true },
+  { 167999, true },
+  { 168016, true },
+  { 168032, true },
+  { 168052, true },
+  { 168071, true },
+  { 168087, true },
+  { 168108, true },
+  { 168127, true },
+  { 168140, true },
+  { 168163, true },
+  { 168186, true },
+  { 168199, true },
+  { 168218, true },
+  { 168232, true },
+  { 168242, true },
+  { 168252, true },
+  { 168273, false },
+  { 168285, true },
+  { 168309, true },
+  { 168324, false },
+  { 168338, false },
+  { 168345, true },
+  { 168353, true },
+  { 168367, true },
+  { 168377, true },
+  { 168391, true },
+  { 168408, true },
+  { 168433, true },
+  { 168446, true },
+  { 168461, true },
+  { 168473, true },
+  { 168488, true },
+  { 168515, true },
+  { 168528, true },
+  { 168542, true },
+  { 168555, true },
+  { 168575, true },
+  { 168593, true },
+  { 168615, true },
+  { 168635, true },
+  { 168652, true },
+  { 168662, true },
+  { 168671, true },
+  { 168689, true },
+  { 168701, true },
+  { 168712, true },
+  { 168727, true },
+  { 168741, true },
+  { 168757, true },
+  { 168774, true },
+  { 168791, true },
+  { 168805, true },
+  { 168827, true },
+  { 168845, true },
+  { 168863, true },
+  { 168888, true },
+  { 168901, true },
+  { 168909, true },
+  { 168920, true },
+  { 168935, true },
+  { 168960, true },
+  { 168980, true },
+  { 168994, true },
+  { 169004, true },
+  { 169014, true },
+  { 169024, true },
+  { 169033, true },
+  { 169044, true },
+  { 169057, true },
+  { 169085, true },
+  { 169096, false },
+  { 169109, true },
+  { 169118, true },
+  { 169130, true },
+  { 169147, true },
+  { 169156, true },
+  { 169168, true },
+  { 169188, true },
+  { 169201, false },
+  { 169221, true },
+  { 169235, true },
+  { 169246, true },
+  { 169259, true },
+  { 169272, true },
+  { 169289, false },
+  { 169305, true },
+  { 169316, true },
+  { 169331, true },
+  { 169344, true },
+  { 169357, true },
+  { 169369, true },
+  { 169379, true },
+  { 169392, true },
+  { 169409, true },
+  { 169422, false },
+  { 169433, false },
+  { 169443, true },
+  { 169454, false },
+  { 169474, true },
+  { 169503, true },
+  { 169515, true },
+  { 169530, true },
+  { 169545, true },
+  { 169560, true },
+  { 169576, true },
+  { 169605, true },
+  { 169624, true },
+  { 169641, true },
+  { 169667, true },
+  { 169687, true },
+  { 169700, true },
+  { 169720, true },
+  { 169734, true },
+  { 169750, true },
+  { 169781, true },
+  { 169809, true },
+  { 169824, true },
+  { 169839, true },
+  { 169854, true },
+  { 169868, true },
+  { 169878, true },
+  { 169892, true },
+  { 169909, true },
+  { 169927, true },
+  { 169948, true },
+  { 169958, true },
+  { 169980, true },
+  { 169998, true },
+  { 170019, true },
+  { 170036, true },
+  { 170052, true },
+  { 170086, true },
+  { 170111, true },
+  { 170130, true },
+  { 170153, true },
+  { 170177, true },
+  { 170206, true },
+  { 170230, true },
+  { 170256, true },
+  { 170288, true },
+  { 170304, true },
+  { 170321, true },
+  { 170345, true },
+  { 170370, true },
+  { 170386, true },
+  { 170402, true },
+  { 170413, false },
+  { 170425, true },
+  { 170441, true },
+  { 170461, true },
+  { 170486, true },
+  { 170506, true },
+  { 170530, true },
+  { 170548, true },
+  { 170557, true },
+  { 170569, false },
+  { 170589, false },
+  { 170599, true },
+  { 170614, true },
+  { 170621, true },
+  { 170629, true },
+  { 170638, true },
+  { 170648, true },
+  { 170656, true },
+  { 170666, true },
+  { 170680, true },
+  { 170688, true },
+  { 170704, true },
+  { 170726, true },
+  { 170733, true },
+  { 170740, true },
+  { 170750, true },
+  { 170758, true },
+  { 170765, true },
+  { 170772, true },
+  { 170779, true },
+  { 170787, true },
+  { 170796, true },
+  { 170804, true },
+  { 170816, true },
+  { 170828, true },
+  { 170838, true },
+  { 170851, true },
+  { 170867, true },
+  { 170878, true },
+  { 170886, true },
+  { 170896, true },
+  { 170911, true },
+  { 170921, false },
+  { 170933, true },
+  { 170949, true },
+  { 170968, true },
+  { 170984, true },
+  { 170997, true },
+  { 171011, true },
+  { 171028, true },
+  { 171046, true },
+  { 171061, true },
+  { 171074, true },
+  { 171089, true },
+  { 171098, true },
+  { 171121, true },
+  { 171135, true },
+  { 171146, true },
+  { 171161, true },
+  { 171175, true },
+  { 171200, true },
+  { 171218, true },
+  { 171229, true },
+  { 171244, true },
+  { 171255, true },
+  { 171267, false },
+  { 171279, true },
+  { 171298, true },
+  { 171318, true },
+  { 171332, true },
+  { 171346, true },
+  { 171357, true },
+  { 171368, true },
+  { 171379, true },
+  { 171389, true },
+  { 171410, true },
+  { 171427, true },
+  { 171444, true },
+  { 171462, true },
+  { 171472, true },
+  { 171509, true },
+  { 171535, true },
+  { 171551, true },
+  { 171581, true },
+  { 171604, true },
+  { 171618, true },
+  { 171637, true },
+  { 171650, true },
+  { 171666, true },
+  { 171685, true },
+  { 171702, true },
+  { 171717, true },
+  { 171735, true },
+  { 171748, true },
+  { 171769, true },
+  { 171783, true },
+  { 171796, true },
+  { 171808, true },
+  { 171821, true },
+  { 171838, true },
+  { 171850, true },
+  { 171866, true },
+  { 171877, true },
+  { 171885, true },
+  { 171892, true },
+  { 171906, true },
+  { 171918, true },
+  { 171934, false },
+  { 171948, true },
+  { 171962, true },
+  { 171978, true },
+  { 171993, true },
+  { 172012, true },
+  { 172030, true },
+  { 172049, true },
+  { 172056, true },
+  { 172077, true },
+  { 172094, false },
+  { 172109, true },
+  { 172124, true },
+  { 172141, true },
+  { 172151, true },
+  { 172170, true },
+  { 172181, true },
+  { 172191, true },
+  { 172210, true },
+  { 172223, true },
+  { 172241, true },
+  { 172261, true },
+  { 172271, true },
+  { 172281, true },
+  { 172293, true },
+  { 172301, false },
+  { 172312, true },
+  { 172327, true },
+  { 172338, true },
+  { 172357, true },
+  { 172370, true },
+  { 172389, true },
+  { 172408, true },
+  { 172424, true },
+  { 172446, true },
+  { 172458, true },
+  { 172471, false },
+  { 172485, true },
+  { 172500, true },
+  { 172514, false },
+  { 172529, true },
+  { 172545, true },
+  { 172556, true },
+  { 172568, true },
+  { 172578, true },
+  { 172587, true },
+  { 172604, true },
+  { 172617, true },
+  { 172627, true },
+  { 172644, true },
+  { 172652, true },
+  { 172664, true },
+  { 172676, true },
+  { 172695, true },
+  { 172715, true },
+  { 172722, true },
+  { 172741, true },
+  { 172757, true },
+  { 172771, true },
+  { 172783, false },
+  { 172793, true },
+  { 172811, true },
+  { 172823, true },
+  { 172839, true },
+  { 172864, true },
+  { 172875, true },
+  { 172883, true },
+  { 172903, true },
+  { 172915, true },
+  { 172926, true },
+  { 172938, true },
+  { 172948, true },
+  { 172966, true },
+  { 172985, true },
+  { 172994, false },
+  { 173014, true },
+  { 173023, false },
+  { 173034, true },
+  { 173043, true },
+  { 173057, true },
+  { 173071, true },
+  { 173091, true },
+  { 173110, true },
+  { 173124, true },
+  { 173140, true },
+  { 173155, true },
+  { 173169, true },
+  { 173191, true },
+  { 173205, true },
+  { 173221, true },
+  { 173233, true },
+  { 173246, true },
+  { 173254, true },
+  { 173267, true },
+  { 173278, true },
+  { 173290, true },
+  { 173312, true },
+  { 173326, true },
+  { 173342, false },
+  { 173353, true },
+  { 173368, true },
+  { 173384, false },
+  { 173409, true },
+  { 173425, true },
+  { 173441, true },
+  { 173457, true },
+  { 173476, true },
+  { 173498, true },
+  { 173512, true },
+  { 173526, true },
+  { 173549, true },
+  { 173562, true },
+  { 173587, true },
+  { 173606, true },
+  { 173630, true },
+  { 173646, true },
+  { 173664, true },
+  { 173680, true },
+  { 173696, true },
+  { 173707, true },
+  { 173725, true },
+  { 173737, true },
+  { 173756, true },
+  { 173766, true },
+  { 173786, true },
+  { 173803, true },
+  { 173821, true },
+  { 173835, true },
+  { 173848, true },
+  { 173863, true },
+  { 173883, true },
+  { 173903, true },
+  { 173933, true },
+  { 173947, true },
+  { 173960, true },
+  { 173981, true },
+  { 173999, true },
+  { 174014, true },
+  { 174030, true },
+  { 174058, true },
+  { 174073, true },
+  { 174087, true },
+  { 174102, true },
+  { 174117, true },
+  { 174129, true },
+  { 174146, true },
+  { 174159, true },
+  { 174170, true },
+  { 174189, false },
+  { 174197, true },
+  { 174211, true },
+  { 174230, true },
+  { 174247, true },
+  { 174261, true },
+  { 174273, true },
+  { 174288, true },
+  { 174302, true },
+  { 174315, true },
+  { 174333, true },
+  { 174347, true },
+  { 174362, true },
+  { 174380, true },
+  { 174395, true },
+  { 174410, true },
+  { 174425, true },
+  { 174441, true },
+  { 174472, true },
+  { 174503, true },
+  { 174517, true },
+  { 174536, true },
+  { 174558, true },
+  { 174585, true },
+  { 174607, true },
+  { 174625, true },
+  { 174639, true },
+  { 174661, true },
+  { 174676, true },
+  { 174695, true },
+  { 174709, true },
+  { 174728, true },
+  { 174737, true },
+  { 174747, true },
+  { 174762, true },
+  { 174775, true },
+  { 174790, true },
+  { 174807, true },
+  { 174827, true },
+  { 174854, true },
+  { 174871, true },
+  { 174896, true },
+  { 174917, true },
+  { 174942, true },
+  { 174960, true },
+  { 174971, true },
+  { 174984, true },
+  { 174997, true },
+  { 175007, true },
+  { 175022, true },
+  { 175032, true },
+  { 175043, true },
+  { 175055, true },
+  { 175067, true },
+  { 175078, true },
+  { 175095, true },
+  { 175112, true },
+  { 175127, true },
+  { 175134, true },
+  { 175147, true },
+  { 175157, true },
+  { 175174, true },
+  { 175184, true },
+  { 175194, true },
+  { 175203, true },
+  { 175213, true },
+  { 175232, true },
+  { 175250, true },
+  { 175271, true },
+  { 175291, true },
+  { 175304, true },
+  { 175321, true },
+  { 175334, true },
+  { 175356, true },
+  { 175368, true },
+  { 175386, true },
+  { 175403, true },
+  { 175413, true },
+  { 175426, true },
+  { 175434, true },
+  { 175456, true },
+  { 175470, true },
+  { 175492, true },
+  { 175513, true },
+  { 175533, true },
+  { 175554, true },
+  { 175562, true },
+  { 175574, true },
+  { 175591, true },
+  { 175603, true },
+  { 175632, true },
+  { 175645, true },
+  { 175662, true },
+  { 175677, true },
+  { 175696, true },
+  { 175706, true },
+  { 175725, true },
+  { 175736, true },
+  { 175745, true },
+  { 175755, true },
+  { 175768, true },
+  { 175788, true },
+  { 175805, true },
+  { 175833, true },
+  { 175855, true },
+  { 175880, false },
+  { 175898, true },
+  { 175910, true },
+  { 175928, true },
+  { 175947, true },
+  { 175956, true },
+  { 175971, true },
+  { 175986, true },
+  { 175999, true },
+  { 176020, true },
+  { 176037, true },
+  { 176060, true },
+  { 176074, true },
+  { 176088, true },
+  { 176098, true },
+  { 176112, true },
+  { 176128, true },
+  { 176143, true },
+  { 176158, true },
+  { 176173, true },
+  { 176183, true },
+  { 176195, true },
+  { 176205, true },
+  { 176213, true },
+  { 176225, true },
+  { 176233, true },
+  { 176249, true },
+  { 176267, true },
+  { 176277, true },
+  { 176291, true },
+  { 176307, true },
+  { 176315, true },
+  { 176323, true },
+  { 176332, true },
+  { 176344, true },
+  { 176354, true },
+  { 176368, true },
+  { 176382, true },
+  { 176396, true },
+  { 176408, true },
+  { 176420, true },
+  { 176433, true },
+  { 176449, true },
+  { 176459, false },
+  { 176475, true },
+  { 176488, true },
+  { 176500, true },
+  { 176511, true },
+  { 176538, true },
+  { 176549, true },
+  { 176564, true },
+  { 176585, true },
+  { 176609, true },
+  { 176620, true },
+  { 176629, true },
+  { 176649, true },
+  { 176665, true },
+  { 176686, true },
+  { 176709, true },
+  { 176721, true },
+  { 176738, true },
+  { 176751, true },
+  { 176760, true },
+  { 176769, true },
+  { 176777, true },
+  { 176788, true },
+  { 176798, true },
+  { 176810, true },
+  { 176833, true },
+  { 176859, true },
+  { 176876, true },
+  { 176892, true },
+  { 176915, true },
+  { 176933, true },
+  { 176951, true },
+  { 176961, true },
+  { 176980, false },
+  { 176998, false },
+  { 177016, true },
+  { 177046, true },
+  { 177066, true },
+  { 177083, true },
+  { 177102, false },
+  { 177116, true },
+  { 177147, true },
+  { 177158, true },
+  { 177178, true },
+  { 177190, true },
+  { 177203, true },
+  { 177217, true },
+  { 177245, true },
+  { 177262, true },
+  { 177275, true },
+  { 177283, true },
+  { 177302, true },
+  { 177316, true },
+  { 177328, true },
+  { 177343, true },
+  { 177356, true },
+  { 177366, true },
+  { 177378, false },
+  { 177388, true },
+  { 177398, true },
+  { 177408, true },
+  { 177420, true },
+  { 177435, true },
+  { 177450, true },
+  { 177459, true },
+  { 177470, true },
+  { 177483, true },
+  { 177510, true },
+  { 177518, true },
+  { 177535, true },
+  { 177547, true },
+  { 177564, true },
+  { 177580, true },
+  { 177601, true },
+  { 177616, true },
+  { 177630, true },
+  { 177640, true },
+  { 177648, true },
+  { 177662, true },
+  { 177673, true },
+  { 177686, true },
+  { 177697, true },
+  { 177706, true },
+  { 177715, true },
+  { 177732, true },
+  { 177750, true },
+  { 177762, true },
+  { 177773, true },
+  { 177785, true },
+  { 177797, true },
+  { 177806, true },
+  { 177814, true },
+  { 177826, true },
+  { 177837, true },
+  { 177855, true },
+  { 177872, true },
+  { 177893, true },
+  { 177903, true },
+  { 177918, false },
+  { 177929, true },
+  { 177948, true },
+  { 177962, true },
+  { 177970, true },
+  { 177982, true },
+  { 177994, true },
+  { 178012, true },
+  { 178024, true },
+  { 178035, true },
+  { 178042, true },
+  { 178054, true },
+  { 178066, true },
+  { 178074, true },
+  { 178086, true },
+  { 178095, true },
+  { 178107, true },
+  { 178115, true },
+  { 178122, true },
+  { 178129, true },
+  { 178137, true },
+  { 178145, true },
+  { 178159, true },
+  { 178166, true },
+  { 178173, true },
+  { 178180, false },
+  { 178191, true },
+  { 178198, true },
+  { 178205, true },
+  { 178232, true },
+  { 178243, true },
+  { 178254, true },
+  { 178269, true },
+  { 178279, true },
+  { 178291, true },
+  { 178302, true },
+  { 178316, true },
+  { 178342, true },
+  { 178352, true },
+  { 178362, true },
+  { 178377, true },
+  { 178392, true },
+  { 178407, true },
+  { 178421, true },
+  { 178435, true },
+  { 178449, true },
+  { 178469, true },
+  { 178484, true },
+  { 178496, true },
+  { 178509, true },
+  { 178519, true },
+  { 178530, true },
+  { 178543, true },
+  { 178555, true },
+  { 178569, true },
+  { 178584, true },
+  { 178597, true },
+  { 178615, true },
+  { 178628, true },
+  { 178654, true },
+  { 178681, true },
+  { 178695, true },
+  { 178709, true },
+  { 178726, true },
+  { 178741, true },
+  { 178754, true },
+  { 178772, true },
+  { 178786, true },
+  { 178802, true },
+  { 178812, true },
+  { 178826, true },
+  { 178840, true },
+  { 178857, true },
+  { 178870, true },
+  { 178890, true },
+  { 178900, true },
+  { 178927, true },
+  { 178937, true },
+  { 178949, true },
+  { 178967, true },
+  { 178980, true },
+  { 178989, true },
+  { 179000, true },
+  { 179016, true },
+  { 179031, true },
+  { 179053, true },
+  { 179067, true },
+  { 179079, true },
+  { 179090, true },
+  { 179101, true },
+  { 179115, true },
+  { 179144, true },
+  { 179162, true },
+  { 179173, true },
+  { 179182, true },
+  { 179192, true },
+  { 179213, true },
+  { 179221, true },
+  { 179231, true },
+  { 179243, true },
+  { 179253, true },
+  { 179271, true },
+  { 179281, true },
+  { 179297, true },
+  { 179323, true },
+  { 179350, true },
+  { 179373, true },
+  { 179387, true },
+  { 179402, true },
+  { 179421, true },
+  { 179438, true },
+  { 179456, true },
+  { 179464, true },
+  { 179492, true },
+  { 179507, true },
+  { 179518, true },
+  { 179536, true },
+  { 179546, true },
+  { 179556, true },
+  { 179567, true },
+  { 179583, true },
+  { 179599, true },
+  { 179618, true },
+  { 179633, true },
+  { 179642, true },
+  { 179670, true },
+  { 179686, true },
+  { 179704, true },
+  { 179719, true },
+  { 179730, true },
+  { 179744, true },
+  { 179757, true },
+  { 179774, true },
+  { 179800, true },
+  { 179828, true },
+  { 179843, true },
+  { 179864, true },
+  { 179884, true },
+  { 179905, true },
+  { 179922, true },
+  { 179936, true },
+  { 179963, true },
+  { 179982, true },
+  { 179996, true },
+  { 180011, false },
+  { 180024, true },
+  { 180039, true },
+  { 180055, true },
+  { 180075, true },
+  { 180090, true },
+  { 180107, true },
+  { 180119, true },
+  { 180151, false },
+  { 180163, true },
+  { 180173, true },
+  { 180186, true },
+  { 180202, true },
+  { 180221, true },
+  { 180239, true },
+  { 180250, true },
+  { 180258, true },
+  { 180267, true },
+  { 180277, true },
+  { 180289, true },
+  { 180303, true },
+  { 180317, true },
+  { 180330, true },
+  { 180339, true },
+  { 180351, true },
+  { 180362, true },
+  { 180376, true },
+  { 180390, false },
+  { 180413, true },
+  { 180431, true },
+  { 180444, false },
+  { 180459, true },
+  { 180471, true },
+  { 180486, true },
+  { 180509, true },
+  { 180528, true },
+  { 180547, true },
+  { 180565, true },
+  { 180579, true },
+  { 180593, true },
+  { 180612, true },
+  { 180622, true },
+  { 180636, true },
+  { 180649, true },
+  { 180669, true },
+  { 180688, true },
+  { 180705, true },
+  { 180722, true },
+  { 180734, true },
+  { 180748, true },
+  { 180766, true },
+  { 180782, true },
+  { 180795, true },
+  { 180810, true },
+  { 180824, true },
+  { 180833, true },
+  { 180849, true },
+  { 180865, true },
+  { 180877, true },
+  { 180895, true },
+  { 180911, true },
+  { 180923, true },
+  { 180935, true },
+  { 180949, true },
+  { 180966, true },
+  { 180978, true },
+  { 180993, true },
+  { 181006, true },
+  { 181022, true },
+  { 181039, true },
+  { 181056, false },
+  { 181073, true },
+  { 181095, true },
+  { 181117, true },
+  { 181134, true },
+  { 181153, true },
+  { 181167, true },
+  { 181189, true },
+  { 181216, true },
+  { 181238, true },
+  { 181254, true },
+  { 181268, true },
+  { 181280, true },
+  { 181294, true },
+  { 181312, true },
+  { 181323, true },
+  { 181338, true },
+  { 181351, true },
+  { 181369, true },
+  { 181386, true },
+  { 181403, true },
+  { 181412, true },
+  { 181428, true },
+  { 181445, true },
+  { 181456, true },
+  { 181468, true },
+  { 181479, true },
+  { 181488, true },
+  { 181502, true },
+  { 181515, true },
+  { 181529, true },
+  { 181541, true },
+  { 181561, true },
+  { 181573, true },
+  { 181585, true },
+  { 181595, true },
+  { 181609, true },
+  { 181622, true },
+  { 181644, true },
+  { 181665, true },
+  { 181687, true },
+  { 181698, false },
+  { 181713, true },
+  { 181724, true },
+  { 181735, false },
+  { 181755, true },
+  { 181781, true },
+  { 181801, true },
+  { 181815, true },
+  { 181828, true },
+  { 181843, true },
+  { 181860, true },
+  { 181879, true },
+  { 181899, true },
+  { 181918, true },
+  { 181938, true },
+  { 181961, true },
+  { 181979, true },
+  { 182006, true },
+  { 182024, true },
+  { 182043, true },
+  { 182055, true },
+  { 182076, true },
+  { 182091, true },
+  { 182111, true },
+  { 182123, true },
+  { 182134, true },
+  { 182146, true },
+  { 182165, true },
+  { 182187, true },
+  { 182205, true },
+  { 182220, true },
+  { 182233, false },
+  { 182241, true },
+  { 182253, true },
+  { 182269, true },
+  { 182280, true },
+  { 182295, true },
+  { 182313, true },
+  { 182330, true },
+  { 182338, true },
+  { 182355, true },
+  { 182368, true },
+  { 182379, true },
+  { 182393, true },
+  { 182407, true },
+  { 182417, true },
+  { 182430, true },
+  { 182438, true },
+  { 182456, true },
+  { 182464, true },
+  { 182478, false },
+  { 182494, true },
+  { 182506, true },
+  { 182523, true },
+  { 182533, true },
+  { 182540, true },
+  { 182547, true },
+  { 182559, true },
+  { 182570, true },
+  { 182580, true },
+  { 182593, true },
+  { 182604, true },
+  { 182618, true },
+  { 182632, true },
+  { 182648, true },
+  { 182659, true },
+  { 182666, true },
+  { 182675, true },
+  { 182683, true },
+  { 182697, true },
+  { 182719, true },
+  { 182735, true },
+  { 182755, true },
+  { 182776, true },
+  { 182792, false },
+  { 182807, true },
+  { 182822, true },
+  { 182850, true },
+  { 182864, true },
+  { 182879, true },
+  { 182900, true },
+  { 182915, true },
+  { 182934, true },
+  { 182957, true },
+  { 182973, true },
+  { 182992, true },
+  { 183002, true },
+  { 183015, true },
+  { 183026, true },
+  { 183041, true },
+  { 183055, true },
+  { 183076, true },
+  { 183092, true },
+  { 183107, true },
+  { 183124, true },
+  { 183141, true },
+  { 183153, true },
+  { 183163, true },
+  { 183173, true },
+  { 183183, true },
+  { 183197, true },
+  { 183209, true },
+  { 183219, true },
+  { 183233, true },
+  { 183249, true },
+  { 183267, true },
+  { 183286, true },
+  { 183305, true },
+  { 183325, true },
+  { 183342, true },
+  { 183354, true },
+  { 183366, true },
+  { 183391, true },
+  { 183402, true },
+  { 183415, true },
+  { 183430, true },
+  { 183448, true },
+  { 183465, true },
+  { 183477, true },
+  { 183492, true },
+  { 183505, true },
+  { 183531, true },
+  { 183546, true },
+  { 183559, true },
+  { 183572, true },
+  { 183583, true },
+  { 183594, true },
+  { 183605, true },
+  { 183617, true },
+  { 183628, true },
+  { 183638, true },
+  { 183658, true },
+  { 183672, true },
+  { 183685, true },
+  { 183694, true },
+  { 183703, true },
+  { 183716, true },
+  { 183723, false },
+  { 183731, true },
+  { 183744, true },
+  { 183752, true },
+  { 183769, true },
+  { 183787, true },
+  { 183798, true },
+  { 183817, true },
+  { 183835, true },
+  { 183862, true },
+  { 183874, true },
+  { 183888, false },
+  { 183900, true },
+  { 183915, true },
+  { 183939, true },
+  { 183954, true },
+  { 183965, true },
+  { 183987, true },
+  { 184005, true },
+  { 184020, true },
+  { 184038, true },
+  { 184046, true },
+  { 184066, true },
+  { 184089, true },
+  { 184114, true },
+  { 184126, true },
+  { 184137, true },
+  { 184153, true },
+  { 184165, true },
+  { 184179, true },
+  { 184196, true },
+  { 184205, true },
+  { 184221, true },
+  { 184229, true },
+  { 184247, true },
+  { 184262, true },
+  { 184282, true },
+  { 184299, true },
+  { 184312, true },
+  { 184328, true },
+  { 184342, true },
+  { 184358, true },
+  { 184375, true },
+  { 184393, true },
+  { 184412, true },
+  { 184426, true },
+  { 184441, true },
+  { 184454, true },
+  { 184467, true },
+  { 184481, true },
+  { 184498, true },
+  { 184509, true },
+  { 184524, true },
+  { 184544, true },
+  { 184560, true },
+  { 184570, true },
+  { 184582, true },
+  { 184601, true },
+  { 184611, true },
+  { 184621, true },
+  { 184631, true },
+  { 184642, true },
+  { 184659, true },
+  { 184674, true },
+  { 184694, true },
+  { 184710, true },
+  { 184723, true },
+  { 184737, true },
+  { 184748, false },
+  { 184765, true },
+  { 184791, true },
+  { 184808, true },
+  { 184833, true },
+  { 184844, true },
+  { 184860, true },
+  { 184869, true },
+  { 184882, true },
+  { 184896, true },
+  { 184908, true },
+  { 184917, false },
+  { 184931, true },
+  { 184948, true },
+  { 184981, true },
+  { 185001, true },
+  { 185013, true },
+  { 185027, true },
+  { 185040, true },
+  { 185053, true },
+  { 185063, true },
+  { 185077, true },
+  { 185097, true },
+  { 185108, true },
+  { 185120, true },
+  { 185132, true },
+  { 185144, true },
+  { 185153, true },
+  { 185165, true },
+  { 185182, true },
+  { 185196, true },
+  { 185225, true },
+  { 185242, true },
+  { 185256, true },
+  { 185274, true },
+  { 185285, true },
+  { 185301, true },
+  { 185316, true },
+  { 185333, true },
+  { 185349, true },
+  { 185360, true },
+  { 185378, true },
+  { 185393, true },
+  { 185414, true },
+  { 185428, true },
+  { 185451, true },
+  { 185460, true },
+  { 185470, true },
+  { 185484, true },
+  { 185500, true },
+  { 185510, true },
+  { 185521, true },
+  { 185537, true },
+  { 185554, true },
+  { 185577, true },
+  { 185584, true },
+  { 185595, true },
+  { 185609, true },
+  { 185620, true },
+  { 185629, true },
+  { 185638, true },
+  { 185653, true },
+  { 185662, true },
+  { 185675, true },
+  { 185683, true },
+  { 185694, true },
+  { 185703, true },
+  { 185716, false },
+  { 185727, true },
+  { 185735, true },
+  { 185749, true },
+  { 185760, true },
+  { 185770, true },
+  { 185782, true },
+  { 185794, true },
+  { 185806, true },
+  { 185818, true },
+  { 185830, true },
+  { 185842, true },
+  { 185854, true },
+  { 185866, true },
+  { 185878, true },
+  { 185890, true },
+  { 185902, true },
+  { 185914, true },
+  { 185926, true },
+  { 185938, true },
+  { 185950, true },
+  { 185962, true },
+  { 185974, true },
+  { 185986, true },
+  { 185998, true },
+  { 186010, true },
+  { 186022, true },
+  { 186034, true },
+  { 186046, true },
+  { 186058, true },
+  { 186070, true },
+  { 186082, true },
+  { 186094, true },
+  { 186106, true },
+  { 186118, true },
+  { 186130, true },
+  { 186142, true },
+  { 186154, true },
+  { 186166, true },
+  { 186178, true },
+  { 186188, true },
+  { 186196, true },
+  { 186207, true },
+  { 186220, true },
+  { 186229, true },
+  { 186239, true },
+  { 186249, true },
+  { 186259, true },
+  { 186267, true },
+  { 186279, true },
+  { 186301, true },
+  { 186323, true },
+  { 186332, true },
+  { 186344, true },
+  { 186353, true },
+  { 186379, true },
+  { 186395, true },
+  { 186413, true },
+  { 186427, true },
+  { 186438, true },
+  { 186457, true },
+  { 186474, true },
+  { 186486, true },
+  { 186501, true },
+  { 186522, true },
+  { 186542, true },
+  { 186566, true },
+  { 186582, true },
+  { 186605, true },
+  { 186617, true },
+  { 186639, true },
+  { 186667, true },
+  { 186681, true },
+  { 186699, true },
+  { 186714, true },
+  { 186722, true },
+  { 186733, true },
+  { 186747, true },
+  { 186765, true },
+  { 186775, true },
+  { 186793, true },
+  { 186807, true },
+  { 186819, true },
+  { 186831, true },
+  { 186846, true },
+  { 186859, true },
+  { 186882, true },
+  { 186913, true },
+  { 186927, true },
+  { 186945, true },
+  { 186955, false },
+  { 186964, false },
+  { 186973, false },
+  { 186982, true },
+  { 187011, true },
+  { 187028, false },
+  { 187039, true },
+  { 187063, true },
+  { 187073, true },
+  { 187084, true },
+  { 187107, true },
+  { 187122, true },
+  { 187142, true },
+  { 187152, true },
+  { 187163, true },
+  { 187171, true },
+  { 187186, true },
+  { 187195, true },
+  { 187211, true },
+  { 187230, true },
+  { 187239, true },
+  { 187253, true },
+  { 187268, true },
+  { 187287, true },
+  { 187303, true },
+  { 187316, false },
+  { 187326, true },
+  { 187339, true },
+  { 187355, true },
+  { 187377, true },
+  { 187390, true },
+  { 187414, true },
+  { 187427, true },
+  { 187444, true },
+  { 187457, true },
+  { 187473, true },
+  { 187488, true },
+  { 187498, true },
+  { 187514, true },
+  { 187531, true },
+  { 187552, true },
+  { 187570, true },
+  { 187589, true },
+  { 187600, true },
+  { 187611, true },
+  { 187625, true },
+  { 187636, true },
+  { 187651, true },
+  { 187669, true },
+  { 187683, true },
+  { 187700, true },
+  { 187716, true },
+  { 187732, true },
+  { 187747, true },
+  { 187761, true },
+  { 187771, true },
+  { 187785, true },
+  { 187800, true },
+  { 187814, true },
+  { 187820, true },
+  { 187836, true },
+  { 187848, true },
+  { 187866, true },
+  { 187880, true },
+  { 187897, false },
+  { 187917, true },
+  { 187930, true },
+  { 187939, true },
+  { 187954, true },
+  { 187965, true },
+  { 187981, true },
+  { 187993, true },
+  { 188008, true },
+  { 188026, true },
+  { 188037, true },
+  { 188049, true },
+  { 188071, true },
+  { 188081, true },
+  { 188091, true },
+  { 188101, false },
+  { 188115, true },
+  { 188128, true },
+  { 188144, false },
+  { 188164, true },
+  { 188175, true },
+  { 188195, true },
+  { 188221, true },
+  { 188236, true },
+  { 188248, true },
+  { 188269, true },
+  { 188294, true },
+  { 188324, true },
+  { 188347, true },
+  { 188360, true },
+  { 188376, true },
+  { 188397, true },
+  { 188404, true },
+  { 188428, true },
+  { 188446, true },
+  { 188461, true },
+  { 188477, true },
+  { 188488, true },
+  { 188498, true },
+  { 188509, true },
+  { 188527, true },
+  { 188535, true },
+  { 188546, true },
+  { 188557, true },
+  { 188573, true },
+  { 188590, true },
+  { 188606, true },
+  { 188623, true },
+  { 188633, true },
+  { 188643, true },
+  { 188653, true },
+  { 188672, true },
+  { 188681, true },
+  { 188707, true },
+  { 188723, true },
+  { 188743, true },
+  { 188770, true },
+  { 188788, true },
+  { 188802, true },
+  { 188818, true },
+  { 188832, true },
+  { 188841, true },
+  { 188855, true },
+  { 188871, true },
+  { 188898, true },
+  { 188912, true },
+  { 188921, true },
+  { 188933, true },
+  { 188946, true },
+  { 188958, true },
+  { 188974, true },
+  { 188987, true },
+  { 188999, true },
+  { 189014, true },
+  { 189030, true },
+  { 189053, true },
+  { 189073, true },
+  { 189093, true },
+  { 189107, true },
+  { 189115, true },
+  { 189135, true },
+  { 189154, true },
+  { 189176, true },
+  { 189198, true },
+  { 189211, true },
+  { 189229, true },
+  { 189246, true },
+  { 189260, true },
+  { 189279, true },
+  { 189297, true },
+  { 189320, true },
+  { 189340, true },
+  { 189365, true },
+  { 189390, true },
+  { 189406, true },
+  { 189424, true },
+  { 189447, true },
+  { 189467, true },
+  { 189489, true },
+  { 189504, true },
+  { 189522, true },
+  { 189538, true },
+  { 189554, true },
+  { 189584, true },
+  { 189610, true },
+  { 189625, true },
+  { 189657, true },
+  { 189672, true },
+  { 189687, true },
+  { 189705, true },
+  { 189723, true },
+  { 189738, true },
+  { 189750, true },
+  { 189765, true },
+  { 189784, true },
+  { 189798, false },
+  { 189808, true },
+  { 189825, true },
+  { 189836, true },
+  { 189859, false },
+  { 189874, true },
+  { 189891, true },
+  { 189905, true },
+  { 189918, true },
+  { 189931, true },
+  { 189939, true },
+  { 189952, true },
+  { 189964, true },
+  { 189976, true },
+  { 189987, true },
+  { 190002, true },
+  { 190024, true },
+  { 190036, true },
+  { 190047, true },
+  { 190076, true },
+  { 190088, true },
+  { 190102, true },
+  { 190113, true },
+  { 190128, true },
+  { 190144, true },
+  { 190169, true },
+  { 190181, true },
+  { 190194, true },
+  { 190210, true },
+  { 190219, true },
+  { 190230, true },
+  { 190240, true },
+  { 190253, true },
+  { 190268, true },
+  { 190276, true },
+  { 190289, true },
+  { 190308, true },
+  { 190331, true },
+  { 190341, true },
+  { 190359, true },
+  { 190372, true },
+  { 190383, true },
+  { 190406, true },
+  { 190422, true },
+  { 190440, true },
+  { 190456, true },
+  { 190464, true },
+  { 190474, true },
+  { 190490, true },
+  { 190511, true },
+  { 190526, true },
+  { 190540, true },
+  { 190550, false },
+  { 190568, true },
+  { 190592, true },
+  { 190607, true },
+  { 190619, true },
+  { 190634, true },
+  { 190648, true },
+  { 190667, true },
+  { 190695, true },
+  { 190711, true },
+  { 190724, true },
+  { 190741, true },
+  { 190757, true },
+  { 190774, true },
+  { 190796, true },
+  { 190813, true },
+  { 190828, true },
+  { 190848, true },
+  { 190858, true },
+  { 190868, false },
+  { 190881, true },
+  { 190899, true },
+  { 190917, true },
+  { 190926, true },
+  { 190939, true },
+  { 190953, true },
+  { 190964, true },
+  { 190983, true },
+  { 191002, true },
+  { 191019, true },
+  { 191037, true },
+  { 191056, true },
+  { 191077, true },
+  { 191102, true },
+  { 191118, true },
+  { 191135, true },
+  { 191149, true },
+  { 191162, true },
+  { 191181, true },
+  { 191197, true },
+  { 191212, true },
+  { 191229, true },
+  { 191237, true },
+  { 191246, true },
+  { 191259, true },
+  { 191274, true },
+  { 191285, true },
+  { 191307, true },
+  { 191319, true },
+  { 191342, true },
+  { 191355, true },
+  { 191366, true },
+  { 191392, true },
+  { 191418, true },
+  { 191447, true },
+  { 191466, true },
+  { 191487, true },
+  { 191505, true },
+  { 191525, true },
+  { 191543, true },
+  { 191553, true },
+  { 191566, true },
+  { 191595, true },
+  { 191616, true },
+  { 191629, true },
+  { 191642, true },
+  { 191654, true },
+  { 191665, true },
+  { 191683, true },
+  { 191700, true },
+  { 191723, true },
+  { 191746, true },
+  { 191767, true },
+  { 191793, true },
+  { 191807, true },
+  { 191821, true },
+  { 191840, true },
+  { 191859, true },
+  { 191873, true },
+  { 191890, true },
+  { 191907, true },
+  { 191922, false },
+  { 191932, true },
+  { 191940, true },
+  { 191956, true },
+  { 191964, true },
+  { 191983, true },
+  { 191995, true },
+  { 192014, true },
+  { 192026, true },
+  { 192039, true },
+  { 192046, false },
+  { 192062, true },
+  { 192071, true },
+  { 192086, true },
+  { 192100, true },
+  { 192112, true },
+  { 192125, false },
+  { 192134, true },
+  { 192143, true },
+  { 192157, true },
+  { 192176, true },
+  { 192193, true },
+  { 192210, true },
+  { 192219, true },
+  { 192230, true },
+  { 192241, true },
+  { 192253, true },
+  { 192271, true },
+  { 192291, true },
+  { 192304, true },
+  { 192314, true },
+  { 192327, true },
+  { 192339, true },
+  { 192355, true },
+  { 192363, false },
+  { 192371, true },
+  { 192393, true },
+  { 192401, true },
+  { 192422, true },
+  { 192446, true },
+  { 192462, true },
+  { 192478, true },
+  { 192488, true },
+  { 192505, true },
+  { 192515, true },
+  { 192523, true },
+  { 192534, true },
+  { 192544, true },
+  { 192560, true },
+  { 192575, true },
+  { 192593, true },
+  { 192605, true },
+  { 192615, true },
+  { 192625, true },
+  { 192635, true },
+  { 192644, true },
+  { 192654, true },
+  { 192666, true },
+  { 192680, true },
+  { 192696, true },
+  { 192719, true },
+  { 192732, true },
+  { 192745, true },
+  { 192759, true },
+  { 192774, true },
+  { 192787, false },
+  { 192807, true },
+  { 192818, true },
+  { 192830, true },
+  { 192856, true },
+  { 192865, true },
+  { 192881, true },
+  { 192899, true },
+  { 192915, true },
+  { 192932, true },
+  { 192945, true },
+  { 192956, true },
+  { 192971, true },
+  { 192981, true },
+  { 192991, true },
+  { 193011, true },
+  { 193025, true },
+  { 193037, true },
+  { 193049, true },
+  { 193072, true },
+  { 193084, true },
+  { 193099, true },
+  { 193112, true },
+  { 193120, true },
+  { 193132, true },
+  { 193143, true },
+  { 193155, true },
+  { 193177, true },
+  { 193196, true },
+  { 193207, true },
+  { 193220, true },
+  { 193232, true },
+  { 193252, true },
+  { 193267, true },
+  { 193279, true },
+  { 193291, true },
+  { 193302, true },
+  { 193315, true },
+  { 193335, true },
+  { 193349, true },
+  { 193365, true },
+  { 193381, true },
+  { 193399, true },
+  { 193420, true },
+  { 193433, true },
+  { 193443, true },
+  { 193456, true },
+  { 193469, true },
+  { 193482, true },
+  { 193498, true },
+  { 193515, true },
+  { 193528, true },
+  { 193541, true },
+  { 193554, true },
+  { 193567, true },
+  { 193588, true },
+  { 193601, true },
+  { 193614, true },
+  { 193627, true },
+  { 193640, true },
+  { 193656, true },
+  { 193669, true },
+  { 193682, true },
+  { 193695, true },
+  { 193712, true },
+  { 193733, true },
+  { 193742, true },
+  { 193752, true },
+  { 193760, true },
+  { 193775, true },
+  { 193787, true },
+  { 193797, true },
+  { 193822, true },
+  { 193849, true },
+  { 193864, true },
+  { 193871, true },
+  { 193879, true },
+  { 193887, true },
+  { 193896, true },
+  { 193907, false },
+  { 193925, true },
+  { 193937, true },
+  { 193949, true },
+  { 193959, true },
+  { 193969, true },
+  { 193988, true },
+  { 194000, true },
+  { 194014, true },
+  { 194029, true },
+  { 194044, true },
+  { 194052, true },
+  { 194067, true },
+  { 194084, true },
+  { 194098, true },
+  { 194109, true },
+  { 194119, true },
+  { 194136, true },
+  { 194143, true },
+  { 194157, true },
+  { 194171, true },
+  { 194182, true },
+  { 194193, true },
+  { 194204, true },
+  { 194216, true },
+  { 194224, true },
+  { 194235, true },
+  { 194254, true },
+  { 194271, true },
+  { 194286, true },
+  { 194300, true },
+  { 194314, true },
+  { 194329, true },
+  { 194344, true },
+  { 194355, true },
+  { 194370, true },
+  { 194395, true },
+  { 194406, true },
+  { 194424, true },
+  { 194437, true },
+  { 194452, true },
+  { 194464, true },
+  { 194482, true },
+  { 194495, true },
+  { 194505, true },
+  { 194514, true },
+  { 194521, true },
+  { 194533, true },
+  { 194553, true },
+  { 194562, true },
+  { 194570, true },
+  { 194583, true },
+  { 194600, true },
+  { 194615, true },
+  { 194632, true },
+  { 194670, true },
+  { 194682, true },
+  { 194696, true },
+  { 194711, true },
+  { 194727, true },
+  { 194743, true },
+  { 194756, true },
+  { 194772, true },
+  { 194792, true },
+  { 194815, true },
+  { 194832, true },
+  { 194844, true },
+  { 194863, true },
+  { 194885, true },
+  { 194894, true },
+  { 194904, true },
+  { 194916, true },
+  { 194927, true },
+  { 194942, true },
+  { 194953, true },
+  { 194965, true },
+  { 194978, true },
+  { 194989, true },
+  { 194999, true },
+  { 195011, true },
+  { 195020, true },
+  { 195028, true },
+  { 195041, true },
+  { 195051, true },
+  { 195060, false },
+  { 195067, true },
+  { 195075, true },
+  { 195086, true },
+  { 195096, true },
+  { 195109, true },
+  { 195122, true },
+  { 195131, true },
+  { 195146, true },
+  { 195161, true },
+  { 195173, true },
+  { 195194, true },
+  { 195211, true },
+  { 195218, true },
+  { 195238, true },
+  { 195248, true },
+  { 195259, false },
+  { 195272, true },
+  { 195286, true },
+  { 195301, true },
+  { 195312, true },
+  { 195337, true },
+  { 195350, true },
+  { 195358, true },
+  { 195366, true },
+  { 195386, true },
+  { 195394, true },
+  { 195403, true },
+  { 195413, true },
+  { 195435, true },
+  { 195454, true },
+  { 195463, false },
+  { 195472, true },
+  { 195488, true },
+  { 195504, true },
+  { 195513, true },
+  { 195532, true },
+  { 195540, true },
+  { 195554, true },
+  { 195567, true },
+  { 195579, true },
+  { 195595, true },
+  { 195606, true },
+  { 195623, true },
+  { 195641, true },
+  { 195657, true },
+  { 195670, true },
+  { 195682, true },
+  { 195695, true },
+  { 195707, true },
+  { 195724, true },
+  { 195739, true },
+  { 195752, true },
+  { 195763, true },
+  { 195772, true },
+  { 195785, true },
+  { 195802, true },
+  { 195814, true },
+  { 195826, true },
+  { 195837, true },
+  { 195852, true },
+  { 195868, true },
+  { 195884, true },
+  { 195907, true },
+  { 195926, false },
+  { 195941, true },
+  { 195953, true },
+  { 195967, true },
+  { 195980, true },
+  { 195993, true },
+  { 196012, true },
+  { 196020, true },
+  { 196033, true },
+  { 196046, true },
+  { 196057, true },
+  { 196070, true },
+  { 196078, true },
+  { 196089, true },
+  { 196106, false },
+  { 196122, false },
+  { 196142, true },
+  { 196154, true },
+  { 196161, true },
+  { 196171, true },
+  { 196194, true },
+  { 196206, true },
+  { 196216, true },
+  { 196232, true },
+  { 196245, true },
+  { 196260, true },
+  { 196275, true },
+  { 196301, true },
+  { 196316, true },
+  { 196334, true },
+  { 196351, true },
+  { 196364, true },
+  { 196375, false },
+  { 196390, true },
+  { 196401, true },
+  { 196416, true },
+  { 196437, true },
+  { 196455, true },
+  { 196482, true },
+  { 196492, true },
+  { 196508, true },
+  { 196522, true },
+  { 196530, true },
+  { 196544, true },
+  { 196561, true },
+  { 196578, true },
+  { 196593, true },
+  { 196603, true },
+  { 196614, true },
+  { 196623, true },
+  { 196636, true },
+  { 196648, true },
+  { 196667, true },
+  { 196688, true },
+  { 196706, true },
+  { 196727, true },
+  { 196745, true },
+  { 196758, true },
+  { 196771, true },
+  { 196783, true },
+  { 196793, true },
+  { 196804, true },
+  { 196812, false },
+  { 196832, true },
+  { 196848, true },
+  { 196855, true },
+  { 196865, true },
+  { 196876, true },
+  { 196889, false },
+  { 196897, true },
+  { 196921, false },
+  { 196936, true },
+  { 196945, true },
+  { 196955, true },
+  { 196968, false },
+  { 196980, true },
+  { 196988, false },
+  { 196998, true },
+  { 197007, true },
+  { 197019, true },
+  { 197029, true },
+  { 197040, true },
+  { 197063, true },
+  { 197086, true },
+  { 197109, true },
+  { 197118, true },
+  { 197128, false },
+  { 197145, true },
+  { 197154, true },
+  { 197164, true },
+  { 197174, true },
+  { 197187, true },
+  { 197195, true },
+  { 197205, true },
+  { 197215, true },
+  { 197226, true },
+  { 197238, true },
+  { 197256, true },
+  { 197265, true },
+  { 197277, true },
+  { 197292, true },
+  { 197304, true },
+  { 197320, true },
+  { 197334, true },
+  { 197347, true },
+  { 197354, true },
+  { 197364, true },
+  { 197374, true },
+  { 197386, true },
+  { 197395, true },
+  { 197409, true },
+  { 197423, true },
+  { 197433, true },
+  { 197449, true },
+  { 197459, false },
+  { 197473, true },
+  { 197484, true },
+  { 197496, false },
+  { 197510, true },
+  { 197522, true },
+  { 197536, true },
+  { 197551, true },
+  { 197558, true },
+  { 197567, true },
+  { 197582, true },
+  { 197596, true },
+  { 197608, true },
+  { 197620, true },
+  { 197631, false },
+  { 197641, false },
+  { 197651, true },
+  { 197661, true },
+  { 197668, true },
+  { 197678, true },
+  { 197696, true },
+  { 197709, true },
+  { 197721, true },
+  { 197736, true },
+  { 197747, true },
+  { 197754, true },
+  { 197772, true },
+  { 197785, true },
+  { 197796, true },
+  { 197820, true },
+  { 197827, true },
+  { 197844, true },
+  { 197854, false },
+  { 197865, true },
+  { 197876, true },
+  { 197885, true },
+  { 197907, true },
+  { 197914, true },
+  { 197927, true },
+  { 197943, true },
+  { 197957, true },
+  { 197974, true },
+  { 197991, true },
+  { 198004, true },
+  { 198013, true },
+  { 198026, true },
+  { 198038, true },
+  { 198053, true },
+  { 198068, true },
+  { 198100, true },
+  { 198111, true },
+  { 198122, true },
+  { 198135, true },
+  { 198145, true },
+  { 198159, true },
+  { 198172, true },
+  { 198186, true },
+  { 198198, true },
+  { 198217, true },
+  { 198238, true },
+  { 198250, true },
+  { 198262, true },
+  { 198285, true },
+  { 198295, true },
+  { 198304, true },
+  { 198318, true },
+  { 198327, true },
+  { 198338, true },
+  { 198347, true },
+  { 198358, true },
+  { 198372, true },
+  { 198389, true },
+  { 198400, false },
+  { 198409, true },
+  { 198426, true },
+  { 198436, true },
+  { 198448, true },
+  { 198463, true },
+  { 198472, true },
+  { 198484, true },
+  { 198496, true },
+  { 198512, true },
+  { 198525, true },
+  { 198544, true },
+  { 198557, true },
+  { 198570, true },
+  { 198590, true },
+  { 198614, true },
+  { 198632, true },
+  { 198641, true },
+  { 198660, true },
+  { 198678, true },
+  { 198693, true },
+  { 198709, true },
+  { 198722, true },
+  { 198740, true },
+  { 198753, true },
+  { 198773, true },
+  { 198785, true },
+  { 198798, true },
+  { 198807, true },
+  { 198819, true },
+  { 198828, true },
+  { 198843, true },
+  { 198852, true },
+  { 198874, true },
+  { 198887, true },
+  { 198899, true },
+  { 198907, true },
+  { 198917, true },
+  { 198925, true },
+  { 198935, true },
+  { 198948, true },
+  { 198963, true },
+  { 198979, true },
+  { 198990, true },
+  { 199001, true },
+  { 199010, true },
+  { 199029, true },
+  { 199051, true },
+  { 199078, true },
+  { 199090, true },
+  { 199104, true },
+  { 199118, true },
+  { 199141, true },
+  { 199166, true },
+  { 199183, true },
+  { 199194, true },
+  { 199223, true },
+  { 199244, true },
+  { 199263, true },
+  { 199280, false },
+  { 199293, true },
+  { 199306, true },
+  { 199321, true },
+  { 199332, true },
+  { 199342, true },
+  { 199355, true },
+  { 199372, true },
+  { 199384, true },
+  { 199402, true },
+  { 199415, true },
+  { 199427, true },
+  { 199436, true },
+  { 199449, true },
+  { 199470, true },
+  { 199488, true },
+  { 199512, true },
+  { 199530, true },
+  { 199543, true },
+  { 199561, true },
+  { 199576, true },
+  { 199586, true },
+  { 199598, true },
+  { 199611, true },
+  { 199630, true },
+  { 199648, true },
+  { 199664, true },
+  { 199680, true },
+  { 199696, true },
+  { 199707, true },
+  { 199718, true },
+  { 199728, false },
+  { 199740, true },
+  { 199753, true },
+  { 199765, true },
+  { 199780, true },
+  { 199801, true },
+  { 199815, false },
+  { 199835, false },
+  { 199847, false },
+  { 199860, true },
+  { 199870, true },
+  { 199879, true },
+  { 199893, true },
+  { 199911, true },
+  { 199922, true },
+  { 199935, true },
+  { 199948, true },
+  { 199964, true },
+  { 199981, true },
+  { 199993, true },
+  { 200019, true },
+  { 200048, true },
+  { 200081, true },
+  { 200115, true },
+  { 200127, true },
+  { 200141, true },
+  { 200161, true },
+  { 200175, true },
+  { 200191, true },
+  { 200203, true },
+  { 200210, false },
+  { 200223, true },
+  { 200243, true },
+  { 200268, true },
+  { 200294, true },
+  { 200311, true },
+  { 200332, true },
+  { 200348, true },
+  { 200362, true },
+  { 200382, true },
+  { 200402, true },
+  { 200426, true },
+  { 200442, true },
+  { 200457, true },
+  { 200473, true },
+  { 200491, true },
+  { 200513, true },
+  { 200530, true },
+  { 200543, true },
+  { 200555, false },
+  { 200569, true },
+  { 200591, true },
+  { 200610, true },
+  { 200633, true },
+  { 200649, true },
+  { 200669, true },
+  { 200681, true },
+  { 200703, true },
+  { 200725, true },
+  { 200744, true },
+  { 200754, true },
+  { 200776, true },
+  { 200788, true },
+  { 200805, true },
+  { 200816, true },
+  { 200829, true },
+  { 200849, true },
+  { 200859, true },
+  { 200867, true },
+  { 200878, true },
+  { 200892, true },
+  { 200903, true },
+  { 200915, true },
+  { 200930, true },
+  { 200949, true },
+  { 200978, true },
+  { 201005, true },
+  { 201033, true },
+  { 201058, true },
+  { 201070, true },
+  { 201086, true },
+  { 201105, true },
+  { 201124, true },
+  { 201143, true },
+  { 201173, true },
+  { 201191, true },
+  { 201208, true },
+  { 201222, true },
+  { 201246, true },
+  { 201257, false },
+  { 201270, true },
+  { 201281, true },
+  { 201294, true },
+  { 201310, true },
+  { 201324, true },
+  { 201339, true },
+  { 201354, true },
+  { 201371, true },
+  { 201391, true },
+  { 201409, true },
+  { 201423, true },
+  { 201437, true },
+  { 201449, true },
+  { 201463, true },
+  { 201480, true },
+  { 201505, true },
+  { 201528, true },
+  { 201546, true },
+  { 201563, true },
+  { 201574, true },
+  { 201591, true },
+  { 201605, true },
+  { 201623, true },
+  { 201638, true },
+  { 201650, true },
+  { 201666, true },
+  { 201688, true },
+  { 201699, false },
+  { 201712, true },
+  { 201727, true },
+  { 201739, true },
+  { 201751, true },
+  { 201762, true },
+  { 201772, true },
+  { 201786, true },
+  { 201798, true },
+  { 201810, true },
+  { 201822, true },
+  { 201833, true },
+  { 201853, true },
+  { 201871, true },
+  { 201888, true },
+  { 201903, true },
+  { 201920, true },
+  { 201938, true },
+  { 201951, true },
+  { 201969, true },
+  { 201981, true },
+  { 201991, false },
+  { 202000, true },
+  { 202014, true },
+  { 202024, true },
+  { 202037, true },
+  { 202048, true },
+  { 202059, true },
+  { 202073, true },
+  { 202083, true },
+  { 202098, false },
+  { 202111, true },
+  { 202121, true },
+  { 202139, true },
+  { 202150, true },
+  { 202164, true },
+  { 202180, true },
+  { 202190, true },
+  { 202201, true },
+  { 202218, true },
+  { 202226, true },
+  { 202241, true },
+  { 202252, true },
+  { 202267, true },
+  { 202281, true },
+  { 202300, true },
+  { 202309, true },
+  { 202322, true },
+  { 202345, true },
+  { 202358, true },
+  { 202371, true },
+  { 202385, true },
+  { 202400, true },
+  { 202423, false },
+  { 202438, true },
+  { 202472, true },
+  { 202492, true },
+  { 202507, true },
+  { 202528, true },
+  { 202539, true },
+  { 202549, true },
+  { 202559, true },
+  { 202575, true },
+  { 202585, true },
+  { 202598, true },
+  { 202608, true },
+  { 202620, true },
+  { 202633, true },
+  { 202645, true },
+  { 202663, true },
+  { 202686, true },
+  { 202702, true },
+  { 202716, true },
+  { 202740, false },
+  { 202754, true },
+  { 202770, true },
+  { 202791, true },
+  { 202808, true },
+  { 202821, true },
+  { 202833, true },
+  { 202846, true },
+  { 202858, true },
+  { 202873, true },
+  { 202885, true },
+  { 202897, true },
+  { 202925, true },
+  { 202942, true },
+  { 202954, true },
+  { 202964, true },
+  { 202977, true },
+  { 203004, true },
+  { 203025, true },
+  { 203044, true },
+  { 203062, true },
+  { 203078, true },
+  { 203089, true },
+  { 203107, true },
+  { 203122, true },
+  { 203133, true },
+  { 203145, true },
+  { 203157, true },
+  { 203175, true },
+  { 203187, true },
+  { 203202, true },
+  { 203221, true },
+  { 203256, true },
+  { 203285, true },
+  { 203307, false },
+  { 203321, true },
+  { 203331, true },
+  { 203349, true },
+  { 203359, true },
+  { 203372, true },
+  { 203384, true },
+  { 203401, true },
+  { 203418, true },
+  { 203433, true },
+  { 203461, false },
+  { 203480, true },
+  { 203498, true },
+  { 203512, true },
+  { 203543, true },
+  { 203565, true },
+  { 203582, true },
+  { 203597, true },
+  { 203609, true },
+  { 203621, true },
+  { 203634, true },
+  { 203656, true },
+  { 203683, true },
+  { 203709, true },
+  { 203721, true },
+  { 203742, true },
+  { 203762, true },
+  { 203783, true },
+  { 203800, true },
+  { 203817, true },
+  { 203839, true },
+  { 203855, true },
+  { 203868, true },
+  { 203880, true },
+  { 203901, true },
+  { 203916, true },
+  { 203941, true },
+  { 203960, true },
+  { 203972, true },
+  { 203987, true },
+  { 204006, true },
+  { 204033, true },
+  { 204050, true },
+  { 204066, true },
+  { 204078, true },
+  { 204094, true },
+  { 204110, true },
+  { 204149, true },
+  { 204178, true },
+  { 204194, true },
+  { 204210, true },
+  { 204232, true },
+  { 204257, true },
+  { 204279, true },
+  { 204301, true },
+  { 204316, true },
+  { 204341, true },
+  { 204359, true },
+  { 204388, true },
+  { 204408, true },
+  { 204425, true },
+  { 204448, true },
+  { 204474, true },
+  { 204492, true },
+  { 204513, true },
+  { 204541, true },
+  { 204560, true },
+  { 204575, true },
+  { 204594, true },
+  { 204614, true },
+  { 204627, true },
+  { 204640, true },
+  { 204657, true },
+  { 204672, true },
+  { 204698, true },
+  { 204712, true },
+  { 204733, true },
+  { 204749, true },
+  { 204759, false },
+  { 204775, true },
+  { 204788, true },
+  { 204810, true },
+  { 204829, true },
+  { 204845, true },
+  { 204869, true },
+  { 204883, true },
+  { 204900, true },
+  { 204913, true },
+  { 204937, true },
+  { 204949, false },
+  { 204958, true },
+  { 204973, true },
+  { 204983, true },
+  { 204995, true },
+  { 205016, true },
+  { 205029, true },
+  { 205046, true },
+  { 205060, true },
+  { 205082, true },
+  { 205094, true },
+  { 205116, true },
+  { 205136, true },
+  { 205158, true },
+  { 205177, true },
+  { 205195, true },
+  { 205220, true },
+  { 205238, true },
+  { 205258, true },
+  { 205270, true },
+  { 205288, true },
+  { 205301, true },
+  { 205314, true },
+  { 205327, true },
+  { 205337, true },
+  { 205359, true },
+  { 205373, true },
+  { 205389, true },
+  { 205405, true },
+  { 205421, true },
+  { 205434, true },
+  { 205453, true },
+  { 205471, true },
+  { 205485, true },
+  { 205495, true },
+  { 205506, false },
+  { 205518, true },
+  { 205529, true },
+  { 205537, true },
+  { 205547, true },
+  { 205556, true },
+  { 205568, true },
+  { 205582, true },
+  { 205590, true },
+  { 205601, true },
+  { 205612, true },
+  { 205623, true },
+  { 205633, true },
+  { 205646, true },
+  { 205662, true },
+  { 205674, true },
+  { 205684, true },
+  { 205701, true },
+  { 205712, true },
+  { 205724, true },
+  { 205730, true },
+  { 205746, true },
+  { 205760, true },
+  { 205767, true },
+  { 205775, true },
+  { 205785, true },
+  { 205793, true },
+  { 205802, true },
+  { 205814, true },
+  { 205828, true },
+  { 205837, true },
+  { 205853, true },
+  { 205866, true },
+  { 205874, true },
+  { 205883, true },
+  { 205891, true },
+  { 205907, true },
+  { 205920, true },
+  { 205931, true },
+  { 205941, true },
+  { 205954, true },
+  { 205965, false },
+  { 205983, true },
+  { 205994, true },
+  { 206010, true },
+  { 206022, true },
+  { 206036, true },
+  { 206048, false },
+  { 206059, true },
+  { 206067, true },
+  { 206076, true },
+  { 206085, true },
+  { 206105, true },
+  { 206117, true },
+  { 206133, true },
+  { 206141, true },
+  { 206150, true },
+  { 206158, true },
+  { 206166, true },
+  { 206182, true },
+  { 206199, true },
+  { 206207, true },
+  { 206219, true },
+  { 206230, true },
+  { 206240, true },
+  { 206249, true },
+  { 206268, true },
+  { 206278, true },
+  { 206294, true },
+  { 206305, true },
+  { 206315, true },
+  { 206324, true },
+  { 206339, true },
+  { 206347, true },
+  { 206356, true },
+  { 206365, true },
+  { 206383, true },
+  { 206399, true },
+  { 206412, true },
+  { 206429, true },
+  { 206443, true },
+  { 206471, true },
+  { 206483, true },
+  { 206496, true },
+  { 206510, true },
+  { 206524, true },
+  { 206541, true },
+  { 206550, true },
+  { 206569, true },
+  { 206585, true },
+  { 206600, true },
+  { 206610, true },
+  { 206625, true },
+  { 206642, true },
+  { 206665, true },
+  { 206684, true },
+  { 206697, true },
+  { 206720, true },
+  { 206731, true },
+  { 206740, true },
+  { 206750, true },
+  { 206764, true },
+  { 206778, true },
+  { 206792, true },
+  { 206806, true },
+  { 206820, true },
+  { 206834, true },
+  { 206848, true },
+  { 206871, true },
+  { 206892, true },
+  { 206909, true },
+  { 206930, true },
+  { 206940, true },
+  { 206956, true },
+  { 206972, true },
+  { 206983, true },
+  { 206991, true },
+  { 207001, true },
+  { 207013, true },
+  { 207022, true },
+  { 207035, true },
+  { 207048, true },
+  { 207065, true },
+  { 207076, true },
+  { 207092, true },
+  { 207103, true },
+  { 207113, true },
+  { 207121, true },
+  { 207139, true },
+  { 207153, true },
+  { 207171, true },
+  { 207185, true },
+  { 207203, true },
+  { 207222, true },
+  { 207238, true },
+  { 207260, true },
+  { 207271, true },
+  { 207282, true },
+  { 207293, true },
+  { 207302, true },
+  { 207320, true },
+  { 207339, true },
+  { 207361, true },
+  { 207372, true },
+  { 207385, true },
+  { 207397, true },
+  { 207407, true },
+  { 207414, true },
+  { 207425, true },
+  { 207435, true },
+  { 207451, true },
+  { 207462, true },
+  { 207472, true },
+  { 207482, true },
+  { 207492, true },
+  { 207502, true },
+  { 207513, true },
+  { 207523, true },
+  { 207534, true },
+  { 207552, true },
+  { 207564, true },
+  { 207577, true },
+  { 207589, true },
+  { 207601, true },
+  { 207617, true },
+  { 207629, true },
+  { 207639, true },
+  { 207648, true },
+  { 207665, true },
+  { 207680, true },
+  { 207699, true },
+  { 207714, true },
+  { 207729, true },
+  { 207742, true },
+  { 207752, true },
+  { 207765, true },
+  { 207777, true },
+  { 207796, true },
+  { 207809, true },
+  { 207841, true },
+  { 207855, true },
+  { 207867, true },
+  { 207891, true },
+  { 207914, true },
+  { 207946, true },
+  { 207968, true },
+  { 207993, true },
+  { 208016, true },
+  { 208037, true },
+  { 208064, true },
+  { 208076, true },
+  { 208086, true },
+  { 208099, true },
+  { 208125, true },
+  { 208135, true },
+  { 208156, true },
+  { 208167, true },
+  { 208186, true },
+  { 208195, true },
+  { 208209, true },
+  { 208223, true },
+  { 208237, true },
+  { 208248, true },
+  { 208262, true },
+  { 208275, true },
+  { 208290, true },
+  { 208306, true },
+  { 208322, true },
+  { 208336, true },
+  { 208350, true },
+  { 208364, true },
+  { 208376, false },
+  { 208396, true },
+  { 208408, true },
+  { 208421, true },
+  { 208435, true },
+  { 208452, true },
+  { 208471, true },
+  { 208486, true },
+  { 208515, true },
+  { 208533, true },
+  { 208549, true },
+  { 208566, true },
+  { 208580, true },
+  { 208595, true },
+  { 208608, true },
+  { 208617, true },
+  { 208626, true },
+  { 208642, true },
+  { 208662, true },
+  { 208681, true },
+  { 208700, true },
+  { 208711, true },
+  { 208723, true },
+  { 208732, true },
+  { 208741, true },
+  { 208750, true },
+  { 208759, true },
+  { 208772, true },
+  { 208783, true },
+  { 208795, true },
+  { 208803, true },
+  { 208812, true },
+  { 208823, true },
+  { 208836, true },
+  { 208845, true },
+  { 208865, true },
+  { 208874, true },
+  { 208884, true },
+  { 208897, true },
+  { 208908, true },
+  { 208921, true },
+  { 208935, true },
+  { 208946, true },
+  { 208957, true },
+  { 208968, true },
+  { 208977, true },
+  { 208991, false },
+  { 209001, true },
+  { 209015, true },
+  { 209030, true },
+  { 209047, true },
+  { 209056, true },
+  { 209071, true },
+  { 209091, true },
+  { 209110, true },
+  { 209123, true },
+  { 209135, true },
+  { 209148, false },
+  { 209161, true },
+  { 209176, true },
+  { 209193, true },
+  { 209206, true },
+  { 209219, true },
+  { 209233, true },
+  { 209247, true },
+  { 209272, true },
+  { 209281, true },
+  { 209306, true },
+  { 209338, true },
+  { 209361, true },
+  { 209373, true },
+  { 209386, true },
+  { 209400, true },
+  { 209420, true },
+  { 209434, true },
+  { 209450, true },
+  { 209463, true },
+  { 209478, false },
+  { 209492, true },
+  { 209506, true },
+  { 209517, true },
+  { 209531, true },
+  { 209543, true },
+  { 209560, true },
+  { 209581, true },
+  { 209592, true },
+  { 209603, true },
+  { 209610, true },
+  { 209621, true },
+  { 209628, true },
+  { 209638, true },
+  { 209650, true },
+  { 209660, true },
+  { 209668, true },
+  { 209676, true },
+  { 209692, true },
+  { 209707, true },
+  { 209716, true },
+  { 209724, true },
+  { 209732, true },
+  { 209747, true },
+  { 209760, true },
+  { 209773, true },
+  { 209785, true },
+  { 209794, true },
+  { 209805, true },
+  { 209819, true },
+  { 209827, true },
+  { 209834, true },
+  { 209841, true },
+  { 209850, true },
+  { 209858, true },
+  { 209868, true },
+  { 209886, true },
+  { 209900, true },
+  { 209912, true },
+  { 209923, true },
+  { 209934, true },
+  { 209945, true },
+  { 209958, true },
+  { 209969, true },
+  { 209987, true },
+  { 209998, true },
+  { 210007, true },
+  { 210024, true },
+  { 210035, true },
+  { 210044, true },
+  { 210053, true },
+  { 210069, true },
+  { 210080, true },
+  { 210087, true },
+  { 210094, true },
+  { 210101, true },
+  { 210115, true },
+  { 210123, true },
+  { 210130, true },
+  { 210137, true },
+  { 210148, true },
+  { 210154, true },
+  { 210175, true },
+  { 210187, true },
+  { 210200, true },
+  { 210213, true },
+  { 210223, true },
+  { 210234, true },
+  { 210244, true },
+  { 210254, true },
+  { 210267, true },
+  { 210281, true },
+  { 210299, true },
+  { 210316, true },
+  { 210329, true },
+  { 210339, true },
+  { 210352, true },
+  { 210367, true },
+  { 210386, true },
+  { 210399, true },
+  { 210408, true },
+  { 210434, true },
+  { 210451, true },
+  { 210476, true },
+  { 210492, false },
+  { 210504, true },
+  { 210512, true },
+  { 210526, true },
+  { 210543, true },
+  { 210556, true },
+  { 210571, true },
+  { 210590, true },
+  { 210603, true },
+  { 210618, true },
+  { 210641, true },
+  { 210654, true },
+  { 210678, true },
+  { 210707, true },
+  { 210722, true },
+  { 210738, true },
+  { 210749, true },
+  { 210762, true },
+  { 210790, false },
+  { 210804, false },
+  { 210823, true },
+  { 210838, true },
+  { 210850, true },
+  { 210858, true },
+  { 210870, true },
+  { 210884, true },
+  { 210898, true },
+  { 210912, true },
+  { 210928, true },
+  { 210944, true },
+  { 210959, true },
+  { 210979, true },
+  { 210998, true },
+  { 211016, true },
+  { 211032, true },
+  { 211043, true },
+  { 211052, true },
+  { 211068, true },
+  { 211083, true },
+  { 211097, true },
+  { 211110, true },
+  { 211120, true },
+  { 211140, true },
+  { 211157, true },
+  { 211174, true },
+  { 211193, true },
+  { 211212, true },
+  { 211232, false },
+  { 211249, true },
+  { 211263, true },
+  { 211277, true },
+  { 211297, true },
+  { 211317, true },
+  { 211331, false },
+  { 211344, true },
+  { 211354, true },
+  { 211369, false },
+  { 211387, true },
+  { 211404, true },
+  { 211421, true },
+  { 211436, true },
+  { 211459, true },
+  { 211476, true },
+  { 211490, true },
+  { 211502, true },
+  { 211517, true },
+  { 211534, true },
+  { 211548, true },
+  { 211563, true },
+  { 211576, true },
+  { 211590, true },
+  { 211611, true },
+  { 211620, true },
+  { 211635, false },
+  { 211648, true },
+  { 211663, true },
+  { 211677, true },
+  { 211691, true },
+  { 211702, true },
+  { 211712, true },
+  { 211735, true },
+  { 211749, true },
+  { 211777, true },
+  { 211791, true },
+  { 211812, true },
+  { 211823, true },
+  { 211834, false },
+  { 211844, true },
+  { 211856, true },
+  { 211871, true },
+  { 211886, true },
+  { 211894, true },
+  { 211908, false },
+  { 211922, true },
+  { 211935, true },
+  { 211946, true },
+  { 211962, true },
+  { 211979, true },
+  { 211993, true },
+  { 212003, true },
+  { 212015, true },
+  { 212029, true },
+  { 212051, true },
+  { 212069, false },
+  { 212081, true },
+  { 212101, true },
+  { 212118, true },
+  { 212144, true },
+  { 212161, true },
+  { 212186, false },
+  { 212202, true },
+  { 212221, true },
+  { 212232, true },
+  { 212246, true },
+  { 212257, true },
+  { 212269, true },
+  { 212287, true },
+  { 212299, true },
+  { 212312, true },
+  { 212323, true },
+  { 212342, true },
+  { 212359, true },
+  { 212374, true },
+  { 212393, true },
+  { 212410, true },
+  { 212425, true },
+  { 212442, true },
+  { 212460, true },
+  { 212478, true },
+  { 212500, true },
+  { 212516, true },
+  { 212529, true },
+  { 212540, true },
+  { 212548, true },
+  { 212568, true },
+  { 212580, true },
+  { 212595, true },
+  { 212603, true },
+  { 212620, true },
+  { 212633, true },
+  { 212647, true },
+  { 212657, true },
+  { 212668, true },
+  { 212678, true },
+  { 212696, true },
+  { 212714, true },
+  { 212727, true },
+  { 212746, true },
+  { 212762, true },
+  { 212774, true },
+  { 212784, true },
+  { 212798, true },
+  { 212806, true },
+  { 212819, true },
+  { 212834, true },
+  { 212855, true },
+  { 212867, true },
+  { 212880, true },
+  { 212892, true },
+  { 212903, true },
+  { 212911, true },
+  { 212926, true },
+  { 212933, true },
+  { 212946, true },
+  { 212953, true },
+  { 212972, true },
+  { 212994, true },
+  { 213010, true },
+  { 213019, true },
+  { 213039, true },
+  { 213058, true },
+  { 213068, true },
+  { 213076, true },
+  { 213087, true },
+  { 213104, true },
+  { 213124, true },
+  { 213132, true },
+  { 213142, true },
+  { 213154, true },
+  { 213166, true },
+  { 213176, true },
+  { 213189, true },
+  { 213205, true },
+  { 213227, true },
+  { 213245, true },
+  { 213262, true },
+  { 213280, true },
+  { 213298, true },
+  { 213324, true },
+  { 213339, true },
+  { 213359, true },
+  { 213371, true },
+  { 213385, true },
+  { 213400, true },
+  { 213419, true },
+  { 213428, true },
+  { 213442, true },
+  { 213455, true },
+  { 213463, true },
+  { 213479, false },
+  { 213496, true },
+  { 213517, true },
+  { 213536, true },
+  { 213555, true },
+  { 213570, true },
+  { 213586, true },
+  { 213596, true },
+  { 213612, true },
+  { 213627, true },
+  { 213639, true },
+  { 213650, true },
+  { 213660, true },
+  { 213677, true },
+  { 213687, true },
+  { 213695, true },
+  { 213713, true },
+  { 213722, true },
+  { 213744, true },
+  { 213757, true },
+  { 213767, true },
+  { 213787, true },
+  { 213805, true },
+  { 213820, true },
+  { 213831, false },
+  { 213849, true },
+  { 213866, true },
+  { 213882, true },
+  { 213900, true },
+  { 213913, true },
+  { 213925, true },
+  { 213936, true },
+  { 213964, true },
+  { 213980, true },
+  { 213998, true },
+  { 214014, true },
+  { 214024, true },
+  { 214042, true },
+  { 214058, true },
+  { 214074, true },
+  { 214089, true },
+  { 214101, false },
+  { 214115, true },
+  { 214132, true },
+  { 214154, true },
+  { 214173, true },
+  { 214185, true },
+  { 214196, true },
+  { 214217, true },
+  { 214242, true },
+  { 214260, true },
+  { 214271, true },
+  { 214287, true },
+  { 214304, true },
+  { 214331, true },
+  { 214348, true },
+  { 214364, true },
+  { 214382, true },
+  { 214397, true },
+  { 214412, true },
+  { 214426, true },
+  { 214437, true },
+  { 214454, true },
+  { 214471, true },
+  { 214486, true },
+  { 214502, true },
+  { 214514, true },
+  { 214536, true },
+  { 214549, true },
+  { 214564, true },
+  { 214572, true },
+  { 214584, true },
+  { 214595, true },
+  { 214615, true },
+  { 214622, false },
+  { 214637, true },
+  { 214648, true },
+  { 214655, true },
+  { 214667, true },
+  { 214675, true },
+  { 214683, true },
+  { 214691, true },
+  { 214699, true },
+  { 214712, true },
+  { 214724, true },
+  { 214748, true },
+  { 214755, true },
+  { 214770, true },
+  { 214795, true },
+  { 214805, true },
+  { 214820, false },
+  { 214831, true },
+  { 214844, true },
+  { 214853, true },
+  { 214863, true },
+  { 214886, true },
+  { 214901, true },
+  { 214923, true },
+  { 214935, true },
+  { 214948, true },
+  { 214960, true },
+  { 214976, true },
+  { 214990, true },
+  { 215004, true },
+  { 215015, true },
+  { 215026, true },
+  { 215040, false },
+  { 215053, true },
+  { 215067, true },
+  { 215075, true },
+  { 215089, true },
+  { 215098, true },
+  { 215110, true },
+  { 215123, true },
+  { 215146, true },
+  { 215159, true },
+  { 215169, true },
+  { 215178, true },
+  { 215188, true },
+  { 215201, true },
+  { 215217, true },
+  { 215227, true },
+  { 215238, true },
+  { 215251, true },
+  { 215264, true },
+  { 215273, true },
+  { 215292, true },
+  { 215311, true },
+  { 215328, true },
+  { 215349, true },
+  { 215365, true },
+  { 215374, true },
+  { 215392, true },
+  { 215405, true },
+  { 215413, true },
+  { 215426, true },
+  { 215439, true },
+  { 215454, true },
+  { 215469, true },
+  { 215488, true },
+  { 215501, true },
+  { 215512, true },
+  { 215525, true },
+  { 215539, true },
+  { 215546, true },
+  { 215565, true },
+  { 215585, true },
+  { 215597, true },
+  { 215619, true },
+  { 215626, true },
+  { 215640, true },
+  { 215648, true },
+  { 215668, true },
+  { 215686, true },
+  { 215695, true },
+  { 215705, true },
+  { 215720, true },
+  { 215729, true },
+  { 215738, true },
+  { 215747, true },
+  { 215756, true },
+  { 215766, true },
+  { 215778, true },
+  { 215792, true },
+  { 215811, true },
+  { 215831, true },
+  { 215844, true },
+  { 215855, true },
+  { 215869, true },
+  { 215883, true },
+  { 215895, true },
+  { 215909, true },
+  { 215922, true },
+  { 215939, true },
+  { 215947, true },
+  { 215955, true },
+  { 215969, true },
+  { 215988, true },
+  { 216007, true },
+  { 216022, true },
+  { 216037, true },
+  { 216052, true },
+  { 216067, true },
+  { 216082, true },
+  { 216097, true },
+  { 216110, true },
+  { 216124, true },
+  { 216136, true },
+  { 216150, true },
+  { 216161, true },
+  { 216177, true },
+  { 216191, true },
+  { 216202, true },
+  { 216220, true },
+  { 216234, true },
+  { 216249, true },
+  { 216261, true },
+  { 216274, true },
+  { 216289, true },
+  { 216307, true },
+  { 216323, true },
+  { 216337, true },
+  { 216347, true },
+  { 216357, true },
+  { 216378, true },
+  { 216394, true },
+  { 216411, true },
+  { 216441, true },
+  { 216455, false },
+  { 216469, true },
+  { 216487, true },
+  { 216497, true },
+  { 216517, true },
+  { 216532, true },
+  { 216544, true },
+  { 216558, true },
+  { 216573, false },
+  { 216589, false },
+  { 216611, true },
+  { 216621, true },
+  { 216633, true },
+  { 216651, true },
+  { 216670, true },
+  { 216688, true },
+  { 216700, true },
+  { 216713, true },
+  { 216733, true },
+  { 216746, true },
+  { 216765, true },
+  { 216779, true },
+  { 216796, true },
+  { 216812, true },
+  { 216826, true },
+  { 216842, false },
+  { 216861, true },
+  { 216878, true },
+  { 216888, true },
+  { 216903, true },
+  { 216931, true },
+  { 216945, true },
+  { 216963, true },
+  { 216976, true },
+  { 216991, true },
+  { 217011, true },
+  { 217027, true },
+  { 217039, true },
+  { 217056, true },
+  { 217071, true },
+  { 217082, true },
+  { 217116, true },
+  { 217132, true },
+  { 217143, true },
+  { 217158, true },
+  { 217172, true },
+  { 217187, true },
+  { 217202, true },
+  { 217216, true },
+  { 217243, true },
+  { 217251, true },
+  { 217261, true },
+  { 217284, true },
+  { 217299, true },
+  { 217318, true },
+  { 217332, true },
+  { 217347, true },
+  { 217362, true },
+  { 217380, true },
+  { 217399, true },
+  { 217418, true },
+  { 217437, true },
+  { 217458, true },
+  { 217475, true },
+  { 217494, true },
+  { 217507, true },
+  { 217520, false },
+  { 217543, true },
+  { 217559, true },
+  { 217570, true },
+  { 217583, true },
+  { 217594, true },
+  { 217606, true },
+  { 217621, true },
+  { 217636, true },
+  { 217651, true },
+  { 217666, true },
+  { 217682, true },
+  { 217699, true },
+  { 217711, true },
+  { 217727, true },
+  { 217736, true },
+  { 217750, true },
+  { 217765, true },
+  { 217778, true },
+  { 217796, true },
+  { 217815, true },
+  { 217824, true },
+  { 217835, true },
+  { 217845, true },
+  { 217864, true },
+  { 217878, true },
+  { 217902, true },
+  { 217926, true },
+  { 217943, true },
+  { 217971, true },
+  { 217991, true },
+  { 218003, true },
+  { 218015, true },
+  { 218027, true },
+  { 218040, true },
+  { 218052, true },
+  { 218067, true },
+  { 218081, true },
+  { 218098, true },
+  { 218115, true },
+  { 218129, true },
+  { 218144, true },
+  { 218157, true },
+  { 218169, true },
+  { 218189, true },
+  { 218209, true },
+  { 218229, true },
+  { 218245, true },
+  { 218262, true },
+  { 218279, true },
+  { 218295, true },
+  { 218309, true },
+  { 218335, true },
+  { 218350, true },
+  { 218366, true },
+  { 218384, true },
+  { 218401, true },
+  { 218419, true },
+  { 218436, true },
+  { 218453, true },
+  { 218465, true },
+  { 218473, true },
+  { 218497, true },
+  { 218517, true },
+  { 218538, false },
+  { 218549, true },
+  { 218560, true },
+  { 218574, true },
+  { 218586, true },
+  { 218599, true },
+  { 218625, true },
+  { 218651, true },
+  { 218672, true },
+  { 218687, true },
+  { 218695, true },
+  { 218710, true },
+  { 218724, true },
+  { 218738, true },
+  { 218750, true },
+  { 218765, true },
+  { 218773, true },
+  { 218784, true },
+  { 218804, true },
+  { 218822, true },
+  { 218839, true },
+  { 218849, true },
+  { 218870, true },
+  { 218888, true },
+  { 218903, true },
+  { 218921, true },
+  { 218937, true },
+  { 218945, true },
+  { 218953, true },
+  { 218966, true },
+  { 218975, true },
+  { 218991, true },
+  { 219004, false },
+  { 219018, true },
+  { 219029, true },
+  { 219046, true },
+  { 219058, true },
+  { 219070, true },
+  { 219085, false },
+  { 219096, true },
+  { 219111, true },
+  { 219124, true },
+  { 219140, true },
+  { 219156, true },
+  { 219173, true },
+  { 219186, true },
+  { 219196, true },
+  { 219204, true },
+  { 219214, false },
+  { 219228, true },
+  { 219246, true },
+  { 219257, false },
+  { 219269, true },
+  { 219278, true },
+  { 219292, true },
+  { 219304, true },
+  { 219321, true },
+  { 219337, true },
+  { 219353, true },
+  { 219361, true },
+  { 219381, true },
+  { 219391, true },
+  { 219402, true },
+  { 219417, true },
+  { 219435, true },
+  { 219453, true },
+  { 219471, true },
+  { 219487, true },
+  { 219505, true },
+  { 219522, true },
+  { 219541, true },
+  { 219549, true },
+  { 219562, true },
+  { 219574, true },
+  { 219584, true },
+  { 219598, true },
+  { 219611, true },
+  { 219625, true },
+  { 219640, true },
+  { 219657, true },
+  { 219677, true },
+  { 219692, true },
+  { 219707, true },
+  { 219725, true },
+  { 219743, true },
+  { 219762, true },
+  { 219782, true },
+  { 219798, true },
+  { 219818, true },
+  { 219831, true },
+  { 219841, true },
+  { 219871, true },
+  { 219889, true },
+  { 219906, true },
+  { 219921, true },
+  { 219932, true },
+  { 219950, true },
+  { 219969, true },
+  { 219988, true },
+  { 219999, true },
+  { 220010, true },
+  { 220023, true },
+  { 220039, true },
+  { 220055, false },
+  { 220063, true },
+  { 220072, true },
+  { 220098, true },
+  { 220118, true },
+  { 220152, true },
+  { 220182, true },
+  { 220206, true },
+  { 220221, true },
+  { 220237, true },
+  { 220253, true },
+  { 220270, true },
+  { 220285, true },
+  { 220302, true },
+  { 220330, true },
+  { 220362, true },
+  { 220379, true },
+  { 220399, true },
+  { 220424, true },
+  { 220440, true },
+  { 220454, true },
+  { 220468, true },
+  { 220478, true },
+  { 220501, true },
+  { 220521, true },
+  { 220536, true },
+  { 220561, true },
+  { 220574, true },
+  { 220582, true },
+  { 220598, true },
+  { 220610, true },
+  { 220624, true },
+  { 220643, true },
+  { 220671, true },
+  { 220687, true },
+  { 220702, true },
+  { 220715, true },
+  { 220725, true },
+  { 220734, true },
+  { 220749, true },
+  { 220768, true },
+  { 220783, true },
+  { 220807, true },
+  { 220831, true },
+  { 220854, true },
+  { 220873, true },
+  { 220895, true },
+  { 220907, true },
+  { 220931, true },
+  { 220946, true },
+  { 220960, true },
+  { 220974, false },
+  { 220986, true },
+  { 221006, true },
+  { 221027, true },
+  { 221040, true },
+  { 221060, false },
+  { 221070, true },
+  { 221083, true },
+  { 221097, true },
+  { 221108, true },
+  { 221127, true },
+  { 221148, true },
+  { 221161, true },
+  { 221183, true },
+  { 221203, true },
+  { 221215, true },
+  { 221232, true },
+  { 221243, true },
+  { 221268, false },
+  { 221276, true },
+  { 221299, true },
+  { 221309, true },
+  { 221319, true },
+  { 221326, true },
+  { 221339, true },
+  { 221350, true },
+  { 221365, true },
+  { 221378, true },
+  { 221395, true },
+  { 221403, true },
+  { 221414, true },
+  { 221434, true },
+  { 221443, true },
+  { 221455, true },
+  { 221465, true },
+  { 221475, true },
+  { 221487, true },
+  { 221496, true },
+  { 221507, true },
+  { 221519, true },
+  { 221529, true },
+  { 221537, true },
+  { 221544, true },
+  { 221554, true },
+  { 221574, true },
+  { 221588, true },
+  { 221600, true },
+  { 221619, true },
+  { 221628, true },
+  { 221644, false },
+  { 221658, true },
+  { 221672, true },
+  { 221685, true },
+  { 221695, true },
+  { 221708, true },
+  { 221718, true },
+  { 221733, true },
+  { 221746, true },
+  { 221759, true },
+  { 221770, true },
+  { 221785, true },
+  { 221795, false },
+  { 221805, true },
+  { 221822, true },
+  { 221834, true },
+  { 221847, true },
+  { 221866, true },
+  { 221881, true },
+  { 221894, true },
+  { 221903, true },
+  { 221914, true },
+  { 221928, true },
+  { 221939, true },
+  { 221953, true },
+  { 221973, true },
+  { 221989, true },
+  { 222000, true },
+  { 222011, true },
+  { 222021, true },
+  { 222037, true },
+  { 222054, true },
+  { 222069, true },
+  { 222086, true },
+  { 222102, true },
+  { 222127, true },
+  { 222142, true },
+  { 222151, true },
+  { 222165, true },
+  { 222178, true },
+  { 222197, true },
+  { 222210, true },
+  { 222227, true },
+  { 222244, true },
+  { 222254, true },
+  { 222264, true },
+  { 222289, true },
+  { 222297, true },
+  { 222312, true },
+  { 222323, true },
+  { 222340, true },
+  { 222357, true },
+  { 222372, true },
+  { 222384, true },
+  { 222403, true },
+  { 222417, true },
+  { 222427, true },
+  { 222435, true },
+  { 222454, true },
+  { 222479, true },
+  { 222497, true },
+  { 222517, true },
+  { 222526, true },
+  { 222538, true },
+  { 222552, true },
+  { 222565, true },
+  { 222581, true },
+  { 222595, true },
+  { 222623, true },
+  { 222665, true },
+  { 222685, true },
+  { 222699, true },
+  { 222727, true },
+  { 222752, true },
+  { 222780, true },
+  { 222806, true },
+  { 222838, true },
+  { 222849, true },
+  { 222864, true },
+  { 222873, true },
+  { 222887, true },
+  { 222900, true },
+  { 222909, true },
+  { 222921, true },
+  { 222933, true },
+  { 222951, true },
+  { 222964, true },
+  { 222977, true },
+  { 222989, true },
+  { 223004, true },
+  { 223022, true },
+  { 223032, true },
+  { 223045, true },
+  { 223061, true },
+  { 223074, true },
+  { 223087, true },
+  { 223101, true },
+  { 223121, true },
+  { 223131, true },
+  { 223143, true },
+  { 223157, true },
+  { 223172, true },
+  { 223188, true },
+  { 223200, false },
+  { 223217, true },
+  { 223232, true },
+  { 223245, true },
+  { 223263, true },
+  { 223274, true },
+  { 223287, true },
+  { 223299, true },
+  { 223314, true },
+  { 223327, true },
+  { 223339, true },
+  { 223349, true },
+  { 223365, true },
+  { 223375, true },
+  { 223384, true },
+  { 223399, true },
+  { 223414, true },
+  { 223435, true },
+  { 223451, true },
+  { 223464, true },
+  { 223479, true },
+  { 223497, true },
+  { 223512, true },
+  { 223526, true },
+  { 223544, true },
+  { 223562, true },
+  { 223574, true },
+  { 223585, true },
+  { 223593, true },
+  { 223606, false },
+  { 223623, true },
+  { 223636, true },
+  { 223647, true },
+  { 223667, true },
+  { 223680, true },
+  { 223689, true },
+  { 223703, true },
+  { 223723, false },
+  { 223734, true },
+  { 223743, true },
+  { 223765, true },
+  { 223774, true },
+  { 223792, true },
+  { 223807, true },
+  { 223814, true },
+  { 223833, true },
+  { 223852, true },
+  { 223863, true },
+  { 223878, true },
+  { 223896, true },
+  { 223911, true },
+  { 223925, true },
+  { 223939, true },
+  { 223951, true },
+  { 223968, true },
+  { 223987, true },
+  { 224001, true },
+  { 224019, true },
+  { 224039, true },
+  { 224063, true },
+  { 224074, true },
+  { 224088, true },
+  { 224102, true },
+  { 224120, true },
+  { 224133, true },
+  { 224146, true },
+  { 224159, false },
+  { 224170, true },
+  { 224185, true },
+  { 224198, true },
+  { 224210, true },
+  { 224233, true },
+  { 224248, true },
+  { 224258, true },
+  { 224267, true },
+  { 224284, true },
+  { 224297, true },
+  { 224307, true },
+  { 224341, true },
+  { 224351, true },
+  { 224369, true },
+  { 224381, false },
+  { 224392, true },
+  { 224401, true },
+  { 224412, true },
+  { 224426, true },
+  { 224441, true },
+  { 224456, true },
+  { 224470, true },
+  { 224481, true },
+  { 224501, true },
+  { 224511, true },
+  { 224524, true },
+  { 224532, true },
+  { 224546, true },
+  { 224556, true },
+  { 224581, true },
+  { 224595, true },
+  { 224604, true },
+  { 224612, true },
+  { 224625, true },
+  { 224644, true },
+  { 224662, true },
+  { 224673, true },
+  { 224686, true },
+  { 224696, true },
+  { 224707, true },
+  { 224731, true },
+  { 224741, true },
+  { 224749, true },
+  { 224759, true },
+  { 224769, true },
+  { 224779, true },
+  { 224790, true },
+  { 224807, true },
+  { 224818, true },
+  { 224837, true },
+  { 224855, true },
+  { 224866, true },
+  { 224877, true },
+  { 224895, true },
+  { 224911, true },
+  { 224923, true },
+  { 224937, true },
+  { 224947, true },
+  { 224961, false },
+  { 224976, true },
+  { 224995, true },
+  { 225009, true },
+  { 225021, true },
+  { 225031, true },
+  { 225048, true },
+  { 225063, true },
+  { 225073, true },
+  { 225088, true },
+  { 225118, true },
+  { 225131, true },
+  { 225151, true },
+  { 225163, true },
+  { 225178, true },
+  { 225190, true },
+  { 225203, true },
+  { 225212, true },
+  { 225221, true },
+  { 225230, true },
+  { 225238, true },
+  { 225248, true },
+  { 225272, true },
+  { 225291, true },
+  { 225308, true },
+  { 225328, true },
+  { 225345, true },
+  { 225357, true },
+  { 225372, true },
+  { 225385, true },
+  { 225398, true },
+  { 225418, true },
+  { 225425, true },
+  { 225441, true },
+  { 225469, true },
+  { 225496, true },
+  { 225522, true },
+  { 225547, true },
+  { 225557, true },
+  { 225566, true },
+  { 225581, true },
+  { 225596, true },
+  { 225607, true },
+  { 225619, true },
+  { 225635, true },
+  { 225655, true },
+  { 225669, true },
+  { 225682, true },
+  { 225697, true },
+  { 225705, true },
+  { 225721, false },
+  { 225734, true },
+  { 225744, true },
+  { 225768, true },
+  { 225779, true },
+  { 225792, true },
+  { 225807, true },
+  { 225822, true },
+  { 225840, true },
+  { 225852, true },
+  { 225862, true },
+  { 225877, true },
+  { 225892, true },
+  { 225905, true },
+  { 225921, true },
+  { 225937, true },
+  { 225960, true },
+  { 225974, true },
+  { 225984, true },
+  { 226006, true },
+  { 226025, true },
+  { 226041, true },
+  { 226054, true },
+  { 226067, true },
+  { 226082, true },
+  { 226101, true },
+  { 226113, true },
+  { 226131, true },
+  { 226147, true },
+  { 226161, false },
+  { 226173, true },
+  { 226187, true },
+  { 226202, true },
+  { 226215, true },
+  { 226227, true },
+  { 226243, true },
+  { 226258, true },
+  { 226275, true },
+  { 226291, true },
+  { 226309, true },
+  { 226325, true },
+  { 226335, true },
+  { 226344, true },
+  { 226357, true },
+  { 226368, true },
+  { 226380, true },
+  { 226391, true },
+  { 226408, true },
+  { 226428, true },
+  { 226441, true },
+  { 226466, true },
+  { 226477, true },
+  { 226488, true },
+  { 226505, true },
+  { 226528, true },
+  { 226543, true },
+  { 226558, true },
+  { 226569, false },
+  { 226581, true },
+  { 226598, true },
+  { 226606, true },
+  { 226622, true },
+  { 226633, true },
+  { 226652, true },
+  { 226664, true },
+  { 226677, true },
+  { 226687, true },
+  { 226697, true },
+  { 226708, true },
+  { 226716, true },
+  { 226732, true },
+  { 226744, true },
+  { 226761, true },
+  { 226776, true },
+  { 226786, true },
+  { 226805, true },
+  { 226828, true },
+  { 226839, true },
+  { 226851, true },
+  { 226867, true },
+  { 226878, true },
+  { 226898, true },
+  { 226914, true },
+  { 226929, true },
+  { 226942, true },
+  { 226958, true },
+  { 226975, true },
+  { 226998, true },
+  { 227029, true },
+  { 227042, true },
+  { 227061, true },
+  { 227085, true },
+  { 227113, true },
+  { 227137, true },
+  { 227151, true },
+  { 227172, true },
+  { 227188, true },
+  { 227198, true },
+  { 227217, true },
+  { 227227, true },
+  { 227238, true },
+  { 227249, true },
+  { 227262, true },
+  { 227284, true },
+  { 227296, true },
+  { 227316, true },
+  { 227330, true },
+  { 227341, true },
+  { 227351, true },
+  { 227365, true },
+  { 227373, true },
+  { 227386, true },
+  { 227396, true },
+  { 227414, true },
+  { 227428, true },
+  { 227453, true },
+  { 227465, true },
+  { 227482, true },
+  { 227509, true },
+  { 227523, true },
+  { 227535, true },
+  { 227551, true },
+  { 227564, true },
+  { 227576, true },
+  { 227588, true },
+  { 227599, true },
+  { 227609, false },
+  { 227621, true },
+  { 227638, true },
+  { 227662, true },
+  { 227679, true },
+  { 227687, true },
+  { 227707, true },
+  { 227734, true },
+  { 227759, true },
+  { 227775, true },
+  { 227795, true },
+  { 227807, true },
+  { 227820, true },
+  { 227846, true },
+  { 227870, true },
+  { 227882, true },
+  { 227898, true },
+  { 227913, true },
+  { 227934, false },
+  { 227948, true },
+  { 227967, true },
+  { 227997, true },
+  { 228034, true },
+  { 228066, true },
+  { 228093, true },
+  { 228110, true },
+  { 228127, true },
+  { 228144, true },
+  { 228164, true },
+  { 228174, true },
+  { 228191, true },
+  { 228205, true },
+  { 228222, true },
+  { 228235, true },
+  { 228247, true },
+  { 228259, true },
+  { 228272, true },
+  { 228282, true },
+  { 228305, false },
+  { 228319, true },
+  { 228342, false },
+  { 228356, true },
+  { 228368, true },
+  { 228379, true },
+  { 228397, true },
+  { 228410, true },
+  { 228425, true },
+  { 228439, true },
+  { 228455, true },
+  { 228469, true },
+  { 228487, true },
+  { 228497, true },
+  { 228509, true },
+  { 228532, true },
+  { 228550, true },
+  { 228583, true },
+  { 228593, true },
+  { 228602, false },
+  { 228611, true },
+  { 228630, true },
+  { 228642, true },
+  { 228656, true },
+  { 228669, true },
+  { 228690, true },
+  { 228704, true },
+  { 228718, true },
+  { 228736, true },
+  { 228754, true },
+  { 228771, true },
+  { 228787, true },
+  { 228800, true },
+  { 228813, true },
+  { 228825, true },
+  { 228837, true },
+  { 228851, true },
+  { 228868, true },
+  { 228889, true },
+  { 228906, true },
+  { 228920, true },
+  { 228943, true },
+  { 228961, true },
+  { 228983, true },
+  { 229004, true },
+  { 229027, true },
+  { 229054, true },
+  { 229078, true },
+  { 229101, true },
+  { 229115, true },
+  { 229129, true },
+  { 229147, true },
+  { 229160, true },
+  { 229172, true },
+  { 229183, true },
+  { 229199, true },
+  { 229216, true },
+  { 229230, true },
+  { 229244, true },
+  { 229253, true },
+  { 229263, true },
+  { 229275, true },
+  { 229288, true },
+  { 229300, false },
+  { 229323, true },
+  { 229335, false },
+  { 229348, true },
+  { 229356, true },
+  { 229367, true },
+  { 229384, true },
+  { 229393, true },
+  { 229401, true },
+  { 229414, true },
+  { 229429, true },
+  { 229438, true },
+  { 229461, true },
+  { 229473, true },
+  { 229489, true },
+  { 229501, true },
+  { 229524, true },
+  { 229540, true },
+  { 229556, true },
+  { 229571, true },
+  { 229584, true },
+  { 229594, true },
+  { 229603, true },
+  { 229610, true },
+  { 229622, true },
+  { 229638, true },
+  { 229651, true },
+  { 229668, true },
+  { 229691, true },
+  { 229708, true },
+  { 229726, true },
+  { 229739, true },
+  { 229756, true },
+  { 229770, true },
+  { 229796, true },
+  { 229809, true },
+  { 229823, true },
+  { 229837, true },
+  { 229849, true },
+  { 229858, true },
+  { 229872, true },
+  { 229888, true },
+  { 229905, true },
+  { 229917, true },
+  { 229930, false },
+  { 229945, true },
+  { 229966, true },
+  { 229979, true },
+  { 229994, true },
+  { 230008, true },
+  { 230034, true },
+  { 230044, true },
+  { 230055, true },
+  { 230070, true },
+  { 230088, true },
+  { 230098, true },
+  { 230107, true },
+  { 230121, true },
+  { 230139, true },
+  { 230156, true },
+  { 230164, true },
+  { 230174, true },
+  { 230191, true },
+  { 230199, true },
+  { 230212, true },
+  { 230222, true },
+  { 230233, true },
+  { 230251, true },
+  { 230265, true },
+  { 230279, true },
+  { 230287, true },
+  { 230305, true },
+  { 230324, true },
+  { 230332, true },
+  { 230344, true },
+  { 230358, true },
+  { 230376, true },
+  { 230385, true },
+  { 230396, true },
+  { 230409, true },
+  { 230431, true },
+  { 230446, true },
+  { 230464, true },
+  { 230472, true },
+  { 230486, true },
+  { 230495, true },
+  { 230510, true },
+  { 230528, true },
+  { 230550, true },
+  { 230562, true },
+  { 230572, true },
+  { 230582, true },
+  { 230592, true },
+  { 230603, true },
+  { 230609, true },
+  { 230623, true },
+  { 230634, true },
+  { 230646, true },
+  { 230659, true },
+  { 230672, true },
+  { 230687, true },
+  { 230698, true },
+  { 230712, true },
+  { 230726, true },
+  { 230737, true },
+  { 230745, true },
+  { 230756, true },
+  { 230767, true },
+  { 230781, true },
+  { 230795, true },
+  { 230819, false },
+  { 230840, true },
+  { 230858, true },
+  { 230875, true },
+  { 230892, true },
+  { 230911, true },
+  { 230923, true },
+  { 230935, true },
+  { 230943, true },
+  { 230952, true },
+  { 230965, true },
+  { 230973, true },
+  { 230988, true },
+  { 230996, true },
+  { 231010, true },
+  { 231023, true },
+  { 231035, true },
+  { 231052, true },
+  { 231067, true },
+  { 231080, true },
+  { 231094, true },
+  { 231104, true },
+  { 231119, true },
+  { 231138, true },
+  { 231160, true },
+  { 231171, true },
+  { 231182, true },
+  { 231193, true },
+  { 231204, true },
+  { 231214, true },
+  { 231225, false },
+  { 231246, true },
+  { 231260, true },
+  { 231272, true },
+  { 231286, true },
+  { 231298, true },
+  { 231315, true },
+  { 231327, true },
+  { 231345, true },
+  { 231359, true },
+  { 231370, true },
+  { 231382, true },
+  { 231399, true },
+  { 231410, true },
+  { 231420, true },
+  { 231440, true },
+  { 231451, true },
+  { 231465, true },
+  { 231479, true },
+  { 231490, true },
+  { 231512, true },
+  { 231525, true },
+  { 231536, true },
+  { 231549, true },
+  { 231561, true },
+  { 231580, true },
+  { 231589, true },
+  { 231605, true },
+  { 231618, true },
+  { 231642, true },
+  { 231656, true },
+  { 231671, true },
+  { 231685, true },
+  { 231700, true },
+  { 231714, true },
+  { 231722, true },
+  { 231736, true },
+  { 231746, true },
+  { 231757, true },
+  { 231769, false },
+  { 231782, true },
+  { 231795, true },
+  { 231808, true },
+  { 231820, true },
+  { 231832, true },
+  { 231842, true },
+  { 231857, true },
+  { 231867, true },
+  { 231884, true },
+  { 231892, true },
+  { 231906, true },
+  { 231919, true },
+  { 231930, true },
+  { 231941, true },
+  { 231970, true },
+  { 231980, true },
+  { 231999, true },
+  { 232012, true },
+  { 232025, true },
+  { 232038, false },
+  { 232049, true },
+  { 232059, true },
+  { 232073, true },
+  { 232095, true },
+  { 232109, true },
+  { 232122, true },
+  { 232134, true },
+  { 232146, true },
+  { 232156, true },
+  { 232169, true },
+  { 232183, true },
+  { 232193, true },
+  { 232204, true },
+  { 232214, true },
+  { 232225, true },
+  { 232238, true },
+  { 232250, true },
+  { 232265, true },
+  { 232289, true },
+  { 232302, true },
+  { 232313, true },
+  { 232326, true },
+  { 232341, true },
+  { 232353, true },
+  { 232373, true },
+  { 232384, true },
+  { 232404, true },
+  { 232419, true },
+  { 232427, true },
+  { 232439, true },
+  { 232449, true },
+  { 232457, false },
+  { 232477, true },
+  { 232499, true },
+  { 232511, true },
+  { 232522, true },
+  { 232531, true },
+  { 232539, true },
+  { 232548, true },
+  { 232560, true },
+  { 232572, true },
+  { 232582, true },
+  { 232592, true },
+  { 232609, true },
+  { 232617, true },
+  { 232631, true },
+  { 232641, true },
+  { 232654, true },
+  { 232668, false },
+  { 232679, true },
+  { 232692, true },
+  { 232706, true },
+  { 232718, true },
+  { 232737, true },
+  { 232758, true },
+  { 232781, true },
+  { 232790, true },
+  { 232807, true },
+  { 232823, true },
+  { 232841, true },
+  { 232860, true },
+  { 232873, true },
+  { 232887, true },
+  { 232897, true },
+  { 232914, true },
+  { 232937, true },
+  { 232956, true },
+  { 232965, true },
+  { 232977, true },
+  { 233001, true },
+  { 233014, true },
+  { 233032, true },
+  { 233049, true },
+  { 233067, true },
+  { 233078, true },
+  { 233092, true },
+  { 233110, true },
+  { 233123, true },
+  { 233133, true },
+  { 233147, true },
+  { 233157, true },
+  { 233169, true },
+  { 233182, true },
+  { 233201, true },
+  { 233214, true },
+  { 233224, true },
+  { 233233, true },
+  { 233245, true },
+  { 233257, true },
+  { 233265, true },
+  { 233284, true },
+  { 233296, true },
+  { 233306, true },
+  { 233324, true },
+  { 233332, true },
+  { 233354, false },
+  { 233367, true },
+  { 233377, true },
+  { 233385, true },
+  { 233392, true },
+  { 233399, true },
+  { 233411, true },
+  { 233423, true },
+  { 233433, true },
+  { 233445, true },
+  { 233453, true },
+  { 233465, true },
+  { 233480, true },
+  { 233489, true },
+  { 233497, true },
+  { 233514, true },
+  { 233529, true },
+  { 233542, true },
+  { 233560, true },
+  { 233573, true },
+  { 233580, true },
+  { 233586, true },
+  { 233598, true },
+  { 233608, true },
+  { 233617, true },
+  { 233627, true },
+  { 233634, false },
+  { 233649, true },
+  { 233660, true },
+  { 233671, true },
+  { 233687, true },
+  { 233702, true },
+  { 233721, true },
+  { 233737, true },
+  { 233750, true },
+  { 233772, true },
+  { 233785, true },
+  { 233799, true },
+  { 233817, true },
+  { 233829, true },
+  { 233843, true },
+  { 233856, true },
+  { 233879, true },
+  { 233890, true },
+  { 233899, true },
+  { 233914, true },
+  { 233933, true },
+  { 233943, true },
+  { 233955, true },
+  { 233963, true },
+  { 233976, true },
+  { 233988, true },
+  { 234001, true },
+  { 234021, true },
+  { 234040, true },
+  { 234049, true },
+  { 234065, true },
+  { 234082, true },
+  { 234094, true },
+  { 234114, true },
+  { 234124, true },
+  { 234138, true },
+  { 234150, true },
+  { 234165, true },
+  { 234180, true },
+  { 234193, true },
+  { 234212, true },
+  { 234224, false },
+  { 234239, true },
+  { 234249, true },
+  { 234266, true },
+  { 234278, true },
+  { 234291, true },
+  { 234310, true },
+  { 234329, true },
+  { 234347, true },
+  { 234359, true },
+  { 234370, true },
+  { 234389, true },
+  { 234413, true },
+  { 234424, true },
+  { 234438, true },
+  { 234447, true },
+  { 234464, true },
+  { 234479, true },
+  { 234488, true },
+  { 234498, true },
+  { 234513, true },
+  { 234527, true },
+  { 234546, true },
+  { 234558, true },
+  { 234573, true },
+  { 234584, true },
+  { 234593, true },
+  { 234600, true },
+  { 234612, true },
+  { 234622, true },
+  { 234641, true },
+  { 234656, true },
+  { 234666, true },
+  { 234675, true },
+  { 234685, true },
+  { 234693, true },
+  { 234701, true },
+  { 234711, true },
+  { 234722, true },
+  { 234732, true },
+  { 234744, true },
+  { 234752, true },
+  { 234763, true },
+  { 234775, true },
+  { 234789, true },
+  { 234804, true },
+  { 234818, true },
+  { 234832, true },
+  { 234851, true },
+  { 234865, false },
+  { 234876, true },
+  { 234885, true },
+  { 234901, true },
+  { 234923, true },
+  { 234933, true },
+  { 234950, true },
+  { 234962, true },
+  { 234975, true },
+  { 234989, true },
+  { 235007, true },
+  { 235026, true },
+  { 235046, true },
+  { 235059, true },
+  { 235070, true },
+  { 235077, false },
+  { 235097, true },
+  { 235109, true },
+  { 235119, true },
+  { 235128, true },
+  { 235140, true },
+  { 235158, true },
+  { 235170, true },
+  { 235184, true },
+  { 235202, true },
+  { 235217, true },
+  { 235230, true },
+  { 235243, true },
+  { 235268, true },
+  { 235285, true },
+  { 235297, true },
+  { 235309, true },
+  { 235328, true },
+  { 235339, true },
+  { 235356, true },
+  { 235366, true },
+  { 235393, true },
+  { 235407, true },
+  { 235422, true },
+  { 235447, true },
+  { 235470, true },
+  { 235493, false },
+  { 235548, true },
+  { 235575, true },
+  { 235590, true },
+  { 235618, true },
+  { 235630, true },
+  { 235642, true },
+  { 235656, true },
+  { 235667, true },
+  { 235679, true },
+  { 235701, false },
+  { 235717, true },
+  { 235729, true },
+  { 235742, true },
+  { 235767, true },
+  { 235788, true },
+  { 235798, true },
+  { 235811, true },
+  { 235821, true },
+  { 235836, true },
+  { 235847, true },
+  { 235870, true },
+  { 235882, true },
+  { 235892, true },
+  { 235914, true },
+  { 235937, true },
+  { 235947, true },
+  { 235957, true },
+  { 235969, true },
+  { 235989, true },
+  { 236012, true },
+  { 236025, true },
+  { 236036, false },
+  { 236050, true },
+  { 236072, true },
+  { 236090, true },
+  { 236101, true },
+  { 236120, true },
+  { 236136, true },
+  { 236150, true },
+  { 236171, true },
+  { 236196, true },
+  { 236210, true },
+  { 236223, true },
+  { 236240, true },
+  { 236263, true },
+  { 236298, true },
+  { 236321, true },
+  { 236351, true },
+  { 236378, true },
+  { 236399, true },
+  { 236422, true },
+  { 236449, true },
+  { 236462, true },
+  { 236477, true },
+  { 236487, true },
+  { 236496, true },
+  { 236509, true },
+  { 236529, true },
+  { 236540, true },
+  { 236552, true },
+  { 236574, true },
+  { 236587, false },
+  { 236604, true },
+  { 236618, true },
+  { 236635, true },
+  { 236652, true },
+  { 236664, true },
+  { 236678, true },
+  { 236692, true },
+  { 236702, true },
+  { 236719, true },
+  { 236730, true },
+  { 236741, true },
+  { 236756, true },
+  { 236776, true },
+  { 236789, true },
+  { 236801, true },
+  { 236813, false },
+  { 236822, true },
+  { 236843, true },
+  { 236866, true },
+  { 236878, true },
+  { 236894, true },
+  { 236908, true },
+  { 236920, true },
+  { 236933, true },
+  { 236947, true },
+  { 236960, true },
+  { 236972, true },
+  { 236989, false },
+  { 236999, true },
+  { 237020, true },
+  { 237034, true },
+  { 237043, true },
+  { 237063, true },
+  { 237073, true },
+  { 237086, true },
+  { 237104, true },
+  { 237122, true },
+  { 237134, true },
+  { 237148, true },
+  { 237166, true },
+  { 237177, true },
+  { 237199, true },
+  { 237221, true },
+  { 237233, true },
+  { 237246, true },
+  { 237256, true },
+  { 237279, true },
+  { 237293, true },
+  { 237305, true },
+  { 237324, true },
+  { 237336, true },
+  { 237350, true },
+  { 237369, true },
+  { 237381, true },
+  { 237393, true },
+  { 237413, true },
+  { 237425, true },
+  { 237446, true },
+  { 237459, true },
+  { 237482, true },
+  { 237503, true },
+  { 237519, true },
+  { 237531, true },
+  { 237560, true },
+  { 237573, true },
+  { 237583, true },
+  { 237600, true },
+  { 237615, true },
+  { 237629, true },
+  { 237640, true },
+  { 237654, true },
+  { 237667, true },
+  { 237681, true },
+  { 237694, true },
+  { 237707, true },
+  { 237725, true },
+  { 237738, true },
+  { 237752, true },
+  { 237767, true },
+  { 237779, true },
+  { 237793, true },
+  { 237808, true },
+  { 237831, true },
+  { 237839, true },
+  { 237849, true },
+  { 237862, true },
+  { 237886, true },
+  { 237908, true },
+  { 237920, true },
+  { 237938, true },
+  { 237955, true },
+  { 237973, true },
+  { 237991, true },
+  { 238010, true },
+  { 238033, true },
+  { 238046, false },
+  { 238059, true },
+  { 238078, true },
+  { 238096, true },
+  { 238108, true },
+  { 238115, true },
+  { 238131, true },
+  { 238155, true },
+  { 238173, true },
+  { 238181, true },
+  { 238198, true },
+  { 238220, true },
+  { 238235, false },
+  { 238253, true },
+  { 238273, true },
+  { 238291, true },
+  { 238304, true },
+  { 238319, true },
+  { 238333, true },
+  { 238348, true },
+  { 238373, true },
+  { 238390, true },
+  { 238412, true },
+  { 238429, true },
+  { 238440, true },
+  { 238459, true },
+  { 238475, true },
+  { 238489, true },
+  { 238502, true },
+  { 238516, true },
+  { 238531, true },
+  { 238542, true },
+  { 238570, true },
+  { 238597, true },
+  { 238622, true },
+  { 238650, true },
+  { 238664, true },
+  { 238683, true },
+  { 238704, true },
+  { 238723, true },
+  { 238755, true },
+  { 238771, true },
+  { 238792, true },
+  { 238808, true },
+  { 238827, true },
+  { 238838, true },
+  { 238858, true },
+  { 238876, true },
+  { 238887, true },
+  { 238905, true },
+  { 238916, true },
+  { 238928, true },
+  { 238940, true },
+  { 238950, true },
+  { 238964, true },
+  { 238979, true },
+  { 238989, true },
+  { 239017, true },
+  { 239029, false },
+  { 239040, true },
+  { 239054, true },
+  { 239067, true },
+  { 239082, true },
+  { 239093, true },
+  { 239116, true },
+  { 239132, true },
+  { 239155, true },
+  { 239164, true },
+  { 239180, true },
+  { 239202, true },
+  { 239214, true },
+  { 239225, true },
+  { 239237, true },
+  { 239252, true },
+  { 239266, true },
+  { 239280, true },
+  { 239291, true },
+  { 239303, true },
+  { 239315, true },
+  { 239326, true },
+  { 239333, true },
+  { 239352, true },
+  { 239370, true },
+  { 239378, true },
+  { 239391, true },
+  { 239400, true },
+  { 239409, true },
+  { 239424, true },
+  { 239434, true },
+  { 239449, false },
+  { 239457, true },
+  { 239471, true },
+  { 239489, false },
+  { 239500, true },
+  { 239511, true },
+  { 239522, true },
+  { 239546, true },
+  { 239565, false },
+  { 239575, true },
+  { 239583, true },
+  { 239597, true },
+  { 239610, true },
+  { 239626, true },
+  { 239650, true },
+  { 239657, true },
+  { 239669, true },
+  { 239677, true },
+  { 239689, true },
+  { 239700, true },
+  { 239713, true },
+  { 239731, true },
+  { 239749, true },
+  { 239760, true },
+  { 239774, true },
+  { 239794, true },
+  { 239809, true },
+  { 239826, true },
+  { 239842, true },
+  { 239855, true },
+  { 239866, true },
+  { 239881, true },
+  { 239902, true },
+  { 239913, true },
+  { 239931, true },
+  { 239946, true },
+  { 239964, false },
+  { 239983, true },
+  { 239999, true },
+  { 240014, true },
+  { 240030, true },
+  { 240051, true },
+  { 240071, true },
+  { 240084, true },
+  { 240098, true },
+  { 240111, true },
+  { 240121, true },
+  { 240131, true },
+  { 240156, true },
+  { 240171, true },
+  { 240196, true },
+  { 240216, true },
+  { 240232, true },
+  { 240247, true },
+  { 240263, true },
+  { 240274, true },
+  { 240285, true },
+  { 240296, true },
+  { 240309, true },
+  { 240332, true },
+  { 240348, true },
+  { 240364, true },
+  { 240383, true },
+  { 240401, true },
+  { 240413, false },
+  { 240423, true },
+  { 240440, true },
+  { 240466, true },
+  { 240490, true },
+  { 240516, true },
+  { 240540, true },
+  { 240553, true },
+  { 240568, true },
+  { 240579, true },
+  { 240594, true },
+  { 240603, true },
+  { 240616, true },
+  { 240628, true },
+  { 240640, true },
+  { 240654, true },
+  { 240664, true },
+  { 240677, true },
+  { 240690, true },
+  { 240706, true },
+  { 240720, true },
+  { 240734, true },
+  { 240751, true },
+  { 240767, true },
+  { 240783, true },
+  { 240801, true },
+  { 240817, true },
+  { 240830, true },
+  { 240846, true },
+  { 240861, true },
+  { 240879, true },
+  { 240898, true },
+  { 240913, true },
+  { 240925, true },
+  { 240939, true },
+  { 240956, true },
+  { 240975, true },
+  { 240995, false },
+  { 241011, true },
+  { 241022, true },
+  { 241048, true },
+  { 241057, true },
+  { 241072, true },
+  { 241083, true },
+  { 241103, true },
+  { 241124, true },
+  { 241139, true },
+  { 241160, false },
+  { 241181, true },
+  { 241211, false },
+  { 241228, true },
+  { 241239, true },
+  { 241258, true },
+  { 241273, true },
+  { 241284, true },
+  { 241298, true },
+  { 241312, true },
+  { 241335, true },
+  { 241352, true },
+  { 241380, true },
+  { 241392, true },
+  { 241415, true },
+  { 241438, true },
+  { 241446, true },
+  { 241458, true },
+  { 241471, true },
+  { 241498, true },
+  { 241508, true },
+  { 241519, true },
+  { 241528, true },
+  { 241543, true },
+  { 241555, true },
+  { 241578, true },
+  { 241595, true },
+  { 241609, true },
+  { 241619, true },
+  { 241646, true },
+  { 241658, true },
+  { 241668, true },
+  { 241689, true },
+  { 241700, true },
+  { 241713, true },
+  { 241728, true },
+  { 241741, true },
+  { 241756, true },
+  { 241771, true },
+  { 241789, true },
+  { 241803, true },
+  { 241821, true },
+  { 241832, true },
+  { 241842, true },
+  { 241855, true },
+  { 241864, true },
+  { 241879, true },
+  { 241894, true },
+  { 241903, true },
+  { 241912, false },
+  { 241929, true },
+  { 241943, true },
+  { 241952, false },
+  { 241963, true },
+  { 241974, true },
+  { 241989, true },
+  { 242005, true },
+  { 242020, true },
+  { 242035, true },
+  { 242043, true },
+  { 242060, true },
+  { 242074, true },
+  { 242094, true },
+  { 242106, true },
+  { 242117, true },
+  { 242131, true },
+  { 242143, true },
+  { 242153, true },
+  { 242168, true },
+  { 242193, true },
+  { 242211, true },
+  { 242228, true },
+  { 242245, true },
+  { 242271, true },
+  { 242279, true },
+  { 242306, true },
+  { 242324, true },
+  { 242343, true },
+  { 242355, true },
+  { 242368, true },
+  { 242387, true },
+  { 242402, true },
+  { 242426, true },
+  { 242444, true },
+  { 242459, true },
+  { 242477, true },
+  { 242500, true },
+  { 242511, true },
+  { 242527, true },
+  { 242540, true },
+  { 242555, true },
+  { 242590, true },
+  { 242605, true },
+  { 242626, true },
+  { 242640, true },
+  { 242659, true },
+  { 242670, true },
+  { 242694, true },
+  { 242710, true },
+  { 242720, true },
+  { 242731, true },
+  { 242747, true },
+  { 242767, true },
+  { 242780, true },
+  { 242791, true },
+  { 242799, true },
+  { 242816, true },
+  { 242843, true },
+  { 242855, true },
+  { 242874, true },
+  { 242893, true },
+  { 242918, true },
+  { 242939, true },
+  { 242962, true },
+  { 242982, true },
+  { 242997, true },
+  { 243020, true },
+  { 243041, true },
+  { 243060, true },
+  { 243073, true },
+  { 243088, true },
+  { 243108, true },
+  { 243118, true },
+  { 243137, true },
+  { 243154, true },
+  { 243170, true },
+  { 243186, true },
+  { 243200, true },
+  { 243210, true },
+  { 243223, false },
+  { 243240, true },
+  { 243251, true },
+  { 243258, true },
+  { 243272, true },
+  { 243281, true },
+  { 243303, true },
+  { 243316, true },
+  { 243334, true },
+  { 243349, true },
+  { 243359, true },
+  { 243379, true },
+  { 243396, true },
+  { 243413, true },
+  { 243423, true },
+  { 243433, true },
+  { 243447, true },
+  { 243459, true },
+  { 243469, true },
+  { 243484, true },
+  { 243492, true },
+  { 243516, true },
+  { 243540, true },
+  { 243548, true },
+  { 243561, true },
+  { 243578, false },
+  { 243591, true },
+  { 243605, true },
+  { 243618, true },
+  { 243627, true },
+  { 243639, false },
+  { 243659, true },
+  { 243671, true },
+  { 243683, true },
+  { 243694, true },
+  { 243705, true },
+  { 243716, true },
+  { 243727, true },
+  { 243738, true },
+  { 243749, true },
+  { 243762, true },
+  { 243775, true },
+  { 243785, true },
+  { 243800, true },
+  { 243810, true },
+  { 243821, true },
+  { 243835, true },
+  { 243846, true },
+  { 243865, true },
+  { 243883, true },
+  { 243904, false },
+  { 243930, true },
+  { 243942, true },
+  { 243959, true },
+  { 243973, true },
+  { 243985, true },
+  { 243999, true },
+  { 244012, true },
+  { 244025, true },
+  { 244056, true },
+  { 244085, true },
+  { 244099, true },
+  { 244115, false },
+  { 244128, true },
+  { 244139, true },
+  { 244153, true },
+  { 244165, true },
+  { 244186, true },
+  { 244199, true },
+  { 244211, true },
+  { 244224, true },
+  { 244241, true },
+  { 244256, true },
+  { 244272, true },
+  { 244284, true },
+  { 244294, false },
+  { 244308, true },
+  { 244328, true },
+  { 244346, true },
+  { 244362, true },
+  { 244380, true },
+  { 244393, true },
+  { 244406, true },
+  { 244419, true },
+  { 244432, true },
+  { 244452, true },
+  { 244463, true },
+  { 244473, true },
+  { 244482, true },
+  { 244493, true },
+  { 244504, true },
+  { 244515, true },
+  { 244524, true },
+  { 244538, true },
+  { 244550, true },
+  { 244574, true },
+  { 244587, true },
+  { 244601, true },
+  { 244613, true },
+  { 244630, true },
+  { 244652, true },
+  { 244667, true },
+  { 244681, true },
+  { 244692, true },
+  { 244712, true },
+  { 244730, true },
+  { 244752, true },
+  { 244774, true },
+  { 244792, true },
+  { 244805, true },
+  { 244813, true },
+  { 244825, true },
+  { 244839, true },
+  { 244854, true },
+  { 244877, true },
+  { 244888, true },
+  { 244902, true },
+  { 244915, false },
+  { 244930, true },
+  { 244942, true },
+  { 244966, true },
+  { 244981, true },
+  { 244994, true },
+  { 245006, true },
+  { 245019, true },
+  { 245039, true },
+  { 245049, true },
+  { 245057, true },
+  { 245073, true },
+  { 245085, false },
+  { 245099, true },
+  { 245113, true },
+  { 245125, true },
+  { 245139, true },
+  { 245161, true },
+  { 245183, true },
+  { 245198, true },
+  { 245212, true },
+  { 245230, true },
+  { 245247, true },
+  { 245260, true },
+  { 245286, true },
+  { 245302, true },
+  { 245325, true },
+  { 245335, true },
+  { 245346, true },
+  { 245360, true },
+  { 245372, true },
+  { 245387, true },
+  { 245415, true },
+  { 245443, false },
+  { 245453, true },
+  { 245476, true },
+  { 245503, true },
+  { 245513, true },
+  { 245524, true },
+  { 245537, true },
+  { 245544, true },
+  { 245555, true },
+  { 245569, true },
+  { 245597, true },
+  { 245607, true },
+  { 245620, true },
+  { 245629, true },
+  { 245639, true },
+  { 245659, true },
+  { 245673, true },
+  { 245682, true },
+  { 245693, true },
+  { 245709, true },
+  { 245724, true },
+  { 245746, true },
+  { 245764, true },
+  { 245780, true },
+  { 245802, true },
+  { 245825, true },
+  { 245839, true },
+  { 245852, true },
+  { 245868, true },
+  { 245886, true },
+  { 245905, true },
+  { 245928, true },
+  { 245943, true },
+  { 245957, true },
+  { 245973, true },
+  { 245986, true },
+  { 246000, true },
+  { 246009, true },
+  { 246022, false },
+  { 246033, true },
+  { 246044, true },
+  { 246059, true },
+  { 246069, true },
+  { 246081, true },
+  { 246091, true },
+  { 246102, true },
+  { 246120, true },
+  { 246140, true },
+  { 246154, true },
+  { 246165, true },
+  { 246174, true },
+  { 246188, true },
+  { 246197, true },
+  { 246208, false },
+  { 246222, true },
+  { 246245, true },
+  { 246259, true },
+  { 246275, true },
+  { 246288, true },
+  { 246302, true },
+  { 246323, true },
+  { 246337, true },
+  { 246353, true },
+  { 246373, true },
+  { 246383, true },
+  { 246391, true },
+  { 246400, true },
+  { 246412, true },
+  { 246423, true },
+  { 246438, true },
+  { 246452, true },
+  { 246469, true },
+  { 246479, true },
+  { 246488, true },
+  { 246507, true },
+  { 246516, true },
+  { 246526, true },
+  { 246540, true },
+  { 246558, true },
+  { 246574, true },
+  { 246584, true },
+  { 246604, true },
+  { 246618, true },
+  { 246633, true },
+  { 246650, true },
+  { 246668, true },
+  { 246695, true },
+  { 246707, true },
+  { 246721, true },
+  { 246746, true },
+  { 246771, true },
+  { 246783, true },
+  { 246793, true },
+  { 246812, true },
+  { 246825, true },
+  { 246849, false },
+  { 246868, true },
+  { 246896, true },
+  { 246910, true },
+  { 246928, true },
+  { 246941, true },
+  { 246954, true },
+  { 246968, true },
+  { 246980, true },
+  { 246991, true },
+  { 247005, true },
+  { 247033, true },
+  { 247046, true },
+  { 247062, true },
+  { 247078, true },
+  { 247093, true },
+  { 247119, true },
+  { 247139, true },
+  { 247156, false },
+  { 247170, true },
+  { 247192, true },
+  { 247208, true },
+  { 247245, true },
+  { 247272, true },
+  { 247291, true },
+  { 247309, true },
+  { 247327, true },
+  { 247335, true },
+  { 247351, true },
+  { 247366, true },
+  { 247374, true },
+  { 247385, true },
+  { 247393, true },
+  { 247405, true },
+  { 247416, true },
+  { 247435, true },
+  { 247451, true },
+  { 247464, true },
+  { 247477, true },
+  { 247490, true },
+  { 247504, true },
+  { 247520, true },
+  { 247538, true },
+  { 247554, true },
+  { 247568, true },
+  { 247583, true },
+  { 247598, true },
+  { 247612, true },
+  { 247626, true },
+  { 247639, true },
+  { 247651, true },
+  { 247663, true },
+  { 247675, true },
+  { 247690, true },
+  { 247704, true },
+  { 247717, true },
+  { 247735, true },
+  { 247747, true },
+  { 247773, true },
+  { 247792, true },
+  { 247815, true },
+  { 247828, true },
+  { 247836, true },
+  { 247855, true },
+  { 247867, true },
+  { 247885, true },
+  { 247902, true },
+  { 247912, true },
+  { 247923, true },
+  { 247935, true },
+  { 247955, true },
+  { 247979, true },
+  { 247991, true },
+  { 248002, true },
+  { 248015, true },
+  { 248033, true },
+  { 248042, true },
+  { 248060, true },
+  { 248070, true },
+  { 248077, true },
+  { 248085, true },
+  { 248096, true },
+  { 248110, true },
+  { 248124, true },
+  { 248137, true },
+  { 248147, false },
+  { 248160, true },
+  { 248168, true },
+  { 248181, true },
+  { 248192, true },
+  { 248205, true },
+  { 248215, true },
+  { 248227, true },
+  { 248235, true },
+  { 248241, true },
+  { 248261, true },
+  { 248273, true },
+  { 248282, true },
+  { 248289, true },
+  { 248300, true },
+  { 248311, true },
+  { 248326, true },
+  { 248338, true },
+  { 248356, true },
+  { 248375, true },
+  { 248388, true },
+  { 248402, true },
+  { 248414, true },
+  { 248425, true },
+  { 248443, true },
+  { 248454, true },
+  { 248467, true },
+  { 248482, true },
+  { 248500, true },
+  { 248517, true },
+  { 248539, true },
+  { 248557, true },
+  { 248572, true },
+  { 248585, true },
+  { 248597, true },
+  { 248613, true },
+  { 248627, true },
+  { 248639, true },
+  { 248652, true },
+  { 248664, true },
+  { 248676, true },
+  { 248689, true },
+  { 248698, true },
+  { 248715, true },
+  { 248728, false },
+  { 248739, true },
+  { 248757, true },
+  { 248777, true },
+  { 248791, true },
+  { 248799, true },
+  { 248814, false },
+  { 248821, true },
+  { 248840, true },
+  { 248859, true },
+  { 248885, true },
+  { 248896, true },
+  { 248908, true },
+  { 248932, true },
+  { 248945, false },
+  { 248960, true },
+  { 248971, true },
+  { 248982, true },
+  { 248996, true },
+  { 249027, false },
+  { 249038, false },
+  { 249049, false },
+  { 249061, true },
+  { 249075, true },
+  { 249088, true },
+  { 249101, true },
+  { 249114, true },
+  { 249136, false },
+  { 249146, true },
+  { 249166, true },
+  { 249180, true },
+  { 249197, false },
+  { 249212, false },
+  { 249228, true },
+  { 249241, true },
+  { 249252, true },
+  { 249265, true },
+  { 249287, true },
+  { 249307, true },
+  { 249327, true },
+  { 249341, true },
+  { 249354, true },
+  { 249374, true },
+  { 249385, true },
+  { 249403, true },
+  { 249423, true },
+  { 249443, true },
+  { 249469, true },
+  { 249489, true },
+  { 249512, true },
+  { 249533, true },
+  { 249550, true },
+  { 249569, true },
+  { 249587, true },
+  { 249611, true },
+  { 249631, true },
+  { 249654, true },
+  { 249674, true },
+  { 249696, true },
+  { 249715, true },
+  { 249725, true },
+  { 249733, true },
+  { 249744, true },
+  { 249755, true },
+  { 249767, true },
+  { 249778, true },
+  { 249787, true },
+  { 249796, true },
+  { 249807, true },
+  { 249821, true },
+  { 249832, true },
+  { 249845, true },
+  { 249858, true },
+  { 249868, true },
+  { 249888, true },
+  { 249900, true },
+  { 249913, true },
+  { 249927, true },
+  { 249935, true },
+  { 249950, true },
+  { 249961, true },
+  { 249969, true },
+  { 249979, true },
+  { 249996, true },
+  { 250008, true },
+  { 250022, true },
+  { 250045, true },
+  { 250058, true },
+  { 250088, true },
+  { 250111, true },
+  { 250126, true },
+  { 250143, true },
+  { 250165, true },
+  { 250187, true },
+  { 250208, true },
+  { 250223, true },
+  { 250238, true },
+  { 250250, true },
+  { 250261, true },
+  { 250270, true },
+  { 250282, true },
+  { 250298, true },
+  { 250309, true },
+  { 250321, true },
+  { 250337, true },
+  { 250351, true },
+  { 250364, true },
+  { 250377, true },
+  { 250390, true },
+  { 250403, true },
+  { 250416, true },
+  { 250440, true },
+  { 250453, true },
+  { 250461, true },
+  { 250478, true },
+  { 250489, false },
+  { 250505, true },
+  { 250518, true },
+  { 250532, true },
+  { 250543, true },
+  { 250556, true },
+  { 250566, true },
+  { 250578, true },
+  { 250597, true },
+  { 250620, true },
+  { 250640, true },
+  { 250655, true },
+  { 250666, true },
+  { 250674, true },
+  { 250684, true },
+  { 250700, true },
+  { 250712, true },
+  { 250727, true },
+  { 250742, true },
+  { 250757, true },
+  { 250773, true },
+  { 250783, true },
+  { 250797, true },
+  { 250814, false },
+  { 250833, true },
+  { 250847, true },
+  { 250855, true },
+  { 250863, true },
+  { 250870, true },
+  { 250893, true },
+  { 250909, true },
+  { 250931, true },
+  { 250951, true },
+  { 250961, true },
+  { 250975, true },
+  { 250994, true },
+  { 251009, true },
+  { 251034, true },
+  { 251054, false },
+  { 251068, false },
+  { 251082, false },
+  { 251096, false },
+  { 251110, false },
+  { 251124, false },
+  { 251139, false },
+  { 251153, false },
+  { 251167, false },
+  { 251181, true },
+  { 251201, true },
+  { 251213, true },
+  { 251225, true },
+  { 251243, true },
+  { 251255, true },
+  { 251270, true },
+  { 251290, true },
+  { 251306, true },
+  { 251317, true },
+  { 251330, true },
+  { 251354, true },
+  { 251370, true },
+  { 251387, true },
+  { 251411, true },
+  { 251429, true },
+  { 251447, true },
+  { 251458, true },
+  { 251467, true },
+  { 251482, true },
+  { 251494, true },
+  { 251508, true },
+  { 251527, true },
+  { 251544, true },
+  { 251557, true },
+  { 251572, true },
+  { 251582, true },
+  { 251594, true },
+  { 251608, true },
+  { 251625, false },
+  { 251640, true },
+  { 251651, true },
+  { 251668, true },
+  { 251681, true },
+  { 251696, true },
+  { 251708, true },
+  { 251717, true },
+  { 251734, true },
+  { 251742, true },
+  { 251752, true },
+  { 251762, true },
+  { 251772, true },
+  { 251780, true },
+  { 251789, false },
+  { 251809, true },
+  { 251818, true },
+  { 251830, true },
+  { 251839, true },
+  { 251856, false },
+  { 251876, true },
+  { 251885, true },
+  { 251894, true },
+  { 251918, true },
+  { 251937, false },
+  { 251947, true },
+  { 251962, true },
+  { 251973, true },
+  { 251986, true },
+  { 252005, true },
+  { 252021, true },
+  { 252033, true },
+  { 252049, true },
+  { 252069, true },
+  { 252087, true },
+  { 252097, false },
+  { 252113, true },
+  { 252128, true },
+  { 252148, true },
+  { 252162, true },
+  { 252176, true },
+  { 252192, true },
+  { 252211, true },
+  { 252230, true },
+  { 252243, true },
+  { 252264, true },
+  { 252277, true },
+  { 252289, true },
+  { 252305, true },
+  { 252315, true },
+  { 252330, true },
+  { 252344, true },
+  { 252354, true },
+  { 252368, true },
+  { 252384, true },
+  { 252398, true },
+  { 252421, true },
+  { 252438, true },
+  { 252457, true },
+  { 252467, true },
+  { 252481, true },
+  { 252495, true },
+  { 252504, true },
+  { 252520, true },
+  { 252530, true },
+  { 252543, true },
+  { 252552, true },
+  { 252563, true },
+  { 252580, true },
+  { 252590, true },
+  { 252600, true },
+  { 252619, true },
+  { 252636, true },
+  { 252645, true },
+  { 252658, true },
+  { 252673, true },
+  { 252687, true },
+  { 252701, true },
+  { 252720, true },
+  { 252738, true },
+  { 252754, false },
+  { 252769, true },
+  { 252782, true },
+  { 252792, true },
+  { 252800, true },
+  { 252817, true },
+  { 252828, true },
+  { 252854, true },
+  { 252871, true },
+  { 252888, true },
+  { 252904, true },
+  { 252915, true },
+  { 252927, true },
+  { 252941, true },
+  { 252952, true },
+  { 252964, true },
+  { 252976, true },
+  { 252986, true },
+  { 253001, true },
+  { 253015, true },
+  { 253028, true },
+  { 253039, true },
+  { 253053, true },
+  { 253068, false },
+  { 253079, true },
+  { 253090, true },
+  { 253102, true },
+  { 253113, true },
+  { 253123, true },
+  { 253132, true },
+  { 253144, true },
+  { 253152, true },
+  { 253160, true },
+  { 253168, true },
+  { 253178, true },
+  { 253192, true },
+  { 253204, true },
+  { 253226, true },
+  { 253242, false },
+  { 253255, true },
+  { 253274, true },
+  { 253284, true },
+  { 253295, true },
+  { 253307, false },
+  { 253318, true },
+  { 253329, true },
+  { 253346, true },
+  { 253359, true },
+  { 253369, true },
+  { 253380, true },
+  { 253397, true },
+  { 253413, true },
+  { 253427, true },
+  { 253450, true },
+  { 253461, true },
+  { 253489, true },
+  { 253507, true },
+  { 253525, true },
+  { 253539, true },
+  { 253552, true },
+  { 253562, false },
+  { 253582, true },
+  { 253589, true },
+  { 253597, true },
+  { 253612, true },
+  { 253620, true },
+  { 253630, true },
+  { 253661, true },
+  { 253678, true },
+  { 253690, true },
+  { 253702, true },
+  { 253712, true },
+  { 253722, true },
+  { 253734, true },
+  { 253745, true },
+  { 253771, true },
+  { 253786, true },
+  { 253799, true },
+  { 253807, true },
+  { 253821, true },
+  { 253832, true },
+  { 253853, true },
+  { 253871, true },
+  { 253887, true },
+  { 253897, true },
+  { 253908, true },
+  { 253915, true },
+  { 253929, true },
+  { 253940, true },
+  { 253947, true },
+  { 253953, true },
+  { 253962, true },
+  { 253980, true },
+  { 253996, true },
+  { 254006, false },
+  { 254020, true },
+  { 254030, true },
+  { 254048, true },
+  { 254059, true },
+  { 254068, true },
+  { 254083, true },
+  { 254093, true },
+  { 254098, true },
+  { 254112, true },
+  { 254120, true },
+  { 254131, true },
+  { 254140, true },
+  { 254150, true },
+  { 254160, true },
+  { 254174, true },
+  { 254183, true },
+  { 254207, true },
+  { 254223, true },
+  { 254243, true },
+  { 254252, true },
+  { 254269, true },
+  { 254283, true },
+  { 254296, true },
+  { 254309, true },
+  { 254318, true },
+  { 254334, false },
+  { 254345, true },
+  { 254354, true },
+  { 254365, true },
+  { 254384, true },
+  { 254397, true },
+  { 254413, true },
+  { 254425, true },
+  { 254438, true },
+  { 254451, true },
+  { 254465, false },
+  { 254478, false },
+  { 254500, true },
+  { 254517, true },
+  { 254529, true },
+  { 254551, true },
+  { 254561, true },
+  { 254573, true },
+  { 254585, true },
+  { 254596, true },
+  { 254607, true },
+  { 254621, true },
+  { 254635, true },
+  { 254650, true },
+  { 254662, true },
+  { 254680, true },
+  { 254703, true },
+  { 254713, true },
+  { 254725, true },
+  { 254741, true },
+  { 254750, true },
+  { 254761, true },
+  { 254784, true },
+  { 254800, true },
+  { 254810, true },
+  { 254830, true },
+  { 254846, true },
+  { 254861, true },
+  { 254879, true },
+  { 254897, true },
+  { 254910, true },
+  { 254936, true },
+  { 254945, true },
+  { 254965, true },
+  { 254974, true },
+  { 254985, true },
+  { 254995, true },
+  { 255010, true },
+  { 255020, true },
+  { 255033, true },
+  { 255046, true },
+  { 255061, true },
+  { 255071, true },
+  { 255094, true },
+  { 255115, true },
+  { 255136, true },
+  { 255152, true },
+  { 255174, true },
+  { 255188, true },
+  { 255199, false },
+  { 255209, true },
+  { 255223, true },
+  { 255237, true },
+  { 255255, true },
+  { 255266, true },
+  { 255286, true },
+  { 255308, true },
+  { 255330, true },
+  { 255353, true },
+  { 255376, true },
+  { 255397, true },
+  { 255421, true },
+  { 255431, true },
+  { 255446, false },
+  { 255460, true },
+  { 255471, true },
+  { 255486, true },
+  { 255513, true },
+  { 255526, true },
+  { 255539, true },
+  { 255560, true },
+  { 255580, true },
+  { 255593, true },
+  { 255619, true },
+  { 255634, true },
+  { 255646, true },
+  { 255665, true },
+  { 255691, true },
+  { 255702, true },
+  { 255720, true },
+  { 255740, true },
+  { 255759, true },
+  { 255778, true },
+  { 255791, true },
+  { 255800, true },
+  { 255821, true },
+  { 255837, true },
+  { 255850, true },
+  { 255862, true },
+  { 255873, true },
+  { 255891, true },
+  { 255914, true },
+  { 255929, true },
+  { 255954, true },
+  { 255963, true },
+  { 255971, true },
+  { 255987, false },
+  { 256002, true },
+  { 256016, true },
+  { 256028, true },
+  { 256039, true },
+  { 256051, true },
+  { 256065, true },
+  { 256079, true },
+  { 256093, true },
+  { 256110, true },
+  { 256123, true },
+  { 256143, true },
+  { 256155, true },
+  { 256169, true },
+  { 256182, true },
+  { 256196, true },
+  { 256211, true },
+  { 256233, true },
+  { 256247, true },
+  { 256260, true },
+  { 256281, true },
+  { 256298, true },
+  { 256309, true },
+  { 256325, true },
+  { 256346, true },
+  { 256362, true },
+  { 256388, true },
+  { 256402, true },
+  { 256413, true },
+  { 256427, true },
+  { 256438, true },
+  { 256449, true },
+  { 256462, true },
+  { 256480, true },
+  { 256492, false },
+  { 256505, true },
+  { 256524, true },
+  { 256538, true },
+  { 256555, true },
+  { 256569, true },
+  { 256586, true },
+  { 256597, true },
+  { 256610, true },
+  { 256624, true },
+  { 256636, false },
+  { 256661, true },
+  { 256673, true },
+  { 256691, true },
+  { 256715, true },
+  { 256725, true },
+  { 256737, false },
+  { 256763, true },
+  { 256780, true },
+  { 256792, true },
+  { 256813, true },
+  { 256823, true },
+  { 256844, true },
+  { 256853, true },
+  { 256866, true },
+  { 256882, false },
+  { 256896, true },
+  { 256913, true },
+  { 256927, true },
+  { 256950, true },
+  { 256965, true },
+  { 256973, true },
+  { 256981, true },
+  { 256989, true },
+  { 256997, true },
+  { 257005, true },
+  { 257017, true },
+  { 257031, true },
+  { 257042, true },
+  { 257060, true },
+  { 257075, true },
+  { 257085, true },
+  { 257101, true },
+  { 257117, true },
+  { 257131, true },
+  { 257145, true },
+  { 257164, true },
+  { 257172, true },
+  { 257180, true },
+  { 257194, true },
+  { 257207, true },
+  { 257222, true },
+  { 257233, true },
+  { 257249, true },
+  { 257276, true },
+  { 257289, true },
+  { 257307, true },
+  { 257319, true },
+  { 257330, true },
+  { 257355, true },
+  { 257367, true },
+  { 257382, false },
+  { 257391, true },
+  { 257402, true },
+  { 257411, true },
+  { 257421, true },
+  { 257435, true },
+  { 257458, true },
+  { 257480, true },
+  { 257498, true },
+  { 257521, false },
+  { 257540, true },
+  { 257565, false },
+  { 257584, true },
+  { 257597, true },
+  { 257607, true },
+  { 257620, true },
+  { 257632, true },
+  { 257651, true },
+  { 257663, true },
+  { 257687, true },
+  { 257715, true },
+  { 257735, true },
+  { 257746, true },
+  { 257764, true },
+  { 257783, true },
+  { 257800, true },
+  { 257828, true },
+  { 257841, true },
+  { 257866, true },
+  { 257879, true },
+  { 257894, true },
+  { 257909, true },
+  { 257920, true },
+  { 257940, true },
+  { 257951, true },
+  { 257963, true },
+  { 257978, true },
+  { 257991, true },
+  { 258009, true },
+  { 258031, true },
+  { 258046, true },
+  { 258066, true },
+  { 258081, true },
+  { 258091, true },
+  { 258105, true },
+  { 258118, false },
+  { 258129, true },
+  { 258151, true },
+  { 258170, true },
+  { 258190, true },
+  { 258209, true },
+  { 258220, true },
+  { 258236, true },
+  { 258254, true },
+  { 258269, true },
+  { 258283, true },
+  { 258295, true },
+  { 258311, true },
+  { 258329, true },
+  { 258346, true },
+  { 258357, true },
+  { 258368, true },
+  { 258380, true },
+  { 258390, true },
+  { 258402, true },
+  { 258432, true },
+  { 258443, true },
+  { 258457, true },
+  { 258471, true },
+  { 258483, true },
+  { 258501, true },
+  { 258516, true },
+  { 258535, true },
+  { 258549, true },
+  { 258563, true },
+  { 258578, true },
+  { 258609, true },
+  { 258632, false },
+  { 258649, true },
+  { 258664, true },
+  { 258675, true },
+  { 258699, true },
+  { 258720, true },
+  { 258737, true },
+  { 258755, true },
+  { 258768, true },
+  { 258780, true },
+  { 258797, true },
+  { 258820, true },
+  { 258836, true },
+  { 258854, true },
+  { 258868, true },
+  { 258894, true },
+  { 258918, true },
+  { 258941, true },
+  { 258956, true },
+  { 258978, true },
+  { 258994, true },
+  { 259008, true },
+  { 259024, true },
+  { 259040, true },
+  { 259054, true },
+  { 259073, true },
+  { 259082, true },
+  { 259097, true },
+  { 259114, true },
+  { 259124, true },
+  { 259147, true },
+  { 259159, true },
+  { 259178, true },
+  { 259204, true },
+  { 259221, true },
+  { 259240, true },
+  { 259260, true },
+  { 259275, true },
+  { 259291, true },
+  { 259306, true },
+  { 259317, true },
+  { 259331, true },
+  { 259348, true },
+  { 259364, true },
+  { 259385, true },
+  { 259404, true },
+  { 259429, true },
+  { 259446, true },
+  { 259461, true },
+  { 259484, true },
+  { 259495, true },
+  { 259513, true },
+  { 259530, false },
+  { 259542, true },
+  { 259557, true },
+  { 259573, true },
+  { 259586, true },
+  { 259602, false },
+  { 259616, true },
+  { 259636, true },
+  { 259653, true },
+  { 259668, true },
+  { 259677, true },
+  { 259694, true },
+  { 259713, true },
+  { 259729, true },
+  { 259742, true },
+  { 259761, true },
+  { 259775, true },
+  { 259800, true },
+  { 259818, true },
+  { 259841, true },
+  { 259853, true },
+  { 259868, true },
+  { 259885, true },
+  { 259900, true },
+  { 259912, true },
+  { 259930, true },
+  { 259943, true },
+  { 259953, true },
+  { 259963, true },
+  { 259975, true },
+  { 259988, false },
+  { 259998, true },
+  { 260015, true },
+  { 260043, true },
+  { 260062, true },
+  { 260079, true },
+  { 260093, false },
+  { 260116, true },
+  { 260133, true },
+  { 260148, true },
+  { 260162, true },
+  { 260177, true },
+  { 260195, true },
+  { 260209, true },
+  { 260228, true },
+  { 260242, true },
+  { 260267, true },
+  { 260300, true },
+  { 260328, true },
+  { 260336, true },
+  { 260346, true },
+  { 260372, true },
+  { 260389, true },
+  { 260403, true },
+  { 260422, true },
+  { 260436, true },
+  { 260454, true },
+  { 260469, true },
+  { 260482, true },
+  { 260495, true },
+  { 260516, true },
+  { 260535, true },
+  { 260545, true },
+  { 260564, true },
+  { 260594, true },
+  { 260608, true },
+  { 260622, true },
+  { 260634, true },
+  { 260655, true },
+  { 260670, true },
+  { 260685, true },
+  { 260700, true },
+  { 260720, true },
+  { 260732, true },
+  { 260744, true },
+  { 260764, true },
+  { 260777, true },
+  { 260793, true },
+  { 260811, true },
+  { 260829, true },
+  { 260840, true },
+  { 260857, true },
+  { 260870, true },
+  { 260883, true },
+  { 260896, true },
+  { 260907, true },
+  { 260934, true },
+  { 260950, true },
+  { 260964, true },
+  { 260976, true },
+  { 260992, true },
+  { 261007, true },
+  { 261024, true },
+  { 261051, true },
+  { 261064, true },
+  { 261083, true },
+  { 261097, true },
+  { 261110, true },
+  { 261123, true },
+  { 261134, true },
+  { 261156, true },
+  { 261166, true },
+  { 261183, true },
+  { 261198, true },
+  { 261218, true },
+  { 261232, true },
+  { 261251, true },
+  { 261264, true },
+  { 261274, true },
+  { 261287, true },
+  { 261301, true },
+  { 261312, true },
+  { 261335, true },
+  { 261344, true },
+  { 261354, true },
+  { 261363, false },
+  { 261372, true },
+  { 261382, true },
+  { 261396, true },
+  { 261411, true },
+  { 261429, true },
+  { 261453, true },
+  { 261472, true },
+  { 261486, true },
+  { 261507, true },
+  { 261530, true },
+  { 261545, true },
+  { 261559, true },
+  { 261573, true },
+  { 261598, true },
+  { 261613, true },
+  { 261634, true },
+  { 261643, true },
+  { 261655, false },
+  { 261669, true },
+  { 261684, true },
+  { 261697, true },
+  { 261711, true },
+  { 261727, true },
+  { 261742, true },
+  { 261755, true },
+  { 261764, true },
+  { 261774, true },
+  { 261790, true },
+  { 261802, true },
+  { 261816, true },
+  { 261832, true },
+  { 261856, true },
+  { 261866, true },
+  { 261892, true },
+  { 261920, true },
+  { 261936, true },
+  { 261961, true },
+  { 261974, true },
+  { 261995, true },
+  { 262012, true },
+  { 262032, true },
+  { 262045, true },
+  { 262056, true },
+  { 262073, true },
+  { 262089, true },
+  { 262108, true },
+  { 262121, true },
+  { 262135, true },
+  { 262148, true },
+  { 262172, true },
+  { 262182, true },
+  { 262194, true },
+  { 262205, true },
+  { 262222, true },
+  { 262248, true },
+  { 262266, false },
+  { 262276, true },
+  { 262291, true },
+  { 262305, true },
+  { 262320, true },
+  { 262336, true },
+  { 262348, false },
+  { 262361, true },
+  { 262374, true },
+  { 262394, true },
+  { 262411, true },
+  { 262422, true },
+  { 262437, true },
+  { 262451, true },
+  { 262471, true },
+  { 262487, true },
+  { 262504, true },
+  { 262527, true },
+  { 262546, true },
+  { 262563, true },
+  { 262574, true },
+  { 262588, true },
+  { 262609, true },
+  { 262628, true },
+  { 262644, true },
+  { 262662, true },
+  { 262683, true },
+  { 262700, true },
+  { 262713, true },
+  { 262731, true },
+  { 262745, true },
+  { 262765, true },
+  { 262776, true },
+  { 262785, true },
+  { 262806, false },
+  { 262823, false },
+  { 262846, true },
+  { 262864, true },
+  { 262880, true },
+  { 262898, true },
+  { 262910, true },
+  { 262923, true },
+  { 262936, true },
+  { 262952, true },
+  { 262964, true },
+  { 262972, true },
+  { 262987, true },
+  { 263003, false },
+  { 263015, true },
+  { 263028, true },
+  { 263050, true },
+  { 263060, true },
+  { 263073, true },
+  { 263087, true },
+  { 263102, true },
+  { 263116, true },
+  { 263131, true },
+  { 263141, true },
+  { 263160, true },
+  { 263173, true },
+  { 263188, true },
+  { 263203, true },
+  { 263222, true },
+  { 263244, true },
+  { 263262, true },
+  { 263281, true },
+  { 263299, true },
+  { 263314, true },
+  { 263326, true },
+  { 263337, true },
+  { 263351, true },
+  { 263367, true },
+  { 263380, true },
+  { 263399, false },
+  { 263421, true },
+  { 263438, true },
+  { 263457, true },
+  { 263466, true },
+  { 263479, true },
+  { 263491, true },
+  { 263503, true },
+  { 263521, true },
+  { 263538, true },
+  { 263556, true },
+  { 263578, true },
+  { 263597, true },
+  { 263614, true },
+  { 263627, true },
+  { 263646, true },
+  { 263659, true },
+  { 263667, true },
+  { 263680, true },
+  { 263692, true },
+  { 263706, true },
+  { 263727, true },
+  { 263739, false },
+  { 263759, true },
+  { 263769, true },
+  { 263777, true },
+  { 263788, false },
+  { 263797, false },
+  { 263813, true },
+  { 263829, true },
+  { 263844, true },
+  { 263852, false },
+  { 263870, true },
+  { 263881, true },
+  { 263894, true },
+  { 263910, true },
+  { 263929, true },
+  { 263940, false },
+  { 263955, true },
+  { 263967, true },
+  { 263980, true },
+  { 263996, true },
+  { 264010, true },
+  { 264034, true },
+  { 264046, true },
+  { 264059, true },
+  { 264076, false },
+  { 264093, true },
+  { 264100, true },
+  { 264108, true },
+  { 264117, true },
+  { 264129, true },
+  { 264152, true },
+  { 264166, true },
+  { 264180, true },
+  { 264211, true },
+  { 264228, true },
+  { 264242, true },
+  { 264259, true },
+  { 264270, true },
+  { 264284, true },
+  { 264296, true },
+  { 264308, true },
+  { 264324, true },
+  { 264339, true },
+  { 264346, true },
+  { 264367, true },
+  { 264390, true },
+  { 264401, true },
+  { 264412, true },
+  { 264424, true },
+  { 264432, true },
+  { 264453, true },
+  { 264465, false },
+  { 264475, true },
+  { 264487, true },
+  { 264499, true },
+  { 264511, true },
+  { 264526, true },
+  { 264557, true },
+  { 264586, true },
+  { 264600, true },
+  { 264608, true },
+  { 264620, true },
+  { 264632, true },
+  { 264640, true },
+  { 264649, true },
+  { 264662, true },
+  { 264674, true },
+  { 264684, true },
+  { 264695, true },
+  { 264706, true },
+  { 264717, true },
+  { 264724, true },
+  { 264735, true },
+  { 264744, true },
+  { 264758, true },
+  { 264772, true },
+  { 264782, true },
+  { 264802, true },
+  { 264814, false },
+  { 264824, true },
+  { 264834, true },
+  { 264843, true },
+  { 264860, true },
+  { 264883, true },
+  { 264895, true },
+  { 264918, false },
+  { 264939, true },
+  { 264951, true },
+  { 264964, true },
+  { 264973, true },
+  { 264987, true },
+  { 265000, true },
+  { 265014, true },
+  { 265029, true },
+  { 265041, true },
+  { 265058, true },
+  { 265074, true },
+  { 265094, true },
+  { 265112, true },
+  { 265128, true },
+  { 265146, true },
+  { 265159, true },
+  { 265173, true },
+  { 265190, true },
+  { 265207, true },
+  { 265219, true },
+  { 265234, true },
+  { 265249, true },
+  { 265263, true },
+  { 265278, true },
+  { 265294, true },
+  { 265307, true },
+  { 265321, true },
+  { 265334, true },
+  { 265352, true },
+  { 265366, true },
+  { 265392, true },
+  { 265410, true },
+  { 265424, true },
+  { 265436, true },
+  { 265452, true },
+  { 265479, false },
+  { 265497, true },
+  { 265514, true },
+  { 265534, true },
+  { 265556, true },
+  { 265571, true },
+  { 265582, true },
+  { 265596, true },
+  { 265607, true },
+  { 265621, true },
+  { 265637, true },
+  { 265648, true },
+  { 265659, true },
+  { 265671, true },
+  { 265688, true },
+  { 265702, true },
+  { 265724, true },
+  { 265738, true },
+  { 265749, true },
+  { 265759, true },
+  { 265788, true },
+  { 265800, true },
+  { 265829, true },
+  { 265840, true },
+  { 265855, true },
+  { 265871, true },
+  { 265897, true },
+  { 265915, true },
+  { 265932, true },
+  { 265951, true },
+  { 265965, true },
+  { 265982, true },
+  { 265998, true },
+  { 266018, true },
+  { 266032, true },
+  { 266051, true },
+  { 266067, true },
+  { 266078, true },
+  { 266086, true },
+  { 266098, true },
+  { 266115, true },
+  { 266132, true },
+  { 266151, true },
+  { 266175, true },
+  { 266188, true },
+  { 266200, true },
+  { 266212, true },
+  { 266234, true },
+  { 266248, true },
+  { 266261, true },
+  { 266277, true },
+  { 266291, true },
+  { 266304, true },
+  { 266316, true },
+  { 266328, true },
+  { 266342, true },
+  { 266359, true },
+  { 266375, true },
+  { 266388, true },
+  { 266401, true },
+  { 266411, true },
+  { 266429, true },
+  { 266444, false },
+  { 266457, true },
+  { 266477, true },
+  { 266490, true },
+  { 266502, true },
+  { 266517, true },
+  { 266529, true },
+  { 266540, true },
+  { 266563, true },
+  { 266577, true },
+  { 266601, true },
+  { 266619, true },
+  { 266640, true },
+  { 266667, true },
+  { 266680, true },
+  { 266699, true },
+  { 266725, true },
+  { 266742, true },
+  { 266770, true },
+  { 266792, true },
+  { 266813, true },
+  { 266824, true },
+  { 266834, true },
+  { 266845, true },
+  { 266862, true },
+  { 266875, true },
+  { 266889, true },
+  { 266908, true },
+  { 266929, true },
+  { 266946, true },
+  { 266963, true },
+  { 266991, true },
+  { 267012, true },
+  { 267034, false },
+  { 267056, false },
+  { 267068, true },
+  { 267093, true },
+  { 267108, true },
+  { 267116, true },
+  { 267137, true },
+  { 267169, true },
+  { 267181, true },
+  { 267201, true },
+  { 267219, false },
+  { 267235, true },
+  { 267252, true },
+  { 267264, true },
+  { 267279, true },
+  { 267297, true },
+  { 267309, true },
+  { 267327, true },
+  { 267337, true },
+  { 267349, true },
+  { 267367, true },
+  { 267393, false },
+  { 267422, true },
+  { 267433, true },
+  { 267457, true },
+  { 267465, true },
+  { 267480, true },
+  { 267495, true },
+  { 267510, true },
+  { 267526, true },
+  { 267538, true },
+  { 267549, true },
+  { 267564, true },
+  { 267593, true },
+  { 267608, true },
+  { 267621, true },
+  { 267635, true },
+  { 267647, true },
+  { 267666, true },
+  { 267677, true },
+  { 267703, true },
+  { 267712, true },
+  { 267726, true },
+  { 267737, true },
+  { 267747, true },
+  { 267758, true },
+  { 267781, true },
+  { 267808, true },
+  { 267826, true },
+  { 267854, true },
+  { 267881, true },
+  { 267907, true },
+  { 267923, true },
+  { 267940, true },
+  { 267959, true },
+  { 267990, true },
+  { 268000, true },
+  { 268015, true },
+  { 268026, true },
+  { 268049, true },
+  { 268067, true },
+  { 268080, true },
+  { 268095, true },
+  { 268114, true },
+  { 268136, true },
+  { 268155, true },
+  { 268174, true },
+  { 268190, true },
+  { 268204, true },
+  { 268221, true },
+  { 268236, true },
+  { 268255, false },
+  { 268275, true },
+  { 268294, true },
+  { 268315, true },
+  { 268328, true },
+  { 268338, true },
+  { 268348, true },
+  { 268360, true },
+  { 268374, true },
+  { 268384, true },
+  { 268398, true },
+  { 268416, true },
+  { 268427, true },
+  { 268443, true },
+  { 268459, true },
+  { 268473, true },
+  { 268487, true },
+  { 268496, false },
+  { 268506, true },
+  { 268519, true },
+  { 268531, true },
+  { 268560, true },
+  { 268580, false },
+  { 268594, true },
+  { 268606, true },
+  { 268619, true },
+  { 268634, true },
+  { 268643, true },
+  { 268653, true },
+  { 268665, true },
+  { 268673, true },
+  { 268687, true },
+  { 268700, true },
+  { 268713, true },
+  { 268730, true },
+  { 268744, true },
+  { 268765, true },
+  { 268775, true },
+  { 268787, true },
+  { 268805, true },
+  { 268820, true },
+  { 268836, true },
+  { 268851, true },
+  { 268863, true },
+  { 268875, true },
+  { 268887, true },
+  { 268899, true },
+  { 268911, true },
+  { 268923, true },
+  { 268935, true },
+  { 268947, true },
+  { 268963, true },
+  { 268976, true },
+  { 268990, true },
+  { 269012, true },
+  { 269026, true },
+  { 269037, true },
+  { 269054, true },
+  { 269074, true },
+  { 269090, true },
+  { 269104, true },
+  { 269117, true },
+  { 269129, true },
+  { 269142, true },
+  { 269161, true },
+  { 269179, true },
+  { 269190, true },
+  { 269207, true },
+  { 269220, true },
+  { 269229, true },
+  { 269237, true },
+  { 269252, true },
+  { 269269, true },
+  { 269281, true },
+  { 269295, false },
+  { 269305, true },
+  { 269316, true },
+  { 269329, true },
+  { 269340, true },
+  { 269349, false },
+  { 269365, true },
+  { 269376, true },
+  { 269388, true },
+  { 269403, true },
+  { 269412, true },
+  { 269423, true },
+  { 269435, true },
+  { 269447, true },
+  { 269463, true },
+  { 269475, true },
+  { 269486, true },
+  { 269510, true },
+  { 269525, true },
+  { 269538, true },
+  { 269547, true },
+  { 269554, true },
+  { 269561, true },
+  { 269576, true },
+  { 269596, true },
+  { 269609, true },
+  { 269620, true },
+  { 269635, true },
+  { 269648, true },
+  { 269668, true },
+  { 269686, true },
+  { 269700, false },
+  { 269715, true },
+  { 269727, true },
+  { 269745, true },
+  { 269766, true },
+  { 269787, true },
+  { 269809, true },
+  { 269828, true },
+  { 269847, true },
+  { 269866, true },
+  { 269887, true },
+  { 269906, true },
+  { 269923, true },
+  { 269945, true },
+  { 269964, true },
+  { 269984, true },
+  { 270001, true },
+  { 270021, true },
+  { 270040, true },
+  { 270058, true },
+  { 270076, true },
+  { 270098, true },
+  { 270115, true },
+  { 270133, true },
+  { 270150, true },
+  { 270164, true },
+  { 270181, true },
+  { 270197, true },
+  { 270214, true },
+  { 270231, true },
+  { 270252, true },
+  { 270267, true },
+  { 270277, true },
+  { 270299, true },
+  { 270323, true },
+  { 270344, true },
+  { 270353, true },
+  { 270364, true },
+  { 270381, true },
+  { 270389, true },
+  { 270402, true },
+  { 270437, true },
+  { 270453, true },
+  { 270464, true },
+  { 270485, true },
+  { 270500, true },
+  { 270513, true },
+  { 270528, true },
+  { 270541, true },
+  { 270554, true },
+  { 270592, true },
+  { 270604, true },
+  { 270614, true },
+  { 270629, true },
+  { 270655, true },
+  { 270677, true },
+  { 270703, true },
+  { 270714, true },
+  { 270734, true },
+  { 270756, true },
+  { 270767, true },
+  { 270788, true },
+  { 270808, true },
+  { 270836, true },
+  { 270858, true },
+  { 270874, true },
+  { 270883, true },
+  { 270892, true },
+  { 270902, true },
+  { 270927, true },
+  { 270937, true },
+  { 270955, true },
+  { 270974, true },
+  { 270992, true },
+  { 271010, true },
+  { 271029, true },
+  { 271045, true },
+  { 271055, true },
+  { 271066, true },
+  { 271084, true },
+  { 271104, true },
+  { 271125, true },
+  { 271138, true },
+  { 271156, true },
+  { 271175, true },
+  { 271184, true },
+  { 271193, true },
+  { 271204, true },
+  { 271217, true },
+  { 271232, true },
+  { 271246, true },
+  { 271261, true },
+  { 271271, true },
+  { 271287, true },
+  { 271298, true },
+  { 271316, true },
+  { 271332, true },
+  { 271348, true },
+  { 271373, true },
+  { 271382, true },
+  { 271396, true },
+  { 271411, true },
+  { 271425, true },
+  { 271438, true },
+  { 271452, true },
+  { 271468, true },
+  { 271482, true },
+  { 271490, true },
+  { 271503, true },
+  { 271515, true },
+  { 271528, true },
+  { 271540, true },
+  { 271550, true },
+  { 271573, false },
+  { 271583, true },
+  { 271597, true },
+  { 271611, true },
+  { 271623, true },
+  { 271632, true },
+  { 271647, true },
+  { 271666, true },
+  { 271677, true },
+  { 271690, true },
+  { 271708, true },
+  { 271725, true },
+  { 271739, true },
+  { 271760, true },
+  { 271776, true },
+  { 271789, false },
+  { 271807, true },
+  { 271820, true },
+  { 271832, true },
+  { 271847, true },
+  { 271868, true },
+  { 271892, true },
+  { 271908, true },
+  { 271920, true },
+  { 271933, true },
+  { 271948, true },
+  { 271960, true },
+  { 271970, true },
+  { 271984, true },
+  { 271999, true },
+  { 272016, true },
+  { 272027, true },
+  { 272041, true },
+  { 272052, true },
+  { 272066, true },
+  { 272078, true },
+  { 272089, true },
+  { 272099, true },
+  { 272113, true },
+  { 272127, true },
+  { 272139, true },
+  { 272166, true },
+  { 272180, true },
+  { 272202, true },
+  { 272224, true },
+  { 272238, true },
+  { 272253, true },
+  { 272269, false },
+  { 272282, true },
+  { 272295, true },
+  { 272309, true },
+  { 272323, true },
+  { 272338, true },
+  { 272352, true },
+  { 272364, true },
+  { 272383, true },
+  { 272403, true },
+  { 272421, true },
+  { 272440, true },
+  { 272454, true },
+  { 272463, true },
+  { 272476, true },
+  { 272488, true },
+  { 272500, true },
+  { 272511, true },
+  { 272525, true },
+  { 272538, false },
+  { 272560, true },
+  { 272575, true },
+  { 272587, true },
+  { 272598, true },
+  { 272623, true },
+  { 272632, true },
+  { 272646, true },
+  { 272669, true },
+  { 272692, true },
+  { 272704, true },
+  { 272718, true },
+  { 272731, true },
+  { 272748, true },
+  { 272773, true },
+  { 272789, true },
+  { 272801, true },
+  { 272818, true },
+  { 272833, true },
+  { 272851, true },
+  { 272864, true },
+  { 272888, true },
+  { 272911, true },
+  { 272937, true },
+  { 272949, true },
+  { 272960, true },
+  { 272977, true },
+  { 272991, true },
+  { 273004, true },
+  { 273018, true },
+  { 273027, true },
+  { 273043, true },
+  { 273056, true },
+  { 273069, true },
+  { 273080, true },
+  { 273090, false },
+  { 273104, false },
+  { 273119, true },
+  { 273128, true },
+  { 273147, true },
+  { 273154, true },
+  { 273167, true },
+  { 273183, true },
+  { 273193, true },
+  { 273208, true },
+  { 273224, true },
+  { 273248, true },
+  { 273267, true },
+  { 273281, true },
+  { 273296, true },
+  { 273307, true },
+  { 273319, true },
+  { 273329, true },
+  { 273340, true },
+  { 273349, true },
+  { 273361, true },
+  { 273376, true },
+  { 273388, true },
+  { 273405, true },
+  { 273418, true },
+  { 273442, true },
+  { 273458, true },
+  { 273473, true },
+  { 273491, true },
+  { 273501, true },
+  { 273522, true },
+  { 273540, true },
+  { 273552, true },
+  { 273566, true },
+  { 273578, true },
+  { 273595, true },
+  { 273613, true },
+  { 273633, true },
+  { 273643, true },
+  { 273660, true },
+  { 273672, true },
+  { 273682, true },
+  { 273693, true },
+  { 273710, true },
+  { 273733, true },
+  { 273746, true },
+  { 273762, true },
+  { 273777, true },
+  { 273790, true },
+  { 273803, true },
+  { 273813, true },
+  { 273824, true },
+  { 273836, true },
+  { 273844, true },
+  { 273856, true },
+  { 273887, true },
+  { 273903, true },
+  { 273914, true },
+  { 273929, true },
+  { 273946, true },
+  { 273960, true },
+  { 273975, true },
+  { 273988, true },
+  { 274005, true },
+  { 274017, true },
+  { 274032, true },
+  { 274048, true },
+  { 274077, true },
+  { 274103, true },
+  { 274123, true },
+  { 274147, true },
+  { 274162, true },
+  { 274178, true },
+  { 274200, true },
+  { 274213, true },
+  { 274227, true },
+  { 274241, true },
+  { 274253, true },
+  { 274261, true },
+  { 274277, true },
+  { 274290, true },
+  { 274311, true },
+  { 274330, true },
+  { 274344, true },
+  { 274357, true },
+  { 274367, true },
+  { 274378, true },
+  { 274388, true },
+  { 274402, true },
+  { 274412, true },
+  { 274422, true },
+  { 274431, true },
+  { 274445, true },
+  { 274458, true },
+  { 274466, true },
+  { 274476, true },
+  { 274489, true },
+  { 274499, true },
+  { 274509, true },
+  { 274519, true },
+  { 274541, true },
+  { 274560, true },
+  { 274571, true },
+  { 274578, true },
+  { 274587, true },
+  { 274598, true },
+  { 274610, true },
+  { 274622, true },
+  { 274635, true },
+  { 274654, true },
+  { 274664, true },
+  { 274674, true },
+  { 274686, true },
+  { 274695, true },
+  { 274704, true },
+  { 274720, true },
+  { 274731, true },
+  { 274744, true },
+  { 274751, true },
+  { 274771, true },
+  { 274787, true },
+  { 274798, true },
+  { 274821, true },
+  { 274830, true },
+  { 274843, true },
+  { 274863, true },
+  { 274871, true },
+  { 274881, true },
+  { 274902, true },
+  { 274914, true },
+  { 274923, true },
+  { 274931, true },
+  { 274941, false },
+  { 274949, true },
+  { 274961, true },
+  { 274972, true },
+  { 274983, true },
+  { 274990, true },
+  { 275000, true },
+  { 275011, true },
+  { 275019, true },
+  { 275026, true },
+  { 275034, true },
+  { 275042, true },
+  { 275052, true },
+  { 275061, true },
+  { 275072, true },
+  { 275083, true },
+  { 275092, true },
+  { 275103, true },
+  { 275115, true },
+  { 275123, true },
+  { 275129, true },
+  { 275137, true },
+  { 275147, true },
+  { 275163, true },
+  { 275175, true },
+  { 275189, true },
+  { 275206, true },
+  { 275236, true },
+  { 275256, false },
+  { 275274, false },
+  { 275290, true },
+  { 275305, true },
+  { 275325, true },
+  { 275341, true },
+  { 275356, true },
+  { 275377, true },
+  { 275391, true },
+  { 275417, true },
+  { 275436, true },
+  { 275447, true },
+  { 275457, true },
+  { 275475, true },
+  { 275486, true },
+  { 275500, true },
+  { 275515, true },
+  { 275526, true },
+  { 275542, true },
+  { 275554, true },
+  { 275575, true },
+  { 275589, true },
+  { 275604, true },
+  { 275615, true },
+  { 275628, true },
+  { 275643, true },
+  { 275657, true },
+  { 275673, true },
+  { 275693, true },
+  { 275706, true },
+  { 275726, false },
+  { 275742, true },
+  { 275756, true },
+  { 275771, true },
+  { 275786, true },
+  { 275801, true },
+  { 275817, true },
+  { 275837, true },
+  { 275863, true },
+  { 275886, true },
+  { 275903, true },
+  { 275916, true },
+  { 275940, true },
+  { 275956, true },
+  { 275970, true },
+  { 275977, true },
+  { 275989, true },
+  { 276004, true },
+  { 276014, true },
+  { 276025, true },
+  { 276042, true },
+  { 276055, true },
+  { 276075, true },
+  { 276090, true },
+  { 276105, true },
+  { 276117, true },
+  { 276125, true },
+  { 276140, true },
+  { 276156, true },
+  { 276172, false },
+  { 276190, true },
+  { 276203, true },
+  { 276234, true },
+  { 276245, true },
+  { 276259, true },
+  { 276273, true },
+  { 276291, true },
+  { 276301, true },
+  { 276312, true },
+  { 276325, true },
+  { 276336, true },
+  { 276346, true },
+  { 276360, true },
+  { 276372, true },
+  { 276388, false },
+  { 276404, true },
+  { 276415, true },
+  { 276434, true },
+  { 276443, true },
+  { 276467, true },
+  { 276480, true },
+  { 276489, true },
+  { 276505, true },
+  { 276517, true },
+  { 276534, true },
+  { 276550, true },
+  { 276562, true },
+  { 276582, true },
+  { 276592, false },
+  { 276607, true },
+  { 276622, true },
+  { 276637, true },
+  { 276646, true },
+  { 276663, true },
+  { 276678, true },
+  { 276695, true },
+  { 276708, true },
+  { 276722, true },
+  { 276734, true },
+  { 276753, true },
+  { 276765, true },
+  { 276783, true },
+  { 276795, true },
+  { 276820, true },
+  { 276831, true },
+  { 276845, true },
+  { 276859, true },
+  { 276870, true },
+  { 276892, true },
+  { 276913, true },
+  { 276932, true },
+  { 276953, true },
+  { 276966, true },
+  { 276975, true },
+  { 276990, true },
+  { 277004, true },
+  { 277017, true },
+  { 277033, true },
+  { 277046, true },
+  { 277058, true },
+  { 277077, true },
+  { 277092, true },
+  { 277104, true },
+  { 277121, true },
+  { 277144, true },
+  { 277168, true },
+  { 277189, true },
+  { 277204, true },
+  { 277218, true },
+  { 277231, true },
+  { 277249, true },
+  { 277270, true },
+  { 277290, true },
+  { 277309, true },
+  { 277328, true },
+  { 277345, true },
+  { 277377, true },
+  { 277394, true },
+  { 277415, true },
+  { 277429, true },
+  { 277441, true },
+  { 277459, true },
+  { 277469, true },
+  { 277482, true },
+  { 277495, true },
+  { 277516, true },
+  { 277531, true },
+  { 277548, true },
+  { 277567, true },
+  { 277585, true },
+  { 277592, true },
+  { 277604, true },
+  { 277618, true },
+  { 277633, true },
+  { 277647, true },
+  { 277659, true },
+  { 277672, true },
+  { 277688, true },
+  { 277701, true },
+  { 277712, true },
+  { 277725, true },
+  { 277742, true },
+  { 277757, true },
+  { 277773, true },
+  { 277787, true },
+  { 277801, true },
+  { 277813, true },
+  { 277831, true },
+  { 277851, true },
+  { 277874, true },
+  { 277887, true },
+  { 277907, true },
+  { 277922, true },
+  { 277941, true },
+  { 277960, true },
+  { 277979, true },
+  { 277994, true },
+  { 278009, true },
+  { 278020, true },
+  { 278037, true },
+  { 278047, true },
+  { 278060, false },
+  { 278073, true },
+  { 278087, true },
+  { 278099, true },
+  { 278114, false },
+  { 278124, true },
+  { 278138, true },
+  { 278149, true },
+  { 278160, true },
+  { 278181, true },
+  { 278205, true },
+  { 278216, true },
+  { 278229, true },
+  { 278242, true },
+  { 278263, true },
+  { 278283, true },
+  { 278300, true },
+  { 278309, true },
+  { 278319, true },
+  { 278331, true },
+  { 278346, true },
+  { 278369, true },
+  { 278379, true },
+  { 278396, true },
+  { 278415, true },
+  { 278429, true },
+  { 278439, true },
+  { 278452, true },
+  { 278462, true },
+  { 278478, true },
+  { 278486, true },
+  { 278495, true },
+  { 278508, true },
+  { 278521, true },
+  { 278539, true },
+  { 278558, true },
+  { 278577, true },
+  { 278585, true },
+  { 278602, true },
+  { 278615, true },
+  { 278636, false },
+  { 278649, true },
+  { 278663, true },
+  { 278676, true },
+  { 278692, true },
+  { 278713, true },
+  { 278727, true },
+  { 278744, true },
+  { 278773, true },
+  { 278786, true },
+  { 278801, true },
+  { 278830, true },
+  { 278848, false },
+  { 278864, true },
+  { 278884, true },
+  { 278902, true },
+  { 278911, true },
+  { 278929, true },
+  { 278947, true },
+  { 278964, true },
+  { 278995, true },
+  { 279017, true },
+  { 279032, true },
+  { 279043, true },
+  { 279060, true },
+  { 279073, false },
+  { 279086, true },
+  { 279098, true },
+  { 279114, true },
+  { 279130, true },
+  { 279142, true },
+  { 279155, true },
+  { 279170, true },
+  { 279187, true },
+  { 279204, true },
+  { 279220, true },
+  { 279234, true },
+  { 279248, true },
+  { 279263, true },
+  { 279273, false },
+  { 279292, true },
+  { 279311, true },
+  { 279329, true },
+  { 279340, true },
+  { 279350, true },
+  { 279360, true },
+  { 279370, true },
+  { 279381, true },
+  { 279396, true },
+  { 279406, true },
+  { 279422, true },
+  { 279433, true },
+  { 279450, true },
+  { 279458, true },
+  { 279471, true },
+  { 279489, true },
+  { 279497, true },
+  { 279507, true },
+  { 279527, true },
+  { 279541, true },
+  { 279551, true },
+  { 279562, true },
+  { 279572, true },
+  { 279582, true },
+  { 279599, true },
+  { 279611, true },
+  { 279626, true },
+  { 279643, true },
+  { 279660, true },
+  { 279668, true },
+  { 279684, true },
+  { 279695, true },
+  { 279711, true },
+  { 279722, true },
+  { 279737, true },
+  { 279750, true },
+  { 279778, true },
+  { 279797, true },
+  { 279812, true },
+  { 279829, true },
+  { 279839, true },
+  { 279852, true },
+  { 279869, true },
+  { 279884, true },
+  { 279901, true },
+  { 279916, true },
+  { 279936, true },
+  { 279951, true },
+  { 279965, true },
+  { 279973, true },
+  { 279981, true },
+  { 279994, true },
+  { 280006, true },
+  { 280017, true },
+  { 280025, true },
+  { 280038, true },
+  { 280046, true },
+  { 280063, true },
+  { 280074, true },
+  { 280087, true },
+  { 280095, true },
+  { 280104, true },
+  { 280116, true },
+  { 280124, true },
+  { 280140, true },
+  { 280151, true },
+  { 280161, true },
+  { 280185, true },
+  { 280197, true },
+  { 280211, true },
+  { 280222, true },
+  { 280231, true },
+  { 280240, true },
+  { 280258, true },
+  { 280271, true },
+  { 280280, true },
+  { 280291, true },
+  { 280302, true },
+  { 280311, true },
+  { 280320, true },
+  { 280329, true },
+  { 280339, true },
+  { 280353, true },
+  { 280363, true },
+  { 280373, true },
+  { 280389, true },
+  { 280397, true },
+  { 280415, true },
+  { 280431, false },
+  { 280451, true },
+  { 280462, true },
+  { 280472, true },
+  { 280481, true },
+  { 280489, true },
+  { 280497, true },
+  { 280505, true },
+  { 280522, true },
+  { 280535, true },
+  { 280546, false },
+  { 280554, true },
+  { 280572, true },
+  { 280581, true },
+  { 280592, false },
+  { 280612, true },
+  { 280619, true },
+  { 280629, true },
+  { 280644, true },
+  { 280659, true },
+  { 280670, false },
+  { 280690, false },
+  { 280706, true },
+  { 280724, true },
+  { 280736, true },
+  { 280752, true },
+  { 280768, true },
+  { 280779, false },
+  { 280790, true },
+  { 280805, true },
+  { 280818, true },
+  { 280835, true },
+  { 280847, true },
+  { 280857, true },
+  { 280868, true },
+  { 280882, true },
+  { 280889, true },
+  { 280905, true },
+  { 280914, true },
+  { 280933, true },
+  { 280948, true },
+  { 280958, true },
+  { 280973, true },
+  { 280994, true },
+  { 281004, true },
+  { 281024, true },
+  { 281038, true },
+  { 281051, true },
+  { 281064, true },
+  { 281083, true },
+  { 281100, true },
+  { 281118, true },
+  { 281132, false },
+  { 281149, true },
+  { 281164, true },
+  { 281184, true },
+  { 281203, true },
+  { 281223, true },
+  { 281239, true },
+  { 281251, true },
+  { 281263, true },
+  { 281282, true },
+  { 281298, true },
+  { 281314, true },
+  { 281330, true },
+  { 281342, true },
+  { 281365, true },
+  { 281377, true },
+  { 281399, true },
+  { 281411, true },
+  { 281424, true },
+  { 281438, true },
+  { 281457, true },
+  { 281475, true },
+  { 281493, true },
+  { 281515, true },
+  { 281538, true },
+  { 281553, true },
+  { 281567, true },
+  { 281582, true },
+  { 281597, true },
+  { 281607, true },
+  { 281623, true },
+  { 281636, true },
+  { 281648, true },
+  { 281656, true },
+  { 281681, true },
+  { 281698, true },
+  { 281713, true },
+  { 281724, true },
+  { 281733, true },
+  { 281742, false },
+  { 281752, true },
+  { 281765, true },
+  { 281780, true },
+  { 281796, true },
+  { 281810, true },
+  { 281827, true },
+  { 281849, true },
+  { 281868, true },
+  { 281887, true },
+  { 281901, true },
+  { 281920, true },
+  { 281937, true },
+  { 281953, true },
+  { 281967, true },
+  { 281987, true },
+  { 282004, true },
+  { 282021, true },
+  { 282035, true },
+  { 282048, true },
+  { 282072, true },
+  { 282086, true },
+  { 282105, true },
+  { 282121, true },
+  { 282145, true },
+  { 282167, false },
+  { 282181, true },
+  { 282194, true },
+  { 282218, true },
+  { 282239, false },
+  { 282256, true },
+  { 282271, true },
+  { 282282, true },
+  { 282293, true },
+  { 282307, true },
+  { 282323, true },
+  { 282337, true },
+  { 282348, true },
+  { 282369, true },
+  { 282385, true },
+  { 282403, true },
+  { 282421, true },
+  { 282434, true },
+  { 282446, true },
+  { 282458, true },
+  { 282474, true },
+  { 282492, true },
+  { 282500, true },
+  { 282513, true },
+  { 282524, true },
+  { 282535, true },
+  { 282543, true },
+  { 282557, false },
+  { 282577, true },
+  { 282588, true },
+  { 282620, true },
+  { 282634, true },
+  { 282643, true },
+  { 282650, true },
+  { 282660, true },
+  { 282668, true },
+  { 282678, false },
+  { 282698, true },
+  { 282719, true },
+  { 282729, true },
+  { 282740, true },
+  { 282751, true },
+  { 282758, true },
+  { 282768, true },
+  { 282783, true },
+  { 282800, true },
+  { 282816, true },
+  { 282827, true },
+  { 282840, true },
+  { 282852, true },
+  { 282865, true },
+  { 282877, true },
+  { 282887, true },
+  { 282898, false },
+  { 282917, true },
+  { 282931, true },
+  { 282965, true },
+  { 282999, false },
+  { 283011, false },
+  { 283024, false },
+  { 283035, false },
+  { 283047, false },
+  { 283068, true },
+  { 283090, true },
+  { 283103, true },
+  { 283115, true },
+  { 283136, true },
+  { 283148, true },
+  { 283161, true },
+  { 283177, true },
+  { 283192, true },
+  { 283210, true },
+  { 283219, true },
+  { 283227, true },
+  { 283239, true },
+  { 283250, true },
+  { 283269, true },
+  { 283287, false },
+  { 283296, true },
+  { 283307, false },
+  { 283323, true },
+  { 283341, true },
+  { 283366, true },
+  { 283385, true },
+  { 283403, true },
+  { 283418, true },
+  { 283430, true },
+  { 283446, true },
+  { 283467, true },
+  { 283475, true },
+  { 283504, true },
+  { 283527, true },
+  { 283540, true },
+  { 283559, true },
+  { 283579, true },
+  { 283594, true },
+  { 283607, true },
+  { 283623, true },
+  { 283638, true },
+  { 283651, true },
+  { 283663, true },
+  { 283681, true },
+  { 283698, true },
+  { 283713, true },
+  { 283732, true },
+  { 283751, true },
+  { 283766, true },
+  { 283777, true },
+  { 283788, true },
+  { 283812, true },
+  { 283826, true },
+  { 283840, true },
+  { 283866, true },
+  { 283886, true },
+  { 283902, true },
+  { 283920, true },
+  { 283934, true },
+  { 283944, false },
+  { 283973, true },
+  { 283987, true },
+  { 284011, true },
+  { 284027, true },
+  { 284041, true },
+  { 284055, true },
+  { 284075, true },
+  { 284088, true },
+  { 284102, true },
+  { 284117, true },
+  { 284131, true },
+  { 284144, true },
+  { 284155, true },
+  { 284169, true },
+  { 284189, true },
+  { 284204, true },
+  { 284215, true },
+  { 284233, true },
+  { 284250, true },
+  { 284258, true },
+  { 284271, true },
+  { 284288, true },
+  { 284300, true },
+  { 284317, true },
+  { 284338, true },
+  { 284357, true },
+  { 284373, true },
+  { 284391, true },
+  { 284411, false },
+  { 284425, true },
+  { 284438, true },
+  { 284446, true },
+  { 284455, true },
+  { 284464, true },
+  { 284481, true },
+  { 284492, true },
+  { 284507, true },
+  { 284523, true },
+  { 284531, true },
+  { 284540, true },
+  { 284550, true },
+  { 284558, true },
+  { 284569, true },
+  { 284591, true },
+  { 284605, true },
+  { 284613, true },
+  { 284625, true },
+  { 284646, true },
+  { 284656, true },
+  { 284668, true },
+  { 284688, true },
+  { 284720, true },
+  { 284749, true },
+  { 284759, true },
+  { 284774, true },
+  { 284794, true },
+  { 284817, true },
+  { 284836, true },
+  { 284855, true },
+  { 284874, true },
+  { 284893, true },
+  { 284912, true },
+  { 284931, true },
+  { 284950, true },
+  { 284969, true },
+  { 284983, true },
+  { 284997, true },
+  { 285014, true },
+  { 285027, true },
+  { 285045, true },
+  { 285062, true },
+  { 285086, true },
+  { 285101, true },
+  { 285119, true },
+  { 285130, true },
+  { 285145, true },
+  { 285159, true },
+  { 285172, true },
+  { 285181, true },
+  { 285198, true },
+  { 285212, true },
+  { 285236, true },
+  { 285251, true },
+  { 285265, true },
+  { 285283, true },
+  { 285296, true },
+  { 285306, true },
+  { 285319, true },
+  { 285328, true },
+  { 285337, true },
+  { 285356, true },
+  { 285372, true },
+  { 285390, true },
+  { 285404, true },
+  { 285415, true },
+  { 285428, true },
+  { 285447, true },
+  { 285460, true },
+  { 285477, true },
+  { 285490, false },
+  { 285507, true },
+  { 285520, true },
+  { 285541, true },
+  { 285551, true },
+  { 285566, true },
+  { 285584, true },
+  { 285599, true },
+  { 285614, true },
+  { 285631, true },
+  { 285650, true },
+  { 285667, true },
+  { 285686, true },
+  { 285698, true },
+  { 285709, true },
+  { 285725, true },
+  { 285739, true },
+  { 285762, true },
+  { 285770, true },
+  { 285783, true },
+  { 285802, true },
+  { 285818, true },
+  { 285834, true },
+  { 285848, true },
+  { 285861, true },
+  { 285874, true },
+  { 285887, true },
+  { 285902, true },
+  { 285912, true },
+  { 285923, true },
+  { 285940, true },
+  { 285959, true },
+  { 285979, true },
+  { 285999, true },
+  { 286015, true },
+  { 286035, true },
+  { 286050, true },
+  { 286060, true },
+  { 286071, true },
+  { 286084, false },
+  { 286099, true },
+  { 286114, false },
+  { 286124, true },
+  { 286134, true },
+  { 286141, false },
+  { 286151, true },
+  { 286169, true },
+  { 286181, true },
+  { 286195, true },
+  { 286202, false },
+  { 286212, true },
+  { 286224, true },
+  { 286232, false },
+  { 286243, true },
+  { 286251, true },
+  { 286265, true },
+  { 286277, true },
+  { 286284, true },
+  { 286292, true },
+  { 286298, true },
+  { 286306, true },
+  { 286319, true },
+  { 286332, true },
+  { 286353, true },
+  { 286369, true },
+  { 286386, true },
+  { 286396, true },
+  { 286418, true },
+  { 286429, true },
+  { 286448, true },
+  { 286465, true },
+  { 286486, true },
+  { 286506, true },
+  { 286520, true },
+  { 286530, true },
+  { 286544, true },
+  { 286561, true },
+  { 286572, true },
+  { 286583, true },
+  { 286592, true },
+  { 286601, true },
+  { 286624, true },
+  { 286637, true },
+  { 286648, true },
+  { 286655, true },
+  { 286662, true },
+  { 286673, true },
+  { 286684, true },
+  { 286700, true },
+  { 286715, true },
+  { 286737, true },
+  { 286763, true },
+  { 286773, true },
+  { 286786, true },
+  { 286806, true },
+  { 286825, false },
+  { 286842, true },
+  { 286863, true },
+  { 286877, true },
+  { 286900, true },
+  { 286908, true },
+  { 286926, true },
+  { 286944, true },
+  { 286955, true },
+  { 286970, true },
+  { 286990, false },
+  { 287004, true },
+  { 287026, true },
+  { 287039, true },
+  { 287050, true },
+  { 287063, true },
+  { 287076, true },
+  { 287093, true },
+  { 287106, true },
+  { 287125, true },
+  { 287136, true },
+  { 287146, true },
+  { 287155, true },
+  { 287165, true },
+  { 287176, true },
+  { 287188, true },
+  { 287198, true },
+  { 287211, true },
+  { 287228, true },
+  { 287236, true },
+  { 287257, true },
+  { 287267, true },
+  { 287288, true },
+  { 287300, true },
+  { 287313, true },
+  { 287324, true },
+  { 287334, true },
+  { 287344, true },
+  { 287356, true },
+  { 287366, true },
+  { 287385, true },
+  { 287409, true },
+  { 287420, true },
+  { 287434, true },
+  { 287449, true },
+  { 287462, true },
+  { 287476, true },
+  { 287487, true },
+  { 287499, true },
+  { 287511, true },
+  { 287523, true },
+  { 287533, true },
+  { 287541, true },
+  { 287554, true },
+  { 287576, false },
+  { 287591, true },
+  { 287614, true },
+  { 287623, true },
+  { 287638, false },
+  { 287650, true },
+  { 287666, true },
+  { 287680, true },
+  { 287689, true },
+  { 287703, true },
+  { 287718, true },
+  { 287735, true },
+  { 287757, true },
+  { 287776, false },
+  { 287791, true },
+  { 287808, true },
+  { 287823, true },
+  { 287838, true },
+  { 287846, true },
+  { 287860, true },
+  { 287872, true },
+  { 287883, true },
+  { 287896, true },
+  { 287913, true },
+  { 287938, true },
+  { 287948, true },
+  { 287969, true },
+  { 287987, true },
+  { 288006, true },
+  { 288027, true },
+  { 288053, true },
+  { 288079, true },
+  { 288095, true },
+  { 288118, true },
+  { 288138, true },
+  { 288154, true },
+  { 288164, true },
+  { 288175, true },
+  { 288194, true },
+  { 288209, true },
+  { 288231, true },
+  { 288252, true },
+  { 288275, true },
+  { 288287, true },
+  { 288301, true },
+  { 288325, true },
+  { 288353, true },
+  { 288380, true },
+  { 288394, true },
+  { 288410, true },
+  { 288427, true },
+  { 288444, false },
+  { 288453, true },
+  { 288467, true },
+  { 288481, true },
+  { 288492, true },
+  { 288503, false },
+  { 288516, false },
+  { 288531, false },
+  { 288555, true },
+  { 288566, true },
+  { 288578, true },
+  { 288592, true },
+  { 288603, true },
+  { 288612, true },
+  { 288625, true },
+  { 288635, true },
+  { 288648, true },
+  { 288662, true },
+  { 288670, true },
+  { 288677, true },
+  { 288688, true },
+  { 288702, true },
+  { 288713, true },
+  { 288724, true },
+  { 288737, true },
+  { 288744, true },
+  { 288751, true },
+  { 288758, true },
+  { 288770, true },
+  { 288777, true },
+  { 288786, true },
+  { 288793, true },
+  { 288801, true },
+  { 288811, true },
+  { 288818, true },
+  { 288825, true },
+  { 288834, true },
+  { 288845, true },
+  { 288854, true },
+  { 288863, true },
+  { 288872, true },
+  { 288885, true },
+  { 288900, true },
+  { 288911, true },
+  { 288921, true },
+  { 288934, true },
+  { 288943, true },
+  { 288955, true },
+  { 288969, true },
+  { 288981, true },
+  { 288994, true },
+  { 289006, true },
+  { 289022, true },
+  { 289039, true },
+  { 289051, true },
+  { 289062, true },
+  { 289077, true },
+  { 289087, true },
+  { 289099, true },
+  { 289112, true },
+  { 289122, true },
+  { 289133, true },
+  { 289144, true },
+  { 289158, true },
+  { 289171, true },
+  { 289181, true },
+  { 289191, true },
+  { 289202, true },
+  { 289214, true },
+  { 289224, true },
+  { 289234, true },
+  { 289247, true },
+  { 289258, true },
+  { 289269, true },
+  { 289279, true },
+  { 289296, true },
+  { 289306, true },
+  { 289319, true },
+  { 289330, true },
+  { 289338, true },
+  { 289355, true },
+  { 289366, true },
+  { 289375, true },
+  { 289400, true },
+  { 289415, true },
+  { 289427, true },
+  { 289442, true },
+  { 289455, true },
+  { 289468, true },
+  { 289477, true },
+  { 289488, true },
+  { 289499, true },
+  { 289510, true },
+  { 289524, true },
+  { 289533, true },
+  { 289548, true },
+  { 289564, true },
+  { 289572, true },
+  { 289584, true },
+  { 289604, true },
+  { 289616, true },
+  { 289624, true },
+  { 289634, true },
+  { 289653, true },
+  { 289661, true },
+  { 289674, true },
+  { 289691, true },
+  { 289702, true },
+  { 289714, true },
+  { 289723, true },
+  { 289731, true },
+  { 289744, true },
+  { 289753, true },
+  { 289762, true },
+  { 289773, true },
+  { 289792, true },
+  { 289811, true },
+  { 289841, true },
+  { 289871, true },
+  { 289887, true },
+  { 289902, true },
+  { 289915, true },
+  { 289932, true },
+  { 289944, true },
+  { 289957, true },
+  { 289973, true },
+  { 289985, true },
+  { 289999, true },
+  { 290009, true },
+  { 290022, true },
+  { 290033, true },
+  { 290041, true },
+  { 290052, true },
+  { 290070, true },
+  { 290084, true },
+  { 290103, false },
+  { 290112, true },
+  { 290122, true },
+  { 290144, true },
+  { 290160, true },
+  { 290172, true },
+  { 290187, true },
+  { 290200, true },
+  { 290214, true },
+  { 290222, true },
+  { 290241, true },
+  { 290255, true },
+  { 290263, true },
+  { 290271, true },
+  { 290283, true },
+  { 290293, true },
+  { 290305, true },
+  { 290317, true },
+  { 290328, true },
+  { 290339, true },
+  { 290351, true },
+  { 290369, true },
+  { 290378, true },
+  { 290391, true },
+  { 290404, true },
+  { 290416, true },
+  { 290426, true },
+  { 290436, true },
+  { 290446, true },
+  { 290456, true },
+  { 290465, true },
+  { 290477, true },
+  { 290488, true },
+  { 290499, false },
+  { 290515, true },
+  { 290526, true },
+  { 290540, true },
+  { 290552, true },
+  { 290562, true },
+  { 290575, true },
+  { 290588, true },
+  { 290598, true },
+  { 290612, true },
+  { 290635, true },
+  { 290650, true },
+  { 290662, true },
+  { 290674, true },
+  { 290686, true },
+  { 290706, true },
+  { 290720, true },
+  { 290731, true },
+  { 290767, true },
+  { 290780, true },
+  { 290793, true },
+  { 290805, true },
+  { 290823, true },
+  { 290834, true },
+  { 290857, false },
+  { 290871, true },
+  { 290883, true },
+  { 290896, true },
+  { 290905, true },
+  { 290918, false },
+  { 290928, true },
+  { 290942, true },
+  { 290955, true },
+  { 290967, true },
+  { 290979, true },
+  { 290989, true },
+  { 291003, true },
+  { 291017, true },
+  { 291032, true },
+  { 291047, true },
+  { 291059, true },
+  { 291070, true },
+  { 291080, true },
+  { 291095, true },
+  { 291108, true },
+  { 291120, true },
+  { 291132, true },
+  { 291143, true },
+  { 291155, true },
+  { 291166, true },
+  { 291180, true },
+  { 291197, true },
+  { 291206, true },
+  { 291217, true },
+  { 291227, true },
+  { 291240, true },
+  { 291255, true },
+  { 291265, true },
+  { 291277, false },
+  { 291286, true },
+  { 291305, true },
+  { 291320, true },
+  { 291336, true },
+  { 291351, true },
+  { 291365, true },
+  { 291375, true },
+  { 291392, true },
+  { 291404, true },
+  { 291422, true },
+  { 291437, true },
+  { 291447, true },
+  { 291460, true },
+  { 291475, false },
+  { 291491, true },
+  { 291503, true },
+  { 291520, true },
+  { 291533, true },
+  { 291545, true },
+  { 291556, true },
+  { 291569, false },
+  { 291584, true },
+  { 291599, true },
+  { 291609, true },
+  { 291619, true },
+  { 291636, true },
+  { 291650, true },
+  { 291664, true },
+  { 291687, true },
+  { 291699, true },
+  { 291710, true },
+  { 291726, true },
+  { 291737, true },
+  { 291748, true },
+  { 291761, false },
+  { 291779, true },
+  { 291797, true },
+  { 291810, true },
+  { 291830, false },
+  { 291849, true },
+  { 291869, true },
+  { 291891, true },
+  { 291915, true },
+  { 291934, true },
+  { 291946, true },
+  { 291961, true },
+  { 291979, true },
+  { 291995, true },
+  { 292006, true },
+  { 292022, true },
+  { 292038, true },
+  { 292052, true },
+  { 292071, true },
+  { 292088, true },
+  { 292102, true },
+  { 292117, true },
+  { 292133, true },
+  { 292150, true },
+  { 292172, true },
+  { 292194, true },
+  { 292215, false },
+  { 292229, true },
+  { 292248, true },
+  { 292259, true },
+  { 292278, true },
+  { 292291, true },
+  { 292305, true },
+  { 292316, true },
+  { 292336, true },
+  { 292347, true },
+  { 292362, true },
+  { 292378, true },
+  { 292393, true },
+  { 292408, true },
+  { 292422, true },
+  { 292435, true },
+  { 292458, true },
+  { 292472, true },
+  { 292489, true },
+  { 292516, true },
+  { 292542, true },
+  { 292556, true },
+  { 292571, true },
+  { 292588, true },
+  { 292608, true },
+  { 292620, true },
+  { 292645, true },
+  { 292660, true },
+  { 292676, true },
+  { 292691, true },
+  { 292703, true },
+  { 292713, true },
+  { 292728, true },
+  { 292739, true },
+  { 292754, true },
+  { 292786, true },
+  { 292800, true },
+  { 292816, true },
+  { 292833, true },
+  { 292848, true },
+  { 292877, true },
+  { 292891, true },
+  { 292902, true },
+  { 292922, true },
+  { 292937, true },
+  { 292956, true },
+  { 292975, true },
+  { 292993, true },
+  { 293007, true },
+  { 293020, true },
+  { 293035, true },
+  { 293050, true },
+  { 293057, true },
+  { 293073, true },
+  { 293084, true },
+  { 293097, true },
+  { 293107, true },
+  { 293118, true },
+  { 293132, true },
+  { 293146, true },
+  { 293159, true },
+  { 293171, true },
+  { 293183, true },
+  { 293194, true },
+  { 293209, true },
+  { 293223, true },
+  { 293234, true },
+  { 293247, true },
+  { 293265, true },
+  { 293281, true },
+  { 293297, true },
+  { 293311, true },
+  { 293327, true },
+  { 293356, true },
+  { 293379, true },
+  { 293395, true },
+  { 293419, true },
+  { 293438, true },
+  { 293447, true },
+  { 293462, true },
+  { 293472, true },
+  { 293480, true },
+  { 293493, true },
+  { 293509, true },
+  { 293517, true },
+  { 293527, true },
+  { 293537, true },
+  { 293546, true },
+  { 293554, true },
+  { 293570, true },
+  { 293585, true },
+  { 293594, true },
+  { 293608, true },
+  { 293620, true },
+  { 293629, true },
+  { 293642, true },
+  { 293650, true },
+  { 293661, true },
+  { 293674, true },
+  { 293684, true },
+  { 293698, true },
+  { 293707, true },
+  { 293715, true },
+  { 293727, false },
+  { 293747, true },
+  { 293757, false },
+  { 293768, true },
+  { 293784, true },
+  { 293807, true },
+  { 293826, true },
+  { 293838, true },
+  { 293846, false },
+  { 293858, true },
+  { 293872, false },
+  { 293889, true },
+  { 293902, true },
+  { 293920, true },
+  { 293940, false },
+  { 293960, true },
+  { 293975, true },
+  { 293985, true },
+  { 294002, true },
+  { 294017, true },
+  { 294033, true },
+  { 294048, true },
+  { 294061, true },
+  { 294075, true },
+  { 294093, true },
+  { 294107, true },
+  { 294122, true },
+  { 294137, true },
+  { 294145, true },
+  { 294160, true },
+  { 294174, true },
+  { 294190, true },
+  { 294205, true },
+  { 294229, true },
+  { 294251, true },
+  { 294272, true },
+  { 294291, true },
+  { 294306, true },
+  { 294322, true },
+  { 294341, true },
+  { 294352, true },
+  { 294370, true },
+  { 294379, true },
+  { 294388, true },
+  { 294400, true },
+  { 294415, true },
+  { 294429, true },
+  { 294442, true },
+  { 294461, true },
+  { 294480, true },
+  { 294499, true },
+  { 294507, true },
+  { 294515, true },
+  { 294524, true },
+  { 294536, true },
+  { 294548, true },
+  { 294556, true },
+  { 294565, true },
+  { 294577, true },
+  { 294585, true },
+  { 294599, true },
+  { 294625, true },
+  { 294648, false },
+  { 294664, true },
+  { 294676, true },
+  { 294689, true },
+  { 294703, true },
+  { 294723, true },
+  { 294744, true },
+  { 294755, true },
+  { 294774, true },
+  { 294789, true },
+  { 294803, true },
+  { 294817, true },
+  { 294831, true },
+  { 294846, true },
+  { 294860, true },
+  { 294874, true },
+  { 294888, true },
+  { 294909, true },
+  { 294923, true },
+  { 294940, true },
+  { 294955, true },
+  { 294969, true },
+  { 294987, false },
+  { 295007, false },
+  { 295022, true },
+  { 295035, true },
+  { 295043, true },
+  { 295058, true },
+  { 295073, true },
+  { 295090, true },
+  { 295102, true },
+  { 295113, true },
+  { 295123, true },
+  { 295139, true },
+  { 295156, true },
+  { 295180, false },
+  { 295190, true },
+  { 295198, true },
+  { 295205, true },
+  { 295216, true },
+  { 295229, true },
+  { 295245, true },
+  { 295264, true },
+  { 295280, true },
+  { 295292, true },
+  { 295308, true },
+  { 295322, true },
+  { 295335, true },
+  { 295352, true },
+  { 295369, true },
+  { 295381, true },
+  { 295389, true },
+  { 295406, true },
+  { 295419, true },
+  { 295436, true },
+  { 295451, false },
+  { 295460, true },
+  { 295469, true },
+  { 295485, true },
+  { 295500, true },
+  { 295510, true },
+  { 295519, true },
+  { 295529, true },
+  { 295545, true },
+  { 295565, true },
+  { 295585, true },
+  { 295599, true },
+  { 295625, true },
+  { 295640, true },
+  { 295655, true },
+  { 295665, true },
+  { 295678, true },
+  { 295693, true },
+  { 295706, true },
+  { 295718, true },
+  { 295739, true },
+  { 295747, true },
+  { 295755, true },
+  { 295765, false },
+  { 295776, true },
+  { 295793, true },
+  { 295803, true },
+  { 295813, true },
+  { 295833, true },
+  { 295847, true },
+  { 295857, true },
+  { 295870, true },
+  { 295880, false },
+  { 295900, true },
+  { 295908, true },
+  { 295926, true },
+  { 295937, true },
+  { 295947, true },
+  { 295955, true },
+  { 295964, false },
+  { 295971, true },
+  { 295978, true },
+  { 295986, true },
+  { 295996, true },
+  { 296002, true },
+  { 296013, true },
+  { 296021, true },
+  { 296033, false },
+  { 296053, true },
+  { 296068, true },
+  { 296095, true },
+  { 296104, true },
+  { 296112, true },
+  { 296121, true },
+  { 296130, true },
+  { 296138, true },
+  { 296152, true },
+  { 296169, true },
+  { 296184, true },
+  { 296198, true },
+  { 296210, true },
+  { 296220, true },
+  { 296232, true },
+  { 296254, true },
+  { 296268, true },
+  { 296277, true },
+  { 296293, true },
+  { 296311, true },
+  { 296323, true },
+  { 296335, true },
+  { 296350, true },
+  { 296361, true },
+  { 296383, true },
+  { 296394, true },
+  { 296402, true },
+  { 296418, true },
+  { 296439, true },
+  { 296449, true },
+  { 296459, true },
+  { 296467, true },
+  { 296479, true },
+  { 296488, true },
+  { 296498, false },
+  { 296533, true },
+  { 296552, true },
+  { 296565, true },
+  { 296575, true },
+  { 296587, true },
+  { 296602, true },
+  { 296611, true },
+  { 296622, true },
+  { 296634, true },
+  { 296648, true },
+  { 296664, true },
+  { 296682, true },
+  { 296695, true },
+  { 296711, true },
+  { 296721, true },
+  { 296734, true },
+  { 296751, true },
+  { 296764, true },
+  { 296778, true },
+  { 296793, true },
+  { 296807, true },
+  { 296819, true },
+  { 296843, true },
+  { 296851, true },
+  { 296863, true },
+  { 296882, true },
+  { 296896, true },
+  { 296908, true },
+  { 296920, true },
+  { 296936, true },
+  { 296948, true },
+  { 296964, true },
+  { 296983, true },
+  { 297009, true },
+  { 297021, true },
+  { 297046, true },
+  { 297066, true },
+  { 297084, true },
+  { 297101, true },
+  { 297110, true },
+  { 297121, true },
+  { 297139, true },
+  { 297153, true },
+  { 297177, true },
+  { 297193, true },
+  { 297211, true },
+  { 297228, true },
+  { 297240, true },
+  { 297253, true },
+  { 297269, true },
+  { 297282, true },
+  { 297302, true },
+  { 297333, true },
+  { 297352, true },
+  { 297376, true },
+  { 297406, true },
+  { 297423, true },
+  { 297444, true },
+  { 297463, true },
+  { 297487, true },
+  { 297505, true },
+  { 297531, true },
+  { 297550, true },
+  { 297571, true },
+  { 297587, true },
+  { 297612, true },
+  { 297635, true },
+  { 297654, true },
+  { 297668, true },
+  { 297684, true },
+  { 297697, true },
+  { 297713, true },
+  { 297724, true },
+  { 297736, true },
+  { 297753, true },
+  { 297784, true },
+  { 297814, false },
+  { 297830, true },
+  { 297841, true },
+  { 297853, true },
+  { 297864, true },
+  { 297877, true },
+  { 297886, true },
+  { 297899, true },
+  { 297911, true },
+  { 297922, true },
+  { 297935, true },
+  { 297948, true },
+  { 297968, true },
+  { 297987, true },
+  { 298005, true },
+  { 298022, true },
+  { 298036, true },
+  { 298052, true },
+  { 298077, true },
+  { 298106, true },
+  { 298126, true },
+  { 298141, true },
+  { 298152, true },
+  { 298167, true },
+  { 298183, true },
+  { 298195, true },
+  { 298205, true },
+  { 298222, true },
+  { 298240, true },
+  { 298252, false },
+  { 298266, true },
+  { 298280, true },
+  { 298289, true },
+  { 298302, true },
+  { 298317, true },
+  { 298327, true },
+  { 298341, false },
+  { 298355, true },
+  { 298369, true },
+  { 298383, true },
+  { 298406, true },
+  { 298418, true },
+  { 298428, true },
+  { 298441, true },
+  { 298456, true },
+  { 298469, true },
+  { 298483, true },
+  { 298495, true },
+  { 298508, true },
+  { 298525, true },
+  { 298539, true },
+  { 298556, true },
+  { 298575, true },
+  { 298589, true },
+  { 298601, true },
+  { 298621, false },
+  { 298636, true },
+  { 298648, true },
+  { 298659, true },
+  { 298670, true },
+  { 298684, true },
+  { 298696, true },
+  { 298711, false },
+  { 298731, true },
+  { 298740, true },
+  { 298747, true },
+  { 298758, true },
+  { 298766, true },
+  { 298776, true },
+  { 298783, true },
+  { 298793, true },
+  { 298801, true },
+  { 298809, true },
+  { 298825, true },
+  { 298839, true },
+  { 298847, true },
+  { 298855, true },
+  { 298868, true },
+  { 298883, true },
+  { 298893, true },
+  { 298905, true },
+  { 298920, true },
+  { 298930, true },
+  { 298937, true },
+  { 298949, true },
+  { 298956, true },
+  { 298963, true },
+  { 298975, true },
+  { 298989, true },
+  { 298998, true },
+  { 299017, true },
+  { 299026, true },
+  { 299038, true },
+  { 299050, true },
+  { 299062, true },
+  { 299085, true },
+  { 299096, true },
+  { 299110, true },
+  { 299122, true },
+  { 299133, true },
+  { 299143, true },
+  { 299166, true },
+  { 299181, true },
+  { 299189, true },
+  { 299208, true },
+  { 299223, true },
+  { 299241, true },
+  { 299260, true },
+  { 299276, true },
+  { 299291, true },
+  { 299299, true },
+  { 299324, true },
+  { 299338, true },
+  { 299349, true },
+  { 299364, true },
+  { 299378, true },
+  { 299391, true },
+  { 299411, true },
+  { 299425, true },
+  { 299435, true },
+  { 299450, false },
+  { 299471, true },
+  { 299486, true },
+  { 299503, true },
+  { 299524, true },
+  { 299535, true },
+  { 299555, true },
+  { 299566, true },
+  { 299574, true },
+  { 299585, true },
+  { 299602, true },
+  { 299616, true },
+  { 299625, true },
+  { 299638, true },
+  { 299650, true },
+  { 299662, true },
+  { 299676, true },
+  { 299692, true },
+  { 299702, true },
+  { 299718, true },
+  { 299731, true },
+  { 299763, true },
+  { 299776, true },
+  { 299795, true },
+  { 299809, false },
+  { 299822, true },
+  { 299842, true },
+  { 299856, true },
+  { 299873, true },
+  { 299887, true },
+  { 299898, true },
+  { 299907, true },
+  { 299917, true },
+  { 299924, true },
+  { 299931, true },
+  { 299943, false },
+  { 299952, true },
+  { 299961, true },
+  { 299970, true },
+  { 299978, true },
+  { 299993, true },
+  { 300003, true },
+  { 300011, true },
+  { 300024, true },
+  { 300036, true },
+  { 300049, true },
+  { 300060, true },
+  { 300070, true },
+  { 300080, true },
+  { 300091, true },
+  { 300100, true },
+  { 300109, true },
+  { 300127, true },
+  { 300145, true },
+  { 300155, true },
+  { 300166, false },
+  { 300177, true },
+  { 300188, true },
+  { 300204, true },
+  { 300212, false },
+  { 300220, true },
+  { 300234, true },
+  { 300245, true },
+  { 300254, true },
+  { 300270, true },
+  { 300276, true },
+  { 300289, true },
+  { 300300, true },
+  { 300312, true },
+  { 300327, true },
+  { 300349, true },
+  { 300363, true },
+  { 300382, true },
+  { 300406, true },
+  { 300427, false },
+  { 300439, false },
+  { 300465, true },
+  { 300482, true },
+  { 300500, true },
+  { 300517, true },
+  { 300531, true },
+  { 300541, true },
+  { 300555, true },
+  { 300570, true },
+  { 300583, true },
+  { 300601, true },
+  { 300618, false },
+  { 300630, true },
+  { 300643, true },
+  { 300655, true },
+  { 300668, true },
+  { 300682, true },
+  { 300692, true },
+  { 300707, true },
+  { 300723, true },
+  { 300738, true },
+  { 300749, true },
+  { 300757, true },
+  { 300775, true },
+  { 300792, true },
+  { 300801, true },
+  { 300813, true },
+  { 300824, true },
+  { 300843, true },
+  { 300856, true },
+  { 300867, true },
+  { 300879, true },
+  { 300891, true },
+  { 300904, true },
+  { 300916, true },
+  { 300933, true },
+  { 300945, true },
+  { 300967, true },
+  { 300974, true },
+  { 300987, true },
+  { 301004, true },
+  { 301012, true },
+  { 301034, true },
+  { 301044, true },
+  { 301055, true },
+  { 301065, true },
+  { 301073, true },
+  { 301086, true },
+  { 301094, true },
+  { 301103, true },
+  { 301115, false },
+  { 301126, true },
+  { 301135, true },
+  { 301146, true },
+  { 301163, true },
+  { 301181, true },
+  { 301200, true },
+  { 301214, true },
+  { 301226, true },
+  { 301238, true },
+  { 301249, true },
+  { 301265, true },
+  { 301282, true },
+  { 301295, true },
+  { 301311, true },
+  { 301338, true },
+  { 301350, true },
+  { 301360, true },
+  { 301370, false },
+  { 301381, true },
+  { 301389, true },
+  { 301399, true },
+  { 301428, true },
+  { 301448, true },
+  { 301468, true },
+  { 301482, true },
+  { 301492, true },
+  { 301528, true },
+  { 301561, true },
+  { 301584, true },
+  { 301597, true },
+  { 301609, true },
+  { 301621, true },
+  { 301641, true },
+  { 301651, true },
+  { 301660, true },
+  { 301678, true },
+  { 301695, true },
+  { 301710, true },
+  { 301722, false },
+  { 301745, true },
+  { 301765, true },
+  { 301785, true },
+  { 301803, true },
+  { 301821, false },
+  { 301840, true },
+  { 301854, true },
+  { 301868, true },
+  { 301885, true },
+  { 301900, true },
+  { 301912, true },
+  { 301921, true },
+  { 301935, true },
+  { 301944, true },
+  { 301951, true },
+  { 301959, true },
+  { 301968, true },
+  { 301976, true },
+  { 301985, true },
+  { 301997, true },
+  { 302017, true },
+  { 302026, true },
+  { 302034, true },
+  { 302047, true },
+  { 302055, true },
+  { 302068, true },
+  { 302083, true },
+  { 302090, true },
+  { 302101, true },
+  { 302118, true },
+  { 302143, true },
+  { 302154, true },
+  { 302162, true },
+  { 302176, true },
+  { 302188, true },
+  { 302204, true },
+  { 302225, true },
+  { 302240, true },
+  { 302257, true },
+  { 302267, true },
+  { 302281, true },
+  { 302289, true },
+  { 302304, true },
+  { 302312, true },
+  { 302320, true },
+  { 302332, true },
+  { 302353, true },
+  { 302361, true },
+  { 302373, true },
+  { 302381, true },
+  { 302395, true },
+  { 302408, true },
+  { 302426, true },
+  { 302441, true },
+  { 302456, true },
+  { 302464, true },
+  { 302476, true },
+  { 302506, true },
+  { 302526, false },
+  { 302534, true },
+  { 302552, true },
+  { 302562, true },
+  { 302582, true },
+  { 302594, true },
+  { 302614, true },
+  { 302628, true },
+  { 302639, true },
+  { 302662, true },
+  { 302688, true },
+  { 302714, true },
+  { 302729, true },
+  { 302755, true },
+  { 302767, true },
+  { 302796, true },
+  { 302806, true },
+  { 302815, true },
+  { 302828, true },
+  { 302849, true },
+  { 302861, true },
+  { 302877, true },
+  { 302892, true },
+  { 302902, true },
+  { 302919, true },
+  { 302937, true },
+  { 302968, true },
+  { 302988, true },
+  { 303005, true },
+  { 303022, true },
+  { 303051, true },
+  { 303068, true },
+  { 303086, true },
+  { 303099, true },
+  { 303111, true },
+  { 303120, true },
+  { 303133, true },
+  { 303148, true },
+  { 303163, true },
+  { 303177, true },
+  { 303189, true },
+  { 303199, true },
+  { 303210, true },
+  { 303223, true },
+  { 303240, true },
+  { 303260, true },
+  { 303273, true },
+  { 303294, true },
+  { 303302, true },
+  { 303314, true },
+  { 303324, true },
+  { 303341, true },
+  { 303358, true },
+  { 303375, true },
+  { 303397, true },
+  { 303406, true },
+  { 303432, true },
+  { 303444, true },
+  { 303456, true },
+  { 303465, true },
+  { 303479, true },
+  { 303493, true },
+  { 303505, true },
+  { 303517, false },
+  { 303532, false },
+  { 303550, false },
+  { 303565, true },
+  { 303578, true },
+  { 303592, true },
+  { 303605, true },
+  { 303618, true },
+  { 303631, true },
+  { 303643, true },
+  { 303661, true },
+  { 303674, true },
+  { 303694, true },
+  { 303703, true },
+  { 303717, true },
+  { 303724, true },
+  { 303735, true },
+  { 303746, true },
+  { 303769, true },
+  { 303782, true },
+  { 303799, true },
+  { 303811, true },
+  { 303822, true },
+  { 303839, true },
+  { 303851, true },
+  { 303863, true },
+  { 303876, false },
+  { 303888, true },
+  { 303902, true },
+  { 303913, true },
+  { 303932, true },
+  { 303942, true },
+  { 303961, true },
+  { 303978, true },
+  { 303991, false },
+  { 304009, true },
+  { 304019, false },
+  { 304030, true },
+  { 304045, true },
+  { 304056, true },
+  { 304072, true },
+  { 304089, true },
+  { 304106, true },
+  { 304123, true },
+  { 304143, true },
+  { 304164, true },
+  { 304175, true },
+  { 304188, true },
+  { 304198, true },
+  { 304213, true },
+  { 304223, true },
+  { 304234, true },
+  { 304252, true },
+  { 304263, true },
+  { 304277, true },
+  { 304287, true },
+  { 304299, true },
+  { 304314, true },
+  { 304325, true },
+  { 304350, true },
+  { 304377, true },
+  { 304403, true },
+  { 304428, true },
+  { 304446, true },
+  { 304463, true },
+  { 304480, true },
+  { 304499, true },
+  { 304511, false },
+  { 304531, true },
+  { 304555, true },
+  { 304580, true },
+  { 304601, true },
+  { 304624, true },
+  { 304641, true },
+  { 304666, true },
+  { 304687, true },
+  { 304709, true },
+  { 304739, true },
+  { 304760, true },
+  { 304777, true },
+  { 304799, false },
+  { 304812, true },
+  { 304836, true },
+  { 304858, true },
+  { 304874, true },
+  { 304884, true },
+  { 304907, true },
+  { 304919, true },
+  { 304928, true },
+  { 304935, true },
+  { 304947, true },
+  { 304956, true },
+  { 304975, true },
+  { 304984, true },
+  { 304991, true },
+  { 305004, true },
+  { 305023, true },
+  { 305035, true },
+  { 305052, true },
+  { 305066, true },
+  { 305081, true },
+  { 305100, true },
+  { 305117, true },
+  { 305130, true },
+  { 305139, true },
+  { 305149, true },
+  { 305159, true },
+  { 305170, true },
+  { 305180, true },
+  { 305190, true },
+  { 305201, true },
+  { 305217, true },
+  { 305238, true },
+  { 305254, true },
+  { 305274, true },
+  { 305284, true },
+  { 305295, true },
+  { 305303, true },
+  { 305314, true },
+  { 305324, true },
+  { 305334, true },
+  { 305353, true },
+  { 305365, true },
+  { 305372, true },
+  { 305384, true },
+  { 305395, true },
+  { 305409, true },
+  { 305423, true },
+  { 305438, true },
+  { 305462, true },
+  { 305478, true },
+  { 305492, true },
+  { 305517, true },
+  { 305532, true },
+  { 305540, true },
+  { 305558, true },
+  { 305570, true },
+  { 305583, true },
+  { 305594, true },
+  { 305605, true },
+  { 305620, true },
+  { 305635, true },
+  { 305654, true },
+  { 305675, true },
+  { 305690, true },
+  { 305704, true },
+  { 305715, true },
+  { 305750, true },
+  { 305760, true },
+  { 305775, true },
+  { 305795, true },
+  { 305809, true },
+  { 305824, true },
+  { 305836, true },
+  { 305847, true },
+  { 305862, true },
+  { 305877, true },
+  { 305891, true },
+  { 305907, true },
+  { 305924, true },
+  { 305940, true },
+  { 305956, true },
+  { 305972, true },
+  { 305990, true },
+  { 306004, true },
+  { 306016, true },
+  { 306034, true },
+  { 306053, true },
+  { 306073, true },
+  { 306085, true },
+  { 306101, true },
+  { 306118, true },
+  { 306132, true },
+  { 306147, true },
+  { 306161, true },
+  { 306175, true },
+  { 306186, true },
+  { 306203, true },
+  { 306215, true },
+  { 306232, true },
+  { 306242, true },
+  { 306252, true },
+  { 306263, true },
+  { 306275, true },
+  { 306284, true },
+  { 306292, true },
+  { 306307, true },
+  { 306329, true },
+  { 306350, true },
+  { 306364, true },
+  { 306376, true },
+  { 306394, true },
+  { 306409, true },
+  { 306416, true },
+  { 306427, true },
+  { 306439, true },
+  { 306453, true },
+  { 306474, true },
+  { 306485, true },
+  { 306492, true },
+  { 306503, true },
+  { 306520, true },
+  { 306533, false },
+  { 306545, true },
+  { 306560, true },
+  { 306576, true },
+  { 306590, true },
+  { 306609, true },
+  { 306626, true },
+  { 306644, true },
+  { 306656, true },
+  { 306678, true },
+  { 306689, true },
+  { 306706, true },
+  { 306718, true },
+  { 306728, true },
+  { 306741, true },
+  { 306752, true },
+  { 306767, true },
+  { 306783, true },
+  { 306803, true },
+  { 306824, true },
+  { 306842, true },
+  { 306857, true },
+  { 306871, true },
+  { 306887, true },
+  { 306911, true },
+  { 306922, true },
+  { 306933, true },
+  { 306947, true },
+  { 306969, true },
+  { 306984, true },
+  { 307001, true },
+  { 307018, true },
+  { 307030, true },
+  { 307045, true },
+  { 307057, true },
+  { 307072, true },
+  { 307082, true },
+  { 307095, true },
+  { 307108, true },
+  { 307121, true },
+  { 307134, true },
+  { 307148, true },
+  { 307157, false },
+  { 307180, false },
+  { 307200, true },
+  { 307221, true },
+  { 307236, true },
+  { 307250, true },
+  { 307269, true },
+  { 307280, true },
+  { 307294, true },
+  { 307309, true },
+  { 307319, true },
+  { 307330, false },
+  { 307343, true },
+  { 307358, true },
+  { 307369, true },
+  { 307383, true },
+  { 307402, true },
+  { 307418, true },
+  { 307437, true },
+  { 307451, true },
+  { 307472, true },
+  { 307492, true },
+  { 307503, false },
+  { 307514, true },
+  { 307523, true },
+  { 307539, true },
+  { 307547, true },
+  { 307555, true },
+  { 307569, true },
+  { 307608, true },
+  { 307630, true },
+  { 307641, true },
+  { 307653, true },
+  { 307670, true },
+  { 307678, true },
+  { 307691, true },
+  { 307700, true },
+  { 307708, true },
+  { 307724, true },
+  { 307741, true },
+  { 307755, true },
+  { 307764, true },
+  { 307772, true },
+  { 307787, true },
+  { 307798, true },
+  { 307808, true },
+  { 307819, true },
+  { 307830, true },
+  { 307840, true },
+  { 307854, true },
+  { 307865, true },
+  { 307876, true },
+  { 307886, true },
+  { 307900, true },
+  { 307910, true },
+  { 307921, true },
+  { 307932, true },
+  { 307944, true },
+  { 307951, true },
+  { 307963, true },
+  { 307973, true },
+  { 307984, true },
+  { 308006, true },
+  { 308025, true },
+  { 308033, true },
+  { 308045, true },
+  { 308064, true },
+  { 308078, true },
+  { 308099, true },
+  { 308122, true },
+  { 308137, true },
+  { 308159, true },
+  { 308168, true },
+  { 308177, true },
+  { 308189, true },
+  { 308207, true },
+  { 308220, true },
+  { 308234, true },
+  { 308246, true },
+  { 308257, true },
+  { 308268, true },
+  { 308289, true },
+  { 308308, true },
+  { 308318, true },
+  { 308330, true },
+  { 308339, true },
+  { 308351, true },
+  { 308367, true },
+  { 308374, true },
+  { 308382, true },
+  { 308397, true },
+  { 308417, true },
+  { 308425, true },
+  { 308438, true },
+  { 308457, true },
+  { 308470, true },
+  { 308487, true },
+  { 308496, true },
+  { 308508, true },
+  { 308527, true },
+  { 308541, true },
+  { 308556, true },
+  { 308576, true },
+  { 308601, true },
+  { 308624, true },
+  { 308637, true },
+  { 308647, true },
+  { 308659, true },
+  { 308683, true },
+  { 308699, true },
+  { 308715, true },
+  { 308738, true },
+  { 308752, true },
+  { 308768, true },
+  { 308790, true },
+  { 308807, true },
+  { 308823, true },
+  { 308840, true },
+  { 308854, true },
+  { 308869, true },
+  { 308884, true },
+  { 308899, true },
+  { 308920, true },
+  { 308936, true },
+  { 308955, true },
+  { 308971, true },
+  { 308983, true },
+  { 308991, true },
+  { 309001, true },
+  { 309018, true },
+  { 309036, true },
+  { 309048, true },
+  { 309056, true },
+  { 309072, true },
+  { 309081, true },
+  { 309089, true },
+  { 309101, false },
+  { 309110, true },
+  { 309121, true },
+  { 309133, true },
+  { 309147, true },
+  { 309159, true },
+  { 309170, true },
+  { 309183, true },
+  { 309195, true },
+  { 309205, true },
+  { 309216, true },
+  { 309225, true },
+  { 309248, true },
+  { 309262, true },
+  { 309275, true },
+  { 309288, true },
+  { 309302, true },
+  { 309315, true },
+  { 309328, true },
+  { 309340, true },
+  { 309348, true },
+  { 309358, false },
+  { 309367, true },
+  { 309383, true },
+  { 309390, true },
+  { 309399, true },
+  { 309413, true },
+  { 309421, false },
+  { 309441, true },
+  { 309460, true },
+  { 309472, true },
+  { 309486, true },
+  { 309505, true },
+  { 309522, true },
+  { 309538, true },
+  { 309554, true },
+  { 309571, true },
+  { 309589, true },
+  { 309605, true },
+  { 309615, true },
+  { 309628, true },
+  { 309637, true },
+  { 309649, true },
+  { 309680, true },
+  { 309707, true },
+  { 309735, false },
+  { 309749, true },
+  { 309763, true },
+  { 309773, true },
+  { 309786, true },
+  { 309802, true },
+  { 309818, false },
+  { 309828, true },
+  { 309864, true },
+  { 309874, true },
+  { 309886, true },
+  { 309899, true },
+  { 309911, true },
+  { 309923, true },
+  { 309938, true },
+  { 309951, true },
+  { 309963, true },
+  { 309977, true },
+  { 309991, true },
+  { 310005, true },
+  { 310023, false },
+  { 310040, true },
+  { 310058, true },
+  { 310076, true },
+  { 310095, true },
+  { 310113, true },
+  { 310131, true },
+  { 310149, false },
+  { 310162, true },
+  { 310177, true },
+  { 310191, true },
+  { 310209, true },
+  { 310219, true },
+  { 310230, true },
+  { 310239, true },
+  { 310259, true },
+  { 310271, true },
+  { 310289, true },
+  { 310312, true },
+  { 310325, true },
+  { 310339, true },
+  { 310351, true },
+  { 310371, true },
+  { 310382, true },
+  { 310393, true },
+  { 310415, true },
+  { 310429, true },
+  { 310446, true },
+  { 310457, true },
+  { 310466, true },
+  { 310479, true },
+  { 310492, true },
+  { 310502, true },
+  { 310516, true },
+  { 310527, true },
+  { 310545, true },
+  { 310555, true },
+  { 310568, true },
+  { 310584, true },
+  { 310599, true },
+  { 310608, true },
+  { 310621, true },
+  { 310636, true },
+  { 310648, true },
+  { 310658, true },
+  { 310670, true },
+  { 310681, true },
+  { 310701, true },
+  { 310710, true },
+  { 310726, true },
+  { 310743, true },
+  { 310756, true },
+  { 310775, true },
+  { 310784, true },
+  { 310803, true },
+  { 310811, true },
+  { 310824, false },
+  { 310835, true },
+  { 310853, true },
+  { 310869, true },
+  { 310885, true },
+  { 310905, true },
+  { 310921, false },
+  { 310936, true },
+  { 310953, false },
+  { 310964, true },
+  { 310976, false },
+  { 310983, true },
+  { 310999, true },
+  { 311015, true },
+  { 311034, true },
+  { 311048, true },
+  { 311061, true },
+  { 311079, true },
+  { 311098, true },
+  { 311116, true },
+  { 311130, true },
+  { 311147, true },
+  { 311162, true },
+  { 311179, true },
+  { 311193, true },
+  { 311209, true },
+  { 311230, true },
+  { 311242, true },
+  { 311256, true },
+  { 311272, true },
+  { 311289, true },
+  { 311305, true },
+  { 311327, true },
+  { 311352, true },
+  { 311375, true },
+  { 311392, true },
+  { 311413, true },
+  { 311432, true },
+  { 311444, false },
+  { 311458, true },
+  { 311472, true },
+  { 311486, true },
+  { 311503, true },
+  { 311523, true },
+  { 311536, true },
+  { 311557, true },
+  { 311569, true },
+  { 311581, true },
+  { 311600, true },
+  { 311624, true },
+  { 311637, true },
+  { 311647, true },
+  { 311668, true },
+  { 311688, true },
+  { 311709, true },
+  { 311722, true },
+  { 311743, true },
+  { 311766, true },
+  { 311788, true },
+  { 311810, true },
+  { 311832, true },
+  { 311845, true },
+  { 311864, true },
+  { 311887, true },
+  { 311912, true },
+  { 311930, true },
+  { 311948, true },
+  { 311964, true },
+  { 311978, true },
+  { 311988, true },
+  { 312009, true },
+  { 312023, true },
+  { 312033, true },
+  { 312056, true },
+  { 312072, true },
+  { 312088, true },
+  { 312114, true },
+  { 312142, false },
+  { 312169, true },
+  { 312180, true },
+  { 312196, true },
+  { 312206, true },
+  { 312221, true },
+  { 312237, true },
+  { 312253, true },
+  { 312274, true },
+  { 312293, true },
+  { 312314, true },
+  { 312350, true },
+  { 312372, true },
+  { 312399, true },
+  { 312423, true },
+  { 312450, true },
+  { 312475, true },
+  { 312498, true },
+  { 312515, true },
+  { 312533, true },
+  { 312552, true },
+  { 312568, true },
+  { 312591, true },
+  { 312615, true },
+  { 312627, true },
+  { 312640, true },
+  { 312652, true },
+  { 312670, true },
+  { 312698, true },
+  { 312711, true },
+  { 312730, true },
+  { 312749, true },
+  { 312768, true },
+  { 312787, true },
+  { 312806, true },
+  { 312824, true },
+  { 312841, true },
+  { 312857, true },
+  { 312874, false },
+  { 312891, true },
+  { 312903, true },
+  { 312924, true },
+  { 312939, true },
+  { 312962, true },
+  { 312989, true },
+  { 313008, true },
+  { 313025, true },
+  { 313042, true },
+  { 313058, true },
+  { 313077, true },
+  { 313097, true },
+  { 313120, true },
+  { 313139, true },
+  { 313158, true },
+  { 313177, true },
+  { 313195, true },
+  { 313213, true },
+  { 313224, true },
+  { 313235, true },
+  { 313246, true },
+  { 313266, true },
+  { 313281, true },
+  { 313301, true },
+  { 313315, true },
+  { 313335, true },
+  { 313359, false },
+  { 313380, true },
+  { 313397, true },
+  { 313414, true },
+  { 313436, true },
+  { 313449, true },
+  { 313469, true },
+  { 313488, true },
+  { 313512, true },
+  { 313527, true },
+  { 313541, true },
+  { 313553, true },
+  { 313573, true },
+  { 313603, true },
+  { 313626, true },
+  { 313649, true },
+  { 313678, true },
+  { 313697, true },
+  { 313708, true },
+  { 313725, true },
+  { 313747, false },
+  { 313770, true },
+  { 313782, true },
+  { 313800, true },
+  { 313816, true },
+  { 313835, true },
+  { 313850, true },
+  { 313875, true },
+  { 313894, true },
+  { 313914, true },
+  { 313941, false },
+  { 313953, true },
+  { 313966, true },
+  { 313984, true },
+  { 314002, true },
+  { 314022, true },
+  { 314040, true },
+  { 314057, true },
+  { 314075, true },
+  { 314091, true },
+  { 314111, true },
+  { 314125, true },
+  { 314140, true },
+  { 314149, true },
+  { 314164, true },
+  { 314181, true },
+  { 314193, true },
+  { 314207, true },
+  { 314218, true },
+  { 314230, true },
+  { 314242, true },
+  { 314258, true },
+  { 314271, true },
+  { 314289, true },
+  { 314304, true },
+  { 314319, true },
+  { 314331, true },
+  { 314344, true },
+  { 314358, true },
+  { 314378, true },
+  { 314395, true },
+  { 314406, true },
+  { 314418, true },
+  { 314428, true },
+  { 314444, true },
+  { 314464, true },
+  { 314478, true },
+  { 314496, true },
+  { 314516, true },
+  { 314531, true },
+  { 314547, true },
+  { 314562, true },
+  { 314575, true },
+  { 314590, true },
+  { 314602, true },
+  { 314618, true },
+  { 314630, true },
+  { 314645, true },
+  { 314661, true },
+  { 314671, true },
+  { 314678, true },
+  { 314702, true },
+  { 314719, true },
+  { 314736, true },
+  { 314745, true },
+  { 314760, true },
+  { 314772, true },
+  { 314783, true },
+  { 314796, true },
+  { 314806, true },
+  { 314826, true },
+  { 314838, true },
+  { 314849, true },
+  { 314862, true },
+  { 314872, true },
+  { 314881, true },
+  { 314901, true },
+  { 314921, true },
+  { 314941, true },
+  { 314955, true },
+  { 314967, true },
+  { 314978, true },
+  { 314989, false },
+  { 315000, true },
+  { 315011, false },
+  { 315021, false },
+  { 315038, true },
+  { 315054, false },
+  { 315066, true },
+  { 315082, true },
+  { 315101, true },
+  { 315114, true },
+  { 315123, true },
+  { 315134, true },
+  { 315146, true },
+  { 315155, true },
+  { 315165, true },
+  { 315178, true },
+  { 315190, true },
+  { 315200, true },
+  { 315218, true },
+  { 315231, true },
+  { 315243, true },
+  { 315257, true },
+  { 315268, true },
+  { 315275, true },
+  { 315288, true },
+  { 315300, true },
+  { 315313, true },
+  { 315326, true },
+  { 315335, true },
+  { 315344, true },
+  { 315359, true },
+  { 315370, true },
+  { 315388, true },
+  { 315404, true },
+  { 315424, true },
+  { 315435, true },
+  { 315447, false },
+  { 315457, true },
+  { 315468, true },
+  { 315488, true },
+  { 315521, true },
+  { 315532, true },
+  { 315544, true },
+  { 315558, false },
+  { 315572, true },
+  { 315586, true },
+  { 315598, true },
+  { 315613, true },
+  { 315622, true },
+  { 315635, false },
+  { 315655, true },
+  { 315672, true },
+  { 315686, true },
+  { 315701, true },
+  { 315726, true },
+  { 315740, true },
+  { 315755, true },
+  { 315774, true },
+  { 315783, true },
+  { 315797, true },
+  { 315815, true },
+  { 315837, true },
+  { 315853, true },
+  { 315869, true },
+  { 315885, false },
+  { 315902, true },
+  { 315919, true },
+  { 315931, true },
+  { 315939, true },
+  { 315952, true },
+  { 315965, true },
+  { 315979, true },
+  { 315992, true },
+  { 316005, true },
+  { 316021, true },
+  { 316035, true },
+  { 316048, true },
+  { 316061, true },
+  { 316074, true },
+  { 316087, true },
+  { 316100, true },
+  { 316115, true },
+  { 316128, true },
+  { 316142, true },
+  { 316155, true },
+  { 316169, true },
+  { 316182, true },
+  { 316195, true },
+  { 316208, true },
+  { 316221, true },
+  { 316233, true },
+  { 316246, true },
+  { 316258, true },
+  { 316269, true },
+  { 316280, true },
+  { 316287, true },
+  { 316304, true },
+  { 316317, false },
+  { 316326, true },
+  { 316336, true },
+  { 316354, true },
+  { 316363, true },
+  { 316376, true },
+  { 316387, true },
+  { 316404, true },
+  { 316420, true },
+  { 316435, true },
+  { 316448, true },
+  { 316464, true },
+  { 316477, true },
+  { 316490, true },
+  { 316510, true },
+  { 316521, true },
+  { 316530, true },
+  { 316545, true },
+  { 316557, true },
+  { 316578, true },
+  { 316603, true },
+  { 316627, true },
+  { 316640, true },
+  { 316654, true },
+  { 316674, true },
+  { 316694, true },
+  { 316715, true },
+  { 316732, true },
+  { 316746, true },
+  { 316759, true },
+  { 316770, true },
+  { 316787, true },
+  { 316809, true },
+  { 316820, true },
+  { 316840, true },
+  { 316858, true },
+  { 316879, true },
+  { 316889, true },
+  { 316910, true },
+  { 316923, true },
+  { 316931, true },
+  { 316945, true },
+  { 316959, true },
+  { 316972, true },
+  { 316981, true },
+  { 316989, true },
+  { 317003, true },
+  { 317015, true },
+  { 317033, true },
+  { 317047, true },
+  { 317067, true },
+  { 317084, true },
+  { 317104, true },
+  { 317124, true },
+  { 317142, true },
+  { 317163, true },
+  { 317183, true },
+  { 317206, true },
+  { 317226, true },
+  { 317243, true },
+  { 317257, true },
+  { 317273, true },
+  { 317294, true },
+  { 317307, true },
+  { 317327, true },
+  { 317339, true },
+  { 317357, true },
+  { 317367, true },
+  { 317392, true },
+  { 317418, true },
+  { 317442, true },
+  { 317462, true },
+  { 317475, true },
+  { 317484, true },
+  { 317505, true },
+  { 317515, true },
+  { 317526, true },
+  { 317547, true },
+  { 317567, true },
+  { 317584, true },
+  { 317604, true },
+  { 317621, true },
+  { 317651, true },
+  { 317662, true },
+  { 317673, true },
+  { 317695, true },
+  { 317707, true },
+  { 317719, true },
+  { 317730, true },
+  { 317749, true },
+  { 317762, true },
+  { 317774, true },
+  { 317786, true },
+  { 317801, true },
+  { 317812, true },
+  { 317825, true },
+  { 317846, true },
+  { 317862, true },
+  { 317881, true },
+  { 317896, true },
+  { 317910, true },
+  { 317925, true },
+  { 317941, true },
+  { 317953, true },
+  { 317966, true },
+  { 317986, true },
+  { 318001, true },
+  { 318018, true },
+  { 318038, false },
+  { 318047, true },
+  { 318056, true },
+  { 318068, true },
+  { 318079, true },
+  { 318096, true },
+  { 318108, false },
+  { 318122, true },
+  { 318135, true },
+  { 318153, true },
+  { 318167, true },
+  { 318179, true },
+  { 318194, true },
+  { 318207, true },
+  { 318240, true },
+  { 318252, true },
+  { 318263, true },
+  { 318274, true },
+  { 318284, true },
+  { 318305, true },
+  { 318331, true },
+  { 318359, false },
+  { 318370, true },
+  { 318396, true },
+  { 318416, true },
+  { 318425, true },
+  { 318439, true },
+  { 318446, true },
+  { 318457, true },
+  { 318467, true },
+  { 318479, true },
+  { 318489, true },
+  { 318503, true },
+  { 318514, false },
+  { 318525, true },
+  { 318536, false },
+  { 318556, true },
+  { 318569, true },
+  { 318585, true },
+  { 318604, true },
+  { 318626, true },
+  { 318641, true },
+  { 318657, true },
+  { 318676, true },
+  { 318690, true },
+  { 318705, true },
+  { 318724, true },
+  { 318737, true },
+  { 318753, true },
+  { 318767, true },
+  { 318782, true },
+  { 318798, true },
+  { 318811, true },
+  { 318821, true },
+  { 318830, true },
+  { 318850, true },
+  { 318863, true },
+  { 318882, true },
+  { 318900, true },
+  { 318910, true },
+  { 318924, true },
+  { 318934, true },
+  { 318952, true },
+  { 318972, true },
+  { 319004, true },
+  { 319018, true },
+  { 319031, true },
+  { 319046, true },
+  { 319065, true },
+  { 319085, true },
+  { 319104, true },
+  { 319125, true },
+  { 319144, true },
+  { 319161, true },
+  { 319178, true },
+  { 319195, true },
+  { 319215, true },
+  { 319228, true },
+  { 319243, true },
+  { 319256, true },
+  { 319277, true },
+  { 319298, true },
+  { 319319, true },
+  { 319333, true },
+  { 319349, true },
+  { 319359, true },
+  { 319379, true },
+  { 319404, true },
+  { 319416, true },
+  { 319427, true },
+  { 319444, true },
+  { 319468, true },
+  { 319477, true },
+  { 319491, true },
+  { 319504, true },
+  { 319517, true },
+  { 319529, true },
+  { 319543, true },
+  { 319564, true },
+  { 319582, true },
+  { 319595, true },
+  { 319613, true },
+  { 319630, true },
+  { 319643, true },
+  { 319665, true },
+  { 319690, true },
+  { 319715, true },
+  { 319729, true },
+  { 319751, true },
+  { 319761, true },
+  { 319776, true },
+  { 319790, true },
+  { 319802, true },
+  { 319816, true },
+  { 319830, true },
+  { 319845, true },
+  { 319862, true },
+  { 319882, true },
+  { 319898, true },
+  { 319909, true },
+  { 319926, true },
+  { 319941, true },
+  { 319954, true },
+  { 319969, true },
+  { 319977, true },
+  { 319990, false },
+  { 320003, true },
+  { 320015, true },
+  { 320030, true },
+  { 320044, true },
+  { 320058, true },
+  { 320071, true },
+  { 320080, true },
+  { 320089, true },
+  { 320097, true },
+  { 320113, true },
+  { 320129, true },
+  { 320146, true },
+  { 320160, true },
+  { 320172, true },
+  { 320186, true },
+  { 320204, true },
+  { 320223, true },
+  { 320240, true },
+  { 320259, true },
+  { 320278, true },
+  { 320291, true },
+  { 320299, true },
+  { 320306, true },
+  { 320318, true },
+  { 320333, true },
+  { 320355, true },
+  { 320365, true },
+  { 320381, true },
+  { 320394, true },
+  { 320406, true },
+  { 320419, true },
+  { 320433, true },
+  { 320449, true },
+  { 320462, true },
+  { 320476, true },
+  { 320493, true },
+  { 320504, true },
+  { 320514, true },
+  { 320523, true },
+  { 320536, true },
+  { 320556, true },
+  { 320571, true },
+  { 320583, false },
+  { 320596, true },
+  { 320609, true },
+  { 320626, true },
+  { 320640, true },
+  { 320655, true },
+  { 320667, true },
+  { 320679, true },
+  { 320688, true },
+  { 320702, true },
+  { 320710, true },
+  { 320722, true },
+  { 320733, true },
+  { 320752, true },
+  { 320766, true },
+  { 320787, true },
+  { 320806, true },
+  { 320819, true },
+  { 320838, true },
+  { 320852, true },
+  { 320865, true },
+  { 320874, true },
+  { 320886, true },
+  { 320895, true },
+  { 320907, true },
+  { 320915, true },
+  { 320937, true },
+  { 320947, true },
+  { 320957, true },
+  { 320975, true },
+  { 320988, true },
+  { 320996, true },
+  { 321010, true },
+  { 321029, true },
+  { 321043, true },
+  { 321054, true },
+  { 321067, false },
+  { 321081, true },
+  { 321095, false },
+  { 321110, true },
+  { 321137, true },
+  { 321164, true },
+  { 321184, true },
+  { 321198, true },
+  { 321211, true },
+  { 321224, true },
+  { 321238, true },
+  { 321255, true },
+  { 321266, true },
+  { 321280, true },
+  { 321293, true },
+  { 321310, true },
+  { 321321, true },
+  { 321332, true },
+  { 321346, true },
+  { 321367, true },
+  { 321383, true },
+  { 321402, true },
+  { 321418, true },
+  { 321432, true },
+  { 321450, true },
+  { 321466, true },
+  { 321489, true },
+  { 321505, true },
+  { 321518, true },
+  { 321534, true },
+  { 321548, true },
+  { 321561, true },
+  { 321583, true },
+  { 321596, true },
+  { 321611, true },
+  { 321624, true },
+  { 321636, true },
+  { 321648, true },
+  { 321661, true },
+  { 321675, true },
+  { 321693, true },
+  { 321710, true },
+  { 321729, true },
+  { 321742, true },
+  { 321755, true },
+  { 321771, true },
+  { 321787, true },
+  { 321802, true },
+  { 321818, true },
+  { 321833, true },
+  { 321849, true },
+  { 321864, true },
+  { 321879, true },
+  { 321895, true },
+  { 321910, true },
+  { 321925, true },
+  { 321942, true },
+  { 321952, true },
+  { 321966, true },
+  { 321976, true },
+  { 321989, true },
+  { 322000, true },
+  { 322013, true },
+  { 322029, true },
+  { 322039, true },
+  { 322060, true },
+  { 322071, true },
+  { 322084, true },
+  { 322096, true },
+  { 322108, true },
+  { 322129, true },
+  { 322148, true },
+  { 322167, true },
+  { 322175, false },
+  { 322194, true },
+  { 322211, true },
+  { 322224, true },
+  { 322239, true },
+  { 322253, true },
+  { 322266, true },
+  { 322282, true },
+  { 322296, true },
+  { 322311, true },
+  { 322327, true },
+  { 322342, true },
+  { 322356, true },
+  { 322366, true },
+  { 322378, true },
+  { 322390, true },
+  { 322400, true },
+  { 322416, true },
+  { 322429, true },
+  { 322448, true },
+  { 322463, true },
+  { 322484, true },
+  { 322503, true },
+  { 322516, true },
+  { 322539, true },
+  { 322549, true },
+  { 322565, false },
+  { 322574, false },
+  { 322594, false },
+  { 322602, true },
+  { 322609, true },
+  { 322617, true },
+  { 322637, true },
+  { 322649, false },
+  { 322669, true },
+  { 322689, true },
+  { 322708, true },
+  { 322722, true },
+  { 322735, true },
+  { 322753, false },
+  { 322765, true },
+  { 322777, false },
+  { 322789, true },
+  { 322803, true },
+  { 322820, true },
+  { 322834, true },
+  { 322845, true },
+  { 322864, true },
+  { 322881, true },
+  { 322897, true },
+  { 322922, true },
+  { 322936, true },
+  { 322953, true },
+  { 322969, false },
+  { 322988, true },
+  { 323004, true },
+  { 323021, true },
+  { 323040, true },
+  { 323058, true },
+  { 323075, true },
+  { 323101, true },
+  { 323112, true },
+  { 323124, true },
+  { 323136, true },
+  { 323160, true },
+  { 323180, true },
+  { 323199, true },
+  { 323211, true },
+  { 323234, true },
+  { 323260, true },
+  { 323274, true },
+  { 323291, true },
+  { 323307, true },
+  { 323324, true },
+  { 323339, true },
+  { 323353, true },
+  { 323370, true },
+  { 323390, true },
+  { 323403, true },
+  { 323417, true },
+  { 323442, true },
+  { 323460, true },
+  { 323477, true },
+  { 323491, true },
+  { 323504, true },
+  { 323525, true },
+  { 323545, true },
+  { 323559, true },
+  { 323569, true },
+  { 323585, true },
+  { 323598, true },
+  { 323620, true },
+  { 323642, true },
+  { 323664, true },
+  { 323679, true },
+  { 323708, true },
+  { 323719, true },
+  { 323731, true },
+  { 323747, true },
+  { 323761, true },
+  { 323780, true },
+  { 323794, false },
+  { 323816, true },
+  { 323834, true },
+  { 323862, true },
+  { 323877, true },
+  { 323899, true },
+  { 323923, true },
+  { 323932, true },
+  { 323947, true },
+  { 323981, true },
+  { 324002, true },
+  { 324023, true },
+  { 324031, true },
+  { 324043, true },
+  { 324063, true },
+  { 324079, true },
+  { 324097, true },
+  { 324107, true },
+  { 324120, true },
+  { 324129, true },
+  { 324142, true },
+  { 324151, false },
+  { 324162, true },
+  { 324173, true },
+  { 324192, true },
+  { 324210, true },
+  { 324222, true },
+  { 324230, true },
+  { 324241, true },
+  { 324252, true },
+  { 324261, true },
+  { 324275, false },
+  { 324289, true },
+  { 324305, true },
+  { 324323, true },
+  { 324340, true },
+  { 324358, true },
+  { 324383, true },
+  { 324404, true },
+  { 324421, true },
+  { 324432, false },
+  { 324444, true },
+  { 324455, false },
+  { 324471, true },
+  { 324495, true },
+  { 324505, true },
+  { 324517, true },
+  { 324532, true },
+  { 324559, true },
+  { 324571, true },
+  { 324581, true },
+  { 324592, true },
+  { 324607, true },
+  { 324619, true },
+  { 324647, true },
+  { 324672, true },
+  { 324686, true },
+  { 324705, true },
+  { 324715, true },
+  { 324760, true },
+  { 324805, true },
+  { 324813, true },
+  { 324822, true },
+  { 324834, true },
+  { 324848, true },
+  { 324857, true },
+  { 324873, true },
+  { 324885, true },
+  { 324897, true },
+  { 324922, true },
+  { 324939, true },
+  { 324956, true },
+  { 324971, true },
+  { 324983, true },
+  { 324995, true },
+  { 325008, true },
+  { 325021, true },
+  { 325029, true },
+  { 325047, true },
+  { 325064, true },
+  { 325086, true },
+  { 325102, true },
+  { 325121, true },
+  { 325130, false },
+  { 325138, true },
+  { 325146, true },
+  { 325171, false },
+  { 325185, true },
+  { 325202, true },
+  { 325223, true },
+  { 325240, true },
+  { 325259, true },
+  { 325272, true },
+  { 325286, true },
+  { 325299, true },
+  { 325312, true },
+  { 325324, true },
+  { 325339, true },
+  { 325352, true },
+  { 325364, true },
+  { 325376, true },
+  { 325388, true },
+  { 325401, true },
+  { 325409, true },
+  { 325423, true },
+  { 325438, true },
+  { 325451, true },
+  { 325467, true },
+  { 325480, true },
+  { 325501, true },
+  { 325522, true },
+  { 325541, true },
+  { 325553, true },
+  { 325563, true },
+  { 325588, true },
+  { 325597, true },
+  { 325612, true },
+  { 325625, true },
+  { 325638, true },
+  { 325652, true },
+  { 325682, true },
+  { 325694, true },
+  { 325709, true },
+  { 325717, true },
+  { 325729, true },
+  { 325749, true },
+  { 325765, true },
+  { 325782, false },
+  { 325800, true },
+  { 325817, true },
+  { 325834, true },
+  { 325846, false },
+  { 325855, true },
+  { 325872, true },
+  { 325890, true },
+  { 325909, true },
+  { 325926, false },
+  { 325939, true },
+  { 325955, true },
+  { 325970, true },
+  { 325985, true },
+  { 326001, true },
+  { 326015, true },
+  { 326029, true },
+  { 326043, true },
+  { 326055, true },
+  { 326069, true },
+  { 326082, true },
+  { 326104, true },
+  { 326119, true },
+  { 326134, true },
+  { 326149, true },
+  { 326164, true },
+  { 326185, false },
+  { 326196, true },
+  { 326205, true },
+  { 326220, true },
+  { 326238, true },
+  { 326259, true },
+  { 326272, true },
+  { 326284, true },
+  { 326302, true },
+  { 326319, true },
+  { 326328, true },
+  { 326340, true },
+  { 326359, true },
+  { 326373, true },
+  { 326381, true },
+  { 326394, true },
+  { 326414, true },
+  { 326426, true },
+  { 326437, true },
+  { 326447, true },
+  { 326460, false },
+  { 326484, true },
+  { 326492, true },
+  { 326510, true },
+  { 326522, true },
+  { 326551, true },
+  { 326571, true },
+  { 326582, true },
+  { 326593, true },
+  { 326604, true },
+  { 326615, true },
+  { 326626, true },
+  { 326638, true },
+  { 326652, true },
+  { 326663, true },
+  { 326679, true },
+  { 326701, true },
+  { 326719, true },
+  { 326730, true },
+  { 326738, true },
+  { 326750, true },
+  { 326762, true },
+  { 326776, true },
+  { 326788, true },
+  { 326801, true },
+  { 326815, true },
+  { 326827, false },
+  { 326852, true },
+  { 326865, true },
+  { 326877, true },
+  { 326889, true },
+  { 326905, true },
+  { 326916, true },
+  { 326927, true },
+  { 326942, true },
+  { 326964, true },
+  { 326983, true },
+  { 327002, true },
+  { 327020, true },
+  { 327037, true },
+  { 327054, true },
+  { 327078, true },
+  { 327092, true },
+  { 327118, true },
+  { 327133, true },
+  { 327153, true },
+  { 327169, true },
+  { 327188, true },
+  { 327210, true },
+  { 327240, true },
+  { 327256, true },
+  { 327276, true },
+  { 327288, true },
+  { 327300, true },
+  { 327323, true },
+  { 327337, true },
+  { 327363, true },
+  { 327381, true },
+  { 327398, true },
+  { 327412, true },
+  { 327428, true },
+  { 327458, true },
+  { 327470, true },
+  { 327489, true },
+  { 327508, true },
+  { 327520, true },
+  { 327528, true },
+  { 327539, true },
+  { 327549, true },
+  { 327560, true },
+  { 327572, true },
+  { 327586, true },
+  { 327599, true },
+  { 327619, true },
+  { 327631, true },
+  { 327649, true },
+  { 327667, true },
+  { 327685, true },
+  { 327697, false },
+  { 327707, true },
+  { 327719, true },
+  { 327733, true },
+  { 327760, true },
+  { 327775, true },
+  { 327793, true },
+  { 327802, true },
+  { 327816, true },
+  { 327829, true },
+  { 327841, false },
+  { 327858, true },
+  { 327872, true },
+  { 327883, true },
+  { 327904, true },
+  { 327914, true },
+  { 327923, true },
+  { 327934, true },
+  { 327947, true },
+  { 327968, true },
+  { 327988, true },
+  { 328010, true },
+  { 328035, true },
+  { 328051, true },
+  { 328066, true },
+  { 328075, true },
+  { 328090, true },
+  { 328110, true },
+  { 328122, true },
+  { 328137, true },
+  { 328149, true },
+  { 328164, true },
+  { 328181, true },
+  { 328195, true },
+  { 328218, true },
+  { 328236, true },
+  { 328246, true },
+  { 328268, true },
+  { 328285, true },
+  { 328302, true },
+  { 328321, false },
+  { 328338, true },
+  { 328352, true },
+  { 328377, true },
+  { 328419, true },
+  { 328439, true },
+  { 328459, true },
+  { 328484, true },
+  { 328504, true },
+  { 328529, true },
+  { 328546, true },
+  { 328563, true },
+  { 328579, true },
+  { 328589, true },
+  { 328601, true },
+  { 328614, true },
+  { 328625, true },
+  { 328636, true },
+  { 328651, true },
+  { 328658, false },
+  { 328678, true },
+  { 328688, true },
+  { 328702, true },
+  { 328710, true },
+  { 328730, true },
+  { 328750, true },
+  { 328761, true },
+  { 328770, true },
+  { 328794, true },
+  { 328814, true },
+  { 328829, true },
+  { 328850, true },
+  { 328870, true },
+  { 328884, true },
+  { 328903, true },
+  { 328914, true },
+  { 328932, true },
+  { 328943, true },
+  { 328963, true },
+  { 328988, true },
+  { 329006, true },
+  { 329028, true },
+  { 329040, true },
+  { 329057, true },
+  { 329065, true },
+  { 329087, true },
+  { 329103, true },
+  { 329116, true },
+  { 329138, true },
+  { 329149, true },
+  { 329160, true },
+  { 329174, true },
+  { 329184, true },
+  { 329205, true },
+  { 329215, true },
+  { 329232, true },
+  { 329248, true },
+  { 329263, true },
+  { 329275, true },
+  { 329292, true },
+  { 329318, true },
+  { 329331, true },
+  { 329343, true },
+  { 329354, true },
+  { 329365, true },
+  { 329376, true },
+  { 329387, true },
+  { 329398, true },
+  { 329409, true },
+  { 329420, true },
+  { 329439, true },
+  { 329466, true },
+  { 329483, true },
+  { 329500, true },
+  { 329529, true },
+  { 329546, true },
+  { 329566, false },
+  { 329584, true },
+  { 329612, true },
+  { 329623, true },
+  { 329641, true },
+  { 329657, true },
+  { 329673, true },
+  { 329696, true },
+  { 329720, true },
+  { 329740, false },
+  { 329759, true },
+  { 329771, true },
+  { 329791, true },
+  { 329811, true },
+  { 329825, true },
+  { 329849, true },
+  { 329862, true },
+  { 329875, true },
+  { 329891, true },
+  { 329906, true },
+  { 329917, true },
+  { 329934, true },
+  { 329948, true },
+  { 329966, true },
+  { 329989, true },
+  { 330014, true },
+  { 330034, true },
+  { 330062, true },
+  { 330087, true },
+  { 330110, true },
+  { 330128, true },
+  { 330150, true },
+  { 330167, true },
+  { 330186, true },
+  { 330196, true },
+  { 330217, true },
+  { 330227, true },
+  { 330246, true },
+  { 330258, true },
+  { 330271, true },
+  { 330283, true },
+  { 330298, true },
+  { 330314, true },
+  { 330336, true },
+  { 330356, true },
+  { 330375, true },
+  { 330384, true },
+  { 330404, true },
+  { 330419, true },
+  { 330432, true },
+  { 330445, true },
+  { 330466, true },
+  { 330483, true },
+  { 330512, true },
+  { 330529, true },
+  { 330548, true },
+  { 330569, true },
+  { 330595, true },
+  { 330614, true },
+  { 330635, true },
+  { 330656, true },
+  { 330677, true },
+  { 330697, true },
+  { 330709, true },
+  { 330723, true },
+  { 330735, true },
+  { 330755, true },
+  { 330773, true },
+  { 330792, true },
+  { 330802, true },
+  { 330815, true },
+  { 330828, true },
+  { 330840, true },
+  { 330863, true },
+  { 330884, true },
+  { 330919, true },
+  { 330930, true },
+  { 330951, true },
+  { 330959, true },
+  { 330968, true },
+  { 330991, true },
+  { 331007, true },
+  { 331019, true },
+  { 331037, true },
+  { 331066, true },
+  { 331091, true },
+  { 331105, true },
+  { 331122, true },
+  { 331137, true },
+  { 331152, true },
+  { 331167, true },
+  { 331188, true },
+  { 331200, true },
+  { 331216, true },
+  { 331232, true },
+  { 331248, true },
+  { 331265, true },
+  { 331281, true },
+  { 331303, true },
+  { 331324, true },
+  { 331352, false },
+  { 331369, false },
+  { 331387, true },
+  { 331404, true },
+  { 331418, true },
+  { 331428, true },
+  { 331442, true },
+  { 331451, true },
+  { 331465, true },
+  { 331476, true },
+  { 331489, true },
+  { 331499, true },
+  { 331511, true },
+  { 331523, true },
+  { 331535, true },
+  { 331547, true },
+  { 331559, true },
+  { 331572, true },
+  { 331594, true },
+  { 331605, true },
+  { 331617, true },
+  { 331628, true },
+  { 331638, true },
+  { 331649, true },
+  { 331663, true },
+  { 331674, true },
+  { 331696, true },
+  { 331711, true },
+  { 331726, true },
+  { 331738, true },
+  { 331762, true },
+  { 331776, true },
+  { 331788, true },
+  { 331801, true },
+  { 331815, true },
+  { 331829, true },
+  { 331846, true },
+  { 331866, true },
+  { 331883, true },
+  { 331912, true },
+  { 331927, true },
+  { 331943, true },
+  { 331957, true },
+  { 331974, false },
+  { 331990, true },
+  { 332016, true },
+  { 332042, true },
+  { 332050, true },
+  { 332065, true },
+  { 332092, true },
+  { 332106, true },
+  { 332118, true },
+  { 332129, true },
+  { 332149, true },
+  { 332162, true },
+  { 332188, true },
+  { 332202, true },
+  { 332211, true },
+  { 332223, true },
+  { 332234, true },
+  { 332243, true },
+  { 332262, true },
+  { 332280, true },
+  { 332294, true },
+  { 332313, true },
+  { 332342, true },
+  { 332354, true },
+  { 332373, true },
+  { 332389, true },
+  { 332406, true },
+  { 332430, true },
+  { 332445, true },
+  { 332457, true },
+  { 332475, true },
+  { 332494, true },
+  { 332512, true },
+  { 332527, false },
+  { 332543, false },
+  { 332561, true },
+  { 332581, true },
+  { 332600, true },
+  { 332617, true },
+  { 332638, true },
+  { 332653, true },
+  { 332679, true },
+  { 332705, true },
+  { 332718, true },
+  { 332734, true },
+  { 332753, true },
+  { 332773, true },
+  { 332784, true },
+  { 332792, true },
+  { 332819, true },
+  { 332838, true },
+  { 332857, true },
+  { 332871, true },
+  { 332889, true },
+  { 332904, true },
+  { 332916, true },
+  { 332929, true },
+  { 332944, true },
+  { 332958, true },
+  { 332974, true },
+  { 332992, false },
+  { 333011, true },
+  { 333033, true },
+  { 333044, true },
+  { 333058, true },
+  { 333067, true },
+  { 333078, true },
+  { 333096, true },
+  { 333113, true },
+  { 333134, true },
+  { 333148, true },
+  { 333164, true },
+  { 333181, true },
+  { 333203, true },
+  { 333220, true },
+  { 333235, true },
+  { 333253, true },
+  { 333267, true },
+  { 333286, true },
+  { 333295, true },
+  { 333310, true },
+  { 333334, true },
+  { 333349, true },
+  { 333366, true },
+  { 333388, true },
+  { 333401, true },
+  { 333411, true },
+  { 333426, true },
+  { 333446, true },
+  { 333454, true },
+  { 333472, true },
+  { 333500, true },
+  { 333522, true },
+  { 333537, true },
+  { 333552, true },
+  { 333566, true },
+  { 333584, true },
+  { 333601, true },
+  { 333617, true },
+  { 333631, true },
+  { 333646, true },
+  { 333660, true },
+  { 333677, false },
+  { 333690, false },
+  { 333700, false },
+  { 333713, false },
+  { 333728, true },
+  { 333741, false },
+  { 333753, true },
+  { 333779, true },
+  { 333797, true },
+  { 333814, true },
+  { 333831, true },
+  { 333854, true },
+  { 333867, true },
+  { 333879, true },
+  { 333896, true },
+  { 333908, true },
+  { 333920, true },
+  { 333932, true },
+  { 333950, true },
+  { 333962, true },
+  { 333978, true },
+  { 333990, true },
+  { 334003, true },
+  { 334015, true },
+  { 334030, true },
+  { 334046, true },
+  { 334062, true },
+  { 334081, true },
+  { 334094, true },
+  { 334104, true },
+  { 334116, true },
+  { 334126, true },
+  { 334139, true },
+  { 334154, true },
+  { 334166, true },
+  { 334177, true },
+  { 334195, true },
+  { 334205, true },
+  { 334213, true },
+  { 334221, true },
+  { 334231, true },
+  { 334239, true },
+  { 334249, true },
+  { 334258, true },
+  { 334270, true },
+  { 334282, true },
+  { 334296, true },
+  { 334304, true },
+  { 334317, true },
+  { 334328, true },
+  { 334337, true },
+  { 334351, true },
+  { 334372, true },
+  { 334402, true },
+  { 334429, true },
+  { 334447, true },
+  { 334458, true },
+  { 334469, true },
+  { 334478, true },
+  { 334491, true },
+  { 334499, true },
+  { 334514, true },
+  { 334521, true },
+  { 334539, true },
+  { 334552, true },
+  { 334560, true },
+  { 334570, true },
+  { 334579, true },
+  { 334595, true },
+  { 334612, true },
+  { 334637, true },
+  { 334698, true },
+  { 334720, true },
+  { 334737, true },
+  { 334750, true },
+  { 334767, true },
+  { 334788, true },
+  { 334799, true },
+  { 334807, true },
+  { 334817, true },
+  { 334827, true },
+  { 334838, true },
+  { 334854, true },
+  { 334867, true },
+  { 334875, true },
+  { 334887, true },
+  { 334895, true },
+  { 334912, true },
+  { 334928, false },
+  { 334935, true },
+  { 334949, true },
+  { 334959, true },
+  { 334967, true },
+  { 334977, true },
+  { 334991, true },
+  { 334999, true },
+  { 335013, true },
+  { 335021, true },
+  { 335033, true },
+  { 335045, true },
+  { 335065, true },
+  { 335084, true },
+  { 335101, true },
+  { 335133, true },
+  { 335153, true },
+  { 335176, true },
+  { 335188, true },
+  { 335205, true },
+  { 335218, true },
+  { 335233, true },
+  { 335244, true },
+  { 335259, true },
+  { 335270, true },
+  { 335280, true },
+  { 335291, true },
+  { 335304, true },
+  { 335313, true },
+  { 335325, true },
+  { 335341, true },
+  { 335353, true },
+  { 335374, true },
+  { 335393, true },
+  { 335409, true },
+  { 335428, true },
+  { 335441, true },
+  { 335456, true },
+  { 335470, true },
+  { 335482, true },
+  { 335495, true },
+  { 335507, true },
+  { 335517, true },
+  { 335539, true },
+  { 335555, true },
+  { 335576, true },
+  { 335589, true },
+  { 335607, true },
+  { 335627, true },
+  { 335641, true },
+  { 335658, true },
+  { 335670, true },
+  { 335684, true },
+  { 335699, true },
+  { 335717, true },
+  { 335728, true },
+  { 335740, true },
+  { 335759, true },
+  { 335779, true },
+  { 335796, true },
+  { 335820, true },
+  { 335841, true },
+  { 335856, true },
+  { 335879, true },
+  { 335887, true },
+  { 335894, true },
+  { 335907, true },
+  { 335917, false },
+  { 335937, true },
+  { 335948, true },
+  { 335972, true },
+  { 335986, true },
+  { 335994, true },
+  { 336002, true },
+  { 336017, true },
+  { 336032, true },
+  { 336052, false },
+  { 336067, true },
+  { 336081, true },
+  { 336093, true },
+  { 336107, true },
+  { 336119, true },
+  { 336130, true },
+  { 336143, true },
+  { 336154, true },
+  { 336164, true },
+  { 336174, true },
+  { 336184, true },
+  { 336191, true },
+  { 336202, false },
+  { 336222, true },
+  { 336235, true },
+  { 336247, true },
+  { 336261, true },
+  { 336269, true },
+  { 336277, true },
+  { 336286, true },
+  { 336302, true },
+  { 336321, true },
+  { 336333, true },
+  { 336350, false },
+  { 336361, true },
+  { 336373, true },
+  { 336383, true },
+  { 336392, true },
+  { 336416, true },
+  { 336441, true },
+  { 336462, true },
+  { 336478, false },
+  { 336494, true },
+  { 336506, true },
+  { 336518, true },
+  { 336531, true },
+  { 336539, true },
+  { 336547, false },
+  { 336567, false },
+  { 336586, true },
+  { 336605, false },
+  { 336625, true },
+  { 336635, true },
+  { 336655, false },
+  { 336675, false },
+  { 336694, false },
+  { 336713, true },
+  { 336732, false },
+  { 336743, true },
+  { 336760, true },
+  { 336770, true },
+  { 336782, true },
+  { 336791, true },
+  { 336804, true },
+  { 336826, true },
+  { 336841, true },
+  { 336849, true },
+  { 336861, true },
+  { 336871, true },
+  { 336883, false },
+  { 336894, true },
+  { 336905, true },
+  { 336917, true },
+  { 336935, false },
+  { 336943, true },
+  { 336956, true },
+  { 336964, true },
+  { 336973, true },
+  { 336982, true },
+  { 336997, true },
+  { 337020, true },
+  { 337033, false },
+  { 337044, true },
+  { 337066, true },
+  { 337080, true },
+  { 337092, true },
+  { 337101, true },
+  { 337113, true },
+  { 337121, false },
+  { 337132, true },
+  { 337148, true },
+  { 337157, true },
+  { 337164, true },
+  { 337172, true },
+  { 337183, true },
+  { 337197, true },
+  { 337209, true },
+  { 337221, true },
+  { 337230, true },
+  { 337239, true },
+  { 337265, true },
+  { 337277, true },
+  { 337288, false },
+  { 337299, false },
+  { 337312, true },
+  { 337342, true },
+  { 337358, true },
+  { 337384, true },
+  { 337407, false },
+  { 337427, true },
+  { 337453, true },
+  { 337467, true },
+  { 337480, true },
+  { 337491, true },
+  { 337505, true },
+  { 337524, true },
+  { 337546, true },
+  { 337559, true },
+  { 337578, true },
+  { 337593, true },
+  { 337608, true },
+  { 337619, true },
+  { 337641, true },
+  { 337657, true },
+  { 337681, true },
+  { 337699, true },
+  { 337717, true },
+  { 337730, true },
+  { 337743, true },
+  { 337754, true },
+  { 337770, true },
+  { 337796, true },
+  { 337808, true },
+  { 337823, false },
+  { 337839, true },
+  { 337859, true },
+  { 337879, true },
+  { 337899, true },
+  { 337914, true },
+  { 337931, true },
+  { 337940, true },
+  { 337968, true },
+  { 337986, true },
+  { 337999, true },
+  { 338017, true },
+  { 338032, true },
+  { 338053, true },
+  { 338061, true },
+  { 338082, true },
+  { 338097, true },
+  { 338112, true },
+  { 338127, true },
+  { 338142, true },
+  { 338156, true },
+  { 338169, true },
+  { 338183, true },
+  { 338192, true },
+  { 338207, true },
+  { 338216, false },
+  { 338224, true },
+  { 338238, true },
+  { 338249, true },
+  { 338259, true },
+  { 338268, true },
+  { 338281, true },
+  { 338288, true },
+  { 338299, true },
+  { 338308, true },
+  { 338318, true },
+  { 338327, true },
+  { 338337, true },
+  { 338349, true },
+  { 338359, true },
+  { 338371, true },
+  { 338383, true },
+  { 338396, true },
+  { 338403, true },
+  { 338414, true },
+  { 338423, true },
+  { 338440, true },
+  { 338447, true },
+  { 338458, true },
+  { 338469, true },
+  { 338480, true },
+  { 338494, true },
+  { 338501, true },
+  { 338512, true },
+  { 338519, true },
+  { 338527, true },
+  { 338545, true },
+  { 338554, true },
+  { 338566, true },
+  { 338574, false },
+  { 338587, true },
+  { 338604, true },
+  { 338621, true },
+  { 338633, true },
+  { 338653, true },
+  { 338673, true },
+  { 338689, true },
+  { 338708, true },
+  { 338731, true },
+  { 338750, true },
+  { 338764, true },
+  { 338781, true },
+  { 338808, true },
+  { 338824, true },
+  { 338835, true },
+  { 338849, true },
+  { 338862, true },
+  { 338884, true },
+  { 338894, true },
+  { 338917, true },
+  { 338930, true },
+  { 338939, true },
+  { 338952, true },
+  { 338963, true },
+  { 338978, true },
+  { 339001, true },
+  { 339035, true },
+  { 339047, true },
+  { 339067, true },
+  { 339085, true },
+  { 339096, true },
+  { 339112, true },
+  { 339122, true },
+  { 339138, true },
+  { 339148, true },
+  { 339162, true },
+  { 339182, true },
+  { 339198, true },
+  { 339220, true },
+  { 339233, true },
+  { 339249, true },
+  { 339278, true },
+  { 339305, true },
+  { 339319, true },
+  { 339329, true },
+  { 339337, true },
+  { 339347, true },
+  { 339370, true },
+  { 339380, true },
+  { 339398, true },
+  { 339415, true },
+  { 339424, true },
+  { 339434, true },
+  { 339447, true },
+  { 339466, true },
+  { 339479, true },
+  { 339501, true },
+  { 339512, true },
+  { 339527, true },
+  { 339538, true },
+  { 339561, true },
+  { 339576, true },
+  { 339601, true },
+  { 339621, true },
+  { 339641, true },
+  { 339664, true },
+  { 339678, true },
+  { 339691, true },
+  { 339702, true },
+  { 339720, true },
+  { 339737, true },
+  { 339747, true },
+  { 339768, true },
+  { 339793, true },
+  { 339807, true },
+  { 339825, true },
+  { 339843, true },
+  { 339858, true },
+  { 339872, true },
+  { 339886, true },
+  { 339903, true },
+  { 339921, true },
+  { 339934, true },
+  { 339947, true },
+  { 339964, true },
+  { 339975, true },
+  { 339993, true },
+  { 340003, true },
+  { 340010, true },
+  { 340022, true },
+  { 340032, true },
+  { 340048, true },
+  { 340061, true },
+  { 340071, true },
+  { 340084, true },
+  { 340101, true },
+  { 340111, true },
+  { 340132, true },
+  { 340152, false },
+  { 340165, true },
+  { 340188, true },
+  { 340209, true },
+  { 340231, true },
+  { 340251, true },
+  { 340260, true },
+  { 340271, true },
+  { 340287, true },
+  { 340301, true },
+  { 340314, true },
+  { 340325, true },
+  { 340336, true },
+  { 340350, true },
+  { 340363, true },
+  { 340374, true },
+  { 340392, true },
+  { 340404, true },
+  { 340414, true },
+  { 340428, true },
+  { 340443, true },
+  { 340460, true },
+  { 340474, true },
+  { 340487, true },
+  { 340502, true },
+  { 340524, true },
+  { 340545, true },
+  { 340575, true },
+  { 340585, true },
+  { 340596, true },
+  { 340609, true },
+  { 340633, true },
+  { 340646, true },
+  { 340655, true },
+  { 340664, true },
+  { 340679, true },
+  { 340699, true },
+  { 340711, true },
+  { 340724, true },
+  { 340745, true },
+  { 340761, true },
+  { 340777, true },
+  { 340790, true },
+  { 340804, false },
+  { 340821, true },
+  { 340832, true },
+  { 340847, true },
+  { 340859, true },
+  { 340869, true },
+  { 340882, true },
+  { 340896, true },
+  { 340914, true },
+  { 340927, true },
+  { 340937, true },
+  { 340948, true },
+  { 340958, true },
+  { 340968, true },
+  { 340980, true },
+  { 340993, true },
+  { 341005, true },
+  { 341024, true },
+  { 341039, true },
+  { 341048, true },
+  { 341059, true },
+  { 341076, true },
+  { 341088, true },
+  { 341100, true },
+  { 341113, true },
+  { 341125, true },
+  { 341136, true },
+  { 341151, true },
+  { 341167, true },
+  { 341177, true },
+  { 341187, true },
+  { 341204, true },
+  { 341218, true },
+  { 341233, true },
+  { 341245, true },
+  { 341256, true },
+  { 341263, true },
+  { 341270, true },
+  { 341286, true },
+  { 341297, true },
+  { 341307, true },
+  { 341319, true },
+  { 341332, true },
+  { 341348, true },
+  { 341365, true },
+  { 341372, true },
+  { 341381, false },
+  { 341388, true },
+  { 341396, true },
+  { 341408, true },
+  { 341423, true },
+  { 341436, true },
+  { 341453, true },
+  { 341466, true },
+  { 341481, true },
+  { 341489, true },
+  { 341502, true },
+  { 341526, true },
+  { 341545, true },
+  { 341556, true },
+  { 341568, false },
+  { 341582, true },
+  { 341595, true },
+  { 341609, true },
+  { 341625, true },
+  { 341640, true },
+  { 341658, true },
+  { 341672, true },
+  { 341691, true },
+  { 341702, true },
+  { 341718, true },
+  { 341742, true },
+  { 341766, true },
+  { 341787, false },
+  { 341806, true },
+  { 341825, true },
+  { 341839, true },
+  { 341854, true },
+  { 341867, false },
+  { 341882, true },
+  { 341899, true },
+  { 341918, true },
+  { 341929, true },
+  { 341951, true },
+  { 341961, true },
+  { 341971, true },
+  { 341987, true },
+  { 342008, true },
+  { 342025, true },
+  { 342036, true },
+  { 342046, true },
+  { 342056, true },
+  { 342067, true },
+  { 342083, true },
+  { 342099, true },
+  { 342123, true },
+  { 342138, true },
+  { 342152, true },
+  { 342161, true },
+  { 342171, true },
+  { 342186, true },
+  { 342201, true },
+  { 342211, true },
+  { 342224, true },
+  { 342239, true },
+  { 342255, true },
+  { 342271, true },
+  { 342290, true },
+  { 342300, true },
+  { 342321, true },
+  { 342343, true },
+  { 342362, false },
+  { 342373, true },
+  { 342398, true },
+  { 342424, true },
+  { 342435, true },
+  { 342452, true },
+  { 342467, true },
+  { 342487, true },
+  { 342514, true },
+  { 342541, true },
+  { 342572, true },
+  { 342598, true },
+  { 342622, true },
+  { 342638, true },
+  { 342652, true },
+  { 342662, true },
+  { 342677, true },
+  { 342689, true },
+  { 342709, true },
+  { 342724, true },
+  { 342743, false },
+  { 342760, true },
+  { 342781, true },
+  { 342796, true },
+  { 342812, true },
+  { 342827, true },
+  { 342857, true },
+  { 342885, true },
+  { 342905, true },
+  { 342923, true },
+  { 342935, true },
+  { 342958, true },
+  { 342973, true },
+  { 342989, true },
+  { 342997, true },
+  { 343020, true },
+  { 343032, true },
+  { 343045, true },
+  { 343057, true },
+  { 343070, true },
+  { 343078, true },
+  { 343090, true },
+  { 343102, true },
+  { 343114, true },
+  { 343127, true },
+  { 343143, true },
+  { 343155, true },
+  { 343167, true },
+  { 343179, true },
+  { 343191, true },
+  { 343203, true },
+  { 343215, true },
+  { 343227, true },
+  { 343239, true },
+  { 343265, true },
+  { 343283, true },
+  { 343300, true },
+  { 343313, true },
+  { 343341, true },
+  { 343364, true },
+  { 343386, true },
+  { 343403, true },
+  { 343415, true },
+  { 343424, true },
+  { 343451, true },
+  { 343482, true },
+  { 343493, true },
+  { 343503, true },
+  { 343515, true },
+  { 343527, true },
+  { 343542, true },
+  { 343553, true },
+  { 343573, true },
+  { 343588, true },
+  { 343599, true },
+  { 343616, true },
+  { 343628, true },
+  { 343641, true },
+  { 343669, true },
+  { 343689, true },
+  { 343709, true },
+  { 343722, true },
+  { 343736, true },
+  { 343758, true },
+  { 343771, true },
+  { 343788, true },
+  { 343805, true },
+  { 343817, true },
+  { 343833, true },
+  { 343847, true },
+  { 343858, true },
+  { 343868, true },
+  { 343878, true },
+  { 343890, true },
+  { 343901, true },
+  { 343912, true },
+  { 343923, true },
+  { 343934, true },
+  { 343948, true },
+  { 343964, true },
+  { 343982, true },
+  { 343996, true },
+  { 344017, true },
+  { 344039, true },
+  { 344059, true },
+  { 344076, true },
+  { 344087, true },
+  { 344098, true },
+  { 344108, true },
+  { 344127, true },
+  { 344154, true },
+  { 344175, true },
+  { 344195, true },
+  { 344213, true },
+  { 344228, false },
+  { 344239, true },
+  { 344250, true },
+  { 344274, true },
+  { 344291, true },
+  { 344331, true },
+  { 344353, true },
+  { 344369, false },
+  { 344386, true },
+  { 344402, true },
+  { 344425, true },
+  { 344438, true },
+  { 344448, true },
+  { 344459, true },
+  { 344470, true },
+  { 344488, true },
+  { 344499, true },
+  { 344510, true },
+  { 344526, true },
+  { 344540, true },
+  { 344561, true },
+  { 344582, true },
+  { 344600, true },
+  { 344618, true },
+  { 344625, true },
+  { 344646, true },
+  { 344664, true },
+  { 344682, true },
+  { 344699, false },
+  { 344717, true },
+  { 344727, true },
+  { 344749, true },
+  { 344760, true },
+  { 344771, false },
+  { 344781, true },
+  { 344789, false },
+  { 344811, true },
+  { 344827, true },
+  { 344849, true },
+  { 344864, true },
+  { 344881, true },
+  { 344892, true },
+  { 344907, true },
+  { 344927, true },
+  { 344944, true },
+  { 344963, true },
+  { 344974, true },
+  { 344993, true },
+  { 345017, true },
+  { 345031, true },
+  { 345046, true },
+  { 345065, true },
+  { 345083, true },
+  { 345096, false },
+  { 345115, true },
+  { 345127, true },
+  { 345136, true },
+  { 345149, true },
+  { 345166, true },
+  { 345187, true },
+  { 345199, true },
+  { 345222, true },
+  { 345240, true },
+  { 345260, true },
+  { 345270, true },
+  { 345281, true },
+  { 345292, true },
+  { 345314, true },
+  { 345348, true },
+  { 345364, true },
+  { 345379, false },
+  { 345399, true },
+  { 345421, true },
+  { 345434, true },
+  { 345444, true },
+  { 345464, true },
+  { 345480, true },
+  { 345497, true },
+  { 345518, true },
+  { 345533, true },
+  { 345550, true },
+  { 345564, true },
+  { 345578, true },
+  { 345589, false },
+  { 345599, false },
+  { 345614, true },
+  { 345629, true },
+  { 345650, true },
+  { 345662, true },
+  { 345676, true },
+  { 345686, true },
+  { 345699, true },
+  { 345714, false },
+  { 345728, true },
+  { 345736, true },
+  { 345752, true },
+  { 345772, true },
+  { 345789, true },
+  { 345812, true },
+  { 345838, false },
+  { 345847, true },
+  { 345857, false },
+  { 345865, true },
+  { 345876, true },
+  { 345886, true },
+  { 345898, true },
+  { 345910, true },
+  { 345922, true },
+  { 345936, false },
+  { 345958, true },
+  { 345974, true },
+  { 345989, false },
+  { 346003, true },
+  { 346017, true },
+  { 346030, true },
+  { 346048, true },
+  { 346072, true },
+  { 346100, true },
+  { 346127, true },
+  { 346155, true },
+  { 346182, true },
+  { 346195, true },
+  { 346209, true },
+  { 346221, true },
+  { 346233, true },
+  { 346248, true },
+  { 346273, true },
+  { 346297, true },
+  { 346311, true },
+  { 346332, true },
+  { 346343, true },
+  { 346361, true },
+  { 346376, true },
+  { 346386, true },
+  { 346394, true },
+  { 346412, false },
+  { 346434, true },
+  { 346451, true },
+  { 346467, true },
+  { 346489, true },
+  { 346514, true },
+  { 346524, true },
+  { 346540, true },
+  { 346554, true },
+  { 346566, true },
+  { 346584, true },
+  { 346598, true },
+  { 346618, true },
+  { 346638, true },
+  { 346663, true },
+  { 346683, true },
+  { 346704, true },
+  { 346724, true },
+  { 346734, true },
+  { 346747, false },
+  { 346772, true },
+  { 346789, true },
+  { 346810, true },
+  { 346832, true },
+  { 346858, true },
+  { 346886, true },
+  { 346906, true },
+  { 346926, true },
+  { 346947, true },
+  { 346975, true },
+  { 346988, true },
+  { 347008, true },
+  { 347033, true },
+  { 347047, true },
+  { 347061, false },
+  { 347078, true },
+  { 347091, true },
+  { 347110, true },
+  { 347121, true },
+  { 347135, true },
+  { 347143, true },
+  { 347152, true },
+  { 347160, true },
+  { 347174, true },
+  { 347188, true },
+  { 347200, true },
+  { 347209, true },
+  { 347225, true },
+  { 347238, true },
+  { 347251, true },
+  { 347268, true },
+  { 347284, true },
+  { 347297, true },
+  { 347309, false },
+  { 347320, true },
+  { 347331, true },
+  { 347349, true },
+  { 347369, true },
+  { 347385, true },
+  { 347395, false },
+  { 347407, true },
+  { 347419, true },
+  { 347430, true },
+  { 347448, true },
+  { 347469, true },
+  { 347484, true },
+  { 347505, true },
+  { 347523, true },
+  { 347548, true },
+  { 347571, true },
+  { 347581, true },
+  { 347599, true },
+  { 347629, true },
+  { 347650, true },
+  { 347674, true },
+  { 347686, true },
+  { 347696, true },
+  { 347712, true },
+  { 347736, true },
+  { 347749, true },
+  { 347756, true },
+  { 347763, true },
+  { 347777, true },
+  { 347789, true },
+  { 347801, true },
+  { 347814, true },
+  { 347826, true },
+  { 347832, true },
+  { 347842, true },
+  { 347852, true },
+  { 347870, true },
+  { 347888, true },
+  { 347902, true },
+  { 347911, true },
+  { 347926, true },
+  { 347947, true },
+  { 347960, true },
+  { 347970, true },
+  { 347987, true },
+  { 348004, true },
+  { 348019, true },
+  { 348036, true },
+  { 348052, true },
+  { 348061, true },
+  { 348086, true },
+  { 348096, true },
+  { 348122, true },
+  { 348132, true },
+  { 348152, true },
+  { 348163, true },
+  { 348172, true },
+  { 348183, true },
+  { 348192, true },
+  { 348203, true },
+  { 348218, true },
+  { 348228, true },
+  { 348238, true },
+  { 348254, true },
+  { 348266, true },
+  { 348286, true },
+  { 348303, true },
+  { 348321, true },
+  { 348342, true },
+  { 348359, true },
+  { 348379, true },
+  { 348402, true },
+  { 348422, true },
+  { 348442, true },
+  { 348461, true },
+  { 348482, true },
+  { 348494, true },
+  { 348510, true },
+  { 348527, true },
+  { 348539, true },
+  { 348556, true },
+  { 348568, true },
+  { 348582, true },
+  { 348601, true },
+  { 348616, true },
+  { 348632, false },
+  { 348646, true },
+  { 348655, true },
+  { 348667, true },
+  { 348681, true },
+  { 348692, true },
+  { 348704, true },
+  { 348722, true },
+  { 348741, true },
+  { 348758, true },
+  { 348775, true },
+  { 348793, true },
+  { 348809, true },
+  { 348819, true },
+  { 348835, true },
+  { 348849, true },
+  { 348866, true },
+  { 348882, true },
+  { 348900, true },
+  { 348917, true },
+  { 348930, true },
+  { 348941, true },
+  { 348961, true },
+  { 348978, true },
+  { 349001, true },
+  { 349017, true },
+  { 349035, false },
+  { 349052, false },
+  { 349073, true },
+  { 349088, true },
+  { 349098, true },
+  { 349115, true },
+  { 349124, true },
+  { 349145, true },
+  { 349155, true },
+  { 349165, true },
+  { 349184, true },
+  { 349192, true },
+  { 349203, true },
+  { 349217, true },
+  { 349232, true },
+  { 349245, true },
+  { 349260, true },
+  { 349271, true },
+  { 349278, true },
+  { 349288, true },
+  { 349311, true },
+  { 349326, true },
+  { 349339, true },
+  { 349361, true },
+  { 349372, true },
+  { 349389, true },
+  { 349402, true },
+  { 349416, true },
+  { 349434, true },
+  { 349451, true },
+  { 349466, true },
+  { 349478, true },
+  { 349491, true },
+  { 349515, true },
+  { 349539, true },
+  { 349550, true },
+  { 349561, true },
+  { 349576, true },
+  { 349589, true },
+  { 349603, true },
+  { 349614, true },
+  { 349629, true },
+  { 349653, true },
+  { 349669, true },
+  { 349696, true },
+  { 349713, true },
+  { 349731, true },
+  { 349749, true },
+  { 349767, true },
+  { 349779, true },
+  { 349796, true },
+  { 349805, true },
+  { 349815, true },
+  { 349826, true },
+  { 349837, true },
+  { 349852, true },
+  { 349869, true },
+  { 349892, true },
+  { 349910, true },
+  { 349923, true },
+  { 349931, true },
+  { 349939, true },
+  { 349947, true },
+  { 349957, false },
+  { 349967, true },
+  { 349976, true },
+  { 349983, true },
+  { 349992, true },
+  { 350011, true },
+  { 350018, true },
+  { 350026, true },
+  { 350033, true },
+  { 350048, true },
+  { 350063, true },
+  { 350073, true },
+  { 350082, true },
+  { 350094, true },
+  { 350106, true },
+  { 350118, true },
+  { 350126, true },
+  { 350143, true },
+  { 350155, true },
+  { 350162, false },
+  { 350182, true },
+  { 350195, true },
+  { 350209, true },
+  { 350219, true },
+  { 350230, true },
+  { 350241, true },
+  { 350258, true },
+  { 350271, true },
+  { 350287, true },
+  { 350305, true },
+  { 350324, true },
+  { 350335, true },
+  { 350353, true },
+  { 350371, true },
+  { 350388, true },
+  { 350404, true },
+  { 350426, true },
+  { 350447, true },
+  { 350460, true },
+  { 350485, true },
+  { 350503, true },
+  { 350518, true },
+  { 350537, true },
+  { 350555, true },
+  { 350567, true },
+  { 350578, true },
+  { 350591, true },
+  { 350610, true },
+  { 350627, true },
+  { 350646, true },
+  { 350661, true },
+  { 350682, true },
+  { 350697, true },
+  { 350713, true },
+  { 350729, true },
+  { 350752, true },
+  { 350763, true },
+  { 350783, true },
+  { 350796, true },
+  { 350806, true },
+  { 350822, true },
+  { 350835, true },
+  { 350849, true },
+  { 350862, true },
+  { 350875, true },
+  { 350889, true },
+  { 350904, true },
+  { 350912, true },
+  { 350923, true },
+  { 350932, true },
+  { 350946, true },
+  { 350966, true },
+  { 350985, true },
+  { 350999, true },
+  { 351025, true },
+  { 351037, true },
+  { 351049, true },
+  { 351066, true },
+  { 351093, true },
+  { 351117, true },
+  { 351135, true },
+  { 351155, true },
+  { 351170, true },
+  { 351193, true },
+  { 351205, true },
+  { 351219, true },
+  { 351233, true },
+  { 351250, true },
+  { 351265, true },
+  { 351277, true },
+  { 351288, true },
+  { 351302, true },
+  { 351326, true },
+  { 351348, true },
+  { 351358, true },
+  { 351370, true },
+  { 351385, true },
+  { 351395, true },
+  { 351412, true },
+  { 351422, true },
+  { 351436, true },
+  { 351448, true },
+  { 351464, false },
+  { 351495, true },
+  { 351504, true },
+  { 351516, true },
+  { 351530, true },
+  { 351542, true },
+  { 351554, true },
+  { 351567, true },
+  { 351580, true },
+  { 351593, true },
+  { 351610, true },
+  { 351623, true },
+  { 351644, true },
+  { 351663, true },
+  { 351677, true },
+  { 351689, true },
+  { 351708, true },
+  { 351726, true },
+  { 351742, true },
+  { 351759, true },
+  { 351772, true },
+  { 351785, true },
+  { 351799, true },
+  { 351813, true },
+  { 351822, true },
+  { 351832, true },
+  { 351847, true },
+  { 351857, true },
+  { 351877, true },
+  { 351891, true },
+  { 351907, true },
+  { 351920, true },
+  { 351933, true },
+  { 351949, true },
+  { 351959, true },
+  { 351975, true },
+  { 351996, true },
+  { 352013, true },
+  { 352031, true },
+  { 352053, true },
+  { 352078, true },
+  { 352089, true },
+  { 352101, true },
+  { 352115, true },
+  { 352128, true },
+  { 352140, true },
+  { 352160, true },
+  { 352170, true },
+  { 352182, true },
+  { 352189, true },
+  { 352206, true },
+  { 352228, true },
+  { 352236, true },
+  { 352248, true },
+  { 352259, true },
+  { 352269, true },
+  { 352281, true },
+  { 352292, true },
+  { 352305, true },
+  { 352320, false },
+  { 352333, true },
+  { 352354, true },
+  { 352371, true },
+  { 352379, true },
+  { 352391, true },
+  { 352404, true },
+  { 352420, true },
+  { 352432, true },
+  { 352457, true },
+  { 352470, true },
+  { 352489, true },
+  { 352515, true },
+  { 352524, true },
+  { 352541, true },
+  { 352553, true },
+  { 352569, true },
+  { 352584, true },
+  { 352598, true },
+  { 352614, true },
+  { 352631, true },
+  { 352642, true },
+  { 352657, true },
+  { 352677, true },
+  { 352699, true },
+  { 352718, true },
+  { 352731, true },
+  { 352745, true },
+  { 352758, true },
+  { 352783, true },
+  { 352803, true },
+  { 352819, true },
+  { 352834, true },
+  { 352856, true },
+  { 352873, true },
+  { 352907, true },
+  { 352925, true },
+  { 352940, true },
+  { 352954, true },
+  { 352964, true },
+  { 352975, true },
+  { 352990, true },
+  { 353005, true },
+  { 353015, true },
+  { 353027, true },
+  { 353041, true },
+  { 353054, true },
+  { 353063, true },
+  { 353081, true },
+  { 353097, true },
+  { 353112, true },
+  { 353129, true },
+  { 353144, true },
+  { 353156, true },
+  { 353178, true },
+  { 353188, false },
+  { 353211, true },
+  { 353222, true },
+  { 353233, true },
+  { 353250, true },
+  { 353264, true },
+  { 353280, true },
+  { 353291, true },
+  { 353307, true },
+  { 353320, true },
+  { 353331, true },
+  { 353339, true },
+  { 353368, true },
+  { 353378, true },
+  { 353394, true },
+  { 353411, true },
+  { 353431, true },
+  { 353447, true },
+  { 353464, true },
+  { 353482, true },
+  { 353513, true },
+  { 353534, true },
+  { 353555, true },
+  { 353571, true },
+  { 353590, true },
+  { 353611, true },
+  { 353623, true },
+  { 353637, true },
+  { 353649, true },
+  { 353662, true },
+  { 353672, true },
+  { 353680, true },
+  { 353691, true },
+  { 353700, true },
+  { 353717, true },
+  { 353736, true },
+  { 353751, true },
+  { 353760, true },
+  { 353767, true },
+  { 353775, true },
+  { 353787, true },
+  { 353799, true },
+  { 353807, true },
+  { 353818, true },
+  { 353830, false },
+  { 353837, true },
+  { 353851, true },
+  { 353865, true },
+  { 353872, true },
+  { 353886, true },
+  { 353898, false },
+  { 353905, true },
+  { 353913, true },
+  { 353930, true },
+  { 353953, true },
+  { 353971, true },
+  { 353984, false },
+  { 353993, true },
+  { 354002, true },
+  { 354011, true },
+  { 354020, true },
+  { 354031, true },
+  { 354038, true },
+  { 354048, true },
+  { 354061, true },
+  { 354078, true },
+  { 354098, true },
+  { 354107, true },
+  { 354115, true },
+  { 354126, true },
+  { 354136, true },
+  { 354150, true },
+  { 354162, true },
+  { 354176, true },
+  { 354184, true },
+  { 354205, true },
+  { 354213, true },
+  { 354222, true },
+  { 354236, true },
+  { 354255, false },
+  { 354275, true },
+  { 354285, true },
+  { 354300, true },
+  { 354324, true },
+  { 354345, true },
+  { 354356, true },
+  { 354383, true },
+  { 354392, true },
+  { 354409, true },
+  { 354431, true },
+  { 354447, true },
+  { 354468, true },
+  { 354482, true },
+  { 354500, true },
+  { 354517, true },
+  { 354534, true },
+  { 354547, true },
+  { 354562, true },
+  { 354576, true },
+  { 354583, true },
+  { 354594, true },
+  { 354606, true },
+  { 354635, false },
+  { 354647, true },
+  { 354660, true },
+  { 354681, true },
+  { 354695, true },
+  { 354712, true },
+  { 354720, true },
+  { 354731, true },
+  { 354756, true },
+  { 354770, true },
+  { 354782, true },
+  { 354796, true },
+  { 354808, true },
+  { 354823, true },
+  { 354837, true },
+  { 354845, true },
+  { 354857, false },
+  { 354868, true },
+  { 354876, true },
+  { 354883, true },
+  { 354897, true },
+  { 354909, true },
+  { 354917, true },
+  { 354925, true },
+  { 354936, true },
+  { 354948, true },
+  { 354964, true },
+  { 354989, true },
+  { 355002, true },
+  { 355014, true },
+  { 355030, true },
+  { 355042, true },
+  { 355054, true },
+  { 355073, true },
+  { 355091, true },
+  { 355104, true },
+  { 355121, true },
+  { 355130, true },
+  { 355142, true },
+  { 355150, true },
+  { 355162, true },
+  { 355175, true },
+  { 355188, true },
+  { 355204, true },
+  { 355225, true },
+  { 355236, true },
+  { 355247, true },
+  { 355256, true },
+  { 355279, true },
+  { 355301, true },
+  { 355315, true },
+  { 355343, true },
+  { 355352, true },
+  { 355360, true },
+  { 355373, true },
+  { 355391, true },
+  { 355408, true },
+  { 355421, true },
+  { 355439, true },
+  { 355451, true },
+  { 355467, true },
+  { 355478, true },
+  { 355492, true },
+  { 355511, true },
+  { 355520, true },
+  { 355531, true },
+  { 355542, true },
+  { 355564, true },
+  { 355586, true },
+  { 355606, false },
+  { 355626, false },
+  { 355642, true },
+  { 355651, true },
+  { 355674, false },
+  { 355689, true },
+  { 355697, true },
+  { 355712, true },
+  { 355724, true },
+  { 355743, true },
+  { 355759, true },
+  { 355773, false },
+  { 355789, true },
+  { 355809, true },
+  { 355826, true },
+  { 355837, true },
+  { 355853, true },
+  { 355872, true },
+  { 355883, true },
+  { 355901, false },
+  { 355911, true },
+  { 355922, true },
+  { 355930, true },
+  { 355940, true },
+  { 355958, true },
+  { 355965, true },
+  { 355977, true },
+  { 355991, true },
+  { 356004, true },
+  { 356014, true },
+  { 356022, true },
+  { 356030, true },
+  { 356038, true },
+  { 356046, true },
+  { 356059, true },
+  { 356069, true },
+  { 356082, true },
+  { 356090, true },
+  { 356099, true },
+  { 356110, true },
+  { 356121, true },
+  { 356128, true },
+  { 356135, true },
+  { 356147, true },
+  { 356156, true },
+  { 356182, false },
+  { 356205, true },
+  { 356224, true },
+  { 356249, true },
+  { 356260, true },
+  { 356293, true },
+  { 356310, true },
+  { 356322, true },
+  { 356334, true },
+  { 356348, true },
+  { 356359, true },
+  { 356373, true },
+  { 356392, true },
+  { 356402, true },
+  { 356413, true },
+  { 356428, true },
+  { 356441, true },
+  { 356455, true },
+  { 356468, true },
+  { 356477, true },
+  { 356491, true },
+  { 356500, true },
+  { 356511, true },
+  { 356529, true },
+  { 356558, true },
+  { 356580, false },
+  { 356592, true },
+  { 356607, true },
+  { 356619, true },
+  { 356632, true },
+  { 356645, true },
+  { 356655, true },
+  { 356676, false },
+  { 356693, true },
+  { 356711, true },
+  { 356725, true },
+  { 356738, true },
+  { 356754, true },
+  { 356766, true },
+  { 356781, true },
+  { 356793, true },
+  { 356806, true },
+  { 356830, true },
+  { 356849, true },
+  { 356861, true },
+  { 356879, true },
+  { 356888, true },
+  { 356896, true },
+  { 356909, true },
+  { 356917, true },
+  { 356928, true },
+  { 356937, true },
+  { 356954, true },
+  { 356972, true },
+  { 356985, true },
+  { 356996, true },
+  { 357018, false },
+  { 357039, true },
+  { 357050, true },
+  { 357061, true },
+  { 357077, true },
+  { 357106, true },
+  { 357130, true },
+  { 357140, true },
+  { 357159, true },
+  { 357174, true },
+  { 357187, true },
+  { 357201, true },
+  { 357220, true },
+  { 357236, true },
+  { 357256, true },
+  { 357276, true },
+  { 357286, true },
+  { 357297, true },
+  { 357309, true },
+  { 357329, true },
+  { 357354, true },
+  { 357369, true },
+  { 357385, true },
+  { 357411, true },
+  { 357425, true },
+  { 357440, true },
+  { 357456, true },
+  { 357471, true },
+  { 357486, true },
+  { 357503, true },
+  { 357522, true },
+  { 357542, true },
+  { 357555, true },
+  { 357583, true },
+  { 357600, true },
+  { 357617, false },
+  { 357626, true },
+  { 357642, true },
+  { 357664, true },
+  { 357683, true },
+  { 357700, false },
+  { 357715, true },
+  { 357725, true },
+  { 357738, false },
+  { 357748, true },
+  { 357773, true },
+  { 357789, true },
+  { 357806, true },
+  { 357822, true },
+  { 357838, true },
+  { 357866, true },
+  { 357886, true },
+  { 357902, true },
+  { 357923, true },
+  { 357941, true },
+  { 357962, true },
+  { 357972, true },
+  { 357986, true },
+  { 357999, true },
+  { 358011, true },
+  { 358024, true },
+  { 358033, true },
+  { 358057, true },
+  { 358081, true },
+  { 358095, true },
+  { 358109, true },
+  { 358120, true },
+  { 358132, true },
+  { 358148, true },
+  { 358165, true },
+  { 358177, false },
+  { 358194, true },
+  { 358211, true },
+  { 358219, true },
+  { 358232, true },
+  { 358258, true },
+  { 358273, true },
+  { 358290, true },
+  { 358307, true },
+  { 358322, true },
+  { 358343, true },
+  { 358361, true },
+  { 358380, false },
+  { 358389, true },
+  { 358403, true },
+  { 358418, true },
+  { 358432, true },
+  { 358446, true },
+  { 358468, true },
+  { 358481, true },
+  { 358494, true },
+  { 358528, true },
+  { 358550, true },
+  { 358565, true },
+  { 358574, true },
+  { 358589, true },
+  { 358601, true },
+  { 358620, false },
+  { 358643, true },
+  { 358658, true },
+  { 358674, true },
+  { 358690, true },
+  { 358708, true },
+  { 358726, false },
+  { 358746, true },
+  { 358760, true },
+  { 358777, true },
+  { 358789, true },
+  { 358802, true },
+  { 358818, true },
+  { 358829, true },
+  { 358844, true },
+  { 358869, true },
+  { 358885, true },
+  { 358915, true },
+  { 358934, false },
+  { 358943, true },
+  { 358962, true },
+  { 358973, true },
+  { 358987, true },
+  { 359005, true },
+  { 359024, true },
+  { 359042, false },
+  { 359057, true },
+  { 359075, true },
+  { 359087, true },
+  { 359105, true },
+  { 359123, true },
+  { 359143, true },
+  { 359162, true },
+  { 359183, true },
+  { 359195, true },
+  { 359208, true },
+  { 359220, true },
+  { 359232, true },
+  { 359246, true },
+  { 359259, true },
+  { 359272, true },
+  { 359291, true },
+  { 359308, true },
+  { 359325, true },
+  { 359346, true },
+  { 359357, true },
+  { 359369, true },
+  { 359380, true },
+  { 359393, true },
+  { 359412, true },
+  { 359433, true },
+  { 359442, true },
+  { 359460, true },
+  { 359474, true },
+  { 359487, true },
+  { 359495, true },
+  { 359509, true },
+  { 359525, true },
+  { 359539, true },
+  { 359554, true },
+  { 359562, true },
+  { 359586, false },
+  { 359604, true },
+  { 359622, false },
+  { 359642, true },
+  { 359660, true },
+  { 359674, true },
+  { 359693, true },
+  { 359713, true },
+  { 359723, true },
+  { 359739, true },
+  { 359755, true },
+  { 359763, true },
+  { 359781, true },
+  { 359792, true },
+  { 359814, true },
+  { 359834, true },
+  { 359842, true },
+  { 359856, true },
+  { 359878, true },
+  { 359894, true },
+  { 359904, true },
+  { 359918, true },
+  { 359930, true },
+  { 359939, true },
+  { 359954, true },
+  { 359973, true },
+  { 359983, true },
+  { 359992, true },
+  { 360002, true },
+  { 360018, true },
+  { 360038, true },
+  { 360065, true },
+  { 360086, true },
+  { 360098, true },
+  { 360116, true },
+  { 360142, true },
+  { 360159, true },
+  { 360180, true },
+  { 360198, true },
+  { 360208, true },
+  { 360226, true },
+  { 360242, true },
+  { 360255, true },
+  { 360265, true },
+  { 360275, true },
+  { 360289, true },
+  { 360306, true },
+  { 360334, true },
+  { 360352, true },
+  { 360369, true },
+  { 360384, true },
+  { 360398, true },
+  { 360420, true },
+  { 360432, true },
+  { 360444, true },
+  { 360457, true },
+  { 360476, true },
+  { 360486, true },
+  { 360502, true },
+  { 360520, true },
+  { 360542, true },
+  { 360562, true },
+  { 360584, true },
+  { 360606, true },
+  { 360620, true },
+  { 360638, true },
+  { 360652, true },
+  { 360663, true },
+  { 360679, true },
+  { 360697, true },
+  { 360710, true },
+  { 360724, true },
+  { 360735, true },
+  { 360742, true },
+  { 360751, true },
+  { 360763, true },
+  { 360776, true },
+  { 360782, true },
+  { 360788, true },
+  { 360795, true },
+  { 360806, true },
+  { 360814, true },
+  { 360826, true },
+  { 360837, true },
+  { 360849, true },
+  { 360870, true },
+  { 360882, true },
+  { 360891, true },
+  { 360906, true },
+  { 360914, true },
+  { 360929, true },
+  { 360946, true },
+  { 360957, true },
+  { 360969, true },
+  { 360982, true },
+  { 360994, true },
+  { 361011, true },
+  { 361029, true },
+  { 361059, true },
+  { 361077, true },
+  { 361090, true },
+  { 361109, true },
+  { 361121, true },
+  { 361137, true },
+  { 361148, true },
+  { 361172, true },
+  { 361186, true },
+  { 361198, false },
+  { 361211, true },
+  { 361229, true },
+  { 361244, true },
+  { 361257, true },
+  { 361279, true },
+  { 361295, true },
+  { 361309, true },
+  { 361328, true },
+  { 361346, true },
+  { 361362, true },
+  { 361372, true },
+  { 361380, true },
+  { 361394, true },
+  { 361413, true },
+  { 361427, true },
+  { 361440, true },
+  { 361453, true },
+  { 361467, true },
+  { 361484, true },
+  { 361501, true },
+  { 361515, true },
+  { 361530, true },
+  { 361542, true },
+  { 361554, true },
+  { 361572, true },
+  { 361584, true },
+  { 361598, true },
+  { 361614, true },
+  { 361630, true },
+  { 361644, false },
+  { 361657, true },
+  { 361671, true },
+  { 361686, true },
+  { 361704, true },
+  { 361716, true },
+  { 361728, true },
+  { 361747, true },
+  { 361766, true },
+  { 361788, true },
+  { 361808, true },
+  { 361821, true },
+  { 361842, true },
+  { 361859, true },
+  { 361885, true },
+  { 361903, true },
+  { 361919, true },
+  { 361932, true },
+  { 361945, true },
+  { 361957, true },
+  { 361970, true },
+  { 361986, true },
+  { 361999, true },
+  { 362019, true },
+  { 362038, true },
+  { 362051, true },
+  { 362066, true },
+  { 362081, true },
+  { 362096, true },
+  { 362113, true },
+  { 362126, true },
+  { 362154, true },
+  { 362165, true },
+  { 362178, true },
+  { 362189, true },
+  { 362204, true },
+  { 362217, true },
+  { 362242, true },
+  { 362254, true },
+  { 362268, true },
+  { 362287, true },
+  { 362301, true },
+  { 362316, true },
+  { 362330, true },
+  { 362344, true },
+  { 362358, true },
+  { 362375, true },
+  { 362389, true },
+  { 362405, true },
+  { 362428, true },
+  { 362452, true },
+  { 362467, true },
+  { 362482, true },
+  { 362503, true },
+  { 362524, true },
+  { 362556, true },
+  { 362569, true },
+  { 362580, true },
+  { 362592, true },
+  { 362604, true },
+  { 362626, true },
+  { 362645, true },
+  { 362671, true },
+  { 362684, true },
+  { 362702, true },
+  { 362715, true },
+  { 362732, true },
+  { 362743, true },
+  { 362769, true },
+  { 362779, true },
+  { 362791, true },
+  { 362811, true },
+  { 362823, true },
+  { 362835, true },
+  { 362853, true },
+  { 362870, true },
+  { 362885, true },
+  { 362904, true },
+  { 362916, true },
+  { 362931, true },
+  { 362944, true },
+  { 362966, true },
+  { 362982, true },
+  { 362998, true },
+  { 363019, true },
+  { 363037, true },
+  { 363053, true },
+  { 363069, true },
+  { 363082, true },
+  { 363097, true },
+  { 363117, true },
+  { 363133, true },
+  { 363152, true },
+  { 363174, true },
+  { 363191, true },
+  { 363206, true },
+  { 363227, true },
+  { 363247, true },
+  { 363260, true },
+  { 363270, true },
+  { 363282, true },
+  { 363295, true },
+  { 363316, true },
+  { 363331, true },
+  { 363343, true },
+  { 363358, true },
+  { 363370, true },
+  { 363382, true },
+  { 363395, true },
+  { 363409, true },
+  { 363427, true },
+  { 363442, true },
+  { 363452, true },
+  { 363466, true },
+  { 363479, true },
+  { 363491, true },
+  { 363506, true },
+  { 363523, true },
+  { 363535, true },
+  { 363552, true },
+  { 363567, true },
+  { 363585, false },
+  { 363605, true },
+  { 363616, true },
+  { 363638, true },
+  { 363650, true },
+  { 363672, true },
+  { 363683, true },
+  { 363710, true },
+  { 363723, true },
+  { 363736, true },
+  { 363750, true },
+  { 363759, true },
+  { 363771, true },
+  { 363785, true },
+  { 363797, true },
+  { 363812, true },
+  { 363831, true },
+  { 363846, true },
+  { 363864, true },
+  { 363879, true },
+  { 363891, true },
+  { 363910, true },
+  { 363925, true },
+  { 363942, true },
+  { 363959, true },
+  { 363972, true },
+  { 363991, true },
+  { 364002, true },
+  { 364020, true },
+  { 364043, true },
+  { 364061, true },
+  { 364080, true },
+  { 364088, true },
+  { 364095, true },
+  { 364112, true },
+  { 364126, true },
+  { 364132, true },
+  { 364150, true },
+  { 364159, true },
+  { 364167, true },
+  { 364175, true },
+  { 364192, true },
+  { 364210, true },
+  { 364225, true },
+  { 364234, false },
+  { 364254, true },
+  { 364271, true },
+  { 364288, true },
+  { 364302, true },
+  { 364319, true },
+  { 364333, true },
+  { 364354, true },
+  { 364366, true },
+  { 364385, true },
+  { 364404, true },
+  { 364419, true },
+  { 364440, true },
+  { 364457, true },
+  { 364475, true },
+  { 364489, true },
+  { 364500, false },
+  { 364517, true },
+  { 364535, true },
+  { 364553, true },
+  { 364574, true },
+  { 364593, true },
+  { 364611, true },
+  { 364629, true },
+  { 364647, true },
+  { 364665, true },
+  { 364683, true },
+  { 364701, true },
+  { 364719, true },
+  { 364737, true },
+  { 364756, true },
+  { 364773, true },
+  { 364792, false },
+  { 364803, true },
+  { 364822, true },
+  { 364839, true },
+  { 364862, true },
+  { 364878, true },
+  { 364897, true },
+  { 364923, true },
+  { 364934, true },
+  { 364949, true },
+  { 364969, true },
+  { 364989, true },
+  { 365008, true },
+  { 365028, true },
+  { 365049, true },
+  { 365066, true },
+  { 365085, true },
+  { 365103, true },
+  { 365121, true },
+  { 365129, true },
+  { 365138, true },
+  { 365151, true },
+  { 365168, true },
+  { 365181, true },
+  { 365188, true },
+  { 365195, true },
+  { 365209, true },
+  { 365220, true },
+  { 365232, true },
+  { 365242, true },
+  { 365253, false },
+  { 365273, true },
+  { 365283, true },
+  { 365291, true },
+  { 365302, true },
+  { 365313, true },
+  { 365324, true },
+  { 365335, true },
+  { 365354, true },
+  { 365367, true },
+  { 365379, true },
+  { 365396, true },
+  { 365414, true },
+  { 365429, true },
+  { 365452, true },
+  { 365466, true },
+  { 365483, true },
+  { 365500, true },
+  { 365515, true },
+  { 365526, true },
+  { 365541, true },
+  { 365556, true },
+  { 365568, true },
+  { 365580, true },
+  { 365593, true },
+  { 365604, true },
+  { 365622, true },
+  { 365635, true },
+  { 365661, true },
+  { 365690, true },
+  { 365702, true },
+  { 365715, false },
+  { 365735, true },
+  { 365750, true },
+  { 365771, true },
+  { 365789, false },
+  { 365805, true },
+  { 365821, true },
+  { 365847, true },
+  { 365863, true },
+  { 365878, true },
+  { 365896, true },
+  { 365912, true },
+  { 365929, true },
+  { 365941, true },
+  { 365955, true },
+  { 365973, true },
+  { 365994, true },
+  { 366009, true },
+  { 366029, true },
+  { 366043, true },
+  { 366061, true },
+  { 366077, true },
+  { 366096, true },
+  { 366116, true },
+  { 366137, true },
+  { 366154, true },
+  { 366171, true },
+  { 366191, true },
+  { 366210, false },
+  { 366227, true },
+  { 366242, true },
+  { 366259, true },
+  { 366279, true },
+  { 366297, false },
+  { 366315, true },
+  { 366334, true },
+  { 366353, true },
+  { 366369, true },
+  { 366389, true },
+  { 366410, true },
+  { 366437, true },
+  { 366453, true },
+  { 366467, true },
+  { 366479, true },
+  { 366490, true },
+  { 366501, true },
+  { 366518, true },
+  { 366529, true },
+  { 366540, true },
+  { 366554, true },
+  { 366565, true },
+  { 366585, true },
+  { 366596, true },
+  { 366605, true },
+  { 366617, true },
+  { 366632, true },
+  { 366651, true },
+  { 366664, true },
+  { 366684, true },
+  { 366700, true },
+  { 366709, true },
+  { 366725, true },
+  { 366735, true },
+  { 366748, true },
+  { 366761, false },
+  { 366782, true },
+  { 366799, true },
+  { 366819, true },
+  { 366833, true },
+  { 366842, true },
+  { 366855, true },
+  { 366872, true },
+  { 366890, true },
+  { 366909, true },
+  { 366927, true },
+  { 366944, true },
+  { 366957, true },
+  { 366971, true },
+  { 366994, true },
+  { 367018, true },
+  { 367031, true },
+  { 367043, true },
+  { 367060, true },
+  { 367075, true },
+  { 367085, true },
+  { 367102, true },
+  { 367118, true },
+  { 367126, true },
+  { 367145, true },
+  { 367162, true },
+  { 367178, true },
+  { 367190, true },
+  { 367201, true },
+  { 367217, true },
+  { 367230, true },
+  { 367244, true },
+  { 367264, true },
+  { 367278, true },
+  { 367291, true },
+  { 367302, true },
+  { 367316, true },
+  { 367329, true },
+  { 367341, true },
+  { 367363, true },
+  { 367379, true },
+  { 367394, true },
+  { 367410, true },
+  { 367424, true },
+  { 367436, true },
+  { 367449, true },
+  { 367458, true },
+  { 367471, true },
+  { 367488, true },
+  { 367500, true },
+  { 367512, true },
+  { 367524, true },
+  { 367543, true },
+  { 367552, true },
+  { 367564, true },
+  { 367579, true },
+  { 367591, true },
+  { 367608, true },
+  { 367620, true },
+  { 367630, true },
+  { 367646, true },
+  { 367662, true },
+  { 367683, true },
+  { 367699, true },
+  { 367717, true },
+  { 367733, true },
+  { 367749, true },
+  { 367764, true },
+  { 367776, true },
+  { 367791, true },
+  { 367804, true },
+  { 367823, true },
+  { 367833, true },
+  { 367848, true },
+  { 367864, true },
+  { 367876, true },
+  { 367888, true },
+  { 367902, true },
+  { 367917, true },
+  { 367928, true },
+  { 367935, true },
+  { 367952, true },
+  { 367967, true },
+  { 367983, true },
+  { 367994, true },
+  { 368011, true },
+  { 368022, true },
+  { 368033, true },
+  { 368044, true },
+  { 368055, true },
+  { 368066, true },
+  { 368074, true },
+  { 368089, true },
+  { 368102, true },
+  { 368113, true },
+  { 368126, true },
+  { 368144, true },
+  { 368161, true },
+  { 368171, true },
+  { 368184, true },
+  { 368197, true },
+  { 368209, true },
+  { 368226, true },
+  { 368241, true },
+  { 368255, true },
+  { 368264, true },
+  { 368279, true },
+  { 368293, true },
+  { 368301, true },
+  { 368314, true },
+  { 368327, true },
+  { 368341, true },
+  { 368353, true },
+  { 368366, true },
+  { 368374, true },
+  { 368391, true },
+  { 368410, true },
+  { 368428, true },
+  { 368445, true },
+  { 368455, true },
+  { 368471, true },
+  { 368488, true },
+  { 368508, true },
+  { 368520, true },
+  { 368534, true },
+  { 368551, true },
+  { 368568, true },
+  { 368583, true },
+  { 368597, true },
+  { 368620, true },
+  { 368635, true },
+  { 368649, true },
+  { 368667, true },
+  { 368683, true },
+  { 368699, true },
+  { 368713, true },
+  { 368729, true },
+  { 368752, true },
+  { 368766, true },
+  { 368776, true },
+  { 368793, true },
+  { 368806, true },
+  { 368817, true },
+  { 368831, true },
+  { 368845, false },
+  { 368863, true },
+  { 368881, true },
+  { 368896, true },
+  { 368913, true },
+  { 368928, true },
+  { 368945, true },
+  { 368971, true },
+  { 368983, true },
+  { 368998, true },
+  { 369013, true },
+  { 369031, true },
+  { 369047, true },
+  { 369060, false },
+  { 369073, true },
+  { 369082, true },
+  { 369093, true },
+  { 369108, true },
+  { 369118, true },
+  { 369133, true },
+  { 369147, true },
+  { 369163, true },
+  { 369174, true },
+  { 369186, true },
+  { 369208, true },
+  { 369221, true },
+  { 369232, true },
+  { 369247, true },
+  { 369264, true },
+  { 369279, true },
+  { 369290, true },
+  { 369318, true },
+  { 369335, true },
+  { 369360, true },
+  { 369391, true },
+  { 369402, true },
+  { 369412, true },
+  { 369423, true },
+  { 369440, true },
+  { 369458, true },
+  { 369470, true },
+  { 369488, true },
+  { 369499, true },
+  { 369512, true },
+  { 369524, true },
+  { 369544, true },
+  { 369555, true },
+  { 369569, true },
+  { 369589, true },
+  { 369607, true },
+  { 369623, true },
+  { 369635, true },
+  { 369649, true },
+  { 369661, true },
+  { 369669, true },
+  { 369677, true },
+  { 369690, true },
+  { 369700, true },
+  { 369716, true },
+  { 369725, true },
+  { 369743, true },
+  { 369757, true },
+  { 369768, true },
+  { 369786, true },
+  { 369797, true },
+  { 369811, false },
+  { 369831, true },
+  { 369838, true },
+  { 369858, true },
+  { 369873, true },
+  { 369888, true },
+  { 369903, true },
+  { 369919, true },
+  { 369927, true },
+  { 369944, false },
+  { 369958, true },
+  { 369967, true },
+  { 369976, true },
+  { 369996, true },
+  { 370008, true },
+  { 370028, true },
+  { 370048, true },
+  { 370061, true },
+  { 370075, true },
+  { 370090, true },
+  { 370108, true },
+  { 370128, true },
+  { 370143, true },
+  { 370159, true },
+  { 370178, true },
+  { 370197, true },
+  { 370212, true },
+  { 370233, true },
+  { 370258, true },
+  { 370271, true },
+  { 370290, true },
+  { 370306, true },
+  { 370317, true },
+  { 370327, true },
+  { 370343, true },
+  { 370357, false },
+  { 370372, true },
+  { 370385, false },
+  { 370413, true },
+  { 370432, true },
+  { 370444, true },
+  { 370457, true },
+  { 370470, true },
+  { 370480, false },
+  { 370488, true },
+  { 370498, true },
+  { 370513, true },
+  { 370531, true },
+  { 370550, true },
+  { 370562, true },
+  { 370575, true },
+  { 370588, true },
+  { 370603, true },
+  { 370621, true },
+  { 370635, true },
+  { 370648, true },
+  { 370665, true },
+  { 370680, true },
+  { 370694, true },
+  { 370714, false },
+  { 370731, true },
+  { 370752, true },
+  { 370770, true },
+  { 370784, true },
+  { 370798, true },
+  { 370819, true },
+  { 370840, true },
+  { 370860, true },
+  { 370880, true },
+  { 370895, true },
+  { 370920, true },
+  { 370929, true },
+  { 370940, true },
+  { 370951, true },
+  { 370964, true },
+  { 370974, true },
+  { 370991, true },
+  { 371007, true },
+  { 371015, false },
+  { 371030, true },
+  { 371045, true },
+  { 371071, true },
+  { 371088, true },
+  { 371101, true },
+  { 371115, true },
+  { 371130, true },
+  { 371141, true },
+  { 371158, true },
+  { 371190, true },
+  { 371207, true },
+  { 371219, true },
+  { 371244, true },
+  { 371280, true },
+  { 371292, true },
+  { 371311, true },
+  { 371324, true },
+  { 371334, true },
+  { 371348, true },
+  { 371363, true },
+  { 371376, true },
+  { 371393, true },
+  { 371415, true },
+  { 371437, true },
+  { 371455, false },
+  { 371468, true },
+  { 371480, true },
+  { 371493, true },
+  { 371511, true },
+  { 371519, true },
+  { 371527, true },
+  { 371542, true },
+  { 371549, true },
+  { 371566, true },
+  { 371582, true },
+  { 371598, true },
+  { 371617, true },
+  { 371637, true },
+  { 371654, true },
+  { 371669, true },
+  { 371686, true },
+  { 371696, true },
+  { 371710, true },
+  { 371721, true },
+  { 371735, true },
+  { 371749, true },
+  { 371763, true },
+  { 371773, true },
+  { 371782, true },
+  { 371794, true },
+  { 371807, true },
+  { 371821, true },
+  { 371837, false },
+  { 371855, true },
+  { 371873, true },
+  { 371894, true },
+  { 371908, true },
+  { 371920, true },
+  { 371932, true },
+  { 371943, true },
+  { 371956, true },
+  { 371970, true },
+  { 371984, true },
+  { 372004, true },
+  { 372016, true },
+  { 372031, true },
+  { 372045, true },
+  { 372057, true },
+  { 372070, true },
+  { 372087, true },
+  { 372107, true },
+  { 372126, true },
+  { 372139, true },
+  { 372159, true },
+  { 372170, true },
+  { 372177, true },
+  { 372191, true },
+  { 372212, true },
+  { 372221, true },
+  { 372245, true },
+  { 372255, true },
+  { 372268, true },
+  { 372293, true },
+  { 372305, true },
+  { 372314, true },
+  { 372326, true },
+  { 372348, true },
+  { 372359, true },
+  { 372370, true },
+  { 372384, true },
+  { 372403, true },
+  { 372420, true },
+  { 372438, true },
+  { 372453, true },
+  { 372468, true },
+  { 372483, true },
+  { 372503, true },
+  { 372520, true },
+  { 372533, true },
+  { 372547, true },
+  { 372558, true },
+  { 372572, true },
+  { 372582, true },
+  { 372594, true },
+  { 372615, true },
+  { 372626, true },
+  { 372649, true },
+  { 372663, true },
+  { 372677, true },
+  { 372695, true },
+  { 372705, true },
+  { 372717, true },
+  { 372732, true },
+  { 372753, false },
+  { 372769, true },
+  { 372782, true },
+  { 372804, true },
+  { 372814, true },
+  { 372826, true },
+  { 372838, true },
+  { 372852, false },
+  { 372862, true },
+  { 372881, true },
+  { 372895, true },
+  { 372904, true },
+  { 372916, true },
+  { 372927, true },
+  { 372939, true },
+  { 372950, true },
+  { 372959, true },
+  { 372972, true },
+  { 372991, true },
+  { 373000, true },
+  { 373014, true },
+  { 373020, true },
+  { 373032, true },
+  { 373045, true },
+  { 373058, true },
+  { 373068, true },
+  { 373083, true },
+  { 373109, true },
+  { 373132, true },
+  { 373149, true },
+  { 373159, true },
+  { 373173, true },
+  { 373186, true },
+  { 373202, true },
+  { 373218, true },
+  { 373239, true },
+  { 373260, true },
+  { 373279, true },
+  { 373289, true },
+  { 373301, true },
+  { 373313, true },
+  { 373327, true },
+  { 373337, true },
+  { 373360, true },
+  { 373368, true },
+  { 373389, true },
+  { 373401, true },
+  { 373416, true },
+  { 373430, true },
+  { 373439, true },
+  { 373451, true },
+  { 373474, true },
+  { 373487, true },
+  { 373497, true },
+  { 373511, true },
+  { 373535, true },
+  { 373549, true },
+  { 373557, true },
+  { 373578, true },
+  { 373590, true },
+  { 373601, true },
+  { 373618, true },
+  { 373638, true },
+  { 373660, true },
+  { 373679, true },
+  { 373690, false },
+  { 373718, false },
+  { 373730, true },
+  { 373742, true },
+  { 373753, true },
+  { 373774, true },
+  { 373790, true },
+  { 373806, true },
+  { 373817, true },
+  { 373827, true },
+  { 373840, true },
+  { 373853, true },
+  { 373865, true },
+  { 373884, false },
+  { 373900, true },
+  { 373915, true },
+  { 373930, true },
+  { 373945, true },
+  { 373961, true },
+  { 373978, true },
+  { 373995, true },
+  { 374010, true },
+  { 374033, true },
+  { 374043, true },
+  { 374051, true },
+  { 374070, true },
+  { 374084, true },
+  { 374105, true },
+  { 374125, true },
+  { 374143, true },
+  { 374161, true },
+  { 374179, true },
+  { 374197, true },
+  { 374215, true },
+  { 374233, true },
+  { 374251, true },
+  { 374272, true },
+  { 374293, true },
+  { 374314, true },
+  { 374335, true },
+  { 374354, true },
+  { 374376, true },
+  { 374398, true },
+  { 374420, true },
+  { 374438, true },
+  { 374456, true },
+  { 374474, true },
+  { 374492, true },
+  { 374510, true },
+  { 374528, true },
+  { 374546, true },
+  { 374564, true },
+  { 374582, true },
+  { 374600, true },
+  { 374618, true },
+  { 374636, true },
+  { 374654, true },
+  { 374672, true },
+  { 374690, true },
+  { 374708, true },
+  { 374726, true },
+  { 374744, true },
+  { 374762, true },
+  { 374780, true },
+  { 374798, true },
+  { 374816, true },
+  { 374834, true },
+  { 374852, true },
+  { 374870, true },
+  { 374888, true },
+  { 374906, true },
+  { 374924, true },
+  { 374942, true },
+  { 374960, true },
+  { 374978, true },
+  { 374996, true },
+  { 375014, true },
+  { 375032, true },
+  { 375050, true },
+  { 375068, true },
+  { 375086, true },
+  { 375104, true },
+  { 375122, true },
+  { 375140, true },
+  { 375158, true },
+  { 375176, true },
+  { 375194, true },
+  { 375212, true },
+  { 375230, true },
+  { 375246, true },
+  { 375261, true },
+  { 375278, true },
+  { 375292, true },
+  { 375314, true },
+  { 375326, true },
+  { 375341, true },
+  { 375361, true },
+  { 375374, true },
+  { 375383, true },
+  { 375395, false },
+  { 375409, true },
+  { 375425, true },
+  { 375436, true },
+  { 375447, true },
+  { 375472, true },
+  { 375483, true },
+  { 375493, true },
+  { 375514, true },
+  { 375532, true },
+  { 375549, true },
+  { 375558, true },
+  { 375577, true },
+  { 375591, true },
+  { 375613, true },
+  { 375627, true },
+  { 375645, true },
+  { 375662, true },
+  { 375681, true },
+  { 375699, true },
+  { 375720, true },
+  { 375739, true },
+  { 375753, true },
+  { 375769, true },
+  { 375781, true },
+  { 375796, true },
+  { 375811, true },
+  { 375826, true },
+  { 375842, true },
+  { 375860, true },
+  { 375871, true },
+  { 375881, true },
+  { 375891, true },
+  { 375902, true },
+  { 375914, true },
+  { 375925, false },
+  { 375936, true },
+  { 375955, true },
+  { 375974, true },
+  { 375998, true },
+  { 376014, true },
+  { 376032, true },
+  { 376050, true },
+  { 376063, true },
+  { 376077, true },
+  { 376093, true },
+  { 376104, true },
+  { 376122, true },
+  { 376139, true },
+  { 376160, true },
+  { 376172, true },
+  { 376197, true },
+  { 376212, true },
+  { 376230, true },
+  { 376245, true },
+  { 376265, true },
+  { 376280, true },
+  { 376297, true },
+  { 376308, true },
+  { 376318, true },
+  { 376332, true },
+  { 376344, true },
+  { 376359, true },
+  { 376368, true },
+  { 376390, true },
+  { 376400, true },
+  { 376417, true },
+  { 376435, true },
+  { 376448, true },
+  { 376459, false },
+  { 376472, true },
+  { 376490, true },
+  { 376508, true },
+  { 376520, true },
+  { 376530, true },
+  { 376545, true },
+  { 376568, true },
+  { 376591, true },
+  { 376609, true },
+  { 376624, false },
+  { 376637, true },
+  { 376648, true },
+  { 376660, true },
+  { 376679, true },
+  { 376692, true },
+  { 376704, true },
+  { 376721, true },
+  { 376741, true },
+  { 376764, true },
+  { 376783, true },
+  { 376794, true },
+  { 376808, true },
+  { 376822, true },
+  { 376841, true },
+  { 376863, true },
+  { 376872, true },
+  { 376884, true },
+  { 376911, true },
+  { 376930, true },
+  { 376944, true },
+  { 376957, true },
+  { 376972, true },
+  { 376986, true },
+  { 376996, true },
+  { 377010, true },
+  { 377023, true },
+  { 377033, true },
+  { 377053, true },
+  { 377076, false },
+  { 377089, true },
+  { 377107, true },
+  { 377133, true },
+  { 377141, true },
+  { 377152, true },
+  { 377159, true },
+  { 377167, true },
+  { 377184, true },
+  { 377199, true },
+  { 377212, true },
+  { 377227, true },
+  { 377244, true },
+  { 377261, true },
+  { 377272, false },
+  { 377281, true },
+  { 377294, true },
+  { 377313, true },
+  { 377330, true },
+  { 377345, true },
+  { 377365, true },
+  { 377372, true },
+  { 377383, true },
+  { 377399, true },
+  { 377410, true },
+  { 377418, true },
+  { 377428, true },
+  { 377443, true },
+  { 377454, true },
+  { 377464, true },
+  { 377474, true },
+  { 377485, true },
+  { 377510, true },
+  { 377522, true },
+  { 377539, true },
+  { 377548, true },
+  { 377558, true },
+  { 377568, true },
+  { 377580, true },
+  { 377589, true },
+  { 377609, true },
+  { 377626, true },
+  { 377645, true },
+  { 377658, true },
+  { 377668, false },
+  { 377677, true },
+  { 377693, true },
+  { 377706, true },
+  { 377725, true },
+  { 377734, true },
+  { 377752, true },
+  { 377768, true },
+  { 377781, true },
+  { 377801, true },
+  { 377814, true },
+  { 377827, true },
+  { 377838, true },
+  { 377851, true },
+  { 377868, true },
+  { 377877, true },
+  { 377889, true },
+  { 377902, true },
+  { 377916, true },
+  { 377929, true },
+  { 377939, true },
+  { 377953, true },
+  { 377976, true },
+  { 378000, true },
+  { 378008, true },
+  { 378024, true },
+  { 378039, true },
+  { 378050, true },
+  { 378069, true },
+  { 378084, true },
+  { 378099, true },
+  { 378108, true },
+  { 378118, true },
+  { 378132, true },
+  { 378148, true },
+  { 378160, true },
+  { 378183, false },
+  { 378197, true },
+  { 378206, true },
+  { 378214, true },
+  { 378223, true },
+  { 378237, true },
+  { 378247, false },
+  { 378263, true },
+  { 378276, true },
+  { 378292, true },
+  { 378306, true },
+  { 378320, true },
+  { 378337, false },
+  { 378355, true },
+  { 378368, true },
+  { 378392, true },
+  { 378409, true },
+  { 378428, true },
+  { 378442, true },
+  { 378455, true },
+  { 378468, true },
+  { 378489, true },
+  { 378500, true },
+  { 378510, true },
+  { 378523, true },
+  { 378537, true },
+  { 378547, true },
+  { 378570, true },
+  { 378582, true },
+  { 378594, true },
+  { 378610, true },
+  { 378617, true },
+  { 378633, true },
+  { 378643, false },
+  { 378653, true },
+  { 378666, true },
+  { 378681, true },
+  { 378691, true },
+  { 378700, true },
+  { 378716, true },
+  { 378728, true },
+  { 378742, true },
+  { 378756, true },
+  { 378768, true },
+  { 378779, true },
+  { 378792, true },
+  { 378804, true },
+  { 378815, true },
+  { 378829, true },
+  { 378847, true },
+  { 378863, true },
+  { 378872, true },
+  { 378892, true },
+  { 378904, true },
+  { 378920, true },
+  { 378933, true },
+  { 378943, true },
+  { 378953, true },
+  { 378967, true },
+  { 378979, true },
+  { 378992, true },
+  { 379009, true },
+  { 379024, true },
+  { 379036, true },
+  { 379044, true },
+  { 379056, true },
+  { 379073, true },
+  { 379087, true },
+  { 379102, true },
+  { 379113, true },
+  { 379133, true },
+  { 379147, true },
+  { 379156, true },
+  { 379171, true },
+  { 379187, true },
+  { 379199, true },
+  { 379212, true },
+  { 379225, true },
+  { 379239, true },
+  { 379254, false },
+  { 379266, true },
+  { 379279, true },
+  { 379292, true },
+  { 379303, true },
+  { 379317, true },
+  { 379340, true },
+  { 379350, true },
+  { 379359, true },
+  { 379371, true },
+  { 379385, true },
+  { 379401, true },
+  { 379413, true },
+  { 379430, true },
+  { 379438, true },
+  { 379450, false },
+  { 379468, true },
+  { 379476, true },
+  { 379487, true },
+  { 379495, true },
+  { 379503, true },
+  { 379509, true },
+  { 379519, true },
+  { 379532, true },
+  { 379547, true },
+  { 379566, true },
+  { 379590, true },
+  { 379603, true },
+  { 379618, true },
+  { 379642, true },
+  { 379666, true },
+  { 379688, true },
+  { 379717, true },
+  { 379746, true },
+  { 379756, true },
+  { 379768, true },
+  { 379790, true },
+  { 379809, true },
+  { 379826, true },
+  { 379836, true },
+  { 379852, true },
+  { 379867, true },
+  { 379889, true },
+  { 379901, true },
+  { 379916, true },
+  { 379937, true },
+  { 379949, true },
+  { 379962, true },
+  { 379975, true },
+  { 379991, true },
+  { 380005, true },
+  { 380017, true },
+  { 380033, true },
+  { 380046, true },
+  { 380065, true },
+  { 380085, true },
+  { 380103, true },
+  { 380121, true },
+  { 380134, true },
+  { 380152, true },
+  { 380175, true },
+  { 380199, true },
+  { 380225, true },
+  { 380240, true },
+  { 380257, true },
+  { 380273, true },
+  { 380290, true },
+  { 380307, true },
+  { 380321, true },
+  { 380338, true },
+  { 380353, true },
+  { 380377, true },
+  { 380390, true },
+  { 380404, true },
+  { 380415, true },
+  { 380426, true },
+  { 380437, true },
+  { 380447, true },
+  { 380460, true },
+  { 380478, true },
+  { 380487, true },
+  { 380496, true },
+  { 380509, true },
+  { 380525, true },
+  { 380546, true },
+  { 380567, true },
+  { 380576, true },
+  { 380588, true },
+  { 380598, true },
+  { 380609, true },
+  { 380621, false },
+  { 380642, false },
+  { 380651, true },
+  { 380658, true },
+  { 380666, true },
+  { 380689, true },
+  { 380702, true },
+  { 380716, true },
+  { 380729, true },
+  { 380744, true },
+  { 380758, true },
+  { 380773, true },
+  { 380782, true },
+  { 380790, true },
+  { 380803, true },
+  { 380811, true },
+  { 380830, true },
+  { 380842, true },
+  { 380860, true },
+  { 380875, true },
+  { 380892, true },
+  { 380902, true },
+  { 380913, true },
+  { 380926, true },
+  { 380935, true },
+  { 380948, true },
+  { 380958, true },
+  { 380967, true },
+  { 380988, true },
+  { 381002, true },
+  { 381018, true },
+  { 381030, true },
+  { 381043, true },
+  { 381056, true },
+  { 381065, true },
+  { 381079, true },
+  { 381092, true },
+  { 381103, true },
+  { 381113, true },
+  { 381136, true },
+  { 381149, true },
+  { 381162, true },
+  { 381174, true },
+  { 381189, true },
+  { 381203, false },
+  { 381216, true },
+  { 381230, true },
+  { 381239, true },
+  { 381251, true },
+  { 381262, true },
+  { 381279, true },
+  { 381291, true },
+  { 381301, true },
+  { 381311, true },
+  { 381324, true },
+  { 381339, true },
+  { 381359, true },
+  { 381371, false },
+  { 381383, true },
+  { 381400, true },
+  { 381414, true },
+  { 381427, true },
+  { 381441, true },
+  { 381451, true },
+  { 381461, true },
+  { 381472, true },
+  { 381481, true },
+  { 381488, true },
+  { 381498, true },
+  { 381507, true },
+  { 381519, true },
+  { 381530, true },
+  { 381546, true },
+  { 381561, true },
+  { 381570, true },
+  { 381584, true },
+  { 381598, true },
+  { 381612, true },
+  { 381632, true },
+  { 381642, true },
+  { 381654, true },
+  { 381666, true },
+  { 381679, true },
+  { 381693, true },
+  { 381706, true },
+  { 381715, true },
+  { 381726, true },
+  { 381744, true },
+  { 381751, true },
+  { 381768, true },
+  { 381784, true },
+  { 381800, true },
+  { 381817, true },
+  { 381830, true },
+  { 381839, true },
+  { 381859, false },
+  { 381871, true },
+  { 381884, true },
+  { 381892, true },
+  { 381908, true },
+  { 381926, true },
+  { 381948, true },
+  { 381964, true },
+  { 381972, false },
+  { 381990, true },
+  { 382017, true },
+  { 382029, true },
+  { 382044, true },
+  { 382059, true },
+  { 382075, true },
+  { 382089, true },
+  { 382104, false },
+  { 382123, true },
+  { 382145, true },
+  { 382166, true },
+  { 382185, true },
+  { 382202, true },
+  { 382217, true },
+  { 382228, true },
+  { 382243, true },
+  { 382257, true },
+  { 382269, true },
+  { 382281, true },
+  { 382289, true },
+  { 382299, true },
+  { 382314, true },
+  { 382331, true },
+  { 382346, true },
+  { 382366, true },
+  { 382377, true },
+  { 382399, true },
+  { 382419, true },
+  { 382432, true },
+  { 382452, true },
+  { 382465, true },
+  { 382479, true },
+  { 382499, true },
+  { 382520, true },
+  { 382534, true },
+  { 382547, true },
+  { 382568, true },
+  { 382583, true },
+  { 382602, true },
+  { 382628, true },
+  { 382655, true },
+  { 382671, true },
+  { 382682, true },
+  { 382700, true },
+  { 382715, true },
+  { 382723, true },
+  { 382736, true },
+  { 382744, true },
+  { 382755, true },
+  { 382769, true },
+  { 382783, true },
+  { 382799, true },
+  { 382816, true },
+  { 382826, true },
+  { 382838, true },
+  { 382856, true },
+  { 382877, true },
+  { 382890, true },
+  { 382908, true },
+  { 382926, true },
+  { 382946, true },
+  { 382959, true },
+  { 382975, true },
+  { 383001, true },
+  { 383020, true },
+  { 383049, true },
+  { 383060, true },
+  { 383075, true },
+  { 383085, true },
+  { 383097, true },
+  { 383115, true },
+  { 383131, true },
+  { 383154, true },
+  { 383177, true },
+  { 383201, true },
+  { 383226, true },
+  { 383238, true },
+  { 383250, true },
+  { 383264, true },
+  { 383277, true },
+  { 383288, true },
+  { 383303, true },
+  { 383313, true },
+  { 383330, true },
+  { 383339, true },
+  { 383351, true },
+  { 383364, true },
+  { 383382, true },
+  { 383407, true },
+  { 383419, true },
+  { 383431, true },
+  { 383447, true },
+  { 383459, true },
+  { 383470, true },
+  { 383486, true },
+  { 383503, true },
+  { 383515, true },
+  { 383530, true },
+  { 383548, true },
+  { 383562, true },
+  { 383583, true },
+  { 383607, true },
+  { 383618, true },
+  { 383634, true },
+  { 383650, false },
+  { 383664, true },
+  { 383679, true },
+  { 383691, true },
+  { 383718, true },
+  { 383734, true },
+  { 383752, true },
+  { 383768, true },
+  { 383786, true },
+  { 383800, true },
+  { 383820, true },
+  { 383834, true },
+  { 383848, true },
+  { 383858, true },
+  { 383869, false },
+  { 383879, true },
+  { 383890, true },
+  { 383898, false },
+  { 383910, true },
+  { 383920, true },
+  { 383940, true },
+  { 383957, true },
+  { 383975, true },
+  { 383993, true },
+  { 384000, true },
+  { 384012, true },
+  { 384023, true },
+  { 384048, true },
+  { 384065, true },
+  { 384077, true },
+  { 384094, true },
+  { 384110, true },
+  { 384130, true },
+  { 384153, true },
+  { 384164, true },
+  { 384173, true },
+  { 384190, false },
+  { 384197, true },
+  { 384208, true },
+  { 384225, true },
+  { 384246, true },
+  { 384262, true },
+  { 384274, true },
+  { 384286, true },
+  { 384295, true },
+  { 384310, true },
+  { 384322, true },
+  { 384336, true },
+  { 384346, true },
+  { 384361, true },
+  { 384379, true },
+  { 384396, true },
+  { 384405, true },
+  { 384417, true },
+  { 384435, true },
+  { 384449, true },
+  { 384465, false },
+  { 384478, true },
+  { 384494, true },
+  { 384506, true },
+  { 384520, true },
+  { 384536, true },
+  { 384548, true },
+  { 384560, true },
+  { 384574, false },
+  { 384590, true },
+  { 384607, true },
+  { 384615, true },
+  { 384630, true },
+  { 384643, true },
+  { 384659, true },
+  { 384672, true },
+  { 384685, true },
+  { 384695, true },
+  { 384717, true },
+  { 384737, true },
+  { 384763, true },
+  { 384784, true },
+  { 384809, true },
+  { 384834, true },
+  { 384850, true },
+  { 384878, true },
+  { 384903, true },
+  { 384929, true },
+  { 384958, true },
+  { 384977, true },
+  { 385001, true },
+  { 385020, true },
+  { 385040, true },
+  { 385062, true },
+  { 385071, true },
+  { 385083, true },
+  { 385098, true },
+  { 385110, true },
+  { 385119, true },
+  { 385135, true },
+  { 385145, true },
+  { 385157, true },
+  { 385174, true },
+  { 385188, true },
+  { 385207, true },
+  { 385223, false },
+  { 385236, true },
+  { 385249, true },
+  { 385262, true },
+  { 385280, true },
+  { 385301, true },
+  { 385313, true },
+  { 385332, true },
+  { 385342, true },
+  { 385351, true },
+  { 385365, true },
+  { 385375, true },
+  { 385389, true },
+  { 385402, true },
+  { 385415, true },
+  { 385434, true },
+  { 385453, true },
+  { 385467, true },
+  { 385487, true },
+  { 385507, true },
+  { 385526, true },
+  { 385540, true },
+  { 385560, true },
+  { 385569, true },
+  { 385580, true },
+  { 385603, true },
+  { 385623, true },
+  { 385646, true },
+  { 385655, true },
+  { 385674, true },
+  { 385689, true },
+  { 385708, false },
+  { 385724, true },
+  { 385743, true },
+  { 385758, true },
+  { 385774, false },
+  { 385787, true },
+  { 385801, true },
+  { 385812, true },
+  { 385835, true },
+  { 385852, true },
+  { 385873, true },
+  { 385887, true },
+  { 385902, true },
+  { 385913, true },
+  { 385923, true },
+  { 385940, true },
+  { 385957, true },
+  { 385976, true },
+  { 385989, true },
+  { 386001, true },
+  { 386014, true },
+  { 386033, true },
+  { 386048, true },
+  { 386062, true },
+  { 386075, false },
+  { 386087, true },
+  { 386102, true },
+  { 386116, true },
+  { 386129, true },
+  { 386143, true },
+  { 386158, true },
+  { 386171, true },
+  { 386184, true },
+  { 386199, true },
+  { 386208, true },
+  { 386217, true },
+  { 386226, true },
+  { 386245, true },
+  { 386260, true },
+  { 386274, true },
+  { 386288, true },
+  { 386307, true },
+  { 386331, true },
+  { 386344, true },
+  { 386369, true },
+  { 386386, true },
+  { 386402, true },
+  { 386419, true },
+  { 386436, true },
+  { 386463, true },
+  { 386478, true },
+  { 386494, true },
+  { 386506, true },
+  { 386524, true },
+  { 386543, true },
+  { 386556, true },
+  { 386569, true },
+  { 386589, true },
+  { 386600, true },
+  { 386614, true },
+  { 386629, true },
+  { 386641, true },
+  { 386650, true },
+  { 386658, true },
+  { 386667, true },
+  { 386685, true },
+  { 386701, true },
+  { 386717, true },
+  { 386729, true },
+  { 386743, true },
+  { 386757, true },
+  { 386772, true },
+  { 386784, true },
+  { 386797, true },
+  { 386812, true },
+  { 386832, true },
+  { 386849, true },
+  { 386866, true },
+  { 386883, true },
+  { 386895, true },
+  { 386911, true },
+  { 386926, true },
+  { 386942, true },
+  { 386957, true },
+  { 386972, true },
+  { 386997, true },
+  { 387011, true },
+  { 387030, true },
+  { 387055, true },
+  { 387070, true },
+  { 387081, true },
+  { 387100, true },
+  { 387115, true },
+  { 387136, true },
+  { 387160, true },
+  { 387177, true },
+  { 387189, true },
+  { 387199, true },
+  { 387212, true },
+  { 387226, true },
+  { 387248, true },
+  { 387270, true },
+  { 387292, false },
+  { 387302, true },
+  { 387313, true },
+  { 387322, true },
+  { 387343, true },
+  { 387362, true },
+  { 387391, true },
+  { 387416, true },
+  { 387441, true },
+  { 387470, true },
+  { 387486, true },
+  { 387495, true },
+  { 387507, true },
+  { 387523, true },
+  { 387533, true },
+  { 387545, true },
+  { 387561, true },
+  { 387575, true },
+  { 387589, true },
+  { 387603, true },
+  { 387620, true },
+  { 387633, true },
+  { 387644, true },
+  { 387659, true },
+  { 387672, true },
+  { 387688, true },
+  { 387705, true },
+  { 387715, true },
+  { 387724, true },
+  { 387738, true },
+  { 387756, false },
+  { 387770, false },
+  { 387781, true },
+  { 387794, true },
+  { 387814, false },
+  { 387827, true },
+  { 387837, true },
+  { 387856, true },
+  { 387866, true },
+  { 387881, true },
+  { 387894, true },
+  { 387904, true },
+  { 387913, true },
+  { 387925, true },
+  { 387947, true },
+  { 387969, true },
+  { 387980, true },
+  { 387993, true },
+  { 388007, true },
+  { 388018, true },
+  { 388029, true },
+  { 388039, true },
+  { 388051, true },
+  { 388058, true },
+  { 388066, true },
+  { 388074, true },
+  { 388081, true },
+  { 388087, true },
+  { 388093, true },
+  { 388099, true },
+  { 388108, true },
+  { 388117, true },
+  { 388125, false },
+  { 388133, true },
+  { 388142, true },
+  { 388151, true },
+  { 388159, false },
+  { 388169, true },
+  { 388181, true },
+  { 388197, true },
+  { 388211, true },
+  { 388221, true },
+  { 388229, true },
+  { 388248, true },
+  { 388255, true },
+  { 388266, true },
+  { 388291, true },
+  { 388298, true },
+  { 388311, true },
+  { 388325, true },
+  { 388335, true },
+  { 388345, true },
+  { 388356, true },
+  { 388375, true },
+  { 388387, true },
+  { 388402, true },
+  { 388413, true },
+  { 388425, true },
+  { 388435, true },
+  { 388447, true },
+  { 388460, true },
+  { 388468, true },
+  { 388481, true },
+  { 388493, true },
+  { 388503, true },
+  { 388515, true },
+  { 388525, true },
+  { 388538, true },
+  { 388557, true },
+  { 388574, true },
+  { 388589, true },
+  { 388616, true },
+  { 388627, true },
+  { 388641, true },
+  { 388656, true },
+  { 388672, true },
+  { 388694, true },
+  { 388708, true },
+  { 388727, true },
+  { 388739, true },
+  { 388752, false },
+  { 388765, true },
+  { 388784, true },
+  { 388794, true },
+  { 388809, true },
+  { 388838, true },
+  { 388861, true },
+  { 388874, true },
+  { 388895, false },
+  { 388922, false },
+  { 388938, true },
+  { 388948, true },
+  { 388964, true },
+  { 388979, true },
+  { 388995, true },
+  { 389013, true },
+  { 389032, true },
+  { 389046, true },
+  { 389066, true },
+  { 389075, true },
+  { 389094, true },
+  { 389107, true },
+  { 389120, true },
+  { 389137, true },
+  { 389148, true },
+  { 389166, true },
+  { 389187, true },
+  { 389204, true },
+  { 389217, true },
+  { 389236, true },
+  { 389254, true },
+  { 389277, true },
+  { 389299, true },
+  { 389313, true },
+  { 389331, true },
+  { 389355, true },
+  { 389373, true },
+  { 389389, true },
+  { 389403, true },
+  { 389415, true },
+  { 389431, true },
+  { 389452, true },
+  { 389466, true },
+  { 389496, true },
+  { 389506, true },
+  { 389526, true },
+  { 389539, true },
+  { 389548, true },
+  { 389559, true },
+  { 389569, true },
+  { 389582, true },
+  { 389616, true },
+  { 389630, true },
+  { 389642, true },
+  { 389655, true },
+  { 389679, true },
+  { 389695, true },
+  { 389708, true },
+  { 389722, true },
+  { 389738, true },
+  { 389753, true },
+  { 389783, true },
+  { 389795, true },
+  { 389809, true },
+  { 389824, true },
+  { 389836, true },
+  { 389853, true },
+  { 389869, true },
+  { 389887, true },
+  { 389904, true },
+  { 389924, true },
+  { 389937, true },
+  { 389952, true },
+  { 389967, true },
+  { 389977, true },
+  { 389988, true },
+  { 389997, true },
+  { 390024, true },
+  { 390050, true },
+  { 390069, true },
+  { 390102, true },
+  { 390136, true },
+  { 390170, false },
+  { 390187, true },
+  { 390199, true },
+  { 390223, true },
+  { 390244, true },
+  { 390261, true },
+  { 390274, true },
+  { 390298, true },
+  { 390311, true },
+  { 390325, true },
+  { 390333, true },
+  { 390345, true },
+  { 390357, true },
+  { 390368, true },
+  { 390378, true },
+  { 390395, true },
+  { 390414, true },
+  { 390428, true },
+  { 390437, true },
+  { 390455, true },
+  { 390465, true },
+  { 390474, true },
+  { 390494, true },
+  { 390508, true },
+  { 390521, true },
+  { 390537, true },
+  { 390552, true },
+  { 390566, true },
+  { 390582, true },
+  { 390598, true },
+  { 390610, true },
+  { 390621, false },
+  { 390641, true },
+  { 390650, true },
+  { 390661, true },
+  { 390673, true },
+  { 390691, true },
+  { 390703, true },
+  { 390718, true },
+  { 390734, true },
+  { 390754, true },
+  { 390769, false },
+  { 390784, true },
+  { 390803, true },
+  { 390814, true },
+  { 390829, false },
+  { 390846, true },
+  { 390864, true },
+  { 390877, true },
+  { 390889, true },
+  { 390914, false },
+  { 390937, true },
+  { 390962, true },
+  { 390978, true },
+  { 390989, true },
+  { 391008, true },
+  { 391025, true },
+  { 391042, true },
+  { 391050, true },
+  { 391078, true },
+  { 391091, true },
+  { 391102, true },
+  { 391121, true },
+  { 391136, true },
+  { 391147, true },
+  { 391169, true },
+  { 391186, true },
+  { 391209, true },
+  { 391227, true },
+  { 391248, true },
+  { 391263, true },
+  { 391286, true },
+  { 391306, true },
+  { 391327, true },
+  { 391349, true },
+  { 391370, true },
+  { 391391, true },
+  { 391408, true },
+  { 391422, true },
+  { 391439, true },
+  { 391456, true },
+  { 391475, true },
+  { 391490, true },
+  { 391505, true },
+  { 391525, true },
+  { 391538, true },
+  { 391551, true },
+  { 391564, true },
+  { 391584, true },
+  { 391594, false },
+  { 391608, true },
+  { 391625, true },
+  { 391637, true },
+  { 391657, true },
+  { 391674, true },
+  { 391684, true },
+  { 391695, true },
+  { 391717, true },
+  { 391740, true },
+  { 391751, true },
+  { 391766, true },
+  { 391782, true },
+  { 391799, true },
+  { 391812, true },
+  { 391827, true },
+  { 391848, true },
+  { 391866, true },
+  { 391880, true },
+  { 391891, false },
+  { 391905, true },
+  { 391921, true },
+  { 391939, true },
+  { 391955, true },
+  { 391967, true },
+  { 391999, true },
+  { 392017, true },
+  { 392029, false },
+  { 392041, true },
+  { 392053, true },
+  { 392063, true },
+  { 392080, true },
+  { 392117, true },
+  { 392136, true },
+  { 392150, true },
+  { 392167, true },
+  { 392179, false },
+  { 392200, true },
+  { 392223, true },
+  { 392238, true },
+  { 392254, true },
+  { 392268, true },
+  { 392278, true },
+  { 392289, false },
+  { 392301, true },
+  { 392318, false },
+  { 392333, true },
+  { 392346, true },
+  { 392360, true },
+  { 392368, true },
+  { 392380, true },
+  { 392391, true },
+  { 392403, true },
+  { 392420, true },
+  { 392437, true },
+  { 392454, true },
+  { 392483, true },
+  { 392496, true },
+  { 392512, true },
+  { 392525, true },
+  { 392533, true },
+  { 392551, true },
+  { 392570, true },
+  { 392581, true },
+  { 392597, true },
+  { 392613, true },
+  { 392643, false },
+  { 392651, true },
+  { 392665, true },
+  { 392678, true },
+  { 392694, true },
+  { 392707, true },
+  { 392722, true },
+  { 392735, true },
+  { 392749, true },
+  { 392767, false },
+  { 392778, true },
+  { 392797, true },
+  { 392813, true },
+  { 392829, true },
+  { 392844, true },
+  { 392863, true },
+  { 392883, true },
+  { 392896, true },
+  { 392909, true },
+  { 392919, true },
+  { 392938, true },
+  { 392963, true },
+  { 392980, true },
+  { 392994, true },
+  { 393020, true },
+  { 393035, false },
+  { 393046, true },
+  { 393061, false },
+  { 393072, true },
+  { 393082, true },
+  { 393099, true },
+  { 393112, true },
+  { 393124, true },
+  { 393145, true },
+  { 393164, true },
+  { 393177, true },
+  { 393192, true },
+  { 393205, true },
+  { 393218, true },
+  { 393238, true },
+  { 393257, true },
+  { 393279, true },
+  { 393291, true },
+  { 393311, true },
+  { 393328, true },
+  { 393338, true },
+  { 393362, true },
+  { 393380, true },
+  { 393395, true },
+  { 393410, true },
+  { 393423, true },
+  { 393436, true },
+  { 393451, true },
+  { 393466, true },
+  { 393481, true },
+  { 393495, true },
+  { 393509, true },
+  { 393533, true },
+  { 393557, true },
+  { 393573, true },
+  { 393594, true },
+  { 393610, true },
+  { 393631, true },
+  { 393653, true },
+  { 393664, true },
+  { 393680, true },
+  { 393696, true },
+  { 393709, true },
+  { 393719, true },
+  { 393732, true },
+  { 393750, true },
+  { 393774, true },
+  { 393789, true },
+  { 393803, true },
+  { 393816, true },
+  { 393835, true },
+  { 393849, true },
+  { 393867, true },
+  { 393881, true },
+  { 393892, true },
+  { 393906, true },
+  { 393914, true },
+  { 393931, true },
+  { 393943, true },
+  { 393957, true },
+  { 393973, true },
+  { 393986, false },
+  { 394003, true },
+  { 394014, true },
+  { 394031, true },
+  { 394043, true },
+  { 394054, true },
+  { 394069, true },
+  { 394083, true },
+  { 394092, true },
+  { 394109, true },
+  { 394121, true },
+  { 394130, true },
+  { 394142, true },
+  { 394162, true },
+  { 394179, true },
+  { 394196, true },
+  { 394216, true },
+  { 394234, false },
+  { 394248, true },
+  { 394265, true },
+  { 394291, true },
+  { 394309, true },
+  { 394319, true },
+  { 394334, true },
+  { 394351, true },
+  { 394369, true },
+  { 394385, true },
+  { 394407, true },
+  { 394429, true },
+  { 394457, true },
+  { 394472, true },
+  { 394494, true },
+  { 394510, true },
+  { 394526, true },
+  { 394545, true },
+  { 394563, true },
+  { 394579, true },
+  { 394596, true },
+  { 394613, true },
+  { 394636, true },
+  { 394651, true },
+  { 394662, true },
+  { 394673, true },
+  { 394688, true },
+  { 394711, true },
+  { 394729, true },
+  { 394741, true },
+  { 394756, true },
+  { 394774, true },
+  { 394784, true },
+  { 394797, true },
+  { 394807, true },
+  { 394818, true },
+  { 394833, true },
+  { 394842, true },
+  { 394855, true },
+  { 394877, true },
+  { 394887, true },
+  { 394900, true },
+  { 394914, true },
+  { 394938, true },
+  { 394951, true },
+  { 394965, true },
+  { 394978, false },
+  { 394987, true },
+  { 394997, true },
+  { 395010, false },
+  { 395022, true },
+  { 395033, true },
+  { 395052, true },
+  { 395069, true },
+  { 395079, true },
+  { 395090, true },
+  { 395103, true },
+  { 395117, true },
+  { 395127, true },
+  { 395137, true },
+  { 395148, true },
+  { 395163, true },
+  { 395172, true },
+  { 395183, true },
+  { 395193, true },
+  { 395214, true },
+  { 395225, false },
+  { 395238, true },
+  { 395254, true },
+  { 395266, true },
+  { 395280, true },
+  { 395291, true },
+  { 395305, true },
+  { 395317, false },
+  { 395328, false },
+  { 395339, true },
+  { 395359, true },
+  { 395373, true },
+  { 395396, true },
+  { 395428, true },
+  { 395450, true },
+  { 395458, true },
+  { 395468, true },
+  { 395495, true },
+  { 395514, false },
+  { 395526, true },
+  { 395539, true },
+  { 395561, true },
+  { 395569, true },
+  { 395584, true },
+  { 395601, true },
+  { 395617, true },
+  { 395630, true },
+  { 395639, true },
+  { 395657, true },
+  { 395674, true },
+  { 395691, true },
+  { 395705, true },
+  { 395716, true },
+  { 395729, true },
+  { 395743, true },
+  { 395756, true },
+  { 395765, true },
+  { 395776, true },
+  { 395787, true },
+  { 395797, true },
+  { 395809, true },
+  { 395820, true },
+  { 395837, false },
+  { 395846, true },
+  { 395869, true },
+  { 395887, true },
+  { 395900, true },
+  { 395915, true },
+  { 395930, true },
+  { 395946, true },
+  { 395962, true },
+  { 395984, true },
+  { 396000, true },
+  { 396010, true },
+  { 396023, true },
+  { 396039, true },
+  { 396047, true },
+  { 396060, true },
+  { 396075, true },
+  { 396095, true },
+  { 396106, true },
+  { 396116, true },
+  { 396130, true },
+  { 396147, true },
+  { 396176, true },
+  { 396195, true },
+  { 396211, true },
+  { 396229, true },
+  { 396257, true },
+  { 396285, true },
+  { 396314, true },
+  { 396345, true },
+  { 396378, true },
+  { 396404, true },
+  { 396425, true },
+  { 396444, true },
+  { 396462, true },
+  { 396481, true },
+  { 396498, true },
+  { 396514, true },
+  { 396527, true },
+  { 396539, true },
+  { 396553, true },
+  { 396564, true },
+  { 396584, true },
+  { 396596, true },
+  { 396610, true },
+  { 396634, true },
+  { 396657, true },
+  { 396685, true },
+  { 396696, true },
+  { 396718, true },
+  { 396734, true },
+  { 396746, true },
+  { 396764, true },
+  { 396778, true },
+  { 396792, false },
+  { 396813, true },
+  { 396828, true },
+  { 396848, true },
+  { 396865, true },
+  { 396876, true },
+  { 396886, true },
+  { 396904, true },
+  { 396914, true },
+  { 396923, true },
+  { 396934, true },
+  { 396949, true },
+  { 396961, true },
+  { 396980, true },
+  { 397006, true },
+  { 397019, true },
+  { 397032, true },
+  { 397046, true },
+  { 397063, true },
+  { 397082, true },
+  { 397096, true },
+  { 397113, true },
+  { 397131, true },
+  { 397146, true },
+  { 397167, true },
+  { 397188, true },
+  { 397200, true },
+  { 397213, true },
+  { 397221, true },
+  { 397235, true },
+  { 397249, true },
+  { 397263, true },
+  { 397277, true },
+  { 397297, true },
+  { 397320, true },
+  { 397340, true },
+  { 397373, true },
+  { 397385, true },
+  { 397398, true },
+  { 397409, true },
+  { 397435, true },
+  { 397445, true },
+  { 397461, true },
+  { 397473, true },
+  { 397484, true },
+  { 397506, true },
+  { 397527, true },
+  { 397551, false },
+  { 397571, true },
+  { 397587, true },
+  { 397597, true },
+  { 397609, true },
+  { 397624, true },
+  { 397637, true },
+  { 397651, true },
+  { 397668, true },
+  { 397681, true },
+  { 397695, false },
+  { 397703, true },
+  { 397722, true },
+  { 397737, true },
+  { 397751, true },
+  { 397766, true },
+  { 397783, true },
+  { 397805, true },
+  { 397815, true },
+  { 397831, true },
+  { 397844, false },
+  { 397858, true },
+  { 397875, true },
+  { 397884, true },
+  { 397902, true },
+  { 397911, true },
+  { 397929, true },
+  { 397939, true },
+  { 397954, true },
+  { 397967, true },
+  { 397977, true },
+  { 397991, true },
+  { 398007, true },
+  { 398020, true },
+  { 398038, true },
+  { 398053, true },
+  { 398068, true },
+  { 398085, true },
+  { 398098, true },
+  { 398107, true },
+  { 398118, true },
+  { 398134, true },
+  { 398149, true },
+  { 398162, true },
+  { 398173, true },
+  { 398186, true },
+  { 398199, false },
+  { 398210, true },
+  { 398226, true },
+  { 398238, true },
+  { 398252, true },
+  { 398273, true },
+  { 398284, true },
+  { 398301, true },
+  { 398315, true },
+  { 398330, true },
+  { 398341, true },
+  { 398352, true },
+  { 398368, true },
+  { 398386, true },
+  { 398398, true },
+  { 398414, true },
+  { 398425, true },
+  { 398446, true },
+  { 398467, true },
+  { 398490, true },
+  { 398509, true },
+  { 398522, true },
+  { 398542, true },
+  { 398562, true },
+  { 398582, true },
+  { 398603, true },
+  { 398614, true },
+  { 398629, true },
+  { 398645, true },
+  { 398660, true },
+  { 398671, true },
+  { 398701, true },
+  { 398715, true },
+  { 398726, true },
+  { 398737, true },
+  { 398746, true },
+  { 398754, true },
+  { 398767, true },
+  { 398787, true },
+  { 398798, true },
+  { 398815, true },
+  { 398829, true },
+  { 398840, true },
+  { 398853, true },
+  { 398865, true },
+  { 398875, true },
+  { 398885, true },
+  { 398895, false },
+  { 398909, true },
+  { 398920, true },
+  { 398930, true },
+  { 398942, true },
+  { 398959, true },
+  { 398977, true },
+  { 398987, true },
+  { 399004, true },
+  { 399013, true },
+  { 399021, true },
+  { 399043, true },
+  { 399059, true },
+  { 399082, true },
+  { 399095, true },
+  { 399110, true },
+  { 399120, true },
+  { 399133, true },
+  { 399154, true },
+  { 399165, true },
+  { 399179, true },
+  { 399190, true },
+  { 399201, true },
+  { 399216, true },
+  { 399232, false },
+  { 399243, false },
+  { 399258, true },
+  { 399273, false },
+  { 399292, true },
+  { 399304, true },
+  { 399317, true },
+  { 399334, true },
+  { 399360, true },
+  { 399371, true },
+  { 399381, true },
+  { 399392, true },
+  { 399412, true },
+  { 399434, true },
+  { 399448, true },
+  { 399462, true },
+  { 399476, true },
+  { 399483, true },
+  { 399495, false },
+  { 399507, true },
+  { 399520, true },
+  { 399533, true },
+  { 399543, false },
+  { 399553, true },
+  { 399564, true },
+  { 399576, true },
+  { 399586, true },
+  { 399597, true },
+  { 399609, true },
+  { 399619, true },
+  { 399629, true },
+  { 399641, true },
+  { 399654, true },
+  { 399665, true },
+  { 399680, true },
+  { 399697, true },
+  { 399710, true },
+  { 399727, true },
+  { 399744, true },
+  { 399759, true },
+  { 399772, true },
+  { 399781, true },
+  { 399788, true },
+  { 399807, true },
+  { 399818, true },
+  { 399837, false },
+  { 399848, true },
+  { 399860, true },
+  { 399877, true },
+  { 399894, true },
+  { 399908, true },
+  { 399921, true },
+  { 399932, true },
+  { 399951, true },
+  { 399963, true },
+  { 399974, true },
+  { 399987, true },
+  { 399998, true },
+  { 400015, true },
+  { 400032, false },
+  { 400047, false },
+  { 400056, true },
+  { 400065, true },
+  { 400085, true },
+  { 400108, false },
+  { 400121, true },
+  { 400128, true },
+  { 400135, false },
+  { 400142, true },
+  { 400152, true },
+  { 400166, true },
+  { 400175, true },
+  { 400185, true },
+  { 400203, true },
+  { 400213, true },
+  { 400235, true },
+  { 400256, true },
+  { 400267, true },
+  { 400285, true },
+  { 400305, true },
+  { 400319, true },
+  { 400333, true },
+  { 400349, false },
+  { 400369, false },
+  { 400381, true },
+  { 400393, true },
+  { 400408, true },
+  { 400420, true },
+  { 400437, false },
+  { 400451, true },
+  { 400463, true },
+  { 400482, true },
+  { 400492, true },
+  { 400516, true },
+  { 400529, true },
+  { 400537, true },
+  { 400556, true },
+  { 400579, false },
+  { 400593, true },
+  { 400610, true },
+  { 400626, true },
+  { 400642, true },
+  { 400651, true },
+  { 400661, true },
+  { 400677, true },
+  { 400688, true },
+  { 400703, true },
+  { 400716, true },
+  { 400731, true },
+  { 400739, true },
+  { 400754, true },
+  { 400768, true },
+  { 400784, true },
+  { 400805, true },
+  { 400815, false },
+  { 400830, true },
+  { 400844, true },
+  { 400865, true },
+  { 400885, true },
+  { 400902, true },
+  { 400911, true },
+  { 400931, true },
+  { 400942, true },
+  { 400950, true },
+  { 400964, true },
+  { 400974, true },
+  { 400991, false },
+  { 401001, false },
+  { 401015, true },
+  { 401029, true },
+  { 401041, true },
+  { 401051, false },
+  { 401064, true },
+  { 401080, true },
+  { 401089, true },
+  { 401111, true },
+  { 401124, true },
+  { 401140, true },
+  { 401161, true },
+  { 401175, true },
+  { 401188, true },
+  { 401207, true },
+  { 401217, true },
+  { 401226, true },
+  { 401235, true },
+  { 401245, true },
+  { 401260, true },
+  { 401274, true },
+  { 401287, true },
+  { 401297, true },
+  { 401326, true },
+  { 401338, true },
+  { 401350, true },
+  { 401371, true },
+  { 401392, true },
+  { 401406, true },
+  { 401422, true },
+  { 401439, true },
+  { 401450, true },
+  { 401471, true },
+  { 401485, true },
+  { 401505, true },
+  { 401517, true },
+  { 401531, true },
+  { 401545, true },
+  { 401555, true },
+  { 401569, true },
+  { 401582, true },
+  { 401596, true },
+  { 401606, true },
+  { 401619, true },
+  { 401630, true },
+  { 401641, true },
+  { 401657, true },
+  { 401676, true },
+  { 401693, true },
+  { 401707, false },
+  { 401722, true },
+  { 401732, true },
+  { 401747, true },
+  { 401758, true },
+  { 401780, true },
+  { 401789, true },
+  { 401799, true },
+  { 401823, true },
+  { 401842, true },
+  { 401865, true },
+  { 401875, true },
+  { 401903, true },
+  { 401935, true },
+  { 401950, true },
+  { 401962, true },
+  { 401971, true },
+  { 401986, true },
+  { 402000, true },
+  { 402016, true },
+  { 402030, true },
+  { 402043, true },
+  { 402055, true },
+  { 402069, true },
+  { 402087, true },
+  { 402099, true },
+  { 402113, true },
+  { 402135, true },
+  { 402146, true },
+  { 402158, true },
+  { 402171, true },
+  { 402185, true },
+  { 402202, true },
+  { 402220, true },
+  { 402237, true },
+  { 402255, true },
+  { 402275, true },
+  { 402296, true },
+  { 402315, true },
+  { 402328, true },
+  { 402342, true },
+  { 402357, true },
+  { 402373, false },
+  { 402390, true },
+  { 402412, true },
+  { 402427, true },
+  { 402440, true },
+  { 402452, true },
+  { 402462, false },
+  { 402474, true },
+  { 402483, true },
+  { 402495, true },
+  { 402507, true },
+  { 402517, true },
+  { 402540, true },
+  { 402550, true },
+  { 402562, true },
+  { 402579, true },
+  { 402585, true },
+  { 402601, true },
+  { 402611, true },
+  { 402621, true },
+  { 402629, true },
+  { 402645, true },
+  { 402655, true },
+  { 402666, true },
+  { 402680, true },
+  { 402700, true },
+  { 402711, true },
+  { 402723, true },
+  { 402742, true },
+  { 402762, true },
+  { 402772, true },
+  { 402793, true },
+  { 402802, true },
+  { 402821, true },
+  { 402849, true },
+  { 402863, true },
+  { 402877, true },
+  { 402896, true },
+  { 402918, true },
+  { 402940, true },
+  { 402962, true },
+  { 402980, true },
+  { 402997, true },
+  { 403013, true },
+  { 403035, true },
+  { 403046, true },
+  { 403062, true },
+  { 403075, true },
+  { 403091, true },
+  { 403104, true },
+  { 403120, true },
+  { 403132, true },
+  { 403144, true },
+  { 403157, true },
+  { 403169, true },
+  { 403184, true },
+  { 403199, true },
+  { 403213, true },
+  { 403231, true },
+  { 403247, true },
+  { 403262, true },
+  { 403287, true },
+  { 403307, true },
+  { 403326, true },
+  { 403345, true },
+  { 403361, true },
+  { 403374, true },
+  { 403389, true },
+  { 403404, true },
+  { 403420, true },
+  { 403432, true },
+  { 403449, true },
+  { 403468, true },
+  { 403483, true },
+  { 403494, true },
+  { 403510, true },
+  { 403527, true },
+  { 403540, true },
+  { 403557, true },
+  { 403572, true },
+  { 403589, true },
+  { 403608, true },
+  { 403621, true },
+  { 403637, true },
+  { 403651, true },
+  { 403668, true },
+  { 403679, true },
+  { 403692, true },
+  { 403704, true },
+  { 403718, false },
+  { 403734, true },
+  { 403749, false },
+  { 403768, false },
+  { 403788, false },
+  { 403808, true },
+  { 403822, true },
+  { 403834, true },
+  { 403849, true },
+  { 403860, true },
+  { 403873, true },
+  { 403891, true },
+  { 403904, true },
+  { 403916, true },
+  { 403927, true },
+  { 403943, true },
+  { 403958, false },
+  { 403975, true },
+  { 403989, true },
+  { 404011, true },
+  { 404031, true },
+  { 404053, true },
+  { 404069, true },
+  { 404084, true },
+  { 404103, true },
+  { 404129, true },
+  { 404146, true },
+  { 404163, true },
+  { 404184, true },
+  { 404201, true },
+  { 404219, true },
+  { 404237, true },
+  { 404248, true },
+  { 404264, true },
+  { 404285, true },
+  { 404299, true },
+  { 404314, true },
+  { 404327, true },
+  { 404340, true },
+  { 404353, true },
+  { 404366, true },
+  { 404380, true },
+  { 404393, true },
+  { 404406, true },
+  { 404424, true },
+  { 404437, true },
+  { 404450, true },
+  { 404459, true },
+  { 404468, true },
+  { 404485, true },
+  { 404508, true },
+  { 404523, true },
+  { 404533, true },
+  { 404541, true },
+  { 404550, true },
+  { 404568, true },
+  { 404581, true },
+  { 404591, true },
+  { 404612, true },
+  { 404624, true },
+  { 404638, true },
+  { 404647, true },
+  { 404656, true },
+  { 404669, true },
+  { 404685, true },
+  { 404704, true },
+  { 404718, true },
+  { 404739, true },
+  { 404748, true },
+  { 404767, true },
+  { 404780, true },
+  { 404794, false },
+  { 404809, true },
+  { 404827, true },
+  { 404843, true },
+  { 404857, true },
+  { 404868, true },
+  { 404886, true },
+  { 404896, true },
+  { 404909, true },
+  { 404929, true },
+  { 404941, true },
+  { 404953, true },
+  { 404968, true },
+  { 404987, true },
+  { 405003, true },
+  { 405017, true },
+  { 405037, false },
+  { 405052, true },
+  { 405080, true },
+  { 405103, true },
+  { 405122, true },
+  { 405135, true },
+  { 405150, true },
+  { 405164, true },
+  { 405184, true },
+  { 405206, true },
+  { 405236, true },
+  { 405258, false },
+  { 405281, true },
+  { 405297, true },
+  { 405309, true },
+  { 405321, true },
+  { 405332, true },
+  { 405347, true },
+  { 405356, true },
+  { 405376, true },
+  { 405389, true },
+  { 405396, true },
+  { 405410, true },
+  { 405418, true },
+  { 405432, true },
+  { 405451, true },
+  { 405472, false },
+  { 405488, true },
+  { 405506, true },
+  { 405521, true },
+  { 405533, true },
+  { 405543, true },
+  { 405563, true },
+  { 405580, true },
+  { 405593, true },
+  { 405604, true },
+  { 405616, true },
+  { 405631, true },
+  { 405643, true },
+  { 405659, true },
+  { 405678, true },
+  { 405691, true },
+  { 405703, true },
+  { 405724, true },
+  { 405732, true },
+  { 405742, true },
+  { 405759, false },
+  { 405782, true },
+  { 405805, true },
+  { 405814, true },
+  { 405824, true },
+  { 405837, true },
+  { 405847, true },
+  { 405858, true },
+  { 405873, true },
+  { 405886, true },
+  { 405905, true },
+  { 405916, true },
+  { 405937, true },
+  { 405952, true },
+  { 405975, true },
+  { 405993, true },
+  { 406010, false },
+  { 406020, false },
+  { 406034, true },
+  { 406054, true },
+  { 406069, true },
+  { 406082, true },
+  { 406102, true },
+  { 406118, true },
+  { 406133, true },
+  { 406147, true },
+  { 406163, false },
+  { 406186, true },
+  { 406199, true },
+  { 406211, true },
+  { 406230, true },
+  { 406241, true },
+  { 406249, true },
+  { 406260, true },
+  { 406278, true },
+  { 406303, true },
+  { 406316, true },
+  { 406330, true },
+  { 406344, true },
+  { 406354, true },
+  { 406364, true },
+  { 406372, true },
+  { 406386, true },
+  { 406400, true },
+  { 406414, true },
+  { 406427, true },
+  { 406440, true },
+  { 406454, true },
+  { 406465, false },
+  { 406480, false },
+  { 406493, true },
+  { 406507, true },
+  { 406532, true },
+  { 406549, true },
+  { 406563, true },
+  { 406575, true },
+  { 406593, true },
+  { 406605, true },
+  { 406625, true },
+  { 406639, true },
+  { 406649, true },
+  { 406669, true },
+  { 406681, true },
+  { 406697, true },
+  { 406727, true },
+  { 406744, true },
+  { 406772, true },
+  { 406796, true },
+  { 406824, true },
+  { 406834, true },
+  { 406849, true },
+  { 406864, true },
+  { 406878, true },
+  { 406893, true },
+  { 406906, true },
+  { 406919, true },
+  { 406933, true },
+  { 406948, true },
+  { 406963, true },
+  { 406972, true },
+  { 406982, true },
+  { 406994, true },
+  { 407007, true },
+  { 407017, true },
+  { 407031, true },
+  { 407040, true },
+  { 407058, true },
+  { 407080, true },
+  { 407089, true },
+  { 407100, true },
+  { 407111, true },
+  { 407122, true },
+  { 407129, true },
+  { 407144, true },
+  { 407162, true },
+  { 407180, true },
+  { 407191, true },
+  { 407201, true },
+  { 407213, true },
+  { 407226, true },
+  { 407234, true },
+  { 407242, true },
+  { 407250, true },
+  { 407259, true },
+  { 407267, false },
+  { 407287, true },
+  { 407299, true },
+  { 407311, true },
+  { 407323, false },
+  { 407333, true },
+  { 407348, true },
+  { 407367, true },
+  { 407381, true },
+  { 407401, true },
+  { 407422, true },
+  { 407447, true },
+  { 407462, true },
+  { 407472, true },
+  { 407485, true },
+  { 407499, true },
+  { 407514, true },
+  { 407540, true },
+  { 407551, true },
+  { 407565, true },
+  { 407583, true },
+  { 407600, true },
+  { 407615, true },
+  { 407628, true },
+  { 407636, true },
+  { 407651, false },
+  { 407668, false },
+  { 407686, true },
+  { 407708, true },
+  { 407724, true },
+  { 407739, true },
+  { 407752, true },
+  { 407770, true },
+  { 407783, true },
+  { 407792, true },
+  { 407811, true },
+  { 407827, true },
+  { 407844, true },
+  { 407858, true },
+  { 407871, true },
+  { 407882, true },
+  { 407899, true },
+  { 407922, true },
+  { 407937, true },
+  { 407959, true },
+  { 407973, true },
+  { 407994, true },
+  { 408008, true },
+  { 408020, true },
+  { 408044, true },
+  { 408065, true },
+  { 408091, true },
+  { 408110, true },
+  { 408129, true },
+  { 408147, true },
+  { 408164, true },
+  { 408175, true },
+  { 408196, true },
+  { 408215, true },
+  { 408241, true },
+  { 408258, true },
+  { 408278, true },
+  { 408294, true },
+  { 408320, true },
+  { 408340, true },
+  { 408361, true },
+  { 408384, true },
+  { 408403, true },
+  { 408427, true },
+  { 408444, true },
+  { 408463, true },
+  { 408481, true },
+  { 408500, true },
+  { 408521, true },
+  { 408543, true },
+  { 408554, true },
+  { 408565, true },
+  { 408586, true },
+  { 408604, true },
+  { 408628, true },
+  { 408647, true },
+  { 408663, true },
+  { 408684, true },
+  { 408706, false },
+  { 408732, true },
+  { 408751, true },
+  { 408762, true },
+  { 408779, true },
+  { 408803, true },
+  { 408825, true },
+  { 408851, true },
+  { 408864, true },
+  { 408882, true },
+  { 408904, true },
+  { 408926, true },
+  { 408948, true },
+  { 408973, true },
+  { 408999, true },
+  { 409015, true },
+  { 409032, true },
+  { 409050, true },
+  { 409067, true },
+  { 409085, true },
+  { 409103, true },
+  { 409122, true },
+  { 409136, true },
+  { 409146, true },
+  { 409163, true },
+  { 409184, true },
+  { 409199, true },
+  { 409216, true },
+  { 409232, true },
+  { 409255, true },
+  { 409267, true },
+  { 409286, true },
+  { 409304, true },
+  { 409327, true },
+  { 409340, true },
+  { 409356, true },
+  { 409367, true },
+  { 409385, true },
+  { 409401, true },
+  { 409417, true },
+  { 409435, true },
+  { 409453, true },
+  { 409472, true },
+  { 409485, true },
+  { 409503, true },
+  { 409527, true },
+  { 409550, true },
+  { 409565, true },
+  { 409582, true },
+  { 409616, true },
+  { 409643, true },
+  { 409653, true },
+  { 409669, true },
+  { 409687, true },
+  { 409705, true },
+  { 409721, true },
+  { 409737, true },
+  { 409757, true },
+  { 409773, true },
+  { 409791, true },
+  { 409808, true },
+  { 409827, true },
+  { 409840, true },
+  { 409860, true },
+  { 409877, true },
+  { 409900, true },
+  { 409915, true },
+  { 409933, true },
+  { 409949, true },
+  { 409966, true },
+  { 409985, true },
+  { 409996, true },
+  { 410007, true },
+  { 410029, true },
+  { 410047, true },
+  { 410077, true },
+  { 410102, true },
+  { 410122, true },
+  { 410137, true },
+  { 410161, true },
+  { 410176, true },
+  { 410187, true },
+  { 410204, true },
+  { 410218, true },
+  { 410232, true },
+  { 410247, true },
+  { 410263, true },
+  { 410283, true },
+  { 410297, true },
+  { 410312, true },
+  { 410325, true },
+  { 410342, true },
+  { 410363, true },
+  { 410382, true },
+  { 410407, true },
+  { 410418, true },
+  { 410431, true },
+  { 410454, true },
+  { 410469, true },
+  { 410483, true },
+  { 410495, true },
+  { 410512, true },
+  { 410534, true },
+  { 410547, true },
+  { 410571, true },
+  { 410592, true },
+  { 410615, true },
+  { 410624, true },
+  { 410645, true },
+  { 410667, true },
+  { 410677, true },
+  { 410690, true },
+  { 410707, true },
+  { 410728, true },
+  { 410767, true },
+  { 410788, true },
+  { 410806, true },
+  { 410830, true },
+  { 410856, true },
+  { 410873, true },
+  { 410893, true },
+  { 410909, true },
+  { 410922, true },
+  { 410933, true },
+  { 410950, true },
+  { 410968, true },
+  { 410983, true },
+  { 410999, true },
+  { 411016, true },
+  { 411030, true },
+  { 411043, true },
+  { 411056, true },
+  { 411072, true },
+  { 411084, true },
+  { 411114, true },
+  { 411128, true },
+  { 411147, true },
+  { 411169, false },
+  { 411187, true },
+  { 411211, true },
+  { 411224, true },
+  { 411244, true },
+  { 411255, true },
+  { 411270, true },
+  { 411289, true },
+  { 411309, true },
+  { 411326, false },
+  { 411341, true },
+  { 411359, true },
+  { 411377, true },
+  { 411396, true },
+  { 411418, true },
+  { 411430, true },
+  { 411449, true },
+  { 411464, true },
+  { 411479, true },
+  { 411491, true },
+  { 411517, true },
+  { 411536, true },
+  { 411548, true },
+  { 411566, true },
+  { 411591, true },
+  { 411605, true },
+  { 411625, true },
+  { 411640, true },
+  { 411659, true },
+  { 411677, true },
+  { 411695, true },
+  { 411715, true },
+  { 411735, false },
+  { 411751, true },
+  { 411770, true },
+  { 411784, true },
+  { 411813, false },
+  { 411824, true },
+  { 411836, true },
+  { 411853, true },
+  { 411869, true },
+  { 411893, true },
+  { 411923, true },
+  { 411940, true },
+  { 411961, true },
+  { 411981, true },
+  { 411995, true },
+  { 412013, true },
+  { 412029, true },
+  { 412049, true },
+  { 412059, true },
+  { 412076, false },
+  { 412094, true },
+  { 412110, true },
+  { 412134, true },
+  { 412145, true },
+  { 412157, true },
+  { 412183, true },
+  { 412201, true },
+  { 412220, true },
+  { 412237, true },
+  { 412261, true },
+  { 412278, true },
+  { 412291, true },
+  { 412311, true },
+  { 412325, true },
+  { 412346, true },
+  { 412371, true },
+  { 412390, true },
+  { 412418, true },
+  { 412436, true },
+  { 412452, true },
+  { 412468, true },
+  { 412482, true },
+  { 412495, true },
+  { 412510, true },
+  { 412532, true },
+  { 412549, false },
+  { 412569, true },
+  { 412584, true },
+  { 412601, false },
+  { 412616, true },
+  { 412636, true },
+  { 412655, true },
+  { 412681, true },
+  { 412698, true },
+  { 412723, true },
+  { 412744, true },
+  { 412751, true },
+  { 412761, true },
+  { 412773, true },
+  { 412788, true },
+  { 412807, true },
+  { 412823, true },
+  { 412842, true },
+  { 412859, true },
+  { 412876, true },
+  { 412894, true },
+  { 412910, true },
+  { 412927, false },
+  { 412945, true },
+  { 412961, true },
+  { 412974, true },
+  { 412997, true },
+  { 413021, true },
+  { 413039, true },
+  { 413052, true },
+  { 413066, true },
+  { 413089, true },
+  { 413104, true },
+  { 413119, true },
+  { 413128, true },
+  { 413140, true },
+  { 413165, true },
+  { 413178, true },
+  { 413192, true },
+  { 413214, true },
+  { 413236, true },
+  { 413247, true },
+  { 413258, true },
+  { 413277, true },
+  { 413303, true },
+  { 413320, true },
+  { 413337, true },
+  { 413354, true },
+  { 413364, true },
+  { 413391, true },
+  { 413408, true },
+  { 413433, true },
+  { 413452, true },
+  { 413465, true },
+  { 413480, true },
+  { 413494, true },
+  { 413511, true },
+  { 413528, true },
+  { 413541, true },
+  { 413555, true },
+  { 413577, true },
+  { 413592, true },
+  { 413606, true },
+  { 413615, true },
+  { 413624, true },
+  { 413652, true },
+  { 413666, true },
+  { 413690, true },
+  { 413704, true },
+  { 413720, true },
+  { 413730, true },
+  { 413742, false },
+  { 413753, true },
+  { 413769, true },
+  { 413785, true },
+  { 413801, true },
+  { 413817, true },
+  { 413830, true },
+  { 413844, true },
+  { 413853, true },
+  { 413863, true },
+  { 413874, true },
+  { 413888, true },
+  { 413906, true },
+  { 413920, true },
+  { 413930, true },
+  { 413945, true },
+  { 413958, true },
+  { 413976, true },
+  { 413991, true },
+  { 414002, true },
+  { 414020, true },
+  { 414033, true },
+  { 414048, true },
+  { 414067, true },
+  { 414080, true },
+  { 414097, true },
+  { 414113, true },
+  { 414132, true },
+  { 414148, true },
+  { 414164, true },
+  { 414187, true },
+  { 414209, true },
+  { 414219, true },
+  { 414226, true },
+  { 414241, true },
+  { 414255, true },
+  { 414276, true },
+  { 414294, true },
+  { 414306, true },
+  { 414330, true },
+  { 414360, true },
+  { 414386, true },
+  { 414399, true },
+  { 414408, true },
+  { 414416, true },
+  { 414426, true },
+  { 414445, true },
+  { 414459, true },
+  { 414473, true },
+  { 414489, true },
+  { 414501, true },
+  { 414511, true },
+  { 414519, true },
+  { 414530, true },
+  { 414539, true },
+  { 414554, true },
+  { 414572, true },
+  { 414585, true },
+  { 414602, true },
+  { 414613, true },
+  { 414625, true },
+  { 414636, true },
+  { 414649, true },
+  { 414661, true },
+  { 414669, true },
+  { 414681, true },
+  { 414708, true },
+  { 414727, true },
+  { 414752, true },
+  { 414768, true },
+  { 414782, true },
+  { 414802, true },
+  { 414814, true },
+  { 414829, true },
+  { 414843, true },
+  { 414855, true },
+  { 414867, true },
+  { 414878, true },
+  { 414893, true },
+  { 414904, true },
+  { 414917, true },
+  { 414927, true },
+  { 414942, true },
+  { 414954, true },
+  { 414970, true },
+  { 414985, true },
+  { 415000, true },
+  { 415014, true },
+  { 415030, true },
+  { 415039, true },
+  { 415048, true },
+  { 415059, true },
+  { 415073, true },
+  { 415084, false },
+  { 415099, true },
+  { 415113, true },
+  { 415127, true },
+  { 415136, true },
+  { 415149, true },
+  { 415159, true },
+  { 415172, true },
+  { 415192, true },
+  { 415204, false },
+  { 415224, true },
+  { 415238, true },
+  { 415252, true },
+  { 415268, true },
+  { 415282, true },
+  { 415293, true },
+  { 415310, true },
+  { 415324, true },
+  { 415337, true },
+  { 415351, true },
+  { 415375, true },
+  { 415387, true },
+  { 415401, true },
+  { 415413, true },
+  { 415425, true },
+  { 415448, true },
+  { 415460, true },
+  { 415472, true },
+  { 415482, true },
+  { 415492, true },
+  { 415502, true },
+  { 415517, true },
+  { 415530, true },
+  { 415547, true },
+  { 415574, true },
+  { 415587, true },
+  { 415601, true },
+  { 415620, true },
+  { 415645, true },
+  { 415661, true },
+  { 415678, true },
+  { 415705, true },
+  { 415716, true },
+  { 415724, true },
+  { 415746, true },
+  { 415756, true },
+  { 415768, true },
+  { 415781, true },
+  { 415795, true },
+  { 415822, false },
+  { 415836, true },
+  { 415858, true },
+  { 415868, true },
+  { 415882, true },
+  { 415900, true },
+  { 415914, true },
+  { 415924, true },
+  { 415931, true },
+  { 415938, true },
+  { 415961, true },
+  { 415974, true },
+  { 415984, true },
+  { 415998, true },
+  { 416006, true },
+  { 416016, true },
+  { 416024, true },
+  { 416031, true },
+  { 416039, true },
+  { 416050, true },
+  { 416062, true },
+  { 416071, true },
+  { 416080, true },
+  { 416092, true },
+  { 416109, true },
+  { 416117, true },
+  { 416130, true },
+  { 416143, true },
+  { 416156, true },
+  { 416165, true },
+  { 416177, true },
+  { 416189, true },
+  { 416202, true },
+  { 416210, true },
+  { 416219, true },
+  { 416229, true },
+  { 416239, true },
+  { 416249, true },
+  { 416259, true },
+  { 416269, true },
+  { 416280, true },
+  { 416295, true },
+  { 416315, true },
+  { 416333, true },
+  { 416342, true },
+  { 416349, true },
+  { 416358, true },
+  { 416374, true },
+  { 416391, true },
+  { 416400, true },
+  { 416408, true },
+  { 416415, true },
+  { 416431, true },
+  { 416445, true },
+  { 416462, true },
+  { 416474, true },
+  { 416483, true },
+  { 416491, false },
+  { 416504, true },
+  { 416516, true },
+  { 416525, true },
+  { 416533, false },
+  { 416542, true },
+  { 416555, true },
+  { 416567, true },
+  { 416578, true },
+  { 416592, true },
+  { 416608, true },
+  { 416625, true },
+  { 416642, true },
+  { 416658, true },
+  { 416674, true },
+  { 416693, true },
+  { 416703, true },
+  { 416720, true },
+  { 416738, true },
+  { 416756, true },
+  { 416774, true },
+  { 416791, true },
+  { 416805, true },
+  { 416820, true },
+  { 416838, true },
+  { 416855, true },
+  { 416875, true },
+  { 416895, true },
+  { 416907, true },
+  { 416921, true },
+  { 416938, true },
+  { 416948, true },
+  { 416957, true },
+  { 416966, true },
+  { 416976, true },
+  { 416986, true },
+  { 416996, true },
+  { 417008, true },
+  { 417026, true },
+  { 417042, true },
+  { 417061, true },
+  { 417075, true },
+  { 417089, true },
+  { 417104, true },
+  { 417116, true },
+  { 417125, true },
+  { 417139, true },
+  { 417161, true },
+  { 417175, true },
+  { 417183, true },
+  { 417197, true },
+  { 417207, true },
+  { 417220, true },
+  { 417229, true },
+  { 417246, true },
+  { 417256, true },
+  { 417266, true },
+  { 417281, true },
+  { 417293, true },
+  { 417307, true },
+  { 417325, true },
+  { 417343, true },
+  { 417352, true },
+  { 417361, true },
+  { 417370, true },
+  { 417395, true },
+  { 417416, true },
+  { 417439, true },
+  { 417468, true },
+  { 417483, true },
+  { 417494, true },
+  { 417509, true },
+  { 417532, true },
+  { 417545, true },
+  { 417561, true },
+  { 417577, true },
+  { 417588, true },
+  { 417602, true },
+  { 417622, true },
+  { 417637, true },
+  { 417655, true },
+  { 417669, true },
+  { 417682, true },
+  { 417698, true },
+  { 417708, true },
+  { 417722, true },
+  { 417740, true },
+  { 417754, true },
+  { 417770, true },
+  { 417785, true },
+  { 417807, true },
+  { 417826, true },
+  { 417836, true },
+  { 417845, true },
+  { 417857, true },
+  { 417871, true },
+  { 417887, true },
+  { 417899, true },
+  { 417915, true },
+  { 417925, true },
+  { 417941, true },
+  { 417954, true },
+  { 417971, true },
+  { 417985, true },
+  { 418000, true },
+  { 418008, true },
+  { 418018, true },
+  { 418030, true },
+  { 418041, true },
+  { 418055, true },
+  { 418067, true },
+  { 418078, true },
+  { 418088, true },
+  { 418104, true },
+  { 418116, false },
+  { 418124, true },
+  { 418137, true },
+  { 418152, true },
+  { 418163, true },
+  { 418179, true },
+  { 418194, true },
+  { 418205, true },
+  { 418219, true },
+  { 418233, true },
+  { 418246, true },
+  { 418258, true },
+  { 418276, true },
+  { 418293, false },
+  { 418307, true },
+  { 418320, true },
+  { 418332, true },
+  { 418343, true },
+  { 418353, true },
+  { 418365, true },
+  { 418384, true },
+  { 418395, true },
+  { 418409, true },
+  { 418420, true },
+  { 418431, true },
+  { 418442, true },
+  { 418453, true },
+  { 418464, true },
+  { 418478, true },
+  { 418490, true },
+  { 418505, true },
+  { 418519, true },
+  { 418534, true },
+  { 418547, true },
+  { 418563, true },
+  { 418572, true },
+  { 418581, true },
+  { 418595, true },
+  { 418628, true },
+  { 418639, true },
+  { 418650, true },
+  { 418666, false },
+  { 418682, true },
+  { 418693, true },
+  { 418704, true },
+  { 418720, true },
+  { 418730, true },
+  { 418746, true },
+  { 418753, true },
+  { 418764, false },
+  { 418778, true },
+  { 418786, true },
+  { 418799, true },
+  { 418808, true },
+  { 418818, true },
+  { 418828, true },
+  { 418841, true },
+  { 418859, true },
+  { 418877, true },
+  { 418901, true },
+  { 418909, true },
+  { 418922, true },
+  { 418932, true },
+  { 418945, false },
+  { 418964, true },
+  { 418978, true },
+  { 419001, true },
+  { 419015, true },
+  { 419030, true },
+  { 419042, true },
+  { 419056, true },
+  { 419081, true },
+  { 419097, true },
+  { 419118, true },
+  { 419130, true },
+  { 419150, true },
+  { 419161, true },
+  { 419172, true },
+  { 419187, true },
+  { 419199, true },
+  { 419211, true },
+  { 419234, false },
+  { 419251, true },
+  { 419265, true },
+  { 419280, true },
+  { 419293, true },
+  { 419303, true },
+  { 419315, true },
+  { 419325, true },
+  { 419334, true },
+  { 419350, true },
+  { 419362, true },
+  { 419379, true },
+  { 419398, true },
+  { 419407, true },
+  { 419437, false },
+  { 419452, true },
+  { 419468, false },
+  { 419480, true },
+  { 419506, true },
+  { 419517, true },
+  { 419538, true },
+  { 419553, true },
+  { 419566, true },
+  { 419587, true },
+  { 419603, true },
+  { 419618, true },
+  { 419638, true },
+  { 419653, true },
+  { 419675, true },
+  { 419691, true },
+  { 419706, true },
+  { 419716, true },
+  { 419732, true },
+  { 419744, true },
+  { 419757, true },
+  { 419766, true },
+  { 419776, true },
+  { 419794, true },
+  { 419811, true },
+  { 419831, true },
+  { 419850, true },
+  { 419868, true },
+  { 419889, true },
+  { 419917, true },
+  { 419933, true },
+  { 419951, true },
+  { 419965, true },
+  { 419984, true },
+  { 420008, true },
+  { 420022, false },
+  { 420041, true },
+  { 420055, true },
+  { 420070, true },
+  { 420091, true },
+  { 420103, true },
+  { 420113, true },
+  { 420132, true },
+  { 420149, true },
+  { 420170, true },
+  { 420188, true },
+  { 420201, true },
+  { 420214, true },
+  { 420235, true },
+  { 420251, true },
+  { 420266, true },
+  { 420284, true },
+  { 420303, true },
+  { 420322, true },
+  { 420334, true },
+  { 420345, true },
+  { 420360, true },
+  { 420375, true },
+  { 420386, true },
+  { 420407, true },
+  { 420426, true },
+  { 420437, true },
+  { 420458, true },
+  { 420487, true },
+  { 420512, true },
+  { 420533, true },
+  { 420551, true },
+  { 420558, true },
+  { 420572, true },
+  { 420584, true },
+  { 420599, true },
+  { 420615, true },
+  { 420632, true },
+  { 420654, true },
+  { 420664, true },
+  { 420677, true },
+  { 420689, true },
+  { 420706, true },
+  { 420715, true },
+  { 420728, true },
+  { 420737, false },
+  { 420750, true },
+  { 420760, false },
+  { 420780, true },
+  { 420789, true },
+  { 420799, true },
+  { 420818, true },
+  { 420839, true },
+  { 420851, true },
+  { 420864, true },
+  { 420875, true },
+  { 420889, true },
+  { 420905, true },
+  { 420921, true },
+  { 420940, true },
+  { 420950, true },
+  { 420966, true },
+  { 420992, true },
+  { 421010, true },
+  { 421025, true },
+  { 421042, true },
+  { 421063, true },
+  { 421075, true },
+  { 421088, true },
+  { 421109, true },
+  { 421126, true },
+  { 421139, true },
+  { 421155, true },
+  { 421173, true },
+  { 421185, true },
+  { 421204, true },
+  { 421223, true },
+  { 421237, true },
+  { 421250, true },
+  { 421271, false },
+  { 421288, true },
+  { 421318, true },
+  { 421329, false },
+  { 421349, true },
+  { 421360, true },
+  { 421371, true },
+  { 421390, true },
+  { 421416, true },
+  { 421432, true },
+  { 421451, true },
+  { 421461, true },
+  { 421478, true },
+  { 421493, true },
+  { 421511, true },
+  { 421523, true },
+  { 421543, true },
+  { 421559, true },
+  { 421588, true },
+  { 421601, true },
+  { 421614, true },
+  { 421631, true },
+  { 421648, true },
+  { 421661, true },
+  { 421674, true },
+  { 421687, true },
+  { 421700, true },
+  { 421713, true },
+  { 421726, true },
+  { 421739, true },
+  { 421752, true },
+  { 421765, true },
+  { 421778, true },
+  { 421791, true },
+  { 421804, true },
+  { 421828, true },
+  { 421839, true },
+  { 421851, true },
+  { 421859, true },
+  { 421876, true },
+  { 421894, true },
+  { 421907, true },
+  { 421923, true },
+  { 421936, true },
+  { 421958, true },
+  { 421972, true },
+  { 421990, true },
+  { 422002, true },
+  { 422016, true },
+  { 422029, true },
+  { 422047, true },
+  { 422066, true },
+  { 422088, true },
+  { 422101, true },
+  { 422123, true },
+  { 422151, true },
+  { 422171, true },
+  { 422191, true },
+  { 422209, true },
+  { 422227, true },
+  { 422245, true },
+  { 422262, true },
+  { 422282, true },
+  { 422298, true },
+  { 422326, true },
+  { 422351, true },
+  { 422383, true },
+  { 422403, true },
+  { 422422, true },
+  { 422443, true },
+  { 422463, true },
+  { 422478, true },
+  { 422493, true },
+  { 422513, true },
+  { 422526, true },
+  { 422546, true },
+  { 422571, true },
+  { 422587, true },
+  { 422604, true },
+  { 422613, true },
+  { 422632, true },
+  { 422649, true },
+  { 422661, true },
+  { 422674, true },
+  { 422697, true },
+  { 422713, true },
+  { 422733, true },
+  { 422746, true },
+  { 422764, true },
+  { 422788, true },
+  { 422806, true },
+  { 422824, true },
+  { 422838, true },
+  { 422852, true },
+  { 422873, true },
+  { 422883, true },
+  { 422895, true },
+  { 422910, true },
+  { 422927, true },
+  { 422939, true },
+  { 422951, true },
+  { 422970, true },
+  { 422987, true },
+  { 423005, true },
+  { 423020, true },
+  { 423042, true },
+  { 423061, true },
+  { 423072, true },
+  { 423086, true },
+  { 423097, true },
+  { 423116, false },
+  { 423133, true },
+  { 423148, true },
+  { 423163, true },
+  { 423178, true },
+  { 423190, true },
+  { 423210, true },
+  { 423224, true },
+  { 423242, true },
+  { 423257, true },
+  { 423271, true },
+  { 423286, true },
+  { 423300, true },
+  { 423310, true },
+  { 423326, true },
+  { 423339, true },
+  { 423358, true },
+  { 423370, true },
+  { 423384, true },
+  { 423393, true },
+  { 423407, true },
+  { 423418, true },
+  { 423433, true },
+  { 423453, true },
+  { 423475, true },
+  { 423485, true },
+  { 423499, true },
+  { 423509, true },
+  { 423521, true },
+  { 423537, true },
+  { 423548, true },
+  { 423566, true },
+  { 423583, true },
+  { 423597, true },
+  { 423613, true },
+  { 423625, false },
+  { 423633, true },
+  { 423649, true },
+  { 423661, true },
+  { 423681, true },
+  { 423692, true },
+  { 423704, true },
+  { 423715, true },
+  { 423734, true },
+  { 423759, true },
+  { 423771, true },
+  { 423783, true },
+  { 423792, true },
+  { 423802, true },
+  { 423816, true },
+  { 423830, true },
+  { 423844, true },
+  { 423857, true },
+  { 423871, true },
+  { 423886, true },
+  { 423904, true },
+  { 423915, true },
+  { 423930, true },
+  { 423941, true },
+  { 423956, true },
+  { 423974, true },
+  { 423991, true },
+  { 424007, true },
+  { 424030, true },
+  { 424050, true },
+  { 424062, true },
+  { 424080, true },
+  { 424100, true },
+  { 424113, true },
+  { 424126, true },
+  { 424147, true },
+  { 424166, true },
+  { 424177, true },
+  { 424200, true },
+  { 424215, true },
+  { 424230, true },
+  { 424248, true },
+  { 424255, true },
+  { 424270, true },
+  { 424278, true },
+  { 424293, false },
+  { 424311, false },
+  { 424332, true },
+  { 424344, true },
+  { 424367, true },
+  { 424384, true },
+  { 424396, true },
+  { 424408, true },
+  { 424420, true },
+  { 424441, true },
+  { 424467, true },
+  { 424480, true },
+  { 424497, true },
+  { 424514, true },
+  { 424534, true },
+  { 424547, true },
+  { 424565, true },
+  { 424577, true },
+  { 424592, true },
+  { 424605, true },
+  { 424614, true },
+  { 424627, true },
+  { 424641, true },
+  { 424655, true },
+  { 424672, true },
+  { 424689, true },
+  { 424708, true },
+  { 424728, true },
+  { 424753, true },
+  { 424778, true },
+  { 424789, true },
+  { 424805, true },
+  { 424816, true },
+  { 424827, true },
+  { 424842, true },
+  { 424858, true },
+  { 424869, true },
+  { 424887, true },
+  { 424901, true },
+  { 424916, true },
+  { 424927, true },
+  { 424938, true },
+  { 424950, true },
+  { 424966, true },
+  { 424988, true },
+  { 425000, true },
+  { 425011, true },
+  { 425030, true },
+  { 425039, true },
+  { 425052, true },
+  { 425062, true },
+  { 425076, true },
+  { 425090, true },
+  { 425099, true },
+  { 425109, true },
+  { 425122, true },
+  { 425132, true },
+  { 425154, true },
+  { 425166, true },
+  { 425174, true },
+  { 425188, true },
+  { 425202, true },
+  { 425210, true },
+  { 425221, true },
+  { 425239, true },
+  { 425247, true },
+  { 425257, true },
+  { 425268, true },
+  { 425275, true },
+  { 425286, true },
+  { 425298, true },
+  { 425308, true },
+  { 425315, true },
+  { 425322, true },
+  { 425334, true },
+  { 425345, true },
+  { 425357, true },
+  { 425368, true },
+  { 425381, true },
+  { 425396, true },
+  { 425406, true },
+  { 425416, true },
+  { 425430, true },
+  { 425441, true },
+  { 425459, true },
+  { 425476, true },
+  { 425490, true },
+  { 425501, true },
+  { 425520, false },
+  { 425543, true },
+  { 425554, true },
+  { 425562, true },
+  { 425583, true },
+  { 425596, true },
+  { 425611, true },
+  { 425623, true },
+  { 425634, true },
+  { 425649, true },
+  { 425663, true },
+  { 425675, true },
+  { 425701, true },
+  { 425713, true },
+  { 425743, false },
+  { 425757, true },
+  { 425773, true },
+  { 425789, true },
+  { 425802, true },
+  { 425819, true },
+  { 425836, true },
+  { 425853, true },
+  { 425865, true },
+  { 425877, true },
+  { 425888, true },
+  { 425903, true },
+  { 425919, true },
+  { 425940, true },
+  { 425957, true },
+  { 425973, true },
+  { 425985, true },
+  { 425995, true },
+  { 426017, true },
+  { 426031, true },
+  { 426042, true },
+  { 426055, true },
+  { 426070, true },
+  { 426086, true },
+  { 426103, true },
+  { 426114, true },
+  { 426127, true },
+  { 426142, true },
+  { 426159, true },
+  { 426176, true },
+  { 426189, true },
+  { 426200, false },
+  { 426211, true },
+  { 426221, true },
+  { 426233, true },
+  { 426250, true },
+  { 426262, true },
+  { 426273, true },
+  { 426287, false },
+  { 426298, false },
+  { 426311, true },
+  { 426319, true },
+  { 426329, true },
+  { 426346, true },
+  { 426358, true },
+  { 426378, true },
+  { 426391, true },
+  { 426406, true },
+  { 426423, false },
+  { 426443, true },
+  { 426453, true },
+  { 426464, true },
+  { 426472, false },
+  { 426481, true },
+  { 426494, true },
+  { 426511, true },
+  { 426525, true },
+  { 426538, true },
+  { 426551, true },
+  { 426565, true },
+  { 426578, true },
+  { 426601, true },
+  { 426614, true },
+  { 426640, true },
+  { 426656, true },
+  { 426668, true },
+  { 426681, true },
+  { 426700, true },
+  { 426716, true },
+  { 426726, true },
+  { 426741, false },
+  { 426753, true },
+  { 426770, true },
+  { 426797, true },
+  { 426807, true },
+  { 426824, true },
+  { 426842, true },
+  { 426853, true },
+  { 426867, true },
+  { 426885, true },
+  { 426894, true },
+  { 426905, true },
+  { 426916, true },
+  { 426924, true },
+  { 426934, true },
+  { 426944, true },
+  { 426958, true },
+  { 426965, true },
+  { 426975, true },
+  { 426982, true },
+  { 426991, true },
+  { 427001, true },
+  { 427009, true },
+  { 427019, true },
+  { 427026, true },
+  { 427035, true },
+  { 427051, true },
+  { 427069, true },
+  { 427086, true },
+  { 427104, true },
+  { 427122, true },
+  { 427138, true },
+  { 427157, true },
+  { 427170, true },
+  { 427183, true },
+  { 427196, true },
+  { 427209, true },
+  { 427223, true },
+  { 427235, true },
+  { 427250, true },
+  { 427265, true },
+  { 427280, true },
+  { 427292, true },
+  { 427305, true },
+  { 427316, true },
+  { 427328, true },
+  { 427338, true },
+  { 427356, true },
+  { 427371, true },
+  { 427386, true },
+  { 427401, true },
+  { 427410, true },
+  { 427427, true },
+  { 427438, true },
+  { 427451, true },
+  { 427464, true },
+  { 427469, true },
+  { 427476, true },
+  { 427486, true },
+  { 427496, true },
+  { 427510, true },
+  { 427530, true },
+  { 427574, true },
+  { 427608, false },
+  { 427615, true },
+  { 427622, false },
+  { 427642, true },
+  { 427666, true },
+  { 427680, false },
+  { 427690, true },
+  { 427707, true },
+  { 427720, false },
+  { 427735, true },
+  { 427747, true },
+  { 427761, true },
+  { 427775, true },
+  { 427787, true },
+  { 427798, true },
+  { 427810, true },
+  { 427822, true },
+  { 427836, true },
+  { 427848, true },
+  { 427858, false },
+  { 427866, true },
+  { 427881, true },
+  { 427889, true },
+  { 427900, true },
+  { 427915, true },
+  { 427937, true },
+  { 427947, true },
+  { 427963, true },
+  { 427978, true },
+  { 427988, true },
+  { 428007, true },
+  { 428019, false },
+  { 428026, true },
+  { 428042, true },
+  { 428054, true },
+  { 428076, true },
+  { 428091, true },
+  { 428116, true },
+  { 428125, true },
+  { 428140, true },
+  { 428163, true },
+  { 428173, true },
+  { 428180, true },
+  { 428191, true },
+  { 428202, true },
+  { 428214, true },
+  { 428222, true },
+  { 428236, true },
+  { 428246, true },
+  { 428258, true },
+  { 428265, true },
+  { 428277, true },
+  { 428294, true },
+  { 428302, true },
+  { 428313, true },
+  { 428323, true },
+  { 428345, true },
+  { 428357, true },
+  { 428367, false },
+  { 428387, false },
+  { 428410, true },
+  { 428425, true },
+  { 428449, true },
+  { 428459, true },
+  { 428477, true },
+  { 428503, true },
+  { 428522, true },
+  { 428546, true },
+  { 428557, true },
+  { 428569, true },
+  { 428582, true },
+  { 428596, true },
+  { 428610, true },
+  { 428623, true },
+  { 428636, true },
+  { 428647, true },
+  { 428658, true },
+  { 428674, true },
+  { 428683, true },
+  { 428693, false },
+  { 428704, true },
+  { 428720, true },
+  { 428736, true },
+  { 428754, true },
+  { 428770, true },
+  { 428785, true },
+  { 428797, true },
+  { 428811, true },
+  { 428825, true },
+  { 428839, true },
+  { 428849, true },
+  { 428863, true },
+  { 428872, true },
+  { 428894, true },
+  { 428909, true },
+  { 428922, true },
+  { 428936, true },
+  { 428950, true },
+  { 428965, true },
+  { 428979, true },
+  { 428993, true },
+  { 429008, true },
+  { 429022, true },
+  { 429035, true },
+  { 429049, true },
+  { 429063, true },
+  { 429077, true },
+  { 429090, true },
+  { 429104, true },
+  { 429122, true },
+  { 429136, true },
+  { 429153, true },
+  { 429171, true },
+  { 429187, true },
+  { 429202, true },
+  { 429227, true },
+  { 429251, true },
+  { 429273, true },
+  { 429287, false },
+  { 429299, true },
+  { 429315, true },
+  { 429326, true },
+  { 429336, false },
+  { 429360, true },
+  { 429380, false },
+  { 429395, true },
+  { 429407, true },
+  { 429415, true },
+  { 429429, true },
+  { 429446, true },
+  { 429456, true },
+  { 429471, true },
+  { 429486, true },
+  { 429501, true },
+  { 429516, true },
+  { 429531, true },
+  { 429546, true },
+  { 429564, true },
+  { 429581, true },
+  { 429604, true },
+  { 429624, true },
+  { 429638, true },
+  { 429658, true },
+  { 429676, true },
+  { 429693, true },
+  { 429706, true },
+  { 429719, true },
+  { 429736, true },
+  { 429753, false },
+  { 429770, true },
+  { 429787, true },
+  { 429800, true },
+  { 429817, true },
+  { 429847, true },
+  { 429867, true },
+  { 429895, true },
+  { 429911, true },
+  { 429922, true },
+  { 429935, true },
+  { 429948, true },
+  { 429958, true },
+  { 429976, true },
+  { 429986, true },
+  { 430014, true },
+  { 430033, true },
+  { 430053, true },
+  { 430071, true },
+  { 430084, true },
+  { 430098, true },
+  { 430112, true },
+  { 430124, true },
+  { 430143, false },
+  { 430154, true },
+  { 430171, true },
+  { 430195, true },
+  { 430209, true },
+  { 430223, true },
+  { 430247, true },
+  { 430270, true },
+  { 430298, true },
+  { 430317, true },
+  { 430333, true },
+  { 430346, true },
+  { 430354, true },
+  { 430366, true },
+  { 430380, false },
+  { 430393, true },
+  { 430407, true },
+  { 430421, true },
+  { 430431, true },
+  { 430442, true },
+  { 430451, false },
+  { 430466, true },
+  { 430478, true },
+  { 430494, true },
+  { 430507, true },
+  { 430520, true },
+  { 430538, true },
+  { 430554, true },
+  { 430564, true },
+  { 430579, true },
+  { 430587, true },
+  { 430598, true },
+  { 430613, true },
+  { 430630, true },
+  { 430643, true },
+  { 430652, true },
+  { 430659, true },
+  { 430677, true },
+  { 430695, true },
+  { 430704, true },
+  { 430714, true },
+  { 430724, true },
+  { 430745, true },
+  { 430764, true },
+  { 430784, true },
+  { 430800, true },
+  { 430816, true },
+  { 430834, true },
+  { 430849, true },
+  { 430857, true },
+  { 430876, true },
+  { 430895, true },
+  { 430907, true },
+  { 430914, true },
+  { 430930, true },
+  { 430945, true },
+  { 430955, true },
+  { 430963, true },
+  { 430973, true },
+  { 430989, true },
+  { 431004, true },
+  { 431011, true },
+  { 431029, true },
+  { 431050, true },
+  { 431068, true },
+  { 431081, true },
+  { 431092, true },
+  { 431107, true },
+  { 431122, true },
+  { 431133, false },
+  { 431153, true },
+  { 431168, true },
+  { 431190, true },
+  { 431200, true },
+  { 431225, true },
+  { 431240, true },
+  { 431253, true },
+  { 431264, true },
+  { 431278, true },
+  { 431290, true },
+  { 431314, true },
+  { 431336, true },
+  { 431349, true },
+  { 431359, true },
+  { 431378, true },
+  { 431391, true },
+  { 431403, true },
+  { 431415, true },
+  { 431426, true },
+  { 431432, true },
+  { 431439, true },
+  { 431453, true },
+  { 431464, true },
+  { 431481, true },
+  { 431503, true },
+  { 431519, true },
+  { 431538, true },
+  { 431549, true },
+  { 431567, true },
+  { 431591, true },
+  { 431611, true },
+  { 431632, true },
+  { 431648, true },
+  { 431674, true },
+  { 431685, true },
+  { 431699, true },
+  { 431713, true },
+  { 431723, true },
+  { 431742, true },
+  { 431753, true },
+  { 431766, true },
+  { 431774, true },
+  { 431781, true },
+  { 431788, true },
+  { 431795, true },
+  { 431803, true },
+  { 431823, true },
+  { 431841, true },
+  { 431852, true },
+  { 431865, true },
+  { 431885, true },
+  { 431894, true },
+  { 431908, true },
+  { 431923, true },
+  { 431939, false },
+  { 431948, true },
+  { 431966, true },
+  { 431980, true },
+  { 431998, true },
+  { 432017, true },
+  { 432029, true },
+  { 432041, true },
+  { 432068, false },
+  { 432077, true },
+  { 432090, true },
+  { 432106, true },
+  { 432117, true },
+  { 432124, true },
+  { 432133, true },
+  { 432140, true },
+  { 432152, true },
+  { 432163, true },
+  { 432172, true },
+  { 432188, true },
+  { 432201, true },
+  { 432217, true },
+  { 432229, true },
+  { 432247, true },
+  { 432257, true },
+  { 432274, true },
+  { 432284, true },
+  { 432299, true },
+  { 432310, true },
+  { 432321, true },
+  { 432339, true },
+  { 432351, true },
+  { 432360, true },
+  { 432371, true },
+  { 432381, true },
+  { 432397, true },
+  { 432409, true },
+  { 432425, true },
+  { 432442, true },
+  { 432456, true },
+  { 432468, true },
+  { 432479, true },
+  { 432492, true },
+  { 432508, true },
+  { 432524, true },
+  { 432540, true },
+  { 432559, true },
+  { 432578, true },
+  { 432595, true },
+  { 432612, true },
+  { 432627, true },
+  { 432644, true },
+  { 432654, true },
+  { 432671, true },
+  { 432690, true },
+  { 432698, true },
+  { 432708, true },
+  { 432715, true },
+  { 432725, true },
+  { 432733, true },
+  { 432745, true },
+  { 432756, true },
+  { 432779, true },
+  { 432796, true },
+  { 432815, false },
+  { 432835, false },
+  { 432855, true },
+  { 432872, true },
+  { 432882, true },
+  { 432891, true },
+  { 432900, true },
+  { 432911, true },
+  { 432920, true },
+  { 432929, true },
+  { 432938, true },
+  { 432957, true },
+  { 432980, true },
+  { 432993, true },
+  { 433009, true },
+  { 433026, true },
+  { 433059, true },
+  { 433092, true },
+  { 433101, true },
+  { 433113, true },
+  { 433129, true },
+  { 433141, true },
+  { 433153, true },
+  { 433164, true },
+  { 433179, true },
+  { 433196, true },
+  { 433210, true },
+  { 433222, true },
+  { 433243, true },
+  { 433258, true },
+  { 433276, true },
+  { 433288, true },
+  { 433298, true },
+  { 433322, true },
+  { 433340, true },
+  { 433363, true },
+  { 433383, true },
+  { 433404, true },
+  { 433430, true },
+  { 433445, true },
+  { 433464, true },
+  { 433481, true },
+  { 433501, true },
+  { 433510, true },
+  { 433523, true },
+  { 433540, true },
+  { 433554, true },
+  { 433567, true },
+  { 433583, true },
+  { 433593, true },
+  { 433602, true },
+  { 433616, true },
+  { 433627, true },
+  { 433644, true },
+  { 433663, true },
+  { 433678, true },
+  { 433691, true },
+  { 433710, true },
+  { 433720, true },
+  { 433742, true },
+  { 433757, true },
+  { 433771, true },
+  { 433786, true },
+  { 433799, true },
+  { 433808, true },
+  { 433819, true },
+  { 433832, true },
+  { 433844, true },
+  { 433858, true },
+  { 433879, false },
+  { 433893, false },
+  { 433907, true },
+  { 433918, true },
+  { 433934, true },
+  { 433962, true },
+  { 433976, true },
+  { 433986, true },
+  { 434011, true },
+  { 434023, true },
+  { 434041, true },
+  { 434056, true },
+  { 434071, true },
+  { 434085, true },
+  { 434100, true },
+  { 434117, true },
+  { 434139, true },
+  { 434150, true },
+  { 434173, true },
+  { 434194, false },
+  { 434207, true },
+  { 434219, true },
+  { 434233, true },
+  { 434248, true },
+  { 434260, true },
+  { 434272, true },
+  { 434285, true },
+  { 434302, true },
+  { 434311, true },
+  { 434323, true },
+  { 434333, false },
+  { 434344, true },
+  { 434358, true },
+  { 434375, true },
+  { 434388, true },
+  { 434401, true },
+  { 434415, true },
+  { 434431, true },
+  { 434442, false },
+  { 434454, true },
+  { 434468, true },
+  { 434479, true },
+  { 434491, true },
+  { 434513, true },
+  { 434536, true },
+  { 434548, true },
+  { 434564, true },
+  { 434585, true },
+  { 434601, true },
+  { 434619, true },
+  { 434645, true },
+  { 434660, true },
+  { 434678, true },
+  { 434687, false },
+  { 434700, true },
+  { 434718, true },
+  { 434728, true },
+  { 434742, true },
+  { 434752, true },
+  { 434769, true },
+  { 434788, true },
+  { 434804, true },
+  { 434828, true },
+  { 434842, true },
+  { 434853, true },
+  { 434866, true },
+  { 434881, true },
+  { 434896, true },
+  { 434908, true },
+  { 434924, true },
+  { 434932, true },
+  { 434942, true },
+  { 434952, true },
+  { 434967, true },
+  { 434980, true },
+  { 434992, true },
+  { 435002, true },
+  { 435014, true },
+  { 435024, true },
+  { 435041, true },
+  { 435051, true },
+  { 435057, true },
+  { 435066, true },
+  { 435079, true },
+  { 435088, true },
+  { 435108, true },
+  { 435116, false },
+  { 435137, true },
+  { 435151, true },
+  { 435163, true },
+  { 435175, true },
+  { 435190, true },
+  { 435203, true },
+  { 435214, true },
+  { 435223, true },
+  { 435237, true },
+  { 435247, true },
+  { 435260, true },
+  { 435270, true },
+  { 435281, true },
+  { 435297, true },
+  { 435308, false },
+  { 435328, true },
+  { 435338, true },
+  { 435345, false },
+  { 435355, true },
+  { 435372, true },
+  { 435382, true },
+  { 435397, true },
+  { 435407, true },
+  { 435421, true },
+  { 435438, true },
+  { 435458, true },
+  { 435473, true },
+  { 435488, true },
+  { 435501, true },
+  { 435512, true },
+  { 435523, true },
+  { 435553, true },
+  { 435579, true },
+  { 435587, true },
+  { 435606, true },
+  { 435614, true },
+  { 435625, true },
+  { 435639, true },
+  { 435661, true },
+  { 435675, true },
+  { 435690, true },
+  { 435705, true },
+  { 435723, true },
+  { 435736, true },
+  { 435761, true },
+  { 435792, true },
+  { 435811, true },
+  { 435826, true },
+  { 435841, true },
+  { 435866, true },
+  { 435887, true },
+  { 435899, true },
+  { 435912, true },
+  { 435924, true },
+  { 435936, true },
+  { 435949, true },
+  { 435957, true },
+  { 435973, true },
+  { 435985, true },
+  { 436005, true },
+  { 436016, true },
+  { 436031, true },
+  { 436048, true },
+  { 436066, true },
+  { 436082, true },
+  { 436102, true },
+  { 436123, true },
+  { 436134, true },
+  { 436147, true },
+  { 436157, true },
+  { 436170, true },
+  { 436192, true },
+  { 436214, true },
+  { 436232, true },
+  { 436261, true },
+  { 436282, true },
+  { 436301, true },
+  { 436320, true },
+  { 436333, true },
+  { 436354, true },
+  { 436371, true },
+  { 436386, true },
+  { 436410, true },
+  { 436431, true },
+  { 436453, true },
+  { 436480, true },
+  { 436507, true },
+  { 436532, true },
+  { 436553, true },
+  { 436577, true },
+  { 436586, true },
+  { 436603, true },
+  { 436616, true },
+  { 436640, true },
+  { 436651, true },
+  { 436674, true },
+  { 436690, true },
+  { 436713, true },
+  { 436726, true },
+  { 436738, true },
+  { 436750, true },
+  { 436763, true },
+  { 436775, true },
+  { 436785, true },
+  { 436799, true },
+  { 436813, true },
+  { 436831, true },
+  { 436851, true },
+  { 436863, true },
+  { 436874, true },
+  { 436887, true },
+  { 436896, true },
+  { 436909, true },
+  { 436922, true },
+  { 436933, true },
+  { 436944, true },
+  { 436957, true },
+  { 436967, true },
+  { 436978, true },
+  { 436989, true },
+  { 437003, true },
+  { 437022, true },
+  { 437040, true },
+  { 437057, true },
+  { 437071, true },
+  { 437084, true },
+  { 437104, true },
+  { 437121, true },
+  { 437133, false },
+  { 437143, true },
+  { 437160, true },
+  { 437181, true },
+  { 437191, true },
+  { 437208, true },
+  { 437222, true },
+  { 437240, true },
+  { 437262, true },
+  { 437277, true },
+  { 437295, true },
+  { 437313, true },
+  { 437330, true },
+  { 437347, true },
+  { 437360, true },
+  { 437377, true },
+  { 437387, true },
+  { 437405, true },
+  { 437417, true },
+  { 437425, true },
+  { 437440, false },
+  { 437458, false },
+  { 437476, false },
+  { 437493, true },
+  { 437514, true },
+  { 437536, true },
+  { 437554, true },
+  { 437567, true },
+  { 437577, true },
+  { 437593, true },
+  { 437605, true },
+  { 437617, true },
+  { 437633, true },
+  { 437650, true },
+  { 437660, false },
+  { 437674, false },
+  { 437686, true },
+  { 437701, true },
+  { 437716, true },
+  { 437728, true },
+  { 437741, true },
+  { 437753, true },
+  { 437772, true },
+  { 437786, true },
+  { 437803, true },
+  { 437821, true },
+  { 437839, false },
+  { 437854, true },
+  { 437879, true },
+  { 437889, true },
+  { 437902, true },
+  { 437920, true },
+  { 437932, true },
+  { 437940, true },
+  { 437954, true },
+  { 437970, true },
+  { 437983, true },
+  { 438011, true },
+  { 438026, true },
+  { 438036, true },
+  { 438054, true },
+  { 438065, true },
+  { 438075, true },
+  { 438099, true },
+  { 438122, true },
+  { 438129, true },
+  { 438144, true },
+  { 438160, true },
+  { 438172, true },
+  { 438184, true },
+  { 438202, true },
+  { 438225, true },
+  { 438241, true },
+  { 438270, true },
+  { 438288, true },
+  { 438309, true },
+  { 438324, true },
+  { 438348, true },
+  { 438366, true },
+  { 438385, true },
+  { 438408, true },
+  { 438418, true },
+  { 438437, true },
+  { 438446, true },
+  { 438457, true },
+  { 438465, true },
+  { 438475, true },
+  { 438486, true },
+  { 438510, false },
+  { 438525, true },
+  { 438543, true },
+  { 438561, true },
+  { 438575, true },
+  { 438587, true },
+  { 438610, true },
+  { 438624, true },
+  { 438635, true },
+  { 438647, true },
+  { 438672, true },
+  { 438689, true },
+  { 438712, true },
+  { 438737, true },
+  { 438749, true },
+  { 438761, true },
+  { 438773, true },
+  { 438789, true },
+  { 438801, true },
+  { 438824, true },
+  { 438842, true },
+  { 438856, true },
+  { 438872, true },
+  { 438884, true },
+  { 438892, true },
+  { 438916, true },
+  { 438928, true },
+  { 438941, true },
+  { 438952, true },
+  { 438969, true },
+  { 438981, true },
+  { 438998, true },
+  { 439008, true },
+  { 439027, true },
+  { 439047, false },
+  { 439070, true },
+  { 439090, true },
+  { 439104, true },
+  { 439122, true },
+  { 439140, true },
+  { 439153, true },
+  { 439168, true },
+  { 439178, true },
+  { 439195, true },
+  { 439212, true },
+  { 439225, true },
+  { 439236, true },
+  { 439256, true },
+  { 439270, true },
+  { 439291, true },
+  { 439304, true },
+  { 439325, true },
+  { 439336, true },
+  { 439347, true },
+  { 439369, true },
+  { 439387, false },
+  { 439401, true },
+  { 439420, true },
+  { 439435, true },
+  { 439462, true },
+  { 439471, true },
+  { 439489, true },
+  { 439503, false },
+  { 439525, true },
+  { 439534, true },
+  { 439553, true },
+  { 439569, true },
+  { 439582, true },
+  { 439594, true },
+  { 439610, true },
+  { 439623, true },
+  { 439636, true },
+  { 439650, true },
+  { 439663, true },
+  { 439681, true },
+  { 439696, true },
+  { 439716, true },
+  { 439731, true },
+  { 439744, true },
+  { 439756, true },
+  { 439769, true },
+  { 439781, true },
+  { 439793, true },
+  { 439804, true },
+  { 439822, true },
+  { 439833, true },
+  { 439844, true },
+  { 439857, true },
+  { 439870, true },
+  { 439890, true },
+  { 439904, true },
+  { 439915, true },
+  { 439930, true },
+  { 439948, true },
+  { 439971, true },
+  { 439986, true },
+  { 440007, true },
+  { 440026, true },
+  { 440034, true },
+  { 440045, true },
+  { 440053, true },
+  { 440066, true },
+  { 440080, true },
+  { 440090, true },
+  { 440100, true },
+  { 440114, true },
+  { 440126, false },
+  { 440136, true },
+  { 440153, true },
+  { 440162, true },
+  { 440179, true },
+  { 440195, true },
+  { 440217, true },
+  { 440227, true },
+  { 440237, true },
+  { 440250, true },
+  { 440259, true },
+  { 440281, true },
+  { 440291, true },
+  { 440301, true },
+  { 440309, true },
+  { 440317, true },
+  { 440327, true },
+  { 440336, true },
+  { 440345, true },
+  { 440355, false },
+  { 440363, true },
+  { 440375, false },
+  { 440386, true },
+  { 440394, false },
+  { 440408, true },
+  { 440418, true },
+  { 440426, false },
+  { 440446, true },
+  { 440456, true },
+  { 440470, true },
+  { 440480, true },
+  { 440491, true },
+  { 440503, true },
+  { 440518, true },
+  { 440529, true },
+  { 440540, true },
+  { 440551, true },
+  { 440563, true },
+  { 440583, true },
+  { 440592, true },
+  { 440603, true },
+  { 440617, true },
+  { 440629, true },
+  { 440641, true },
+  { 440653, true },
+  { 440664, true },
+  { 440674, true },
+  { 440688, true },
+  { 440699, true },
+  { 440711, false },
+  { 440723, true },
+  { 440735, true },
+  { 440755, true },
+  { 440764, false },
+  { 440778, false },
+  { 440794, true },
+  { 440810, true },
+  { 440825, true },
+  { 440850, true },
+  { 440871, true },
+  { 440885, true },
+  { 440899, true },
+  { 440914, true },
+  { 440923, true },
+  { 440936, true },
+  { 440945, true },
+  { 440957, true },
+  { 440968, true },
+  { 440989, false },
+  { 441004, true },
+  { 441018, true },
+  { 441035, true },
+  { 441045, true },
+  { 441060, true },
+  { 441067, true },
+  { 441080, true },
+  { 441092, true },
+  { 441102, true },
+  { 441116, true },
+  { 441131, true },
+  { 441141, true },
+  { 441150, true },
+  { 441164, true },
+  { 441178, true },
+  { 441194, true },
+  { 441216, true },
+  { 441227, true },
+  { 441240, true },
+  { 441251, true },
+  { 441274, true },
+  { 441281, true },
+  { 441300, true },
+  { 441310, false },
+  { 441325, true },
+  { 441346, true },
+  { 441362, true },
+  { 441386, true },
+  { 441403, true },
+  { 441423, true },
+  { 441434, true },
+  { 441450, true },
+  { 441460, true },
+  { 441467, true },
+  { 441481, true },
+  { 441493, true },
+  { 441506, true },
+  { 441518, true },
+  { 441532, true },
+  { 441547, true },
+  { 441559, true },
+  { 441574, true },
+  { 441597, false },
+  { 441608, true },
+  { 441626, true },
+  { 441642, true },
+  { 441658, true },
+  { 441671, true },
+  { 441680, true },
+  { 441694, true },
+  { 441704, true },
+  { 441714, true },
+  { 441741, true },
+  { 441764, true },
+  { 441776, true },
+  { 441792, true },
+  { 441802, true },
+  { 441811, true },
+  { 441818, true },
+  { 441834, true },
+  { 441843, true },
+  { 441860, true },
+  { 441877, true },
+  { 441889, true },
+  { 441902, true },
+  { 441915, true },
+  { 441928, true },
+  { 441942, true },
+  { 441969, true },
+  { 441982, true },
+  { 441989, true },
+  { 441997, true },
+  { 442015, true },
+  { 442032, true },
+  { 442044, true },
+  { 442056, true },
+  { 442076, true },
+  { 442086, true },
+  { 442099, true },
+  { 442108, true },
+  { 442125, true },
+  { 442142, true },
+  { 442158, true },
+  { 442169, true },
+  { 442189, true },
+  { 442198, true },
+  { 442210, true },
+  { 442222, true },
+  { 442232, true },
+  { 442241, true },
+  { 442254, true },
+  { 442263, true },
+  { 442287, true },
+  { 442299, true },
+  { 442306, true },
+  { 442318, true },
+  { 442329, true },
+  { 442337, true },
+  { 442343, true },
+  { 442350, true },
+  { 442358, true },
+  { 442368, true },
+  { 442375, true },
+  { 442385, true },
+  { 442405, true },
+  { 442413, true },
+  { 442425, true },
+  { 442437, true },
+  { 442447, true },
+  { 442458, true },
+  { 442476, true },
+  { 442489, true },
+  { 442501, true },
+  { 442512, true },
+  { 442522, true },
+  { 442534, true },
+  { 442553, true },
+  { 442563, true },
+  { 442573, true },
+  { 442588, true },
+  { 442600, true },
+  { 442620, true },
+  { 442642, true },
+  { 442653, true },
+  { 442664, true },
+  { 442673, true },
+  { 442681, true },
+  { 442698, true },
+  { 442707, true },
+  { 442726, true },
+  { 442733, true },
+  { 442747, true },
+  { 442758, true },
+  { 442779, true },
+  { 442792, true },
+  { 442801, true },
+  { 442829, true },
+  { 442853, true },
+  { 442868, true },
+  { 442882, true },
+  { 442900, true },
+  { 442918, true },
+  { 442931, false },
+  { 442945, true },
+  { 442961, true },
+  { 442976, true },
+  { 442992, true },
+  { 443001, true },
+  { 443010, true },
+  { 443037, true },
+  { 443054, true },
+  { 443067, true },
+  { 443082, true },
+  { 443095, true },
+  { 443109, false },
+  { 443119, true },
+  { 443129, true },
+  { 443143, true },
+  { 443157, true },
+  { 443165, true },
+  { 443183, true },
+  { 443199, true },
+  { 443209, true },
+  { 443220, true },
+  { 443230, true },
+  { 443243, true },
+  { 443259, true },
+  { 443270, true },
+  { 443280, true },
+  { 443293, true },
+  { 443304, true },
+  { 443328, true },
+  { 443340, true },
+  { 443351, true },
+  { 443363, true },
+  { 443379, true },
+  { 443400, true },
+  { 443414, true },
+  { 443431, false },
+  { 443447, true },
+  { 443463, true },
+  { 443475, true },
+  { 443509, true },
+  { 443523, true },
+  { 443541, true },
+  { 443563, true },
+  { 443586, true },
+  { 443597, true },
+  { 443610, true },
+  { 443639, true },
+  { 443659, true },
+  { 443671, true },
+  { 443690, true },
+  { 443700, true },
+  { 443710, true },
+  { 443727, true },
+  { 443742, true },
+  { 443752, true },
+  { 443763, true },
+  { 443775, true },
+  { 443790, true },
+  { 443806, true },
+  { 443828, true },
+  { 443847, true },
+  { 443882, true },
+  { 443897, true },
+  { 443915, true },
+  { 443932, true },
+  { 443952, true },
+  { 443969, true },
+  { 443981, true },
+  { 444002, true },
+  { 444017, true },
+  { 444038, true },
+  { 444052, true },
+  { 444067, true },
+  { 444079, true },
+  { 444095, true },
+  { 444106, true },
+  { 444115, true },
+  { 444132, false },
+  { 444144, true },
+  { 444156, true },
+  { 444168, true },
+  { 444177, true },
+  { 444186, true },
+  { 444194, true },
+  { 444204, true },
+  { 444215, true },
+  { 444232, true },
+  { 444250, true },
+  { 444261, true },
+  { 444269, true },
+  { 444281, true },
+  { 444291, true },
+  { 444300, true },
+  { 444310, true },
+  { 444320, true },
+  { 444343, true },
+  { 444358, true },
+  { 444368, true },
+  { 444380, true },
+  { 444392, true },
+  { 444402, false },
+  { 444409, true },
+  { 444416, true },
+  { 444426, true },
+  { 444442, true },
+  { 444458, true },
+  { 444477, true },
+  { 444498, false },
+  { 444516, true },
+  { 444536, true },
+  { 444559, true },
+  { 444579, true },
+  { 444595, true },
+  { 444614, true },
+  { 444634, true },
+  { 444649, true },
+  { 444667, true },
+  { 444690, true },
+  { 444707, true },
+  { 444718, false },
+  { 444742, true },
+  { 444761, true },
+  { 444778, true },
+  { 444796, true },
+  { 444813, true },
+  { 444826, true },
+  { 444840, true },
+  { 444854, true },
+  { 444873, true },
+  { 444885, true },
+  { 444893, false },
+  { 444900, true },
+  { 444907, true },
+  { 444919, true },
+  { 444931, true },
+  { 444945, true },
+  { 444956, true },
+  { 444968, true },
+  { 444984, true },
+  { 444994, true },
+  { 445008, false },
+  { 445022, true },
+  { 445033, true },
+  { 445045, true },
+  { 445057, false },
+  { 445070, true },
+  { 445083, true },
+  { 445098, true },
+  { 445112, true },
+  { 445127, true },
+  { 445142, true },
+  { 445160, true },
+  { 445183, true },
+  { 445198, true },
+  { 445209, true },
+  { 445225, true },
+  { 445248, true },
+  { 445280, true },
+  { 445298, true },
+  { 445321, true },
+  { 445344, true },
+  { 445359, true },
+  { 445372, true },
+  { 445384, true },
+  { 445395, true },
+  { 445420, true },
+  { 445431, true },
+  { 445464, true },
+  { 445490, true },
+  { 445524, true },
+  { 445547, true },
+  { 445561, true },
+  { 445574, true },
+  { 445587, true },
+  { 445604, true },
+  { 445621, true },
+  { 445638, true },
+  { 445656, true },
+  { 445668, true },
+  { 445682, true },
+  { 445694, true },
+  { 445706, true },
+  { 445720, true },
+  { 445732, true },
+  { 445748, false },
+  { 445768, true },
+  { 445781, false },
+  { 445799, false },
+  { 445822, true },
+  { 445842, true },
+  { 445858, true },
+  { 445872, true },
+  { 445893, true },
+  { 445904, true },
+  { 445919, true },
+  { 445933, true },
+  { 445950, true },
+  { 445962, true },
+  { 445975, true },
+  { 445987, true },
+  { 445999, true },
+  { 446013, true },
+  { 446028, true },
+  { 446040, false },
+  { 446053, true },
+  { 446072, true },
+  { 446090, true },
+  { 446112, true },
+  { 446127, true },
+  { 446139, true },
+  { 446153, true },
+  { 446167, true },
+  { 446183, true },
+  { 446196, true },
+  { 446211, false },
+  { 446223, true },
+  { 446239, true },
+  { 446254, false },
+  { 446276, true },
+  { 446296, true },
+  { 446308, true },
+  { 446322, true },
+  { 446343, true },
+  { 446362, true },
+  { 446376, true },
+  { 446391, true },
+  { 446406, true },
+  { 446427, true },
+  { 446446, true },
+  { 446465, true },
+  { 446478, true },
+  { 446491, true },
+  { 446505, false },
+  { 446517, true },
+  { 446527, true },
+  { 446543, true },
+  { 446561, true },
+  { 446577, true },
+  { 446589, true },
+  { 446603, true },
+  { 446613, true },
+  { 446627, true },
+  { 446644, true },
+  { 446658, true },
+  { 446668, false },
+  { 446682, true },
+  { 446696, true },
+  { 446717, true },
+  { 446727, true },
+  { 446741, true },
+  { 446762, true },
+  { 446775, true },
+  { 446791, true },
+  { 446804, true },
+  { 446817, true },
+  { 446835, true },
+  { 446856, true },
+  { 446869, true },
+  { 446879, true },
+  { 446890, true },
+  { 446906, true },
+  { 446920, true },
+  { 446932, true },
+  { 446945, true },
+  { 446966, true },
+  { 446981, true },
+  { 446996, true },
+  { 447007, true },
+  { 447020, true },
+  { 447033, true },
+  { 447043, true },
+  { 447067, true },
+  { 447087, true },
+  { 447104, true },
+  { 447121, true },
+  { 447135, true },
+  { 447145, true },
+  { 447162, true },
+  { 447177, true },
+  { 447191, true },
+  { 447208, true },
+  { 447218, true },
+  { 447234, true },
+  { 447262, true },
+  { 447274, true },
+  { 447292, true },
+  { 447302, true },
+  { 447320, true },
+  { 447330, true },
+  { 447338, true },
+  { 447349, true },
+  { 447372, true },
+  { 447396, true },
+  { 447412, true },
+  { 447428, true },
+  { 447444, true },
+  { 447460, true },
+  { 447481, true },
+  { 447493, true },
+  { 447506, true },
+  { 447531, true },
+  { 447550, true },
+  { 447572, true },
+  { 447593, true },
+  { 447606, true },
+  { 447621, true },
+  { 447632, true },
+  { 447652, true },
+  { 447672, true },
+  { 447686, true },
+  { 447700, true },
+  { 447715, true },
+  { 447725, true },
+  { 447737, true },
+  { 447759, true },
+  { 447777, true },
+  { 447789, true },
+  { 447813, true },
+  { 447833, true },
+  { 447848, true },
+  { 447863, true },
+  { 447876, true },
+  { 447894, true },
+  { 447909, true },
+  { 447925, true },
+  { 447946, true },
+  { 447967, true },
+  { 447983, true },
+  { 448007, true },
+  { 448018, true },
+  { 448027, true },
+  { 448042, true },
+  { 448051, true },
+  { 448062, false },
+  { 448072, true },
+  { 448084, true },
+  { 448099, true },
+  { 448116, true },
+  { 448128, true },
+  { 448153, true },
+  { 448180, true },
+  { 448196, true },
+  { 448206, true },
+  { 448218, true },
+  { 448234, true },
+  { 448245, true },
+  { 448261, true },
+  { 448282, true },
+  { 448299, true },
+  { 448323, true },
+  { 448334, true },
+  { 448347, true },
+  { 448366, true },
+  { 448378, true },
+  { 448390, true },
+  { 448404, true },
+  { 448424, true },
+  { 448443, true },
+  { 448466, true },
+  { 448482, true },
+  { 448502, true },
+  { 448514, true },
+  { 448526, true },
+  { 448536, true },
+  { 448551, true },
+  { 448571, true },
+  { 448582, true },
+  { 448594, true },
+  { 448608, true },
+  { 448627, true },
+  { 448654, true },
+  { 448675, true },
+  { 448699, true },
+  { 448715, true },
+  { 448727, true },
+  { 448759, true },
+  { 448783, true },
+  { 448813, true },
+  { 448828, true },
+  { 448841, true },
+  { 448867, true },
+  { 448902, true },
+  { 448932, true },
+  { 448953, true },
+  { 448967, true },
+  { 448979, true },
+  { 449004, true },
+  { 449027, true },
+  { 449038, true },
+  { 449051, true },
+  { 449075, true },
+  { 449094, true },
+  { 449107, true },
+  { 449136, true },
+  { 449159, true },
+  { 449183, true },
+  { 449210, true },
+  { 449224, true },
+  { 449247, true },
+  { 449273, true },
+  { 449301, true },
+  { 449332, true },
+  { 449357, true },
+  { 449365, true },
+  { 449372, true },
+  { 449380, true },
+  { 449389, true },
+  { 449402, true },
+  { 449414, true },
+  { 449425, true },
+  { 449447, true },
+  { 449460, true },
+  { 449482, true },
+  { 449494, true },
+  { 449515, true },
+  { 449529, true },
+  { 449542, true },
+  { 449563, true },
+  { 449582, true },
+  { 449601, true },
+  { 449620, true },
+  { 449631, true },
+  { 449644, true },
+  { 449656, true },
+  { 449668, true },
+  { 449684, true },
+  { 449700, true },
+  { 449714, true },
+  { 449730, true },
+  { 449747, true },
+  { 449755, true },
+  { 449770, true },
+  { 449787, false },
+  { 449802, true },
+  { 449818, true },
+  { 449832, true },
+  { 449842, true },
+  { 449854, true },
+  { 449873, true },
+  { 449887, false },
+  { 449896, true },
+  { 449908, true },
+  { 449932, true },
+  { 449947, true },
+  { 449960, true },
+  { 449978, true },
+  { 449997, true },
+  { 450010, true },
+  { 450023, true },
+  { 450036, true },
+  { 450049, true },
+  { 450062, true },
+  { 450076, true },
+  { 450087, true },
+  { 450110, true },
+  { 450125, true },
+  { 450138, true },
+  { 450155, true },
+  { 450177, true },
+  { 450199, true },
+  { 450219, true },
+  { 450236, true },
+  { 450260, true },
+  { 450282, true },
+  { 450304, true },
+  { 450321, true },
+  { 450335, true },
+  { 450352, true },
+  { 450359, true },
+  { 450372, true },
+  { 450385, true },
+  { 450396, true },
+  { 450418, true },
+  { 450430, false },
+  { 450453, true },
+  { 450470, true },
+  { 450482, true },
+  { 450510, true },
+  { 450521, true },
+  { 450547, true },
+  { 450562, true },
+  { 450576, true },
+  { 450596, true },
+  { 450617, true },
+  { 450633, true },
+  { 450645, true },
+  { 450656, true },
+  { 450666, true },
+  { 450679, true },
+  { 450693, false },
+  { 450710, true },
+  { 450722, true },
+  { 450735, true },
+  { 450747, true },
+  { 450762, true },
+  { 450775, true },
+  { 450785, true },
+  { 450794, true },
+  { 450811, true },
+  { 450827, true },
+  { 450840, true },
+  { 450850, true },
+  { 450864, true },
+  { 450874, true },
+  { 450897, true },
+  { 450914, true },
+  { 450940, true },
+  { 450958, true },
+  { 450972, true },
+  { 450987, true },
+  { 451000, true },
+  { 451018, true },
+  { 451030, true },
+  { 451040, true },
+  { 451051, true },
+  { 451061, true },
+  { 451072, true },
+  { 451085, false },
+  { 451101, true },
+  { 451114, true },
+  { 451130, true },
+  { 451144, true },
+  { 451157, true },
+  { 451170, false },
+  { 451187, true },
+  { 451201, true },
+  { 451215, true },
+  { 451229, true },
+  { 451253, true },
+  { 451266, true },
+  { 451279, true },
+  { 451293, true },
+  { 451307, true },
+  { 451322, true },
+  { 451338, true },
+  { 451355, true },
+  { 451370, true },
+  { 451385, true },
+  { 451403, true },
+  { 451414, true },
+  { 451429, true },
+  { 451452, true },
+  { 451469, true },
+  { 451482, true },
+  { 451503, true },
+  { 451515, true },
+  { 451535, true },
+  { 451566, true },
+  { 451585, true },
+  { 451599, true },
+  { 451618, true },
+  { 451637, true },
+  { 451645, true },
+  { 451658, true },
+  { 451686, true },
+  { 451702, true },
+  { 451718, true },
+  { 451732, true },
+  { 451755, true },
+  { 451770, true },
+  { 451785, true },
+  { 451809, true },
+  { 451826, true },
+  { 451847, true },
+  { 451865, true },
+  { 451889, true },
+  { 451909, true },
+  { 451935, true },
+  { 451950, true },
+  { 451968, true },
+  { 451988, true },
+  { 452000, true },
+  { 452017, true },
+  { 452036, true },
+  { 452053, true },
+  { 452067, true },
+  { 452086, true },
+  { 452095, true },
+  { 452112, false },
+  { 452133, true },
+  { 452147, true },
+  { 452156, true },
+  { 452175, false },
+  { 452188, true },
+  { 452200, true },
+  { 452226, true },
+  { 452247, true },
+  { 452263, true },
+  { 452278, true },
+  { 452299, true },
+  { 452321, true },
+  { 452335, true },
+  { 452350, true },
+  { 452367, true },
+  { 452385, true },
+  { 452401, true },
+  { 452422, true },
+  { 452439, true },
+  { 452451, true },
+  { 452471, true },
+  { 452487, false },
+  { 452500, true },
+  { 452521, true },
+  { 452535, true },
+  { 452548, true },
+  { 452566, true },
+  { 452580, true },
+  { 452592, true },
+  { 452610, false },
+  { 452629, true },
+  { 452651, true },
+  { 452666, true },
+  { 452685, true },
+  { 452711, true },
+  { 452726, true },
+  { 452742, true },
+  { 452756, true },
+  { 452768, true },
+  { 452783, true },
+  { 452795, true },
+  { 452810, true },
+  { 452823, true },
+  { 452839, true },
+  { 452867, true },
+  { 452888, true },
+  { 452902, true },
+  { 452914, true },
+  { 452926, true },
+  { 452943, true },
+  { 452961, true },
+  { 452987, true },
+  { 452998, true },
+  { 453005, true },
+  { 453018, true },
+  { 453031, true },
+  { 453045, true },
+  { 453064, true },
+  { 453072, true },
+  { 453082, true },
+  { 453089, true },
+  { 453099, true },
+  { 453114, true },
+  { 453133, true },
+  { 453148, true },
+  { 453172, true },
+  { 453188, true },
+  { 453211, true },
+  { 453236, true },
+  { 453252, true },
+  { 453263, false },
+  { 453273, true },
+  { 453282, true },
+  { 453289, true },
+  { 453298, true },
+  { 453309, true },
+  { 453335, true },
+  { 453351, false },
+  { 453363, true },
+  { 453372, true },
+  { 453383, true },
+  { 453396, true },
+  { 453410, true },
+  { 453417, true },
+  { 453424, true },
+  { 453436, true },
+  { 453447, true },
+  { 453457, true },
+  { 453473, true },
+  { 453481, true },
+  { 453488, true },
+  { 453498, true },
+  { 453507, true },
+  { 453515, true },
+  { 453525, true },
+  { 453532, true },
+  { 453542, true },
+  { 453554, true },
+  { 453567, true },
+  { 453586, true },
+  { 453596, true },
+  { 453609, true },
+  { 453622, true },
+  { 453630, true },
+  { 453648, true },
+  { 453660, true },
+  { 453673, true },
+  { 453693, true },
+  { 453710, true },
+  { 453724, true },
+  { 453736, true },
+  { 453748, true },
+  { 453766, true },
+  { 453779, true },
+  { 453795, true },
+  { 453804, true },
+  { 453813, true },
+  { 453823, true },
+  { 453840, true },
+  { 453858, true },
+  { 453879, true },
+  { 453890, true },
+  { 453901, false },
+  { 453915, true },
+  { 453936, true },
+  { 453959, true },
+  { 453979, true },
+  { 454004, true },
+  { 454030, true },
+  { 454056, true },
+  { 454077, true },
+  { 454088, true },
+  { 454098, true },
+  { 454109, true },
+  { 454121, true },
+  { 454135, true },
+  { 454154, true },
+  { 454167, true },
+  { 454195, true },
+  { 454208, true },
+  { 454219, true },
+  { 454229, true },
+  { 454247, true },
+  { 454259, true },
+  { 454274, true },
+  { 454300, true },
+  { 454311, true },
+  { 454326, true },
+  { 454344, true },
+  { 454360, true },
+  { 454376, true },
+  { 454396, true },
+  { 454411, true },
+  { 454427, true },
+  { 454439, true },
+  { 454449, true },
+  { 454477, true },
+  { 454499, true },
+  { 454516, true },
+  { 454536, true },
+  { 454549, true },
+  { 454568, true },
+  { 454576, true },
+  { 454590, true },
+  { 454609, true },
+  { 454626, true },
+  { 454641, true },
+  { 454653, true },
+  { 454685, true },
+  { 454714, true },
+  { 454733, true },
+  { 454757, true },
+  { 454774, true },
+  { 454787, true },
+  { 454803, true },
+  { 454815, true },
+  { 454828, false },
+  { 454842, true },
+  { 454858, true },
+  { 454871, true },
+  { 454890, true },
+  { 454902, true },
+  { 454915, true },
+  { 454940, true },
+  { 454958, true },
+  { 454971, true },
+  { 454991, true },
+  { 455009, true },
+  { 455021, true },
+  { 455033, true },
+  { 455048, true },
+  { 455067, true },
+  { 455082, true },
+  { 455114, true },
+  { 455135, true },
+  { 455153, true },
+  { 455172, true },
+  { 455188, true },
+  { 455213, true },
+  { 455229, true },
+  { 455254, true },
+  { 455270, true },
+  { 455286, true },
+  { 455307, true },
+  { 455324, true },
+  { 455339, true },
+  { 455359, true },
+  { 455385, true },
+  { 455413, true },
+  { 455434, true },
+  { 455452, true },
+  { 455465, true },
+  { 455478, true },
+  { 455494, false },
+  { 455506, true },
+  { 455521, true },
+  { 455535, true },
+  { 455553, true },
+  { 455572, true },
+  { 455586, true },
+  { 455598, true },
+  { 455616, true },
+  { 455630, true },
+  { 455644, true },
+  { 455660, true },
+  { 455683, true },
+  { 455694, true },
+  { 455706, true },
+  { 455716, true },
+  { 455725, true },
+  { 455739, true },
+  { 455753, true },
+  { 455767, true },
+  { 455781, true },
+  { 455792, true },
+  { 455813, true },
+  { 455826, true },
+  { 455839, true },
+  { 455850, true },
+  { 455858, true },
+  { 455870, true },
+  { 455883, true },
+  { 455897, true },
+  { 455911, true },
+  { 455925, true },
+  { 455937, true },
+  { 455954, true },
+  { 455965, true },
+  { 455977, true },
+  { 455986, false },
+  { 455998, true },
+  { 456017, true },
+  { 456030, true },
+  { 456041, true },
+  { 456053, true },
+  { 456064, true },
+  { 456077, true },
+  { 456091, true },
+  { 456102, true },
+  { 456114, true },
+  { 456127, true },
+  { 456133, true },
+  { 456148, true },
+  { 456158, true },
+  { 456174, true },
+  { 456187, true },
+  { 456202, true },
+  { 456213, true },
+  { 456223, true },
+  { 456234, true },
+  { 456250, true },
+  { 456275, true },
+  { 456296, true },
+  { 456314, true },
+  { 456332, true },
+  { 456352, true },
+  { 456374, true },
+  { 456386, true },
+  { 456401, true },
+  { 456414, true },
+  { 456431, true },
+  { 456450, true },
+  { 456473, true },
+  { 456491, true },
+  { 456510, true },
+  { 456523, true },
+  { 456535, true },
+  { 456548, true },
+  { 456561, true },
+  { 456569, true },
+  { 456583, true },
+  { 456595, true },
+  { 456607, true },
+  { 456622, true },
+  { 456635, true },
+  { 456646, true },
+  { 456657, true },
+  { 456671, true },
+  { 456679, true },
+  { 456690, true },
+  { 456699, true },
+  { 456715, true },
+  { 456725, true },
+  { 456739, true },
+  { 456749, true },
+  { 456763, true },
+  { 456770, true },
+  { 456780, true },
+  { 456787, true },
+  { 456798, true },
+  { 456809, true },
+  { 456824, false },
+  { 456833, true },
+  { 456845, true },
+  { 456852, true },
+  { 456861, true },
+  { 456869, false },
+  { 456884, true },
+  { 456893, true },
+  { 456905, true },
+  { 456914, true },
+  { 456923, true },
+  { 456934, true },
+  { 456943, true },
+  { 456952, true },
+  { 456968, true },
+  { 456983, true },
+  { 456993, true },
+  { 457006, true },
+  { 457018, true },
+  { 457026, true },
+  { 457038, true },
+  { 457051, true },
+  { 457062, true },
+  { 457076, true },
+  { 457092, true },
+  { 457104, true },
+  { 457117, true },
+  { 457131, true },
+  { 457145, true },
+  { 457159, true },
+  { 457171, true },
+  { 457184, false },
+  { 457197, true },
+  { 457212, true },
+  { 457226, true },
+  { 457240, true },
+  { 457257, true },
+  { 457274, true },
+  { 457289, true },
+  { 457307, true },
+  { 457325, true },
+  { 457343, true },
+  { 457357, true },
+  { 457371, true },
+  { 457385, true },
+  { 457399, true },
+  { 457413, false },
+  { 457433, false },
+  { 457451, false },
+  { 457477, false },
+  { 457500, false },
+  { 457523, false },
+  { 457544, true },
+  { 457557, true },
+  { 457573, false },
+  { 457589, false },
+  { 457605, true },
+  { 457627, true },
+  { 457640, false },
+  { 457657, false },
+  { 457674, true },
+  { 457691, false },
+  { 457708, false },
+  { 457722, false },
+  { 457741, false },
+  { 457752, false },
+  { 457764, false },
+  { 457783, true },
+  { 457801, true },
+  { 457816, false },
+  { 457830, false },
+  { 457844, true },
+  { 457860, false },
+  { 457877, false },
+  { 457894, false },
+  { 457909, false },
+  { 457925, true },
+  { 457946, true },
+  { 457964, false },
+  { 457983, false },
+  { 458001, true },
+  { 458021, true },
+  { 458037, false },
+  { 458052, true },
+  { 458067, true },
+  { 458091, false },
+  { 458109, false },
+  { 458124, true },
+  { 458144, true },
+  { 458165, false },
+  { 458189, false },
+  { 458208, false },
+  { 458223, false },
+  { 458239, true },
+  { 458254, false },
+  { 458267, false },
+  { 458282, false },
+  { 458296, false },
+  { 458314, true },
+  { 458327, true },
+  { 458338, true },
+  { 458345, true },
+  { 458356, true },
+  { 458367, true },
+  { 458375, true },
+  { 458383, true },
+  { 458393, true },
+  { 458406, true },
+  { 458419, true },
+  { 458431, true },
+  { 458448, true },
+  { 458464, true },
+  { 458478, true },
+  { 458485, true },
+  { 458505, true },
+  { 458513, true },
+  { 458524, true },
+  { 458534, true },
+  { 458543, true },
+  { 458561, true },
+  { 458566, true },
+  { 458571, true },
+  { 458578, true },
+  { 458586, true },
+  { 458595, true },
+  { 458603, true },
+  { 458611, true },
+  { 458619, true },
+  { 458639, true },
+  { 458647, true },
+  { 458656, true },
+  { 458667, false },
+  { 458687, true },
+  { 458694, true },
+  { 458713, false },
+  { 458724, true },
+  { 458734, true },
+  { 458741, true },
+  { 458748, true },
+  { 458758, true },
+  { 458779, true },
+  { 458799, true },
+  { 458813, true },
+  { 458837, true },
+  { 458844, true },
+  { 458854, false },
+  { 458867, true },
+  { 458884, true },
+  { 458901, true },
+  { 458921, true },
+  { 458940, true },
+  { 458946, true },
+  { 458952, true },
+  { 458964, true },
+  { 458976, true },
+  { 458985, true },
+  { 458997, true },
+  { 459010, true },
+  { 459022, true },
+  { 459031, true },
+  { 459042, true },
+  { 459055, true },
+  { 459070, true },
+  { 459084, true },
+  { 459103, true },
+  { 459116, true },
+  { 459129, true },
+  { 459140, true },
+  { 459151, true },
+  { 459162, true },
+  { 459174, true },
+  { 459182, false },
+  { 459201, false },
+  { 459212, true },
+  { 459225, true },
+  { 459236, true },
+  { 459243, true },
+  { 459254, true },
+  { 459261, true },
+  { 459284, true },
+  { 459296, true },
+  { 459310, true },
+  { 459329, true },
+  { 459345, true },
+  { 459361, false },
+  { 459373, true },
+  { 459384, true },
+  { 459401, true },
+  { 459411, true },
+  { 459427, true },
+  { 459441, true },
+  { 459452, true },
+  { 459468, true },
+  { 459482, false },
+  { 459497, true },
+  { 459512, true },
+  { 459522, true },
+  { 459532, true },
+  { 459544, true },
+  { 459555, false },
+  { 459565, true },
+  { 459575, true },
+  { 459593, true },
+  { 459601, true },
+  { 459612, false },
+  { 459620, true },
+  { 459631, true },
+  { 459642, true },
+  { 459654, true },
+  { 459663, true },
+  { 459678, true },
+  { 459689, true },
+  { 459697, true },
+  { 459707, true },
+  { 459717, true },
+  { 459725, true },
+  { 459736, true },
+  { 459746, true },
+  { 459758, true },
+  { 459769, true },
+  { 459780, false },
+  { 459792, true },
+  { 459803, true },
+  { 459822, true },
+  { 459833, true },
+  { 459843, true },
+  { 459855, false },
+  { 459865, true },
+  { 459873, true },
+  { 459887, true },
+  { 459894, true },
+  { 459928, true },
+  { 459953, true },
+  { 459981, true },
+  { 459999, true },
+  { 460013, true },
+  { 460042, true },
+  { 460053, true },
+  { 460072, true },
+  { 460104, true },
+  { 460127, true },
+  { 460148, true },
+  { 460181, true },
+  { 460213, true },
+  { 460239, true },
+  { 460272, true },
+  { 460295, true },
+  { 460314, true },
+  { 460342, true },
+  { 460370, true },
+  { 460390, true },
+  { 460408, true },
+  { 460426, true },
+  { 460451, true },
+  { 460483, true },
+  { 460510, true },
+  { 460532, true },
+  { 460560, true },
+  { 460582, true },
+  { 460603, true },
+  { 460628, true },
+  { 460653, true },
+  { 460677, true },
+  { 460695, true },
+  { 460721, true },
+  { 460749, true },
+  { 460780, true },
+  { 460808, true },
+  { 460834, true },
+  { 460862, true },
+  { 460889, true },
+  { 460929, true },
+  { 460956, true },
+  { 460986, true },
+  { 461005, true },
+  { 461023, true },
+  { 461048, true },
+  { 461063, true },
+  { 461074, true },
+  { 461089, true },
+  { 461115, true },
+  { 461126, false },
+  { 461147, true },
+  { 461173, true },
+  { 461193, true },
+  { 461213, true },
+  { 461237, true },
+  { 461255, true },
+  { 461273, true },
+  { 461299, true },
+  { 461317, true },
+  { 461354, false },
+  { 461383, true },
+  { 461402, true },
+  { 461422, true },
+  { 461455, true },
+  { 461476, true },
+  { 461503, true },
+  { 461517, true },
+  { 461540, true },
+  { 461554, true },
+  { 461582, true },
+  { 461617, true },
+  { 461632, true },
+  { 461646, true },
+  { 461669, true },
+  { 461696, true },
+  { 461728, true },
+  { 461748, true },
+  { 461769, true },
+  { 461783, true },
+  { 461797, true },
+  { 461814, true },
+  { 461836, true },
+  { 461862, true },
+  { 461886, true },
+  { 461911, true },
+  { 461924, true },
+  { 461952, true },
+  { 461994, true },
+  { 462024, true },
+  { 462035, true },
+  { 462054, true },
+  { 462075, true },
+  { 462110, true },
+  { 462133, true },
+  { 462159, true },
+  { 462182, true },
+  { 462198, true },
+  { 462220, true },
+  { 462244, true },
+  { 462270, true },
+  { 462301, true },
+  { 462327, true },
+  { 462339, true },
+  { 462363, true },
+  { 462390, true },
+  { 462411, true },
+  { 462432, true },
+  { 462439, true },
+  { 462450, true },
+  { 462461, true },
+  { 462468, true },
+  { 462479, true },
+  { 462489, true },
+  { 462500, true },
+  { 462506, true },
+  { 462517, true },
+  { 462533, true },
+  { 462549, true },
+  { 462557, true },
+  { 462567, true },
+  { 462574, true },
+  { 462581, true },
+  { 462598, true },
+  { 462611, true },
+  { 462619, true },
+  { 462634, true },
+  { 462645, true },
+  { 462660, true },
+  { 462679, true },
+  { 462693, true },
+  { 462702, true },
+  { 462708, true },
+  { 462722, true },
+  { 462732, true },
+  { 462742, true },
+  { 462750, true },
+  { 462763, true },
+  { 462776, true },
+  { 462788, true },
+  { 462795, true },
+  { 462802, true },
+  { 462813, true },
+  { 462822, true },
+  { 462829, true },
+  { 462835, true },
+  { 462846, true },
+  { 462856, true },
+  { 462865, true },
+  { 462877, true },
+  { 462885, true },
+  { 462903, true },
+  { 462932, true },
+  { 462948, true },
+  { 462961, true },
+  { 462970, true },
+  { 462982, true },
+  { 462991, true },
+  { 463001, true },
+  { 463010, true },
+  { 463022, true },
+  { 463029, true },
+  { 463043, true },
+  { 463054, true },
+  { 463064, false },
+  { 463072, true },
+  { 463084, true },
+  { 463094, true },
+  { 463102, true },
+  { 463112, true },
+  { 463121, true },
+  { 463135, true },
+  { 463155, true },
+  { 463165, true },
+  { 463177, true },
+  { 463197, true },
+  { 463206, true },
+  { 463214, true },
+  { 463229, true },
+  { 463239, true },
+  { 463248, true },
+  { 463260, true },
+  { 463272, true },
+  { 463283, true },
+  { 463297, true },
+  { 463308, true },
+  { 463322, true },
+  { 463333, true },
+  { 463347, true },
+  { 463357, true },
+  { 463373, true },
+  { 463380, true },
+  { 463390, true },
+  { 463402, true },
+  { 463412, true },
+  { 463419, true },
+  { 463428, true },
+  { 463443, true },
+  { 463454, true },
+  { 463462, true },
+  { 463474, true },
+  { 463485, true },
+  { 463506, true },
+  { 463516, true },
+  { 463524, true },
+  { 463538, true },
+  { 463550, true },
+  { 463565, true },
+  { 463577, true },
+  { 463590, true },
+  { 463603, true },
+  { 463616, true },
+  { 463632, true },
+  { 463647, true },
+  { 463659, false },
+  { 463669, true },
+  { 463682, true },
+  { 463710, true },
+  { 463719, true },
+  { 463731, true },
+  { 463743, true },
+  { 463759, true },
+  { 463767, true },
+  { 463776, true },
+  { 463788, true },
+  { 463798, true },
+  { 463806, true },
+  { 463819, true },
+  { 463829, true },
+  { 463838, true },
+  { 463848, true },
+  { 463856, true },
+  { 463866, true },
+  { 463877, true },
+  { 463887, true },
+  { 463900, true },
+  { 463912, true },
+  { 463927, true },
+  { 463935, true },
+  { 463943, true },
+  { 463951, true },
+  { 463959, true },
+  { 463967, true },
+  { 463978, true },
+  { 463989, true },
+  { 464000, true },
+  { 464009, true },
+  { 464021, true },
+  { 464033, true },
+  { 464045, true },
+  { 464057, true },
+  { 464069, true },
+  { 464081, true },
+  { 464093, true },
+  { 464105, true },
+  { 464117, true },
+  { 464125, true },
+  { 464133, true },
+  { 464141, true },
+  { 464149, true },
+  { 464157, true },
+  { 464165, true },
+  { 464173, true },
+  { 464181, true },
+  { 464189, true },
+  { 464197, true },
+  { 464205, true },
+  { 464213, true },
+  { 464221, true },
+  { 464229, true },
+  { 464240, true },
+  { 464259, true },
+  { 464269, true },
+  { 464280, true },
+  { 464295, true },
+  { 464305, true },
+  { 464321, true },
+  { 464335, true },
+  { 464345, false },
+  { 464354, true },
+  { 464361, true },
+  { 464372, true },
+  { 464388, true },
+  { 464395, true },
+  { 464404, true },
+  { 464413, true },
+  { 464430, true },
+  { 464441, true },
+  { 464449, true },
+  { 464462, true },
+  { 464473, true },
+  { 464484, true },
+  { 464493, true },
+  { 464507, true },
+  { 464522, true },
+  { 464533, true },
+  { 464549, true },
+  { 464559, true },
+  { 464569, true },
+  { 464580, true },
+  { 464602, true },
+  { 464615, true },
+  { 464630, true },
+  { 464641, true },
+  { 464652, true },
+  { 464660, true },
+  { 464675, true },
+  { 464685, true },
+  { 464703, true },
+  { 464715, true },
+  { 464731, true },
+  { 464742, true },
+  { 464756, true },
+  { 464772, true },
+  { 464789, true },
+  { 464801, true },
+  { 464826, true },
+  { 464848, true },
+  { 464867, true },
+  { 464891, true },
+  { 464904, true },
+  { 464918, true },
+  { 464930, true },
+  { 464943, true },
+  { 464954, true },
+  { 464978, true },
+  { 464989, true },
+  { 465001, false },
+  { 465016, true },
+  { 465027, true },
+  { 465037, true },
+  { 465047, true },
+  { 465058, true },
+  { 465070, true },
+  { 465090, false },
+  { 465100, true },
+  { 465111, true },
+  { 465143, true },
+  { 465170, true },
+  { 465194, true },
+  { 465205, true },
+  { 465217, true },
+  { 465227, true },
+  { 465244, true },
+  { 465261, true },
+  { 465276, true },
+  { 465287, true },
+  { 465307, true },
+  { 465319, true },
+  { 465335, true },
+  { 465352, true },
+  { 465367, true },
+  { 465385, true },
+  { 465401, true },
+  { 465414, false },
+  { 465427, true },
+  { 465441, true },
+  { 465457, true },
+  { 465467, true },
+  { 465477, true },
+  { 465490, true },
+  { 465507, true },
+  { 465517, true },
+  { 465532, true },
+  { 465547, true },
+  { 465559, true },
+  { 465571, true },
+  { 465583, true },
+  { 465592, true },
+  { 465610, true },
+  { 465624, true },
+  { 465637, true },
+  { 465651, true },
+  { 465665, true },
+  { 465676, true },
+  { 465686, true },
+  { 465699, true },
+  { 465717, true },
+  { 465730, true },
+  { 465744, true },
+  { 465757, true },
+  { 465775, true },
+  { 465790, true },
+  { 465812, true },
+  { 465831, true },
+  { 465840, true },
+  { 465854, true },
+  { 465865, true },
+  { 465882, true },
+  { 465894, true },
+  { 465916, true },
+  { 465933, true },
+  { 465946, true },
+  { 465966, true },
+  { 465975, true },
+  { 465983, true },
+  { 465991, true },
+  { 466004, true },
+  { 466015, true },
+  { 466028, true },
+  { 466037, true },
+  { 466049, true },
+  { 466061, true },
+  { 466075, true },
+  { 466084, true },
+  { 466095, true },
+  { 466106, true },
+  { 466114, true },
+  { 466125, true },
+  { 466135, true },
+  { 466144, true },
+  { 466154, true },
+  { 466169, false },
+  { 466175, true },
+  { 466181, true },
+  { 466189, true },
+  { 466200, true },
+  { 466216, true },
+  { 466224, true },
+  { 466237, true },
+  { 466247, true },
+  { 466257, true },
+  { 466267, true },
+  { 466278, true },
+  { 466291, true },
+  { 466304, true },
+  { 466317, true },
+  { 466328, true },
+  { 466338, true },
+  { 466348, true },
+  { 466358, true },
+  { 466368, true },
+  { 466380, true },
+  { 466390, true },
+  { 466402, true },
+  { 466413, true },
+  { 466427, true },
+  { 466438, true },
+  { 466448, true },
+  { 466458, true },
+  { 466468, true },
+  { 466483, true },
+  { 466494, true },
+  { 466507, true },
+  { 466518, true },
+  { 466530, true },
+  { 466541, true },
+  { 466552, true },
+  { 466563, true },
+  { 466575, true },
+  { 466586, true },
+  { 466597, true },
+  { 466610, true },
+  { 466617, true },
+  { 466626, true },
+  { 466636, true },
+  { 466646, true },
+  { 466655, true },
+  { 466664, true },
+  { 466683, true },
+  { 466696, true },
+  { 466709, true },
+  { 466725, true },
+  { 466735, true },
+  { 466743, true },
+  { 466754, true },
+  { 466768, true },
+  { 466786, true },
+  { 466799, true },
+  { 466812, true },
+  { 466824, true },
+  { 466832, true },
+  { 466845, true },
+  { 466859, true },
+  { 466869, true },
+  { 466879, true },
+  { 466893, true },
+  { 466904, true },
+  { 466912, true },
+  { 466920, true },
+  { 466934, true },
+  { 466950, true },
+  { 466960, true },
+  { 466978, true },
+  { 466987, true },
+  { 466996, true },
+  { 467009, true },
+  { 467021, true },
+  { 467044, true },
+  { 467057, true },
+  { 467062, true },
+  { 467072, true },
+  { 467079, true },
+  { 467086, true },
+  { 467093, true },
+  { 467105, false },
+  { 467125, false },
+  { 467144, true },
+  { 467155, true },
+  { 467170, true },
+  { 467186, true },
+  { 467200, true },
+  { 467211, false },
+  { 467228, false },
+  { 467245, false },
+  { 467263, true },
+  { 467277, true },
+  { 467292, true },
+  { 467308, true },
+  { 467323, true },
+  { 467334, true },
+  { 467348, true },
+  { 467361, true },
+  { 467374, true },
+  { 467382, false },
+  { 467405, true },
+  { 467415, true },
+  { 467425, true },
+  { 467440, true },
+  { 467454, true },
+  { 467482, true },
+  { 467493, true },
+  { 467506, true },
+  { 467518, true },
+  { 467531, true },
+  { 467539, true },
+  { 467564, true },
+  { 467575, true },
+  { 467584, true },
+  { 467594, true },
+  { 467616, true },
+  { 467625, true },
+  { 467638, true },
+  { 467650, true },
+  { 467661, false },
+  { 467679, true },
+  { 467690, true },
+  { 467706, true },
+  { 467720, true },
+  { 467733, true },
+  { 467741, true },
+  { 467765, true },
+  { 467778, true },
+  { 467790, true },
+  { 467807, true },
+  { 467819, true },
+  { 467832, false },
+  { 467839, true },
+  { 467857, true },
+  { 467864, true },
+  { 467873, false },
+  { 467882, true },
+  { 467893, true },
+  { 467905, true },
+  { 467916, true },
+  { 467924, true },
+  { 467931, true },
+  { 467939, true },
+  { 467955, true },
+  { 467974, true },
+  { 467989, true },
+  { 468000, true },
+  { 468007, true },
+  { 468017, true },
+  { 468025, true },
+  { 468047, true },
+  { 468065, true },
+  { 468091, true },
+  { 468100, true },
+  { 468113, true },
+  { 468138, true },
+  { 468155, true },
+  { 468166, true },
+  { 468188, true },
+  { 468215, true },
+  { 468234, false },
+  { 468245, true },
+  { 468267, true },
+  { 468278, true },
+  { 468288, true },
+  { 468299, true },
+  { 468311, true },
+  { 468323, true },
+  { 468336, true },
+  { 468349, true },
+  { 468364, true },
+  { 468382, true },
+  { 468395, true },
+  { 468410, true },
+  { 468426, true },
+  { 468439, true },
+  { 468450, true },
+  { 468468, true },
+  { 468482, true },
+  { 468493, true },
+  { 468503, true },
+  { 468515, true },
+  { 468523, true },
+  { 468536, true },
+  { 468551, true },
+  { 468563, true },
+  { 468573, true },
+  { 468586, true },
+  { 468597, true },
+  { 468610, true },
+  { 468622, true },
+  { 468634, true },
+  { 468648, true },
+  { 468658, false },
+  { 468668, true },
+  { 468685, true },
+  { 468698, false },
+  { 468713, true },
+  { 468723, true },
+  { 468736, true },
+  { 468751, true },
+  { 468759, true },
+  { 468771, true },
+  { 468782, true },
+  { 468795, true },
+  { 468803, true },
+  { 468810, true },
+  { 468822, true },
+  { 468832, false },
+  { 468852, true },
+  { 468866, true },
+  { 468875, true },
+  { 468887, true },
+  { 468902, true },
+  { 468917, true },
+  { 468932, true },
+  { 468944, true },
+  { 468962, true },
+  { 468976, true },
+  { 468989, true },
+  { 469000, true },
+  { 469009, true },
+  { 469023, true },
+  { 469035, true },
+  { 469045, true },
+  { 469062, true },
+  { 469068, true },
+  { 469087, true },
+  { 469116, true },
+  { 469135, true },
+  { 469153, true },
+  { 469161, true },
+  { 469176, false },
+  { 469184, true },
+  { 469194, true },
+  { 469215, true },
+  { 469228, true },
+  { 469239, true },
+  { 469250, true },
+  { 469258, true },
+  { 469269, true },
+  { 469286, true },
+  { 469300, true },
+  { 469314, true },
+  { 469325, true },
+  { 469342, false },
+  { 469354, true },
+  { 469361, true },
+  { 469372, true },
+  { 469384, true },
+  { 469393, true },
+  { 469413, true },
+  { 469423, true },
+  { 469438, true },
+  { 469449, false },
+  { 469464, true },
+  { 469476, true },
+  { 469484, true },
+  { 469490, true },
+  { 469497, true },
+  { 469507, true },
+  { 469519, true },
+  { 469534, true },
+  { 469546, true },
+  { 469558, true },
+  { 469570, true },
+  { 469581, true },
+  { 469594, true },
+  { 469618, true },
+  { 469636, true },
+  { 469647, true },
+  { 469658, true },
+  { 469669, true },
+  { 469680, true },
+  { 469695, true },
+  { 469704, true },
+  { 469717, true },
+  { 469729, true },
+  { 469747, true },
+  { 469762, true },
+  { 469777, false },
+  { 469794, true },
+  { 469805, true },
+  { 469816, true },
+  { 469830, true },
+  { 469845, true },
+  { 469857, true },
+  { 469873, true },
+  { 469882, true },
+  { 469896, true },
+  { 469907, true },
+  { 469916, true },
+  { 469938, true },
+  { 469949, true },
+  { 469960, true },
+  { 469980, true },
+  { 470004, true },
+  { 470029, true },
+  { 470044, true },
+  { 470056, true },
+  { 470068, true },
+  { 470079, true },
+  { 470092, true },
+  { 470104, true },
+  { 470114, true },
+  { 470122, true },
+  { 470141, true },
+  { 470152, true },
+  { 470162, true },
+  { 470172, true },
+  { 470183, true },
+  { 470193, true },
+  { 470207, false },
+  { 470214, true },
+  { 470234, true },
+  { 470246, true },
+  { 470257, true },
+  { 470273, true },
+  { 470288, true },
+  { 470299, true },
+  { 470308, true },
+  { 470317, true },
+  { 470329, true },
+  { 470343, true },
+  { 470354, true },
+  { 470368, true },
+  { 470375, true },
+  { 470382, true },
+  { 470400, true },
+  { 470411, true },
+  { 470421, true },
+  { 470429, true },
+  { 470439, true },
+  { 470452, true },
+  { 470466, true },
+  { 470487, true },
+  { 470497, true },
+  { 470504, true },
+  { 470515, true },
+  { 470525, true },
+  { 470534, true },
+  { 470547, true },
+  { 470557, true },
+  { 470579, true },
+  { 470589, true },
+  { 470608, true },
+  { 470623, true },
+  { 470634, true },
+  { 470642, true },
+  { 470651, true },
+  { 470658, true },
+  { 470678, true },
+  { 470701, true },
+  { 470709, true },
+  { 470722, true },
+  { 470735, true },
+  { 470742, true },
+  { 470755, true },
+  { 470763, true },
+  { 470775, true },
+  { 470785, true },
+  { 470794, true },
+  { 470806, true },
+  { 470816, true },
+  { 470836, true },
+  { 470846, true },
+  { 470863, true },
+  { 470871, true },
+  { 470880, true },
+  { 470894, true },
+  { 470906, true },
+};
diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.cpp b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
new file mode 100644
index 000000000..4202a0142
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.cpp
@@ -0,0 +1,1191 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecureBrowserUIImpl.h"
+
+#include "imgIRequest.h"
+#include "mozilla/Logging.h"
+#include "nsCURILoader.h"
+#include "nsIAssociatedContentSecurity.h"
+#include "nsIChannel.h"
+#include "nsIDOMWindow.h"
+#include "nsIDocShell.h"
+#include "nsIDocShellTreeItem.h"
+#include "nsIDocument.h"
+#include "nsIFTPChannel.h"
+#include "nsIFileChannel.h"
+#include "nsIHttpChannel.h"
+#include "nsIInterfaceRequestorUtils.h"
+#include "nsIProtocolHandler.h"
+#include "nsISSLStatus.h"
+#include "nsISecurityInfoProvider.h"
+#include "nsIServiceManager.h"
+#include "nsITransportSecurityInfo.h"
+#include "nsIWebProgress.h"
+#include "nsIWyciwygChannel.h"
+#include "nsNetCID.h"
+#include "nsNetUtil.h"
+#include "nsPIDOMWindow.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "nsString.h"
+
+using namespace mozilla;
+
+LazyLogModule gSecureDocLog("nsSecureBrowserUI");
+
+struct RequestHashEntry : PLDHashEntryHdr {
+    void *r;
+};
+
+static bool
+RequestMapMatchEntry(const PLDHashEntryHdr *hdr, const void *key)
+{
+  const RequestHashEntry *entry = static_cast<const RequestHashEntry*>(hdr);
+  return entry->r == key;
+}
+
+static void
+RequestMapInitEntry(PLDHashEntryHdr *hdr, const void *key)
+{
+  RequestHashEntry *entry = static_cast<RequestHashEntry*>(hdr);
+  entry->r = (void*)key;
+}
+
+static const PLDHashTableOps gMapOps = {
+  PLDHashTable::HashVoidPtrKeyStub,
+  RequestMapMatchEntry,
+  PLDHashTable::MoveEntryStub,
+  PLDHashTable::ClearEntryStub,
+  RequestMapInitEntry
+};
+
+nsSecureBrowserUIImpl::nsSecureBrowserUIImpl()
+  : mNotifiedSecurityState(lis_no_security)
+  , mNotifiedToplevelIsEV(false)
+  , mNewToplevelSecurityState(STATE_IS_INSECURE)
+  , mNewToplevelIsEV(false)
+  , mNewToplevelSecurityStateKnown(true)
+  , mIsViewSource(false)
+  , mSubRequestsBrokenSecurity(0)
+  , mSubRequestsNoSecurity(0)
+  , mCertUserOverridden(false)
+  , mRestoreSubrequests(false)
+  , mOnLocationChangeSeen(false)
+#ifdef DEBUG
+  , mEntered(false)
+#endif
+  , mTransferringRequests(&gMapOps, sizeof(RequestHashEntry))
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  ResetStateTracking();
+}
+
+NS_IMPL_ISUPPORTS(nsSecureBrowserUIImpl,
+                  nsISecureBrowserUI,
+                  nsIWebProgressListener,
+                  nsISupportsWeakReference,
+                  nsISSLStatusProvider)
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::Init(mozIDOMWindowProxy* aWindow)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) {
+    nsCOMPtr<nsIDOMWindow> window(do_QueryReferent(mWindow));
+
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: Init: mWindow: %p, aWindow: %p\n", this,
+            window.get(), aWindow));
+  }
+
+  if (!aWindow) {
+    NS_WARNING("Null window passed to nsSecureBrowserUIImpl::Init()");
+    return NS_ERROR_INVALID_ARG;
+  }
+
+  if (mWindow) {
+    NS_WARNING("Trying to init an nsSecureBrowserUIImpl twice");
+    return NS_ERROR_ALREADY_INITIALIZED;
+  }
+
+  nsresult rv;
+  mWindow = do_GetWeakReference(aWindow, &rv);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  auto* piwindow = nsPIDOMWindowOuter::From(aWindow);
+  nsIDocShell *docShell = piwindow->GetDocShell();
+
+  // The Docshell will own the SecureBrowserUI object
+  if (!docShell)
+    return NS_ERROR_FAILURE;
+
+  docShell->SetSecurityUI(this);
+
+  /* GetWebProgress(mWindow) */
+  // hook up to the webprogress notifications.
+  nsCOMPtr<nsIWebProgress> wp(do_GetInterface(docShell));
+  if (!wp) return NS_ERROR_FAILURE;
+  /* end GetWebProgress */
+  
+  wp->AddProgressListener(static_cast<nsIWebProgressListener*>(this),
+                          nsIWebProgress::NOTIFY_STATE_ALL | 
+                          nsIWebProgress::NOTIFY_LOCATION  |
+                          nsIWebProgress::NOTIFY_SECURITY);
+
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::GetState(uint32_t* aState)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  return MapInternalToExternalState(aState, mNotifiedSecurityState,
+                                    mNotifiedToplevelIsEV);
+}
+
+// static
+already_AddRefed<nsISupports> 
+nsSecureBrowserUIImpl::ExtractSecurityInfo(nsIRequest* aRequest)
+{
+  nsCOMPtr<nsISupports> retval;
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel)
+    channel->GetSecurityInfo(getter_AddRefs(retval));
+  
+  if (!retval) {
+    nsCOMPtr<nsISecurityInfoProvider> provider(do_QueryInterface(aRequest));
+    if (provider)
+      provider->GetSecurityInfo(getter_AddRefs(retval));
+  }
+
+  return retval.forget();
+}
+
+nsresult
+nsSecureBrowserUIImpl::MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev)
+{
+  NS_ENSURE_ARG(aState);
+
+  switch (lock)
+  {
+    case lis_broken_security:
+      *aState = STATE_IS_BROKEN;
+      break;
+
+    case lis_mixed_security:
+      *aState = STATE_IS_BROKEN;
+      break;
+
+    case lis_high_security:
+      *aState = STATE_IS_SECURE | STATE_SECURE_HIGH;
+      break;
+
+    default:
+    case lis_no_security:
+      *aState = STATE_IS_INSECURE;
+      break;
+  }
+
+  if (ev && (*aState & STATE_IS_SECURE))
+    *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
+
+  if (mCertUserOverridden && (*aState & STATE_IS_SECURE)) {
+    *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  nsCOMPtr<nsIDocShell> docShell = do_QueryReferent(mDocShell);
+  if (!docShell)
+    return NS_OK;
+
+  // For content docShell's, the mixed content security state is set on the root docShell.
+  if (docShell->ItemType() == nsIDocShellTreeItem::typeContent) {
+    nsCOMPtr<nsIDocShellTreeItem> docShellTreeItem(do_QueryInterface(docShell));
+    nsCOMPtr<nsIDocShellTreeItem> sameTypeRoot;
+    docShellTreeItem->GetSameTypeRootTreeItem(getter_AddRefs(sameTypeRoot));
+    NS_ASSERTION(sameTypeRoot, "No document shell root tree item from document shell tree item!");
+    docShell = do_QueryInterface(sameTypeRoot);
+    if (!docShell)
+      return NS_OK;
+  }
+
+  // Has a Mixed Content Load initiated in nsMixedContentBlocker?
+  // * If not, the state should not be broken because of mixed content;
+  // overriding the previous state if it is inaccurately flagged as mixed.
+  if (lock == lis_mixed_security &&
+      !docShell->GetHasMixedActiveContentLoaded() &&
+      !docShell->GetHasMixedDisplayContentLoaded() &&
+      !docShell->GetHasMixedActiveContentBlocked() &&
+      !docShell->GetHasMixedDisplayContentBlocked()) {
+    *aState = STATE_IS_SECURE;
+    if (ev) {
+      *aState |= nsIWebProgressListener::STATE_IDENTITY_EV_TOPLEVEL;
+    }
+  }
+  // * If so, the state should be broken or insecure; overriding the previous
+  // state set by the lock parameter.
+  uint32_t tempState = STATE_IS_BROKEN;
+  if (lock == lis_no_security) {
+      // this is to ensure that http: pages with mixed content in nested
+      // iframes don't get marked as broken instead of insecure
+      tempState = STATE_IS_INSECURE;
+  }
+  if (docShell->GetHasMixedActiveContentLoaded() &&
+      docShell->GetHasMixedDisplayContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT |
+                nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT;
+  } else if (docShell->GetHasMixedActiveContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_ACTIVE_CONTENT;
+  } else if (docShell->GetHasMixedDisplayContentLoaded()) {
+      *aState = tempState |
+                nsIWebProgressListener::STATE_LOADED_MIXED_DISPLAY_CONTENT;
+  }
+
+  if (mCertUserOverridden) {
+    *aState |= nsIWebProgressListener::STATE_CERT_USER_OVERRIDDEN;
+  }
+
+  // Has Mixed Content Been Blocked in nsMixedContentBlocker?
+  if (docShell->GetHasMixedActiveContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_ACTIVE_CONTENT;
+
+  if (docShell->GetHasMixedDisplayContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_MIXED_DISPLAY_CONTENT;
+
+  // Has Tracking Content been Blocked?
+  if (docShell->GetHasTrackingContentBlocked())
+    *aState |= nsIWebProgressListener::STATE_BLOCKED_TRACKING_CONTENT;
+
+  if (docShell->GetHasTrackingContentLoaded())
+    *aState |= nsIWebProgressListener::STATE_LOADED_TRACKING_CONTENT;
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::SetDocShell(nsIDocShell* aDocShell)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  nsresult rv;
+  mDocShell = do_GetWeakReference(aDocShell, &rv);
+  return rv;
+}
+
+static uint32_t GetSecurityStateFromSecurityInfoAndRequest(nsISupports* info,
+                                                           nsIRequest* request)
+{
+  nsresult res;
+  uint32_t securityState;
+
+  nsCOMPtr<nsITransportSecurityInfo> psmInfo(do_QueryInterface(info));
+  if (!psmInfo) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - no nsITransportSecurityInfo for %p\n",
+                                         (nsISupports *)info));
+    return nsIWebProgressListener::STATE_IS_INSECURE;
+  }
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - info is %p\n", 
+                                       (nsISupports *)info));
+  
+  res = psmInfo->GetSecurityState(&securityState);
+  if (NS_FAILED(res)) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - GetSecurityState failed: %d\n",
+                                         res));
+    securityState = nsIWebProgressListener::STATE_IS_BROKEN;
+  }
+
+  if (securityState != nsIWebProgressListener::STATE_IS_INSECURE) {
+    // A secure connection does not yield a secure per-uri channel if the
+    // scheme is plain http.
+
+    nsCOMPtr<nsIURI> uri;
+    nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
+    if (channel) {
+      channel->GetURI(getter_AddRefs(uri));
+    } else {
+      nsCOMPtr<imgIRequest> imgRequest(do_QueryInterface(request));
+      if (imgRequest) {
+        imgRequest->GetURI(getter_AddRefs(uri));
+      }
+    }
+    if (uri) {
+      bool isHttp, isFtp;
+      if ((NS_SUCCEEDED(uri->SchemeIs("http", &isHttp)) && isHttp) ||
+          (NS_SUCCEEDED(uri->SchemeIs("ftp", &isFtp)) && isFtp)) {
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - "
+                                             "channel scheme is insecure.\n"));
+        securityState = nsIWebProgressListener::STATE_IS_INSECURE;
+      }
+    }
+  }
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI: GetSecurityState: - Returning %d\n", 
+                                       securityState));
+  return securityState;
+}
+
+
+//  nsIWebProgressListener
+NS_IMETHODIMP 
+nsSecureBrowserUIImpl::OnProgressChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        int32_t aCurSelfProgress,
+                                        int32_t aMaxSelfProgress,
+                                        int32_t aCurTotalProgress,
+                                        int32_t aMaxTotalProgress)
+{
+  NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+  return NS_OK;
+}
+
+void
+nsSecureBrowserUIImpl::ResetStateTracking()
+{
+  mDocumentRequestsInProgress = 0;
+  mTransferringRequests.Clear();
+}
+
+void
+nsSecureBrowserUIImpl::EvaluateAndUpdateSecurityState(nsIRequest* aRequest,
+                                                      nsISupports* info,
+                                                      bool withNewLocation,
+                                                      bool withNewSink)
+{
+  mNewToplevelIsEV = false;
+
+  bool updateStatus = false;
+  nsCOMPtr<nsISSLStatus> temp_SSLStatus;
+
+  mNewToplevelSecurityState =
+    GetSecurityStateFromSecurityInfoAndRequest(info, aRequest);
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+          ("SecureUI:%p: OnStateChange: remember mNewToplevelSecurityState => %x\n",
+           this, mNewToplevelSecurityState));
+
+  nsCOMPtr<nsISSLStatusProvider> sp(do_QueryInterface(info));
+  if (sp) {
+    // Ignore result
+    updateStatus = true;
+    (void) sp->GetSSLStatus(getter_AddRefs(temp_SSLStatus));
+    if (temp_SSLStatus) {
+      bool aTemp;
+      if (NS_SUCCEEDED(temp_SSLStatus->GetIsExtendedValidation(&aTemp))) {
+        mNewToplevelIsEV = aTemp;
+      }
+    }
+  }
+
+  mNewToplevelSecurityStateKnown = true;
+  if (updateStatus) {
+    mSSLStatus = temp_SSLStatus;
+  }
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: remember securityInfo %p\n", this,
+          info));
+  nsCOMPtr<nsIAssociatedContentSecurity> associatedContentSecurityFromRequest(
+    do_QueryInterface(aRequest));
+  if (associatedContentSecurityFromRequest) {
+    mCurrentToplevelSecurityInfo = aRequest;
+  } else {
+    mCurrentToplevelSecurityInfo = info;
+  }
+
+  // The subrequest counters are now in sync with mCurrentToplevelSecurityInfo,
+  // don't restore after top level document load finishes.
+  mRestoreSubrequests = false;
+
+  UpdateSecurityState(aRequest, withNewLocation, withNewSink || updateStatus);
+}
+
+void
+nsSecureBrowserUIImpl::UpdateSubrequestMembers(nsISupports* securityInfo,
+                                               nsIRequest* request)
+{
+  // For wyciwyg channels in subdocuments we only update our
+  // subrequest state members.
+  uint32_t reqState = GetSecurityStateFromSecurityInfoAndRequest(securityInfo,
+                                                                 request);
+
+  if (reqState & STATE_IS_SECURE) {
+    // do nothing
+  } else if (reqState & STATE_IS_BROKEN) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: subreq BROKEN\n", this));
+    ++mSubRequestsBrokenSecurity;
+  } else {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: subreq INSECURE\n", this));
+    ++mSubRequestsNoSecurity;
+  }
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnStateChange(nsIWebProgress* aWebProgress,
+                                     nsIRequest* aRequest,
+                                     uint32_t aProgressStateFlags,
+                                     nsresult aStatus)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  ReentrancyGuard guard(*this);
+  /*
+    All discussion, unless otherwise mentioned, only refers to
+    http, https, file or wyciwig requests.
+
+
+    Redirects are evil, well, some of them.
+    There are multiple forms of redirects.
+
+    Redirects caused by http refresh content are ok, because experiments show,
+    with those redirects, the old page contents and their requests will come to STOP
+    completely, before any progress from new refreshed page content is reported.
+    So we can safely treat them as separate page loading transactions.
+
+    Evil are redirects at the http protocol level, like code 302.
+
+    If the toplevel documents gets replaced, i.e. redirected with 302, we do not care for the 
+    security state of the initial transaction, which has now been redirected, 
+    we only care for the new page load.
+    
+    For the implementation of the security UI, we make an assumption, that is hopefully true.
+    
+    Imagine, the received page that was delivered with the 302 redirection answer,
+    also delivered html content.
+
+    What happens if the parser starts to analyze the content and tries to load contained sub objects?
+    
+    In that case we would see start and stop requests for subdocuments, some for the previous document,
+    some for the new target document. And only those for the new toplevel document may be
+    taken into consideration, when deciding about the security state of the next toplevel document.
+    
+    Because security state is being looked at, when loading stops for (sub)documents, this 
+    could cause real confusion, because we have to decide, whether an incoming progress 
+    belongs to the new toplevel page, or the previous, already redirected page.
+    
+    Can we simplify here?
+    
+    If a redirect at the http protocol level is seen, can we safely assume, its html content
+    will not be parsed, anylzed, and no embedded objects will get loaded (css, js, images),
+    because the redirect is already happening?
+    
+    If we can assume that, this really simplify things. Because we will never see notification
+    for sub requests that need to get ignored.
+    
+    I would like to make this assumption for now, but please let me (kaie) know if I'm wrong.
+    
+    Excurse:
+      If my assumption is wrong, then we would require more tracking information.
+      We need to keep lists of all pointers to request object that had been seen since the
+      last toplevel start event.
+      If the start for a redirected page is seen, the list of releveant object must be cleared,
+      and only progress for requests which start after it must be analyzed.
+      All other events must be ignored, as they belong to now irrelevant previous top level documents.
+
+
+    Frames are also evil.
+
+    First we need a decision.
+    kaie thinks: 
+      Only if the toplevel frame is secure, we should try to display secure lock icons.
+      If some of the inner contents are insecure, we display mixed mode.
+      
+      But if the top level frame is not secure, why indicate a mixed lock icon at all?
+      I think we should always display an open lock icon, if the top level frameset is insecure.
+      
+      That's the way Netscape Communicator behaves, and I think we should do the same.
+      
+      The user will not know which parts are secure and which are not,
+      and any certificate information, displayed in the tooltip or in the "page info"
+      will only be relevant for some subframe(s), and the user will not know which ones,
+      so we shouldn't display it as a general attribute of the displayed page.
+
+    Why are frames evil?
+    
+    Because the progress for the toplevel frame document is not easily distinguishable
+    from subframes. The same STATE bits are reported.
+
+    While at first sight, when a new page load happens,
+    the toplevel frameset document has also the STATE_IS_NETWORK bit in it.
+    But this can't really be used. Because in case that document causes a http 302 redirect, 
+    the real top level frameset will no longer have that bit.
+    
+    But we need some way to distinguish top level frames from inner frames.
+    
+    I saw that the web progress we get delivered has a reference to the toplevel DOM window.
+    
+    I suggest, we look at all incoming requests.
+    If a request is NOT for the toplevel DOM window, we will always treat it as a subdocument request,
+    regardless of whether the load flags indicate a top level document.
+  */
+
+  nsCOMPtr<mozIDOMWindowProxy> windowForProgress;
+  aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
+
+  nsCOMPtr<mozIDOMWindowProxy> window(do_QueryReferent(mWindow));
+  NS_ASSERTION(window, "Window has gone away?!");
+
+  if (!mIOService) {
+    mIOService = do_GetService(NS_IOSERVICE_CONTRACTID);
+  }
+
+  bool isNoContentResponse = false;
+  nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(aRequest);
+  if (httpChannel) 
+  {
+    uint32_t response;
+    isNoContentResponse = NS_SUCCEEDED(httpChannel->GetResponseStatus(&response)) &&
+        (response == 204 || response == 205);
+  }
+  const bool isToplevelProgress = (windowForProgress.get() == window.get()) && !isNoContentResponse;
+  
+  if (windowForProgress)
+  {
+    if (isToplevelProgress)
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: for toplevel\n", this));
+    }
+    else
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: for something else\n", this));
+    }
+  }
+  else
+  {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: progress: no window known\n", this));
+  }
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: OnStateChange\n", this));
+
+  if (mIsViewSource) {
+    return NS_OK;
+  }
+
+  if (!aRequest)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange with null request\n", this));
+    return NS_ERROR_NULL_POINTER;
+  }
+
+  if (MOZ_LOG_TEST(gSecureDocLog, LogLevel::Debug)) {
+    nsXPIDLCString reqname;
+    aRequest->GetName(reqname);
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: %p %p OnStateChange %x %s\n", this, aWebProgress,
+            aRequest, aProgressStateFlags, reqname.get()));
+  }
+
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
+
+  nsCOMPtr<nsIURI> uri;
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (channel) {
+    channel->GetURI(getter_AddRefs(uri));
+  }
+
+  nsCOMPtr<imgIRequest> imgRequest(do_QueryInterface(aRequest));
+  if (imgRequest) {
+    NS_ASSERTION(!channel, "How did that happen, exactly?");
+    // for image requests, we get the URI from here
+    imgRequest->GetURI(getter_AddRefs(uri));
+  }
+  
+  if (uri) {
+    bool vs;
+    if (NS_SUCCEEDED(uri->SchemeIs("javascript", &vs)) && vs) {
+      // We ignore the progress events for javascript URLs.
+      // If a document loading gets triggered, we will see more events.
+      return NS_OK;
+    }
+  }
+
+  uint32_t loadFlags = 0;
+  aRequest->GetLoadFlags(&loadFlags);
+
+  if (aProgressStateFlags & STATE_START
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: SOMETHING STARTS FOR TOPMOST DOCUMENT\n", this));
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: SOMETHING STOPS FOR TOPMOST DOCUMENT\n", this));
+  }
+
+  bool isSubDocumentRelevant = true;
+
+  // We are only interested in requests that load in the browser window...
+  if (!imgRequest) { // is not imgRequest
+    nsCOMPtr<nsIHttpChannel> httpRequest(do_QueryInterface(aRequest));
+    if (!httpRequest) {
+      nsCOMPtr<nsIFileChannel> fileRequest(do_QueryInterface(aRequest));
+      if (!fileRequest) {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (!wyciwygRequest) {
+          nsCOMPtr<nsIFTPChannel> ftpRequest(do_QueryInterface(aRequest));
+          if (!ftpRequest) {
+            MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+                   ("SecureUI:%p: OnStateChange: not relevant for sub content\n", this));
+            isSubDocumentRelevant = false;
+          }
+        }
+      }
+    }
+  }
+
+  // This will ignore all resource, chrome, data, file, moz-icon, and anno
+  // protocols. Local resources are treated as trusted.
+  if (uri && mIOService) {
+    bool hasFlag;
+    nsresult rv =
+      mIOService->URIChainHasFlags(uri,
+                                   nsIProtocolHandler::URI_IS_LOCAL_RESOURCE,
+                                   &hasFlag);
+    if (NS_SUCCEEDED(rv) && hasFlag) {
+      isSubDocumentRelevant = false;
+    }
+  }
+
+#if defined(DEBUG)
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      channel)
+  {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: seeing STOP with security state: %d\n", this,
+            GetSecurityStateFromSecurityInfoAndRequest(securityInfo, aRequest)
+            ));
+  }
+#endif
+
+  if (aProgressStateFlags & STATE_TRANSFERRING
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    // The listing of a request in mTransferringRequests
+    // means, there has already been data transfered.
+    mTransferringRequests.Add(aRequest, fallible);
+
+    return NS_OK;
+  }
+
+  bool requestHasTransferedData = false;
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    PLDHashEntryHdr* entry = mTransferringRequests.Search(aRequest);
+    if (entry) {
+      mTransferringRequests.RemoveEntry(entry);
+      requestHasTransferedData = true;
+    }
+
+    if (!requestHasTransferedData) {
+      // Because image loads doesn't support any TRANSFERRING notifications but
+      // only START and STOP we must ask them directly whether content was
+      // transferred.  See bug 432685 for details.
+      nsCOMPtr<nsISecurityInfoProvider> securityInfoProvider =
+        do_QueryInterface(aRequest);
+      // Guess true in all failure cases to be safe.  But if we're not
+      // an nsISecurityInfoProvider, then we just haven't transferred
+      // any data.
+      bool hasTransferred;
+      requestHasTransferedData =
+        securityInfoProvider &&
+        (NS_FAILED(securityInfoProvider->GetHasTransferredData(&hasTransferred)) ||
+         hasTransferred);
+    }
+  }
+
+  bool allowSecurityStateChange = true;
+  if (loadFlags & nsIChannel::LOAD_RETARGETED_DOCUMENT_URI)
+  {
+    // The original consumer (this) is no longer the target of the load.
+    // Ignore any events with this flag, do not allow them to update
+    // our secure UI state.
+    allowSecurityStateChange = false;
+  }
+
+  if (aProgressStateFlags & STATE_START
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    int32_t saveSubBroken;
+    int32_t saveSubNo;
+    nsCOMPtr<nsIAssociatedContentSecurity> prevContentSecurity;
+
+    int32_t newSubBroken = 0;
+    int32_t newSubNo = 0;
+
+    bool inProgress = (mDocumentRequestsInProgress != 0);
+
+    if (allowSecurityStateChange && !inProgress) {
+      saveSubBroken = mSubRequestsBrokenSecurity;
+      saveSubNo = mSubRequestsNoSecurity;
+      prevContentSecurity = do_QueryInterface(mCurrentToplevelSecurityInfo);
+    }
+
+    if (allowSecurityStateChange && !inProgress)
+    {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnStateChange: start for toplevel document\n", this
+              ));
+
+      if (prevContentSecurity)
+      {
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+               ("SecureUI:%p: OnStateChange: start, saving current sub state\n", this
+                ));
+  
+        // before resetting our state, let's save information about
+        // sub element loads, so we can restore it later
+        prevContentSecurity->SetCountSubRequestsBrokenSecurity(saveSubBroken);
+        prevContentSecurity->SetCountSubRequestsNoSecurity(saveSubNo);
+        prevContentSecurity->Flush();
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Saving subs in START to %p as %d,%d\n", 
+          this, prevContentSecurity.get(), saveSubBroken, saveSubNo));      
+      }
+
+      bool retrieveAssociatedState = false;
+
+      if (securityInfo &&
+          (aProgressStateFlags & nsIWebProgressListener::STATE_RESTORING) != 0) {
+        retrieveAssociatedState = true;
+      } else {
+        nsCOMPtr<nsIWyciwygChannel> wyciwygRequest(do_QueryInterface(aRequest));
+        if (wyciwygRequest) {
+          retrieveAssociatedState = true;
+        }
+      }
+
+      if (retrieveAssociatedState)
+      {
+        // When restoring from bfcache, we will not get events for the 
+        // page's sub elements, so let's load the state of sub elements
+        // from the cache.
+    
+        nsCOMPtr<nsIAssociatedContentSecurity> 
+          newContentSecurity(do_QueryInterface(securityInfo));
+    
+        if (newContentSecurity)
+        {
+          MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+                 ("SecureUI:%p: OnStateChange: start, loading old sub state\n", this
+                  ));
+    
+          newContentSecurity->GetCountSubRequestsBrokenSecurity(&newSubBroken);
+          newContentSecurity->GetCountSubRequestsNoSecurity(&newSubNo);
+          MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in START from %p to %d,%d\n", 
+            this, newContentSecurity.get(), newSubBroken, newSubNo));      
+        }
+      }
+      else
+      {
+        // If we don't get OnLocationChange for this top level load later,
+        // it didn't get rendered.  But we reset the state to unknown and
+        // mSubRequests* to zeros.  If we would have left these values after 
+        // this top level load stoped, we would override the original top level
+        // load with all zeros and break mixed content state on back and forward.
+        mRestoreSubrequests = true;
+      }
+    }
+
+    if (allowSecurityStateChange && !inProgress) {
+      ResetStateTracking();
+      mSubRequestsBrokenSecurity = newSubBroken;
+      mSubRequestsNoSecurity = newSubNo;
+      mNewToplevelSecurityStateKnown = false;
+    }
+
+    // By using a counter, this code also works when the toplevel
+    // document get's redirected, but the STOP request for the 
+    // previous toplevel document has not yet have been received.
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: ++mDocumentRequestsInProgress\n", this
+            ));
+    ++mDocumentRequestsInProgress;
+
+    return NS_OK;
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST
+      &&
+      isToplevelProgress
+      &&
+      loadFlags & nsIChannel::LOAD_DOCUMENT_URI)
+  {
+    nsCOMPtr<nsISecurityEventSink> temp_ToplevelEventSink;
+
+    if (allowSecurityStateChange) {
+      temp_ToplevelEventSink = mToplevelEventSink;
+    }
+
+    if (mDocumentRequestsInProgress <= 0) {
+      // Ignore stop requests unless a document load is in progress
+      // Unfortunately on application start, see some stops without having seen any starts...
+      return NS_OK;
+    }
+
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnStateChange: --mDocumentRequestsInProgress\n", this
+            ));
+
+    if (!temp_ToplevelEventSink && channel)
+    {
+      if (allowSecurityStateChange)
+      {
+        ObtainEventSink(channel, temp_ToplevelEventSink);
+      }
+    }
+
+    bool sinkChanged = false;
+    bool inProgress;
+    if (allowSecurityStateChange) {
+      sinkChanged = (mToplevelEventSink != temp_ToplevelEventSink);
+      mToplevelEventSink = temp_ToplevelEventSink;
+    }
+    --mDocumentRequestsInProgress;
+    inProgress = mDocumentRequestsInProgress > 0;
+
+    if (allowSecurityStateChange && requestHasTransferedData) {
+      // Data has been transferred for the single toplevel
+      // request. Evaluate the security state.
+
+      // Do this only when the sink has changed.  We update and notify
+      // the state from OnLacationChange, this is actually redundant.
+      // But when the target sink changes between OnLocationChange and
+      // OnStateChange, we have to fire the notification here (again).
+
+      if (sinkChanged || mOnLocationChangeSeen) {
+        EvaluateAndUpdateSecurityState(aRequest, securityInfo, false,
+                                       sinkChanged);
+        return NS_OK;
+      }
+    }
+    mOnLocationChangeSeen = false;
+
+    if (mRestoreSubrequests && !inProgress)
+    {
+      // We get here when there were no OnLocationChange between 
+      // OnStateChange(START) and OnStateChange(STOP).  Then the load has not
+      // been rendered but has been retargeted in some other way then by external
+      // app handler.  Restore mSubRequests* members to what the current security 
+      // state info holds (it was reset to all zero in OnStateChange(START) 
+      // before).
+      nsCOMPtr<nsIAssociatedContentSecurity> currentContentSecurity(
+        do_QueryInterface(mCurrentToplevelSecurityInfo));
+
+      // Drop this indication flag, the restore operation is just being done.
+      mRestoreSubrequests = false;
+
+      // We can do this since the state didn't actually change.
+      mNewToplevelSecurityStateKnown = true;
+
+      int32_t subBroken = 0;
+      int32_t subNo = 0;
+
+      if (currentContentSecurity)
+      {
+        currentContentSecurity->GetCountSubRequestsBrokenSecurity(&subBroken);
+        currentContentSecurity->GetCountSubRequestsNoSecurity(&subNo);
+        MOZ_LOG(gSecureDocLog, LogLevel::Debug, ("SecureUI:%p: Restoring subs in STOP from %p to %d,%d\n", 
+          this, currentContentSecurity.get(), subBroken, subNo));      
+      }
+
+      mSubRequestsBrokenSecurity = subBroken;
+      mSubRequestsNoSecurity = subNo;
+    }
+
+    return NS_OK;
+  }
+
+  if (aProgressStateFlags & STATE_STOP
+      &&
+      aProgressStateFlags & STATE_IS_REQUEST)
+  {
+    if (!isSubDocumentRelevant)
+      return NS_OK;
+
+    // if we arrive here, LOAD_DOCUMENT_URI is not set
+
+    // We only care for the security state of sub requests which have actually transfered data.
+
+    if (allowSecurityStateChange && requestHasTransferedData)
+    {  
+      UpdateSubrequestMembers(securityInfo, aRequest);
+
+      // Care for the following scenario:
+      // A new top level document load might have already started,
+      // but the security state of the new top level document might not yet been known.
+      // 
+      // At this point, we are learning about the security state of a sub-document.
+      // We must not update the security state based on the sub content,
+      // if the new top level state is not yet known.
+      //
+      // We skip updating the security state in this case.
+
+      if (mNewToplevelSecurityStateKnown) {
+        UpdateSecurityState(aRequest, false, false);
+      }
+    }
+
+    return NS_OK;
+  }
+
+  return NS_OK;
+}
+
+// I'm keeping this as a separate function, in order to simplify the review
+// for bug 412456. We should inline this in a follow up patch.
+void nsSecureBrowserUIImpl::ObtainEventSink(nsIChannel *channel, 
+                                            nsCOMPtr<nsISecurityEventSink> &sink)
+{
+  if (!sink)
+    NS_QueryNotificationCallbacks(channel, sink);
+}
+
+void
+nsSecureBrowserUIImpl::UpdateSecurityState(nsIRequest* aRequest,
+                                           bool withNewLocation,
+                                           bool withUpdateStatus)
+{
+  lockIconState newSecurityState = lis_no_security;
+  if (mNewToplevelSecurityState & STATE_IS_SECURE) {
+    // If a subresoure/request was insecure, then we have mixed security.
+    if (mSubRequestsBrokenSecurity || mSubRequestsNoSecurity) {
+      newSecurityState = lis_mixed_security;
+    } else {
+      newSecurityState = lis_high_security;
+    }
+  }
+
+  if (mNewToplevelSecurityState & STATE_IS_BROKEN) {
+    newSecurityState = lis_broken_security;
+  }
+
+  mCertUserOverridden =
+    mNewToplevelSecurityState & STATE_CERT_USER_OVERRIDDEN;
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: UpdateSecurityState:  old-new  %d - %d\n", this,
+          mNotifiedSecurityState, newSecurityState));
+
+  bool flagsChanged = false;
+  if (mNotifiedSecurityState != newSecurityState) {
+    // Something changed since the last time.
+    flagsChanged = true;
+    mNotifiedSecurityState = newSecurityState;
+
+    // If we have no security, we also shouldn't have any SSL status.
+    if (newSecurityState == lis_no_security) {
+      mSSLStatus = nullptr;
+    }
+  }
+
+  if (mNotifiedToplevelIsEV != mNewToplevelIsEV) {
+    flagsChanged = true;
+    mNotifiedToplevelIsEV = mNewToplevelIsEV;
+  }
+
+  if (flagsChanged || withNewLocation || withUpdateStatus) {
+    TellTheWorld(aRequest);
+  }
+}
+
+void
+nsSecureBrowserUIImpl::TellTheWorld(nsIRequest* aRequest)
+{
+  uint32_t state = STATE_IS_INSECURE;
+  GetState(&state);
+
+  if (mToplevelEventSink) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: UpdateSecurityState: calling OnSecurityChange\n",
+            this));
+
+    mToplevelEventSink->OnSecurityChange(aRequest, state);
+  } else {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: UpdateSecurityState: NO mToplevelEventSink!\n",
+            this));
+
+  }
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnLocationChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        nsIURI* aLocation,
+                                        uint32_t aFlags)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+  ReentrancyGuard guard(*this);
+
+  MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+         ("SecureUI:%p: OnLocationChange\n", this));
+
+  bool updateIsViewSource = false;
+  bool temp_IsViewSource = false;
+  nsCOMPtr<mozIDOMWindowProxy> window;
+
+  if (aLocation)
+  {
+    bool vs;
+
+    nsresult rv = aLocation->SchemeIs("view-source", &vs);
+    NS_ENSURE_SUCCESS(rv, rv);
+
+    if (vs) {
+      MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+             ("SecureUI:%p: OnLocationChange: view-source\n", this));
+    }
+
+    updateIsViewSource = true;
+    temp_IsViewSource = vs;
+  }
+
+  if (updateIsViewSource) {
+    mIsViewSource = temp_IsViewSource;
+  }
+  mCurrentURI = aLocation;
+  window = do_QueryReferent(mWindow);
+  NS_ASSERTION(window, "Window has gone away?!");
+
+  // When |aRequest| is null, basically we don't trust that document. But if
+  // docshell insists that the document has not changed at all, we will reuse
+  // the previous security state, no matter what |aRequest| may be.
+  if (aFlags & LOCATION_CHANGE_SAME_DOCUMENT)
+    return NS_OK;
+
+  // The location bar has changed, so we must update the security state.  The
+  // only concern with doing this here is that a page may transition from being
+  // reported as completely secure to being reported as partially secure
+  // (mixed).  This may be confusing for users, and it may bother users who
+  // like seeing security dialogs.  However, it seems prudent given that page
+  // loading may never end in some edge cases (perhaps by a site with malicious
+  // intent).
+
+  nsCOMPtr<mozIDOMWindowProxy> windowForProgress;
+  aWebProgress->GetDOMWindow(getter_AddRefs(windowForProgress));
+
+  nsCOMPtr<nsISupports> securityInfo(ExtractSecurityInfo(aRequest));
+
+  if (windowForProgress.get() == window.get()) {
+    // For toplevel channels, update the security state right away.
+    mOnLocationChangeSeen = true;
+    EvaluateAndUpdateSecurityState(aRequest, securityInfo, true, false);
+    return NS_OK;
+  }
+
+  // For channels in subdocuments we only update our subrequest state members.
+  UpdateSubrequestMembers(securityInfo, aRequest);
+
+  // Care for the following scenario:
+
+  // A new toplevel document load might have already started, but the security
+  // state of the new toplevel document might not yet be known.
+  // 
+  // At this point, we are learning about the security state of a sub-document.
+  // We must not update the security state based on the sub content, if the new
+  // top level state is not yet known.
+  //
+  // We skip updating the security state in this case.
+
+  if (mNewToplevelSecurityStateKnown) {
+    UpdateSecurityState(aRequest, true, false);
+  }
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::OnStatusChange(nsIWebProgress* aWebProgress,
+                                      nsIRequest* aRequest,
+                                      nsresult aStatus,
+                                      const char16_t* aMessage)
+{
+  NS_NOTREACHED("notification excluded in AddProgressListener(...)");
+  return NS_OK;
+}
+
+nsresult
+nsSecureBrowserUIImpl::OnSecurityChange(nsIWebProgress* aWebProgress,
+                                        nsIRequest* aRequest,
+                                        uint32_t state)
+{
+  MOZ_ASSERT(NS_IsMainThread());
+#if defined(DEBUG)
+  nsCOMPtr<nsIChannel> channel(do_QueryInterface(aRequest));
+  if (!channel)
+    return NS_OK;
+
+  nsCOMPtr<nsIURI> aURI;
+  channel->GetURI(getter_AddRefs(aURI));
+
+  if (aURI) {
+    MOZ_LOG(gSecureDocLog, LogLevel::Debug,
+           ("SecureUI:%p: OnSecurityChange: (%x) %s\n", this,
+            state, aURI->GetSpecOrDefault().get()));
+  }
+#endif
+
+  return NS_OK;
+}
+
+// nsISSLStatusProvider methods
+NS_IMETHODIMP
+nsSecureBrowserUIImpl::GetSSLStatus(nsISSLStatus** _result)
+{
+  NS_ENSURE_ARG_POINTER(_result);
+  MOZ_ASSERT(NS_IsMainThread());
+
+  switch (mNotifiedSecurityState)
+  {
+    case lis_broken_security:
+    case lis_mixed_security:
+    case lis_high_security:
+      break;
+
+    default:
+      MOZ_FALLTHROUGH_ASSERT("if this is reached you must add more entries to the switch");
+    case lis_no_security:
+      *_result = nullptr;
+      return NS_OK;
+  }
+
+  *_result = mSSLStatus;
+  NS_IF_ADDREF(*_result);
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsSecureBrowserUIImpl.h b/security/manager/ssl/nsSecureBrowserUIImpl.h
new file mode 100644
index 000000000..905e89474
--- /dev/null
+++ b/security/manager/ssl/nsSecureBrowserUIImpl.h
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecureBrowserUIImpl_h
+#define nsSecureBrowserUIImpl_h
+
+#include "PLDHashTable.h"
+#include "mozilla/ReentrancyGuard.h"
+#include "nsCOMPtr.h"
+#include "nsINetUtil.h"
+#include "nsISSLStatusProvider.h"
+#include "nsISecureBrowserUI.h"
+#include "nsISecurityEventSink.h"
+#include "nsIURI.h"
+#include "nsIWebProgressListener.h"
+#include "nsWeakReference.h"
+
+class nsISSLStatus;
+class nsIChannel;
+
+#define NS_SECURE_BROWSER_UI_CID \
+{ 0xcc75499a, 0x1dd1, 0x11b2, {0x8a, 0x82, 0xca, 0x41, 0x0a, 0xc9, 0x07, 0xb8}}
+
+
+class nsSecureBrowserUIImpl : public nsISecureBrowserUI,
+                              public nsIWebProgressListener,
+                              public nsSupportsWeakReference,
+                              public nsISSLStatusProvider
+{
+  friend class mozilla::ReentrancyGuard;
+
+public:
+  nsSecureBrowserUIImpl();
+
+  NS_DECL_ISUPPORTS
+  NS_DECL_NSIWEBPROGRESSLISTENER
+  NS_DECL_NSISECUREBROWSERUI
+  NS_DECL_NSISSLSTATUSPROVIDER
+
+protected:
+  virtual ~nsSecureBrowserUIImpl() {};
+
+  nsWeakPtr mWindow;
+  nsWeakPtr mDocShell;
+  nsCOMPtr<nsINetUtil> mIOService;
+  nsCOMPtr<nsIURI> mCurrentURI;
+  nsCOMPtr<nsISecurityEventSink> mToplevelEventSink;
+
+  enum lockIconState {
+    lis_no_security,
+    lis_broken_security,
+    lis_mixed_security,
+    lis_high_security
+  };
+
+  lockIconState mNotifiedSecurityState;
+  bool mNotifiedToplevelIsEV;
+
+  void ResetStateTracking();
+  uint32_t mNewToplevelSecurityState;
+  bool mNewToplevelIsEV;
+  bool mNewToplevelSecurityStateKnown;
+  bool mIsViewSource;
+
+  int32_t mDocumentRequestsInProgress;
+  int32_t mSubRequestsBrokenSecurity;
+  int32_t mSubRequestsNoSecurity;
+  bool mCertUserOverridden;
+  bool mRestoreSubrequests;
+  bool mOnLocationChangeSeen;
+#ifdef DEBUG
+  bool mEntered; // For ReentrancyGuard.
+#endif
+
+  static already_AddRefed<nsISupports> ExtractSecurityInfo(nsIRequest* aRequest);
+  nsresult MapInternalToExternalState(uint32_t* aState, lockIconState lock, bool ev);
+  void UpdateSecurityState(nsIRequest* aRequest, bool withNewLocation,
+                           bool withUpdateStatus);
+  void TellTheWorld(nsIRequest* aRequest);
+
+  void EvaluateAndUpdateSecurityState(nsIRequest* aRequest, nsISupports *info,
+                                      bool withNewLocation, bool withNewSink);
+  void UpdateSubrequestMembers(nsISupports* securityInfo, nsIRequest* request);
+
+  void ObtainEventSink(nsIChannel *channel, 
+                       nsCOMPtr<nsISecurityEventSink> &sink);
+
+  nsCOMPtr<nsISSLStatus> mSSLStatus;
+  nsCOMPtr<nsISupports> mCurrentToplevelSecurityInfo;
+
+  PLDHashTable mTransferringRequests;
+};
+
+#endif // nsSecureBrowserUIImpl_h
diff --git a/security/manager/ssl/nsSecurityHeaderParser.cpp b/security/manager/ssl/nsSecurityHeaderParser.cpp
new file mode 100644
index 000000000..9fb9f0d6d
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.cpp
@@ -0,0 +1,244 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSecurityHeaderParser.h"
+#include "mozilla/Logging.h"
+
+// The character classes in this file are informed by [RFC2616], Section 2.2.
+// signed char is a signed data type one byte (8 bits) wide, so its value can
+// never be greater than 127. The following implicitly makes use of this.
+
+// A token is one or more CHAR except CTLs or separators.
+// A CHAR is any US-ASCII character (octets 0 - 127).
+// A CTL is any US-ASCII control character (octets 0 - 31) and DEL (127).
+// A separator is one of ()<>@,;:\"/[]?={} as well as space and
+// horizontal-tab (32 and 9, respectively).
+// So, this returns true if chr is any octet 33-126 except ()<>@,;:\"/[]?={}
+bool
+IsTokenSymbol(signed char chr) {
+  if (chr < 33 || chr == 127 ||
+      chr == '(' || chr == ')' || chr == '<' || chr == '>' ||
+      chr == '@' || chr == ',' || chr == ';' || chr == ':' ||
+      chr == '"' || chr == '/' || chr == '[' || chr == ']' ||
+      chr == '?' || chr == '=' || chr == '{' || chr == '}' || chr == '\\') {
+    return false;
+  }
+  return true;
+}
+
+// A quoted-string consists of a quote (") followed by any amount of
+// qdtext or quoted-pair, followed by a quote.
+// qdtext is any TEXT except a quote.
+// TEXT is any 8-bit octet except CTLs, but including LWS.
+// quoted-pair is a backslash (\) followed by a CHAR.
+// So, it turns out, \ can't really be a qdtext symbol for our purposes.
+// This returns true if chr is any octet 9,10,13,32-126 except <"> or "\"
+bool
+IsQuotedTextSymbol(signed char chr) {
+  return ((chr >= 32 && chr != '"' && chr != '\\' && chr != 127) ||
+          chr == 0x9 || chr == 0xa || chr == 0xd);
+}
+
+// The octet following the "\" in a quoted pair can be anything 0-127.
+bool
+IsQuotedPairSymbol(signed char chr) {
+  return (chr >= 0);
+}
+
+static mozilla::LazyLogModule sSHParserLog("nsSecurityHeaderParser");
+
+#define SHPARSERLOG(args) MOZ_LOG(sSHParserLog, mozilla::LogLevel::Debug, args)
+
+nsSecurityHeaderParser::nsSecurityHeaderParser(const char *aHeader)
+  : mCursor(aHeader)
+  , mError(false)
+{
+}
+
+nsSecurityHeaderParser::~nsSecurityHeaderParser() {
+  nsSecurityHeaderDirective *directive;
+  while ((directive = mDirectives.popFirst())) {
+    delete directive;
+  }
+}
+
+mozilla::LinkedList<nsSecurityHeaderDirective> *
+nsSecurityHeaderParser::GetDirectives() {
+  return &mDirectives;
+}
+
+nsresult
+nsSecurityHeaderParser::Parse() {
+  MOZ_ASSERT(mDirectives.isEmpty());
+  SHPARSERLOG(("trying to parse '%s'", mCursor));
+
+  Header();
+
+  // if we didn't consume the entire input, we were unable to parse it => error
+  if (mError || *mCursor) {
+    return NS_ERROR_FAILURE;
+  } else {
+    return NS_OK;
+  }
+}
+
+bool
+nsSecurityHeaderParser::Accept(char aChr)
+{
+  if (*mCursor == aChr) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+bool
+nsSecurityHeaderParser::Accept(bool (*aClassifier) (signed char))
+{
+  if (aClassifier(*mCursor)) {
+    Advance();
+    return true;
+  }
+
+  return false;
+}
+
+void
+nsSecurityHeaderParser::Expect(char aChr)
+{
+  if (*mCursor != aChr) {
+    mError = true;
+  } else {
+    Advance();
+  }
+}
+
+void
+nsSecurityHeaderParser::Advance()
+{
+  // Technically, 0 is valid in quoted-pair, but we were handed a
+  // null-terminated const char *, so this doesn't handle that.
+  if (*mCursor) {
+    mOutput.Append(*mCursor);
+    mCursor++;
+  } else {
+    mError = true;
+  }
+}
+
+void
+nsSecurityHeaderParser::Header()
+{
+  Directive();
+  while (Accept(';')) {
+    Directive();
+  }
+}
+
+void
+nsSecurityHeaderParser::Directive()
+{
+  mDirective = new nsSecurityHeaderDirective();
+  LWSMultiple();
+  DirectiveName();
+  LWSMultiple();
+  if (Accept('=')) {
+    LWSMultiple();
+    DirectiveValue();
+    LWSMultiple();
+  }
+  mDirectives.insertBack(mDirective);
+  SHPARSERLOG(("read directive name '%s', value '%s'",
+               mDirective->mName.Data(), mDirective->mValue.Data()));
+}
+
+void
+nsSecurityHeaderParser::DirectiveName()
+{
+  mOutput.Truncate(0);
+  Token();
+  mDirective->mName.Assign(mOutput);
+}
+
+void
+nsSecurityHeaderParser::DirectiveValue()
+{
+  mOutput.Truncate(0);
+  if (Accept(IsTokenSymbol)) {
+    Token();
+    mDirective->mValue.Assign(mOutput);
+  } else if (Accept('"')) {
+    // Accept advances the cursor if successful, which appends a character to
+    // mOutput. The " is not part of what we want to capture, so truncate
+    // mOutput again.
+    mOutput.Truncate(0);
+    QuotedString();
+    mDirective->mValue.Assign(mOutput);
+    Expect('"');
+  }
+}
+
+void
+nsSecurityHeaderParser::Token()
+{
+  while (Accept(IsTokenSymbol));
+}
+
+void
+nsSecurityHeaderParser::QuotedString()
+{
+  while (true) {
+    if (Accept(IsQuotedTextSymbol)) {
+      QuotedText();
+    } else if (Accept('\\')) {
+      QuotedPair();
+    } else {
+      break;
+    }
+  }
+}
+
+void
+nsSecurityHeaderParser::QuotedText()
+{
+  while (Accept(IsQuotedTextSymbol));
+}
+
+void
+nsSecurityHeaderParser::QuotedPair()
+{
+  Accept(IsQuotedPairSymbol);
+}
+
+void
+nsSecurityHeaderParser::LWSMultiple()
+{
+  while (true) {
+    if (Accept('\r')) {
+      LWSCRLF();
+    } else if (Accept(' ') || Accept('\t')) {
+      LWS();
+    } else {
+      break;
+    }
+  }
+}
+
+void
+nsSecurityHeaderParser::LWSCRLF() {
+  Expect('\n');
+  if (!(Accept(' ') || Accept('\t'))) {
+    mError = true;
+  }
+  LWS();
+}
+
+void
+nsSecurityHeaderParser::LWS()
+{
+  // Note that becaue of how we're called, we don't have to check for
+  // the mandatory presense of at least one of SP or HT.
+  while (Accept(' ') || Accept('\t'));
+}
diff --git a/security/manager/ssl/nsSecurityHeaderParser.h b/security/manager/ssl/nsSecurityHeaderParser.h
new file mode 100644
index 000000000..eee29127e
--- /dev/null
+++ b/security/manager/ssl/nsSecurityHeaderParser.h
@@ -0,0 +1,74 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSecurityHeaderParser_h__
+#define nsSecurityHeaderParser_h__
+
+#include "nsString.h"
+#include "mozilla/LinkedList.h"
+#include "nsCOMPtr.h"
+
+// Utility class for handing back parsed directives and (optional) values
+class nsSecurityHeaderDirective : public mozilla::LinkedListElement<nsSecurityHeaderDirective> {
+public:
+  nsCString mName;
+  nsCString mValue;
+};
+
+// This class parses security-related HTTP headers like
+// Strict-Transport-Security. The Augmented Backus-Naur Form syntax for this
+// header is reproduced below, for reference:
+//
+//   Strict-Transport-Security = "Strict-Transport-Security" ":"
+//                               [ directive ]  *( ";" [ directive ] )
+//
+//   directive                 = directive-name [ "=" directive-value ]
+//   directive-name            = token
+//   directive-value           = token | quoted-string
+//
+//   where:
+//
+//   token          = <token, defined in [RFC2616], Section 2.2>
+//   quoted-string  = <quoted-string, defined in [RFC2616], Section 2.2>/
+//
+// For further reference, see [RFC6797], Section 6.1
+
+class nsSecurityHeaderParser {
+public:
+  explicit nsSecurityHeaderParser(const char *aHeader);
+  ~nsSecurityHeaderParser();
+
+  // Only call Parse once.
+  nsresult Parse();
+  // The caller does not take ownership of the memory returned here.
+  mozilla::LinkedList<nsSecurityHeaderDirective> *GetDirectives();
+
+private:
+  bool Accept(char aChr);
+  bool Accept(bool (*aClassifier) (signed char));
+  void Expect(char aChr);
+  void Advance();
+  void Header();         // header = [ directive ] *( ";" [ directive ] )
+  void Directive();      // directive = directive-name [ "=" directive-value ]
+  void DirectiveName();  // directive-name = token
+  void DirectiveValue(); // directive-value = token | quoted-string
+  void Token();          // token = 1*<any CHAR except CTLs or separators>
+  void QuotedString();   // quoted-string = (<"> *( qdtext | quoted-pair ) <">)
+  void QuotedText();     // qdtext = <any TEXT except <"> and "\">
+  void QuotedPair();     // quoted-pair = "\" CHAR
+
+                         // LWS = [CRLF] 1*( SP | HT )
+  void LWSMultiple();    // Handles *( LWS )
+  void LWSCRLF();        // Handles the [CRLF] part of LWS
+  void LWS();            // Handles the 1*( SP | HT ) part of LWS
+
+  mozilla::LinkedList<nsSecurityHeaderDirective> mDirectives;
+  const char *mCursor;
+  nsSecurityHeaderDirective *mDirective;
+
+  nsCString mOutput;
+  bool mError;
+};
+
+#endif /* nsSecurityHeaderParser_h__ */
diff --git a/security/manager/ssl/nsSiteSecurityService.cpp b/security/manager/ssl/nsSiteSecurityService.cpp
new file mode 100644
index 000000000..322ef6570
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -0,0 +1,1302 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSiteSecurityService.h"
+
+#include "mozilla/LinkedList.h"
+#include "mozilla/Preferences.h"
+#include "mozilla/Base64.h"
+#include "base64.h"
+#include "CertVerifier.h"
+#include "nsCRTGlue.h"
+#include "nsISSLStatus.h"
+#include "nsISocketProvider.h"
+#include "nsIURI.h"
+#include "nsIX509Cert.h"
+#include "nsNetUtil.h"
+#include "nsNSSComponent.h"
+#include "nsSecurityHeaderParser.h"
+#include "nsString.h"
+#include "nsThreadUtils.h"
+#include "nsXULAppAPI.h"
+#include "pkix/pkixtypes.h"
+#include "plstr.h"
+#include "mozilla/Logging.h"
+#include "prnetdb.h"
+#include "prprf.h"
+#include "PublicKeyPinningService.h"
+#include "ScopedNSSTypes.h"
+#include "SharedCertVerifier.h"
+
+// A note about the preload list:
+// When a site specifically disables HSTS by sending a header with
+// 'max-age: 0', we keep a "knockout" value that means "we have no information
+// regarding the HSTS state of this host" (any ancestor of "this host" can still
+// influence its HSTS status via include subdomains, however).
+// This prevents the preload list from overriding the site's current
+// desired HSTS status.
+#include "nsSTSPreloadList.inc"
+
+using namespace mozilla;
+using namespace mozilla::psm;
+
+static LazyLogModule gSSSLog("nsSSService");
+
+#define SSSLOG(args) MOZ_LOG(gSSSLog, mozilla::LogLevel::Debug, args)
+
+////////////////////////////////////////////////////////////////////////////////
+
+SiteHSTSState::SiteHSTSState(nsCString& aStateString)
+  : mHSTSExpireTime(0)
+  , mHSTSState(SecurityPropertyUnset)
+  , mHSTSIncludeSubdomains(false)
+{
+  uint32_t hstsState = 0;
+  uint32_t hstsIncludeSubdomains = 0; // PR_sscanf doesn't handle bools.
+  int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu",
+                              &mHSTSExpireTime, &hstsState,
+                              &hstsIncludeSubdomains);
+  bool valid = (matches == 3 &&
+                (hstsIncludeSubdomains == 0 || hstsIncludeSubdomains == 1) &&
+                ((SecurityPropertyState)hstsState == SecurityPropertyUnset ||
+                 (SecurityPropertyState)hstsState == SecurityPropertySet ||
+                 (SecurityPropertyState)hstsState == SecurityPropertyKnockout ||
+                 (SecurityPropertyState)hstsState == SecurityPropertyNegative));
+  if (valid) {
+    mHSTSState = (SecurityPropertyState)hstsState;
+    mHSTSIncludeSubdomains = (hstsIncludeSubdomains == 1);
+  } else {
+    SSSLOG(("%s is not a valid SiteHSTSState", aStateString.get()));
+    mHSTSExpireTime = 0;
+    mHSTSState = SecurityPropertyUnset;
+    mHSTSIncludeSubdomains = false;
+  }
+}
+
+SiteHSTSState::SiteHSTSState(PRTime aHSTSExpireTime,
+                             SecurityPropertyState aHSTSState,
+                             bool aHSTSIncludeSubdomains)
+
+  : mHSTSExpireTime(aHSTSExpireTime)
+  , mHSTSState(aHSTSState)
+  , mHSTSIncludeSubdomains(aHSTSIncludeSubdomains)
+{
+}
+
+void
+SiteHSTSState::ToString(nsCString& aString)
+{
+  aString.Truncate();
+  aString.AppendInt(mHSTSExpireTime);
+  aString.Append(',');
+  aString.AppendInt(mHSTSState);
+  aString.Append(',');
+  aString.AppendInt(static_cast<uint32_t>(mHSTSIncludeSubdomains));
+}
+
+////////////////////////////////////////////////////////////////////////////////
+static bool
+stringIsBase64EncodingOf256bitValue(nsCString& encodedString) {
+  nsAutoCString binaryValue;
+  nsresult rv = mozilla::Base64Decode(encodedString, binaryValue);
+  if (NS_FAILED(rv)) {
+    return false;
+  }
+  if (binaryValue.Length() != SHA256_LENGTH) {
+    return false;
+  }
+  return true;
+}
+
+SiteHPKPState::SiteHPKPState()
+  : mExpireTime(0)
+  , mState(SecurityPropertyUnset)
+  , mIncludeSubdomains(false)
+{
+}
+
+SiteHPKPState::SiteHPKPState(nsCString& aStateString)
+  : mExpireTime(0)
+  , mState(SecurityPropertyUnset)
+  , mIncludeSubdomains(false)
+{
+  uint32_t hpkpState = 0;
+  uint32_t hpkpIncludeSubdomains = 0; // PR_sscanf doesn't handle bools.
+  const uint32_t MaxMergedHPKPPinSize = 1024;
+  char mergedHPKPins[MaxMergedHPKPPinSize];
+  memset(mergedHPKPins, 0, MaxMergedHPKPPinSize);
+
+  if (aStateString.Length() >= MaxMergedHPKPPinSize) {
+    SSSLOG(("SSS: Cannot parse PKPState string, too large\n"));
+    return;
+  }
+
+  int32_t matches = PR_sscanf(aStateString.get(), "%lld,%lu,%lu,%s",
+                              &mExpireTime, &hpkpState,
+                              &hpkpIncludeSubdomains, mergedHPKPins);
+  bool valid = (matches == 4 &&
+                (hpkpIncludeSubdomains == 0 || hpkpIncludeSubdomains == 1) &&
+                ((SecurityPropertyState)hpkpState == SecurityPropertyUnset ||
+                 (SecurityPropertyState)hpkpState == SecurityPropertySet ||
+                 (SecurityPropertyState)hpkpState == SecurityPropertyKnockout));
+
+  SSSLOG(("SSS: loading SiteHPKPState matches=%d\n", matches));
+  const uint32_t SHA256Base64Len = 44;
+
+  if (valid && (SecurityPropertyState)hpkpState == SecurityPropertySet) {
+    // try to expand the merged PKPins
+    const char* cur = mergedHPKPins;
+    nsAutoCString pin;
+    uint32_t collectedLen = 0;
+    mergedHPKPins[MaxMergedHPKPPinSize - 1] = 0;
+    size_t totalLen = strlen(mergedHPKPins);
+    while (collectedLen + SHA256Base64Len <= totalLen) {
+      pin.Assign(cur, SHA256Base64Len);
+      if (stringIsBase64EncodingOf256bitValue(pin)) {
+        mSHA256keys.AppendElement(pin);
+      }
+      cur += SHA256Base64Len;
+      collectedLen += SHA256Base64Len;
+    }
+    if (mSHA256keys.IsEmpty()) {
+      valid = false;
+    }
+  }
+  if (valid) {
+    mState = (SecurityPropertyState)hpkpState;
+    mIncludeSubdomains = (hpkpIncludeSubdomains == 1);
+  } else {
+    SSSLOG(("%s is not a valid SiteHPKPState", aStateString.get()));
+    mExpireTime = 0;
+    mState = SecurityPropertyUnset;
+    mIncludeSubdomains = false;
+    if (!mSHA256keys.IsEmpty()) {
+      mSHA256keys.Clear();
+    }
+  }
+}
+
+SiteHPKPState::SiteHPKPState(PRTime aExpireTime,
+                             SecurityPropertyState aState,
+                             bool aIncludeSubdomains,
+                             nsTArray<nsCString>& aSHA256keys)
+  : mExpireTime(aExpireTime)
+  , mState(aState)
+  , mIncludeSubdomains(aIncludeSubdomains)
+  , mSHA256keys(aSHA256keys)
+{
+}
+
+void
+SiteHPKPState::ToString(nsCString& aString)
+{
+  aString.Truncate();
+  aString.AppendInt(mExpireTime);
+  aString.Append(',');
+  aString.AppendInt(mState);
+  aString.Append(',');
+  aString.AppendInt(static_cast<uint32_t>(mIncludeSubdomains));
+  aString.Append(',');
+  for (unsigned int i = 0; i < mSHA256keys.Length(); i++) {
+    aString.Append(mSHA256keys[i]);
+  }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+
+const uint64_t kSixtyDaysInSeconds = 60 * 24 * 60 * 60;
+
+nsSiteSecurityService::nsSiteSecurityService()
+  : mMaxMaxAge(kSixtyDaysInSeconds)
+  , mUsePreloadList(true)
+  , mPreloadListTimeOffset(0)
+{
+}
+
+nsSiteSecurityService::~nsSiteSecurityService()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsSiteSecurityService,
+                  nsIObserver,
+                  nsISiteSecurityService)
+
+nsresult
+nsSiteSecurityService::Init()
+{
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("nsSiteSecurityService initialized off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  mMaxMaxAge = mozilla::Preferences::GetInt(
+    "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds);
+  mozilla::Preferences::AddStrongObserver(this,
+    "security.cert_pinning.max_max_age_seconds");
+  mUsePreloadList = mozilla::Preferences::GetBool(
+    "network.stricttransportsecurity.preloadlist", true);
+  mozilla::Preferences::AddStrongObserver(this,
+    "network.stricttransportsecurity.preloadlist");
+  mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
+    "security.cert_pinning.process_headers_from_non_builtin_roots", false);
+  mozilla::Preferences::AddStrongObserver(this,
+    "security.cert_pinning.process_headers_from_non_builtin_roots");
+  mPreloadListTimeOffset = mozilla::Preferences::GetInt(
+    "test.currentTimeOffsetSeconds", 0);
+  mozilla::Preferences::AddStrongObserver(this,
+    "test.currentTimeOffsetSeconds");
+  mSiteStateStorage =
+    mozilla::DataStorage::Get(NS_LITERAL_STRING("SiteSecurityServiceState.txt"));
+  mPreloadStateStorage =
+    mozilla::DataStorage::Get(NS_LITERAL_STRING("SecurityPreloadState.txt"));
+  bool storageWillPersist = false;
+  bool preloadStorageWillPersist = false;
+  nsresult rv = mSiteStateStorage->Init(storageWillPersist);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  rv = mPreloadStateStorage->Init(preloadStorageWillPersist);
+  if (NS_WARN_IF(NS_FAILED(rv))) {
+    return rv;
+  }
+  // This is not fatal. There are some cases where there won't be a
+  // profile directory (e.g. running xpcshell). There isn't the
+  // expectation that site information will be presisted in those cases.
+  if (!storageWillPersist || !preloadStorageWillPersist) {
+    NS_WARNING("site security information will not be persisted");
+  }
+
+  return NS_OK;
+}
+
+nsresult
+nsSiteSecurityService::GetHost(nsIURI* aURI, nsACString& aResult)
+{
+  nsCOMPtr<nsIURI> innerURI = NS_GetInnermostURI(aURI);
+  if (!innerURI) {
+    return NS_ERROR_FAILURE;
+  }
+
+  nsAutoCString host;
+  nsresult rv = innerURI->GetAsciiHost(host);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  aResult.Assign(PublicKeyPinningService::CanonicalizeHostname(host.get()));
+  if (aResult.IsEmpty()) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  return NS_OK;
+}
+
+static void
+SetStorageKey(nsAutoCString& storageKey, nsCString& hostname, uint32_t aType)
+{
+  storageKey = hostname;
+  switch (aType) {
+    case nsISiteSecurityService::HEADER_HSTS:
+      storageKey.AppendLiteral(":HSTS");
+      break;
+    case nsISiteSecurityService::HEADER_HPKP:
+      storageKey.AppendLiteral(":HPKP");
+      break;
+    default:
+      NS_ASSERTION(false, "SSS:SetStorageKey got invalid type");
+  }
+}
+
+// Expire times are in millis.  Since Headers max-age is in seconds, and
+// PR_Now() is in micros, normalize the units at milliseconds.
+static int64_t
+ExpireTimeFromMaxAge(uint64_t maxAge)
+{
+  return (PR_Now() / PR_USEC_PER_MSEC) + ((int64_t)maxAge * PR_MSEC_PER_SEC);
+}
+
+nsresult
+nsSiteSecurityService::SetHSTSState(uint32_t aType,
+                                    nsIURI* aSourceURI,
+                                    int64_t maxage,
+                                    bool includeSubdomains,
+                                    uint32_t flags,
+                                    SecurityPropertyState aHSTSState)
+{
+  // If max-age is zero, that's an indication to immediately remove the
+  // security state, so here's a shortcut.
+  if (!maxage) {
+    return RemoveState(aType, aSourceURI, flags);
+  }
+
+  MOZ_ASSERT((aHSTSState == SecurityPropertySet ||
+              aHSTSState == SecurityPropertyNegative),
+      "HSTS State must be SecurityPropertySet or SecurityPropertyNegative");
+
+  int64_t expiretime = ExpireTimeFromMaxAge(maxage);
+  SiteHSTSState siteState(expiretime, aHSTSState, includeSubdomains);
+  nsAutoCString stateString;
+  siteState.ToString(stateString);
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aSourceURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+  SSSLOG(("SSS: setting state for %s", hostname.get()));
+  bool isPrivate = flags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, hostname, aType);
+  rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::CacheNegativeHSTSResult(nsIURI* aSourceURI,
+                                               uint64_t aMaxAge)
+{
+  return SetHSTSState(nsISiteSecurityService::HEADER_HSTS, aSourceURI,
+                      aMaxAge, false, 0, SecurityPropertyNegative);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::RemoveState(uint32_t aType, nsIURI* aURI,
+                                   uint32_t aFlags)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::RemoveState");
+   }
+
+  // Only HSTS is supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  // If this host is in the preload list, we have to store a knockout entry.
+  if (GetPreloadListEntry(hostname.get())) {
+    SSSLOG(("SSS: storing knockout entry for %s", hostname.get()));
+    SiteHSTSState siteState(0, SecurityPropertyKnockout, false);
+    nsAutoCString stateString;
+    siteState.ToString(stateString);
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, hostname, aType);
+    rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+    NS_ENSURE_SUCCESS(rv, rv);
+  } else {
+    SSSLOG(("SSS: removing entry for %s", hostname.get()));
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, hostname, aType);
+    mSiteStateStorage->Remove(storageKey, storageType);
+  }
+
+  return NS_OK;
+}
+
+static bool
+HostIsIPAddress(const char *hostname)
+{
+  PRNetAddr hostAddr;
+  return (PR_StringToNetAddr(hostname, &hostAddr) == PR_SUCCESS);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ProcessHeader(uint32_t aType,
+                                     nsIURI* aSourceURI,
+                                     const char* aHeader,
+                                     nsISSLStatus* aSSLStatus,
+                                     uint32_t aFlags,
+                                     uint64_t* aMaxAge,
+                                     bool* aIncludeSubdomains,
+                                     uint32_t* aFailureResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ProcessHeader");
+   }
+
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  NS_ENSURE_ARG(aSSLStatus);
+  return ProcessHeaderInternal(aType, aSourceURI, aHeader, aSSLStatus, aFlags,
+                               aMaxAge, aIncludeSubdomains, aFailureResult);
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::UnsafeProcessHeader(uint32_t aType,
+                                           nsIURI* aSourceURI,
+                                           const char* aHeader,
+                                           uint32_t aFlags,
+                                           uint64_t* aMaxAge,
+                                           bool* aIncludeSubdomains,
+                                           uint32_t* aFailureResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::UnsafeProcessHeader");
+   }
+
+  return ProcessHeaderInternal(aType, aSourceURI, aHeader, nullptr, aFlags,
+                               aMaxAge, aIncludeSubdomains, aFailureResult);
+}
+
+nsresult
+nsSiteSecurityService::ProcessHeaderInternal(uint32_t aType,
+                                             nsIURI* aSourceURI,
+                                             const char* aHeader,
+                                             nsISSLStatus* aSSLStatus,
+                                             uint32_t aFlags,
+                                             uint64_t* aMaxAge,
+                                             bool* aIncludeSubdomains,
+                                             uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = 0;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = false;
+  }
+
+  if (aSSLStatus) {
+    bool tlsIsBroken = false;
+    bool trustcheck;
+    nsresult rv;
+    rv = aSSLStatus->GetIsDomainMismatch(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+
+    rv = aSSLStatus->GetIsNotValidAtThisTime(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+
+    rv = aSSLStatus->GetIsUntrusted(&trustcheck);
+    NS_ENSURE_SUCCESS(rv, rv);
+    tlsIsBroken = tlsIsBroken || trustcheck;
+    if (tlsIsBroken) {
+       SSSLOG(("SSS: discarding header from untrustworthy connection"));
+       if (aFailureResult) {
+         *aFailureResult = nsISiteSecurityService::ERROR_UNTRUSTWORTHY_CONNECTION;
+       }
+      return NS_ERROR_FAILURE;
+    }
+  }
+
+  nsAutoCString host;
+  nsresult rv = GetHost(aSourceURI, host);
+  NS_ENSURE_SUCCESS(rv, rv);
+  if (HostIsIPAddress(host.get())) {
+    /* Don't process headers if a site is accessed by IP address. */
+    return NS_OK;
+  }
+
+  switch (aType) {
+    case nsISiteSecurityService::HEADER_HSTS:
+      rv = ProcessSTSHeader(aSourceURI, aHeader, aFlags, aMaxAge,
+                            aIncludeSubdomains, aFailureResult);
+      break;
+    case nsISiteSecurityService::HEADER_HPKP:
+      rv = ProcessPKPHeader(aSourceURI, aHeader, aSSLStatus, aFlags, aMaxAge,
+                            aIncludeSubdomains, aFailureResult);
+      break;
+    default:
+      MOZ_CRASH("unexpected header type");
+  }
+  return rv;
+}
+
+static uint32_t
+ParseSSSHeaders(uint32_t aType,
+                const char* aHeader,
+                bool& foundIncludeSubdomains,
+                bool& foundMaxAge,
+                bool& foundUnrecognizedDirective,
+                uint64_t& maxAge,
+                nsTArray<nsCString>& sha256keys)
+{
+  // Strict transport security and Public Key Pinning have very similar
+  // Header formats.
+
+  // "Strict-Transport-Security" ":" OWS
+  //      STS-d  *( OWS ";" OWS STS-d  OWS)
+  //
+  //  ; STS directive
+  //  STS-d      = maxAge / includeSubDomains
+  //
+  //  maxAge     = "max-age" "=" delta-seconds v-ext
+  //
+  //  includeSubDomains = [ "includeSubDomains" ]
+  //
+
+  // "Public-Key-Pins ":" OWS
+  //      PKP-d  *( OWS ";" OWS PKP-d  OWS)
+  //
+  //  ; PKP directive
+  //  PKP-d      = maxAge / includeSubDomains / reportUri / pin-directive
+  //
+  //  maxAge     = "max-age" "=" delta-seconds v-ext
+  //
+  //  includeSubDomains = [ "includeSubDomains" ]
+  //
+  //  reportURi  = "report-uri" "=" quoted-string
+  //
+  //  pin-directive = "pin-" token "=" quoted-string
+  //
+  //  the only valid token currently specified is sha256
+  //  the quoted string for a pin directive is the base64 encoding
+  //  of the hash of the public key of the fingerprint
+  //
+
+  //  The order of the directives is not significant.
+  //  All directives must appear only once.
+  //  Directive names are case-insensitive.
+  //  The entire header is invalid if a directive not conforming to the
+  //  syntax is encountered.
+  //  Unrecognized directives (that are otherwise syntactically valid) are
+  //  ignored, and the rest of the header is parsed as normal.
+
+  bool foundReportURI = false;
+
+  NS_NAMED_LITERAL_CSTRING(max_age_var, "max-age");
+  NS_NAMED_LITERAL_CSTRING(include_subd_var, "includesubdomains");
+  NS_NAMED_LITERAL_CSTRING(pin_sha256_var, "pin-sha256");
+  NS_NAMED_LITERAL_CSTRING(report_uri_var, "report-uri");
+
+  nsSecurityHeaderParser parser(aHeader);
+  nsresult rv = parser.Parse();
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: could not parse header"));
+    return nsISiteSecurityService::ERROR_COULD_NOT_PARSE_HEADER;
+  }
+  mozilla::LinkedList<nsSecurityHeaderDirective>* directives = parser.GetDirectives();
+
+  for (nsSecurityHeaderDirective* directive = directives->getFirst();
+       directive != nullptr; directive = directive->getNext()) {
+    SSSLOG(("SSS: found directive %s\n", directive->mName.get()));
+    if (directive->mName.Length() == max_age_var.Length() &&
+        directive->mName.EqualsIgnoreCase(max_age_var.get(),
+                                          max_age_var.Length())) {
+      if (foundMaxAge) {
+        SSSLOG(("SSS: found two max-age directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_MAX_AGES;
+      }
+
+      SSSLOG(("SSS: found max-age directive"));
+      foundMaxAge = true;
+
+      size_t len = directive->mValue.Length();
+      for (size_t i = 0; i < len; i++) {
+        char chr = directive->mValue.CharAt(i);
+        if (chr < '0' || chr > '9') {
+          SSSLOG(("SSS: invalid value for max-age directive"));
+          return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+        }
+      }
+
+      if (PR_sscanf(directive->mValue.get(), "%llu", &maxAge) != 1) {
+        SSSLOG(("SSS: could not parse delta-seconds"));
+        return nsISiteSecurityService::ERROR_INVALID_MAX_AGE;
+      }
+
+      SSSLOG(("SSS: parsed delta-seconds: %llu", maxAge));
+    } else if (directive->mName.Length() == include_subd_var.Length() &&
+               directive->mName.EqualsIgnoreCase(include_subd_var.get(),
+                                                 include_subd_var.Length())) {
+      if (foundIncludeSubdomains) {
+        SSSLOG(("SSS: found two includeSubdomains directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_INCLUDE_SUBDOMAINS;
+      }
+
+      SSSLOG(("SSS: found includeSubdomains directive"));
+      foundIncludeSubdomains = true;
+
+      if (directive->mValue.Length() != 0) {
+        SSSLOG(("SSS: includeSubdomains directive unexpectedly had value '%s'",
+                directive->mValue.get()));
+        return nsISiteSecurityService::ERROR_INVALID_INCLUDE_SUBDOMAINS;
+      }
+    } else if (aType == nsISiteSecurityService::HEADER_HPKP &&
+               directive->mName.Length() == pin_sha256_var.Length() &&
+               directive->mName.EqualsIgnoreCase(pin_sha256_var.get(),
+                                                 pin_sha256_var.Length())) {
+       SSSLOG(("SSS: found pinning entry '%s' length=%d",
+               directive->mValue.get(), directive->mValue.Length()));
+       if (!stringIsBase64EncodingOf256bitValue(directive->mValue)) {
+         return nsISiteSecurityService::ERROR_INVALID_PIN;
+       }
+       sha256keys.AppendElement(directive->mValue);
+   } else if (aType == nsISiteSecurityService::HEADER_HPKP &&
+              directive->mName.Length() == report_uri_var.Length() &&
+              directive->mName.EqualsIgnoreCase(report_uri_var.get(),
+                                                report_uri_var.Length())) {
+       // We don't support the report-uri yet, but to avoid unrecognized
+       // directive warnings, we still have to handle its presence
+      if (foundReportURI) {
+        SSSLOG(("SSS: found two report-uri directives"));
+        return nsISiteSecurityService::ERROR_MULTIPLE_REPORT_URIS;
+      }
+      SSSLOG(("SSS: found report-uri directive"));
+      foundReportURI = true;
+   } else {
+      SSSLOG(("SSS: ignoring unrecognized directive '%s'",
+              directive->mName.get()));
+      foundUnrecognizedDirective = true;
+    }
+  }
+  return nsISiteSecurityService::Success;
+}
+
+nsresult
+nsSiteSecurityService::ProcessPKPHeader(nsIURI* aSourceURI,
+                                        const char* aHeader,
+                                        nsISSLStatus* aSSLStatus,
+                                        uint32_t aFlags,
+                                        uint64_t* aMaxAge,
+                                        bool* aIncludeSubdomains,
+                                        uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  SSSLOG(("SSS: processing HPKP header '%s'", aHeader));
+  NS_ENSURE_ARG(aSSLStatus);
+
+  const uint32_t aType = nsISiteSecurityService::HEADER_HPKP;
+  bool foundMaxAge = false;
+  bool foundIncludeSubdomains = false;
+  bool foundUnrecognizedDirective = false;
+  uint64_t maxAge = 0;
+  nsTArray<nsCString> sha256keys;
+  uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains,
+                                   foundMaxAge, foundUnrecognizedDirective,
+                                   maxAge, sha256keys);
+  if (sssrv != nsISiteSecurityService::Success) {
+    if (aFailureResult) {
+      *aFailureResult = sssrv;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // after processing all the directives, make sure we came across max-age
+  // somewhere.
+  if (!foundMaxAge) {
+    SSSLOG(("SSS: did not encounter required max-age directive"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // before we add the pin we need to ensure it will not break the site as
+  // currently visited so:
+  // 1. recompute a valid chain (no external ocsp)
+  // 2. use this chain to check if things would have broken!
+  nsAutoCString host;
+  nsresult rv = GetHost(aSourceURI, host);
+  NS_ENSURE_SUCCESS(rv, rv);
+  nsCOMPtr<nsIX509Cert> cert;
+  rv = aSSLStatus->GetServerCert(getter_AddRefs(cert));
+  NS_ENSURE_SUCCESS(rv, rv);
+  NS_ENSURE_TRUE(cert, NS_ERROR_FAILURE);
+  UniqueCERTCertificate nssCert(cert->GetCert());
+  NS_ENSURE_TRUE(nssCert, NS_ERROR_FAILURE);
+
+  mozilla::pkix::Time now(mozilla::pkix::Now());
+  UniqueCERTCertList certList;
+  RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+  NS_ENSURE_TRUE(certVerifier, NS_ERROR_UNEXPECTED);
+  // We don't want this verification to cause any network traffic that would
+  // block execution. Also, since we don't have access to the original stapled
+  // OCSP response, we can't enforce this aspect of the TLS Feature extension.
+  // This is ok, because it will have been enforced when we originally connected
+  // to the site (or it's disabled, in which case we wouldn't want to enforce it
+  // anyway).
+  CertVerifier::Flags flags = CertVerifier::FLAG_LOCAL_ONLY |
+                              CertVerifier::FLAG_TLS_IGNORE_STATUS_REQUEST;
+  if (certVerifier->VerifySSLServerCert(nssCert,
+                                        nullptr, // stapledOCSPResponse
+                                        nullptr, // sctsFromTLSExtension
+                                        now, nullptr, // pinarg
+                                        host.get(), // hostname
+                                        certList,
+                                        false, // don't store intermediates
+                                        flags)
+        != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  CERTCertListNode* rootNode = CERT_LIST_TAIL(certList);
+  if (CERT_LIST_END(rootNode, certList)) {
+    return NS_ERROR_FAILURE;
+  }
+  bool isBuiltIn = false;
+  mozilla::pkix::Result result = IsCertBuiltInRoot(rootNode->cert, isBuiltIn);
+  if (result != mozilla::pkix::Success) {
+    return NS_ERROR_FAILURE;
+  }
+
+  if (!isBuiltIn && !mProcessPKPHeadersFromNonBuiltInRoots) {
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_ROOT_NOT_BUILT_IN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // if maxAge == 0 we must delete all state, for now no hole-punching
+  if (maxAge == 0) {
+    return RemoveState(aType, aSourceURI, aFlags);
+  }
+
+  // clamp maxAge to the maximum set by pref
+  if (maxAge > mMaxMaxAge) {
+    maxAge = mMaxMaxAge;
+  }
+
+  bool chainMatchesPinset;
+  rv = PublicKeyPinningService::ChainMatchesPinset(certList, sha256keys,
+                                                   chainMatchesPinset);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  if (!chainMatchesPinset) {
+    // is invalid
+    SSSLOG(("SSS: Pins provided by %s are invalid no match with certList\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_PINSET_DOES_NOT_MATCH_CHAIN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // finally we need to ensure that there is a "backup pin" ie. There must be
+  // at least one fingerprint hash that does NOT validate against the verified
+  // chain (Section 2.5 of the spec)
+  bool hasBackupPin = false;
+  for (uint32_t i = 0; i < sha256keys.Length(); i++) {
+    nsTArray<nsCString> singlePin;
+    singlePin.AppendElement(sha256keys[i]);
+    rv = PublicKeyPinningService::ChainMatchesPinset(certList, singlePin,
+                                                     chainMatchesPinset);
+    if (NS_FAILED(rv)) {
+      return rv;
+    }
+    if (!chainMatchesPinset) {
+      hasBackupPin = true;
+    }
+  }
+  if (!hasBackupPin) {
+     // is invalid
+    SSSLOG(("SSS: Pins provided by %s are invalid no backupPin\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_BACKUP_PIN;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  int64_t expireTime = ExpireTimeFromMaxAge(maxAge);
+  SiteHPKPState dynamicEntry(expireTime, SecurityPropertySet,
+                             foundIncludeSubdomains, sha256keys);
+  SSSLOG(("SSS: about to set pins for  %s, expires=%ld now=%ld maxAge=%lu\n",
+           host.get(), expireTime, PR_Now() / PR_USEC_PER_MSEC, maxAge));
+
+  rv = SetHPKPState(host.get(), dynamicEntry, aFlags, false);
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: failed to set pins for %s\n", host.get()));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE;
+    }
+    return rv;
+  }
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = maxAge;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = foundIncludeSubdomains;
+  }
+
+  return foundUnrecognizedDirective
+           ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+           : NS_OK;
+}
+
+nsresult
+nsSiteSecurityService::ProcessSTSHeader(nsIURI* aSourceURI,
+                                        const char* aHeader,
+                                        uint32_t aFlags,
+                                        uint64_t* aMaxAge,
+                                        bool* aIncludeSubdomains,
+                                        uint32_t* aFailureResult)
+{
+  if (aFailureResult) {
+    *aFailureResult = nsISiteSecurityService::ERROR_UNKNOWN;
+  }
+  SSSLOG(("SSS: processing HSTS header '%s'", aHeader));
+
+  const uint32_t aType = nsISiteSecurityService::HEADER_HSTS;
+  bool foundMaxAge = false;
+  bool foundIncludeSubdomains = false;
+  bool foundUnrecognizedDirective = false;
+  uint64_t maxAge = 0;
+  nsTArray<nsCString> unusedSHA256keys; // Required for sane internal interface
+
+  uint32_t sssrv = ParseSSSHeaders(aType, aHeader, foundIncludeSubdomains,
+                                   foundMaxAge, foundUnrecognizedDirective,
+                                   maxAge, unusedSHA256keys);
+  if (sssrv != nsISiteSecurityService::Success) {
+    if (aFailureResult) {
+      *aFailureResult = sssrv;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // after processing all the directives, make sure we came across max-age
+  // somewhere.
+  if (!foundMaxAge) {
+    SSSLOG(("SSS: did not encounter required max-age directive"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_NO_MAX_AGE;
+    }
+    return NS_ERROR_FAILURE;
+  }
+
+  // record the successfully parsed header data.
+  nsresult rv = SetHSTSState(aType, aSourceURI, maxAge, foundIncludeSubdomains,
+                             aFlags, SecurityPropertySet);
+  if (NS_FAILED(rv)) {
+    SSSLOG(("SSS: failed to set STS state"));
+    if (aFailureResult) {
+      *aFailureResult = nsISiteSecurityService::ERROR_COULD_NOT_SAVE_STATE;
+    }
+    return rv;
+  }
+
+  if (aMaxAge != nullptr) {
+    *aMaxAge = maxAge;
+  }
+
+  if (aIncludeSubdomains != nullptr) {
+    *aIncludeSubdomains = foundIncludeSubdomains;
+  }
+
+  return foundUnrecognizedDirective
+           ? NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA
+           : NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureURI(uint32_t aType, nsIURI* aURI,
+                                   uint32_t aFlags, bool* aCached,
+                                   bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureURI for non-HSTS entries");
+   }
+
+  NS_ENSURE_ARG(aURI);
+  NS_ENSURE_ARG(aResult);
+
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  nsAutoCString hostname;
+  nsresult rv = GetHost(aURI, hostname);
+  NS_ENSURE_SUCCESS(rv, rv);
+  /* An IP address never qualifies as a secure URI. */
+  if (HostIsIPAddress(hostname.get())) {
+    *aResult = false;
+    return NS_OK;
+  }
+
+  return IsSecureHost(aType, hostname.get(), aFlags, aCached, aResult);
+}
+
+int STSPreloadCompare(const void *key, const void *entry)
+{
+  const char *keyStr = (const char *)key;
+  const nsSTSPreload *preloadEntry = (const nsSTSPreload *)entry;
+  return strcmp(keyStr, &kSTSHostTable[preloadEntry->mHostIndex]);
+}
+
+// Returns the preload list entry for the given host, if it exists.
+// Only does exact host matching - the user must decide how to use the returned
+// data. May return null.
+const nsSTSPreload *
+nsSiteSecurityService::GetPreloadListEntry(const char *aHost)
+{
+  PRTime currentTime = PR_Now() + (mPreloadListTimeOffset * PR_USEC_PER_SEC);
+  if (mUsePreloadList && currentTime < gPreloadListExpirationTime) {
+    return (const nsSTSPreload *) bsearch(aHost,
+                                          kSTSPreloadList,
+                                          mozilla::ArrayLength(kSTSPreloadList),
+                                          sizeof(nsSTSPreload),
+                                          STSPreloadCompare);
+  }
+
+  return nullptr;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::IsSecureHost(uint32_t aType, const char* aHost,
+                                    uint32_t aFlags, bool* aCached,
+                                    bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess() && aType != nsISiteSecurityService::HEADER_HSTS) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::IsSecureHost for non-HSTS entries");
+   }
+
+  NS_ENSURE_ARG(aHost);
+  NS_ENSURE_ARG(aResult);
+
+  // Only HSTS and HPKP are supported at the moment.
+  NS_ENSURE_TRUE(aType == nsISiteSecurityService::HEADER_HSTS ||
+                 aType == nsISiteSecurityService::HEADER_HPKP,
+                 NS_ERROR_NOT_IMPLEMENTED);
+
+  // set default in case if we can't find any STS information
+  *aResult = false;
+  if (aCached) {
+    *aCached = false;
+  }
+
+  /* An IP address never qualifies as a secure URI. */
+  if (HostIsIPAddress(aHost)) {
+    return NS_OK;
+  }
+
+  if (aType == nsISiteSecurityService::HEADER_HPKP) {
+    RefPtr<SharedCertVerifier> certVerifier(GetDefaultCertVerifier());
+    if (!certVerifier) {
+      return NS_ERROR_FAILURE;
+    }
+    if (certVerifier->mPinningMode ==
+        CertVerifier::PinningMode::pinningDisabled) {
+      return NS_OK;
+    }
+    bool enforceTestMode = certVerifier->mPinningMode ==
+                           CertVerifier::PinningMode::pinningEnforceTestMode;
+    return PublicKeyPinningService::HostHasPins(aHost, mozilla::pkix::Now(),
+                                                enforceTestMode, *aResult);
+  }
+
+  // Holepunch chart.apis.google.com and subdomains.
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost));
+  if (host.EqualsLiteral("chart.apis.google.com") ||
+      StringEndsWith(host, NS_LITERAL_CSTRING(".chart.apis.google.com"))) {
+    if (aCached) {
+      *aCached = true;
+    }
+    return NS_OK;
+  }
+
+  const nsSTSPreload *preload = nullptr;
+
+  // First check the exact host. This involves first checking for an entry in
+  // site security storage. If that entry exists, we don't want to check
+  // in the preload list. We only want to use the stored value if it is not a
+  // knockout entry, however.
+  // Additionally, if it is a knockout entry, we want to stop looking for data
+  // on the host, because the knockout entry indicates "we have no information
+  // regarding the security status of this host".
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, aType);
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+  SiteHSTSState siteState(value);
+  if (siteState.mHSTSState != SecurityPropertyUnset) {
+    SSSLOG(("Found entry for %s", host.get()));
+    bool expired = siteState.IsExpired(aType);
+    if (!expired) {
+      if (aCached) {
+        *aCached = true;
+      }
+      if (siteState.mHSTSState == SecurityPropertySet) {
+        *aResult = true;
+        return NS_OK;
+      } else if (siteState.mHSTSState == SecurityPropertyNegative) {
+        *aResult = false;
+        return NS_OK;
+      }
+    }
+
+    // If the entry is expired and not in the preload list, we can remove it.
+    if (expired && !GetPreloadListEntry(host.get())) {
+      mSiteStateStorage->Remove(storageKey, storageType);
+    }
+  }
+  // Finally look in the preloaded list. This is the exact host,
+  // so if an entry exists at all, this host is HSTS.
+  else if (GetPreloadListEntry(host.get())) {
+    SSSLOG(("%s is a preloaded STS host", host.get()));
+    *aResult = true;
+    if (aCached) {
+      *aCached = true;
+    }
+    return NS_OK;
+  }
+
+  SSSLOG(("no HSTS data for %s found, walking up domain", host.get()));
+  const char *subdomain;
+
+  uint32_t offset = 0;
+  for (offset = host.FindChar('.', offset) + 1;
+       offset > 0;
+       offset = host.FindChar('.', offset) + 1) {
+
+    subdomain = host.get() + offset;
+
+    // If we get an empty string, don't continue.
+    if (strlen(subdomain) < 1) {
+      break;
+    }
+
+    // Do the same thing as with the exact host, except now we're looking at
+    // ancestor domains of the original host. So, we have to look at the
+    // include subdomains flag (although we still have to check for a
+    // SecurityPropertySet flag first to check that this is a secure host and
+    // not a knockout entry - and again, if it is a knockout entry, we stop
+    // looking for data on it and skip to the next higher up ancestor domain).
+    nsCString subdomainString(subdomain);
+    nsAutoCString storageKey;
+    SetStorageKey(storageKey, subdomainString, aType);
+    value = mSiteStateStorage->Get(storageKey, storageType);
+    SiteHSTSState siteState(value);
+    if (siteState.mHSTSState != SecurityPropertyUnset) {
+      SSSLOG(("Found entry for %s", subdomain));
+      bool expired = siteState.IsExpired(aType);
+      if (!expired) {
+        if (aCached) {
+          *aCached = true;
+        }
+        if (siteState.mHSTSState == SecurityPropertySet) {
+          *aResult = siteState.mHSTSIncludeSubdomains;
+          break;
+        } else if (siteState.mHSTSState == SecurityPropertyNegative) {
+          *aResult = false;
+          break;
+        }
+      }
+
+      // If the entry is expired and not in the preload list, we can remove it.
+      if (expired && !GetPreloadListEntry(subdomain)) {
+        mSiteStateStorage->Remove(storageKey, storageType);
+      }
+    }
+    // This is an ancestor, so if we get a match, we have to check if the
+    // preloaded entry includes subdomains.
+    else if ((preload = GetPreloadListEntry(subdomain)) != nullptr) {
+      if (preload->mIncludeSubdomains) {
+        SSSLOG(("%s is a preloaded STS host", subdomain));
+        *aResult = true;
+        if (aCached) {
+          *aCached = true;
+        }
+        break;
+      }
+    }
+
+    SSSLOG(("no HSTS data for %s found, walking up domain", subdomain));
+  }
+
+  // Use whatever we ended up with, which defaults to false.
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ClearAll()
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearAll");
+   }
+
+  return mSiteStateStorage->Clear();
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::ClearPreloads()
+{
+  // Child processes are not allowed direct access to this.
+  if (!XRE_IsParentProcess()) {
+    MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::ClearPreloads");
+  }
+
+  return mPreloadStateStorage->Clear();
+}
+
+bool entryStateNotOK(SiteHPKPState& state, mozilla::pkix::Time& aEvalTime) {
+  return state.mState != SecurityPropertySet || state.IsExpired(aEvalTime) ||
+         state.mSHA256keys.Length() < 1;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::GetKeyPinsForHostname(const char* aHostname,
+                                             mozilla::pkix::Time& aEvalTime,
+                                             /*out*/ nsTArray<nsCString>& pinArray,
+                                             /*out*/ bool* aIncludeSubdomains,
+                                             /*out*/ bool* afound) {
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::GetKeyPinsForHostname");
+   }
+
+  NS_ENSURE_ARG(afound);
+  NS_ENSURE_ARG(aHostname);
+
+  SSSLOG(("Top of GetKeyPinsForHostname for %s", aHostname));
+  *afound = false;
+  *aIncludeSubdomains = false;
+  pinArray.Clear();
+
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHostname));
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
+
+  SSSLOG(("storagekey '%s'\n", storageKey.get()));
+  mozilla::DataStorageType storageType = mozilla::DataStorage_Persistent;
+  nsCString value = mSiteStateStorage->Get(storageKey, storageType);
+
+  // decode now
+  SiteHPKPState foundEntry(value);
+  if (entryStateNotOK(foundEntry, aEvalTime)) {
+    // not in permanent storage, try now private
+    value = mSiteStateStorage->Get(storageKey, mozilla::DataStorage_Private);
+    SiteHPKPState privateEntry(value);
+    if (entryStateNotOK(privateEntry, aEvalTime)) {
+      // not in private storage, try dynamic preload
+      value = mPreloadStateStorage->Get(storageKey,
+                                        mozilla::DataStorage_Persistent);
+      SiteHPKPState preloadEntry(value);
+      if (entryStateNotOK(preloadEntry, aEvalTime)) {
+        return NS_OK;
+      }
+      foundEntry = preloadEntry;
+    } else {
+      foundEntry = privateEntry;
+    }
+  }
+  pinArray = foundEntry.mSHA256keys;
+  *aIncludeSubdomains = foundEntry.mIncludeSubdomains;
+  *afound = true;
+  return NS_OK;
+}
+
+NS_IMETHODIMP
+nsSiteSecurityService::SetKeyPins(const char* aHost, bool aIncludeSubdomains,
+                                  int64_t aExpires, uint32_t aPinCount,
+                                  const char** aSha256Pins,
+                                  bool aIsPreload,
+                                  /*out*/ bool* aResult)
+{
+   // Child processes are not allowed direct access to this.
+   if (!XRE_IsParentProcess()) {
+     MOZ_CRASH("Child process: no direct access to nsISiteSecurityService::SetKeyPins");
+   }
+
+  NS_ENSURE_ARG_POINTER(aHost);
+  NS_ENSURE_ARG_POINTER(aResult);
+  NS_ENSURE_ARG_POINTER(aSha256Pins);
+
+  SSSLOG(("Top of SetPins"));
+
+  nsTArray<nsCString> sha256keys;
+  for (unsigned int i = 0; i < aPinCount; i++) {
+    nsAutoCString pin(aSha256Pins[i]);
+    SSSLOG(("SetPins pin=%s\n", pin.get()));
+    if (!stringIsBase64EncodingOf256bitValue(pin)) {
+      return NS_ERROR_INVALID_ARG;
+    }
+    sha256keys.AppendElement(pin);
+  }
+  SiteHPKPState dynamicEntry(aExpires, SecurityPropertySet,
+                             aIncludeSubdomains, sha256keys);
+  // we always store data in permanent storage (ie no flags)
+  nsAutoCString host(PublicKeyPinningService::CanonicalizeHostname(aHost));
+  return SetHPKPState(host.get(), dynamicEntry, 0, aIsPreload);
+}
+
+nsresult
+nsSiteSecurityService::SetHPKPState(const char* aHost, SiteHPKPState& entry,
+                                    uint32_t aFlags, bool aIsPreload)
+{
+  SSSLOG(("Top of SetPKPState"));
+  nsAutoCString host(aHost);
+  nsAutoCString storageKey;
+  SetStorageKey(storageKey, host, nsISiteSecurityService::HEADER_HPKP);
+  bool isPrivate = aFlags & nsISocketProvider::NO_PERMANENT_STORAGE;
+  mozilla::DataStorageType storageType = isPrivate
+                                         ? mozilla::DataStorage_Private
+                                         : mozilla::DataStorage_Persistent;
+  nsAutoCString stateString;
+  entry.ToString(stateString);
+
+  nsresult rv;
+  if (aIsPreload) {
+    rv = mPreloadStateStorage->Put(storageKey, stateString, storageType);
+  } else {
+    rv = mSiteStateStorage->Put(storageKey, stateString, storageType);
+  }
+  NS_ENSURE_SUCCESS(rv, rv);
+  return NS_OK;
+}
+
+//------------------------------------------------------------
+// nsSiteSecurityService::nsIObserver
+//------------------------------------------------------------
+
+NS_IMETHODIMP
+nsSiteSecurityService::Observe(nsISupports *subject,
+                               const char *topic,
+                               const char16_t *data)
+{
+  // Don't access Preferences off the main thread.
+  if (!NS_IsMainThread()) {
+    NS_NOTREACHED("Preferences accessed off main thread");
+    return NS_ERROR_NOT_SAME_THREAD;
+  }
+
+  if (strcmp(topic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
+    mUsePreloadList = mozilla::Preferences::GetBool(
+      "network.stricttransportsecurity.preloadlist", true);
+    mPreloadListTimeOffset =
+      mozilla::Preferences::GetInt("test.currentTimeOffsetSeconds", 0);
+    mProcessPKPHeadersFromNonBuiltInRoots = mozilla::Preferences::GetBool(
+      "security.cert_pinning.process_headers_from_non_builtin_roots", false);
+    mMaxMaxAge = mozilla::Preferences::GetInt(
+      "security.cert_pinning.max_max_age_seconds", kSixtyDaysInSeconds);
+  }
+
+  return NS_OK;
+}
diff --git a/security/manager/ssl/nsSiteSecurityService.h b/security/manager/ssl/nsSiteSecurityService.h
new file mode 100644
index 000000000..f100a8f40
--- /dev/null
+++ b/security/manager/ssl/nsSiteSecurityService.h
@@ -0,0 +1,159 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef __nsSiteSecurityService_h__
+#define __nsSiteSecurityService_h__
+
+#include "mozilla/DataStorage.h"
+#include "nsCOMPtr.h"
+#include "nsIObserver.h"
+#include "nsISiteSecurityService.h"
+#include "nsString.h"
+#include "nsTArray.h"
+#include "pkix/pkixtypes.h"
+#include "prtime.h"
+
+class nsIURI;
+class nsISSLStatus;
+
+// {16955eee-6c48-4152-9309-c42a465138a1}
+#define NS_SITE_SECURITY_SERVICE_CID \
+  {0x16955eee, 0x6c48, 0x4152, \
+    {0x93, 0x09, 0xc4, 0x2a, 0x46, 0x51, 0x38, 0xa1} }
+
+/**
+ * SecurityPropertyState: A utility enum for representing the different states
+ * a security property can be in.
+ * SecurityPropertySet and SecurityPropertyUnset correspond to indicating
+ * a site has or does not have the security property in question, respectively.
+ * SecurityPropertyKnockout indicates a value on a preloaded list is being
+ * overridden, and the associated site does not have the security property
+ * in question.
+ */
+enum SecurityPropertyState {
+  SecurityPropertyUnset = 0,
+  SecurityPropertySet = 1,
+  SecurityPropertyKnockout = 2,
+  SecurityPropertyNegative = 3,
+};
+
+/**
+ * SiteHPKPState: A utility class that encodes/decodes a string describing
+ * the public key pins of a site.
+ * HPKP state consists of:
+ *  - Expiry time (PRTime (aka int64_t) in milliseconds)
+ *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
+ *  - An include subdomains flag (bool, default false)
+ *  - An array of sha-256 hashed base 64 encoded fingerprints of required keys
+ */
+class SiteHPKPState
+{
+public:
+  SiteHPKPState();
+  explicit SiteHPKPState(nsCString& aStateString);
+  SiteHPKPState(PRTime aExpireTime, SecurityPropertyState aState,
+                bool aIncludeSubdomains, nsTArray<nsCString>& SHA256keys);
+
+  PRTime mExpireTime;
+  SecurityPropertyState mState;
+  bool mIncludeSubdomains;
+  nsTArray<nsCString> mSHA256keys;
+
+  bool IsExpired(mozilla::pkix::Time aTime)
+  {
+    if (aTime > mozilla::pkix::TimeFromEpochInSeconds(mExpireTime /
+                                                      PR_MSEC_PER_SEC)) {
+      return true;
+    }
+    return false;
+  }
+
+  void ToString(nsCString& aString);
+};
+
+/**
+ * SiteHSTSState: A utility class that encodes/decodes a string describing
+ * the security state of a site. Currently only handles HSTS.
+ * HSTS state consists of:
+ *  - Expiry time (PRTime (aka int64_t) in milliseconds)
+ *  - A state flag (SecurityPropertyState, default SecurityPropertyUnset)
+ *  - An include subdomains flag (bool, default false)
+ */
+class SiteHSTSState
+{
+public:
+  explicit SiteHSTSState(nsCString& aStateString);
+  SiteHSTSState(PRTime aHSTSExpireTime, SecurityPropertyState aHSTSState,
+                bool aHSTSIncludeSubdomains);
+
+  PRTime mHSTSExpireTime;
+  SecurityPropertyState mHSTSState;
+  bool mHSTSIncludeSubdomains;
+
+  bool IsExpired(uint32_t aType)
+  {
+    // If mHSTSExpireTime is 0, this entry never expires (this is the case for
+    // knockout entries).
+    if (mHSTSExpireTime == 0) {
+      return false;
+    }
+
+    PRTime now = PR_Now() / PR_USEC_PER_MSEC;
+    if (now > mHSTSExpireTime) {
+      return true;
+    }
+
+    return false;
+  }
+
+  void ToString(nsCString &aString);
+};
+
+struct nsSTSPreload;
+
+class nsSiteSecurityService : public nsISiteSecurityService
+                            , public nsIObserver
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIOBSERVER
+  NS_DECL_NSISITESECURITYSERVICE
+
+  nsSiteSecurityService();
+  nsresult Init();
+
+protected:
+  virtual ~nsSiteSecurityService();
+
+private:
+  nsresult GetHost(nsIURI *aURI, nsACString &aResult);
+  nsresult SetHSTSState(uint32_t aType, nsIURI* aSourceURI, int64_t maxage,
+                        bool includeSubdomains, uint32_t flags,
+                        SecurityPropertyState aHSTSState);
+  nsresult ProcessHeaderInternal(uint32_t aType, nsIURI* aSourceURI,
+                                 const char* aHeader, nsISSLStatus* aSSLStatus,
+                                 uint32_t aFlags, uint64_t* aMaxAge,
+                                 bool* aIncludeSubdomains,
+                                 uint32_t* aFailureResult);
+  nsresult ProcessSTSHeader(nsIURI* aSourceURI, const char* aHeader,
+                            uint32_t flags, uint64_t* aMaxAge,
+                            bool* aIncludeSubdomains, uint32_t* aFailureResult);
+  nsresult ProcessPKPHeader(nsIURI* aSourceURI, const char* aHeader,
+                            nsISSLStatus* aSSLStatus, uint32_t flags,
+                            uint64_t* aMaxAge, bool* aIncludeSubdomains,
+                            uint32_t* aFailureResult);
+  nsresult SetHPKPState(const char* aHost, SiteHPKPState& entry, uint32_t flags,
+                        bool aIsPreload);
+
+  const nsSTSPreload *GetPreloadListEntry(const char *aHost);
+
+  uint64_t mMaxMaxAge;
+  bool mUsePreloadList;
+  int64_t mPreloadListTimeOffset;
+  bool mProcessPKPHeadersFromNonBuiltInRoots;
+  RefPtr<mozilla::DataStorage> mSiteStateStorage;
+  RefPtr<mozilla::DataStorage> mPreloadStateStorage;
+};
+
+#endif // __nsSiteSecurityService_h__
diff --git a/security/manager/ssl/nsSmartCardMonitor.cpp b/security/manager/ssl/nsSmartCardMonitor.cpp
new file mode 100644
index 000000000..3423d4f5f
--- /dev/null
+++ b/security/manager/ssl/nsSmartCardMonitor.cpp
@@ -0,0 +1,396 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsSmartCardMonitor.h"
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Services.h"
+#include "mozilla/Unused.h"
+#include "nsIObserverService.h"
+#include "nsServiceManagerUtils.h"
+#include "nsThreadUtils.h"
+#include "nspr.h"
+#include "pk11func.h"
+
+using namespace mozilla;
+
+//
+// The SmartCard monitoring thread should start up for each module we load
+// that has removable tokens. This code calls an NSS function which waits
+// until there is a change in the token state. NSS uses the
+// C_WaitForSlotEvent() call in PKCS #11 if the module implements the call,
+// otherwise NSS will poll the token in a loop with a delay of 'latency'
+// between polls. Note that the C_WaitForSlotEvent() may wake up on any type
+// of token event, so it's necessary to filter these events down to just the
+// insertion and removal events we are looking for.
+//
+// Once the event is found, it is dispatched to the main thread to notify
+// any window where window.crypto.enableSmartCardEvents is true.
+// Additionally, all observers of the topics "smartcard-insert" and
+// "smartcard-remove" are notified by the observer service of the appropriate
+// event.
+//
+
+class nsTokenEventRunnable : public nsIRunnable {
+public:
+  nsTokenEventRunnable(const nsAString& aType, const nsAString& aTokenName)
+    : mType(aType)
+    , mTokenName(aTokenName)
+  {
+  }
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSIRUNNABLE
+
+private:
+  virtual ~nsTokenEventRunnable() {}
+
+  nsString mType;
+  nsString mTokenName;
+};
+
+NS_IMPL_ISUPPORTS(nsTokenEventRunnable, nsIRunnable)
+
+NS_IMETHODIMP
+nsTokenEventRunnable::Run()
+{
+  MOZ_ASSERT(NS_IsMainThread());
+
+  nsCOMPtr<nsIObserverService> observerService =
+    mozilla::services::GetObserverService();
+  if (!observerService) {
+    return NS_ERROR_FAILURE;
+  }
+  // This conversion is safe because mType can only be "smartcard-insert"
+  // or "smartcard-remove".
+  NS_ConvertUTF16toUTF8 eventTypeUTF8(mType);
+  return observerService->NotifyObservers(nullptr, eventTypeUTF8.get(),
+                                          mTokenName.get());
+}
+
+// self linking and removing double linked entry
+// adopts the thread it is passed.
+class SmartCardThreadEntry
+{
+public:
+  friend class SmartCardThreadList;
+  SmartCardThreadEntry(SmartCardMonitoringThread *thread,
+                       SmartCardThreadEntry *next,
+                       SmartCardThreadEntry *prev,
+                       SmartCardThreadEntry **head)
+    : next(next)
+    , prev(prev)
+    , head(head)
+    , thread(thread)
+  {
+    if (prev) {
+      prev->next = this;
+    } else {
+      *head = this;
+    }
+    if (next) {
+      next->prev = this;
+    }
+  }
+
+  ~SmartCardThreadEntry()
+  {
+    if (prev) {
+      prev->next = next;
+    } else {
+      *head = next;
+    }
+    if (next) {
+      next->prev = prev;
+    }
+    // NOTE: automatically stops the thread
+    delete thread;
+  }
+
+private:
+  SmartCardThreadEntry *next;
+  SmartCardThreadEntry *prev;
+  SmartCardThreadEntry **head;
+  SmartCardMonitoringThread *thread;
+};
+
+//
+// SmartCardThreadList is a class to help manage the running threads.
+// That way new threads could be started and old ones terminated as we
+// load and unload modules.
+//
+SmartCardThreadList::SmartCardThreadList() : head(0)
+{
+}
+
+SmartCardThreadList::~SmartCardThreadList()
+{
+  // the head is self linking and unlinking, the following
+  // loop removes all entries on the list.
+  // it will also stop the thread if it happens to be running
+  while (head) {
+    delete head;
+  }
+}
+
+void
+SmartCardThreadList::Remove(SECMODModule *aModule)
+{
+  for (SmartCardThreadEntry* current = head; current;
+       current = current->next) {
+    if (current->thread->GetModule() == aModule) {
+      // NOTE: automatically stops the thread and dequeues it from the list
+      delete current;
+      return;
+    }
+  }
+}
+
+// adopts the thread passed to it. Starts the thread as well
+nsresult
+SmartCardThreadList::Add(SmartCardMonitoringThread* thread)
+{
+  SmartCardThreadEntry* current = new SmartCardThreadEntry(thread, head,
+                                                           nullptr, &head);
+  // OK to forget current here, it's on the list.
+  Unused << current;
+
+  return thread->Start();
+}
+
+
+// We really should have a Unity PL Hash function...
+static PLHashNumber
+unity(const void* key) { return PLHashNumber(NS_PTR_TO_INT32(key)); }
+
+SmartCardMonitoringThread::SmartCardMonitoringThread(SECMODModule* module_)
+  : mThread(nullptr)
+{
+  mModule = SECMOD_ReferenceModule(module_);
+  // simple hash functions, most modules have less than 3 slots, so 10 buckets
+  // should be plenty
+  mHash = PL_NewHashTable(10, unity, PL_CompareValues, PL_CompareStrings,
+                          nullptr, 0);
+}
+
+//
+// when we shutdown the thread, be sure to stop it first. If not, it just might
+// crash when the mModule it is looking at disappears.
+//
+SmartCardMonitoringThread::~SmartCardMonitoringThread()
+{
+  Stop();
+  SECMOD_DestroyModule(mModule);
+  if (mHash) {
+    PL_HashTableDestroy(mHash);
+  }
+}
+
+nsresult
+SmartCardMonitoringThread::Start()
+{
+  if (!mThread) {
+    mThread = PR_CreateThread(PR_SYSTEM_THREAD, LaunchExecute, this,
+                              PR_PRIORITY_NORMAL, PR_GLOBAL_THREAD,
+                              PR_JOINABLE_THREAD, 0);
+  }
+  return mThread ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+//
+// Should only stop if we are through with the module.
+// CancelWait has the side effect of losing all the keys and
+// current operations on the module!. (See the comment in
+// SECMOD_CancelWait for why this is so..).
+//
+void SmartCardMonitoringThread::Stop()
+{
+  SECStatus rv;
+
+  rv = SECMOD_CancelWait(mModule);
+  if (rv != SECSuccess) {
+    // we didn't wake up the Wait, so don't try to join the thread
+    // otherwise we will hang forever...
+    return;
+  }
+
+  // confused about the memory model here? NSPR owns the memory for
+  // threads. non-joinable threads are freed when the thread dies.
+  // joinable threads are freed after the call to PR_JoinThread.
+  // That means if SECMOD_CancelWait fails, we'll leak the mThread
+  // structure. this is considered preferable to hanging (which is
+  // what will happen if we try to join a thread that blocked).
+  if (mThread) {
+    PR_JoinThread(mThread);
+    mThread = 0;
+  }
+}
+
+//
+// remember the name and series of a token in a particular slot.
+// This is important because the name is no longer available when
+// the token is removed. If listeners depended on this information,
+// They would be out of luck. It also is a handy way of making sure
+// we don't generate spurious insertion and removal events as the slot
+// cycles through various states.
+//
+void
+SmartCardMonitoringThread::SetTokenName(CK_SLOT_ID slotid,
+                                       const char* tokenName, uint32_t series)
+{
+  if (mHash) {
+    if (tokenName) {
+      int len = strlen(tokenName) + 1;
+      /* this must match the allocator used in
+       * PLHashAllocOps.freeEntry DefaultFreeEntry */
+      char* entry = (char*)PR_Malloc(len + sizeof(uint32_t));
+
+      if (entry) {
+        memcpy(entry, &series, sizeof(uint32_t));
+        memcpy(&entry[sizeof(uint32_t)], tokenName, len);
+
+        PL_HashTableAdd(mHash, (void*)(uintptr_t)slotid, entry); /* adopt */
+        return;
+      }
+    } else {
+      // if tokenName was not provided, remove the old one (implicit delete)
+      PL_HashTableRemove(mHash, (void*)(uintptr_t)slotid);
+    }
+  }
+}
+
+// retrieve the name saved above
+const char*
+SmartCardMonitoringThread::GetTokenName(CK_SLOT_ID slotid)
+{
+  const char* tokenName = nullptr;
+  const char* entry;
+
+  if (mHash) {
+    entry = (const char*)PL_HashTableLookupConst(mHash,
+                                                 (void*)(uintptr_t)slotid);
+    if (entry) {
+      tokenName = &entry[sizeof(uint32_t)];
+    }
+  }
+  return tokenName;
+}
+
+// retrieve the series saved in SetTokenName above
+uint32_t
+SmartCardMonitoringThread::GetTokenSeries(CK_SLOT_ID slotid)
+{
+  uint32_t series = 0;
+  const char* entry;
+
+  if (mHash) {
+    entry = (const char*)PL_HashTableLookupConst(mHash,
+                                                 (void*)(uintptr_t)slotid);
+    if (entry) {
+      memcpy(&series, entry, sizeof(uint32_t));
+    }
+  }
+  return series;
+}
+
+//
+// helper function to pass the event off to nsNSSComponent.
+//
+void
+SmartCardMonitoringThread::SendEvent(const nsAString& eventType,
+                                     const char* tokenName)
+{
+  // The token name should be UTF8, but it's not clear that this is enforced
+  // by NSS. To be safe, we explicitly check here before converting it to
+  // UTF16. If it isn't UTF8, we just use an empty string with the idea that
+  // consumers of these events should at least be notified that something
+  // happened.
+  nsAutoString tokenNameUTF16(NS_LITERAL_STRING(""));
+  if (IsUTF8(nsDependentCString(tokenName))) {
+    tokenNameUTF16.Assign(NS_ConvertUTF8toUTF16(tokenName));
+  }
+  nsCOMPtr<nsIRunnable> runnable(new nsTokenEventRunnable(eventType,
+                                                          tokenNameUTF16));
+  NS_DispatchToMainThread(runnable);
+}
+
+//
+// This is the main loop.
+//
+void SmartCardMonitoringThread::Execute()
+{
+  const char* tokenName;
+
+  //
+  // populate token names for already inserted tokens.
+  //
+  PK11SlotList* sl = PK11_FindSlotsByNames(mModule->dllName, nullptr, nullptr,
+                                           true);
+
+  PK11SlotListElement* sle;
+  if (sl) {
+    for (sle = PK11_GetFirstSafe(sl); sle;
+         sle = PK11_GetNextSafe(sl, sle, false)) {
+      SetTokenName(PK11_GetSlotID(sle->slot), PK11_GetTokenName(sle->slot),
+                   PK11_GetSlotSeries(sle->slot));
+    }
+    PK11_FreeSlotList(sl);
+  }
+
+  // loop starts..
+  do {
+    UniquePK11SlotInfo slot(
+      SECMOD_WaitForAnyTokenEvent(mModule, 0, PR_SecondsToInterval(1)));
+    if (!slot) {
+      break;
+    }
+
+    // now we have a potential insertion or removal event, see if the slot
+    // is present to determine which it is...
+    if (PK11_IsPresent(slot.get())) {
+      // insertion
+      CK_SLOT_ID slotID = PK11_GetSlotID(slot.get());
+      uint32_t series = PK11_GetSlotSeries(slot.get());
+
+      // skip spurious insertion events...
+      if (series != GetTokenSeries(slotID)) {
+        // if there's a token name, then we have not yet issued a remove
+        // event for the previous token, do so now...
+        tokenName = GetTokenName(slotID);
+        if (tokenName) {
+          SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName);
+        }
+        tokenName = PK11_GetTokenName(slot.get());
+        // save the token name and series
+        SetTokenName(slotID, tokenName, series);
+        SendEvent(NS_LITERAL_STRING("smartcard-insert"), tokenName);
+      }
+    } else {
+      // retrieve token name
+      CK_SLOT_ID slotID = PK11_GetSlotID(slot.get());
+      tokenName = GetTokenName(slotID);
+      // if there's not a token name, then the software isn't expecting
+      // a (or another) remove event.
+      if (tokenName) {
+        SendEvent(NS_LITERAL_STRING("smartcard-remove"), tokenName);
+        // clear the token name (after we send it)
+        SetTokenName(slotID, nullptr, 0);
+      }
+    }
+  } while (1);
+}
+
+// accessor to help searching active Monitoring threads
+const SECMODModule* SmartCardMonitoringThread::GetModule()
+{
+  return mModule;
+}
+
+// C-like calling sequence to glue into PR_CreateThread.
+void SmartCardMonitoringThread::LaunchExecute(void* arg)
+{
+  PR_SetCurrentThreadName("SmartCard");
+
+  ((SmartCardMonitoringThread*)arg)->Execute();
+}
diff --git a/security/manager/ssl/nsSmartCardMonitor.h b/security/manager/ssl/nsSmartCardMonitor.h
new file mode 100644
index 000000000..bfadf31e8
--- /dev/null
+++ b/security/manager/ssl/nsSmartCardMonitor.h
@@ -0,0 +1,62 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef nsSmartCardMonitor_h
+#define nsSmartCardMonitor_h
+
+#include "prthread.h"
+#include "secmod.h"
+#include "plhash.h"
+#include "pkcs11t.h"
+
+class SmartCardThreadEntry;
+class SmartCardMonitoringThread;
+
+//
+// manage a group of SmartCardMonitoringThreads
+//
+class SmartCardThreadList {
+public:
+  SmartCardThreadList();
+  ~SmartCardThreadList();
+  void Remove(SECMODModule* module);
+  nsresult Add(SmartCardMonitoringThread* thread);
+
+private:
+  SmartCardThreadEntry* head;
+};
+
+//
+// monitor a Module for token insertion and removal
+//
+// NOTE: this provides the application the ability to dynamically add slots
+// on the fly as necessary.
+//
+class SmartCardMonitoringThread
+{
+ public:
+  explicit SmartCardMonitoringThread(SECMODModule* module);
+  ~SmartCardMonitoringThread();
+  
+  nsresult Start();
+  void Stop();
+  
+  void Execute();
+  void Interrupt();
+  
+  const SECMODModule* GetModule();
+
+ private:
+  static void LaunchExecute(void* arg);
+  void SetTokenName(CK_SLOT_ID slotid, const char* tokenName, uint32_t series);
+  const char* GetTokenName(CK_SLOT_ID slotid);
+  uint32_t GetTokenSeries(CK_SLOT_ID slotid);
+  void SendEvent(const nsAString& type, const char* tokenName);
+  
+  SECMODModule* mModule;
+  PLHashTable* mHash;
+  PRThread* mThread;
+};
+
+#endif // nsSmartCardMonitor_h
diff --git a/security/manager/ssl/nsTLSSocketProvider.cpp b/security/manager/ssl/nsTLSSocketProvider.cpp
new file mode 100644
index 000000000..190dd7769
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.cpp
@@ -0,0 +1,69 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "mozilla/BasePrincipal.h"
+#include "nsTLSSocketProvider.h"
+#include "nsNSSIOLayer.h"
+#include "nsError.h"
+
+using mozilla::NeckoOriginAttributes;
+
+nsTLSSocketProvider::nsTLSSocketProvider()
+{
+}
+
+nsTLSSocketProvider::~nsTLSSocketProvider()
+{
+}
+
+NS_IMPL_ISUPPORTS(nsTLSSocketProvider, nsISocketProvider)
+
+NS_IMETHODIMP
+nsTLSSocketProvider::NewSocket(int32_t family,
+                               const char *host,
+                               int32_t port,
+                               nsIProxyInfo *proxy,
+                               const NeckoOriginAttributes &originAttributes,
+                               uint32_t flags,
+                               PRFileDesc **_result,
+                               nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerNewSocket(family,
+                                      host,
+                                      port,
+                                      proxy,
+                                      originAttributes,
+                                      _result,
+                                      securityInfo,
+                                      true,
+                                      flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
+
+// Add the SSL IO layer to an existing socket
+NS_IMETHODIMP
+nsTLSSocketProvider::AddToSocket(int32_t family,
+                                 const char *host,
+                                 int32_t port,
+                                 nsIProxyInfo *proxy,
+                                 const NeckoOriginAttributes &originAttributes,
+                                 uint32_t flags,
+                                 PRFileDesc *aSocket,
+                                 nsISupports **securityInfo)
+{
+  nsresult rv = nsSSLIOLayerAddToSocket(family,
+                                        host,
+                                        port,
+                                        proxy,
+                                        originAttributes,
+                                        aSocket,
+                                        securityInfo,
+                                        true,
+                                        flags);
+  
+  return (NS_FAILED(rv)) ? NS_ERROR_SOCKET_CREATE_FAILED : NS_OK;
+}
diff --git a/security/manager/ssl/nsTLSSocketProvider.h b/security/manager/ssl/nsTLSSocketProvider.h
new file mode 100644
index 000000000..5fa6e670b
--- /dev/null
+++ b/security/manager/ssl/nsTLSSocketProvider.h
@@ -0,0 +1,34 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _NSTLSSOCKETPROVIDER_H_
+#define _NSTLSSOCKETPROVIDER_H_
+
+#include "nsISocketProvider.h"
+
+
+#define NS_STARTTLSSOCKETPROVIDER_CID \
+{ /* b9507aec-1dd1-11b2-8cd5-c48ee0c50307 */         \
+     0xb9507aec,                                     \
+     0x1dd1,                                         \
+     0x11b2,                                         \
+    {0x8c, 0xd5, 0xc4, 0x8e, 0xe0, 0xc5, 0x03, 0x07} \
+}
+
+class nsTLSSocketProvider : public nsISocketProvider
+{
+public:
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSISOCKETPROVIDER
+
+  // nsTLSSocketProvider methods:
+  nsTLSSocketProvider();
+
+protected:
+  virtual ~nsTLSSocketProvider();
+};
+
+#endif /* _NSTLSSOCKETPROVIDER_H_ */
diff --git a/security/manager/ssl/nsVerificationJob.h b/security/manager/ssl/nsVerificationJob.h
new file mode 100644
index 000000000..3bf4c6a5b
--- /dev/null
+++ b/security/manager/ssl/nsVerificationJob.h
@@ -0,0 +1,51 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef _INC_NSVERIFICATIONJOB_H
+#define _INC_NSVERIFICATIONJOB_H
+
+#include "nspr.h"
+
+#include "nsIX509Cert.h"
+#include "nsProxyRelease.h"
+
+class nsBaseVerificationJob
+{
+public:
+  virtual ~nsBaseVerificationJob() {}
+  virtual void Run() = 0;
+};
+
+class nsCertVerificationJob : public nsBaseVerificationJob
+{
+public:
+  nsCOMPtr<nsIX509Cert> mCert;
+  nsMainThreadPtrHandle<nsICertVerificationListener> mListener;
+
+  void Run();
+};
+
+class nsCertVerificationResult : public nsICertVerificationResult
+{
+public:
+  nsCertVerificationResult();
+
+  NS_DECL_THREADSAFE_ISUPPORTS
+  NS_DECL_NSICERTVERIFICATIONRESULT
+
+protected:
+  virtual ~nsCertVerificationResult();
+
+private:
+  nsresult mRV;
+  uint32_t mVerified;
+  uint32_t mCount;
+  char16_t **mUsages;
+
+friend class nsCertVerificationJob;
+};
+
+#endif
diff --git a/security/manager/ssl/tests/.eslintrc.js b/security/manager/ssl/tests/.eslintrc.js
new file mode 100644
index 000000000..a2a4eb389
--- /dev/null
+++ b/security/manager/ssl/tests/.eslintrc.js
@@ -0,0 +1,8 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "rules": {
+    // Disallow non-top level |var| declarations.
+    "mozilla/var-only-at-top-level": "error"
+  }
+};
diff --git a/security/manager/ssl/tests/gtest/CertDBTest.cpp b/security/manager/ssl/tests/gtest/CertDBTest.cpp
new file mode 100644
index 000000000..e6b773cd6
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/CertDBTest.cpp
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "nsCOMPtr.h"
+#include "nsIPrefService.h"
+#include "nsISimpleEnumerator.h"
+#include "nsIX509Cert.h"
+#include "nsIX509CertDB.h"
+#include "nsIX509CertList.h"
+#include "nsServiceManagerUtils.h"
+
+TEST(psm_CertDB, Test)
+{
+  {
+    nsCOMPtr<nsIPrefBranch> prefs(do_GetService(NS_PREFSERVICE_CONTRACTID));
+    ASSERT_TRUE(prefs) << "couldn't get nsIPrefBranch";
+
+    // When PSM initializes, it attempts to get some localized strings.
+    // As a result, Android flips out if this isn't set.
+    nsresult rv = prefs->SetBoolPref("intl.locale.matchOS", true);
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't set pref 'intl.locale.matchOS'";
+
+    nsCOMPtr<nsIX509CertDB> certdb(do_GetService(NS_X509CERTDB_CONTRACTID));
+    ASSERT_TRUE(certdb) << "couldn't get certdb";
+
+    nsCOMPtr<nsIX509CertList> certList;
+    rv = certdb->GetCerts(getter_AddRefs(certList));
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't get list of certificates";
+
+    nsCOMPtr<nsISimpleEnumerator> enumerator;
+    rv = certList->GetEnumerator(getter_AddRefs(enumerator));
+    ASSERT_TRUE(NS_SUCCEEDED(rv)) << "couldn't enumerate certificate list";
+
+    bool foundBuiltIn = false;
+    bool hasMore = false;
+    while (NS_SUCCEEDED(enumerator->HasMoreElements(&hasMore)) && hasMore) {
+      nsCOMPtr<nsISupports> supports;
+      ASSERT_TRUE(NS_SUCCEEDED(enumerator->GetNext(getter_AddRefs(supports))))
+        << "couldn't get next certificate";
+
+      nsCOMPtr<nsIX509Cert> cert(do_QueryInterface(supports));
+      ASSERT_TRUE(cert) << "couldn't QI to nsIX509Cert";
+
+      ASSERT_TRUE(NS_SUCCEEDED(cert->GetIsBuiltInRoot(&foundBuiltIn))) <<
+        "GetIsBuiltInRoot failed";
+
+      if (foundBuiltIn) {
+        break;
+      }
+    }
+
+    ASSERT_TRUE(foundBuiltIn) << "didn't load any built-in certificates";
+
+    printf("successfully loaded at least one built-in certificate\n");
+
+  } // this scopes the nsCOMPtrs
+}
diff --git a/security/manager/ssl/tests/gtest/DataStorageTest.cpp b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
new file mode 100644
index 000000000..eaab50878
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DataStorageTest.cpp
@@ -0,0 +1,225 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "mozilla/DataStorage.h"
+#include "nsAppDirectoryServiceDefs.h"
+#include "nsDirectoryServiceUtils.h"
+#include "nsNetUtil.h"
+#include "nsPrintfCString.h"
+#include "nsStreamUtils.h"
+#include "prtime.h"
+
+using namespace mozilla;
+
+class psm_DataStorageTest : public ::testing::Test
+{
+protected:
+  virtual void SetUp()
+  {
+    const ::testing::TestInfo* const testInfo =
+      ::testing::UnitTest::GetInstance()->current_test_info();
+    NS_ConvertUTF8toUTF16 testName(testInfo->name());
+    storage = DataStorage::Get(testName);
+    storage->Init(dataWillPersist);
+  }
+
+  RefPtr<DataStorage> storage;
+  bool dataWillPersist;
+};
+
+NS_NAMED_LITERAL_CSTRING(testKey, "test");
+NS_NAMED_LITERAL_CSTRING(testValue, "value");
+NS_NAMED_LITERAL_CSTRING(privateTestValue, "private");
+
+TEST_F(psm_DataStorageTest, GetPutRemove)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Test Put/Get on Persistent data
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  // Don't re-use testKey / testValue here, to make sure that this works as
+  // expected with objects that have the same semantic value but are not
+  // literally the same object.
+  nsCString result = storage->Get(NS_LITERAL_CSTRING("test"),
+                                  DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Get on Temporary/Private data with the same key should give nothing
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+
+  // Put with Temporary/Private data shouldn't affect Persistent data
+  NS_NAMED_LITERAL_CSTRING(temporaryTestValue, "temporary");
+  EXPECT_EQ(NS_OK, storage->Put(testKey, temporaryTestValue,
+                                DataStorage_Temporary));
+  EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue,
+                                DataStorage_Private));
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_STREQ("temporary", result.get());
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+
+  // Put of a previously-present key overwrites it (if of the same type)
+  NS_NAMED_LITERAL_CSTRING(newValue, "new");
+  EXPECT_EQ(NS_OK, storage->Put(testKey, newValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+
+  // Removal should work
+  storage->Remove(testKey, DataStorage_Temporary);
+  result = storage->Get(testKey, DataStorage_Temporary);
+  EXPECT_TRUE(result.IsEmpty());
+  // But removing one type shouldn't affect the others
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("new", result.get());
+  // Test removing the other types as well
+  storage->Remove(testKey, DataStorage_Private);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+  storage->Remove(testKey, DataStorage_Persistent);
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, InputValidation)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Keys may not have tabs or newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(NS_LITERAL_CSTRING("key\thas tab"), testValue,
+                   DataStorage_Persistent));
+  nsCString result = storage->Get(NS_LITERAL_CSTRING("key\thas tab"),
+                            DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(NS_LITERAL_CSTRING("key has\nnewline"), testValue,
+                   DataStorage_Persistent));
+  result = storage->Get(NS_LITERAL_CSTRING("keyhas\nnewline"),
+                  DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+  // Values may not have newlines
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(testKey, NS_LITERAL_CSTRING("value\nhas newline"),
+                   DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  // Values may have tabs
+  EXPECT_TRUE(result.IsEmpty());
+  EXPECT_EQ(NS_OK, storage->Put(testKey,
+                                NS_LITERAL_CSTRING("val\thas tab; this is ok"),
+                                DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("val\thas tab; this is ok", result.get());
+
+  nsCString longKey("a");
+  for (int i = 0; i < 8; i++) {
+    longKey.Append(longKey);
+  }
+  // A key of length 256 will work
+  EXPECT_EQ(NS_OK, storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  longKey.Append("a");
+  // A key longer than that will not work
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(longKey, testValue, DataStorage_Persistent));
+  result = storage->Get(longKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+
+  nsCString longValue("a");
+  for (int i = 0; i < 10; i++) {
+    longValue.Append(longValue);
+  }
+  // A value of length 1024 will work
+  EXPECT_EQ(NS_OK, storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ(longValue.get(), result.get());
+  longValue.Append("a");
+  // A value longer than that will not work
+  storage->Remove(testKey, DataStorage_Persistent);
+  EXPECT_EQ(NS_ERROR_INVALID_ARG,
+            storage->Put(testKey, longValue, DataStorage_Persistent));
+  result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Eviction)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  // Eviction is on a per-table basis. Tables shouldn't affect each other.
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  for (int i = 0; i < 1025; i++) {
+    EXPECT_EQ(NS_OK, storage->Put(nsPrintfCString("%d", i),
+                                  nsPrintfCString("%d", i),
+                                  DataStorage_Temporary));
+    nsCString result = storage->Get(nsPrintfCString("%d", i),
+                                    DataStorage_Temporary);
+    EXPECT_STREQ(nsPrintfCString("%d", i).get(), result.get());
+  }
+  // We don't know which entry got evicted, but we can count them.
+  int entries = 0;
+  for (int i = 0; i < 1025; i++) {
+    nsCString result = storage->Get(nsPrintfCString("%d", i),
+                                    DataStorage_Temporary);
+    if (!result.IsEmpty()) {
+      entries++;
+    }
+  }
+  EXPECT_EQ(entries, 1024);
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+}
+
+TEST_F(psm_DataStorageTest, ClearPrivateData)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  EXPECT_EQ(NS_OK, storage->Put(testKey, privateTestValue,
+                                DataStorage_Private));
+  nsCString result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_STREQ("private", result.get());
+  storage->Observe(nullptr, "last-pb-context-exited", nullptr);
+  result = storage->Get(testKey, DataStorage_Private);
+  EXPECT_TRUE(result.IsEmpty());
+}
+
+TEST_F(psm_DataStorageTest, Shutdown)
+{
+  EXPECT_TRUE(dataWillPersist);
+
+  EXPECT_EQ(NS_OK, storage->Put(testKey, testValue, DataStorage_Persistent));
+  nsCString result = storage->Get(testKey, DataStorage_Persistent);
+  EXPECT_STREQ("value", result.get());
+  // Get "now" (in days) close to when the data was last touched, so we won't
+  // get intermittent failures with the day not matching.
+  int64_t microsecondsPerDay = 24 * 60 * 60 * int64_t(PR_USEC_PER_SEC);
+  int32_t nowInDays = int32_t(PR_Now() / microsecondsPerDay);
+  storage->Observe(nullptr, "profile-before-change", nullptr);
+  nsCOMPtr<nsIFile> backingFile;
+  EXPECT_EQ(NS_OK, NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
+                                          getter_AddRefs(backingFile)));
+  const ::testing::TestInfo* const testInfo =
+    ::testing::UnitTest::GetInstance()->current_test_info();
+  NS_ConvertUTF8toUTF16 testName(testInfo->name());
+  EXPECT_EQ(NS_OK, backingFile->Append(testName));
+  nsCOMPtr<nsIInputStream> fileInputStream;
+  EXPECT_EQ(NS_OK, NS_NewLocalFileInputStream(getter_AddRefs(fileInputStream),
+                                              backingFile));
+  nsCString data;
+  EXPECT_EQ(NS_OK, NS_ConsumeStream(fileInputStream, UINT32_MAX, data));
+  // The data will be of the form 'test\t0\t<days since the epoch>\tvalue'
+  EXPECT_STREQ(nsPrintfCString("test\t0\t%d\tvalue\n", nowInDays).get(),
+               data.get());
+}
diff --git a/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
new file mode 100644
index 000000000..868ecdba6
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/DeserializeCertTest.cpp
@@ -0,0 +1,96 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+#include "nsCOMPtr.h"
+#include "nsString.h"
+#include "nsSerializationHelper.h"
+
+// These tests verify that we can still deserialize old binary strings
+// generated for security info.  This is necessary because service workers
+// stores these strings on disk.
+//
+// If you make a change and start breaking these tests, you will need to
+// add a compat fix for loading the old versions.  For things that affect
+// the UUID, but do not break the rest of the format you can simply add
+// another hack condition in nsBinaryInputStream::ReadObject().  If you
+// change the overall format of the serialization then we will need more
+// complex handling in the security info concrete classes.
+//
+// We would like to move away from this binary compatibility requirement
+// in service workers.  See bug 1248628.
+
+TEST(psm_DeserializeCert, gecko33)
+{
+  // Gecko 33+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  f8ed8364-ced9-4c6e-86ba-48af53c393e6
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8F+O2DZM7ZTG6GukivU8OT5gAAAAIAAAWpMII"
+  "FpTCCBI2gAwIBAgIQD4svsaKEC+QtqtsU2TF8ITANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNTAyMjMwMDAwMDBaFw0xNjAzMDIxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRYwFAYDVQQHEw1TYW4gRnJhbmN"
+  "pc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICPzCCAjs"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggpnaXRodWIuY29tggwqLmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzMuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgYMGCCsGAQUFBwEBBHcwdTAkBggrBgEFBQc"
+  "wAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME0GCCsGAQUFBzAChkFodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUN"
+  "lcnRTSEEySGlnaEFzc3VyYW5jZVNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAc4dbVmuKvyI7"
+  "KZ4Txk+ZqcAYToJGKUIVaPL94e5SZGweUisjaCbplAOihnf6Mxt8n6vnuH2IsCaz2NRHqhdcosjT3CwAiJpJNkXPKWVL/txgdSTV"
+  "2cqB1GG4esFOalvI52dzn+J4fTIYZvNF+AtGyHSLm2XRXYZCw455laUKf6Sk9RDShDgUvzhOKL4GXfTwKXv12MyMknJybH8UCpjC"
+  "HZmFBVHMcUN/87HsQo20PdOekeEvkjrrMIxW+gxw22Yb67yF/qKgwrWr+43bLN709iyw+LWiU7sQcHL2xk9SYiWQDj2tYz2soObV"
+  "QYTJm0VUZMEVFhtALq46cx92Zu4vFwC8AAwAAAAABAQAA");
+
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(cert);
+}
+
+TEST(psm_DeserializeCert, gecko46)
+{
+  // Gecko 46+ vintage Security info serialized with UUIDs:
+  //  - nsISupports  00000000-0000-0000-c000-000000000046
+  //  - nsISSLStatus fa9ba95b-ca3b-498a-b889-7c79cf28fee8
+  //  - nsIX509Cert  bdc3979a-5422-4cd5-8589-696b6e96ea83
+  nsCString base64Serialization(
+  "FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAQAAgAAAAAAAAAAAAAAAAAAAAA"
+  "B4vFIJp5wRkeyPxAQ9RJGKPqbqVvKO0mKuIl8ec8o/uhmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAIAAAWzMII"
+  "FrzCCBJegAwIBAgIQB3pdwzYjAfmJ/lT3+G8+ZDANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUN"
+  "lcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNzdXJhbmNlIFN"
+  "lcnZlciBDQTAeFw0xNjAxMjAwMDAwMDBaFw0xNzA0MDYxMjAwMDBaMGoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybml"
+  "hMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRUwEwYDVQQKEwxGYXN0bHksIEluYy4xFzAVBgNVBAMTDnd3dy5naXRodWIuY29tMII"
+  "BIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+9WUCgrgUNwP/JC3cUefLAXeDpq8Ko/U8p8IRvny0Ri0I6Uq0t+RP/nF0LJ"
+  "Avda8QHYujdgeDTePepBX7+OiwBFhA0YO+rM3C2Z8IRaN/i9eLln+Yyc68+1z+E10s1EXdZrtDGvN6MHqygGsdfkXKfBLUJ1BZEh"
+  "s9sBnfcjq3kh5gZdBArdG9l5NpdmQhtceaFGsPiWuJxGxRzS4i95veUHWkhMpEYDEEBdcDGxqArvQCvzSlngdttQCfx8OUkBTb3B"
+  "A2okpTwwJfqPsxVetA6qR7UNc+fVb6KHwvm0bzi2rQ3xw3D/syRHwdMkpoVDQPCk43H9WufgfBKRen87dFwIDAQABo4ICSTCCAkU"
+  "wHwYDVR0jBBgwFoAUUWj/kK8CB3U8zNllZGKiErhZcjswHQYDVR0OBBYEFGS/RLNGCZvPWh1xSaIEcouINIQjMHsGA1UdEQR0MHK"
+  "CDnd3dy5naXRodWIuY29tggwqLmdpdGh1Yi5jb22CCmdpdGh1Yi5jb22CCyouZ2l0aHViLmlvgglnaXRodWIuaW+CFyouZ2l0aHV"
+  "idXNlcmNvbnRlbnQuY29tghVnaXRodWJ1c2VyY29udGVudC5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwM"
+  "BBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3J"
+  "sMDSgMqAwhi5odHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzUuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb"
+  "9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHU"
+  "wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDovL2NhY2VydHMuZGlnaWNlcnQ"
+  "uY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VTZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQE"
+  "ATxbRdPg+o49+96/P+rbdp4ie+CGtfCgUubT/Z9C54k+BfQO0nbxVgCSM5WZQuLgo2Q+0lcxisod8zxZeU0j5wviQINwOln/iN89"
+  "Bx3VmDRynTe4CqhsAwOoO1ERmCAmsAJBwY/rNr4mK22p8erBrqMW0nYXYU5NFynI+pNTjojhKD4II8PNV8G2yMWwYOb/u4+WPzUA"
+  "HC9DpZdrWTEH/W69Cr/KxRqGsWPwpgMv2Wqav8jaT35JxqTXjOlhQqzo6fNn3eYOeCf4PkCxZKwckWjy10qDaRbjhwAMHAGj2TPr"
+  "idlvOj/7QyyX5m8up/1US8z1fRW4yoCSOt6V2bwuH6cAvAAMAAAAAAQEAAA==");
+
+  nsCOMPtr<nsISupports> cert;
+  nsresult rv = NS_DeserializeObject(base64Serialization, getter_AddRefs(cert));
+  ASSERT_EQ(NS_OK, rv);
+  ASSERT_TRUE(cert);
+}
diff --git a/security/manager/ssl/tests/gtest/MD4Test.cpp b/security/manager/ssl/tests/gtest/MD4Test.cpp
new file mode 100644
index 000000000..1b635a757
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/MD4Test.cpp
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This file tests the md4.c implementation.
+
+#include "gtest/gtest.h"
+#include "md4.h"
+#include "mozilla/Casting.h"
+#include "mozilla/PodOperations.h"
+
+struct RFC1320TestParams
+{
+  const char* data;
+  const uint8_t expectedHash[16];
+};
+
+static const RFC1320TestParams RFC1320_TEST_PARAMS[] =
+{
+  {
+    "",
+    { 0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31,
+      0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0 }
+  },
+  {
+    "a",
+    { 0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46,
+      0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24 }
+  },
+  {
+    "abc",
+    { 0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52,
+      0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d }
+  },
+  {
+    "message digest",
+    { 0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8,
+      0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b }
+  },
+  {
+    "abcdefghijklmnopqrstuvwxyz",
+    { 0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd,
+      0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9 },
+  },
+  {
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+    { 0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35,
+      0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4 },
+  },
+  {
+    "12345678901234567890123456789012345678901234567890123456789012345678901234567890",
+    { 0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19,
+      0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36 },
+  }
+};
+
+class psm_MD4
+  : public ::testing::Test
+  , public ::testing::WithParamInterface<RFC1320TestParams>
+{
+};
+
+TEST_P(psm_MD4, RFC1320TestValues)
+{
+  const RFC1320TestParams& params(GetParam());
+  uint8_t actualHash[16];
+  md4sum(mozilla::BitwiseCast<const uint8_t*, const char*>(params.data),
+         strlen(params.data), actualHash);
+  EXPECT_TRUE(mozilla::PodEqual(actualHash, params.expectedHash))
+    << "MD4 hashes aren't equal for input: '" << params.data << "'";
+}
+
+INSTANTIATE_TEST_CASE_P(psm_MD4, psm_MD4,
+                        testing::ValuesIn(RFC1320_TEST_PARAMS));
diff --git a/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
new file mode 100644
index 000000000..2b7dc946c
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/OCSPCacheTest.cpp
@@ -0,0 +1,337 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CertVerifier.h"
+#include "OCSPCache.h"
+#include "gtest/gtest.h"
+#include "mozilla/BasePrincipal.h"
+#include "mozilla/Casting.h"
+#include "mozilla/Sprintf.h"
+#include "nss.h"
+#include "pkix/pkixtypes.h"
+#include "pkixtestutil.h"
+#include "prerr.h"
+#include "secerr.h"
+
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+
+using mozilla::NeckoOriginAttributes;
+
+template <size_t N>
+inline Input
+LiteralInput(const char(&valueString)[N])
+{
+  // Ideally we would use mozilla::BitwiseCast() here rather than
+  // reinterpret_cast for better type checking, but the |N - 1| part trips
+  // static asserts.
+  return Input(reinterpret_cast<const uint8_t(&)[N - 1]>(valueString));
+}
+
+const int MaxCacheEntries = 1024;
+
+class psm_OCSPCacheTest : public ::testing::Test
+{
+protected:
+  psm_OCSPCacheTest() : now(Now()) { }
+
+  static void SetUpTestCase()
+  {
+    NSS_NoDB_Init(nullptr);
+  }
+
+  const Time now;
+  mozilla::psm::OCSPCache cache;
+};
+
+static void
+PutAndGet(mozilla::psm::OCSPCache& cache, const CertID& certID, Result result,
+          Time time,
+          const NeckoOriginAttributes& originAttributes = NeckoOriginAttributes())
+{
+  // The first time is thisUpdate. The second is validUntil.
+  // The caller is expecting the validUntil returned with Get
+  // to be equal to the passed-in time. Since these values will
+  // be different in practice, make thisUpdate less than validUntil.
+  Time thisUpdate(time);
+  ASSERT_EQ(Success, thisUpdate.SubtractSeconds(10));
+  Result rv = cache.Put(certID, originAttributes, result, thisUpdate, time);
+  ASSERT_TRUE(rv == Success);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, originAttributes, resultOut, timeOut));
+  ASSERT_EQ(result, resultOut);
+  ASSERT_EQ(time, timeOut);
+}
+
+Input fakeIssuer1(LiteralInput("CN=issuer1"));
+Input fakeKey000(LiteralInput("key000"));
+Input fakeKey001(LiteralInput("key001"));
+Input fakeSerial0000(LiteralInput("0000"));
+
+TEST_F(psm_OCSPCacheTest, TestPutAndGet)
+{
+  Input fakeSerial000(LiteralInput("000"));
+  Input fakeSerial001(LiteralInput("001"));
+
+  SCOPED_TRACE("");
+  PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial001),
+            Success, now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial000),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestVariousGets)
+{
+  SCOPED_TRACE("");
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+
+  Time timeIn(now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+
+  // This will be at the end of the list in the cache
+  CertID cert0000(fakeIssuer1, fakeKey000, fakeSerial0000);
+  ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Once we access it, it goes to the front
+  ASSERT_TRUE(cache.Get(cert0000, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  // This will be in the middle
+  Time timeInPlus512(now);
+  ASSERT_EQ(Success, timeInPlus512.AddSeconds(512));
+
+  static const Input fakeSerial0512(LiteralInput("0512"));
+  CertID cert0512(fakeIssuer1, fakeKey000, fakeSerial0512);
+  ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+  ASSERT_TRUE(cache.Get(cert0512, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeInPlus512, timeOut);
+
+  // We've never seen this certificate
+  static const Input fakeSerial1111(LiteralInput("1111"));
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey000, fakeSerial1111),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEviction)
+{
+  SCOPED_TRACE("");
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry to be evicted.
+  for (int i = 0; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial0000),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestNoEvictionForRevokedResponses)
+{
+  SCOPED_TRACE("");
+  CertID notEvicted(fakeIssuer1, fakeKey000, fakeSerial0000);
+  Time timeIn(now);
+  PutAndGet(cache, notEvicted, Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  // By putting more distinct entries in the cache than it can hold,
+  // we cause the least recently used entry that isn't revoked to be evicted.
+  for (int i = 1; i < MaxCacheEntries + 1; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Success, timeIn);
+  }
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(notEvicted, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+
+  Input fakeSerial0001(LiteralInput("0001"));
+  CertID evicted(fakeIssuer1, fakeKey000, fakeSerial0001);
+  ASSERT_FALSE(cache.Get(evicted, NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, TestEverythingIsRevoked)
+{
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  // Fill up the cache with revoked responses.
+  for (int i = 0; i < MaxCacheEntries; i++) {
+    uint8_t serialBuf[8];
+    snprintf(mozilla::BitwiseCast<char*, uint8_t*>(serialBuf), sizeof(serialBuf),
+             "%04d", i);
+    Input fakeSerial;
+    ASSERT_EQ(Success, fakeSerial.Init(serialBuf, 4));
+    Time timeIn(now);
+    ASSERT_EQ(Success, timeIn.AddSeconds(i));
+    PutAndGet(cache, CertID(fakeIssuer1, fakeKey000, fakeSerial),
+              Result::ERROR_REVOKED_CERTIFICATE, timeIn);
+  }
+  static const Input fakeSerial1025(LiteralInput("1025"));
+  CertID good(fakeIssuer1, fakeKey000, fakeSerial1025);
+  // This will "succeed", allowing verification to continue. However,
+  // nothing was actually put in the cache.
+  Time timeInPlus1025(timeIn);
+  ASSERT_EQ(Success, timeInPlus1025.AddSeconds(1025));
+  Time timeInPlus1025Minus50(timeInPlus1025);
+  ASSERT_EQ(Success, timeInPlus1025Minus50.SubtractSeconds(50));
+  Result result = cache.Put(good, NeckoOriginAttributes(), Success, timeInPlus1025Minus50,
+                            timeInPlus1025);
+  ASSERT_EQ(Success, result);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_FALSE(cache.Get(good, NeckoOriginAttributes(), resultOut, timeOut));
+
+  static const Input fakeSerial1026(LiteralInput("1026"));
+  CertID revoked(fakeIssuer1, fakeKey000, fakeSerial1026);
+  // This will fail, causing verification to fail.
+  Time timeInPlus1026(timeIn);
+  ASSERT_EQ(Success, timeInPlus1026.AddSeconds(1026));
+  Time timeInPlus1026Minus50(timeInPlus1026);
+  ASSERT_EQ(Success, timeInPlus1026Minus50.SubtractSeconds(50));
+  result = cache.Put(revoked, NeckoOriginAttributes(), Result::ERROR_REVOKED_CERTIFICATE,
+                     timeInPlus1026Minus50, timeInPlus1026);
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, result);
+}
+
+TEST_F(psm_OCSPCacheTest, VariousIssuers)
+{
+  SCOPED_TRACE("");
+  Time timeIn(now);
+  static const Input fakeIssuer2(LiteralInput("CN=issuer2"));
+  static const Input fakeSerial001(LiteralInput("001"));
+  CertID subject(fakeIssuer1, fakeKey000, fakeSerial001);
+  PutAndGet(cache, subject, Success, now);
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(subject, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(timeIn, timeOut);
+  // Test that we don't match a different issuer DN
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer2, fakeKey000, fakeSerial001),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+  // Test that we don't match a different issuer key
+  ASSERT_FALSE(cache.Get(CertID(fakeIssuer1, fakeKey001, fakeSerial001),
+                         NeckoOriginAttributes(), resultOut, timeOut));
+}
+
+TEST_F(psm_OCSPCacheTest, Times)
+{
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the more recent entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_OCSP_UNKNOWN_CERT,
+                      TimeFromElapsedSecondsAD(100),
+                      TimeFromElapsedSecondsAD(100)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  // Here we see the more recent time.
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  // Result::ERROR_REVOKED_CERTIFICATE overrides everything
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(50));
+}
+
+TEST_F(psm_OCSPCacheTest, NetworkFailure)
+{
+  SCOPED_TRACE("");
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+  PutAndGet(cache, certID, Result::ERROR_CONNECT_REFUSED,
+            TimeFromElapsedSecondsAD(100));
+  PutAndGet(cache, certID, Success, TimeFromElapsedSecondsAD(200));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(300),
+                      TimeFromElapsedSecondsAD(350)));
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Success, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(200), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_OCSP_UNKNOWN_CERT,
+            TimeFromElapsedSecondsAD(400));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(500),
+                      TimeFromElapsedSecondsAD(550)));
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_OCSP_UNKNOWN_CERT, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(400), timeOut);
+
+  PutAndGet(cache, certID, Result::ERROR_REVOKED_CERTIFICATE,
+            TimeFromElapsedSecondsAD(600));
+  // This should not override the already present entry.
+  ASSERT_EQ(Success,
+            cache.Put(certID, NeckoOriginAttributes(), Result::ERROR_CONNECT_REFUSED,
+                      TimeFromElapsedSecondsAD(700),
+                      TimeFromElapsedSecondsAD(750)));
+  ASSERT_TRUE(cache.Get(certID, NeckoOriginAttributes(), resultOut, timeOut));
+  ASSERT_EQ(Result::ERROR_REVOKED_CERTIFICATE, resultOut);
+  ASSERT_EQ(TimeFromElapsedSecondsAD(600), timeOut);
+}
+
+TEST_F(psm_OCSPCacheTest, TestOriginAttributes)
+{
+  CertID certID(fakeIssuer1, fakeKey000, fakeSerial0000);
+
+  SCOPED_TRACE("");
+  NeckoOriginAttributes attrs;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  PutAndGet(cache, certID, Success, now, attrs);
+
+  Result resultOut;
+  Time timeOut(Time::uninitialized);
+  attrs.mFirstPartyDomain.AssignLiteral("bar.com");
+  ASSERT_FALSE(cache.Get(certID, attrs, resultOut, timeOut));
+
+  // OCSP cache should not be isolated by containers.
+  attrs.mUserContextId = 1;
+  attrs.mFirstPartyDomain.AssignLiteral("foo.com");
+  ASSERT_TRUE(cache.Get(certID, attrs, resultOut, timeOut));
+}
diff --git a/security/manager/ssl/tests/gtest/README.txt b/security/manager/ssl/tests/gtest/README.txt
new file mode 100644
index 000000000..0e5132269
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/README.txt
@@ -0,0 +1,2 @@
+Please name all test cases in this directory with the prefix "psm". This makes
+it easier to run all PSM related GTests at once.
diff --git a/security/manager/ssl/tests/gtest/STSParserTest.cpp b/security/manager/ssl/tests/gtest/STSParserTest.cpp
new file mode 100644
index 000000000..bedf57fea
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/STSParserTest.cpp
@@ -0,0 +1,144 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include <stdio.h>
+
+#include "gtest/gtest.h"
+#include "nsNetUtil.h"
+#include "nsISiteSecurityService.h"
+#include "nsIURI.h"
+
+void
+TestSuccess(const char* hdr, bool extraTokens,
+            uint64_t expectedMaxAge, bool expectedIncludeSubdomains,
+            nsISiteSecurityService* sss)
+{
+  nsCOMPtr<nsIURI> dummyUri;
+  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+  uint64_t maxAge = 0;
+  bool includeSubdomains = false;
+  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+                                hdr, 0, &maxAge, &includeSubdomains, nullptr);
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to process valid header: " << hdr;
+
+  ASSERT_EQ(maxAge, expectedMaxAge) << "Did not correctly parse maxAge";
+  EXPECT_EQ(includeSubdomains, expectedIncludeSubdomains) <<
+    "Did not correctly parse presence/absence of includeSubdomains";
+
+  if (extraTokens) {
+    EXPECT_EQ(rv, NS_SUCCESS_LOSS_OF_INSIGNIFICANT_DATA) <<
+      "Extra tokens were expected when parsing, but were not encountered.";
+  } else {
+    EXPECT_EQ(rv, NS_OK) << "Unexpected tokens found during parsing.";
+  }
+
+  printf("%s\n", hdr);
+}
+
+void TestFailure(const char* hdr,
+                 nsISiteSecurityService* sss)
+{
+  nsCOMPtr<nsIURI> dummyUri;
+  nsresult rv = NS_NewURI(getter_AddRefs(dummyUri), "https://foo.com/bar.html");
+  ASSERT_TRUE(NS_SUCCEEDED(rv)) << "Failed to create URI";
+
+  rv = sss->UnsafeProcessHeader(nsISiteSecurityService::HEADER_HSTS, dummyUri,
+                                hdr, 0, nullptr, nullptr, nullptr);
+  ASSERT_TRUE(NS_FAILED(rv)) << "Parsed invalid header: " << hdr;
+
+  printf("%s\n", hdr);
+}
+
+TEST(psm_STSParser, Test)
+{
+    nsresult rv;
+
+    // grab handle to the service
+    nsCOMPtr<nsISiteSecurityService> sss;
+    sss = do_GetService("@mozilla.org/ssservice;1", &rv);
+    ASSERT_TRUE(NS_SUCCEEDED(rv));
+
+    // *** parsing tests
+    printf("*** Attempting to parse valid STS headers ...\n");
+
+    // SHOULD SUCCEED:
+    TestSuccess("max-age=100", false, 100, false, sss);
+    TestSuccess("max-age  =100", false, 100, false, sss);
+    TestSuccess(" max-age=100", false, 100, false, sss);
+    TestSuccess("max-age = 100 ", false, 100, false, sss);
+    TestSuccess("max-age = \"100\" ", false, 100, false, sss);
+    TestSuccess("max-age=\"100\"", false, 100, false, sss);
+    TestSuccess(" max-age =\"100\" ", false, 100, false, sss);
+    TestSuccess("\tmax-age\t=\t\"100\"\t", false, 100, false, sss);
+    TestSuccess("max-age  =       100             ", false, 100, false, sss);
+
+    TestSuccess("maX-aGe=100", false, 100, false, sss);
+    TestSuccess("MAX-age  =100", false, 100, false, sss);
+    TestSuccess("max-AGE=100", false, 100, false, sss);
+    TestSuccess("Max-Age = 100 ", false, 100, false, sss);
+    TestSuccess("MAX-AGE = 100 ", false, 100, false, sss);
+
+    TestSuccess("max-age=100;includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age=100\t; includeSubdomains", false, 100, true, sss);
+    TestSuccess(" max-age=100; includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age = 100 ; includeSubdomains", false, 100, true, sss);
+    TestSuccess("max-age  =       100             ; includeSubdomains",
+                false, 100, true, sss);
+
+    TestSuccess("maX-aGe=100; includeSUBDOMAINS", false, 100, true, sss);
+    TestSuccess("MAX-age  =100; includeSubDomains", false, 100, true, sss);
+    TestSuccess("max-AGE=100; iNcLuDeSuBdoMaInS", false, 100, true, sss);
+    TestSuccess("Max-Age = 100; includesubdomains ", false, 100, true, sss);
+    TestSuccess("INCLUDESUBDOMAINS;MaX-AgE = 100 ", false, 100, true, sss);
+    // Turns out, the actual directive is entirely optional (hence the
+    // trailing semicolon)
+    TestSuccess("max-age=100;includeSubdomains;", true, 100, true, sss);
+
+    // these are weird tests, but are testing that some extended syntax is
+    // still allowed (but it is ignored)
+    TestSuccess("max-age=100 ; includesubdomainsSomeStuff",
+                true, 100, false, sss);
+    TestSuccess("\r\n\t\t    \tcompletelyUnrelated = foobar; max-age= 34520103"
+                "\t \t; alsoUnrelated;asIsThis;\tincludeSubdomains\t\t \t",
+                true, 34520103, true, sss);
+    TestSuccess("max-age=100; unrelated=\"quoted \\\"thingy\\\"\"",
+                true, 100, false, sss);
+
+    // SHOULD FAIL:
+    printf("* Attempting to parse invalid STS headers (should not parse)...\n");
+    // invalid max-ages
+    TestFailure("max-age", sss);
+    TestFailure("max-age ", sss);
+    TestFailure("max-age=p", sss);
+    TestFailure("max-age=*1p2", sss);
+    TestFailure("max-age=.20032", sss);
+    TestFailure("max-age=!20032", sss);
+    TestFailure("max-age==20032", sss);
+
+    // invalid headers
+    TestFailure("foobar", sss);
+    TestFailure("maxage=100", sss);
+    TestFailure("maxa-ge=100", sss);
+    TestFailure("max-ag=100", sss);
+    TestFailure("includesubdomains", sss);
+    TestFailure(";", sss);
+    TestFailure("max-age=\"100", sss);
+    // The max-age directive here doesn't conform to the spec, so it MUST
+    // be ignored. Consequently, the REQUIRED max-age directive is not
+    // present in this header, and so it is invalid.
+    TestFailure("max-age=100, max-age=200; includeSubdomains", sss);
+    TestFailure("max-age=100 includesubdomains", sss);
+    TestFailure("max-age=100 bar foo", sss);
+    TestFailure("max-age=100randomstuffhere", sss);
+    // All directives MUST appear only once in an STS header field.
+    TestFailure("max-age=100; max-age=200", sss);
+    TestFailure("includeSubdomains; max-age=200; includeSubdomains", sss);
+    TestFailure("max-age=200; includeSubdomains; includeSubdomains", sss);
+    // The includeSubdomains directive is valueless.
+    TestFailure("max-age=100; includeSubdomains=unexpected", sss);
+    // LWS must have at least one space or horizontal tab
+    TestFailure("\r\nmax-age=200", sss);
+}
diff --git a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
new file mode 100644
index 000000000..65f5257fb
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ -0,0 +1,568 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "nsNSSIOLayer.h"
+#include "sslproto.h"
+#include "sslerr.h"
+
+#include "gtest/gtest.h"
+
+NS_NAMED_LITERAL_CSTRING(HOST, "example.org");
+const int16_t PORT = 443;
+
+class psm_TLSIntoleranceTest : public ::testing::Test
+{
+protected:
+  nsSSLIOLayerHelpers helpers;
+};
+
+TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
+{
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, helpers.mVersionFallbackLimit);
+
+  // No adjustment made when there is no entry for the site.
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+
+    ASSERT_TRUE(
+      helpers.rememberStrongCiphersFailed(
+        HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP));
+    ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP,
+              helpers.getIntoleranceReason(HOST, PORT));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                     range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    // When rememberIntolerantAtVersion returns false, it also resets the
+    // intolerance information for the server.
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, DisableFallbackWithHighLimit)
+{
+  // this value disables version fallback entirely: with this value, all efforts
+  // to mark an origin as version intolerant fail
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin)
+{
+  // check that we still respect the minimum version,
+  // when it is higher than the fallback limit
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  SSL_LIBRARY_VERSION_TLS_1_2,
+                                                  0));
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1)
+{
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2)
+{
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_1,
+                                                  0));
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant)
+{
+  // No adjustment made when there is no entry for the site.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  // false because we reached the floor set by rememberTolerantAtVersion.
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, PortIsRelevant)
+{
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
+                                                  SSL_LIBRARY_VERSION_TLS_1_0,
+                                                  SSL_LIBRARY_VERSION_TLS_1_2,
+                                                  0));
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonInitial)
+{
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 2, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 2));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonStored)
+{
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_BAD_SERVER);
+  ASSERT_EQ(SSL_ERROR_BAD_SERVER, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_1,
+                                      SSL_ERROR_BAD_MAC_READ);
+  ASSERT_EQ(SSL_ERROR_BAD_MAC_READ, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared)
+{
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberIntolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_0,
+                                      SSL_LIBRARY_VERSION_TLS_1_2,
+                                      SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
+  ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT,
+            helpers.getIntoleranceReason(HOST, 1));
+
+  helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
+  ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailed)
+{
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1;
+
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                     range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    // When rememberIntolerantAtVersion returns false, it also resets the
+    // intolerance information for the server.
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedAt1_1)
+{
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
+
+  // No adjustment made when there is no entry for the site.
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    range.min, range.max, 0));
+  }
+
+  {
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedWithHighLimit)
+{
+  // this value disables version fallback entirely: with this value, all efforts
+  // to mark an origin as version intolerant fail
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+  // ...but weak ciphers fallback will not be disabled
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_2,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_1,
+                                                   0));
+  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   SSL_LIBRARY_VERSION_TLS_1_0,
+                                                   0));
+}
+
+TEST_F(psm_TLSIntoleranceTest, TolerantDoesNotOverrideWeakCiphersFallback)
+{
+  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  // No adjustment made when intolerant is zero.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, WeakCiphersFallbackDoesNotOverrideTolerant)
+{
+  // No adjustment made when there is no entry for the site.
+  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+  // false because strongCipherWorked is set by rememberTolerantAtVersion.
+  ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+  SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                            SSL_LIBRARY_VERSION_TLS_1_2 };
+  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance)
+{
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    SSL_LIBRARY_VERSION_TLS_1_0,
+                                                    SSL_LIBRARY_VERSION_TLS_1_2,
+                                                    0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSForgetStrongCipherFailed)
+{
+  {
+    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance)
+{
+  {
+    helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+
+  {
+    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
+                                                    SSL_LIBRARY_VERSION_TLS_1_0,
+                                                    SSL_LIBRARY_VERSION_TLS_1_2,
+                                                    0));
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+
+  {
+    helpers.forgetIntolerance(HOST, PORT);
+
+    SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
+                              SSL_LIBRARY_VERSION_TLS_1_2 };
+    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
+    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
+    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
+    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
+  }
+}
+
+TEST_F(psm_TLSIntoleranceTest, TLSPerSiteFallbackLimit)
+{
+  NS_NAMED_LITERAL_CSTRING(example_com, "example.com");
+  NS_NAMED_LITERAL_CSTRING(example_net, "example.net");
+  NS_NAMED_LITERAL_CSTRING(example_org, "example.org");
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_com);
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(NS_LITERAL_CSTRING("example.com,example.net"));
+
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(example_net);
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_FALSE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+
+  helpers.setInsecureFallbackSites(EmptyCString());
+
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_com, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_net, SSL_LIBRARY_VERSION_TLS_1_0));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_2));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_1));
+  ASSERT_TRUE(helpers.fallbackLimitReached(example_org, SSL_LIBRARY_VERSION_TLS_1_0));
+}
diff --git a/security/manager/ssl/tests/gtest/moz.build b/security/manager/ssl/tests/gtest/moz.build
new file mode 100644
index 000000000..735ab2971
--- /dev/null
+++ b/security/manager/ssl/tests/gtest/moz.build
@@ -0,0 +1,29 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+SOURCES += [
+    'CertDBTest.cpp',
+    'DataStorageTest.cpp',
+    'DeserializeCertTest.cpp',
+    'MD4Test.cpp',
+    'OCSPCacheTest.cpp',
+    'STSParserTest.cpp',
+    'TLSIntoleranceTest.cpp',
+]
+
+LOCAL_INCLUDES += [
+    '/security/certverifier',
+    '/security/manager/ssl',
+    '/security/pkix/include',
+    '/security/pkix/test/lib',
+]
+
+include('/ipc/chromium/chromium-config.mozbuild')
+
+FINAL_LIBRARY = 'xul-gtest'
+
+if CONFIG['GNU_CXX']:
+    CXXFLAGS += ['-Wno-error=shadow']
diff --git a/security/manager/ssl/tests/mochitest/browser/.eslintrc.js b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js
new file mode 100644
index 000000000..c15988365
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../../testing/mochitest/browser.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/browser/browser.ini b/security/manager/ssl/tests/mochitest/browser/browser.ini
new file mode 100644
index 000000000..3c91ceb80
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser.ini
@@ -0,0 +1,18 @@
+[DEFAULT]
+tags = psm
+support-files =
+  head.js
+  *.pem
+
+[browser_bug627234_perwindowpb.js]
+[browser_certificateManagerLeak.js]
+[browser_certViewer.js]
+[browser_clientAuth_connection.js]
+[browser_clientAuth_ui.js]
+[browser_deleteCert_ui.js]
+[browser_downloadCert_ui.js]
+[browser_editCACertTrust.js]
+# An earlier attempt at landing this test resulted in frequent intermittent
+# failures, almost entirely on Linux. See Bug 1309519.
+skip-if = os == "linux"
+[browser_exportP12_passwordUI.js]
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
new file mode 100644
index 000000000..081521ca9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_bug627234_perwindowpb.js
@@ -0,0 +1,102 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+var FakeSSLStatus = function() {
+};
+
+FakeSSLStatus.prototype = {
+  serverCert: null,
+  cipherName: null,
+  keyLength: 2048,
+  isDomainMismatch: false,
+  isNotValidAtThisTime: false,
+  isUntrusted: false,
+  isExtendedValidation: false,
+  getInterface: function(aIID) {
+    return this.QueryInterface(aIID);
+  },
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsISSLStatus) ||
+        aIID.equals(Ci.nsISupports)) {
+      return this;
+    }
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+function whenNewWindowLoaded(aOptions, aCallback) {
+  let win = OpenBrowserWindow(aOptions);
+  win.addEventListener("load", function onLoad() {
+    win.removeEventListener("load", onLoad, false);
+    aCallback(win);
+  }, false);
+}
+
+// This is a template to help porting global private browsing tests
+// to per-window private browsing tests
+function test() {
+  // initialization
+  waitForExplicitFinish();
+  let windowsToClose = [];
+  let testURI = "about:blank";
+  let uri;
+  let gSSService = Cc["@mozilla.org/ssservice;1"].
+                   getService(Ci.nsISiteSecurityService);
+
+  function privacyFlags(aIsPrivateMode) {
+    return aIsPrivateMode ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+  }
+
+  function doTest(aIsPrivateMode, aWindow, aCallback) {
+    aWindow.gBrowser.selectedBrowser.addEventListener("load", function onLoad() {
+      aWindow.gBrowser.selectedBrowser.removeEventListener("load", onLoad, true);
+      let sslStatus = new FakeSSLStatus();
+      uri = aWindow.Services.io.newURI("https://localhost/img.png", null, null);
+      gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                               "max-age=1000", sslStatus, privacyFlags(aIsPrivateMode));
+      ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "localhost", privacyFlags(aIsPrivateMode)), "checking sts host");
+
+      aCallback();
+    }, true);
+
+    aWindow.gBrowser.selectedBrowser.loadURI(testURI);
+  }
+
+  function testOnWindow(aOptions, aCallback) {
+    whenNewWindowLoaded(aOptions, function(aWin) {
+      windowsToClose.push(aWin);
+      // execute should only be called when need, like when you are opening
+      // web pages on the test. If calling executeSoon() is not necesary, then
+      // call whenNewWindowLoaded() instead of testOnWindow() on your test.
+      executeSoon(function() { aCallback(aWin); });
+    });
+  }
+
+   // this function is called after calling finish() on the test.
+  registerCleanupFunction(function() {
+    windowsToClose.forEach(function(aWin) {
+      aWin.close();
+    });
+    uri = Services.io.newURI("http://localhost", null, null);
+    gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  });
+
+  // test first when on private mode
+  testOnWindow({private: true}, function(aWin) {
+    doTest(true, aWin, function() {
+      //test when not on private mode
+      testOnWindow({}, function(aWin) {
+        doTest(false, aWin, function() {
+          //test again when on private mode
+          testOnWindow({private: true}, function(aWin) {
+            doTest(true, aWin, function () {
+              finish();
+            });
+          });
+        });
+      });
+    });
+  });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
new file mode 100644
index 000000000..d75f9f207
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -0,0 +1,224 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Repeatedly opens the certificate viewer dialog with various certificates and
+// determines that the viewer correctly identifies either what usages those
+// certificates are valid for or what errors prevented the certificates from
+// being verified.
+
+var { OS } = Cu.import("resource://gre/modules/osfile.jsm", {});
+
+add_task(function* testCAandTitle() {
+  let cert = yield readCertificate("ca.pem", "CTu,CTu,CTu");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["SSL Certificate Authority"]);
+
+  // There's no real need to test the title for every cert, so we just test it
+  // once here.
+  Assert.equal(win.document.title, "Certificate Viewer: \u201Cca\u201D",
+               "Actual and expected title should match");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testSSLEndEntity() {
+  let cert = yield readCertificate("ssl-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["SSL Server Certificate", "SSL Client Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testEmailEndEntity() {
+  let cert = yield readCertificate("email-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testCodeSignEndEntity() {
+  let cert = yield readCertificate("code-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkUsages(win, ["Object Signer"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testExpired() {
+  let cert = yield readCertificate("expired-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win, "Could not verify this certificate because it has expired.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testIssuerExpired() {
+  let cert = yield readCertificate("ee-from-expired-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the CA certificate " +
+             "is invalid.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUnknownIssuer() {
+  let cert = yield readCertificate("unknown-issuer.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the issuer is " +
+             "unknown.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testInsecureAlgo() {
+  let cert = yield readCertificate("md5-ee.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because it was signed using " +
+             "a signature algorithm that was disabled because that algorithm " +
+             "is not secure.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUntrusted() {
+  let cert = yield readCertificate("untrusted-ca.pem", "p,p,p");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because it is not trusted.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testUntrustedIssuer() {
+  let cert = yield readCertificate("ee-from-untrusted-ca.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win,
+             "Could not verify this certificate because the issuer is not " +
+             "trusted.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testRevoked() {
+  // Note that there's currently no way to un-do this. This should only be a
+  // problem if another test re-uses a certificate with this same key (perhaps
+  // likely) and subject (less likely).
+  let certBlocklist = Cc["@mozilla.org/security/certblocklist;1"]
+                        .getService(Ci.nsICertBlocklist);
+  certBlocklist.revokeCertBySubjectAndPubKey(
+    "MBIxEDAOBgNVBAMMB3Jldm9rZWQ=", // CN=revoked
+    "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8="); // hash of the shared key
+  let cert = yield readCertificate("revoked.pem", ",,");
+  let win = yield displayCertificate(cert);
+  // As of bug 1312827, OneCRL only applies to TLS web server certificates, so
+  // this certificate will actually verify successfully for every end-entity
+  // usage except TLS web server.
+  checkUsages(win, ["Email Recipient Certificate", "Email Signer Certificate",
+                    "Object Signer", "SSL Client Certificate"]);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+add_task(function* testInvalid() {
+  // This certificate has a keyUsage extension asserting cRLSign and
+  // keyCertSign, but it doesn't have a basicConstraints extension. This
+  // shouldn't be valid for any usage. Sadly, we give a pretty lame error
+  // message in this case.
+  let cert = yield readCertificate("invalid.pem", ",,");
+  let win = yield displayCertificate(cert);
+  checkError(win, "Could not verify this certificate for unknown reasons.");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+/**
+ * Given a certificate, returns a promise that will resolve when the certificate
+ * viewer has opened is displaying that certificate, and has finished
+ * determining its valid usages.
+ *
+ * @param {nsIX509Cert} certificate
+ *        The certificate to view and determine usages for.
+ * @return {Promise}
+ *         A promise that will resolve with a handle on the opened certificate
+ *         viewer window when the usages have been determined.
+ */
+function displayCertificate(certificate) {
+  let win = window.openDialog("chrome://pippki/content/certViewer.xul", "",
+                              "", certificate);
+  return TestUtils.topicObserved("ViewCertDetails:CertUsagesDone",
+                                 (subject, data) => subject == win)
+  .then(([subject, data]) => subject, error => { throw error; });
+}
+
+/**
+ * Given a certificate viewer window, finds the usages the certificate is valid
+ * for.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @return {String[]}
+ *         An array of strings describing the usages the certificate is valid
+ *         for.
+ */
+function getUsages(win) {
+  let determinedUsages = [];
+  let verifyInfoBox = win.document.getElementById("verify_info_box");
+  Array.from(verifyInfoBox.children).forEach(child => {
+    if (child.getAttribute("hidden") != "true" &&
+        child.getAttribute("id") != "verified") {
+      determinedUsages.push(child.getAttribute("value"));
+    }
+  });
+  return determinedUsages.sort();
+}
+
+/**
+ * Given a certificate viewer window, returns the error string describing a
+ * failure encountered when determining the certificate's usages. It will be
+ * "This certificate has been verified for the following uses:" when the
+ * certificate has successfully verified for at least one usage.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @return {String}
+ *         A string describing the error encountered, or the success message if
+ *         the certificate is valid for at least one usage.
+ */
+function getError(win) {
+  return win.document.getElementById("verified").textContent;
+}
+
+/**
+ * Given a certificate viewer window and an array of expected usage
+ * descriptions, verifies that the window is actually showing that the
+ * certificate has validated for those usages.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @param {String[]} usages
+ *        An array of expected usage descriptions.
+ */
+function checkUsages(win, usages) {
+  Assert.equal(getError(win),
+               "This certificate has been verified for the following uses:",
+               "should have successful verification message");
+  let determinedUsages = getUsages(win);
+  usages.sort();
+  Assert.equal(determinedUsages.length, usages.length,
+               "number of usages as determined by cert viewer should be equal");
+  while (usages.length > 0) {
+    Assert.equal(determinedUsages.pop(), usages.pop(),
+                 "usages as determined by cert viewer should be equal");
+  }
+}
+
+/**
+ * Given a certificate viewer window and an expected error, verifies that the
+ * window is actually showing that error.
+ *
+ * @param {window} win
+ *        The certificate viewer window.
+ * @param {String} error
+ *        The expected error message.
+ */
+function checkError(win, error) {
+  let determinedUsages = getUsages(win);
+  Assert.equal(determinedUsages.length, 0,
+               "should not have any successful usages in error case");
+  Assert.equal(getError(win), error,
+               "determined error should be the same as expected error");
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
new file mode 100644
index 000000000..d1db319d0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certificateManagerLeak.js
@@ -0,0 +1,32 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+var gBugWindow;
+
+function onLoad() {
+  gBugWindow.removeEventListener("load", onLoad);
+  gBugWindow.addEventListener("unload", onUnload);
+  gBugWindow.close();
+}
+
+function onUnload() {
+  gBugWindow.removeEventListener("unload", onUnload);
+  window.focus();
+  finish();
+}
+
+// This test opens and then closes the certificate manager to test that it
+// does not leak. The test harness keeps track of and reports leaks, so
+// there are no actual checks here.
+function test() {
+  waitForExplicitFinish();
+
+  // This test relies on the test timing out in order to indicate failure so
+  // let's add a dummy pass.
+  ok(true, "Each test requires at least one pass, fail or todo so here is a pass.");
+
+  gBugWindow = window.openDialog("chrome://pippki/content/certManager.xul");
+  gBugWindow.addEventListener("load", onLoad);
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
new file mode 100644
index 000000000..6362fd34d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_connection.js
@@ -0,0 +1,135 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various scenarios connecting to a server that requires client cert
+// authentication. Also tests that nsIClientAuthDialogs.chooseCertificate
+// is called at the appropriate times and with the correct arguments.
+
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+
+const DialogState = {
+  // Assert that chooseCertificate() is never called.
+  ASSERT_NOT_CALLED: "ASSERT_NOT_CALLED",
+  // Return that the user selected the first given cert.
+  RETURN_CERT_SELECTED: "RETURN_CERT_SELECTED",
+  // Return that the user canceled.
+  RETURN_CERT_NOT_SELECTED: "RETURN_CERT_NOT_SELECTED",
+};
+
+let sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
+
+// Mock implementation of nsIClientAuthDialogs.
+const gClientAuthDialogs = {
+  _state: DialogState.ASSERT_NOT_CALLED,
+
+  set state(newState) {
+    info(`old state: ${this._state}`);
+    this._state = newState;
+    info(`new state: ${this._state}`);
+  },
+
+  get state() {
+    return this._state;
+  },
+
+  chooseCertificate(ctx, hostname, port, organization, issuerOrg, certList,
+                    selectedIndex) {
+    Assert.notEqual(this.state, DialogState.ASSERT_NOT_CALLED,
+                    "chooseCertificate() should be called only when expected");
+
+    let caud = ctx.QueryInterface(Ci.nsIClientAuthUserDecision);
+    Assert.notEqual(caud, null,
+                    "nsIClientAuthUserDecision should be queryable from the " +
+                    "given context");
+    caud.rememberClientAuthCertificate = false;
+
+    Assert.equal(hostname, "requireclientcert.example.com",
+                 "Hostname should be 'requireclientcert.example.com'");
+    Assert.equal(port, 443, "Port should be 443");
+    Assert.equal(organization, "",
+                 "Server cert Organization should be empty/not present");
+    Assert.equal(issuerOrg, "Mozilla Testing",
+                 "Server cert issuer Organization should be 'Mozilla Testing'");
+
+    // For mochitests, only the cert at build/pgo/certs/mochitest.client should
+    // be selectable, so we do some brief checks to confirm this.
+    Assert.notEqual(certList, null, "Cert list should not be null");
+    Assert.equal(certList.length, 1, "Only 1 certificate should be available");
+    let cert = certList.queryElementAt(0, Ci.nsIX509Cert);
+    Assert.notEqual(cert, null, "Cert list should contain an nsIX509Cert");
+    Assert.equal(cert.commonName, "Mochitest client",
+                 "Cert CN should be 'Mochitest client'");
+
+    if (this.state == DialogState.RETURN_CERT_SELECTED) {
+      selectedIndex.value = 0;
+      return true;
+    }
+    return false;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIClientAuthDialogs])
+};
+
+add_task(function* setup() {
+  let clientAuthDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsClientAuthDialogs;1",
+                           gClientAuthDialogs);
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(clientAuthDialogsCID);
+  });
+});
+
+/**
+ * Test helper for the tests below.
+ *
+ * @param {String} prefValue
+ *        Value to set the "security.default_personal_cert" pref to.
+ * @param {String} expectedURL
+ *        If the connection is expected to load successfully, the URL that
+ *        should load. If the connection is expected to fail and result in an
+ *        error page, |undefined|.
+ */
+function* testHelper(prefValue, expectedURL) {
+  yield SpecialPowers.pushPrefEnv({"set": [
+    ["security.default_personal_cert", prefValue],
+  ]});
+
+  yield BrowserTestUtils.loadURI(gBrowser.selectedBrowser,
+                                 "https://requireclientcert.example.com:443");
+
+  // |loadedURL| will be a string URL if browserLoaded() wins the race, or
+  // |undefined| if waitForErrorPage() wins the race.
+  let loadedURL = yield Promise.race([
+    BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser),
+    BrowserTestUtils.waitForErrorPage(gBrowser.selectedBrowser),
+  ]);
+  Assert.equal(expectedURL, loadedURL, "Expected and actual URLs should match");
+
+  // Ensure previously successful connections don't influence future tests.
+  sdr.logoutAndTeardown();
+}
+
+// Test that if a certificate is chosen automatically the connection succeeds,
+// and that nsIClientAuthDialogs.chooseCertificate() is never called.
+add_task(function* testCertChosenAutomatically() {
+  gClientAuthDialogs.state = DialogState.ASSERT_NOT_CALLED;
+  yield* testHelper("Select Automatically",
+                    "https://requireclientcert.example.com/");
+});
+
+// Test that if the user doesn't choose a certificate, the connection fails and
+// an error page is displayed.
+add_task(function* testCertNotChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_NOT_SELECTED;
+  yield* testHelper("Ask Every Time", undefined);
+});
+
+// Test that if the user chooses a certificate the connection suceeeds.
+add_task(function* testCertChosenByUser() {
+  gClientAuthDialogs.state = DialogState.RETURN_CERT_SELECTED;
+  yield* testHelper("Ask Every Time",
+                    "https://requireclientcert.example.com/");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
new file mode 100644
index 000000000..bf4f179c0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_clientAuth_ui.js
@@ -0,0 +1,137 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the client authentication certificate chooser correctly displays
+// provided information and correctly returns user input.
+
+const TEST_HOSTNAME = "Test Hostname";
+const TEST_ORG = "Test Org";
+const TEST_ISSUER_ORG = "Test Issuer Org";
+const TEST_PORT = 123;
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+/**
+ * Test certificate (i.e. build/pgo/certs/mochitest.client).
+ * @type nsIX509Cert
+ */
+var cert;
+
+/**
+ * Opens the client auth cert chooser dialog.
+ *
+ * @param {nsIX509Cert} cert The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openClientAuthDialog(cert) {
+  let certList = Cc["@mozilla.org/array;1"].createInstance(Ci.nsIMutableArray);
+  certList.appendElement(cert, false);
+
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/clientauthask.xul", "",
+                              "", TEST_HOSTNAME, TEST_ORG, TEST_ISSUER_ORG,
+                              TEST_PORT, certList, returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+/**
+ * Checks that the contents of the given cert chooser dialog match the details
+ * of build/pgo/certs/mochitest.client.
+ *
+ * @param {window} win The cert chooser window.
+ * @param {String} notBefore
+ *        The notBeforeLocalTime attribute of mochitest.client.
+ * @param {String} notAfter
+ *        The notAfterLocalTime attribute of mochitest.client.
+ */
+function checkDialogContents(win, notBefore, notAfter) {
+  Assert.equal(win.document.getElementById("hostname").textContent,
+               `${TEST_HOSTNAME}:${TEST_PORT}`,
+               "Actual and expected hostname and port should be equal");
+  // “ and ” don't seem to work when embedded in the following literals, which
+  // is why escape codes are used instead.
+  Assert.equal(win.document.getElementById("organization").textContent,
+               `Organization: \u201C${TEST_ORG}\u201D`,
+               "Actual and expected organization should be equal");
+  Assert.equal(win.document.getElementById("issuer").textContent,
+               `Issued Under: \u201C${TEST_ISSUER_ORG}\u201D`,
+               "Actual and expected issuer organization should be equal");
+
+  Assert.equal(win.document.getElementById("nicknames").label,
+               "test client certificate [03]",
+               "Actual and expected selected cert nickname and serial should " +
+               "be equal");
+
+  let [subject, serialNum, validity, issuer, tokenName] =
+    win.document.getElementById("details").value.split("\n");
+  Assert.equal(subject, "Issued to: CN=Mochitest client",
+               "Actual and expected subject should be equal");
+  Assert.equal(serialNum, "Serial number: 03",
+               "Actual and expected serial number should be equal");
+  Assert.equal(validity, `Valid from ${notBefore} to ${notAfter}`,
+               "Actual and expected validity should be equal");
+  Assert.equal(issuer,
+               "Issued by: CN=Temporary Certificate Authority,O=Mozilla " +
+               "Testing,OU=Profile Guided Optimization",
+               "Actual and expected issuer should be equal");
+  Assert.equal(tokenName, "Stored on: Software Security Device",
+               "Actual and expected token name should be equal");
+}
+
+add_task(function* setup() {
+  cert = certDB.findCertByNickname("test client certificate");
+  Assert.notEqual(cert, null, "Should be able to find the test client cert");
+});
+
+// Test that the contents of the dialog correspond to the details of the
+// provided cert.
+add_task(function* testContents() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  checkDialogContents(win, cert.validity.notBeforeLocalTime,
+                      cert.validity.notAfterLocalTime);
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = true;
+  info("Accepting dialog");
+  win.document.getElementById("certAuthAsk").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("certChosen"),
+            "Return value should signal user chose a certificate");
+  Assert.equal(retVals.get("selectedIndex"), 0,
+               "0 should be returned as the selected index");
+  Assert.ok(retVals.get("rememberSelection"),
+            "Return value should signal 'Remember this decision' checkbox was" +
+            "checked");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openClientAuthDialog(cert);
+  win.document.getElementById("rememberBox").checked = false;
+  info("Canceling dialog");
+  win.document.getElementById("certAuthAsk").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("certChosen"),
+            "Return value should signal user did not choose a certificate");
+  Assert.ok(!retVals.get("rememberSelection"),
+            "Return value should signal 'Remember this decision' checkbox was" +
+            "unchecked");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
new file mode 100644
index 000000000..b0ac8f95c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_deleteCert_ui.js
@@ -0,0 +1,215 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the cert delete confirmation dialog.
+// Among other things, tests that for each type of cert that can be deleted:
+// 1. The various lines of explanation text are correctly set.
+// 2. The implementation correctly falls back through multiple cert attributes
+//    to determine what to display to represent a cert.
+
+/**
+ * An array of tree items corresponding to TEST_CASES.
+ * @type nsICertTreeItem[]
+ */
+var gCertArray = [];
+
+const FAKE_HOST_PORT = "Fake host and port";
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} certFilename
+ *           Filename of the cert, or null if we don't want to import a cert for
+ *           this test case (i.e. we expect the hostPort attribute of
+ *           nsICertTreeItem to be used).
+ * @property {String} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ */
+
+/**
+ * A list of test cases representing certs that get "deleted".
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { certFilename: null,
+    expectedDisplayString: FAKE_HOST_PORT },
+  { certFilename: "has-cn.pem",
+    expectedDisplayString: "Foo" },
+  { certFilename: "has-ou.pem",
+    expectedDisplayString: "Bar" },
+  { certFilename: "has-o.pem",
+    expectedDisplayString: "Baz" },
+  { certFilename: "has-non-empty-subject.pem",
+    expectedDisplayString: "C=US" },
+  { certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate with serial number: 0A" },
+];
+
+/**
+ * Opens the cert delete confirmation dialog.
+ *
+ * @param {String} tabID
+ *        The ID of the cert category tab the certs to delete belong to.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value object passed to the dialog.
+ */
+function openDeleteCertConfirmDialog(tabID) {
+  let retVals = {
+    deleteConfirmed: false,
+  };
+  let win = window.openDialog("chrome://pippki/content/deletecert.xul", "", "",
+                              tabID, gCertArray, retVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, retVals]);
+    });
+  });
+}
+
+add_task(function* setup() {
+  for (let testCase of TEST_CASES) {
+    let cert = null;
+    if (testCase.certFilename) {
+      cert = yield readCertificate(testCase.certFilename, ",,");
+    }
+    let certTreeItem = {
+      hostPort: FAKE_HOST_PORT,
+      cert: cert,
+      QueryInterface(iid) {
+        if (iid.equals(Ci.nsICertTreeItem)) {
+          return this;
+        }
+
+        throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+      }
+    };
+    gCertArray.push(certTreeItem);
+  }
+});
+
+/**
+ * Test helper for the below test cases.
+ *
+ * @param {String} tabID
+ *        ID of the cert category tab the certs to delete belong to.
+ * @param {String} expectedTitle
+ *        Title the dialog is expected to have.
+ * @param {String} expectedConfirmMsg
+ *        Confirmation message the dialog is expected to show.
+ * @param {String} expectedImpact
+ *        Impact the dialog is expected to show.
+ */
+function* testHelper(tabID, expectedTitle, expectedConfirmMsg, expectedImpact) {
+  let [win, retVals] = yield openDeleteCertConfirmDialog(tabID);
+  let certList = win.document.getElementById("certlist");
+
+  Assert.equal(win.document.title, expectedTitle,
+               `Actual and expected titles should match for ${tabID}`);
+  Assert.equal(win.document.getElementById("confirm").textContent,
+               expectedConfirmMsg,
+               `Actual and expected confirm message should match for ${tabID}`);
+  Assert.equal(win.document.getElementById("impact").textContent,
+               expectedImpact,
+               `Actual and expected impact should match for ${tabID}`);
+
+  Assert.equal(certList.itemCount, TEST_CASES.length,
+               `No. of certs displayed should match for ${tabID}`);
+  for (let i = 0; i < certList.itemCount; i++) {
+    Assert.equal(certList.getItemAtIndex(i).label,
+                 TEST_CASES[i].expectedDisplayString,
+                 "Actual and expected display string should match for " +
+                 `index ${i} for ${tabID}`);
+  }
+
+  yield BrowserTestUtils.closeWindow(win);
+}
+
+// Test deleting certs from the "Your Certificates" tab.
+add_task(function* testDeletePersonalCerts() {
+  const expectedTitle = "Delete your Certificates";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these certificates?";
+  const expectedImpact =
+    "If you delete one of your own certificates, you can no longer use it to " +
+    "identify yourself.";
+  yield* testHelper("mine_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "People" tab.
+add_task(function* testDeleteOtherPeopleCerts() {
+  const expectedTitle = "Delete E-Mail Certificates";
+  // ’ doesn't seem to work when embedded in the following literals, which is
+  // why escape codes are used instead.
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these people\u2019s e-mail certificates?";
+  const expectedImpact =
+    "If you delete a person\u2019s e-mail certificate, you will no longer be " +
+    "able to send encrypted e-mail to that person.";
+  yield* testHelper("others_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Servers" tab.
+add_task(function* testDeleteServerCerts() {
+  const expectedTitle = "Delete Server Certificate Exceptions";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these server exceptions?";
+  const expectedImpact =
+    "If you delete a server exception, you restore the usual security checks " +
+    "for that server and require it uses a valid certificate.";
+  yield* testHelper("websites_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Authorities" tab.
+add_task(function* testDeleteCACerts() {
+  const expectedTitle = "Delete or Distrust CA Certificates";
+  const expectedConfirmMsg =
+    "You have requested to delete these CA certificates. For built-in " +
+    "certificates all trust will be removed, which has the same effect. Are " +
+    "you sure you want to delete or distrust?";
+  const expectedImpact =
+    "If you delete or distrust a certificate authority (CA) certificate, " +
+    "this application will no longer trust any certificates issued by that CA.";
+  yield* testHelper("ca_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test deleting certs from the "Other" tab.
+add_task(function* testDeleteOtherCerts() {
+  const expectedTitle = "Delete Certificates";
+  const expectedConfirmMsg =
+    "Are you sure you want to delete these certificates?";
+  const expectedImpact = "";
+  yield* testHelper("orphan_tab", expectedTitle, expectedConfirmMsg,
+                    expectedImpact);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/);
+  info("Accepting dialog");
+  win.document.getElementById("deleteCertificate").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.deleteConfirmed,
+            "Return value should signal user accepted");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openDeleteCertConfirmDialog("ca_tab" /*arbitrary*/);
+  info("Canceling dialog");
+  win.document.getElementById("deleteCertificate").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.deleteConfirmed,
+            "Return value should signal user did not accept");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
new file mode 100644
index 000000000..cbd59f883
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_downloadCert_ui.js
@@ -0,0 +1,150 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the cert download/import UI correctly identifies the cert being
+// downloaded, and allows the trust of the cert to be specified.
+
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} certFilename
+ *           Filename of the cert for this test case.
+ * @property {String} expectedDisplayString
+ *           The string we expect the UI to display to represent the given cert.
+ * @property {nsIX509Cert} cert
+ *           Handle to the cert once read in setup().
+ */
+
+/**
+ * A list of test cases representing certs that get "downloaded".
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { certFilename: "has-cn.pem",
+    expectedDisplayString: "Foo",
+    cert: null },
+  { certFilename: "has-empty-subject.pem",
+    expectedDisplayString: "Certificate Authority (unnamed)",
+    cert: null },
+];
+
+/**
+ * Opens the cert download dialog.
+ *
+ * @param {nsIX509Cert} cert
+ *        The cert to pass to the dialog for display.
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openCertDownloadDialog(cert) {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/downloadcert.xul", "",
+                              "", cert, returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  expectedCert: null,
+  viewCertCallCount: 0,
+  confirmDownloadCACert(ctx, cert, trust) {
+    Assert.ok(false, "confirmDownloadCACert() should not have been called");
+  },
+  setPKCS12FilePassword(ctx, password) {
+    Assert.ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword(ctx, password) {
+    Assert.ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+  viewCert(ctx, cert) {
+    this.viewCertCallCount++;
+    Assert.notEqual(cert, null, "Cert to view should not be null");
+    Assert.equal(cert, this.expectedCert,
+                 "Actual and expected cert should match");
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs])
+};
+
+add_task(function* setup() {
+  for (let testCase of TEST_CASES) {
+    testCase.cert = yield readCertificate(testCase.certFilename, ",,");
+    Assert.notEqual(testCase.cert, null,
+                    `'${testCase.certFilename}' should have been read`);
+  }
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  registerCleanupFunction(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+});
+
+// Test that the trust header message corresponds to the provided cert, and that
+// the View Cert button launches the cert viewer for the provided cert.
+add_task(function* testTrustHeaderAndViewCertButton() {
+  for (let testCase of TEST_CASES) {
+    let [win, retVals] = yield openCertDownloadDialog(testCase.cert);
+    let expectedTrustHeaderString =
+      `Do you want to trust \u201C${testCase.expectedDisplayString}\u201D ` +
+      "for the following purposes?";
+    Assert.equal(win.document.getElementById("trustHeader").textContent,
+                 expectedTrustHeaderString,
+                 "Actual and expected trust header text should match for " +
+                 `${testCase.certFilename}`);
+
+    gCertificateDialogs.viewCertCallCount = 0;
+    gCertificateDialogs.expectedCert = testCase.cert;
+    info("Pressing View Cert button");
+    win.document.getElementById("viewC-button").doCommand();
+    Assert.equal(gCertificateDialogs.viewCertCallCount, 1,
+                 "viewCert() should've been called once");
+
+    yield BrowserTestUtils.closeWindow(win);
+  }
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert);
+  win.document.getElementById("trustSSL").checked = true;
+  win.document.getElementById("trustEmail").checked = false;
+  win.document.getElementById("trustObjSign").checked = true;
+  info("Accepting dialog");
+  win.document.getElementById("download_cert").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("importConfirmed"),
+            "Return value should signal user chose to import the cert");
+  Assert.ok(retVals.get("trustForSSL"),
+            "Return value should signal SSL trust checkbox was checked");
+  Assert.ok(!retVals.get("trustForEmail"),
+            "Return value should signal E-mail trust checkbox was unchecked");
+  Assert.ok(retVals.get("trustForObjSign"),
+            "Return value should signal Obj Sign trust checkbox was checked");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openCertDownloadDialog(TEST_CASES[0].cert);
+  info("Canceling dialog");
+  win.document.getElementById("download_cert").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("importConfirmed"),
+            "Return value should signal user chose not to import the cert");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
new file mode 100644
index 000000000..bc87732a5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_editCACertTrust.js
@@ -0,0 +1,119 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for editing the trust of a CA certificate correctly
+// reflects trust in the cert DB, and correctly updates trust in the cert DB
+// when requested.
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+/**
+ * The cert we're editing the trust of.
+ * @type nsIX509Cert
+ */
+var gCert;
+
+/**
+ * Opens the cert trust editing dialog.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading with
+ *          the window of the opened dialog.
+ */
+function openEditCertTrustDialog() {
+  let win = window.openDialog("chrome://pippki/content/editcacert.xul", "", "",
+                              gCert);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve(win);
+    });
+  });
+}
+
+add_task(function* setup() {
+  // Initially trust ca.pem for SSL, but not e-mail or object signing.
+  gCert = yield readCertificate("ca.pem", "CT,,");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Sanity check: ca.pem should be trusted for SSL");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Sanity check: ca.pem should not be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Sanity check: ca.pem should not be trusted for object signing");
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in setup().
+// 2. Accepting the dialog after flipping some of the checkboxes results in the
+//    correct trust being set in the cert DB.
+add_task(function* testAcceptDialog() {
+  let win = yield openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  let objSignCheckbox = win.document.getElementById("trustObjSign");
+  Assert.ok(sslCheckbox.checked,
+            "Cert should be trusted for SSL in UI");
+  Assert.ok(!emailCheckbox.checked,
+            "Cert should not be trusted for e-mail in UI");
+  Assert.ok(!objSignCheckbox.checked,
+            "Cert should not be trusted for object signing in UI");
+
+  sslCheckbox.checked = false;
+  emailCheckbox.checked = true;
+
+  info("Accepting dialog");
+  win.document.getElementById("editCaCert").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Cert should no longer be trusted for SSL");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Cert should now be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Cert should still not be trusted for object signing");
+});
+
+// Tests the following:
+// 1. The checkboxes correctly reflect the trust set in testAcceptDialog().
+// 2. Canceling the dialog even after flipping the checkboxes doesn't result in
+//    a change of trust in the cert DB.
+add_task(function* testCancelDialog() {
+  let win = yield openEditCertTrustDialog();
+
+  let sslCheckbox = win.document.getElementById("trustSSL");
+  let emailCheckbox = win.document.getElementById("trustEmail");
+  let objSignCheckbox = win.document.getElementById("trustObjSign");
+  Assert.ok(!sslCheckbox.checked,
+            "Cert should not be trusted for SSL in UI");
+  Assert.ok(emailCheckbox.checked,
+            "Cert should be trusted for e-mail in UI");
+  Assert.ok(!objSignCheckbox.checked,
+            "Cert should not be trusted for object signing in UI");
+
+  sslCheckbox.checked = true;
+  emailCheckbox.checked = false;
+  objSignCheckbox.checked = true;
+
+  info("Canceling dialog");
+  win.document.getElementById("editCaCert").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_SSL),
+            "Cert should still not be trusted for SSL");
+  Assert.ok(gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                  Ci.nsIX509CertDB.TRUSTED_EMAIL),
+            "Cert should still be trusted for e-mail");
+  Assert.ok(!gCertDB.isCertTrusted(gCert, Ci.nsIX509Cert.CA_CERT,
+                                   Ci.nsIX509CertDB.TRUSTED_OBJSIGN),
+            "Cert should still not be trusted for object signing");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
new file mode 100644
index 000000000..fc7591ece
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/browser_exportP12_passwordUI.js
@@ -0,0 +1,142 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that the UI for setting the password on a to be exported PKCS #12 file:
+//   1. Correctly requires the password to be typed in twice as confirmation.
+//   2. Calculates and displays the strength of said password.
+
+/**
+ * @typedef {TestCase}
+ * @type Object
+ * @property {String} name
+ *           The name of the test case for display purposes.
+ * @property {String} password1
+ *           The password to enter into the first password textbox.
+ * @property {String} password2
+ *           The password to enter into the second password textbox.
+ * @property {String} strength
+ *           The expected strength of the password in the range [0, 100].
+ */
+
+/**
+ * A list of test cases representing various inputs to the password textboxes.
+ * @type TestCase[]
+ */
+const TEST_CASES = [
+  { name: "empty",
+    password1: "",
+    password2: "",
+    strength: "0" },
+  { name: "match-weak",
+    password1: "foo",
+    password2: "foo",
+    strength: "10" },
+  { name: "match-medium",
+    password1: "foo123",
+    password2: "foo123",
+    strength: "60" },
+  { name: "match-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    strength: "100" },
+  { name: "mismatch-weak",
+    password1: "foo",
+    password2: "bar",
+    strength: "10" },
+  { name: "mismatch-medium",
+    password1: "foo123",
+    password2: "bar",
+    strength: "60" },
+  { name: "mismatch-strong",
+    password1: "fooBARBAZ 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三",
+    password2: "bar",
+    strength: "100" },
+];
+
+/**
+ * Opens the dialog shown to set the password on a PKCS #12 file being exported.
+ *
+ * @returns {Promise}
+ *          A promise that resolves when the dialog has finished loading, with
+ *          an array consisting of:
+ *            1. The window of the opened dialog.
+ *            2. The return value nsIWritablePropertyBag2 passed to the dialog.
+ */
+function openSetP12PasswordDialog() {
+  let returnVals = Cc["@mozilla.org/hash-property-bag;1"]
+                     .createInstance(Ci.nsIWritablePropertyBag2);
+  let win = window.openDialog("chrome://pippki/content/setp12password.xul", "",
+                              "", returnVals);
+  return new Promise((resolve, reject) => {
+    win.addEventListener("load", function onLoad() {
+      win.removeEventListener("load", onLoad);
+      resolve([win, returnVals]);
+    });
+  });
+}
+
+// Tests that the first password textbox is the element that is initially
+// focused.
+add_task(function* testFocus() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  Assert.equal(win.document.activeElement,
+               win.document.getElementById("pw1").inputField,
+               "First password textbox should have focus");
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Tests that the password strength algorithm used is reasonable, and that the
+// Accept button is only enabled if the two passwords match.
+add_task(function* testPasswordStrengthAndEquality() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  let password1Textbox = win.document.getElementById("pw1");
+  let password2Textbox = win.document.getElementById("pw2");
+  let strengthProgressBar = win.document.getElementById("pwmeter");
+
+  for (let testCase of TEST_CASES) {
+    password1Textbox.value = testCase.password1;
+    password2Textbox.value = testCase.password2;
+    // Setting the value of the password textboxes via |.value| apparently
+    // doesn't cause the oninput handlers to be called, so we do it here.
+    password1Textbox.oninput();
+    password2Textbox.oninput();
+
+    Assert.equal(win.document.documentElement.getButton("accept").disabled,
+                 password1Textbox.value != password2Textbox.value,
+                 "Actual and expected accept button disable state should " +
+                 `match for ${testCase.name}`);
+    Assert.equal(strengthProgressBar.value, testCase.strength,
+                 "Actual and expected strength value should match for" +
+                 `${testCase.name}`);
+  }
+
+  yield BrowserTestUtils.closeWindow(win);
+});
+
+// Test that the right values are returned when the dialog is accepted.
+add_task(function* testAcceptDialogReturnValues() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  const password = "fooBAR 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?一二三";
+  win.document.getElementById("pw1").value = password;
+  win.document.getElementById("pw2").value = password;
+  info("Accepting dialog");
+  win.document.getElementById("setp12password").acceptDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(retVals.get("confirmedPassword"),
+            "Return value should signal user confirmed a password");
+  Assert.equal(retVals.get("password"), password,
+               "Actual and expected password should match");
+});
+
+// Test that the right values are returned when the dialog is canceled.
+add_task(function* testCancelDialogReturnValues() {
+  let [win, retVals] = yield openSetP12PasswordDialog();
+  info("Canceling dialog");
+  win.document.getElementById("setp12password").cancelDialog();
+  yield BrowserTestUtils.windowClosed(win);
+
+  Assert.ok(!retVals.get("confirmedPassword"),
+            "Return value should signal user didn't confirm a password");
+});
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem b/security/manager/ssl/tests/mochitest/browser/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
new file mode 100644
index 000000000..a4fdfaed7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxDCCAa6gAwIBAgIUSbYQoLY1s6wWqgbKhxQZ3XME7ukwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB2NvZGUtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAV69uBbyc/d1eBdZlT7eAw4onQzkdndd8
+kEXdmP3hd+jJm1+/F733IflLLqE5mmUL9l7q7EJ+TgdZa19T6JHEaVjdJcIuwJO/
+kKSJXXqADQXoxHOZADDWjAFStiR3xd78BzYfuUANgozG6hq7QuVh0cYBx/8Q9gx/
+pGtuCJiN0d2Mknu0SoQzIZlXTuqmnFj7G/88O5Yh5MaFZxbvIJJSIWQoS396GrI6
+yXAdqHNoVM9mwwaMcnG5QeeKSIPuvEkZncQsxFc0zqIjeOVx/zEx2Bocx71dLuVB
+fqrIrAXLpwparoSxLzNqq8UgtXF8NQOuAcUu7ok0r1VbdMbSZHZ3Gg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
new file mode 100644
index 000000000..93f9a8426
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/code-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:code-ee
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
new file mode 100644
index 000000000..5b2cfd940
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvjCCAaigAwIBAgIUGzSP8KEmmRm3sIPiyQW35sazlHEwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSZWUtZnJvbS1leHBpcmVkLWNhMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+MAsGCSqGSIb3DQEBCwOCAQEAZ6Nrb/1fit8cALMhcbmuZ5kd3J34d0o9p3g3E7m7
+8RsTbYLA4xp9UmSzpO/10x9q4TUZ8jxW1dotoCVf7OqYYxQewrU2x3qoxKvP/Fvf
+8ssWSIang91w+app+fv7QYDySymT6DJMLWyCmxyhaFjYnmr67GKldcgK9hbyjfDB
+Rj382czI/HMSvw/vCB6rRKchzr5hsDGl+YN0MMI4M7/3b5wvMUmxlXqKu1VlslDZ
+8Ez6ONuMdPJD3aQZMxmEph05pEMvhjFhLh+0n7kfLR+9n0D7IR9paVc6LgHLLxsP
+ENoZLGOwJYNdAwwkd6fIa9E6KCpaRgyvWslm+iFCg3XxoA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
new file mode 100644
index 000000000..3e280fc4f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-expired-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:expired-ca
+subject:ee-from-expired-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
new file mode 100644
index 000000000..ad2d988e0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUI/4Y+KSEZo8YGQK6Ptrdmev5FO0wCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRlZS1mcm9tLXVudHJ1c3RlZC1jYTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAJqsDDoJqxrmV4Mlt815HmJwhr/SuYhPwhoQ
+RyU56Ci5kY/8fYa3F1uxSrpzuiYBX4bq6g8keXmltPZGN9gexPP2QJDAecNt0NKW
++04ZKSiz6Tbu+MEyBaXCINDKaAHVPRnbMWR1eCyHzYpZRKZW2Sb2NinWGebzq0mI
+wt5l7veMkL5ZbeYF8u8bNFsdvhl1PM7/AfAZLJL4+fncaqQeDRyVffxrl4mCooS9
+DYajnw7AhFvN0XtXb5vK3HYiz9mv/OnXeoeWxYcWI6aY6LR0OwHHQQptKQSIOP87
+2mo64IbAwzuBrhxNrdrQKCnf1mtyDZig+2r6R4TP3EM3sCNAoiU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
new file mode 100644
index 000000000..833e1a23a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ee-from-untrusted-ca.pem.certspec
@@ -0,0 +1,2 @@
+issuer:untrusted-ca
+subject:ee-from-untrusted-ca
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
new file mode 100644
index 000000000..4211ef27d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUJctkeS6qP+WqsgOLbjATJuPlN40wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVtYWlsLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggr
+BgEFBQcDBDALBgkqhkiG9w0BAQsDggEBAIFmRk4ZfcxWjetAoyYp0bIFLr5AjGqv
+ecmc0khsRkW7NR23ywJsRsCU1u82JIGrE0bpDu/KQPAMJsi6QMc9hZEOzO1t1QmG
+OJFLhCNTe+wf+5X+UKHKo01lEp7vDcO7DjuZIgEZSyOp9qbV88AtEiqESIzRBWYp
+dL15cS1PDH8fa5k7MHCAh0C/HeDRD5EP8derIWWrFIesEdJAhwzMRzJrCWIqzLPP
+Lv2gsXhehXCN7U14zkoGU97sSE09k5BopHd4fgqZesSApJrd2OenQAzdRIs3+UQy
+iCs7oLH16lOl/yeRxVjcHRWaSRM47eGpn5+YOnGkoE/lqfux+jjB3rc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
new file mode 100644
index 000000000..82e329670
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/email-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:email-ee
+extension:extKeyUsage:emailProtection
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
new file mode 100644
index 000000000..2da553a56
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUAfElDw37NeFULPHd+G2eoaHpvEYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAxMTAxMDEwMDAw
+MDBaMBUxEzARBgNVBAMMCmV4cGlyZWQtY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAde8CQNB8dVo5ly7Lu8x9
+5yDz2hpzAqqPDxP3+UqxzEgXeA4vfv1Bzvmxx69XEd+884M9Lkt2WBTrc+OrAgqX
+pCCt4X8bjV2t+mG1shtYEGKk5BtRVnorHhZyf6+5xtOfpV9DeWkf/aA1SJK1Kpt3
+cNSDW10PwaGuaNiUMEtIFLD/MYZCM98RFOSVDWjqafbfUBn4ZSeoyRi1C2d3lg0C
+jRFmOc1I4DQOUezp3C0WyCumJ0SLTIoYJGdAshMbDWPr0OOaB4GmI8miKhS6LM59
+o6C3fU8MJrRYKctYj0k9gW0DI6KuEFZj2AY8brv6Ufx1TKy5Z2pqIPeUbuJInCXM
+qA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
new file mode 100644
index 000000000..15bdcd7d7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/expired-ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:expired-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+validity:20100101-20110101
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
new file mode 100644
index 000000000..8e7c479ae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAbqgAwIBAgIUfQIwxuYCoWiJuu/qTiEf7fbljnswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDcxDDAKBgNVBAMMA0ZvbzEMMAoGA1UECwwDQmFyMQwwCgYDVQQKDANCYXox
+CzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAJ2fIigbkc2Lh5Z/s
+Y7s4o0D9UnzttXjjEqKYhttk6PJnmVYG3zn3MBmyWPhDcXYW9fJwx7IOcC0woVdJ
+yjkVZUIlJY6xAqIC6kVNtbI3PJ+mji8qQk/ecXCwhTGk0H2lZXrUtc6WMmD3GUIP
+yNQGN/qAniRLnXzzVY3MJPLKKSlWSJEJCY4F4uDwBtwudPc+1yRIR6XblEL3dazS
+H2kuIzGwIu6/i3AN2WIFWFhcuRTfLZINlNeH9gYEaUrwI3MS0aMPqGXtOHz+imZl
+RwNng0xaiDxZXcEPjrRw5HEZcIEGBc6X8WtSzbWufiWBqMue1ltEpc1AkvUamuB3
+KJxYPA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
new file mode 100644
index 000000000..a4a0fcb5f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-cn.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/CN=Foo/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
new file mode 100644
index 000000000..8800bfb73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIIChjCCAXCgAwIBAgIBCjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowADCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAF/OD4h9UNl2afVbw/Hv2dCV5uMyDV3T8iEUI9eiCvYDMAOElkAN
+NZbDfGfQdg8rNLKG6r7Vz8VBu0T/Vn2lswtKYPll63ANv9qZVtKGsDTGzN8JSC0k
+xgMbtVsj+OsJs81hmNnW6xw7wehpPw3l1UakAEb6dbYuYCanR/p/u/hvTz7phe9D
+AsJyRAo4a+QDyeqgAPKrzTatawshNnz9O4QhNzUqj53fMkpUq2ebOyIGMOvbh/N5
+nT6AVT2wn95mWawnS5v2VTRPALyMkgbl+0bb/VzXHN6CjDHO+n239lL2uQlAZFHe
+8pKr4lmb82dLU9qUFbY7exLyV1aUyYSXSNU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
new file mode 100644
index 000000000..6346f7b83
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-empty-subject.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:
+serialNumber:10
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
new file mode 100644
index 000000000..16964b1c0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAZCgAwIBAgIUCwPRyN8HCSE5XEIq7e2eEEe1OdIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAt2CF0E7d
+QYnfn/kc8hb6GF6sYpCFA6egEzr6OsYMYE7jt5mKlMJdbIxw57L8jg8IZ1fjH5AQ
+KA5cchGcgjCkHoJ7jOYfMZCubCBdrsNKx2YYWcna8WIAZjwOIfNC0Ajs3IDiRDWm
+vlBrFP9Z6bGuzNrvLFAB0lU2dM2b99DqzaYNZeQP5DcP6ZjaPkSvqOWr3Lf6ZAvO
+tU70OcTelx74Hj9bI75bxVYd71Vorv5qB77zrl7GHb36f2pkludDOKeZ6XhRgy9e
+vN6DLctM0v6fJprG50xrILDhqsTydTdjhETLaIWhF9aUHzFybpFArp8TLoWbXiX1
+eAVaASutFVprhA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
new file mode 100644
index 000000000..cc1b668a6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-non-empty-subject.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem b/security/manager/ssl/tests/mochitest/browser/has-o.pem
new file mode 100644
index 000000000..755d3cdae
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUeXeYs5jw41bNt0btBeEFNbUQonAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxDDAKBgNVBAoMA0JhejELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAs60sU1VqjaVQbGBHvBNyiQn9oTugmuEx9ogwVKhnmgRK+hYw+wgBn
+H4yYZF1gF4xG7Rt+ut+EruSd4ht8vY9ZMvKrbgMrZ6HbNIZg9oIX+u0i9Bba2lh7
+p87mCePS5L7U1gPbg/fZ8jd0FvW8EusC/TX5tOeeUnawXWE4ciqPZfIVriU0iCP1
+nKzvFtawYzWwgN+QZ1ruzBi7qqrHNDAhgLu9+3g+9QyBd40XV7/EhDQ18kViaTSj
+WmaUX7jJD1FUkGBkxjqHfgGkaYnt7UXGMDTeQ8vFeja11PJJIdRT8hSu0oTMdE6M
+WCEw02+Fc+qsYH5I6vp3MOV8wyBqIqYc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
new file mode 100644
index 000000000..f7cc3ffc7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-o.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
new file mode 100644
index 000000000..06f663b3f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUU/td7MxWYwvdFLfgNUraIpy3GP8wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCkxDDAKBgNVBAsMA0JhcjEMMAoGA1UECgwDQmF6MQswCQYDVQQGEwJVUzCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAGbVHQ19S6R62HovLt9Ltir1z9KJ4QXWNAEu
+FKicntKaId+jJY42y1+iAqQHy3FpjfLfx5eVKPW8vHbyTQSL/y0jJ9bPKepYsSay
+5McWggOxMxVFazUCOntZN282WYIg3H/OFaeRarjeHlraZjwmNxrfHKzyBJ6bBqBJ
+2vtmDez/+h+f0reutgnY1v4bJ02x/5YuG39+i08uRI0Vc+lrDiqDPYMxlmzwVvJM
+xqo9TZu9gU4XFbK8c8EUsPjMMO1gKyroiBhthtEZ8a9Q4jdeD92cOZRcPrHtYyvR
+qw9VhFLJRgLJ0DVOWqCHqYXUFfYngFezem1eeNxrz2eAbaURdCs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
new file mode 100644
index 000000000..8879dabf5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/has-ou.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:/OU=Bar/O=Baz/C=US
diff --git a/security/manager/ssl/tests/mochitest/browser/head.js b/security/manager/ssl/tests/mochitest/browser/head.js
new file mode 100644
index 000000000..d488e6eeb
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/head.js
@@ -0,0 +1,59 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+var gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                .getService(Ci.nsIX509CertDB);
+
+/**
+ * List of certs imported via readCertificate(). Certs in this list are
+ * automatically deleted from the cert DB when a test including this head file
+ * finishes.
+ * @type nsIX509Cert[]
+ */
+var gImportedCerts = [];
+
+registerCleanupFunction(() => {
+  for (let cert of gImportedCerts) {
+    gCertDB.deleteCertificate(cert);
+  }
+});
+
+/**
+ * This function serves the same purpose as the one defined in head_psm.js.
+ */
+function pemToBase64(pem) {
+  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
+            .replace(/-----END CERTIFICATE-----/, "")
+            .replace(/[\r\n]/g, "");
+}
+
+/**
+ * Given the filename of a certificate, returns a promise that will resolve with
+ * a handle to the certificate when that certificate has been read and imported
+ * with the given trust settings.
+ *
+ * Certs imported via this function will automatically be deleted from the cert
+ * DB once the calling test finishes.
+ *
+ * @param {String} filename
+ *        The filename of the certificate (assumed to be in the same directory).
+ * @param {String} trustString
+ *        A string describing how the certificate should be trusted (see
+ *        `certutil -A --help`).
+ * @return {Promise}
+ *         A promise that will resolve with a handle to the certificate.
+ */
+function readCertificate(filename, trustString) {
+  return OS.File.read(getTestFilePath(filename)).then(data => {
+    let decoder = new TextDecoder();
+    let pem = decoder.decode(data);
+    let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                   .getService(Ci.nsIX509CertDB);
+    let base64 = pemToBase64(pem);
+    certdb.addCertFromBase64(base64, trustString, "unused");
+    let cert = certdb.constructX509FromBase64(base64);
+    gImportedCerts.push(cert);
+    return cert;
+  }, error => { throw error; });
+}
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem b/security/manager/ssl/tests/mochitest/browser/invalid.pem
new file mode 100644
index 000000000..1911098ef
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaagAwIBAgIUcy9NBl2j6kWrXfJ6Na36AnwN2Q8wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB2ludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIBBjAL
+BgkqhkiG9w0BAQsDggEBAHw1PeRKbGVaiNBPlshPnuEjJ5XN+ls3Lv8CVplvuFgM
+uvOAfuXNcLcQmqU4QZm9PvIboCAe2FTFMJ+szDbCIFaBzzJ4RnuJ0FnBZDf1fKJm
+/Nj4XikPePo5DnsqSs53aNKM7Nf5dcdCCA8kfpMm50Nw6ufWrr8HAEqQbDixecv1
+6as6xc458UU8AXKZb30VfLFAm0uPz2Y/ZjROnSqrNSB5ZRx9m4MqS3/4H7fSnlFU
+yMcetH5ovGk3xJg65qWhaRlaoeExco9E5x1nUr+eK4OmP3MXlGbxxMQx1R43Ea11
+zSyaqlhGUs06uDOl4rk4b2FmkPgGV+A26gtjMYD005k=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
new file mode 100644
index 000000000..71a1707c3
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:invalid
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
new file mode 100644
index 000000000..27bf90085
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZSgAwIBAgIURZ4xXpmcV9oh3RekbTwkCGv62NowCwYJKoZIhvcNAQEE
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBm1kNS1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQQDggEBAKs7
+7/g5m901xqDth2t0tDTFWlfh/h94KLk8d8JAAa8AMdVwpMUMc2IKPk+H+f7JkBeE
+hhJ/r4ZEbQkjZuoLSkAR6aKRprE97Ddw1LJLVish39DitEXxpyDemCIl8V6E8FpW
+CWqbOZtvUScOQOlJ2uJfPwHkh93RJbzP9EY8Hd2arFYKuExi5z8Z465feZ53mdOe
+17WG9IKKIQirr4OAxD+ab1EdMuPuXKQ9qfg4fSW/LDsb97x0/ElRfHwFDxsbEiVi
+zR/gGMW9AQhc+eW2qchjYkO0v/ps7dzjDQFDJzLAd/mlb90cK1cpUz6XVn/HagvZ
+0MRczu3MnE6KRPVpW8Y=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
new file mode 100644
index 000000000..279c15802
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/md5-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:md5-ee
+signature:md5WithRSAEncryption
diff --git a/security/manager/ssl/tests/mochitest/browser/moz.build b/security/manager/ssl/tests/mochitest/browser/moz.build
new file mode 100644
index 000000000..49d7d5a11
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+BROWSER_CHROME_MANIFESTS += ['browser.ini']
+
+# Temporarily disabled. See bug 1256495.
+# (Note that when this gets enabled, some extra work will have to happen so
+# that the mochitest harness knows where to get the generated certificates -
+# right now it assumes they're in the source directory, which isn't the case
+# when they're automatically generated.)
+#test_certificates = (
+#    'ca.pem',
+#    'code-ee.pem',
+#    'ee-from-expired-ca.pem',
+#    'ee-from-untrusted-ca.pem',
+#    'email-ee.pem',
+#    'expired-ca.pem',
+#    'has-cn.pem',
+#    'has-empty-subject.pem',
+#    'has-non-empty-subject.pem',
+#    'has-o.pem',
+#    'has-ou.pem',
+#    'invalid.pem',
+#    'md5-ee.pem',
+#    'revoked.pem',
+#    'ssl-ee.pem',
+#    'unknown-issuer.pem',
+#    'untrusted-ca.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem b/security/manager/ssl/tests/mochitest/browser/revoked.pem
new file mode 100644
index 000000000..b212e8250
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZWgAwIBAgIUD1t15yWPBLIhosAm9w9++t/F/fkwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB3Jldm9rZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCy
+eobd3+MhGhQvhKQax5XNBqAEmogtsv6G1ZCoAx0kKU83r3Oj9ha4VfGN0syP8NQV
+nmkecZ630QXQcyCD3RRiiLqU07N3nC5djm8v+vM5RhuDADkIwddH3WNWB+8KUJEd
+3Sym1EN6xAYdQEAwWdPno73sUsFebuoL/c4gpTjD7PF+/vPzN0c3KVanlrMhayKe
+3PLq8jST2OSdLvooa8qMYsFFG2S4A+gmp9Cx30moMG2+w1GBKZdtY2tlFx5DppIU
+AoQzUl9pvT6AFDcY2RO6UvsWF9Pzr4dTjjgk8SO05jKcmj2GnBm480ZezDx5N5zm
++XVGgonJZRAucaVuJY79
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
new file mode 100644
index 000000000..daf75c670
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/revoked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:revoked
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
new file mode 100644
index 000000000..76a688034
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUYfe94xSwDUoffRodCo1TPdV/PaswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBnNzbC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMhMB8wHQYDVR0lBBYwFAYIKwYB
+BQUHAwEGCCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAprVI8tGWBHIN2SV66ZnC
+vOfWcQguUQg8QO3Al+O4X5U18hzgsmCjqt99b+oJCJD0qWBnPPBgqY52pckCgmTY
+w73TZ5w3Rnr3v+BlQ5xPTyAQoUeutm1LMxY/Ju7m1XV44tyDnq6GZbOZLVWtRLXe
+W4UEqVex4qbCw3GOvFyHmubSNUk81v4Iexe1SmIJN8glZsVmWJdaC2Xo7qhz+vvq
+HljfO+/ejiBtZOJSf9qG6HcGW/Rf15Io0e+IA6jbZWrlAzIjBcYKumZF8LjRONHZ
+vwiCwWit/IP6KvmsHAb7wj5c0U/p1TuyGdvu/ccp6nCdx8Ya7/QKfAEQTZXnloBG
+4w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
new file mode 100644
index 000000000..c4037675f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/ssl-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ssl-ee
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
new file mode 100644
index 000000000..d8e750551
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAaGgAwIBAgIUEfR3vHTQuzModYBSMepORIL++2gwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB3Vua25vd24wIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGTEXMBUGA1UEAwwOdW5rbm93bi1pc3N1ZXIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI
+hvcNAQELA4IBAQB4pRQvglUpzNZ2fH0oj5bcqfcTjE3dwEzGg7WaMD2t50zKgCRp
+2sDObvEB1Nv5SHSkebxDeS9xQ6Dghf+TvuCnkapi/6q9etP51lkIOhl6okAGUwdZ
+vO3duIvXCVUWbut3ATQghKovDYuJXKMx1OYapxyLKKCsdvTQ8LNQpPcwbpVtqWKC
+jLYpa1i/vtn4Pv8xs/ceOf10z5AdydpFBgZ8JpY0CbRI73WHR5fr1yYI7tfzaAA8
+d+OBZ7nqlg81khD/Oepl/h6/IJ3L2eB+lUZx6+yWML9jRD0HX1xRje19u2vxCuQ+
+tNo6lQr9fTRG76Md1d4fdg9+F9LGqDd+yBBv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
new file mode 100644
index 000000000..c76a4e2c7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/unknown-issuer.pem.certspec
@@ -0,0 +1,2 @@
+issuer:unknown
+subject:unknown-issuer
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
new file mode 100644
index 000000000..0f874d9a9
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUT/T//UMr8YnbQBWj+61OMGPKRC4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDHVudHJ1c3RlZC1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCiDFgskGRygaarkruu
+gTwsX59ULb7yhXyYKZLTdsUitHi8Zk4KUmsbkBHGaek30Ud9A1GyLzuP3hb1/M7M
+FdARYO8qrl414tW3hiON36R47qtw5cO6a2YZfvxU79esuoa6uxChhHLUugqNotJb
+bbGwSMszKzkGtOQ5ZTFNc8+t1kWeQfFoPMznjg5WC2oq9Pl45Rt9lFrU3SD8MkVA
+8fLAGR5TEOY2ZvjDDMKg+ceJNIaA3SPXDTVSXWNIakJU2vsdUXThTyfnoCw0sMQG
+ZwkmKbCXioYXDB/nrjoVBgJh85JSc4KX137y5m2FK+wHzkKMgf4yn6Ql2eg/yTen
+CaeK
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
new file mode 100644
index 000000000..04f443057
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/untrusted-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:untrusted-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
new file mode 100644
index 000000000..d61bb2044
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
new file mode 100644
index 000000000..8e9afb098
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs
@@ -0,0 +1,6 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Access-Control-Allow-Origin", "*");
+  response.write("<html><body>hello!</body></html>");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/backward.html b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
new file mode 100644
index 000000000..825c2aa80
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/backward.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <script type="text/javascript">
+  "use strict";
+  window.onload = function()
+  {
+    window.setTimeout(function()
+    {
+      SpecialPowers.wrap(window).QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+        .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+        .goBack();
+    }, 100);
+  };
+
+  </script>
+</head>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
new file mode 100644
index 000000000..fd888504a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug329869.js
@@ -0,0 +1,7 @@
+/* import-globals-from mixedContentTest.js */
+"use strict";
+
+document.open();
+document.write("This is insecure XSS script " + document.cookie);
+isSecurityState("broken", "security broken after document write from unsecure script");
+finish();
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
new file mode 100644
index 000000000..c2ebce364
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step2.html
@@ -0,0 +1,29 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, step 2</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/does_not_exist.css">
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  window.onload = function runTest() {
+    window.setTimeout(function () {
+      window.location =
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html?runtest";
+    }, 0);
+  };
+
+  function afterNavigationTest()
+  {
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
new file mode 100644
index 000000000..1acafcd2f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/bug383369step3.html
@@ -0,0 +1,30 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test, final step</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "secure page after insecure download and insecure subcontent still secure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "still secure after back/forward");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
new file mode 100644
index 000000000..4d2fb7d5a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto
@@ -0,0 +1 @@
+Temporary file for security/mixedconent tests
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
new file mode 100644
index 000000000..9c3159e15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/download.auto^headers^
@@ -0,0 +1,2 @@
+Content-disposition: "attachment"
+Content-type: application/x-auto-download
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
new file mode 100644
index 000000000..5cce2826f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  //response.setHeader("Content-type", "image/gif");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
new file mode 100644
index 000000000..20d9dea82
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs
@@ -0,0 +1,13 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-type", "image/bitmap");
+  
+  let bmpheader = "\x42\x4D\x36\x10\x0E\x00\x00\x00\x00\x00\x36\x00\x00\x00\x28\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00\x01\x00\x18\x00\x00\x00\x00\x00\x00\x10\x0E\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+  let bmpdatapiece = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+
+  response.bodyOutputStream.write(bmpheader, 54);
+  // Fill 640*480*3 nulls
+  for (let i = 0; i < (640 * 480 * 3) / 64; ++i)
+    response.bodyOutputStream.write(bmpdatapiece, 64);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
new file mode 100644
index 000000000..d67eb6a7a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 1: 
+  <script>
+    "use strict";
+    document.write(location.href);
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
new file mode 100644
index 000000000..048ed811b
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html
@@ -0,0 +1,14 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  This is frame 2: 
+  <script>
+    "use strict";
+    document.write(location.href);
+  </script>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
new file mode 100644
index 000000000..d033f5b00
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML>
+<META http-equiv="Refresh"
+      Content="0; URL=http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html">
+<html>
+  <body>
+    Redirecting by meta tag...
+  </body>
+</html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
new file mode 100644
index 000000000..ea93b80b7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
new file mode 100644
index 000000000..937e29954
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
new file mode 100644
index 000000000..7af6116e1
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
new file mode 100644
index 000000000..a8eb26642
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
new file mode 100644
index 000000000..74c592e59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mixedContentTest.js
@@ -0,0 +1,204 @@
+"use strict";
+
+/**
+ * Helper script for mixed content testing. It opens a new top-level window
+ * from a secure origin and '?runtest' query. That tells us to run the test
+ * body, function runTest(). Then we wait for call of finish(). On its first
+ * call it loads helper page 'backward.html' that immediately navigates
+ * back to the test secure test. This checks the bfcache. We got second call
+ * to onload and this time we call afterNavigationTest() function to let the
+ * test check security state after re-navigation back. Then we again wait for
+ * finish() call, that this time finishes completelly the test.
+ */
+
+// Tells the framework if to load the test in an insecure page (http://)
+var loadAsInsecure = false;
+// Set true to bypass the navigation forward/back test
+var bypassNavigationTest = false;
+// Set true to do forward/back navigation over an http:// page, test state leaks
+var navigateToInsecure = false;
+// Open the test in two separate windows, test requests sharing among windows
+var openTwoWindows = false;
+// Override the name of the test page to load, useful e.g. to prevent load
+// of images or other content before the test starts; this is actually
+// a 'redirect' to a different test page.
+var testPage = "";
+// Assign a function to this variable to have a clean up at the end
+var testCleanUp = null;
+// Contains mixed active content that needs to load to run the test
+var hasMixedActiveContent = false;
+
+
+// Internal variables
+var _windowCount = 0;
+
+window.onload = function onLoad() {
+  if (location.search == "?runtest") {
+    try {
+      if (history.length == 1) {
+        // Each test that includes this helper file is supposed to define
+        // runTest(). See the top level comment.
+        runTest(); // eslint-disable-line no-undef
+      } else {
+        // Each test that includes this helper file is supposed to define
+        // afterNavigationTest(). See the top level comment.
+        afterNavigationTest(); // eslint-disable-line no-undef
+      }
+    } catch (ex) {
+      ok(false, "Exception thrown during test: " + ex);
+      finish();
+    }
+  } else {
+    window.addEventListener("message", onMessageReceived, false);
+
+    let secureTestLocation = loadAsInsecure ? "http://example.com"
+                                            : "https://example.com";
+    secureTestLocation += location.pathname;
+    if (testPage != "") {
+      let array = secureTestLocation.split("/");
+      array.pop();
+      array.push(testPage);
+      secureTestLocation = array.join("/");
+    }
+    secureTestLocation += "?runtest";
+
+    if (hasMixedActiveContent) {
+      SpecialPowers.pushPrefEnv(
+        {"set": [["security.mixed_content.block_active_content", false]]},
+        null);
+    }
+    if (openTwoWindows) {
+      _windowCount = 2;
+      window.open(secureTestLocation, "_new1", "");
+      window.open(secureTestLocation, "_new2", "");
+    } else {
+      _windowCount = 1;
+      window.open(secureTestLocation);
+    }
+  }
+};
+
+function onMessageReceived(event)
+{
+  switch (event.data) {
+    // Indication of all test parts finish (from any of the frames)
+    case "done":
+      if (--_windowCount == 0) {
+        if (testCleanUp) {
+          testCleanUp();
+        }
+        if (hasMixedActiveContent) {
+          SpecialPowers.popPrefEnv(null);
+        }
+
+        SimpleTest.finish();
+      }
+      break;
+
+    // Any other message is an error or success message of a test.
+    default:
+      SimpleTest.ok(!event.data.match(/^FAILURE/), event.data);
+      break;
+  }
+}
+
+function postMsg(message)
+{
+  opener.postMessage(message, "http://mochi.test:8888");
+}
+
+function finish()
+{
+  if (history.length == 1 && !bypassNavigationTest) {
+    window.setTimeout(() => {
+      window.location.assign(navigateToInsecure ?
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html" :
+        "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/backward.html");
+    }, 0);
+  } else {
+    postMsg("done");
+    window.close();
+  }
+}
+
+function ok(a, message)
+{
+  if (!a) {
+    postMsg("FAILURE: " + message);
+  } else {
+    postMsg(message);
+  }
+}
+
+function is(a, b, message)
+{
+  if (a != b) {
+    postMsg(`FAILURE: ${message}, expected ${b} got ${a}`);
+  } else {
+    postMsg(`${message}, expected ${b} got ${a}`);
+  }
+}
+
+function isSecurityState(expectedState, message, test)
+{
+  if (!test) {
+    test = ok;
+  }
+
+  let ui = SpecialPowers.wrap(window)
+    .QueryInterface(SpecialPowers.Ci.nsIInterfaceRequestor)
+    .getInterface(SpecialPowers.Ci.nsIWebNavigation)
+    .QueryInterface(SpecialPowers.Ci.nsIDocShell)
+    .securityUI;
+
+  let isInsecure = !ui ||
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_INSECURE);
+  let isBroken = ui &&
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IS_BROKEN);
+  let isEV = ui &&
+    (ui.state & SpecialPowers.Ci.nsIWebProgressListener.STATE_IDENTITY_EV_TOPLEVEL);
+
+  let gotState = "secure";
+  if (isInsecure) {
+    gotState = "insecure";
+  } else if (isBroken) {
+    gotState = "broken";
+  } else if (isEV) {
+    gotState = "EV";
+  }
+
+  test(gotState == expectedState, (message || "") + ", " + "expected " + expectedState + " got " + gotState);
+
+  switch (expectedState) {
+    case "insecure":
+      test(isInsecure && !isBroken && !isEV, "for 'insecure' excpected flags [1,0,0], " + (message || ""));
+      break;
+    case "broken":
+      test(ui && !isInsecure && isBroken && !isEV, "for 'broken' expected  flags [0,1,0], " + (message || ""));
+      break;
+    case "secure":
+      test(ui && !isInsecure && !isBroken && !isEV, "for 'secure' expected flags [0,0,0], " + (message || ""));
+      break;
+    case "EV":
+      test(ui && !isInsecure && !isBroken && isEV, "for 'EV' expected flags [0,0,1], " + (message || ""));
+      break;
+    default:
+      throw new Error("Invalid isSecurityState state");
+  }
+}
+
+function waitForSecurityState(expectedState, callback)
+{
+  let roundsLeft = 200; // Wait for 20 seconds (=200*100ms)
+  let interval = window.setInterval(() => {
+    isSecurityState(expectedState, "", isok => {
+      if (isok) {
+        roundsLeft = 0;
+      }
+    });
+    if (!roundsLeft--) {
+      window.clearInterval(interval);
+      callback();
+    }
+  }, 100);
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
new file mode 100644
index 000000000..c7a352eb8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/mochitest.ini
@@ -0,0 +1,62 @@
+[DEFAULT]
+skip-if = toolkit == 'android' #TIMED_OUT
+support-files =
+  alloworigin.sjs
+  backward.html
+  bug329869.js
+  bug383369step2.html
+  bug383369step3.html
+  download.auto
+  download.auto^headers^
+  emptyimage.sjs
+  hugebmp.sjs
+  iframe.html
+  iframe2.html
+  iframeMetaRedirect.html
+  iframesecredirect.sjs
+  iframeunsecredirect.sjs
+  imgsecredirect.sjs
+  imgunsecredirect.sjs
+  mixedContentTest.js
+  moonsurface.jpg
+  nocontent.sjs
+  redirecttoemptyimage.sjs
+  somestyle.css
+  unsecureIframe.html
+  unsecurePictureDup.html
+
+[test_bug329869.html]
+[test_bug383369.html]
+[test_bug455367.html]
+[test_bug472986.html]
+[test_bug477118.html]
+[test_bug521461.html]
+[test_cssBefore1.html]
+[test_cssContent1.html]
+[test_cssContent2.html]
+[test_documentWrite1.html]
+[test_documentWrite2.html]
+[test_dynDelayedUnsecurePicture.html]
+[test_dynDelayedUnsecureXHR.html]
+[test_dynUnsecureBackground.html]
+[test_dynUnsecureIframeRedirect.html]
+[test_dynUnsecurePicture.html]
+[test_dynUnsecurePicturePreload.html]
+# [test_dynUnsecureRedirect.html]
+# intermitently fails, quite often, bug 487402
+[test_innerHtmlDelayedUnsecurePicture.html]
+[test_innerHtmlUnsecurePicture.html]
+[test_javascriptPicture.html]
+[test_secureAll.html]
+[test_securePicture.html]
+[test_unsecureBackground.html]
+[test_unsecureCSS.html]
+[test_unsecureIframe.html]
+[test_unsecureIframe2.html]
+# [test_unsecureIframeMetaRedirect.html]
+# intermittently fails, less often, bug 487632
+[test_unsecureIframeRedirect.html]
+[test_unsecurePicture.html]
+[test_unsecurePictureDup.html]
+[test_unsecurePictureInIframe.html]
+[test_unsecureRedirect.html]
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
new file mode 100644
index 000000000..c0ffca256
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/moz.build b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
new file mode 100644
index 000000000..8e5cb5d71
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
new file mode 100644
index 000000000..53fa4bc0c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs
@@ -0,0 +1,4 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 204, "No Content");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
new file mode 100644
index 000000000..4d85e1658
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs
@@ -0,0 +1,5 @@
+function handleRequest(request, response)
+{
+  response.setStatusLine(request.httpVersion, 307, "Moved temporarly");
+  response.setHeader("Location", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/emptyimage.sjs");
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
new file mode 100644
index 000000000..9867e3c41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css
@@ -0,0 +1,4 @@
+body
+{
+  background-color: lightBlue;
+}
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
new file mode 100644
index 000000000..3b8fae25e
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug329869.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>dymanic script load</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(function () {
+      let newElement = document.createElement("script");
+      newElement.src = "http://example.org/tests/security/manager/ssl/tests/" +
+                       "mochitest/mixedcontent/bug329869.js";
+      document.body.appendChild(newElement);
+    }, 0);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
new file mode 100644
index 000000000..b68546d0a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug383369.html
@@ -0,0 +1,102 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 383369 test</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* sendAsyncMessage isn't actually a global - this just mollifies eslint */
+  /* global sendAsyncMessage */
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // We want to start this test from an insecure context
+  loadAsInsecure = true;
+  // We don't want to go through the navigation back/forward test
+  bypassNavigationTest = true;
+
+  function runTest() {
+    let script = SpecialPowers.loadChromeScript(function() {
+      const { classes: Cc, interfaces: Ci, utils: Cu } = Components;
+      // Force download to be w/o user assistance for our testing mime type
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+      handlerInfo.preferredAction = Ci.nsIHandlerInfo.saveToDisk;
+      handlerInfo.alwaysAskBeforeHandling = false;
+      handlerInfo.preferredApplicationHandler = null;
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.store(handlerInfo);
+
+      let dirProvider = Cc["@mozilla.org/file/directory_service;1"]
+                          .getService(Ci.nsIProperties);
+      let profileDir = dirProvider.get("ProfDS", Ci.nsIFile);
+      profileDir.append("downloads");
+
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
+
+      prefBranch.setCharPref("dir", profileDir.path);
+      prefBranch.setBoolPref("useDownloadDir", true);
+      prefBranch.setIntPref("folderList", 2);
+      prefBranch.setBoolPref("manager.closeWhenDone", true);
+      prefBranch.setBoolPref("manager.showWhenStarting", false);
+
+      const { Downloads } =
+        Cu.import("resource://gre/modules/Downloads.jsm", {});
+      Downloads.getList(Downloads.PUBLIC).then(list => {
+        list.addView({
+          onDownloadAdded: function (aDownload) {
+            list.removeView(this);
+            aDownload.whenSucceeded().then(() => {
+              list.removeFinished();
+              sendAsyncMessage("navigate", "bug383369step2.html");
+            });
+          },
+        });
+        sendAsyncMessage("navigate", "download.auto");
+      }).then(null, Cu.reportError);
+    });
+    script.addMessageListener("navigate", function(url) {
+      window.location = url;
+    });
+  }
+
+  function afterNavigationTest() {}
+
+  testCleanUp = function cleanup() {
+    SpecialPowers.loadChromeScript(function() {
+      const { classes: Cc, interfaces: Ci } = Components;
+      const mimeSvc = Cc["@mozilla.org/mime;1"].getService(Ci.nsIMIMEService);
+      let handlerInfo =
+        mimeSvc.getFromTypeAndExtension("application/x-auto-download", "auto");
+
+      const handlerSvc = Cc["@mozilla.org/uriloader/handler-service;1"]
+                           .getService(Ci.nsIHandlerService);
+      handlerSvc.remove(handlerInfo);
+
+      let prefs = Cc["@mozilla.org/preferences-service;1"]
+                    .getService(Ci.nsIPrefService);
+      let prefBranch = prefs.getBranch("browser.download.");
+
+      const prefKeys = ["dir", "useDownloadDir", "folderList",
+                        "manager.closeWhenDone", "manager.showWhenStarting"];
+      for (let prefKey of prefKeys) {
+        if (prefBranch.prefHasUserValue(prefKey)) {
+          prefBranch.clearUserPref(prefKey);
+        }
+      }
+    });
+  };
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
new file mode 100644
index 000000000..ec2b8590a
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug455367.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>No content image doesn't break security</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/redirecttoemptyimage.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
new file mode 100644
index 000000000..b95cfcf65
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug472986.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src replace</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  SimpleTest.expectAssertions(0, 4);
+
+  // Clear the default onload assigned to test start because we must
+  // wait for replaced image to load and only after that test the security state
+  var onLoadFunction = window.onload;
+  window.onload = function()
+  {
+    let img1 = document.getElementById("img1");
+    img1.addEventListener("load", onLoadFunction, false);
+    img1.src = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+  };
+
+  function runTest()
+  {
+    isSecurityState("secure", "secure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="img1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
new file mode 100644
index 000000000..51a13a4b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug477118.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 477118</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "data <img> doesn't break security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "still secure after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1wAADdcBQiibeAAAAAd0SU1FB9kBDxIAOdxBIbcAAAI+SURBVDjLxZO7TxRhFMV/M/PN7EPYhS02yytggo+ERAgxERsNhYnGzsQojaHT3r9F0cTaUjs6NUQLBRKDi4I8FEwkLMgO+5rdeX3XAoVYiZWnP797cu69Bv8gqZ+0QTqIdRpl1VHGvnV884CJwQgwicVtoB/ku/H4ycOnURgP/Q1g21Fw4+r0RjbbNmaq4ayO35UkXp9S2UzHxK2bE4QNl82FVwD0D49jn+hERBCRgwTiIX7pvGUGYF/BlO327d3ENfV7wuL0AyjPICIsfPvAmev3qdVqlMtlCoUCGxurDPT1kEnPomQKkRTFpXOjh4DN4kvGLuSJ/JC38y/ouXyXYrGIiBDHMVtbu1SrvXTlbfp6HcQcoVwp5hRAaWedPXFYfL+E1lAKswSRy+joKEEQICLkcjm01hiGgRcksW0b4SMKYHb+OSt6ma+VffxWRF3S5OeeMX7pHkqpwy5EBK31H90ogFODF1lbm8OtlEhloDORpbdnhDAMaTabhwbbtkkkEkRRhGVZR4BCfojJO4+o1VwQAItEIolpmliWRVtbG7s/dlDKotGo47U8CvkuAEwA3/eJoxhE0WyGuO4+nucRBAHVahXDMKg3agRhQBAGVKsVtNZHCRzHwTAMcrnc0eX9it3e3g7A6cGzhx0AKHWwQOV5jdXXb2ZOaa3BOP5ffF5ZptVqflG+3xpbWv5kh2FolEo7dnmv7Lium6zXG0nf95MiguM4QTqd9jPZTCvX2eF393QHqVRKZ7KZkP+unzPGLX8Jr7F8AAAAAElFTkSuQmCC" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
new file mode 100644
index 000000000..523b97f59
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_bug521461.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 521461</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  loadAsInsecure = true;
+
+  function runTest()
+  {
+    window.location = "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/nocontent.sjs";
+    window.setTimeout(function() {
+      isSecurityState("insecure", "location.href doesn't effect the security state");
+      is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+      finish();
+    }, 1000);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("insecure", "still not secure after navigation");
+    is(document.body.innerHTML, "This is an unsecure page!", "Document has not changed content");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>This is an unsecure page!</body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
new file mode 100644
index 000000000..72046e032
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssBefore1.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS :before styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+  <style type="text/css">
+    p:before
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p>
+    There is a moon surface left to this text
+  </p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
new file mode 100644
index 000000000..364d652f4
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent1.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 1</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <style type="text/css">
+    p
+    {
+      content: url(http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg);
+    }
+  </style>
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure content added by :before styling breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
new file mode 100644
index 000000000..c57410b74
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_cssContent2.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>CSS conent styling 2</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  if (navigator.platform.startsWith("Mac")) {
+    SimpleTest.expectAssertions(0, 1);
+  }
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("para").style.content =
+      "url('http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg')";
+
+    waitForSecurityState("broken", function()
+    {
+      isSecurityState("broken", "insecure content added by styling breaks security");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("para").style.content, "");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <p id="para"></p>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
new file mode 100644
index 000000000..64eec0890
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite1.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<img src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> written dynamically breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  document.write(
+    "<img src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
new file mode 100644
index 000000000..41878d292
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_documentWrite2.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>document.write('<iframe src="http://">')</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure iframe written dynamically breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <script class="testbody" type="text/javascript">
+  document.write(
+    "<iframe src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html'></iframe>");
+  </script>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
new file mode 100644
index 000000000..4f7305f41
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecurePicture.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(function() {
+      // Don't do this synchronously from onload handler
+      document.getElementById("image1").src =
+        "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+    }, 0);
+
+    waitForSecurityState("broken", function()
+    {
+      isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
new file mode 100644
index 000000000..7dbfdf4da
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynDelayedUnsecureXHR.html
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>unsecure XHR test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    window.setTimeout(() => {
+      try {
+        let req = new XMLHttpRequest();
+        req.open("GET", "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/alloworigin.sjs", false);
+        req.send(null);
+
+        // Change should be immediate, the request was sent synchronously
+        isSecurityState("broken", "security broken after insecure XHR");
+      } catch (ex) {
+        ok(false, ex);
+      }
+
+      finish();
+    }, 0);
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
new file mode 100644
index 000000000..6d06f1a64
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureBackground.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>body.background changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.body.background =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    waitForSecurityState("broken", function () {
+      isSecurityState("broken", "document.body.background='http://...' changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.body.background,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "document backround secure again");
+    isSecurityState("secure", "secure after re-navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
new file mode 100644
index 000000000..f846f8919
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureIframeRedirect.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>iframe.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    let self = window;
+    let iframe = document.getElementById("iframe1");
+    iframe.onload = function() {
+      self.isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      self.finish();
+    };
+
+    iframe.src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs";
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe id="iframe1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
new file mode 100644
index 000000000..cbb5dccf8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicture.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("image1").src =
+      "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "src='http://...' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
new file mode 100644
index 000000000..64a7a4abe
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecurePicturePreload.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  (new Image()).src =
+    "http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg";
+
+  function runTest()
+  {
+    isSecurityState("broken", "(new Image()).src='http://...' changed to broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
new file mode 100644
index 000000000..c1af7b29d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_dynUnsecureRedirect.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>img.src changes to unsecure redirect test</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+    document.getElementById("image1").src =
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "src='redirect to unsecure' changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("image1").src,
+      "https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg",
+      "img.src secure again");
+    isSecurityState("secure", "security full after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img id="image1" src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
new file mode 100644
index 000000000..5e408b2aa
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlDelayedUnsecurePicture.html
@@ -0,0 +1,42 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+
+    window.setTimeout(function () {
+      document.getElementById("buddy").innerHTML =
+        "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+    }, 1);
+
+    waitForSecurityState("broken", function () {
+      isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    });
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+    isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
new file mode 100644
index 000000000..ff3592542
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_innerHtmlUnsecurePicture.html
@@ -0,0 +1,40 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>innerHTML changes to unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure");
+
+    document.getElementById("buddy").innerHTML =
+      "<img id='image1' src='http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg' />";
+
+    window.setTimeout(function() {
+      isSecurityState("broken", "innerHTML loading insecure changed to broken");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    is(document.getElementById("buddy").innerHTML, "", "innerHTML back to previous");
+    isSecurityState("secure");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body id="buddy"></body></html>
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
new file mode 100644
index 000000000..1efbe4d73
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_javascriptPicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("secure", "javascript: <img> should not break security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "Still secure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="javascript:'Random data'" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
new file mode 100644
index 000000000..cd9f1d0d7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_secureAll.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>All secure anti-regression check</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // Navigation test goes over an insecure page, test state leak
+  navigateToInsecure = true;
+
+  function runTest()
+  {
+    isSecurityState("secure", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("secure", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgsecredirect.sjs" />
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframesecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
new file mode 100644
index 000000000..96ef9a3c7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_securePicture.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Secure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  loadAsInsecure = true;
+
+  function runTest()
+  {
+    isSecurityState("insecure", "left insecure");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("insecure", "left insecure after renavigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
new file mode 100644
index 000000000..0f741f9b8
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureBackground.html
@@ -0,0 +1,36 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>background unsecure test</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  // This test, as is, equals to https://kuix.de/misc/test17/358438.php
+
+  function runTest()
+  {
+    isSecurityState("broken", "security broken");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body background="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg">
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
new file mode 100644
index 000000000..19d1379ea
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureCSS.html
@@ -0,0 +1,39 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure css load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <link rel="stylesheet" type="text/css"
+    href="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/somestyle.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
new file mode 100644
index 000000000..dd4bd2d8f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
new file mode 100644
index 000000000..cdd59ce15
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframe2.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframe2.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
new file mode 100644
index 000000000..288526437
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeMetaRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    window.setTimeout(function()
+    {
+      isSecurityState("broken", "insecure meta-tag <iframe> load breaks security");
+      finish();
+    }, 500);
+  }
+
+  function afterNavigationTest()
+  {
+    window.setTimeout(function()
+    {
+      isSecurityState("broken", "security still broken after navigation");
+      finish();
+    }, 500);
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeMetaRedirect.html"></iframe>
+</body>
+</html>
+ 
\ No newline at end of file
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
new file mode 100644
index 000000000..1095c769f
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureIframeRedirect.html
@@ -0,0 +1,38 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure redirect iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/iframeunsecredirect.sjs"></iframe>
+</body>
+</html>
+ 
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
new file mode 100644
index 000000000..dc18efa29
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePicture.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
new file mode 100644
index 000000000..5d02de95c
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureDup.html
@@ -0,0 +1,21 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  openTwoWindows = true;
+  testPage = "unsecurePictureDup.html";
+
+  </script>
+</head>
+
+<body>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
new file mode 100644
index 000000000..2ece07342
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecurePictureInIframe.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img in iframe load</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> in an <iframe> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <iframe src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
new file mode 100644
index 000000000..a796b41b5
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/test_unsecureRedirect.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Redirect from secure to unsecure img</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  hasMixedActiveContent = true;
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="https://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/imgunsecredirect.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
new file mode 100644
index 000000000..228267741
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecureIframe.html
@@ -0,0 +1,9 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/moonsurface.jpg" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
new file mode 100644
index 000000000..f53fb4830
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/mixedcontent/unsecurePictureDup.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Unsecure img load in two windows</title>
+  <script type="text/javascript" src="/MochiKit/Base.js"></script>
+  <script type="text/javascript" src="/MochiKit/DOM.js"></script>
+  <script type="text/javascript" src="/MochiKit/Style.js"></script>
+  <script type="text/javascript" src="/MochiKit/Signal.js"></script>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <script type="text/javascript" src="mixedContentTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  /* import-globals-from mixedContentTest.js */
+  "use strict";
+
+  function runTest()
+  {
+    isSecurityState("broken", "insecure <img> load breaks security");
+    finish();
+  }
+
+  function afterNavigationTest()
+  {
+    isSecurityState("broken", "security still broken after navigation");
+    finish();
+  }
+
+  </script>
+</head>
+
+<body>
+  <img src="http://example.com/tests/security/manager/ssl/tests/mochitest/mixedcontent/hugebmp.sjs" />
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/moz.build b/security/manager/ssl/tests/mochitest/moz.build
new file mode 100644
index 000000000..05c6b7906
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/moz.build
@@ -0,0 +1,11 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+TEST_DIRS += [
+    'browser',
+    'mixedcontent',
+    'stricttransportsecurity',
+]
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js
new file mode 100644
index 000000000..74b7a1a07
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/.eslintrc.js
@@ -0,0 +1,9 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  // mochitest-chrome tests also exist in this directory, but don't appear to
+  // use anything not also available to plain mochitests. Since plain mochitests
+  // are the majority, we take the safer option and only extend the
+  // mochitest-plain eslintrc file.
+  "extends": "../../../../../../testing/mochitest/mochitest.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini
new file mode 100644
index 000000000..b2ce8fef0
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/chrome.ini
@@ -0,0 +1,6 @@
+[DEFAULT]
+tags = psm
+skip-if = os == 'android'
+support-files = page_blank.html
+
+[test_sts_privatebrowsing_perwindowpb.html]
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini
new file mode 100644
index 000000000..100f45840
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/mochitest.ini
@@ -0,0 +1,13 @@
+[DEFAULT]
+tags = psm
+support-files =
+  nosts_bootstrap.html
+  nosts_bootstrap.html^headers^
+  plain_bootstrap.html
+  plain_bootstrap.html^headers^
+  subdom_bootstrap.html
+  subdom_bootstrap.html^headers^
+  verify.sjs
+
+[test_stricttransportsecurity.html]
+skip-if = toolkit == 'android' #TIMED_OUT
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build
new file mode 100644
index 000000000..cd73f7716
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/moz.build
@@ -0,0 +1,10 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+MOCHITEST_MANIFESTS += ['mochitest.ini']
+
+MOCHITEST_CHROME_MANIFESTS += ['chrome.ini']
+
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html
new file mode 100644
index 000000000..f9b0f9381
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP plain",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^
new file mode 100644
index 000000000..9e23c73b7
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/nosts_bootstrap.html^headers^
@@ -0,0 +1 @@
+Cache-Control: no-cache
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html
new file mode 100644
index 000000000..db5d31a96
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html
@@ -0,0 +1,5 @@
+<html>
+<body>
+  PAGE BLANK
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html
new file mode 100644
index 000000000..f9b0f9381
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP plain",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^
new file mode 100644
index 000000000..a46bf65bd
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/plain_bootstrap.html^headers^
@@ -0,0 +1,2 @@
+Cache-Control: no-cache
+Strict-Transport-Security: max-age=60
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html
new file mode 100644
index 000000000..24a364158
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html
@@ -0,0 +1,26 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+  <head>
+    <title>STS test iframe</title>
+    <script>
+      "use strict";
+      let windowRef = window;
+      window.addEventListener("load", function() {
+        windowRef.parent.postMessage("BOOTSTRAP subdom",
+                                     "http://mochi.test:8888");
+      }, false);
+    </script>
+  </head>
+  <body>
+    <!-- This frame should be loaded over HTTPS to set the STS header. -->
+    This frame was loaded using 
+    <script>
+      document.write(document.location.protocol);
+    </script>
+    and set the STS header to force this site and allow subdomain upgrading.
+  </body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^
new file mode 100644
index 000000000..e54fc6a1d
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/subdom_bootstrap.html^headers^
@@ -0,0 +1,2 @@
+Cache-Control: no-cache
+Strict-Transport-Security: max-age=60; includeSubDomains
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
new file mode 100644
index 000000000..675688638
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_stricttransportsecurity.html
@@ -0,0 +1,120 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>opens additional content that should be converted to https</title>
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  SimpleTest.waitForExplicitFinish();
+
+  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+
+  // initialized manually here
+  var testsleft = {'plain': 4, 'subdom': 4};
+  var roundsLeft = 2;
+
+  var testframes = {
+    'samedom':
+      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
+    'subdom':
+      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE', 'subdom': 'SECURE'}},
+    'otherdom':
+      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE', 'subdom': 'INSECURE'}},
+    'alreadysecure':
+      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE', 'subdom': 'SECURE'}},
+  };
+
+  function startRound(round) {
+    let frame = document.createElement("iframe");
+    frame.setAttribute('id', 'ifr_bootstrap');
+    frame.setAttribute('src', "https://example.com" + STSPATH + "/" + round + "_bootstrap.html");
+    document.body.appendChild(frame);
+  }
+
+  function endRound(round) {
+    // remove all the iframes in the document
+    document.body.removeChild(document.getElementById('ifr_bootstrap'));
+    for (let test in testframes) {
+      document.body.removeChild(document.getElementById('ifr_' + test));
+    }
+
+    // clean up the STS state
+    SpecialPowers.cleanUpSTSData("http://example.com");
+  }
+
+  function loadVerifyFrames(round) {
+    for (let test in testframes) {
+      let frame = document.createElement("iframe");
+      frame.setAttribute('id', 'ifr_' + test);
+      frame.setAttribute('src', testframes[test].url + '?id=' + test);
+      document.body.appendChild(frame);
+    }
+  }
+
+  /* Messages received are in this format:
+   *  (BOOTSTRAP|SECURE|INSECURE) testid
+   * For example: "BOOTSTRAP plain"
+   *          or: "INSECURE otherdom"
+   */
+  function onMessageReceived(event) {
+    let result = event.data.split(/\s+/);
+    if (result.length != 2) {
+      SimpleTest.ok(false, event.data);
+      return;
+    }
+
+    // figure out which round of tests we're in
+    let round = (roundsLeft == 2) ? "plain" : "subdom";
+
+    if (result[0] === "BOOTSTRAP") {
+      loadVerifyFrames(round);
+      return;
+    }
+
+    // check if the result (SECURE/INSECURE) is expected for this round/test combo
+    SimpleTest.is(result[0], testframes[result[1]].expected[round],
+                  "in ROUND " + round + ", test " + result[1]);
+    testsleft[round]--;
+
+    // check if there are more tests to run.
+    if (testsleft[round] < 1) {
+      // if not, advance to next round
+      endRound(round);
+      roundsLeft--;
+
+      // defer this so it doesn't muck with the stack too much.
+      if (roundsLeft == 1) {
+        setTimeout(function () {
+          startRound("subdom");
+        }, 0);
+      }
+    }
+
+    if (roundsLeft < 1) {
+      SimpleTest.finish();
+    }
+  }
+
+  // listen for calls back from the sts-setting iframe and then
+  // the verification frames.
+  window.addEventListener("message", onMessageReceived, false);
+  window.addEventListener("load", () => { startRound("plain"); }, false);
+  </script>
+</head>
+
+<body>
+  This test will load some iframes and do some tests.
+
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
new file mode 100644
index 000000000..882030b67
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/test_sts_privatebrowsing_perwindowpb.html
@@ -0,0 +1,275 @@
+<!-- This Source Code Form is subject to the terms of the Mozilla Public
+   - License, v. 2.0. If a copy of the MPL was not distributed with this
+   - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
+
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>opens additional content that should be converted to https</title>
+  <script type="application/javascript" src="chrome://mochikit/content/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css"
+        href="chrome://mochikit/content/tests/SimpleTest/test.css"/>
+
+  <script class="testbody" type="text/javascript">
+  "use strict";
+
+  // We define |content| as a global as a hack to prevent use of |content|
+  // inside a ContentTask tripping ESLint no-undef checks.
+  /* global content */
+
+  SimpleTest.waitForExplicitFinish();
+
+  const Cc = Components.classes;
+  const Ci = Components.interfaces;
+  const Cu = Components.utils;
+  const STSPATH = "/tests/security/manager/ssl/tests/mochitest/stricttransportsecurity";
+  const NUM_TEST_FRAMES = 4;
+  const CONTENT_PAGE =
+    "http://mochi.test:8888/chrome/security/manager/ssl/tests/mochitest/stricttransportsecurity/page_blank.html";
+
+  Cu.import("resource://testing-common/BrowserTestUtils.jsm");
+  Cu.import("resource://testing-common/ContentTask.jsm");
+  Cu.import("resource://gre/modules/Task.jsm");
+
+  // This is how many sub-tests (testframes) in each round.
+  // When the round begins, this will be initialized.
+  var testsleftinround = 0;
+  var currentround = "";
+  var mainWindow =
+    window.QueryInterface(Ci.nsIInterfaceRequestor).
+    getInterface(Ci.nsIWebNavigation).QueryInterface(Ci.nsIDocShellTreeItem).
+    rootTreeItem.QueryInterface(Ci.nsIInterfaceRequestor).
+    getInterface(Ci.nsIDOMWindow);
+
+  SpecialPowers.Services.prefs.setIntPref("browser.startup.page", 0);
+
+  var testframes = {
+    'samedom':
+      {'url':     "http://example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'INSECURE'}},
+    'subdom':
+      {'url':     "http://test1.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'INSECURE'}},
+    'otherdom':
+      {'url':     "http://example.org" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'INSECURE',
+                     'subdom': 'INSECURE',
+                     'nosts': 'INSECURE'}},
+    'alreadysecure':
+      {'url':     "https://test2.example.com" + STSPATH + "/verify.sjs",
+        'expected': {'plain': 'SECURE',
+                     'subdom': 'SECURE',
+                     'nosts': 'SECURE'}},
+  };
+
+  function whenDelayedStartupFinished(aWindow, aCallback) {
+    SpecialPowers.Services.obs.addObserver(function observer(aSubject, aTopic) {
+      if (aWindow == aSubject) {
+        SpecialPowers.Services.obs.removeObserver(observer, aTopic);
+        SimpleTest.executeSoon(aCallback);
+      }
+    }, "browser-delayed-startup-finished", false);
+  }
+
+  function testOnWindow(aIsPrivate, aCallback) {
+    let win = mainWindow.OpenBrowserWindow({private: aIsPrivate});
+
+    Task.spawn(function* () {
+      yield new Promise(resolve => whenDelayedStartupFinished(win, resolve));
+
+      let browser = win.gBrowser.selectedBrowser;
+      yield BrowserTestUtils.loadURI(browser, CONTENT_PAGE);
+      yield BrowserTestUtils.browserLoaded(browser);
+
+      aCallback(win);
+    });
+  }
+
+  function startRound(win, isPrivate, round) {
+    currentround = round;
+    testsleftinround = NUM_TEST_FRAMES;
+    SimpleTest.info("TESTS LEFT IN ROUND " + currentround + ": " + testsleftinround);
+
+    let browser = win.gBrowser.selectedBrowser;
+    let src = "https://example.com" + STSPATH + "/" + round + "_bootstrap.html";
+
+    ContentTask.spawn(browser, src, function* (contentSrc) {
+      let frame = content.document.createElement("iframe");
+      frame.setAttribute('id', 'ifr_bootstrap');
+      frame.setAttribute('src', contentSrc);
+
+      return new Promise(resolve => {
+        frame.addEventListener("load", resolve);
+        content.document.body.appendChild(frame);
+      });
+    }).then(() => {
+      onMessageReceived(win, isPrivate, "BOOTSTRAP " + round);
+    });
+  }
+
+  function loadVerifyFrames(win, isPrivate, round) {
+    loadVerifyFrame(win, isPrivate, testframes.samedom, 'samedom', function() {
+      loadVerifyFrame(win, isPrivate, testframes.subdom, 'subdom', function() {
+        loadVerifyFrame(win, isPrivate, testframes.otherdom, 'otherdom', function() {
+          loadVerifyFrame(win, isPrivate, testframes.alreadysecure, 'alreadysecure');
+        });
+      });
+    });
+  }
+
+  function loadVerifyFrame(win, isPrivate, test, testName, aCallback) {
+    let id = 'ifr_' + testName;
+    let src = test.url + '?id=' + testName;
+    let browser = win.gBrowser.selectedBrowser;
+
+    ContentTask.spawn(browser, [id, src], function* ([contentId, contentSrc]) {
+      let frame = content.document.createElement("iframe");
+      frame.setAttribute('id', contentId);
+      frame.setAttribute('src', contentSrc);
+
+      return new Promise(resolve => {
+        frame.addEventListener("load", () => {
+          resolve(frame.contentDocument.location.protocol);
+        });
+
+        content.document.body.appendChild(frame);
+      });
+    }).then(scheme => {
+      if (scheme == 'https:') {
+        onMessageReceived(win, isPrivate, "SECURE " + testName);
+      } else {
+        onMessageReceived(win, isPrivate, "INSECURE " + testName);
+      }
+
+      if (aCallback) {
+        aCallback();
+      }
+    });
+  }
+
+  /**
+   * Messages received are in this format:
+   *  (BOOTSTRAP|SECURE|INSECURE) testid
+   * For example: "BOOTSTRAP subdom"
+   *          or: "INSECURE otherdom"
+   */
+  function onMessageReceived(win, isPrivate, data) {
+    let result = data.split(/\s+/);
+    if (result.length != 2) {
+      SimpleTest.ok(false, data);
+      return;
+    }
+
+    if (result[0] === "BOOTSTRAP") {
+      loadVerifyFrames(win, isPrivate, currentround);
+      return;
+    }
+
+    // check if the result (SECURE/INSECURE) is expected for this round/test
+    // combo
+    dump_STSState(isPrivate);
+    SimpleTest.is(result[0], testframes[result[1]].expected[currentround],
+                             "in ROUND " + currentround +
+                             ", test " + result[1]);
+    testsleftinround--;
+
+    // if this round is complete...
+    if (testsleftinround < 1) {
+      SimpleTest.info("DONE WITH ROUND " + currentround);
+      // remove all the iframes in the document
+      let browser = win.gBrowser.selectedBrowser;
+      ContentTask.spawn(browser, testframes, function* (contentTestFrames) {
+        content.document.body.removeChild(
+          content.document.getElementById('ifr_bootstrap'));
+        for (let test in contentTestFrames) {
+          content.document.body.removeChild(
+            content.document.getElementById('ifr_' + test));
+        }
+      }).then(() => {
+        currentround = "";
+
+        if (!isPrivate) {
+          clean_up_sts_state(isPrivate);
+        }
+        // Close test window.
+        win.close();
+        // And advance to the next test.
+        // Defer this so it doesn't muck with the stack too much.
+        SimpleTest.executeSoon(nextTest);
+      });
+    }
+  }
+
+  function test_sts_before_private_mode() {
+    testOnWindow(false, function(win) {
+      SimpleTest.info("In public window");
+      dump_STSState(false);
+      startRound(win, false, 'plain');
+    });
+  }
+
+  function test_sts_in_private_mode() {
+    testOnWindow(true, function(win) {
+      SimpleTest.info("In private window");
+      dump_STSState(true);
+      startRound(win, true, 'subdom');
+    });
+  }
+
+  function test_sts_after_exiting_private_mode() {
+    testOnWindow(false, function(win) {
+      SimpleTest.info("In a new public window");
+      dump_STSState(false);
+      startRound(win, false, 'nosts');
+    });
+  }
+
+  function clean_up_sts_state(isPrivate) {
+    // erase all signs that this test ran.
+    SimpleTest.info("Cleaning up STS data");
+    let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+    SpecialPowers.cleanUpSTSData("http://example.com", flags);
+    dump_STSState(isPrivate);
+  }
+
+  function dump_STSState(isPrivate) {
+    let sss = Cc["@mozilla.org/ssservice;1"]
+                .getService(Ci.nsISiteSecurityService);
+    let flags = isPrivate ? Ci.nsISocketProvider.NO_PERMANENT_STORAGE : 0;
+    SimpleTest.info("State of example.com: " + sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "example.com", flags));
+  }
+
+  // These are executed in the order presented.
+  // 0.  test that STS works before entering private browsing mode.
+  //     (load sts-bootstrapped "plain" tests)
+  //  ... clear any STS data ...
+  // 1.  test that STS works in private browsing mode
+  //     (load sts-bootstrapped "subdomain" tests)
+  // 2.  test that after exiting private browsing, STS data is forgotten
+  //     (verified with non-sts-bootstrapped pages)
+  //  ... clear any STS data ...
+  var tests = [
+    test_sts_before_private_mode,
+    test_sts_in_private_mode,
+    test_sts_after_exiting_private_mode
+  ];
+
+  function finish() {
+    SpecialPowers.Services.prefs.clearUserPref("browser.startup.page");
+    SimpleTest.finish();
+  }
+  function nextTest() {
+    SimpleTest.executeSoon(tests.length ? tests.shift() : finish);
+  }
+  window.addEventListener('load', nextTest, false);
+  </script>
+</head>
+
+<body>
+  This test will load some iframes and do some tests.
+</body>
+</html>
diff --git a/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs
new file mode 100644
index 000000000..e5e4eb5f6
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/stricttransportsecurity/verify.sjs
@@ -0,0 +1,47 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// SJS file that serves un-cacheable responses for STS tests that postMessage
+// to the parent saying whether or not they were loaded securely.
+
+function handleRequest(request, response)
+{
+  var query = {};
+  request.queryString.split('&').forEach(function (val) {
+      var [name, value] = val.split('=');
+      query[name] = unescape(value);
+  });
+
+  response.setHeader("Cache-Control", "no-cache", false);
+  response.setHeader("Content-Type", "text/html", false);
+
+  if ('id' in query) {
+    var outstr = [
+       " <!DOCTYPE html>",
+       " <html> <head> <title>subframe for STS</title>",
+       " <script type='text/javascript'>",
+       " var self = window;",
+       " window.addEventListener('load', function() {",
+       "     if (document.location.protocol === 'https:') {",
+       "       self.parent.postMessage('SECURE " + query['id'] + "',",
+       "                               'http://mochi.test:8888');",
+       "     } else {",
+       "       self.parent.postMessage('INSECURE " + query['id'] + "',",
+       "                               'http://mochi.test:8888');",
+       "     }",
+       "   }, false);",
+       "   </script>",
+       "   </head>",
+       " <body>",
+       "   STS state verification frame loaded via",
+       " <script>",
+       "   document.write(document.location.protocol);",
+       " </script>",
+       " </body>",
+       " </html>"].join("\n");
+    response.write(outstr);
+  } else {
+    response.write("ERROR: no id provided");
+  }
+}
diff --git a/security/manager/ssl/tests/moz.build b/security/manager/ssl/tests/moz.build
new file mode 100644
index 000000000..e7c06c21e
--- /dev/null
+++ b/security/manager/ssl/tests/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['unit']
+
+TEST_DIRS += [
+    'gtest',
+    'mochitest',
+]
+
+XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell.ini']
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    XPCSHELL_TESTS_MANIFESTS += ['unit/xpcshell-smartcards.ini']
diff --git a/security/manager/ssl/tests/unit/.eslintrc.js b/security/manager/ssl/tests/unit/.eslintrc.js
new file mode 100644
index 000000000..1f96e7821
--- /dev/null
+++ b/security/manager/ssl/tests/unit/.eslintrc.js
@@ -0,0 +1,5 @@
+"use strict";
+
+module.exports = { // eslint-disable-line no-undef
+  "extends": "../../../../../testing/xpcshell/xpcshell.eslintrc.js"
+};
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
new file mode 100644
index 000000000..62406aaac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUaauScBIwFX7ueYmCXknl2gMYElAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowJjEkMCIGA1UEAwwbRUUgd2l0aCBiYWQgc3ViamVjdEFsdE5hbWVz
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox4wHDAaBgNVHREEEzARgg8qLiouZXhhbXBsZS5jb20wCwYJKoZIhvcN
+AQELA4IBAQBQsZKhZe/1VkfifLqD4bni/7VY8xfXQO4DDu9HSkFmeJOhaIzfdQls
+q4LN+HVuJcJQZD1ni24UbJib+Jh8cbuzRA8l6w+PUBB6XPeF8BfYDkSbDoIYxj6h
+OclX4HInco4O4Ul+1K0u7qF9xtMYK+xaAZqiEzU638nW2n5EWV8v7y5dJsmx7rz3
+s7boQNkjgZo7R0Lw5Z8zzKYE0jVp+dRztP/f0X9uG6YW3thFIfHbewXBKP1kiIv6
+jymQMdcdnc+LhtM5/+KJcCstGA1YUaZ7pNkU7/KyB0Ch1m+b40EOSnZKelUFkmvp
+yaMC1hUND9LZjKwnGKNwuF5HR4OX/w0g
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
new file mode 100644
index 000000000..1b368c26f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/badSubjectAltNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:EE with bad subjectAltNames
+extension:subjectAlternativeName:*.*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
new file mode 100644
index 000000000..ffb961c45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJzCCAhGgAwIBAgIUdXLIuQ4fxP+03n9N/HH0ZlV0c7owCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw
+MTAwMDAwMFowLDEqMCgGA1UEAwwhQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBFbmQt
+ZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB
+/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx
+CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC
+OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm
+Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz
+ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD
+rNoYCjXtjQIDAQABo1swWTAjBgNVHREEHDAaghhiZWZvcmUtZXBvY2guZXhhbXBs
+ZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxo
+b3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAgkj+Gwj2oJbjTvT8ivsSVfs1XHg6
+VOkPc8+DvFUY9l+lffyGUf8JQV0HuHHWOdPkSNAthqCYvsvzn1p21OFVo8EB7f5/
+mCz+u/YiWDDDjRfIYPUxvKIL4qqz+1dW3YcYOCG7luyNgajR9M9ivHGh7pX23Loa
+726oYYXWaY0KU2/CkLWLSvrdbcEiw/mUMrpKa7H2Zh0OVg6pcL1LNlUTGOWoyl9X
+u50M4iKLlb1wHiBTqXskKu6lM3yob6fVQ53S6Q6vKPsmD0hiKzGP5k8NLp5m0tHm
+a18x76ggEprPxGI3XXOCejGBbBIdswEX+WA904jMRwrrbLXxXLKSG72UKg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
new file mode 100644
index 000000000..ac97b2231
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpoch.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test End-entity
+validity:19460214-20310101
+extension:subjectAlternativeName:before-epoch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
new file mode 100644
index 000000000..62ddea52a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUewecPPOfV1pIxDqNQZDAK7WnmikwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMTk0NjAyMTQwMDAwMDBaGA8yMDMxMDEw
+MTAwMDAwMFowLjEsMCoGA1UEAwwjQmVmb3JlIFVOSVggRXBvY2ggVGVzdCBJbnRl
+cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsG
+CSqGSIb3DQEBCwOCAQEAZOcbi3DKkzazT2A2ZlqHdeY7tgVL8fiQnPvzfYpNgB+R
+pM3gkZRagkliv8o0ZKlkaoLDula6Q5Rhe2hY2+PSQNi/BkDdg/ituWOnH2ruX8Dm
+cWFFWJfGehf12dpJWhW+lovgQvbUmAVeMKMDfNIHgGZmwdVarYTN4LV7uu1abtIP
+mxFLc8x2CkGk9XQJXbts3cLwtZJiqAdMCuX5P4fmnLkaFAw+Vs+6aLBLOOD5WMF9
+vqwTRPDedtG+xmOhZ+J0YijRRfm4go5gCZj3XF3RgA35V7A/i3MCX2jPRfXDRywV
+8bsqZlIgILgdm4YCHlXpF9aqHJxz9AMKZs3Wk8mu7Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
new file mode 100644
index 000000000..835e63f2b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Before UNIX Epoch Test Intermediate
+validity:19460214-20310101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
new file mode 100644
index 000000000..c234f9365
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVjCCAkCgAwIBAgIUHY/2g5fyvV2MONrnjGi3fWc83j0wCwYJKoZIhvcNAQEL
+MC4xLDAqBgNVBAMMI0JlZm9yZSBVTklYIEVwb2NoIFRlc3QgSW50ZXJtZWRpYXRl
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDgxNjA0BgNVBAMM
+LVRlc3QgRW5kLWVudGl0eSB3aXRoIEJlZm9yZSBVTklYIEVwb2NoIGlzc3VlcjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaNiMGAwKgYDVR0RBCMwIYIfYmVmb3JlLWVwb2NoLWlzc3Vlci5leGFtcGxl
+LmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhv
+c3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAAYmpIy15lrWSrorG+HfjZNckhAsCG
+1BOVYRr+s1Zks4wj1aMXFSzblgNgdRuZA20TkRfJKw40cyuNLfm5DhKZUbo+0LAN
+jthu2cHFBaQn+XV6xMb2tEKTU8rBqzAYIAnmEIlLukYQBVICL9tirC1JJhqe1/S8
+U139izFYNnSqNmss2cJOuI4VM7B951v1h4mQYfcX1Sv27qWaKBK7k9fKBWWE0DCX
+YR1nB4RlI+92ncTOwbjtXR92gqR/z1wGDOPj/0VNNUn4SKo5Xif9TqXh4LhnY9fD
+HgoZSMDxftXou1MjN0cWnIP6QMyLfg2kSN0vnQpVle6KgsxpfrgLiMoU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
new file mode 100644
index 000000000..9aabe2162
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/beforeEpochIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Before UNIX Epoch Test Intermediate
+subject:Test End-entity with Before UNIX Epoch issuer
+extension:subjectAlternativeName:before-epoch-issuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
new file mode 100644
index 000000000..ae40112c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF
+bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj
+giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL
+A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF
+Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip
+U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx
+3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD
+g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu
+ee/qZzerx61VI88GvLK87eX2ZiH1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 000000000..8e16705b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
new file mode 100644
index 000000000..0a9eaebb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH
+MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u
+aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4
+YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s
+ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr
+1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0
+SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was
+OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC
+6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
new file mode 100644
index 000000000..554339ff5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
new file mode 100644
index 000000000..08c574fd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDITCCAgugAwIBAgIURex/TuOH9TNqma6czhjn0gJqzqwwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD1Rlc3QgRW5kLWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNFRSBJc3N1ZWQgYnkgbm9uLUNB
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABo1swWTAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhhbXBsZS5jb20w
+MgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4
+ODgvMAsGCSqGSIb3DQEBCwOCAQEAnLI+egtdtaCj/pGgINrEi98m6gvK+wANDhDS
+RhX2IztG/xuLCXIEcecjl2ifppklo6BnGqMebuLxndygkEGXiuvTvAbtd8Ac3s7O
+Cln/JW3OOBs6a3UJJeo1rpADn5F7tSXJshnVFNshZlXACnb25JIvKKIZwEhNKCmz
+whfX5xVW7RumZ5I4BYrE16YkQKQ9Fc7orioPbcTfH/zmoBBseMFi9UHCsI/u6P2/
+2DpdD2hlld/Cy0cEzb8IJFnx1CYIpfKCP2OZR+YEn8i1P6WwEyYy47YlFmZGkVmQ
+t1zEXNWT6xdW9+jREoyvl2pb/4BzQDzUhUg6P1jbFqHKtBgFqg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
new file mode 100644
index 000000000..63c36d34b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByNonCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test End-entity
+subject:EE Issued by non-CA
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
new file mode 100644
index 000000000..e24448493
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUWdJEDrMcdJcIJoGstXeNPWoUzCcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1YxIENlcnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowHzEdMBsGA1UEAwwURUUgSXNzdWVkIGJ5IFYxIENlcnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+JzAlMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTALBgkqhkiG
+9w0BAQsDggEBAFlYTwajTjFg0lvULVveYmWQWzPlRjdDi+TM/guuC13D9sDXN9vi
+y5ofPdtqlGo2owjEe8XII/3enZHJqJAk/zDcjVg7ErXoui54K5q6eZGN+6hdhiGB
+iT4TxrHAQXPfkXgLr6AQx0JkIO5G8l/PZDETLkxNMoFssQwb1x2D28LxYhqcGQJY
+A7h8M8kMNZiltGqLUBXdYdmM1IljJb/BlqULV7QbCh8jXsvdP3leIQCRK+vUONcK
+MjnLEzAYhNhRYWkjCBF/Q+qsPlL/aSbkupr6z4lXuCUIPF8TWs8q0V0uwGeOT0MZ
+aWkw8tsi1UYRR9Z5WdTe8l0dYF0G/kpD44Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
new file mode 100644
index 000000000..9ed9b33db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/eeIssuedByV1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:V1 Cert
+subject:EE Issued by V1 Cert
+extension:subjectAlternativeName:localhost,*.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
new file mode 100644
index 000000000..719f4e760
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUWcXPQzwjDQvgxBhAb1cUwuJNgfswCwYJKoZIhvcNAQEL
+MAAwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UE
+AwwiRW5kIGVudGl0eSBzaWduZWQgYnkgZW1wdHkgbmFtZSBDQTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMqMCgw
+JgYDVR0RBB8wHYIbZW1wdHlpc3N1ZXJuYW1lLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAqbRuhfV+zSaD8FqWMaaX3Q0V08aazNE+xt/4z0E79Ap0LWUs8h2j
+IVC61EsJKrgYMseNd6DqyzhucQYgH1yuyZjb9VC+BuEA/GvcbzxMKr9jf9hMFXvf
+PtyrAPDKbkscfjF1Xpq0nfTld0zxDaa01lZEyY175Ga8OM0oUaOr9tsa/m6d4/qT
+2J1qOus/doyoD8CJB5vOAFjK1C0u4EMmZoayjiOQori61wsmcn6I077Pdwbhi49d
+iuZGc3UU9VBPyQ6CWN5tP2e2OSfT3p1ep/7gb7RJXQXEHksokq53Rg8HM97wQxLi
+134jJOJFJmeq+8pZ9NSTwrA6mo1nLfiPwA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
new file mode 100644
index 000000000..a99d84b79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyIssuerName.pem.certspec
@@ -0,0 +1,3 @@
+issuer:
+subject:End entity signed by empty name CA
+extension:subjectAlternativeName:emptyissuername.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
new file mode 100644
index 000000000..1946feeb1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvTCCAaegAwIBAgIUQYl3Nyjq38ZPBpJZBi8APD7LGXcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYw
+CwYJKoZIhvcNAQELA4IBAQAbXSUfUwpYXLieOce+6P1Sqtcg0nuDf46vmR+1vykN
+sRZNnvsO32PNCh+WgsvJ/Yy6SPS3LKG/NwBK2yH0fiq/b+JPK15cvV/hRkb23ght
+4D1+CZ6hMgirvMDFMk9wb24zUMn1MshHSfed5RM01GCnSTsBUldM93bFaMNlghyH
+AIFz3aj2VTMZvL8XeoytDChfE/RYoI4eFD8O2MPyRCkJ1grN8PmpoU5xdiDIpKIp
+4UK5/SnRnyci6oBpjJTECnboTv0qyfpODr/QBU5iO+8Yg02Uco27fiy5MmcejRg1
+7+pRFfrvBU7DP3uJhGOTKZzsrgsrYK6qSo7zbPyhD8oJ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
new file mode 100644
index 000000000..0a7cfdfd8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/emptyNameCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
new file mode 100644
index 000000000..dc231eafb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAiGgAwIBAgIUeWc23T2mQmvsb7b3an7jH8J3eAwwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAfMR0wGwYDVQQDDBRldi10ZXN0LWludGVybWVkaWF0ZTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaN5
+MHcwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwRwYIKwYBBQUHAQEEOzA5MDcG
+CCsGAQUFBzABhitodHRwOi8vbG9jYWxob3N0Ojg4ODgvZXYtdGVzdC1pbnRlcm1l
+ZGlhdGUvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsDggEBAHZl5S4d
+aiBNutInbA5t4qjcyhimG10JI70r14ijN5RXNf0TjCJjE1GDCEz3/VGAH+TFMO+c
+6jAKGro2hojGPwnth49D359dMMgppcpRGq+G4paB8PuXcmTlF3slFfDa8KIay4bB
++g2db724ctqtXEHE5/FcmpTNkZftO1lHCEw+O1Sle1Firulo75WivLWyNsOh2znO
++pBQ98oYqb3q+LmKnlFw61cFLcpJ6qOs9d0X0IvGHbh7KL9Hc97orLZ5qH3UsV7k
+Ews3BJjSqjZj75nciNzQUfEAYCK+t/I/tDSgebn/Ka5bVAv0iuglYHQksc4oXVgB
+WIn/SxQDsNphGGQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
new file mode 100644
index 000000000..d5b585967
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test-intermediate.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev-test-intermediate
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://localhost:8888/ev-test-intermediate/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
new file mode 100644
index 000000000..7bdcf4d4d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPjCCAiigAwIBAgIUJ/RiEbbZUXgHnSnds1C7ViloXtQwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFGV2LXRlc3QtaW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB2V2LXRlc3QwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+fzB9MDoGCCsGAQUFBwEBBC4wLDAqBggrBgEFBQcwAYYeaHR0cDovL2xvY2FsaG9z
+dDo4ODg4L2V2LXRlc3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkB
+MB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQELA4IB
+AQBvoPaWE/YaF3sD+tYoAGdjNDbmQcP8QRhVG8wlIWSAfk9RRbvUbs8RNjdXntYV
+8J4ikq9/ajwHN85rJsRq3054qbqjit2Cn73tVhTzhe/h8xnXjLA357w/jXXXx1lD
+VZKxUvWqTvC9tHPjF3w17A2a1/3OltdLHPfzWF0Zf6Zo4uaaI8x+ayMMF6MCS3ZC
+FM2fNvIW/euVhjtLC3b+++5lMq/ZZCuJGB1kANDsX5LpXSZ23AXNhPrPxvgkmfoB
+TPoBoy2kD814qljp8G8RguNYpaz5wSYXZNROnVBCqafEbE8VlIAwAxWp5H5qN6Et
+F3OoQMb5dBIffK3lNw6UjFaZ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
new file mode 100644
index 000000000..10f802258
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ev-test.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev-test-intermediate
+subject:ev-test
+extension:authorityInformationAccess:http://localhost:8888/ev-test/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key b/security/manager/ssl/tests/unit/bad_certs/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
new file mode 100644
index 000000000..3c97dc9f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGDCCAgKgAwIBAgIUW6mdE/nOX+M5zMEeIHpOn0cOWLgwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw
+MTAwMDAwMFowIjEgMB4GA1UEAwwXRXhwaXJlZCBUZXN0IEVuZC1lbnRpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjVjBUMB4GA1UdEQQXMBWCE2V4cGlyZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUH
+AQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqG
+SIb3DQEBCwOCAQEAsojdWfBBJsaUmPKLdSCOn3/7PMoWE7m1mmKXf2dz+qW4SKWb
+b2cVxoDMzU/AooTDRnrYveB1ir4Ej/e1a7Wjs8iZgHL9udIlQ7Yw7N7EB/Vt6dM8
+yEkwuiCd1XmiEEkUQtRk0DmJxCCyxrFNDGUDt7HOWX+jvbpnULKL9J26ax3exBpk
+J6F7WlmxFynroxHdxFPzxRCC+oUYt1jfvGjASIBl7tMJ/z8wO2ISMLaHpRX8iOIz
+e2bg02Z97zf63lTOtDa3034MUjBxcAuouHjgzKhyWQI0jZlWCeJSnM5MuhDbpiD+
+N3uDz6VBj13PpCGpA1esoM1ojrkQbmvHvWT+3A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
new file mode 100644
index 000000000..0a03bc36f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expired-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
new file mode 100644
index 000000000..c6e51c000
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUP/xjJPJw5E0F3vjDGmPIDtk82ggwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw
+MTAwMDAwMFowJDEiMCAGA1UEAwwZRXhwaXJlZCBUZXN0IEludGVybWVkaWF0ZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQEL
+A4IBAQAUWUmrK2X6alxQ6fWuj/3HNONQMipMDk7CQB/MhoWll+7tCHUMxck/QKaC
+1cnI0EY/c/ibX0J/NBm4AO1u3+qHfo5heFana/ybSj1trGEYWXXnDnRFr8SSRSjx
+VATBHBd1m9lckd+zDhLSk/lnYXyzJX8D39yYp2udP0cVGrbCT58aUXHwsEhfQpYY
+LN6xNYLcDCLtkrtZs4uwzFteL4NE8WflIlOTe+2Y/s1RTEzhs0+8avkaLyMzM+MI
+XDiVO3tFcX3ygsb+ndQaIL8vFUhLFEdr8xrjRuFuzbUu9EiR2oKiiNq1gZTyInqz
+S57UfV5LyaUa8mv2qNF2b3/FySXR
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
new file mode 100644
index 000000000..38a0abd8a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Expired Test Intermediate
+validity:20110101-20130101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
new file mode 100644
index 000000000..ff00cc00b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiagAwIBAgIUS9fUW0vPRYOaV8nstqC62Y6Qk08wCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGUV4cGlyZWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLjEsMCoGA1UEAwwjVGVzdCBFbmQt
+ZW50aXR5IHdpdGggZXhwaXJlZCBpc3N1ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjXDBaMCQGA1UdEQQdMBuC
+GWV4cGlyZWRpc3N1ZXIuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG
+AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA
+alq65e2NhGZhr/ph19pR7V6Tijqwd5ZubfMOQX/kVex5EerZGYWvc31+wBk6nf5r
+0z6MscHAtu/M6kN/obrFoYYro7cWFCBd6GeaSG6aDBqrjT2nnBuZ2TGICRc4h8jM
+274y1x9qzC3/kzXKS0XqeFQmbwJ9eEaqn3m9Kb8jQPbyC+hZyUFatGhcKYbFPaAo
+fdgZL2FQpJ9uG1QsblYQ1ERBvbabN4Y0jg5XFza5nQftFkY6xevmYt7asc+npNkv
+qh2aNL3pmG9E0hXZD5N3LMbndP8rzG6vnBq/6SO2eGtos2AjEVXGypJzFhBGNOfs
+mwNzXXuiatkIHp2r5pyQuw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
new file mode 100644
index 000000000..855f45422
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/expiredissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Expired Test Intermediate
+subject:Test End-entity with expired issuer
+extension:subjectAlternativeName:expiredissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
new file mode 100644
index 000000000..f8baeea9f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeOgAwIBAgIUPxkDf9AiLxVWjs21J/3by0oWUJcwCwYJKoZIhvcNAQEL
+MBkxFzAVBgNVBAMMDlVua25vd24gSXNzdWVyMCIYDzIwMTUxMTI4MDAwMDAwWhgP
+MjAxODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD0lETiBDZXJ0aWZpY2F0ZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaM4MDYwNAYDVR0RBC0wK4IpYnVnNDEzOTA5LnhuLS1oeGFqYmhlZzJhejNhbC54
+bi0tanhhbHBkbHAwCwYJKoZIhvcNAQELA4IBAQBOBtdU6gEu6bu2pVN4QobNL1eS
+TFEGDazNKDq2s/90ddUz7DL029rhnzaIJib7dc4/dxgl5TgcL/8PwPUHRZXteRTX
+3hAA+XCunBacQYfZDiG8Bpp1ClslU0FVOngivFHw/mseM7hxOCAJg++1oa1uCqBz
+bcVvau/ISa/fApWBICmfRjaD7ztrdVyE5b2M90T7ywedBJHShk8gpJKp3s2/neQB
+CcBp3LNoIb0JDMZCk4pVCNTRB9DOpa5zMTu/Emd3EpV9wISEGvDmNUGmuunrgr2h
+xZ01TDSLknEJyZR7IbMjkhS4SFpIc6bK19h9yblzDUcCJj+ZH1Po23Fk6muT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
new file mode 100644
index 000000000..b3d840fbd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/idn-certificate.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Unknown Issuer
+subject:IDN Certificate
+extension:subjectAlternativeName:bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
new file mode 100644
index 000000000..d10324fb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
new file mode 100644
index 000000000..21ed73d60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
new file mode 100644
index 000000000..2ad219824
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICszCCAZ2gAwIBAgIULXNWBRUzJ/V70VPd4+9U6rf/lYswCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCkxJzAlBgNVBAMMHkluYWRlcXVhdGUgS2V5IFNp
+emUgRW5kLUVudGl0eTCBnjANBgkqhkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP
+3c0ps6UZy2bEO42Pi+VFunk4TOZj7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIH
+FlU0qpkFfkfEfjvIGtpvoeEuNyaLUEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+ad
+mggxNuFa+o9TwcjIT8YHcnndDlXXNppb3QIDAQABo2UwYzAtBgNVHREEJjAkgiJp
+bmFkZXF1YXRlLWtleS1zaXplLWVlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0B
+AQsDggEBALhNoeoHzQoeaGR/5bxF8VGE2XrCPoDatHwanND8rp1esVsmkkOSLof1
+DXgjZpg9ZJWw1PnprkYkV3XU1PIZWfUh/B/ir7QnsjRrORfJ+BP3Az+Sf1vX8fTB
+rfInVWtmRzTkzX/taouPBwJj+CN14hncbaT1FxX74XXmkZXHf2MfRjHjzuB1dNPP
+dAu+YVJSxZMv7QD/6qYZoy81dfqcN31IjxoFO0039ZmKrLpUjOZzOnmqzy0+wJpc
+Gz7lBvoHNv8SjVeUslb9IpP0uAqkpVYNZhWpPFpJ7xOdVKSWAUG1jDeMAD1tXC7R
+N0iiOloMHZ70o84Z6b7IB10IpoymVt4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
new file mode 100644
index 000000000..02b595dc9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequateKeySizeEE.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Intermediate
+subject:Inadequate Key Size End-Entity
+subjectKey:rsa1016
+extension:subjectAlternativeName:inadequate-key-size-ee.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
new file mode 100644
index 000000000..7e73075c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPTCCAiegAwIBAgIUOTTgOhTYLxvzfXf1OSZs5pCrnTUwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkSW5hZGVxdWF0ZSBLZXkgVXNhZ2UgVGVzdCBF
+bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo24wbDALBgNVHQ8EBAMCAQIwKQYDVR0RBCIwIIIeaW5h
+ZGVxdWF0ZWtleXVzYWdlLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggr
+BgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEB
+ABOkyemfFGxIC9qMI5B7cYQJ7Mrc8qG1wlnc5aKFZ65wnBURgQUw2TtVwBOweLGz
+82qR+MnDho8inUTyilydw7WwyLAi2A2jlqcgCaBcyRh8g7/BBJ9dEP2u1BNp2r9R
+8VvTlUKj/4Ta8/GG2mEKqyhd8bpevZaaTyjQUGcFYr76/XZ0D6TxtOM0SBLrybNg
+A/hbKste6MIXE0rJwUzN2+xWBvfeFqMwzRYZ3F/393qT3vWMgHZt4ZBo/RqQzEM4
+I8k6n3s7zssdPOXHy0lezYwkCtnya2OPdGEAyABviARZjIl9Hn+0nsymZmFUkV9A
+vUw83907j7buWerBFwnAxuo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
new file mode 100644
index 000000000..4d553890b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/inadequatekeyusage-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Inadequate Key Usage Test End-entity
+extension:keyUsage:cRLSign
+extension:subjectAlternativeName:inadequatekeyusage.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
new file mode 100644
index 000000000..6b7c848a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICzDCCAbagAwIBAgIUaWHoyJhhB4GixK3MP8mpJLbOZYMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowFDESMBAGA1UEAwwJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHREE
+DTALggkxMjcuMC4wLjEwCwYJKoZIhvcNAQELA4IBAQCFFyBe938Z1/1WFILrNZ//
+3YlpJW0ww46JXCD+RheG2IdI2zdnbNOr7hUnLt4KprntLwmzWFYJInj+sq886c6x
+yKImpnVvjB0yDxJki85lNX6ARRHQrTNNf3wczSHdUmGlpzFUUuDkjYZS5Y6P//ms
+wPBxppkYguZVvU1s6nvHnuG2wDPKogeD5wmBSfJf8oVo03M6TqNYRK5socyeQ740
+LxXjlLYqQaUI+FEQLrCfv4LLrWpoH6mKg3hyKWoG6bEcCyvMBBJ+vDxCCpGE7b2L
+tMLn8BML+23CQ5SO53FR7dnWOuxSjnR+GRoFxw5E0qOZEGt+Fb9An5+R4xxRENfB
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
new file mode 100644
index 000000000..766233847
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/ipAddressAsDNSNameInSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:127.0.0.1
+extension:subjectAlternativeName:127.0.0.1
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
new file mode 100644
index 000000000..b81dbafa4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhygAwIBAgIUO/qAw3/gzbpGANaN0lKQaxLhTPwwCwYJKoZIhvcNAQEE
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8yMDEzMDEw
+MTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBNRDVTaWduYXR1cmUtRXhwaXJlZCBF
+bmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo2MwYTArBgNVHREEJDAigiBtZDVzaWduYXR1cmUtZXhw
+aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0
+dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQEEA4IBAQCJtN322gHdXy56
+sBTdOg+d3AS8AlXpOkm1yDyhICQznqsjdCz5qIUZQI+qm8cHVlLUjioTHWLds1i3
+wCQy4+l4VFFdP3Y7I2V49l3U9FPCHuZY1j8fyGyczAgKv/OYA2aQbcOPt1iR1S3J
+hji6e/bbxftBAXedt3QmvOmtqXRxuaiAaWgnL+nA2GfS3HQBaI0B13hxboPT9G8a
+u70eMAkBvloAwyrS2O/1cAZUPzCrqHeTVMidziHOXHHh4vFxBFICXYxG9ocFcWOb
+pA7E/QrHsTKI0OAr7336EWx1P5XITFZfe/SbBySCj088fMqW0yUuPN8+fvYMVoQr
+ifC5kUCZ
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
new file mode 100644
index 000000000..e4c2b7008
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature-expired.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:Test MD5Signature-Expired End-entity
+validity:20110101-20130101
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
new file mode 100644
index 000000000..de1317577
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKDCCAhKgAwIBAgIUCcBjO7AcpbQJxZbg9Jic6+Wjd88wCwYJKoZIhvcNAQEE
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBFbmQtZW50aXR5IHdpdGggTUQ1IHNp
+Z25hdHVyZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIYbWQ1c2lnbmF0dXJlLmV4YW1w
+bGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2Fs
+aG9zdDo4ODg4LzALBgkqhkiG9w0BAQQDggEBAGEUSKisSADWzD5jGCfvXOoUsYdh
+AuGaJqbQFQ+D3hJlmuPXcqOFV8oZNAaaMt0tcyH6Ak4KjpLcitRLQE2W6ChF2nQK
+qxz0OWYuFhtDg6c7JBXIT0c0/nM1NCoyDxZLK7oTpjAR5Ji6LIwuvj6uW0CLFZz2
+CqwlS+7RirFyzHr279ylFJxoGmApJjIG4Fds0BJoAdU8V4ZbDNE8LwcrYfI+h817
+y0IGGkrfpZ2eT94Ih+UfuYhKWyJ5pkxNtoG85It63MN+8i2flxSazuEk9sqRJznF
+OTYfaktXXlgBTlvr9m7P8kg+JQbwf915GMN3cgHuN00NiRqsvOQxJQl1BHs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
new file mode 100644
index 000000000..02742d910
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/md5signature.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test End-entity with MD5 signature
+signature:md5WithRSAEncryption
+extension:subjectAlternativeName:md5signature.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
new file mode 100644
index 000000000..9924dfb7e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDJTCCAg+gAwIBAgIUE8pDZuVKk0GpcycnYoniDg5yXqwwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxMzAxMDEwMDAwMDBaGA8yMDE0MDEw
+MTAwMDAwMFowKzEpMCcGA1UEAwwgTWlzbWF0Y2gtRXhwaXJlZCBUZXN0IEVuZC1l
+bnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBACTILZlbbJ0JN8lnC7ckWE6+/l/y2WOl
+uF23jWbhElQrqJS/YHLqeu1we1LJYQAdN+w/Ro2F6bpxmGea2kZV8jLWRVL1e8ek
+b8+AwSMDmMLcWV6eS+3XLxCF9YPHNIIM3mrUAcI3Oc1Pmf9xWiNxrHukuAk8CJbp
+6Q/Xrdtt4sgpYRDEsciB1Vn14NEDP1SoPi86dcFNpNfuheG/Bjdosi5CAxKfLakr
+WWQbTmCR1m+1OyNsiGEsUisIOXyCTTehTuhcZp+EyR5SHy0cNg6tVStMU49k4XsC
+jG+UmcQRsNHgNqJK+k2KM7yvGjuonokDfKUrQ6EtgWSvkqcFasmCPbQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
new file mode 100644
index 000000000..262f08d6b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Expired Test End-entity
+validity:20130101-20140101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
new file mode 100644
index 000000000..bfbb973c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKzCCAhWgAwIBAgIUT/IgcHtYb6NXOgazofG+tsSh5RcwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMzAxMDEwMDAwMDBaGA8yMDM0MDEw
+MTAwMDAwMFowMTEvMC0GA1UEAwwmTWlzbWF0Y2gtTm90IFlldCBWYWxpZCBUZXN0
+IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF2RvZXNudG1hdGNoLmV4
+YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xv
+Y2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAE12bvoPuLY/rJGy1ijqXgTe
+1JkVgsL9YxL3yqUsNwvLwdtOA9OtvUprqNaq90niYJ2P58c9ZrloGy5YSjl0cNDv
+GbWiNJoxmY0jsR7Ql45t7uWOEArw81rMeqBjs0dNB99IoJ7xxSNWvmpOGprHw3An
+nVTSmQF4L5qQVAgf1ki2Y43I1ahu04BTAWgzaTppwfX8tAJhZ62HQ+44FetYHnIa
+FZMh/LLiuI0FadRLVaH6uxo7BcvrO8s5zDZ+9W08Fqv60Trl6k+y/N229g+txVhQ
+LULSLizQNoJeSDBVcbq0uYTGvvr/VhPdFDLbR6KOtYGy6VtJgnziQFlL5JS7EGM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
new file mode 100644
index 000000000..947eb7d67
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Mismatch-Not Yet Valid Test End-entity
+validity:20330101-20340101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
new file mode 100644
index 000000000..47c8d4c3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNTCCAh+gAwIBAgIUBRVeuOJA+GTXgxh+UUrNUeli1lowCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y
+MDEzMDEwMTAwMDAwMFowNTEzMDEGA1UEAwwqTWlzbWF0Y2gtVW50cnVzdGVkLUV4
+cGlyZWQgVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo1owWDAiBgNVHREEGzAZghdkb2Vz
+bnRtYXRjaC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGG
+Fmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAP9DQC50r0
+B5xvOnkJxB+IFlr8dv2bLNg5Dm3ITmobaHvjEywXzP8RwYVwqgZsVG1Z6FyNBgey
+qJXDXHbrPI81G6286p+rQgEeu7DcoFoHL2umpAXSEVzLw/MyIqbsD9tXKe7fYKvu
+R7Vz/OhQsZMy+ShHGn0Ze6mRdFbdmUYzcrYuCyAKLfqsvpnQ9y7+bd0lgMSHxPG3
+kruIQs5MZ/VUraVtvdoLUxoUy3v7oaCyUJgCS6Wls3nlAECpDTEg986HOVaysKtH
+hRG82KctN5RK40H6EuUGa83Yxp0zF6OnqiOVtm7vHmkk4WNIP2i+gG+/zex78/P6
+EhZHLdk5fS/M
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
new file mode 100644
index 000000000..adc8ebaf8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
new file mode 100644
index 000000000..723ed4dae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLTCCAhegAwIBAgIUBUkHM4qYlHhlajaquYXsh/XJw+swCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiTWlzbWF0Y2gtVW50cnVzdGVkIFRl
+c3QgRW5kLWVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaNaMFgwIgYDVR0RBBswGYIXZG9lc250bWF0Y2gu
+ZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8v
+bG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAstqHR4upkLa4tJcDD4vH
+cUAJrMT+FzazHXIe4ukUiWG1HtyCjUiFI+NhS7YhCY2+rigO58UKgNkaG6BkrlJM
+I81gnyfljMUmukNDmOmsOtXHhP8MXdEa6ye266M/CflTI1oAnLir/6ZJm8AwcLVW
+vh4rhEjARMMPpmUC7vpf2aK4qTAcxuymei9Q7uy2tjJT4PExwa4aMBc195yXAyat
+oMnVQWZqcQE1Gq/AUzQpHsZAvZOPzEQVLk1gAnZrDLZCQucEbd0P2cJ929cK5Zz0
+8t13hDTRa4NpHeaqCTz1l8tVf70FyeQn/tpRQT3uw6aUTbVpELONOFsgt/n/7RBb
+Tg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
new file mode 100644
index 000000000..91c5f548b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch-untrusted.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Mismatch-Untrusted Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
new file mode 100644
index 000000000..205fa23b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPDCCAiagAwIBAgIUexDM8FvRSX/MKvVCro1JmGq023EwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIzEhMB8GA1UEAwwYTWlzbWF0Y2ggVGVzdCBFbmQtZW50aXR5MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABo3kwdzBBBgNVHREEOjA4ghdkb2VzbnRtYXRjaC5leGFtcGxlLmNvbYIdKi5h
+bHNvZG9lc250bWF0Y2guZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsG
+AQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEA
+CGnfn+l13zgSEIzCmZL2JLUHCKH7OilQ0tE7QjGTXo12KXUML8uNhoxXgH/z7ZnG
+0N2ya+Y1pGOyAFsj37nAipH5xsM2mP1aAlPEjgrmoskyhiMszKxr8OD8TFHOfvkS
+BlRjnGVjWpwkc2sAbHneN/aitkWDoQ2nacipdQl0OuW4jEjNXa1GE60kCmlfI72b
+aP0yN0NPnIcx8Q4M++tfQ7imJbnonxIdQGJdjHHjIRE2CNFyt2Qeb66IyK/pnEDm
+oVjx5VZPLUr0g1Ubg6W65LbIuNzalpzPBP30CAEqLXNNZ6wqKTgEHB5UB8sQnFTS
+2AZeBlTZ42e5UpU/+h8Mog==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
new file mode 100644
index 000000000..b93599fc8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatch.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Mismatch Test End-entity
+extension:subjectAlternativeName:doesntmatch.example.com,*.alsodoesntmatch.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
new file mode 100644
index 000000000..004ce48e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAgIUJzlO5E47g+NUJjL7EcrQMDmXq04wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXZG9lc250bWF0Y2guZXhhbXBsZS5jb20wggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAEwCwYJKoZIhvcNAQELA4IBAQBy/KCwjrh0emnzBnuw+yEZElSD23wKKhAjUISO
+27ndrI6Gmv/wKHdgUP2yBPZbTcUT7RrzamdkOrsVASL2vAFAI1r/wHp/PXEnuNY5
+mUWVZLH3kCzJjvZXvGbdQUJhNraNbvDgV+GI/AAo+67QnSmYM0bqhaMsgbGHILGl
+qZNOE6GZdWDFBSdNIdKz3AXeKiTXduR7rb03CiuGkG+RmByPEARiUdt2xdZMxx+Q
+nhOTnBEu3KsyvJ0Y79Z6T8s3qo2dUsjHF9Kn77CKNYQFTbyoDMsBnulZZuL3uL0A
+Fn7CB+VWzVooOhq+BvbeynWGDj3rHsMQUPyP8DMKuwJZwSxa
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
new file mode 100644
index 000000000..86ef45b7c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/mismatchCN.pem.certspec
@@ -0,0 +1,2 @@
+issuer:Test CA
+subject:doesntmatch.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/moz.build b/security/manager/ssl/tests/unit/bad_certs/moz.build
new file mode 100644
index 000000000..5402f3c21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/moz.build
@@ -0,0 +1,68 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'badSubjectAltNames.pem',
+#    'beforeEpoch.pem',
+#    'beforeEpochINT.pem',
+#    'beforeEpochIssuer.pem',
+#    'ca-used-as-end-entity.pem',
+#    'default-ee.pem',
+#    'eeIssuedByNonCA.pem',
+#    'eeIssuedByV1Cert.pem',
+#    'emptyIssuerName.pem',
+#    'emptyNameCA.pem',
+#    'ev-test-intermediate.pem',
+#    'ev-test.pem',
+#    'evroot.pem',
+#    'expired-ee.pem',
+#    'expiredINT.pem',
+#    'expiredissuer.pem',
+#    'idn-certificate.pem',
+#    'inadequateKeySizeEE.pem',
+#    'inadequatekeyusage-ee.pem',
+#    'ipAddressAsDNSNameInSAN.pem',
+#    'md5signature-expired.pem',
+#    'md5signature.pem',
+#    'mismatchCN.pem',
+#    'mismatch-expired.pem',
+#    'mismatch-notYetValid.pem',
+#    'mismatch.pem',
+#    'mismatch-untrusted-expired.pem',
+#    'mismatch-untrusted.pem',
+#    'notYetValidINT.pem',
+#    'notYetValidIssuer.pem',
+#    'notYetValid.pem',
+#    'noValidNames.pem',
+#    'nsCertTypeCritical.pem',
+#    'nsCertTypeCriticalWithExtKeyUsage.pem',
+#    'nsCertTypeNotCritical.pem',
+#    'other-issuer-ee.pem',
+#    'other-test-ca.pem',
+#    'self-signed-EE-with-cA-true.pem',
+#    'selfsigned-inadequateEKU.pem',
+#    'selfsigned.pem',
+#    'test-ca.pem',
+#    'test-int.pem',
+#    'unknownissuer.pem',
+#    'untrusted-expired.pem',
+#    'untrustedissuer.pem',
+#    'v1Cert.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'default-ee.key',
+#    'evroot.key',
+#    'inadequateKeySizeEE.key',
+#    'other-test-ca.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
new file mode 100644
index 000000000..36d258cb0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/zCCAemgAwIBAgIUD8+FcBmecy2K1vllEQ2SgGucJCQwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowKTEnMCUGA1UEAwweRW5kLWVudGl0eSB3aXRoIG5vIHZhbGlkIG5h
+bWVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABozYwNDAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6
+Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQBiwTfHRmir5VnSNxOs
+S806Ao1xXqaz7ff/qi32Nnio855qHulmKjsRfmEv09N7/PNFkAa6yILe0/8YdroC
+aOd1iOdawsNMoeud7mD0FjuOYcjSnCx0WTeW5LZ/yXkgKwA8+shZzhr9TYiXQtnt
+TIgQma15CyjpFp9ztHj6MtInVFhjDxe9DzJsgLv8EAxbLacPN6ZFB6DevvI+NL6M
+wsy27OMdFvW7M4AWlWIyCFJg1moxaw8Ht8vUooe3EWbRknuM5IasgwZDt5YUeXkO
+0nQF4IKtLoASla3UOL7exkMLJA7kE4zTlOKADXi56lNZd/2ck/+wd9hrwo8aXLsO
+T34M
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
new file mode 100644
index 000000000..87088e87e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/noValidNames.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:End-entity with no valid names
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
new file mode 100644
index 000000000..a380ffc9a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgygAwIBAgIUM4uC0JcSpF7UST7x6F6ZPc9KOrswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMyMDEw
+MTAwMDAwMFowKDEmMCQGA1UEAwwdTm90IFlldCBWYWxpZCBUZXN0IEVuZC1lbnRp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjWjBYMCIGA1UdEQQbMBmCF25vdHlldHZhbGlkLmV4YW1wbGUuY29t
+MDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4
+ODg4LzALBgkqhkiG9w0BAQsDggEBALSZFFaWXBJQZrEnbKcmqL4FKsB4/ZNK7fXd
+KI0LpaFtOwjXV6HxmuoBQ3PH87XXF5wpbsibZd7Ua4ZnKV0w7aW7BJSphIfkFVzK
+dJFAiMPKVTCGOQzRZeXPjSrGzExyVHq2IAvcWIogN5vXxR3icS6fb9WbJEtdmEdZ
+LtS9FfFxTBQBVnJKldMqbotpKS7gUm4KHUF57Q6f9Az41PlUaSqpXbnqsQ5BTCzv
+d3PjsYAwkdlN8TSUC6iDfQnEP6zo9L49jsUxAOoOEaIVP5SJEASYq4uvcl8Z7IoY
+PXpypjIP56Q5FKA1hrU0KwjZYcR4KRIhvTHEybgxK/XUA1znaf0=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
new file mode 100644
index 000000000..5b60c29eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValid.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test End-entity
+validity:20310101-20320101
+extension:subjectAlternativeName:notyetvalid.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
new file mode 100644
index 000000000..aa4a031d3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAdGgAwIBAgIULzhHWvpIqD6LDAt8W+Os9YEJmkwwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAzMTAxMDEwMDAwMDBaGA8yMDMzMDEw
+MTAwMDAwMFowKjEoMCYGA1UEAwwfTm90IFlldCBWYWxpZCBUZXN0IEludGVybWVk
+aWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1u
+togGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6
+pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqL
+KkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3Zlqq
+fgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3sv
+Im9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6za
+GAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI
+hvcNAQELA4IBAQCkGkkzHDXywFs2/YUNbwEttgV//Rj74yqYZJeiAfUapIIMyocs
+hgKqSWGhtSyDzBzZhoNE8hzFtJ7c7OxZynpDpS/fhjLqX/dCiA2BlPkeliewdiaT
+lpH45OjdaU5u0s/p9qn5CZMe5OFKR7tIj+fDrz79sO3Z749WXdyyCd97wDc37BMo
+uTHIs07D5cJmG5vLYQRPE+RU0YZgk4QW4gmKp2tlcpkardFv1nTuc9fYokU98+87
+woE1nAZRS6JPnYekwxz2ToOCXyh/CKhhrrnxvGCXvVcaoDg5okI2Ri75nqXL9770
+dTyzwv3wPEOcmcqX2vwN5RaNzUCMOY4x/qzU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
new file mode 100644
index 000000000..8a00f2ee2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidINT.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Not Yet Valid Test Intermediate
+validity:20310101-20330101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
new file mode 100644
index 000000000..10e11c82c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAjagAwIBAgIUd2Xdl3VR8l0IU2OPSgy6zPCjvaQwCwYJKoZIhvcNAQEL
+MCoxKDAmBgNVBAMMH05vdCBZZXQgVmFsaWQgVGVzdCBJbnRlcm1lZGlhdGUwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowNDEyMDAGA1UEAwwpVGVz
+dCBFbmQtZW50aXR5IHdpdGggbm90IHlldCB2YWxpZCBpc3N1ZXIwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjYDBe
+MCgGA1UdEQQhMB+CHW5vdHlldHZhbGlkaXNzdWVyLmV4YW1wbGUuY29tMDIGCCsG
+AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAL
+BgkqhkiG9w0BAQsDggEBAEI5yQNpc3afAa4iN9uVBBDv9gT3X2FbhrWKCNYbLsRD
+dtntFIuZMHJvH0IuKqgUoDnFMJciOkhY8GrJUi6bZIOd15YL/jsodJHxYO9g0vT0
+0E33/Ka+0DEy4g/skJTy7xQsF0OTw042Aoe23RFxwbAmzqQn0BDRzJ6Qhx4WLQ2f
+QVhmDrvwF+VRshrp6bJKjcTZRmgIX3nVYAR0THuJu+zcB8de7G3lOH7YCl0rpboI
+fFkQxnTSt/MtU3FEJaajmz3PvzLkCI4FHFv8SouQ3ZIp/XRHk6luW0QWO3z6cy5l
+3V9BkhP0jkPpr9wfCZcmqu8EkCWZCfiu0Rf+k2uR2wo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
new file mode 100644
index 000000000..d8420898e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/notYetValidIssuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Not Yet Valid Test Intermediate
+subject:Test End-entity with not yet valid issuer
+extension:subjectAlternativeName:notyetvalidissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
new file mode 100644
index 000000000..0602dbb8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+zCCAeWgAwIBAgIUQaNz+iusE21wkn6JJ/qLaB6Q8gEwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowHjEcMBoGA1UEAwwTbnNDZXJ0VHlwZSBDcml0aWNhbDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM9
+MDswIwYDVR0RBBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMBQGCWCGSAGG
++EIBAQEB/wQEAwIGQDALBgkqhkiG9w0BAQsDggEBAKWjJlobJfQhQxSNmvhokt1f
+rSWbHFyePtawqHSBKIOG9RrNB9E+nbDsI/gVvgVwi1GVu7cmg5SJDAuK19dpWXTh
+Pf4FPTm+FrLXwfPUOay5S3aGSwg29/PjnVayuBrJbMeYvtMJd7NGtadyv5wg3K3P
+SSFqYjUKOeWewt2NrX07LII68uctBja3BVpAPVvcoYsnR30ozuuiZTy6rBu0n4g0
+KU2stuuOnVLf7A7C2clj/ls0uX0hbSAaFH2RNQPsu+TL2ziSEEV9DYUm4pPMnpuO
+dhSDgTDkCTMqzS84FFTemzbkOUxBechMogtPkEhr157kbBXYzjytYgGLL7FGGRc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
new file mode 100644
index 000000000..b236bdea4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
new file mode 100644
index 000000000..24d6ba742
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDLzCCAhmgAwIBAgIUL0RNPgFGtsQZxanRCa2IGPqVWZIwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkbnNDZXJ0VHlwZSBDcml0aWNhbCBXaXRoIGV4
+dEtleVVzYWdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo2AwXjAjBgNVHREEHDAagglsb2NhbGhvc3SCDSouZXhh
+bXBsZS5jb20wFAYJYIZIAYb4QgEBAQH/BAQDAgZAMAwGA1UdEwQFMAMBAQAwEwYD
+VR0lBAwwCgYIKwYBBQUHAwEwCwYJKoZIhvcNAQELA4IBAQAO+rOEK3vhTmoLNg5w
+upxSODlCFghBLZ1qui7RWJME62JG/1sxZw4rHa0Pl2NP1U/Wy0ErAT/QQLyIahBL
+mjggdD3Vh9wfx4Qf4FwHGzJEopfsx6YQlHcXR1v5qb7lLeuywhA6m7agn9DWBGlg
+lLFNqtHmofQFaileQOA50Uu9qOAdbea5+rjZn9rBBvUUVeSc9hNWjDRCMk/5PSm4
+6ONpFjal4npPA8V/U7LleJR+VNbiCWNHaQD/9H+xBoay81m8GL0CdM9udBjbyf9W
+NlYtu87XanZn2//LghGGUW4HQn1YXWD6UeZngo91UdQeIOs+dCiTI8CldgpGafld
+8UdC
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..0ae63e20f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeCriticalWithExtKeyUsage.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Test CA
+subject:nsCertType Critical With extKeyUsage
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType[critical]:sslServer
+extension:basicConstraints:,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
new file mode 100644
index 000000000..b894c0bce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC/DCCAeagAwIBAgIUSeaDecTuqo807NV7Z4OGuTUEoKowCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXbnNDZXJ0VHlwZSBOb3QgQ3JpdGljYWwwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjOjA4MCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTARBglg
+hkgBhvhCAQEEBAMCBkAwCwYJKoZIhvcNAQELA4IBAQBUkcVO1xXJv8/BR5tUyQDt
+Y6gQMH9hfg2MZwR7mKj/ZdTEUMUqpOo4zfxRj8j3WNAF01g88D/oQw3IcDay9kpE
+EZDSLLQpVYW6l9xEWuCl+p9jNbFDmNxyPe2KOD+Pmp0ggkyeKyfC2l1cZS9kuQjW
+rIYgGdDVcXvBH/cfi8Dxl4IjWa/Fmkpw/W4uvcKcpLdtwZkGAa2CH1ymmeE3gtE8
++uYJuWWP9RE1cwXtwoGTPoU2fxBP8V2gRgPrlHQlhlJzyWthJ30Cv+RBNU6IkzNT
+ZO10f39iPQScLbrcaDULX44vhUGhXlaXsOBWZnyX7exBWdUxNNpIjReO1nrZxufi
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
new file mode 100644
index 000000000..a44a1feee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/nsCertTypeNotCritical.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:nsCertType Not Critical
+extension:subjectAlternativeName:localhost,*.example.com
+extension:nsCertType:sslServer
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
new file mode 100644
index 000000000..13ba23a19
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDezCCAmWgAwIBAgIUNVbKGlj3T9hCc0QZzD1Zs4cFzeUwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcV3JvbmcgQ0EgUGluIFRlc3QgRW5k
+LUVudGl0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93
+CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8
+EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbL
+PMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmV
+hmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+
+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8d
+HhkdcSFo07sCAwEAAaOBrTCBqjB0BgNVHREEbTBrgigqLmluY2x1ZGUtc3ViZG9t
+YWlucy5waW5uaW5nLmV4YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5w
+aW5uaW5nLmV4YW1wbGUuY29tghUqLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYB
+BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsG
+CSqGSIb3DQEBCwOCAQEArJqM6iooFNCAk11WMdPCxa4iGkG4V5zYuFjdd2K3LTLM
+ai5SZS875tXNol+YZgUh6cdTbVARdsB4saYGH1v5pAmK+VJniYQHWYsSLofgBfFw
+yAk1Ymj5pz8y6+ExYzWPBV5ihevtyCRPGG8xgZqRbERTdB2uBZGmQ441LLnZZZFX
+BByEFQ4M7qYmOTZaIxncSGZbwVncBYkLbYmOIPdcahVtnK1mIm1q7ET0KeUEPTLB
+5UEdNa7bd5ULWeCIVZxRWdawzktWdF7CfBVO2KeWiEE6wkL1Y3N29mUOynWKRs7w
+wo5ETwxEw/6UqOaGCmbCTN5Xa+N+ZE5/4g0gEEcFUg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
new file mode 100644
index 000000000..a905a66ac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-issuer-ee.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Other test CA
+subject:Wrong CA Pin Test End-Entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com,*.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
new file mode 100644
index 000000000..6db74b5c5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
new file mode 100644
index 000000000..cbd5f309c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
new file mode 100644
index 000000000..09bd4bb04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y
+MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL
+jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi
+yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm
+Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2
+Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF
+QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK
+eHxNGBjaJMf1tkamLr3p
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
new file mode 100644
index 000000000..3bc975aa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
new file mode 100644
index 000000000..badc58376
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdTCCAl+gAwIBAgIUOZxBsWqmNkNX1bk4vwjN7oalyxcwCwYJKoZIhvcNAQEL
+MDMxMTAvBgNVBAMMKFRlc3QgU2VsZi1zaWduZWQgRW5kLWVudGl0eSB3aXRoIENB
+IHRydWUwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMzExMC8G
+A1UEAwwoVGVzdCBTZWxmLXNpZ25lZCBFbmQtZW50aXR5IHdpdGggQ0EgdHJ1ZTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaOBgDB+MAwGA1UdEwQFMAMBAf8wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUF
+BzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMDoGA1UdEQQzMDGCL3NlbGYtc2ln
+bmVkLWVuZC1lbnRpdHktd2l0aC1jQS10cnVlLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAOOiI4FYCOj5N75+ix87qQQjtyG//CTUi8SMRAIG9sQId7fRtXAcl
+qEtWKxdcNy4RYVoEQTNPrY6gr9amiPEpZ9IobtX1WW8gJiVj3EFLfXBKTE3B6Kxp
+Qim7bJvrqoumLgXtH7eljHdfN86I6Xnyk7L4tl30UhlOSd24jiQ8T5FxF7lcmEnT
+w+AthUUhOyKyDRXvV3jUpM3SKv6mz0rzm19A/qBOYM6Q+bAS5n47d/TPbmCff8T/
+zKU/Su7WYXsw7gU208DhWrqLjpUzPuGSRRTZgHCG35KpOlNcN81iZsvEYIyL+b68
+G2rlSZK2C3LaGi/0t7s3O8gUep20KSF7WA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
new file mode 100644
index 000000000..0ca92d7fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/self-signed-EE-with-cA-true.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test Self-signed End-entity with CA true
+subject:Test Self-signed End-entity with CA true
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:self-signed-end-entity-with-cA-true.example.com
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
new file mode 100644
index 000000000..87b0ca2e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAm2gAwIBAgIUV9yIaHMDuAdDCVBEzuEE5tSGIncwCwYJKoZIhvcNAQEL
+MDUxMzAxBgNVBAMMKlNlbGYtc2lnbmVkIEluYWRlcXVhdGUgRUtVIFRlc3QgRW5k
+LWVudGl0eTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA1MTMw
+MQYDVQQDDCpTZWxmLXNpZ25lZCBJbmFkZXF1YXRlIEVLVSBUZXN0IEVuZC1lbnRp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjgYowgYcwCwYDVR0PBAQDAgQwMBMGA1UdJQQMMAoGCCsGAQUFBwMB
+MC8GA1UdEQQoMCaCJHNlbGZzaWduZWQtaW5hZGVxdWF0ZUVLVS5leGFtcGxlLmNv
+bTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6
+ODg4OC8wCwYJKoZIhvcNAQELA4IBAQAhtt1BOrCjch5fzJ+OIvqSF2qERDB7CJDA
+avhypMbCVCEabM1JBD8vtA5U7izjWpAJVlOwFBUPtGpeCtXkCZEyy6/JPOdc5hhJ
+1h0+c9CeKkmjwyydqqz3v4quXAI0WX7ChuO5WfsVY1swFcp6TYtGYBsjMVpVQaTw
+CGNFZ73EEksRWP0NH/SKABo+6dlvOghivAa3Wx1HEOVTFUo8u6odwZ596Xl/IhY4
+I0G/GuGCwMhBE/5GGpSI8qH8DxRXT7nrvdHZmuiRB2SJYeuF4Cs08KHO+ymiST/d
+OLnAKR1WWgslQbxZu3zdBDqKuKf2vOKS9xo6sQXP3TsLsSPxY1v2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
new file mode 100644
index 000000000..477b90ce1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned-inadequateEKU.pem.certspec
@@ -0,0 +1,6 @@
+issuer:Self-signed Inadequate EKU Test End-entity
+subject:Self-signed Inadequate EKU Test End-entity
+extension:keyUsage:keyEncipherment,dataEncipherment
+extension:extKeyUsage:serverAuth
+extension:subjectAlternativeName:selfsigned-inadequateEKU.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
new file mode 100644
index 000000000..436f9ef8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMzCCAh2gAwIBAgIUFdYBQ3rk5hXCs0Bz6ERmayqrMTYwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG1NlbGYtc2lnbmVkIFRlc3QgRW5kLWVudGl0eTAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAmMSQwIgYDVQQDDBtTZWxmLXNp
+Z25lZCBUZXN0IEVuZC1lbnRpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjWTBXMCEGA1UdEQQaMBiCFnNlbGZz
+aWduZWQuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzABhhZo
+dHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3DQEBCwOCAQEAiPY8Ka4thJkS
+6HzgnIpJyd09rmAls/LwAPRwhk8s652FEEGpZzkreDjOJ9LGYx01JWGQPDxOgddt
+ynYtbZVzwnSuJnISglU/mAsmgG47hSeBamOm9zg2KAC1+64nVgpkmYMEDGQC4h79
+cADh5g5ay0E47x/9u7F02z4ovXyJCDC/bOTFKv4WCkHEaIKhnbrv4EGT+lkfCFol
+obLR6h4mwclIDycIR9D2hg4ZSrnace1JzF0OALMVshwtclmJMS4yH+yACSeovT6t
+fN1CTvLAY8nYtyuxWc3D/gv0T5MWVvkSSfbrvt+nCUvrEsLFnDgKqMzh7S/iph3M
+UyeHQjtRIQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
new file mode 100644
index 000000000..99a814be1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/selfsigned.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Self-signed Test End-entity
+subject:Self-signed Test End-entity
+extension:subjectAlternativeName:selfsigned.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
new file mode 100644
index 000000000..1d50176e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2
+Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y
+/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS
+P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV
+jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5
+SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq
+5viq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
new file mode 100644
index 000000000..5d2435d7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
new file mode 100644
index 000000000..df9ad3ddb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw
+MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z
+DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X
+5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ
+Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph
+nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ
+ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb
+dKrXnD3epofIjHnOUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
new file mode 100644
index 000000000..33b42c2f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
new file mode 100644
index 000000000..d9ba29653
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDpTCCAo+gAwIBAgIUHccbzbbSEhGlmiWbLlfHcRQFD7MwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG1Rlc3QgSW50ZXJtZWRpYXRlIHRvIGRlbGV0ZTAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAuMSwwKgYDVQQDDCNUZXN0IEVu
+ZC1lbnRpdHkgZnJvbSB1bmtub3duIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBwjCBvzCBiAYDVR0R
+BIGAMH6CGXVua25vd25pc3N1ZXIuZXhhbXBsZS5jb22CNHVua25vd25pc3N1ZXIu
+aW5jbHVkZS1zdWJkb21haW5zLnBpbm5pbmcuZXhhbXBsZS5jb22CK3Vua25vd25p
+c3N1ZXIudGVzdC1tb2RlLnBpbm5pbmcuZXhhbXBsZS5jb20wMgYIKwYBBQUHAQEE
+JjAkMCIGCCsGAQUFBzABhhZodHRwOi8vbG9jYWxob3N0Ojg4ODgvMAsGCSqGSIb3
+DQEBCwOCAQEAjvk1a9yDZSYDNilWlvRcUk6stPfmjG7p0Owu0a+Lh8JIxOZXflZ1
+/hpVp0L5ds6mc74Q5VBJgqpkrpYBIVDPa3LJzW4HX8y7FtDo71Ca/ob+Xyc4hFdg
+3G2DqLePZXqkV+h6bsg/Rqv2FUt/GbUmv4sIkTwL5KgMEjLJGxwRTyrQZJlTMC5N
+uSxtWiCv+wLnP9NbkMgBHE1NnBQjF5nR/mJC7HUGykGYe+oJHuozq+/VCn3bXFUm
+kq9YXS0R84LcQH7gHtOlp5xwxiYXPH3C2cxobaJNdo5qsyOZYc5Diq/ukCN5rg0N
+5IOg9SPThtEzlCjTFRVHKE7ncgo7JxJ3gw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
new file mode 100644
index 000000000..a735c730c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/unknownissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate to delete
+subject:Test End-entity from unknown issuer
+extension:subjectAlternativeName:unknownissuer.example.com,unknownissuer.include-subdomains.pinning.example.com,unknownissuer.test-mode.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
new file mode 100644
index 000000000..497b3472c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMjCCAhygAwIBAgIUEb4CKRVPjI1eurD3IgLllUvomHgwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxMTAxMDEwMDAwMDBaGA8y
+MDEzMDEwMTAwMDAwMFowLDEqMCgGA1UEAwwhVW50cnVzdGVkLUV4cGlyZWQgVGVz
+dCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABo2AwXjAoBgNVHREEITAfgh11bnRydXN0ZWQtZXhw
+aXJlZC5leGFtcGxlLmNvbTAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0
+dHA6Ly9sb2NhbGhvc3Q6ODg4OC8wCwYJKoZIhvcNAQELA4IBAQB+nHMbzEEVQFPF
+ahU0cR3xT8hyv0R0rNFTFQzGmAJpLz+xJN+GsOLuqGHqZ7Yc8lSOEQq4m/EDNncL
+SWnNbQHZPb4BAgz6n84gKazPfvkQmzx2QFqJs8s/Nfj8kxygUbCF5h+R+KBQbQd3
+qjAEeJK7pUoJjBB236JwBlM0Rqbv7QgTibm5VnNcfkZcwlBpwfCXdc6jtG9hkyhD
+h/8H0mZ+gvMpgnXx3TascLWJuPrYpDSgayRClfvs+FQtY8Lv5qkCR2TLLU779O8f
+TNTZLWogZ/tlOy268M5iFaOS71g0dQM9sU++XpUjtQlf6T1a2HtyZ8CmiG+Ffsym
+mAJNGYT8
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
new file mode 100644
index 000000000..3efd1ce67
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrusted-expired.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Other test CA
+subject:Untrusted-Expired Test End-entity
+validity:20110101-20130101
+extension:subjectAlternativeName:untrusted-expired.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
new file mode 100644
index 000000000..842e7e7bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNDCCAh6gAwIBAgIUC7+ekJBbfCa4+95t1Lc9QFnFM00wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlVGVzdCBFbmQtZW50aXR5IHdpdGgg
+dW50cnVzdGVkIGlzc3VlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNeMFwwJgYDVR0RBB8wHYIbdW50cnVzdGVk
+aXNzdWVyLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYW
+aHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBADoMA0m+eXNs
+tdp2WpRyK3F9+FXIYbZGdlQFi+G9Dku/8J/cysb3jnN7zdSiCwkSJ38XR/8z4M0O
+x4i3/alFWP1HTvQmVOwP7U31u1h56QlS8ltFasZtd+lOELWvaj9WzG2glcFGTynT
+iIIl3LCm47O6u501xZsp5XPRaeY9956vuP7TwVIx8v2JR5H3hFhk9fR/mhR8QCOB
+HVu/iW9ux7g/9Up1Fi5mYAq6cmArpJ2LzEr57gdV1lfgKObTE++ZWtRa5N+zMZGX
+TU6WARBPH+vVHC1VKxY2SYENxswFtkgCSVoRFzn7sj/8jQ6iaJ86sf9poK0NrHdg
+P0ybC9Y8juA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
new file mode 100644
index 000000000..5ba0bc253
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/untrustedissuer.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Other test CA
+subject:Test End-entity with untrusted issuer
+extension:subjectAlternativeName:untrustedissuer.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
new file mode 100644
index 000000000..c6e59a7a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZUCFDt6FYWPwMbZVlZa329PtAVVBtsnMAsGCSqGSIb3DQEBCzASMRAw
+DgYDVQQDDAdUZXN0IENBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBIxEDAOBgNVBAMMB1YxIENlcnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQCW
+fJUaT3AtmftAlBtS3e1hs6V1XoQNaeSiff8PR6ootvISg5MpU1b2whEvNalJCUMD
+zBXkM7y3ERSgAvROu+CbBFOrOTPPStg88iZFm4WDrgotADxepbYd+x3IOL0vGq7F
+vcqdiQCRuhVRoopipqmowWF4KZtm0SnXoce7GnDhIjLtGxwz+zq3ls/2MrdaxdpL
+ggRkBUNfbTmDMvsjc3GxFHsXuX5cJUKVM2V8x5gNvtDBINiavy8HyQjhwSyTprRM
+KBConOKsh/WntsiakcsefVpc9kAR6DJjVvhFmLqHBUMrpBtDf5pb2JVgp/qn0oCw
+YqD30umtSUWyZaW1I1Nh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
new file mode 100644
index 000000000..7824630bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/bad_certs/v1Cert.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:V1 Cert
+version:1
diff --git a/security/manager/ssl/tests/unit/head_psm.js b/security/manager/ssl/tests/unit/head_psm.js
new file mode 100644
index 000000000..b6489d605
--- /dev/null
+++ b/security/manager/ssl/tests/unit/head_psm.js
@@ -0,0 +1,863 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+const { classes: Cc, interfaces: Ci, utils: Cu, results: Cr } = Components;
+
+const { AppConstants } =
+  Cu.import("resource://gre/modules/AppConstants.jsm", {});
+const { ctypes } = Cu.import("resource://gre/modules/ctypes.jsm", {});
+const { FileUtils } = Cu.import("resource://gre/modules/FileUtils.jsm", {});
+const { HttpServer } = Cu.import("resource://testing-common/httpd.js", {});
+const { MockRegistrar } =
+  Cu.import("resource://testing-common/MockRegistrar.jsm", {});
+const { NetUtil } = Cu.import("resource://gre/modules/NetUtil.jsm", {});
+const { Promise } = Cu.import("resource://gre/modules/Promise.jsm", {});
+const { Services } = Cu.import("resource://gre/modules/Services.jsm", {});
+const { XPCOMUtils } = Cu.import("resource://gre/modules/XPCOMUtils.jsm", {});
+
+const isDebugBuild = Cc["@mozilla.org/xpcom/debug;1"]
+                       .getService(Ci.nsIDebug2).isDebugBuild;
+
+// The test EV roots are only enabled in debug builds as a security measure.
+//
+// Bug 1008316: B2G doesn't have EV enabled, so EV is not expected even in debug
+// builds.
+const gEVExpected = isDebugBuild && !("@mozilla.org/b2g-process-global;1" in Cc);
+
+const SSS_STATE_FILE_NAME = "SiteSecurityServiceState.txt";
+const PRELOAD_STATE_FILE_NAME = "SecurityPreloadState.txt";
+
+const SEC_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SEC_ERROR_BASE;
+const SSL_ERROR_BASE = Ci.nsINSSErrorsService.NSS_SSL_ERROR_BASE;
+const MOZILLA_PKIX_ERROR_BASE = Ci.nsINSSErrorsService.MOZILLA_PKIX_ERROR_BASE;
+
+// This isn't really a valid PRErrorCode, but is useful for signalling that
+// a test is expected to succeed.
+const PRErrorCodeSuccess = 0;
+
+// Sort in numerical order
+const SEC_ERROR_INVALID_TIME                            = SEC_ERROR_BASE + 8;
+const SEC_ERROR_BAD_DER                                 = SEC_ERROR_BASE + 9;
+const SEC_ERROR_BAD_SIGNATURE                           = SEC_ERROR_BASE + 10;
+const SEC_ERROR_EXPIRED_CERTIFICATE                     = SEC_ERROR_BASE + 11;
+const SEC_ERROR_REVOKED_CERTIFICATE                     = SEC_ERROR_BASE + 12;
+const SEC_ERROR_UNKNOWN_ISSUER                          = SEC_ERROR_BASE + 13;
+const SEC_ERROR_UNTRUSTED_ISSUER                        = SEC_ERROR_BASE + 20;
+const SEC_ERROR_UNTRUSTED_CERT                          = SEC_ERROR_BASE + 21;
+const SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE              = SEC_ERROR_BASE + 30;
+const SEC_ERROR_CA_CERT_INVALID                         = SEC_ERROR_BASE + 36;
+const SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION              = SEC_ERROR_BASE + 41;
+const SEC_ERROR_INADEQUATE_KEY_USAGE                    = SEC_ERROR_BASE + 90;
+const SEC_ERROR_INADEQUATE_CERT_TYPE                    = SEC_ERROR_BASE + 91;
+const SEC_ERROR_CERT_NOT_IN_NAME_SPACE                  = SEC_ERROR_BASE + 112;
+const SEC_ERROR_CERT_BAD_ACCESS_LOCATION                = SEC_ERROR_BASE + 117;
+const SEC_ERROR_OCSP_MALFORMED_REQUEST                  = SEC_ERROR_BASE + 120;
+const SEC_ERROR_OCSP_SERVER_ERROR                       = SEC_ERROR_BASE + 121;
+const SEC_ERROR_OCSP_TRY_SERVER_LATER                   = SEC_ERROR_BASE + 122;
+const SEC_ERROR_OCSP_REQUEST_NEEDS_SIG                  = SEC_ERROR_BASE + 123;
+const SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST               = SEC_ERROR_BASE + 124;
+const SEC_ERROR_OCSP_UNKNOWN_CERT                       = SEC_ERROR_BASE + 126;
+const SEC_ERROR_OCSP_MALFORMED_RESPONSE                 = SEC_ERROR_BASE + 129;
+const SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE              = SEC_ERROR_BASE + 130;
+const SEC_ERROR_OCSP_OLD_RESPONSE                       = SEC_ERROR_BASE + 132;
+const SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE              = SEC_ERROR_BASE + 141;
+const SEC_ERROR_OCSP_INVALID_SIGNING_CERT               = SEC_ERROR_BASE + 144;
+const SEC_ERROR_POLICY_VALIDATION_FAILED                = SEC_ERROR_BASE + 160;
+const SEC_ERROR_OCSP_BAD_SIGNATURE                      = SEC_ERROR_BASE + 157;
+const SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED       = SEC_ERROR_BASE + 176;
+
+const SSL_ERROR_NO_CYPHER_OVERLAP                       = SSL_ERROR_BASE + 2;
+const SSL_ERROR_BAD_CERT_DOMAIN                         = SSL_ERROR_BASE + 12;
+const SSL_ERROR_BAD_CERT_ALERT                          = SSL_ERROR_BASE + 17;
+const SSL_ERROR_WEAK_SERVER_CERT_KEY                    = SSL_ERROR_BASE + 132;
+
+const MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE            = MOZILLA_PKIX_ERROR_BASE + 0;
+const MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY     = MOZILLA_PKIX_ERROR_BASE + 1;
+const MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE            = MOZILLA_PKIX_ERROR_BASE + 2;
+const MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA             = MOZILLA_PKIX_ERROR_BASE + 3;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE      = MOZILLA_PKIX_ERROR_BASE + 5;
+const MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE = MOZILLA_PKIX_ERROR_BASE + 6;
+const MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING = MOZILLA_PKIX_ERROR_BASE + 8;
+const MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING   = MOZILLA_PKIX_ERROR_BASE + 10;
+const MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME              = MOZILLA_PKIX_ERROR_BASE + 12;
+
+// Supported Certificate Usages
+const certificateUsageSSLClient              = 0x0001;
+const certificateUsageSSLServer              = 0x0002;
+const certificateUsageSSLCA                  = 0x0008;
+const certificateUsageEmailSigner            = 0x0010;
+const certificateUsageEmailRecipient         = 0x0020;
+const certificateUsageObjectSigner           = 0x0040;
+const certificateUsageVerifyCA               = 0x0100;
+const certificateUsageStatusResponder        = 0x0400;
+
+// A map from the name of a certificate usage to the value of the usage.
+// Useful for printing debugging information and for enumerating all supported
+// usages.
+const allCertificateUsages = {
+  certificateUsageSSLClient,
+  certificateUsageSSLServer,
+  certificateUsageSSLCA,
+  certificateUsageEmailSigner,
+  certificateUsageEmailRecipient,
+  certificateUsageObjectSigner,
+  certificateUsageVerifyCA,
+  certificateUsageStatusResponder
+};
+
+const NO_FLAGS = 0;
+
+// Commonly certificates are represented as PEM. The format is roughly as
+// follows:
+//
+// -----BEGIN CERTIFICATE-----
+// [some lines of base64, each typically 64 characters long]
+// -----END CERTIFICATE-----
+//
+// However, nsIX509CertDB.constructX509FromBase64 and related functions do not
+// handle input of this form. Instead, they require a single string of base64
+// with no newlines or BEGIN/END headers. This is a helper function to convert
+// PEM to the format that nsIX509CertDB requires.
+function pemToBase64(pem) {
+  return pem.replace(/-----BEGIN CERTIFICATE-----/, "")
+            .replace(/-----END CERTIFICATE-----/, "")
+            .replace(/[\r\n]/g, "");
+}
+
+function readFile(file) {
+  let fstream = Cc["@mozilla.org/network/file-input-stream;1"]
+                  .createInstance(Ci.nsIFileInputStream);
+  fstream.init(file, -1, 0, 0);
+  let data = NetUtil.readInputStreamToString(fstream, fstream.available());
+  fstream.close();
+  return data;
+}
+
+function addCertFromFile(certdb, filename, trustString) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  let successful = false;
+  try {
+    certdb.addCert(certBytes, trustString, null);
+    successful = true;
+  } catch (e) {}
+  if (!successful) {
+    // It might be PEM instead of DER.
+    certdb.addCertFromBase64(pemToBase64(certBytes), trustString, null);
+  }
+}
+
+function constructCertFromFile(filename) {
+  let certFile = do_get_file(filename, false);
+  let certBytes = readFile(certFile);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  try {
+    return certdb.constructX509(certBytes, certBytes.length);
+  } catch (e) {}
+  // It might be PEM instead of DER.
+  return certdb.constructX509FromBase64(pemToBase64(certBytes));
+}
+
+function setCertTrust(cert, trustString) {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  certdb.setCertTrustFromString(cert, trustString);
+}
+
+function getXPCOMStatusFromNSS(statusNSS) {
+  let nssErrorsService = Cc["@mozilla.org/nss_errors_service;1"]
+                           .getService(Ci.nsINSSErrorsService);
+  return nssErrorsService.getXPCOMFromNSSError(statusNSS);
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGenericAtTime(certdb, cert, expectedError, usage, time,
+                                     /*optional*/ hasEVPolicy,
+                                     /*optional*/ hostname) {
+  do_print(`cert cn=${cert.commonName}`);
+  do_print(`cert issuer cn=${cert.issuerCommonName}`);
+  let verifiedChain = {};
+  let error = certdb.verifyCertAtTime(cert, usage, NO_FLAGS, hostname, time,
+                                      verifiedChain, hasEVPolicy || {});
+  Assert.equal(error, expectedError,
+               "Actual and expected error should match");
+}
+
+// certdb implements nsIX509CertDB. See nsIX509CertDB.idl for documentation.
+// In particular, hostname is optional.
+function checkCertErrorGeneric(certdb, cert, expectedError, usage,
+                               /*optional*/ hasEVPolicy,
+                               /*optional*/ hostname) {
+  do_print(`cert cn=${cert.commonName}`);
+  do_print(`cert issuer cn=${cert.issuerCommonName}`);
+  let verifiedChain = {};
+  let error = certdb.verifyCertNow(cert, usage, NO_FLAGS, hostname,
+                                   verifiedChain, hasEVPolicy || {});
+  Assert.equal(error, expectedError,
+               "Actual and expected error should match");
+}
+
+function checkEVStatus(certDB, cert, usage, isEVExpected) {
+  let hasEVPolicy = {};
+  checkCertErrorGeneric(certDB, cert, PRErrorCodeSuccess, usage, hasEVPolicy);
+  Assert.equal(hasEVPolicy.value, isEVExpected,
+               "Actual and expected EV status should match");
+}
+
+function _getLibraryFunctionWithNoArguments(functionName, libraryName,
+                                            returnType) {
+  // Open the NSS library. copied from services/crypto/modules/WeaveCrypto.js
+  let path = ctypes.libraryName(libraryName);
+
+  // XXX really want to be able to pass specific dlopen flags here.
+  let nsslib;
+  try {
+    nsslib = ctypes.open(path);
+  } catch (e) {
+    // In case opening the library without a full path fails,
+    // try again with a full path.
+    let file = Services.dirsvc.get("GreBinD", Ci.nsILocalFile);
+    file.append(path);
+    nsslib = ctypes.open(file.path);
+  }
+
+  let SECStatus = ctypes.int;
+  let func = nsslib.declare(functionName, ctypes.default_abi,
+                            returnType || SECStatus);
+  return func;
+}
+
+function clearOCSPCache() {
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  certdb.clearOCSPCache();
+}
+
+function clearSessionCache() {
+  let SSL_ClearSessionCache = null;
+  try {
+    SSL_ClearSessionCache =
+      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "ssl3");
+  } catch (e) {
+    // On Windows, this is actually in the nss3 library.
+    SSL_ClearSessionCache =
+      _getLibraryFunctionWithNoArguments("SSL_ClearSessionCache", "nss3");
+  }
+  if (!SSL_ClearSessionCache || SSL_ClearSessionCache() != 0) {
+    throw new Error("Failed to clear SSL session cache");
+  }
+}
+
+function getSSLStatistics() {
+  let SSL3Statistics = new ctypes.StructType("SSL3Statistics",
+                           [ { "sch_sid_cache_hits": ctypes.long },
+                             { "sch_sid_cache_misses": ctypes.long },
+                             { "sch_sid_cache_not_ok": ctypes.long },
+                             { "hsh_sid_cache_hits": ctypes.long },
+                             { "hsh_sid_cache_misses": ctypes.long },
+                             { "hsh_sid_cache_not_ok": ctypes.long },
+                             { "hch_sid_cache_hits": ctypes.long },
+                             { "hch_sid_cache_misses": ctypes.long },
+                             { "hch_sid_cache_not_ok": ctypes.long },
+                             { "sch_sid_stateless_resumes": ctypes.long },
+                             { "hsh_sid_stateless_resumes": ctypes.long },
+                             { "hch_sid_stateless_resumes": ctypes.long },
+                             { "hch_sid_ticket_parse_failures": ctypes.long }]);
+  let SSL3StatisticsPtr = new ctypes.PointerType(SSL3Statistics);
+  let SSL_GetStatistics = null;
+  try {
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
+                                                           "ssl3",
+                                                           SSL3StatisticsPtr);
+  } catch (e) {
+    // On Windows, this is actually in the nss3 library.
+    SSL_GetStatistics = _getLibraryFunctionWithNoArguments("SSL_GetStatistics",
+                                                           "nss3",
+                                                           SSL3StatisticsPtr);
+  }
+  if (!SSL_GetStatistics) {
+    throw new Error("Failed to get SSL statistics");
+  }
+  return SSL_GetStatistics();
+}
+
+// Set up a TLS testing environment that has a TLS server running and
+// ready to accept connections. This async function starts the server and
+// waits for the server to indicate that it is ready.
+//
+// Each test should have its own subdomain of example.com, for example
+// my-first-connection-test.example.com. The server can use the server
+// name (passed through the SNI TLS extension) to determine what behavior
+// the server side of the text should exhibit. See TLSServer.h for more
+// information on how to write the server side of tests.
+//
+// Create a new source file for your new server executable in
+// security/manager/ssl/tests/unit/tlsserver/cmd similar to the other ones in
+// that directory, and add a reference to it to the sources variable in that
+// directory's moz.build.
+//
+// Modify TEST_HARNESS_BINS in
+// testing/mochitest/Makefile.in and NO_PKG_FILES in
+// toolkit/mozapps/installer/packager.mk to make sure the new executable
+// gets included in the packages used for shipping the tests to the test
+// runners in our build/test farm. (Things will work fine locally without
+// these changes but will break on TBPL.)
+//
+// Your test script should look something like this:
+/*
+
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// <documentation on your test>
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("<test-server-name>", "<path-to-certificate-directory>");
+
+  add_connection_test("<test-name-1>.example.com",
+                      SEC_ERROR_xxx,
+                      function() { ... },
+                      function(aTransportSecurityInfo) { ... },
+                      function(aTransport) { ... });
+  [...]
+  add_connection_test("<test-name-n>.example.com", PRErrorCodeSuccess);
+
+  run_next_test();
+}
+*/
+
+function add_tls_server_setup(serverBinName, certsPath) {
+  add_test(function() {
+    _setupTLSServerTest(serverBinName, certsPath);
+  });
+}
+
+/**
+ * Add a TLS connection test case.
+ *
+ * @param {String} aHost
+ *   The hostname to pass in the SNI TLS extension; this should unambiguously
+ *   identify which test is being run.
+ * @param {PRErrorCode} aExpectedResult
+ *   The expected result of the connection. If an error is not expected, pass
+ *   in PRErrorCodeSuccess.
+ * @param {Function} aBeforeConnect
+ *   A callback function that takes no arguments that will be called before the
+ *   connection is attempted.
+ * @param {Function} aWithSecurityInfo
+ *   A callback function that takes an nsITransportSecurityInfo, which is called
+ *   after the TLS handshake succeeds.
+ * @param {Function} aAfterStreamOpen
+ *   A callback function that is called with the nsISocketTransport once the
+ *   output stream is ready.
+ * @param {OriginAttributes} aOriginAttributes (optional)
+ *   The origin attributes that the socket transport will have. This parameter
+ *   affects OCSP because OCSP cache is double-keyed by origin attributes' first
+ *   party domain.
+ */
+function add_connection_test(aHost, aExpectedResult,
+                             aBeforeConnect, aWithSecurityInfo,
+                             aAfterStreamOpen,
+                             /*optional*/ aOriginAttributes) {
+  const REMOTE_PORT = 8443;
+
+  function Connection(host) {
+    this.host = host;
+    let threadManager = Cc["@mozilla.org/thread-manager;1"]
+                          .getService(Ci.nsIThreadManager);
+    this.thread = threadManager.currentThread;
+    this.defer = Promise.defer();
+    let sts = Cc["@mozilla.org/network/socket-transport-service;1"]
+                .getService(Ci.nsISocketTransportService);
+    this.transport = sts.createTransport(["ssl"], 1, host, REMOTE_PORT, null);
+    // See bug 1129771 - attempting to connect to [::1] when the server is
+    // listening on 127.0.0.1 causes frequent failures on OS X 10.10.
+    this.transport.connectionFlags |= Ci.nsISocketTransport.DISABLE_IPV6;
+    this.transport.setEventSink(this, this.thread);
+    if (aOriginAttributes) {
+      this.transport.originAttributes = aOriginAttributes;
+    }
+    this.inputStream = null;
+    this.outputStream = null;
+    this.connected = false;
+  }
+
+  Connection.prototype = {
+    // nsITransportEventSink
+    onTransportStatus: function(aTransport, aStatus, aProgress, aProgressMax) {
+      if (!this.connected && aStatus == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        this.connected = true;
+        this.outputStream.asyncWait(this, 0, 0, this.thread);
+      }
+    },
+
+    // nsIInputStreamCallback
+    onInputStreamReady: function(aStream) {
+      try {
+        // this will throw if the stream has been closed by an error
+        let str = NetUtil.readInputStreamToString(aStream, aStream.available());
+        Assert.equal(str, "0",
+                     "Should have received ASCII '0' from server");
+        this.inputStream.close();
+        this.outputStream.close();
+        this.result = Cr.NS_OK;
+      } catch (e) {
+        this.result = e.result;
+      }
+      this.defer.resolve(this);
+    },
+
+    // nsIOutputStreamCallback
+    onOutputStreamReady: function(aStream) {
+      if (aAfterStreamOpen) {
+        aAfterStreamOpen(this.transport);
+      }
+      let sslSocketControl = this.transport.securityInfo
+                               .QueryInterface(Ci.nsISSLSocketControl);
+      sslSocketControl.proxyStartSSL();
+      this.outputStream.write("0", 1);
+      let inStream = this.transport.openInputStream(0, 0, 0)
+                       .QueryInterface(Ci.nsIAsyncInputStream);
+      this.inputStream = inStream;
+      this.inputStream.asyncWait(this, 0, 0, this.thread);
+    },
+
+    go: function() {
+      this.outputStream = this.transport.openOutputStream(0, 0, 0)
+                            .QueryInterface(Ci.nsIAsyncOutputStream);
+      return this.defer.promise;
+    }
+  };
+
+  /* Returns a promise to connect to host that resolves to the result of that
+   * connection */
+  function connectTo(host) {
+    Services.prefs.setCharPref("network.dns.localDomains", host);
+    let connection = new Connection(host);
+    return connection.go();
+  }
+
+  add_test(function() {
+    if (aBeforeConnect) {
+      aBeforeConnect();
+    }
+    connectTo(aHost).then(function(conn) {
+      do_print("handling " + aHost);
+      let expectedNSResult = aExpectedResult == PRErrorCodeSuccess
+                           ? Cr.NS_OK
+                           : getXPCOMStatusFromNSS(aExpectedResult);
+      Assert.equal(conn.result, expectedNSResult,
+                   "Actual and expected connection result should match");
+      if (aWithSecurityInfo) {
+        aWithSecurityInfo(conn.transport.securityInfo
+                              .QueryInterface(Ci.nsITransportSecurityInfo));
+      }
+      run_next_test();
+    });
+  });
+}
+
+function _getBinaryUtil(binaryUtilName) {
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
+
+  let utilBin = directoryService.get("CurProcD", Ci.nsILocalFile);
+  utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  // If we're testing locally, the above works. If not, the server executable
+  // is in another location.
+  if (!utilBin.exists()) {
+    utilBin = directoryService.get("CurWorkD", Ci.nsILocalFile);
+    while (utilBin.path.indexOf("xpcshell") != -1) {
+      utilBin = utilBin.parent;
+    }
+    utilBin.append("bin");
+    utilBin.append(binaryUtilName + mozinfo.bin_suffix);
+  }
+  // But maybe we're on Android or B2G, where binaries are in /data/local/xpcb.
+  if (!utilBin.exists()) {
+    utilBin.initWithPath("/data/local/xpcb/");
+    utilBin.append(binaryUtilName);
+  }
+  Assert.ok(utilBin.exists(), `Binary util ${binaryUtilName} should exist`);
+  return utilBin;
+}
+
+// Do not call this directly; use add_tls_server_setup
+function _setupTLSServerTest(serverBinName, certsPath)
+{
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  // The trusted CA that is typically used for "good" certificates.
+  addCertFromFile(certdb, `${certsPath}/test-ca.pem`, "CTu,u,u");
+
+  const CALLBACK_PORT = 8444;
+
+  let directoryService = Cc["@mozilla.org/file/directory_service;1"]
+                           .getService(Ci.nsIProperties);
+  let envSvc = Cc["@mozilla.org/process/environment;1"]
+                 .getService(Ci.nsIEnvironment);
+  let greBinDir = directoryService.get("GreBinD", Ci.nsIFile);
+  envSvc.set("DYLD_LIBRARY_PATH", greBinDir.path);
+  // TODO(bug 1107794): Android libraries are in /data/local/xpcb, but "GreBinD"
+  // does not return this path on Android, so hard code it here.
+  envSvc.set("LD_LIBRARY_PATH", greBinDir.path + ":/data/local/xpcb");
+  envSvc.set("MOZ_TLS_SERVER_DEBUG_LEVEL", "3");
+  envSvc.set("MOZ_TLS_SERVER_CALLBACK_PORT", CALLBACK_PORT);
+
+  let httpServer = new HttpServer();
+  httpServer.registerPathHandler("/",
+      function handleServerCallback(aRequest, aResponse) {
+        aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+        aResponse.setHeader("Content-Type", "text/plain");
+        let responseBody = "OK!";
+        aResponse.bodyOutputStream.write(responseBody, responseBody.length);
+        do_execute_soon(function() {
+          httpServer.stop(run_next_test);
+        });
+      });
+  httpServer.start(CALLBACK_PORT);
+
+  let serverBin = _getBinaryUtil(serverBinName);
+  let process = Cc["@mozilla.org/process/util;1"].createInstance(Ci.nsIProcess);
+  process.init(serverBin);
+  let certDir = directoryService.get("CurWorkD", Ci.nsILocalFile);
+  certDir.append(`${certsPath}`);
+  Assert.ok(certDir.exists(), `certificate folder (${certsPath}) should exist`);
+  // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+  process.run(false, [ "sql:" + certDir.path ], 1);
+
+  do_register_cleanup(function() {
+    process.kill();
+  });
+}
+
+// Returns an Array of OCSP responses for a given ocspRespArray and a location
+// for a nssDB where the certs and public keys are prepopulated.
+// ocspRespArray is an array of arrays like:
+// [ [typeOfResponse, certnick, extracertnick]...]
+function generateOCSPResponses(ocspRespArray, nssDBlocation)
+{
+  let utilBinName = "GenerateOCSPResponse";
+  let ocspGenBin = _getBinaryUtil(utilBinName);
+  let retArray = [];
+
+  for (let i = 0; i < ocspRespArray.length; i++) {
+    let argArray = [];
+    let ocspFilepre = do_get_file(i.toString() + ".ocsp", true);
+    let filename = ocspFilepre.path;
+    // Using "sql:" causes the SQL DB to be used so we can run tests on Android.
+    argArray.push("sql:" + nssDBlocation);
+    argArray.push(ocspRespArray[i][0]); // ocsRespType;
+    argArray.push(ocspRespArray[i][1]); // nick;
+    argArray.push(ocspRespArray[i][2]); // extranickname
+    argArray.push(filename);
+    do_print("argArray = " + argArray);
+
+    let process = Cc["@mozilla.org/process/util;1"]
+                    .createInstance(Ci.nsIProcess);
+    process.init(ocspGenBin);
+    process.run(true, argArray, 5);
+    Assert.equal(0, process.exitValue, "Process exit value should be 0");
+    let ocspFile = do_get_file(i.toString() + ".ocsp", false);
+    retArray.push(readFile(ocspFile));
+    ocspFile.remove(false);
+  }
+  return retArray;
+}
+
+// Starts and returns an http responder that will cause a test failure if it is
+// queried. The server identities are given by a non-empty array
+// serverIdentities.
+function getFailingHttpServer(serverPort, serverIdentities) {
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler("/", function(request, response) {
+    Assert.ok(false, "HTTP responder should not have been queried");
+  });
+  httpServer.identity.setPrimary("http", serverIdentities.shift(), serverPort);
+  serverIdentities.forEach(function(identity) {
+    httpServer.identity.add("http", identity, serverPort);
+  });
+  httpServer.start(serverPort);
+  return httpServer;
+}
+
+// Starts an http OCSP responder that serves good OCSP responses and
+// returns an object with a method stop that should be called to stop
+// the http server.
+// NB: Because generating OCSP responses inside the HTTP request
+// handler can cause timeouts, the expected responses are pre-generated
+// all at once before starting the server. This means that their producedAt
+// times will all be the same. If a test depends on this not being the case,
+// perhaps calling startOCSPResponder twice (at different times) will be
+// necessary.
+//
+// serverPort is the port of the http OCSP responder
+// identity is the http hostname that will answer the OCSP requests
+// nssDBLocation is the location of the NSS database from where the OCSP
+//   responses will be generated (assumes appropiate keys are present)
+// expectedCertNames is an array of nicks of the certs to be responsed
+// expectedBasePaths is an optional array that is used to indicate
+//   what is the expected base path of the OCSP request.
+// expectedMethods is an optional array of methods ("GET" or "POST") indicating
+//   by which HTTP method the server is expected to be queried.
+// expectedResponseTypes is an optional array of OCSP response types to use (see
+//   GenerateOCSPResponse.cpp).
+function startOCSPResponder(serverPort, identity, nssDBLocation,
+                            expectedCertNames, expectedBasePaths,
+                            expectedMethods, expectedResponseTypes) {
+  let ocspResponseGenerationArgs = expectedCertNames.map(
+    function(expectedNick) {
+      let responseType = "good";
+      if (expectedResponseTypes && expectedResponseTypes.length >= 1) {
+        responseType = expectedResponseTypes.shift();
+      }
+      return [responseType, expectedNick, "unused"];
+    }
+  );
+  let ocspResponses = generateOCSPResponses(ocspResponseGenerationArgs,
+                                            nssDBLocation);
+  let httpServer = new HttpServer();
+  httpServer.registerPrefixHandler("/",
+    function handleServerCallback(aRequest, aResponse) {
+      do_print("got request for: " + aRequest.path);
+      let basePath = aRequest.path.slice(1).split("/")[0];
+      if (expectedBasePaths.length >= 1) {
+        Assert.equal(basePath, expectedBasePaths.shift(),
+                     "Actual and expected base path should match");
+      }
+      Assert.ok(expectedCertNames.length >= 1,
+                "expectedCertNames should contain >= 1 entries");
+      if (expectedMethods && expectedMethods.length >= 1) {
+        Assert.equal(aRequest.method, expectedMethods.shift(),
+                     "Actual and expected fetch method should match");
+      }
+      aResponse.setStatusLine(aRequest.httpVersion, 200, "OK");
+      aResponse.setHeader("Content-Type", "application/ocsp-response");
+      aResponse.write(ocspResponses.shift());
+    });
+  httpServer.identity.setPrimary("http", identity, serverPort);
+  httpServer.start(serverPort);
+  return {
+    stop: function(callback) {
+      // make sure we consumed each expected response
+      Assert.equal(ocspResponses.length, 0,
+                   "Should have 0 remaining expected OCSP responses");
+      if (expectedMethods) {
+        Assert.equal(expectedMethods.length, 0,
+                     "Should have 0 remaining expected fetch methods");
+      }
+      if (expectedBasePaths) {
+        Assert.equal(expectedBasePaths.length, 0,
+                     "Should have 0 remaining expected base paths");
+      }
+      if (expectedResponseTypes) {
+        Assert.equal(expectedResponseTypes.length, 0,
+                     "Should have 0 remaining expected response types");
+      }
+      httpServer.stop(callback);
+    }
+  };
+}
+
+// A prototype for a fake, error-free sslstatus
+var FakeSSLStatus = function(certificate) {
+  this.serverCert = certificate;
+};
+
+FakeSSLStatus.prototype = {
+  serverCert: null,
+  cipherName: null,
+  keyLength: 2048,
+  isDomainMismatch: false,
+  isNotValidAtThisTime: false,
+  isUntrusted: false,
+  isExtendedValidation: false,
+  getInterface: function(aIID) {
+    return this.QueryInterface(aIID);
+  },
+  QueryInterface: function(aIID) {
+    if (aIID.equals(Ci.nsISSLStatus) ||
+        aIID.equals(Ci.nsISupports)) {
+      return this;
+    }
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  },
+};
+
+// Utility functions for adding tests relating to certificate error overrides
+
+// Helper function for add_cert_override_test. Probably doesn't need to be
+// called directly.
+function add_cert_override(aHost, aExpectedBits, aExpectedErrorRegexp,
+                           aSecurityInfo) {
+  if (aExpectedErrorRegexp) {
+    do_print(aSecurityInfo.errorMessage);
+    Assert.ok(aExpectedErrorRegexp.test(aSecurityInfo.errorMessage),
+              "Actual error message should match expected error regexp");
+  }
+  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                               .SSLStatus;
+  let bits =
+    (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
+    (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
+    (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+  Assert.equal(bits, aExpectedBits,
+               "Actual and expected override bits should match");
+  let cert = sslstatus.serverCert;
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
+                                               true);
+}
+
+// Given a host, expected error bits (see nsICertOverrideService.idl), an
+// expected error code, and optionally a regular expression that the resulting
+// error message must match, tests that an initial connection to the host fails
+// with the expected errors and that adding an override results in a subsequent
+// connection succeeding.
+function add_cert_override_test(aHost, aExpectedBits, aExpectedError,
+                                aExpectedErrorRegexp = undefined) {
+  add_connection_test(aHost, aExpectedError, null,
+                      add_cert_override.bind(this, aHost, aExpectedBits,
+                                             aExpectedErrorRegexp));
+  add_connection_test(aHost, PRErrorCodeSuccess, null, aSecurityInfo => {
+    Assert.ok(aSecurityInfo.securityState &
+              Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+              "Cert override flag should be set on the security state");
+  });
+}
+
+// Helper function for add_prevented_cert_override_test. This is much like
+// add_cert_override except it may not be the case that the connection has an
+// SSLStatus set on it. In this case, the error was not overridable anyway, so
+// we consider it a success.
+function attempt_adding_cert_override(aHost, aExpectedBits, aSecurityInfo) {
+  let sslstatus = aSecurityInfo.QueryInterface(Ci.nsISSLStatusProvider)
+                               .SSLStatus;
+  if (sslstatus) {
+    let bits =
+      (sslstatus.isUntrusted ? Ci.nsICertOverrideService.ERROR_UNTRUSTED : 0) |
+      (sslstatus.isDomainMismatch ? Ci.nsICertOverrideService.ERROR_MISMATCH : 0) |
+      (sslstatus.isNotValidAtThisTime ? Ci.nsICertOverrideService.ERROR_TIME : 0);
+    Assert.equal(bits, aExpectedBits,
+                 "Actual and expected override bits should match");
+    let cert = sslstatus.serverCert;
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.rememberValidityOverride(aHost, 8443, cert, aExpectedBits,
+                                                 true);
+  }
+}
+
+// Given a host, expected error bits (see nsICertOverrideService.idl), and
+// an expected error code, tests that an initial connection to the host fails
+// with the expected errors and that adding an override does not result in a
+// subsequent connection succeeding (i.e. the same error code is encountered).
+// The idea here is that for HSTS hosts or hosts with key pins, no error is
+// overridable, even if an entry is added to the override service.
+function add_prevented_cert_override_test(aHost, aExpectedBits, aExpectedError) {
+  add_connection_test(aHost, aExpectedError, null,
+                      attempt_adding_cert_override.bind(this, aHost, aExpectedBits));
+  add_connection_test(aHost, aExpectedError);
+}
+
+function loginToDBWithDefaultPassword() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("");
+  token.login(/*force*/ false);
+}
+
+// Helper for asyncTestCertificateUsages.
+class CertVerificationResult {
+  constructor(certName, usageString, successExpected, resolve) {
+    this.certName = certName;
+    this.usageString = usageString;
+    this.successExpected = successExpected;
+    this.resolve = resolve;
+  }
+
+  verifyCertFinished(aPRErrorCode, aVerifiedChain, aHasEVPolicy) {
+    if (this.successExpected) {
+      equal(aPRErrorCode, PRErrorCodeSuccess,
+            `verifying ${this.certName} for ${this.usageString} should succeed`);
+    } else {
+      notEqual(aPRErrorCode, PRErrorCodeSuccess,
+               `verifying ${this.certName} for ${this.usageString} should fail`);
+    }
+    this.resolve();
+  }
+}
+
+/**
+ * Asynchronously attempts to verify the given certificate for all supported
+ * usages (see allCertificateUsages). Verifies that the results match the
+ * expected successful usages. Returns a promise that will resolve when all
+ * verifications have been performed.
+ * Verification happens "now" with no specified flags or hostname.
+ *
+ * @param {nsIX509CertDB} certdb
+ *   The certificate database to use to verify the certificate.
+ * @param {nsIX509Cert} cert
+ *   The certificate to be verified.
+ * @param {Number[]} expectedUsages
+ *   A list of usages (as their integer values) that are expected to verify
+ *   successfully.
+ * @return {Promise}
+ *   A promise that will resolve with no value when all asynchronous operations
+ *   have completed.
+ */
+function asyncTestCertificateUsages(certdb, cert, expectedUsages) {
+  let now = (new Date()).getTime() / 1000;
+  let promises = [];
+  Object.keys(allCertificateUsages).forEach(usageString => {
+    let promise = new Promise((resolve, reject) => {
+      let usage = allCertificateUsages[usageString];
+      let successExpected = expectedUsages.includes(usage);
+      let result = new CertVerificationResult(cert.commonName, usageString,
+                                              successExpected, resolve);
+      certdb.asyncVerifyCertAtTime(cert, usage, 0, null, now, result);
+    });
+    promises.push(promise);
+  });
+  return Promise.all(promises);
+}
+
+/**
+ * Loads the pkcs11testmodule.cpp test PKCS #11 module, and registers a cleanup
+ * function that unloads it once the calling test completes.
+ *
+ * @param {Boolean} expectModuleUnloadToFail
+ *                  Should be set to true for tests that manually unload the
+ *                  test module, so the attempt to auto unload the test module
+ *                  doesn't cause a test failure. Should be set to false
+ *                  otherwise, so failure to automatically unload the test
+ *                  module gets reported.
+ */
+function loadPKCS11TestModule(expectModuleUnloadToFail) {
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(ctypes.libraryName("pkcs11testmodule"));
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  do_register_cleanup(() => {
+    try {
+      pkcs11.deleteModule("PKCS11 Test Module");
+    } catch (e) {
+      Assert.ok(expectModuleUnloadToFail,
+                `Module unload should suceed only when expected: ${e}`);
+    }
+  });
+  pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0);
+}
diff --git a/security/manager/ssl/tests/unit/moz.build b/security/manager/ssl/tests/unit/moz.build
new file mode 100644
index 000000000..8a97120c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/moz.build
@@ -0,0 +1,37 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+DIRS += ['tlsserver']
+
+if not CONFIG['MOZ_NO_SMART_CARDS']:
+    DIRS += ['pkcs11testmodule']
+
+TEST_DIRS += [
+    'bad_certs',
+    'ocsp_certs',
+    'test_baseline_requirements',
+    'test_cert_eku',
+    'test_cert_embedded_null',
+    'test_cert_keyUsage',
+    'test_cert_sha1',
+    'test_cert_signatures',
+    'test_cert_trust',
+    'test_cert_version',
+    'test_certDB_import',
+    'test_content_signing',
+    'test_ev_certs',
+    'test_getchain',
+    'test_intermediate_basic_usage_constraints',
+    'test_keysize',
+    'test_keysize_ev',
+    'test_name_constraints',
+    'test_ocsp_fetch_method',
+    'test_ocsp_url',
+    'test_onecrl',
+    'test_pinning_dynamic',
+    'test_startcom_wosign',
+    'test_validity',
+]
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
new file mode 100644
index 000000000..ae40112c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUBUmy5jtGrDso26TeIelwmtF+KFAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLzEtMCsGA1UEAwwkVGVzdCBJbnRlcm1lZGlhdGUgdXNlZCBhcyBF
+bmQtRW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo3IwcDAMBgNVHRMEBTADAQH/MDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzAsBgNVHREEJTAj
+giFjYS11c2VkLWFzLWVuZC1lbnRpdHkuZXhhbXBsZS5jb20wCwYJKoZIhvcNAQEL
+A4IBAQApr3pPS4uWz6oPEhrTO73K+JTP2VRTKgtbooPhOZ6tCRz75P729RzVOEZF
+Vf87VSFTTXUdG5Q6+SDNuCdDuyyPR4q38s+8jgv3OVfsEbhPuSx73pLAzYg727Ip
+U2ROGoVysc3JrUfwPZSvQ/i4iqdb2sVwtqR5LM1nApy5+p6Ef8cwjfm9qsdrHlnx
+3VdiioEOp+8SKH5rzfZe+1jepRODlqvFEO9gFbaqjHLzL005xAcfpsZPH5JzDhqD
+g4QiIFlm+wwQ9pTBpk1ZmbgDyk4frrxughFsbR4zDDTfJCREa5RlwH34xOkx/cTu
+ee/qZzerx61VI88GvLK87eX2ZiH1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
new file mode 100644
index 000000000..8e16705b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ca-used-as-end-entity.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate used as End-Entity
+extension:basicConstraints:cA,
+extension:authorityInformationAccess:http://localhost:8888/
+extension:subjectAlternativeName:ca-used-as-end-entity.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
new file mode 100644
index 000000000..0a9eaebb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm+gAwIBAgIUNRvpOhsDHEYbRf6bsiAPbvKe2VAwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4HKMIHH
+MIGQBgNVHREEgYgwgYWCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbYIVKi5waW5u
+aW5nLmV4YW1wbGUuY29tgigqLmluY2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4
+YW1wbGUuY29tgigqLmV4Y2x1ZGUtc3ViZG9tYWlucy5waW5uaW5nLmV4YW1wbGUu
+Y29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9z
+dDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAH6+Qe/y1TTCx2w6f31VWp5lcizPkS8s
+ODfbgT9pKYqqvYDeiDu3q8SLGHTTsHWWewBCu5Jd0mXPXfZ4FEHcwbVJZUZBvQVr
+1aNBCriuzhNUyfjkvfCgM4OuxgNwjbihGDE8VzfxTiz8mDN0AgACCZaUTQnybQc0
+SW+ldxspBgQJom0tkZ+TGi80L3/5P5J2+7AchxhAZzQmebDnxNYDZXCJH8w15was
+OzM5BrQzz3vuxupO7lsRzZIzAU+uQD4bjcMpz3oMdj3/0lb0HZGMdU22Ub36PvLC
+6mYbTtf0IS5TVyLnbCNeliE6zoPnQPBzAUfoOeD1Tn6HQUQUT8oTf2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
new file mode 100644
index 000000000..554339ff5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/default-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com,*.pinning.example.com,*.include-subdomains.pinning.example.com,*.exclude-subdomains.pinning.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
new file mode 100644
index 000000000..c002ab376
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUIxRG1UWRha0HYTAhwhrKHkbqmyMwCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowKDEmMCQGA1UEAwwdVGVzdCBTSEExIERlbGVnYXRlZCBSZXNwb25k
+ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBdcZSZgmfdwgqZ5Hx
+uHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBICRMWE
+pMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzHBuvN
+MHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZmJUeX
+7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW8YfN
+1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4ZHXEh
+aNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMJMAsGCSqGSIb3DQEBBQOC
+AQEANLgtJ15k2R80tTTbdC1m/ZASP24kA5t+lMUcZ2nBrIAKivNshI8oI3BVqq6a
+/SP+0D1A0OGkOy8NwwlXhTb5ZAJj8SJyMrfanuGzZQhzFrQc55KeETCm8nPyzGQ9
+bqQs1LETdVsdYXIsY+ODCIHHc3GrC7M4AcfeWobi+fANOYiTkohu+xMrwkNk0cpC
+7rGru+XJwmljnc0OwcMeClLOpqRGVXV7bVBQmM731dBSqQabDkOANqEzSD9R7cJN
+I/UXxZ24i80bErMcgYQIKA6JwS9deLrx1PVc5s5rsZjMtDT8vuDiRXNbjtbINYFw
+MncXL0zcoBe7IV3rdJwY+y3Snw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
new file mode 100644
index 000000000..bdf3e2ee4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSHA1Signer.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test SHA1 Delegated Responder
+subjectKey:alternate
+signature:sha1WithRSAEncryption
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
new file mode 100644
index 000000000..a89c8d2f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2jCCAcSgAwIBAgIUQXEL+8VLzS0MV1fxD5oqP+1e6jMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIzEhMB8GA1UEAwwYVGVzdCBEZWxlZ2F0ZWQgUmVzcG9uZGVyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c
+5TiwbErNIrHL1G+mWtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF
+5ROMAQbPCL6ahidguuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM
+5AqlkdcpWn9xxb5maR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiI
+CBFCIGmYikP+5Izmh4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1
+uJMPdLqQqovHYWckKrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwID
+AQABoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBABNl
+rZcaJMbZvRzFDOZ7ZFjf/hqf/VxFBwiP7JOY3ZpvUTkvZkHdEQIaps9Lg0PRWsVj
+Q23PgVUJnsRL1qIFsYHDJ0NB3X+ly7IV2kjH0LBshN+8/xHgCzZy6FXtC5tNa3gT
+7GFQONTVRoVnnI8JlGMgFFrgY4H/Eyz9YlD6Sgf/zmouPCftajAyKLIrn0wDZXLv
+6Cla7n71vDVp8XsdyNZsDVa3x3eU83zzhvQkZz14ScoDzdC0S6Rk9fUTZIm4x/lJ
+LV93G6M7AyfnK51EKJR2woG/shfpLXV7Wvc/1122vTQaBqvXwervYKfndf3IRx6U
+JkHz9cSPh0zZyGpaY3Y=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
new file mode 100644
index 000000000..19971eeb4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/delegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Delegated Responder
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
new file mode 100644
index 000000000..ace363638
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/jCCAeigAwIBAgIUfRaj/hxb3Q6v50uP5RoPLfCSeqkwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMD0xOzA5BgNVBAMMMlRlc3QgSW52YWxpZCBEZWxl
+Z2F0ZWQgUmVzcG9uZGVyIEZyb20gSW50ZXJtZWRpYXRlMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+m
+Wtoq3UHIwkmKxKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidg
+uuai6PNvI8XZgxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5m
+aR0rLf7ISURZC8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izm
+h4HdIramnNKDdRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWck
+KrH9bWIUDRjEwLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABoxcwFTATBgNV
+HSUEDDAKBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAJqijOH0m68uOc5OkrTx
+R4TW6UKEE4FluKJj4WmS5REzWs1IBn/9JYPJEVyvCfVAiEqlxJEaY0Rie+L57Sqt
+l57QSIprq2oAqjMHgmNljA7oXumsuGtIMn3E504jCjnejpIXjrLZYcfFTEub8c/A
+FF/6Vx7w3Lz9WUdSnC99k5Iu4sa/5OnwUP4/DqchHK3+hx3pOQCgRIBB0imcucjW
+XVJnJhI2S1Dny9bNRXm3uj4wk4QgbZPHEyAbTbqSQzBCtA2oir5dODffciqVa12C
+FfMjcYYGZI7gJ9BvT5zb2GFWIKOwcEBL/4lcm/NQToNF/0FFNAThlVLp6NEEYkIj
+QbE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
new file mode 100644
index 000000000..be0d3e9e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerFromIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test Invalid Delegated Responder From Intermediate
+subjectKey:alternate
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
new file mode 100644
index 000000000..e3ce67d25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUe3gW1PDzhB2nX+14539sWNQNpuQwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowPzE9MDsGA1UEAww0VGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIga2V5VXNhZ2UgY3JsU2lnbmluZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9RvplraKt1ByMJJ
+isSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYnYLrmoujzbyPF
+2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+ZmkdKy3+yElE
+WQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM5oeB3SK2ppzS
+g3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2FnJCqx/W1iFA0Y
+xMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMPMA0wCwYDVR0PBAQDAgEC
+MAsGCSqGSIb3DQEBCwOCAQEAO0hG0xJvxlFc9STPEUfmQezbGJt242zAUVyDT0ZS
+K/gQhhWAjjnfVdUz0dWG/RyH9eaIg4SYc+8+igmKyZL+dvhiEgc0dEWk7nCj+G9/
+SomG+QanABPo7S63HnNjSHq0Z3+j1UNFi1Nu3Neeo3yRgwBwHUVerT/iEaKX6s6V
+vYaDvPYDK3F5jxE3IUi2zwCMWssm77qOfAMoHx9DZ4Y0Hy5YeYS17mhRpUhYo8Qu
+EoEnQVt5+bwBQOsHB86zpjN/8GX9iQGrh/F+31W3qgZYhNwT0dxBgZ8+1/hymzha
+rudGgX7xhPC/qaui7LejAFoJZXz7t2s8QP4oqp/gOZ0oyA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
new file mode 100644
index 000000000..2833ed9b5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerKeyUsageCrlSigning.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder keyUsage crlSigning
+subjectKey:alternate
+extension:keyUsage:cRLSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
new file mode 100644
index 000000000..3f00a11b7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2DCCAcKgAwIBAgIUeekP5v4eDV4Q3Mhxh7hyoRYhoYMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowOjE4MDYGA1UEAwwvVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIgTm8gZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB
+9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nf
+rzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPq
+Sf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+T
+KxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaP
+w3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBgElte
++KdSalMaq0BsyEkiYRwnsC+LlVJCHffa8RdLZ6av4/k6VFBhP/ssQZOjefG6GAB4
+bNvP/Cll878+fq9whu/3X9ZznL1TLZA1Ej7clSbiCP3TfmPmUeXu6/KMD22o/k/0
+L2cZjABi+Uctu2XxvAn9yN0+I/yulmrVUPcJJLhcMA/L3Drud+ePzjztXpn9DEuO
+zJvbT69gWuj61XshHgolczSkALsavYOs9tF9XQYClOcNrr6SiiMBYcarHyB1H+6G
+lyd+acDokI0uMuYu+25ucTf0HX8qG6K83Dr6sTCraIKnq59/zbplMsgtocklddJn
+5sWaGwVtmt1twn2c
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..92444c94a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerNoExtKeyUsage.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder No extKeyUsage
+subjectKey:alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
new file mode 100644
index 000000000..b1a665aa9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9DCCAd6gAwIBAgIUaaTPCaYAcxp4TZ4q8Wcjz6W7UW0wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowPTE7MDkGA1UEAwwyVGVzdCBJbnZhbGlkIERlbGVnYXRlZCBSZXNw
+b25kZXIgV3JvbmcgZXh0S2V5VXNhZ2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQDBdcZSZgmfdwgqZ5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrE
+o7PB9hSH9BtpiUG9gKUcPBICRMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmD
+E7nfrzeDRdrOUdTW3NKmyzzHBuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkL
+xaPqSf2TsddTQF8Xc3aZlYZmJUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1
+Ex+TKxKM4ob6fSUcBirSfvAW8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTA
+uMaPw3SEVzJK196G5lUvHR4ZHXEhaNO7AgMBAAGjFzAVMBMGA1UdJQQMMAoGCCsG
+AQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAq7dWVM5N/G6AfpGNEGjK0tGgCzZdcUtt
+669gV+c45zUlmBFhoQ7P8i/491qaSH5LOOQFzkEzJ0hseylLKZraSC+dxIdc5CA1
+b53vBmjHxhba44C8eEEipG8K/7dljQGprF/0RMNlG9XLaukzVb/QeUK7hJ2EpKeB
+rq49TBH0nOirVaPO3xSSwXxNxE0X25zgAl/7Qju2mjMAXzvayN3RYTo/OhAyKXr4
+y5SVoXgQ1ZtlArHFjGCD2vcwWSXJBrJCZaVV0x3EzwKRZA7lGm4F9q0ZGCrBwmBk
+rXbL0JlESZPbMxHbE2rcQ6iI3u2mLUJ7qamLjs1Gc6YGnCOc7z2wCg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
new file mode 100644
index 000000000..bc704fbd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/invalidDelegatedSignerWrongExtKeyUsage.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test Invalid Delegated Responder Wrong extKeyUsage
+subjectKey:alternate
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/moz.build b/security/manager/ssl/tests/unit/ocsp_certs/moz.build
new file mode 100644
index 000000000..187518829
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/moz.build
@@ -0,0 +1,42 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-used-as-end-entity.pem',
+#    'default-ee.pem',
+#    'delegatedSHA1Signer.pem',
+#    'delegatedSigner.pem',
+#    'invalidDelegatedSignerFromIntermediate.pem',
+#    'invalidDelegatedSignerKeyUsageCrlSigning.pem',
+#    'invalidDelegatedSignerNoExtKeyUsage.pem',
+#    'invalidDelegatedSignerWrongExtKeyUsage.pem',
+#    'multi-tls-feature-bad-ee.pem',
+#    'multi-tls-feature-good-ee.pem',
+#    'must-staple-ee.pem',
+#    'must-staple-ee-with-must-staple-int.pem',
+#    'must-staple-missing-ee.pem',
+#    'ocspEEWithIntermediate.pem',
+#    'ocspOtherEndEntity.pem',
+#    'other-test-ca.pem',
+#    'rsa-1016-keysizeDelegatedSigner.pem',
+#    'test-ca.pem',
+#    'test-int.pem',
+#    'test-multi-tls-feature-int.pem',
+#    'test-must-staple-int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'default-ee.key',
+#    'other-test-ca.key',
+#    'rsa-1016-keysizeDelegatedSigner.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
new file mode 100644
index 000000000..3590df90b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIDCCAgqgAwIBAgIUAc3BKte7ynCOlcIdQ7skOfR97WUwCwYJKoZIhvcNAQEL
+MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT
+IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx
+KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMvMC0wGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTARBggrBgEFBQcBGAQFMAMC
+AQUwCwYJKoZIhvcNAQELA4IBAQAcse6lHIyWBVFBP3H4s35RrYiYkmcOVHundfO8
+uvLU+eKh4fFHiBMIHgBrwMH5NWC+ahAe/rc5mcT4tCh95p9TOLYf4Hl7sAAQBBVY
+eoReFpIor30mitKZ9XS/nBh2WtNCY7UN9oNdgo+MwW15OXSya0ayAZob/hdJqttR
+6+8y63CzBDe/LnUzZcHn/ecQpzjfPAjeFdFrH1ubhSgO/z/E8XOWh0BzwB8dFIw8
+cKHXAFz8vpp/OI+4ZLsfd8edXaCfJ8ysyHhJn3hq8A0KJCxRxaaw4LV+SZlq8TDH
+7Auel4lK2LVRLt9px+FoVOp2ySAHQ+ZJXVm9kGgKchFjFTpT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
new file mode 100644
index 000000000..3fa2793b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-bad-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
new file mode 100644
index 000000000..9902cf34e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDIzCCAg2gAwIBAgIUTUm5ul0tN4EwdDlukUalvORwf9cwCwYJKoZIhvcNAQEL
+MDcxNTAzBgNVBAMMLFRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVsdGlwbGUgVExT
+IEZlYXR1cmVzMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCwx
+KjAoBgNVBAMMIU11bHRpIFRMUyBGZWF0dXJlIFRlc3QgRW5kLUVudGl0eTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaMyMDAwGAYDVR0RBBEwD4INKi5leGFtcGxlLmNvbTAUBggrBgEFBQcBGAQIMAYC
+AQUCAQYwCwYJKoZIhvcNAQELA4IBAQAQYR5dlm5vViftK6q+RRFU+SRr9UduirxU
+Kykrf1IhrnhnGs+XSf6awTrSWvPRZgnLgGOK+X8VTjTTFNPEHDBfXgSydj5hEEk2
+aqZThJYrtObYTLIOaFsfn72mitEhojFg1mUq3TvAVNQZrh1SKKEAH6fFTyTh7MG7
+JVkt44aU0KVXlvqr6wZ+lZ/C1rvUaVVVwanyd0OodvSjNT/3o/Y3F5MxNVH1JwE/
+MgixwIqBkxHva07XmpSCD+GoF2jnBd0kTJOiDd+hVbIqkDN1/b00zI8l9Gu5JIoh
+KDDIi2rkJ3khaGjHk934j8IHdGhq281/jTelNDak1FNcKZbhtIH6
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
new file mode 100644
index 000000000..7a8dd223d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/multi-tls-feature-good-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Multiple TLS Features
+subject:Multi TLS Feature Test End-Entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
new file mode 100644
index 000000000..f11b4b0cf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAe6gAwIBAgIUI5EYmGMBogOQ/tZl8X6zfFiEEzgwCwYJKoZIhvcNAQEL
+MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw
+IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP
+VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAYBgNVHREEETAPgg0qLmV4YW1wbGUu
+Y29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkqhkiG9w0BAQsDggEBADnrurEZfGFH
+wRvnU4iAJf3JOdzUIAB2vPZh1dE7lI1/uqkdoVU7yJJ8ATfH1enD30S1mYOMJM7K
+GpWZXRPMSu8VLTmSc5e55GIGXUw/TlNQQ9XL/P1DTFU73Q/AzbxNOR4KO1UOyZAk
+EOFvYaDsMnx7WOlqKcg8ad5pi3UWqW97kAPNaGwnd6PVoeF+SZSoMgNJdNeupjYf
+izckdD0iP7kFCjlJn+NJNkiwE1WNabqgiWAJUfgH7ck5CR98+1DlGqqZP4FuyQW3
+2AGZYrKC1LZR623le9TZjHsfAWFcBFhrf+QoqRVhBsBLKWWKrRqEo2Erpj8najTe
+Q756exgcc5o=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
new file mode 100644
index 000000000..352a60675
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee-with-must-staple-int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
new file mode 100644
index 000000000..9ad410a12
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUV0syO5TM/Hi/n/3k2+YYxrJdoUkwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowGjEYMBYGA1UEAwwPVGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAY
+BgNVHREEETAPgg0qLmV4YW1wbGUuY29tMBEGCCsGAQUFBwEYBAUwAwIBBTALBgkq
+hkiG9w0BAQsDggEBAIUrl9TwMdyfzqh7QH65lQ84r/+fdhYZmTAQC+Rb43aZBwCR
+WlhmJdcNSq6vIGorap0dAPC9+COLcOA6L0YcqaGxIf1fJdiCPuOR1r6Gnns2DnLi
+NkxEF8BfKi3POeGK5oEgAbvdvnZgL/GMMST9508WHMY6StjbyGZCE9nQh1dcVme1
+sJ6681Q3CnPYN6D2C/D5mJi8sgdjCPRvntHjfE8uHfvJ7r5/FjsXmY0r056QFPb6
+pi7YhaJP179c5jxQEfakz8zwu4vxkdCwyuj+WK0AjmVTp0vghiX9mHXyXvqTEQuz
+tO9XdoIyDDbG7Ki0CFkAObPBnSyf1kWaAHrjmVs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
new file mode 100644
index 000000000..2cda40dc0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
new file mode 100644
index 000000000..356235d2c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8TCCAdugAwIBAgIUV9dOwBwg2FhF47/4B7qXwQrm1WowCwYJKoZIhvcNAQEL
+MC0xKzApBgNVBAMMIlRlc3QgSW50ZXJtZWRpYXRlIFdpdGggTXVzdC1TdGFwbGUw
+IhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwP
+VGVzdCBFbmQtZW50aXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABoxwwGjAYBgNVHREEETAPgg0qLmV4YW1wbGUu
+Y29tMAsGCSqGSIb3DQEBCwOCAQEAswPptGhoxspv+EZLQd99afqMGGOwoHVS3Chz
+HWRXD0CA41nqI+qjr6dAHPsCETwdmV/Mt0Nrm67p/LMQFRrlI8uXLu/l5dtbh4NT
+qBK3n8j/OTzdTxUh9YsXCa+k8sOQKTLnqgNQDJmrjQZ7L1i/N5xqc9LSG32e6wqr
+6gU3IKv5jWp7lhalkDg+z3VNyvkrPzh9VVWn5IhiHLb88eIEO8XCZ+4CdPR+m+6N
+x16VoWRDo0f2wp6vkQga/ow161mjNCXCaFrTOF7oR5qk+cJ6S46YFn3lS0qrmaee
+9kTQpvhsNpso1Oat9xPaaW7VUmREO8/X5YcFUPBXnkK023s33g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
new file mode 100644
index 000000000..8e4a6ac0c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/must-staple-missing-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate With Must-Staple
+subject:Test End-entity
+extension:subjectAlternativeName:*.example.com
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
new file mode 100644
index 000000000..af8f05578
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMTCCAhugAwIBAgIUC5PMK/apYIhhJmSJ5REzi1z8GkwwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCwxKjAoBgNVBAMMIVRlc3QgRW5kLWVudGl0eSB3
+aXRoIEludGVybWVkaWF0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG
+8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0V
+gg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g3
+04hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l
+0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz
+/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0RBBwwGoIJbG9jYWxob3N0
+gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0
+cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsDggEBAKQk077vTRXtYJIB
+DlyrzAF/hGVjs1dw5DHiExEBcNs5VRqhx419dX+UBbTOGVakWWNCY3JVkuEU19yf
+W2iAAHLuwxmBs+bAJ9N2NvKg8cFH9NNtMfRc0V/9sFscOtRcws9EPHWK4KwQ/86F
+EIsm/hkAysKMOaS7+hz/Wk8zS0hTMXQaAnUTGs680gD2SflZBjD17oHpYAJ98qsu
+pUWHWRGM6aqb3nExTbwWW0KA6KV6LgpLnTuRzINLIICsShD+ILNGn3dmxL4XqlSq
+Fyt1Z/xfs/bsdYnGT8Q/6+cBVEvUNhb2dL+ASVMHVC0eLlIzB/lqNt2T1X3J4jZE
+AYgJ+oM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
new file mode 100644
index 000000000..ae3a51565
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspEEWithIntermediate.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test Intermediate
+subject:Test End-entity with Intermediate
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
new file mode 100644
index 000000000..0e9090fec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDEDCCAfqgAwIBAgIUFUjNmE1SFk2rDh8tqRDSpaELFlMwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowFTETMBEGA1UEAwwKT3RoZXIgQ2VydDCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNbMFkwIwYDVR0R
+BBwwGoIJbG9jYWxob3N0gg0qLmV4YW1wbGUuY29tMDIGCCsGAQUFBwEBBCYwJDAi
+BggrBgEFBQcwAYYWaHR0cDovL2xvY2FsaG9zdDo4ODg4LzALBgkqhkiG9w0BAQsD
+ggEBALNTenHEPdfs+i78r4CBw+GMnpFXBXnMp1nqVwnZfVTCz/XtWjwJr3Oxw1ws
+aaypMgtUgkiXGzpdt+OxwdZqH+Z+uaO5EU1e3VzCYvWTUVJ9HLsL0VMsy4OQCX76
+QlvGNr4wIeXu4mOIQRkxPfQHs/SYNo21brxu4oTZ3XJELLvMxKNguX/+FtkzSl/o
+jilWj9Pc6gKSiaAbgc3lowS7NvkpxCsz9wTsi/66UhqDg7/dqaQEktApAZEFO6w7
+Mhbm2FGb4d/2t24SlrtETt15MoyKd2vvySzsLcQtRRAug8w2PDqyL5i/EoJhWC5q
+MziTfNeX4JKbaasP/25bscXYqng=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
new file mode 100644
index 000000000..5756f6ab5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/ocspOtherEndEntity.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Other Cert
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
new file mode 100644
index 000000000..6db74b5c5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDBdcZSZgmfdwgq
+Z5HxuHbDf1zlOLBsSs0iscvUb6Za2irdQcjCSYrEo7PB9hSH9BtpiUG9gKUcPBIC
+RMWEpMRIMwXlE4wBBs8IvpqGJ2C65qLo828jxdmDE7nfrzeDRdrOUdTW3NKmyzzH
+BuvNMHDsmMzkCqWR1ylaf3HFvmZpHSst/shJRFkLxaPqSf2TsddTQF8Xc3aZlYZm
+JUeX7UJpCIgIEUIgaZiKQ/7kjOaHgd0itqac0oN1Ex+TKxKM4ob6fSUcBirSfvAW
+8YfN1U6DKzW4kw90upCqi8dhZyQqsf1tYhQNGMTAuMaPw3SEVzJK196G5lUvHR4Z
+HXEhaNO7AgMBAAECggEAfj9tfLg572auXX3ZL/VBC7NB3BRyjTkDRXDho3B5DzDw
+aBNV//QeKtTpqdn86/vRJ736uMAK/7Hzzqcyfq1HqhYh8qwe4UygLwSzsnhgF5gL
+GBpEnQOwPmnRErg1ceVUNPASBWV10oMu1nMdznmeN8g/bVHFWrcetYAVrwXhrxXH
+R2A+9/J9A6b/BJ2Wu/hUweTlDvWwWND7CBgOCsf3vo8v8Wc9l/yeVduoOAd7v4p8
+/ylihXeFJpzZ1brStXRp5K/NM8TKLS9pnxHnyPvc1ITwjY77ijy4qXLrJL7Zcu+q
+5LtxIJPkj+lKRutimodQeMQCGposk8mnA5Dp0KVEAQKBgQDmP8clprp2klp/+MtZ
+xPVt1+yD/oW/H1PhHKyagSWLz8CugZB3sPLRR3qvho3mqOy+r3uyKxlvKprYLTKG
+8NDMKd5xnl8r6OUJtyhNWWPt02L5J4h6TEqJeZ00DVGzAax2AasnF5Ak/KrdOL9l
+Iq9j6xZGHsAqfyewb+Cd3afAoQKBgQDXGLH+n4+Z8A6DKuH73G/iqyfzTgScSYAQ
++g63CEhSGCNGCDtclsPu5VksAUpBDGuTCxZcE7XCaqMurG58klqFUcJRNPL0pyxk
+IfGacxSKDt+rpdOmiIs1y6GMAP047lqvC1RXMdcgdhu8ze50SlLKQV6Y5N4Bzf52
+TBlns+jK2wKBgAHlrKJmyUqI0i4TwrkuokcRbGV6B2gXvf0w20s6nTCVuaS2dJZH
+4vhOenhPx4OLCMhZcc96A2+jDjuRw8TQ3yePgMG26FnYRWrbE33vqp8fCsW6yakY
+T9TqJ51yLqYm8WDXiq17yDhFzLKd8RXIP2G3YiuZvUOcYJtXkKY8WVGBAoGBAIDM
+RdENJITuDRKX/Ae/gLO+/0Yeon4fOPNxeJw69mtKDt0hksIneR208cd64ka/NC8x
+hWsPVlgbWKlbETHAxTltsqjDxvOeouM2vCBa5qKgs2hp/KmMu6czzwExmm+bsmt8
+oj0wF/xVHNjaiv3Rf2+i4w00hoeYHNYjTVcekLffAoGAb3fAwfKuesFpVhzKSZxS
+vfvgTN3M29wSrsWoVpHoWUt+4pkI8w57lqpiVLgO1K7sm5k3gr38ebadjVjGiHD6
+S+G8DDUnKIxcgrtK668V7f8RBAP8eOas5qgoJ79C8M+nUeUHZRxWONuTk90j3R9r
+KVFR3kS3f+Vaew3yceGaZcA=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
new file mode 100644
index 000000000..cbd5f309c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.key.keyspec
@@ -0,0 +1 @@
+alternate
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
new file mode 100644
index 000000000..09bd4bb04
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUexJUIJpq50jgqOwQluhVrAzTF74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8y
+MDI1MDEwMTAwMDAwMFowGDEWMBQGA1UEAwwNT3RoZXIgdGVzdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCL
+jKgNGmCVYhntJo024WL8bF6hekERMYQbu/CK9moz6wlOpRMOQX1x7U/ianPW9Whi
+yoMAgAgNhLr2+t4ewqU2xRxMY0DvMSOuF9l08mptCW5sd/ocrRZuv/RcBmLcRnJm
+Y+HuaVOvf1ac32pNN5HYagGQbvvpAaHB5/DyYcywqUM7SttK1QF+AOsGePZdYUK2
+Od5wJwB7yE1Fpgf6O4vZaE0JkTVh8GQipwoPms2GYk2E1sJXu9eUrLBfioVVN0TF
+QF4xJxSwyxY8ys5E4+ftIVixVdetrcotUdYR64x9Hd5OPr5Q7VaAvd85ZvuB7xeK
+eHxNGBjaJMf1tkamLr3p
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
new file mode 100644
index 000000000..3bc975aa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/other-test-ca.pem.certspec
@@ -0,0 +1,7 @@
+issuer:Other test CA
+subject:Other test CA
+issuerKey:alternate
+subjectKey:alternate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
new file mode 100644
index 000000000..d10324fb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICcAIBADANBgkqhkiG9w0BAQEFAASCAlowggJWAgEAAoGAANKbsS+4T93NKbOl
+GctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZ
+BX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbh
+WvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAQJ/PEllBwvzkMJR1aLFJ3xbX9C97oXK
+1/4rJ5grsoURSlBwBANq4c+K5Usl5Ns5IVq9fpA/YYwtiy8IzGzRLbzNciBeSUW2
+s984nl5D3goUi7LITiQx/b5ZILBEuycvRez/ByG337YDl/xhOp6jXCIwBTDK6PkV
+nFNN878JEJUZAQJAD58XWXyFuAUbnGmvtV71dsmW29CQR9DM3ludYOpcZ/5PrGe+
+gD9LasWj8FD3a5ZvsU9c8QV2HlrebdlgsYO6VQJADXtjcRLOYaVRaMD5yThvsnmr
+QMug1Ukza7plJ3JjqseCYRosgdm2Nc94xAAYhZ4BjF6QBtEuPS7m80bnn6QzaQJA
+Cf1smj6m6RrjIHD5/BwhD/k1L5e+XR7rlRuzloHp3FtnKlMiIbPYkAyanZm50KTh
+AtxFDKG4ewsTid5lFsCuDQJAAUG4MkkbfdSoMwiSACTHnK5kvUR9+IO7TFZyqWur
+SLcSOzTyYyRFLNzrF/IeVw40fL4v1MLY+ZEOrCy22JW4yQJABFjdau4YyIsvm4Hx
+vDB1riDcH5lz0gck8gsGBD1hR8h4nUoHroi8gshDjIk+AXsTlH9i4LGJWKMetmSx
+nmTT4A==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
new file mode 100644
index 000000000..21ed73d60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.key.keyspec
@@ -0,0 +1 @@
+rsa1016
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
new file mode 100644
index 000000000..a6951536f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICZzCCAVGgAwIBAgIUSX19XEIdc7camdQ5y1SkxOjYv7kwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowNTEzMDEGA1UEAwwqUlNBIDEwMTYgS2V5IFNpemUgVGVzdCBEZWxl
+Z2F0ZWQgUmVzcG9uZGVyMIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgADSm7Ev
+uE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IHkNJTDOzlRNuZpx8FiWo+
+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0hdgaLhnVDU8LaFSsr217
+5p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAGjFzAVMBMGA1UdJQQMMAoG
+CCsGAQUFBwMJMAsGCSqGSIb3DQEBCwOCAQEAIsDgLYgpTge+vmb/dIvx4F+F5fZm
+N+WmVDn+f4JMHBEOxzWp67x19WkAbvVgj661qo53XtOjjVX80gDfur2fXDdqHF8G
+v2N+bKNxKJjxn8SojcXvy2unb3A7VbKcedMvwsesBHky/WPsBK9cQjNGxv4/jRfN
+/5q7AQeUaRlN97iEU0JGjIIta6qs/FCLobg5+bhmGdsP2HRacfeCbCkjfdA0QToz
+gyOM5g1rlDxXk8mdcnesQxLMi3cka/u8JqYiMjRb3khTjIlHtOcWuTFiPO8zKd/Y
+wvJ17FlqgdSHoCCpVP7kQk245umgsJZivphQ2RWKh1X4lhLZhzFP/5+rxw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
new file mode 100644
index 000000000..05f73368a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/rsa-1016-keysizeDelegatedSigner.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:RSA 1016 Key Size Test Delegated Responder
+subjectKey:rsa1016
+extension:extKeyUsage:OCSPSigning
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
new file mode 100644
index 000000000..1d50176e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUH9DaznYx1NE1Cu9I8cBqxV9VgF4wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowEjEQMA4GA1UEAwwHVGVzdCBDQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUw
+AwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA1o3GayNFRlVTrsoj2
+Ag06YatbGe94M/FT0MXngjlmrMkGZqHaDlrii7Jz+JP16CBjaIZ0ZP7I56Nn/l8y
+/kfe++zvr1uwRaKjtRGBiFpCjx10rI508wzSnOox3+bOtv9qjYaY7UjkBV3F40IS
+P8qKMtNspsR4tjS/D1jbculhngkPqhskefZFQQvcgG54L5j921GFKNeeX6i9QAzV
+jjM6i/iQYpAWCuh5+CetwUnfFuZCM80npp/qHMESkT3PyPpwqT9A5K+xQdVfpXq5
+SmVy5+QGWALuSV1sfIRXRwOh+2jCWwWPbyi9TlHrvlO5mL38qikdYBDPat3ve4cq
+5viq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
new file mode 100644
index 000000000..5d2435d7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Test CA
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
new file mode 100644
index 000000000..df9ad3ddb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUBVio/iQ21GCi2iUven8oJ/gae74wCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDI1MDEw
+MTAwMDAwMFowHDEaMBgGA1UEAwwRVGVzdCBJbnRlcm1lZGlhdGUwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq0
+7PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D
+/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuw
+JJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyX
+rZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWd
+q5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAry6Z
+DoUhexYUJTzWwN1ZIwWeXW/QxJR5u4DvK6pBPInDdyfv20EuxXKODYWXXPGbOY8X
+5SEsUtS+1WUlMAXenmejPvDcjeEGLS8tfJQbgHtPrDhQR43fnYGZrA2pWVmxQ+TJ
+Lrg18uGIuMcfAr3RwMzeK+uj81bybeYZN5haISWa6bF2a81vMx/WDgyFSYYBOYph
+nCPWVSqPTK/6NwbyWZORs474Flx45uzo7g9mMCmbwz9IzdJYpVrViVAFTU1gSbNQ
+ED3LzwGkS7eO8Lqzk9a94uIGqhxtGDvxFe+6Be/Il3M/5d2WC2Jmqzv8cU/u4GLb
+dKrXnD3epofIjHnOUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
new file mode 100644
index 000000000..33b42c2f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate
+validity:20150101-20250101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
new file mode 100644
index 000000000..bed4aa01f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCjCCAfSgAwIBAgIUF6PsbfnmMCcksq3bK0t3nzIF7tUwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowNzE1MDMGA1UEAwwsVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdWx0
+aXBsZSBUTFMgRmVhdHVyZXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjMzAxMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMBQGCCsGAQUFBwEYBAgwBgIBBQIBBjALBgkqhkiG9w0BAQsDggEBACXM
+X1+QvZrthE9BrtXJMI2wNwZTzvAiGIqcqxtD9a6oTP1OAM+U7+3iANV4BT+IOS1z
+9KhPBwzdFxQTxHO7mx34T+ImN5WeIn/Hhm1RrBe67Jqvi+Pu1bHparQCoQl1OjH8
+mtSaV+VA7pciTvyU9GwMMsCyiOMElt/j8GjtbyMAQmQ9+xbyVV30kQCEZaNgzgf6
+ilNPTtVtzofi6Y4gUZ3tGYVQaDvVJRhdS64w+A2rXSDREykU114P+qY9M6TkRYI7
+KPvPIVSUz0ry3RPazPdDYbyRAqHUi1e5yxBn/Lhx8bGSrnCe4Au2PNDnU7d8rzZl
+yaBFzeN4UoHzO47kZAw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
new file mode 100644
index 000000000..3f0e925aa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-multi-tls-feature-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Multiple TLS Features
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple,6
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
new file mode 100644
index 000000000..d00c3d101
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIC/TCCAeegAwIBAgIUexXLwzeuuZ7h9L7rPOqB8bmBqKswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowLTErMCkGA1UEAwwiVGVzdCBJbnRlcm1lZGlhdGUgV2l0aCBNdXN0
+LVN0YXBsZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYI
+KwYBBQUHARgEBTADAgEFMAsGCSqGSIb3DQEBCwOCAQEAtJc7b/hr44cTKye9RzeU
+9HJmYyrdbTxVlQ2elV07NZ1i4K6HuCs4shQ997z+ALGOsSWny6MoP+C3u91rn90b
+QO5SpVCj4wMjB7Lao8XuO47OWqcdMzCqqA51+3pCF6qq8U2jBe/lbDZYvOyTwk/9
++PuasYUaXc5Lr/cdjMqJu1bBncdZny+cBqWqUJ3H4AFRSgZ4nbgkyksrgHiUW6aE
+VzejhDcE06cn3N7cp6VyA0mh1qH7cOSWGk8ORo8hzmoY6dKIBTkncYOu2psAnfkU
+99CODDCmfQd9uwp3bBX/MPPkxXjA72SVream3ULGa7o9gpoI5A6eOollJCox49DJ
+ow==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
new file mode 100644
index 000000000..7c29aa0ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/ocsp_certs/test-must-staple-int.pem.certspec
@@ -0,0 +1,5 @@
+issuer:Test CA
+subject:Test Intermediate With Must-Staple
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:TLSFeature:OCSPMustStaple
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
new file mode 100644
index 000000000..4935c0781
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+FINAL_TARGET = '_tests/xpcshell/security/manager/ssl/tests/unit/pkcs11testmodule'
+
+UNIFIED_SOURCES += [
+    'pkcs11testmodule.cpp',
+]
+
+SharedLibrary('pkcs11testmodule')
+
+# C_GetFunctionList needs to be exported. As it turns out, it's much easier to
+# just export all the symbols.
+NO_VISIBILITY_FLAGS = True
+SYMBOLS_FILE = 'pkcs11testmodule.symbols'
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
new file mode 100644
index 000000000..531da1308
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.cpp
@@ -0,0 +1,633 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a testing PKCS #11 module that simulates a token being inserted and
+// removed from a slot every 50ms. This is achieved mainly in
+// Test_C_WaitForSlotEvent. The smartcard monitoring code essentially calls
+// this function in a tight loop. Each time, this module waits for 50ms and
+// returns, having changed its internal state to report that the token has
+// either been inserted or removed, as appropriate.
+// This module also provides an alternate token that is always present for tests
+// that don't want the cyclic behavior described above.
+
+#include <string.h>
+
+#if defined(WIN32)
+#  include <windows.h> // for Sleep
+#else
+#  include <unistd.h> // for usleep
+#endif
+
+#include "pkcs11.h"
+
+CK_RV Test_C_Initialize(CK_VOID_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_Finalize(CK_VOID_PTR)
+{
+  return CKR_OK;
+}
+
+static const CK_VERSION CryptokiVersion = { 2, 2 };
+static const CK_VERSION TestLibraryVersion = { 0, 0 };
+static const char TestLibraryDescription[] = "Test PKCS11 Library";
+static const char TestManufacturerID[] = "Test PKCS11 Manufacturer ID";
+
+/* The dest buffer is one in the CK_INFO or CK_TOKEN_INFO structs.
+ * Those buffers are padded with spaces. DestSize corresponds to the declared
+ * size for those buffers (e.g. 32 for `char foo[32]`).
+ * The src buffer is a string literal. SrcSize includes the string
+ * termination character (e.g. 4 for `const char foo[] = "foo"` */
+template <size_t DestSize, size_t SrcSize>
+void CopyString(unsigned char (&dest)[DestSize], const char (&src)[SrcSize])
+{
+  static_assert(DestSize >= SrcSize - 1, "DestSize >= SrcSize - 1");
+  memcpy(dest, src, SrcSize - 1);
+  memset(dest + SrcSize - 1, ' ', DestSize - SrcSize + 1);
+}
+
+CK_RV Test_C_GetInfo(CK_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->cryptokiVersion = CryptokiVersion;
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->flags = 0; // must be 0
+  CopyString(pInfo->libraryDescription, TestLibraryDescription);
+  pInfo->libraryVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR)
+{
+  return CKR_OK;
+}
+
+static int tokenPresent = 0;
+
+CK_RV Test_C_GetSlotList(CK_BBOOL limitToTokensPresent,
+                         CK_SLOT_ID_PTR pSlotList,
+                         CK_ULONG_PTR pulCount)
+{
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  // Slot 2 is always present, while slot 1 may or may not be present.
+  CK_ULONG slotCount = (!limitToTokensPresent || tokenPresent ? 1 : 0) + 1;
+
+  if (pSlotList) {
+    if (*pulCount < slotCount) {
+      return CKR_BUFFER_TOO_SMALL;
+    }
+    // apparently CK_SLOT_IDs are integers [1,N] because
+    // who likes counting from 0 all the time?
+    if (slotCount == 1) {
+      pSlotList[0] = 2;
+    } else {
+      pSlotList[0] = 1;
+      pSlotList[1] = 2;
+    }
+  }
+
+  *pulCount = slotCount;
+  return CKR_OK;
+}
+
+static const char TestSlotDescription[] = "Test PKCS11 Slot";
+static const char TestSlot2Description[] = "Test PKCS11 Slot 二";
+
+CK_RV Test_C_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->slotDescription, TestSlotDescription);
+      pInfo->flags = (tokenPresent ? CKF_TOKEN_PRESENT : 0) |
+                     CKF_REMOVABLE_DEVICE;
+      break;
+    case 2:
+      CopyString(pInfo->slotDescription, TestSlot2Description);
+      pInfo->flags = CKF_TOKEN_PRESENT | CKF_REMOVABLE_DEVICE;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  return CKR_OK;
+}
+
+// Deliberately include énye to ensure we're handling encoding correctly.
+// The PKCS #11 base specification v2.20 specifies that strings be encoded
+// as UTF-8.
+static const char TestTokenLabel[] = "Test PKCS11 Tokeñ Label";
+static const char TestToken2Label[] = "Test PKCS11 Tokeñ 2 Label";
+static const char TestTokenModel[] = "Test Model";
+
+CK_RV Test_C_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (slotID) {
+    case 1:
+      CopyString(pInfo->label, TestTokenLabel);
+      break;
+    case 2:
+      CopyString(pInfo->label, TestToken2Label);
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  CopyString(pInfo->manufacturerID, TestManufacturerID);
+  CopyString(pInfo->model, TestTokenModel);
+  memset(pInfo->serialNumber, 0, sizeof(pInfo->serialNumber));
+  pInfo->flags = CKF_TOKEN_INITIALIZED;
+  pInfo->ulMaxSessionCount = 1;
+  pInfo->ulSessionCount = 0;
+  pInfo->ulMaxRwSessionCount = 1;
+  pInfo->ulRwSessionCount = 0;
+  pInfo->ulMaxPinLen = 4;
+  pInfo->ulMinPinLen = 4;
+  pInfo->ulTotalPublicMemory = 1024;
+  pInfo->ulFreePublicMemory = 1024;
+  pInfo->ulTotalPrivateMemory = 1024;
+  pInfo->ulFreePrivateMemory = 1024;
+  pInfo->hardwareVersion = TestLibraryVersion;
+  pInfo->firmwareVersion = TestLibraryVersion;
+  memset(pInfo->utcTime, 0, sizeof(pInfo->utcTime));
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismList(CK_SLOT_ID,
+                              CK_MECHANISM_TYPE_PTR,
+                              CK_ULONG_PTR pulCount)
+{
+  if (!pulCount) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  *pulCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetMechanismInfo(CK_SLOT_ID, CK_MECHANISM_TYPE,
+                              CK_MECHANISM_INFO_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitToken(CK_SLOT_ID, CK_UTF8CHAR_PTR, CK_ULONG, CK_UTF8CHAR_PTR)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_InitPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetPIN(CK_SESSION_HANDLE, CK_UTF8CHAR_PTR, CK_ULONG,
+                    CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_OpenSession(CK_SLOT_ID slotID, CK_FLAGS, CK_VOID_PTR, CK_NOTIFY,
+                         CK_SESSION_HANDLE_PTR phSession)
+{
+  switch (slotID) {
+    case 1:
+      *phSession = 1;
+      break;
+    case 2:
+      *phSession = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseSession(CK_SESSION_HANDLE)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_CloseAllSessions(CK_SLOT_ID)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                            CK_SESSION_INFO_PTR pInfo)
+{
+  if (!pInfo) {
+    return CKR_ARGUMENTS_BAD;
+  }
+
+  switch (hSession) {
+    case 1:
+      pInfo->slotID = 1;
+      break;
+    case 2:
+      pInfo->slotID = 2;
+      break;
+    default:
+      return CKR_ARGUMENTS_BAD;
+  }
+
+  pInfo->state = CKS_RO_PUBLIC_SESSION;
+  pInfo->flags = CKF_SERIAL_SESSION;
+  return CKR_OK;
+}
+
+CK_RV Test_C_GetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetOperationState(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_OBJECT_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Login(CK_SESSION_HANDLE, CK_USER_TYPE, CK_UTF8CHAR_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Logout(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CreateObject(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG,
+                          CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CopyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ATTRIBUTE_PTR,
+                        CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DestroyObject(CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetObjectSize(CK_SESSION_HANDLE, CK_OBJECT_HANDLE, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SetAttributeValue(CK_SESSION_HANDLE, CK_OBJECT_HANDLE,
+                               CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_FindObjectsInit(CK_SESSION_HANDLE, CK_ATTRIBUTE_PTR, CK_ULONG)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjects(CK_SESSION_HANDLE, CK_OBJECT_HANDLE_PTR, CK_ULONG,
+                         CK_ULONG_PTR pulObjectCount)
+{
+  *pulObjectCount = 0;
+  return CKR_OK;
+}
+
+CK_RV Test_C_FindObjectsFinal(CK_SESSION_HANDLE)
+{
+  return CKR_OK;
+}
+
+CK_RV Test_C_EncryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Encrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_EncryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Decrypt(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                     CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Digest(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestKey(CK_SESSION_HANDLE, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Sign(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                  CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                         CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_Verify(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG, CK_BYTE_PTR,
+                    CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyFinal(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecoverInit(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                               CK_OBJECT_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_VerifyRecover(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                           CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DigestEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptDigestUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SignEncryptUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                               CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DecryptVerifyUpdate(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG,
+                                 CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_ATTRIBUTE_PTR,
+                         CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateKeyPair(CK_SESSION_HANDLE, CK_MECHANISM_PTR,
+                             CK_ATTRIBUTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR,
+                             CK_ULONG, CK_OBJECT_HANDLE_PTR,
+                             CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                     CK_OBJECT_HANDLE, CK_BYTE_PTR, CK_ULONG_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_UnwrapKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_BYTE_PTR, CK_ULONG, CK_ATTRIBUTE_PTR, CK_ULONG,
+                       CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_DeriveKey(CK_SESSION_HANDLE, CK_MECHANISM_PTR, CK_OBJECT_HANDLE,
+                       CK_ATTRIBUTE_PTR, CK_ULONG, CK_OBJECT_HANDLE_PTR)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_SeedRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GenerateRandom(CK_SESSION_HANDLE, CK_BYTE_PTR, CK_ULONG)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_GetFunctionStatus(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_CancelFunction(CK_SESSION_HANDLE)
+{
+  return CKR_FUNCTION_NOT_SUPPORTED;
+}
+
+CK_RV Test_C_WaitForSlotEvent(CK_FLAGS, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR)
+{
+#ifdef WIN32
+  Sleep(50); // Sleep takes the duration argument as milliseconds
+#else
+  usleep(50000); // usleep takes the duration argument as microseconds
+#endif
+  *pSlot = 1;
+  tokenPresent = !tokenPresent;
+  return CKR_OK;
+}
+
+static CK_FUNCTION_LIST FunctionList = {
+  { 2, 2 },
+  Test_C_Initialize,
+  Test_C_Finalize,
+  Test_C_GetInfo,
+  Test_C_GetFunctionList,
+  Test_C_GetSlotList,
+  Test_C_GetSlotInfo,
+  Test_C_GetTokenInfo,
+  Test_C_GetMechanismList,
+  Test_C_GetMechanismInfo,
+  Test_C_InitToken,
+  Test_C_InitPIN,
+  Test_C_SetPIN,
+  Test_C_OpenSession,
+  Test_C_CloseSession,
+  Test_C_CloseAllSessions,
+  Test_C_GetSessionInfo,
+  Test_C_GetOperationState,
+  Test_C_SetOperationState,
+  Test_C_Login,
+  Test_C_Logout,
+  Test_C_CreateObject,
+  Test_C_CopyObject,
+  Test_C_DestroyObject,
+  Test_C_GetObjectSize,
+  Test_C_GetAttributeValue,
+  Test_C_SetAttributeValue,
+  Test_C_FindObjectsInit,
+  Test_C_FindObjects,
+  Test_C_FindObjectsFinal,
+  Test_C_EncryptInit,
+  Test_C_Encrypt,
+  Test_C_EncryptUpdate,
+  Test_C_EncryptFinal,
+  Test_C_DecryptInit,
+  Test_C_Decrypt,
+  Test_C_DecryptUpdate,
+  Test_C_DecryptFinal,
+  Test_C_DigestInit,
+  Test_C_Digest,
+  Test_C_DigestUpdate,
+  Test_C_DigestKey,
+  Test_C_DigestFinal,
+  Test_C_SignInit,
+  Test_C_Sign,
+  Test_C_SignUpdate,
+  Test_C_SignFinal,
+  Test_C_SignRecoverInit,
+  Test_C_SignRecover,
+  Test_C_VerifyInit,
+  Test_C_Verify,
+  Test_C_VerifyUpdate,
+  Test_C_VerifyFinal,
+  Test_C_VerifyRecoverInit,
+  Test_C_VerifyRecover,
+  Test_C_DigestEncryptUpdate,
+  Test_C_DecryptDigestUpdate,
+  Test_C_SignEncryptUpdate,
+  Test_C_DecryptVerifyUpdate,
+  Test_C_GenerateKey,
+  Test_C_GenerateKeyPair,
+  Test_C_WrapKey,
+  Test_C_UnwrapKey,
+  Test_C_DeriveKey,
+  Test_C_SeedRandom,
+  Test_C_GenerateRandom,
+  Test_C_GetFunctionStatus,
+  Test_C_CancelFunction,
+  Test_C_WaitForSlotEvent
+};
+
+CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList)
+{
+  *ppFunctionList = &FunctionList;
+  return CKR_OK;
+}
diff --git a/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
new file mode 100644
index 000000000..562ecea21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pkcs11testmodule/pkcs11testmodule.symbols
@@ -0,0 +1 @@
+C_GetFunctionList
diff --git a/security/manager/ssl/tests/unit/pycert.py b/security/manager/ssl/tests/unit/pycert.py
new file mode 100755
index 000000000..9c8efa915
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pycert.py
@@ -0,0 +1,697 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a certificate specification from stdin or a file and outputs a
+signed x509 certificate with the desired properties.
+
+The input format is as follows:
+
+issuer:<issuer distinguished name specification>
+subject:<subject distinguished name specification>
+[version:{1,2,3,4}]
+[validity:<YYYYMMDD-YYYYMMDD|duration in days>]
+[issuerKey:<key specification>]
+[subjectKey:<key specification>]
+[signature:{sha256WithRSAEncryption,sha1WithRSAEncryption,
+            md5WithRSAEncryption,ecdsaWithSHA256}]
+[serialNumber:<integer in the interval [1, 127]>]
+[extension:<extension name:<extension-specific data>>]
+[...]
+
+Known extensions are:
+basicConstraints:[cA],[pathLenConstraint]
+keyUsage:[digitalSignature,nonRepudiation,keyEncipherment,
+          dataEncipherment,keyAgreement,keyCertSign,cRLSign]
+extKeyUsage:[serverAuth,clientAuth,codeSigning,emailProtection
+             nsSGC, # Netscape Server Gated Crypto
+             OCSPSigning,timeStamping]
+subjectAlternativeName:[<dNSName|directoryName>,...]
+authorityInformationAccess:<OCSP URI>
+certificatePolicies:[<policy OID>,...]
+nameConstraints:{permitted,excluded}:[<dNSName|directoryName>,...]
+nsCertType:sslServer
+TLSFeature:[<TLSFeature>,...]
+
+Where:
+  [] indicates an optional field or component of a field
+  <> indicates a required component of a field
+  {} indicates a choice of exactly one value among a set of values
+  [a,b,c] indicates a list of potential values, of which zero or more
+          may be used
+
+For instance, the version field is optional. However, if it is
+specified, it must have exactly one value from the set {1,2,3,4}.
+
+Most fields have reasonable default values. By default one shared RSA
+key is used for all signatures and subject public key information
+fields. Using "issuerKey:<key specification>" or
+"subjectKey:<key specification>" causes a different key be used for
+signing or as the subject public key information field, respectively.
+See pykey.py for the list of available specifications.
+The signature algorithm is sha256WithRSAEncryption by default.
+
+The validity period may be specified as either concrete notBefore and
+notAfter values or as a validity period centered around 'now'. For the
+latter, this will result in a notBefore of 'now' - duration/2 and a
+notAfter of 'now' + duration/2.
+
+Issuer and subject distinguished name specifications are of the form
+'[stringEncoding]/C=XX/O=Example/CN=example.com'. C (country name), ST
+(state or province name), L (locality name), O (organization name), OU
+(organizational unit name), CN (common name) and emailAddress (email
+address) are currently supported. The optional stringEncoding field may
+be 'utf8String' or 'printableString'. If the given string does not
+contain a '/', it is assumed to represent a common name. If an empty
+string is provided, then an empty distinguished name is returned.
+DirectoryNames also use this format. When specifying a directoryName in
+a nameConstraints extension, the implicit form may not be used.
+
+If an extension name has '[critical]' after it, it will be marked as
+critical. Otherwise (by default), it will not be marked as critical.
+
+TLSFeature values can either consist of a named value (currently only
+'OCSPMustStaple' which corresponds to status_request) or a numeric TLS
+feature value (see rfc7633 for more information).
+
+If a serial number is not explicitly specified, it is automatically
+generated based on the contents of the certificate.
+"""
+
+from pyasn1.codec.der import decoder
+from pyasn1.codec.der import encoder
+from pyasn1.type import constraint, namedtype, tag, univ, useful
+from pyasn1_modules import rfc2459
+import base64
+import datetime
+import hashlib
+import re
+import sys
+
+import pykey
+
+# The GeneralSubtree definition in pyasn1_modules.rfc2459 is incorrect.
+# Where this definition uses a DefaultedNamedType, pyasn1_modules uses
+# a NamedType, which results in the default value being explicitly
+# encoded, which is incorrect for DER.
+class GeneralSubtree(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('base', rfc2459.GeneralName()),
+        namedtype.DefaultedNamedType('minimum', rfc2459.BaseDistance(0).subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('maximum', rfc2459.BaseDistance().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+# The NameConstraints definition in pyasn1_modules.rfc2459 is incorrect.
+# excludedSubtrees has a tag value of 1, not 0.
+class NameConstraints(univ.Sequence):
+    componentType = namedtype.NamedTypes(
+        namedtype.OptionalNamedType('permittedSubtrees', rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+        namedtype.OptionalNamedType('excludedSubtrees', rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1)))
+    )
+
+
+class Error(Exception):
+    """Base class for exceptions in this module."""
+    pass
+
+
+class UnknownBaseError(Error):
+    """Base class for handling unexpected input in this module."""
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = 'input'
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownAlgorithmTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown algorithm types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'algorithm'
+
+
+class UnknownParameterTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input parameters."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'parameter'
+
+
+class UnknownExtensionTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown input extensions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'extension'
+
+
+class UnknownKeyPurposeTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown key purposes."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'keyPurpose'
+
+
+class UnknownKeyTargetError(UnknownBaseError):
+    """Helper exception type to handle unknown key targets."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'key target'
+
+
+class UnknownVersionError(UnknownBaseError):
+    """Helper exception type to handle unknown specified versions."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'version'
+
+
+class UnknownNameConstraintsSpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown specified
+    nameConstraints."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'nameConstraints specification'
+
+
+class UnknownDNTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown DN types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'DN'
+
+
+class UnknownNSCertTypeError(UnknownBaseError):
+    """Helper exception type to handle unknown nsCertType types."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'nsCertType'
+
+
+class UnknownTLSFeature(UnknownBaseError):
+    """Helper exception type to handle unknown TLS Features."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'TLSFeature'
+
+
+class InvalidSerialNumber(Error):
+    """Exception type to handle invalid serial numbers."""
+
+    def __init__(self, value):
+        super(InvalidSerialNumber, self).__init__()
+        self.value = value
+
+    def __str__(self):
+        return repr(self.value)
+
+
+def getASN1Tag(asn1Type):
+    """Helper function for returning the base tag value of a given
+    type from the pyasn1 package"""
+    return asn1Type.baseTagSet.getBaseTag().asTuple()[2]
+
+def stringToAccessDescription(string):
+    """Helper function that takes a string representing a URI
+    presumably identifying an OCSP authority information access
+    location. Returns an AccessDescription usable by pyasn1."""
+    accessMethod = rfc2459.id_ad_ocsp
+    accessLocation = rfc2459.GeneralName()
+    accessLocation.setComponentByName('uniformResourceIdentifier', string)
+    sequence = univ.Sequence()
+    sequence.setComponentByPosition(0, accessMethod)
+    sequence.setComponentByPosition(1, accessLocation)
+    return sequence
+
+def stringToDN(string, tag=None):
+    """Takes a string representing a distinguished name or directory
+    name and returns a Name for use by pyasn1. See the documentation
+    for the issuer and subject fields for more details. Takes an
+    optional implicit tag in cases where the Name needs to be tagged
+    differently."""
+    if string and '/' not in string:
+        string = '/CN=%s' % string
+    rdns = rfc2459.RDNSequence()
+    pattern = '/(C|ST|L|O|OU|CN|emailAddress)='
+    split = re.split(pattern, string)
+    # split should now be [[encoding], <type>, <value>, <type>, <value>, ...]
+    if split[0]:
+        encoding = split[0]
+    else:
+        encoding = 'utf8String'
+    for pos, (nameType, value) in enumerate(zip(split[1::2], split[2::2])):
+        ava = rfc2459.AttributeTypeAndValue()
+        if nameType == 'C':
+            ava.setComponentByName('type', rfc2459.id_at_countryName)
+            nameComponent = rfc2459.X520countryName(value)
+        elif nameType == 'ST':
+            ava.setComponentByName('type', rfc2459.id_at_stateOrProvinceName)
+            nameComponent = rfc2459.X520StateOrProvinceName()
+        elif nameType == 'L':
+            ava.setComponentByName('type', rfc2459.id_at_localityName)
+            nameComponent = rfc2459.X520LocalityName()
+        elif nameType == 'O':
+            ava.setComponentByName('type', rfc2459.id_at_organizationName)
+            nameComponent = rfc2459.X520OrganizationName()
+        elif nameType == 'OU':
+            ava.setComponentByName('type', rfc2459.id_at_organizationalUnitName)
+            nameComponent = rfc2459.X520OrganizationalUnitName()
+        elif nameType == 'CN':
+            ava.setComponentByName('type', rfc2459.id_at_commonName)
+            nameComponent = rfc2459.X520CommonName()
+        elif nameType == 'emailAddress':
+            ava.setComponentByName('type', rfc2459.emailAddress)
+            nameComponent = rfc2459.Pkcs9email(value)
+        else:
+            raise UnknownDNTypeError(nameType)
+        if not nameType == 'C' and not nameType == 'emailAddress':
+            # The value may have things like '\0' (i.e. a slash followed by
+            # the number zero) that have to be decoded into the resulting
+            # '\x00' (i.e. a byte with value zero).
+            nameComponent.setComponentByName(encoding, value.decode(encoding='string_escape'))
+        ava.setComponentByName('value', nameComponent)
+        rdn = rfc2459.RelativeDistinguishedName()
+        rdn.setComponentByPosition(0, ava)
+        rdns.setComponentByPosition(pos, rdn)
+    if tag:
+        name = rfc2459.Name().subtype(implicitTag=tag)
+    else:
+        name = rfc2459.Name()
+    name.setComponentByPosition(0, rdns)
+    return name
+
+def stringToAlgorithmIdentifiers(string):
+    """Helper function that converts a description of an algorithm
+    to a representation usable by the pyasn1 package and a hash
+    algorithm name for use by pykey."""
+    algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+    algorithmName = None
+    algorithm = None
+    if string == 'sha1WithRSAEncryption':
+        algorithmName = 'SHA-1'
+        algorithm = rfc2459.sha1WithRSAEncryption
+    elif string == 'sha256WithRSAEncryption':
+        algorithmName = 'SHA-256'
+        algorithm = univ.ObjectIdentifier('1.2.840.113549.1.1.11')
+    elif string == 'md5WithRSAEncryption':
+        algorithmName = 'MD5'
+        algorithm = rfc2459.md5WithRSAEncryption
+    elif string == 'ecdsaWithSHA256':
+        algorithmName = 'sha256'
+        algorithm = univ.ObjectIdentifier('1.2.840.10045.4.3.2')
+    else:
+        raise UnknownAlgorithmTypeError(string)
+    algorithmIdentifier.setComponentByName('algorithm', algorithm)
+    return (algorithmIdentifier, algorithmName)
+
+def datetimeToTime(dt):
+    """Takes a datetime object and returns an rfc2459.Time object with
+    that time as its value as a GeneralizedTime"""
+    time = rfc2459.Time()
+    time.setComponentByName('generalTime', useful.GeneralizedTime(dt.strftime('%Y%m%d%H%M%SZ')))
+    return time
+
+def serialBytesToString(serialBytes):
+    """Takes a list of integers in the interval [0, 255] and returns
+    the corresponding serial number string."""
+    serialBytesLen = len(serialBytes)
+    if serialBytesLen > 127:
+        raise InvalidSerialNumber("{} bytes is too long".format(serialBytesLen))
+    # Prepend the ASN.1 INTEGER tag and length bytes.
+    stringBytes = [getASN1Tag(univ.Integer), serialBytesLen] + serialBytes
+    return ''.join(chr(b) for b in stringBytes)
+
+class Certificate(object):
+    """Utility class for reading a certificate specification and
+    generating a signed x509 certificate"""
+
+    def __init__(self, paramStream):
+        self.versionValue = 2 # a value of 2 is X509v3
+        self.signature = 'sha256WithRSAEncryption'
+        self.issuer = 'Default Issuer'
+        actualNow = datetime.datetime.utcnow()
+        self.now = datetime.datetime.strptime(str(actualNow.year), '%Y')
+        aYearAndAWhile = datetime.timedelta(days=400)
+        self.notBefore = self.now - aYearAndAWhile
+        self.notAfter = self.now + aYearAndAWhile
+        self.subject = 'Default Subject'
+        self.extensions = None
+        self.subjectKey = pykey.keyFromSpecification('default')
+        self.issuerKey = pykey.keyFromSpecification('default')
+        self.serialNumber = None
+        self.decodeParams(paramStream)
+        # If a serial number wasn't specified, generate one based on
+        # the certificate contents.
+        if not self.serialNumber:
+            self.serialNumber = self.generateSerialNumber()
+
+    def generateSerialNumber(self):
+        """Generates a serial number for this certificate based on its
+        contents. Intended to be reproducible for compatibility with
+        the build system on OS X (see the comment above main, later in
+        this file)."""
+        hasher = hashlib.sha256()
+        hasher.update(str(self.versionValue))
+        hasher.update(self.signature)
+        hasher.update(self.issuer)
+        hasher.update(str(self.notBefore))
+        hasher.update(str(self.notAfter))
+        hasher.update(self.subject)
+        if self.extensions:
+            for extension in self.extensions:
+                hasher.update(str(extension))
+        serialBytes = [ord(c) for c in hasher.digest()[:20]]
+        # Ensure that the most significant bit isn't set (which would
+        # indicate a negative number, which isn't valid for serial
+        # numbers).
+        serialBytes[0] &= 0x7f
+        # Also ensure that the least significant bit on the most
+        # significant byte is set (to prevent a leading zero byte,
+        # which also wouldn't be valid).
+        serialBytes[0] |= 0x01
+        return serialBytesToString(serialBytes)
+
+    def decodeParams(self, paramStream):
+        for line in paramStream.readlines():
+            self.decodeParam(line.strip())
+
+    def decodeParam(self, line):
+        param = line.split(':')[0]
+        value = ':'.join(line.split(':')[1:])
+        if param == 'version':
+            self.setVersion(value)
+        elif param == 'subject':
+            self.subject = value
+        elif param == 'issuer':
+            self.issuer = value
+        elif param == 'validity':
+            self.decodeValidity(value)
+        elif param == 'extension':
+            self.decodeExtension(value)
+        elif param == 'issuerKey':
+            self.setupKey('issuer', value)
+        elif param == 'subjectKey':
+            self.setupKey('subject', value)
+        elif param == 'signature':
+            self.signature = value
+        elif param == 'serialNumber':
+            serialNumber = int(value)
+            # Ensure only serial numbers that conform to the rules listed in
+            # generateSerialNumber() are permitted.
+            if serialNumber < 1 or serialNumber > 127:
+                raise InvalidSerialNumber(value)
+            self.serialNumber = serialBytesToString([serialNumber])
+        else:
+            raise UnknownParameterTypeError(param)
+
+    def setVersion(self, version):
+        intVersion = int(version)
+        if intVersion >= 1 and intVersion <= 4:
+            self.versionValue = intVersion - 1
+        else:
+            raise UnknownVersionError(version)
+
+    def decodeValidity(self, duration):
+        match = re.search('([0-9]{8})-([0-9]{8})', duration)
+        if match:
+            self.notBefore = datetime.datetime.strptime(match.group(1), '%Y%m%d')
+            self.notAfter = datetime.datetime.strptime(match.group(2), '%Y%m%d')
+        else:
+            delta = datetime.timedelta(days=(int(duration) / 2))
+            self.notBefore = self.now - delta
+            self.notAfter = self.now + delta
+
+    def decodeExtension(self, extension):
+        match = re.search(r'([a-zA-Z]+)(\[critical\])?:(.*)', extension)
+        if not match:
+            raise UnknownExtensionTypeError(extension)
+        extensionType = match.group(1)
+        critical = match.group(2)
+        value = match.group(3)
+        if extensionType == 'basicConstraints':
+            self.addBasicConstraints(value, critical)
+        elif extensionType == 'keyUsage':
+            self.addKeyUsage(value, critical)
+        elif extensionType == 'extKeyUsage':
+            self.addExtKeyUsage(value, critical)
+        elif extensionType == 'subjectAlternativeName':
+            self.addSubjectAlternativeName(value, critical)
+        elif extensionType == 'authorityInformationAccess':
+            self.addAuthorityInformationAccess(value, critical)
+        elif extensionType == 'certificatePolicies':
+            self.addCertificatePolicies(value, critical)
+        elif extensionType == 'nameConstraints':
+            self.addNameConstraints(value, critical)
+        elif extensionType == 'nsCertType':
+            self.addNSCertType(value, critical)
+        elif extensionType == 'TLSFeature':
+            self.addTLSFeature(value, critical)
+        else:
+            raise UnknownExtensionTypeError(extensionType)
+
+    def setupKey(self, subjectOrIssuer, value):
+        if subjectOrIssuer == 'subject':
+            self.subjectKey = pykey.keyFromSpecification(value)
+        elif subjectOrIssuer == 'issuer':
+            self.issuerKey = pykey.keyFromSpecification(value)
+        else:
+            raise UnknownKeyTargetError(subjectOrIssuer)
+
+    def addExtension(self, extensionType, extensionValue, critical):
+        if not self.extensions:
+            self.extensions = []
+        encapsulated = univ.OctetString(encoder.encode(extensionValue))
+        extension = rfc2459.Extension()
+        extension.setComponentByName('extnID', extensionType)
+        # critical is either the string '[critical]' or None.
+        # We only care whether or not it is truthy.
+        if critical:
+            extension.setComponentByName('critical', True)
+        extension.setComponentByName('extnValue', encapsulated)
+        self.extensions.append(extension)
+
+    def addBasicConstraints(self, basicConstraints, critical):
+        cA = basicConstraints.split(',')[0]
+        pathLenConstraint = basicConstraints.split(',')[1]
+        basicConstraintsExtension = rfc2459.BasicConstraints()
+        basicConstraintsExtension.setComponentByName('cA', cA == 'cA')
+        if pathLenConstraint:
+            pathLenConstraintValue = \
+                univ.Integer(int(pathLenConstraint)).subtype(
+                    subtypeSpec=constraint.ValueRangeConstraint(0, 64))
+            basicConstraintsExtension.setComponentByName('pathLenConstraint',
+                                                         pathLenConstraintValue)
+        self.addExtension(rfc2459.id_ce_basicConstraints, basicConstraintsExtension, critical)
+
+    def addKeyUsage(self, keyUsage, critical):
+        keyUsageExtension = rfc2459.KeyUsage(keyUsage)
+        self.addExtension(rfc2459.id_ce_keyUsage, keyUsageExtension, critical)
+
+    def keyPurposeToOID(self, keyPurpose):
+        if keyPurpose == 'serverAuth':
+            # the OID for id_kp_serverAuth is incorrect in the
+            # pyasn1-modules implementation
+            return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.1')
+        if keyPurpose == 'clientAuth':
+            return rfc2459.id_kp_clientAuth
+        if keyPurpose == 'codeSigning':
+            return rfc2459.id_kp_codeSigning
+        if keyPurpose == 'emailProtection':
+            return rfc2459.id_kp_emailProtection
+        if keyPurpose == 'nsSGC':
+            return univ.ObjectIdentifier('2.16.840.1.113730.4.1')
+        if keyPurpose == 'OCSPSigning':
+            return univ.ObjectIdentifier('1.3.6.1.5.5.7.3.9')
+        if keyPurpose == 'timeStamping':
+            return rfc2459.id_kp_timeStamping
+        raise UnknownKeyPurposeTypeError(keyPurpose)
+
+    def addExtKeyUsage(self, extKeyUsage, critical):
+        extKeyUsageExtension = rfc2459.ExtKeyUsageSyntax()
+        for count, keyPurpose in enumerate(extKeyUsage.split(',')):
+            extKeyUsageExtension.setComponentByPosition(count, self.keyPurposeToOID(keyPurpose))
+        self.addExtension(rfc2459.id_ce_extKeyUsage, extKeyUsageExtension, critical)
+
+    def addSubjectAlternativeName(self, names, critical):
+        subjectAlternativeName = rfc2459.SubjectAltName()
+        for count, name in enumerate(names.split(',')):
+            generalName = rfc2459.GeneralName()
+            if '/' in name:
+                directoryName = stringToDN(name,
+                                           tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
+                generalName.setComponentByName('directoryName', directoryName)
+            else:
+                # The string may have things like '\0' (i.e. a slash
+                # followed by the number zero) that have to be decoded into
+                # the resulting '\x00' (i.e. a byte with value zero).
+                generalName.setComponentByName('dNSName', name.decode(encoding='string_escape'))
+            subjectAlternativeName.setComponentByPosition(count, generalName)
+        self.addExtension(rfc2459.id_ce_subjectAltName, subjectAlternativeName, critical)
+
+    def addAuthorityInformationAccess(self, ocspURI, critical):
+        sequence = univ.Sequence()
+        accessDescription = stringToAccessDescription(ocspURI)
+        sequence.setComponentByPosition(0, accessDescription)
+        self.addExtension(rfc2459.id_pe_authorityInfoAccess, sequence, critical)
+
+    def addCertificatePolicies(self, policyOIDs, critical):
+        policies = rfc2459.CertificatePolicies()
+        for pos, policyOID in enumerate(policyOIDs.split(',')):
+            if policyOID == 'any':
+                policyOID = '2.5.29.32.0'
+            policy = rfc2459.PolicyInformation()
+            policyIdentifier = rfc2459.CertPolicyId(policyOID)
+            policy.setComponentByName('policyIdentifier', policyIdentifier)
+            policies.setComponentByPosition(pos, policy)
+        self.addExtension(rfc2459.id_ce_certificatePolicies, policies, critical)
+
+    def addNameConstraints(self, constraints, critical):
+        nameConstraints = NameConstraints()
+        if constraints.startswith('permitted:'):
+            (subtreesType, subtreesTag) = ('permittedSubtrees', 0)
+        elif constraints.startswith('excluded:'):
+            (subtreesType, subtreesTag) = ('excludedSubtrees', 1)
+        else:
+            raise UnknownNameConstraintsSpecificationError(constraints)
+        generalSubtrees = rfc2459.GeneralSubtrees().subtype(
+            implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, subtreesTag))
+        subtrees = constraints[(constraints.find(':') + 1):]
+        for pos, name in enumerate(subtrees.split(',')):
+            generalName = rfc2459.GeneralName()
+            if '/' in name:
+                directoryName = stringToDN(name,
+                                           tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))
+                generalName.setComponentByName('directoryName', directoryName)
+            else:
+                generalName.setComponentByName('dNSName', name)
+            generalSubtree = GeneralSubtree()
+            generalSubtree.setComponentByName('base', generalName)
+            generalSubtrees.setComponentByPosition(pos, generalSubtree)
+        nameConstraints.setComponentByName(subtreesType, generalSubtrees)
+        self.addExtension(rfc2459.id_ce_nameConstraints, nameConstraints, critical)
+
+    def addNSCertType(self, certType, critical):
+        if certType != 'sslServer':
+            raise UnknownNSCertTypeError(certType)
+        self.addExtension(univ.ObjectIdentifier('2.16.840.1.113730.1.1'), univ.BitString("'01'B"),
+                          critical)
+
+    def addTLSFeature(self, features, critical):
+        namedFeatures = {'OCSPMustStaple': 5}
+        featureList = [f.strip() for f in features.split(',')]
+        sequence = univ.Sequence()
+        for feature in featureList:
+            featureValue = 0
+            try:
+                featureValue = int(feature)
+            except ValueError:
+                try:
+                    featureValue = namedFeatures[feature]
+                except:
+                    raise UnknownTLSFeature(feature)
+            sequence.setComponentByPosition(len(sequence),
+                                            univ.Integer(featureValue))
+        self.addExtension(univ.ObjectIdentifier('1.3.6.1.5.5.7.1.24'), sequence,
+                          critical)
+
+    def getVersion(self):
+        return rfc2459.Version(self.versionValue).subtype(
+            explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))
+
+    def getSerialNumber(self):
+        return decoder.decode(self.serialNumber)[0]
+
+    def getIssuer(self):
+        return stringToDN(self.issuer)
+
+    def getValidity(self):
+        validity = rfc2459.Validity()
+        validity.setComponentByName('notBefore', self.getNotBefore())
+        validity.setComponentByName('notAfter', self.getNotAfter())
+        return validity
+
+    def getNotBefore(self):
+        return datetimeToTime(self.notBefore)
+
+    def getNotAfter(self):
+        return datetimeToTime(self.notAfter)
+
+    def getSubject(self):
+        return stringToDN(self.subject)
+
+    def toDER(self):
+        (signatureOID, hashName) = stringToAlgorithmIdentifiers(self.signature)
+        tbsCertificate = rfc2459.TBSCertificate()
+        tbsCertificate.setComponentByName('version', self.getVersion())
+        tbsCertificate.setComponentByName('serialNumber', self.getSerialNumber())
+        tbsCertificate.setComponentByName('signature', signatureOID)
+        tbsCertificate.setComponentByName('issuer', self.getIssuer())
+        tbsCertificate.setComponentByName('validity', self.getValidity())
+        tbsCertificate.setComponentByName('subject', self.getSubject())
+        tbsCertificate.setComponentByName('subjectPublicKeyInfo',
+                                          self.subjectKey.asSubjectPublicKeyInfo())
+        if self.extensions:
+            extensions = rfc2459.Extensions().subtype(
+                explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))
+            for count, extension in enumerate(self.extensions):
+                extensions.setComponentByPosition(count, extension)
+            tbsCertificate.setComponentByName('extensions', extensions)
+        certificate = rfc2459.Certificate()
+        certificate.setComponentByName('tbsCertificate', tbsCertificate)
+        certificate.setComponentByName('signatureAlgorithm', signatureOID)
+        tbsDER = encoder.encode(tbsCertificate)
+        certificate.setComponentByName('signatureValue', self.issuerKey.sign(tbsDER, hashName))
+        return encoder.encode(certificate)
+
+    def toPEM(self):
+        output = '-----BEGIN CERTIFICATE-----'
+        der = self.toDER()
+        b64 = base64.b64encode(der)
+        while b64:
+            output += '\n' + b64[:64]
+            b64 = b64[64:]
+        output += '\n-----END CERTIFICATE-----'
+        return output
+
+
+# The build harness will call this function with an output
+# file-like object and a path to a file containing a
+# specification. This will read the specification and output
+# the certificate as PEM.
+# This utility tries as hard as possible to ensure that two
+# runs with the same input will have the same output. This is
+# particularly important when building on OS X, where we
+# generate everything twice for unified builds. During the
+# unification step, if any pair of input files differ, the build
+# system throws an error.
+# The one concrete failure mode is if one run happens before
+# midnight on New Year's Eve and the next run happens after
+# midnight.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(Certificate(configStream).toPEM())
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == '__main__':
+    print Certificate(sys.stdin).toPEM()
diff --git a/security/manager/ssl/tests/unit/pykey.py b/security/manager/ssl/tests/unit/pykey.py
new file mode 100755
index 000000000..d3c43deb4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/pykey.py
@@ -0,0 +1,706 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Reads a key specification from stdin or a file and outputs a
+PKCS #8 file representing the (private) key. Also provides
+methods for signing data and representing the key as a subject
+public key info for use with pyasn1.
+
+The key specification format is as follows:
+
+default: a 2048-bit RSA key
+alternate: a different 2048-bit RSA key
+ev: a 2048-bit RSA key that, when combined with the right pycert
+    specification, results in a certificate that is enabled for
+    extended validation in debug Firefox (see ExtendedValidation.cpp).
+evRSA2040: a 2040-bit RSA key that, when combined with the right pycert
+           specification, results in a certificate that is enabled for
+           extended validation in debug Firefox.
+rsa2040: a 2040-bit RSA key
+rsa1024: a 1024-bit RSA key
+rsa1016: a 1016-bit RSA key
+secp256k1: an ECC key on the curve secp256k1
+secp244r1: an ECC key on the curve secp244r1
+secp256r1: an ECC key on the curve secp256r1
+secp384r1: an ECC key on the curve secp384r1
+secp521r1: an ECC key on the curve secp521r1
+"""
+
+from pyasn1.codec.der import encoder
+from pyasn1.type import univ, namedtype
+from pyasn1_modules import rfc2459
+from ecc import encoding
+from ecc import Key
+import base64
+import binascii
+import mock
+import rsa
+import sys
+
+def byteStringToHexifiedBitString(string):
+    """Takes a string of bytes and returns a hex string representing
+    those bytes for use with pyasn1.type.univ.BitString. It must be of
+    the form "'<hex bytes>'H", where the trailing 'H' indicates to
+    pyasn1 that the input is a hex string."""
+    return "'%s'H" % binascii.hexlify(string)
+
+class UnknownBaseError(Exception):
+    """Base class for handling unexpected input in this module."""
+    def __init__(self, value):
+        super(UnknownBaseError, self).__init__()
+        self.value = value
+        self.category = 'input'
+
+    def __str__(self):
+        return 'Unknown %s type "%s"' % (self.category, repr(self.value))
+
+
+class UnknownKeySpecificationError(UnknownBaseError):
+    """Helper exception type to handle unknown key specifications."""
+
+    def __init__(self, value):
+        UnknownBaseError.__init__(self, value)
+        self.category = 'key specification'
+
+class RSAPublicKey(univ.Sequence):
+    """Helper type for encoding an RSA public key"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('N', univ.Integer()),
+        namedtype.NamedType('E', univ.Integer()))
+
+
+class RSAPrivateKey(univ.Sequence):
+    """Helper type for encoding an RSA private key"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer()),
+        namedtype.NamedType('modulus', univ.Integer()),
+        namedtype.NamedType('publicExponent', univ.Integer()),
+        namedtype.NamedType('privateExponent', univ.Integer()),
+        namedtype.NamedType('prime1', univ.Integer()),
+        namedtype.NamedType('prime2', univ.Integer()),
+        namedtype.NamedType('exponent1', univ.Integer()),
+        namedtype.NamedType('exponent2', univ.Integer()),
+        namedtype.NamedType('coefficient', univ.Integer()),
+    )
+
+
+class ECPoint(univ.Sequence):
+    """Helper type for encoding a EC point"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('x', univ.Integer()),
+        namedtype.NamedType('y', univ.Integer())
+    )
+
+
+class PrivateKeyInfo(univ.Sequence):
+    """Helper type for encoding a PKCS #8 private key info"""
+    componentType = namedtype.NamedTypes(
+        namedtype.NamedType('version', univ.Integer()),
+        namedtype.NamedType('privateKeyAlgorithm', rfc2459.AlgorithmIdentifier()),
+        namedtype.NamedType('privateKey', univ.OctetString())
+    )
+
+
+class RSAKey(object):
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=
+    sharedRSA_N = long(
+        '00ba8851a8448e16d641fd6eb6880636103d3c13d9eae4354ab4ecf56857'
+        '6c247bc1c725a8e0d81fbdb19c069b6e1a86f26be2af5a756b6a6471087a'
+        'a55aa74587f71cd5249c027ecd43fc1e69d038202993ab20c349e4dbb94c'
+        'c26b6c0eed15820ff17ead691ab1d3023a8b2a41eea770e00f0d8dfd660b'
+        '2bb02492a47db988617990b157903dd23bc5e0b8481fa837d38843ef2716'
+        'd855b7665aaa7e02902f3a7b10800624cc1c6c97ad96615bb7e29612c075'
+        '31a30c91ddb4caf7fcad1d25d309efb9170ea768e1b37b2f226f69e3b48a'
+        '95611dee26d6259dab91084e36cb1c24042cbf168b2fe5f18f991731b8b3'
+        'fe4923fa7251c431d503acda180a35ed8d', 16)
+    sharedRSA_E = 65537L
+    sharedRSA_D = long(
+        '009ecbce3861a454ecb1e0fe8f85dd43c92f5825ce2e997884d0e1a949da'
+        'a2c5ac559b240450e5ac9fe0c3e31c0eefa6525a65f0c22194004ee1ab46'
+        '3dde9ee82287cc93e746a91929c5e6ac3d88753f6c25ba5979e73e5d8fb2'
+        '39111a3cdab8a4b0cdf5f9cab05f1233a38335c64b5560525e7e3b92ad7c'
+        '7504cf1dc7cb005788afcbe1e8f95df7402a151530d5808346864eb370aa'
+        '79956a587862cb533791307f70d91c96d22d001a69009b923c683388c9f3'
+        '6cb9b5ebe64302041c78d908206b87009cb8cabacad3dbdb2792fb911b2c'
+        'f4db6603585be9ae0ca3b8e6417aa04b06e470ea1a3b581ca03a6781c931'
+        '5b62b30e6011f224725946eec57c6d9441', 16)
+    sharedRSA_P = long(
+        '00dd6e1d4fffebf68d889c4d114cdaaa9caa63a59374286c8a5c29a717bb'
+        'a60375644d5caa674c4b8bc7326358646220e4550d7608ac27d55b6db74f'
+        '8d8127ef8fa09098b69147de065573447e183d22fe7d885aceb513d9581d'
+        'd5e07c1a90f5ce0879de131371ecefc9ce72e9c43dc127d238190de81177'
+        '3ca5d19301f48c742b', 16)
+    sharedRSA_Q = long(
+        '00d7a773d9ebc380a767d2fec0934ad4e8b5667240771acdebb5ad796f47'
+        '8fec4d45985efbc9532968289c8d89102fadf21f34e2dd4940eba8c09d6d'
+        '1f16dcc29729774c43275e9251ddbe4909e1fd3bf1e4bedf46a39b8b3833'
+        '28ef4ae3b95b92f2070af26c9e7c5c9b587fedde05e8e7d86ca57886fb16'
+        '5810a77b9845bc3127', 16)
+    sharedRSA_exp1 = long(
+        '0096472b41a610c0ade1af2266c1600e3671355ba42d4b5a0eb4e9d7eb35'
+        '81400ba5dd132cdb1a5e9328c7bbc0bbb0155ea192972edf97d12751d8fc'
+        'f6ae572a30b1ea309a8712dd4e33241db1ee455fc093f5bc9b592d756e66'
+        '21474f32c07af22fb275d340792b32ba2590bbb261aefb95a258eea53765'
+        '5315be9c24d191992d', 16)
+    sharedRSA_exp2 = long(
+        '28b450a7a75a856413b2bda6f7a63e3d964fb9ecf50e3823ef6cc8e8fa26'
+        'ee413f8b9d1205540f12bbe7a0c76828b7ba65ad83cca4d0fe2a220114e1'
+        'b35d03d5a85bfe2706bd50fce6cfcdd571b46ca621b8ed47d605bbe765b0'
+        'aa4a0665ac25364da20154032e1204b8559d3e34fb5b177c9a56ff93510a'
+        '5a4a6287c151de2d', 16)
+    sharedRSA_coef = long(
+        '28067b9355801d2ef52dfa96d8adb589673cf8ee8a9c6ff72aeeabe9ef6b'
+        'e58a4f4abf05f788947dc851fdaa34542147a71a246bfb054ee76aa346ab'
+        'cd2692cfc9e44c51e6f069c735e073ba019f6a7214961c91b26871caeabf'
+        '8f064418a02690e39a8d5ff3067b7cdb7f50b1f53418a703966c4fc774bf'
+        '7402af6c43247f43', 16)
+
+    # For reference, when encoded as a subject public key info, the
+    # base64-encoded sha-256 hash of this key is
+    # MQj2tt1yGAfwFpWETYUCVrZxk2CD2705NKBQUlAaKJI=
+    alternateRSA_N = long(
+        '00c175c65266099f77082a6791f1b876c37f5ce538b06c4acd22b1cbd46f'
+        'a65ada2add41c8c2498ac4a3b3c1f61487f41b698941bd80a51c3c120244'
+        'c584a4c4483305e5138c0106cf08be9a862760bae6a2e8f36f23c5d98313'
+        'b9dfaf378345dace51d4d6dcd2a6cb3cc706ebcd3070ec98cce40aa591d7'
+        '295a7f71c5be66691d2b2dfec84944590bc5a3ea49fd93b1d753405f1773'
+        '7699958666254797ed426908880811422069988a43fee48ce68781dd22b6'
+        'a69cd28375131f932b128ce286fa7d251c062ad27ef016f187cdd54e832b'
+        '35b8930f74ba90aa8bc76167242ab1fd6d62140d18c4c0b8c68fc3748457'
+        '324ad7de86e6552f1d1e191d712168d3bb', 16)
+    alternateRSA_E = 65537L
+    alternateRSA_D = long(
+        '7e3f6d7cb839ef66ae5d7dd92ff5410bb341dc14728d39034570e1a37079'
+        '0f30f0681355fff41e2ad4e9a9d9fcebfbd127bdfab8c00affb1f3cea732'
+        '7ead47aa1621f2ac1ee14ca02f04b3b2786017980b181a449d03b03e69d1'
+        '12b83571e55434f012056575d2832ed6731dce799e37c83f6d51c55ab71e'
+        'b58015af05e1af15c747603ef7f27d03a6ff049d96bbf854c1e4e50ef5b0'
+        '58d0fb08180e0ac7f7be8f2ff1673d97fc9e55dba838077bbf8a7cff2962'
+        '857785269cd9d5bad2b57469e4afcd33c4ca2d2f699f11e7c8fbdcd484f0'
+        '8d8efb8a3cb8a972eb24bed972efaae4bb712093e48fe94a46eb629a8750'
+        '78c4021a9a2c93c9a70390e9d0a54401', 16)
+    alternateRSA_P = long(
+        '00e63fc725a6ba76925a7ff8cb59c4f56dd7ec83fe85bf1f53e11cac9a81'
+        '258bcfc0ae819077b0f2d1477aaf868de6a8ecbeaf7bb22b196f2a9ad82d'
+        '3286f0d0cc29de719e5f2be8e509b7284d5963edd362f927887a4c4a8979'
+        '9d340d51b301ac7601ab27179024fcaadd38bf6522af63eb16461ec02a7f'
+        '27b06fe09ddda7c0a1', 16)
+    alternateRSA_Q = long(
+        '00d718b1fe9f8f99f00e832ae1fbdc6fe2ab27f34e049c498010fa0eb708'
+        '4852182346083b5c96c3eee5592c014a410c6b930b165c13b5c26aa32eac'
+        '6e7c925a8551c25134f2f4a72c6421f19a73148a0edfaba5d3a6888b35cb'
+        'a18c00fd38ee5aaf0b545731d720761bbccdee744a52ca415e98e4de01cd'
+        'fe764c1967b3e8cadb', 16)
+    alternateRSA_exp1 = long(
+        '01e5aca266c94a88d22e13c2b92ea247116c657a076817bdfd30db4b3a9d'
+        '3095b9a4b6749647e2f84e7a784fc7838b08c85971cf7a036fa30e3b91c3'
+        'c4d0df278f80c1b6e859d8456adb137defaa9f1f0ac5bac9a9184fd4ea27'
+        '9d722ea626f160d78aad7bc83845ccb29df115c83f61b7622b99bd439c60'
+        '9b5790a63c595181', 16)
+    alternateRSA_exp2 = long(
+        '0080cc45d10d2484ee0d1297fc07bf80b3beff461ea27e1f38f371789c3a'
+        'f66b4a0edd2192c227791db4f1c77ae246bf342f31856b0f56581b58a95b'
+        '1131c0c5396db2a8c3c6f39ea2e336bc205ae6a2a0b36869fca98cbba733'
+        'cf01319a6f9bb26b7ca23d3017fc551cd8da8afdd17f6fa2e30d34868798'
+        '1cd6234d571e90b7df', 16)
+    alternateRSA_coef = long(
+        '6f77c0c1f2ae7ac169561cca499c52bdfbe04cddccdbdc12aec5a85691e8'
+        '594b7ee29908f30e7b96aa6254b80ed4aeec9b993782bdfc79b69d8d58c6'
+        '8870fa4be1bc0c3527288c5c82bb4aebaf15edff110403fc78e6ace6a828'
+        '27bf42f0cfa751e507651c5638db9393dd23dd1f6b295151de44b77fe55a'
+        '7b0df271e19a65c0', 16)
+
+    evRSA_N = long(
+        '00b549895c9d00108d11a1f99f87a9e3d1a5db5dfaecf188da57bf641368'
+        '8f2ce4722cff109038c17402c93a2a473dbd286aed3fdcd363cf5a291477'
+        '01bdd818d7615bf9356bd5d3c8336aaa8c0971368a06c3cd4461b93e5142'
+        '4e1744bb2eaad46aab38ce196821961f87714a1663693f09761cdf4d6ba1'
+        '25eacec7be270d388f789f6cdf78ae3144ed28c45e79293863a7a22a4898'
+        '0a36a40e72d579c9b925dff8c793362ffd6897a7c1754c5e97c967c3eadd'
+        '1aae8aa2ccce348a0169b80e28a2d70c1a960c6f335f2da09b9b643f5abf'
+        'ba49e8aaa981e960e27d87480bdd55dd9417fa18509fbb554ccf81a4397e'
+        '8ba8128a34bdf27865c189e5734fb22905', 16)
+    evRSA_E = 65537L
+    evRSA_D = long(
+        '00983d54f94d6f4c76eb23d6f93d78523530cf73b0d16254c6e781768d45'
+        'f55681d1d02fb2bd2aac6abc1c389860935c52a0d8f41482010394778314'
+        '1d864bff30803638a5c0152570ae9d18f3d8ca163efb475b0dddf32e7e16'
+        'ec7565e6bb5e025c41c5c66e57a03cede554221f83045347a2c4c451c3dc'
+        'e476b787ce0c057244be9e04ef13118dbbb3d5e0a6cc87029eafd4a69ed9'
+        'b14759b15e39d8a9884e56f54d2f9ab013f0d15f318a9ab6b2f73d1ec3c9'
+        'fe274ae89431a10640be7899b0011c5e5093a1834708689de100634dabde'
+        '60fbd6aaefa3a33df34a1f36f60c043036b748d1c9ee98c4031a0afec60e'
+        'fda0a990be524f5614eac4fdb34a52f951', 16)
+    evRSA_P = long(
+        '00eadc2cb33e5ff1ca376bbd95bd6a1777d2cf4fac47545e92d11a6209b9'
+        'd5e4ded47834581c169b3c884742a09ea187505c1ca55414d8d25b497632'
+        'd5ec2aaa05233430fad49892777a7d68e038f561a3b8969e60b0a263defb'
+        'fda48a9b0ff39d95bc88b15267c8ade97b5107948e41e433249d87f7db10'
+        '9d5d74584d86bcc1d7', 16)
+    evRSA_Q = long(
+        '00c59ae576a216470248d944a55b9e9bf93299da341ec56e558eba821abc'
+        'e1bf57b79cf411d2904c774f9dba1f15185f607b0574a08205d6ec28b66a'
+        '36d634232eaaf2fea37561abaf9d644b68db38c9964cb8c96ec0ac61eba6'
+        '4d05b446542f423976f5acde4ecc95536d2df578954f93f0cfd9c58fb78b'
+        'a2a76dd5ac284dc883', 16)
+    evRSA_exp1 = long(
+        '00c1d2ef3906331c52aca64811f9fe425beb2898322fb3db51032ce8d7e9'
+        'fc32240be92019cf2480fcd5e329837127118b2a59a1bfe06c883e3a4447'
+        'f3f031cd9aebd0b8d368fc79740d2cce8eadb324df7f091eafe1564361d5'
+        '4920b01b0471230e5e47d93f8ed33963c517bc4fc78f6d8b1f9eba85bcce'
+        'db7033026508db6285', 16)
+    evRSA_exp2 = long(
+        '008521b8db5694dfbe804a315f9efc9b65275c5490acf2a3456d65e6e610'
+        'bf9f647fc67501d4f5772f232ac70ccdef9fc2a6dfa415c7c41b6afc7af9'
+        'd07c3ca03f7ed93c09f0b99f2c304434322f1071709bbc1baa4c91575fa6'
+        'a959e07d4996956d95e22b57938b6e47c8d51ffedfc9bf888ce0d1a3e42b'
+        '65a89bed4b91d3e5f5', 16)
+    evRSA_coef = long(
+        '00dc497b06b920c8be0b0077b798e977eef744a90ec2c5d7e6cbb22448fa'
+        'c72da81a33180e0d8a02e831460c7fc7fd3a612f7b9930b61b799f8e908e'
+        '632e9ba0409b6aa70b03a3ba787426263b5bd5843df8476edb5d14f6a861'
+        '3ebaf5b9cd5ca42f5fbd2802e08e4e49e5709f5151510caa5ab2c1c6eb3e'
+        'fe9295d16e8c25c916', 16)
+
+    evRSA2040_N = long(
+        '00ca7020dc215f57914d343fae4a015111697af997a5ece91866499fc23f'
+        '1b88a118cbd30b10d91c7b9a0d4ee8972fcae56caf57f25fc1275a2a4dbc'
+        'b982428c32ef587bf2387410330a0ffb16b8029bd783969ef675f6de38c1'
+        '8f67193cb6c072f8b23d0b3374112627a57b90055771d9e62603f53788d7'
+        'f63afa724f5d108096df31f89f26b1eb5f7c4357980e008fcd55d827dd26'
+        '2395ca2f526a07897cc40c593b38716ebc0caa596719c6f29ac9b73a7a94'
+        '4748a3aa3e09e9eb4d461ea0027e540926614728b9d243975cf9a0541bef'
+        'd25e76b51f951110b0e7644fc7e38441791b6d2227384cb8004e23342372'
+        'b1cf5cc3e73e31b7bbefa160e6862ebb', 16)
+    evRSA2040_E = 65537L
+    evRSA2040_D = long(
+        '00b2db74bce92362abf72955a638ae8720ba3033bb7f971caf39188d7542'
+        'eaa1c1abb5d205b1e2111f4791c08911a2e141e8cfd7054702d23100b564'
+        '2c06e1a31b118afd1f9a2f396cced425c501d91435ca8656766ced2b93bb'
+        'b8669fce9bacd727d1dacb3dafabc3293e35389eef8ea0b58e1aeb1a20e6'
+        'a61f9fcd453f7567fe31d123b616a26fef4df1d6c9f7490111d028eefd1d'
+        '972045b1a242273dd7a67ebf111db2741a5a93c7b2289cc4a236f5a99a6e'
+        'c7a8206fdae1c1d04bdbb1980d4a298c5a17dae4186474a5f7835d882bce'
+        'f24aef4ed6f149f94d96c9f7d78e647fc778a9017ff208d3b4a1768b1821'
+        '62102cdab032fabbab38d5200a324649', 16)
+    evRSA2040_P = long(
+        '0f3844d0d4d4d6a21acd76a6fc370b8550e1d7ec5a6234172e790f0029ae'
+        '651f6d5c59330ab19802b9d7a207de7a1fb778e3774fdbdc411750633d8d'
+        '1b3fe075006ffcfd1d10e763c7a9227d2d5f0c2dade1c9e659c350a159d3'
+        '6bb986f12636d4f9942b288bc0fe21da8799477173144249ca2e389e6c5c'
+        '25aa78c8cad7d4df', 16)
+    evRSA2040_Q = long(
+        '0d4d0bedd1962f07a1ead6b23a4ed67aeaf1270f052a6d29ba074945c636'
+        '1a5c4f8f07bf859e067aed3f4e6e323ef2aa8a6acd340b0bdc7cfe4fd329'
+        'e3c97f870c7f7735792c6aa9d0f7e7542a28ed6f01b0e55a2b8d9c24a65c'
+        '6da314c95484f5c7c3954a81bb016b07ed17ee9b06039695bca059a79f8d'
+        'c2423d328d5265a5', 16)
+    evRSA2040_exp1 = long(
+        '09f29a2ff05be8a96d614ba31b08935420a86c6bc42b99a6692ea0da5763'
+        'f01e596959b7ddce73ef9c2e4f6e5b40710887500d44ba0c3cd3132cba27'
+        '475f39c2df7552e2d123a2497a4f97064028769a48a3624657f72bf539f3'
+        'd0de234feccd3be8a0aa90c6bf6e9b0bed43070a24d061ff3ed1751a3ef2'
+        'ff7f6b90b9dbd5fb', 16)
+    evRSA2040_exp2 = long(
+        '01a659e170cac120a03be1cf8f9df1caa353b03593bd7476e5853bd874c2'
+        '87388601c6c341ce9d1d284a5eef1a3a669d32b816a5eaecd8b7844fe070'
+        '64b9bca0c2b318d540277b3f7f1510d386bb36e03b04771e5d229e88893e'
+        '13b753bfb94518bb638e2404bd6e6a993c1668d93fc0b82ff08aaf34347d'
+        '3fe8397108c87ca5', 16)
+    evRSA2040_coef = long(
+        '040257c0d4a21c0b9843297c65652db66304fb263773d728b6abfa06d37a'
+        'c0ca62c628023e09e37dc0a901e4ce1224180e2582a3aa4b6a1a7b98e2bd'
+        '70077aec14ac8ab66a755c71e0fc102471f9bbc1b46a95aa0b645f2c38e7'
+        '6450289619ea3f5e8ae61037bffcf8249f22aa4e76e2a01909f3feb290ce'
+        '93edf57b10ebe796', 16)
+
+    rsa2040_N = long(
+        '00bac0652fdfbc0055882ffbaeaceec88fa2d083c297dd5d40664dd3d90f'
+        '52f9aa02bd8a50fba16e0fd991878ef475f9b350d9f8e3eb2abd717ce327'
+        'b09788531f13df8e3e4e3b9d616bb8a41e5306eed2472163161051180127'
+        '6a4eb66f07331b5cbc8bcae7016a8f9b3d4f2ac4553c624cf5263bcb348e'
+        '8840de6612870960a792191b138fb217f765cec7bff8e94f16b39419bf75'
+        '04c59a7e4f79bd6d173e9c7bf3d9d2a4e73cc180b0590a73d584fb7fc9b5'
+        '4fa544607e53fc685c7a55fd44a81d4142b6af51ea6fa6cea52965a2e8c5'
+        'd84f3ca024d6fbb9b005b9651ce5d9f2ecf40ed404981a9ffc02636e311b'
+        '095c6332a0c87dc39271b5551481774b', 16)
+    rsa2040_E = 65537L
+    rsa2040_D = long(
+        '603db267df97555cbed86b8df355034af28f1eb7f3e7829d239bcc273a7c'
+        '7a69a10be8f21f1b6c4b02c6bae3731c3158b5bbff4605f57ab7b7b2a0cb'
+        'a2ec005a2db5b1ea6e0aceea5bc745dcd2d0e9d6b80d7eb0ea2bc08127bc'
+        'e35fa50c42cc411871ba591e23ba6a38484a33eff1347f907ee9a5a92a23'
+        '11bb0b435510020f78e3bb00099db4d1182928096505fcba84f3ca1238fd'
+        '1eba5eea1f391bbbcc5424b168063fc17e1ca6e1912ccba44f9d0292308a'
+        '1fedb80612529b39f59d0a3f8180b5ba201132197f93a5815ded938df8e7'
+        'd93c9b15766588f339bb59100afda494a7e452d7dd4c9a19ce2ec3a33a18'
+        'b20f0b4dade172bee19f26f0dcbe41', 16)
+    rsa2040_P = long(
+        '0ec3869cb92d406caddf7a319ab29448bc505a05913707873361fc5b986a'
+        '499fb65eeb815a7e37687d19f128087289d9bb8818e7bcca502c4900ad9a'
+        'ece1179be12ff3e467d606fc820ea8f07ac9ebffe2236e38168412028822'
+        '3e42dbe68dfd972a85a6447e51695f234da7911c67c9ab9531f33df3b994'
+        '32d4ee88c9a4efbb', 16)
+    rsa2040_Q = long(
+        '0ca63934549e85feac8e0f5604303fd1849fe88af4b7f7e1213283bbc7a2'
+        'c2a509f9273c428c68de3db93e6145f1b400bd6d4a262614e9043ad362d4'
+        'eba4a6b995399c8934a399912199e841d8e8dbff0489f69e663796730b29'
+        '80530b31cb70695a21625ea2adccc09d930516fa872211a91e22dd89fd9e'
+        'b7da8574b72235b1', 16)
+    rsa2040_exp1 = long(
+        '0d7d3a75e17f65f8a658a485c4095c10a4f66979e2b73bca9cf8ef21253e'
+        '1facac6d4791f58392ce8656f88f1240cc90c29653e3100c6d7a38ed44b1'
+        '63b339e5f3b6e38912126c69b3ceff2e5192426d9649b6ffca1abb75d2ba'
+        '2ed6d9a26aa383c5973d56216ff2edb90ccf887742a0f183ac92c94cf187'
+        '657645c7772d9ad7', 16)
+    rsa2040_exp2 = long(
+        '03f550194c117f24bea285b209058032f42985ff55acebe88b16df9a3752'
+        '7b4e61dc91a68dbc9a645134528ce5f248bda2893c96cb7be79ee73996c7'
+        'c22577f6c2f790406f3472adb3b211b7e94494f32c5c6fcc0978839fe472'
+        '4c31b06318a2489567b4fca0337acb1b841227aaa5f6c74800a2306929f0'
+        '2ce038bad943df41', 16)
+    rsa2040_coef = long(
+        '080a7dbfa8c2584814c71664c56eb62ce4caf16afe88d4499159d674774a'
+        '3a3ecddf1256c02fc91525c527692422d0aba94e5c41ee12dc71bb66f867'
+        '9fa17e096f28080851ba046eb31885c1414e8985ade599d907af17453d1c'
+        'caea2c0d06443f8367a6be154b125e390ee0d90f746f08801dd3f5367f59'
+        'fba2e5a67c05f375', 16)
+
+    rsa1024_N = long(
+        '00d3a97440101eba8c5df9503e6f935eb52ffeb3ebe9d0dc5cace26f973c'
+        'a94cbc0d9c31d66c0c013bce9c82d0d480328df05fb6bcd7990a5312ddae'
+        '6152ad6ee61c8c1bdd8663c68bd36224a9882ae78e89f556dfdbe6f51da6'
+        '112cbfc27c8a49336b41afdb75321b52b24a7344d1348e646351a551c757'
+        '1ccda0b8fe35f61a75', 16)
+    rsa1024_E = 65537L
+    rsa1024_D = long(
+        '5b6708e185548fc07ff062dba3792363e106ff9177d60ee3227162391024'
+        '1813f958a318f26db8b6a801646863ebbc69190d6c2f5e7723433e99666d'
+        '76b3987892cd568f1f18451e8dc05477c0607ee348380ebb7f4c98d0c036'
+        'a0260bc67b2dab46cbaa4ce87636d839d8fddcbae2da3e02e8009a21225d'
+        'd7e47aff2f82699d', 16)
+    rsa1024_P = long(
+        '00fcdee570323e8fc399dbfc63d8c1569546fb3cd6886c628668ab1e1d0f'
+        'ca71058febdf76d702970ad6579d80ac2f9521075e40ef8f3f39983bd819'
+        '07e898bad3', 16)
+    rsa1024_Q = long(
+        '00d64801c955b4eb75fbae230faa8b28c9cc5e258be63747ff5ac8d2af25'
+        '3e9f6d6ce03ea2eb13ae0eb32572feb848c32ca00743635374338fedacd8'
+        'c5885f7897', 16)
+    rsa1024_exp1 = long(
+        '76c0526d5b1b28368a75d5d42a01b9a086e20b9310241e2cd2d0b166a278'
+        'c694ff1e9d25d9193d47789b52bb0fa194de1af0b77c09007f12afdfeef9'
+        '58d108c3', 16)
+    rsa1024_exp2 = long(
+        '008a41898d8b14217c4d782cbd15ef95d0a660f45ed09a4884f4e170367b'
+        '946d2f20398b907896890e88fe17b54bd7febe133ebc7720c86fe0649cca'
+        '7ca121e05f', 16)
+    rsa1024_coef = long(
+        '22db133445f7442ea2a0f582031ee214ff5f661972986f172651d8d6b4ec'
+        '3163e99bff1c82fe58ec3d075c6d8f26f277020edb77c3ba821b9ba3ae18'
+        'ff8cb2cb', 16)
+
+    rsa1016_N = long(
+        '00d29bb12fb84fddcd29b3a519cb66c43b8d8f8be545ba79384ce663ed03'
+        'df75991600eb920790d2530cece544db99a71f05896a3ed207165534aa99'
+        '057e47c47e3bc81ada6fa1e12e37268b5046a55268f9dad7ccb485d81a2e'
+        '19d50d4f0b6854acaf6d7be69d9a083136e15afa8f53c1c8c84fc6077279'
+        'dd0e55d7369a5bdd', 16)
+    rsa1016_E = 65537L
+    rsa1016_D = long(
+        '3c4965070bf390c251d5a2c5277c5b5fd0bdee85cad7fe2b27982bb28511'
+        '4a507004036ae1cf8ae54b25e4db39215abd7e903f618c2d8b2f08cc6cd1'
+        '2dbccd72205e4945b6b3df389e5e43de0a148bb2c84e2431fdbe5920b044'
+        'bb272f45ecff0721b7dfb60397fc613a9ea35c22300530cae8f9159c534d'
+        'f3bf0910951901', 16)
+    rsa1016_P = long(
+        '0f9f17597c85b8051b9c69afb55ef576c996dbd09047d0ccde5b9d60ea5c'
+        '67fe4fac67be803f4b6ac5a3f050f76b966fb14f5cf105761e5ade6dd960'
+        'b183ba55', 16)
+    rsa1016_Q = long(
+        '0d7b637112ce61a55168c0f9c9386fb279ab40cba0d549336bba65277263'
+        'aac782611a2c81d9b635cf78c40018859e018c5e9006d12e3d2ee6f346e7'
+        '9fa43369', 16)
+    rsa1016_exp1 = long(
+        '09fd6c9a3ea6e91ae32070f9fc1c210ff9352f97be5d1eeb951bb39681e9'
+        'dc5b672a532221b3d8900c9a9d99b9d0a4e102dc450ca1b87b0b1389de65'
+        '16c0ae0d', 16)
+    rsa1016_exp2 = long(
+        '0141b832491b7dd4a83308920024c79cae64bd447df883bb4c5672a96bab'
+        '48b7123b34f26324452cdceb17f21e570e347cbe2fd4c2d8f9910eac2cb6'
+        'd895b8c9', 16)
+    rsa1016_coef = long(
+        '0458dd6aee18c88b2f9b81f1bc3075ae20dc1f9973d20724f20b06043d61'
+        '47c8789d4a07ae88bc82c8438c893e017b13947f62e0b18958a31eb664b1'
+        '9e64d3e0', 16)
+
+    def __init__(self, specification):
+        if specification == 'default':
+            self.RSA_N = self.sharedRSA_N
+            self.RSA_E = self.sharedRSA_E
+            self.RSA_D = self.sharedRSA_D
+            self.RSA_P = self.sharedRSA_P
+            self.RSA_Q = self.sharedRSA_Q
+            self.RSA_exp1 = self.sharedRSA_exp1
+            self.RSA_exp2 = self.sharedRSA_exp2
+            self.RSA_coef = self.sharedRSA_coef
+        elif specification == 'alternate':
+            self.RSA_N = self.alternateRSA_N
+            self.RSA_E = self.alternateRSA_E
+            self.RSA_D = self.alternateRSA_D
+            self.RSA_P = self.alternateRSA_P
+            self.RSA_Q = self.alternateRSA_Q
+            self.RSA_exp1 = self.alternateRSA_exp1
+            self.RSA_exp2 = self.alternateRSA_exp2
+            self.RSA_coef = self.alternateRSA_coef
+        elif specification == 'ev':
+            self.RSA_N = self.evRSA_N
+            self.RSA_E = self.evRSA_E
+            self.RSA_D = self.evRSA_D
+            self.RSA_P = self.evRSA_P
+            self.RSA_Q = self.evRSA_Q
+            self.RSA_exp1 = self.evRSA_exp1
+            self.RSA_exp2 = self.evRSA_exp2
+            self.RSA_coef = self.evRSA_coef
+        elif specification == 'evRSA2040':
+            self.RSA_N = self.evRSA2040_N
+            self.RSA_E = self.evRSA2040_E
+            self.RSA_D = self.evRSA2040_D
+            self.RSA_P = self.evRSA2040_P
+            self.RSA_Q = self.evRSA2040_Q
+            self.RSA_exp1 = self.evRSA2040_exp1
+            self.RSA_exp2 = self.evRSA2040_exp2
+            self.RSA_coef = self.evRSA2040_coef
+        elif specification == 'rsa2040':
+            self.RSA_N = self.rsa2040_N
+            self.RSA_E = self.rsa2040_E
+            self.RSA_D = self.rsa2040_D
+            self.RSA_P = self.rsa2040_P
+            self.RSA_Q = self.rsa2040_Q
+            self.RSA_exp1 = self.rsa2040_exp1
+            self.RSA_exp2 = self.rsa2040_exp2
+            self.RSA_coef = self.rsa2040_coef
+        elif specification == 'rsa1024':
+            self.RSA_N = self.rsa1024_N
+            self.RSA_E = self.rsa1024_E
+            self.RSA_D = self.rsa1024_D
+            self.RSA_P = self.rsa1024_P
+            self.RSA_Q = self.rsa1024_Q
+            self.RSA_exp1 = self.rsa1024_exp1
+            self.RSA_exp2 = self.rsa1024_exp2
+            self.RSA_coef = self.rsa1024_coef
+        elif specification == 'rsa1016':
+            self.RSA_N = self.rsa1016_N
+            self.RSA_E = self.rsa1016_E
+            self.RSA_D = self.rsa1016_D
+            self.RSA_P = self.rsa1016_P
+            self.RSA_Q = self.rsa1016_Q
+            self.RSA_exp1 = self.rsa1016_exp1
+            self.RSA_exp2 = self.rsa1016_exp2
+            self.RSA_coef = self.rsa1016_coef
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+    def toDER(self):
+        privateKeyInfo = PrivateKeyInfo()
+        privateKeyInfo.setComponentByName('version', 0)
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption)
+        algorithmIdentifier.setComponentByName('parameters', univ.Null())
+        privateKeyInfo.setComponentByName('privateKeyAlgorithm', algorithmIdentifier)
+        rsaPrivateKey = RSAPrivateKey()
+        rsaPrivateKey.setComponentByName('version', 0)
+        rsaPrivateKey.setComponentByName('modulus', self.RSA_N)
+        rsaPrivateKey.setComponentByName('publicExponent', self.RSA_E)
+        rsaPrivateKey.setComponentByName('privateExponent', self.RSA_D)
+        rsaPrivateKey.setComponentByName('prime1', self.RSA_P)
+        rsaPrivateKey.setComponentByName('prime2', self.RSA_Q)
+        rsaPrivateKey.setComponentByName('exponent1', self.RSA_exp1)
+        rsaPrivateKey.setComponentByName('exponent2', self.RSA_exp2)
+        rsaPrivateKey.setComponentByName('coefficient', self.RSA_coef)
+        rsaPrivateKeyEncoded = encoder.encode(rsaPrivateKey)
+        privateKeyInfo.setComponentByName('privateKey', univ.OctetString(rsaPrivateKeyEncoded))
+        return encoder.encode(privateKeyInfo)
+
+    def toPEM(self):
+        output = '-----BEGIN PRIVATE KEY-----'
+        der = self.toDER()
+        b64 = base64.b64encode(der)
+        while b64:
+            output += '\n' + b64[:64]
+            b64 = b64[64:]
+        output += '\n-----END PRIVATE KEY-----'
+        return output
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', rfc2459.rsaEncryption)
+        algorithmIdentifier.setComponentByName('parameters', univ.Null())
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki.setComponentByName('algorithm', algorithmIdentifier)
+        rsaKey = RSAPublicKey()
+        rsaKey.setComponentByName('N', univ.Integer(self.RSA_N))
+        rsaKey.setComponentByName('E', univ.Integer(self.RSA_E))
+        subjectPublicKey = univ.BitString(byteStringToHexifiedBitString(encoder.encode(rsaKey)))
+        spki.setComponentByName('subjectPublicKey', subjectPublicKey)
+        return spki
+
+    def sign(self, data, hashAlgorithmName):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        rsaPrivateKey = rsa.PrivateKey(self.RSA_N, self.RSA_E, self.RSA_D, self.RSA_P, self.RSA_Q)
+        signature = rsa.sign(data, rsaPrivateKey, hashAlgorithmName)
+        return byteStringToHexifiedBitString(signature)
+
+
+ecPublicKey = univ.ObjectIdentifier('1.2.840.10045.2.1')
+secp256k1 = univ.ObjectIdentifier('1.3.132.0.10')
+secp224r1 = univ.ObjectIdentifier('1.3.132.0.33')
+secp256r1 = univ.ObjectIdentifier('1.2.840.10045.3.1.7')
+secp384r1 = univ.ObjectIdentifier('1.3.132.0.34')
+secp521r1 = univ.ObjectIdentifier('1.3.132.0.35')
+
+# ecc.curves.DOMAINS uses a 5-tuple to define curves.
+# The first number is p where F_p is the finite field of the curve.
+# The second number is the order n of the base point G.
+# The third number is the parameter b of the definition of the curve
+#   E: y^2 = x^3 + ax + b (a in this case is 0)
+# The fourth and fifth numbers constitute the base point G.
+secp256k1Params = (long('fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f', 16),
+                   long('fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141', 16),
+                   7,
+                   long('79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798', 16),
+                   long('483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8', 16))
+
+def longToEvenLengthHexString(val):
+    h = format(val, 'x')
+    if not len(h) % 2 == 0:
+        h = '0' + h
+    return h
+
+def notRandom(n):
+    return n * '\x04'
+
+class ECCKey(object):
+    secp256k1Encoded = str('08fd87b04fba98090100004035ee7c7289d8fef7a8'
+        '6afe5da66d8bc2ebb6a8543fd2fead089f45ce7acd0fa64382a9500c41dad'
+        '770ffd4b511bf4b492eb1238800c32c4f76c73a3f3294e7c5002067cebc20'
+        '8a5fa3df16ec2bb34acc59a42ab4abb0538575ca99b92b6a2149a04f')
+
+    secp224r1Encoded = str('0ee5587c4d18526f00e00038668d72cca6fd6a1b35'
+        '57b5366104d84408ecb637f08e8c86bbff82cc00e88f0066d7af63c3298ba'
+        '377348a1202b03b37fd6b1ff415aa311e001c04389459926c3296c242b83e'
+        '10a6cd2011c8fe2dae1b772ea5b21067')
+
+    secp256r1Encoded = str('cb872ac99cd31827010000404fbfbbbb61e0f8f9b1'
+        'a60a59ac8704e2ec050b423e3cf72e923f2c4f794b455c2a69d233456c36c'
+        '4119d0706e00eedc8d19390d7991b7b2d07a304eaa04aa6c000202191403d'
+        '5710bf15a265818cd42ed6fedf09add92d78b18e7a1e9feb95524702')
+
+    secp384r1Encoded = str('d3103f5ac81741e801800060a1687243362b5c7b18'
+        '89f379154615a1c73fb48dee863e022915db608e252de4b7132da8ce98e83'
+        '1534e6a9c0c0b09c8d639ade83206e5ba813473a11fa330e05da8c96e4383'
+        'fe27873da97103be2888cff002f05af71a1fddcc8374aa6ea9ce0030035c7'
+        'a1b10d9fafe837b64ad92f22f5ced0789186538669b5c6d872cec3d926122'
+        'b393772b57602ff31365efe1393246')
+
+    secp521r1Encoded = str('77f4b0ac81948ddc02090084014cdc9cacc4794109'
+        '6bc9cc66752ec27f597734fa66c62b792f88c519d6d37f0d16ea1c483a182'
+        '7a010b9128e3a08070ca33ef5f57835b7c1ba251f6cc3521dc42b01065345'
+        '1981b445d343eed3782a35d6cff0ff484f5a883d209f1b9042b726703568b'
+        '2f326e18b833bdd8aa0734392bcd19501e10d698a79f53e11e0a22bdd2aad'
+        '900042014f3284fa698dd9fe1118dd331851cdfaac5a3829278eb8994839d'
+        'e9471c940b858c69d2d05e8c01788a7d0b6e235aa5e783fc1bee807dcc386'
+        '5f920e12cf8f2d29')
+
+    def __init__(self, specification=None):
+        if specification == 'secp256k1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp256k1Encoded))
+            self.keyOID = secp256k1
+        elif specification == 'secp224r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp224r1Encoded))
+            self.keyOID = secp224r1
+        elif specification == 'secp256r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp256r1Encoded))
+            self.keyOID = secp256r1
+        elif specification == 'secp384r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp384r1Encoded))
+            self.keyOID = secp384r1
+        elif specification == 'secp521r1':
+            self.key = Key.Key.decode(binascii.unhexlify(self.secp521r1Encoded))
+            self.keyOID = secp521r1
+        else:
+            raise UnknownKeySpecificationError(specification)
+
+    def asSubjectPublicKeyInfo(self):
+        """Returns a subject public key info representing
+        this key for use by pyasn1."""
+        algorithmIdentifier = rfc2459.AlgorithmIdentifier()
+        algorithmIdentifier.setComponentByName('algorithm', ecPublicKey)
+        algorithmIdentifier.setComponentByName('parameters', self.keyOID)
+        spki = rfc2459.SubjectPublicKeyInfo()
+        spki.setComponentByName('algorithm', algorithmIdentifier)
+        # We need to extract the point that represents this key.
+        # The library encoding of the key is an 8-byte id, followed by 2
+        # bytes for the key length in bits, followed by the point on the
+        # curve (represented by two python longs). There appear to also
+        # be 2 bytes indicating the length of the point as encoded, but
+        # Decoder takes care of that.
+        encoded = self.key.encode()
+        _, _, points = encoding.Decoder(encoded).int(8).int(2).point(2).out()
+        # '04' indicates that the points are in uncompressed form.
+        hexifiedBitString = "'%s%s%s'H" % ('04', longToEvenLengthHexString(points[0]),
+                                           longToEvenLengthHexString(points[1]))
+        subjectPublicKey = univ.BitString(hexifiedBitString)
+        spki.setComponentByName('subjectPublicKey', subjectPublicKey)
+        return spki
+
+    def sign(self, data, hashAlgorithmName):
+        """Returns a hexified bit string representing a
+        signature by this key over the specified data.
+        Intended for use with pyasn1.type.univ.BitString"""
+        # There is some non-determinism in ECDSA signatures. Work around
+        # this by patching ecc.ecdsa.urandom to not be random.
+        with mock.patch('ecc.ecdsa.urandom', side_effect=notRandom):
+            # For some reason Key.sign returns an encoded point.
+            # Decode it so we can encode it as a BITSTRING consisting
+            # of a SEQUENCE of two INTEGERs.
+            # Also patch in secp256k1 if applicable.
+            if self.keyOID == secp256k1:
+                with mock.patch('ecc.curves.DOMAINS', {256: secp256k1Params}):
+                    x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+            else:
+                x, y = encoding.dec_point(self.key.sign(data, hashAlgorithmName))
+            point = ECPoint()
+            point.setComponentByName('x', x)
+            point.setComponentByName('y', y)
+            return byteStringToHexifiedBitString(encoder.encode(point))
+
+
+def keyFromSpecification(specification):
+    """Pass in a specification, get the appropriate key back."""
+    if specification.startswith('secp'):
+        return ECCKey(specification)
+    else:
+        return RSAKey(specification)
+
+# The build harness will call this function with an output file-like
+# object and a path to a file containing a specification. This will
+# read the specification and output the key as ASCII-encoded PKCS #8.
+def main(output, inputPath):
+    with open(inputPath) as configStream:
+        output.write(keyFromSpecification(configStream.read().strip()).toPEM())
+
+# When run as a standalone program, this will read a specification from
+# stdin and output the certificate as PEM to stdout.
+if __name__ == '__main__':
+    print keyFromSpecification(sys.stdin.read()).toPEM()
diff --git a/security/manager/ssl/tests/unit/sss_readstate_child_worker.js b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
new file mode 100644
index 000000000..166ab9ed3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/sss_readstate_child_worker.js
@@ -0,0 +1,25 @@
+/* import-globals-from head_psm.js */
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "expired.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "notexpired.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains.preloaded.test", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "incsubdomain.example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "sub.incsubdomain.example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains2.preloaded.test", 0));
+  do_test_finished();
+}
diff --git a/security/manager/ssl/tests/unit/test_add_preexisting_cert.js b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
new file mode 100644
index 000000000..2b07828c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_add_preexisting_cert.js
@@ -0,0 +1,45 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// Tests that adding a certificate already present in the certificate database
+// with different trust bits than those stored in the database does not result
+// in the new trust bits being ignored.
+
+do_get_profile();
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+function load_cert(cert, trust) {
+  let file = "test_intermediate_basic_usage_constraints/" + cert + ".pem";
+  addCertFromFile(certDB, file, trust);
+}
+
+function getDERString(cert) {
+  let derString = "";
+  for (let rawByte of cert.getRawDER({})) {
+    derString += String.fromCharCode(rawByte);
+  }
+  return derString;
+}
+
+function run_test() {
+  load_cert("ca", "CTu,CTu,CTu");
+  load_cert("int-limited-depth", "CTu,CTu,CTu");
+  let file = "test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem";
+  let cert_pem = readFile(do_get_file(file));
+  let ee = certDB.constructX509FromBase64(pemToBase64(cert_pem));
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  // Change the already existing intermediate certificate's trust using
+  // addCertFromBase64(). We use findCertByNickname first to ensure that the
+  // certificate already exists.
+  let int_cert = certDB.findCertByNickname("int-limited-depth");
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+  let base64_cert = btoa(getDERString(int_cert));
+  certDB.addCertFromBase64(base64_cert, "p,p,p", "ignored_argument");
+  checkCertErrorGeneric(certDB, ee, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+}
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build
new file mode 100644
index 000000000..b911380a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'no-san-old.pem',
+#    'no-san-older.pem',
+#    'no-san-recent.pem',
+#    'san-contains-no-hostnames-old.pem',
+#    'san-contains-no-hostnames-older.pem',
+#    'san-contains-no-hostnames-recent.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
new file mode 100644
index 000000000..4a0032f43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUS00fexo4Y4FagP1oiKQiGCJKd/swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAnooFCIG4D5EQxpe6EcB3gXE2Cj5kMBvO5H+OobaVRd4kIxET+MChwsN2nuwy
+xooA/P2M+9W/S3KP/K8L1tlyf/8J2xlr349MhULhCKG7XxpEQZl6sVjaeDLwWrEK
+2Ts1jPgCTufdfPYBcO3rb4HSdHNfFlhB98dfgSakXqXzUZ9sz2VxmAeL6tLvspG9
+tH5viWFc+lv1J3/Jtzk79hleDsiIdcjTjC/bM/Y49jkNOBxru4Qrw5AZuveoVy/G
+2axz89wBpjLYjI0KtVxCf8dutcVW7UwFKQywmo7QDqha61f0f8I6oCYXsDPK9FPf
+WLIrK1TT3YxdhN7QIRu6J8ttBQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
new file mode 100644
index 000000000..7a34d0758
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-old.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
new file mode 100644
index 000000000..370cafc8f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUZ3gdKZRvWFYArMRStT2zAGE6JDQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAn81HiHxHv7Mhq16XWoD6ttEu9sllOHssw452wRdIieM2XcMIi5DPI81XDhqk
+5Zw/pUDfWxNFLq92JM2UArF7RtWICBYqi4UJcdnrMb84rwOVdgt9sDQYdamqj5qF
+90XpTOIA+ZyfAMXxJpJTEC9WN1rc3cK6Epv0+7KqE6FBa5aH8uAYXAb/+eKmtwY/
+ELQWT2jsoplihEw8aJsXTR9M9y2UudxPhqgA7lPpstbOMNuw2xg8oWBnqgZGRGvH
+7Afu2CoxEmYbxXnO6cJ30/pAuVLnVpmJg1n7DLT8is+2fUiOMyuve7KAjxuAo3KT
+XEiTdgDBOOO+gIY532x/jErbRA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
new file mode 100644
index 000000000..aa682a7af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-older.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
new file mode 100644
index 000000000..f901f613b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUWxGwhSb8roUQoLNpJajl0X8jk10wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEADs0POeb1wJthEcg1nRYRcPgcNHsV1yVCkHMyfmssA1rgWXsp93PRVaCyZYgI
+Dq+8QJtAYpdcChFcEYeGjcjLv49Dh+yiiZPPbRWKJB0y3v+13A74M1q+IQFoQWAh
+L5GzAEjApsB1j/csRfDNjIwcP1WApN1iZ2NPxFU+PAIFhcmm+uD2doDtQfpMN9vi
+HEg5H1x7JOufOZlN+zbnPK+Ob7N13pFd/P/IO8XhA/X8by4G45oh0deyELf9zVcW
+4flslHPYthp4LDEyPvTP52jHn/yTO/m8cxKmCZOuwiw4DWfSVUy6irUs8W5SlfS8
+gI2Ctb+G5YvSffsPYwkUg3Hg7g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
new file mode 100644
index 000000000..e38478165
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/no-san-recent.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
new file mode 100644
index 000000000..2d6821a7c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUL/Gibj3iILbh9idTh3u9XTSwzqIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQAtCjzHSdXdAyaC5Qyw77gFwQKECHDAimgze1Nvgkyiv4LJLSuFZ84jnLIL
+PM+iRxrxeBOdNy8PNIaDadFb5NoovmdLTG08ZjNjJoXOt5JufIHQrUzrcZy1aP7z
+rWXED1QcwyKkoOAOqr5hOZ3pmu67a1vJgjZ8H4dVhfFkmSVGPG/6mTvn9H4N/AEo
+K+M7BW1WMnNexsV5mMvlUUdfZP0J3o9oI9msH6uH92xU6jIHpgcm6plXfpOBGQfB
+g6EUGD4znDe24ljbaohFATWw5c09kkOQNg/H6DQpb1Vi6k+X62Zgj5UR79zx53e+
+3Wo3Iu+hJUfNwyNk7KVF+r1wsUdA
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
new file mode 100644
index 000000000..41817bde7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-old.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
new file mode 100644
index 000000000..0465f5da5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUTePOoF7EmrE46xg5zgyv8RLxEhYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQCdicLQK5tTHkNs58IySxDedV+BqQYxvNZN3cfrqzFdehS4OzVe8hQkwKhJ
+5PpOfkh86KxoBActVL8AtP+mIBZ765qEFPhGEFMfEhqattsO6BluMNTB7ZP8HeDm
+/oCI7Ae5u+Yr5IvjBNSv5fpY7sfDiM4oqXBolJYkR+YTu+GSKYhLZTtiHhG1/Jgw
+yzBzWkfYxIW7EOe2t99krNWpPaf1MyUXO3Pj/7qfURMDeocaAvPGw7tqCZ0nsbOe
+rJvNVZDMaPbOVQKsSSyIrEDfBlQViG10eQIUaURuAY4hJs6AoLvS5b3EaxAQAWtJ
+okbLuSVbj7giOF84hkcFM3hE1FTs
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
new file mode 100644
index 000000000..65acf0b02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-older.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20150724-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
new file mode 100644
index 000000000..fc8b5b48a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4TCCAcugAwIBAgIUUwz+d++GVy8L6Lxi9GVnzG6yUCEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozAwLjAsBgNVHREEJTAj
+pCEwHzEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24wCwYJKoZIhvcNAQEL
+A4IBAQCdKXA+1XhcpKdyjeJjEEUm9ptoS8tKJt/vdGUPCByzlD71OJGsiXorTcGY
+V2sgbGCmxA8dnxG8bPQMFdAZ2hRjWjZ/Hs18SDbMAONjzgiPlwUWRZldb2Th7WX3
+7a+1uMsT1rEsgmip7FuJjqW0qEyuHFRTt47aK0GJRX42VC5kJVMX8ujl8ucqSSNa
+PRh6IPQgIxSchu79weP+YIxMz3GDvNuu6z4QWdkzQrnYqSJpLgNGPAdAxFCgsok3
+5rFNhadGNv6RqrG00HmXPBTTq6T8rQEsbQZQZ4eensb0HxdiQyX4XGnMeEpElTwO
+LHziGIW2jBA9v5FJVBCC9QQysNby
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
new file mode 100644
index 000000000..140c20143
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements/san-contains-no-hostnames-recent.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:example.com
+validity:20160824-20160924
+extension:subjectAlternativeName:/O=Example Organization
diff --git a/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
new file mode 100644
index 000000000..8917671b8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_baseline_requirements_subject_common_name.js
@@ -0,0 +1,188 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// The preference security.pki.name_matching_mode controls whether or not
+// mozilla::pkix will fall back to using a certificate's subject common name
+// during name matching. If the Baseline Requirements are followed, fallback
+// should not be necessary (because any name information in the subject common
+// name should be present in the subject alternative name extension). Due to
+// compatibility concerns, the platform can be configured to fall back for
+// certificates that are valid before 23 August 2016. Note that for certificates
+// issued by an imported root, the platform will fall back if necessary,
+// regardless of the value of the preference.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_baseline_requirements/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(gCertDB, `test_baseline_requirements/${certName}.pem`,
+                  trustString);
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  checkCertErrorGenericAtTime(gCertDB, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME, {},
+                              "example.com");
+}
+
+function run_test() {
+  do_register_cleanup(() => {
+    Services.prefs.clearUserPref("security.pki.name_matching_mode");
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  });
+
+  loadCertWithTrust("ca", "CTu,,");
+
+  // When verifying a certificate, if the trust anchor is not a built-in root,
+  // name matching will fall back to using the subject common name if necessary
+  // (i.e. if there is no subject alternative name extension or it does not
+  // contain any dNSName or iPAddress entries). Thus, since imported roots are
+  // not in general treated as built-ins, these should all successfully verify
+  // regardless of the value of the pref.
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
+  do_print("current mode: always fall back, root not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
+  do_print("current mode: fall back for notBefore < August 23, 2016, root " +
+           "not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
+  do_print("current mode: fall back for notBefore < August 23, 2015, root " +
+           "not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
+  do_print("current mode: never fall back, root not built-in");
+  checkCertOn25August2016(certFromFile("no-san-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("no-san-older"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                          PRErrorCodeSuccess);
+
+  // In debug builds, we can treat an imported root as a built-in, and thus we
+  // can actually test the different values of the pref.
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash",
+                               root.sha256Fingerprint);
+
+    // Always fall back if necessary.
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 0);
+    do_print("current mode: always fall back, root built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Only fall back if notBefore < 23 August 2016
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 1);
+    do_print("current mode: fall back for notBefore < August 23, 2016, root " +
+             "built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Only fall back if notBefore < 23 August 2015
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 2);
+    do_print("current mode: fall back for notBefore < August 23, 2015, root " +
+             "built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            PRErrorCodeSuccess);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            PRErrorCodeSuccess);
+
+    // Never fall back.
+    Services.prefs.setIntPref("security.pki.name_matching_mode", 3);
+    do_print("current mode: never fall back, root built-in");
+    checkCertOn25August2016(certFromFile("no-san-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("no-san-older"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-recent"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-old"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+    checkCertOn25August2016(certFromFile("san-contains-no-hostnames-older"),
+                            SSL_ERROR_BAD_CERT_DOMAIN);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import.js b/security/manager/ssl/tests/unit/test_certDB_import.js
new file mode 100644
index 000000000..f53fbf0ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import.js
@@ -0,0 +1,118 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the various nsIX509CertDB import methods.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const CA_CERT_COMMON_NAME = "importedCA";
+const TEST_EMAIL_ADDRESS = "test@example.com";
+
+let gCACertImportDialogCount = 0;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  confirmDownloadCACert: (ctx, cert, trust) => {
+    gCACertImportDialogCount++;
+    equal(cert.commonName, CA_CERT_COMMON_NAME,
+          "CA cert to import should have the correct CN");
+    trust.value = Ci.nsIX509CertDB.TRUSTED_EMAIL;
+    return true;
+  },
+  setPKCS12FilePassword: (ctx, password) => {
+    // This is only relevant to exporting.
+    ok(false, "setPKCS12FilePassword() should not have been called");
+  },
+  getPKCS12FilePassword: (ctx, password) => {
+    // We don't test anything that calls this method yet.
+    ok(false, "getPKCS12FilePassword() should not have been called");
+  },
+  viewCert: (ctx, cert) => {
+    // This shouldn't be called for import methods.
+    ok(false, "viewCert() should not have been called");
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs])
+};
+
+// Implements nsIInterfaceRequestor. Mostly serves to mock nsIPrompt.
+const gInterfaceRequestor = {
+  alert: (title, text) => {
+    // We don't test anything that calls this method yet.
+    ok(false, `alert() should not have been called: ${text}`);
+  },
+
+  getInterface: iid => {
+    if (iid.equals(Ci.nsIPrompt)) {
+      return this;
+    }
+
+    throw new Error(Cr.NS_ERROR_NO_INTERFACE);
+  }
+};
+
+function getCertAsByteArray(certPath) {
+  let certFile = do_get_file(certPath, false);
+  let certBytes = readFile(certFile);
+
+  let byteArray = [];
+  for (let i = 0; i < certBytes.length; i++) {
+    byteArray.push(certBytes.charCodeAt(i));
+  }
+
+  return byteArray;
+}
+
+function testImportCACert() {
+  // Sanity check the CA cert is missing.
+  throws(() => gCertDB.findCertByNickname(CA_CERT_COMMON_NAME),
+         /NS_ERROR_FAILURE/,
+         "CA cert should not be in the database before import");
+
+  // Import and check for success.
+  let caArray = getCertAsByteArray("test_certDB_import/importedCA.pem");
+  gCertDB.importCertificates(caArray, caArray.length, Ci.nsIX509Cert.CA_CERT,
+                             gInterfaceRequestor);
+  equal(gCACertImportDialogCount, 1,
+        "Confirmation dialog for the CA cert should only be shown once");
+
+  let caCert = gCertDB.findCertByNickname(CA_CERT_COMMON_NAME);
+  notEqual(caCert, null, "CA cert should now be found in the database");
+  ok(gCertDB.isCertTrusted(caCert, Ci.nsIX509Cert.CA_CERT,
+                           Ci.nsIX509CertDB.TRUSTED_EMAIL),
+     "CA cert should be trusted for e-mail");
+}
+
+function run_test() {
+  // We have to set a password and login before we attempt to import anything.
+  // In particular, the SQL NSS DB requires the user to be authenticated to set
+  // certificate trust settings, which we do when we import CA certs.
+  loginToDBWithDefaultPassword();
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+  });
+
+  // Sanity check the e-mail cert is missing.
+  throws(() => gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS),
+         /NS_ERROR_FAILURE/,
+         "E-mail cert should not be in the database before import");
+
+  // Import the CA cert so that the e-mail import succeeds.
+  testImportCACert();
+
+  // Import the e-mail cert and check for success.
+  let emailArray = getCertAsByteArray("test_certDB_import/emailEE.pem");
+  gCertDB.importEmailCertificate(emailArray, emailArray.length,
+                                 gInterfaceRequestor);
+  notEqual(gCertDB.findCertByEmailAddress(TEST_EMAIL_ADDRESS), null,
+           "E-mail cert should now be found in the database");
+}
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
new file mode 100644
index 000000000..e969d672d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/cert_from_windows.pfx
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
new file mode 100644
index 000000000..72b6371e2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUKTBs2ocwnIM+g29rcb+FMc8RTWswCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowITEfMB0GCSqGSIb3DQEJARYQdGVzdEBleGFtcGxlLmNvbTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAATALBgkqhkiG9w0BAQsDggEBAFbtBnvVJEYh/Zq1mZuQXasaqD0Xp0s3hxEr
+hDkrSh2uQ/lm3lvHuDLodI2cSYJz9A/ona2QHt9Rb9X7CmWFQ8DJtF1aiWLFlqgd
+muaib0gSusRZr2cC+N7N35tmVO/gLlESlhQh40ORgSgMg+K8Vj3QwML5NSc91B7I
+dCxZx5sZFl2HacOlQ0BFHqyk4tyPXxFLm5Ky56e2g52pCbWRkUbD2ScuxpoAd79E
+n3FQYSZFn/AdrbSoko/+3AzNvHNCtqs8XAC4rE2dEuRYBjTF+ge4hGJqMFCRiCzN
+2thjCmenbilKlLWL5fqNdaJqrMKD0Yp9AQhkICoIKXIJFquf9eQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
new file mode 100644
index 000000000..0528bc624
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/emailEE.pem.certspec
@@ -0,0 +1,2 @@
+issuer:importedCA
+subject:/emailAddress=test@example.com
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
new file mode 100644
index 000000000..77ec4cbac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyDCCAbKgAwIBAgIUe4uNcR4KmHzd+jhffWz/NeLVWEUwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCmltcG9ydGVkQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKaW1wb3J0ZWRDQTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYD
+VR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAKENtK8hNu6JqM9B5OZWOrS8HT+j
+ij9DiGh/rY9vf+2RywnR3RKq7yUO/GalAVbPP6OQBF+6qUJ4kQ6DO6XX7hKiB46n
+XeVsxE9PawM/tsZszu/u2f3252AhDKgiy+doqtx4dbjBlCZxjtNEAu6EVHbseyBT
+0C7+ILcmWXw6ZR4m9u7KoeHc2PMbYtj0YLveWgCXm7vIGw0Tl3eMZqsY1dG4LC3z
+7vbr9HcLCpxOiUVfmLKs0l6nhbdoedNZ8zQDPFAI4ME3Em+7MNf+SRL0L45J0Sok
+CqDbTn2fPlwEVsZqhq2475CXIzRpHxeF4Z0bB0vtXWH2oq+T3x7xqGxEmDU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
new file mode 100644
index 000000000..b16825354
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/importedCA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:importedCA
+subject:importedCA
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_certDB_import/moz.build b/security/manager/ssl/tests/unit/test_certDB_import/moz.build
new file mode 100644
index 000000000..0c973c9e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See Bug 1256495.
+#test_certificates = (
+#    'emailEE.pem',
+#    'importedCA.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
new file mode 100644
index 000000000..56e17855a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certDB_import_pkcs12.js
@@ -0,0 +1,92 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests import PKCS12 file by nsIX509CertDB.
+
+do_get_profile();
+
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const CERT_COMMON_NAME = "test_cert_from_windows";
+const TEST_CERT_PASSWORD = "黒い";
+
+let gGetPKCS12Password = false;
+
+// Mock implementation of nsICertificateDialogs.
+const gCertificateDialogs = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertificateDialogs]),
+
+  getPKCS12FilePassword: (ctx, password) => {
+    ok(!gGetPKCS12Password,
+       "getPKCS12FilePassword should be called only once.");
+
+    password.value = TEST_CERT_PASSWORD;
+    do_print("getPKCS12FilePassword() is called");
+    gGetPKCS12Password = true;
+    return true;
+  },
+};
+
+const gPrompt = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]),
+  alert: (title, text) => {
+    do_print("alert('" + text + "')");
+  },
+};
+
+const gPromptFactory = {
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPromptFactory]),
+  getPrompt: (aWindow, aIID) => gPrompt,
+};
+
+function doesCertExist(commonName) {
+  let allCerts = gCertDB.getCerts();
+  let enumerator = allCerts.getEnumerator();
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (cert.isBuiltInRoot) {
+      continue;
+    }
+    if (cert.commonName == commonName) {
+      return true;
+    }
+  }
+
+  return false;
+}
+
+function testImportPKCS12Cert() {
+  ok(!doesCertExist(CERT_COMMON_NAME),
+     "Cert should not be in the database before import");
+
+  // Import and check for success.
+  let certFile = do_get_file("test_certDB_import/cert_from_windows.pfx");
+  gCertDB.importPKCS12File(null, certFile);
+
+  ok(gGetPKCS12Password, "PKCS12 password should be asked");
+
+  ok(doesCertExist(CERT_COMMON_NAME),
+     "Cert should now be found in the database");
+}
+
+function run_test() {
+  // We have to set a password and login before we attempt to import anything.
+  loginToDBWithDefaultPassword();
+
+  let certificateDialogsCID =
+    MockRegistrar.register("@mozilla.org/nsCertificateDialogs;1",
+                           gCertificateDialogs);
+  let promptFactoryCID =
+    MockRegistrar.register("@mozilla.org/prompter;1", gPromptFactory);
+
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certificateDialogsCID);
+    MockRegistrar.unregister(promptFactoryCID);
+  });
+
+  // Import PKCS12 file with utf-8 password
+  testImportPKCS12Cert();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_blocklist.js b/security/manager/ssl/tests/unit/test_cert_blocklist.js
new file mode 100644
index 000000000..75688b58a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_blocklist.js
@@ -0,0 +1,362 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test checks a number of things:
+// * it ensures that data loaded from revocations.txt on startup is present
+// * it ensures that certItems in blocklist.xml are persisted correctly
+// * it ensures that items in the CertBlocklist are seen as revoked by the
+//   cert verifier
+// * it does a sanity check to ensure other cert verifier behavior is
+//   unmodified
+
+// First, we need to setup appInfo for the blocklist service to work
+var id = "xpcshell@tests.mozilla.org";
+var appName = "XPCShell";
+var version = "1";
+var platformVersion = "1.9.2";
+Cu.import("resource://testing-common/AppInfo.jsm", this);
+/*global updateAppInfo:false*/ // Imported via AppInfo.jsm.
+updateAppInfo({
+  name: appName,
+  ID: id,
+  version: version,
+  platformVersion: platformVersion ? platformVersion : "1.0",
+  crashReporter: true,
+});
+
+// we need to ensure we setup revocation data before certDB, or we'll start with
+// no revocation.txt in the profile
+var gProfile = do_get_profile();
+
+// Write out an empty blocklist.xml file to the profile to ensure nothing
+// is blocklisted by default
+var blockFile = gProfile.clone();
+blockFile.append("blocklist.xml");
+var stream = Cc["@mozilla.org/network/file-output-stream;1"]
+               .createInstance(Ci.nsIFileOutputStream);
+stream.init(blockFile,
+  FileUtils.MODE_WRONLY | FileUtils.MODE_CREATE | FileUtils.MODE_TRUNCATE,
+  FileUtils.PERMS_FILE, 0);
+
+var data = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" +
+           "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">\n" +
+           "</blocklist>\n";
+stream.write(data, data.length);
+stream.close();
+
+const PREF_BLOCKLIST_UPDATE_ENABLED = "services.blocklist.update_enabled";
+const PREF_ONECRL_VIA_AMO = "security.onecrl.via.amo";
+
+var gRevocations = gProfile.clone();
+gRevocations.append("revocations.txt");
+if (!gRevocations.exists()) {
+  let existing = do_get_file("test_onecrl/sample_revocations.txt", false);
+  existing.copyTo(gProfile, "revocations.txt");
+}
+
+var certDB = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+// set up a test server to serve the blocklist.xml
+var testserver = new HttpServer();
+
+var initialBlocklist = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+    "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">" +
+    // test with some bad data ...
+    "<certItems><certItem issuerName='Some nonsense in issuer'>" +
+    "<serialNumber>AkHVNA==</serialNumber>" +
+    "</certItem><certItem issuerName='MA0xCzAJBgNVBAMMAmNh'>" +
+    "<serialNumber>some nonsense in serial</serialNumber>" +
+    "</certItem><certItem issuerName='some nonsense in both issuer'>" +
+    "<serialNumber>and serial</serialNumber></certItem>" +
+    // some mixed
+    // In this case, the issuer name and the valid serialNumber correspond
+    // to test-int.pem in bad_certs/
+    "<certItem issuerName='MBIxEDAOBgNVBAMMB1Rlc3QgQ0E='>" +
+    "<serialNumber>oops! more nonsense.</serialNumber>" +
+    "<serialNumber>BVio/iQ21GCi2iUven8oJ/gae74=</serialNumber></certItem>" +
+    // ... and some good
+    // In this case, the issuer name and the valid serialNumber correspond
+    // to other-test-ca.pem in bad_certs/ (for testing root revocation)
+    "<certItem issuerName='MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E='>" +
+    "<serialNumber>exJUIJpq50jgqOwQluhVrAzTF74=</serialNumber></certItem>" +
+    // This item corresponds to an entry in sample_revocations.txt where:
+    // isser name is "another imaginary issuer" base-64 encoded, and
+    // serialNumbers are:
+    // "serial2." base-64 encoded, and
+    // "another serial." base-64 encoded
+    // We need this to ensure that existing items are retained if they're
+    // also in the blocklist
+    "<certItem issuerName='YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy'>" +
+    "<serialNumber>c2VyaWFsMi4=</serialNumber>" +
+    "<serialNumber>YW5vdGhlciBzZXJpYWwu</serialNumber></certItem>" +
+    // This item revokes same-issuer-ee.pem by subject and pubKeyHash.
+    "<certItem subject='MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5'" +
+    " pubKeyHash='VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8='>" +
+    "</certItem></certItems></blocklist>";
+
+var updatedBlocklist = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+    "<blocklist xmlns=\"http://www.mozilla.org/2006/addons-blocklist\">" +
+    "<certItems>" +
+    "<certItem issuerName='something new in both the issuer'>" +
+    "<serialNumber>and the serial number</serialNumber></certItem>" +
+    "</certItems></blocklist>";
+
+
+var blocklists = {
+  "/initialBlocklist/": initialBlocklist,
+  "/updatedBlocklist/": updatedBlocklist
+};
+
+function serveResponse(request, response) {
+  do_print("Serving for path " + request.path + "\n");
+  response.write(blocklists[request.path]);
+}
+
+for (var path in blocklists) {
+  testserver.registerPathHandler(path, serveResponse);
+}
+
+// start the test server
+testserver.start(-1);
+var port = testserver.identity.primaryPort;
+
+// Setup the addonManager
+var addonManager = Cc["@mozilla.org/addons/integration;1"]
+                     .getService(Ci.nsIObserver)
+                     .QueryInterface(Ci.nsITimerCallback);
+addonManager.observe(null, "addons-startup", null);
+
+var converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                  .createInstance(Ci.nsIScriptableUnicodeConverter);
+converter.charset = "UTF-8";
+
+function verify_cert(file, expectedError) {
+  let ee = constructCertFromFile(file);
+  checkCertErrorGeneric(certDB, ee, expectedError, certificateUsageSSLServer);
+}
+
+// The certificate blocklist currently only applies to TLS server certificates.
+function verify_non_tls_usage_succeeds(file) {
+  let ee = constructCertFromFile(file);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certDB, ee, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+}
+
+function load_cert(cert, trust) {
+  let file = "bad_certs/" + cert + ".pem";
+  addCertFromFile(certDB, file, trust);
+}
+
+function test_is_revoked(certList, issuerString, serialString, subjectString,
+                         pubKeyString) {
+  let issuer = converter.convertToByteArray(issuerString ? issuerString : '',
+                                            {});
+
+  let serial = converter.convertToByteArray(serialString ? serialString : '',
+                                            {});
+
+  let subject = converter.convertToByteArray(subjectString ? subjectString : '',
+                                             {});
+
+  let pubKey = converter.convertToByteArray(pubKeyString ? pubKeyString : '',
+                                            {});
+
+  return certList.isCertRevoked(issuer,
+                                issuerString ? issuerString.length : 0,
+                                serial,
+                                serialString ? serialString.length : 0,
+                                subject,
+                                subjectString ? subjectString.length : 0,
+                                pubKey,
+                                pubKeyString ? pubKeyString.length : 0);
+}
+
+function fetch_blocklist(blocklistPath) {
+  do_print("path is " + blocklistPath + "\n");
+  let certblockObserver = {
+    observe: function(aSubject, aTopic, aData) {
+      Services.obs.removeObserver(this, "blocklist-updated");
+      run_next_test();
+    }
+  };
+
+  Services.obs.addObserver(certblockObserver, "blocklist-updated", false);
+  Services.prefs.setCharPref("extensions.blocklist.url",
+                              `http://localhost:${port}/${blocklistPath}`);
+  let blocklist = Cc["@mozilla.org/extensions/blocklist;1"]
+                    .getService(Ci.nsITimerCallback);
+  blocklist.notify(null);
+}
+
+function check_revocations_txt_contents(expected) {
+  let profile = do_get_profile();
+  let revocations = profile.clone();
+  revocations.append("revocations.txt");
+  ok(revocations.exists(), "the revocations file should exist");
+  let inputStream = Cc["@mozilla.org/network/file-input-stream;1"]
+                      .createInstance(Ci.nsIFileInputStream);
+  inputStream.init(revocations, -1, -1, 0);
+  inputStream.QueryInterface(Ci.nsILineInputStream);
+  let contents = "";
+  let hasmore = false;
+  do {
+    let line = {};
+    hasmore = inputStream.readLine(line);
+    contents += (contents.length == 0 ? "" : "\n") + line.value;
+  } while (hasmore);
+  equal(contents, expected, "revocations.txt should be as expected");
+}
+
+function run_test() {
+  // import the certificates we need
+  load_cert("test-ca", "CTu,CTu,CTu");
+  load_cert("test-int", ",,");
+  load_cert("other-test-ca", "CTu,CTu,CTu");
+
+  let certList = Cc["@mozilla.org/security/certblocklist;1"]
+                  .getService(Ci.nsICertBlocklist);
+
+  let expected = "# Auto generated contents. Do not edit.\n" +
+                 "MCIxIDAeBgNVBAMMF0Fub3RoZXIgVGVzdCBFbmQtZW50aXR5\n" +
+                 "\tVCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=\n" +
+                 "MBIxEDAOBgNVBAMMB1Rlc3QgQ0E=\n" +
+                 " BVio/iQ21GCi2iUven8oJ/gae74=\n" +
+                 "MBgxFjAUBgNVBAMMDU90aGVyIHRlc3QgQ0E=\n" +
+                 " exJUIJpq50jgqOwQluhVrAzTF74=\n" +
+                 "YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy\n" +
+                 " YW5vdGhlciBzZXJpYWwu\n" +
+                 " c2VyaWFsMi4=";
+
+  // This test assumes OneCRL updates via AMO
+  Services.prefs.setBoolPref(PREF_BLOCKLIST_UPDATE_ENABLED, false);
+  Services.prefs.setBoolPref(PREF_ONECRL_VIA_AMO, true);
+
+  add_test(function () {
+    // check some existing items in revocations.txt are blocked. Since the
+    // CertBlocklistItems don't know about the data they contain, we can use
+    // arbitrary data (not necessarily DER) to test if items are revoked or not.
+    // This test corresponds to:
+    // issuer: c29tZSBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsLg==
+    ok(test_is_revoked(certList, "some imaginary issuer", "serial."),
+      "issuer / serial pair should be blocked");
+
+    // This test corresponds to:
+    // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsLg==
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial."),
+      "issuer / serial pair should be blocked");
+
+    // And this test corresponds to:
+    // issuer: YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+    // serial: c2VyaWFsMi4=
+    // (we test this issuer twice to ensure we can read multiple serials)
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+      "issuer / serial pair should be blocked");
+
+    // Soon we'll load a blocklist which revokes test-int.pem, which issued
+    // test-int-ee.pem.
+    // Check the cert validates before we load the blocklist
+    let file = "test_onecrl/test-int-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist also revokes other-test-ca.pem, which issued
+    // other-ca-ee.pem. Check the cert validates before we load the blocklist
+    file = "bad_certs/other-issuer-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // The blocklist will revoke same-issuer-ee.pem via subject / pubKeyHash.
+    // Check the cert validates before we load the blocklist
+    file = "test_onecrl/same-issuer-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    run_next_test();
+  });
+
+  // blocklist load is async so we must use add_test from here
+  add_test(function() {
+    fetch_blocklist("initialBlocklist/");
+  });
+
+  add_test(function() {
+    // The blocklist will be loaded now. Let's check the data is sane.
+    // In particular, we should still have the revoked issuer / serial pair
+    // that was in both revocations.txt and the blocklist.xml
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+      "issuer / serial pair should be blocked");
+
+    // Check that both serials in the certItem with multiple serials were read
+    // properly
+    ok(test_is_revoked(certList, "another imaginary issuer", "serial2."),
+       "issuer / serial pair should be blocked");
+    ok(test_is_revoked(certList, "another imaginary issuer", "another serial."),
+       "issuer / serial pair should be blocked");
+
+    // test a subject / pubKey revocation
+    ok(test_is_revoked(certList, "nonsense", "more nonsense",
+       "some imaginary subject", "some imaginary pubkey"),
+       "issuer / serial pair should be blocked");
+
+    // Check the blocklist entry has been persisted properly to the backing
+    // file
+    check_revocations_txt_contents(expected);
+
+    // Check the blocklisted intermediate now causes a failure
+    let file = "test_onecrl/test-int-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check the ee with the blocklisted root also causes a failure
+    file = "bad_certs/other-issuer-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check the ee blocked by subject / pubKey causes a failure
+    file = "test_onecrl/same-issuer-ee.pem";
+    verify_cert(file, SEC_ERROR_REVOKED_CERTIFICATE);
+    verify_non_tls_usage_succeeds(file);
+
+    // Check a non-blocklisted chain still validates OK
+    file = "bad_certs/default-ee.pem";
+    verify_cert(file, PRErrorCodeSuccess);
+
+    // Check a bad cert is still bad (unknown issuer)
+    file = "bad_certs/unknownissuer.pem";
+    verify_cert(file, SEC_ERROR_UNKNOWN_ISSUER);
+
+    // check that save with no further update is a no-op
+    let lastModified = gRevocations.lastModifiedTime;
+    // add an already existing entry
+    certList.revokeCertByIssuerAndSerial("YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy",
+                                         "c2VyaWFsMi4=");
+    certList.saveEntries();
+    let newModified = gRevocations.lastModifiedTime;
+    equal(lastModified, newModified,
+          "saveEntries with no modifications should not update the backing file");
+
+    run_next_test();
+  });
+
+  // disable AMO cert blocklist - and check blocklist.xml changes do not
+  // affect the data stored.
+  add_test(function() {
+    Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+    fetch_blocklist("updatedBlocklist/");
+  });
+
+  add_test(function() {
+    // Check the blocklist entry has not changed
+    check_revocations_txt_contents(expected);
+    run_next_test();
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_chains.js b/security/manager/ssl/tests/unit/test_cert_chains.js
new file mode 100644
index 000000000..8abcb4e65
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_chains.js
@@ -0,0 +1,134 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+function build_cert_chain(certNames) {
+  let certList = Cc["@mozilla.org/security/x509certlist;1"]
+                   .createInstance(Ci.nsIX509CertList);
+  certNames.forEach(function(certName) {
+    let cert = constructCertFromFile("bad_certs/" + certName + ".pem");
+    certList.addCert(cert);
+  });
+  return certList;
+}
+
+function test_cert_equals() {
+  let certA = constructCertFromFile("bad_certs/default-ee.pem");
+  let certB = constructCertFromFile("bad_certs/default-ee.pem");
+  let certC = constructCertFromFile("bad_certs/expired-ee.pem");
+
+  ok(certA != certB,
+     "Cert objects constructed from the same file should not be equal" +
+     " according to the equality operators");
+  ok(certA.equals(certB),
+     "equals() on cert objects constructed from the same cert file should" +
+     " return true");
+  ok(!certA.equals(certC),
+     "equals() on cert objects constructed from files for different certs" +
+     " should return false");
+}
+
+function test_cert_list_serialization() {
+  let certList = build_cert_chain(['default-ee', 'expired-ee']);
+
+  // Serialize the cert list to a string
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                    .getService(Ci.nsISerializationHelper);
+  certList.QueryInterface(Ci.nsISerializable);
+  let serialized = serHelper.serializeToString(certList);
+
+  // Deserialize from the string and compare to the original object
+  let deserialized = serHelper.deserializeObject(serialized);
+  deserialized.QueryInterface(Ci.nsIX509CertList);
+  ok(certList.equals(deserialized),
+     "Deserialized cert list should equal the original");
+}
+
+function test_security_info_serialization(securityInfo, expectedErrorCode) {
+  // Serialize the securityInfo to a string
+  let serHelper = Cc["@mozilla.org/network/serialization-helper;1"]
+                    .getService(Ci.nsISerializationHelper);
+  let serialized = serHelper.serializeToString(securityInfo);
+
+  // Deserialize from the string and compare to the original object
+  let deserialized = serHelper.deserializeObject(serialized);
+  deserialized.QueryInterface(Ci.nsITransportSecurityInfo);
+  equal(securityInfo.securityState, deserialized.securityState,
+        "Original and deserialized security state should match");
+  equal(securityInfo.errorMessage, deserialized.errorMessage,
+        "Original and deserialized error message should match");
+  equal(securityInfo.errorCode, expectedErrorCode,
+        "Original and expected error code should match");
+  equal(deserialized.errorCode, expectedErrorCode,
+        "Deserialized and expected error code should match");
+}
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Test nsIX509Cert.equals
+  add_test(function() {
+    test_cert_equals();
+    run_next_test();
+  });
+
+  // Test serialization of nsIX509CertList
+  add_test(function() {
+    test_cert_list_serialization();
+    run_next_test();
+  });
+
+  // Test successful connection (failedCertChain should be null)
+  add_connection_test(
+    // re-use pinning certs (keeler)
+    "good.include-subdomains.pinning.example.com", PRErrorCodeSuccess, null,
+    function withSecurityInfo(aTransportSecurityInfo) {
+      aTransportSecurityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(aTransportSecurityInfo, 0);
+      equal(aTransportSecurityInfo.failedCertChain, null,
+            "failedCertChain for a successful connection should be null");
+    }
+  );
+
+  // Test overrideable connection failure (failedCertChain should be non-null)
+  add_connection_test(
+    "expired.example.com",
+    SEC_ERROR_EXPIRED_CERTIFICATE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(securityInfo, SEC_ERROR_EXPIRED_CERTIFICATE);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for an overrideable" +
+               " connection failure");
+      let originalCertChain = build_cert_chain(["expired-ee", "test-ca"]);
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for an" +
+         " overrideable connection failure");
+    }
+  );
+
+  // Test non-overrideable error (failedCertChain should be non-null)
+  add_connection_test(
+    "inadequatekeyusage.example.com",
+    SEC_ERROR_INADEQUATE_KEY_USAGE,
+    null,
+    function withSecurityInfo(securityInfo) {
+      securityInfo.QueryInterface(Ci.nsITransportSecurityInfo);
+      test_security_info_serialization(securityInfo, SEC_ERROR_INADEQUATE_KEY_USAGE);
+      notEqual(securityInfo.failedCertChain, null,
+               "failedCertChain should not be null for a non-overrideable" +
+               " connection failure");
+      let originalCertChain = build_cert_chain(["inadequatekeyusage-ee", "test-ca"]);
+      ok(originalCertChain.equals(securityInfo.failedCertChain),
+         "failedCertChain should equal the original cert chain for a" +
+         " non-overrideable connection failure");
+    }
+  );
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_dbKey.js b/security/manager/ssl/tests/unit/test_cert_dbKey.js
new file mode 100644
index 000000000..ca47a4997
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_dbKey.js
@@ -0,0 +1,146 @@
+// -*- Mode: javascript; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests that the nsIX509Cert.dbKey and nsIX509CertDB.findCertByDBKey
+// APIs work as expected. That is, getting a certificate's dbKey and using it
+// in findCertByDBKey should return the same certificate. Also, for backwards
+// compatibility, findCertByDBKey should ignore any whitespace in its input
+// (even though now nsIX509Cert.dbKey will never have whitespace in it).
+
+function hexStringToBytes(hex) {
+  let bytes = [];
+  for (let hexByteStr of hex.split(":")) {
+    bytes.push(parseInt(hexByteStr, 16));
+  }
+  return bytes;
+}
+
+function encodeCommonNameAsBytes(commonName) {
+  // The encoding will look something like this (in hex):
+  // 30 (SEQUENCE) <length of contents>
+  //    31 (SET) <length of contents>
+  //       30 (SEQUENCE) <length of contents>
+  //          06 (OID) 03 (length)
+  //             55 04 03 (id-at-commonName)
+  //          0C (UTF8String) <length of common name>
+  //             <common name bytes>
+  // To make things simple, it would be nice to have the length of each
+  // component be less than 128 bytes (so we can have single-byte lengths).
+  // For this to hold, the maximum length of the contents of the outermost
+  // SEQUENCE must be 127. Everything not in the contents of the common name
+  // will take up 11 bytes, so the value of the common name itself can be at
+  // most 116 bytes.
+  ok(commonName.length <= 116,
+     "test assumption: common name can't be longer than 116 bytes (makes " +
+     "DER encoding easier)");
+  let commonNameOIDBytes = [ 0x06, 0x03, 0x55, 0x04, 0x03 ];
+  let commonNameBytes = [ 0x0C, commonName.length ];
+  for (let i = 0; i < commonName.length; i++) {
+    commonNameBytes.push(commonName.charCodeAt(i));
+  }
+  let bytes = commonNameOIDBytes.concat(commonNameBytes);
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x31); // SET
+  bytes.unshift(bytes.length);
+  bytes.unshift(0x30); // SEQUENCE
+  return bytes;
+}
+
+function testInvalidDBKey(certDB, dbKey) {
+  throws(() => certDB.findCertByDBKey(dbKey), /NS_ERROR_ILLEGAL_INPUT/,
+         `findCertByDBKey(${dbKey}) should raise NS_ERROR_ILLEGAL_INPUT`);
+}
+
+function testDBKeyForNonexistentCert(certDB, dbKey) {
+  let cert = certDB.findCertByDBKey(dbKey);
+  ok(!cert, "shouldn't find cert for given dbKey");
+}
+
+function byteArrayToByteString(bytes) {
+  let byteString = "";
+  for (let b of bytes) {
+    byteString += String.fromCharCode(b);
+  }
+  return byteString;
+}
+
+function run_test() {
+  do_get_profile();
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  let cert = constructCertFromFile("bad_certs/test-ca.pem");
+  equal(cert.issuerName, "CN=" + cert.issuerCommonName,
+        "test assumption: this certificate's issuer distinguished name " +
+        "consists only of a common name");
+  let issuerBytes = encodeCommonNameAsBytes(cert.issuerCommonName);
+  ok(issuerBytes.length < 256,
+     "test assumption: length of encoded issuer is less than 256 bytes");
+  let serialNumberBytes = hexStringToBytes(cert.serialNumber);
+  ok(serialNumberBytes.length < 256,
+     "test assumption: length of encoded serial number is less than 256 bytes");
+  let dbKeyHeader = [ 0, 0, 0, 0, 0, 0, 0, 0,
+                      0, 0, 0, serialNumberBytes.length,
+                      0, 0, 0, issuerBytes.length ];
+  let expectedDbKeyBytes = dbKeyHeader.concat(serialNumberBytes, issuerBytes);
+  let expectedDbKey = btoa(byteArrayToByteString(expectedDbKeyBytes));
+  equal(cert.dbKey, expectedDbKey,
+        "actual and expected dbKey values should match");
+
+  let certFromDbKey = certDB.findCertByDBKey(expectedDbKey);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should find the right certificate");
+
+  ok(expectedDbKey.length > 64,
+     "test assumption: dbKey should be longer than 64 characters");
+  let expectedDbKeyWithCRLF = expectedDbKey.replace(/(.{64})/, "$1\r\n");
+  ok(expectedDbKeyWithCRLF.indexOf("\r\n") == 64,
+     "test self-check: adding CRLF to dbKey should succeed");
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithCRLF);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should work with dbKey with CRLF");
+
+  let expectedDbKeyWithSpaces = expectedDbKey.replace(/(.{64})/, "$1  ");
+  ok(expectedDbKeyWithSpaces.indexOf("  ") == 64,
+     "test self-check: adding spaces to dbKey should succeed");
+  certFromDbKey = certDB.findCertByDBKey(expectedDbKeyWithSpaces);
+  ok(certFromDbKey.equals(cert),
+     "nsIX509CertDB.findCertByDBKey should work with dbKey with spaces");
+
+  // Test some invalid dbKey values.
+  testInvalidDBKey(certDB, "AAAA"); // Not long enough.
+  // No header.
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, serialNumberBytes.length,
+      0, 0, 0, issuerBytes.length ].concat(serialNumberBytes, issuerBytes))));
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      255, 255, 255, 255, // serial number length is way too long
+      255, 255, 255, 255, // issuer length is way too long
+      0, 0, 0, 0 ])));
+  // Truncated issuer.
+  testInvalidDBKey(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 1,
+      0, 0, 0, 10,
+      1,
+      1, 2, 3 ])));
+  // Issuer doesn't decode to valid common name.
+  testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 1,
+      0, 0, 0, 3,
+      1,
+      1, 2, 3 ])));
+
+  // zero-length serial number and issuer -> no such certificate
+  testDBKeyForNonexistentCert(certDB, btoa(byteArrayToByteString(
+    [ 0, 0, 0, 0, 0, 0, 0, 0,
+      0, 0, 0, 0,
+      0, 0, 0, 0 ])));
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_eku.js b/security/manager/ssl/tests/unit/test_cert_eku.js
new file mode 100644
index 000000000..5a7e28de1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku.js
@@ -0,0 +1,131 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that the extended key usage extension is properly processed by the
+// platform when verifying certificates. There are already comprehensive tests
+// in mozilla::pkix itself, but these tests serve as integration tests to ensure
+// that the cases we're particularly concerned about are correctly handled.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile(`test_cert_eku/${certName}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_cert_eku/${certName}.pem`, trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer);
+}
+
+function checkCertOn25August2016(cert, expectedResult) {
+  // (new Date("2016-08-25T00:00:00Z")).getTime() / 1000
+  const VALIDATION_TIME = 1472083200;
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA"), PRErrorCodeSuccess);
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA-CA"), PRErrorCodeSuccess);
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure
+  checkEndEntity(certFromFile("ee-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // end-entity has id-kp-serverAuth => success
+  checkEndEntity(certFromFile("ee-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // end-entity has extended key usage, but id-kp-serverAuth is not present =>
+  // failure (in particular, Netscape Server Gated Crypto (also known as
+  // Netscape Step Up) is not an acceptable substitute for end-entity
+  // certificates).
+  // Verify this for all Netscape Step Up policy configurations.
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 1 = "accept nsSGC before 23 August 2016"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 2 = "accept nsSGC before 23 August 2015"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // 3 = "never accept nsSGC"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  checkEndEntity(certFromFile("ee-nsSGC"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // end-entity has id-kp-OCSPSigning, which is not acceptable for end-entity
+  // certificates being verified as TLS server certificates => failure
+  checkEndEntity(certFromFile("ee-SA-OCSP"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA", ",,");
+  checkEndEntity(certFromFile("ee-int-SA"), PRErrorCodeSuccess);
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-CA", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-CA"), PRErrorCodeSuccess);
+  // intermediate has extended key usage, but id-kp-serverAuth is not present
+  // => failure
+  loadCertWithTrust("int-CA", ",,");
+  checkEndEntity(certFromFile("ee-int-CA"), SEC_ERROR_INADEQUATE_CERT_TYPE);
+  // intermediate has id-kp-serverAuth => success
+  loadCertWithTrust("int-SA-nsSGC", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-nsSGC"), PRErrorCodeSuccess);
+
+  // Intermediate has Netscape Server Gated Crypto. Success will depend on the
+  // Netscape Step Up policy configuration and the notBefore property of the
+  // intermediate.
+  loadCertWithTrust("int-nsSGC-recent", ",,");
+  loadCertWithTrust("int-nsSGC-old", ",,");
+  loadCertWithTrust("int-nsSGC-older", ",,");
+  // 0 = "always accept nsSGC in place of serverAuth for CA certificates"
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 0);
+  do_print("Netscape Step Up policy: always accept");
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 1 = "accept nsSGC before 23 August 2016"
+  do_print("Netscape Step Up policy: accept before 23 August 2016");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 1);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          PRErrorCodeSuccess);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 2 = "accept nsSGC before 23 August 2015"
+  do_print("Netscape Step Up policy: accept before 23 August 2015");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 2);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          PRErrorCodeSuccess);
+  // 3 = "never accept nsSGC"
+  do_print("Netscape Step Up policy: never accept");
+  Services.prefs.setIntPref("security.pki.netscape_step_up_policy", 3);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-recent"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-old"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+  checkCertOn25August2016(certFromFile("ee-int-nsSGC-older"),
+                          SEC_ERROR_INADEQUATE_CERT_TYPE);
+
+  // intermediate has id-kp-OCSPSigning, which is acceptable for CA
+  // certificates => success
+  loadCertWithTrust("int-SA-OCSP", ",,");
+  checkEndEntity(certFromFile("ee-int-SA-OCSP"), PRErrorCodeSuccess);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
new file mode 100644
index 000000000..f9bc514d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG
+SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY
+12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti
+JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR
+5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6
+94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A
+Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
new file mode 100644
index 000000000..eb7c4b4be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
new file mode 100644
index 000000000..a92b75aab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUNTNJjnkkZVkSqyxFevGNL4LSwUowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBAxDjAMBgNVBAMMBWVlLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgkqhkiG9w0BAQsDggEBABqY2vFn+HYKesMyzER/V6bypmpBTSNerPdh
+cUaLKr0dIXqwhcNi1C/e4RVnMH/mQIru/ts5Q8g6FErgNaDk78fE329xvlxUF4d8
+3tagpgo58YXz0O+cTb9MjSb4esoq8wSb5/7XJwIOOUekGDucou3SJmjhc5PJsz1M
+tC0LZdS9/dW9isNC7cucG3iqqc7JeWi5wjnaDOlDa97fn307PDhoxpa/RCBOQHIu
+c4HAdZmVa7bfq3xHTCo7/tyDGRSVBkJoNPVQq87sHPUKjBETUFiIvwhwkQdE+Xav
+0cJeEbpH/v8dBtnIqSPdz/pNym0RAbj3vUxUefrwHf9vRkGI540=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
new file mode 100644
index 000000000..d49cabaa2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-CA
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
new file mode 100644
index 000000000..e213e4494
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUJ0QK+zSmb5HCuQ8LczjgBonFNKgwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVlLVNBLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQBrWrTkqS66uaIJtips
+SYF7wyReLJVmft0oAR2cWejAJcW00smFFkAttsxhMw1ttSKF3y2++zfPe24ufIjL
+w1l2xa5dDPaHHS5dNvbcjmNWjb6zjErWd7d9fpMpeWA828Yy51hXViuj+DktVz+z
+XF+Q0v8oVgaIPRClhwzt40rjNUlXG7S6ZJP6pcCZuWeMryRfmCt4SBgqjUsFZBHu
+U2iPv+624W/Ov0jnpHi7TmHQY1veAvUEllnxXABMosWyrY2L8TPKIhi/5wWUtliH
+BWKJR5x4mS4tIrLUPPDB3tX/rATaX1MPO1x30UsYmj4PJg84j1o1mGdes1bKTTpb
+gwJF
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
new file mode 100644
index 000000000..5250cc4a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-CA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-CA
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
new file mode 100644
index 000000000..926ccbe8e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUF5x+VY327TZW9Rb4sP1wubzN60kwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLVNBLU9DU1AwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjITAfMB0GA1UdJQQWMBQG
+CCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsDggEBAA4WIwtwzwVqvYG6
+zemLkiA2Po4Y3gjucKY9WY/ko7PjSRjZs4CM4JbIEtnWJUe0HlDyDRO7csv8WABo
+15lrLhqGW/1vPVVuUUnpsDTiJN4cJnF7CLpT2GO/teYvmt1ZY+n5JhfI4FDO6t2x
+xsIgRv7SFMqwKv5OiqGAFScgkYnsNZa9q+aqzGNcTJbJXvLuiTpdUL1vxoT2iiYo
+rO/tlCnqAG9ryCS7/ZbiNytd3aOV0+Y64Sh7NoFbs3RJMNqGUklTL8qpaHgO3v0c
+mzI9eh7683imPMZ7o7EeEOHix0M/6G7fFP7XF46ww6skQKfPqhPtoGoxN0/zpJWI
+7VMlXFA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..3b3eff9ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-OCSP.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-OCSP
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
new file mode 100644
index 000000000..177e17a7f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUO/vVDR6vZfT1VN3k7nnF9d2DfaQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLVNBLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyIwIDAeBgNVHSUEFzAV
+BggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEASeKD1BrhVCUv
+xLJWGeeMLQEmhC9jzTqPnkhVgdnQLVgbT6uGUBfb6thCqUwzkmqeSS3FwDlHrcuW
+mZtvRVjmTJtkXnqW0ItmrfmGBzcky6Yf1JFIKh4zcj2dWDX7Z2jL/G80M0Sd92gA
+dGNFK/7hJi8fK7GEwCsZuXrOF5V2tIJuBgSbadDP/BXkQQzdgJuymPlNNOQ2AUle
+UJdlMMeAHN46ElQmTJ5qFO/q+73RXx2X7GKh/zMjnFoZmOjv6kcHNVirLghwyn5A
+TzhUqyxYJIOesx2iToh3eounF5+ON+Tv24GZwHt8+LpywN4pbrvwdubiuTDgYBRC
+U8xbVBqd0Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..4c51425ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA-nsSGC
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
new file mode 100644
index 000000000..0b01c231a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUWQVaB4XyLq+dtmI7YOOKHIfM+xowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBAxDjAMBgNVBAMMBWVlLVNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxcwFTATBgNVHSUEDDAKBggrBgEF
+BQcDATALBgkqhkiG9w0BAQsDggEBAJqJhFqbvu7bF39gdfgp7zkiESuvlR1O9YNR
+42QE9E8vzXz7Yc3D6EDT54WmSRtbPa2y/LAeOQkUFV3vp5oFnHpU2dV5QH/p4clh
+oRG1hCr5sicPGTNpUuD/ZQrYAzFt/EtfdhNEq81lPS2GZ/mCy+mWE8jNBUnOVO2Y
+TtkAGJJafLEPghu5X4xQuxPJuPT1IycADL4bFxZUqRqoGUhcVeeGhUidz4I2q3rn
+qRvdMGbWXx4o343M4H3auQMiVAnUzkCZIyUN0n0T35JfckIwthZSffFF6oBy0RDJ
+bS/DoluvZ2NlJ8HIujgn0LOcJpKvxh7Yx1+5iBAM5+Hiwr0lQ6E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
new file mode 100644
index 000000000..690f579af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-SA.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-SA
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
new file mode 100644
index 000000000..3e37a4a72
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUGaRSC/MYTPhfTuLxPkyLSJSeh8swCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQAVnl1ZyAFD1Q9U9sWZZ4xqSV22f4eG8ox79yvIIQkb1kj4hsopxeRjwVMU
+uND1/J1ravsvPoTy/fdawYFTmeW65XzzXypnreSxM4O0J6DTEE1UNrvj3yb8RaWh
+JNBbjmcGKHDfU4CpQ28vgWKgPH4NzVnqvy9mMzbfkwBInfK1z+6PT9iQGaw5w1UI
+ML0uD15Vd7Tcx2YjUdxCeqBnyS295soWVHRqI32HsPRVSG0Xt7JVzmVtrGS/dyPk
+jrTFh6gd9tdcQf7sKDOQpwIRo5iE/uvRndXUe1kE48RQnt+VMJupQWA03Gxu3a0P
+pCx8oCJbwVyfNk+p6obXosFOTrPG
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
new file mode 100644
index 000000000..670973930
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-CA
+subject:ee-int-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
new file mode 100644
index 000000000..0c95864e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtzCCAaGgAwIBAgIUC68xy9MKWn3DXtSpmvrui0OyNr0wCwYJKoZIhvcNAQEL
+MBQxEjAQBgNVBAMMCWludC1TQS1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgw
+MjA1MDAwMDAwWjAXMRUwEwYDVQQDDAxlZS1pbnQtU0EtQ0EwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZI
+hvcNAQELA4IBAQAVhShahEDEtyapGsFV7MvyyS9dqsmklEsnNAfJ+3yXb81yfYDG
+maQdAxVf/nNH71PYlOJOxTb9JeV26vf/mSFJOcwrODP5vMrUJdopo011QKsgm046
+qumgVfqPqPHhzpWBoQTNfQHpOV/iVKjBRZu+hD/x4LLlt4G8jVXwayG58t/d1/7Q
+Yv8a/2Dv+b07Q25EW0tgC8WraaP/KXPnbYArOu0sgWoRGMhc8fpswwSPas3xqrwz
+MtLDyfllAPZthvthTeeIUWdWClvpJqrBSqlTPBaS8AFCntaROQHNaAbzBCIdZZKg
+uZ9K9l3lUeUsDaNvVNuUKy5SXuno/wO/mr3Q
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
new file mode 100644
index 000000000..bd012ab71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-CA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-CA
+subject:ee-int-SA-CA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
new file mode 100644
index 000000000..6f6b17601
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaWgAwIBAgIUARy1oarqQUJskMjRknN9jLVwVHQwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBkxFzAVBgNVBAMMDmVlLWludC1TQS1PQ1NQMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsG
+CSqGSIb3DQEBCwOCAQEASPYSc13k95EbV7+XmbxGacDe4LXWsy4P+oUsbNaSLtA/
+3ojBL3IaznMNZ3O7fVdQoPGtN7SxPKZtC44GLx8va6i32pXhwBp29mcc3vjAUwnl
+3GsJmw7/KP9C/KGZpf46ofw7ORDSs+32NB7QuKssh+FMpIYblDMVISX2fNqEQ5qB
+BktkgWh8EsgwbCLqHapgtfY2i/y1MtKBLxpIfCqx59iMCbA90ZvuELpA+2F6ZtR8
+7BvgC4zJ0YgkYrQApPjM00aFBAtjGEnsFBCRfpBGDIavqgfZoUlzh1jw9pTbF5ux
+1jX+GL3TOF3DG2qhylJh+w2Dogyyc7G2n7mvGIHfSQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..2374d248f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-OCSP.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-OCSP
+subject:ee-int-SA-OCSP
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
new file mode 100644
index 000000000..4345d995c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvTCCAaegAwIBAgIUTR//dWc2i2WpKXdEqfs1MgNXtVEwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtU0EtbnNTR0MwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEw
+CwYJKoZIhvcNAQELA4IBAQANPvkHZK6XUFOFNO0ZWRCOd8ZA4btmK1vttAOEMVWy
+GDVu2SoYDN6JW11wJr6L+V1P7cTF7e3+4sC0oS9LoTCPxie/6UAsyBUOQvl45dHw
+udRHJBPH04E8KWAa+odOK9McKgNt4oUA0DHm20eXDuISUEiV7R5N8XrpUweIgkFg
+iXJnOebZYV4lrIAC5CvFJ6ubUVdJ3rqQfrTMmJm4DYaS0zGEqglP/TGwLb9r9QdQ
+iJ0kktUZb3jiZYQAYZnSfGyiyy20bstt2WlXXTKKB5MBoDYW6mzL0NwwQOl6Nf6V
+UfglFYd9/E8bsa69VIlvGekfYcOdrAxsTMliayTIwKjG
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..6c3cb6473
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA-nsSGC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA-nsSGC
+subject:ee-int-SA-nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
new file mode 100644
index 000000000..97ea224d6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUczLFMp0nvVMly27yYa/Y6nG0kpEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1TQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtU0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQCaGWv/SDygA6tYqxX/ild+418YW5bTpTzUoWppENrVQ7WRdLAz91/9dhPS
+Y9znou5eLMVa7IoOqaNG4x7DvefqenYhKGDyQbVahOalsVVYTke901B9I6ci9wfp
+wsKBYkLDzedlOCZVzU8aWH+uBi5ZOOD0T8NcTQE5x9T0gExu7rUOLa91+4h8NRTY
+m1yyX9zSpZuY65qveSX47FR0QbPAjq5KNyUcGuQSjEf9fUsVXEC9QAuaQHJEROR2
+CKzbaqtRlLqv89B9OKVsbdstLTW/L7tRTQNpkjH2lLgxfGBPDy8eHSpVW/WvBKlu
+/WxDnqx2W8TrJKA/RIQ56MeaOP+b
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
new file mode 100644
index 000000000..72ddb78df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-SA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-SA
+subject:ee-int-SA
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
new file mode 100644
index 000000000..703d5b29b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAamgAwIBAgIUG7btAHXGerwL88Jd7sb8IkeFKBkwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGzEZMBcGA1UEAwwQZWUtaW50LW5zU0dDLW9sZDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+ATALBgkqhkiG9w0BAQsDggEBAA/82zxrEW1c/neIl0E5/KOr0NL/F4lAdN+WUTT+
+P2DSf8Ke0EKO9lgMZKDBptlPT/XzTvmzvT3tM8vjFdcOF+1QQtFqoQ2pwpg7lXTA
+2hh/gSNklJfWCSQkgVr07fCX0/ip7TM7R9pBhL+x5MSQxdF7xW9eFP8lE8dq3L93
+1iIApcexVSjb/MbGBr9rRe0LvdY5wRjbGPxCEyp/316CxXg29vWwYalW96CnZHnR
+SAl34xTEaLeHjC6eeDSt4Fna5obAEw/p8dcC6TnGkKHEcZ/wSRNU42K8kIR0Rjdh
+EyWRvajemwXDlKsLgRcWqN+nL8hn0O0yI9mKLxo6oQNsApA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
new file mode 100644
index 000000000..c8444d337
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-old.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-old
+subject:ee-int-nsSGC-old
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
new file mode 100644
index 000000000..45bab52a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwzCCAa2gAwIBAgIUV1Eo/pl5MBWjV8NHjvDSYjdoz9cwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAdMRswGQYDVQQDDBJlZS1pbnQtbnNTR0Mtb2xkZXIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4IBAQCoka+kd2S/FnF34++D0mZ4xSeFqNU9ookP
+oKqeQp8wXUtemulTI0MKOFavJjzq82Vm1LJLoFf46lU3q6oTuH/ylj9VMJn9/Etm
+v+kJyjydlx1MVQUacQ+v+9QxwsYvt9KjgqSUDlwoh6BX8dKKFHgYKJJx7JyvyeHp
+5FfSlEEIFdwWb42bzx4a6Va3lA6svpWP5mDZOOwp6b9wP8Bw7WxXQgjYP8pOmwYy
+Q9inlnGCdTC2GhV5CNL+eq43eGdL/gAvQ1aCZPKovICxMzkv9f5Sx2nGcDUnqcJD
+kICrqJ6gjTm+Q86UOSxiIioVSDt2BZjbyhBj4wgjCzsM4zeMcx+l
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
new file mode 100644
index 000000000..c5b12e8da
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-older.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-older
+subject:ee-int-nsSGC-older
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
new file mode 100644
index 000000000..3bf0f2bac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUe35zCPUg4TWN0gQjqfNVjK8KFqgwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5zU0dDLXJlY2Vu
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAATALBgkqhkiG9w0BAQsDggEBAF2ltx1XJtzG/bhTsu/bo9qr3p9Um2Yr
+2aXMzX8GNR/wmxBHVhNjBMHzQeuDBbYOkssDXQThFn3qAvLixNkD3cFez5D2LG0o
+fR/Ftb7XDsEw6MdBNmjgrM1Sse3v6DOVKMcdoJ+HS7FZ4USbeJ0dkWvv4f1Secjk
+yo1mZx3nq9cw1qI5pnH95YncD8u2rzErWeZHpIRW7SxfabpPxhlUFFyywST11WEa
+bZa2H4h5oFBmE84gDteDjM8BA9PbuPkwqS7MmfvdPHT9mwH+ppln4Ays/v9HnjmU
+qRRyYP73/S8/J/N6DDXAQCJ3yWLIm08pFC0RS+mF729M0B0g4F52NpU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
new file mode 100644
index 000000000..6e736adc0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-int-nsSGC-recent.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-nsSGC-recent
+subject:ee-int-nsSGC-recent
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
new file mode 100644
index 000000000..6849a15ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUeS+Bwx6kFrNZMCbqJdx6V/Dd4pIwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBMxETAPBgNVBAMMCGVlLW5zU0dDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxgwFjAUBgNVHSUEDTALBglg
+hkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQA/aXkP4qYhXpfW4Vk+Y4L8ufv0/LzR
+VkObq/K9xdbt53X5i1cur+VmE8BQlaDTJ0lZ+efSvKZsBHLjLJWs7ghzBEQY0zW9
+bh56nwwEgv91GMUJeb4krm8Pe0N5b15QrtQE4nFCHQs9Bkkhmhm9Dormw20fa1A/
+82ADTMMhTen4bJYpKbcWP9z0pv3wattrfKpsNHYprgV7eqznjAsr2hClc089CsFl
+msc+2gbiz+yk2TO7naaWhuNc5p8zevPb5m4UzOVKqnXqGdjJ2ev8j5N7LYAB6IJh
+68vieEO/P1ovkSUUmR69jaI0eIiWEfYqbW4v9d8/pMutmyeOZh3RT5u+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
new file mode 100644
index 000000000..43d58ab6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/ee-nsSGC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-nsSGC
+extension:extKeyUsage:nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
new file mode 100644
index 000000000..67125227d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUafQ18/NBMv9lR5wdiAdnVzIZvWkwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDAjALBgkqhkiG9w0BAQsDggEBAHljHawI2YeWnSsd
+ERqVkdmQKh+VKosuBp7RwiEZcLk8lRMtmgIkrCShc1HNsGW2X1QDk3btC0GRXXO4
+UFmpDFrcnblhCfkD73Gann6uk/1P7J7B+cG9HOrw9e8keazclz/FXgPXcTr061SO
+fhJaPB6/6sYWw2f6o6lBg5uGZKrJtZiEjEqUAI0/eh7QJ0N8jdG8kzgOAFsvaS6C
+LWtDAr1HwTRitb6AFeI+jP/hhAPQkuxbts1RmJUFQdTBmM/GwyT1LwBUpxgXW0xM
+ta/7BP7TaBtsZx9N3hH7L4ADMU3E0rb7yYtN7RF40eRXB9RvnYy4Tn4YTIsaZFnR
+xC6WzJ4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
new file mode 100644
index 000000000..e5bc18198
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
new file mode 100644
index 000000000..aaa392db5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUAepQZqbEvSiQSE1cR9U5YmUbq48wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBQxEjAQBgNVBAMMCWludC1TQS1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMvMC0wDAYDVR0TBAUwAwEB
+/zAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IB
+AQAl23nZRqJVVi1D4CrC3FPJyitFtZF+ss85jSvtNIH1DK0tZHYpTqouVdBCVyz3
+31vb5Yq+33V0Lg4LS39Q7gYz3ofcyCCuTpSvYL6dV0EEbiYX6AVwFXXD8jeV16/V
+7QFI/pae7sjr/2v2WJVmupdt1lT2hWVd/rilYBZPgri11QSiZVJP6qmf5AcA9dkg
+pyZ5su1SwOaFN0XdrwvnW1+SSFYQtOWTfffr9ctMAXF0uGv/duGHLxPt2MIXvwWg
+83che74+n8mYuZNUCTOh+BG/bR572KWDFY/hwBDpWXJUmFh5GtF/z29NDnY9IFyQ
+HyE5qtltjnv0D2vSA2f7eoyH
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
new file mode 100644
index 000000000..94e9a42d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-CA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
new file mode 100644
index 000000000..e487b8ef6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcqgAwIBAgIUY0Zp7/A39C/kccD4uV3b1yP2K1swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC1TQS1PQ1NQMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAMBgNVHRMEBTAD
+AQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDCTALBgkqhkiG9w0BAQsD
+ggEBAEwVcLGSPMdCLiXXgXqDdEU81Ti3bfp3pEzI+g5X6H27cbLwNMb+DM1Qu6wt
+w8UpXCxP6i8F3XnrKZCdfJG7caDlDoylCPpXaVd37B4lPcnd2j1sfb3PwG4cp2x7
+Qv4ur3sjG3nVn3kSKgrTVCojyo876Iy/ZKQpQAtiggS4pG7ztRPIPOVIZHzNEUfQ
+RUpD9RFuoezM2aAPaTjTixKtIWjL1Fc+OCWHn4uAkPAnRuTm3SRIgVPREk2671oo
+9OAtXwaNsEn9+P6FBdV69BE68n2Tl6bv8scE0JvSBJg3NfCq7gZJ16rpQXW0fEGV
+ZqQiPT0JAJFYcK/l0ynVFZ4k9ZE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
new file mode 100644
index 000000000..c38a640b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-OCSP.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-OCSP
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,OCSPSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
new file mode 100644
index 000000000..29c734bb6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUUazTcP2+J+/snjciQqhPNClvzlAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC1TQS1uc1NHQzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMwMC4wDAYDVR0TBAUw
+AwEB/zAeBgNVHSUEFzAVBggrBgEFBQcDAQYJYIZIAYb4QgQBMAsGCSqGSIb3DQEB
+CwOCAQEArh/GECvDvQVnv2UdZUx5nL1VTxr1GS30/e83nTmTrIeN+lV9M4UR8UL5
+ecEl9eDBxGnTAAlvK1PupSQgZJzzDFD2tkqMWNrKwMMHTt4zPCx2gA6KBQcp9Dsj
+ThB2jUAwcK24eXAcfEj2XRROhoKkKScd2Qo9FsFBl7r91KWTlHTsdkdT3wSJ73DP
+jYn4S7Y82OiNgIY5KacH+L9VqY1MHI1TDlMb+MBYDniUbmpMMB0lE1EIt0oiu6XQ
+n20+81inwxonsMikHI0YGdttWPotm8Yu/PxvwIeiOYd8fOPZkzD5rhd5aJLmOoMk
+GuVcrNke+iBvK6Fc6A2uTj6t9CV6zg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
new file mode 100644
index 000000000..c84201d87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA-nsSGC.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA-nsSGC
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,nsSGC
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
new file mode 100644
index 000000000..538b6d2ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUfYQTgJQVjmkz6KfdBM+7rJ9TXLQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1TQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDATALBgkqhkiG9w0BAQsDggEBALnNW8RtP4S8LNYc
+fpYdeArseY6SkVXSiYLWb7kUVuhGcJPO11FVfU4SCVdYqz1f1+4bev41ao/K5/dn
+hs9koIzRFqErl7kP6Xi6jSwLKpl/rD3BH9waa7k57rJHrt6KCzOMICaIXQBPxzlg
+hZBp9BFeuOxb8lJjSWXbplgAsU4FhAHVbTUWw9BfjbTAyoIx9N4r3X8ah5TDLlUN
+NPp/aPKuC2jpRb9yEnOMvw8ziXmCjEFEIT8D+Z00OLOaCJ2dmsR6vWtE3qKwxFTG
+14zYiG6pqTUwrg9F/F0mi4AoRkCIqNbiHvvZGaVLTpgOOG0EZgLH9WXMf+30RsDD
++DinBfU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
new file mode 100644
index 000000000..74bec2b21
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-SA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-SA
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
new file mode 100644
index 000000000..0d20e07ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2TCCAcOgAwIBAgIUbcXBg0y82WEm7Yor5jl0vYp6sLQwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBgxFjAUBgNVBAMMDWludC1uc1NHQy1vbGQwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1UdEwQF
+MAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEAM+vf
+k8pAexjnMg1N5zp/X53Q6CaDseUj3FWnO/prJiMSWa2pcE+09naIc2gR7YsuapRr
++7Z1cOrF7uKVRnSKHmmZHGr+/EtoUuhwtkMpcbaCL5061Of6Un8UnK5sAQTECUip
+CMChu0kX/qVlBiE/eJG2lrq8lycCdhjjjQjS0Fk1Jikh33/JeJCCay/pWOoiagv2
+ansOq+gUWiG55jTGT4b+0TdY70rLX7WDpliqieTfd7xVB0Zv4U41ydI/tcP5lo3g
+/X4szNbZNyu9dRmLjVqDS3lhGGnRPiDblxlKm6vafrsd3zk4vg+UJlrHPP1q94Bh
+Fbax9mimAkqXvI/F+A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
new file mode 100644
index 000000000..35f61671e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-old.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-old
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
new file mode 100644
index 000000000..f42288896
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUDUfr/LSKxxp6n1UoiDvmm9b4cCswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUwNzI0MDAwMDAwWhgPMjAxNjA5MjQwMDAw
+MDBaMBoxGDAWBgNVBAMMD2ludC1uc1NHQy1vbGRlcjCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMmMCQwDAYDVR0T
+BAUwAwEB/zAUBgNVHSUEDTALBglghkgBhvhCBAEwCwYJKoZIhvcNAQELA4IBAQAY
+46wuAov03l8b+soIfL0TR+7LMwHnekiaa6M52nToHE8oDyH0NgFx4mMbdQYxKHvi
+xn9Lgp650JN0ofkJ2Z5lduakAW8n316+bfimkJVCHst7jhSEc7qWAb96kLabZD7U
+N+8cpelepAbfe8vpH043qon8tg9fYABZ4RrXCEQvhb+nHbNnW+GgnnnrtD7GM165
+krU12IDIOO/rQ04/vrKOa0p+Zv+oaLJMLhPPeXlQTno/bRY9VRq0oQej3iOyd6vH
+wfq2PUCmTeOziI8YO6V9Ddtc/TYPwh3yF0AtKFXsl9MZ3xrlD17pl1BsVdIGANQf
+qus1PdEkVZc8fRGBCJKv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
new file mode 100644
index 000000000..f7a870c0f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-older.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-older
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20150724-20160924
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
new file mode 100644
index 000000000..a2a6dfd89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUE3ByAD3ROipiblgZuY8BtAMhi6swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwODI0MDAwMDAwWhgPMjAxNzA4MjQwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC1uc1NHQy1yZWNlbnQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjJjAkMAwGA1Ud
+EwQFMAMBAf8wFAYDVR0lBA0wCwYJYIZIAYb4QgQBMAsGCSqGSIb3DQEBCwOCAQEA
+VPtQzyrS2EDjCT6V7b8KKEXAyl70GZe1rD2s/xS+Uj43la5vVQyB0PtabDTh4lVy
+hut0M0o3E9hQ39qswMOcmNQdTnXTrhUzJPuGUnXxb8Jxjv+FR6+M8cmcdIlnFfXF
+HQXwVn9LzvxwlbMatY3xQXrKQz6RzrMQ0V6tYKZZSHZvecy1iCbr2CIpU7I3D2aR
+NatT1GYjaU+8u2afAoYKd+euB7pVMew7JuAxJ13iM1IMWyMil+/36ZOv5MBSSWRU
+7ts0vZeH5Ne0kEYf5uOY7LWaw7fCo7HKiyOcB0xSvQL1BvjTf6NqbCO4a29BYQF6
+Ieyp6ItfrpIuwcpfyq1d7A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
new file mode 100644
index 000000000..f421ddc1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/int-nsSGC-recent.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-nsSGC-recent
+extension:basicConstraints:cA,
+extension:extKeyUsage:nsSGC
+validity:20160824-20170824
diff --git a/security/manager/ssl/tests/unit/test_cert_eku/moz.build b/security/manager/ssl/tests/unit/test_cert_eku/moz.build
new file mode 100644
index 000000000..7a4124e02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_eku/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee-CA.pem',
+#    'ee-SA-CA.pem',
+#    'ee-SA-OCSP.pem',
+#    'ee-SA-nsSGC.pem',
+#    'ee-SA.pem',
+#    'ee-int-CA.pem',
+#    'ee-int-SA-CA.pem',
+#    'ee-int-SA-OCSP.pem',
+#    'ee-int-SA-nsSGC.pem',
+#    'ee-int-SA.pem',
+#    'ee-int-nsSGC-old.pem',
+#    'ee-int-nsSGC-older.pem',
+#    'ee-int-nsSGC-recent.pem',
+#    'ee-nsSGC.pem',
+#    'int-CA.pem',
+#    'int-SA-CA.pem',
+#    'int-SA-OCSP.pem',
+#    'int-SA-nsSGC.pem',
+#    'int-SA.pem',
+#    'int-nsSGC-old.pem',
+#    'int-nsSGC-older.pem',
+#    'int-nsSGC-recent.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null.js b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
new file mode 100644
index 000000000..4e4767560
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null.js
@@ -0,0 +1,38 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that a certificate with a clever subject common name like
+// 'www.bank1.com[NUL]www.bad-guy.com' (where [NUL] is a single byte with
+// value 0) will not be treated as valid for www.bank1.com.
+// Includes a similar test case but for the subject alternative name extension.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function do_testcase(certname, checkCommonName) {
+  let cert = constructCertFromFile(`test_cert_embedded_null/${certname}.pem`);
+  // Where applicable, check that the testcase is meaningful (i.e. that the
+  // certificate's subject common name has an embedded NUL in it).
+  if (checkCommonName) {
+    equal(cert.commonName, "www.bank1.com\\00www.bad-guy.com",
+          "certificate subject common name should have an embedded NUL byte");
+  }
+  checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN,
+                        certificateUsageSSLServer, {}, "www.bank1.com");
+  checkCertErrorGeneric(certdb, cert, SSL_ERROR_BAD_CERT_DOMAIN,
+                        certificateUsageSSLServer, {}, "www.bad-guy.com");
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_cert_embedded_null/ca.pem", "CTu,,");
+
+  do_testcase("embeddedNull", true);
+  do_testcase("embeddedNullSAN", false);
+  do_testcase("embeddedNullCNAndSAN", true);
+  do_testcase("embeddedNullSAN2", false);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
new file mode 100644
index 000000000..7e846ed83
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAgIUPzul3x9eLLB//njMNwnlOFqHCCcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABMAsGCSqGSIb3DQEBCwOCAQEAbPT/bQi9B1F3k6Xa8b8yG56+KqssBjA/BQXp
+TbXHd2xwtlbpiCzA6pI/MTiTzR4y9dj7mD9kj/vcD4GEcrhe0IBJ/juim68EhbFM
+QQ5KRSITj51+hPAvK2E79AAvyCweRndxqvlAak9PfJX4zEUoo07pQ6qE6tDaLgCN
+dZ3hV0syAE29Gtj86ew8Z6fPOoA3Sd9xw9wqULdZk+XG4rWMQzuoXLR1OHzvHQs0
+sP1mMhTCRdXwD7xmbhY4Zhsey2tagADlLTIVCKZDWdTjwVACxuRkvqX9Iy1/W16Y
+f0K7j6omyj/ziRnrNfKkCAl/REuTCrAWV8M0o/854RwFCg6UEQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
new file mode 100644
index 000000000..d1a32349a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNull.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
new file mode 100644
index 000000000..af4572d66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdmgAwIBAgIUX4OgrL3nEzXRzIfkNVd6fxsHvDcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCgxJjAkBgNVBAMMHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABoywwKjAoBgNVHREEITAfgh13d3cuYmFuazEuY29tAHd3dy5iYWQtZ3V5LmNv
+bTALBgkqhkiG9w0BAQsDggEBAKyN7qvmdcryAaKPxDKEpIEg7emhEigt7sNYq41I
+ZteYbYRSsJDIKs+n7TmaQ2Qtxdb3KNJGxU5jd6nBqh+WZrhjWJjZNFP9VT29pZpf
+H+D2yHvJV8It5OU86IaAjNxEopGJABXf1EwP3RSsmbI8PFrSLzzkV7qY+kgMbVLX
+Txswvv5nITzWu4BXmznusDf/xdY9kR9EK2KZo9fCbBgzqoCFB9dtPsZmzDSHerYi
+o0Mh33JwVgDLi05yd/RVyi3TYjaSNDA0TcnyPirKPJDDFzHWyqP/Yd0G6WI0Ke9G
+ka0v/vIh+cLqMozHPO4Ks1MfRqWqsbCTRYnlqOW0iYZghR8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
new file mode 100644
index 000000000..1029d6cdd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullCNAndSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:www.bank1.com\0www.bad-guy.com
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
new file mode 100644
index 000000000..b0e05c6b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUGytwo7XSf4hWQWGePWi/WuFru/4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB4xHDAaBgNVBAMME2VtYmVkZGVkIE5VTCBpbiBTQU4wggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjLDAqMCgG
+A1UdEQQhMB+CHXd3dy5iYW5rMS5jb20Ad3d3LmJhZC1ndXkuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAWYQZ0QVwm0rjYpWNZqD6gDOYFOo/DdaGgRWYF9wSueJaSqIY7Jwm
+GAwwDBqcyCZdqssZKtDogt2lgwG8Rt1uqQ46I/JNvFvNwujwHNtrh8FO/sKSs+v1
+I1+b9S7D8Kg6RrKcUXA2cUU+qPlt4J+WXlvVxgUmruJXdJqplerxs8gk9hic0Bc7
+Zo30xzScfp0WpqdMxnc2FupW3y5MfgGpf/98u1gvdS1gnOdyZWAfhtcPEyb+PSOU
+4nmtkDH83QKJ1QvHbjI2XqD57Ge3c+T2f4LpWw5+zn7K9kExNHsoPV4yqd87K5Ty
+j4keE9h15zF/CUBF37wYfK9hBxxis+SW4A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
new file mode 100644
index 000000000..f224888ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:embedded NUL in SAN
+extension:subjectAlternativeName:www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
new file mode 100644
index 000000000..b0672452f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdSgAwIBAgIULbAjgyFkKYWb9Jl7dYe85tJgrq4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2JhZC1ndXkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzA1BgNVHREELjAs
+ggtiYWQtZ3V5LmNvbYIdd3d3LmJhbmsxLmNvbQB3d3cuYmFkLWd1eS5jb20wCwYJ
+KoZIhvcNAQELA4IBAQCemALDXRTm0lPpWiP1xCJVhCA1SqhCMNRgwZtxClRr10FC
+l5qkR4Fy9RZoWSOO/obSid1tT6AKly8e49tUHaJ7b1KBPe0EAGPgNJPmlDafHFrC
+wSOsIoiboLrrs9R+xWL0/7nruo2OqlpAbOajBnfvJ65t6JGWPVlSzvbXigwgL2EE
+AfQQydWy5UDCW1/pQuAjd8WD3ZEz9IAgdM49zEeDss6a5t6RE4U+/acSTJBbZOOV
+q7k2tCKEWQwHhWWWQSeiS+JW4PXYXy/N8DYABPHaZ6nK1HoBRCnT2TMvKeDwhv0o
+Cw/NE/ytz6/STzYNV203SnVzmpkuvE4oG0IbGrZd
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
new file mode 100644
index 000000000..d352d034b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/embeddedNullSAN2.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:bad-guy.com
+extension:subjectAlternativeName:bad-guy.com,www.bank1.com\0www.bad-guy.com
diff --git a/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build
new file mode 100644
index 000000000..9e2821867
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_embedded_null/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'embeddedNull.pem',
+#    'embeddedNullCNAndSAN.pem',
+#    'embeddedNullSAN.pem',
+#    'embeddedNullSAN2.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
new file mode 100644
index 000000000..148ee4b27
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot.js
@@ -0,0 +1,71 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+// This is a certificate that (currently) ships with the platform.
+// It should be considered a built-in root.
+const sGeoTrustBase64 = "" +
+  "MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL" +
+  "MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj" +
+  "KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2" +
+  "MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0" +
+  "eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV" +
+  "BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw" +
+  "NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV" +
+  "BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH" +
+  "MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL" +
+  "So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal" +
+  "tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO" +
+  "BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG" +
+  "CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT" +
+  "qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz" +
+  "rD6ogRLQy7rQkgu2npaqBA+K";
+
+
+// This is a certificate that does not ship with the platform.
+// It should not be considered a built-in root.
+const sLetsEncryptBase64 = "" +
+  "MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw" +
+  "PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD" +
+  "Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa" +
+  "MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD" +
+  "ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD" +
+  "ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB" +
+  "BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg" +
+  "PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG" +
+  "dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1" +
+  "gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4" +
+  "4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud" +
+  "EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy" +
+  "BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j" +
+  "b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv" +
+  "ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ" +
+  "MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH" +
+  "AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw" +
+  "MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM" +
+  "LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3" +
+  "pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd" +
+  "v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd" +
+  "ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW" +
+  "ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk" +
+  "6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj" +
+  "f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=";
+
+function run_test() {
+  let builtInCert = certdb.constructX509FromBase64(sGeoTrustBase64);
+  ok(builtInCert, "should be able to decode base-64 of built-in cert");
+  ok(builtInCert.isBuiltInRoot, "cert should be considered built-in");
+
+  let notBuiltInCert = certdb.constructX509FromBase64(sLetsEncryptBase64);
+  ok(notBuiltInCert, "should be able to decode base-64 of built-in cert");
+  ok(!notBuiltInCert.isBuiltInRoot, "cert should not be considered built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
new file mode 100644
index 000000000..b17c592ee
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload.js
@@ -0,0 +1,123 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests that nsIX509Cert.isBuiltInRoot works as expected. Differs from
+// test_cert_isBuiltInRoot.js in that this test uses a preexisting NSS
+// certificate DB that already contains some of the certificates in question.
+//
+// To create the necessary preexisting files, obtain the "GeoTrust Primary
+// Certification Authority - G2" certificate and the "Let's Encrypt Authority
+// X1" certificate (copied below for reference) and perform the following steps:
+//
+// `certutil -d . -N` (use an empty password)
+// `certutil -d . -A -n "GeoTrust Primary Certification Authority - G2" -t ,, \
+//   -a -i GeoTrust.pem`
+// `certutil -d . -A -n "Let's Encrypt Authority X1" -t ,, -a \
+//   -i LetsEncrypt.pem`
+//
+// This should create cert8.db and key3.db files for use on non-Android
+// platforms. Perform the same steps with "sql:." as the argument to the "-d"
+// flag to create cert9.db and key4.db for use with Android.
+//
+// (The crucial property of the first certificate is that it is a built-in trust
+// anchor, so any replacement must also have this property. The second
+// certificate is not a built-in trust anchor, so any replacement must not be a
+// built-in trust anchor.)
+//
+// GeoTrust Primary Certification Authority - G2:
+// -----BEGIN CERTIFICATE-----
+// MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDEL
+// MAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChj
+// KSAyMDA3IEdlb1RydXN0IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2
+// MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+// eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1OVowgZgxCzAJBgNV
+// BAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykgMjAw
+// NyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNV
+// BAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBH
+// MjB2MBAGByqGSM49AgEGBSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcL
+// So17VDs6bl8VAsBQps8lL33KSLjHUGMcKiEIfJo22Av+0SbFWDEwKCXzXV2juLal
+// tJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO
+// BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoG
+// CCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGT
+// qQ7mndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBucz
+// rD6ogRLQy7rQkgu2npaqBA+K
+// -----END CERTIFICATE-----
+//
+// Let's Encrypt Authority X1:
+// -----BEGIN CERTIFICATE-----
+// MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+// PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+// Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+// MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+// ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+// ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+// BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+// PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+// dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+// gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+// 4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+// EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+// BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+// b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+// ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+// MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+// AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+// MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+// LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+// pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+// v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+// ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+// ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+// 6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+// f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+// -----END CERTIFICATE-----
+
+"use strict";
+
+function run_test() {
+  const isAndroid = AppConstants.platform == "android";
+  const certDBName =  isAndroid ? "cert9.db" : "cert8.db";
+  const keyDBName = isAndroid ? "key4.db" : "key3.db";
+  let profile = do_get_profile();
+  let certDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${certDBName}`);
+  certDBFile.copyTo(profile, certDBName);
+  let keyDBFile = do_get_file(`test_cert_isBuiltInRoot_reload/${keyDBName}`);
+  keyDBFile.copyTo(profile, keyDBName);
+
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+  // This is a built-in root, but not one that was added to the preexisting
+  // certificate DB.
+  const veriSignCertDBKey = `AAAAAAAAAAAAAAAQAAAAzS+A/iOM
+    DiIPSGcSKJGHrLMwgcoxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwg
+    SW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgGA1UECxMx
+    KGMpIDIwMDcgVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25s
+    eTFFMEMGA1UEAxM8VmVyaVNpZ24gQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0
+    aWZpY2F0aW9uIEF1dGhvcml0eSAtIEc0`;
+  let veriSignCert = certdb.findCertByDBKey(veriSignCertDBKey);
+  ok(veriSignCert, "Should be able to find VeriSign root");
+  ok(veriSignCert.isBuiltInRoot, "VeriSign root is a built-in");
+
+  // This is a built-in root. It was added to the preexisting certificate DB. It
+  // should still be considered a built-in.
+  const geoTrustCertDBKey = `AAAAAAAAAAAAAAAQAAAAmzyy9EgK
+    AOL+6yQ7XmA+w2swgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJ
+    bmMuMTkwNwYDVQQLEzAoYykgMjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhv
+    cml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdlb1RydXN0IFByaW1hcnkgQ2VydGlm
+    aWNhdGlvbiBBdXRob3JpdHkgLSBHMg==`;
+  let geoTrustCert = certdb.findCertByDBKey(geoTrustCertDBKey);
+  ok(geoTrustCert, "Should be able to find GeoTrust root");
+  ok(geoTrustCert.isBuiltInRoot, "GeoTrust root is a built-in");
+
+  // This is not a built-in root. It was added to the preexisting certificate
+  // DB. It should not be considered a built-in root.
+  const letsEncryptCertDBKey = `AAAAAAAAAAAAAAARAAAAQQCYE
+    /R1E+V1C0PnQx6XHkS9MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRyd
+    XN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDM=`;
+  let letsEncryptCert = certdb.findCertByDBKey(letsEncryptCertDBKey);
+  ok(letsEncryptCert, "Should be able to find LetsEncrypt root");
+  ok(!letsEncryptCert.isBuiltInRoot, "LetsEncrypt root is not a built-in");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db
new file mode 100644
index 000000000..87abcf35a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert8.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
new file mode 100644
index 000000000..b4567566d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/cert9.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db
new file mode 100644
index 000000000..37241a743
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key3.db
diff --git a/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
new file mode 100644
index 000000000..ed8747112
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_isBuiltInRoot_reload/key4.db
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage.js b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
new file mode 100644
index 000000000..dd6fc4274
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage.js
@@ -0,0 +1,57 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+const caList = [ "ca-no-keyUsage-extension", "ca-missing-keyCertSign",
+                 "ca-all-usages" ];
+const eeList = [ "ee-no-keyUsage-extension", "ee-keyCertSign-only",
+                 "ee-keyEncipherment-only", "ee-keyCertSign-and-keyEncipherment" ];
+
+const caUsage = [ certificateUsageSSLCA, certificateUsageVerifyCA ];
+const allEEUsages = [ certificateUsageSSLClient, certificateUsageSSLServer,
+                      certificateUsageEmailSigner, certificateUsageEmailRecipient,
+                      certificateUsageObjectSigner ];
+const serverEEUsages = [ certificateUsageSSLServer,
+                         certificateUsageEmailRecipient ];
+
+const expectedUsagesMap = {
+  "ca-no-keyUsage-extension": caUsage,
+  "ca-missing-keyCertSign": [],
+  "ca-all-usages": caUsage,
+
+  "ee-no-keyUsage-extension-ca-no-keyUsage-extension": allEEUsages,
+  "ee-no-keyUsage-extension-ca-missing-keyCertSign": [],
+  "ee-no-keyUsage-extension-ca-all-usages": allEEUsages,
+
+  "ee-keyCertSign-only-ca-no-keyUsage-extension": [],
+  "ee-keyCertSign-only-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-only-ca-all-usages": [],
+
+  "ee-keyEncipherment-only-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyEncipherment-only-ca-missing-keyCertSign": [],
+  "ee-keyEncipherment-only-ca-all-usages": serverEEUsages,
+
+  "ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension": serverEEUsages,
+  "ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign": [],
+  "ee-keyCertSign-and-keyEncipherment-ca-all-usages": serverEEUsages,
+};
+
+add_task(function* () {
+  for (let ca of caList) {
+    addCertFromFile(certdb, "test_cert_keyUsage/" + ca + ".pem", "CTu,CTu,CTu");
+    let caCert = constructCertFromFile("test_cert_keyUsage/" + ca + ".pem");
+    yield asyncTestCertificateUsages(certdb, caCert, expectedUsagesMap[ca]);
+    for (let ee of eeList) {
+      let eeFullName = ee + "-" + ca;
+      let eeCert = constructCertFromFile("test_cert_keyUsage/" + eeFullName + ".pem");
+      yield asyncTestCertificateUsages(certdb, eeCert, expectedUsagesMap[eeFullName]);
+    }
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
new file mode 100644
index 000000000..68cfd91f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUdys2hGpJxVbK3B7BShZ/+fevEdwwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNY2EtYWxsLXVzYWdlczCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wCwYJKoZIhvcNAQELA4IBAQB3
+PnTXfyK1lZATja9ooGeUFCvJlscLeOSqHoy2NfvZ8EgQYgRFwIyoqKnDvNxoc/tG
+5K4SItulTTK2rG9g5e9NCVrbUThj3AMevJn9YpY/MWc+e8bsLO+djeKPYGGtgOAo
+kj8O5jxoFPItElLIOC9yEQEM02AohkZu4AaoCL2RHsdYDGGqJJHNsjjpumtu5WWR
+/sz2+sxfbnxub+IMk2TgoN/1/OeyFJ/BHPPi3jjiwi/fY9mtBSpYltArZsWu9Moa
+qxqj0b62YfiiqbPPPMy3nqRtcnta8GvKB7j51ONbnwb/pE0Zaijeb286a2JOyItH
+6mpoeFIefyemcfMwFChc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
new file mode 100644
index 000000000..2ca523c74
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-all-usages.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-all-usages
+subject:ca-all-usages
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..b2f21337e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUNZz9C1mmhSFhZ3hsQHPCZYTR78owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWY2EtbWlzc2luZy1r
+ZXlDZXJ0U2lnbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahE
+jhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1
+a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1p
+GrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW
+2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcO
+p2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJR
+xDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfow
+CwYJKoZIhvcNAQELA4IBAQCigLN4JNjaNQUV2oR8T/hBi0oYuPHnNsdKOlC1RJXI
+ol12HE7fI9Yhdp25Nt48fxDu76e19nF+SBpE1hcnE8Bt9BLiyV0Na572f/lrLTx+
+sMDZ+Fq9+tAjagxJgmozXEoLPqDZDR0IlZzeNyqhcrSomqKie4AHxjaXKk32Kwip
+eJfPolWij8NTX+M8JGiNVdMNakMhW4h7ulKvTDXjS1OhWd64tlPAuR/TZCZcfpz6
+Z08CgLcCUT928SG3Wz25FIZK9qiQkMEn7QNtIsF8SmAru0z7AEVuLFUnA71XP084
+hnAO09l608qaSq+xHq5GZ20mzP4ZllomqTKoBufBJ5J0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..26e0158eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-missing-keyCertSign
+subject:ca-missing-keyCertSign
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..42b620d4e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUJYmyGPLkKFkTp5JuDYcONVz01gowCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1uby1rZXlV
+c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcN
+AQELA4IBAQAEWzxixVODFWyBRURV4lePTqSy6lTKdiuClufSPtjVv6SVo1ZzfcYy
+71dMnGdQ0zaEAj/twPAYB6RG8Ri7gb+Iven3tYMGDAhAwwcrKQovphLlc5ccRkXw
+Sbw03aacwLoLbheElOBRYM7RInNV/K76SSUXkVVSKfB39nob0vL7je22UUR/1WjO
+6WOsYS6AsgLTzQLLhhDpHXUQVyfHHJ2EivwceGtJPmcHbBRognDybUK1lt/5hKqo
+zHUx7oa5qvAN1rZ/CtrEnSoaqY5BwmUqINalL0sAPwsd6FZM9G0kZaQpVjW3LgnY
+orFxjJ1rrHx8dMjEK0bUT3JcvwfA+Rqv
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..d32e6a649
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ca-no-keyUsage-extension
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
new file mode 100644
index 000000000..bdf9b0969
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUL2/9azGOStHNpzE5OuF9/eXyXgYwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNpZ24tYW5kLWtl
+eUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsGCSqGSIb3DQEB
+CwOCAQEALRuAiMMiGyBra0dMzHR/98nFyiKriXYhp30XGU5hOb3nlumGuQoR6huq
+mUnOFD7PjIeLRfvSyT0HisAr3xR0Cx2AlM8XV8iyyT5S3Obe5z6St5+mLWEtiiBg
+BFPedxTz4M4npdKwEcc6fKhNknZdl/6QtbLWJbV9pqZWkNM+BoZNePo/vVl0ovKG
+7cF4eZilmXD10MzMOQbgZwUOqfP9L6r49mCs7xuJBEAkwE/pnfnFuJyE8bbfGUzY
+BkOj3ZnfOGk1sr8wSGK6LF7ArG2BUokOSstrjoT6v1Y5aXpCwEa/WECEpqphlAe9
+hloiRSezmE2LeOQS+bD0hQXfPvN6gw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..0bb2721a3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..07af0afad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUZWIH141D/q0jpqLy24q/Z/V5Q24wCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLTErMCkGA1UEAwwiZWUta2V5Q2VydFNp
+Z24tYW5kLWtleUVuY2lwaGVybWVudDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIkMAsG
+CSqGSIb3DQEBCwOCAQEAYW3PJELJRWf/BpPb8gWUlGt0e3CIwjQqy/OsrXokniYE
+0wDGDQBBBwWUtZ+2Y9b9Buu83NfdYLdLO5fG1ZMSWudSpAvGNoFAbkbyMovnxMuA
+JdV36gfuyxl0nQ86iv3NgRaU7fDG2+wgukd6ugjX3KgKcgskZNS/qyyJNOCWl6M+
+JSC2Jpsz8ES9x8YsqblM/ERsrMXIWJd2r1/TZ0RT6yHIgkZcem0OyypJoMcfvwyA
+92OYV29xCMUjGahOPd3b2WeP1xfIDOQu06/W1u3Ut2locR8/irKPSkgADNFN72/7
+usjX3lxFPwbpTlj4ehDizqQM8/Zjd7TSuT5U8mGGUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..567ab0ce2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..c5fafc299
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUTVrDE/LymICBYiBG+hIxeTNzILMwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAtMSswKQYDVQQDDCJlZS1rZXlDZXJ0
+U2lnbi1hbmQta2V5RW5jaXBoZXJtZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAiQw
+CwYJKoZIhvcNAQELA4IBAQB+abMJm5HdoKeMDzcqQpSLvSJKhbqrmujR8AKyHF9H
+DQyvFHARUL6GoOxvaILJCTUWGqobHdTFQjhWCOuYjtqQf1CXbgtXAUVL8/EOncnS
+UXcsti2r8h1WT/cDsXbnbmjloO1e/NEHHSK9Cm4zPSaoKQSYVSuXvKr8D9XZXvzj
+JJh0lkmVyhq79kw3aXWg75VQOllhQ7kplPjlbs4XAjWgmyCUJ2v/M5yDn9nNxnqG
+UyNLBEJkoaztUMZnEbx92cGD8FS721kaAZo5pslWx93+sHhHbwA9i5L1VG8UPX+T
+mb/DZkhekaPXrecmw4DZlhdbx0DiDbKpnzYM71YYbmUe
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..c48ef6612
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-and-keyEncipherment
+extension:keyUsage:keyEncipherment,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
new file mode 100644
index 000000000..7f6c21909
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUEYlPxi8Q+zUVKvxclDzrfiQ+PcEwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNpZ24tb25seTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9
+PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3
+HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3Dg
+Dw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7
+EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SK
+lWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0C
+AwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAcPa8SfjBKZd8
+qiQeFZSeBUWQB99PcTmJm87XvRH02p5pYzyIydHQ+Esv+kAOjOnZRbrVsd/2jvc+
+/Ae8HpJ/HcNjcSZPWsZ/qCQ/VAi1KkLtW4ETjECOUccCdY2hwBZ0l0XO6XZ3jutR
+GjOngZ91INAcrTv9eq1JKVyc9AxIkNid7vHQ7re1GWp01zBm2c8O8yw8HshTD7JC
+sD+2fiImj/nRsUZT9FPKRh6e1231ZQt4k1IF6Hfrke6vGnHGsOKcISwATMaidk28
+fb+UOopqL+LCxyKXjuNG7jx6EPLTaoN4zDQ3/ZBYAcscdoykzzMHMn7dgqUGgPxu
+kjrUn+ycag==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..c495ca6d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..6a3e4ee0e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUG3wZGBaOAqM35Kdlf4GoCOK353owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUta2V5Q2VydFNp
+Z24tb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEA
+SeCJZFpmZUB53Cdu+/E8VarNp6jgZVf9KwOP3ihTWkvm7lRtlde8N5aTOP4cfrLp
+se8Xh+ODEo3oNYY9WfvXigDKC1zMc+7+flx53TesO7SUVK5FASCoP5MfVWh+J+4k
+dF6mbtXTOWkrIGSTmkjkGu7LmHYu8RVDagu3UU2zkFwZ/XruUB9ya9ABL6Bx5Th2
+KNcOVqTzdPYi9Uthz/imXbc5xBf6R47CuDu72zOoJJv4mLj6O1Qu3c5S1vrs3/l8
+HvoKu5J+yZRWmneJRJaIcKNBNWoKVQd++r6LlRa5kKMwYUe1tysc/mstGadeJhQB
+kFqHtTynqrDY9dp4oPCXGQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..23ddd0eb8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..0f4446e8c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUKfpiB0n/DY53n/8um9gvIXVTf7wwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAeMRwwGgYDVQQDDBNlZS1rZXlDZXJ0
+U2lnbi1vbmx5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMCAgQwCwYJKoZIhvcNAQELA4IB
+AQAdgSy6hksLymW1pdbptv7dR/9LZt9pvBfXh2mJo+rt3FAO6Pc2hQdap3hZjOP4
+a3mlJXkQ+xhXt+mUBzEn/zeKWvAG0/RX7WqGhHU9BR2BIdfxUAYmZSoTnK0Q+8sn
+vtV+gQhVTB4FiAyvcE0Xno23Ge0HXTjL4PBsmEmTSrI0mgIpCY+LgOUs0Px3fu6S
+OIHGKmiCqprDaOk8vA7cXfqF0i6/aOuAgu9yP6PtdgORdkEj1SRcbP3L4BX6DkZ4
+8RxdP7Us9zJc8JbXaNYsVmGhs1K1U4P7IeDqK99+idqkv5IZOGmRH6XSDNSKAWGL
+7q/AnWlxjKyP1PXHQDs6fI0D
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..a5a2d62a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyCertSign-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyCertSign-only
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
new file mode 100644
index 000000000..5cb293924
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAcGgAwIBAgIUCagPpigas5zVKduGrpGcKSE3bs0wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBoZXJtZW50LW9u
+bHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braI
+BjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVa
+p0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB
+7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4C
+kC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJv
+aeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgK
+Ne2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsDggEBADVINQwH
+c6c0CNWqnwCuW+lwsFZ53TlZAeSzqCwnd/wRtBEAAz8KSmfoy158l1gz7M/1RpEn
+I0cdEWDOGzqXea1nIBHP3JBoHRe/ZVm6VWW4KgNgXfi1X7wN0UWjADX1XBhebo4f
+qVFRm4vatqyGEbm+sNvnJy2OXlC6g8VYeTmfXeLFmcHzWwJ59d3UYLB7fuW2R8GQ
+xQSJnkR1vAUJNX2U9WUriiTalLP7DkoYoPODqSmC2S2W/gaU3R2Lv/EwX/o+I9xe
+luxL8Zm6YctCfNNWdDDe8cqa1+h1meVr1QJww8Bmt8K9WIqDWjr+Lq5N/ZNbnt9f
+HzdZ40d5wD/9Cxc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..08154a53e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-all-usages.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-all-usages
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..75e64e3b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4DCCAcqgAwIBAgIUA37iPfJhzPzGvR57p7UZYQrfgUIwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIjEgMB4GA1UEAwwXZWUta2V5RW5jaXBo
+ZXJtZW50LW9ubHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjDzANMAsGA1UdDwQEAwIFIDALBgkqhkiG9w0BAQsD
+ggEBAKjvH8ZfuHOX5TvQfjhWK4bItjHec6pZeRDF0V2cGAVOu66Qk6ZJc8oUtH/N
+zAV0WLJ+CmJa4BU2fc56LWbomPO5bqSgbVJuf72bPr/ppWIpXxtVJJXbnY0UWcFs
+rNLBQfUlJzhApfsm/DgkRN/9ztHFi7MfgdpOaKjmFfy2WtOJnLzPH3/vsH2VAlDV
+2YAdMSwCiK52FLBhGel+S63FagTNtkozPY83ePU0nstSakdfXfLEpM0vnJCUQgFJ
+7SR/Eg1UbRSu/RWppEoFjEUnc+utXM8++9RlbO+0O5g3QpoVjI0iAgI5mMpAdYOj
+ZfovJrJ1KiU3NFgCu2KS7QNbo4g=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..9bdcf4b7b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-missing-keyCertSign
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..7707ffa36
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUVaKLSYOm33xK4veKbBmaWOu6OoowCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAiMSAwHgYDVQQDDBdlZS1rZXlFbmNp
+cGhlcm1lbnQtb25seTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgUgMAsGCSqGSIb3DQEB
+CwOCAQEAcH/p+TMlDVgnQ6pHcYKDaPcHOTxbVAF/WO5Zx8jtXZQZq3Ls7HzKh7Nb
+vF1nLvdNiAXmz58ynA83SQAj9dzU4etX4PRBqFFNVUXJngsWTqPBeBoPUK2rgWdE
+BpsqczEkBtLGX3+MdVFoc76x66oVoHItUP2bTcEPCRrivPjPE4FvQMMzenbz9iH/
+z5n4IiwYE3KHnkzv/SI3fR7ZB/JEy1DcQ9eSsHAauS9N+FB1RI+tmi7dsPUPxEsu
+PZ+YMoKF/qUvsLC8bFLm9Lxaj76F60ZDJib/Q+Lfll0D9zuKLtYUcYnVJOxExasE
+PPPsmL1LO2t4GR6Ohr0scBp2DouuTw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..a2383ecfd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-keyEncipherment-only-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-keyEncipherment-only
+extension:keyUsage:keyEncipherment
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
new file mode 100644
index 000000000..37a0b68b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxzCCAbGgAwIBAgIUGbQXZixwJI9yhFsp9KXc1wHRU60wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDWNhLWFsbC11c2FnZXMwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNhZ2UtZXh0ZW5z
+aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANC3lB6czGJeL8EiQbEf+DUGDXETg
+pTfbnV4si7kJ2ft5bXhltO92pus+v6jUjCFfQdxWfyzoJKX7FNlfRqtAPXXnjV9+
+UdvleX2IXtyGuvWb1J8wp9Ky+Yx1OBAEFtvGhjFnvYdt2/30S6eW3UmRfyBKshx7
+ZOASwi04RRWTvuvUN76UD+Fiy5RpLOHFAxb1o4oscTsncVarFqxQ76FviskjH8jH
+LcMWOAG4KIqQuteWhdUEO2B0MVsj6JYDCZEiXU2WGRlvzd3GcQqffxcQatyVkX7y
+hz/j+C/JEkCp9KN9g7DHbXehusONkmU/LgwkmKBtiU9yJMyK2PU/0qKFoQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
new file mode 100644
index 000000000..6d2e67296
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-all-usages.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-all-usages
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
new file mode 100644
index 000000000..bc192ff9c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0DCCAbqgAwIBAgIUC6nvDJKsdXHlkcwJjyB1tgpBS8owCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmNhLW1pc3Npbmcta2V5Q2VydFNpZ24wIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIzEhMB8GA1UEAwwYZWUtbm8ta2V5VXNh
+Z2UtZXh0ZW5zaW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAr86WOKGBV6SUEBuH
+/jEA5AWdo/iv6Y6l3qJxCR2QxLu9WU5T95FwimLDvnc9YfDXb8Y7skLZVutkpVQ3
+jUZ86jF30c0/gT1x/4MhqJGMKZ+bWLgQkL+Odv1rpP/M9FhDmQz35T9IkedFE+QT
+znUH6BkOAd4KII1QGDKP34iFwtzdmypTZIWcw2Qvg+OSB/Z+MBdDq0giiabpSd2e
+xWfKsZAP+XmltADeZhF2Iicle7m6seajfQDaQam8j3F0Tktj4n62JGfcxQdjEcpO
+wbSIz3QkhJi2IAyEYaJNa4O6d/GG8qLo8ouvppB8nQxWeDr3PKOI0PGDlZT/2qzs
+rPWlfQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
new file mode 100644
index 000000000..3cba2f0d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-missing-keyCertSign.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-missing-keyCertSign
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
new file mode 100644
index 000000000..340de5e33
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAgIUdTpgn8FIg/Q9On6r92BmokOw4U8wCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLW5vLWtleVVzYWdlLWV4dGVuc2lvbjAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1uby1rZXlV
+c2FnZS1leHRlbnNpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IBAQAki2UmEYnRUxwj
+U7WHSwJKfzl42K/sMceI1VICE00QEhkyFenM3tuxqr8S2H3QlqjHPPORlyEcuP5T
+mchTpgU2lIbPxbNQjALSp2OOxo5WDBsl5G4H+Mw5OqgvcvH9Ko0hnxVMYuDvrziC
+4V6yoj6P+LS9NQ0yOHMgMkXG10DAXTEp/L8KHd8STaT8FNIC/kFJWq24yodASdwJ
+ak9RRPpMkC0XMT+LFhjjWrJvzyJKsyMnDB7RtH++MxnlwpqkHHX/Kq46yMPUheWC
+jJBIRJRHn1eED+6fatv89/2hqCLimGYA3FaFSxtm+UITHqLpnGCRNlLIwiMwNT6L
+K9zvsxW1
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
new file mode 100644
index 000000000..c850725a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-no-keyUsage-extension
+subject:ee-no-keyUsage-extension
diff --git a/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
new file mode 100644
index 000000000..7fe54a9cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_keyUsage/moz.build
@@ -0,0 +1,27 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-all-usages.pem',
+#    'ca-missing-keyCertSign.pem',
+#    'ca-no-keyUsage-extension.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-all-usages.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-missing-keyCertSign.pem',
+#    'ee-keyCertSign-and-keyEncipherment-ca-no-keyUsage-extension.pem',
+#    'ee-keyCertSign-only-ca-all-usages.pem',
+#    'ee-keyCertSign-only-ca-missing-keyCertSign.pem',
+#    'ee-keyCertSign-only-ca-no-keyUsage-extension.pem',
+#    'ee-keyEncipherment-only-ca-all-usages.pem',
+#    'ee-keyEncipherment-only-ca-missing-keyCertSign.pem',
+#    'ee-keyEncipherment-only-ca-no-keyUsage-extension.pem',
+#    'ee-no-keyUsage-extension-ca-all-usages.pem',
+#    'ee-no-keyUsage-extension-ca-missing-keyCertSign.pem',
+#    'ee-no-keyUsage-extension-ca-no-keyUsage-extension.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js
new file mode 100644
index 000000000..83b4fdbc6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_override_bits_mismatches.js
@@ -0,0 +1,89 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Test that when an override exists for a (host, certificate) pair,
+// connections will succeed only if the set of error bits in the override
+// contains each bit in the set of encountered error bits.
+// Strangely, it is possible to store an override with an empty set of error
+// bits, so this tests that too.
+
+do_get_profile();
+
+function add_override_bits_mismatch_test(host, certPath, expectedBits,
+                                         expectedError) {
+  const MAX_BITS = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                   Ci.nsICertOverrideService.ERROR_MISMATCH |
+                   Ci.nsICertOverrideService.ERROR_TIME;
+  let cert = constructCertFromFile(certPath);
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  for (let overrideBits = 0; overrideBits <= MAX_BITS; overrideBits++) {
+    add_test(function() {
+      certOverrideService.clearValidityOverride(host, 8443);
+      certOverrideService.rememberValidityOverride(host, 8443, cert,
+                                                   overrideBits, true);
+      run_next_test();
+    });
+    // The override will succeed only if the set of error bits in the override
+    // contains each bit in the set of expected error bits.
+    let successExpected = (overrideBits | expectedBits) == overrideBits;
+    add_connection_test(host, successExpected ? PRErrorCodeSuccess
+                                              : expectedError);
+  }
+}
+
+function run_test() {
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_override_bits_mismatch_test("unknownissuer.example.com",
+                                  "bad_certs/unknownissuer.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("mismatch.example.com",
+                                  "bad_certs/mismatch.pem",
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH,
+                                  SSL_ERROR_BAD_CERT_DOMAIN);
+  add_override_bits_mismatch_test("expired.example.com",
+                                  "bad_certs/expired-ee.pem",
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_EXPIRED_CERTIFICATE);
+
+  add_override_bits_mismatch_test("mismatch-untrusted.example.com",
+                                  "bad_certs/mismatch-untrusted.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("untrusted-expired.example.com",
+                                  "bad_certs/untrusted-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+  add_override_bits_mismatch_test("mismatch-expired.example.com",
+                                  "bad_certs/mismatch-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SSL_ERROR_BAD_CERT_DOMAIN);
+
+  add_override_bits_mismatch_test("mismatch-untrusted-expired.example.com",
+                                  "bad_certs/mismatch-untrusted-expired.pem",
+                                  Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                                  Ci.nsICertOverrideService.ERROR_MISMATCH |
+                                  Ci.nsICertOverrideService.ERROR_TIME,
+                                  SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_overrides.js b/security/manager/ssl/tests/unit/test_cert_overrides.js
new file mode 100644
index 000000000..038ca814f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_overrides.js
@@ -0,0 +1,340 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests the certificate overrides we allow.
+// add_cert_override_test will queue a test that does the following:
+// 1. Attempt to connect to the given host. This should fail with the
+//    given error and override bits.
+// 2. Add an override for that host/port/certificate/override bits.
+// 3. Connect again. This should succeed.
+
+do_get_profile();
+
+function check_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_CERT_ERROR_OVERRIDES")
+                    .snapshot();
+  equal(histogram.counts[0], 0, "Should have 0 unclassified counts");
+  equal(histogram.counts[2], 8,
+        "Actual and expected SEC_ERROR_UNKNOWN_ISSUER counts should match");
+  equal(histogram.counts[3], 1,
+        "Actual and expected SEC_ERROR_CA_CERT_INVALID counts should match");
+  equal(histogram.counts[4], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_ISSUER counts should match");
+  equal(histogram.counts[5], 1,
+        "Actual and expected SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[6], 0,
+        "Actual and expected SEC_ERROR_UNTRUSTED_CERT counts should match");
+  equal(histogram.counts[7], 0,
+        "Actual and expected SEC_ERROR_INADEQUATE_KEY_USAGE counts should match");
+  equal(histogram.counts[8], 2,
+        "Actual and expected SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED counts should match");
+  equal(histogram.counts[9], 10,
+        "Actual and expected SSL_ERROR_BAD_CERT_DOMAIN counts should match");
+  equal(histogram.counts[10], 5,
+        "Actual and expected SEC_ERROR_EXPIRED_CERTIFICATE counts should match");
+  equal(histogram.counts[11], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY counts should match");
+  equal(histogram.counts[12], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA counts should match");
+  equal(histogram.counts[13], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE counts should match");
+  equal(histogram.counts[14], 2,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE counts should match");
+  equal(histogram.counts[15], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE counts should match");
+  equal(histogram.counts[16], 2,
+        "Actual and expected SEC_ERROR_INVALID_TIME counts should match");
+  equal(histogram.counts[17], 1,
+        "Actual and expected MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME counts should match");
+
+  let keySizeHistogram = Cc["@mozilla.org/base/telemetry;1"]
+                           .getService(Ci.nsITelemetry)
+                           .getHistogramById("CERT_CHAIN_KEY_SIZE_STATUS")
+                           .snapshot();
+  equal(keySizeHistogram.counts[0], 0,
+        "Actual and expected unchecked key size counts should match");
+  equal(keySizeHistogram.counts[1], 12,
+        "Actual and expected successful verifications of 2048-bit keys should match");
+  equal(keySizeHistogram.counts[2], 0,
+        "Actual and expected successful verifications of 1024-bit keys should match");
+  equal(keySizeHistogram.counts[3], 58,
+        "Actual and expected verification failures unrelated to key size should match");
+
+  run_next_test();
+}
+
+// Internally, specifying "port" -1 is the same as port 443. This tests that.
+function run_port_equivalency_test(inPort, outPort) {
+  Assert.ok((inPort == 443 && outPort == -1) || (inPort == -1 && outPort == 443),
+            "The two specified ports must be -1 and 443 (in any order)");
+  let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                              .getService(Ci.nsICertOverrideService);
+  let cert = constructCertFromFile("bad_certs/default-ee.pem");
+  let expectedBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED;
+  let expectedTemporary = true;
+  certOverrideService.rememberValidityOverride("example.com", inPort, cert,
+                                               expectedBits, expectedTemporary);
+  let actualBits = {};
+  let actualTemporary = {};
+  Assert.ok(certOverrideService.hasMatchingOverride("example.com", outPort,
+                                                    cert, actualBits,
+                                                    actualTemporary),
+            `override set on port ${inPort} should match port ${outPort}`);
+  equal(actualBits.value, expectedBits,
+        "input override bits should match output bits");
+  equal(actualTemporary.value, expectedTemporary,
+        "input override temporary value should match output temporary value");
+  Assert.ok(!certOverrideService.hasMatchingOverride("example.com", 563,
+                                                     cert, {}, {}),
+            `override set on port ${inPort} should not match port 563`);
+  certOverrideService.clearValidityOverride("example.com", inPort);
+  Assert.ok(!certOverrideService.hasMatchingOverride("example.com", outPort,
+                                                     cert, actualBits, {}),
+            `override cleared on port ${inPort} should match port ${outPort}`);
+  equal(actualBits.value, 0, "should have no bits set if there is no override");
+}
+
+function run_test() {
+  run_port_equivalency_test(-1, 443);
+  run_port_equivalency_test(443, -1);
+
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_simple_tests();
+  add_combo_tests();
+  add_distrust_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_telemetry);
+  });
+
+  run_next_test();
+}
+
+function add_simple_tests() {
+  add_cert_override_test("expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_EXPIRED_CERTIFICATE);
+  add_cert_override_test("notyetvalid.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE);
+  add_cert_override_test("before-epoch.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_INVALID_TIME);
+  add_cert_override_test("selfsigned.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("unknownissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("expiredissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE);
+  add_cert_override_test("notyetvalidissuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE);
+  add_cert_override_test("before-epoch-issuer.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_INVALID_TIME);
+  add_cert_override_test("md5signature.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  add_cert_override_test("emptyissuername.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_EMPTY_ISSUER_NAME);
+  // This has name information in the subject alternative names extension,
+  // but not the subject common name.
+  add_cert_override_test("mismatch.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is only valid for the following names:\s*doesntmatch\.example\.com, \*\.alsodoesntmatch\.example\.com/);
+  // This has name information in the subject common name but not the subject
+  // alternative names extension.
+  add_cert_override_test("mismatch-CN.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is not valid for the name mismatch-CN\.example\.com/);
+
+  // A Microsoft IIS utility generates self-signed certificates with
+  // properties similar to the one this "host" will present.
+  add_cert_override_test("selfsigned-inadequateEKU.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_prevented_cert_override_test("inadequatekeyusage.example.com",
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   SEC_ERROR_INADEQUATE_KEY_USAGE);
+
+  // This is intended to test the case where a verification has failed for one
+  // overridable reason (e.g. unknown issuer) but then, in the process of
+  // reporting that error, a non-overridable error is encountered. The
+  // non-overridable error should be prioritized.
+  add_test(function() {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, ",,");
+    run_next_test();
+  });
+  add_prevented_cert_override_test("nsCertTypeCritical.example.com",
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+  add_test(function() {
+    let rootCert = constructCertFromFile("bad_certs/test-ca.pem");
+    setCertTrust(rootCert, "CTu,,");
+    run_next_test();
+  });
+
+  // Bug 990603: Apache documentation has recommended generating a self-signed
+  // test certificate with basic constraints: CA:true. For compatibility, this
+  // is a scenario in which an override is allowed.
+  add_cert_override_test("self-signed-end-entity-with-cA-true.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_cert_override_test("ca-used-as-end-entity.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+
+  // If an X.509 version 1 certificate is not a trust anchor, we will
+  // encounter an overridable error.
+  add_cert_override_test("end-entity-issued-by-v1-cert.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  // If we make that certificate a trust anchor, the connection will succeed.
+  add_test(function() {
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride("end-entity-issued-by-v1-cert.example.com", 8443);
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, "CTu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_connection_test("end-entity-issued-by-v1-cert.example.com",
+                      PRErrorCodeSuccess);
+  // Reset the trust for that certificate.
+  add_test(function() {
+    let v1Cert = constructCertFromFile("bad_certs/v1Cert.pem");
+    setCertTrust(v1Cert, ",,");
+    clearSessionCache();
+    run_next_test();
+  });
+
+  // Due to compatibility issues, we allow overrides for certificates issued by
+  // certificates that are not valid CAs.
+  add_cert_override_test("end-entity-issued-by-non-CA.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_CA_CERT_INVALID);
+
+  // This host presents a 1016-bit RSA key.
+  add_cert_override_test("inadequate-key-size-ee.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  add_cert_override_test("ipAddressAsDNSNameInSAN.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test("noValidNames.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is not valid for the name noValidNames\.example\.com/);
+  add_cert_override_test("badSubjectAltNames.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+
+  add_cert_override_test("bug413909.xn--hxajbheg2az3al.xn--jxalpdlp",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_test(function() {
+    // At this point, the override for bug413909.xn--hxajbheg2az3al.xn--jxalpdlp
+    // is still valid. Do some additional tests relating to IDN handling.
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    let uri = Services.io.newURI("https://bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", null, null);
+    let cert = constructCertFromFile("bad_certs/idn-certificate.pem");
+    Assert.ok(certOverrideService.hasMatchingOverride(uri.asciiHost, 8443, cert, {}, {}),
+              "IDN certificate should have matching override using ascii host");
+    Assert.ok(!certOverrideService.hasMatchingOverride(uri.host, 8443, cert, {}, {}),
+              "IDN certificate should not have matching override using (non-ascii) host");
+    run_next_test();
+  });
+}
+
+function add_combo_tests() {
+  add_cert_override_test("mismatch-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SSL_ERROR_BAD_CERT_DOMAIN,
+                         /The certificate is only valid for <a id="cert_domain_link" title="doesntmatch\.example\.com">doesntmatch\.example\.com<\/a>/);
+  add_cert_override_test("mismatch-notYetValid.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SSL_ERROR_BAD_CERT_DOMAIN);
+  add_cert_override_test("mismatch-untrusted.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("untrusted-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_cert_override_test("mismatch-untrusted-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+
+  add_cert_override_test("md5signature-expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  add_cert_override_test("ca-used-as-end-entity-name-mismatch.example.com",
+                         Ci.nsICertOverrideService.ERROR_MISMATCH |
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+}
+
+function add_distrust_tests() {
+  // Before we specifically distrust this certificate, it should be trusted.
+  add_connection_test("untrusted.example.com", PRErrorCodeSuccess);
+
+  add_distrust_test("bad_certs/default-ee.pem", "untrusted.example.com",
+                    SEC_ERROR_UNTRUSTED_CERT);
+
+  add_distrust_test("bad_certs/other-test-ca.pem",
+                    "untrustedissuer.example.com", SEC_ERROR_UNTRUSTED_ISSUER);
+
+  add_distrust_test("bad_certs/test-ca.pem",
+                    "ca-used-as-end-entity.example.com",
+                    SEC_ERROR_UNTRUSTED_ISSUER);
+}
+
+function add_distrust_test(certFileName, hostName, expectedResult) {
+  let certToDistrust = constructCertFromFile(certFileName);
+
+  add_test(function () {
+    // Add an entry to the NSS certDB that says to distrust the cert
+    setCertTrust(certToDistrust, "pu,,");
+    clearSessionCache();
+    run_next_test();
+  });
+  add_prevented_cert_override_test(hostName,
+                                   Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                                   expectedResult);
+  add_test(function () {
+    setCertTrust(certToDistrust, "u,,");
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1.js b/security/manager/ssl/tests/unit/test_cert_sha1.js
new file mode 100644
index 000000000..f0d7c570a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1.js
@@ -0,0 +1,142 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the rejection of SHA-1 certificates based on the preference
+// security.pki.sha1_enforcement_level.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+// We need to test as if we are at a fixed time, so that we are testing the
+// 2016 checks on SHA-1, not the notBefore checks.
+//
+// (new Date("2016-03-01")).getTime() / 1000
+const VALIDATION_TIME = 1456790400;
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_sha1/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_cert_sha1/" + certName + ".pem", trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+  loadCertWithTrust("int-pre", ",,");
+  loadCertWithTrust("int-post", ",,");
+
+  // Test cases per pref setting
+  //
+  // root  intermed.  end entity
+  // ===========================
+  // root
+  //  |
+  //  +--- pre-2016
+  //  |       |
+  //  |       +----- pre-2016   <--- (a)
+  //  |       +----- post-2016  <--- (b)
+  //  |
+  //  +--- post-2016
+  //          |
+  //          +----- post-2016  <--- (c)
+  //
+  // Expected outcomes (accept / reject):
+  //
+  //                              a      b      c
+  // Allowed (0)                  Accept Accept Accept
+  // Forbidden (1)                Reject Reject Reject
+  // (2) is no longer available and is treated as Forbidden (1) internally.
+  // ImportedRoot (3)             Reject Reject Reject (for built-in roots)
+  // ImportedRoot                 Accept Accept Accept (for non-built-in roots)
+  // ImportedRootOrBefore2016 (4) Accept Reject Reject (for built-in roots)
+  // ImportedRootOrBefore2016     Accept Accept Accept (for non-built-in roots)
+  //
+  // The pref setting of ImportedRoot accepts usage of SHA-1 only for
+  // certificates issued by non-built-in roots. By default, the testing
+  // certificates are all considered issued by a non-built-in root. However, we
+  // have the ability to treat a given non-built-in root as built-in. We test
+  // both of these situations below.
+  //
+  // As a historical note, a policy option (Before2016) was previously available
+  // that only allowed SHA-1 for certificates with a notBefore before 2016.
+  // However, to enable the policy of only allowing SHA-1 from non-built-in
+  // roots in the most straightforward way (while still having a time-based
+  // policy that users could enable if this new policy were problematic),
+  // Before2016 was shifted to also allow SHA-1 from non-built-in roots, hence
+  // ImportedRootOrBefore2016.
+  //
+  // A note about intermediate certificates: the certificate verifier has the
+  // ability to directly verify a given certificate for the purpose of issuing
+  // TLS web server certificates. However, when asked to do so, the certificate
+  // verifier does not take into account the currently configured SHA-1 policy.
+  // This is in part due to implementation complexity and because this isn't
+  // actually how TLS web server certificates are verified in the TLS handshake
+  // (which makes a full implementation that supports heeding the SHA-1 policy
+  // unnecessary).
+
+  // SHA-1 allowed
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 0);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+
+  // SHA-1 forbidden
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 1);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  // SHA-1 forbidden (test the case where the pref has been set to 2)
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 2);
+  checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+  checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+
+  // SHA-1 allowed only when issued by an imported root. First test with the
+  // test root considered a built-in (on debug only - this functionality is
+  // disabled on non-debug builds).
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 3);
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint);
+    checkEndEntity(certFromFile("ee-pre_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  }
+
+  // SHA-1 still allowed only when issued by an imported root.
+  // Now test with the test root considered a non-built-in.
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+
+  // SHA-1 allowed before 2016 or when issued by an imported root. First test
+  // with the test root considered a built-in.
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+  if (isDebugBuild) {
+    let root = certFromFile("ca");
+    Services.prefs.setCharPref("security.test.built_in_root_hash", root.sha256Fingerprint);
+    checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+    checkEndEntity(certFromFile("ee-post_int-pre"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    checkEndEntity(certFromFile("ee-post_int-post"), SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED);
+    Services.prefs.clearUserPref("security.test.built_in_root_hash");
+  }
+
+  // SHA-1 still only allowed before 2016 or when issued by an imported root.
+  // Now test with the test root considered a non-built-in.
+  checkEndEntity(certFromFile("ee-pre_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-pre"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-post_int-post"), PRErrorCodeSuccess);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
new file mode 100644
index 000000000..3eb86849d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUM2w8iT4pElSjs7q3vwwClj34aqcwCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAGOFkUTVsazVYYVZn3v9wIKlEZYMfJ7B
+V+INq12QVUgENBzIfQ/TPIYz+mkY5uCr94v5YUmW0eeyaSwJPlNaKWOyR0pQYd03
+Bd6gltdcdRkHs2FBaSOOli9vR0IZt2FAKE6w/05xcV4XSZOpztAf1wXFCF+OF3F3
+TdRzcbUj2iVFH0Vh99oBL/CXAJ3yiJQZo/8W9433GuRLDFcvtInMfzjX1N+NxIbR
+TLXqjB/gOV8rcmnRtvloEEWibj7628QxaiOoN08VPSI8+9t1Fd2EkJzF9jmffrwG
+v3e9kb4X/08YG6hFRwjhQGgF/kcs2LMD5BiYAxPqc3KP3VrwmhVqQ6w=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
new file mode 100644
index 000000000..7e65e9ee3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ca.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
new file mode 100644
index 000000000..19d8f096a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZugAwIBAgIUJWQl8gkrLL7gPn47YYMdN7qBP5wwCwYJKoZIhvcNAQEF
+MBMxETAPBgNVBAMMCGludC1wb3N0MCIYDzIwMTYwMTAyMDAwMDAwWhgPMjAxNzAy
+MDEwMDAwMDBaMBIxEDAOBgNVBAMMB2VlLXBvc3QwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEF
+A4IBAQAuEj6tFW9t1D7+X7uAP6yb/rO0dKB9ZIkisPyxzKgOtl1yTyfeNOnylwLY
+W/et09JkBOqcp/lP8J30F4dciAdmff02FCd6uMnxPnihWRpnPZH6Fo5ZpbkUuRUk
+ufPmYx2qP4kZnsz/oHJKOpDPZCvLOYggkQEM4EOcds3DxAXYwoxjqEJ3H/n3/Bt0
+y78WvwJ3GV2N2uxL40r99tMM9dovujXwgPCxl27MCoAUIB0jDq3CboLLk9T55iVO
+HknFyCDjOcwOF4tSXyVWqp67pnHcwPKfF1IkDkGK5bBbT5+RS/md3PTh+7zsz7sN
+b22AlQXylN9RhPHywIK4RY4OX0Kx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
new file mode 100644
index 000000000..76834f844
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-post.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-post
+subject:ee-post
+validity:20160102-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
new file mode 100644
index 000000000..2d1ff2d2e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUIVsTCuql4BDO2r4O5zePBEoHg3QwCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNjAxMDEwMDAwMDBaGA8yMDE3MDIw
+MTAwMDAwMFowEjEQMA4GA1UEAwwHZWUtcG9zdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQUD
+ggEBADyJnTjky3W6jcfsSv9AS+aVYpJHzLexTI1wzv+ntg6zUFbpDb/RFerp61Wb
+zef+72XEJJtRQO28udN59OOnytX71ulvmmgSOeFNb/znLzGyIGf9ag8qIbt8m7/r
+jR3010kh9zruD1RE0QbTTPXeeFlh0yUT69ZvxRMWJxaASY/vibCjmR22hpiHjM+1
+bpXgUEtj4u8WFRVpHwGsca1uXjQQDgPaLv/7byiC1DtBHP1P5wdYtNXY+dL/W4mn
+y3Lqe96ddO9dIDetEdzzk7PLzqIkDJM1DiGrYxGgM70GjF1BiMGkskGMwfMfe6Pt
+UmMzpYci8vcbHF8lj+Ja8Aw3SHo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
new file mode 100644
index 000000000..1e8bb35b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-post_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-post
+validity:20160101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
new file mode 100644
index 000000000..a992d8272
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUOU+CyYnf3GRRgGHvbeJB8HTUvJ4wCwYJKoZIhvcNAQEF
+MBIxEDAOBgNVBAMMB2ludC1wcmUwIhgPMjAxNTAxMDEwMDAwMDBaGA8yMDE3MDIw
+MTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcHJlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBBQOC
+AQEAn0lp9zXbe2pAVI8aR/+xFD8AOTB0bzlD6xNIQahBPd/JE93ni1oi3N6PUKRp
+vtDECKigcX4OLOZid8rt82CS6I6/OiKYqfZrMmr3BMjpNFNOFZqhEGtm4y6j+hjo
+HV8FEXmse06hZkwIkqacF16+P9boBCP2mF5zrUuIML48GnwPCtb7KIEmZTl8dsXn
+oUMrAQXPZYTcCb6U8GVU3WQRMRLsZ+WenATuOZPZeDQRrYUkoaJ+KfGG/ZNnmw6u
+ribqtEPBu3CqXj5BZiF3rcr+QjSlluuGDWrR0TpGTJmBiTXilUYSWv/lKOJR7rJA
+89uNoWp/kCkbxWLlguPWAEx+kg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
new file mode 100644
index 000000000..0f4a6ec25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/ee-pre_int-pre.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-pre
+subject:ee-pre
+validity:20150101-20170201
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
new file mode 100644
index 000000000..c1a9ab2fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbWgAwIBAgIUU3gwFYS/POd5EH541PQ4aTV8eN8wCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTYwMTAxMDAwMDAwWhgPMjAyNjAxMDEwMDAw
+MDBaMBMxETAPBgNVBAMMCGludC1wb3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYw
+DAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQUDggEBAFwbiQ3x7M+JecpGomrBJ6uu
+ajH2cU5B6q3+842jNRTJ8kjE5sXvaaF5Zasdlp/pOq5Xu3tgniDuLbr280MxDx/i
+eyDBfZefJRskgBl/a4F7w0i0LlwYGJkyr++XWckEutO06ou6ATzsA6WAhh+O3fSB
+tLaf0V9Pof3pglNETpSlIFzQytoIc5aICMjt9Ur72S/IpM7sHkJoPpKwscOovTCp
+4k6jDTOHAHr8ck0X89KPHT/nRmm6bAQHsGMjSnrpEgXQ+ZuwVLEEdQPZ2L5028Uq
+RJn0mFu6Z53EYYrZURWdiq/p5N67TknC28REilfoG3PPqFD/CLbEMq5lrA5IGxM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
new file mode 100644
index 000000000..50156c9f6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-post.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-post
+validity:20160101-20260101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
new file mode 100644
index 000000000..41170f837
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUGZVI6HsbDll1DnYoYIZ0eqi4ZPwwCwYJKoZIhvcNAQEF
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjAyMDAxMDEwMDAw
+MDBaMBIxEDAOBgNVBAMMB2ludC1wcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAjpiGO9woF0OKiGVLk/SjpU3M
+NFbLNsFYGL6PQfpZHHCxc78qtZZ6uVM8fh9tRzlFbRx0eGWVFqcjxTrsAVopM+wJ
+1lRa8O4VXrtzhBoknPIBpdLvLYTdipLOL8qxCad6DdlX31JwQYgdmSUQ3YyqoCaC
+C3b3cVEF4h2A7hbBIxOTl1Xvs/aVbllYdnoO0HEs4FBrQVfQsjTPzJeF42GNW/OV
+KvX9XQ/Oq8r9sxyyGRKILj9yTqKtwXNU50QxW9MxN1vMY9w1skmMAMqrwn3FgjIU
+cxv3oqfeTwAa9V2S0B+4k3lX6Ku5ON1YRX+w5oD9RruHMu+qzJZMhrdQjhf34w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
new file mode 100644
index 000000000..9f0a59ee9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/int-pre.pem.certspec
@@ -0,0 +1,6 @@
+issuer:ca
+subject:int-pre
+validity:20100101-20200101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
+signature:sha1WithRSAEncryption
diff --git a/security/manager/ssl/tests/unit/test_cert_sha1/moz.build b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build
new file mode 100644
index 000000000..d94bb0498
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_sha1/moz.build
@@ -0,0 +1,18 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'int-pre.pem',
+#    'ee-pre_int-pre.pem',
+#    'ee-post_int-pre.pem',
+#    'int-post.pem',
+#    'ee-post_int-post.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures.js b/security/manager/ssl/tests/unit/test_cert_signatures.js
new file mode 100644
index 000000000..8be89c8a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures.js
@@ -0,0 +1,121 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that certificates cannot be tampered with without being detected.
+// Tests a combination of cases: RSA signatures, ECDSA signatures, certificate
+// chains where the intermediate has been tampered with, chains where the
+// end-entity has been tampered, tampering of the signature, and tampering in
+// the rest of the certificate.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+
+// Reads a PEM-encoded certificate, modifies the nth byte (0-indexed), and
+// returns the base64-encoded bytes of the certificate. Negative indices may be
+// specified to modify a byte from the end of the certificate.
+function readAndTamperWithNthByte(certificatePath, n) {
+  let pem = readFile(do_get_file(certificatePath, false));
+  let der = atob(pemToBase64(pem));
+  if (n < 0) {
+    // remember, n is negative at this point
+    n = der.length + n;
+  }
+  let replacement = '\x22';
+  if (der.charCodeAt(n) == replacement) {
+    replacement = '\x23';
+  }
+  der = der.substring(0, n) + replacement + der.substring(n + 1);
+  return btoa(der);
+}
+
+// The signature on certificates appears last. This should modify the contents
+// of the signature such that it no longer validates correctly while still
+// resulting in a structurally valid certificate.
+const BYTE_IN_SIGNATURE = -8;
+function addSignatureTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  certdb.addCertFromBase64(base64, ",,", null);
+}
+
+function ensureSignatureVerificationFailure(certificatePath) {
+  let cert = constructCertFromFile(certificatePath);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+function tamperWithSignatureAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath, BYTE_IN_SIGNATURE);
+  let cert = certdb.constructX509FromBase64(base64);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+// The beginning of a certificate looks like this (in hex, using DER):
+// 30 XX XX XX [the XX encode length - there are probably 3 bytes here]
+//    30 XX XX XX [length again]
+//       A0 03
+//          02 01
+//             02
+//       02 XX [length again - 1 byte as long as we're using pycert]
+//          XX XX ... [serial number - 20 bytes as long as we're using pycert]
+// Since we want to modify the serial number, we need to change something from
+// byte 15 to byte 34 (0-indexed). If it turns out that the two length sections
+// we assumed were 3 bytes are shorter (they can't be longer), modifying
+// something from byte 15 to byte 30 will still get us what we want. Since the
+// serial number is a DER INTEGER and because it must be positive, it's best to
+// skip the first two bytes of the serial number so as to not run into any
+// issues there. Thus byte 17 is a good byte to modify.
+const BYTE_IN_SERIAL_NUMBER = 17;
+function addSerialNumberTamperedCertificate(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath,
+                                        BYTE_IN_SERIAL_NUMBER);
+  certdb.addCertFromBase64(base64, ",,", null);
+}
+
+function tamperWithSerialNumberAndEnsureVerificationFailure(certificatePath) {
+  let base64 = readAndTamperWithNthByte(certificatePath,
+                                        BYTE_IN_SERIAL_NUMBER);
+  let cert = certdb.constructX509FromBase64(base64);
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_BAD_SIGNATURE,
+                        certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_cert_signatures/ca-rsa.pem", "CTu,,");
+  addCertFromFile(certdb, "test_cert_signatures/ca-secp384r1.pem", "CTu,,");
+
+  // Tamper with the signatures on intermediate certificates and ensure that
+  // end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSignatureTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSignatureTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem");
+
+  // Tamper with the signatures on end-entity certificates and ensure that they
+  // do not validate successfully.
+  tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem");
+  tamperWithSignatureAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem");
+
+  // Tamper with the serial numbers of intermediate certificates and ensure
+  // that end-entity certificates issued by those intermediates do not validate
+  // successfully.
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-rsa.pem");
+  addSerialNumberTamperedCertificate("test_cert_signatures/int-secp384r1.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-rsa.pem");
+  ensureSignatureVerificationFailure("test_cert_signatures/ee-secp384r1.pem");
+
+  // Tamper with the serial numbers of end-entity certificates and ensure that
+  // they do not validate successfully.
+  tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-rsa-direct.pem");
+  tamperWithSerialNumberAndEnsureVerificationFailure(
+    "test_cert_signatures/ee-secp384r1-direct.pem");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
new file mode 100644
index 000000000..d69aa25b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUO2lYN9PBRm2JcO9v6CRF34O3zf4wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjARMQ8wDQYDVQQDDAZjYS1yc2EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEALKYfcXwaFc61IDWngVq6
+3PdKTQHw31/w7GyBo19DE5MDVxyrXZq+fRAhGre8ge1gKrOlMcmLIoEVcK+y1MwY
+f4yIpStfOg+6Tf1C2e8UUTzhsolQxKFU0rtEJXPlRgMA2pcO6RjFhK2/D79icYra
+0U0OQrMnGGw46QPZkynKw4RwTZpCaJTkN8+LzXyik6Pj0mjpb7Xeo5FCmI6eEIkF
+n8Ni6pepA+kHCRqPQIkbl5tzrfVTUEKAVxnv2TeCrTCdDK6dRGVycrOfNlma34in
+Poo/6uDgjGyMp2c2zOpg6igYED/8SDMFzyHVQ52Db8xaPxOyNykyGTWEE3IW8cpB
+NA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
new file mode 100644
index 000000000..5890d2db6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:ca-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
new file mode 100644
index 000000000..efa00a41b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjjCCARSgAwIBAgIUUVp8W0nO+hAF/W78cEBWzlRXvGAwCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGNhLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzqMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYI
+KoZIzj0EAwIDaAAwZQIxAO0GJz6haDpUtNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ
+1OxFRuhW515lVbeTqfcA8wIwFdIanp6v61Q6pot5X6fHyn7G+ZIsEbHDPOZPaq0U
+QR5t1/Y5Fe4hDulAXXt+jvE0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
new file mode 100644
index 000000000..0701c23c1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ca-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:ca-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
new file mode 100644
index 000000000..17c1eddac
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ+gAwIBAgIULa69PvpLSrw920lPhbLY+O4VRUEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAYMRYwFAYDVQQDDA1lZS1yc2EtZGlyZWN0MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3
+DQEBCwOCAQEAF1HRj4EAiAQcWXyOijM6CkccZiCnnWGDJaEv2okPC5vYrDnhcrqi
+xmaYAtpyU60GzYslxy52f3n7kzykXB7Uv0fUFX3ZUedCNwEh8WTfks8mEDUeibt/
+eSK6uLuhe9njiWQv1b71QySUjcWDTfJ8JhpS1Dr8BdpEuWc7CUSwoQqS72iF4wou
+vjP7AD8WkmyoAlPSCAnL5P5n6iPdeFpupnQQ7apbH+6uhq0p9r6tuTWGdCJN8CHk
+hfQGuhERyTbmC0wOcE9NmVGM9MB0fn/W92GSr8ZWnQoudrH3H+HR3ULjV9TpB2W2
+RpfmOWnsPDTUM3q4qqYZcz1O+1CGgSe2qg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
new file mode 100644
index 000000000..4e25ddcf9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa-direct.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca-rsa
+subject:ee-rsa-direct
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
new file mode 100644
index 000000000..85a3256bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUS+9dGZZa6H0mcsDNp90hmo3/2IIwCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB2ludC1yc2EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowETEPMA0GA1UEAwwGZWUtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAdFA74biUzEKaexSV4U6UKgXlDez+YUjqZyPg+XJ88Zdt3ldBD2YFZLBYYX+B
+Mls6i5s+UsmH7X0OFD9JJf9ti1n/lNEriyj9tF35w020OtLrYRhTdiafGgwKZXj1
+FWgQpA8+lDXoVrSYOozfIZCR5RwTraJ676jy5l8+f+fY06gGfNOA+Raj3WI0veh/
+HZhXtF9K+qFzyYSX1c6YFFEUo3horxyyuEgPDF9gsmxHzErbPkbbTkgihdZKwXYg
+FUCIjKFNOtLTm+yESBi5YN69hO33mr5RbYsqu2Wwh+m0405dp7U0+zxOhoYVEpYb
+MIZgbeJrQjO6n/+sHPZXkYOhpQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
new file mode 100644
index 000000000..b974a0a0a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-rsa.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-rsa
+subject:ee-rsa
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
new file mode 100644
index 000000000..373e3227f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBdTCB/KADAgECAhQ/DpvvKy1cb0ww9HrO6/Ao0FwezjAKBggqhkjOPQQDAjAX
+MRUwEwYDVQQDDAxjYS1zZWNwMzg0cjEwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtc2VjcDM4NHIxLWRpcmVjdDB2MBAG
+ByqGSM49AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22CO
+JS3ktxMtqM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXED
+viiIz/AC8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNoADBlAjEA7QYnPqFoOlS0
+2BpDdIRIljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAjAboNLdytrv
+bPTA8IfMt71/9F/w9GqjK0616TVZY9I/DiERYT6X6PE2il/eMGaQEgg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
new file mode 100644
index 000000000..386ab95f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1-direct.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-secp384r1
+subject:ee-secp384r1-direct
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
new file mode 100644
index 000000000..b11cfd53c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCB9qADAgECAhQ7FJ+9gQKCxkNdRiyOldB2DMRpnjAKBggqhkjOPQQDAjAY
+MRYwFAYDVQQDDA1pbnQtc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBcxFTATBgNVBAMMDGVlLXNlY3AzODRyMTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABKFockM2K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMt
+qM6Y6DFTTmqcDAsJyNY5regyBuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC
+8Fr3Gh/dzIN0qm6pzjAKBggqhkjOPQQDAgNnADBkAjEA7QYnPqFoOlS02BpDdIRI
+ljzmPr6BFwPs1z1y8KJUBlnU7EVG6FbnXmVVt5Op9wDzAi9/y9J21YfiwsBalvKh
++ruL6jHmzpxdR7p5IORvNQEHWl6/H8cHmi3Wn8GieN5RgA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
new file mode 100644
index 000000000..b8f7993be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/ee-secp384r1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-secp384r1
+subject:ee-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
new file mode 100644
index 000000000..f01885f4b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbigAwIBAgIUET5f4owvO60JtJUbi1xFtlVRRaQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmNhLXJzYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjASMRAwDgYDVQQDDAdpbnQtcnNhMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTAD
+AQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAEHH8NBKQ0v8G/ad07vk
+v1LbgP5oEj2NXbFPCAgNez4M7XDgCPEtbiKCt1bBXtLrZPggCzyH9cTZjzJFMoNr
+6sB7x76+E+y6+jkKPCeMhsR4WL1GY4IFX7YueNQ94Twb+RAjHPJqEyI7GoTpRKhi
+0hix8QgPVOTdItp4Sm9AZiyHjlTIo5Lvphm708SFKT4iQco256zjLog7LE7NLZxo
+IZdUoUClnNXj0Ua4P4hbGf4uRIldSUV82Xbz6VNcVJ0fCB11YqlNsyXa3Nj5HyTN
+uBXMOItSedvOQmwwRM9QM5a/Uy5vUhZeHuY/MpXpQoj43D3s1qQWXCe7TYSYEpOl
+Gwc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
new file mode 100644
index 000000000..a86d28b44
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-rsa.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca-rsa
+subject:int-rsa
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
new file mode 100644
index 000000000..5893cf191
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBkDCCARWgAwIBAgIUTZPJwmeUhMvv2i6MC21jYsZd1E8wCgYIKoZIzj0EAwIw
+FzEVMBMGA1UEAwwMY2Etc2VjcDM4NHIxMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBgxFjAUBgNVBAMMDWludC1zZWNwMzg0cjEwdjAQBgcqhkjO
+PQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcT
+LajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/w
+AvBa9xof3cyDdKpuqc6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA2kAMGYCMQDtBic+oWg6VLTYGkN0hEiWPOY+voEXA+zXPXLwolQG
+WdTsRUboVudeZVW3k6n3APMCMQDsCu5UY7Sp5LHK9qsrKLL5YD8FhYR0oQCOAzgX
+/AbvvDsssBIBBT5McBixnMHuYDU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
new file mode 100644
index 000000000..e002a1569
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/int-secp384r1.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ca-secp384r1
+subject:int-secp384r1
+issuerKey:secp384r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_cert_signatures/moz.build b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build
new file mode 100644
index 000000000..779339bec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_signatures/moz.build
@@ -0,0 +1,20 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-rsa.pem',
+#    'ca-secp384r1.pem',
+#    'ee-rsa-direct.pem',
+#    'ee-rsa.pem',
+#    'ee-secp384r1-direct.pem',
+#    'ee-secp384r1.pem',
+#    'int-rsa.pem',
+#    'int-secp384r1.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_trust.js b/security/manager/ssl/tests/unit/test_cert_trust.js
new file mode 100644
index 000000000..622678c7a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust.js
@@ -0,0 +1,216 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+var certList = [
+  'ee',
+  'int',
+  'ca',
+];
+
+function load_cert(cert_name, trust_string) {
+  let cert_filename = cert_name + ".pem";
+  addCertFromFile(certdb, "test_cert_trust/" + cert_filename, trust_string);
+}
+
+function setup_basic_trusts(ca_cert, int_cert) {
+  certdb.setCertTrust(ca_cert, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL |
+                      Ci.nsIX509CertDB.TRUSTED_EMAIL |
+                      Ci.nsIX509CertDB.TRUSTED_OBJSIGN);
+
+  certdb.setCertTrust(int_cert, Ci.nsIX509Cert.CA_CERT, 0);
+}
+
+function test_ca_distrust(ee_cert, cert_to_modify_trust, isRootCA) {
+  // On reset most usages are successful
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  // Test of active distrust. No usage should pass.
+  setCertTrust(cert_to_modify_trust, 'p,p,p');
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageStatusResponder);
+
+  // Trust set to T  -  trusted CA to issue client certs, where client cert is
+  // usageSSLClient.
+  setCertTrust(cert_to_modify_trust, 'T,T,T');
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+
+  // XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert,
+                        isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                 : SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  // Now tests on the SSL trust bit
+  setCertTrust(cert_to_modify_trust, 'p,C,C');
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLServer);
+
+  //XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageStatusResponder);
+
+  // Inherited trust SSL
+  setCertTrust(cert_to_modify_trust, ',C,C');
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  // XXX(Bug 982340)
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+  // Now tests on the EMAIL trust bit
+  setCertTrust(cert_to_modify_trust, 'C,p,C');
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_UNTRUSTED_ISSUER,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+
+
+  //inherited EMAIL Trust
+  setCertTrust(cert_to_modify_trust, 'C,,C');
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageSSLClient);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageSSLCA);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailSigner);
+  checkCertErrorGeneric(certdb, ee_cert, isRootCA ? SEC_ERROR_UNKNOWN_ISSUER
+                                                  : PRErrorCodeSuccess,
+                        certificateUsageEmailRecipient);
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageObjectSigner);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_CA_CERT_INVALID,
+                        certificateUsageVerifyCA);
+  checkCertErrorGeneric(certdb, ee_cert, SEC_ERROR_INADEQUATE_CERT_TYPE,
+                        certificateUsageStatusResponder);
+}
+
+
+function run_test() {
+  for (let i = 0 ; i < certList.length; i++) {
+    load_cert(certList[i], ',,');
+  }
+
+  let ca_cert = certdb.findCertByNickname('ca');
+  notEqual(ca_cert, null, "CA cert should be in the cert DB");
+  let int_cert = certdb.findCertByNickname('int');
+  notEqual(int_cert, null, "Intermediate cert should be in the cert DB");
+  let ee_cert = certdb.findCertByNickname('ee');
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
+
+  setup_basic_trusts(ca_cert, int_cert);
+  test_ca_distrust(ee_cert, ca_cert, true);
+
+  setup_basic_trusts(ca_cert, int_cert);
+  test_ca_distrust(ee_cert, int_cert, false);
+
+  // Reset trust to default ("inherit trust")
+  setCertTrust(ca_cert, ",,");
+  setCertTrust(int_cert, ",,");
+
+  // It turns out that if an end-entity certificate is manually trusted, it can
+  // be the root of its own verified chain. This will be removed in bug 1294580.
+  setCertTrust(ee_cert, "C,,");
+  checkCertErrorGeneric(certdb, ee_cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
new file mode 100644
index 000000000..d809dbd63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
new file mode 100644
index 000000000..91c1ffcab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUYfpH7OFfqiJDcQnM/gVlKieeyOAwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM1MDMwMQYDVR0lBCowKAYIKwYBBQUH
+AwEGCCsGAQUFBwMCBggrBgEFBQcDBAYIKwYBBQUHAwMwCwYJKoZIhvcNAQELA4IB
+AQCqaSdnhHXFqLkMT5eU8FiyfpJeMDmyl0UFSB0yXrjh4dsiCayLECagJyVtxFJ/
+K8XBZz3USUOIaK3j8VADK7o6s7dKSy68EacYEF4MtGUpL3Bn7353RSB3hFRfpMuD
+rohMZ8ZBDpvRPddOchpd9OW798duxJWYmotY4wrbK5E+xXhJaaJk4utbx8hqo+xz
+gKusj3w33uYbGQgCNPZ9zbFeyP+1K0vDV5NKC8JdL+KqbECdc9OcpA3jg17owubM
+yovO/bYKzy6bWMpEdzr64JK2n2fDoEQgfwi6O5iC0A7JjOfAkyWYgbrgve5qWamd
+6v71Lnux30zRSwsliFhUl6Md
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
new file mode 100644
index 000000000..9666c1806
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ee
+extension:extKeyUsage:serverAuth,clientAuth,emailProtection,codeSigning
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
new file mode 100644
index 000000000..a7f6d8141
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_cert_trust/moz.build b/security/manager/ssl/tests/unit/test_cert_trust/moz.build
new file mode 100644
index 000000000..a075d0cb3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_trust/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee.pem',
+#    'int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_version.js b/security/manager/ssl/tests/unit/test_cert_version.js
new file mode 100644
index 000000000..063bcb1cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version.js
@@ -0,0 +1,190 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Tests the interaction between the basic constraints extension and the
+// certificate version field. In general, the testcases consist of verifying
+// certificate chains of the form:
+//
+// end-entity (issued by) intermediate (issued by) trusted X509v3 root
+//
+// where the intermediate is one of X509 v1, v2, v3, or v4, and either does or
+// does not have the basic constraints extension. If it has the extension, it
+// either does or does not specify that it is a CA.
+//
+// To test cases where the trust anchor has a different version and/or does or
+// does not have the basic constraint extension, there are testcases where the
+// intermediate is trusted as an anchor and the verification is repeated.
+// (Loading a certificate with trust "CTu,," means that it is a trust anchor
+// for SSL. Loading a certificate with trust ",," means that it inherits its
+// trust.)
+//
+// There are also testcases for end-entities issued by a trusted X509v3 root
+// where the end-entities similarly cover the range of versions and basic
+// constraint extensions.
+//
+// Finally, there are testcases for self-signed certificates that, again, cover
+// the range of versions and basic constraint extensions.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_cert_version/" + certName + ".pem");
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_cert_version/" + certName + ".pem", trustString);
+}
+
+function checkEndEntity(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLServer);
+}
+
+function checkIntermediate(cert, expectedResult) {
+  checkCertErrorGeneric(certdb, cert, expectedResult, certificateUsageSSLCA);
+}
+
+// Test that the code that decodes certificates to display them in the
+// certificate manager correctly handles the version field.
+function checkCertVersion(cert, expectedVersionString) {
+  let asn1 = cert.ASN1Structure.QueryInterface(Ci.nsIASN1Sequence);
+  let tbsCertificate = asn1.ASN1Objects.queryElementAt(0, Ci.nsIASN1Sequence);
+  let version = tbsCertificate.ASN1Objects.queryElementAt(0, Ci.nsIASN1Object);
+  equal(version.displayValue, expectedVersionString,
+        "Actual and expected version strings should match");
+}
+
+function run_test() {
+  loadCertWithTrust("ca", "CTu,,");
+
+  // Section for CAs lacking the basicConstraints extension entirely:
+  loadCertWithTrust("int-v1-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-noBC_ca"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  checkEndEntity(certFromFile("ee_int-v1-noBC"), MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA);
+  // A v1 certificate with no basicConstraints extension may issue certificates
+  // if it is a trust anchor.
+  loadCertWithTrust("int-v1-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-noBC"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v2-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v3-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v3-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v4-noBC_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v4-noBC_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-noBC_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-noBC"), SEC_ERROR_CA_CERT_INVALID);
+
+  // Section for CAs with basicConstraints not specifying cA:
+  loadCertWithTrust("int-v1-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v1-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v1-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v2-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v2-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v2-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v3-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v3-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v3-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  loadCertWithTrust("int-v4-BC-not-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+  loadCertWithTrust("int-v4-BC-not-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-BC-not-cA_ca"), SEC_ERROR_CA_CERT_INVALID);
+  checkEndEntity(certFromFile("ee_int-v4-BC-not-cA"), SEC_ERROR_CA_CERT_INVALID);
+
+  // Section for CAs with basicConstraints specifying cA:
+  loadCertWithTrust("int-v1-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v1-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v1-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v1-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v2-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v2-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v2-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v2-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v3-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v3-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v3-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v3-BC-cA"), PRErrorCodeSuccess);
+
+  loadCertWithTrust("int-v4-BC-cA_ca", ",,");
+  checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+  loadCertWithTrust("int-v4-BC-cA_ca", "CTu,,");
+  checkIntermediate(certFromFile("int-v4-BC-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee_int-v4-BC-cA"), PRErrorCodeSuccess);
+
+  // Section for end-entity certificates with various basicConstraints:
+  checkEndEntity(certFromFile("ee-v1-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v2-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v3-noBC_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v4-noBC_ca"), PRErrorCodeSuccess);
+
+  checkEndEntity(certFromFile("ee-v1-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v2-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v3-BC-not-cA_ca"), PRErrorCodeSuccess);
+  checkEndEntity(certFromFile("ee-v4-BC-not-cA_ca"), PRErrorCodeSuccess);
+
+  checkEndEntity(certFromFile("ee-v1-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v2-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v3-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+  checkEndEntity(certFromFile("ee-v4-BC-cA_ca"), MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY);
+
+  // Section for self-signed certificates:
+  checkEndEntity(certFromFile("ss-v1-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-noBC"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkEndEntity(certFromFile("ss-v1-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-BC-not-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkEndEntity(certFromFile("ss-v1-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v2-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v3-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+  checkEndEntity(certFromFile("ss-v4-BC-cA"), SEC_ERROR_UNKNOWN_ISSUER);
+
+  checkCertVersion(certFromFile("ss-v1-noBC"), "Version 1");
+  checkCertVersion(certFromFile("int-v2-BC-cA_ca"), "Version 2");
+  checkCertVersion(certFromFile("ee-v3-BC-not-cA_ca"), "Version 3");
+  checkCertVersion(certFromFile("int-v4-BC-not-cA_ca"), "Version 4");
+}
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
new file mode 100644
index 000000000..d5d688220
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUGamqdMD0Nm1H+VfFhPYfXjLHRokwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAvQClqGp0semC/2XyWMk9xUJfroOET9
+beRv7cv8KUZnG3PaE+J5F7ER7f8COvvamkdeaatPcUc3+6JSErSibRZuwSNu7y55
+8D2DW5tVYNpni/bQCeR2S1SX2wQXOLTDZgYYnAP6dfUUoWIcoqRoQdFo4/clhTCc
+Cdbi7YYMRgiPX1Lr2Wlr6lzA78ri6jul1Xv+x01qDuSGYshXWLy3s4Rn8KcCNdt0
+qeCHYOKY/HdDv4xX/kHrkCm8qxfqLRG6GkbXahySaNm7gaTjFN9tn/n8z1SOz4fQ
+c/lWMN8xE4W645GavbrrTCYG3sMBLF3uXULlIaQb1imtoj/T+cEA/6o=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
new file mode 100644
index 000000000..8689ef9ea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
new file mode 100644
index 000000000..2b606ba68
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvDCCAaYCFAGWmOxUiv3Wiz/EpnGMkzvZ1CC4MAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW
+MRQwEgYDVQQDDAtlZS12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUwAwEB/zAL
+BgkqhkiG9w0BAQsDggEBAJoTmk+UuRV8BjvLAikw3jMlQLRZksGVezou/oWY6xB0
+5cBhexPniE5Wloareu929H7GroKodIS7byou7brNOFid1WufroaahmS2eKaDoEEr
+OQ7q6KsCKTh7fIi4JOHB43bRpumqAAC/F+PMpyH9breHoMRw70emfbPssbf0sJLt
+fcw6UtxiCLKZ75gQSYvZxwTdzEVon0FMVE/eXpG7TI+5ruzwPhpWbk+NVPTQByjd
+7aBXRjt7IsSM1s4k86FVOFCJW23e+NirdBhpXcIV8JhxOCaDEWlhAK6vGH/cvdHe
+zRU03uzpl4OAngMfjsol790KiyBR6ZcpDeBURiVd1Ms=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..4570e6e3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
new file mode 100644
index 000000000..8fccea824
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaoCFE1BLhsmfyyB2fW6gUjQwrgYB0uOMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAa
+MRgwFgYDVQQDDA9lZS12MS1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMB
+AQAwCwYJKoZIhvcNAQELA4IBAQCfLK68eVDBxO0+W/ye0RgZHwRXn5nTaIj8s1iu
+CttV8uBYM1Hw5NUrmpI2bVlZA262qvbKTbhvIPOYz0wD1WkqMabQbuY32XRYKcaM
+cUec2RPy5ZWnZIT4AcYDSGaz8s24223GnlPgresZBhaQ0LzzbSJwtC8S2Fpt5pa1
+V1TenVU1KcjnyiDpGQSj5BsTJG/JONq5eIbP4T1k26Hi9VM8q8bjO0oKBFAxaw6/
+YulGByT8/BoNZXW8yGZu4h2KII7Mun4S13qNgLuGFTT6OJ6/zEwRR3x19o/NhHVm
+pbjyfxFfqnd6HDMAlW1uZt0FtejGPG0ZUL7FlhBy/vTt8Ju+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..f4257841f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
new file mode 100644
index 000000000..c65444481
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICqTCCAZMCFDG06FmDxQmJyGqH60Gs9a/BJSTTMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAV
+MRMwEQYDVQQDDAplZS12MS1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGc
+BptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzC
+a2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8Xg
+uEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK
+9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGP
+mRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEANnkU
+K6FLFlD2tKjK8Ky22ATkd68zdLs1HxDbVCa57fsToBwAiZdme+mIjQW+w42Zep4Y
+3E0GfjfVNyjVVaEPdLpQiZN8NKB9c/omwoMRyQEq6uhYGTg6o8FcYiQ3/WFBXGc+
+07YmEe9jmhozobUnJ5At5tkymL448qUQ7z9kNHu9L0p2fgEJa146RAyHQ+sXpz4X
+us/+IyqQGaI7q0Hz89clL6tUM9c5Z7r/Jp2UAhpm58ytMpKR0RJuQ5gfDKQKMjPk
+rEfjcxeA40TB5OhKVXYAy2yMJ7hiGByZed3FBSAId/Xmn+ltnaLUocXltgLyB9pG
+TfO49CA2VK0a2vhtaA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
new file mode 100644
index 000000000..48fe9e541
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v1-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
new file mode 100644
index 000000000..2d16032b3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAQIUfQVCkqBjryqY0hxn56/dGr7n01wwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXYyLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEABme7cHcrv89ZFbbeOZH3sTrjNOGyAJhRczT2
+muEbJlLCAstllOrIY/KbJHFEi9p7NoEb57ubRweVzhZn7slriY1N8s+jkR3LFlLS
+1e0Xp82FEATF6C/SBhKdnTrz3NBsIG4WPI99x7BTBgCiHYucpOUhd72tpho3wdmK
+/4gPqWIoUyULRJB1NXaDtil3766DBA143mnuIgS34cQerK+vTgxWoUwBKfEzDkzZ
+sl9at4DsZefP7rYOmQ95B0kpM+uI6UUpJYdC9jX/c3JkoZgOZG1sDpQT4quqjoNO
+Hg58ZJ69Vj2GbS8i9tKKVPQLySmiU3L4W0y4XdBMMOfWAdj2qA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..f714725d2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
new file mode 100644
index 000000000..224e4f075
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAQIUf+XAs2m7oSCNvUK7DEGaRr2dTwYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXYyLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALAH32l8H1kmrrw2syJ0p9BTp60bRKty
+1l+kCu7P8ZSH7+eGqROJpvYty9Ao1OrOSyQAfcj0BUn5IsgEDgTogF1PveZlvRtA
+YNd2AFQqP6/lbU8+licG46D0NjUcZRzZZb/daAo91I2qcdIj8VluDhDA4yVh1G/L
+PMIvJ+I/Zscz2M/IlDlH9pdb408YPVOxoK1OdzC7eFsT25hiH+lyn1faPkauY+GF
+m3IVSlUQUOrjpJOQluPKii0j3fdJWGawy7W9Rou9RqcHpEdFx1tdC3Gie/DLrsmJ
+eAfuyJlkK5++IgdlQwLHsTWW/6o6mTfqS7TAsxcBt9tJnLw4fOlaA9s=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..db7228881
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
new file mode 100644
index 000000000..b54cfd23c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAQIUdQe+ZPF/+uPABp+LHcJbzs80mlUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXYyLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQBUaAqzcDmmrd4Wep1/lRJU9qzvkTNfYjE+kjIyW+KlQoh1ESoIgKgMEkIAZ8gW
+VgMwwcLJqqrTyr/Do5gYLzGlSvgi7HWHhu5NbxbbDZ/jKjytVNA/PEGJ7nIh1ka4
+vlwTJBQ/5A4r+2C+IMp2/cAUFHsf2N0ng8ubtl9O9rA5W2Hfz0KMVZ46clcCKCP8
+6KsNqA52FU9s6/z6r2m11YX/QWpO9jVOYcguc4s2PiDPn2R2s/Ok7JqkpVglLehr
+vSlPpeAfqoeSHCr7FfMH/csZ10Ax3XbnPQTnDEfjNxVHcIS3HkUZM5y8X/xm2om3
+BNvtFytBamlQ8Xb/erQ5pmX2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
new file mode 100644
index 000000000..cc304ab87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v2-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
new file mode 100644
index 000000000..0db92cab3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAgIUB8OP2Jy4CAmKxxBski29TdDy3JUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXYzLUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEAlZW+VCvoVVjk61KPrCGT/npj/xlOkXRO+G3E
+DvvoSEaeq9r5YcSWlb8cuYtLVqWP2S3S5HdgLk8ziIDI/z3y4cEn8j2wyBdYezAy
+N6zpFRwEuWTmdeMQ+xTKf/nyOHGcSyIlXvj6Y2B0T8anAS/vdAa2sfkERt4nMFwd
+Kmwmg+QAnh6MXwb/0EXmX2z5B0qyWlsPy3+CsR+qgWBAOCAUVwjbgMP44XyhgKeX
+bTHJhuIm3yO2ItB5YwDt1DbeH2+Q7+hdnUf1jPKtVha2cnKfnngn10QK4ZApVChg
+OX5fB8CjvMLp5bOa4Pgn962s2KBB2Wy7PV25AbfXKt/Hc3ovuQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..6f69c3574
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
new file mode 100644
index 000000000..768871d74
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUJ20yvWlIyReCYJ+kcsG+DkJ640UwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXYzLUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBAIOkqY4yOoyfH40DXCLBXL0rrmflioBT
+dl9oRE65btGHLQUn15BQZugBVSbyIdMAv4aeBEt1oqSAB6I4e20rKDeslwexLQtr
+yV2nuAlMTYOBp64UpcG2kG6mAdhYOYICYa67NBNQpc8uvU3hAIoD6kpv+0b3ytRD
+xV4X6cWUcYbqCFIJkans/FrQG/Gy+5Mg2lmdqE1KtkVzq7Tt/QXGaPxhr2rYmuPE
+cNiMAknatOwA4KSaclNkuxkq9axtGCwIa5NNV+4mXrPglWhU6ke5DgO/dln+mfO2
+UB2aj4romZScF2qo9uNaBKyGRAE8yaCxanOGUiwKyl8mOBJ424Xqxkw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..4a9de0635
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
new file mode 100644
index 000000000..2be86fcdb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAgIUWQH07Krh10EOvFLY8UBqyG5xYBYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXYzLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQCQXyyODh2FWO4TxBiuaQdFnFk+2zeqV2iWqpQGFDmgrHCZXrlJM+BVuAFzw0LQ
+hOf9qd33+f2sBDc4lf0qxu5/5Xqt8zERkvK0/zdMz3EpSoLMKvXv+7Z8YH3Ajt3O
+D4SV+3/Pk+/oweJ4XPMTeBhJ7qbU5/aALIzB5hqJHopmkqr8Zi4XTg/VgeZPM9zQ
+47HcOIvWnos99OxRte3xBxOU7aLmXOU4CMvAvzyFI0QCR9yh6UL2f0rICkagfLaB
+vMzUfgCg6dc/yJfroEebIwIJfBdjKNtzkWcIjXKZoNfRwpW7u6qxoopvuQmplg5n
+XnaTJFmePQ15kF2iDzb1hZ4W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
new file mode 100644
index 000000000..9d385900f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v3-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
new file mode 100644
index 000000000..e766ae395
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwTCCAaugAwIBAwIUUfTQFSAC8qOhLbeI7Wqaa6VG0fAwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2VlLXY0LUJDLWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTAD
+AQH/MAsGCSqGSIb3DQEBCwOCAQEAOPqznyrSXvk8Dcw2Y1shbinmUKgIodAD1eHe
+ydM9c77RVLYCtzivERid2WMDVSVtPkniQBSpHh8rq75fUDwUXoUNnlUDi+hE5HBC
+eYc8duCo3Is7FofCqxych1M+WRz/Vr+Dme45/1+7o2YLnp972Vd5WqnNRPBx6B89
+uU1pp7mS1EfNPObYImAD0mHfTLYa4nCoGWrp4tLxChQ79FnOZlZtTykyQoutPeGI
+GI7BW60ABF9t9Z2LNX5hL0idV8jwcQy8XuqRxOgwkdUL5ErezWgN1J6M3zBa4cBX
+aZsU3VuAkImdubbIpPeHQX2Chj4rLXmKxibgJCqKsQqNaTdRFA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..1f44c1dd2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
new file mode 100644
index 000000000..627429ed7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAwIUPW7xxyFS8KpDVIUpRpqCNCmBOuUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBoxGDAWBgNVBAMMD2VlLXY0LUJDLW5vdC1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEBADALBgkqhkiG9w0BAQsDggEBALbzCIRcwRjqa1a2Y1wTPVSSSLD80lcW
+il7AGT/hEJ6+uuy9sSl3M+LUU6BMG3XeEERRZg5iWoSvRp0UHGo1ViM+fsgm+C7D
+uby2iVv4nMokrAEZ10azZrgDjEuKQlmdarPzdakoL6YaOXrkP9P4/6v5HeLmxd7I
+Q/iry5TKPFrfkk5xrQwZw8zr8P6ygsnNGZO/MH3+yR4cuSS1piC0i9lO9RAyNk1I
+sAKedwB1sirklVldeWcll9L9WLtYINsn5cWEVKxT2goF0BrkIxNSZLH64tWuIGHG
+Y+QHZqGJum8tYddNuoES8nsKZZ+zAzJ4IrA0NE7MknHrD1Ph7FmnX40=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..e9659153e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ee-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
new file mode 100644
index 000000000..1852ea6ce
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZigAwIBAwIUVfwLTWJ99GNH7nvKMDko2v0xjCowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBUxEzARBgNVBAMMCmVlLXY0LW5vQkMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQELA4IB
+AQCCJPLfbxTQnHMP1Wl/XpCifu2deo9tcoEb9Hvpc5y9oJUS0qumTMq0H3dVLsnv
++UQ7/YghsGChqveMKVdaeL2UhNvw4nasPLYq2s8nor4+s00moSysgogauvUrQxB+
+SFO09zcX3bVy6/MPrnMVRXlXTCDji8EnI9hcMhQbFfbgd8V+k1oyuDD06PPak5DB
+yR1J+Z673Cp2KhcwIJUNbbOS3wqUU72lanXMzGj8xkhf4GsYYF7e+eWfMDIIlZuj
+mKM1fSCe1m9p9EUVZI3uzuP2NUJbdCsoe8VWGe9TUOEfokmHAykMgKVpbMKsd0Fc
+GAGDU8/x0mGGrA9Jk9T7iagp
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
new file mode 100644
index 000000000..19229ba76
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee-v4-noBC_ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ee-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
new file mode 100644
index 000000000..1347bc1ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUE6KjPmbDFR43gm22W31CxcYLnNYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAB5f3BeuLOxnnFy7ivHW6k197ycHOS/ilmtfZHxnf6ypIzqq32ooMNfF4+/4
+M3IMfXwe0NuZHiTxwohV58ZEVtfYXQ+tM9E39YQMHemludT4rKgINAEwCHZCXvvn
+txaLMWN1UgQc2aPdlyWagBF6YhmTFExmIUSbe9BnbuIhP00kOls45RnFfcsJJffQ
+lCniEIo+hwRWMjnajh+ecNNFlM3ToTH7+ZUGX6KtfpiBX+kFEtgevNbyghifZ/eY
+HcXNA2LlXbRzKD/xspyk2BnNTaniBwqGQjwWd5IJzEHpvOrqDjEyvx8cGjUFOxsC
++BFqPQs9lD/SOmlPmk66sNw+iMU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
new file mode 100644
index 000000000..6a7dc5c43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
new file mode 100644
index 000000000..c42913f1f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUcUd8DHziTDCWlJ6HrPIr/B8aaUQwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAuPQwVmkSWN1A59vPXjQNaM+sVKeEiEpRZKbCfhYR0aeutl7MAg5sM
+RiHz2p3H4VALW1J2BdL7CM6X2A101UDY7LO2AEyrzYdm/+fvgd3XFWBeMx/UBZdh
+09I06b0p8tZrQgIk4xIcw/fP5YeYKVnMWcietQ0EnZl9jmqwjvHKTh0x8hkkIDu3
+uY+aByZC4InIcpfgBkqZaJgI7qAGmIokMMs+RHOlGwrOKbsCuvRw/xHIArgmHNfj
++BigwjBIrxW4IT2d0/65O3vlQ9HhMaS+UjXiubny2TZ9I2kvWfLQvAqtPE7DOibe
+zw2iooLP75X/UzNmLpYtr20S9Ea+S3RS
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..639f83d66
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
new file mode 100644
index 000000000..39cf67e24
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUCeeMurpySlbHPa/G6N9eg9Af8+gwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAlYbGEgRSFPynbiDuMRskGkoV+9/53fmP+y8S2YfEGjziuKZOeOIKjG+unU1e
+/2Gz3pktpNr5TwqnDZEIYDvAAy8ByZ9mVUb060rac+7iQxVJCy0epakYA1aIyvXR
+Fk7W3Ivjm6cvl10OqKRySQTqSq708kxg2abLmjqza6AlZlPDCprylVXy9S3op4a5
+TsIiD3R0cmg12AAH19lJVd1jhdKARBaC8d7vXC77+bb4MYngGm3iOX2ZyFkF/0Zp
+OH+xKSVgGHXyfjaecY6JDgyk9zxxeYpPLUSKY8O7KW/2knGxWh5l4rk9+j3oJY2Y
+MvpxLCpOSeibhcsrWXH2UTMosA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
new file mode 100644
index 000000000..d704f3086
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v1-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v1-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
new file mode 100644
index 000000000..5147e4587
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUG9+HDLQWRsQlo2lXC8I4+9uWrlYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAJjwaeFl75mff+lYb8Gc15TfPZohz05jFR8g4MHuPePn92IpRYsPQfJL/Op4
+dYZJihih/G+1umck/TYExbX1KeY9QGVc6Bb2yVxwPf3t9yv0yhGsOqC055sf6Orl
+1qEgWcjGOnCW4wEe5Tft+K1+1l2J9OMgtcvNs0ctR65D8tdmyFBLQDhvnodaOYDn
+S6RNx9iNPT5jxQHZnBHL6oIwYgSf8xTAPS2+Z+xm4juKHy9T5vW7lujImDWQv+/V
+ugCKgsip92uKKIr+/KbNDXU2x541ewwUm4OxE0x+drHhV8al3VPsnk9VoS9o1Ul1
+aOouSF+BAz3e59YdoNXWPcf9F+M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
new file mode 100644
index 000000000..5d3a65e65
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
new file mode 100644
index 000000000..4f7042bcf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIULcr3aXyX5SxQEEPGtPM3p8VlT18wCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQCBsDwvDLVDaEf6o3xzqy5BdF6AcfmqDZNLs1BmcH31yP7eTcXsYHyT
++qUorVz5m1lOfcBJkCQbMDRotZeie9kgQ6APZywD93mC2ELjP8+9WIERy70gPtEn
+L7LvTHT92gdj5tHzhbIsn2TvoGXOYYAH9uQ/5gn/3L74GUoZwMjGWufcqkOEHJJO
+kmrYgOTWy7B64kfuAXzqU2SbUlQ3lxb5ZVv86PPzqPf9JQGXODH/nAzAVq8L9Kdq
+iy0PNK759Xw/1EOpp6vWAMHja2LErji4CWWDmXx/mnvIj7QBPvVAuO0w5/PqrZuz
+i4n84WFh4FYDBUpW6l9Uvek7Zk6xNp1r
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..591a16aca
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
new file mode 100644
index 000000000..0612422f0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUPQUSp52t9MpVcbwvzmrn0rnXe+0wCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEASPKWPlQLYrodnYnFhtEdkne0AK3A/D8KlUrEbUl+SPbI/ORJONH362MSjsWZ
+RKqTz4fYdtqF43iIqlvYaZeLrkGSLTeJ2C+IAeOhiri3b8XjwFF+iXjIYGWnlhyH
+ollM3n7XOJSBOC4S6gMNfofuK7no4H78P82M5wFX6rOCCm9rxv8cvOO+SNlKkaEA
+IWy+taZcj4BOhgl+38VbTs+9ACG+FsLFru62twNQx59j3MbDbHfrIVzY47plHUPU
+jz9s/CCSkUA32ZvbF2rlFQQQf/8Z2oaW/xrWmp2eESLEd4F9NzY+Fvo4PY3k2kkt
+IzRZVoKot3yCAtzPJp0SJ2abgQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
new file mode 100644
index 000000000..7f99393cf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v2-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v2-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
new file mode 100644
index 000000000..ab530840e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUaal9Ye64U6vI3odKwwGkoWeVLnYwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12My1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAG69rgBi4gPJVvu0KAmdgyadfG+89pgH6VyRlP2ZAb26E/UC2vf/fbhFPt1v
+kASTstsxrkmJeTc8aQXjpFqH2uDWoKDNmUmatzka7vFAjwEhKDLeBwihQhepJJCu
+e6Vm0ZnVNsfdXUc4xOdk9w2R91/cF/qxk8OTuB6oSLzpQ3rfvLAXa41GBDHQTQJJ
+R1Y6uYkJRJgyS6aIpZ2x5VCfhTlhKKYalKphZeBj7Ll29/vp04X/42102YpBdN+s
+h/8vqhdQNKFh5A3SvnWeNZTNRt8NizGqqGuv4yHmFPO7Gy+vDg7kj/hI1t+CBQy/
+kb3WFKNABDT7L1NY6kMUGiM5iZg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
new file mode 100644
index 000000000..13af934f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
new file mode 100644
index 000000000..4982b6454
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUDZZXSGXaQ/utX4RW88viJd7twPIwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQAgLJgacqqpseEVlZtg8EM79BOC74xpPk2ggXxlh8+eNc0x9E8yqUR9
++eGPbVpTfDhNO8f1EXHyclW7RSmfYPqZlOFUl0VrqBLF4nHmc3DlXy4xKpNxWrHR
+/dY6WMvfryLba5dNp/aLbVShgGR4o79YnKVioUk8m+Hf26s94Ekn4PQPE/LXAic7
+gvrGYG2V9AXxokuGqBPY08DqMUwYNjPcgctOsoyqZb0VsgxytKv4KGo1q8aEr7at
+9R8vc0bgp6isLU9pDH0LXvSljS1SCZsurDWsWfR+0j2OSFWCBgxvb5oqPc9Jutrb
+4SGvtpYijCq+6ygiRn9dN1JV0RHuGoRl
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..8539715a0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
new file mode 100644
index 000000000..65f4c3697
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUOT2vbH70RwEQY4WI7uJiyJBo3yMwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12My1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEAV1ofl/U7R48I9NqjR3h0ie37k2xQc28cqk2DF+320aO24r2t5JWgSBytewoq
+iCg54QZD7oqdq0JdkHxzNCId1WNFyVFe2+nTiomSJESa/e1Ukbc+vQe0xTqt9dJC
+0ygRdpa3OwNO/8DeYyVZe/XX44p4bLLbsunAr7HFcnWsKFGAOpd1yhEmB7QXW+w6
+xgL+TWmcFHq5FLezt93dFulUQcs394OoUdZ8qKTF0Ge9jZ7CZO3pvudTZ8skMYSY
+j3olnDyQ94tv/y1H8Kxn5chMGbFS4lf4QsRDIBJ6OpPKpEP/St+tY/7yQAHjtjmF
+6buVZsBqPRs39xMJMs2PePp7Cg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
new file mode 100644
index 000000000..a65e41cea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v3-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v3-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
new file mode 100644
index 000000000..9405db2dd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsDCCAZqgAwIBAgIUJevhGs7hqJR5QVzZzE+05L+1S70wCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC12NC1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjANMQswCQYDVQQDDAJlZTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG9w0BAQsD
+ggEBAFkfOzERPOpqPPPuPc+xawfkrg0jx7wktbNnws1FcgF6p0eHL+eDpoQ2DMfE
+jabozGSjj4ZQQ6Ai68gIThllDWMCHCSjLhlxHOPEFWDjeP0mTSdOZTulZxMdbIUm
+zRf+q6FI/2Tv2U7F807xMokMQgw+ndGISpSkKRPIl/PorWh5TU6eUazrrbyegHCW
+xPmNoDhU4SUkdcpe7qDKnbTOb7RYTyFBGU4eMKMA7L0ZqynKo7Wvs5+EWovQSha9
+qeeXdD0wvi2HI7jNXIsYJD5mC1Rocj47/wmppd30iNcIQJu8VNI4YkgS88Y+ogEt
+TzxFJMhZBB+H8Ub8x2Gz3qt4QnE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
new file mode 100644
index 000000000..35a3a9ff3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
new file mode 100644
index 000000000..767219577
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZ6gAwIBAgIUU3doWVdrXHM0k/ANaNuyVJhR8GwwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCZWUwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcN
+AQELA4IBAQCGs+8b9J0JfOUVFuN15n65KqJadCjcxBn3qBUw5AIYzi10sIFVteG9
+LDN10s92aXwTVYSoVe6ZGM5cJ3MUezHeIrkNklCvsusRvoT4pEoDy/kTmLGLb5z6
+OwBEGYrSB5/jPtcstOBTN0FEbCc8XEGLEQymdB1detTDzmUbWseWvkEnBlf2EYMz
+BdbcE067feMtW9SLo/xCqCHmloEiZ1z8castW0X1tHU4y+T67jgMdE4wwVb5frTm
+8tgg8JPlJlWrtywdAcu2zTW7FiFnmLQ92NFjqIOeb8VybkgcTXX8FxiAbtYLbqpd
+JZ5fpJiTnslxKY1m23DQaG7Yl+Jkif0s
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..7627d3a8a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-BC-not-cA
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
new file mode 100644
index 000000000..30ee60821
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZmgAwIBAgIUYz+f8vqMyWzBNKoQl03ncht2cIIwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC2ludC12NC1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOC
+AQEArnYzwre41yL4hGRL/xlHQMNsblZK89GB0tovUsHvWScxizomaBN7Nai8Y1JB
+U+6zXjMb3HP8h18Buxvuc0I/+RIUGRhxZ4PbSd/yi1yKaTL1smf5hVscbyMRajvp
+Ws+CBmuwPOcNwvJH4acul2ljySSKX50itQuaKMqjWLmNYPz0PET683QijtQjEre1
+oMIVdq/z438Sv1mdUtRIb38bLzR2PO919lu2WN8ZAI7pQTCLFTg7FdHao4R5QtXp
+n3zqzPgO1xgcvtgMWkeuqC1eUefJrD6+rn7mUFFtEwOzneNIb+xUuBgt5l33OTGn
+v5sHclUaB2LM0cqGtvVkNd3P0Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
new file mode 100644
index 000000000..a78033753
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ee_int-v4-noBC.pem.certspec
@@ -0,0 +1,2 @@
+issuer:int-v4-noBC
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_cert_version/generate.py b/security/manager/ssl/tests/unit/test_cert_version/generate.py
new file mode 100755
index 000000000..7e4747d63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/generate.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# This file generates the certspec files for test_cert_version.js. The naming
+# convention for those files is generally of the form
+# "<subject-description>_<issuer-description>.pem.certspec". End-entity
+# certificates are generally called "ee". Intermediates are called
+# "int". The root CA is called "ca" and self-signed certificates are called
+# "ss".
+# In the case that the subject and issuer are the same, the redundant part is
+# not repeated.
+# If there is nothing particularly special about a certificate, it has no
+# description ("nothing particularly special" meaning the certificate is X509v3
+# and has or does not have the basic constraints extension as expected by where
+# it is in the hierarchy). Otherwise, the description includes its version and
+# details about the extension. If the extension is not present, the string
+# "noBC" is used. If it is present but the cA bit is not asserted, the string
+# "BC-not-cA" is used. If it is present with the cA bit asserted, the string
+# "BC-cA" is used.
+# For example, a v1 intermediate that does not have the extension that was
+# issued by the root CA has the name "int-v1-noBC_ca.pem.certspec".
+# A v4 end-entity that does have the extension but does not assert the cA bit
+# that was issued by the root CA has the name
+# "ee-v4-BC-not-cA_ca.pem.certspec".
+# An end-entity issued by a v3 intermediate with the extension that asserts the
+# cA bit has the name "ee_int-v3-BC-cA.pem.certspec".
+
+versions = {
+    'v1': 1,
+    'v2': 2,
+    'v3': 3,
+    'v4': 4
+}
+
+basicConstraintsTypes = {
+    'noBC': '',
+    'BC-not-cA': 'extension:basicConstraints:,',
+    'BC-cA': 'extension:basicConstraints:cA,'
+}
+
+def writeCertspec(issuer, subject, fields):
+    filename = '%s_%s.pem.certspec' % (subject, issuer)
+    if issuer == subject:
+        filename = '%s.pem.certspec' % subject
+    with open(filename, 'w') as f:
+        f.write('issuer:%s\n' % issuer)
+        f.write('subject:%s\n' % subject)
+        for field in fields:
+            if len(field) > 0:
+                f.write('%s\n' % field)
+
+keyUsage = 'extension:keyUsage:keyCertSign,cRLSign'
+basicConstraintsCA = 'extension:basicConstraints:cA,'
+
+writeCertspec('ca', 'ca', [keyUsage, basicConstraintsCA])
+
+for versionStr, versionVal in versions.iteritems():
+    # intermediates
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        intermediateName = 'int-%s-%s' % (versionStr, basicConstraintsType)
+        writeCertspec('ca', intermediateName,
+                      [keyUsage, versionText, basicConstraintsExtension])
+        writeCertspec(intermediateName, 'ee', [])
+
+    # end-entities
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        writeCertspec('ca', 'ee-%s-%s' % (versionStr, basicConstraintsType),
+                      [versionText, basicConstraintsExtension])
+
+    # self-signed certificates
+    versionText = 'version:%s' % versionVal
+    for basicConstraintsType, basicConstraintsExtension in basicConstraintsTypes.iteritems():
+        selfSignedName = 'ss-%s-%s' % (versionStr, basicConstraintsType)
+        writeCertspec(selfSignedName, selfSignedName,
+                      [versionText, basicConstraintsExtension])
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
new file mode 100644
index 000000000..26e57b926
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbQCFG9flwxK3L28b9SwsYwGidUsf/MtMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAX
+MRUwEwYDVQQDDAxpbnQtdjEtQkMtY0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9
+sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5
+TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7
+xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHd
+tMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l
+8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1UdDwQEAwIBBjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAYnkJ8m2Q5ercVLL3DPZXrD/i
+zuIn7/ZhtNRrv/CGUOge36bk/6RfYN+rRadM9wHbKKgjXLgA4jDNhjdRXN3QlqKV
+5jxTJuLlu2vX9d81NmmhEk1cs9NMfkKdpXhOFR4nJvVfc0U1UqVpN4yf+U1x/CsT
+KJ2pporpPCIYUwnXiizRXNbUvZJ/GF2HMRZQn+ude87Rm0Q8ifD3yz7CZVKPf6Kk
+Sr9iJubTzLfKfJ1IkLe2yhvrbB5s00OW+kVnudjrFu7ZWKYVM2PJlF40zwYJl4Lr
+o99VmsPFOvBHOAZoV/iQljY2DgauwtBmsa1K8iEPc3osALFM6acD9J4NBTahKw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..77f3ae914
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
new file mode 100644
index 000000000..59ffb040f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzjCCAbgCFB/qdSZShwQLqEJWGZti66J8bY/MMAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAb
+MRkwFwYDVQQDDBBpbnQtdjEtQkMtbm90LWNBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMC
+AQYwDAYDVR0TBAUwAwEBADALBgkqhkiG9w0BAQsDggEBAEHdkfOCOr648UTiqsPG
+Q2bgBpfQR9q+sloaInyuhUkikrcVEFyDfX906yXpdAOd5vCof/1aC0Uj9rEOfGed
+qqRGELrBP8hJWlUdISOuwSsP9YzdvvDUXCHYK9P0v4vFKN0FPpQ5jXbRbxt2Hlof
+TvcDhd/IwRMT09bM6MuW/UCP7Amg60e9wNCYj+n3SpQcudlQwn3nsDrDeQfdaXqt
+6JEAr7wujeOaLiA0e+i1EG2qeYJ8khEbLjXxeHmuuW40W14rUGygvdv6fLflGvYH
+ZyHNi8pxFryfxet5S45pVPL0i2d0ebbYjOGBp5//CKeN6rwZsP32CMDgTp93lwjL
+ELM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..2a366535b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v1-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
new file mode 100644
index 000000000..4f11b699b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuzCCAaUCFBkI5w3s6jLLXnulpMK+fY1ARXT4MAsGCSqGSIb3DQEBCzANMQsw
+CQYDVQQDDAJjYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAW
+MRQwEgYDVQQDDAtpbnQtdjEtbm9CQzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMPMA0wCwYDVR0PBAQDAgEGMAsG
+CSqGSIb3DQEBCwOCAQEAPLtcxQ6cE/ujKoes5ANvhdVSLvu9yLtV3nB0cFi/9JXj
+3duFxIiGyfvci0NdOlg1OQwbO/zTsCDW2zK/xL66QV5UtcEZAWatzI6/2/aqp1PF
++dXbMsieNsVyIjStexjxvEj5flwtA06P0u/i/bMXtEiIIUSwmZ/GPDIyBlcBaJjg
+vBwRXnbPYLE/zKqRz/7rsQvAbrSiGbjeLHTU5jcnXtafEmm9vSAY1fw4fq1Dyz6f
+OwPCdc945ENuo7N+gEMItYw7TKyS5ROmlqDSnhWvL3nrhv9HyxLHKC8MJwRrjKpU
+EocizMzyjzcjY3Gzdc0B3sBBrgcLMEcoFf1v+wrbdw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
new file mode 100644
index 000000000..63bf6ed73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v1-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v1-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
new file mode 100644
index 000000000..ee4285cbf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAQIUT7iE9WTjWgXtMmDtZcXlv4QzJ8AwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12Mi1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQAU6AtsSDtT36xwdLKs
+KaiJNQjCrsqYzBYcRKyKHDiTm8naR4sLT27VRIhzPxsz149VF9iFriU+WEdelZSV
+9Ql3bXNX/02TRQxrRP0LMg/3JQq4PexJph2I93W6LQmsGsNgWqwzPInZfUoXu2nK
+wdRxPAGA30PXqzN7e2kGXzD2Nci8ynjsU6EqKwSW9XArD40DRoBJN6OiBwUo9Bem
+EsbVfytYX2bCPkjcFHk0TbhToSFmweGwAOcRO/A6+XM6pjd48kwA9H9CIx7g0NQ9
+q2TNLsvoS9aH7U3S53l8CyVu6hmKF1klQkkZAxa2Mz5KteLOxRxdLnsmRLZ7vwuT
+2tUU
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..ca1bf67a7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
new file mode 100644
index 000000000..f4159d5aa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAQIUSwfORMpfA9q1z6/EWOfUSx66zNEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12Mi1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAc4IWi7g4uc37
+S3NGcizKEZYsQdSzk4GwMxgX+mdWe2qqnJCer+E3dGrINEMb1blIaah4HGWFfLM5
+2XbBLnp0Jfj0ummvnAcZk5YVqixRgjr1RfzMavZOrCiGFbel4FAO7ht+ICB5AmbM
+W9SzE9z+yMg/bOHur2rbaqZzsQ1a3crBJjWvbGulYm7HYskQx99HPyrib5H3r7Xr
+H98haIpPn8hzYCZBb36iWfSSXvsfmGqGiAn2W2u+L/LwNMo8G3hpNB668myEmKe/
+D1Wdxg15KFLitsE9IaaIoMPQZw0Ir0/dKanAPSqG0hWw2Djw/S1yIwgoq9ylHxxn
+0fq+xxZJXA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..fc28ff150
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v2-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
new file mode 100644
index 000000000..93d83a2b6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAQIUK0Spe0lKn+U0xO5jDNCuI6z3d+UwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12Mi1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQAuydEs4UV5LclC5FsN97v3zL13tWT1+zgaHyxm
+fyGDfNcWXgha2Y2LFc5lqKwZSqMZEL1f5UUAS5Mft64oak7loWKmFrE4oyVRrpGd
+RnzOzmdtztmQxglYIIV4Am7c8pXUtwP7muWrd5myG9LZHwY9I6ZH+tjwV9QlSWaY
+fV+N1Js9auYTb1yhNVGIcRdmdbnutBn5rj+h1b/PsO8CPW4IHxHh3AW7hAnBLhF7
+lMneMbmyodHzpGJRCSjtklgNOG9cMvMoUabGrhVnYQzcTp/Qf8qlKvC51sNeamzj
+ZzUnaZWgU3holgbI6O/1g5uzRaMDAv2zGRPOsU8SMTINunv+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
new file mode 100644
index 000000000..2d3fe59ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v2-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v2-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
new file mode 100644
index 000000000..a27e8058d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAgIUAaoaQ4IPqjRVOQz/4vo5JrDzcA4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12My1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBwyEbiIyk6KMwWZyq5
+F2BxTInFKwnup+Rpmbwa+8o6NzQwjJ1cWszSPiN4akCO5GchrrDulAM6/kRANriA
+5N+J+V5W0+Lr9Skl4kUBEDE0AWj41QW5YTrIli1bjFyfwKydP2almStnYOXmvDaL
+Znlcm81azW5gibGeiLdCMo2RNajW1C2CMZs0TFE1NVbnw85Oaq5/RcUqx8sQ5OyX
+5lkRGWoblzMUp7fY+fle+wgyyJdXSeSAp7SNJbm417SyEFTU2qx+6wqi6R5CE6M1
+R/uYGYH0SyXCGZ6Msng9w4ZAT7XX/ECEC9hfZqDRf/1XS21JOzz6F5y9hkh88Slk
+GwPj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..56fcb21a0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
new file mode 100644
index 000000000..a7cadbebd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAgIUSZQ7USLXyTqZmjspcuxv8RjZtp4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12My1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAEshHw+MsZRxQ
+2Ozv2sJHTwedcCks2jbm4T9D3/UbMfReMG1s4zjM84O7a1ZxV7SuudtfarwVK9EI
+6atRV4qLSAjZ3VfGjWo/1+rIN+LYTB10MZFefSVvh4BTr+vTEG9va0f0Q70KIwBU
+d9F1iOZiYKvuzmv8mTbVRXAU74CcyGJeyhaGm6+qv4VztdxrUB/fSMTR5lltDJZU
+MKTy3+n5fttP2mnwc5Za7A8Jn0Mqz2TVI2YI8CmCUdvaGqPdTcnQ0Xw31qEu4R9Z
+dzfcLQPZg05VqOTOZzZqr45qIqVhdnOO/rhziIaFPPFkyEejr1vjeqtZW2hiScjX
+h0t+rS7HEA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..a2def8d32
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v3-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
new file mode 100644
index 000000000..9e342a0d7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAgIUfcNfM4j7uUnlrqBNMfIcXy9g3zUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12My1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQCIsW22mHe+LWhIQm6Ess8r6O68O7G8RW1ELeL5
+Kg+iFXnmRVuC3gK4LH1G1VNIsVj1tGXtYxCJiJ5I4Aybvd+26reA2dCeQRJ6Ja/Q
++RQ5UW2HcbV9E67wYvbvXQlUk5MoY9vOqHAKXksEGxUnqmg2t9K4kFXAe2q9/i2g
+syzV3EtbxADKW4mSLnLyC0AOmNcNB6Sc7/te69GY3BkDriJn5ayj0Xbio6qgfyY9
+jEAXPEnL6fggTB3XBUw3dlez9tweGLwjq4ei0dVymv+q+15qk7FmwJtRSGPYSU9C
+gS7yPOLt4WP14kU3BLV5pPMHgm6Ff+l3UMTBPaHuYnvEHMZW
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
new file mode 100644
index 000000000..b336397ab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v3-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v3-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
new file mode 100644
index 000000000..a687058bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzzCCAbmgAwIBAwIUF3WP7b7JOaJWcP3tKFhcerw7104wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC12NC1CQy1jQTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswCwYDVR0PBAQD
+AgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQA/+1qhIMJIE46IOGAX
+E6mqNDfKlgv3neuzz7LvO8BwDXKN5c899Y1fQAPG9vvH4x6LfibZuansSKuYlQuo
+ty3+9uD22ZMyva61re+zQQXasxBm+lQ+YqjuTQO9XYwWCcoiW1k9UgwY331Be59Q
+vb4G5MTkIK4IkfXLI1rXywcfYUL551YESILSrfB9YGyfQM87waniXMgYlTVMWjze
+xhf41flw23eA6DspXlIMDIphDjrsdlNLt6M8Kq8ZX2pWNv3bHRW2GXPFTujO3ZX7
+KtEoKDVnRRoLKZUGV800HRvxnxQHix21g7zOh+P7OROsLpqMy8JFyq48RzFbcjRL
+zxX+
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
new file mode 100644
index 000000000..12b94e63a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
new file mode 100644
index 000000000..ed8fd32d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0zCCAb2gAwIBAwIUVaZ2niPZ6DLRtuiwINlg8Jk1dZ4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC12NC1CQy1ub3QtY0EwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAsGA1Ud
+DwQEAwIBBjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEAk9BrF+WBvw8N
+Mq2rS506ozxY6ns/n0rD+eOD6lsurV6naqZpu74jagfMqlLBIppFe93yV/epDkPa
+E84mDq6QT+smmosWlG4+HQ2+GnsNC3+savT5WXNCcLZCwWQeZWWndey2Bg0T/flN
+g+2bHUrtGtz+GxfMV2/fwXiC0AD3F/thrrupl4SrS6wcYlaA7RJbGx8y47u1W0Zw
+F0GL+cflyzoZOlXQrcXeCBCSFSQWlmyqOXKsXIHuPjPk4SVo7+IXH/4OQTpMFMVU
+77+brGacqro+d/G83wEMM1mBur2XFYmXRdVAhDOarM3abFcXF3+23xZtv9qRNMRt
+giMNReL6kQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
new file mode 100644
index 000000000..43a04f70f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-BC-not-cA_ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-v4-BC-not-cA
+extension:keyUsage:keyCertSign,cRLSign
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
new file mode 100644
index 000000000..037046a8b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwDCCAaqgAwIBAwIUFToW9dVGyhNcvbGEpVtHhT1WhgcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBYxFDASBgNVBAMMC2ludC12NC1ub0JDMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABow8wDTALBgNVHQ8EBAMC
+AQYwCwYJKoZIhvcNAQELA4IBAQAkki/4bWRgG61BREyFJh6R94w2DBEH4J99Fvyu
+T8UaAxbi688qDuKmA7kCZpmtZKRna/d6UWCrU1kHOFpLtRBGcQIDFHAJYuuqsV45
+1tWQXkM/lpt/ZwV8yORiAzMrRgVup7krAolMsQkIK14pLwigwHFGRbZWsU7/dVhD
+JIwAazsl1PVBNYkxGG10GlMdLtXN2xj5aBuxLpOBNIa7l8HSUDS5xU8iO+vRG9Y/
+mMBPcMaQY87GOqTdNTVMZZlp/pLhSZsoMJc5Adm1qDTr5LX0fBcr3ljPoy+WLMOY
+/jSMhLoB+g3A5+N++ac9s4txNh3SSQ5kZ5F9p5z0h0nvfiGP
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
new file mode 100644
index 000000000..4970d1e94
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/int-v4-noBC_ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-v4-noBC
+extension:keyUsage:keyCertSign,cRLSign
+version:4
diff --git a/security/manager/ssl/tests/unit/test_cert_version/moz.build b/security/manager/ssl/tests/unit/test_cert_version/moz.build
new file mode 100644
index 000000000..acea4142a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/moz.build
@@ -0,0 +1,61 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee_int-v1-BC-cA.pem',
+#    'ee_int-v1-BC-not-cA.pem',
+#    'ee_int-v1-noBC.pem',
+#    'ee_int-v2-BC-cA.pem',
+#    'ee_int-v2-BC-not-cA.pem',
+#    'ee_int-v2-noBC.pem',
+#    'ee_int-v3-BC-cA.pem',
+#    'ee_int-v3-BC-not-cA.pem',
+#    'ee_int-v3-noBC.pem',
+#    'ee_int-v4-BC-cA.pem',
+#    'ee_int-v4-BC-not-cA.pem',
+#    'ee_int-v4-noBC.pem',
+#    'ee-v1-BC-cA_ca.pem',
+#    'ee-v1-BC-not-cA_ca.pem',
+#    'ee-v1-noBC_ca.pem',
+#    'ee-v2-BC-cA_ca.pem',
+#    'ee-v2-BC-not-cA_ca.pem',
+#    'ee-v2-noBC_ca.pem',
+#    'ee-v3-BC-cA_ca.pem',
+#    'ee-v3-BC-not-cA_ca.pem',
+#    'ee-v3-noBC_ca.pem',
+#    'ee-v4-BC-cA_ca.pem',
+#    'ee-v4-BC-not-cA_ca.pem',
+#    'ee-v4-noBC_ca.pem',
+#    'int-v1-BC-cA_ca.pem',
+#    'int-v1-BC-not-cA_ca.pem',
+#    'int-v1-noBC_ca.pem',
+#    'int-v2-BC-cA_ca.pem',
+#    'int-v2-BC-not-cA_ca.pem',
+#    'int-v2-noBC_ca.pem',
+#    'int-v3-BC-cA_ca.pem',
+#    'int-v3-BC-not-cA_ca.pem',
+#    'int-v3-noBC_ca.pem',
+#    'int-v4-BC-cA_ca.pem',
+#    'int-v4-BC-not-cA_ca.pem',
+#    'int-v4-noBC_ca.pem',
+#    'ss-v1-BC-cA.pem',
+#    'ss-v1-BC-not-cA.pem',
+#    'ss-v1-noBC.pem',
+#    'ss-v2-BC-cA.pem',
+#    'ss-v2-BC-not-cA.pem',
+#    'ss-v2-noBC.pem',
+#    'ss-v3-BC-cA.pem',
+#    'ss-v3-BC-not-cA.pem',
+#    'ss-v3-noBC.pem',
+#    'ss-v4-BC-cA.pem',
+#    'ss-v4-BC-not-cA.pem',
+#    'ss-v4-noBC.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
new file mode 100644
index 000000000..46f82cebf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa8CFG+MGH0v81ssRXWoQbbMgVkHEf6zMAsGCSqGSIb3DQEBCzAWMRQw
+EgYDVQQDDAtzcy12MS1CQy1jQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAWMRQwEgYDVQQDDAtzcy12MS1CQy1jQTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAtZZ5v+5mleP10vnCziNlRqOprKwxmG
+t/tn5sOjQRxHMS6J/SV1zuIM0jkgubN785jj07QorkyTgxyNVumdUq3G0RutzGpq
+paJXYHg0UYJ22N6scGIwuXE/fOh58XNaFpVytGaZIeGAeFcG4lFEHIzOKmRBZAlu
+ba8ger2Vykmm9H7WdYdtUA35jKWNwkF1HABwbxrAFiMLSNt6AWDTYLgoyva77MWP
+6sAN7Vhs8fGqHvSTfwVb1xKPiEyj9R4OWFcyQIfwRrNL9N/9qIfSp0NeQd1duVcu
+MNQSQ/0fCir7rvaz8Wz24jJb+NaAvHpfdzPmvpoI7IuwPv87K2PgPPM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
new file mode 100644
index 000000000..731396f03
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-cA
+subject:ss-v1-BC-cA
+version:1
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
new file mode 100644
index 000000000..5f9d30fba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbcCFDNyQtXuElhDbK7NjNVK30/fBucMMAsGCSqGSIb3DQEBCzAaMRgw
+FgYDVQQDDA9zcy12MS1CQy1ub3QtY0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPc3MtdjEtQkMtbm90LWNBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAw
+DjAMBgNVHRMEBTADAQEAMAsGCSqGSIb3DQEBCwOCAQEACAgAx20D/LCFt+PpWXMJ
+6ZBaYaoLSZx6oDFeo+6zo4wjEyIhS+l5v5W4f+FnTL4h+DrugV2h2YlgoV2EeQSV
+z/aCd1Q9GG77ui8uGNTnA5iHBYefJFDMxB/n5gm1qJagfLwbQICdJoVEXvRvfrSj
+Y0y0qvzeFBI6tUZ5XwUdsigr6fto1tRHYpZORwJOWvy6m//NQxILBvRWnjsUDD/y
+Yt5yZWxf0/r9md8hyKMBXZ8BqS6xFxoezRLIC4hqhoJNFN3gkxlogFiSi8FtRa86
+ld7vO51lKA9LqtiYlCB/jReEhsE+kGpUspL4f9FXvvnCr7LLqsXI6VoSrCWmsOMP
+rg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..20d716d49
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v1-BC-not-cA
+subject:ss-v1-BC-not-cA
+version:1
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
new file mode 100644
index 000000000..a117460d8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsTCCAZsCFA+72QOdH75J3hB9qKX0pOJInjg5MAsGCSqGSIb3DQEBCzAVMRMw
+EQYDVQQDDApzcy12MS1ub0JDMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBUxEzARBgNVBAMMCnNzLXYxLW5vQkMwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAEwCwYJKoZIhvcNAQEL
+A4IBAQA0Erbg1IXfPrT6ZHl2txIcza4gXrvKHu+Ahq0XIYvJBPVDvwWTQlktJGcq
+BDndGLOYIHkm5CyeOeCIkjGH/6EFg8jLjBrc2RGoaFmhvi9QuDP1DN/082DV69ql
+cJZSYX5usTMRuWECy8k3t8Mf2TqwoGEaTP7tF9chxItJUEjlkuZRbcLf22pb1Hby
+heEVm0m/JHelm1eQI5j0DySS+Am5OTxvCx2WXOyITN7KDHitWalu29DUHNOBLndb
+kMxCHLHLWicpkDrc9o5TRWR+UiQ8fucfaGCgGLK0RIC3AwMSFKmyky1Xx1d5pX5C
+9vfJsSHoJfm86RPkJ37ZRiN3zwJm
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
new file mode 100644
index 000000000..58d2f0d7f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v1-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v1-noBC
+subject:ss-v1-noBC
+version:1
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
new file mode 100644
index 000000000..c23ff6607
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAQIUG6ex4GpeLkOdyG0kcXwahQ2TJgkwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYyLUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAomxNmMoe4s7X2giV3QWVdOUg
+XHye6mFnfsFFZBAnJbYWAy9NcrmKMEReo0APujdZuZkx3LTokBW3A5jAfdeb0l3f
+vxkzgTBSd8XNDm/VnqpMf8ZABWEYpofiMV7fXq1lox2ePyCvh8Ksc22A2ceDy0r3
+gONnMeqRpfb8702R7ZaZzAba3S2kL63Ca40W+Ut1on9hkVxLBb6CM9HKnWl4AacE
+OPtJrJwrwYJKP5Xg3yIOwydHFSVPb9puiBqE+5Da9EcKH3FlXkuMbVcPLQNnQswV
+ThHdBRAZAyXzc/T6CraJiJX8jjFJjX0/JIwZ3LQR+nK2oQ6KoEy33xYi5Gvyqw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
new file mode 100644
index 000000000..8dbb3a65a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-cA
+subject:ss-v2-BC-cA
+version:2
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
new file mode 100644
index 000000000..2ba60c464
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAQIUBXBWOFiYgovlJC6xNnzLkhSbBi8wCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXYyLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12Mi1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQAY8GDCVpMGM7xQ
+GjpedV3hiJ47d5ybVaJubldz082/5RhqRtfvZpC3RwzLQzkGsLvqxH87E6KJRHDq
+X5MkAZzuFv49dtQX5BXAiUSDbC33dLNX/+e75LZ7jo3CZQxaHNNu9tlXFiy+661c
+GH4FHDT8mvzDX5lJlmJ1fecPPndH/nnbcgcAVKZgi40xDx87MlrF7R23KXqbxFJ7
+cj8m7cS5t+LlNxCxR2vjPpfVGqA/LgTvOQPm1cn6zji0URDqxRZ+D/3m515lFWu4
+OkV7sf6iEgUo/2mtjvt6I/tbpqc5DKJRrRXXVJXQdXDGptdNIGt3jckOiUKYrLIU
+kzzOuL1s
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..2b8f4bcc5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v2-BC-not-cA
+subject:ss-v2-BC-not-cA
+version:2
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
new file mode 100644
index 000000000..1cd6979a6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAQIUAYdFdolsf3VTBZ0ZsXUBgHZHnHQwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXYyLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjItbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAJFhWwC68S3SAhj2d/wI3LhqlnFgaL0MYBENqhs4RhqUkhIzbQ1f
+6Jc78Gd275ftrR8tcZ4PlQYrJY/rJuLzfq0JL8gCjv4K0SS/l5+LKZE6wjmoVjbZ
+VZaErdkslU/lRczACBA08F7w+rHBQ6oj6pVaKXXbIZscduFvHentJENSyvgPqhOs
+X1pAxIT2klwAeYwajCm1UmjlXNtKSFJZHDG6qCf/ZPplXt/rRdH89t9r1lttZLNV
++eVzbYYcpjY25eOo87FAYOBG/8fjMt3XTs0WtlxnvFA8cieB+cJ7LyIO9TWasaWc
+YX2IonPVrXSUj4APt2tknTcHF/PIcx69diQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
new file mode 100644
index 000000000..7656115a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v2-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v2-noBC
+subject:ss-v2-noBC
+version:2
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
new file mode 100644
index 000000000..ea4a18024
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUG8cSSK9riYlFB7ouvuMQGSlW+UcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXYzLUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAf59Fuz/pD+aAq2EpVeVNNhNW
+ACZLNmzlM7xiodW2Nd5g9w521u58wzmMp7d8jIIzjG4Io3kpK35hcQQaacI7QzQf
+mOOtT2s4KtlpKmnm6X4eGHO5Wjyn7mkfZ/s75RP21CB9d5989Yz+eB2kBfXU0dja
+TBeFKoPnX+MMzucm9JMLhZ4YbxMXbuQOmm5wl4kq44aaQ8m6GsHNIwz5x0XPoCVN
+0VCUxF4f79+LBW7L7MlH1u+iaI82jemwMud2mymBy+nr+3K0mARqAhjjJzF2GEKX
+B8FL2Q2/fHubMK/UmLJQI0L9WS02nuafIGl20xOndFEaTLNKFjrrsCip5Updnw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
new file mode 100644
index 000000000..df822e99b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-cA
+subject:ss-v3-BC-cA
+version:3
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
new file mode 100644
index 000000000..f612c29fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAgIUD1Zrxy5fGFnW0HiU7Wd4Lr2CuQwwCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXYzLUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12My1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQCSHxtOuFzFQjXj
+uYkrCHQ+7h7j5AZi3p3XZvuo8oxzbBb6vmwvTguRkeZzwgN+FWE8IhXMlqE+avh9
+hnDZOygI+w3gtfXtevlnh3ngnr85op4nJ2CJ0O5X6s8wRsX544mM8d8NxriP1tr0
+fB3Dq0Y8WkUkocdV/NuvTnw4gldDl67Imj2J6lYXDfLmCFQYKga1b+OTX/KOUXIy
+VsUwOX1aPY6PUO2IVdX8n/sY8NcGJkf37DxqgcE410GvGHJw4qOgjJxMT0/xDYP8
+FY8yiB/y/mWWw/W1+duWOUO0BfmYH+MrSduUb1IXM06DWZgTbECjcVaqLYnRjgR8
+/ARSmye4
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..0b2b57557
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v3-BC-not-cA
+subject:ss-v3-BC-not-cA
+version:3
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
new file mode 100644
index 000000000..849fbcda2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAgIUG/zabaMDrPkuXBAyLcu1A8K/9Q8wCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXYzLW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjMtbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAFzvJODJBLHGofBQQN0lF3DnB3LOcUMT7noPkAx/fTwjLaomazG+
+pvHOxQTUAXg4SHVQRM+z8y16FertnjVKRBdAQrdWzPFWYxdgafUBTXqpIbZFGbKY
+swQSBBrq6AhjNAx309Y9qW5RfOFer0KNWXV01892euHjL288n+Nn6Kzu2re/Bf29
++uqqpceA2oGgsB83Jcl6LxI2rmF6g38fBtL/TzDmNxcP1lrxUlehosm4sC79dSKJ
+ckbKWSl+IpMI4u3h2MNEOhK5Ip8T2gG0CBI0SZZt7iz4tu4h23KS8RYvQVrySTY7
+5Z2518kyyjVKuhaHcQRN3W/7egP24QRobL8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
new file mode 100644
index 000000000..96314e51a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v3-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v3-noBC
+subject:ss-v3-noBC
+version:3
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
new file mode 100644
index 000000000..01e952442
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAwIUH+0Y+pqW4DjsOBgkkQppZLmj5PcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3NzLXY0LUJDLWNBMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAM
+BgNVHRMEBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEALzgRDh0qh5j+RMgGQcWEPwcB
+0BElZ/R2uZkLppQkFE++NXW/c55ze+58AL9SiE2KcvcuPXcawOutofca1d00msEd
+NIACsU4/R0di4OuxeZEG/3TMT9s45zNgIEScuHN9TG51DYMi+9weNjOohScutTa1
+SZzqxysC8sU6nvjaDKz2CUzp6f4Ihmrs8pf2yn5JGiyL8huPl55pQyjBfhP3kDB4
+w9XnuL3c10RutYpU6PjHYy7ISQRMCkMypTQauOdwlEnQZss8vo3Unb0INyYssHct
+X9owoNW3VZ1QRs5rbzDjhA5x+z9pOcabfnQCEnDaV+3r9bZmHIkQIFQMugJbfg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
new file mode 100644
index 000000000..54269184e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-cA
+subject:ss-v4-BC-cA
+version:4
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
new file mode 100644
index 000000000..b876791f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0jCCAbygAwIBAwIUT5RKOqGvbweUZwI3IGU68VrjHL0wCwYJKoZIhvcNAQEL
+MBoxGDAWBgNVBAMMD3NzLXY0LUJDLW5vdC1jQTAiGA8yMDE1MTEyODAwMDAwMFoY
+DzIwMTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9zcy12NC1CQy1ub3QtY0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjEDAOMAwGA1UdEwQFMAMBAQAwCwYJKoZIhvcNAQELA4IBAQBuALYv+/5x11NR
+7e3rxtG5sT2+hUF63oeJMfGEzP1pBtTpokNKTSQSOzJ96816MTCBbHEjt5VEjYk6
+yj5Kswws38XWMOBv21t4HNYzrdUqVVVRJxfQ6waQN5uAgUS8Wo8tSSXN+pAQ9dpB
+GCMvhPaCmi0F601hU6RnpJNsgoIORMtwJupH11VY11W+zrqOhP1Jnob5x2IIakvD
+/HqSANIhpNjmCKgA5ZQqfFbs0AF/tNGqQ9ikGOBZqBP47sOo9c9FHfchcrq0u+D3
+N4OO0909F5lgb4RQ/g9prlR5CIYh/g1dWG7FPCRaYDPt4DySe26UE60+JBP2re2U
+NiSd3N/5
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
new file mode 100644
index 000000000..3d6533531
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-BC-not-cA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ss-v4-BC-not-cA
+subject:ss-v4-BC-not-cA
+version:4
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
new file mode 100644
index 000000000..317319c72
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtjCCAaCgAwIBAwIUb9qH5069BVlQbXHC3yvfCnwPbAEwCwYJKoZIhvcNAQEL
+MBUxEzARBgNVBAMMCnNzLXY0LW5vQkMwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4
+MDIwNTAwMDAwMFowFTETMBEGA1UEAwwKc3MtdjQtbm9CQzCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhX
+bCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQ
+OCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9
+uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFb
+t+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhO
+NsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAATALBgkqhkiG
+9w0BAQsDggEBAGx6Hb+TuW/T3OAjH1ZgpUxfWqFthTXoIioS6VhSkUQHa0Ay6xc3
+ieaYhIzOS52IYbqLQLgyOLHb2TxMsmHltlnGAgpJrlnon/48OPkmYsUOA3XpqXfo
+KBiCr6QNK+wPunPKPA2stHsqykC1///Hjrz9G8ZibDH5ESu96vgMjxqkpI1bgRyS
+69XrzctGnwwLaXzhrsNPlP+D/VkSyhrRGih3AHXXdda6s5hqEu8yaSN0kP4oG7gL
+wZcbMRttpIW/ZvihypwUyHSgVsZFeuW8PnDzQF7QwMg88rIBExaTz1RQA9zF7Ft7
+AXbf39HewK1XfLnuZdtYlu5zZBz1Qc/7Q4M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
new file mode 100644
index 000000000..d02e04de5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_cert_version/ss-v4-noBC.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ss-v4-noBC
+subject:ss-v4-noBC
+version:4
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
new file mode 100644
index 000000000..2c244aad7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids.js
@@ -0,0 +1,62 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that invalid OID encodings are detected in the Cert Viewer Details tab.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_certviewer_invalid_oids/${filename}.pem`);
+}
+
+function test(certFilename, expectedOIDText) {
+  let cert = certFromFile(certFilename);
+  let certDumpTree = Cc["@mozilla.org/security/nsASN1Tree;1"]
+                       .createInstance(Ci.nsIASN1Tree);
+  certDumpTree.loadASN1Structure(cert.ASN1Structure);
+  let actualOIDText = certDumpTree.getDisplayData(9);
+
+  equal(actualOIDText, expectedOIDText,
+        "Actual and expected OID text should match");
+}
+
+function run_test() {
+  test("bug483440-attack2b",
+       "Object Identifier (2 5 4 Unknown) = www.bank.com\n" +
+       "OU = Hacking Division\n" +
+       "CN = www.badguy.com\nO = Badguy Inc\n");
+
+  test("bug483440-pk10oflo",
+       "Object Identifier (2 5 4 Unknown) = www.bank.com\n" +
+       "OU = Hacking Division\n" +
+       "CN = www.badguy.com\nO = Badguy Inc\n");
+
+  test("bug483440-attack7",
+
+       // Check 88 80 80 80 01, not leading, have to pass
+       "Object Identifier (2 5 4 2147483649) = attack1\n" +
+
+       // Check 90 80 80 80 01, not leading, have to fail
+       "Object Identifier (2 5 4 Unknown) = attack2\n" +
+
+       // Check 80 80 80 80 80, not leading, have to fail
+       "Object Identifier (2 5 4 Unknown) = attack3\n" +
+
+       // Check 81 81, trailing, have to fail
+       "Object Identifier (2 5 4 3 Unknown) = attack4\n" +
+
+       // Check FF FF FF 7F, not leading, have to pass
+       "Object Identifier (2 5 4 268435455) = attack5\n" +
+
+       // Check 80 leading, have to fail
+       "Object Identifier (Unknown 3) = attack6\n" +
+
+       // Check 14757 = 2*40 + 14677 leading single byte encoded as F325,
+       // have to pass
+       "Object Identifier (2 14677 4 3) = attack7\n");
+}
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem
new file mode 100644
index 000000000..8adcf2ac1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack2b.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICKDCCAZGgAwIBAgIFAIyjFPowDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO

+KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0NzU2WhcN

+MTkwMzE0MTg0NzU2WjBhMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53

+d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEWMBQGBFUE

+gAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2YvL

+GgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYXgHtr/do9ppJP

+BhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/ph+/zrjTw+kU

+m+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMwDAYDVR0TAQH/

+BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAKHl1G

+vaXftj5QPK3eIT6Q3fWuGKR39grlg5GL/WocPanYycOlm9zvT1Hx95cY6msIXSKp

+xycndJ02ODX35DDgolV6VHUsM9yoagk+eqs5kCqW2qiv3moIshL0yWVhuCobMA+E

+D3wHFCPqVU+igRdCrEQDxZHoFOR4J/DKHfGANg==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem
new file mode 100644
index 000000000..778e7aced
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-attack7.pem
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICljCCAf+gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkDERMA8GBPMlBAMTB2F0

+dGFjazcxEDAOBgOABAMTB2F0dGFjazYxEzARBgZVBP///38TB2F0dGFjazUxEjAQ

+BgVVBAOBgRMHYXR0YWNrNDEUMBIGB1UEgICAgIATB2F0dGFjazMxFDASBgdVBJCA

+gIABEwdhdHRhY2syMRQwEgYHVQSIgICAARMHYXR0YWNrMTAeFw0wOTA0MTMxNDAw

+MzdaFw0yOTA0MTMxNDAwMzdaMIGQMREwDwYE8yUEAxMHYXR0YWNrNzEQMA4GA4AE

+AxMHYXR0YWNrNjETMBEGBlUE////fxMHYXR0YWNrNTESMBAGBVUEA4GBEwdhdHRh

+Y2s0MRQwEgYHVQSAgICAgBMHYXR0YWNrMzEUMBIGB1UEkICAgAETB2F0dGFjazIx

+FDASBgdVBIiAgIABEwdhdHRhY2sxMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

+gQC77fQ1wrywBnVmr8XO0/78/qFOz+sjnMlpBvLx5UImittgMNSgEqNulRDbO0qG

+K4tlFF2sNsS7aOun6Cq7yl2+a8mIljmjzs+iwCLOEAkQTOM4RsdCosJVy/fjwmH1

+xI0uXt5cPkA0FM7B/IZSzWSC+2gY1+u1AhRJ35bXDhu92wIDAQABMA0GCSqGSIb3

+DQEBBQUAA4GBAFZitQjsQJ1+XsxKchBefilaHsi4oncc05P29IXcRbHI8wK2vNk8

+kkG2c6M4a4Rx1R4C3n99NwXH4vyNUbA9FuMSAdjaS3TW3zm8lKNCuIWGuI2Vvefy

++wNcCfb8B4AuP8pZOqqKsspgiBAE1EPPErnb7nMVLCnf+ts9ARXLBZTi
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem
new file mode 100644
index 000000000..7daef524b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_certviewer_invalid_oids/bug483440-pk10oflo.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICMTCCAZqgAwIBAgIFAIyjFTAwDQYJKoZIhvcNAQEFBQAwKDEXMBUGA1UEAwwO

+KgB3d3cubXlDQS5vcmcxDTALBgNVBAMTBG15Q0EwHhcNMDkwMzE0MTg0ODI0WhcN

+MTkwMzE0MTg0ODI0WjBqMRMwEQYDVQQKEwpCYWRndXkgSW5jMRcwFQYDVQQDEw53

+d3cuYmFkZ3V5LmNvbTEZMBcGA1UECxMQSGFja2luZyBEaXZpc2lvbjEfMB0GDVUE

+goCAgICAgICAgAMTDHd3dy5iYW5rLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw

+gYkCgYEA2YvLGgmF0OTLBKz0nYTvR+DlnZai7b2MqAIM9IUEpMfqzJPNYCsXziYX

+gHtr/do9ppJPBhDjeyIGEOSpgBqdkWItxlLopUHnf8VKwnDPPj4KkNyXuTLm60X/

+ph+/zrjTw+kUm+/kVYstgGMuTIoTuu7loxCqqeVlAgc5lzTpUhkCAwEAAaMlMCMw

+DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUF

+AAOBgQBr+ekYoADBm6kbHBR1oc/6O9ZciRsTbxIAl3xjA3kNEeiUXXSoe+1dlt3Z

+7D6EaQztqR8usCW728J3vi8p/XxociK3r4aq0Sxu29gp21N1V/Um8y3ssI+Yt9Im

+oHlo5ikUXra5PtGAwi4FymrU5dWlHxYk1PlNP5nsvxdElPZnZA==
+-----END CERTIFICATE-----
diff --git a/security/manager/ssl/tests/unit/test_constructX509FromBase64.js b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
new file mode 100644
index 000000000..d44e249c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_constructX509FromBase64.js
@@ -0,0 +1,69 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that ConstructX509FromBase64() accepts valid input and rejects invalid
+// input.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function excMessage(e) {
+  if (e.message) {
+    let msg = e.message;
+    if (e.data) {
+      msg = msg + ": " + e.data;
+    }
+    return msg;
+  }
+
+  return e.toString();
+}
+
+function testGood(data) {
+  try {
+    let cert = certDB.constructX509FromBase64(data.cert);
+    equal(cert.commonName, data.cn,
+          "Actual and expected commonName should match");
+  } catch (e) {
+    do_print(`Exception: ${excMessage(e)}`);
+    ok(false, `Should not have gotten an exception for "CN=${data.cn}"`);
+  }
+}
+
+function testBad(data) {
+  throws(() => certDB.constructX509FromBase64(data.input), data.result,
+         `Should get "${data.result}" for "${data.input}"`);
+}
+
+function run_test() {
+  const badCases = [
+    // Wrong type or too short
+    { input: null, result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "=", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    { input: "==", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not base64
+    { input: "forty-four dead stone lions", result: /NS_ERROR_ILLEGAL_VALUE/ },
+    // Not a cert
+    { input: "Zm9ydHktZm91ciBkZWFkIHN0b25lIGxpb25z",
+      result: /NS_ERROR_FAILURE/ },
+  ];
+
+  // Real certs with all three padding levels
+  const goodCases = [
+    { cn: "A", cert: "MIHhMIGcAgEAMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTAUEwHhcNMTEwMzIzMjMyNTE3WhcNMTEwNDIyMjMyNTE3WjAMMQowCAYDVQQDEwFBMEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxANFm7ZCfYNJViaDWTFuMClX3+9u18VFGiyLfM6xJrxir4QVtQC7VUC/WUGoBUs9COQIDAQABMA0GCSqGSIb3DQEBBQUAAzEAx2+gIwmuYjJO5SyabqIm4lB1MandHH1HQc0y0tUFshBOMESTzQRPSVwPn77a6R9t" },
+    { cn: "Bo", cert: "MIHjMIGeAgEAMA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNVBAMTAkJvMB4XDTExMDMyMzIzMjYwMloXDTExMDQyMjIzMjYwMlowDTELMAkGA1UEAxMCQm8wTDANBgkqhkiG9w0BAQEFAAM7ADA4AjEA1FoSl9w9HqMqVgk2K0J3OTiRsgHeNsQdPUl6S82ME33gH+E56PcWZA3nse+fpS3NAgMBAAEwDQYJKoZIhvcNAQEFBQADMQAo/e3BvQAmygiATljQ68tWPoWcbMwa1xxAvpWTEc1LOvMqeDBinBUqbAbSmPhGWb4=" },
+    { cn: "Cid", cert: "MIHlMIGgAgEAMA0GCSqGSIb3DQEBBQUAMA4xDDAKBgNVBAMTA0NpZDAeFw0xMTAzMjMyMzI2MzJaFw0xMTA0MjIyMzI2MzJaMA4xDDAKBgNVBAMTA0NpZDBMMA0GCSqGSIb3DQEBAQUAAzsAMDgCMQDUUxlF5xKN+8KCSsR83sN+SRwJmZdliXsnBB7PU0OgbmOWN0u8yehRkmu39kN9tzcCAwEAATANBgkqhkiG9w0BAQUFAAMxAJ3UScNqRcjHFrNu4nuwRldZLJlVJvRYXp982V4/kYodQEGN4gJ+Qyj+HTsaXy5x/w==" }
+  ];
+
+  for (let badCase of badCases) {
+    testBad(badCase);
+  }
+  for (let goodCase of goodCases) {
+    testGood(goodCase);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_content_signing.js b/security/manager/ssl/tests/unit/test_content_signing.js
new file mode 100644
index 000000000..99ea33a3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing.js
@@ -0,0 +1,266 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// These tests ensure content signatures are working correctly.
+
+// First, we need to set up some data
+const PREF_SIGNATURE_ROOT = "security.content.signature.root_hash";
+
+const TEST_DATA_DIR = "test_content_signing/";
+
+const ONECRL_NAME = "oneCRL-signer.mozilla.org";
+const ABOUT_NEWTAB_NAME = "remotenewtab.content-signature.mozilla.org";
+
+function getSignatureVerifier() {
+  return Cc["@mozilla.org/security/contentsignatureverifier;1"]
+           .createInstance(Ci.nsIContentSignatureVerifier);
+}
+
+function setRoot(filename) {
+  let cert = constructCertFromFile(filename);
+  Services.prefs.setCharPref(PREF_SIGNATURE_ROOT, cert.sha256Fingerprint);
+}
+
+function loadChain(prefix, names) {
+  let chain = [];
+  for (let name of names) {
+    let filename = `${prefix}_${name}.pem`;
+    chain.push(readFile(do_get_file(filename)));
+  }
+  return chain;
+}
+
+function run_test() {
+  // set up some data
+  const DATA = readFile(do_get_file(TEST_DATA_DIR + 'test.txt'));
+  const GOOD_SIGNATURE = "p384ecdsa=" +
+      readFile(do_get_file(TEST_DATA_DIR + 'test.txt.signature'))
+      .trim();
+
+  const BAD_SIGNATURE = "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2r" +
+                        "UWM4GJke4pE8ecHiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1G" +
+                        "q25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L";
+
+  let remoteNewTabChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["remote_newtab_ee", "int", "root"]);
+
+  let oneCRLChain = loadChain(TEST_DATA_DIR + "content_signing",
+                              ["onecrl_ee", "int", "root"]);
+
+  let oneCRLBadKeyChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["onecrl_wrong_key_ee", "int", "root"]);
+
+  let oneCRLRSAKeyChain = loadChain(TEST_DATA_DIR + "content_signing",
+                                    ["onecrl_RSA_ee", "int", "root"]);
+
+  let noSANChain = loadChain(TEST_DATA_DIR + "content_signing",
+                             ["onecrl_no_SAN_ee", "int", "root"]);
+
+  // Check signature verification works without error before the root is set
+  let chain1 = oneCRLChain.join("\n");
+  let verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME),
+     "Before the root is set, signatures should fail to verify but not throw.");
+
+  setRoot(TEST_DATA_DIR + "content_signing_root.pem");
+
+  // Check good signatures from good certificates with the correct SAN
+  verifier = getSignatureVerifier();
+  ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME),
+     "A OneCRL signature should verify with the OneCRL chain");
+  let chain2 = remoteNewTabChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2,
+                                     ABOUT_NEWTAB_NAME),
+     "A newtab signature should verify with the newtab chain");
+
+  // Check a bad signature when a good chain is provided
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, BAD_SIGNATURE, chain1, ONECRL_NAME),
+     "A bad signature should not verify");
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature
+  let badKeyChain = oneCRLBadKeyChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badKeyChain,
+                                      ONECRL_NAME),
+     "A signature should not verify if the signing key is wrong");
+
+  // Check a good signature from cert with good SAN but a different key than the
+  // one used to create the signature (this time, an RSA key)
+  let rsaKeyChain = oneCRLBadKeyChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, rsaKeyChain,
+                                      ONECRL_NAME),
+     "A signature should not verify if the signing key is wrong (RSA)");
+
+  // Check a good signature from cert with good SAN but with chain missing root
+  let missingRoot = [oneCRLChain[0], oneCRLChain[1]].join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingRoot,
+                                      ONECRL_NAME),
+     "A signature should not verify if the chain is incomplete (missing root)");
+
+  // Check a good signature from cert with good SAN but with no path to root
+  let missingInt = [oneCRLChain[0], oneCRLChain[2]].join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, missingInt,
+                                      ONECRL_NAME),
+     "A signature should not verify if the chain is incomplete (missing int)");
+
+  // Check good signatures from good certificates with the wrong SANs
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      ABOUT_NEWTAB_NAME),
+     "A OneCRL signature should not verify if we require the newtab SAN");
+
+  chain2 = remoteNewTabChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain2,
+                                      ONECRL_NAME),
+     "A newtab signature should not verify if we require the OneCRL SAN");
+
+  // Check good signatures with good chains with some other invalid names
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ""),
+     "A signature should not verify if the SANs do not match an empty name");
+
+  let relatedName = "subdomain." + ONECRL_NAME;
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      relatedName),
+     "A signature should not verify if the SANs do not match a related name");
+
+  let randomName = "\xb1\x9bU\x1c\xae\xaa3\x19H\xdb\xed\xa1\xa1\xe0\x81\xfb" +
+                   "\xb2\x8f\x1cP\xe5\x8b\x9c\xc2s\xd3\x1f\x8e\xbbN";
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, randomName),
+     "A signature should not verify if the SANs do not match a random name");
+
+  // check good signatures with chains that have strange or missing SANs
+  chain1 = noSANChain.join("\n");
+  verifier = getSignatureVerifier();
+  ok(!verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1,
+                                      ONECRL_NAME),
+     "A signature should not verify if the SANs do not match a supplied name");
+
+  // Check malformed signature data
+  chain1 = oneCRLChain.join("\n");
+  let bad_signatures = [
+    // wrong length
+    "p384ecdsa=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi-" +
+    "7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L==",
+    // incorrectly encoded
+    "p384ecdsa='WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ecHiXoi" +
+    "-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L=",
+    // missing directive
+    "other_directive=WqRXFQ7tnlVufpg7A-ZavXvWd2Zln0o4woHBy26C2rUWM4GJke4pE8ec" +
+    "HiXoi-7KnZXty6Pe3s4o3yAIyKDP9jUC52Ek1Gq25j_X703nP5rk5gM1qz5Fe-qCWakPPl6L",
+    // actually sha256 with RSA
+    "p384ecdsa=XS_jiQsS5qlzQyUKaA1nAnQn_OvxhvDfKybflB8Xe5gNH1wNmPGK1qN-jpeTfK" +
+    "6ob3l3gCTXrsMnOXMeht0kPP3wLfVgXbuuO135pQnsv0c-ltRMWLe56Cm4S4Z6E7WWKLPWaj" +
+    "jhAcG5dZxjffP9g7tuPP4lTUJztyc4d1z_zQZakEG7R0vN7P5_CaX9MiMzP4R7nC3H4Ba6yi" +
+    "yjlGvsZwJ_C5zDQzWWs95czUbMzbDScEZ_7AWnidw91jZn-fUK3xLb6m-Zb_b4GAqZ-vnXIf" +
+    "LpLB1Nzal42BQZn7i4rhAldYdcVvy7rOMlsTUb5Zz6vpVW9LCT9lMJ7Sq1xbU-0g=="
+    ];
+  for (let badSig of bad_signatures) {
+    throws(() => {
+      verifier = getSignatureVerifier();
+      verifier.verifyContentSignature(DATA, badSig, chain1, ONECRL_NAME);
+    }, /NS_ERROR/, `Bad or malformed signature "${badSig}" should be rejected`);
+  }
+
+  // Check malformed and missing certificate chain data
+  let chainSuffix = [oneCRLChain[1], oneCRLChain[2]].join("\n");
+  let badChains = [
+    // no data
+    "",
+    // completely wrong data
+    "blah blah \n blah",
+    ];
+
+  let badSections = [
+    // data that looks like PEM but isn't
+    "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n",
+    "-----BEGIN CERTIFICATE-----\nBSsPRlYp5+gaFMRIczwUzaioRfteCjr94xyz0g==\n-----END CERTIFICATE-----",
+    // data that will start to parse but won't base64decode
+    "-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n-----END CERTIFICATE-----",
+    // data with garbage outside of PEM sections
+    "this data is garbage\n-----BEGIN CERTIFICATE-----\nnon-base64-stuff\n" +
+    "-----END CERTIFICATE-----",
+    ];
+
+  for (let badSection of badSections) {
+    // ensure we test each bad section on its own...
+    badChains.push(badSection);
+    // ... and as part of a chain with good certificates
+    badChains.push(badSection + '\n' + chainSuffix);
+  }
+
+  for (let badChain of badChains) {
+    throws(() => {
+      verifier = getSignatureVerifier();
+      verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, badChain,
+                                      ONECRL_NAME);
+    }, /NS_ERROR/, `Bad chain data starting "${badChain.substring(0, 80)}" ` +
+                   "should be rejected");
+  }
+
+  // Check the streaming interface works OK when a good chain / data
+  // combination is provided
+  chain1 = oneCRLChain.join("\n");
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  verifier.update(DATA);
+  ok(verifier.end(),
+     "A good signature should verify using the stream interface");
+
+  // Check that the streaming interface works with multiple update calls
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  for (let c of DATA) {
+    verifier.update(c);
+  }
+  ok(verifier.end(),
+     "A good signature should verify using multiple updates");
+
+  // Check that the streaming interface works with multiple update calls and
+  // some data provided in CreateContext
+  verifier = getSignatureVerifier();
+  let start = DATA.substring(0, 5);
+  let rest = DATA.substring(start.length);
+  verifier.createContext(start, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  for (let c of rest) {
+    verifier.update(c);
+  }
+  ok(verifier.end(),
+     "A good signature should verify using data in CreateContext and updates");
+
+  // Check that a bad chain / data combination fails
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  ok(!verifier.end(),
+     "A bad signature should fail using the stream interface");
+
+  // Check that re-creating a context throws ...
+  verifier = getSignatureVerifier();
+  verifier.createContext("", GOOD_SIGNATURE, chain1, ONECRL_NAME);
+
+  // ... firstly, creating a context explicitly
+  throws(() => {
+    verifier.createContext(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  }, /NS_ERROR/, "Ensure a verifier cannot be re-used with createContext");
+
+  // ... secondly, by calling verifyContentSignature
+  throws(() => {
+    verifier.verifyContentSignature(DATA, GOOD_SIGNATURE, chain1, ONECRL_NAME);
+  }, /NS_ERROR/, "Ensure a verifier cannot be re-used with verifyContentSignature");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
new file mode 100644
index 000000000..f58505cd3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC0TCCAbugAwIBAgIUPcKbBQpKwTzrrlqzM+d3z5DWiNUwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBExDzANBgNVBAMMBmludC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMlMCMwDAYDVR0TBAUwAwEB/zAT
+BgNVHSUEDDAKBggrBgEFBQcDAzALBgkqhkiG9w0BAQsDggEBADDPjITgz8joxLRW
+wpLxELKSgO/KQ6iAXztjMHq9ovT7Fy0fqBnQ1mMVFr+sBXLgtUCM45aip6PjhUXc
+zs5Dq5STg+kz7qtmAjEQvOPcyictbgdu/K7+uMhXQhlzhOgyW88Uk5vrAezNTc/e
+TvSmWp1FcgVAfaeMN/90nzD1KIHoUt7zqZIz9ub8jXPVzQNZq4vh33smZhmbdTdV
+DaHUyef5cR1VTEGB+L1qzUIQqpHmD4UkMNP1nYedWfauiQhRt6Ql3rJSCRuEvsOA
+iBTJlwai/EFwfyfHkOV2GNgv+A5wHHEjBtF5c4PCxQEL5Vw+mfZHLsDVqF3279ZY
+lQ6jQ9g=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
new file mode 100644
index 000000000..4134a73c6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-CA
+extension:basicConstraints:cA,
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
new file mode 100644
index 000000000..fbd0d7980
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8DCCAdqgAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HH
+Jajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOr
+IMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQ
+sVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLA
+dTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQE
+LL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjPTA7MBMGA1UdJQQM
+MAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNSTC1zaWduZXIubW96aWxsYS5v
+cmcwCwYJKoZIhvcNAQELA4IBAQBTTQDoiUsS4p1kfxxqOaL1vUTZyVEDKqiKq1W0
+2smYooB7KrL4yG5zKCwVKXpRlOHG/933jrEWo0SRacY09Qdj/VL1VdPpF6HbQHNc
++znwW4bGZFqtQozlHCYn6+1+3vOI4Y82RfczvqgaJK9rJ4PLuvdZbjAddW79KKdP
+0JEsrMzroPGjgAr/iudYAR4lnqYUxpe878O8ncWtKD3jontIxiC58nzgYZBSMCVw
+R/T9WwO2XFGGZ3y0DvO02svVfOAF7P8smV/cD7ACgwI0udG9JDwrd3fyMIh92lbU
+bIVcCdPNWlFZKJNP8WULSbde4p6WKX1tqnXSDdSZ3b0et4T6
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
new file mode 100644
index 000000000..b69737823
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_RSA_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-int-CA
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
new file mode 100644
index 000000000..999885dcf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICQjCCASygAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jPTA7MBMGA1UdJQQMMAoGCCsGAQUFBwMDMCQGA1UdEQQdMBuCGW9uZUNS
+TC1zaWduZXIubW96aWxsYS5vcmcwCwYJKoZIhvcNAQELA4IBAQAdPgCR5gCHDNv/
+RXgLEcsGDS/kvBpVilsz6+DQpg/9tfDoMb4QOM/BDXqrm3ndt6mBs61cImvd3R29
+47Kej5a/BlFHqdM4Il2iqmjb7CfICAtnQ46dxGamQwr4fR8iD7Etlc71bcygsSL9
+u4CvD1pUTm2xyDfLMAy9phkI6RouvSnt5hk8MI7q1x6RCfJDflU1EdGdeJyOajeD
+fYAW6kanTkcjnOkpBCQrfK2xY27OVgWqw/yoBUHrtxDHIV5cE9+SckF5gTP9JbNq
+MjATfQx6XeLC8TbtuhK4Vo5RLfbKzP74748ko9qwKRK3F5hGOqFBaCxyTX7jVblS
+Td7ydc86
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
new file mode 100644
index 000000000..2034a7299
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
new file mode 100644
index 000000000..725374c14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHDCCAQagAwIBAgIUNVa2/jSdRUf8hvS8AEu+NWYfnwkwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jFzAVMBMGA1UdJQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEA
+h0470fGH1d3Gmeu1LCTH44p7FRvTx/+MR7X8Ava3wzl593jpLlBd0vJY6JWL7z4u
+kfnSAvTh2S96Dx3jPv0dZLUTHSyTQAWsWmnD2lyjQ/SIoFIE+NewJLdoEqcWflbh
+Q49IIIsTC3OfUIYa1dxhhOpYNtj2esWM7JePnVIxk3+G8QYUfnFIEutZvXaBjAib
+6dk4NZncXZjMTMOm9VvgbCP7gGie8k+30Q0Y7mRAQQxbU9HIWv/9tUzLw7qR5ZyV
+1eIP8w00ReO8Jmk7Tfq9xRmIMBlDymM8IBh1Khi/0vvrhgCHEXTjrVsjFQZ2JYvB
+Qn8GjIS109A7WVE8xhUbMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
new file mode 100644
index 000000000..fc0874be0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_no_SAN_ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
new file mode 100644
index 000000000..91f5e2dea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJTCCAQ+gAwIBAgIUeWWcI0wMEtNxrf9r/WvrV4Y5DFQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAARPv7u7YeD4+bGmClmshwTi7AULQj489y6SPyxPeUtFXCpp0jNFbDbE
+EZ0HBuAO7cjRk5DXmRt7LQejBOqgSqbAoz0wOzATBgNVHSUEDDAKBggrBgEFBQcD
+AzAkBgNVHREEHTAbghlvbmVDUkwtc2lnbmVyLm1vemlsbGEub3JnMAsGCSqGSIb3
+DQEBCwOCAQEAZdHYo1BBgUO2sRvPIC3AQz+7MIdEFHoOZapM7eDK+G/4mnIEj5z5
+XW/n5hLop160K4hr+kUcW63XxisuuOBBvclnE9dgg0Sb0rFvJCVz7t1D4QHwWdou
+Sd0wXXTT+zeh40KPt2LSS6rT37o8TI1VTE7XkjfXGufKDQHk08sKEDgyab6Hy8gz
+eVcm2sMv+hwaMvFTjUws4o7zvcTqEvTa+4KxyySYDXB29jcKu60Sdjcm4hlNgJjU
+tQZTTV+k+yjg8oQKuNM0YWiKisJO/HtkHLTUyHwjiY+OV2krzoPCHvmUeSOhf2Gk
+bdOy6AgcCgqmjOFiCmWMJMKb7EvXfvVMXQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
new file mode 100644
index 000000000..f5cb96226
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_onecrl_wrong_key_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp256r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:oneCRL-signer.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
new file mode 100644
index 000000000..7bac9e8c7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUzCCAT2gAwIBAgIUJ1BtYqWRwUsVaZCGPp9eTHIC04QwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmludC1DQTAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAUMRIwEAYDVQQDDAllZS1pbnQtQ0EwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtgjiUt5LcTLajOmOgxU05q
+nAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalxA74oiM/wAvBa9xof3cyD
+dKpuqc6jTjBMMBMGA1UdJQQMMAoGCCsGAQUFBwMDMDUGA1UdEQQuMCyCKnJlbW90
+ZW5ld3RhYi5jb250ZW50LXNpZ25hdHVyZS5tb3ppbGxhLm9yZzALBgkqhkiG9w0B
+AQsDggEBALiLck6k50ok9ahVq45P3feY1PeUXcIYZkJd8aPDYM+0kfg5+JyJBykA
+mtHWPE1QQjs7VRMfaLfu04E4UJMI2V1AON1qtgR9BQLctW85KFACg2omfiCKwJh0
+5Q8cxBFx9BpNMayqLJwHttB6oluxZFTB8CL/hfpbYpHz1bMEDCVSRP588YBrc8mV
+OLqzQK+k3ewwGvfD6SvXmTny37MxqwxdTPFJNnpqzKAsQIvz8Skic9BkA1NFk0Oq
+lsKKoiibbOCmwS9XY/laAkBaC3winuhciYAC0ImAopZ4PBCU0AOHGrNbhZXWYQxt
+uHBj34FqvIRCqgM06JCEwN0ULgix4kI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
new file mode 100644
index 000000000..44fa64518
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_remote_newtab_ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int-CA
+subject:ee-int-CA
+subjectKey:secp384r1
+extension:extKeyUsage:codeSigning
+extension:subjectAlternativeName:remotenewtab.content-signature.mozilla.org
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem
new file mode 100644
index 000000000..b1ac172b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUKRLJoCmk0A6PHrNc8CxFn//4BYcwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyUwIzAMBgNVHRMEBTADAQH/MBMGA1Ud
+JQQMMAoGCCsGAQUFBwMDMAsGCSqGSIb3DQEBCwOCAQEAABgMK6EyVIXTjD5qaxPO
+DWz6yREACmAQBcowKWvfhwgi27DPSXyFGDbzTPEo+7RrIcXJkVAhLouGT51fCwTZ
+zb6Sgf6ztX7VSppY9AT4utvlZKP1xQ5WhIYsMtdHCHLHIkRjeWyoBEfUx50UXNLK
+Snl+A02GKYWiX+TLLg2DPN2s7v/mm8NLMQNgUlL7KakB2FHFyPa8otPpL4llg7UJ
+iBTVQ0c3JoiVbwZaY1Z8QinfMXUrTK9egUC4BAcId1dE8glzA5RRlw1fTLWpGApt
+hUmbDnl9N2a9NhGX323ypNzIATexafipzWe7bc4u/+bFdrUqnKUoEka73pZBdHdA
+FQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec
new file mode 100644
index 000000000..f5e387b0c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/content_signing_root.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:extKeyUsage:codeSigning
diff --git a/security/manager/ssl/tests/unit/test_content_signing/moz.build b/security/manager/ssl/tests/unit/test_content_signing/moz.build
new file mode 100644
index 000000000..83e797900
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'content_signing_int.pem',
+#    'content_signing_onecrl_RSA_ee.pem',
+#    'content_signing_onecrl_ee.pem',
+#    'content_signing_onecrl_no_SAN_ee.pem',
+#    'content_signing_onecrl_wrong_key_ee.pem',
+#    'content_signing_remote_newtab_ee.pem',
+#    'content_signing_root.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_content_signing/pysign.py b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
new file mode 100644
index 000000000..c68c45b52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/pysign.py
@@ -0,0 +1,29 @@
+#!/usr/bin/env python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"""
+Create an ECDSA signature on the P-384 curve using the SHA-384 hash of data from
+stdin. The key used for the signature is the secp384r1Encoded key used in pykey
+and pycert.
+
+The certificates for the content signature tests make use of this program.
+You can use pysign.py like this:
+
+cat test.txt | python pysign.py > test.txt.signature
+"""
+
+import base64
+import binascii
+import ecc
+import pykey
+
+from sys import stdin
+
+data = stdin.read()
+
+key = ecc.Key.Key.decode(binascii.unhexlify(pykey.ECCKey.secp384r1Encoded))
+sig = key.sign("Content-Signature:\00" + data, 'sha384')
+print base64.b64encode(sig).replace('+', '-').replace('/', '_')
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt b/security/manager/ssl/tests/unit/test_content_signing/test.txt
new file mode 100644
index 000000000..2daac1cb0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt
@@ -0,0 +1 @@
+This is a test file to test content-signature verification with a PKI.
diff --git a/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
new file mode 100644
index 000000000..e61398147
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_content_signing/test.txt.signature
@@ -0,0 +1 @@
+hSvmvvA7_QLedDsjRJGBevqLwjPILx1EtWSPP4A0fepaWWPuuZRB8VfDT2j07bKDacRsbmJjmvg_R4CpKmnoWF8-2w5lSszlFFDqYSvQVQxpKhu-HMM_qquu_l0KecQ2
diff --git a/security/manager/ssl/tests/unit/test_datasignatureverifier.js b/security/manager/ssl/tests/unit/test_datasignatureverifier.js
new file mode 100644
index 000000000..0479c4d3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_datasignatureverifier.js
@@ -0,0 +1,193 @@
+"use strict";
+
+const keys = [
+// RSA key
+"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK426erD/H3XtsjvaB5+PJqbhj" +
+"Zc9EDI5OCJS8R3FIObJ9ZHJK1TXeaE7JWqt9WUmBWTEFvwS+FI9vWu8058N9CHhD" +
+"NyeP6i4LuUYjTURnn7Yw/IgzyIJ2oKsYa32RuxAyteqAWqPT/J63wBixIeCxmysf" +
+"awB/zH4KaPiY3vnrzQIDAQAB",
+
+// RSA key
+"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHe69VsjNCwnGF9YGZLgnobp3D" +
+"c1KgWzpbT+f12vVKkV3YBpA9KMVMy6wpxlDjvLJjfp/0HvaH7aaz/7kgxZw70Y60" +
+"LaJtkAcl1ZVAxS2lQKRTAzZ0RhoTSI1xVqGTjiQakgVdUeghtnqqwp5o1inZv3Qh" +
+"nUOMNPyAV8zGt+ZQHQIDAQAB",
+
+// Invalid key data ("foobar" base 64 encoded)
+"Zm9vYmFy"
+];
+
+const data = [
+"Test data for data signature verifier",
+"The quick brown fox jumps over the lazy dog..."
+];
+
+const signatures = [
+// Key 0, Data 0, MD2 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBAgUAA4GBALe3hO76UCpI8b1/oJUCIPmC6AbnMAMlAqo7" +
+"pc3TaWmU9wISWmXSrwNmr/QQNjWDn4nzQn8/K/Ac+tszaXib6fVLKA1a6e+/E0qE" +
+"OIKFwUiDWCkGDgxM8aYiTgoSZub/5rokgse+ivuCRSVTv9mSxRzKwj+Cvp1EjKCT" +
+"iIl3nnTh",
+
+// Key 0, Data 0, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAGGb2QkA8LcA+QZj1SoVFmMpVTd9P5Ac0Rjb" +
+"ldouMmngztMV/dxymVKCpknqelhsxTQ/zaqGZ4KKzcIffJa9jXi5XUD8XzDIKcFE" +
+"dQvti8oUNDPb6l1ybETI8LKh2ywyBCSZ/Q5BwUeS9nfx+4cAnu9YZf29SGljit+Y" +
+"XLPKZ+of",
+
+// Key 0, Data 0, SHA1 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBQUAA4GBAHcl6tqR5yjTDUJ5NiLOdIB4I6/C/rS2WW5a" +
+"7MVhYYhBgaZyGaem4LLT/REloOOLwPNMcmSEpwexqMSATbl9AAoJPq/wO3l4cZpO" +
+"tDkLlafsiwnqK156YvHp50zUq5Os28d6Bq/Nl2qjH1yizwlIEo0o9qo8Cq6QK3j2" +
+"MdFCopgk",
+
+// Key 0, Data 0, SHA256 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAAOtDvzWwbYK7zLUz0F3e3wmkL1YWXuD/GzQ" +
+"LgwOg6VWtn9v54M9nfv/+iX+m4udzIwHZU7utYM31vtwqRC36l0QKo2VMbiLySX+" +
+"uHnSK40Kk4SfBvMF1wuz6BQ8ia8uTjPPfC764dB1N7gQdgdRevLTrh2EU6+DLmSS" +
+"Sm1QJm9/",
+
+// Key 0, Data 0, SHA384 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAMWB3DskcGuGXpi3TO2Pm0g915EIvm5aOeXQ" +
+"sbs0ZGOwPyzYN1kKOmEpGHMeRhcIIBcF80ZC5N6dsTxeMGkFGOqhvB/HNl7gXMqF" +
+"OA8mG9vAcwfMeJlY4H5WbYD8bUn72UbIuS+sURLvWVhuIFBYPHHU7KVUaGAWl0rp" +
+"hCa4Dk37",
+
+// Key 0, Data 0, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAFkm61zH8Y0J5PA4GtOvoZA6w/SzHg5jFP11" +
+"gmXki81VgKwLF7Gyj4wRBX7Q9c8cNrNeoGZb12NUUxlR+u6J6VxcosVPKrCz7Xfj" +
+"LPi6+A1dNV5eH2B6tZR6wIiEatAWNIXxQZEJbj9BWefRFq6NnKhR5A/MEPnrZyoR" +
+"Da3YsDV3",
+
+// Key 0, Data 1, MD2 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBAgUAA4GBAJjwosJK6jV9Bt6HhrFn7+48LRhamjWjzs7a" +
+"cf5D/GTuul6aQQvQJ4Lt26KTyh3VglaQJFToH0Ik/fR1lOJS3tCPr1RRH06cKZgK" +
+"haoUaGR8rmtn678wX067q7ACmKPeqmgj71pHm7O5YgN3z45iAazbUHP4erdbFUf9" +
+"4rOr3L2f",
+
+// Key 0, Data 1, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAC0EAoHWTb4CC+gw7fs5zMaZw7PWoDH1rXMD" +
+"dKoMBDmAW1EXZTfUGUTv0ga3VzuPJKuHHZOFVyFDnt4qFrefzzWs17LiPpN+yVgo" +
+"6vBnpXLeIp7D9n94bz56gv9NZZmy02XQVKDaRc3E4JBC7Ze7RAHuKtWuZRTUKF86" +
+"VXakwW3a",
+
+// Key 0, Data 1, SHA1 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBQUAA4GBABkClr0Ot3aXBKYIiARdwpX8etDQO/Eqjxe8" +
+"pJyaqwj/P+x8j9/CbtJKJJTxvYmV9AhdgLPgoWjcTkfvqKdb1vpKKbV30QC/TEnu" +
+"ON+66MJgkwrZw6NCDyBRgMTjf4FWR75Ot1DLuu3+7uCswKCJe8la0HMm/AcqUzu1" +
+"SKOPMseI",
+
+// Key 0, Data 1, SHA256 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBCwUAA4GBAE2cIr6Uzo7RISkGgCA5m4K8s9+0iHwzr2u/" +
+"3ICUrTPe4RY2g9RLd6qkwaHD101LW5TQw71fhePIxfWHEhWtTCLS5DnGiucxfGKW" +
+"47gOBJIYf0DG7o5N4lA99j2Zuj+V+yjAcLfq7Su5FwASbD30KqCue1/F03qdXUxj" +
+"ciJeGo2b",
+
+// Key 0, Data 1, SHA384 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDAUAA4GBAK+JfKJNBjw2d2iXT/pe9xMXPkLSkf+gjG2i" +
+"F7B0kBvMGyOVxuvQ4TCx+NFhAUevQugDHgBMkmAieg8mApcWWFWQ+8rbdUFv/hD7" +
+"fHW+QukMgcfLMquh0GtDuoM8ZKFBBvwnPGLLUh+ZMy8fEOjjH+s6bQQSpf072SSJ" +
+"K+Uo8DG2",
+
+// Key 0, Data 1, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAEEvDpyBssG0qFfRamNwkwSjhqYRVFdIa6+E" +
+"xfxdRqW/nxN5HuzFA8aajgSMXX0YFWPXV7OuVjCCJfZWhq7kQpTy96AmI/04rVdr" +
+"9gc5mc2tdLl3Yk/Qd+Xq8WYcQIZ5Ewyo7sr8eKtVhtEM8OtPR54FO2s1pkZwJdVf" +
+"ymMzHBoE",
+
+// Key 1, Data 0, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAAIzLho2i5jfJ5SPPV/u2gUuefzhjEAsUhlL" +
+"Nir4FKhNzB2DZNbME9DtgNvdmZd00IjydYlaJ0dnLiMigXIaRJsyncYazULZdY6i" +
+"i7oP6llbXbszSTbHGolr5kQ+6cZPBBATOkJ+wekDdlvh5cZ+B0Lux4LevUDlGWAy" +
+"uR7bqrc5",
+
+// Key 1, Data 0, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBABsjF8K/SIaY3KTeIGpPEwl1+ZXLKBaHxlRT" +
+"b37PhorSfqW1KFjquCEASUUeFwCQ14uUIBaRQV2haRGA0dRpuWr4zrWZMcDKOsmX" +
+"r5XRvcti9/lNqoIID/Mq0tKtS6aVFZpoHIrwbXpV4hV+BRGhaPxV3RBzEIzM7bWJ" +
+"tN3JY9+1",
+
+// Key 1, Data 1, MD5 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBBAUAA4GBAIAxRPXDAT2LBcOo7yTNr5uIZbPW9rkSX0Ba" +
+"h4sq6YRcxlnohaE2VO0CLGXFNwaBihhkkp+2dA76EvbMo/+O9XTWwroqtWWwvmxs" +
+"tWK6HvwYKnGFKOOZMOjNjmXjk446UVvxYCbU+NPM1LZTewT1/UpPWWRowF/lwX7m" +
+"SnT8d2ds",
+
+// Key 1, Data 1, SHA512 hash algorithm
+"MIGTMA0GCSqGSIb3DQEBDQUAA4GBAF0+XYD/r0Annz1GJ24GTkAlWY/OixCSV6Ix" +
+"OMM7P2d/jgOP+ICKIpxqaSE0CbkLiegUiidIOWvFqDxQJWlAAukDUWISGFfJMFxX" +
+"3jzJ0bBfeNY/1Qo8jMQopcNco/NlNgoSKAUOBtk31aFgNoVC3kWUk6pO97KEiJ+e" +
+"bQp9Z2/M",
+
+// Invalid signature data ("foobar" base 64 encoded)
+"Zm9vYmFy"
+];
+
+const tests = [
+// Data   Signature  Key   Expected   Throws
+// Pass cases
+  [0,     0,         0,    true,      false], //0
+  [0,     1,         0,    true,      false], //1
+  [0,     2,         0,    true,      false], //2
+  [0,     3,         0,    true,      false], //3
+  [0,     4,         0,    true,      false], //4
+  [0,     5,         0,    true,      false], //5
+  [1,     6,         0,    true,      false], //6
+  [1,     7,         0,    true,      false], //7
+  [1,     8,         0,    true,      false], //8
+  [1,     9,         0,    true,      false], //9
+  [1,     10,        0,    true,      false], //10
+  [1,     11,        0,    true,      false], //11
+  [0,     12,        1,    true,      false], //12
+  [0,     13,        1,    true,      false], //13
+  [1,     14,        1,    true,      false], //14
+  [1,     15,        1,    true,      false], //15
+// Incorrect data cases
+  [1,     0,         0,    false,     false], //16
+  [1,     1,         0,    false,     false], //17
+  [1,     2,         0,    false,     false], //18
+  [1,     3,         0,    false,     false], //19
+  [1,     4,         0,    false,     false], //20
+  [1,     5,         0,    false,     false], //21
+  [0,     6,         0,    false,     false], //22
+  [0,     7,         0,    false,     false], //23
+  [0,     8,         0,    false,     false], //24
+  [0,     9,         0,    false,     false], //25
+  [0,     10,        0,    false,     false], //26
+  [0,     11,        0,    false,     false], //27
+// Incorrect key cases
+  [0,     1,         1,    false,     false], //28
+  [0,     5,         1,    false,     false], //29
+  [1,     7,         1,    false,     false], //30
+  [1,     11,        1,    false,     false], //31
+  [0,     12,        0,    false,     false], //32
+  [0,     13,        0,    false,     false], //33
+  [1,     14,        0,    false,     false], //34
+  [1,     15,        0,    false,     false], //35
+// Invalid data cases
+  [0,     0,         2,    false,     true],  //36
+  [0,     1,         2,    false,     true],  //37
+  [0,     16,        0,    false,     true],  //38
+  [1,     16,        0,    false,     true],  //39
+];
+
+function run_test() {
+  let verifier = Cc["@mozilla.org/security/datasignatureverifier;1"]
+                   .createInstance(Ci.nsIDataSignatureVerifier);
+
+  for (let testCase of tests) {
+    let testShouldThrow = testCase[4];
+    if (testShouldThrow) {
+      throws(() => {
+        verifier.verifyData(data[testCase[0]], signatures[testCase[1]],
+                            keys[testCase[2]]);
+      }, /NS_ERROR_FAILURE/, `Test "${testCase}" should throw`);
+    } else {
+      let result = verifier.verifyData(data[testCase[0]],
+                                       signatures[testCase[1]],
+                                       keys[testCase[2]]);
+      equal(result, testCase[3],
+            `Actual and expected result should match for test "${testCase}"`);
+    }
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_der.js b/security/manager/ssl/tests/unit/test_der.js
new file mode 100644
index 000000000..674e939d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_der.js
@@ -0,0 +1,219 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests DER.jsm functionality.
+
+var { DER } = Cu.import("resource://gre/modules/psm/DER.jsm", {});
+
+function run_simple_tests() {
+  throws(() => new DER.DER("this is not an array"), /invalid input/,
+         "should throw given non-array input");
+  throws(() => new DER.DER([0, "invalid input", 1]), /invalid input/,
+         "should throw given non-byte data (string case)");
+  throws(() => new DER.DER([31, 1, {}]), /invalid input/,
+         "should throw given non-byte data (object case)");
+  throws(() => new DER.DER([0.1, 3, 1]), /invalid input/,
+         "should throw given non-byte data (non-integer case)");
+  throws(() => new DER.DER([1, 3, -1]), /invalid input/,
+         "should throw given non-byte data (negative integer case)");
+  throws(() => new DER.DER([1, 300, 79]), /invalid input/,
+         "should throw given non-byte data (large integer case)");
+
+  let testReadByte = new DER.DER([0x0a, 0x0b]);
+  equal(testReadByte.readByte(), 0x0a, "should read 0x0a");
+  equal(testReadByte.readByte(), 0x0b, "should read 0x0b");
+  throws(() => testReadByte.readByte(), /data truncated/,
+         "reading more data than is available should fail");
+
+  let testReadBytes = new DER.DER([0x0c, 0x0d, 0x0e]);
+  deepEqual(testReadBytes.readBytes(3), [0x0c, 0x0d, 0x0e],
+            "should read correct sequence of bytes");
+
+  let testReadNegativeBytes = new DER.DER([0xff, 0xaf]);
+  throws(() => testReadNegativeBytes.readBytes(-4), /invalid length/,
+         "reading a negative number of bytes should fail");
+
+  let testReadZeroBytes = new DER.DER([]);
+  equal(testReadZeroBytes.readBytes(0).length, 0,
+        "reading zero bytes should result in a zero-length array");
+
+  let testReadTooManyBytes = new DER.DER([0xab, 0xcd, 0xef]);
+  throws(() => testReadTooManyBytes.readBytes(4), /data truncated/,
+         "reading too many bytes should fail");
+
+  let testSEQUENCE = new DER.DER([0x30, 0x01, 0x01]);
+  let content = testSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 1, "content should have length 1");
+  equal(content[0], 1, "value of content should be [1]");
+  ok(testSEQUENCE.atEnd(), "testSEQUENCE should be at the end of its input");
+  testSEQUENCE.assertAtEnd();
+
+  // The length purports to be 4 bytes, but there are only 2 available.
+  let truncatedSEQUENCE = new DER.DER([0x30, 0x04, 0x00, 0x00]);
+  throws(() => truncatedSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /data truncated/, "should get 'data truncated' error");
+
+  // With 2 bytes of content, there is 1 remaining after reading the content.
+  let extraDataSEQUENCE = new DER.DER([0x30, 0x02, 0xab, 0xcd, 0xef]);
+  content = extraDataSEQUENCE.readTagAndGetContents(DER.SEQUENCE);
+  equal(content.length, 2, "content should have length 2");
+  deepEqual(content, [0xab, 0xcd], "value of content should be [0xab, 0xcd]");
+  ok(!extraDataSEQUENCE.atEnd(),
+     "extraDataSEQUENCE should not be at the end of its input");
+  throws(() => extraDataSEQUENCE.assertAtEnd(), /extra data/,
+         "should get 'extra data' error");
+
+  // The length of 0x81 0x01 is invalid because it could be encoded as just
+  // 0x01, which is shorter.
+  let invalidLengthSEQUENCE1 = new DER.DER([0x30, 0x81, 0x01, 0x00]);
+  throws(() => invalidLengthSEQUENCE1.readTagAndGetContents(DER.SEQUENCE),
+         /invalid length/, "should get 'invalid length' error");
+
+  // Similarly, 0x82 0x00 0x01 could be encoded as just 0x01, which is shorter.
+  let invalidLengthSEQUENCE2 = new DER.DER([0x30, 0x82, 0x00, 0x01, 0x00]);
+  throws(() => invalidLengthSEQUENCE2.readTagAndGetContents(DER.SEQUENCE),
+         /invalid length/, "should get 'invalid length' error");
+
+  // Lengths requiring 4 bytes to encode are not supported.
+  let unsupportedLengthSEQUENCE = new DER.DER([0x30, 0x83, 0x01, 0x01, 0x01]);
+  throws(() => unsupportedLengthSEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /unsupported length/, "should get 'unsupported length' error");
+
+  // Indefinite lengths are not supported (and aren't DER anyway).
+  let unsupportedASN1SEQUENCE = new DER.DER([0x30, 0x80, 0x01, 0x00, 0x00]);
+  throws(() => unsupportedASN1SEQUENCE.readTagAndGetContents(DER.SEQUENCE),
+         /unsupported asn.1/, "should get 'unsupported asn.1' error");
+
+  let unexpectedTag = new DER.DER([0x31, 0x01, 0x00]);
+  throws(() => unexpectedTag.readTagAndGetContents(DER.SEQUENCE),
+         /unexpected tag/, "should get 'unexpected tag' error");
+
+  let readTLVTestcase = new DER.DER([0x02, 0x03, 0x45, 0x67, 0x89]);
+  let bytes = readTLVTestcase.readTLV();
+  deepEqual(bytes, [0x02, 0x03, 0x45, 0x67, 0x89],
+            "bytes read with readTLV should be equal to expected value");
+
+  let peekTagTestcase = new DER.DER([0x30, 0x01, 0x00]);
+  ok(peekTagTestcase.peekTag(DER.SEQUENCE),
+     "peekTag should return true for peeking with a SEQUENCE at a SEQUENCE");
+  ok(!peekTagTestcase.peekTag(DER.SET),
+     "peekTag should return false for peeking with a SET at a SEQUENCE");
+  peekTagTestcase.readTLV();
+  ok(!peekTagTestcase.peekTag(DER.SEQUENCE),
+     "peekTag should return false for peeking at a DER with no more data");
+
+  let tlvChoiceTestcase = new DER.DER([0x31, 0x02, 0xaa, 0xbb]);
+  let tlvChoiceContents = tlvChoiceTestcase.readTLVChoice([DER.NULL, DER.SET]);
+  deepEqual(tlvChoiceContents, [0x31, 0x02, 0xaa, 0xbb],
+            "readTLVChoice should return expected bytes");
+
+  let tlvChoiceNoMatchTestcase = new DER.DER([0x30, 0x01, 0xff]);
+  throws(() => tlvChoiceNoMatchTestcase.readTLVChoice([DER.NULL, DER.SET]),
+         /unexpected tag/,
+         "readTLVChoice should throw if no matching tag is found");
+}
+
+function run_bit_string_tests() {
+  let bitstringDER = new DER.DER([0x03, 0x04, 0x03, 0x01, 0x02, 0xf8]);
+  let bitstring = bitstringDER.readBIT_STRING();
+  equal(bitstring.unusedBits, 3, "BIT STRING should have 3 unused bits");
+  deepEqual(bitstring.contents, [0x01, 0x02, 0xf8],
+            "BIT STRING should have expected contents");
+
+  let bitstringTooManyUnusedBits = new DER.DER([0x03, 0x02, 0x08, 0x00]);
+  throws(() => bitstringTooManyUnusedBits.readBIT_STRING(),
+         /invalid BIT STRING encoding/,
+         "BIT STRING with too many unused bits should throw");
+
+  // A BIT STRING must have the unused bits byte, and so its length must be at
+  // least one.
+  let bitstringMissingUnusedBits = new DER.DER([0x03, 0x00]);
+  throws(() => bitstringMissingUnusedBits.readBIT_STRING(),
+         /invalid BIT STRING encoding/,
+         "BIT STRING with missing unused bits (and no contents) should throw");
+
+  // The minimal BIT STRING is 03 01 00 (zero bits of padding and zero bytes of
+  // content).
+  let minimalBitstringDER = new DER.DER([0x03, 0x01, 0x00]);
+  let minimalBitstring = minimalBitstringDER.readBIT_STRING();
+  equal(minimalBitstring.unusedBits, 0,
+       "minimal BIT STRING should have 0 unused bits");
+  equal(minimalBitstring.contents.length, 0,
+        "minimal BIT STRING should have empty contents");
+
+  // However, a BIT STRING with zero bytes of content can't have any padding,
+  // because that makes no sense.
+  let noContentsPaddedBitstringDER = new DER.DER([0x03, 0x01, 0x03]);
+  throws(() => noContentsPaddedBitstringDER.readBIT_STRING(),
+          /invalid BIT STRING encoding/,
+         "BIT STRING with no contents with non-zero padding should throw");
+}
+
+function run_compound_tests() {
+  let derBytes =
+    [ 0x30, 0x1a,                       // SEQUENCE
+        0x02, 0x02, 0x77, 0xff,         //   INTEGER
+        0x06, 0x03, 0x2b, 0x01, 0x01,   //   OBJECT IDENTIFIER
+        0x30, 0x07,                     //   SEQUENCE
+          0x05, 0x00,                   //     NULL
+          0x02, 0x03, 0x45, 0x46, 0x47, //     INTEGER
+        0x30, 0x06,                     //   SEQUENCE
+          0x02, 0x02, 0x00, 0xff,       //     INTEGER
+          0x05, 0x00 ];                 //     NULL
+  let der = new DER.DER(derBytes);
+  let contents = new DER.DER(der.readTagAndGetContents(DER.SEQUENCE));
+  let firstINTEGER = contents.readTagAndGetContents(DER.INTEGER);
+  deepEqual(firstINTEGER, [0x77, 0xff],
+            "first INTEGER should have expected value");
+  let oid = contents.readTagAndGetContents(DER.OBJECT_IDENTIFIER);
+  deepEqual(oid, [0x2b, 0x01, 0x01],
+            "OBJECT IDENTIFIER should have expected value");
+
+  let firstNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE));
+  let firstNestedNULL = firstNested.readTagAndGetContents(DER.NULL);
+  equal(firstNestedNULL.length, 0,
+        "first nested NULL should have expected value (empty array)");
+  let firstNestedINTEGER = firstNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(firstNestedINTEGER, [0x45, 0x46, 0x47],
+            "first nested INTEGER should have expected value");
+  firstNested.assertAtEnd();
+
+  let secondNested = new DER.DER(contents.readTagAndGetContents(DER.SEQUENCE));
+  let secondNestedINTEGER = secondNested.readTagAndGetContents(DER.INTEGER);
+  deepEqual(secondNestedINTEGER, [0x00, 0xff],
+            "second nested INTEGER should have expected value");
+  let secondNestedNULL = secondNested.readTagAndGetContents(DER.NULL);
+  equal(secondNestedNULL.length, 0,
+        "second nested NULL should have expected value (empty array)");
+  secondNested.assertAtEnd();
+
+  contents.assertAtEnd();
+  der.assertAtEnd();
+
+  let invalidDERBytes =
+    [ 0x30, 0x06,     // SEQUENCE
+        0x30, 0x02,   //   SEQUENCE
+          0x02, 0x01, //     INTEGER (missing data)
+        0x05, 0x00,   //   NULL
+      0x00, 0x00 ];   // (extra data)
+  let invalidDER = new DER.DER(invalidDERBytes);
+  let invalidContents = new DER.DER(
+    invalidDER.readTagAndGetContents(DER.SEQUENCE));
+  let invalidContentsContents = new DER.DER(
+    invalidContents.readTagAndGetContents(DER.SEQUENCE));
+  throws(() => invalidContentsContents.readTagAndGetContents(DER.INTEGER),
+         /data truncated/, "should throw due to missing data");
+  let nestedNULL = invalidContents.readTagAndGetContents(DER.NULL);
+  equal(nestedNULL.length, 0, "nested NULL should have expected value");
+  invalidContents.assertAtEnd();
+  throws(() => invalidDER.assertAtEnd(), /extra data/,
+         "should throw due to extra data");
+}
+
+function run_test() {
+  run_simple_tests();
+  run_bit_string_tests();
+  run_compound_tests();
+}
diff --git a/security/manager/ssl/tests/unit/test_enterprise_roots.js b/security/manager/ssl/tests/unit/test_enterprise_roots.js
new file mode 100644
index 000000000..de1b3a529
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_enterprise_roots.js
@@ -0,0 +1,58 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests enterprise root certificate support. When configured to do so, the
+// platform will attempt to find and import enterprise root certificates. This
+// feature is specific to Windows.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+
+function check_no_enterprise_roots_imported(certDB, dbKey = undefined) {
+  let enterpriseRoots = certDB.getEnterpriseRoots();
+  equal(enterpriseRoots, null, "should not have imported any enterprise roots");
+  if (dbKey) {
+    let cert = certDB.findCertByDBKey(dbKey);
+    // If the garbage-collector hasn't run, there may be reachable copies of
+    // imported enterprise root certificates. If so, they shouldn't be trusted
+    // to issue TLS server auth certificates.
+    if (cert) {
+      ok(!certDB.isCertTrusted(cert, Ci.nsIX509Cert.CA_CERT,
+                               Ci.nsIX509CertDB.TRUSTED_SSL),
+         "previously-imported enterprise root shouldn't be trusted to issue " +
+         "TLS server auth certificates");
+    }
+  }
+}
+
+function check_some_enterprise_roots_imported(certDB) {
+  let enterpriseRoots = certDB.getEnterpriseRoots();
+  notEqual(enterpriseRoots, null, "should have imported some enterprise roots");
+  let enumerator = enterpriseRoots.getEnumerator();
+  let foundNonBuiltIn = false;
+  let savedDBKey = null;
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (!cert.isBuiltInRoot && !savedDBKey) {
+      foundNonBuiltIn = true;
+      savedDBKey = cert.dbKey;
+      do_print("saving dbKey from " + cert.commonName);
+    }
+  }
+  ok(foundNonBuiltIn, "should have found non-built-in root");
+  return savedDBKey;
+}
+
+function run_test() {
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  check_no_enterprise_roots_imported(certDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", true);
+  let savedDBKey = check_some_enterprise_roots_imported(certDB);
+  Services.prefs.setBoolPref("security.enterprise_roots.enabled", false);
+  check_no_enterprise_roots_imported(certDB, savedDBKey);
+}
diff --git a/security/manager/ssl/tests/unit/test_ev_certs.js b/security/manager/ssl/tests/unit/test_ev_certs.js
new file mode 100644
index 000000000..d4aabd888
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs.js
@@ -0,0 +1,356 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// Tests that end-entity certificates that should successfully verify as EV
+// (Extended Validation) do so and that end-entity certificates that should not
+// successfully verify as EV do not. Also tests related situations (e.g. that
+// failure to fetch an OCSP response results in no EV treatment).
+//
+// A quick note about the certificates in these tests: generally, an EV
+// certificate chain will have an end-entity with a specific policy OID followed
+// by an intermediate with the anyPolicy OID chaining to a root with no policy
+// OID (since it's a trust anchor, it can be omitted). In these tests, the
+// specific policy OID is 1.3.6.1.4.1.13769.666.666.666.1.500.9.1 and is
+// referred to as the test OID. In order to reflect what will commonly be
+// encountered, the end-entity of any given test path will have the test OID
+// unless otherwise specified in the name of the test path. Similarly, the
+// intermediate will have the anyPolicy OID, again unless otherwise specified.
+// For example, for the path where the end-entity does not have an OCSP URI
+// (referred to as "no-ocsp-ee-path-{ee,int}", the end-entity has the test OID
+// whereas the intermediate has the anyPolicy OID.
+// For another example, for the test OID path ("test-oid-path-{ee,int}"), both
+// the end-entity and the intermediate have the test OID.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("network.dns.localDomains");
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+addCertFromFile(certdb, "test_ev_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "test_ev_certs/non-evroot-ca.pem", "CTu,,");
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+class EVCertVerificationResult {
+  constructor(testcase, expectedPRErrorCode, expectedEV, resolve,
+              ocspResponder) {
+    this.testcase = testcase;
+    this.expectedPRErrorCode = expectedPRErrorCode;
+    this.expectedEV = expectedEV;
+    this.resolve = resolve;
+    this.ocspResponder = ocspResponder;
+  }
+
+  verifyCertFinished(prErrorCode, verifiedChain, hasEVPolicy) {
+    equal(prErrorCode, this.expectedPRErrorCode,
+          `${this.testcase} should have expected error code`);
+    equal(hasEVPolicy, this.expectedEV,
+          `${this.testcase} should result in expected EV status`);
+    this.ocspResponder.stop(this.resolve);
+  }
+}
+
+function asyncTestEV(cert, expectedPRErrorCode, expectedEV,
+                     expectedOCSPRequestPaths, ocspResponseTypes = undefined)
+{
+  let now = Date.now() / 1000;
+  return new Promise((resolve, reject) => {
+    let ocspResponder = expectedOCSPRequestPaths.length > 0
+                      ? startOCSPResponder(SERVER_PORT, "www.example.com",
+                                           "test_ev_certs",
+                                           expectedOCSPRequestPaths,
+                                           expectedOCSPRequestPaths.slice(),
+                                           null, ocspResponseTypes)
+                      : failingOCSPResponder();
+    let result = new EVCertVerificationResult(cert.subjectName,
+                                              expectedPRErrorCode, expectedEV,
+                                              resolve, ocspResponder);
+    certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, 0,
+                                 "ev-test.example.com", now, result);
+  });
+}
+
+function ensureVerifiesAsEV(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = gEVExpected
+                               ? [ `${testcase}-int`, `${testcase}-ee` ]
+                               : [ `${testcase}-ee` ];
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected,
+                     expectedOCSPRequestPaths);
+}
+
+function ensureVerifiesAsEVWithNoOCSPRequests(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected, []);
+}
+
+function ensureVerifiesAsDV(testcase, expectedOCSPRequestPaths = undefined) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, false,
+                     expectedOCSPRequestPaths ? expectedOCSPRequestPaths
+                                              : [ `${testcase}-ee` ]);
+}
+
+function ensureVerificationFails(testcase, expectedPRErrorCode) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, expectedPRErrorCode, false, []);
+}
+
+function verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, expectSuccess) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let now = Date.now() / 1000;
+  let expectedErrorCode = SEC_ERROR_POLICY_VALIDATION_FAILED;
+  if (expectSuccess && gEVExpected) {
+    expectedErrorCode = PRErrorCodeSuccess;
+  }
+  return new Promise((resolve, reject) => {
+    let ocspResponder = failingOCSPResponder();
+    let result = new EVCertVerificationResult(
+      cert.subjectName, expectedErrorCode, expectSuccess && gEVExpected,
+      resolve, ocspResponder);
+    let flags = Ci.nsIX509CertDB.FLAG_LOCAL_ONLY |
+                Ci.nsIX509CertDB.FLAG_MUST_BE_EV;
+    certdb.asyncVerifyCertAtTime(cert, certificateUsageSSLServer, flags,
+                                 "ev-test.example.com", now, result);
+  });
+}
+
+function ensureNoOCSPMeansNoEV(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, false);
+}
+
+function ensureVerifiesAsEVWithFLAG_LOCAL_ONLY(testcase) {
+  return verifyWithFlags_LOCAL_ONLY_and_MUST_BE_EV(testcase, true);
+}
+
+function ensureOneCRLSkipsOCSPForIntermediates(testcase) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected,
+                     [ `${testcase}-ee` ]);
+}
+
+function verifyWithDifferentOCSPResponseTypes(testcase, responses, expectEV) {
+  let cert = constructCertFromFile(`test_ev_certs/${testcase}-ee.pem`);
+  addCertFromFile(certdb, `test_ev_certs/${testcase}-int.pem`, ",,");
+  let expectedOCSPRequestPaths = gEVExpected
+                               ? [ `${testcase}-int`, `${testcase}-ee` ]
+                               : [ `${testcase}-ee` ];
+  let ocspResponseTypes = gEVExpected ? responses : responses.slice(1);
+  return asyncTestEV(cert, PRErrorCodeSuccess, gEVExpected && expectEV,
+                     expectedOCSPRequestPaths, ocspResponseTypes);
+}
+
+function ensureVerifiesAsEVWithOldIntermediateOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "longvalidityalmostold", "good" ], true);
+}
+
+function ensureVerifiesAsDVWithOldEndEntityOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "good", "longvalidityalmostold" ], false);
+}
+
+function ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(testcase) {
+  return verifyWithDifferentOCSPResponseTypes(
+    testcase, [ "good", "ancientstillvalid" ], false);
+}
+
+// These should all verify as EV.
+add_task(function* plainExpectSuccessEVTests() {
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+  yield ensureVerifiesAsEV("cabforum-oid-path");
+  yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-path");
+  yield ensureVerifiesAsEV("test-and-cabforum-oid-ee-path");
+  yield ensureVerifiesAsEV("reverse-order-oids-path");
+  // In this case, the end-entity has both the CA/B Forum OID and the test OID
+  // (in that order). The intermediate has the CA/B Forum OID. Since the
+  // implementation uses the first EV policy it encounters in the end-entity as
+  // the required one, this successfully verifies as EV.
+  yield ensureVerifiesAsEV("cabforum-and-test-oid-ee-cabforum-oid-int-path");
+});
+
+// These fail for various reasons to verify as EV, but fallback to DV should
+// succeed.
+add_task(function* expectDVFallbackTests() {
+  yield ensureVerifiesAsDV("anyPolicy-ee-path");
+  yield ensureVerifiesAsDV("non-ev-root-path");
+  yield ensureVerifiesAsDV("no-ocsp-ee-path",
+                           gEVExpected ? [ "no-ocsp-ee-path-int" ] : []);
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  // In this case, the end-entity has the test OID and the intermediate has the
+  // CA/B Forum OID. Since the CA/B Forum OID is not treated the same as the
+  // anyPolicy OID, this will not verify as EV.
+  yield ensureVerifiesAsDV("test-oid-ee-cabforum-oid-int-path");
+  // In this case, the end-entity has both the test OID and the CA/B Forum OID
+  // (in that order). The intermediate has only the CA/B Forum OID. Since the
+  // implementation uses the first EV policy it encounters in the end-entity as
+  // the required one, this fails to verify as EV.
+  yield ensureVerifiesAsDV("test-and-cabforum-oid-ee-cabforum-oid-int-path");
+});
+
+// Test that removing the trust bits from an EV root causes verifications
+// relying on that root to fail (and then test that adding back the trust bits
+// causes the verifications to succeed again).
+add_task(function* evRootTrustTests() {
+  clearOCSPCache();
+  let evroot = certdb.findCertByNickname("evroot");
+  do_print("untrusting evroot");
+  certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.UNTRUSTED);
+  yield ensureVerificationFails("test-oid-path", SEC_ERROR_UNKNOWN_ISSUER);
+  do_print("re-trusting evroot");
+  certdb.setCertTrust(evroot, Ci.nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL);
+  yield ensureVerifiesAsEV("test-oid-path");
+});
+
+// Test that if FLAG_LOCAL_ONLY and FLAG_MUST_BE_EV are specified, that no OCSP
+// requests are made (this also means that nothing will verify as EV).
+add_task(function* localOnlyMustBeEVTests() {
+  clearOCSPCache();
+  yield ensureNoOCSPMeansNoEV("anyPolicy-ee-path");
+  yield ensureNoOCSPMeansNoEV("anyPolicy-int-path");
+  yield ensureNoOCSPMeansNoEV("non-ev-root-path");
+  yield ensureNoOCSPMeansNoEV("no-ocsp-ee-path");
+  yield ensureNoOCSPMeansNoEV("no-ocsp-int-path");
+  yield ensureNoOCSPMeansNoEV("test-oid-path");
+});
+
+
+// Under certain conditions, OneCRL allows us to skip OCSP requests for
+// intermediates.
+add_task(function* oneCRLTests() {
+  clearOCSPCache();
+
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the recent past
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 1);
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 1);
+
+  yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path");
+
+  clearOCSPCache();
+  // disable OneCRL OCSP Skipping (no staleness allowed)
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds", 0);
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  // Because the intermediate in this case is missing an OCSP URI, it will not
+  // validate as EV, but it should fall back to DV.
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the more distant past
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 108080);
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 108080);
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // test that setting "security.onecrl.via.amo" results in the correct
+  // OCSP behavior when services.blocklist.onecrl.checked is in the distant past
+  // and blacklist-background-update-timer is recent
+  Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // set the blocklist-background-update-timer value to the recent past
+  // (services.blocklist.onecrl.checked defaults to 0)
+  Services.prefs.setIntPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer",
+    Math.floor(Date.now() / 1000) - 1);
+
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsDV("no-ocsp-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  clearOCSPCache();
+  // test that setting "security.onecrl.via.amo" results in the correct
+  // OCSP behavior when services.blocklist.onecrl.checked is recent
+  Services.prefs.setBoolPref("security.onecrl.via.amo", false);
+  // enable OneCRL OCSP skipping - allow staleness of up to 30 hours
+  Services.prefs.setIntPref("security.onecrl.maximum_staleness_in_seconds",
+                            108000);
+  // now set services.blocklist.onecrl.checked to a recent value
+  Services.prefs.setIntPref("services.blocklist.onecrl.checked",
+                            Math.floor(Date.now() / 1000) - 1);
+  yield ensureOneCRLSkipsOCSPForIntermediates("anyPolicy-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("no-ocsp-int-path");
+  yield ensureOneCRLSkipsOCSPForIntermediates("test-oid-path");
+
+  Services.prefs.clearUserPref("security.onecrl.via.amo");
+  Services.prefs.clearUserPref("security.onecrl.maximum_staleness_in_seconds");
+  Services.prefs.clearUserPref("services.blocklist.onecrl.checked");
+  Services.prefs.clearUserPref(
+    "app.update.lastUpdateTime.blocklist-background-update-timer");
+});
+
+// Prime the OCSP cache and then ensure that we can validate certificates as EV
+// without hitting the network. There's two cases here: one where we simply
+// validate like normal and then check that the network was never accessed and
+// another where we use flags to mandate that the network not be used.
+add_task(function* ocspCachingTests() {
+  clearOCSPCache();
+
+  yield ensureVerifiesAsEV("anyPolicy-int-path");
+  yield ensureVerifiesAsEV("test-oid-path");
+
+  yield ensureVerifiesAsEVWithNoOCSPRequests("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithNoOCSPRequests("test-oid-path");
+
+  yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithFLAG_LOCAL_ONLY("test-oid-path");
+});
+
+// Old-but-still-valid OCSP responses are accepted for intermediates but not
+// end-entity certificates (because of OCSP soft-fail this results in DV
+// fallback).
+add_task(function* oldOCSPResponseTests() {
+  clearOCSPCache();
+
+  yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("anyPolicy-int-path");
+  yield ensureVerifiesAsEVWithOldIntermediateOCSPResponse("test-oid-path");
+
+  clearOCSPCache();
+  yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("anyPolicy-int-path");
+  yield ensureVerifiesAsDVWithOldEndEntityOCSPResponse("test-oid-path");
+
+  clearOCSPCache();
+  yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse(
+    "anyPolicy-int-path");
+  yield ensureVerifiesAsDVWithVeryOldEndEntityOCSPResponse("test-oid-path");
+});
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
new file mode 100644
index 000000000..16c8578ba
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUdTRdmHF1nt5GeEIkzoOGqryTsYEwCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWFueVBvbGljeS1lZS1wYXRoLWludDAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRhbnlQb2xpY3ktZWUt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBhTCBgjBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG
+MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xpY3ktZWUtcGF0aC1l
+ZS8wEQYDVR0gBAowCDAGBgRVHSAAMB4GA1UdEQQXMBWCE2V2LXRlc3QuZXhhbXBs
+ZS5jb20wCwYJKoZIhvcNAQELA4IBAQCc4ivLkr+56RCJVvd+Rf/LccwmQAPVUSkF
+wE7UsIhzQAUbQSHZcNaNMTI1HmhpysH0FLbxDoIo26L7xQAuBDJ23Vqot15Iizg/
+anfFUFGf2ZWs6R37m1s9VaCUONX/+vpOrPQgqTIGRu7KCWiXw1EgbBsxuRmUDl8S
+gxYf1Bv5kTdKo7Bmns3kErlqQn4d42uCl/LEtXi7r3hUHN8VfcmFeN1JjHzVbTg0
+KaLmKVTmF8emaJZFcZrPL3ijrseoqfgpw620pq7Yl6QW68d49l/RvjKrf02UmTut
+0048te+z2fmKe/yrTDLiMIQ8gJMiocg2YU0TB7G4b2Y6dsp4A/Mh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..a9175c32e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-ee-path-int
+subject:anyPolicy-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-ee/
+extension:certificatePolicies:any
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
new file mode 100644
index 000000000..bcab0c65a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiqgAwIBAgIUD6vIeK5yuQLyDr+zHpbaW+0wD3EwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAgMR4wHAYDVQQDDBVhbnlQb2xpY3ktZWUtcGF0aC1pbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+gYAwfjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw
+PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9hbnlQb2xp
+Y3ktZWUtcGF0aC1pbnQvMBEGA1UdIAQKMAgwBgYEVR0gADALBgkqhkiG9w0BAQsD
+ggEBADc8HhaxO180zcQ2zVqrD7h42/c3KQKf5hcfqdVfcQjcca14TbXuPzVGFa9v
++Qrwf/YCPY95Gt/a4DIU3gX33dCceGTe7psvKN0hivLiRgubCnoGKR20Aig2TmMh
+OPoRHvPw1wIR74WEijENVPs8SnMVEoK31Xkj/XgX6v3MhTb5GPDHrgOcrHV1+jtq
+Ko4LJwLR0HlkUC+vH70uQf8f/Nz1lPqJiRlh9Vn2t4RQDag2ILDBdH+lo1vJjezH
+mizIIpbJQfOEakpWhIrBg1M/6WjfqPK6VBejWqAs75WMNNQ8NKiuPbhY+N6PKj/8
+S6XMJ95yBEzu06da061MBelmcQU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
new file mode 100644
index 000000000..c49f6c4bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
new file mode 100644
index 000000000..d68714416
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUSyt03+W1sNq92wKRpi8je9wO0iAwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmFueVBvbGljeS1pbnQtcGF0aC1pbnQwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowIDEeMBwGA1UEAwwVYW55UG9saWN5LWlu
+dC1wYXRoLWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GUMIGRME4GCCsGAQUFBwEBBEIwQDA+BggrBgEFBQcw
+AYYyaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2FueVBvbGljeS1pbnQtcGF0
+aC1lZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcw
+FYITZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADg1ogV4XMjH
+vcAxesEyvOWWvxsqNHh1aIovsVzYSTiIrHw8uLsP9ZQ8lyESXwIjGDIj2889k3pa
+KifGDAWhakTs8GLaHwwU8Qpu5EF/5QrLhniz9mIeo+jkP0icn81tUhb5k+s46+q3
+7zcJFbQxCFxRROLEZk+ZX/cVqZYXgZKtXELHei4Log0j8kaMAGoTR+/x+dbXTX+o
+wnNUXGDrY8KpSZdQZw1bvp0pHYDYPE5nt9t8eg94oE/3nGFkho4Jh8fJmxSbnUQY
+FBZQ2ySM/I8H9Cz0b1CX+aQK4uVLH0LtHKe2uF4xeYcfgp9KfcmztDLHNYhQXTnx
+WZxgHyA+BmU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
new file mode 100644
index 000000000..1c643c2f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:anyPolicy-int-path-int
+subject:anyPolicy-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
new file mode 100644
index 000000000..b4a54cebc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiygAwIBAgIUTejPNCi+ZldwCAjvftiELTX+uBAwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZhbnlQb2xpY3ktaW50LXBhdGgtaW50MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+o4GBMH8wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB
+MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvYW55UG9s
+aWN5LWludC1wYXRoLWludC8wEQYDVR0gBAowCDAGBgRVHSAAMAsGCSqGSIb3DQEB
+CwOCAQEAZSGuT569hIFwu/Us43pVEaZr7G2ZLiU40GkBlSKb/bTaTx96TBLZlaNR
+twUhF1/A3GW5lThUGUsG0QliX9JCWpi2xkpOGT3de3l+lG9IMAWU+nsNKqJCkssd
+R31IsyUMQii9BRmecHAIQRtHC6qS4no1ihu3w5aouVFhvsL+A5Te8ZEzDpiwR+2k
++urptl3fbl9jY5SnzCkVJtO6DFYq4S/PmiYa/hxhWHq3m6vi7/NKrYI6/ujIlC1a
+Q+/1146/SNT72PBxwsE6pMNYP65U4KZpXnAPHqtUvz3qx25ARQPX9N36EPJcWXOJ
+mxqiK2IShzSnwPTtRLW0v33qWMT41A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
new file mode 100644
index 000000000..5f5adacc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/anyPolicy-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:anyPolicy-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/anyPolicy-int-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..5bbfba9e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqugAwIBAgIUP6b4yk51KguhcdxInOQFqDVQnyEwCwYJKoZIhvcNAQEL
+MD0xOzA5BgNVBAMMMmNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1bS1v
+aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDwxOjA4BgNVBAMMMWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1jYWJmb3J1
+bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG
+CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvY2FiZm9ydW0t
+YW5kLXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g
+BCEwHzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAAfSIEX8CSplrc33
+aoWe2NEuQMunJNSHhUk+M00k+4nTTCClTNC7YW8tcNdZ6aliPBVGVN23Sv0lrs08
+lCS04wk+/Dtm45bQ+dhklADIofvyMzhHXTYK6hqN1eXQ+0cMrvZc+A9t7xi/V/J5
+f4e2Vf15UEsjDjILrBxpNvUzJu9XBmpMA2tFwrG5p+PyUlK945umfjqLObd8pLU0
+NK/Wf3uT3Q/ZrsaTf9xFT/+723pweyHCqPK0SbV4CcAVgXnmQVhi25rgZPsNskM4
+rRQ3oKKCdlEX5U1usc4+1H9IPunVK4Q0tsW0Anvnn284ShRM+7k2WxhC9HyGc5K9
+Jcn8jeY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..c72237e45
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..95c8be6cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUO7XOeVsNdvHXnjEwzmBWRhwYLVcwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjA9MTswOQYDVQQDDDJjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtY2Fi
+Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6
+Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUt
+Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL
+BgkqhkiG9w0BAQsDggEBAKuq7oEHz2AZ1kD2Y6xx1twwhGa1Iii+l0SjOw3fr6w4
+264nVoCSK8unI0DBXFj4xv3ugKSiYqqV2EFaJUOXcVK8ofq03GSwVKEos5HVHYx9
+A/nVmvxNnIc7wdaHlrWOc0wdWHSUx3s9Gtt2L3XXZ7qhtvv4CGABVphP7cZDewZX
++06/A/js8sHcKCeQp+o6RlqsCRJpJO0t2i7sP0TDGAFKOj86mXG1Bii+1R9W8FzU
+IcQZYJV1ht4l32zndRVR2anhHxY+sqZBC4+Tn2Hph6FsnVvV7q5iedyV2NAkQ+xA
+DJFsUOokGNad1xn8gR3eFWvz/Zp3M1+UAO7jakZKiIA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..92ebdb37f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
new file mode 100644
index 000000000..1ccb37723
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnigAwIBAgIUDTSMnfcFGBwaZXHlyI/kKWHPyXkwCwYJKoZIhvcNAQEL
+MCwxKjAoBgNVBAMMIWNhYmZvcnVtLWFuZC10ZXN0LW9pZC1lZS1wYXRoLWludDAi
+GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCBj
+YWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr
+BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206
+ODg4OC9jYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw
+HzAHBgVngQwBATAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBABb8sKuyt3smMp0C8iMc
+aJm3zuS5Rjwv1h7Nd8E/eSOA14p/V62DWFNdF13Apxy6DsZOb2O5uyKYrZ/7A/8i
+ipCwhpC8Fv3fcfBW6nSkQfzxNSYQ9AwBAYs2JTEc2/MRX3U7o6qbxVpVyQu4QYA5
+QU8HlPsq87Ai6wC32M2+BdHlu5y0Qv5MnXYlahJbpABmEKwGZ4eSo1A5IKBZbClV
+y+VvmInHMv/P3bi27SBGhLMT/ohHWJ0gmjxWmbSgU+LkyPdsTm7kfFYM83C6o9S7
+MCNFNLMXwfIKLrDPpayWHPlQeYS3r0ywsSF6stm8lKUwPvp+YL/dVB2+SdKf+idt
+kus=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..36f80e017
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-and-test-oid-ee-path-int
+subject:cabforum-and-test-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
new file mode 100644
index 000000000..7f6ac062f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkOgAwIBAgIUY/r3cjSLbcqZBXaLaZ3P+1fOgVowCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAsMSowKAYDVQQDDCFjYWJmb3J1bS1hbmQtdGVzdC1vaWQtZWUtcGF0
+aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI
+KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t
+Ojg4ODgvY2FiZm9ydW0tYW5kLXRlc3Qtb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE
+CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAW1rhYpmdW1ZyMbwBmUZmgUQt2
+Ux66oSK0sIV4r9A6jkh0CiWBSycfINVVXZIwpr+Nf3Ahgk+i9Y2GGrXhG73VPpt1
+G1onjO4lA+BIk/mn7KiewPMEiyyhxr0KAo1xlQlv38XbWtrhUERPiO1F0SCH0eR1
+X0Zz+jIxwl11moFyYtyclD8PLTMoXK2WlAfg0dBbY3VO0KFpb4m0XI9XM2Uj/7SI
+tENZ8G3udR/4D7rDtSxlFwNxoL4keB+CFLyDJeUt+3yzM3vlmpfk4kNQiNAiMwHI
+zxpqnKTG7myxPscGJV2V9PtUftet8b779e3k4xOxYGbSO2wmjjH1Y0cCbM/w
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
new file mode 100644
index 000000000..79ae7ae80
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-and-test-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-and-test-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-and-test-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
new file mode 100644
index 000000000..d0ccbac0a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAj6gAwIBAgIUd4mge/NQNkIIbQbJ3HKDOf/OPIIwCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWNhYmZvcnVtLW9pZC1wYXRoLWludDAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAfMR0wGwYDVQQDDBRjYWJmb3J1bS1vaWQt
+cGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaOBhjCBgzBNBggrBgEFBQcBAQRBMD8wPQYIKwYBBQUHMAGG
+MWh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1bS1vaWQtcGF0aC1l
+ZS8wEgYDVR0gBAswCTAHBgVngQwBATAeBgNVHREEFzAVghNldi10ZXN0LmV4YW1w
+bGUuY29tMAsGCSqGSIb3DQEBCwOCAQEAUIxXzjuDVuDBhhzc3js1G/R4nfZwOfjB
+e3FXx8ayy5SzfYnH7hPadAUKQTFVwmMYg3rOKza0/FmOstv/k/EF7DYhti0jmLHs
+vXBzPp5Py0YYX56Dcu56khagh/SBBXvrb8/1ew4a39+4QRQ5c0q8dv6Jlyl2MS9f
+gfZ+LhNelFDV0TCnHV2kMMSBVxUuPzxEmZdUP3nSLar0uHfr86tf/B5v88PWFvbE
+APWxGSK8IZRqoEFRa+E4uFI77rBCi/xAMmz3j+a7Yn+Jwk/erLA8S1EqxaNJfbit
+Z33ZtK6A113HhL7H3HG7b60S/wOHHtZC6SwZKgKe31thRjw5yowokA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
new file mode 100644
index 000000000..86fd9aca3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:cabforum-oid-path-int
+subject:cabforum-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-ee/
+extension:certificatePolicies:2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
new file mode 100644
index 000000000..e377615fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAiugAwIBAgIUXUOtQK+aJ2J+V0n3URZbsU6P6CEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAgMR4wHAYDVQQDDBVjYWJmb3J1bS1vaWQtcGF0aC1pbnQwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+gYEwfzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBOBggrBgEFBQcBAQRCMEAw
+PgYIKwYBBQUHMAGGMmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9jYWJmb3J1
+bS1vaWQtcGF0aC1pbnQvMBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQEL
+A4IBAQBzhdaDee1NHVryrmDv4qRvpNX08ogylFYwBfmEZWSbBMTO0znLIzk34/AR
+UpHq1AaeirhGTB9jh6j1jzMAI284J9pgstl9Hy+SmmIzk3KLsD5A4vCepBKKgAJO
+1XP3ie4L0/Ra1b7aSF7GlhJH7niIGnfOGwvRYem/ckcbS0DsLhZvTgYKJ0oIkgJH
+SvEhhL/Npf4/77G1+CHykXTR2tIyQM/HwUm+kurcRw0bf548T77hQpgKNW5aieNE
+TJA1ISYEa7el3WBBOc73b68V7M5ph5DXegi7a5xbMpjn5efCBvE2UUS9KETBVuxc
+tkinQaqkzDlPr+5PFByURXyz45C/
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
new file mode 100644
index 000000000..343307164
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/cabforum-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:cabforum-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/cabforum-oid-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/moz.build b/security/manager/ssl/tests/unit/test_ev_certs/moz.build
new file mode 100644
index 000000000..286097c1c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/moz.build
@@ -0,0 +1,48 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'anyPolicy-ee-path-ee.pem',
+#    'anyPolicy-ee-path-int.pem',
+#    'anyPolicy-int-path-ee.pem',
+#    'anyPolicy-int-path-int.pem',
+#    'cabforum-and-test-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'cabforum-and-test-oid-ee-cabforum-oid-int-path-int.pem',
+#    'cabforum-and-test-oid-ee-path-ee.pem',
+#    'cabforum-and-test-oid-ee-path-int.pem',
+#    'cabforum-oid-path-ee.pem',
+#    'cabforum-oid-path-int.pem',
+#    'evroot.pem',
+#    'no-ocsp-ee-path-ee.pem',
+#    'no-ocsp-ee-path-int.pem',
+#    'no-ocsp-int-path-ee.pem',
+#    'no-ocsp-int-path-int.pem',
+#    'non-ev-root-path-ee.pem',
+#    'non-ev-root-path-int.pem',
+#    'non-evroot-ca.pem',
+#    'reverse-order-oids-path-ee.pem',
+#    'reverse-order-oids-path-int.pem',
+#    'test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem',
+#    'test-and-cabforum-oid-ee-path-ee.pem',
+#    'test-and-cabforum-oid-ee-path-int.pem',
+#    'test-oid-ee-cabforum-oid-int-path-ee.pem',
+#    'test-oid-ee-cabforum-oid-int-path-int.pem',
+#    'test-oid-path-ee.pem',
+#    'test-oid-path-int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'evroot.key',
+#    'test-oid-path-int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
new file mode 100644
index 000000000..bdb27bc87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDDCCAfagAwIBAgIUX8e03l3JoXPCHh9CMl58PfYnzkowCwYJKoZIhvcNAQEL
+MB4xHDAaBgNVBAMME25vLW9jc3AtZWUtcGF0aC1pbnQwIhgPMjAxNTExMjgwMDAw
+MDBaGA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwSbm8tb2NzcC1lZS1wYXRo
+LWVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABo0MwQTAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoBg3QJATAe
+BgNVHREEFzAVghNldi10ZXN0LmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+ciXsc2FRYi4E0cofGtumXR2SzIitXdAXUwSvXz6407BEYIFOv/DnDr+EmpDF7a/Y
+rd+7ewODY19FYjw4tcsWY3Yz1key68TFn+BuudyGwuTS2Uq3wQTkP0PMtBNQLQ0S
+qZRjH5wJkqn/WSeuYqv4f5bTu2fgfloiCAfKA3Pisrmg0iJ5O7k0QN3QhiCkgbab
+LzmssU/YpiS8KwbUPIC5cmt/Y2OLMI4R3GMdNKEm+ykJ79mNysGahtFP8klfcOk4
+F4GYQu1Rmb+sNXvMnFMh5TkforL4rqv/ItGcQx3mvtAhtpZAI65O+oURoXmaQdN1
+6DUFil8O/ybcKph4NE5P0w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..ece1cf816
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:no-ocsp-ee-path-int
+subject:no-ocsp-ee-path-ee
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
new file mode 100644
index 000000000..77f66fa60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDOzCCAiWgAwIBAgIUX0+dCnv5fVmpIQhV708UOhoqNBcwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAeMRwwGgYDVQQDDBNuby1vY3NwLWVlLXBhdGgtaW50MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo34w
+fDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBMBggrBgEFBQcBAQRAMD4wPAYI
+KwYBBQUHMAGGMGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9uby1vY3NwLWVl
+LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQBW
+nipIWEgiTZ1MNbN/1+lrhxExtkFdF6nzD3ob1Gsc2oJ3tCa2Oq7uUT6AMJ7aGPz/
+XnFkl6hmzLP0EyVR9un/nL9gkynGFsHzl7OFndE4SriD9ynAdNA1lPE2+gRqYhN4
+O2RxZx+Q61jWmWvPxUi/ihX9EVxYNOwrlu4t1K0G5HhFKMaXnx8dQFLxYGW8y9BF
+4c/Met9ocpV+p2b5kaiqEigZWzg14/jjeVkrFggycZOrfjwKOU5ICYY0Ap87yFT0
+ilefvG6syp+1swrM2yKwQIRpfDDjNi0ZxoKkzQ8bENuC6u0okcQs/rttlfRFqkl7
+g+aKagJNH0XrpaNPTsM9
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
new file mode 100644
index 000000000..5eb952a9a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:no-ocsp-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
new file mode 100644
index 000000000..19b8e6bd1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkigAwIBAgIUU04Uw7andDfJBFPO0TwReJsY/VowCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFG5vLW9jc3AtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vLW9jc3AtaW50LXBh
+dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo
+dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm8tb2NzcC1pbnQtcGF0aC1lZS8w
+HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBADN46jobibbTxmEdbvG6
+JS8+vofUrsLIWfEfagl9R+i5Ix33sJRHF+4yrFN1DT7Eg7LJV+cGJh4wyOf0sgJR
+LIjQxjIQadvCnEezhrZ7j0TUCZqV9iiO7O/ROo3qgwH8nCrl6qnKQA18FGyJttni
+DFGkR1PyvMc3CAPcDfdGODVRLWgQUXtFNOdRrG9IKI2BCAMLr3sItW7aJ9BiO6ow
+hqg3XdHUn4kzVbuGuiJsg60oSxNYawKd4oYg2yQctgSVHg/3ZFRDO02ntxUppoem
+uQtB+4qHaZgk7m8OFKMQlbq48rpkPHRLIBdIRJJc8WKj+XNsVrezzoU37XE2AFPp
+dhI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
new file mode 100644
index 000000000..623057e9e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:no-ocsp-int-path-int
+subject:no-ocsp-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/no-ocsp-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
new file mode 100644
index 000000000..cd496900b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUfbT9i6G6QnOCLGdEg6DChw0RBrwwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAfMR0wGwYDVQQDDBRuby1vY3NwLWludC1wYXRoLWludDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMw
+MC4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYDVR0gBAowCDAGBgRVHSAA
+MAsGCSqGSIb3DQEBCwOCAQEAb9WQQmnK6eJUDK/ez/oEKfGxVSw/J6KlPCwHbUtC
+JQ6smyBs8E4eq1buQxtRkRDMIsDifSsnCiVXQaMwNR7V+AbJiDl3bU+1lmUtWcP+
+2khUqafvD29OHFcP0EyJ5i4icPJd5/7Kx6rXuTn8avV8oe+Ugq4H0yL7lliL+jvZ
+efcLNaeNT5E4jFj2l0cOoWBDdZ2Y8r6cHYDjWxOq1xi8vg4iDNGZKYuyeGwxf9fl
+gNG9rUyFxs/kv6pQSiREc4OtqkI9tw3L5wf6UrfZ3553BgfSZX6XdVdWpcGZaetd
+rm21WF9oMb5F3PJsUgf/Ustee38VcYO1DVbnEIVumQ3qlQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
new file mode 100644
index 000000000..548241de3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/no-ocsp-int-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:evroot
+subject:no-ocsp-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
new file mode 100644
index 000000000..ffb8a6d3b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXjCCAkigAwIBAgIUD597e4LEXa+njJfkqWZ9MlmV2PgwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFG5vbi1ldi1yb290LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMB4xHDAaBgNVBAMME25vbi1ldi1yb290LXBh
+dGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgZIwgY8wTAYIKwYBBQUHAQEEQDA+MDwGCCsGAQUFBzABhjBo
+dHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvbm9uLWV2LXJvb3QtcGF0aC1lZS8w
+HwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAJ3Cc5jhMe0FBvQ1y0dT
+/Jj5VYqFfaYpEEHu3vWfOQ0miY07FjTZmbEmuNGs1pSKuGOpqQwpX97TxIPUH1l+
+31vZqHy4wWhZI7Vt38baPlY1I0+fVb+85+WeBQfgiTMUF2Or/cfj1NtHAzTNOmyb
+/H5/41oBydLVLRRh9NQmas3meEtnv1j/TYCuZM+UA31pJIr063kAB2U+vSuVWbSc
+gN0Xeq88d3IKW8M02+OQtPGqGwcYnyZgkKjr9ndjB4irRn5yoC/2ruhJEuGw1k84
+zfuArdbfYlNJaPzyWKpPQChA3I7CaYRFwCJ3+8nKTliDiTPuTba/zxisRLIv9ZX+
+FYA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
new file mode 100644
index 000000000..9895732b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:non-ev-root-path-int
+subject:non-ev-root-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
new file mode 100644
index 000000000..2223a424c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAi6gAwIBAgIUbeCcNZk/68aHlCaLR0Mgh09gK9MwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowHzEdMBsGA1UEAwwUbm9uLWV2LXJvb3QtcGF0aC1pbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjfzB9MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME0GCCsGAQUFBwEB
+BEEwPzA9BggrBgEFBQcwAYYxaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L25v
+bi1ldi1yb290LXBhdGgtaW50LzARBgNVHSAECjAIMAYGBFUdIAAwCwYJKoZIhvcN
+AQELA4IBAQAo5g/5usQqBIfpaeOFV5X8om69PQdcyke2/hWuTBXciSCZ0VhpgloL
+p4EBdh72UZ+HNqiuQ7oKEOBYeA02k11TqZ6kokurabpZjcwrlbkqGSpf+afhK8DK
+lhJdXa9WLBZuY87YPXA0pnpAEQMiDchJAa/gG3Qg2yvtEYAYH+MJT3jIMbYlXeep
+aLNdcG6E0ByrFYAQCi0WIEvwv7krCEliRgp/a1k+s6V84lNkeBzqfflygOXBXPTY
+ws9sg6RxeYBFL3YNU63jonzWfcp9dMusL/Jwdak0r/iwQoSfQGm6X8spjHFKnXUm
+Fp/ccMKeWAZl8mQYisK0vQwlclxfPFeO
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
new file mode 100644
index 000000000..5ce035ae1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-ev-root-path-int.pem.certspec
@@ -0,0 +1,6 @@
+issuer:non-evroot-ca
+subject:non-ev-root-path-int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/non-ev-root-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
new file mode 100644
index 000000000..b7560f2dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUGeBAgifObFMlBPIYGTQEPMZ7W9YwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDW5vbi1ldnJvb3QtY2EwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNbm9uLWV2cm9vdC1jYTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQCz
+X8XmbNmo5v9uMdsHOc7656UJPBX01AkXTAvR9Ny+rCIC70R520o2u43TLcLO3S5e
+KkTzqtQUovzMEmbH543Z/7rgQVsd99YrDd24wLpX439D/PJlsx6gBkBiiqJ+8GfG
+uGdHTW8ov7fvx20dWlZxdjQXrHdkP8wf0X2VfLC/4PI8fzpWY8LqpJ9GSoKYtBKE
+nxSxNr/SJTeEzSUwbNOh1KU4TuYh/GMsZKP5T+08OpTBuFHbcvsOqvyWXSEjRjwf
+PmC95zA2ucn57OmFc+CLcnYsmOd5B6Uc/LzWiOIOLtKpslcJz3xB6+2hEv7LnHUp
+LKCBs95/9OOqJxO/jYhf
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
new file mode 100644
index 000000000..7b61447a8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/non-evroot-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:non-evroot-ca
+subject:non-evroot-ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
new file mode 100644
index 000000000..8bfe3c24c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUb0DaaKRK60LnPyfYQvv3fv7MDNUwCwYJKoZIhvcNAQEL
+MCYxJDAiBgNVBAMMG3JldmVyc2Utb3JkZXItb2lkcy1wYXRoLWludDAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAlMSMwIQYDVQQDDBpyZXZlcnNl
+LW9yZGVyLW9pZHMtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBojCBnzBTBggrBgEFBQcBAQRHMEUw
+QwYIKwYBBQUHMAGGN2h0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9yZXZlcnNl
+LW9yZGVyLW9pZHMtcGF0aC1lZS8wKAYDVR0gBCEwHzAHBgVngQwBATAUBhIrBgEE
+AetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBAFHaYdZpIkhnlR8HeiLgSVXhhOh+51dJCMQPGa5GA09W
+90/Tct1J28/7DfVUjdvzX80bWTUkbrEsB12qYPJm+d3B3YSqAS2NHWp7eHwMmTbe
+F3Hxqvu+maLCX/fm7X8t5vCugKrqbbmIMBZ8mrNasR8B3tKIPBFZOt4p+lUfM3rL
+qm7CmQ6OheMcq4pblx6LJMt3CCMPdzyPm6+3Gw9mvBaCXU9exrV1QxxSg8hEpWLw
+/ue3cLx9D6zDITlZZxUXJZOegvKFuVit2JIAv6l2zVIp9IzNnANF2oIOOyVMPP4+
+vDRJTKVchp6fxORk2sCexiEHf6pqj2kmUSMdbsSWxsQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
new file mode 100644
index 000000000..31e3e69e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:reverse-order-oids-path-int
+subject:reverse-order-oids-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-ee/
+extension:certificatePolicies:2.23.140.1.1,1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
new file mode 100644
index 000000000..105064c6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUY0aJPcvdA0d7Xu3Ph5O2pk4D5tYwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAmMSQwIgYDVQQDDBtyZXZlcnNlLW9yZGVyLW9pZHMtcGF0aC1pbnQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjgZ4wgZswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwVAYIKwYBBQUH
+AQEESDBGMEQGCCsGAQUFBzABhjhodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgv
+cmV2ZXJzZS1vcmRlci1vaWRzLXBhdGgtaW50LzAoBgNVHSAEITAfMBQGEisGAQQB
+60mFGoUahRoBg3QJATAHBgVngQwBATALBgkqhkiG9w0BAQsDggEBADCsEQZgIoiq
+5XqNnz400S/+sVaHPKl+Zh2mtQiKq2hbIre7rYsO6KISoh52DuAZgrjAd7vbn38g
+8iPCZ2qaytaAZzy8UiUuZK4R5pow0aGEbq6AdtHu40lSUsfQ+a0rj7E0zOyGQjVl
+PrKlAirzX4YkMyYH0trSvOZgwwIsroIfYhXnxJpqo9fW900z+JUGSWTQbA1tFHPN
+9OsM4zyFepbZUqWtf2RZMME63JgUFy3Uvk2vHolEX9OGAegUx7hX0nHIdBCLa5GC
+W2Y99olh0T+bk7aULnwAXFmJozIWdpkLmUeNcjWuGvQAniHIm2YhOxg0BVs43VRK
+t2759N2s5Lk=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
new file mode 100644
index 000000000..a2b523073
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/reverse-order-oids-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:reverse-order-oids-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/reverse-order-oids-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..1fe162bc7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDwTCCAqugAwIBAgIUC4dd0cUXmrLGZVPePwZkFohfd2kwCwYJKoZIhvcNAQEL
+MD0xOzA5BgNVBAMMMnRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1bS1v
+aWQtaW50LXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMDwxOjA4BgNVBAMMMXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1jYWJmb3J1
+bS1vaWQtaW50LXBhdGgtZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24a
+hvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7t
+FYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+o
+N9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0d
+JdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4
+s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjgbkwgbYwagYIKwYBBQUHAQEEXjBcMFoG
+CCsGAQUFBzABhk5odHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1hbmQt
+Y2FiZm9ydW0tb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1lZS8wKAYDVR0g
+BCEwHzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBALBmgZSBw+XV/TrF
+oSJ1IG5kK1en9TYe+8baPhnoPXODSLfO11ljh69VVVgSOexbuEZ0/8g4BOYKjfZ8
+rZxMgBsBbK0lmDcsKsfE4+JVP8YcZ9xK9PTtNSEpLCv0pOaSs0cyhk/VIrlKnK/v
+oEqvrcTKpezU8lgfRnG+e3riFfjMhMNZn1oGaPPgHNF0CAU29qdVvkrPySsWIeVk
+WbOCh5XfaDZqmSwYWWn7AbVeiCs07bzd0R14/KY1gxVYsoiy/1uSG7QQj82cIt75
+sJja57AGHVtwd43829RYPhNgcDOorSCfErZ5HPQBM75y2Nlsc4f7P6DBrJ8m+Q0E
+5+i3niw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..edac2fc1a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..ce757742d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfDCCAmagAwIBAgIUKz60qRXEfxjvGay98Cp6DRZMIywwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjA9MTswOQYDVQQDDDJ0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtY2Fi
+Zm9ydW0tb2lkLWludC1wYXRoLWludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72x
+nAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lM
+wmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF
+4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20
+yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xx
+j5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBnzCBnDAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjBrBggrBgEFBQcBAQRfMF0wWwYIKwYBBQUHMAGGT2h0dHA6
+Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUt
+Y2FiZm9ydW0tb2lkLWludC1wYXRoLWludC8wEgYDVR0gBAswCTAHBgVngQwBATAL
+BgkqhkiG9w0BAQsDggEBAKgWYdHF4n8WXZ9ZYtEZDF9YYh8jI/KMjKK52jqyvh7u
+Hxbv9SJe6H0sDqKvoIisRzv4QSMoS2QTHUalFgEXAexPK75mpITiCnShpUx+QFnR
+fFjG2Gy4ffC+vxuVThpJtut3SD/a7RAyYc6wP1hjohrtvJdOTmMWIZ7spA/BQaCz
+XxiSreJQiNvbuCImC4t9s95xpwcyTD7yWQD2BrJJP69eM/afkF5lKenAVvQhTKa+
+FT/Br5yVyf8lMgjdYK5FljZGJViy7O4KqoUmttgOttFv9EhcqfbGD/Kh6dJ8aJlD
+sHAjNsHzyyPij28pN5zmXiKtjuvh4L8juZYVePWG0Fw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..68dfd0057
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
new file mode 100644
index 000000000..ab86be7d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnigAwIBAgIUfYDrsxuoLVA2xXI6wiQM1Ho1ekcwCwYJKoZIhvcNAQEL
+MCwxKjAoBgNVBAMMIXRlc3QtYW5kLWNhYmZvcnVtLW9pZC1lZS1wYXRoLWludDAi
+GA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjArMSkwJwYDVQQDDCB0
+ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBqDCBpTBZBggr
+BgEFBQcBAQRNMEswSQYIKwYBBQUHMAGGPWh0dHA6Ly93d3cuZXhhbXBsZS5jb206
+ODg4OC90ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0aC1lZS8wKAYDVR0gBCEw
+HzAUBhIrBgEEAetJhRqFGoUaAYN0CQEwBwYFZ4EMAQEwHgYDVR0RBBcwFYITZXYt
+dGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAGxfWJtZkbvUXRKb6ZEw
+2gq44URxeB9DuLfLd1qfEINW+NzhXhyd6BZ7ytLMIQjB55MKc3EM1ZNiU59C+BkV
+IYQF41p5SqKw7Niq4IcnaAGOfCrvZuRJYhU3jxIeLGLI42jk6yuvg/OZjJ61pi0W
+x4CSC3gSJ0oRh/Yg9ZRKo7goNRjH5/UmSGTRF8XqL8+zwTDmUlscON4jKHgZW3iE
+01FUS/haX3S/tUHe8cvu0BGrnhlfUvAr8lMeNIV1B89JYyLdwPi4Ce8prOzRQzqp
+u1jEu2e62t19SaB3PWyTbDHks6RygVrDdIzZ6dtJUmbl7d8Z7VVuvMNGSq6O+inR
+vk4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
new file mode 100644
index 000000000..affbd8745
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-and-cabforum-oid-ee-path-int
+subject:test-and-cabforum-oid-ee-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1,2.23.140.1.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
new file mode 100644
index 000000000..e508339df
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkOgAwIBAgIUW3yHLCNMorwxWwyF6vrFuNsEdAQwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAsMSowKAYDVQQDDCF0ZXN0LWFuZC1jYWJmb3J1bS1vaWQtZWUtcGF0
+aC1pbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjgY0wgYowDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwWgYI
+KwYBBQUHAQEETjBMMEoGCCsGAQUFBzABhj5odHRwOi8vd3d3LmV4YW1wbGUuY29t
+Ojg4ODgvdGVzdC1hbmQtY2FiZm9ydW0tb2lkLWVlLXBhdGgtaW50LzARBgNVHSAE
+CjAIMAYGBFUdIAAwCwYJKoZIhvcNAQELA4IBAQAXnGkBYTc9jiL1YE4teF+ZRxfk
+Tf2AteJYk53suuAUtQ3xgG4UWY9KHIMF/HLT+ZN3SAsJNgAgg/zBLNaTvt6C52hb
+TUtfW/803g1AUmHAhWg5lruffYpRnKNJdsi6IvWAQec5EDGT8hwq6F28VmgDr3RT
+Je/jgBNzVSifYKQm89f1TJWvdDqWSam0b2ags8l0UPzqHI+GzAn7E2KWamnCXWfD
+BZE9VA/KNc13I/K2tv5zZ/m/LKnTUeSS9qCKCWNjZGI0UIChVcie1t4NJbUf8IUD
+VyUYTm3Z5rO4PUzcR1q8CWzqgb0aKUoq60BWjnr+eipsE0dmc+9OGVAGh3me
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
new file mode 100644
index 000000000..11630b4b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-and-cabforum-oid-ee-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-and-cabforum-oid-ee-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-and-cabforum-oid-ee-path-int/
+extension:certificatePolicies:any
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
new file mode 100644
index 000000000..d130202d7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDkTCCAnugAwIBAgIUZXXAUcIl4AT9QKUpEiBvQEk7MZswCwYJKoZIhvcNAQEL
+MDAxLjAsBgNVBAMMJXRlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1p
+bnQwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowLzEtMCsGA1UE
+AwwkdGVzdC1vaWQtZWUtY2FiZm9ydW0tb2lkLWludC1wYXRoLWVlMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4Gj
+MIGgMF0GCCsGAQUFBwEBBFEwTzBNBggrBgEFBQcwAYZBaHR0cDovL3d3dy5leGFt
+cGxlLmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1l
+ZS8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYIT
+ZXYtdGVzdC5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEBACBZnkQzVzZgGJRb
+CMAhvJSq9tWlaze1wTsCTo9YJu4/Np2MHdOZqh66saV+6KcNpmuibGwC516ooO9B
+OUBXq3fGurYwMuSQmONQ+i8eDIRDGJHrhSPqlEvZzW5tOMzUMgf8e1YeIVIEy4bz
+KEbDyc7o4fXpVewOqeD52TdR6RmJjXpbGDlSEqWoH6idvvnIMRuXAwTP3BWtZfRd
+w0RM+sEUozTeM1IuWQWe2wJtugLULxroMGJzjyyW0xBPGtrWqi3rdMdz8bKgV0qz
+LOC5OClY9gvEScjBS46RwahMLj5gK8K0Cxoqicx87it/mKrh0/IuJAZLHd/MMzAJ
+eF525sY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
new file mode 100644
index 000000000..bd0f955ad
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-ee-cabforum-oid-int-path-int
+subject:test-oid-ee-cabforum-oid-int-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
new file mode 100644
index 000000000..60f9e2855
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYjCCAkygAwIBAgIUT58S8MhTFBFpWcGoT3Ni9HEDT6IwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAwMS4wLAYDVQQDDCV0ZXN0LW9pZC1lZS1jYWJmb3J1bS1vaWQtaW50
+LXBhdGgtaW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABo4GSMIGPMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEG
+MF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxl
+LmNvbTo4ODg4L3Rlc3Qtb2lkLWVlLWNhYmZvcnVtLW9pZC1pbnQtcGF0aC1pbnQv
+MBIGA1UdIAQLMAkwBwYFZ4EMAQEwCwYJKoZIhvcNAQELA4IBAQBwXLEGvl0aJ3Wf
+nVJoV9EzL+df9oY0IBpZVpkNSyWQ+111lKMftznJct+mJsuAf23PcHJtUwSWQzaS
+W5DTzF32B6FiPPqS2N8v1eIIM/fjNdZXrMEFGfR5MwwoU4IPwjvIgoFT2LGv9PvP
+82o5PcEurK/HEhWCvn2r1rLAi1sr0sjd/yHJ6otwweWf6U6fREqzoVqB0HxhbToH
+BgR/YmTrFFCvUar/zwH6/G0ZMkJR98q7XairdCDgjlwY6Nk6gXR2noMMHwFeJP+h
+QCkXy2/w6332rmEHzokU3z/p0Y3NtEHK8n0+LIxg6akVovHTvLVJy+THUGQjPe0B
+pxlHKwek
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
new file mode 100644
index 000000000..37d4d133a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-ee-cabforum-oid-int-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-ee-cabforum-oid-int-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-ee-cabforum-oid-int-path-int/
+extension:certificatePolicies:2.23.140.1.1
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
new file mode 100644
index 000000000..67e14e875
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVTCCAj+gAwIBAgIUBR6mXmzAxA30s74v94EkKkcvL/AwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEXRlc3Qtb2lkLXBhdGgtaW50MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMBsxGTAXBgNVBAMMEHRlc3Qtb2lkLXBhdGgtZWUw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjgY8wgYwwSQYIKwYBBQUHAQEEPTA7MDkGCCsGAQUFBzABhi1odHRwOi8v
+d3d3LmV4YW1wbGUuY29tOjg4ODgvdGVzdC1vaWQtcGF0aC1lZS8wHwYDVR0gBBgw
+FjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwHgYDVR0RBBcwFYITZXYtdGVzdC5leGFt
+cGxlLmNvbTALBgkqhkiG9w0BAQsDggEBAKMkVA1VZlzajbBFNqwzSGfUipM1TzqH
+YjumITzJSBESfRZPfrtTEFtelfHUVq9Oh4oO8e2RPAgECw/tchZcJW4oYT2+wi1h
+rcHK8DutOC5rMpM3HP0tQlSCVtnb5maF9y/Z7mXrYKB3bYsA5gG022b/w91aiA6a
+MJqhRe8uv5dA1+SVMjgdJTDn+x8TBBwZlmoPSd2I21mC0C2URXRRZkTM1ZRZWnFQ
+brZ94cwfshjpONjPglOiM0p+uVSKhatnP3EqjfQVaTow7+RNPyHXNnaTsgz03j3w
+tnNRDhYZuSZzNZcugylGzt/U9nbE5B2VVjFuAw9DuCeUnPUm0EGxwF4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
new file mode 100644
index 000000000..a9d62c65e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-ee.pem.certspec
@@ -0,0 +1,5 @@
+issuer:test-oid-path-int
+subject:test-oid-path-ee
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-ee/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
+extension:subjectAlternativeName:ev-test.example.com
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
new file mode 100644
index 000000000..cbfd53b47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRzCCAjGgAwIBAgIURUX21bPV9r+a9MgTdgH/Z0JF7fEwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAcMRowGAYDVQQDDBF0ZXN0LW9pZC1wYXRoLWludDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBizCB
+iDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBKBggrBgEFBQcBAQQ+MDwwOgYI
+KwYBBQUHMAGGLmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC90ZXN0LW9pZC1w
+YXRoLWludC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0CQEwCwYJKoZI
+hvcNAQELA4IBAQAZpXz9L80yAL7c4NxT761VSaAxlL7djEAFx8XzTRI3Npd7pH9J
+GjD08pBw4fJoRkVaZhHMfTylYLR/trURFsBF/P9CCqcKUBk6P2hReEsmSV+nG8xp
+zs8M0JEoJbD3gWytwV0LZgc8INkmwo91CYlgvpBqpRrowdyYEc/+pE0lyn6kwjJE
+k6OwDnI1sbl3Aid9iMILITqvt9pRTh2ZbcpgXXRifk+LJNNgo+U54+VHEy1sGjFp
+/tXOqCeKAV5peEbWnXfewaitKTGBE/6zuEBQTeWzNDcwQwSYvS9oRcLxNn/qIyrj
+OIaT9QQeDT0AbHNIRj8npCaZrSxWRMPH12/4
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
new file mode 100644
index 000000000..53534eb52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ev_certs/test-oid-path-int.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:test-oid-path-int
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/test-oid-path-int/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
new file mode 100644
index 000000000..4db133e43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_forget_about_site_security_headers.js
@@ -0,0 +1,100 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+ * vim: sw=2 ts=2 sts=2
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+// Ensures that HSTS (HTTP Strict Transport Security) and HPKP (HTTP Public key
+// pinning) are cleared when using "Forget About This Site".
+
+var { ForgetAboutSite } = Cu.import("resource://gre/modules/ForgetAboutSite.jsm", {});
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+  Services.prefs.clearUserPref(
+    "security.cert_pinning.process_headers_from_non_builtin_roots");
+});
+
+const GOOD_MAX_AGE_SECONDS = 69403;
+const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+const VALID_PIN = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
+const BACKUP_PIN = `pin-sha256="${NON_ISSUED_KEY_HASH}";`;
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+
+do_get_profile(); // must be done before instantiating nsIX509CertDB
+
+Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+Services.prefs.setBoolPref(
+  "security.cert_pinning.process_headers_from_non_builtin_roots", true);
+
+var certdb = Cc["@mozilla.org/security/x509certdb;1"]
+               .getService(Ci.nsIX509CertDB);
+addCertFromFile(certdb, "test_pinning_dynamic/pinningroot.pem", "CTu,CTu,CTu");
+
+var sss = Cc["@mozilla.org/ssservice;1"]
+            .getService(Ci.nsISiteSecurityService);
+var uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+
+// This test re-uses certificates from pinning tests because that's easier and
+// simpler than recreating new certificates, hence the slightly longer than
+// necessary domain name.
+var sslStatus = new FakeSSLStatus(constructCertFromFile(
+  "test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem"));
+
+// Test the normal case of processing HSTS and HPKP headers for
+// a.pinning2.example.com, using "Forget About Site" on a.pinning2.example.com,
+// and then checking that the platform doesn't consider a.pinning2.example.com
+// to be HSTS or HPKP any longer.
+add_task(function* () {
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
+                    sslStatus, 0);
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
+
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HSTS");
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HPKP");
+
+  yield ForgetAboutSite.removeDataFromDomain("a.pinning2.example.com");
+
+  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should not be HSTS now");
+  Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should not be HPKP now");
+});
+
+// TODO (bug 1290529): the platform does not support this yet.
+// Test the case of processing HSTS and HPKP headers for a.pinning2.example.com,
+// using "Forget About Site" on example.com, and then checking that the platform
+// doesn't consider the subdomain to be HSTS or HPKP any longer.
+add_task(function* () {
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri, GOOD_MAX_AGE,
+                    sslStatus, 0);
+  sss.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                    GOOD_MAX_AGE + VALID_PIN + BACKUP_PIN, sslStatus, 0);
+
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HSTS (subdomain case)");
+  Assert.ok(sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+            "a.pinning2.example.com should be HPKP (subdomain case)");
+
+  yield ForgetAboutSite.removeDataFromDomain("example.com");
+
+  // TODO (bug 1290529):
+  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+  //                             "a.pinning2.example.com", 0),
+  //           "a.pinning2.example.com should not be HSTS now (subdomain case)");
+  // Assert.ok(!sss.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+  //                             "a.pinning2.example.com", 0),
+  //           "a.pinning2.example.com should not be HPKP now (subdomain case)");
+});
diff --git a/security/manager/ssl/tests/unit/test_getchain.js b/security/manager/ssl/tests/unit/test_getchain.js
new file mode 100644
index 000000000..2851c3a70
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain.js
@@ -0,0 +1,82 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb  = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+// This is the list of certificates needed for the test.
+var certList = [
+  'ee',
+  'ca-1',
+  'ca-2',
+];
+
+// Since all the ca's are identical expect for the serial number
+// I have to grab them by enumerating all the certs and then finding
+// the ones that I am interested in.
+function get_ca_array() {
+  let ret_array = [];
+  let allCerts = certdb.getCerts();
+  let enumerator = allCerts.getEnumerator();
+  while (enumerator.hasMoreElements()) {
+    let cert = enumerator.getNext().QueryInterface(Ci.nsIX509Cert);
+    if (cert.commonName == 'ca') {
+      ret_array[parseInt(cert.serialNumber, 16)] = cert;
+    }
+  }
+  return ret_array;
+}
+
+
+function check_matching_issuer_and_getchain(expected_issuer_serial, cert) {
+  const nsIX509Cert = Components.interfaces.nsIX509Cert;
+
+  equal(expected_issuer_serial, cert.issuer.serialNumber,
+        "Expected and actual issuer serial numbers should match");
+  let chain = cert.getChain();
+  let issuer_via_getchain = chain.queryElementAt(1, nsIX509Cert);
+  // The issuer returned by cert.issuer or cert.getchain should be consistent.
+  equal(cert.issuer.serialNumber, issuer_via_getchain.serialNumber,
+        "Serial numbers via cert.issuer and via getChain() should match");
+}
+
+function check_getchain(ee_cert, ssl_ca, email_ca) {
+  // A certificate should first build a chain/issuer to
+  // a SSL trust domain, then an EMAIL trust domain and then
+  // an object signer trust domain.
+
+  const nsIX509Cert = Components.interfaces.nsIX509Cert;
+  certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_SSL);
+  certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT,
+                      Ci.nsIX509CertDB.TRUSTED_EMAIL);
+  check_matching_issuer_and_getchain(ssl_ca.serialNumber, ee_cert);
+  certdb.setCertTrust(ssl_ca, nsIX509Cert.CA_CERT, 0);
+  check_matching_issuer_and_getchain(email_ca.serialNumber, ee_cert);
+  certdb.setCertTrust(email_ca, nsIX509Cert.CA_CERT, 0);
+  // Do a final test on the case of no trust. The results must
+  // be consistent (the actual value is non-deterministic).
+  check_matching_issuer_and_getchain(ee_cert.issuer.serialNumber, ee_cert);
+}
+
+function run_test() {
+  clearOCSPCache();
+  clearSessionCache();
+
+  for (let cert of certList) {
+    addCertFromFile(certdb, `test_getchain/${cert}.pem`, ",,");
+  }
+
+  let ee_cert = certdb.findCertByNickname('ee');
+  notEqual(ee_cert, null, "EE cert should be in the cert DB");
+
+  let ca = get_ca_array();
+
+  check_getchain(ee_cert, ca[1], ca[2]);
+  // Swap ca certs to deal alternate trust settings.
+  check_getchain(ee_cert, ca[2], ca[1]);
+}
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem
new file mode 100644
index 000000000..a3dcb268c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZygAwIBAgIBATALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAchHf1yV+blE6fvS53L3DGmvxEpn9+t+xwOvWczBmLFEzUPdncakdaWlQ
+v7q81BPyjBqkYbQi15Ws81hY3dnXn8LT1QktCL9guvc3z4fMdQbRjpjcIReCYt3E
+PB22Jl2FCm6ii4XL0qDFD26WK3zMe2Uks6t55f8VeDTBGNoPp2JMsWY1Pi4vR6wK
+AY96WoXS/qrYkmMEOgFu907pApeAeE8VJzXjqMLF6/W1VN7ISnGzWQ8zKQnlp3YA
+mvWZQcD6INK8mvpZxIeu6NtHaKEXGw7tlGekmkVhapPtQZYnWcsXybRrZf5g3hOh
+JFPl8kW42VoxXL11PP5NX2ylTsJ//g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec
new file mode 100644
index 000000000..6062931cd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-1.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+serialNumber:1
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem
new file mode 100644
index 000000000..fab9f209e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICsjCCAZygAwIBAgIBAjALBgkqhkiG9w0BAQswDTELMAkGA1UEAwwCY2EwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowDTELMAkGA1UEAwwCY2Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAXjVM9rVj8ZtTUvdKGMWaYkLGKqvi4dwK2ZwvAqeybTK7XCRKmXYksAxT
+NVKx2DgHn0r0nYk7gu3TYKpFfI4i1zSriq4FXd8Z5fhbRGToyU6nFBqWnDET+haJ
++jrI34kLG1oXqZMbbcUZX7sXnVYafxr/MYBVhtIwwUV8tgX+5SzdRsZ85REiBGbZ
+Y915NAo7ZNfGkjOSNS3BycdHPMgEHqONq+BSAwYAuKT05LI/KgSZK+8vfNrcvvMV
+TO1T4HC3vmOuKZkMWTj6JKyGO07R3CNypW+9Fi5LjRjVFf2acZM0VVPsSdiIp1EZ
+xa6RkYqPfRLrTKUkti6BFJlXozfnNA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec
new file mode 100644
index 000000000..bb599046e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ca-2.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+serialNumber:2
diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem b/security/manager/ssl/tests/unit/test_getchain/ee.pem
new file mode 100644
index 000000000..237e36bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICpjCCAZCgAwIBAgIUQ9aT0/eKZXjA2Ma4sq+QU+/srsowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAEWMrrsgZ
+yxJk3jvJA5l7J6L9yspBBY/bpi7x4YTWssHemTdJVQAX4p+9rKCa5CfEy5LrE4up
+KnNyMYJzlFuLvcu4ExOmj5ceGRiD5s++g5R4OHzn9QNUeav9b3dFPT3q7dLg2Emm
+RClgZGiwgBXZsaa+urw7Y4oi8DhMePHt523Wv6JFacV42tq0TqIzDIH61nhGamJC
+TafTmYZqGTaNxweBy9m3JJot3zwqTId98TlJStY+oHYI9vGBD8ug0xQWd233d1k9
+BH5axHeYUu2GKLauWH49zSBv+hAeYKmjU3p1qIEzFsQ7ezUNJu5/x+kiClTclITJ
+IrtAUwHJuatuWQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec
new file mode 100644
index 000000000..34e99782b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/ee.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:ee
diff --git a/security/manager/ssl/tests/unit/test_getchain/moz.build b/security/manager/ssl/tests/unit/test_getchain/moz.build
new file mode 100644
index 000000000..8bf3d1082
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_getchain/moz.build
@@ -0,0 +1,15 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca-1.pem',
+#    'ca-2.pem',
+#    'ee.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms.js b/security/manager/ssl/tests/unit/test_hash_algorithms.js
new file mode 100644
index 000000000..17ccd0781
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms.js
@@ -0,0 +1,87 @@
+"use strict";
+
+const messages = [
+  "The quick brown fox jumps over the lazy dog",
+  ""
+];
+const hashes = {
+  md2: [
+    "03d85a0d629d2c442e987525319fc471",
+    "8350e5a3e24c153df2275c9f80692773"
+  ],
+  md5: [
+    "9e107d9d372bb6826bd81d3542a419d6",
+    "d41d8cd98f00b204e9800998ecf8427e"
+  ],
+  sha1: [
+    "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12",
+    "da39a3ee5e6b4b0d3255bfef95601890afd80709"
+  ],
+  sha256: [
+    "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592",
+    "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+  ],
+  sha384: [
+   "ca737f1014a48f4c0b6dd43cb177b0afd9e5169367544c494011e3317dbf9a509cb1e5dc1e85a941bbee3d7f2afbc9b1",
+   "38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"
+  ],
+  sha512: [
+    "07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6",
+    "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+  ]
+};
+
+function hexdigest(data) {
+  // |slice(-2)| chomps off the last two characters of a string.
+  //
+  // Therefore, if the Unicode value is < 10, we have a single-character hex
+  // string when we want one that's two characters, and unconditionally
+  // prepending a "0" solves the problem.
+  return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
+}
+
+function doHash(algo, value, cmp) {
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  hash.initWithString(algo);
+
+  let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                    .createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = 'utf8';
+  value = converter.convertToByteArray(value);
+  hash.update(value, value.length);
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match`);
+
+  hash.initWithString(algo);
+  hash.update(value, value.length);
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match after re-init`);
+}
+
+function doHashStream(algo, value, cmp) {
+  let hash = Cc["@mozilla.org/security/hash;1"].createInstance(Ci.nsICryptoHash);
+  hash.initWithString(algo);
+
+  let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                    .createInstance(Ci.nsIScriptableUnicodeConverter);
+  converter.charset = 'utf8';
+  let stream = converter.convertToInputStream(value);
+  hash.updateFromStream(stream, stream.available());
+  equal(hexdigest(hash.finish(false)), cmp,
+        `Actual and expected hash for ${algo} should match updating from stream`);
+}
+
+function run_test() {
+  for (let algo in hashes) {
+    hashes[algo].forEach(
+      function(e, i) {
+        doHash(algo, messages[i], e);
+
+        if (messages[i].length) {
+          // this test doesn't work for empty string/stream
+          doHashStream(algo, messages[i], e);
+        }
+      }
+    );
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
new file mode 100644
index 000000000..f2b7016c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hash_algorithms_wrap.js
@@ -0,0 +1,5 @@
+"use strict";
+
+function run_test() {
+  run_test_in_child("test_hash_algorithms.js");
+}
diff --git a/security/manager/ssl/tests/unit/test_hmac.js b/security/manager/ssl/tests/unit/test_hmac.js
new file mode 100644
index 000000000..7adc46190
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_hmac.js
@@ -0,0 +1,88 @@
+"use strict";
+
+var ScriptableUnicodeConverter =
+  Components.Constructor("@mozilla.org/intl/scriptableunicodeconverter",
+                         "nsIScriptableUnicodeConverter");
+
+function getHMAC(data, key, alg) {
+  let converter = new ScriptableUnicodeConverter();
+  converter.charset = "utf8";
+  let dataArray = converter.convertToByteArray(data);
+
+  let keyObject = Cc["@mozilla.org/security/keyobjectfactory;1"]
+                    .getService(Ci.nsIKeyObjectFactory)
+                    .keyFromString(Ci.nsIKeyObject.HMAC, key);
+
+  let cryptoHMAC = Cc["@mozilla.org/security/hmac;1"]
+                     .createInstance(Ci.nsICryptoHMAC);
+
+  cryptoHMAC.init(alg, keyObject);
+  cryptoHMAC.update(dataArray, dataArray.length);
+  let digest1 = cryptoHMAC.finish(false);
+
+  cryptoHMAC.reset();
+  cryptoHMAC.update(dataArray, dataArray.length);
+  let digest2 = cryptoHMAC.finish(false);
+
+  equal(digest1, digest2,
+        "Initial digest and digest after calling reset() should match");
+
+  return digest1;
+}
+
+function testHMAC(alg) {
+  const key1 = 'MyKey_ABCDEFGHIJKLMN';
+  const key2 = 'MyKey_01234567890123';
+
+  const dataA = "Secret message";
+  const dataB = "Secres message";
+
+  let digest1a = getHMAC(key1, dataA, alg);
+  let digest2 = getHMAC(key2, dataA, alg);
+  let digest1b = getHMAC(key1, dataA, alg);
+
+  equal(digest1a, digest1b,
+        "The digests for the same key, data and algorithm should match");
+  notEqual(digest1a, digest2, "The digests for different keys should not match");
+
+  let digest1 = getHMAC(key1, dataA, alg);
+  digest2 = getHMAC(key1, dataB, alg);
+
+  notEqual(digest1, digest2, "The digests for different data should not match");
+}
+
+function hexdigest(data) {
+  return Array.from(data, (c, i) => ("0" + data.charCodeAt(i).toString(16)).slice(-2)).join("");
+}
+
+function testVectors() {
+  // These are test vectors taken from RFC 4231, section 4.3. (Test Case 2)
+  const keyTestVector = "Jefe";
+  const dataTestVector = "what do ya want for nothing?";
+
+  let digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                                 Ci.nsICryptoHMAC.SHA256));
+  equal(digest,
+        "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
+        "Actual and expected SHA-256 digests should match");
+
+  digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                             Ci.nsICryptoHMAC.SHA384));
+  equal(digest,
+        "af45d2e376484031617f78d2b58a6b1b9c7ef464f5a01b47e42ec3736322445e8e2240ca5e69e2c78b3239ecfab21649",
+        "Actual and expected SHA-384 digests should match");
+
+  digest = hexdigest(getHMAC(dataTestVector, keyTestVector,
+                             Ci.nsICryptoHMAC.SHA512));
+  equal(digest,
+        "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
+        "Actual and expected SHA-512 digests should match");
+}
+
+function run_test() {
+  testVectors();
+
+  testHMAC(Ci.nsICryptoHMAC.SHA1);
+  testHMAC(Ci.nsICryptoHMAC.SHA512);
+  testHMAC(Ci.nsICryptoHMAC.MD5);
+}
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
new file mode 100644
index 000000000..5ebc1546b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints.js
@@ -0,0 +1,111 @@
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function load_cert(name, trust) {
+  let filename = "test_intermediate_basic_usage_constraints/" + name + ".pem";
+  addCertFromFile(certdb, filename, trust);
+}
+
+function test_cert_for_usages(certChainNicks, expected_usages) {
+  let certs = [];
+  for (let i in certChainNicks) {
+    let certNick = certChainNicks[i];
+    let certPEM = readFile(
+                    do_get_file("test_intermediate_basic_usage_constraints/"
+                                + certNick + ".pem"), false);
+    certs.push(certdb.constructX509FromBase64(pemToBase64(certPEM)));
+  }
+
+  let cert = certs[0];
+  return asyncTestCertificateUsages(certdb, cert, expected_usages);
+}
+
+add_task(function* () {
+  let ee_usages = [ certificateUsageSSLClient, certificateUsageSSLServer,
+                    certificateUsageEmailSigner, certificateUsageEmailRecipient,
+                    certificateUsageObjectSigner ];
+  let ca_usages = [ certificateUsageSSLCA, certificateUsageVerifyCA ];
+  let eku_usages = [ certificateUsageSSLClient, certificateUsageSSLServer ];
+
+  // Load the ca into mem
+  let ca_name = "ca";
+  load_cert(ca_name, "CTu,CTu,CTu");
+  yield test_cert_for_usages([ca_name], ca_usages);
+
+  // A certificate with no basicConstraints extension is considered an EE.
+  yield test_cert_for_usages(["int-no-extensions"], ee_usages);
+
+  // int-no-extensions is an EE (see previous case), so no certs can chain to
+  // it.
+  yield test_cert_for_usages(["ee-int-no-extensions", "int-no-extensions"], []);
+
+  // a certificate with basicConstraints.cA==false is considered an EE.
+  yield test_cert_for_usages(["int-not-a-ca"], ee_usages);
+
+  // int-not-a-ca is an EE (see previous case), so no certs can chain to it.
+  yield test_cert_for_usages(["ee-int-not-a-ca", "int-not-a-ca"], []);
+
+  // a certificate with basicConstraints.cA==false but with the keyCertSign
+  // key usage may not act as a CA (it can act like an end-entity).
+  yield test_cert_for_usages(["int-cA-FALSE-asserts-keyCertSign"], ee_usages);
+  yield test_cert_for_usages(["ee-int-cA-FALSE-asserts-keyCertSign",
+                              "int-cA-FALSE-asserts-keyCertSign"], []);
+
+
+  // int-limited-depth has cA==true and a path length constraint of zero.
+  yield test_cert_for_usages(["int-limited-depth"], ca_usages);
+
+  // path length constraints do not affect the ability of a non-CA cert to
+  // chain to to the CA cert.
+  yield test_cert_for_usages(["ee-int-limited-depth", "int-limited-depth"],
+                             ee_usages);
+
+  // ca
+  //   int-limited-depth (cA==true, pathLenConstraint==0)
+  //      int-limited-depth-invalid (cA==true)
+  //
+  yield test_cert_for_usages(["int-limited-depth-invalid", "int-limited-depth"],
+                             []);
+  yield test_cert_for_usages(["ee-int-limited-depth-invalid",
+                              "int-limited-depth-invalid", "int-limited-depth"],
+                             []);
+
+  // int-valid-ku-no-eku has keyCertSign
+  yield test_cert_for_usages(["int-valid-ku-no-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-valid-ku-no-eku", "int-valid-ku-no-eku"],
+                             ee_usages);
+
+  // int-bad-ku-no-eku has basicConstraints.cA==true and has a KU extension
+  // but the KU extension is missing keyCertSign. Note that mozilla::pkix
+  // doesn't validate certificates with basicConstraints.Ca==true for non-CA
+  // uses.
+  yield test_cert_for_usages(["int-bad-ku-no-eku"], []);
+  yield test_cert_for_usages(["ee-int-bad-ku-no-eku", "int-bad-ku-no-eku"], []);
+
+  // int-no-ku-no-eku has basicConstraints.cA==true and no KU extension.
+  // We treat a missing KU as "any key usage is OK".
+  yield test_cert_for_usages(["int-no-ku-no-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-no-ku-no-eku", "int-no-ku-no-eku"],
+                             ee_usages);
+
+  // int-valid-ku-server-eku has basicConstraints.cA==true, keyCertSign in KU,
+  // and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-valid-ku-server-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-valid-ku-server-eku",
+                              "int-valid-ku-server-eku"], eku_usages);
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, a KU without
+  // keyCertSign, and EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-bad-ku-server-eku"], []);
+  yield test_cert_for_usages(["ee-int-bad-ku-server-eku",
+                              "int-bad-ku-server-eku"], []);
+
+  // int-bad-ku-server-eku has basicConstraints.cA==true, no KU, and
+  // EKU=={id-kp-serverAuth,id-kp-clientAuth}.
+  yield test_cert_for_usages(["int-no-ku-server-eku"], ca_usages);
+  yield test_cert_for_usages(["ee-int-no-ku-server-eku",
+                              "int-no-ku-server-eku"], eku_usages);
+});
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
new file mode 100644
index 000000000..f9bc514d4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuDCCAaKgAwIBAgIUNRoMRQGf1ZJA3n83kdc6L92/CEowCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MAsGCSqG
+SIb3DQEBCwOCAQEAs/WSLtD9nmferqrktS7n94DuJKXYIyVwANS+HUSP515q0zTY
+12Poo6n4UAJpAcO+MK2DhBREa3qtQBxxazmC6zAqvyOCE6l7YlzDXbjqLSfKn3ti
+JrltsfR/0P5zqLDPu2TaXaYey+dtGqvGINjRccB9OknroUH+jX7jWqGBL4Gz8IOR
+5I30FWKfDZTuhMNyBCVpCo5IL5VUdEgZsOlBe5jnGPtN7Q3LmFU91yoRXoOtp+e6
+94pZNhJqGfqLpH8ArRi5qr4QteCRSfvYFBusniJOLnGDi6K3Nh6iBvwPM8qSfQ5A
+Cj361pbNvT+OPpdlm9DFCh6k8jKhZ2fXXMHdtg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
new file mode 100644
index 000000000..eb7c4b4be
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
new file mode 100644
index 000000000..7204416fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUK7AF47QInCeFM5oGehLpWlwykXswCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1iYWQta3Utbm8t
+ZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAJ03z0DxaMoamG4vjSJmVCVD5fg10BGbE59JqcA8IxjXMe4cbR7M
+eTBKx1SkwMIF5YblRtDJ486Xv+jddU+Ahtggbm5DQJ1y1q/Aqq1o4YVAqNoAbJ0o
+xapRfv/qzxqjKTnUdO0f4MLdAmR+62JFrUgw9CYQ/ve3DagsO07BYXEjtHVIB0Wx
+ur68eVQofh+3GkNJwP5g66wCIwbfMAZa50Z+0F8xRLPbAcObdvAxkuPDjsY0a3g+
+Jkkv2mnDm5ABmeqihCNBd5RAgC3xOToWosk4PlJGslydA339L5/K47wdGYLcWC5R
+VgAshQo/kwWTpHu3qbUkIEtFbYxJ7ab7Gak=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..390adf234
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-no-eku
+subject:ee-int-bad-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
new file mode 100644
index 000000000..0d39a7832
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUXYbRaawTt2Kjb5NY/aIyZ9Us5m4wCwYJKoZIhvcNAQEL
+MCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTAiGA8yMDE1MTEyODAw
+MDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhlZS1pbnQtYmFkLWt1
+LXNlcnZlci1la3UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4
+MAsGCSqGSIb3DQEBCwOCAQEAq/zm5gIun6D8nAuEgmuXzmLoc8RorZg0f+6mPTFA
+Kld8ewwAxf1VkmEKxX1vBAh6XGtGmuFfoYp5HjcT/4w4Xsv/Tiht1vB40o23fD/Y
+URRdG1oTYErw0DX2cxcBdQMZygth5xOfW7X1Ts14Zl97l3JErgXo82KnT+S+Ohot
+GEMea4j1vnxLgZx+QB1d26BfOn58qeEad09YwS3NRj3AaFrY6VuvUPLIj/DfducW
+JLbC5ns5l8hf8Vk+oZNsKaynMUpYEZi4L6b7lCpL5bwEWoPR0ryNU3aGZNrCL3c6
+V/hTsg6CFojkRAmTzI2OLMsy51/JNMM0azRtVJ8i+WggGQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..32bb6c248
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-bad-ku-server-eku
+subject:ee-int-bad-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 000000000..d60e8e8fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBDCCAe6gAwIBAgIUH3DA15ZPfcaH0zDIfSBoT4pcTUwwCwYJKoZIhvcNAQEL
+MCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMCIY
+DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMC4xLDAqBgNVBAMMI2Vl
+LWludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWduMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV
+HRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG9w0BAQsDggEBAJ6rNJFZaniL
+SWRKFdwG1vx/GPXLDl+/0VNyCVaTyYdT2tUt7A+jeJzDxv9/ELWiAhCPl77FwWOj
+xieY6CBJtQk+3Wxc9Ofc6kap5/5RtogfBsr26pfeDkKEPVFxwWTPa+tzd/Beapvg
+mew//Sp0Q3SdS0cxBQJp+u/aSEglM/Bh+l3q6sBrSGPY4/0mWQD4R/rq74sZ2TnL
+wshxO48fk1Map5kqg6L2vBNuDqr08/lrXnv1BzlgbL7UTa52BUtbPce3uegL8sIh
+5NQUW0UTIHBuBI3Ce46f5Rzeq0W7/yeDVdc6W/B/8+B5G+A2Xwlm+8AcMFsG2GFD
+K3mdAuGZW+A=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 000000000..9e0fb65fd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-cA-FALSE-asserts-keyCertSign
+subject:ee-int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
new file mode 100644
index 000000000..10068137f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUddKEywO/Eq38I1xoGyTjg9hFzi8wCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRoLWludmFsaWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowJzElMCMGA1UEAwwcZWUtaW50LWxp
+bWl0ZWQtZGVwdGgtaW52YWxpZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNV
+HQ8EBAMCA/gwCwYJKoZIhvcNAQELA4IBAQAXnxXnkz6FPrXqw2XSvhy5YPEdGM5z
+qg+7A7nMLkGa3yLdsYXGKoxurlfBKfTNg7f/4vl3JHefS9dRJuSCHd/ie/mIr0Xt
+GFHoaZhl7LfEIMIe9caXgg2yWTSNCyFBh0Mxgvt1mHin0cWEV9qGiSmFiGzb8l0S
+ScNGFsBicFdnDa9I4cTGy9KNG4SAXSq5Mq8PyJ6ET6Iq7Z387T58yQtQke2/xIWB
+mnmZSnhCwBKqx5FntoIlhRWUfwSf0Z4H2UwZrU/Csv1cszRpgcYKGasRHNTg1TAj
+rIyTNmq7z/DAqdecE0js9SpD6Ht3MHSFPdhCsV+ev+H6i/IXWvxbYkgV
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
new file mode 100644
index 000000000..f00b4d159
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth-invalid
+subject:ee-int-limited-depth-invalid
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
new file mode 100644
index 000000000..23904452a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUXec5ZMQORrk2Pmi+OTo4ybN6MHowCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1saW1pdGVkLWRl
+cHRoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAB557gwbSdb6slyiiKsSMDjGN1hfg6i77yvl4fJRYTdYrzvulc5k
+5GNCkM0FzmXeU2ZEqkvHpLRqBdtWmMeP1DoRMrwBMCDRuytrMFjNUdSfNl24ddU7
+qJ0VHzHzJsRX+4IQl3LLU46EtI9dtOkuftmZdgx+em0Ts/9cRVgT8DlzqtS7Zt6C
+ZaIg0Azle1k7eSndlzFeaEtdW7I8V0JUpBupKbFZejlccAT4Y9NBxw9QOJ7yd4kL
+P3do/lXOzc++Qh3OkJI1x69fzn5XyFuVac1tEzHS+9ODNWpFxsQtvQQ1WsjeznB2
+eWdV+jkakbbFJd733lEDoHcTa8nVLcY//GQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
new file mode 100644
index 000000000..df85342d9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-limited-depth.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-limited-depth
+subject:ee-int-limited-depth
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
new file mode 100644
index 000000000..b284989f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUBwoOpsgnbx58BjjIE/5qb5aWuEEwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB8xHTAbBgNVBAMMFGVlLWludC1uby1leHRlbnNp
+b25zMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62
+iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHql
+WqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosq
+Qe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+
+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8i
+b2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoY
+CjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DALBgkqhkiG
+9w0BAQsDggEBAHPL8KLxeqX6z1G+2515iGSngTOR8CGYLjn990NWHQU8uCJPH1bu
+Q3ZaA8+E9qjVnOk79WaZ7xnD2TYEqIztDo9MbCOhsfggnF0lkoSbroVodN14Grob
+Dq+82SBC2LMtPuU1I7WR2S0svi6lAIVjTPCF6cV+2EzaGXip+R6QYpWButmtiP16
+LxtNyWqDd02C2VOSy7bX1Gk1ZFE65R97VRqVHN1ZCZQapxOySiw4+fhoBZknMX7g
+k6891BAoAiietKufOJyI3JOokTRzo8ML98grjZgAbf+/1TKTkm02ZOWC8daquuzt
+fWD4HfakwF94AsCdPjH1zIM9S3eNFsGqK5Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
new file mode 100644
index 000000000..c5279046d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-extensions.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-extensions
+subject:ee-int-no-extensions
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
new file mode 100644
index 000000000..3169edf91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUWXP9FsYmaGVIbwIJTUw0C5a0GDUwCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHjEcMBoGA1UEAwwTZWUtaW50LW5vLWt1LW5vLWVr
+dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogG
+NhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqn
+RYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHu
+p3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQ
+Lzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p
+47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo1
+7Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJKoZIhvcN
+AQELA4IBAQBMW1+NpE+LWxquW2XsX+A4Dmi7Dy47Q89pX+YoWU+BIXCP6XIRSKJX
+FS3IPG3Gmd1a8SgzZxnnTCmUGDu5NtYM+vab1efNDzxjCf0JFsdjJy+sDMxh6p8f
+ffPpa8bbEjNUBC3C6z8GRWpjnDkRjco8osJkjH98GNPN3nsQhTaS6of0RLegfNQW
+PymuisSek2iW061L0z8GR8U6HB/Vh76FxMV9inZYHh0l9h1AlypYomAfnJ6l6fa8
+LLUhbqCJbPVTXIfJCgy8Mpc5vuD4OZ8/IDX/TANQsT5e3h4NLV5QjgPe0KxdLI0l
+AaiiwCz7dF2OXMEVRQe0+by4mmDjKer2
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..92ee3cc6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-no-eku
+subject:ee-int-no-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
new file mode 100644
index 000000000..1037a03fa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7DCCAdagAwIBAgIUHQBwtK4YHGAX9lNXBBwc8zRAG+QwCwYJKoZIhvcNAQEL
+MB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4MDAw
+MDAwWhgPMjAxODAyMDUwMDAwMDBaMCIxIDAeBgNVBAMMF2VlLWludC1uby1rdS1z
+ZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESO
+FtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVr
+amRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWka
+sdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbY
+VbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6n
+aOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHE
+MdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwID+DAL
+BgkqhkiG9w0BAQsDggEBADyWiWIqd+ZAJLr9CTltk07maWEBfiojcboDFHdBbpuo
+9/WNyNXyQ5zNeVBx5t6VreVpFC283IIeTRpT2JRpwDMH0PrSrpaHMLuEBzitau+a
+lTujLC6oPkktRQIguqibIeqmaLc0aJfhCLpdVByQ8IA0lvn2/hSS60Lczi8/j9lf
+CBi8KR9Vbu4TE9gA2YPnX5QpUMPUVXNQFKhkNEOI4znDnWrWR+YqaxPOJJN4Y7+n
+tdR1ZAm7M4V759hEdPm3R6ailnZG1tHx+yiYlkavIz7YFqsod23KkKA2NIfms4U/
+0prBJQ31FlFJA4xIkqmv9QV37oLJY+PHT4779ess8Cg=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..c14889671
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-no-ku-server-eku
+subject:ee-int-no-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
new file mode 100644
index 000000000..5a959c953
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUZQzo04Yam+J7Cj0ABLKpTriWOOkwCwYJKoZIhvcNAQEL
+MBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTAiGA8yMDE1MTEyODAwMDAwMFoYDzIw
+MTgwMjA1MDAwMDAwWjAaMRgwFgYDVQQDDA9lZS1pbnQtbm90LWEtY2EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erk
+NUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwC
+fs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1m
+CyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTM
+HGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m
+1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGj
+HTAbMAwGA1UdEwQFMAMBAQAwCwYDVR0PBAQDAgP4MAsGCSqGSIb3DQEBCwOCAQEA
+l0yZ9gi1DSU1UCjhZqTwBBJXTq5DUgRdMB8D2XU8WTvFR419ttsp0eyEBBG2+Gk5
+IueA711TE+zRSgWePjlwRFK0ZalDZ0aRXXNGH5vrLYoigXHz+yrgAMIyxabl/RUT
+pw6wTQmt5iKN0cUICY7PgfjAiugkD5551KanWim/jnu/g1QbVCWIErawzB4kTbQj
+coWeFLL5RRL/tK1DnUWrvjynt/uBqilrqazdGYD3DwSx1r32nohK8YlvxsKzfEsR
+D8j9i/fM3HnuY9PnGh6w7Q0v8Ybx4PiXCZcTecPWjoHHDl0rGNbNOKF2BkMnuG38
+HennrEzAZa2Byk+8BKJx0g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
new file mode 100644
index 000000000..a95b0dc26
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-not-a-ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-not-a-ca
+subject:ee-int-not-a-ca
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
new file mode 100644
index 000000000..97708b4b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAdSgAwIBAgIUNdjCSw3sRlBVn+bb2BRT2/86rUwwCwYJKoZIhvcNAQEL
+MB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwIhgPMjAxNTExMjgwMDAw
+MDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtaW50LXZhbGlkLWt1
+LW5vLWVrdTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbW
+Qf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pk
+cQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHT
+AjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3
+ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jh
+s3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHV
+A6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEBADALBgNVHQ8EBAMCA/gwCwYJ
+KoZIhvcNAQELA4IBAQAJUHbGqWQWF/nXvq/x5V8hzM18GvrGoAToXcssHCpGDUL1
+76IQBEn5LwIdv/x+/vtWpIK+9n8sDeOwetba732nIHoMqVSVTSUa6VCc5arvXYUs
+FJ7fsAzJII21roEXtahd4cdJq9r3UUewERZvFjxnHU+FF43R8DsLZqGie97LQYAL
+DhJXWVJENp5RgQv0w7wWduqZNhnocKSfpwY4vy/4x4VRdS/4P0nv/qOYPO1JAwGg
+3xggbVGArL07dPBcV+/dVFYPv4LLAlaSsgcp3QUX4GS2RWnFuxa2N3oV2VEi6AtL
+qYAjzsVTlZajWS0bI3YDPoF1fA5D5I2UjLaqE+Xx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..89a66b9f9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-no-eku
+subject:ee-int-valid-ku-no-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
new file mode 100644
index 000000000..ba523f64d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8jCCAdygAwIBAgIUSWvWguZEz9NZBXX1ZCoChzAjiikwCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MCIYDzIwMTUxMTI4
+MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMCUxIzAhBgNVBAMMGmVlLWludC12YWxp
+ZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQE
+AwID+DALBgkqhkiG9w0BAQsDggEBAFzS8Zf5e20Y3lpfm8vtfp6tYUE/Jafc7eXM
+OzIazcBDB9hpiLPeeliw1nVhVnN+C/cdVDtVkh7jfMzmq0bEv/fFTZLH0UcEXVKt
+AhV0P98PKxPcB8G0Q4AL0DL+hXy0vomGPWhnNdj7do/a2WlZUyFxnDtUOMwYkYkp
+V8ii4NOPGWK+5Oc6j/MpeTWeP5HtfYs4b1nuGW4dbklY/CjekRHWmWSwTVnQelAF
+bn9Cs1bXa+KntGX9iE8hK+4WLNM15/Ch9RRNbL3HGfntakHsjcqR8GL1cF3GrZkL
+L5hUuX6fzS04s6Lrqxnb5+KMGgEWgdbF5+bmPS0oAP4eAjrzqvs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..43e83a336
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/ee-int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int-valid-ku-server-eku
+subject:ee-int-valid-ku-server-eku
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
new file mode 100644
index 000000000..87c9e7783
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1DCCAb6gAwIBAgIUYS3pOmOM6SjbT2+LSutSEZcu/T0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1iYWQta3Utbm8tZWt1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIB+jALBgkqhkiG9w0BAQsDggEBAClZ/nt4DWBg
+s+370ym6UwtUi/rCqg2XztXbRPrnIZ3EwDCM4IEUnIhDb8mBu6yoT+GETyGGzINq
+XAue37I78nQoKsGiBX5itGGI3XvAuP0a5c/sYmHZD4uqjgRypGo6XLlM2ZZU9B1g
+vrY7oH9knLQzf9kcpo5IXQkzZbEy5KTmiyqHX4bSXZwHATDmXRFZNT4ojUV/8ozD
+KWgBWJBIiA1EpbWj1VoMTwWGp2UkPOyXTpmMe6nma+Swn4HAlYJlImwEtdBLZsIx
+vPRseb9zO3hLyeVMd3uHeOtgFcBWVx0vkX9taoGEhfds5i3m1vYMi1QD3cgmJTJO
+bTqfFO0+5Xo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..f6525449b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-bad-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
new file mode 100644
index 000000000..f2550274a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9zCCAeGgAwIBAgIUV7jmxQiYVnYXubm3dfP58HTCLAYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCAxHjAcBgNVBAMMFWludC1iYWQta3Utc2VydmVyLWVrdTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs
+9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8
+HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7Ak
+kqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJet
+lmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2r
+kQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM8MDow
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAfowHQYDVR0lBBYwFAYIKwYBBQUHAwEG
+CCsGAQUFBwMCMAsGCSqGSIb3DQEBCwOCAQEAiWJSUz5NGSIGIBxnft0wa7D0Yu9K
+qx1vw4JfBnr2RFxb7Z4uLM4dQcyfqgvyEQks4yIDv/ygLZ4jUDoorVodnh/vEmeo
+HRUiCRFbTxhZjlepotgvwO8BjuPtRvswziVSEdglUYeWKirYuI8b3uaRnukoxP1c
+Y1yHz+khiu7gvF4I0qKVbZAPIGlveypPoliAVls1V80pDRYRJZQQGDkfr4Pt7U8j
+tWWD1N7LeTctyOnjJa5jBGruhzncRXv2yrgmQSxeHWvckdp8dbsp7jA8sFpvr8IB
+8APo5I/zKt76xZAes1AhRcsSQ+f25tAoLfERqCY+fQXs/ANe8VIOLZSNmw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..2d324508d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-bad-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-bad-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,cRLSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
new file mode 100644
index 000000000..be9eeba00
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUfwtPS7BE2BHyTLJHGoXUsWPKb4IwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCsxKTAnBgNVBAMMIGludC1jQS1GQUxTRS1hc3NlcnRzLWtleUNlcnRTaWdu
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABox0wGzAMBgNVHRMEBTADAQEAMAsGA1UdDwQEAwIB/jALBgkqhkiG9w0B
+AQsDggEBAKFcTDGv9WuNnIkWlpJt2zy0YxKGkRvDUtmQxx1pjUZgrYDAP/e24nzb
+IDYovT6Yy/2OUQCRKyrM8z36x8nhoS5Ulqrybbsn0qvR9pbydxNk9NFvj7HGiXOA
+6qbMCxu+ta5TIU8zA8Sz+6SmRcFS0ZtZdif9HPd4ALh4M9PyvUI/209HACc6FRY4
+Yl+A6EII5zasC/lQ51IHDJQ97JpLNUHD7yJ84rceGeqBh9VcV1rSpb2EQ4tb7884
+YHdeJ8be3Yw9Tomj0nOCOkbpzRgjrYqOGfnOrclZNODwRrDRJmiaa7pix6EFgech
+PQ6c9hZQB59oRzFVzr/+YK6e7NbbE1Q=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
new file mode 100644
index 000000000..39785d8a4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-cA-FALSE-asserts-keyCertSign.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-cA-FALSE-asserts-keyCertSign
+extension:basicConstraints:,
+extension:keyUsage:digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment,keyAgreement,keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
new file mode 100644
index 000000000..a7e980c85
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3jCCAcigAwIBAgIUC8p0CGJ9TpHnf4VF+SR1JBOadzEwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGWludC1saW1pdGVkLWRlcHRo
+LWludmFsaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IB
+AQBiWZ2hrIIfeEAdXMatxKUw7JVb+YC5WZNiSMBEAxZHvsRrgxNnkruZfgdLvZ6c
+SSwE3ZelLCALkursSkYmJVbOXbMjo0Uxi3T2PPkU2sc7GgkGOeDnJ0EosZuOSi3R
+O95t+bqjHRXNzzdCbYELWiOlx1LwEXvoiBA/Ey/KYaNMflPnFZej9Xf9QMoP3/QF
+IOqP4DABiyz1zQmUDZMSB/63T0MV9QySIXYzumtrWSbxDdgfK7HDy7xYyZDLYchA
+NhkQT0ze6SOkplit4UDIUneK7r82jAkc94I+nyTr36oC4s23/NJh4OS8bUUkZmY+
+rjzdzQQ/Qn8DdAD3jhmvwSjF
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
new file mode 100644
index 000000000..9fdb2a248
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth-invalid.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-limited-depth
+subject:int-limited-depth-invalid
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
new file mode 100644
index 000000000..d8e06a572
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyjCCAbSgAwIBAgIUQ73/9r+OdKC4qNSYd5RxWvXEYiYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1saW1pdGVkLWRlcHRoMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoxMwETAPBgNV
+HRMECDAGAQH/AgEAMAsGCSqGSIb3DQEBCwOCAQEAiBj74DBM3fQRjWjEs5k0+JDi
+8+sL+nzQjRxEULR9KoMPhKbI6htoZIj/Otbtay47Cl95T1QGBz7sJF0mOhM4Ubml
+lJ0BIV4rBxaLAN/3NxLZ1ATJVFAUTnJrA0/AkPPNNjq2RBU/dFlLUhZhXJS800Gx
+SS1OERNSvXMkOq13ZZ1hiVdrUBmilCtS5cxXCeFw2PeKQwWunKmJZjHInrteJHYB
+L5XkEfj4cP2hmQo/ZtviarLFQH/HSd8kfR7/IgPt664znUo7aFUJ5Hki7jNCjxBq
+tdDWPFT+TUWeWWbYzcVOk7PKT/aKLNRF/MEFBQMBH9ygUlMwVovwU7IKZAe/1g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
new file mode 100644
index 000000000..64f54b044
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-limited-depth.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-limited-depth
+extension:basicConstraints:cA,0
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
new file mode 100644
index 000000000..76930d04d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICtTCCAZ+gAwIBAgIUdSMRoahH5nOZT7+cJre+BOvTLh4wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBwxGjAYBgNVBAMMEWludC1uby1leHRlbnNpb25zMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABMAsGCSqGSIb3
+DQEBCwOCAQEAr3GUaY4QbqbKhXNArKMycwIPVYKzOzppwbfwbI5un65xI8e9GSDk
+qDYU6aV6c4ruqAY4Kzs/T/aHmJpTIusL+uUr8BfWVHUef+psJgSuBFKMnNcgTyO6
+XlBn9/PnjTYgy6jfbiXVY8OZe7WAIVhVY0YP9jOaL3f3/GjYVW/iWM5XEhW8LSQ5
+RekRVRwdDvdOXQMQfeWTc6gH6FrtUcxrU6+axA8rzIPE5HuUwE7BCyG/SRI49mXw
+285FxNKrNhX9Hb6O19OqAc4+qI7Tdqtgb6+BXer01tXb079IpzxavZ5VhaskBNpK
+Br1uFqwzrT231bCjBdDuxpPlALZ+EQQG7Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
new file mode 100644
index 000000000..c99626bd5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-extensions.pem.certspec
@@ -0,0 +1,2 @@
+issuer:ca
+subject:int-no-extensions
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
new file mode 100644
index 000000000..53437b1de
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUH0pq51lOBUG6WhqGNAD+IlHKyxswCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBsxGTAXBgNVBAMMEGludC1uby1rdS1uby1la3UwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wk
+e8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0Dgg
+KZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmI
+YXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7fi
+lhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbL
+HCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjEDAOMAwGA1Ud
+EwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBaV/7LFkIry4xDVcci1ssw5D9mfgqR
+6qp1YX+zKsiNVmiCQnBJPrQmGubZptuAKS7QdviBHxtfKm/gMCC2X9fDt9v5DAfp
+UtPeWUc1BCaJyEPtHQwcaCT9WkwxlMzMzJEitoxSo6Hug4xt2Qib8Ou5+inLfVqR
+dsb5rZav6c2SRU0patnr8+WWP6OqWqcwFn6H517KpyRP0XchCPlgbGC2gsmNct4o
+9BWhP2bpjDp9F2xelPgSe5Uo/ti/Q+Y2KrEQElmI6Uxnvj235BhPv0+KDFn/1vqr
+25RQcEoZOV6dYlBIzVP1AzkfXVUW3g5fN6PUdj2RmsktKd7rVfSUvsNw
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..306a218db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-no-eku.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-no-ku-no-eku
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
new file mode 100644
index 000000000..6cd516927
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUTRygOfB3FLI5SJlQo+2t4dEYwkYwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB8xHTAbBgNVBAMMFGludC1uby1rdS1zZXJ2ZXItZWt1MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoy8wLTAM
+BgNVHRMEBTADAQH/MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgkq
+hkiG9w0BAQsDggEBAFnLVXAuHBhxNxmvn1TMA6kLSosQGei12Xd8wA6iuRDrD1qj
+nIZlaIJkZncxDocWo1a2vISQPyNe/dBVGC1HpGGUXSmDswQ5h6P0837buhsW2v9m
+/oYvcZwqjO+qvIpgTCN71QR7aPlvv4kgX/fJ6goGK7IPovcYX0U1LmZGZBIaqoCR
+8rG+orm8Aek+rqfKMV0fhMLFMiRHO/ly/ZZUfcd4M4ObW1l/SB4EKLNU4a3jH/ob
+CHrIu1umvn4SXUJBcEV3a+WLIuGexrLYFzkOV8doA/KAoE4xaArNKJFfCtgzzcRq
+uCqf96q8f5eLo4B5f00+Lqmxj72/8heCTunv/TA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..1482b627c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-no-ku-server-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-no-ku-server-eku
+extension:basicConstraints:cA,
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
new file mode 100644
index 000000000..3be0c2916
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICwjCCAaygAwIBAgIUXw5voQbjEKOz94iKt4vgWrxBWDMwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMBcxFTATBgNVBAMMDGludC1ub3QtYS1jYTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMQMA4wDAYDVR0TBAUw
+AwEBADALBgkqhkiG9w0BAQsDggEBAAcZ3izf+oLdjuYRPuBerrZMZZVacWp0mPgV
+iPBcEiJMnpExTolvwGRR9rUfbGZcoaxkr+vMv1n1X4ORmXQmKEkzbsGykwNJ72x8
+PayxV1lpDkL0LAWL16jaUhbFIu5D8t0AfissJ/0bC+xdKQqZdAlDJaCz5p5247Gw
+Um0vS10JAI2ykVMkZwgOPvV9YYIiZG7voBBlCrY32M9f5fTi75J4DGGCt0VSdkf0
+XAe6kM84BdQ0lDyitV5YaLAfahWKb6VPzcoeuwlLodXa1eoh8WBPQMmpn/eT9bcg
+W2BTrEMf/JpL+r36j5UsSzSNFktq5/RfpnaKX7mhw4IR3T19khw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
new file mode 100644
index 000000000..3161680b1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-not-a-ca.pem.certspec
@@ -0,0 +1,3 @@
+issuer:ca
+subject:int-not-a-ca
+extension:basicConstraints:,
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
new file mode 100644
index 000000000..84cd61105
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1jCCAcCgAwIBAgIUWQyWw8pJuxrZYnP/bZs+HBxFt0swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMB4xHDAaBgNVBAMME2ludC12YWxpZC1rdS1uby1la3UwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVo
+V2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p
+0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKk
+fbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZh
+W7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EI
+TjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgIEMAsGCSqGSIb3DQEBCwOCAQEAaqysdeSM
+/kLPK1LgrOP5GsclIs9Ss0gB+sgSCWxRkrcs6JPxIblQjI0CYkWNVbtS6PSoa2TZ
+aRH3/mLKrdUEWrimZrapDkmwO2RmkS+oHEjxOIL3kla1khKf8IcmZYIS4OKXr+KT
+wJKlh6kjt2o40hMUA/jRVN52HCCIsZiAaYVqyQ9avyDf12zdQP3PBEe9pbwNbKme
+CDi7YtWDBG1uvSGrC6APzzXJe0GY/grLt9qOig6Kb2hmxdKT141ekjDX9Ju9P53J
+tLoQqgH56rMTfJfI87fWVyq0FGpAqdJbE8XnDI1n9S/XoSmDDifYt/GPo7vtGbX3
+KEXKaOqalzDy3w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
new file mode 100644
index 000000000..d7f9b0387
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-no-eku.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int-valid-ku-no-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
new file mode 100644
index 000000000..34818f172
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeOgAwIBAgIUIwJxO+LBUmT20OYpAC6REFDuQ0swCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMCIxIDAeBgNVBAMMF2ludC12YWxpZC1rdS1zZXJ2ZXItZWt1MIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVK
+tOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7N
+Q/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39Zgsr
+sCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxs
+l62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYl
+nauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozww
+OjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwICBDAdBgNVHSUEFjAUBggrBgEFBQcD
+AQYIKwYBBQUHAwIwCwYJKoZIhvcNAQELA4IBAQAP6RTfp/yTGvXtgPj34EZAptB4
+EyMT+ozD9EEKHXvHMfavy+nn21WiCuDzjp7r7bic/H8UEYUo3h+8M11hou7Abu4R
+1PtefBdT9NLndrkSD3XFqpAm+t5EmfXhMxIrYidPcXI1jOEjRCYDND41jZ5wQ41A
+Mlbe9sUAFV/gWFO/HCn1VLE9bzjelLJWMszAgraodyoDBQocUcNcA/E/iiTBofz2
+S6FncJfNFYSdXpfytk4apKpSitg6L+g5ELso6INK5Vo0okNaY8wLxKpCpn3zz3C6
+o6gGidSOdq8Vpdi8X93+JTuW/sNazHnYia3+uP8NxUbsh/zqRVEOOOJU2RQq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
new file mode 100644
index 000000000..84314bfa4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/int-valid-ku-server-eku.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:int-valid-ku-server-eku
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign
+extension:extKeyUsage:serverAuth,clientAuth
diff --git a/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
new file mode 100644
index 000000000..59f5749a2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_intermediate_basic_usage_constraints/moz.build
@@ -0,0 +1,35 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ca.pem',
+#    'ee-int-bad-ku-no-eku.pem',
+#    'ee-int-bad-ku-server-eku.pem',
+#    'ee-int-cA-FALSE-asserts-keyCertSign.pem',
+#    'ee-int-limited-depth.pem',
+#    'ee-int-limited-depth-invalid.pem',
+#    'ee-int-no-extensions.pem',
+#    'ee-int-no-ku-no-eku.pem',
+#    'ee-int-no-ku-server-eku.pem',
+#    'ee-int-not-a-ca.pem',
+#    'ee-int-valid-ku-no-eku.pem',
+#    'ee-int-valid-ku-server-eku.pem',
+#    'int-bad-ku-no-eku.pem',
+#    'int-bad-ku-server-eku.pem',
+#    'int-cA-FALSE-asserts-keyCertSign.pem',
+#    'int-limited-depth.pem',
+#    'int-limited-depth-invalid.pem',
+#    'int-no-extensions.pem',
+#    'int-no-ku-no-eku.pem',
+#    'int-no-ku-server-eku.pem',
+#    'int-not-a-ca.pem',
+#    'int-valid-ku-no-eku.pem',
+#    'int-valid-ku-server-eku.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_js_cert_override_service.js b/security/manager/ssl/tests/unit/test_js_cert_override_service.js
new file mode 100644
index 000000000..d085f0242
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_js_cert_override_service.js
@@ -0,0 +1,56 @@
+/* -*- tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+// This test ensures that nsICertOverrideService can be implemented in JS.
+// It does so by creating and registering a mock implementation that indicates
+// a specific host ("expired.example.com") has a matching override (ERROR_TIME).
+// Connections to that host should succeed.
+
+// Mock implementation of nsICertOverrideService
+const gCertOverrideService = {
+  rememberValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  rememberTemporaryValidityOverrideUsingFingerprint() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  hasMatchingOverride(hostname, port, cert, overrideBits, isTemporary) {
+    Assert.equal(hostname, "expired.example.com",
+                 "hasMatchingOverride: hostname should be expired.example.com");
+    overrideBits.value = Ci.nsICertOverrideService.ERROR_TIME;
+    isTemporary.value = false;
+    return true;
+  },
+
+  getValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  clearValidityOverride() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  isCertUsedForOverrides() {
+    throw Cr.NS_ERROR_NOT_IMPLEMENTED;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsICertOverrideService])
+};
+
+function run_test() {
+  do_get_profile();
+  let certOverrideServiceCID =
+    MockRegistrar.register("@mozilla.org/security/certoverride;1",
+                           gCertOverrideService);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(certOverrideServiceCID);
+  });
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_connection_test("expired.example.com", PRErrorCodeSuccess);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize.js b/security/manager/ssl/tests/unit/test_keysize.js
new file mode 100644
index 000000000..3a8e28e87
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize.js
@@ -0,0 +1,127 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that RSA certs with key sizes below 1024 bits are rejected.
+// Checks that ECC certs using curves other than the NIST P-256, P-384 or P-521
+// curves are rejected.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+/**
+ * Tests a cert chain.
+ *
+ * @param {String} rootKeyType
+ *        The key type of the root certificate, or the name of an elliptic
+ *        curve, as output by the 'openssl ecparam -list_curves' command.
+ * @param {Number} rootKeySize
+ * @param {String} intKeyType
+ * @param {Number} intKeySize
+ * @param {String} eeKeyType
+ * @param {Number} eeKeySize
+ * @param {PRErrorCode} eeExpectedError
+ */
+function checkChain(rootKeyType, rootKeySize, intKeyType, intKeySize,
+                    eeKeyType, eeKeySize, eeExpectedError) {
+  let rootName = "root_" + rootKeyType + "_" + rootKeySize;
+  let intName = "int_" + intKeyType + "_" + intKeySize;
+  let eeName = "ee_" + eeKeyType + "_" + eeKeySize;
+
+  let intFullName = intName + "-" + rootName;
+  let eeFullName = eeName + "-" + intName + "-" + rootName;
+
+  addCertFromFile(certdb, `test_keysize/${rootName}.pem`, "CTu,CTu,CTu");
+  addCertFromFile(certdb, `test_keysize/${intFullName}.pem`, ",,");
+  let eeCert = constructCertFromFile(`test_keysize/${eeFullName}.pem`);
+
+  do_print("cert o=" + eeCert.organization);
+  do_print("cert issuer o=" + eeCert.issuerOrganization);
+  checkCertErrorGeneric(certdb, eeCert, eeExpectedError,
+                        certificateUsageSSLServer);
+}
+
+/**
+ * Tests various RSA chains.
+ *
+ * @param {Number} inadequateKeySize
+ * @param {Number} adequateKeySize
+ */
+function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Chain with certs that have adequate sizes for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             PRErrorCodeSuccess);
+
+  // Chain with a root cert that has an inadequate size for DV
+  checkChain("rsa", inadequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  // Chain with an intermediate cert that has an inadequate size for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", inadequateKeySize,
+             "rsa", adequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+
+  // Chain with an end entity cert that has an inadequate size for DV
+  checkChain("rsa", adequateKeySize,
+             "rsa", adequateKeySize,
+             "rsa", inadequateKeySize,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+}
+
+function checkECCChains() {
+  checkChain("secp256r1", 256,
+             "secp384r1", 384,
+             "secp521r1", 521,
+             PRErrorCodeSuccess);
+  checkChain("secp256r1", 256,
+             "secp224r1", 224,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "secp256r1", 256,
+             "secp224r1", 224,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp224r1", 224,
+             "secp256r1", 256,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "secp256r1", 256,
+             "secp256k1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256k1", 256,
+             "secp256r1", 256,
+             "secp256r1", 256,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+}
+
+function checkCombinationChains() {
+  checkChain("rsa", 2048,
+             "secp256r1", 256,
+             "secp384r1", 384,
+             PRErrorCodeSuccess);
+  checkChain("rsa", 2048,
+             "secp256r1", 256,
+             "secp224r1", 224,
+             SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE);
+  checkChain("secp256r1", 256,
+             "rsa", 1016,
+             "secp256r1", 256,
+             MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE);
+}
+
+function run_test() {
+  checkRSAChains(1016, 1024);
+  checkECCChains();
+  checkCombinationChains();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..020e46819
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAUegAwIBAgIUeW3ngaE/CNhaakp8m4ETFPagv6IwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDE2LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGeMA0GCSqGSIb3DQEBAQUA
+A4GMADCBiAKBgADSm7EvuE/dzSmzpRnLZsQ7jY+L5UW6eThM5mPtA991mRYA65IH
+kNJTDOzlRNuZpx8FiWo+0gcWVTSqmQV+R8R+O8ga2m+h4S43JotQRqVSaPna18y0
+hdgaLhnVDU8LaFSsr2175p2aCDE24Vr6j1PByMhPxgdyed0OVdc2mlvdAgMBAAEw
+CwYJKoZIhvcNAQELA4GBACY8sq6EZJpNutOwEli+1sAFY+TEv/vKOUx0YVWOAPDG
+Fz/E7FlEzWHoCEgUTkloECJcgZnrJgp6at4X/Bpn6eS3aqDgYqCg/Ec1J3/sroiz
+GToe0ts9SsOyb+GEQ1+7AGSDc15AQQ1F6yVSLPtlCTvVy0wGl5hKWESb7LRc//6W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..7b86ef786
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1016-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 000000000..7c36379fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB3DCCAUigAwIBAgIUN5wiZ+RfSwcvb1a7l8ucBCzFcnAwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDI0LWludF9yc2FfMTAxNi1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs
+DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b
+5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB
+MAsGCSqGSIb3DQEBCwOBgAB5LmLQhlHBqC31K1lP4+/DdPMeiYY5lN6sIyEhwHOU
+nRw6AFk6jt2MA6zOVTsK4xcPkRUiB+4hoUrxnwdup2Tv5x594LIl58dDgG6U0+gS
+mMmuOhxkhbdOJZDbHU2OrfS7540M5tPIMWxrG0JsUgQqHryVMxx/B7x+dQaIujjV
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..326d665dc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1016-root_rsa_1024
+issuerKey:rsa1016
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 000000000..6020cf3ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICQjCCAa2gAwIBAgIUD/XcUH+cenVky6AuBp4QqnIEB3QwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDE2MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMBIxEDAOBgNVBAMMB3JzYTEwMjQw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4GBAJZyjN7rSepxVDNQRLWwdmf6McLXL4ihB+ib
+jqCOEHOLEoiB18juTh6bsB+Y5BTHAWWmqBOEcRX88R+ICTuHDbh76Y1yWsFw/4Xi
+is+yTvZkmtNEzEM4GWXRRBq0WuWFWMGAeFOPXNhs1UDYvrcpRd6byjohkFrj0zQc
+LtWo6gR0
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..c44a089ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1016
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1016
+issuerKey:rsa1024
+subject:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..020b749b0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB3TCCAUigAwIBAgIUNzU3VQCyiT+NrgvVMkBnUSgebnYwCwYJKoZIhvcNAQEL
+MCUxIzAhBgNVBAMMGmludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MCIYDzIwMTUx
+MTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDExLzAtBgNVBAMMJmVlX3JzYV8x
+MDI0LWludF9yc2FfMTAyNC1yb290X3JzYV8xMDI0MIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDTqXRAEB66jF35UD5vk161L/6z6+nQ3Fys4m+XPKlMvA2cMdZs
+DAE7zpyC0NSAMo3wX7a815kKUxLdrmFSrW7mHIwb3YZjxovTYiSpiCrnjon1Vt/b
+5vUdphEsv8J8ikkza0Gv23UyG1KySnNE0TSOZGNRpVHHVxzNoLj+NfYadQIDAQAB
+MAsGCSqGSIb3DQEBCwOBgQCUvRKlj6hAjRSMr6KjNfSIiDErCt9lkWT+Xoknz+OW
+VACuTjBO5xOLabaYhGxHDlaDGw6hZOvF29e8cid5eEogNiSBtCgjh34w1mHQ2LVf
+SuG7GFRQLvzOHUQqgzftnVzw/ak+SVgnh9UyzHVv8CR9ljB1jNu7AAFB4s1IXlC7
++w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..a6ee408ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1024-root_rsa_1024
+subject:ee_rsa_1024-int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..18adf9859
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXTCCAQOgAwIBAgIUIY9dtWlq0GcuLIMvwadTnAygONIwCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMjI0cjFfMjI0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwTTAQ
+BgcqhkjOPQIBBgUrgQQAIQM5AARmjXLMpv1qGzVXtTZhBNhECOy2N/COjIa7/4LM
+6I8AZtevY8Mpi6N3NIoSArA7N/1rH/QVqjEeMAoGCCqGSM49BAMCA0gAMEUCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA8WmMKFZiEqHpzhBMF56W
+ohttkzkw5Pim1A3Pg+M+EgQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..87d2f6733
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp224r1_224-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..04b630f61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBZjCCAQ2gAwIBAgIUceEyhHgm6jvAxRjgPB7TZEUD6+cwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyMjRyMV8yMjQtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjs
+tjfwjoyGu/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHjAKBggqhkjOPQQD
+AgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw5gIgSy0oqg4P
+75DkJCciEqnZbDsjC82PJPWEC0VfaspSdcs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..1aadce076
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..b90be0ce3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCCARagAwIBAgIUUwzZV7XszL/aVykB1Ozw35aJd3YwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZrMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+cjFfMjU2MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAENe58conY/veoav5dpm2Lwuu2
+qFQ/0v6tCJ9FznrND6ZDgqlQDEHa13D/1LURv0tJLrEjiADDLE92xzo/MpTnxTAK
+BggqhkjOPQQDAgNHADBEAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctCgApw
+5gIgVFxK6Odv9UpwqHXdT8lB+8UfLtaQlfo2r343SK9X9sI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..ba999e8f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256r1_256
+subject:ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 000000000..024ca3e4c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBpDCCARCgAwIBAgIUabB6dOZPUb0d2XR3LNB3Cd/AuwgwCwYJKoZIhvcNAQEL
+MCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290X3NlY3AyNTZyMV8yNTYwIhgP
+MjAxNTExMjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowOzE5MDcGA1UEAwwwZWVf
+c2VjcDI1NnIxXzI1Ni1pbnRfcnNhXzEwMTYtcm9vdF9zZWNwMjU2cjFfMjU2MFkw
+EwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE4uwFC0I+PPcu
+kj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqmwDALBgkqhkiG
+9w0BAQsDgYAApXG0yYRLpX60cYFkYhTIEc05prxaID/hQeDNxfCqaBpH2SojlDX1
+rud/Iu3siUy4FUQK00Dfl8mYwo88xah/uCQnmmVuC8BAdnYYQ3Qnf+wM3NWeXKW4
+8+uk/PnloAlOXBaNUeUeaq0ohQctWGuutT0oJSeDv3GfkpJJ0dkGTg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..1e2e0a375
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,4 @@
+issuer:int_rsa_1016-root_secp256r1_256
+subject:ee_secp256r1_256-int_rsa_1016-root_secp256r1_256
+issuerKey:rsa1016
+subjectKey:secp256r1
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 000000000..f8e48209c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBazCCARmgAwIBAgIUP9OfNyc0D57T6dGzurRvtWWkKtswCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyMjRyMV8yMjQtcm9vdF9zZWNwMjU2
+cjFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNAADA9Ah0Amjxv8EbbcPJV9S/WmFIc1y28BSBjT5W2S7JS
+VAIcAlACd6sAyqbCmlQSNaKuHGiqQ2yNdWctbBudVg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..bd7bc770c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp224r1_224-root_secp256r1_256
+subject:ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 000000000..907017269
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIULSjU8D5+HqVNW0P/AVRxquSuYOQwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0cjFfMjI0
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjI0
+cjFfMjI0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIhAOOBpYoI2SObZwV+QABdwsb4CKb/p/BUPvBpLZl7qsyq
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..fe7b7f748
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp224r1_224
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 000000000..37060f122
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBczCCARmgAwIBAgIUH1IpzZfvEpF2JmV7KBKHG0jM9HUwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2azFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3AyNTZyMV8yNTYtaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9zZWNwMjU2
+azFfMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET7+7u2Hg+PmxpgpZrIcE
+4uwFC0I+PPcukj8sT3lLRVwqadIzRWw2xBGdBwbgDu3I0ZOQ15kbey0HowTqoEqm
+wDAKBggqhkjOPQQDAgNIADBFAiBcdVGfExFQzV2K3iCjvAYwkf+yc3VfMWTs/ctC
+gApw5gIhALrNUdttA6aKyReemPg5+7blFCdkym+iRE4ZY4r4v7Dj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..aefffd981
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_secp256k1_256
+subject:ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..c2d227243
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBhjCCASygAwIBAgIUTXVKaNjXdPHww35r4Jei7lctp3kwCgYIKoZIzj0EAwIw
+KjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9vdF9yc2FfMjA0ODAiGA8y
+MDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjA7MTkwNwYDVQQDDDBlZV9z
+ZWNwMzg0cjFfMzg0LWludF9zZWNwMjU2cjFfMjU2LXJvb3RfcnNhXzIwNDgwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAShaHJDNitcexiJ83kVRhWhxz+0je6GPgIpFdtg
+jiUt5LcTLajOmOgxU05qnAwLCcjWOa3oMgbluoE0c6EfozDgXajJbkOD/ieHPalx
+A74oiM/wAvBa9xof3cyDdKpuqc4wCgYIKoZIzj0EAwIDSAAwRQIgXHVRnxMRUM1d
+it4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQCRU+DcUMuYV2efLWpgVoL6JAEeudGB
+jHb72NkQZb/BNg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..615818d08
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp256r1_256-root_rsa_2048
+subject:ee_secp384r1_384-int_secp256r1_256-root_rsa_2048
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 000000000..5f5416365
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAVygAwIBAgIUEcVF5BYUztPG7i0t9PxIGg6o6dwwCgYIKoZIzj0EAwIw
+LzEtMCsGA1UEAwwkaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2cjFfMjU2
+MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMEAxPjA8BgNVBAMM
+NWVlX3NlY3A1MjFyMV81MjEtaW50X3NlY3AzODRyMV8zODQtcm9vdF9zZWNwMjU2
+cjFfMjU2MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBTNycrMR5QQlrycxmdS7C
+f1l3NPpmxit5L4jFGdbTfw0W6hxIOhgnoBC5Eo46CAcMoz719Xg1t8G6JR9sw1Id
+xCsBBlNFGYG0RdND7tN4KjXWz/D/SE9aiD0gnxuQQrcmcDVosvMm4YuDO92KoHND
+krzRlQHhDWmKefU+EeCiK90qrZAwCgYIKoZIzj0EAwIDaAAwZQIxAO0GJz6haDpU
+tNgaQ3SESJY85j6+gRcD7Nc9cvCiVAZZ1OxFRuhW515lVbeTqfcA8wIwSn3QMxb0
+JD+pr9shd7R0F9hefLnHrygMF241qnEEwG0NqwPoe2gdQMFv/B7QntvX
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..b2ae9d0c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,5 @@
+issuer:int_secp384r1_384-root_secp256r1_256
+subject:ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256
+issuerKey:secp384r1
+subjectKey:secp521r1
+signature:ecdsaWithSHA256
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
new file mode 100644
index 000000000..4e3b0d034
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4jCCAU2gAwIBAgIUZwdE3TaQiMsy82qMqZoGP6z0CwwwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDE2LXJvb3RfcnNh
+XzEwMjQwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4T93NKbOlGctm
+xDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7SBxZVNKqZBX5H
+xH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvmnZoIMTbhWvqP
+U8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8E
+BAMCAQYwCwYJKoZIhvcNAQELA4GBAGHDJkpCPHfVaQBBRoNWB4xLqnatAEx00jlS
+APUs7bJ6YFjrGElxTmtac5zB6+NpaEZL5JhUEPSEz/V3g0vaO+/W84pDiLQZgf+R
+ZwG0KmxFOfetZCIKPvue/f+aWaU+SHV9ioPz647iDYJOvEBHfWj7Iz7cjw4y7bUN
+cBOGkoOc
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..c6e77116b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1016-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
new file mode 100644
index 000000000..261ca6448
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBrzCCAVagAwIBAgIUExAlIjL69OL4W35uYWfbpzZ207YwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCoxKDAmBgNVBAMMH2ludF9yc2FfMTAxNi1yb290
+X3NlY3AyNTZyMV8yNTYwgZ4wDQYJKoZIhvcNAQEBBQADgYwAMIGIAoGAANKbsS+4
+T93NKbOlGctmxDuNj4vlRbp5OEzmY+0D33WZFgDrkgeQ0lMM7OVE25mnHwWJaj7S
+BxZVNKqZBX5HxH47yBrab6HhLjcmi1BGpVJo+drXzLSF2BouGdUNTwtoVKyvbXvm
+nZoIMTbhWvqPU8HIyE/GB3J53Q5V1zaaW90CAwEAAaMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDRwAwRAIgXHVRnxMRUM1dit4go7wG
+MJH/snN1XzFk7P3LQoAKcOYCIDmD30j813c64HuW9WnjhZWMPRLqIiAMD+u9hWOm
+17If
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..27728ca37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1016-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_rsa_1016-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:rsa1016
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
new file mode 100644
index 000000000..eff1ee721
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4jCCAU6gAwIBAgIUeTtd4gq+pnMumaH8M1hJb7WxuRAwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh
+XzEwMTYwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T
+XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt
+buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR
+NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMAsGCSqGSIb3DQEBCwOBgACvCVg2KCtiE/g+PkXU3bn7mj4hGwOxH+2P
+NnyhAnlx3kEEEJIHaCIS3s56wiWtwf0P4DG1qHn+IZR6zbZ+0ALzZneREtGvLCNI
+M7+GCoOmkPWbR4I+2wYpBgRtHDeK06EWbrSQF9V+P+Z9hXW7NJ/npxD40+fs27Ot
+hjVyw0ex
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..fafb393bf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:int_rsa_1024-root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
new file mode 100644
index 000000000..3c6264488
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB4zCCAU6gAwIBAgIUKd2Q3DzwYKrXasi5yQdWvgSatdgwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowJTEjMCEGA1UEAwwaaW50X3JzYV8xMDI0LXJvb3RfcnNh
+XzEwMjQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANOpdEAQHrqMXflQPm+T
+XrUv/rPr6dDcXKzib5c8qUy8DZwx1mwMATvOnILQ1IAyjfBftrzXmQpTEt2uYVKt
+buYcjBvdhmPGi9NiJKmIKueOifVW39vm9R2mESy/wnyKSTNrQa/bdTIbUrJKc0TR
+NI5kY1GlUcdXHM2guP419hp1AgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0P
+BAQDAgEGMAsGCSqGSIb3DQEBCwOBgQBpJC20/N+v3Xb66ZpiGiwrh2zAo940Fvmo
+UXPG5+jwTCSowU8aDXGq+PeHsu+X58NTigSU37zhu4xOATCL06w71FnJTfVFseF1
+FUnYPQahSARRlMGyz3AfcTcexTqiJCIn7Owvsjj9eEUKiMnwOY5z+vc11g3pW2Q4
+ALoRuo9ETg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..66891f979
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_rsa_1024-root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:int_rsa_1024-root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
new file mode 100644
index 000000000..cfd1fc33a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBYzCCAQmgAwIBAgIUMfmdT1oaX8JMXd4bb7glStZfa0AwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjI0cjFfMjI0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBNMBAGByqGSM49AgEGBSuBBAAhAzkABGaNcsym
+/WobNVe1NmEE2EQI7LY38I6Mhrv/gszojwBm169jwymLo3c0ihICsDs3/Wsf9BWq
+MR6jHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gA
+MEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEAv+3koyIlSx0a
+SY0agquE0R53+/Q+kNJwlvdfEMNYjs4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..89d77d3b8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp224r1_224-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp224r1_224-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
new file mode 100644
index 000000000..5cda1057d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAQygAwIBAgIUUyCpJPo1OBfUzS63URCB8jij4wYwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowKjEoMCYGA1UEAwwfaW50X3NlY3AyNTZyMV8yNTYtcm9v
+dF9yc2FfMjA0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYK
+WayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME
+6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEB
+CwOCAQEAQFZl1Ogt4U76JlyY3Iuw3xKnOUyU+Mmt1oD+WXuHuwuxBbd29n0at+Qi
+wOomkgbbudIiVF+X+AXb/PKXmQhUqQxQzROt77cU8JV7upVf0NaN26rrwLgoGFI0
+ipmxbzev2nMrJMkzH2cAEXKCE92VPaQGsuLR0SlGFsHTDRPk5bNI8RL5CxPjw0VA
+89wLF+DB1yqtuWIuqvgIG38BQCnRyZiql9eH+EQtonPm+L+PAa5MJAHNF+C7vHEN
+TB6gjO2J6Pt6tt50ByikmTjQcIMLkG6Y63XUpNZYMToUSnd+BvcuJDY1nDHv2BG2
+l1s7rOMeHUKiDjhKnhiyOBemiwjomQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..44a65ef5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_rsa_2048.pem.certspec
@@ -0,0 +1,5 @@
+issuer:root_rsa_2048
+subject:int_secp256r1_256-root_rsa_2048
+subjectKey:secp256r1
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
new file mode 100644
index 000000000..2d04da2e0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBaDCCARWgAwIBAgIUFW655tKQ8N76G2Fs4e+yyy9HSu0wCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDIyNHIxXzIyNDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0EAMD4CHQCaPG/wRttw8lX1L9aYUhzXLbwFIGNPlbZLslJUAh0A
+sdRLm9WH7E0AswZO3oBFsoiZgtUXKojJjBOlhQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..66ebc1b93
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:int_secp256r1_256-root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
new file mode 100644
index 000000000..dba78878f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbjCCARWgAwIBAgIUYTlSrggMzCP6DVELNF4gN3/2PagwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NmsxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0cAMEQCIGNZAgGJ1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0k
+AiBNdBxpWObwfdKgHCLH8gHgQEBLLT5lpWwSlvTGnjknKQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..c7e190ab0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:int_secp256r1_256-root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
new file mode 100644
index 000000000..b415487ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBbzCCARWgAwIBAgIUZ1LG/akVEjMI75EV2IrvSQz2ONgwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMjU2cjFfMjU2
+LXJvb3Rfc2VjcDI1NnIxXzI1NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/
+u7th4Pj5saYKWayHBOLsBQtCPjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGT
+kNeZG3stB6ME6qBKpsCjHTAbMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoG
+CCqGSM49BAMCA0gAMEUCIFx1UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDm
+AiEA3SQoQJXCBse68NgRuB1mVoMTEJOAe+qrkoRGsx5dNDY=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..6854d2187
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp256r1_256-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp256r1_256-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
new file mode 100644
index 000000000..c2958dc6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBjDCCATKgAwIBAgIURykYBB7pd62OS//UuN+CSn+WSwwwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMC8xLTArBgNVBAMMJGludF9zZWNwMzg0cjFfMzg0
+LXJvb3Rfc2VjcDI1NnIxXzI1NjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKFockM2
+K1x7GInzeRVGFaHHP7SN7oY+AikV22COJS3ktxMtqM6Y6DFTTmqcDAsJyNY5regy
+BuW6gTRzoR+jMOBdqMluQ4P+J4c9qXEDviiIz/AC8Fr3Gh/dzIN0qm6pzqMdMBsw
+DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIgXHVR
+nxMRUM1dit4go7wGMJH/snN1XzFk7P3LQoAKcOYCIQDQJQ6/wj2o6teiKvbzgn63
+QDv+vT1n/+9GOhIWeo1FSw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..de8e85198
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/int_secp384r1_384-root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:int_secp384r1_384-root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp384r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/moz.build b/security/manager/ssl/tests/unit/test_keysize/moz.build
new file mode 100644
index 000000000..a69bf43a9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/moz.build
@@ -0,0 +1,41 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ee_rsa_1016-int_rsa_1024-root_rsa_1024.pem',
+#    'ee_rsa_1024-int_rsa_1016-root_rsa_1024.pem',
+#    'ee_rsa_1024-int_rsa_1024-root_rsa_1016.pem',
+#    'ee_rsa_1024-int_rsa_1024-root_rsa_1024.pem',
+#    'ee_secp224r1_224-int_secp256r1_256-root_rsa_2048.pem',
+#    'ee_secp224r1_224-int_secp256r1_256-root_secp256r1_256.pem',
+#    'ee_secp256k1_256-int_secp256r1_256-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_rsa_1016-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_secp224r1_224-root_secp256r1_256.pem',
+#    'ee_secp256r1_256-int_secp256r1_256-root_secp224r1_224.pem',
+#    'ee_secp256r1_256-int_secp256r1_256-root_secp256k1_256.pem',
+#    'ee_secp384r1_384-int_secp256r1_256-root_rsa_2048.pem',
+#    'ee_secp521r1_521-int_secp384r1_384-root_secp256r1_256.pem',
+#    'int_rsa_1016-root_rsa_1024.pem',
+#    'int_rsa_1016-root_secp256r1_256.pem',
+#    'int_rsa_1024-root_rsa_1016.pem',
+#    'int_rsa_1024-root_rsa_1024.pem',
+#    'int_secp224r1_224-root_secp256r1_256.pem',
+#    'int_secp256r1_256-root_rsa_2048.pem',
+#    'int_secp256r1_256-root_secp224r1_224.pem',
+#    'int_secp256r1_256-root_secp256k1_256.pem',
+#    'int_secp256r1_256-root_secp256r1_256.pem',
+#    'int_secp384r1_384-root_secp256r1_256.pem',
+#    'root_rsa_1016.pem',
+#    'root_rsa_1024.pem',
+#    'root_rsa_2048.pem',
+#    'root_secp224r1_224.pem',
+#    'root_secp256k1_256.pem',
+#    'root_secp256r1_256.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
new file mode 100644
index 000000000..0a72087f1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1DCCAUCgAwIBAgIUM7Lg6QmOdkt261MCbyFKi45pe74wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMTYwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAxNjCBnjANBgkq
+hkiG9w0BAQEFAAOBjAAwgYgCgYAA0puxL7hP3c0ps6UZy2bEO42Pi+VFunk4TOZj
+7QPfdZkWAOuSB5DSUwzs5UTbmacfBYlqPtIHFlU0qpkFfkfEfjvIGtpvoeEuNyaL
+UEalUmj52tfMtIXYGi4Z1Q1PC2hUrK9te+admggxNuFa+o9TwcjIT8YHcnndDlXX
+Nppb3QIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG
+9w0BAQsDgYAAg+CxStL2zK/003mV+gzN6dSgozHCdJyVQLN9LbsqvAHu/Ker02zl
+Ngsq7TZmpCKfa2VYRpNJbzW0095UGnD/qVS876pNzQPmUlg5QVWda6y2esKwksxO
+7yEShApyGMgxL4VEkCNxz40+NfU2falPeXtjkZU6CuOTWSU/cWRs1w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
new file mode 100644
index 000000000..b0b5ba8e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1016.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1016
+subject:root_rsa_1016
+issuerKey:rsa1016
+subjectKey:rsa1016
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
new file mode 100644
index 000000000..4057c0d02
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAUGgAwIBAgIUN4fAqdmb7z7NLWF0XiUi1tHIHQ0wCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzEwMjQwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMTAyNDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA06l0QBAeuoxd+VA+b5NetS/+s+vp0NxcrOJv
+lzypTLwNnDHWbAwBO86cgtDUgDKN8F+2vNeZClMS3a5hUq1u5hyMG92GY8aL02Ik
+qYgq546J9Vbf2+b1HaYRLL/CfIpJM2tBr9t1MhtSskpzRNE0jmRjUaVRx1cczaC4
+/jX2GnUCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZI
+hvcNAQELA4GBABaze8o5xyNFgdXvK0pFIj+ZfG634ATqddoE7x1C89M3Mh4j5nJv
+/zuKwz1NS4uty584WWCODuu1iAqwKYeOmg2aejN3k/cVWMEqmRG5DRL9CdYs8/Jt
+eFS05lsRzHVRq9m7nEOgv5Xhbn5egMwGxEjmI0Bu/o1YJ/2hxrhXit5W
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
new file mode 100644
index 000000000..09cd420f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_1024.pem.certspec
@@ -0,0 +1,6 @@
+issuer:root_rsa_1024
+subject:root_rsa_1024
+issuerKey:rsa1024
+subjectKey:rsa1024
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
new file mode 100644
index 000000000..f08030ecc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUL9RaZAoENJalu9ROFdxp+1zeK3wwCwYJKoZIhvcNAQEL
+MBgxFjAUBgNVBAMMDXJvb3RfcnNhXzIwNDgwIhgPMjAxNTExMjgwMDAwMDBaGA8y
+MDE4MDIwNTAwMDAwMFowGDEWMBQGA1UEAwwNcm9vdF9yc2FfMjA0ODCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQAG
+/Ky5Qkbd1EjvW6h/wvxOP5jj5FQiN4c+kxP5IpiXZr2YyjZIVRShExNfzpCmLuPq
+rkaY/IZVHT32bwW87BudscCL9lTqZbsDXayEh2KuWDbw/+FfXd+KpKWi6jweyjyW
+159Im2POWzi9XyKtwY6GdVKhsrL5LwCO9nhNBwVoQ+2WiFvc5eggNPl7WTbywgV3
+eDfDVN+3NVAoDw6tcTkFYbmjJpF3w+c839wtiIJEvQ6okv5cZOLF4pW+3PoYAEaI
+jVfGtGF8QnzSBeetTliQcCy0Ce/mVZ+N0+bYeHrTm4Bm5YySszKs+1vxdzm9+fH3
+jZ6//NQm+C+GVbNGj8Nm
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
new file mode 100644
index 000000000..cebc2f8e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_rsa_2048.pem.certspec
@@ -0,0 +1,4 @@
+issuer:root_rsa_2048
+subject:root_rsa_2048
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
new file mode 100644
index 000000000..afc387bf1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBSDCB96ADAgECAhQJ0gm/8w+13dcPEBRcKlEAdi1aKjAKBggqhkjOPQQDAjAd
+MRswGQYDVQQDDBJyb290X3NlY3AyMjRyMV8yMjQwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowHTEbMBkGA1UEAwwScm9vdF9zZWNwMjI0cjFfMjI0
+ME0wEAYHKoZIzj0CAQYFK4EEACEDOQAEZo1yzKb9ahs1V7U2YQTYRAjstjfwjoyG
+u/+CzOiPAGbXr2PDKYujdzSKEgKwOzf9ax/0FaoxHqMdMBswDAYDVR0TBAUwAwEB
+/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDQAAwPQIdAJo8b/BG23DyVfUv1phS
+HNctvAUgY0+VtkuyUlQCHFuyUCiwjmlUwEFrlJJcS0k4ErhiiH2J96FdTCw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
new file mode 100644
index 000000000..31370f6f7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp224r1_224.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp224r1_224
+subject:root_secp224r1_224
+issuerKey:secp224r1
+subjectKey:secp224r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
new file mode 100644
index 000000000..19cbdc712
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBWTCCAQCgAwIBAgIUDZ1MSO282sT4cTPmUNrRED65xiAwCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2azFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NmsxXzI1
+NjBWMBAGByqGSM49AgEGBSuBBAAKA0IABDXufHKJ2P73qGr+XaZti8LrtqhUP9L+
+rQifRc56zQ+mQ4KpUAxB2tdw/9S1Eb9LSS6xI4gAwyxPdsc6PzKU58WjHTAbMAwG
+A1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIGNZAgGJ
+1z5b/9EWTuPiCuBK2HWvd1yTYLoQH5fdJy0kAiBbbODJAli2zU6pkhPi4lq9+jKA
+l32sv96VWrOsyrAFjg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
new file mode 100644
index 000000000..c78aa61bb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256k1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256k1_256
+subject:root_secp256k1_256
+issuerKey:secp256k1
+subjectKey:secp256k1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
new file mode 100644
index 000000000..2417685dd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBXTCCAQOgAwIBAgIUHe1Ak9B5RX1dDhygSBpPrhZ9JEowCgYIKoZIzj0EAwIw
+HTEbMBkGA1UEAwwScm9vdF9zZWNwMjU2cjFfMjU2MCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMB0xGzAZBgNVBAMMEnJvb3Rfc2VjcDI1NnIxXzI1
+NjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE+/u7th4Pj5saYKWayHBOLsBQtC
+Pjz3LpI/LE95S0VcKmnSM0VsNsQRnQcG4A7tyNGTkNeZG3stB6ME6qBKpsCjHTAb
+MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gAMEUCIFx1
+UZ8TEVDNXYreIKO8BjCR/7JzdV8xZOz9y0KACnDmAiEA/cwfybIBowGnPXI58HEd
+4kEWa8IF3nFuEFBja30LxhI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
new file mode 100644
index 000000000..4447fc4b4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize/root_secp256r1_256.pem.certspec
@@ -0,0 +1,7 @@
+issuer:root_secp256r1_256
+subject:root_secp256r1_256
+issuerKey:secp256r1
+subjectKey:secp256r1
+signature:ecdsaWithSHA256
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev.js b/security/manager/ssl/tests/unit/test_keysize_ev.js
new file mode 100644
index 000000000..b6b4ccade
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev.js
@@ -0,0 +1,146 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that RSA certs with key sizes below 2048 bits when verifying for EV
+// are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_keysize_ev/",
+                            expectedCertNames, expectedPaths);
+}
+
+function loadCert(certName, trustString) {
+  let certFilename = "test_keysize_ev/" + certName + ".pem";
+  addCertFromFile(certDB, certFilename, trustString);
+  return constructCertFromFile(certFilename);
+}
+
+/**
+ * Adds a single EV key size test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {String} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_keysize_ev/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {String} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {Boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+function addKeySizeTestForEV(expectedNamesForOCSP,
+                             rootCertFileName, intCertFileNames,
+                             endEntityCertFileName, expectedResult)
+{
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+    loadCert(rootCertFileName, "CTu,CTu,CTu");
+    for (let intCertFileName of intCertFileNames) {
+      loadCert(intCertFileName, ",,");
+    }
+    checkEVStatus(
+      certDB,
+      constructCertFromFile(`test_keysize_ev/${endEntityCertFileName}.pem`),
+      certificateUsageSSLServer,
+      expectedResult);
+
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+/**
+ * For debug builds which have the test EV roots compiled in, checks RSA chains
+ * which contain certs with key sizes adequate for EV are validated as such,
+ * while chains that contain any cert with an inadequate key size fail EV and
+ * validate as DV.
+ * For opt builds which don't have the test EV roots compiled in, checks that
+ * none of the chains validate as EV.
+ *
+ * Note: This function assumes that the key size requirements for EV are greater
+ * than the requirements for DV.
+ *
+ * @param {Number} inadequateKeySize
+ *        The inadequate key size of the generated certs.
+ * @param {Number} adequateKeySize
+ *        The adequate key size of the generated certs.
+ */
+function checkRSAChains(inadequateKeySize, adequateKeySize) {
+  // Reuse the existing test RSA EV root
+  let rootOKCertFileName = "../test_ev_certs/evroot";
+  let rootOKName = "evroot";
+  let rootNotOKName = "ev_root_rsa_" + inadequateKeySize;
+  let intOKName = "ev_int_rsa_" + adequateKeySize;
+  let intNotOKName = "ev_int_rsa_" + inadequateKeySize;
+  let eeOKName = "ev_ee_rsa_" + adequateKeySize;
+  let eeNotOKName = "ev_ee_rsa_" + inadequateKeySize;
+
+  // Chain with certs that have adequate sizes for EV and DV
+  // In opt builds, this chain is only validated for DV. Hence, an OCSP fetch
+  // will for example not be done for the "ev_int_rsa_2048-evroot" intermediate
+  // in such a build.
+  let intFullName = intOKName + "-" + rootOKName;
+  let eeFullName = eeOKName + "-" + intOKName + "-" + rootOKName;
+  let expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, gEVExpected);
+
+  // Chain with a root cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootNotOKName;
+  eeFullName = eeOKName + "-" + intOKName + "-" + rootNotOKName;
+  expectedNamesForOCSP = [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootNotOKName,
+                      [ intFullName ], eeFullName, false);
+
+  // Chain with an intermediate cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intNotOKName + "-" + rootOKName;
+  eeFullName = eeOKName + "-" + intNotOKName + "-" + rootOKName;
+  expectedNamesForOCSP = [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, false);
+
+  // Chain with an end entity cert that has an inadequate size for EV, but
+  // adequate size for DV
+  intFullName = intOKName + "-" + rootOKName;
+  eeFullName = eeNotOKName + "-" + intOKName + "-" + rootOKName;
+  expectedNamesForOCSP = gEVExpected
+                       ? [ intFullName,
+                           eeFullName ]
+                       : [ eeFullName ];
+  addKeySizeTestForEV(expectedNamesForOCSP, rootOKCertFileName,
+                      [ intFullName ], eeFullName, false);
+}
+
+function run_test() {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  let smallKeyEVRoot =
+    constructCertFromFile("test_keysize_ev/ev_root_rsa_2040.pem");
+  equal(smallKeyEVRoot.sha256Fingerprint,
+        "49:46:10:F4:F5:B1:96:E7:FB:FA:4D:A6:34:03:D0:99:" +
+        "22:D4:77:20:3F:84:E0:DF:1C:AD:B4:C2:76:BB:63:24",
+        "test sanity check: the small-key EV root must have the same " +
+        "fingerprint as the corresponding entry in ExtendedValidation.cpp");
+
+  checkRSAChains(2040, 2048);
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..1e231157c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAk2gAwIBAgIUYWcJYs/7lzpBLFqmhT8F7LPbOLAwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDAtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASEwDQYJKoZIhvcNAQEBBQADggEO
+ADCCAQkCggEAALrAZS/fvABViC/7rqzuyI+i0IPCl91dQGZN09kPUvmqAr2KUPuh
+bg/ZkYeO9HX5s1DZ+OPrKr1xfOMnsJeIUx8T344+TjudYWu4pB5TBu7SRyFjFhBR
+GAEnak62bwczG1y8i8rnAWqPmz1PKsRVPGJM9SY7yzSOiEDeZhKHCWCnkhkbE4+y
+F/dlzse/+OlPFrOUGb91BMWafk95vW0XPpx789nSpOc8wYCwWQpz1YT7f8m1T6VE
+YH5T/GhcelX9RKgdQUK2r1Hqb6bOpSlloujF2E88oCTW+7mwBbllHOXZ8uz0DtQE
+mBqf/AJjbjEbCVxjMqDIfcOScbVVFIF3SwIDAQABo4GEMIGBMF4GCCsGAQUFBwEB
+BFIwUDBOBggrBgEFBQcwAYZCaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2
+X2VlX3JzYV8yMDQwLWV2X2ludF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYw
+FAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEACeVAAm2UDFMG
+vuYyPdPhGr7DBIAbk2RHE+k/KKZvOC2AgK1USid4/lOdFVcFijDS46t97otxVYvA
+NDuPj/O3uYf+Gjw4rATdiA6YTXtumOfC2nwhJ9zBSFsDLEajynStYcUtJClentys
+b08EGO3cUr40aWMXZMIG4mjZhQgfTu6TJ9OlDwzexb0/L2AF8PyEd8wrO1RUTU2e
+Tb3/d15AgDccaBfrEg72Mb7oDGr/QIdTgqdtLqMF9BTQRat3O6J4LRf2UMpot9Pr
+j4eKG/93p+TymG6SdosjWavD5EQngZ7ihayl9xPZ7nAnPfLI43KNqVHDALxT8ROA
+HNBIjUe9pw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..e64c651bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2040-ev_int_rsa_2048-evroot
+subjectKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2040-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
new file mode 100644
index 000000000..4c66b2252
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYzCCAk6gAwIBAgIUX1WnK44zi+RzvEojjYi3bcyvC34wCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0MC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDgtZXZfaW50X3JzYV8yMDQwLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB
+AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l
+dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDAtZXZyb290LzAfBgNVHSAEGDAW
+MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEAAErvI4rRV3Xf
+3NzWWiiryrNpibL3bYmzXsF3+jZWBobx21Qrck7nGeHAuZ7M90Aw9HdPxlIOnwNA
+jHv141zXE2vntVhKUTgS4TLou8+7A5Al8azWMAj9M7fqtx1Y9b4j+NK26KEOHSF0
+8MtxEYaiQfAOZEA3m0Z60w0XyQ4ULZKUEVJkrwY7sJUSzExd2dyFVQDM5uZXN/0n
+ZyGAWIj57xwxf4aXgR4y6WgBf7AZqTFc4F/YUzH9HlpRSD0uWolUB4dqNuZ2ApXZ
+arj4rqV/4Pub9IAi0AmzWDZxGkQk3E4BGHkk6unVniuQlnCMNIn/uKj2PqetX9nx
+k+dj1HE2ig==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 000000000..0b7bfd426
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_rsa_2040-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2040-evroot
+issuerKey:rsa2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 000000000..3b579102a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAmygAwIBAgIUa/PALQU+SWg3PCw8ajeVDsqyk+IwCwYJKoZIhvcNAQEL
+MCsxKTAnBgNVBAMMIGV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMCIY
+DzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAwMDBaMDoxODA2BgNVBAMML2V2
+X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0OC1ldl9yb290X3JzYV8yMDQwMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08
+E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc
+1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAP
+DY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQ
+gAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqV
+YR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQID
+AQABo4GOMIGLMGgGCCsGAQUFBwEBBFwwWjBYBggrBgEFBQcwAYZMaHR0cDovL3d3
+dy5leGFtcGxlLmNvbTo4ODg4L2V2X2VlX3JzYV8yMDQ4LWV2X2ludF9yc2FfMjA0
+OC1ldl9yb290X3JzYV8yMDQwLzAfBgNVHSAEGDAWMBQGEisGAQQB60mFGoUahRoB
+g3QJATALBgkqhkiG9w0BAQsDggEBAIol9cdHyFph1UFZIuQTdAgBr5GGyZP/9cHt
+ffmjqSz4TIlZPN4+FC+yh+wC/KeZiFDWuyGtdnfADkbbuG0hzSppx8EcctiKUbwE
+VnEgmX+P0nQGsdpPek8WgjZriAHJGdlFN4wJfECBgSa7SL8uwvY5VrI/4BQTRXq1
+b4fzHEZtJX5pPwoQSfHmjD6uMSK/FwTCSWNCIcA+tfwc7V31jmuc3Nz+gg5QMJFc
+5vzei1jgc0o4FxoFJhKbNQzgOMMOFdrercVcdM5HkEdlkoEo3Ae9hidP9DnHUoFZ
+lz9iVgvQiFoEYqa1Z1OFxmIGnzbwCCAq727elUxDZB3fnBeZeWc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..a36acf887
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-ev_root_rsa_2040
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..47d86baf5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZDCCAk6gAwIBAgIUNQdpgL87vkOZHNiFDZ66Q1FTBqMwCwYJKoZIhvcNAQEL
+MCExHzAdBgNVBAMMFmV2X2ludF9yc2FfMjA0OC1ldnJvb3QwIhgPMjAxNTExMjgw
+MDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowMDEuMCwGA1UEAwwlZXZfZWVfcnNhXzIw
+NDgtZXZfaW50X3JzYV8yMDQ4LWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhDCBgTBeBggrBgEFBQcB
+AQRSMFAwTgYIKwYBBQUHMAGGQmh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9l
+dl9lZV9yc2FfMjA0OC1ldl9pbnRfcnNhXzIwNDgtZXZyb290LzAfBgNVHSAEGDAW
+MBQGEisGAQQB60mFGoUahRoBg3QJATALBgkqhkiG9w0BAQsDggEBAH9rJ2oLLQfB
+e2pBzFw73x5QvhVbNl3O9gFTov/97zU8mfpdKoBjcf32d8/AvJ8qzCLve+4zlT5i
+6ZNwyxZpjb/dJpgZ35dbV9+qXI14m1604r4gcmpQjLDpjgAUUI15EvBkPmCmfVP2
+biIHTPGZZrcqjVh6uCs7UdBM/WtHC8Tn+cmUJZzj5kpmK0hNk26BsW+vsXXwias5
+SxR0oW1hKA4sCoqs9VByyMujiVjVivc1HzINRtiHYdQVlEPrUsYoKFh2zYS6oi6K
+wiFOzv6cLFv2j2TwBI8tD1LXjUBJA/fq8Q/8AOwZ/KUgjhz9ifV1d/FRKBqLT0Vs
+l/RXjR75s38=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..0b34be6db
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ev_int_rsa_2048-evroot
+subject:ev_ee_rsa_2048-ev_int_rsa_2048-evroot
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_rsa_2048-ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
new file mode 100644
index 000000000..db935fd24
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAjqgAwIBAgIUdSW9+f5SZzr700VP9vbhznUgRHMwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDAtZXZyb290MIIBITAN
+BgkqhkiG9w0BAQEFAAOCAQ4AMIIBCQKCAQAAusBlL9+8AFWIL/uurO7Ij6LQg8KX
+3V1AZk3T2Q9S+aoCvYpQ+6FuD9mRh470dfmzUNn44+sqvXF84yewl4hTHxPfjj5O
+O51ha7ikHlMG7tJHIWMWEFEYASdqTrZvBzMbXLyLyucBao+bPU8qxFU8Ykz1JjvL
+NI6IQN5mEocJYKeSGRsTj7IX92XOx7/46U8Ws5QZv3UExZp+T3m9bRc+nHvz2dKk
+5zzBgLBZCnPVhPt/ybVPpURgflP8aFx6Vf1EqB1BQravUepvps6lKWWi6MXYTzyg
+JNb7ubAFuWUc5dny7PQO1ASYGp/8AmNuMRsJXGMyoMh9w5JxtVUUgXdLAgMBAAGj
+gZAwgY0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwTwYIKwYBBQUHAQEEQzBB
+MD8GCCsGAQUFBzABhjNodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvZXZfaW50
+X3JzYV8yMDQwLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUaAYN0
+CQEwCwYJKoZIhvcNAQELA4IBAQAdKlRgP4yJ9q9zCdpE//xy6P9GnaT+yrmoM7CA
++sF9Jao0iM5EaF/VVYKg6sM/sBeG+RGgkIp7A3DfLXXR83a6EyXrhSLiEKOWi5xe
+WY2Q/CaRd4U05p5fvFsL88hY/Wvlj/mcCNLQ2GUYsdR/OL0XK1jHVTixGxRzRsN9
+mI+6rnA8swDZ2FTNLZ3DheNxsaIDYAZwpOaRLh6NTgbP0e0t3RvzV1dKvbXRv7QI
+HXV4KOdKAl5QMI43M4UhxSSszURZDxNRqlcyaVeNAenaiN3SiSng7HwVmb/jlpvp
+eEoXyl/+TEZebH2yniK/lzfVr3rcXm8own5V6ZHu/jucdZFT
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
new file mode 100644
index 000000000..80be71174
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_rsa_2040-evroot
+issuerKey:ev
+subjectKey:rsa2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2040-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
new file mode 100644
index 000000000..e9010b691
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEtwIBADANBgkqhkiG9w0BAQEFAASCBKEwggSdAgEAAoIBAAC6wGUv37wAVYgv
++66s7siPotCDwpfdXUBmTdPZD1L5qgK9ilD7oW4P2ZGHjvR1+bNQ2fjj6yq9cXzj
+J7CXiFMfE9+OPk47nWFruKQeUwbu0kchYxYQURgBJ2pOtm8HMxtcvIvK5wFqj5s9
+TyrEVTxiTPUmO8s0johA3mYShwlgp5IZGxOPshf3Zc7Hv/jpTxazlBm/dQTFmn5P
+eb1tFz6ce/PZ0qTnPMGAsFkKc9WE+3/JtU+lRGB+U/xoXHpV/USoHUFCtq9R6m+m
+zqUpZaLoxdhPPKAk1vu5sAW5ZRzl2fLs9A7UBJgan/wCY24xGwlcYzKgyH3DknG1
+VRSBd0sCAwEAAQKB/2A9smffl1VcvthrjfNVA0ryjx638+eCnSObzCc6fHppoQvo
+8h8bbEsCxrrjcxwxWLW7/0YF9Xq3t7Kgy6LsAFottbHqbgrO6lvHRdzS0OnWuA1+
+sOorwIEnvONfpQxCzEEYcbpZHiO6ajhISjPv8TR/kH7ppakqIxG7C0NVEAIPeOO7
+AAmdtNEYKSgJZQX8uoTzyhI4/R66XuofORu7zFQksWgGP8F+HKbhkSzLpE+dApIw
+ih/tuAYSUps59Z0KP4GAtbogETIZf5OlgV3tk43459k8mxV2ZYjzObtZEAr9pJSn
+5FLX3UyaGc4uw6M6GLIPC02t4XK+4Z8m8Ny+QQKBgA7Dhpy5LUBsrd96MZqylEi8
+UFoFkTcHhzNh/FuYakmftl7rgVp+N2h9GfEoCHKJ2buIGOe8ylAsSQCtmuzhF5vh
+L/PkZ9YG/IIOqPB6yev/4iNuOBaEEgKIIj5C2+aN/ZcqhaZEflFpXyNNp5EcZ8mr
+lTHzPfO5lDLU7ojJpO+7AoGADKY5NFSehf6sjg9WBDA/0YSf6Ir0t/fhITKDu8ei
+wqUJ+Sc8Qoxo3j25PmFF8bQAvW1KJiYU6QQ602LU66SmuZU5nIk0o5mRIZnoQdjo
+2/8EifaeZjeWcwspgFMLMctwaVohYl6irczAnZMFFvqHIhGpHiLdif2et9qFdLci
+NbECgYANfTp14X9l+KZYpIXECVwQpPZpeeK3O8qc+O8hJT4frKxtR5H1g5LOhlb4
+jxJAzJDCllPjEAxtejjtRLFjsznl87bjiRISbGmzzv8uUZJCbZZJtv/KGrt10rou
+1tmiaqODxZc9ViFv8u25DM+Id0Kg8YOskslM8YdldkXHdy2a1wKBgAP1UBlMEX8k
+vqKFsgkFgDL0KYX/Vazr6IsW35o3UntOYdyRpo28mmRRNFKM5fJIvaKJPJbLe+ee
+5zmWx8Ild/bC95BAbzRyrbOyEbfpRJTzLFxvzAl4g5/kckwxsGMYokiVZ7T8oDN6
+yxuEEieqpfbHSACiMGkp8CzgOLrZQ99BAoGACAp9v6jCWEgUxxZkxW62LOTK8Wr+
+iNRJkVnWdHdKOj7N3xJWwC/JFSXFJ2kkItCrqU5cQe4S3HG7Zvhnn6F+CW8oCAhR
+ugRusxiFwUFOiYWt5ZnZB68XRT0cyuosDQZEP4Nnpr4VSxJeOQ7g2Q90bwiAHdP1
+Nn9Z+6LlpnwF83U=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
new file mode 100644
index 000000000..f488e73a9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+rsa2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
new file mode 100644
index 000000000..3de3f13d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbjCCAlmgAwIBAgIUAeu/QCFxArrPIMJNFvRH8DQpIB8wCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTExMjgwMDAwMDBa
+GA8yMDE4MDIwNTAwMDAwMFowKzEpMCcGA1UEAwwgZXZfaW50X3JzYV8yMDQ4LWV2
+X3Jvb3RfcnNhXzIwNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjgZowgZcwDAYDVR0TBAUwAwEB/zALBgNVHQ8E
+BAMCAQYwWQYIKwYBBQUHAQEETTBLMEkGCCsGAQUFBzABhj1odHRwOi8vd3d3LmV4
+YW1wbGUuY29tOjg4ODgvZXZfaW50X3JzYV8yMDQ4LWV2X3Jvb3RfcnNhXzIwNDAv
+MB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOC
+AQAAGu+2My8IJ62el8ZSd8XObf5FZdc9mSKPDrUx9lbNfiYivNPW7IZ4G1Ku9ejt
+KCTlBGFYeiRX80lAmnn4uqjNFyr83P2iMnTGu4A602DdZHidnrNIoukyOlrO8ve8
+OiKZ2P42nb0+XRuMUSsfVo+MqegBQJSQx6NRoJZ9xsDA+58KLL/e7hZBE9IZocMd
+6IzGfGuu86CkfiJehlMFph0fkY9NaWVuthMzE8YJMOCZ6nb0ymHxKO+EqbliiyuI
+lvMR3i1WfDPF0YN4/YILt+72hFDqI8EvFYl9xqXkkOtkLVArVDMvhrdHWJOeV8n4
+5Lyiu5+Iy63klHNJxlfx7tWh
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..5bc5674b2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_int_rsa_2048-ev_root_rsa_2040
+issuerKey:evRSA2040
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-ev_root_rsa_2040/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
new file mode 100644
index 000000000..28ef9a63f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUTCCAjugAwIBAgIUIUhiWxj3v86Cc27pFN9+AFjY11owCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1
+MDAwMDAwWjAhMR8wHQYDVQQDDBZldl9pbnRfcnNhXzIwNDgtZXZyb290MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+o4GQMIGNMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGME8GCCsGAQUFBwEBBEMw
+QTA/BggrBgEFBQcwAYYzaHR0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4L2V2X2lu
+dF9yc2FfMjA0OC1ldnJvb3QvMB8GA1UdIAQYMBYwFAYSKwYBBAHrSYUahRqFGgGD
+dAkBMAsGCSqGSIb3DQEBCwOCAQEAkDJICQpDQGnSlRP4irr/shKc0CdSlp/Ub/zl
+pJ9g218t/mCjQKcWJakb2ClzFJq3FJvpLB9h1gy9b1bZ3sVtGW8DvFI0XRztmNXN
+3hNHQLAPr6oz9bl4OYUzbp7yYjMmkm1bnZQPhlQx5R8tIlFOZJP2vh98fUZSY9kh
+WWrqaUQNZckvGYvJLOa9fhxesrDYuY05WZH0E2JUC5V7v7gP7NvkW8/5yc/82af8
+xqNGWic+9+wmHA7J5PpW/owqKOe35WpQOclafg42XH/3qT5bLms6+X2iV3Ys3SuB
+qmFU9n5zMCvDn4r4sPSYuaq8q3QNTNcT4inos++rfHtFyjWhjQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
new file mode 100644
index 000000000..a0cb6250d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048-evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:ev_int_rsa_2048-evroot
+issuerKey:ev
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_rsa_2048-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_int_rsa_2048.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
new file mode 100644
index 000000000..bb8708bfd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEuQIBADANBgkqhkiG9w0BAQEFAASCBKMwggSfAgEAAoIBAADKcCDcIV9XkU00
+P65KAVERaXr5l6Xs6RhmSZ/CPxuIoRjL0wsQ2Rx7mg1O6JcvyuVsr1fyX8EnWipN
+vLmCQowy71h78jh0EDMKD/sWuAKb14OWnvZ19t44wY9nGTy2wHL4sj0LM3QRJiel
+e5AFV3HZ5iYD9TeI1/Y6+nJPXRCAlt8x+J8msetffENXmA4Aj81V2CfdJiOVyi9S
+ageJfMQMWTs4cW68DKpZZxnG8prJtzp6lEdIo6o+CenrTUYeoAJ+VAkmYUcoudJD
+l1z5oFQb79JedrUflREQsOdkT8fjhEF5G20iJzhMuABOIzQjcrHPXMPnPjG3u++h
+YOaGLrsCAwEAAQKCAQAAstt0vOkjYqv3KVWmOK6HILowM7t/lxyvORiNdULqocGr
+tdIFseIRH0eRwIkRouFB6M/XBUcC0jEAtWQsBuGjGxGK/R+aLzlsztQlxQHZFDXK
+hlZ2bO0rk7u4Zp/Om6zXJ9Hayz2vq8MpPjU4nu+OoLWOGusaIOamH5/NRT91Z/4x
+0SO2FqJv703x1sn3SQER0Cju/R2XIEWxokInPdemfr8RHbJ0GlqTx7IonMSiNvWp
+mm7HqCBv2uHB0EvbsZgNSimMWhfa5BhkdKX3g12IK87ySu9O1vFJ+U2WyffXjmR/
+x3ipAX/yCNO0oXaLGCFiECzasDL6u6s41SAKMkZJAoGADzhE0NTU1qIazXam/DcL
+hVDh1+xaYjQXLnkPACmuZR9tXFkzCrGYArnXogfeeh+3eON3T9vcQRdQYz2NGz/g
+dQBv/P0dEOdjx6kifS1fDC2t4cnmWcNQoVnTa7mG8SY21PmUKyiLwP4h2oeZR3Fz
+FEJJyi44nmxcJap4yMrX1N8CgYANTQvt0ZYvB6Hq1rI6TtZ66vEnDwUqbSm6B0lF
+xjYaXE+PB7+FngZ67T9ObjI+8qqKas00CwvcfP5P0ynjyX+HDH93NXksaqnQ9+dU
+KijtbwGw5VorjZwkplxtoxTJVIT1x8OVSoG7AWsH7RfumwYDlpW8oFmnn43CQj0y
+jVJlpQKBgAnymi/wW+ipbWFLoxsIk1QgqGxrxCuZpmkuoNpXY/AeWWlZt93Oc++c
+Lk9uW0BxCIdQDUS6DDzTEyy6J0dfOcLfdVLi0SOiSXpPlwZAKHaaSKNiRlf3K/U5
+89DeI0/szTvooKqQxr9umwvtQwcKJNBh/z7RdRo+8v9/a5C529X7AoGAAaZZ4XDK
+wSCgO+HPj53xyqNTsDWTvXR25YU72HTChziGAcbDQc6dHShKXu8aOmadMrgWpers
+2LeET+BwZLm8oMKzGNVAJ3s/fxUQ04a7NuA7BHceXSKeiIk+E7dTv7lFGLtjjiQE
+vW5qmTwWaNk/wLgv8IqvNDR9P+g5cQjIfKUCgYAEAlfA1KIcC5hDKXxlZS22YwT7
+Jjdz1yi2q/oG03rAymLGKAI+CeN9wKkB5M4SJBgOJYKjqktqGnuY4r1wB3rsFKyK
+tmp1XHHg/BAkcfm7wbRqlaoLZF8sOOdkUCiWGeo/XormEDe//PgknyKqTnbioBkJ
+8/6ykM6T7fV7EOvnlg==
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
new file mode 100644
index 000000000..a85e16858
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.key.keyspec
@@ -0,0 +1 @@
+evRSA2040
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
new file mode 100644
index 000000000..e8640696e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcqgAwIBAgIUP1iIBgxk6kH+x64EUBTV3qoHuaswCwYJKoZIhvcNAQEL
+MBsxGTAXBgNVBAMMEGV2X3Jvb3RfcnNhXzIwNDAwIhgPMjAxNTAxMDEwMDAwMDBa
+GA8yMDM1MDEwMTAwMDAwMFowGzEZMBcGA1UEAwwQZXZfcm9vdF9yc2FfMjA0MDCC
+ASEwDQYJKoZIhvcNAQEBBQADggEOADCCAQkCggEAAMpwINwhX1eRTTQ/rkoBURFp
+evmXpezpGGZJn8I/G4ihGMvTCxDZHHuaDU7oly/K5WyvV/JfwSdaKk28uYJCjDLv
+WHvyOHQQMwoP+xa4ApvXg5ae9nX23jjBj2cZPLbAcviyPQszdBEmJ6V7kAVXcdnm
+JgP1N4jX9jr6ck9dEICW3zH4nyax6198Q1eYDgCPzVXYJ90mI5XKL1JqB4l8xAxZ
+OzhxbrwMqllnGcbymsm3OnqUR0ijqj4J6etNRh6gAn5UCSZhRyi50kOXXPmgVBvv
+0l52tR+VERCw52RPx+OEQXkbbSInOEy4AE4jNCNysc9cw+c+Mbe776Fg5oYuuwID
+AQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsD
+ggEAAKNwPHDMqBevLghX34q3XuZSQuR4ZTmYBA/f79+1eGM9ljJFyVVYNPPu8a1u
+ePKCZrsrc7H8PqQTyg87XlLi9gwkERZqL1DDKI9LQEf7AK7eA1fgpabc4b/YARQf
+06bd+bRMUjEf5ZS0DaGib3GgOC4HU9L9tFfvxLI0CyZkQQoMcWWNEd0iQEp+0hBX
+Pt8avMmO7IrAkcXroLBYtFdU0nf3OQlCBAHMOupWo/cguPoQO62+dVgz5O/msMQk
+tYpgwH126xnWGP5+pjHmjssycbBLOJgCU2gvQa8aGM7tFvAUGiflsQIGgx8c9aBG
+jhTdA+xV2I+gY8rv98s2Dr5gMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
new file mode 100644
index 000000000..fd1ade8de
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/ev_root_rsa_2040.pem.certspec
@@ -0,0 +1,7 @@
+issuer:ev_root_rsa_2040
+subject:ev_root_rsa_2040
+issuerKey:evRSA2040
+subjectKey:evRSA2040
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_keysize_ev/moz.build b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build
new file mode 100644
index 000000000..85dc78a3c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_keysize_ev/moz.build
@@ -0,0 +1,31 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ev_ee_rsa_2040-ev_int_rsa_2048-evroot.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2040-evroot.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2048-ev_root_rsa_2040.pem',
+#    'ev_ee_rsa_2048-ev_int_rsa_2048-evroot.pem',
+#    'ev_int_rsa_2040-evroot.pem',
+#    'ev_int_rsa_2048-ev_root_rsa_2040.pem',
+#    'ev_int_rsa_2048-evroot.pem',
+#    'ev_root_rsa_2040.pem',
+#    'evroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'ev_int_rsa_2040.key',
+#    'ev_int_rsa_2048.key',
+#    'ev_root_rsa_2040.key',
+#    'evroot.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_local_cert.js b/security/manager/ssl/tests/unit/test_local_cert.js
new file mode 100644
index 000000000..937c0432b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_local_cert.js
@@ -0,0 +1,83 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                    .getService(Ci.nsILocalCertService);
+
+const gNickname = "local-cert-test";
+
+function run_test() {
+  // Need profile dir to store the key / cert
+  do_get_profile();
+  // Ensure PSM is initialized
+  Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+  run_next_test();
+}
+
+function getOrCreateCert(nickname) {
+  return new Promise((resolve, reject) => {
+    certService.getOrCreateCert(nickname, {
+      handleCert: function(c, rv) {
+        if (rv) {
+          reject(rv);
+          return;
+        }
+        resolve(c);
+      }
+    });
+  });
+}
+
+function removeCert(nickname) {
+  return new Promise((resolve, reject) => {
+    certService.removeCert(nickname, {
+      handleResult: function(rv) {
+        if (rv) {
+          reject(rv);
+          return;
+        }
+        resolve();
+      }
+    });
+  });
+}
+
+add_task(function* () {
+  // No master password, so no prompt required here
+  ok(!certService.loginPromptRequired);
+
+  let certA = yield getOrCreateCert(gNickname);
+  equal(certA.nickname, gNickname);
+
+  // Getting again should give the same cert
+  let certB = yield getOrCreateCert(gNickname);
+  equal(certB.nickname, gNickname);
+
+  // Should be matching instances
+  ok(certA.equals(certB));
+
+  // Check a few expected attributes
+  ok(certA.isSelfSigned);
+  equal(certA.certType, Ci.nsIX509Cert.USER_CERT);
+
+  // New nickname should give a different cert
+  let diffNameCert = yield getOrCreateCert("cool-stuff");
+  ok(!diffNameCert.equals(certA));
+
+  // Remove the cert, and get a new one again
+  yield removeCert(gNickname);
+  let newCert = yield getOrCreateCert(gNickname);
+  ok(!newCert.equals(certA));
+
+  // Drop all cert references and GC
+  let serial = newCert.serialNumber;
+  certA = certB = diffNameCert = newCert = null;
+  Cu.forceGC();
+  Cu.forceCC();
+
+  // Should still get the same cert back
+  let certAfterGC = yield getOrCreateCert(gNickname);
+  equal(certAfterGC.serialNumber, serial);
+});
diff --git a/security/manager/ssl/tests/unit/test_logoutAndTeardown.js b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
new file mode 100644
index 000000000..2bf8855fe
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_logoutAndTeardown.js
@@ -0,0 +1,55 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+do_get_profile();
+
+function connect_and_teardown() {
+  let socketTransportService =
+    Cc["@mozilla.org/network/socket-transport-service;1"]
+      .getService(Ci.nsISocketTransportService);
+
+  let tearDown = false;
+
+  let reader = {
+    onInputStreamReady: function(stream) {
+      throws(() => stream.available(), /NS_ERROR_FAILURE/,
+             "stream should be in an error state");
+      ok(tearDown, "A tear down attempt should have occurred");
+      run_next_test();
+    }
+  };
+
+  let sink = {
+    onTransportStatus: function(transport, status, progress, progressmax) {
+      if (status == Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        // Try to logout and tear down the secure decoder ring.
+        // This should close and stream and notify the reader.
+        // The test will time out if this fails.
+        tearDown = true;
+        Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing)
+          .logoutAndTeardown();
+      }
+    }
+  };
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "ocsp-stapling-none.example.com");
+  let transport = socketTransportService.createTransport(
+    ["ssl"], 1, "ocsp-stapling-none.example.com", 8443, null);
+  transport.setEventSink(sink, Services.tm.currentThread);
+
+  let inStream = transport.openInputStream(0, 0, 0)
+                          .QueryInterface(Ci.nsIAsyncInputStream);
+  inStream.asyncWait(reader, Ci.nsIAsyncInputStream.WAIT_CLOSURE_ONLY, 0,
+                     Services.tm.currentThread);
+}
+
+function run_test() {
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+  add_test(connect_and_teardown);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_name_constraints.js b/security/manager/ssl/tests/unit/test_name_constraints.js
new file mode 100644
index 000000000..e75c89740
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints.js
@@ -0,0 +1,63 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// This test tests two specific items:
+// 1. Are name constraints properly enforced across the entire constructed
+// certificate chain? This makes use of a certificate hierarchy like so:
+//  - (trusted) root CA with permitted subtree dNSName example.com
+//  - intermediate CA with permitted subtree dNSName example.org
+//    a. end-entity with dNSNames example.com and example.org
+//       (the first entry is allowed by the root but not by the intermediate,
+//        and the second entry is allowed by the intermediate but not by the
+//        root)
+//    b. end-entity with dNSName example.com (not allowed by the intermediate)
+//    c. end-entity with dNSName examle.org (not allowed by the root)
+//    d. end-entity with dNSName example.test (not allowed by either)
+//  All of these cases should fail to verify with the error that the
+//  end-entity is not in the name space permitted by the hierarchy.
+//
+// 2. Are externally-imposed name constraints properly enforced? This makes use
+// of a certificate hierarchy rooted by a certificate with the same DN as an
+// existing hierarchy that has externally-imposed name constraints (DCISS).
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function certFromFile(name) {
+  return constructCertFromFile(`test_name_constraints/${name}.pem`);
+}
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, `test_name_constraints/${certName}.pem`,
+                  trustString);
+}
+
+function checkCertNotInNameSpace(cert) {
+  checkCertErrorGeneric(certdb, cert, SEC_ERROR_CERT_NOT_IN_NAME_SPACE,
+                        certificateUsageSSLServer);
+}
+
+function checkCertInNameSpace(cert) {
+  checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
+                        certificateUsageSSLServer);
+}
+
+function run_test() {
+  // Test that name constraints from the entire certificate chain are enforced.
+  loadCertWithTrust("ca-example-com-permitted", "CTu,,");
+  loadCertWithTrust("int-example-org-permitted", ",,");
+  checkCertNotInNameSpace(certFromFile("ee-example-com-and-org"));
+  checkCertNotInNameSpace(certFromFile("ee-example-com"));
+  checkCertNotInNameSpace(certFromFile("ee-example-org"));
+  checkCertNotInNameSpace(certFromFile("ee-example-test"));
+
+  // Test that externally-imposed name constraints are enforced (DCISS tests).
+  loadCertWithTrust("dciss", "CTu,,");
+  checkCertInNameSpace(certFromFile("NameConstraints.dcissallowed"));
+  checkCertNotInNameSpace(certFromFile("NameConstraints.dcissblocked"));
+}
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
new file mode 100644
index 000000000..9eb316736
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUayXt32lO6eul4Qcp7fVRAg5vETEwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBBMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEXMBUGA1UEAwwOZm9vLmV4YW1wbGUuZnIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQ
+PTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH
+9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw
+4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86
+exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0
+ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2N
+AgMBAAEwCwYJKoZIhvcNAQELA4IBAQBUTnm4u9mzMIaSUdrQ+pSM0dtQAP/7b93e
+/fpICLB65fjxUxQMvRG65i4vn6HG+FFbDi/n/kURSN8r1VItjq+QUK55VL/F7bh7
+6P9xi4o1h6qb4tiXKb3YE2D7+zRENWGvTidDV1u3e2Tfuu0pu0NkD5PUvb0dtScW
+LvruBaJdRJgx9z1BIYN5uqQhOa4hHV46z7hAVyJyhsdwRO3NG/OYFmdlcIUTwcvF
+Qb+YgeviFlLdqRqt4vxT54Ko3GGqx2l609PZslD3F9vcP31n/VbowU256HSTjral
+DL9dS/KG2XFWySC9vrFjyLx8eR9SOMfasCIG835f81YI2E7UjGBH
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
new file mode 100644
index 000000000..1a02a0cc1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissallowed.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.fr
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
new file mode 100644
index 000000000..044a8205d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDVDCCAj6gAwIBAgIUB0a84yh5MqyYUB0tMRJgU70UqzEwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjBCMQswCQYDVQQGEwJVUzELMAkG
+A1UECAwCQ0ExDDAKBgNVBAoMA0ZvbzEYMBYGA1UEAwwPZm9vLmV4YW1wbGUuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2
+ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdF
+h/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6n
+cOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAv
+OnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2nj
+tIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXt
+jQIDAQABMAsGCSqGSIb3DQEBCwOCAQEAmvWg9zOGlCX5ZjPFoX0wpfQ2pSAPsbv9
+sC4uDLBQj6Tx/bmm5JRI3p/+hceC+y5gVmA30dOBVAGm9Bzj/M7tY1+eYH9fXnhO
+asM3onOEAd7R26Dztl3/RaKIZzIDALc/0fOeCHfRKmh5Ao/9MHIBH8vyyCvyHRZV
+ixaX5zhSA6u8PrC36Hwbu40LNaVgV/S7xWiE5bAOT4zhS61C+Sjji0wmK9vgEgCT
+8e3UFCWEGgr6zavD0E5dvZIbyM8q8TMdTe5FDV9e1Jivk2WcDli39eYiOhyglqaF
+PZ4pRuvNO2+2VJxakjzfrTeQA7k/ZWX6ljwFSMypgEm/m7HC8BQ7qQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
new file mode 100644
index 000000000..eabee87e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/NameConstraints.dcissblocked.pem.certspec
@@ -0,0 +1,2 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:/C=US/ST=CA/O=Foo/CN=foo.example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
new file mode 100644
index 000000000..a82688fd8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfegAwIBAgIUadTGcLSWi68lBexbnxxJdH4o7S4wCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAjMSEwHwYDVQQDDBhjYS1leGFtcGxl
+LWNvbS1wZXJtaXR0ZWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6
+iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr
+4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP
+8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OI
+Q+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ
+77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5J
+I/pyUcQx1QOs2hgKNe2NAgMBAAGjOTA3MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQD
+AgEGMBoGA1UdHgQTMBGgDzANggtleGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+ABqsSZFz9PEgN6+qyElJbM3P/NEy4HSfNOybDbKspySnBlYC9cZXgY3EJ0FSeKSQ
+hDM9CvMKtAhTJjj9PDQHnh0jevD0USO6riqkkENo+c3tL8cAZbLT8oPe4Q52PRii
+Yqi4XZiigtQmLxdyS4ryuSvhRs0IcNDqp7f23uLgGQpv7GUpoc4hg14JxIW1Bz42
+x60m+jTVMkpHj01uUJ9J4bTDoxLjjPI6ED/lXaccJCpl3smMPErEKM3K6LBfL6g7
+r+IkdTAhsQmPgnhi07SSV34ZXto8cpjSpJDl3LKBUmHF82XqJNHxwYZ7VjwnSc5c
+9sw3hmmmt7Su7dEeScCKPW0=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
new file mode 100644
index 000000000..1cc3c1d81
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ca-example-com-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:ca-example-com-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
new file mode 100644
index 000000000..2d8fc903a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDtzCCAqGgAwIBAgIUfbbH+o/snQqIZa44UsC8vi+3+EgwCwYJKoZIhvcNAQEL
+MIGFMQswCQYDVQQGEwJGUjEPMA0GA1UECBMGRnJhbmNlMQ4wDAYDVQQHEwVQYXJp
+czEQMA4GA1UEChMHUE0vU0dETjEOMAwGA1UECxMFRENTU0kxDjAMBgNVBAMTBUlH
+Qy9BMSMwIQYJKoZIhvcNAQkBFhRpZ2NhQHNnZG4ucG0uZ291di5mcjAiGA8yMDE1
+MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjCBhTELMAkGA1UEBhMCRlIxDzAN
+BgNVBAgTBkZyYW5jZTEOMAwGA1UEBxMFUGFyaXMxEDAOBgNVBAoTB1BNL1NHRE4x
+DjAMBgNVBAsTBURDU1NJMQ4wDAYDVQQDEwVJR0MvQTEjMCEGCSqGSIb3DQEJARYU
+aWdjYUBzZ2RuLnBtLmdvdXYuZnIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwG
+m24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJr
+bA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4
+SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3
+/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+Z
+FzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjHTAbMAwGA1UdEwQFMAMBAf8wCwYD
+VR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAHyAZhHXZ7L+pJAMKXiMpxLf+bt8w
+3EfZ+y7htjiDsDLLB9T3A/zj0V2LlVGJ8RfQOT690czYqidFL7bQayJuC5S1MBxt
+Q6W0GsHHVR2v/uCPFntzVhKFSeGyao+V2t/ZTYQ4MIiZTRkK0QWGL2XFGjRhfGMf
+6WDBjnndyVg0fXnvlYTCfZFp7yZ9pkdS3kgLTfq4PAknm9eU/bJ+DjHedGb6GWY3
+X0+xXw2u6Td1UdupliEOX6mGC7P3E6g8Dmrxn36OiKeh3kHmVIyyUrpLI/XM67B8
+9RG2d7e8gBlKKSwcwynM/snRco9AWgiaSZEmmb2a9+FQ/qGwtZVwvgkAuQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
new file mode 100644
index 000000000..5d53706bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/dciss.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+subject:printableString/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
new file mode 100644
index 000000000..d0442e004
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC+jCCAeSgAwIBAgIUaRmgL0d90KT16jbz/DDS4TvGvwEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowITEfMB0GA1UEAwwWZWUtZXhhbXBs
+ZS1jb20tYW5kLW9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqI
+UahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvi
+r1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/x
+fq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD
+7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnv
+uRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj
++nJRxDHVA6zaGAo17Y0CAwEAAaMnMCUwIwYDVR0RBBwwGoILZXhhbXBsZS5jb22C
+C2V4YW1wbGUub3JnMAsGCSqGSIb3DQEBCwOCAQEAnnaFdrE6UGQCmCtMEhHicq9Y
+NE/TGItWvGqP+iU/7+fpTRF5TvrB9mieRPZgU2FQPbHbVs4f3Akaiv7gwnBdE6+d
+HL0v7qoVSGofmZh9GbE+i3kqXSyylOFhjCuQ92+5lMIQ/hxumyUuQSfw/SRs5I2c
+l7otGokpxOqRfw9oFusF1AccSm0ynVbdanjfMZFBc0Hwfy4qYXGqP1AmiNJgjves
+MEjCfwsoFv4Y23CSdTBduo5P6JzLS2Ay99NTG1UOto+UIDSZwIylSjphc0XOMJ2+
+TbbCo9XHmhWN8i9xw0anSOXvz66yWFBbtuvjPweHAOoSWsqdQ5GoReoqqF5xSw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
new file mode 100644
index 000000000..904ca6595
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com-and-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com-and-org
+extension:subjectAlternativeName:example.com,example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
new file mode 100644
index 000000000..fad336b1c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUGQSGboQn0O+dvd3cf/FaobEeoiEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs
+ZS1jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAP24kpBxa9l3+LpfmIc4UsSpXvY+DGt5bjM0TzuNHR6FMQhLnYdF1
+0Lbl6TYFd62kA2GANMGkLImIGJCP9XEEJYF0lQQ3w06rofsnEVbrraF0UjhyMSdt
++IBWwn/ZD37/D2iYUXInEWLNsiTe/ggrfk4VCy48l40toW0CdW0xTorYHrmtTmcg
+Ie7i6ODcA7avSdsw/mbZqbSqNHBdDnydUgkwZUJKlp2DH85MoVrHcNVW6mVlRZ96
+I31+EyLS5NlYb1e4CiEo2uvhvrAxeDw9mvNKWrV4BXc58vq8N48/r83lBdV09OyP
+tymoRevjFD3M5fcR8VzXVg/diItDZ15fUw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
new file mode 100644
index 000000000..46630c4a1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-com.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-com
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
new file mode 100644
index 000000000..7e366f8ca
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUcZBzsxoUEYUZlsKZQdyvAEhTgaswCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGTEXMBUGA1UEAwwOZWUtZXhhbXBs
+ZS1vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUub3JnMAsGCSqGSIb3
+DQEBCwOCAQEAJwtc0BV1zdS6BO2he4SbTeDvHxkNqlkgRbrcT5kSgQgqlH6rcnoe
+QHrIsbGeHBoWJKI2tsmeKkGyswPsxyktEXKLb53J8EGpc72XwazhTFQTKCfLeB0n
+GlYfdI65ipwnqo46Juj6WHcFjf964eNhVLBun/535CcT5I7Y8bVDDakSkAfdxY8k
+JjRVe73yAt7pjpQ70Gq39tiuMD16pJ8+M6FJvbYKFmelhWcusRo56fJsx4jkN0zo
+I75MJ1cjr+UL1ixMVXjj5WQzZw+Ec+SBAL4fR8JTkkdjRNJTWB5Pr1eH4xa6vQsB
+wc3PCSdU0y80ihL2AcxNKZiOVAftJM9lIw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
new file mode 100644
index 000000000..6a24090e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-org.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-org
+extension:subjectAlternativeName:example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
new file mode 100644
index 000000000..0b65d0f3d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5zCCAdGgAwIBAgIUVQNQFeYcunS/xUPvzDd6P51z7PEwCwYJKoZIhvcNAQEL
+MCQxIjAgBgNVBAMMGWludC1leGFtcGxlLW9yZy1wZXJtaXR0ZWQwIhgPMjAxNTEx
+MjgwMDAwMDBaGA8yMDE4MDIwNTAwMDAwMFowGjEYMBYGA1UEAwwPZWUtZXhhbXBs
+ZS10ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB
+/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRx
+CHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMC
+OosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdm
+Wqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGz
+ey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUD
+rNoYCjXtjQIDAQABoxswGTAXBgNVHREEEDAOggxleGFtcGxlLnRlc3QwCwYJKoZI
+hvcNAQELA4IBAQAcdgKZ3Dp2Q6EMCWw+5VgzS2lEwf+LgxwNWLKnI0sX1YYuP3oq
+6t+UMcYelMwaYISXy+v8ZCrey1nJidjuRZHigQun7aqnQ4ugyPATbCrO/3eJZ6K0
+JVDPCt8hYSrogDWGG3KqX5z0lyjcWMGSDL+z6sWxLneOIdNFD6WsY8leM1jbaGD6
+fTJyHzaJ7m2kvp67Doqb8XzMlAY3nX3S/qD/mW0fO/IOAmogVZgG/5KbyQeJC0uu
+qoFmeRFoAuoNhRY2XuHh4I3OQCRtUGujNeC9AzVUQGI69saKvq96W/M5ij9JKfnP
+K6woylFDR67heaevocc4EcbSE7Y4e2LUURtL
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
new file mode 100644
index 000000000..0926ce477
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/ee-example-test.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int-example-org-permitted
+subject:ee-example-test
+extension:subjectAlternativeName:example.test
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
new file mode 100644
index 000000000..4f12c9a61
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDjCCAfigAwIBAgIUa0ZhHpbuqgjJTZfVUN+proqgaCQwCwYJKoZIhvcNAQEL
+MCMxITAfBgNVBAMMGGNhLWV4YW1wbGUtY29tLXBlcm1pdHRlZDAiGA8yMDE1MTEy
+ODAwMDAwMFoYDzIwMTgwMjA1MDAwMDAwWjAkMSIwIAYDVQQDDBlpbnQtZXhhbXBs
+ZS1vcmctcGVybWl0dGVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+uohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGoby
+a+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWC
+D/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfT
+iEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXT
+Ce+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+
+SSP6clHEMdUDrNoYCjXtjQIDAQABozkwNzAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
+AwIBBjAaBgNVHR4EEzARoA8wDYILZXhhbXBsZS5vcmcwCwYJKoZIhvcNAQELA4IB
+AQB1roD4dkWf/+8VEomThWmJaQiemqbSpv1T2pwy7dp/FhmqSHuJMYjL+2Whh8Nd
+j/b2fC9TAB3Q02WgF4ZCt53rr2wztO5JWel3uEZRlt5AIXJNkSYjfYuSoKcvntWS
+aenDy8+HTFZ4XqItv4qpRBCo/qguiohJ7wjPPCOuG/LFNgJdssC7TNHwhuPdnqCr
+B4EGFo6swUA4zJqS4kJdMQHnyhDRT0hVNSZF0Ql19bF69M9obqfrFbCMvuTj2kxo
+7hCG0C+Ws4bL+EA2ohjwPXgkFZcph/MRhLAa5U9s8G3TFLuJvOGZ6CAaSfQCJoAG
+nzgVDB82G7c1g67m186RSXzt
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
new file mode 100644
index 000000000..87e2cf8a5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/int-example-org-permitted.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca-example-com-permitted
+subject:int-example-org-permitted
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:nameConstraints:permitted:example.org
diff --git a/security/manager/ssl/tests/unit/test_name_constraints/moz.build b/security/manager/ssl/tests/unit/test_name_constraints/moz.build
new file mode 100644
index 000000000..3eb064111
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_name_constraints/moz.build
@@ -0,0 +1,21 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'NameConstraints.dcissallowed.pem',
+#    'NameConstraints.dcissblocked.pem',
+#    'ca-example-com-permitted.pem',
+#    'int-example-org-permitted.pem',
+#    'ee-example-com-and-org.pem',
+#    'ee-example-com.pem',
+#    'ee-example-org.pem',
+#    'ee-example-test.pem',
+#    'dciss.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_nsCertType.js b/security/manager/ssl/tests/unit/test_nsCertType.js
new file mode 100644
index 000000000..2e378541d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsCertType.js
@@ -0,0 +1,28 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// While the Netscape certificate type extension is not a standard and has been
+// discouraged from use for quite some time, it is still encountered. Thus, we
+// handle it slightly differently from other unknown extensions.
+// If it is not marked critical, we ignore it.
+// If it is marked critical:
+//   If the basic constraints and extended key usage extensions are also
+//   present, we ignore it, because they are standardized and should convey the
+//   same information.
+//   Otherwise, we reject it with an error indicating an unknown critical
+//   extension.
+
+"use strict";
+
+function run_test() {
+  do_get_profile();
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_connection_test("nsCertTypeNotCritical.example.com", PRErrorCodeSuccess);
+  add_connection_test("nsCertTypeCriticalWithExtKeyUsage.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("nsCertTypeCritical.example.com",
+                      SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
new file mode 100644
index 000000000..f35f5d97b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509CertValidity.js
@@ -0,0 +1,49 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// This file tests the nsIX509CertValidity implementation.
+
+function fuzzyEqual(attributeName, dateString, expectedTime) {
+  do_print(`${attributeName}: ${dateString}`);
+  let absTimeDiff = Math.abs(expectedTime - Date.parse(dateString));
+  const ONE_DAY_IN_MS = 24 * 60 * 60 * 1000;
+  lessOrEqual(absTimeDiff, ONE_DAY_IN_MS,
+              `Time difference for ${attributeName} should be <= one day`);
+}
+
+function run_test() {
+  // Date.parse("2013-01-01T00:00:00Z")
+  const NOT_BEFORE_IN_MS = 1356998400000;
+  // Date.parse("2014-01-01T00:00:00Z")
+  const NOT_AFTER_IN_MS = 1388534400000;
+  let cert = constructCertFromFile("bad_certs/expired-ee.pem");
+
+  equal(cert.validity.notBefore, NOT_BEFORE_IN_MS * 1000,
+        "Actual and expected notBefore should be equal");
+  equal(cert.validity.notAfter, NOT_AFTER_IN_MS * 1000,
+        "Actual and expected notAfter should be equal");
+
+  // The following tests rely on the implementation of nsIX509CertValidity
+  // providing long formatted dates to work. If this is not true, a returned
+  // short formatted date such as "12/31/12" may be interpreted as something
+  // other than the expected "December 31st, 2012".
+  //
+  // On Android, the implementation of nsIDateTimeFormat currently does not
+  // return a long formatted date even if it is asked to. This, combined with
+  // the reason above is why the following tests are disabled on Android.
+  if (AppConstants.platform != "android") {
+    fuzzyEqual("notBeforeLocalTime", cert.validity.notBeforeLocalTime,
+               NOT_BEFORE_IN_MS);
+    fuzzyEqual("notBeforeLocalDay", cert.validity.notBeforeLocalDay,
+               NOT_BEFORE_IN_MS);
+    fuzzyEqual("notBeforeGMT", cert.validity.notBeforeGMT, NOT_BEFORE_IN_MS);
+
+    fuzzyEqual("notAfterLocalTime", cert.validity.notAfterLocalTime,
+               NOT_AFTER_IN_MS);
+    fuzzyEqual("notAfterLocalDay", cert.validity.notAfterLocalDay,
+               NOT_AFTER_IN_MS);
+    fuzzyEqual("notAfterGMT", cert.validity.notAfterGMT, NOT_AFTER_IN_MS);
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
new file mode 100644
index 000000000..b4b0d6f37
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nsIX509Cert_utf8.js
@@ -0,0 +1,70 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks that various nsIX509Cert attributes correctly handle UTF-8.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function run_test() {
+  let cert = certDB.constructX509FromBase64(
+    "MIIF3DCCBMSgAwIBAgIEAJiZbzANBgkqhkiG9w0BAQUFADCCAQ0xYTBfBgNVBAMM" +
+    "WEkuQ0EgLSBRdWFsaWZpZWQgcm9vdCBjZXJ0aWZpY2F0ZSAoa3ZhbGlmaWtvdmFu" +
+    "w70gY2VydGlmaWvDoXQgcG9za3l0b3ZhdGVsZSkgLSBQU0VVRE9OWU0xCzAJBgNV" +
+    "BAYTAkNaMS8wLQYDVQQHDCZQb2R2aW5uw70gbWzDvW4gMjE3OC82LCAxOTAgMDAg" +
+    "UHJhaGEgOTEsMCoGA1UECgwjUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRh" +
+    "IGEucy4xPDA6BgNVBAsMM0FrcmVkaXRvdmFuw70gcG9za3l0b3ZhdGVsIGNlcnRp" +
+    "ZmlrYcSNbsOtY2ggc2x1xb5lYjAeFw0wMjEyMTIxMzMzNDZaFw0wMzEyMTIxMzMz" +
+    "NDZaMIIBFDELMAkGA1UEBhMCQ1oxHzAdBgNVBAMeFgBMAHUAZAEbAGsAIABSAGEB" +
+    "YQBlAGsxGTAXBgNVBAgeEABWAHkAcwBvAQ0AaQBuAGExLzAtBgNVBAceJgBQAGEA" +
+    "YwBvAHYALAAgAE4A4QBkAHIAYQF+AG4A7QAgADcANgA5MSUwIwYJKoZIhvcNAQkB" +
+    "FhZsdWRlay5yYXNla0BjZW50cnVtLmN6MRMwEQYDVQQqHgoATAB1AGQBGwBrMQ0w" +
+    "CwYDVQQrHgQATABSMR8wHQYDVQQpHhYATAB1AGQBGwBrACAAUgBhAWEAZQBrMRMw" +
+    "EQYDVQQEHgoAUgBhAWEAZQBrMRcwFQYDVQQFEw5JQ0EgLSAxMDAwMzc2OTCBnzAN" +
+    "BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxc7dGd0cNlHZ7tUUl5k30bfYlY3lnOD0" +
+    "49JGbTXSt4jNFMRLj6s/777W3kcIdcIwdKxjQULBKgryDvZJ1DAWp2TwzhPDVYj3" +
+    "sU4Niqb7mOUcp/4ckteUxGF6FmXtJR9+XHTuLZ+omF9HOUefheBKnXvZuqrLM16y" +
+    "nbJn4sPwwdcCAwEAAaOCAbswggG3MCUGA1UdEQQeMBygGgYKKwMGAQQB3BkCAaAM" +
+    "DAoxNzYyODk2ODgzMGkGA1UdHwRiMGAwHqAcoBqGGGh0dHA6Ly9xLmljYS5jei9x" +
+    "aWNhLmNybDAeoBygGoYYaHR0cDovL2IuaWNhLmN6L3FpY2EuY3JsMB6gHKAahhho" +
+    "dHRwOi8vci5pY2EuY3ovcWljYS5jcmwwHwYDVR0jBBgwFoAUK1oKfvvlDYUsZTBy" +
+    "vGN701mca/UwHQYDVR0OBBYEFPAs70DB+LS0PnA6niPUfJ5wdQH5MIG4BgNVHSAE" +
+    "gbAwga0wgaoGCysGAQQBs2EBAQQEMIGaMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3" +
+    "LmljYS5jei9xY3AvY3BxcGljYTAyLnBkZjBnBggrBgEFBQcCAjBbGllUZW50byBj" +
+    "ZXJ0aWZpa2F0IGplIHZ5ZGFuIGpha28gS3ZhbGlmaWtvdmFueSBjZXJ0aWZpa2F0" +
+    "IHYgc291bGFkdSBzZSB6YWtvbmVtIDIyNy8yMDAwIFNiLjAYBggrBgEFBQcBAwQM" +
+    "MAowCAYGBACORgEBMA4GA1UdDwEB/wQEAwIE8DANBgkqhkiG9w0BAQUFAAOCAQEA" +
+    "v2V+nnYYMIgabmmgHx49CtlZIHdGS3TuWKXw130xFhbXDnNhEbx3alaskNsvjQQR" +
+    "Lqs1ZwKy58yynse+eJYHqenmHDACpAfVpCF9PXC/mDarVsoQw7NTcUpsAFhSd/zT" +
+    "v9jIf3twECyxx/RVzONVcob7nPePESHiKoG4FbtcuUh0wSHvCmTwRIQqPDCIuHcF" +
+    "StSt3Jr9iXcbXEhe4mSccOZ8N+r7Rv3ncKcevlRl7uFfDKDTyd43SZeRS/7J8KRf" +
+    "hD/h2nawrCFwc5gJW10aLJGFL/mcS7ViAIT9HCVk23j4TuBjsVmnZ0VKxB5edux+" +
+    "LIEqtU428UVHZWU/I5ngLw==");
+
+  equal(cert.nickname, "(no nickname)",
+        "Actual and expected nickname should match");
+  equal(cert.emailAddress, "ludek.rasek@centrum.cz",
+        "Actual and expected emailAddress should match");
+  equal(cert.subjectName, "serialNumber=ICA - 10003769,SN=Rašek,name=Luděk Rašek,initials=LR,givenName=Luděk,E=ludek.rasek@centrum.cz,L=\"Pacov, Nádražní 769\",ST=Vysočina,CN=Luděk Rašek,C=CZ",
+        "Actual and expected subjectName should match");
+  equal(cert.commonName, "Luděk Rašek",
+        "Actual and expected commonName should match");
+  equal(cert.organization, "",
+        "Actual and expected organization should match");
+  equal(cert.organizationalUnit, "",
+        "Actual and expected organizationalUnit should match");
+  equal(cert.windowTitle, "Luděk Rašek",
+        "Actual and expected windowTitle should match");
+  equal(cert.issuerName, "OU=Akreditovaný poskytovatel certifikačních služeb,O=První certifikační autorita a.s.,L=\"Podvinný mlýn 2178/6, 190 00 Praha 9\",C=CZ,CN=I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM",
+        "Actual and expected issuerName should match");
+  equal(cert.issuerCommonName, "I.CA - Qualified root certificate (kvalifikovaný certifikát poskytovatele) - PSEUDONYM",
+        "Actual and expected issuerCommonName should match");
+  equal(cert.issuerOrganization, "První certifikační autorita a.s.",
+        "Actual and expected issuerOrganization should match");
+  equal(cert.issuerOrganizationUnit, "Akreditovaný poskytovatel certifikačních služeb",
+        "Actual and expected issuerOrganizationUnit should match");
+}
diff --git a/security/manager/ssl/tests/unit/test_nss_shutdown.js b/security/manager/ssl/tests/unit/test_nss_shutdown.js
new file mode 100644
index 000000000..0c467cbd4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_nss_shutdown.js
@@ -0,0 +1,44 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test attempts to ensure that PSM doesn't deadlock or crash when shutting
+// down NSS while a background thread is attempting to use NSS.
+// Uses test_signed_apps/valid_app_1.zip from test_signed_apps.js.
+
+function startAsyncNSSOperation(certdb, appFile) {
+  return new Promise((resolve, reject) => {
+    certdb.openSignedAppFileAsync(Ci.nsIX509CertDB.AppXPCShellRoot, appFile,
+      function(rv, aZipReader, aSignerCert) {
+        // rv will either indicate success (if NSS hasn't been shut down yet) or
+        // it will be some error code that varies depending on when NSS got shut
+        // down. As such, there's nothing really to check here. Just resolve the
+        // promise to continue execution.
+        resolve();
+      });
+  });
+}
+
+add_task(function* () {
+  do_get_profile();
+  let psm = Cc["@mozilla.org/psm;1"]
+              .getService(Ci.nsISupports)
+              .QueryInterface(Ci.nsIObserver);
+  let certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+  let appFile = do_get_file("test_signed_apps/valid_app_1.zip");
+
+  let promises = [];
+  for (let i = 0; i < 25; i++) {
+    promises.push(startAsyncNSSOperation(certdb, appFile));
+  }
+  // Trick PSM into thinking it should shut down NSS. If this test doesn't
+  // hang or crash, we're good.
+  psm.observe(null, "profile-before-change", null);
+  for (let i = 0; i < 25; i++) {
+    promises.push(startAsyncNSSOperation(certdb, appFile));
+  }
+  yield Promise.all(promises);
+});
diff --git a/security/manager/ssl/tests/unit/test_ocsp_caching.js b/security/manager/ssl/tests/unit/test_ocsp_caching.js
new file mode 100644
index 000000000..d0897fccd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_caching.js
@@ -0,0 +1,299 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Checks various aspects of the OCSP cache, mainly to to ensure we do not fetch
+// responses more than necessary.
+
+var gFetchCount = 0;
+var gGoodOCSPResponse = null;
+var gResponsePattern = [];
+var gMessage = "";
+
+function respondWithGoodOCSP(request, response) {
+  do_print("returning 200 OK");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+  response.write(gGoodOCSPResponse);
+}
+
+function respondWithSHA1OCSP(request, response) {
+  do_print("returning 200 OK with sha-1 delegated response");
+  response.setStatusLine(request.httpVersion, 200, "OK");
+  response.setHeader("Content-Type", "application/ocsp-response");
+
+  let args = [ ["good-delegated", "default-ee", "delegatedSHA1Signer" ] ];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  response.write(responses[0]);
+}
+
+function respondWithError(request, response) {
+  do_print("returning 500 Internal Server Error");
+  response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+  let body = "Refusing to return a response";
+  response.bodyOutputStream.write(body, body.length);
+}
+
+function generateGoodOCSPResponse() {
+  let args = [ ["good", "default-ee", "unused" ] ];
+  let responses = generateOCSPResponses(args, "ocsp_certs");
+  return responses[0];
+}
+
+function add_ocsp_test(aHost, aExpectedResult, aResponses, aMessage,
+                       aOriginAttributes) {
+  add_connection_test(aHost, aExpectedResult,
+      function() {
+        clearSessionCache();
+        gFetchCount = 0;
+        gResponsePattern = aResponses;
+        gMessage = aMessage;
+      },
+      function() {
+        // check the number of requests matches the size of aResponses
+        equal(gFetchCount, aResponses.length,
+              "should have made " + aResponses.length +
+              " OCSP request" + (aResponses.length == 1 ? "" : "s"));
+      }, null, aOriginAttributes);
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+  Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+
+    do_print("gFetchCount: " + gFetchCount);
+    let responseFunction = gResponsePattern[gFetchCount];
+    Assert.notEqual(undefined, responseFunction);
+
+    ++gFetchCount;
+    responseFunction(request, response);
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function() { ocspResponder.stop(run_next_test); });
+  run_next_test();
+}
+
+function add_tests() {
+  // Test that verifying a certificate with a "short lifetime" doesn't result
+  // in OCSP fetching. Due to longevity requirements in our testing
+  // infrastructure, the certificate we encounter is valid for a very long
+  // time, so we have to define a "short lifetime" as something very long.
+  add_test(function() {
+    Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days",
+                              12000);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "expected zero OCSP requests for a short-lived certificate");
+
+  add_test(function() {
+    Services.prefs.setIntPref("security.pki.cert_short_lifetime_in_days", 100);
+    run_next_test();
+  });
+
+  // If a "short lifetime" is something more reasonable, ensure that we do OCSP
+  // fetching for this long-lived certificate.
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithError],
+                "expected one OCSP request for a long-lived certificate");
+  add_test(function() {
+    Services.prefs.clearUserPref("security.pki.cert_short_lifetime_in_days");
+    run_next_test();
+  });
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // This test assumes that OCSPStaplingServer uses the same cert for
+  // ocsp-stapling-unknown.example.com and ocsp-stapling-none.example.com.
+
+  // Get an Unknown response for the *.example.com cert and put it in the
+  // OCSP cache.
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT, [],
+                "Stapled Unknown response -> a fetch should not have been" +
+                " attempted");
+
+  // A failure to retrieve an OCSP response must result in the cached Unknown
+  // response being recognized and honored.
+  add_ocsp_test("ocsp-stapling-none.example.com", SEC_ERROR_OCSP_UNKNOWN_CERT,
+                [
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                  respondWithError,
+                ],
+                "No stapled response -> a fetch should have been attempted");
+
+  // A valid Good response from the OCSP responder must override the cached
+  // Unknown response.
+  //
+  // Note that We need to make sure that the Unknown response and the Good
+  // response have different thisUpdate timestamps; otherwise, the Good
+  // response will be seen as "not newer" and it won't replace the existing
+  // entry.
+  add_test(function() {
+    let duration = 1200;
+    do_print("Sleeping for " + duration + "ms");
+    let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
+    timer.initWithCallback(run_next_test, duration, Ci.nsITimer.TYPE_ONE_SHOT);
+  });
+  add_test(function() {
+    gGoodOCSPResponse = generateGoodOCSPResponse();
+    run_next_test();
+  });
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "Cached Unknown response, no stapled response -> a fetch" +
+                " should have been attempted");
+
+  // The Good response retrieved from the previous fetch must have replaced
+  // the Unknown response in the cache, resulting in the catched Good response
+  // being returned and no fetch.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [],
+                "Cached Good response -> a fetch should not have been" +
+                " attempted");
+
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // A failure to retrieve an OCSP response will result in an error entry being
+  // added to the cache.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithError],
+                "No stapled response -> a fetch should have been attempted");
+
+  // The error entry will prevent a fetch from happening for a while.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "Noted OCSP server failure -> a fetch should not have been" +
+                " attempted");
+
+  // The error entry must not prevent a stapled OCSP response from being
+  // honored.
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, [],
+                "Stapled Revoked response -> a fetch should not have been" +
+                " attempted");
+
+  //---------------------------------------------------------------------------
+
+  // Ensure OCSP responses from signers with SHA1 certificates are OK. This
+  // is included in the OCSP caching tests since there were OCSP cache-related
+  // regressions when sha-1 telemetry probes were added.
+  add_test(function() {
+    clearOCSPCache();
+    // set security.OCSP.require so that checking the OCSP signature fails
+    Services.prefs.setBoolPref("security.OCSP.require", true);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithSHA1OCSP],
+                "signing cert is good (though sha1) - should succeed");
+
+  add_test(function() {
+    Services.prefs.setBoolPref("security.OCSP.require", false);
+    run_next_test();
+  });
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+
+  // This test makes sure that OCSP cache are isolated by firstPartyDomain.
+
+  let gObservedCnt = 0;
+  let protocolProxyService = Cc["@mozilla.org/network/protocol-proxy-service;1"]
+                               .getService(Ci.nsIProtocolProxyService);
+
+  // Observe all channels and make sure the firstPartyDomain in their loadInfo's
+  // origin attributes are aFirstPartyDomain.
+  function startObservingChannels(aFirstPartyDomain) {
+    // We use a dummy proxy filter to catch all channels, even those that do not
+    // generate an "http-on-modify-request" notification.
+    let proxyFilter = {
+      applyFilter: function (aProxyService, aChannel, aProxy) {
+        // We have the channel; provide it to the callback.
+        if (aChannel.originalURI.spec == "http://localhost:8888/") {
+          gObservedCnt++;
+          equal(aChannel.loadInfo.originAttributes.firstPartyDomain,
+                aFirstPartyDomain, "firstPartyDomain should match");
+        }
+        // Pass on aProxy unmodified.
+        return aProxy;
+      }
+    };
+    protocolProxyService.registerChannelFilter(proxyFilter, 0);
+    // Return the stop() function:
+    return () => protocolProxyService.unregisterChannelFilter(proxyFilter);
+  }
+
+  let stopObservingChannels;
+  add_test(function() {
+    stopObservingChannels = startObservingChannels("foo.com");
+    run_next_test();
+  });
+
+  // A good OCSP response will be cached.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "No stapled response (firstPartyDomain = foo.com) -> a fetch " +
+                "should have been attempted", { firstPartyDomain: "foo.com" });
+
+  // The cache will prevent a fetch from happening.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess, [],
+                "Noted OCSP server failure (firstPartyDomain = foo.com) -> a " +
+                "fetch should not have been attempted",
+                { firstPartyDomain: "foo.com" });
+
+  add_test(function() {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  add_test(function() {
+    stopObservingChannels = startObservingChannels("bar.com");
+    run_next_test();
+  });
+
+  // But using a different firstPartyDomain should result in a fetch.
+  add_ocsp_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+                [respondWithGoodOCSP],
+                "No stapled response (firstPartyDomain = bar.com) -> a fetch " +
+                "should have been attempted", { firstPartyDomain: "bar.com" });
+
+  add_test(function() {
+    stopObservingChannels();
+    equal(gObservedCnt, 1, "should have observed only 1 OCSP requests");
+    gObservedCnt = 0;
+    run_next_test();
+  });
+
+  //---------------------------------------------------------------------------
+
+  // Reset state
+  add_test(function() { clearOCSPCache(); run_next_test(); });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
new file mode 100644
index 000000000..ba648b9e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_enabled_pref.js
@@ -0,0 +1,141 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Checks that the security.OCSP.enabled pref correctly controls OCSP fetching
+// behavior.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const gCertDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_ev_certs/${filename}.pem`);
+}
+
+function loadCert(certName, trustString) {
+  addCertFromFile(gCertDB, `test_ev_certs/${certName}.pem`, trustString);
+}
+
+function getFailingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function getOCSPResponder(expectedCertNames) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_ev_certs",
+                            expectedCertNames, []);
+}
+
+// Tests that in ocspOff mode, OCSP fetches are never done.
+function testOff() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 0);
+    do_print("Setting security.OCSP.enabled to 0");
+    run_next_test();
+  });
+
+  // EV chains should verify successfully but never get EV status.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  false);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // A DV chain should verify successfully.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+// Tests that in ocspOn mode, OCSP fetches are done for both EV and DV certs.
+function testOn() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 1);
+    do_print("Setting security.OCSP.enabled to 1");
+    run_next_test();
+  });
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder =
+      getOCSPResponder(gEVExpected ? ["test-oid-path-int", "test-oid-path-ee"]
+                                   : ["test-oid-path-ee"]);
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  gEVExpected);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // If a successful OCSP response is fetched, then a DV chain should verify
+  // successfully.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(["non-ev-root-path-ee"]);
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+// Tests that in ocspEVOnly mode, OCSP fetches are done for EV certs only.
+function testEVOnly() {
+  add_test(() => {
+    Services.prefs.setIntPref("security.OCSP.enabled", 2);
+    do_print("Setting security.OCSP.enabled to 2");
+    run_next_test();
+  });
+
+  // If a successful OCSP response is fetched, then an EV chain should verify
+  // successfully and get EV status as well.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = gEVExpected
+                      ? getOCSPResponder(["test-oid-path-int", "test-oid-path-ee"])
+                      : getFailingOCSPResponder();
+    checkEVStatus(gCertDB, certFromFile("test-oid-path-ee"), certificateUsageSSLServer,
+                  gEVExpected);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // A DV chain should verify successfully even without doing OCSP fetches.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = getFailingOCSPResponder();
+    checkCertErrorGeneric(gCertDB, certFromFile("non-ev-root-path-ee"),
+                          PRErrorCodeSuccess, certificateUsageSSLServer);
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+function run_test() {
+  do_register_cleanup(() => {
+    Services.prefs.clearUserPref("network.dns.localDomains");
+    Services.prefs.clearUserPref("security.OCSP.enabled");
+    Services.prefs.clearUserPref("security.OCSP.require");
+  });
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  // Enable hard fail to ensure chains that should only succeed because they get
+  // a good OCSP response do not succeed due to soft fail leniency.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  loadCert("evroot", "CTu,,");
+  loadCert("test-oid-path-int", ",,");
+  loadCert("non-evroot-ca", "CTu,,");
+  loadCert("non-ev-root-path-int", ",,");
+
+  testOff();
+  testOn();
+  testEVOnly();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
new file mode 100644
index 000000000..de89a4131
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method.js
@@ -0,0 +1,59 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we try to validate several ocsp responses, checking in particular
+// that we use the specified method for fetching ocsp. We also check what
+// POST fallback when an invalid GET response is received.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function start_ocsp_responder(expectedCertNames, expectedPaths,
+                              expectedMethods) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
+                            "test_ocsp_fetch_method", expectedCertNames,
+                            expectedPaths, expectedMethods);
+}
+
+function check_cert_err(cert_name, expected_error) {
+  let cert = constructCertFromFile("test_ocsp_fetch_method/" + cert_name + ".pem");
+  return checkCertErrorGeneric(certdb, cert, expected_error,
+                               certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_ocsp_fetch_method/ca.pem", 'CTu,CTu,CTu');
+  addCertFromFile(certdb, "test_ocsp_fetch_method/int.pem", ',,');
+
+  // Enabled so that we can force ocsp failure responses.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  add_test(function() {
+    clearOCSPCache();
+    Services.prefs.setBoolPref("security.OCSP.GET.enabled", false);
+    let ocspResponder = start_ocsp_responder(["a"], [], ["POST"]);
+    check_cert_err("a", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    Services.prefs.setBoolPref("security.OCSP.GET.enabled", true);
+    let ocspResponder = start_ocsp_responder(["a"], [], ["GET"]);
+    check_cert_err("a", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem
new file mode 100644
index 000000000..67961e695
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5DCCAc6gAwIBAgIUG4s0As2WcZndVBOEXzU8uA26EUIwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAMMQowCAYDVQQDDAFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozwwOjA4BggrBgEFBQcBAQQsMCowKAYI
+KwYBBQUHMAGGHGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC8wCwYJKoZIhvcN
+AQELA4IBAQAbh10OV6scfCpc71hMzfOhmxFlicFVlqWr9saGAg6renUfoq/ZDsDK
+F+gQOMyv4gtO0nAoXJ206ONNJZwAEFAusNFlfjk/sxKvmDwkGWwi/lSCtwk41loG
+UNH4YV2Y6IDLIuzvHzQgkhRJZ98nQhyPiBSZy5LoqGIi1+zTQkhYtB9yR0hwoFey
+JVTso2OwSwasZixBQ0NZ9WGOSupihYBJJI4BQyOwf75u2WWqTP4Yj59eZTEOIoP0
+u+5fG+mUKOrxVuZoEh6zse49IpuaOok0dW+o3soEVQqos/GuOL/sYhARfwCQT1MW
+kBdICJFXSTDPuXoOk58Y2QwUtsYq3Ifb
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
new file mode 100644
index 000000000..d3a3f86ef
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/a.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:a
+extension:authorityInformationAccess:http://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
new file mode 100644
index 000000000..6660f5d47
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
new file mode 100644
index 000000000..ebb4c376d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
new file mode 100644
index 000000000..c7a62b6f2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_fetch_method/moz.build
@@ -0,0 +1,22 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'a.pem',
+#    'ca.pem',
+#    'int.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ocsp_must_staple.js b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
new file mode 100644
index 000000000..24b32d6bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_must_staple.js
@@ -0,0 +1,116 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Tests OCSP Must Staple handling by connecting to various domains (as faked by
+// a server running locally) that correspond to combinations of whether the
+// extension is present in intermediate and end-entity certificates.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      gExpectOCSPRequest = !aStaplingEnabled;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling",
+                                 aStaplingEnabled);
+    });
+}
+
+function add_tests() {
+  // ensure that the chain is checked for required features in children:
+  // First a case where intermediate and ee both have the extension
+  add_ocsp_test("ocsp-stapling-must-staple-ee-with-must-staple-int.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_test(() => {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+    Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true);
+    let uri = Services.io.newURI("https://ocsp-stapling-must-staple-ee-with-must-staple-int.example.com",
+                                 null, null);
+    let keyHash = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+    let backupKeyHash = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
+    let header = `max-age=1000; pin-sha256="${keyHash}"; pin-sha256="${backupKeyHash}"`;
+    let ssservice = Cc["@mozilla.org/ssservice;1"]
+                      .getService(Ci.nsISiteSecurityService);
+    let sslStatus = new FakeSSLStatus();
+    sslStatus.serverCert = constructCertFromFile("ocsp_certs/must-staple-ee-with-must-staple-int.pem");
+    ssservice.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri, header, sslStatus, 0);
+    ok(ssservice.isSecureURI(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0),
+       "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com should have HPKP set");
+
+    // Clear accumulated state.
+    ssservice.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
+    Services.prefs.clearUserPref("security.cert_pinning.process_headers_from_non_builtin_roots");
+    Services.prefs.clearUserPref("security.cert_pinning.enforcement_level");
+    run_next_test();
+  });
+
+  // Next, a case where it's present in the intermediate, not the ee
+  add_ocsp_test("ocsp-stapling-plain-ee-with-must-staple-int.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true);
+
+  // We disable OCSP stapling in the next two tests so we can perform checks
+  // on TLS Features in the chain without needing to support the TLS
+  // extension values used.
+  // Test an issuer with multiple TLS features in matched in the EE
+  add_ocsp_test("multi-tls-feature-good.example.com",
+                PRErrorCodeSuccess, false);
+
+  // Finally, an issuer with multiple TLS features not matched by the EE.
+  add_ocsp_test("multi-tls-feature-bad.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, false);
+
+  // Now a bunch of operations with only a must-staple ee
+  add_ocsp_test("ocsp-stapling-must-staple.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-empty.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                PRErrorCodeSuccess, false);
+
+  // check that disabling must-staple works
+  add_test(function() {
+    clearSessionCache();
+    Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", false);
+    run_next_test();
+  });
+
+  add_ocsp_test("ocsp-stapling-must-staple-missing.example.com",
+                PRErrorCodeSuccess, true);
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_must_staple", true);
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(gExpectOCSPRequest,
+       "Should be getting an OCSP request only when expected");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
new file mode 100644
index 000000000..62ff1ba25
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_no_hsts_upgrade.js
@@ -0,0 +1,54 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// Test that if an OCSP request is made to a domain that (erroneously)
+// has HSTS status, the request is not upgraded from HTTP to HTTPS.
+
+function run_test() {
+  do_get_profile();
+  // OCSP required means this test will only pass if the request succeeds.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["good", "default-ee", "unused"]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  let goodOCSPResponse = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(goodOCSPResponse);
+  });
+  ocspResponder.start(8888);
+
+  // ocsp-stapling-none.example.com does not staple an OCSP response in the
+  // handshake, so the revocation checking code will attempt to fetch one.
+  // Since the domain of the certificate's OCSP AIA URI is an HSTS host
+  // (as added in the setup of this test, below), a buggy implementation would
+  // upgrade the OCSP request to HTTPS. We specifically prevent this. This
+  // test demonstrates that our implementation is correct in this regard.
+  add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess);
+  add_test(function () { run_next_test(); });
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  let uri = Services.io.newURI("http://localhost", null, null);
+  let sslStatus = new FakeSSLStatus();
+  SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                          "max-age=10000", sslStatus, 0);
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "localhost", 0),
+     "Domain for the OCSP AIA URI should be considered a HSTS host, otherwise" +
+     " we wouldn't be testing what we think we're testing");
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_required.js b/security/manager/ssl/tests/unit/test_ocsp_required.js
new file mode 100644
index 000000000..81b8677bc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_required.js
@@ -0,0 +1,55 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a domain (as faked by a server running locally)
+// and start up an OCSP responder (also basically faked) that gives a
+// response with a bad signature. With security.OCSP.require set to true,
+// this should fail (but it also shouldn't cause assertion failures).
+
+var gOCSPRequestCount = 0;
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // We don't actually make use of stapling in this test. This is just how we
+  // get a TLS connection.
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let args = [["bad-signature", "default-ee", "unused"]];
+  let ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+  let ocspResponseBadSignature = ocspResponses[0];
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 200, "OK");
+    response.setHeader("Content-Type", "application/ocsp-response");
+    response.write(ocspResponseBadSignature);
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+
+  add_tests();
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+
+  run_next_test();
+}
+
+function add_tests()
+{
+  add_connection_test("ocsp-stapling-none.example.com",
+                      SEC_ERROR_OCSP_BAD_SIGNATURE);
+  add_connection_test("ocsp-stapling-none.example.com",
+                      SEC_ERROR_OCSP_BAD_SIGNATURE);
+  add_test(function () {
+    equal(gOCSPRequestCount, 1,
+          "OCSP request count should be 1 due to OCSP response caching");
+    gOCSPRequestCount = 0;
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling.js b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
new file mode 100644
index 000000000..36c8aeaaf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling.js
@@ -0,0 +1,209 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with and without OCSP stapling enabled to determine that good
+// things happen and bad things don't.
+
+var gExpectOCSPRequest;
+
+function add_ocsp_test(aHost, aExpectedResult, aStaplingEnabled) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      gExpectOCSPRequest = !aStaplingEnabled;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling",
+                                 aStaplingEnabled);
+    });
+}
+
+function add_tests() {
+  // In the absence of OCSP stapling, these should actually all work.
+  add_ocsp_test("ocsp-stapling-good.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-malformed.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-srverr.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-trylater.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-needssig.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-unauthorized.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-good-other.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-none.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-critical-extension.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-noncritical-extension.example.com",
+                PRErrorCodeSuccess, false);
+  add_ocsp_test("ocsp-stapling-empty-extensions.example.com",
+                PRErrorCodeSuccess, false);
+
+  // Now test OCSP stapling
+  // The following error codes are defined in security/nss/lib/util/SECerrs.h
+
+  add_ocsp_test("ocsp-stapling-good.example.com", PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-revoked.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+
+  // SEC_ERROR_OCSP_INVALID_SIGNING_CERT vs SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE
+  // depends on whether the CA that signed the response is a trusted CA
+  // (but only with the classic implementation - mozilla::pkix always
+  // results in the error SEC_ERROR_OCSP_INVALID_SIGNING_CERT).
+
+  // This stapled response is from a CA that is untrusted and did not issue
+  // the server's certificate.
+  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+  let otherTestCA = constructCertFromFile("ocsp_certs/other-test-ca.pem");
+  add_test(function() {
+    certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT,
+                        Ci.nsIX509CertDB.UNTRUSTED);
+    run_next_test();
+  });
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // The stapled response is from a CA that is trusted but did not issue the
+  // server's certificate.
+  add_test(function() {
+    certDB.setCertTrust(otherTestCA, Ci.nsIX509Cert.CA_CERT,
+                        Ci.nsIX509CertDB.TRUSTED_SSL);
+    run_next_test();
+  });
+  // TODO(bug 979055): When using ByName instead of ByKey, the error here is
+  // SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE. We should be testing both cases.
+  add_ocsp_test("ocsp-stapling-good-other-ca.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // TODO: Test the case where the signing cert can't be found at all, which
+  // will result in SEC_ERROR_BAD_DATABASE in the NSS classic case.
+
+  add_ocsp_test("ocsp-stapling-malformed.example.com",
+                SEC_ERROR_OCSP_MALFORMED_REQUEST, true);
+  add_ocsp_test("ocsp-stapling-srverr.example.com",
+                SEC_ERROR_OCSP_SERVER_ERROR, true);
+  add_ocsp_test("ocsp-stapling-trylater.example.com",
+                SEC_ERROR_OCSP_TRY_SERVER_LATER, true);
+  add_ocsp_test("ocsp-stapling-needssig.example.com",
+                SEC_ERROR_OCSP_REQUEST_NEEDS_SIG, true);
+  add_ocsp_test("ocsp-stapling-unauthorized.example.com",
+                SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST, true);
+  add_ocsp_test("ocsp-stapling-unknown.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT, true);
+  add_ocsp_test("ocsp-stapling-good-other.example.com",
+                MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING, true);
+  // If the server doesn't staple an OCSP response, we continue as normal
+  // (this means that even though stapling is enabled, we expect an OCSP
+  // request).
+  add_connection_test("ocsp-stapling-none.example.com", PRErrorCodeSuccess,
+    function() {
+      gExpectOCSPRequest = true;
+      clearOCSPCache();
+      clearSessionCache();
+      Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+    }
+  );
+  add_ocsp_test("ocsp-stapling-empty.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-skip-responseBytes.example.com",
+                SEC_ERROR_OCSP_MALFORMED_RESPONSE, true);
+
+  add_ocsp_test("ocsp-stapling-critical-extension.example.com",
+                SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION, true);
+  add_ocsp_test("ocsp-stapling-noncritical-extension.example.com",
+                PRErrorCodeSuccess, true);
+  // TODO(bug 997994): Disallow empty Extensions in responses
+  add_ocsp_test("ocsp-stapling-empty-extensions.example.com",
+                PRErrorCodeSuccess, true);
+
+  add_ocsp_test("ocsp-stapling-delegated-included.example.com",
+                PRErrorCodeSuccess, true);
+  add_ocsp_test("ocsp-stapling-delegated-included-last.example.com",
+                PRErrorCodeSuccess, true);
+  add_ocsp_test("ocsp-stapling-delegated-missing.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-missing-multiple.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-no-extKeyUsage.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-from-intermediate.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-keyUsage-crlSigning.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+  add_ocsp_test("ocsp-stapling-delegated-wrong-extKeyUsage.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  // ocsp-stapling-expired.example.com and
+  // ocsp-stapling-expired-fresh-ca.example.com are handled in
+  // test_ocsp_stapling_expired.js
+
+  // Check that OCSP responder certificates with key sizes below 1024 bits are
+  // rejected, even when the main certificate chain keys are at least 1024 bits.
+  add_ocsp_test("keysize-ocsp-delegated.example.com",
+                SEC_ERROR_OCSP_INVALID_SIGNING_CERT, true);
+
+  add_ocsp_test("revoked-ca-cert-used-as-end-entity.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE, true);
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_OCSP_STAPLING")
+                    .snapshot();
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 5,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 18,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 0,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 21,
+        "Actual and expected connections with bad responses should match");
+  run_next_test();
+}
+
+function run_test() {
+  do_get_profile();
+
+  let fakeOCSPResponder = new HttpServer();
+  fakeOCSPResponder.registerPrefixHandler("/", function (request, response) {
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    ok(gExpectOCSPRequest,
+       "Should be getting an OCSP request only when expected");
+  });
+  fakeOCSPResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_tests();
+
+  add_test(function () {
+    fakeOCSPResponder.stop(check_ocsp_stapling_telemetry);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
new file mode 100644
index 000000000..b49be85e7
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_expired.js
@@ -0,0 +1,184 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a number of domains (as faked by a server running
+// locally) with OCSP stapling enabled to determine that good things happen
+// and bad things don't, specifically with respect to various expired OCSP
+// responses (stapled and otherwise).
+
+var gCurrentOCSPResponse = null;
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(aHost, aExpectedResult, aOCSPResponseToServe,
+                       aExpectedRequestCount) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      clearOCSPCache();
+      clearSessionCache();
+      gCurrentOCSPResponse = aOCSPResponseToServe;
+      gOCSPRequestCount = 0;
+    },
+    function() {
+      equal(gOCSPRequestCount, aExpectedRequestCount,
+            "Should have made " + aExpectedRequestCount +
+            " fallback OCSP request" + (aExpectedRequestCount == 1 ? "" : "s"));
+    });
+}
+
+do_get_profile();
+Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+Services.prefs.setIntPref("security.pki.sha1_enforcement_level", 4);
+var args = [["good", "default-ee", "unused"],
+             ["expiredresponse", "default-ee", "unused"],
+             ["oldvalidperiod", "default-ee", "unused"],
+             ["revoked", "default-ee", "unused"],
+             ["unknown", "default-ee", "unused"],
+            ];
+var ocspResponses = generateOCSPResponses(args, "ocsp_certs");
+// Fresh response, certificate is good.
+var ocspResponseGood = ocspResponses[0];
+// Expired response, certificate is good.
+var expiredOCSPResponseGood = ocspResponses[1];
+// Fresh signature, old validity period, certificate is good.
+var oldValidityPeriodOCSPResponseGood = ocspResponses[2];
+// Fresh signature, certificate is revoked.
+var ocspResponseRevoked = ocspResponses[3];
+// Fresh signature, certificate is unknown.
+var ocspResponseUnknown = ocspResponses[4];
+
+// sometimes we expect a result without re-fetch
+var willNotRetry = 1;
+// but sometimes, since a bad response is in the cache, OCSP fetch will be
+// attempted for each validation - in practice, for these test certs, this
+// means 6 requests because various hash algorithm and key size combinations
+// are tried.
+var willRetry = 6;
+
+function run_test() {
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+    if (gCurrentOCSPResponse) {
+      response.setStatusLine(request.httpVersion, 200, "OK");
+      response.setHeader("Content-Type", "application/ocsp-response");
+      response.write(gCurrentOCSPResponse);
+    } else {
+      response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+      response.write("Internal Server Error");
+    }
+    gOCSPRequestCount++;
+  });
+  ocspResponder.start(8888);
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  // In these tests, the OCSP stapling server gives us a stapled
+  // response based on the host name ("ocsp-stapling-expired" or
+  // "ocsp-stapling-expired-fresh-ca"). We then ensure that we're
+  // properly falling back to fetching revocation information.
+  // For ocsp-stapling-expired.example.com, the OCSP stapling server
+  // staples an expired OCSP response. The certificate has not expired.
+  // For ocsp-stapling-expired-fresh-ca.example.com, the OCSP stapling
+  // server staples an OCSP response with a recent signature but with an
+  // out-of-date validity period. The certificate has not expired.
+  add_ocsp_test("ocsp-stapling-expired.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  // if we can't fetch a more recent response when
+  // given an expired stapled response, we terminate the connection.
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                oldValidityPeriodOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                oldValidityPeriodOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                null, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_OLD_RESPONSE,
+                null, willNotRetry);
+  // Of course, if the newer response indicates Revoked or Unknown,
+  // that status must be returned.
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-expired.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+  add_ocsp_test("ocsp-stapling-expired-fresh-ca.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+
+  // If the response is expired but indicates Revoked or Unknown and a
+  // newer status can't be fetched, the Revoked or Unknown status will
+  // be returned.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                null, willNotRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                null, willNotRetry);
+  // If the response is expired but indicates Revoked or Unknown and
+  // a newer status can be fetched and successfully verified, this
+  // should result in a successful certificate verification.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  // If a newer status can be fetched but it fails to verify, the
+  // Revoked or Unknown status of the expired stapled response
+  // should be returned.
+  add_ocsp_test("ocsp-stapling-revoked-old.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                expiredOCSPResponseGood, willRetry);
+  add_ocsp_test("ocsp-stapling-unknown-old.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                expiredOCSPResponseGood, willRetry);
+
+  // These tests are verifying that an valid but very old response
+  // is rejected as a valid stapled response, requiring a fetch
+  // from the ocsp responder.
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com", PRErrorCodeSuccess,
+                ocspResponseGood, willNotRetry);
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com",
+                SEC_ERROR_REVOKED_CERTIFICATE,
+                ocspResponseRevoked, willNotRetry);
+  add_ocsp_test("ocsp-stapling-ancient-valid.example.com",
+                SEC_ERROR_OCSP_UNKNOWN_CERT,
+                ocspResponseUnknown, willRetry);
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+  add_test(check_ocsp_stapling_telemetry);
+  run_next_test();
+}
+
+function check_ocsp_stapling_telemetry() {
+  let histogram = Cc["@mozilla.org/base/telemetry;1"]
+                    .getService(Ci.nsITelemetry)
+                    .getHistogramById("SSL_OCSP_STAPLING")
+                    .snapshot();
+  equal(histogram.counts[0], 0,
+        "Should have 0 connections for unused histogram bucket 0");
+  equal(histogram.counts[1], 0,
+        "Actual and expected connections with a good response should match");
+  equal(histogram.counts[2], 0,
+        "Actual and expected connections with no stapled response should match");
+  equal(histogram.counts[3], 21,
+        "Actual and expected connections with an expired response should match");
+  equal(histogram.counts[4], 0,
+        "Actual and expected connections with bad responses should match");
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
new file mode 100644
index 000000000..21676f1d5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_stapling_with_intermediate.js
@@ -0,0 +1,45 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// In which we connect to a server that staples an OCSP response for a
+// certificate signed by an intermediate that has an OCSP AIA to ensure
+// that an OCSP request is not made for the intermediate.
+
+var gOCSPRequestCount = 0;
+
+function add_ocsp_test(aHost, aExpectedResult) {
+  add_connection_test(aHost, aExpectedResult,
+    function() {
+      clearOCSPCache();
+      clearSessionCache();
+    });
+}
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setBoolPref("security.ssl.enable_ocsp_stapling", true);
+
+  let ocspResponder = new HttpServer();
+  ocspResponder.registerPrefixHandler("/", function(request, response) {
+    gOCSPRequestCount++;
+    response.setStatusLine(request.httpVersion, 500, "Internal Server Error");
+    let body = "Refusing to return a response";
+    response.bodyOutputStream.write(body, body.length);
+  });
+  ocspResponder.start(8888);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  add_ocsp_test("ocsp-stapling-with-intermediate.example.com",
+                PRErrorCodeSuccess);
+
+  add_test(function () { ocspResponder.stop(run_next_test); });
+  add_test(function() {
+    equal(gOCSPRequestCount, 0, "No OCSP requests should have been made");
+    run_next_test();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_timeout.js b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
new file mode 100644
index 000000000..1c4803371
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_timeout.js
@@ -0,0 +1,88 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+"use strict";
+
+// This test connects to ocsp-stapling-none.example.com to test that OCSP
+// requests are cancelled if they're taking too long.
+// ocsp-stapling-none.example.com doesn't staple an OCSP response, so
+// connecting to it will cause a request to the OCSP responder. As with all of
+// these tests, the OCSP AIA (i.e. the url of the responder) in the certificate
+// is http://localhost:8888. Since this test opens a TCP socket listening on
+// port 8888 that just accepts connections and then ignores them (with
+// connect/read/write timeouts of 30 seconds), the OCSP requests should cancel
+// themselves. When OCSP hard-fail is enabled, connections will be terminated.
+// Otherwise, they will succeed.
+
+var gSocketListener = {
+  onSocketAccepted: function(serverSocket, socketTransport) {
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_CONNECT, 30);
+    socketTransport.setTimeout(Ci.nsISocketTransport.TIMEOUT_READ_WRITE, 30);
+  },
+
+  onStopListening: function(serverSocket, status) {}
+};
+
+function run_test() {
+  do_get_profile();
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  add_tls_server_setup("OCSPStaplingServer", "ocsp_certs");
+
+  let socket = Cc["@mozilla.org/network/server-socket;1"]
+                 .createInstance(Ci.nsIServerSocket);
+  socket.init(8888, true, -1);
+  socket.asyncListen(gSocketListener);
+
+  add_tests_in_mode(true);
+  add_tests_in_mode(false);
+
+  add_test(function() { socket.close(); run_next_test(); });
+  run_next_test();
+}
+
+function add_tests_in_mode(useHardFail) {
+  let startTime;
+  add_test(function () {
+    Services.prefs.setBoolPref("security.OCSP.require", useHardFail);
+    startTime = new Date();
+    run_next_test();
+  });
+
+  add_connection_test("ocsp-stapling-none.example.com", useHardFail
+                      ? SEC_ERROR_OCSP_SERVER_ERROR
+                      : PRErrorCodeSuccess, clearSessionCache);
+
+  // Reset state
+  add_test(function() {
+    let endTime = new Date();
+    let timeDifference = endTime - startTime;
+    do_print(`useHardFail = ${useHardFail}`);
+    do_print(`startTime = ${startTime.getTime()} (${startTime})`);
+    do_print(`endTime = ${endTime.getTime()} (${endTime})`);
+    do_print(`timeDifference = ${timeDifference}ms`);
+
+    // With OCSP hard-fail on, we timeout after 10 seconds.
+    // With OCSP soft-fail, we timeout after 2 seconds.
+    // Date() is not guaranteed to be monotonic, so add extra fuzz time to
+    // prevent intermittent failures (this only appeared to be a problem on
+    // Windows XP). See Bug 1121117.
+    const FUZZ_MS = 300;
+    if (useHardFail) {
+      ok(timeDifference + FUZZ_MS > 10000,
+         "Automatic OCSP timeout should be about 10s for hard-fail");
+    } else {
+      ok(timeDifference + FUZZ_MS > 2000,
+         "Automatic OCSP timeout should be about 2s for soft-fail");
+    }
+    // Make sure we didn't wait too long.
+    // (Unfortunately, we probably can't have a tight upper bound on
+    // how long is too long for this test, because we might be running
+    // on slow hardware.)
+    ok(timeDifference < 60000,
+       "Automatic OCSP timeout shouldn't be more than 60s");
+    clearOCSPCache();
+    run_next_test();
+  });
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url.js b/security/manager/ssl/tests/unit/test_ocsp_url.js
new file mode 100644
index 000000000..799c934d0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url.js
@@ -0,0 +1,137 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+"use strict";
+
+// In which we try to validate several ocsp responses, checking in particular
+// if the ocsp url is valid and the path expressed is correctly passed to
+// the caller.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function failingOCSPResponder() {
+  return getFailingHttpServer(SERVER_PORT, ["www.example.com"]);
+}
+
+function start_ocsp_responder(expectedCertNames, expectedPaths) {
+  return startOCSPResponder(SERVER_PORT, "www.example.com",
+                            "test_ocsp_url", expectedCertNames, expectedPaths);
+}
+
+function check_cert_err(cert_name, expected_error) {
+  let cert = constructCertFromFile("test_ocsp_url/" + cert_name + ".pem");
+  return checkCertErrorGeneric(certdb, cert, expected_error,
+                               certificateUsageSSLServer);
+}
+
+function run_test() {
+  addCertFromFile(certdb, "test_ocsp_url/ca.pem", 'CTu,CTu,CTu');
+  addCertFromFile(certdb, "test_ocsp_url/int.pem", ',,');
+
+  // Enabled so that we can force ocsp failure responses.
+  Services.prefs.setBoolPref("security.OCSP.require", true);
+
+  Services.prefs.setCharPref("network.dns.localDomains",
+                             "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  // Note: We don't test the case of a well-formed HTTP URL with an empty port
+  //       because the OCSP code would then send a request to port 80, which we
+  //       can't use in tests.
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("bad-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("empty-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("ftp-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("https-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["hTTp-url"], ["hTTp-url"]);
+    check_cert_err("hTTp-url", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("negative-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    // XXX Bug 1013615 parser accepts ":8888" as hostname
+    check_cert_err("no-host-url", SEC_ERROR_OCSP_SERVER_ERROR);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["no-path-url"], ['']);
+    check_cert_err("no-path-url", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("no-scheme-host-port", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("no-scheme-url", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = failingOCSPResponder();
+    check_cert_err("unknown-scheme", SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
+    ocspResponder.stop(run_next_test);
+  });
+
+  // Note: We currently don't have anything that ensures user:pass sections
+  //       weren't sent. The following test simply checks that such sections
+  //       don't cause failures.
+  add_test(() => {
+    clearOCSPCache();
+    let ocspResponder = start_ocsp_responder(["user-pass"], [""]);
+    check_cert_err("user-pass", PRErrorCodeSuccess);
+    ocspResponder.stop(run_next_test);
+  });
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
new file mode 100644
index 000000000..861b9aafa
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUCaJzhLV6+ZV0VKdbJAcMFrvd69gwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAVMRMwEQYDVQQDDApiYWQtc2NoZW1lMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo
+4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDD
+SeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFX
+kD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUx
+owyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/
+Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozEwLzAtBggrBgEFBQcB
+AQQhMB8wHQYIKwYBBQUHMAGGES93d3cuZXhhbXBsZS5jb20vMAsGCSqGSIb3DQEB
+CwOCAQEAXYD4EqSv7TXWNlkAHZHg5LCCmbM9pRzAsw/tkYPAiW0OvWQsIfqQpQQG
+1e5A4ENvTtOmZbvLTsqjx4k6+mAFHUl/Q/FaelMAHYSGOLivbWeAAVKz6gB862Vy
+tP9+vkhT6KvefbylPNMXpa0vJME5n+CbA0NM2s0DRaE/rfADfYS8sh2rC0RaJ0yz
+aqy833FmHhMgwkzOICo/RJawd+9qBbksa5O+Dq1ybYMVKA3m4IkeIBup/5AHz30n
+hKX1oU/kO+/eDb9nr/lzEmRwBPP9w93rBdEE6210278nzfTj6qzIHYAqpxt60eqR
+BDL9i3piPxTmjj46SHBwQ29i5bcbuA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
new file mode 100644
index 000000000..12cc07279
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/bad-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:bad-scheme
+extension:authorityInformationAccess:/www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
new file mode 100644
index 000000000..1a18e2bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUL5zykZEc2ro5d6th43aWGfm735cwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAMBgNVHRMEBTADAQH/MAsGA1Ud
+DwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHPYBjNnv//Ssc8Elepb8SWIXRdahKbL
+/dcPoMR+7yhJVaelUaxdwUytJWJAGdkkuv+P+G4b82RVYEXT+9k1S/aAfByFyR9q
+vS7POfdy/ZPfGTXltlnmYX/84a6QeYQa4Nl4JpIOXBCesLxmErBhczka6D26iqsz
+GeseKRSjVPgF3mXc2CRGZnTDRhUmd7wOABLmj7GtuFvOm96363M3IUByMohvoj1G
+dic3s5D0seXwTKnEc5B27lJt7Q0oIXEldL+UW8Mo1hfGWQeXzqTZbpOVLnVWvHBH
+H8yYs5hyH01qFJZbztJ1JJ3F2NpYLlr4P5I6fW2e9w5MG/VMQRU3wzQ=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
new file mode 100644
index 000000000..d809dbd63
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ca.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:ca
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
new file mode 100644
index 000000000..94d4ba65e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7zCCAdmgAwIBAgIUOTJ+sDQz8pANxE2LQvwLOgmcu/EwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAbMRkwFwYDVQQDDBBlbXB0eS1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFds
+JHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4
+ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25
+iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu3
+4pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42
+yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozgwNjA0Bggr
+BgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGDovL3d3dy5leGFtcGxlLmNvbTo4ODg4
+LzALBgkqhkiG9w0BAQsDggEBAGVsX7ECTXpR66t/SCCb+ff6dAjsrc2FxrsToTav
+WNMumGFeVeBE/oTi2c1UNuWM1Lui1Dm6ZpK8Meau7r97ZtumhLF1T0Mqg9cr2ZPf
+WCGaaO/BS/bby4e9o2pxWkGcSD10vXjwZvEPVBB6JF6CW9vSV1bqutig08aNw7na
++73sRHgWbeXMDBbcbtbgR4F0CY5SCqkrPvclP89mC8Qn1yWjM0xuJLAcIaNupdzr
+H7RHiUVTmf6VIBjuOuSGpXGTpxPCn63rDo1DO0o4z/UFwjrEUrSnQ4/4ouRc3V2/
+BdUN/myc0Ao/kPKK/w/oB4YchP44YxTIwKL22I5DhsOJuGE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
new file mode 100644
index 000000000..e8959653f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/empty-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:empty-scheme-url
+extension:authorityInformationAccess:://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
new file mode 100644
index 000000000..4ddeaa0e5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUX8TTEyzTjyKkXvlNDjfOeVgdwUkwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjASMRAwDgYDVQQDDAdmdHAtdXJsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4Ngf
+vbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTb
+uUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3S
+O8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR
+3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv
+5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozswOTA3BggrBgEFBQcBAQQr
+MCkwJwYIKwYBBQUHMAGGG2Z0cDovL3d3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq
+hkiG9w0BAQsDggEBAD8v/SRKYMHiPDPVJayeugI6KhLXFpXFxwzUK5Aq1mjGjIz1
+ibRoY2JcrXFrZ13V8Gtb+MjMLIi72UcLyIVvEaUhFo7X8rcP5zajmaetGuaKKV61
+E7LOuXLaGY/zQOidgpHgU7QCix/MyGoVuqHvOrwGH9V5UalxZKTOrJ4Dd66XTd3p
++5cy158BhzJRbi1y0XST/ePfQAlA3dQmI0m7UINiAQofSvzZbybR/dyDWhLQTNsG
+NtQ2QbilokejHOqrt/XJ+BGx5ebvY8U9pS26+r0k4CfDtxSYgIc7/mK9LIT5KyhU
+LuTdXpdddngkOMKHQ0XgF39F3cgkg3IcjjAbjOE=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
new file mode 100644
index 000000000..9f50a7d79
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/ftp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:ftp-url
+extension:authorityInformationAccess:ftp://www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
new file mode 100644
index 000000000..35b5b0fbf
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC8zCCAd2gAwIBAgIUDVa/q45VECP/2micfLYGBWXE7aMwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjATMREwDwYDVQQDDAhoVFRwLXVybDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODY
+H72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk
+27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A9
+0jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMM
+kd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaL
+L+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaNEMEIwQAYIKwYBBQUHAQEE
+NDAyMDAGCCsGAQUFBzABhiRoVFRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgvaFRU
+cC11cmwwCwYJKoZIhvcNAQELA4IBAQCPVRLwtymkJVeBFO8jZ/WitBfyAqTH3PN8
+8HXxYbN3Cx49MqEwET+zUj/irQsKx59vZcY5UUO3icqgbcUGidxgMoOxlXxdsQjZ
+Xe6ThY27HPnV5c7mI2SQwdr/IAhHxml7OfjiZ0VoFl4RsUKghU77z0x0NMDQWN6m
+Tg19Hqyy5t2fC4zpRUQifBNEaz9tHYKN/AC8Fu2iFYPOQcz+g+KGDvwCiKdSZJba
+9yVMJolq6DWbKr20aSdJIOqQV0S4Ww2G88uxUcpwZ5wRa2WOW8a/FnusNP3Anhiy
+RrEJh/Dzdpsi24YBfQ9m6+D9SFfqEjfKJLLcLI6jrCc68v2OfJfa
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
new file mode 100644
index 000000000..10b1504b2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/hTTp-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:hTTp-url
+extension:authorityInformationAccess:hTTp://www.example.com:8888/hTTp-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
new file mode 100644
index 000000000..3229f8b6b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUdyMaqHO/yYxno+R+AgpRtlTqEHEwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAUMRIwEAYDVQQDDAlodHRwcy11cmwwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB
+BDYwNDAyBggrBgEFBQcwAYYmaHR0cHM6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9o
+dHRwcy11cmwwCwYJKoZIhvcNAQELA4IBAQB4H70+zX9CJm7Y6AitWnaUheWOow2l
+JdO+iOAFM6HsxWu/X/ukZ+p6IEj79KiwyYJuyDPxms3ZUYmKEGHfChFalJbZqT8U
+DNhgKUZYGMM4VK94plUGl8yaiW0r7kCygLrsWT7+NkkLdsZ8AV2R64brTa6BcvO6
+msbyHZ6XX+W0IzlWvnNVTbTVaHu+YIi5oY+z9Zn7Q9cn8mUGn3Txk6/o7iZ8HSGo
+f0RHw6WphwniPmYy6En8mOHJca30iu960Q4KVHZ0NzrVSvRjZugbkSdEp5XPbzn1
+27jMaOWtst30JTMmLtKKkeb6rhDgIhF8jhSbFaygIERYLSuTryh31yRn
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
new file mode 100644
index 000000000..891005bf5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/https-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:https-url
+extension:authorityInformationAccess:https://www.example.com:8888/https-url
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
new file mode 100644
index 000000000..fd60e5fe2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxjCCAbCgAwIBAgIUazy/vTocAuxP85PTc+O1JXs8WWEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMA4xDDAKBgNVBAMMA2ludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wcclqODYH72xnAab
+bhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sgw0nk27lMwmts
+Du0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCxV5A90jvF4LhI
+H6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1MaMMkd20yvf8
+rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kX
+Mbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNV
+HQ8EBAMCAQYwCwYJKoZIhvcNAQELA4IBAQA6lr0lbqcaGYjYAAcA5BngiUobuYFn
+4jdYK9eR6hiT5PmYRQZ9/y+2aYNF/ygiBBqBdEq/Nhrm35WeUHvDBaT8OZLBjf+g
+krEAmu2ivrHZWrx16HBVDd9JdTUCx8j1HUo5fadFnsQh7nuh/VIoemox+/e8mKfh
++fW3noAoH/MRfP9VYoS0KzkW8ILiWOR1joNOHDZzanMiM/YCHO1nckq2ntI2T+kO
+MNMkB+j1w5Fu6P8pgyToleHs3WmlWAeDjXygZkEhg+9uuBXb8/IyuS3cYt9ovhSh
+++A25JRmqaQn2Ywd+CMsGe4MTYOsRnZPK0Co6TBteRWRdwSpqzb+UOqY
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
new file mode 100644
index 000000000..a7f6d8141
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/int.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:int
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/moz.build b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
new file mode 100644
index 000000000..5fd0335fb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/moz.build
@@ -0,0 +1,33 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'bad-scheme.pem',
+#    'ca.pem',
+#    'empty-scheme-url.pem',
+#    'ftp-url.pem',
+#    'hTTp-url.pem',
+#    'https-url.pem',
+#    'int.pem',
+#    'negative-port.pem',
+#    'no-host-url.pem',
+#    'no-path-url.pem',
+#    'no-scheme-host-port.pem',
+#    'no-scheme-url.pem',
+#    'unknown-scheme.pem',
+#    'user-pass.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'int.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
new file mode 100644
index 000000000..d5da47063
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7jCCAdigAwIBAgIUOYKMbwiA6Ox6tlyXbkCVolKaQrUwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAYMRYwFAYDVQQDDA1uZWdhdGl2ZS1wb3J0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozowODA2BggrBgEF
+BQcBAQQqMCgwJgYIKwYBBQUHMAGGGmh0dHA6Ly93d3cuZXhhbXBsZS5jb206LTEv
+MAsGCSqGSIb3DQEBCwOCAQEADBQNEPkXMARLS21MqOa2IrMxwTEJruvmt52cmdpP
+5g3D6U+YNrCS3sBXz4iHOpTJzPq6bcA4l2MsozaXuNXGxtYmqKVAOQaeZEkfkidH
+VRRrYlDx9krWWmbwMdXpHMdEvaa8ALbmdVHZGFvr/SULQJZ0bOJlS0T9QsbGvPJN
+85O5sB92GF3xX1/PfSEE4adoNHjoi3iBwkCHbt8l+8Yrxi0NFv+jyZ1Cjl6HgA4H
+/5QAdQK1QRSOcWdoiUKZnmS7R7lV4TUZ4ddmd1xKo6ZkM7lqKJWZRJaYyBk/2oLC
+J1VpmiIPGzU8pqavEiJkI73wsKqIvLhzXE30+cmHu6lx/Q==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
new file mode 100644
index 000000000..fce6d4384
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/negative-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:negative-port
+extension:authorityInformationAccess:http://www.example.com:-1/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
new file mode 100644
index 000000000..e1dd6e432
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUdxTe9sPzOgKwgY0vD+1x2d7atJkwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAWMRQwEgYDVQQDDAtuby1ob3N0LXVybDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMtMCswKQYIKwYBBQUH
+AQEEHTAbMBkGCCsGAQUFBzABhg1odHRwOi8vOjg4ODgvMAsGCSqGSIb3DQEBCwOC
+AQEAYLCyovqbhUruG91y2BOZo79Hios1jHFDSQQaiJPnCWv5wwDo6ZNaIDO4HZGz
+WOyHUVeau3OHN2j1xSPJa2e9q+mHocU7NPMYT9GTbFOrvq6wKNl0ySpPDA87EqFa
+Xumc/iMxIEqbTM85MTBQoMwBXH7Dn4YGbiGyKldHTeiHdBNYk7ck3810hTh5In6n
+sJjeH04x6HnX2bN87w5ydW8IupdQtRRlyi7D+Xrh5/P6DgKQeBYYgZYP8pm1c1sv
+ElZJ5HC8zNSdpbox8NQ+TeKJSH66Uzp4xzC5fC387bhT3pqF+L0mXey5+PAirPwe
+2qCSHS1Wrob1dEOL2F2OtxCc7A==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
new file mode 100644
index 000000000..4ac76e7eb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-host-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-host-url
+extension:authorityInformationAccess:http://:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
new file mode 100644
index 000000000..0a2b18870
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC7TCCAdegAwIBAgIUAXS6lqxRzJJJN9dWf3AQsJXfmrQwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAWMRQwEgYDVQQDDAtuby1wYXRoLXVybDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM7MDkwNwYIKwYBBQUH
+AQEEKzApMCcGCCsGAQUFBzABhhtodHRwOi8vd3d3LmV4YW1wbGUuY29tOjg4ODgw
+CwYJKoZIhvcNAQELA4IBAQARmP6mnoEp1iAK4icGW3lqQK4bv94YAIn+h2d6lWqS
+I1ccW2lfzPowYNfcbvdPqgytOkBzxVZGjMfWhtWQrTHhxKh+qp8oQPEtGcGMYma7
+tuaeN5BZnoRMbRmGw/i/Wl7MgByjGRvrcwyZF+zb5SxUqgt4fRYY0IsaWQP5Zdmu
+tk31gvNbRhT4aFeteb8XuyEt4zRwk30bjXHRWSbWO29fqTx5PpVXJzdRYZr1fLqL
+6ytWx/Wri5WgvQgqYCL8aHng9qOzJPz8/ASNXzwmHjiPxEKf+Ebw3Nxo4NZ/3NdW
+AcWN8hLLSnGun0gkTEuzYhgN/lglftInFXvEWYCLc/a7
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
new file mode 100644
index 000000000..497bb2879
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-path-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-path-url
+extension:authorityInformationAccess:http://www.example.com:8888
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
new file mode 100644
index 000000000..cee29837d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC2zCCAcWgAwIBAgIUP1Op7k2Kxth54BUkOFVzyl/3GBgwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAeMRwwGgYDVQQDDBNuby1zY2hlbWUtaG9zdC1wb3J0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABoyEwHzAd
+BggrBgEFBQcBAQQRMA8wDQYIKwYBBQUHMAGGAS8wCwYJKoZIhvcNAQELA4IBAQAQ
+t9S6Ca0G+iUIlFzRZWzt/yrSSYNqKN0GZkMEEQc0CuPK7y55UxsO0reNHatBjFMN
+6UMJa6GpIimFOcRmEvGHo5N26O0glZr+lUv66Z+/YszzG6EY3W3QLo9TUBIfkonv
+Fvt5F/EygyjUq8JoOMjuFZrGrGuLA2wkbD/xQZdZSwZKfOVuPcShPnCZZIFm6Wyu
+qzg7IKcHonKqt4ClHnCWJp1gSjbpGLwZnnjkQWOpOavnVdCxMFh+soPUqmZfomAd
+NMM/OXt3T8SqTh6zLykKPmT7mLvdT0oK/wMOQAAqYnZ1lL/TaDl9JiWmiUHJV6wK
+Iwd64wWH42VHvJa7RkGx
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
new file mode 100644
index 000000000..42a555e41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-host-port.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-host-port
+extension:authorityInformationAccess:/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
new file mode 100644
index 000000000..58d799cb1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAdOgAwIBAgIUU9pq10HPzAkXsubwVrSbSByUa0MwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAYMRYwFAYDVQQDDA1uby1zY2hlbWUtdXJsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABozUwMzAxBggrBgEF
+BQcBAQQlMCMwIQYIKwYBBQUHMAGGFXd3dy5leGFtcGxlLmNvbTo4ODg4LzALBgkq
+hkiG9w0BAQsDggEBAKpD33VUYjJ48aRC30LmPfcncPdPb6TshHzLEWVk17sojkVl
+UqzljaHcoE5yj76qG30POy/Kdy3XC7Ml3divY3feIPF9OhW5Ajt1pMMLPbIhGTK2
+vW3VXR4eD3VesXyPaJqm6xp0kKjOi0E/tHmnVCVeSdv9VxPmiBcEK8vfnA0H5qHH
+KeV/ZX1DQSAS+naG8aEPhUFKa9x815Xj1t7r6xDkGOvLfvVtw1Md9lP62numDRc0
+nDC/qu8qcZUGXDJgEpqWgBpF6jfjqIAWQfioMI02xFIOqq5fSq6BCbKgpHAkVKp7
+rWobSHnjDNlPTfjW7m9U/0evheZ6ICz404fUENw=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
new file mode 100644
index 000000000..a82196a6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/no-scheme-url.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:no-scheme-url
+extension:authorityInformationAccess:www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
new file mode 100644
index 000000000..1ab089a8c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6zCCAdWgAwIBAgIUK9u6obbJ2SPIjRSDpKRrgdRN/awwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAZMRcwFQYDVQQDDA51bmtub3duLXNjaGVtZTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7
+wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCAp
+k6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhh
+eZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KW
+EsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONssc
+JAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaM2MDQwMgYIKwYB
+BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZ0dHA6Ly93d3cuZXhhbXBsZS5jb20vMAsG
+CSqGSIb3DQEBCwOCAQEANVw4eInvNA1+4oQxbmPEZ7IDm/Cq5u2kn0/Dm6NqI1YS
+YmQtw7F6ooE1MDKuCo0nVvvbRjlv68WiIYSaGZjpD8mcZJEDGXXUaVivcPO9jakQ
+pu+wzUjo41YmvvSCgBlHu7w0QWvQL4Ybk6hxZxDGIBM9HoiNnxaxKPehfc2Knb8V
+RyAZvPA/0Nwtm3L+lZYmNA3i9WBWSC3p2jblCTt62UhevnmKX9ASX2TNpLDI6Brn
+hoBpQUzQrXWYklC2GxBL28kx0in4NrQ264vNLO9weJacQY/Hxn/gJNyUguFDE/hk
+nhc9SA29F8YtLJ6fKzizMypqQEtn1oTW3wPORruoDw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
new file mode 100644
index 000000000..008945539
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/unknown-scheme.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:unknown-scheme
+extension:authorityInformationAccess:ttp://www.example.com/
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
new file mode 100644
index 000000000..aead46e41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC9jCCAeCgAwIBAgIUJYO4u8rbDNc65pazTgjE2dK2ZPgwCwYJKoZIhvcNAQEL
+MA4xDDAKBgNVBAMMA2ludDAiGA8yMDE1MTEyODAwMDAwMFoYDzIwMTgwMjA1MDAw
+MDAwWjAUMRIwEAYDVQQDDAl1c2VyLXBhc3MwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg
+2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ
+5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQ
+PdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGj
+DJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8W
+iy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMBAAGjRjBEMEIGCCsGAQUFBwEB
+BDYwNDAyBggrBgEFBQcwAYYmaHR0cDovL3VzZXI6cGFzc0B3d3cuZXhhbXBsZS5j
+b206ODg4OC8wCwYJKoZIhvcNAQELA4IBAQA4qxh5V92DpwQWEvVz0NH9NPwQdIyv
+vgAtHigtX7BEtLp3HfLZX4xb8vOmg9X2Qd921zJIBgMIFtmn2oHjeKrceu2sL7pj
+tccHrCYabr5IlcRH8oub8RerRV6tW6X3Ulo6lcdY2LvZJkYuvLyKKuTB6qSfNyD2
+2xzxgSUMRtT6eBMZoCU+N6MQiwv0FzR67dZrXOkpYnKQ95+NVC2eiXnjPi4eLAv1
+7Qvafih2nXmZ0LL3oGcls8WITBNCdqYyXolAIJJQau73Yrhal0nQJGbSSedguhsG
+CEpuoTou4gFhR0DTiLuWMNfF4WNTIUvmnNYfqvSzUUyFyA9msyQ0YkAj
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
new file mode 100644
index 000000000..337e67e5f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_ocsp_url/user-pass.pem.certspec
@@ -0,0 +1,3 @@
+issuer:int
+subject:user-pass
+extension:authorityInformationAccess:http://user:pass@www.example.com:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/moz.build b/security/manager/ssl/tests/unit/test_onecrl/moz.build
new file mode 100644
index 000000000..560826d89
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/moz.build
@@ -0,0 +1,14 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'same-issuer-ee.pem',
+#    'test-int-ee.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
new file mode 100644
index 000000000..c48cd895b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgegAwIBAgIUI9484x9tR8knqKhzbTfed86/unswCwYJKoZIhvcNAQEL
+MBIxEDAOBgNVBAMMB1Rlc3QgQ0EwIhgPMjAxNTExMjgwMDAwMDBaGA8yMDE4MDIw
+NTAwMDAwMFowIjEgMB4GA1UEAwwXQW5vdGhlciBUZXN0IEVuZC1lbnRpdHkwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W1kH9braIBjYQPTwT
+2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEIeqVap0WH9xzV
+JJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6iypB7qdw4A8N
+jf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Zaqn4CkC86exCA
+BiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7LyJvaeO0ipVh
+He4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs2hgKNe2NAgMB
+AAGjWzBZMCMGA1UdEQQcMBqCCWxvY2FsaG9zdIINKi5leGFtcGxlLmNvbTAyBggr
+BgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9sb2NhbGhvc3Q6ODg4OC8w
+CwYJKoZIhvcNAQELA4IBAQB5uSG64u2JLPE1TsnPQfJT8bmzhov2VGvdyHHS1ANM
+zj900qpH4qNDGAaJwHSPhGdvPuJkd7Gzz/1i3kEKX/4FFkl0Md7O2xnqMn6shzKn
+kt4QAWFE+3Y5qloHLZxLAJ7xoCqxTsh+BXBgsnxR0YIJsjTXomB7kiyw5YWgRVlG
+iBlDCLuv/BEmOWXADF1Ly3qXPKWsr+tXfNl5IKjUUDdDcGHKFNYq6QyScgDokCE+
+PXEZwSiHdPpHhK1/eMIegl2rMycvw0vptPznr8MqF5COXGI9/W4ObHtXJnt6/I/C
+re6JOK6abYxpOJsLRXSovFc+RQQPrb6J7QA8Imt7FDkX
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
new file mode 100644
index 000000000..8b20f03f5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/same-issuer-ee.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Test CA
+subject:Another Test End-entity
+extension:subjectAlternativeName:localhost,*.example.com
+extension:authorityInformationAccess:http://localhost:8888/
diff --git a/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
new file mode 100644
index 000000000..e8d9db746
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/sample_revocations.txt
@@ -0,0 +1,39 @@
+# a sample revocations.txt for tests
+# Lines starting with '#' are ignored - as are empty lines like this:
+
+# otherwise:
+# non-empty lines are treated as base-64 encoded DER DN data (e.g. issuer or
+# subject)
+# ...unless the line starts with a ' ' (space) character, in which case it's
+# assumed to be base-64 encoded DER serial data, or
+# the line starts with a '\t' (tab) character, in which case it's assumed to
+# be a base-64 encoded SHA256 hash of a public key
+
+# First a serial with no issuer to ensure this doesn't cause parsing to fail
+# (there should be an issuer first, but we need to test this won't fail)
+ dGVzdA==
+# next, let's ensure data that isn't valid base64 doesn't cause breakage.
+ this serial isn't valid base64 (but then there's no issuer anyway)
+Neither is this issuer, though the serial is fine
+ dGVzdA==
+dGVzdA==
+ in this case, issuer is fine but not the serial
+# Next two entries; we can add valid base-64 encoded data for some basic tests:
+# issuer is "some imaginary issuer" base-64 encoded
+# and serial "serial." base-64 encoded
+c29tZSBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+# issuer is "another imaginary issuer" base-64 encoded
+# serials are "serial." and "serial2." base-64 encoded
+YW5vdGhlciBpbWFnaW5hcnkgaXNzdWVy
+ c2VyaWFsLg==
+ c2VyaWFsMi4=
+# subject is "some imaginary subject", base-64 encoded
+# pubKeyHash is the sha256 hash of "some imaginary pubkey" base-64 encoded
+c29tZSBpbWFnaW5hcnkgc3ViamVjdA==
+	blBNgTxORaii2Sqe9bQcYsmfJ3kiXOLiKLzQNJ2wZYE=
+# and some more data to ensure that mixed items don't cause parsing failure
+a DN
+ a serial
+	a hash
+ another serial
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
new file mode 100644
index 000000000..34d2cf669
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5jCCAdCgAwIBAgIUQyYXainIoMjK+7Pogg88tLd6ERgwCwYJKoZIhvcNAQEL
+MBwxGjAYBgNVBAMMEVRlc3QgSW50ZXJtZWRpYXRlMCIYDzIwMTUxMTI4MDAwMDAw
+WhgPMjAxODAyMDUwMDAwMDBaMCQxIjAgBgNVBAMMGUVFIGlzc3VlZCBieSBpbnRl
+cm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGoRI4W
+1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtq
+ZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx
+0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthV
+t2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo
+4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx
+1QOs2hgKNe2NAgMBAAGjGDAWMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDALBgkqhkiG
+9w0BAQsDggEBAG5fRtX3qlA/A0hm3SwbARbljUehHxdHTeiz8qAbX5aEo7LRCxjr
+BccpjzVqwiZxfwqcAyHT/+CrFrgKvpN6rnuNnmNvScH3BeTmXEkImiHc0nZTYyOH
+Xep3I0ZEDa+2H5WDXfCbwF6JIQKJ2j3TR+c5/PzS3RLIkXG8wKcmv6Ldi5vwrIM7
+DDZ+k3a65JYSQwg9Q8gZoEBKmcalVD86+OQcs1HijU7ylS9PO8HB/sYakDPuKqRM
+xZgIBTDctRET07KtAIpBEnbfiWkI6xh4tTYj4IrRA5Yz8ajRImdn0IhJSld5Wgoy
+cQ1L2ia/hgcTIdQ+pIIV2lcepTaNMeIpCoI=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
new file mode 100644
index 000000000..24792d540
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_onecrl/test-int-ee.pem.certspec
@@ -0,0 +1,3 @@
+issuer:Test Intermediate
+subject:EE issued by intermediate
+extension:subjectAlternativeName:localhost
diff --git a/security/manager/ssl/tests/unit/test_password_prompt.js b/security/manager/ssl/tests/unit/test_password_prompt.js
new file mode 100644
index 000000000..cdf4227cb
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_password_prompt.js
@@ -0,0 +1,78 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM can successfully ask for a password from the user and relay it
+// back to NSS. Does so by mocking out the actual dialog and "filling in" the
+// password. Also tests that providing an incorrect password will fail (well,
+// technically the user will just get prompted again, but if they then cancel
+// the dialog the overall operation will fail).
+
+var gMockPrompter = {
+  passwordToTry: null,
+  numPrompts: 0,
+
+  // This intentionally does not use arrow function syntax to avoid an issue
+  // where in the context of the arrow function, |this != gMockPrompter| due to
+  // how objects get wrapped when going across xpcom boundaries.
+  promptPassword: function(dialogTitle, text, password, checkMsg, checkValue) {
+    this.numPrompts++;
+    if (this.numPrompts > 1) { // don't keep retrying a bad password
+      return false;
+    }
+    equal(text,
+          "Please enter the master password for the Software Security Device.",
+          "password prompt text should be as expected");
+    equal(checkMsg, null, "checkMsg should be null");
+    ok(this.passwordToTry, "passwordToTry should be non-null");
+    password.value = this.passwordToTry;
+    return true;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIPrompt]),
+};
+
+// Mock nsIWindowWatcher. PSM calls getNewPrompter on this to get an nsIPrompt
+// to call promptPassword. We return the mock one, above.
+var gWindowWatcher = {
+  getNewPrompter: () => gMockPrompter,
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsIWindowWatcher]),
+};
+
+function run_test() {
+  do_get_profile();
+
+  let windowWatcherCID =
+    MockRegistrar.register("@mozilla.org/embedcomp/window-watcher;1",
+                           gWindowWatcher);
+  do_register_cleanup(() => {
+    MockRegistrar.unregister(windowWatcherCID);
+  });
+
+  // Set an initial password.
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  token.initPassword("hunter2");
+  token.logoutSimple();
+
+  // Try with the correct password.
+  gMockPrompter.passwordToTry = "hunter2";
+  // Using nsISecretDecoderRing will cause the password prompt to come up if the
+  // token has a password and is logged out.
+  let sdr = Cc["@mozilla.org/security/sdr;1"]
+              .getService(Ci.nsISecretDecoderRing);
+  sdr.encryptString("poke");
+  equal(gMockPrompter.numPrompts, 1, "should have prompted for password once");
+
+  // Reset state.
+  gMockPrompter.numPrompts = 0;
+  token.logoutSimple();
+
+  // Try with an incorrect password.
+  gMockPrompter.passwordToTry = "*******";
+  throws(() => sdr.encryptString("poke2"), /NS_ERROR_FAILURE/,
+         "logging in with the wrong password should fail");
+  equal(gMockPrompter.numPrompts, 2, "should have prompted for password twice");
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning.js b/security/manager/ssl/tests/unit/test_pinning.js
new file mode 100644
index 000000000..4d3c2fac8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning.js
@@ -0,0 +1,263 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+//
+// For all cases, the acceptable pinset includes only certificates pinned to
+// Test End Entity Cert (signed by issuer testCA). Other certificates
+// are issued by otherCA, which is never in the pinset but is a user-specified
+// trust anchor. This test covers multiple cases:
+//
+// Pinned domain include-subdomains.pinning.example.com includes subdomains
+// - PASS: include-subdomains.pinning.example.com serves a correct cert
+// - PASS: good.include-subdomains.pinning.example.com serves a correct cert
+// - FAIL (strict): bad.include-subdomains.pinning.example.com serves a cert
+// not in the pinset
+// - PASS (mitm): bad.include-subdomains.pinning.example.com serves a cert not
+// in the pinset, but issued by a user-specified trust domain
+//
+// Pinned domain exclude-subdomains.pinning.example.com excludes subdomains
+// - PASS: exclude-subdomains.pinning.example.com serves a correct cert
+// - FAIL: exclude-subdomains.pinning.example.com serves an incorrect cert
+// (TODO: test using verifyCertNow)
+// - PASS: sub.exclude-subdomains.pinning.example.com serves an incorrect cert
+
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                  .getService(Ci.nsIX509CertDB);
+
+function add_clear_override(host) {
+  add_test(function() {
+    let certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                                .getService(Ci.nsICertOverrideService);
+    certOverrideService.clearValidityOverride(host, 8443);
+    run_next_test();
+  });
+}
+
+function test_strict() {
+  // In strict mode, we always evaluate pinning data, regardless of whether the
+  // issuer is a built-in trust anchor. We only enforce pins that are not in
+  // test mode.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // Check that using a FQDN doesn't bypass pinning.
+  add_connection_test("bad.include-subdomains.pinning.example.com.",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+  // For some reason this is also navigable (see bug 1118522).
+  add_connection_test("bad.include-subdomains.pinning.example.com..",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // These domains serve certs that match the pinset.
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, but it should pass because
+  // it's in test_mode.
+  add_connection_test("test-mode.pinning.example.com",
+                      PRErrorCodeSuccess);
+  // Similarly, this pin is in test-mode, so it should be overridable.
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_mitm() {
+  // In MITM mode, we allow pinning to pass if the chain resolves to any
+  // user-specified trust anchor, even if it is not in the pinset.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 1);
+    run_next_test();
+  });
+
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides (since building a trusted chain fails,
+  // we have no reason to believe this was issued by a user-added trust
+  // anchor, so we can't allow overrides for it).
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // In this case, even though otherCA is not in the pinset, it is a
+  // user-specified trust anchor and the pinning check succeeds.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_disabled() {
+  // Disable pinning.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 0);
+    run_next_test();
+  });
+
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("test-mode.pinning.example.com", PRErrorCodeSuccess);
+
+  add_cert_override_test("unknownissuer.include-subdomains.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+  add_cert_override_test("unknownissuer.test-mode.pinning.example.com",
+                         Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+                         SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function test_enforce_test_mode() {
+  // In enforce test mode, we always enforce all pins, even test pins.
+  add_test(function() {
+    Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 3);
+    run_next_test();
+  });
+
+  // Normally this is overridable. But, since we have pinning information for
+  // this host, we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.include-subdomains.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.include-subdomains.pinning.example.com");
+
+  // Issued by otherCA, which is not in the pinset for pinning.example.com.
+  add_connection_test("bad.include-subdomains.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+
+  // These domains serve certs that match the pinset.
+  add_connection_test("include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+  add_connection_test("exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain serves a cert that doesn't match the pinset, but subdomains
+  // are excluded.
+  add_connection_test("sub.exclude-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess);
+
+  // This domain's pinset is exactly the same as
+  // include-subdomains.pinning.example.com, serves the same cert as
+  // bad.include-subdomains.pinning.example.com, is in test-mode, but we are
+  // enforcing test mode pins.
+  add_connection_test("test-mode.pinning.example.com",
+                      MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE);
+  // Normally this is overridable. But, since we have pinning information for
+  // this host (and since we're enforcing test mode), we don't allow overrides.
+  add_prevented_cert_override_test(
+    "unknownissuer.test-mode.pinning.example.com",
+    Ci.nsICertOverrideService.ERROR_UNTRUSTED,
+    SEC_ERROR_UNKNOWN_ISSUER);
+  add_clear_override("unknownissuer.test-mode.pinning.example.com");
+}
+
+function check_pinning_telemetry() {
+  let service = Cc["@mozilla.org/base/telemetry;1"].getService(Ci.nsITelemetry);
+  let prod_histogram = service.getHistogramById("CERT_PINNING_RESULTS")
+                         .snapshot();
+  let test_histogram = service.getHistogramById("CERT_PINNING_TEST_RESULTS")
+                         .snapshot();
+  // Because all of our test domains are pinned to user-specified trust
+  // anchors, effectively only strict mode and enforce test-mode get evaluated
+  equal(prod_histogram.counts[0], 4,
+        "Actual and expected prod (non-Mozilla) failure count should match");
+  equal(prod_histogram.counts[1], 4,
+        "Actual and expected prod (non-Mozilla) success count should match");
+  equal(test_histogram.counts[0], 2,
+        "Actual and expected test (non-Mozilla) failure count should match");
+  equal(test_histogram.counts[1], 0,
+        "Actual and expected test (non-Mozilla) success count should match");
+
+  let moz_prod_histogram = service.getHistogramById("CERT_PINNING_MOZ_RESULTS")
+                             .snapshot();
+  let moz_test_histogram =
+    service.getHistogramById("CERT_PINNING_MOZ_TEST_RESULTS").snapshot();
+  equal(moz_prod_histogram.counts[0], 0,
+        "Actual and expected prod (Mozilla) failure count should match");
+  equal(moz_prod_histogram.counts[1], 0,
+        "Actual and expected prod (Mozilla) success count should match");
+  equal(moz_test_histogram.counts[0], 0,
+        "Actual and expected test (Mozilla) failure count should match");
+  equal(moz_test_histogram.counts[1], 0,
+        "Actual and expected test (Mozilla) success count should match");
+
+  let per_host_histogram =
+    service.getHistogramById("CERT_PINNING_MOZ_RESULTS_BY_HOST").snapshot();
+  equal(per_host_histogram.counts[0], 0,
+        "Actual and expected per host (Mozilla) failure count should match");
+  equal(per_host_histogram.counts[1], 2,
+        "Actual and expected per host (Mozilla) success count should match");
+  run_next_test();
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Add a user-specified trust anchor.
+  addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
+
+  test_strict();
+  test_mitm();
+  test_disabled();
+  test_enforce_test_mode();
+
+  add_test(function () {
+    check_pinning_telemetry();
+  });
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic.js b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
new file mode 100644
index 000000000..2c314b53a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic.js
@@ -0,0 +1,246 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+var gSSSStateSeen = false;
+var gPreloadStateSeen = false;
+
+var profileDir = do_get_profile();
+var certdb;
+
+function certFromFile(cert_name) {
+  return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
+}
+
+function loadCert(cert_name, trust_string) {
+  let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
+  addCertFromFile(certdb, cert_filename, trust_string);
+  return constructCertFromFile(cert_filename);
+}
+
+function checkOK(cert, hostname) {
+  return checkCertErrorGeneric(certdb, cert, PRErrorCodeSuccess,
+                               certificateUsageSSLServer, {}, hostname);
+}
+
+function checkFail(cert, hostname) {
+  return checkCertErrorGeneric(certdb, cert, MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE,
+                               certificateUsageSSLServer, {}, hostname);
+}
+
+const NON_ISSUED_KEY_HASH = "KHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+
+function run_test() {
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the SSS_STATE file shouldn't
+  // exist until we create it.
+  ok(!stateFile.exists(),
+     "State file should not exist when working with a clean slate");
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine(`a.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,0,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+  writeLine(`b.pinning2.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+
+  outputStream.close();
+
+  let preloadFile = profileDir.clone();
+  preloadFile.append(PRELOAD_STATE_FILE_NAME);
+  ok(!preloadFile.exists(),
+     "Preload file should not exist when working with a clean slate");
+
+  outputStream = FileUtils.openFileOutputStream(preloadFile);
+  writeLine(`a.preload.example.com:HPKP\t0\t0\t${now + 100000},1,1,${PINNING_ROOT_KEY_HASH}\n`, outputStream);
+  outputStream.close();
+
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null,
+           "SiteSecurityService should have initialized successfully using" +
+           " the generated state file");
+}
+
+function checkDefaultSiteHPKPStatus() {
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+     "a.pinning2.example.com should have HPKP status");
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "x.a.pinning2.example.com", 0),
+     "x.a.pinning2.example.com should not have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "b.pinning2.example.com", 0),
+     "b.pinning2.example.com should have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "x.b.pinning2.example.com", 0),
+     "x.b.pinning2.example.com should have HPKP status");
+}
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == SSS_STATE_FILE_NAME) {
+    gSSSStateSeen = true;
+  } else if (aData == PRELOAD_STATE_FILE_NAME) {
+    gPreloadStateSeen = true;
+  } else {
+    throw new Error("Observed data should either be the Site Security " +
+                    "Service state file name or the preload file name");
+  }
+
+  if (!gSSSStateSeen || !gPreloadStateSeen) {
+    return;
+  }
+
+  notEqual(gSSService, null, "SiteSecurityService should be initialized");
+
+  // Initializing the certificate DB will cause NSS-initialization, which in
+  // turn initializes the site security service. Since we're in part testing
+  // that the site security service correctly reads its state file, we have to
+  // make sure it doesn't start up before we've populated the file
+  certdb = Cc["@mozilla.org/security/x509certdb;1"]
+             .getService(Ci.nsIX509CertDB);
+
+  loadCert("pinningroot", "CTu,CTu,CTu");
+  loadCert("badca", "CTu,CTu,CTu");
+
+  // the written entry is for a.pinning2.example.com without subdomains
+  // and b.pinning2.example.com with subdomains
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+
+  // add includeSubdomains to a.pinning2.example.com
+  gSSService.setKeyPins("a.pinning2.example.com", true,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkFail(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "a.pinning2.example.com", 0),
+     "a.pinning2.example.com should still have HPKP status after adding" +
+     " includeSubdomains to a.pinning2.example.com");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "x.a.pinning2.example.com", 0),
+     "x.a.pinning2.example.com should now have HPKP status after adding" +
+     " includeSubdomains to a.pinning2.example.com");
+
+  // Now setpins without subdomains
+  gSSService.setKeyPins("a.pinning2.example.com", false,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH]);
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+  // failure to insert new pin entry leaves previous pin behavior
+  throws(() => {
+    gSSService.setKeyPins("a.pinning2.example.com", true,
+                          new Date().getTime() + 1000000, 1, ["not a hash"]);
+  }, /NS_ERROR_ILLEGAL_VALUE/, "Attempting to set an invalid pin should fail");
+  checkFail(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+
+  checkDefaultSiteHPKPStatus();
+
+  // Incorrect size results in failure
+  throws(() => {
+    gSSService.setKeyPins("a.pinning2.example.com", true,
+                          new Date().getTime() + 1000000, 2, ["not a hash"]);
+  }, /NS_ERROR_XPC_NOT_ENOUGH_ELEMENTS_IN_ARRAY/,
+     "Attempting to set a pin with an incorrect size should fail");
+
+  // Ensure built-in pins work as expected
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                              "nonexistent.example.com", 0),
+     "Not built-in nonexistent.example.com should not have HPKP status");
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                             "include-subdomains.pinning.example.com", 0),
+     "Built-in include-subdomains.pinning.example.com should have HPKP status");
+
+  gSSService.setKeyPins("a.pinning2.example.com", false, new Date().getTime(),
+                        1, [NON_ISSUED_KEY_HASH]);
+
+  // Check that a preload pin loaded from file works as expected
+  checkFail(certFromFile("a.preload.example.com-badca"), "a.preload.example.com");
+  checkOK(certFromFile("a.preload.example.com-pinningroot"), "a.preload.example.com");
+
+  // Check a dynamic addition works as expected
+  // first, it should succeed with the badCA - because there's no pin
+  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+  // then we add a pin, and we should get a failure (ensuring the expiry is
+  // after the test timeout)
+  gSSService.setKeyPins("b.preload.example.com", false,
+                        new Date().getTime() + 1000000, 2,
+                        [NON_ISSUED_KEY_HASH, PINNING_ROOT_KEY_HASH], true);
+  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  do_timeout(1250, checkExpiredState);
+}
+
+function checkExpiredState() {
+  checkOK(certFromFile('a.pinning2.example.com-badca'), "a.pinning2.example.com");
+  checkOK(certFromFile('a.pinning2.example.com-pinningroot'), "a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-badca'), "x.a.pinning2.example.com");
+  checkOK(certFromFile('x.a.pinning2.example.com-pinningroot'), "x.a.pinning2.example.com");
+
+  checkFail(certFromFile('b.pinning2.example.com-badca'), "b.pinning2.example.com");
+  checkOK(certFromFile('b.pinning2.example.com-pinningroot'), "b.pinning2.example.com");
+  checkFail(certFromFile('x.b.pinning2.example.com-badca'), "x.b.pinning2.example.com");
+  checkOK(certFromFile('x.b.pinning2.example.com-pinningroot'), "x.b.pinning2.example.com");
+  checkPreloadClear();
+}
+
+function checkPreloadClear() {
+  // Check that the preloaded pins still work after private data is cleared
+  gSSService.clearAll();
+  checkFail(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  // Check that the preloaded pins are cleared when we clear preloads
+  gSSService.clearPreloads();
+  checkOK(certFromFile('b.preload.example.com-badca'), "b.preload.example.com");
+
+  do_test_finished();
+}
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..102a3bbda
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcegAwIBAgIUXdB7LgBGZoRV1UmEFcsOhMigpB0wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD
+VR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+AAKhpX2t/Bz9//u1DYyLZ6dLSJt121Vb58s8gQvI/7n6MdUP1IniQLbtPW+7wnV0
+6LYagJQ11ZUJMxYUs6lB91yhwAO9NoN4QJWWB0i23DoZ6cg4dHmYKmQQ/HRndwm+
+EATkJSnBAk8O2xmIm8CXbJ0W0lvaXEjzRfeoiEjQ0/THeo4hXvGOMPm31d+r4ji5
+/u2+9jrpTII0kjCwFjqC97lPID14s9QRMqMB1CCV6fgT19EGYi9I7H6mnyukkmfX
+9wOhLHSk6A2l5+5eJrZYXLOhcS31VBd54sb1Vvg+Bp05HMYjo051JcRlvxoIUsHT
+JQDn8QrzwZBDBh4Pie3AwOM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..f365b8a18
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..2439b5775
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUPQgjdPeWdWy/0oKRi+5Lr7JJorMwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl
+MCMwIQYDVR0RBBowGIIWYS5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B
+AQsDggEBAFUlxnwpxOFbSxtsBthWu6xmDxeFAzP+u5YOfuKeiIGnAx70k8ODQufJ
+Vm1rXvKtN5r8jR6AZh/hdA+tGhnu4+pGi9/aqWnaF1FEs2mW0saUV8atQZwNGRBO
+E9FXdAHA8WmGIfRf8TOuWpmEWejjJt5Zsfs+V3ARIxjCrVE7ixyfJ/hYpmthLtYJ
+5vgp0iiPjzorKeFnqooLVAfzeayRX0bE5H79NISIWq4CN/9J50ZFkRORURlANU95
+2Dcuw416b3BGrWVmWlKWOpA6NZ+Rj+AI+z9UTDpqCczTfMXMabX4EveW1GKMMYiA
+eLD8SY4VQ4403eaCp6rxYFrCNOeDczs=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..aef72ce39
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem
new file mode 100644
index 000000000..2a157d8e6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUKUG7kBZ72CvuLQ0uPfjKHLkKDQAwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD
+VR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+tx5YO8uvYac92scnMEswv4ZIslou8UYV/2mtxA+MaXf/g+MizOKeZgTI1+b9hR48
+IDOgvrqPCbn1hKY6gb2gtRI1mC5dg9T8EYEXcC1TM+ncY/l4SZUjfMhzY2iOf62x
+jhDqMMt4V5uaHUxVmJQI82X5qpxH3yJ3WOC87iGZNfMB8MSbLM3lxor9OHeTlTHQ
+vPb/r7cLW+ikxirDGyBBvThkvDA/8qyN5Qp6Ae1BiPeEMoScNf3fChvNV6Jyb8g8
+e9q0LnTlTuVgaDWtg7PVOxeiI+wf3Jhv9uqXQLX8JHZDKebLbQEkNcbR4DK/8wsP
+uFhj0j8DY6+/YZbcF7Jgfw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec
new file mode 100644
index 000000000..c1cb36576
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:a.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem
new file mode 100644
index 000000000..5fa43f052
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIURV3mf9Dz42lALe31OAm2SYbpFaEwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk
+MCIwIAYDVR0RBBkwF4IVYS5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB
+CwOCAQEATOA0bbfg81JieQkTzr4oxBqPuFamtLSAsLpbKakikYQo2znMGNnHV7Xe
+uxMGMhCIPRsiJ6jj6ZTQJNqQRKzXWEiBgREsarmJxA53ITIcO2cK2rqyetNAAwzZ
+oViENmK3tLA5KT2VC9IGgMXdSE7IfXn+5yCdpKZ2ohwtkYHNkCbQIU+4KaCPa/dB
+yAelZZPE0mVHJLkd5HoOsFmjFOBQuOkn9/AAOmkgBZIk1Dp833ywn/mnwLZdVsdV
++TjqWKenDJXxhO2+aCCtZbUVxKMn0TACpAA+rhjS5vigCyIZh7V4rxki9UXaOfVq
+EVy4rFlRIYYtXV40HavDZoPgxuCHDw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..5c1865314
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/a.preload.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:a.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..cffb37c1f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3TCCAcegAwIBAgIUV89JsAhywp3graSGqjeSpMzd1B0wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMlMCMwIQYD
+VR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0BAQsDggEB
+ABevzhH9/hjTBgTtUk4ytZX0A7Tu0DR5F9ooFnlUwzupHFihO+9NzEoCSIvCy3L9
++i3LbkaiUWEHQItLjIg+aice13ZkuMp+DeZ+D/YR9ulxyY1QBYeZLQj/gSdkj/fK
+uDm0Izgt8OBsgP+KFX2c2cGZyOcXmFFAwSfkLz7p2qzrmuM7r5ploNpxeHBUIxUW
+jJzSFeQMfy5wflcKDBY+PDejzN9Ik4weRyERsckVgmZSJXuodb8xgYkNPvl/GOVJ
+o+eDw+E3uOsdBIDrsyb+bcQTG7nBkQoSqG8M0610h0OqFhksfv/0HcB/wfW8VdU+
++C4+tR2KfvqTCm3T6gzRWX8=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..5aa8aaa5e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..791f64b4c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAc2gAwIBAgIUVQNTrx+mRE96ggRLuZeFm+9uBdcwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMl
+MCMwIQYDVR0RBBowGIIWYi5waW5uaW5nMi5leGFtcGxlLmNvbTALBgkqhkiG9w0B
+AQsDggEBAHYCfQaolF6z4IicBDTEQQVfYi4A3BcCNLTdInQlal/DHNytNRufM5TB
+ccNpau5U9e10NBYWbMqRUBb/7wtYE4O7jhEWxjaHBOz5KTYLv8hjEc2wcHXfhlYM
+QKmxOnA7SguSNYBdfXywav//ssLmDnB06nc2vv5NaKvIWbUv3HvfM8oRAr+NICUs
+UMcIb+hjY+u/qrnOeFJxXzeqPYKMa7H+33baRgy7xnL95PxAwkz0XL8vcMFupTX5
+dL5HsSKku23C0BoE6pK39TVh758fQjCAnD+QRTH/o+dfE2sIFpRiyszdXGmh2IRR
+gMSy+gJbH+zh0D9ncL0Kev0PyEuBYR4=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..17f22dab5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem
new file mode 100644
index 000000000..4ef23a2c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3DCCAcagAwIBAgIUf2T4BVvxeCgWVp/FL3tCFNjuZYQwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMkMCIwIAYD
+VR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOCAQEA
+okmxK2NDRYWSAn6b1YZpLiZnoaNrM0HXHY6fkARY/9EiAApvNPxT663EKtTZn27a
+JtwXP2zzlYQDRc9cxa1zBX9Tp+0sn5aqokqzoVWx4VIe/emzi9FDf3lgaYewHLez
+RINv3kUZmqlw6tmMQxjd51UGyvNsi52+gcet1cPr5kBzGQv/q7iNs/lcetL3+KQF
+klJ3PfI4VjFwRRYNhScxiRczklPVDySvxSNw+csUxNRunFLXIi3+WqQzYhw7R8ga
+ASwozTfvVAUySOmDipCZZXAHFtlpBr6vAllfD9v8hAsrE7Bkivafr+i5HMD3DtJE
+4ZedqFCkTkqKvd0fMIbOIA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec
new file mode 100644
index 000000000..9901ead60
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:b.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem
new file mode 100644
index 000000000..c6ea38a12
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4jCCAcygAwIBAgIUI5rdRX/x0w0bDx6hQhc8ZhGLfqQwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMk
+MCIwIAYDVR0RBBkwF4IVYi5wcmVsb2FkLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEB
+CwOCAQEAg2VdHBLmFLJ03N9VT4uUrnpjuYY9bsvPJF2JCk9817nxBbeMf+Qn0C/o
+OeoQnZRqsaFbKZ80JXmh/j4RO6T/aaQUMpk+NXrdSPddy2B3eUByF/NJqipV3M2a
+CRNWUUVF+msjRWwbzJafju2nEZcD4d4cUkHHYAaRRxAHH3ylEvWmdv/brgfAPCPH
+WDVaCMc3OXgHkyrLAfkMKSYTNPJ7DJn/BXET5tCzqYGRUgRnME4ON2Mmp19lsdig
+dIFbm76wg6l5M+s9pqiYzODUxJXUOd6BkAR5pqB9WyIRVfBr5LGT72nv00LHVcSm
+hnsti9nAtFdJx4E1lJilrnQwu0q4Iw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..6f5807700
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/b.preload.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:b.preload.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem
new file mode 100644
index 000000000..9443a4c91
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICyzCCAbWgAwIBAgIUXQevdaeXMieCrG6ZqhI2yfACBq4wCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBAxDjAMBgNVBAMMBWJhZGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwXXGUmYJn3cIKmeR8bh2w39c5TiwbErNIrHL1G+mWtoq3UHIwkmK
+xKOzwfYUh/QbaYlBvYClHDwSAkTFhKTESDMF5ROMAQbPCL6ahidguuai6PNvI8XZ
+gxO53683g0XazlHU1tzSpss8xwbrzTBw7JjM5AqlkdcpWn9xxb5maR0rLf7ISURZ
+C8Wj6kn9k7HXU0BfF3N2mZWGZiVHl+1CaQiICBFCIGmYikP+5Izmh4HdIramnNKD
+dRMfkysSjOKG+n0lHAYq0n7wFvGHzdVOgys1uJMPdLqQqovHYWckKrH9bWIUDRjE
+wLjGj8N0hFcyStfehuZVLx0eGR1xIWjTuwIDAQABox0wGzAMBgNVHRMEBTADAQH/
+MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBAHitWfZzPxR/UWEKQgz9zzm2
+NXszG7nV82w8qfC9pq8mU3f7eqbHJ2HNFkZzttJsH9DNl30OK2Y5IVLUiZHckz2e
+OFUyxK0tBCCBYd79FiK4BgP/Ys/7LK+4UaDhbRQP//MGuofwjsrNxgPgtkNaeKtF
+EXKCuDrHoa4ua7afrkUWKzPZ6JbDOEjJIyuJ3ISI0Q20Oc3ERxGwG1SQ1EldgWBr
+0dJJWBHZtNpIVvSm1dRfjMYtSrBoUXwbn6kDrdk4T98OHnFP0V0KW4j4umLHK7Gi
+OSAwvWtir3fSJaLJClTCFe1XoNvJnQ53PJs0JR26mAixV2VuylStO2KlbYy7fOc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec
new file mode 100644
index 000000000..311bbb3f8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/badca.pem.certspec
@@ -0,0 +1,6 @@
+issuer:badca
+subject:badca
+issuerKey:alternate
+subjectKey:alternate
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
new file mode 100644
index 000000000..eb8b582f5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/moz.build
@@ -0,0 +1,26 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'badca.pem',
+#    'a.pinning2.example.com-badca.pem',
+#    'a.pinning2.example.com-pinningroot.pem',
+#    'a.preload.example.com-badca.pem',
+#    'a.preload.example.com-pinningroot.pem',
+#    'b.pinning2.example.com-badca.pem',
+#    'b.pinning2.example.com-pinningroot.pem',
+#    'b.preload.example.com-badca.pem',
+#    'b.preload.example.com-pinningroot.pem',
+#    'x.a.pinning2.example.com-badca.pem',
+#    'x.a.pinning2.example.com-pinningroot.pem',
+#    'x.b.pinning2.example.com-badca.pem',
+#    'x.b.pinning2.example.com-pinningroot.pem',
+#    'pinningroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem
new file mode 100644
index 000000000..9a041991a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1zCCAcGgAwIBAgIUMwSUmBShbg5sMNZSTiPd5Tb1udkwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1
+aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/we
+adA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSS
+pH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62W
+YVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauR
+CE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzAM
+BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjALBgkqhkiG9w0BAQsDggEBADNuQnKg
+y8zWnKlfBq/50UOtdSlvevg6u6tsUTvay2kVgB8BRTvm76aw4yOLgk84eHHkrX5c
+TqdutWh2JZarUWbO7JnPTdDE2CAkDh1smSe9L/XJENbgVXleg/VYLgnfnuSQCCnK
+WjjExcorX6IKDks1ZoBJ1HIvBzMRMWzIQgBL9B2Y1V05lgfn0bwZD+TjUJBmN1w0
+NTaPgrxE7FWZ2CTcowrYRKEEDAUX4cTFoce5YMwALCgW59KfVQfQdHaiCCcdNbfi
+qSQGZu+59JrrasmgK9VTahukYWcaQCz8HBCasdknGodLAzThuWMkjXU3D2IZYl15
+GfE5yrRFop/89xo=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec
new file mode 100644
index 000000000..86500e16b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:pinningroot
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..e4b6e72c0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUe11LKIzCrdnRTgrLsfuGMoOpL1QwCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD
+VR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC
+AQEAgdFC/SwBLRp6A+n3znR+sEuU8UvmbgbXp7pIFVh6cbC6lNF0nXk9ywPeIWyh
+B7TCn3YHj4uc/PbvzRj9Py0gQLXcimKpmLoxclV5g1uTAydgXPiPulv/kaL9NOME
+lm88pyQeDwfEkUz7VijabIzFRTEVRmOudb8mX4SuzjhxsdzSMjffpae335beJ4Im
+lxgJgMsuJdEoK0WyG5nlBhVdzrT/kwdiwULeVNV//UHid1YZy56G5Lo22Hgd4wT3
+1W3LXQelBdHhee7Hf7mg4rjCUPulFAr8qBLdywf1Hnu1o7rXUcn46PLwKLOWJPOM
+SKpiqRKqvzlrzLaHPejfT0IMrw==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..ad8636d43
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:x.a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..ed58de323
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUefEeE+Sj5fBSec+97B6UmZFQEncwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn
+MCUwIwYDVR0RBBwwGoIYeC5hLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAT2fxisiLJvVdFTba07a2Pc6UHBE+O0tOaLfMmHx/ET2FZdd9sLTL
+X2f+hQCmXEBQ7Au2eYTew8hTyXYGYFauMJNk+XHHUIaSOhmnYTccye4d6j5bXRCp
+7zA1qPlReCDLjp7o/34whkvngvdgdLYf60EkBO/NJfj+zsR1JTVfyVzIKXl6veLz
+0xKicBAq9vS0Yqq10japVYKKqAw6gDpbNkSAd3xsl4+EbMRq+BnMB4W2anw1gM/e
+hV11JQVA/MREtmUiTkvJFF6chHVCn5aL7JzVM2miZjZC8Ix59LUBoyO3SrxgrzZw
+xeYuwoDhzTCrcFxn8gdKNajbGHuW5ekQpg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..260f2184b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.a.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:x.a.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
new file mode 100644
index 000000000..dc24247e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC3zCCAcmgAwIBAgIUYcTc5Pz7KlQldGOO+KzbuBdf8TswCwYJKoZIhvcNAQEL
+MBAxDjAMBgNVBAMMBWJhZGNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUw
+MDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxKzSKxy9Rv
+plraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEGzwi+moYn
+YLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHXKVp/ccW+
+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBpmIpD/uSM
+5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6kKqLx2Fn
+JCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMnMCUwIwYD
+VR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3DQEBCwOC
+AQEAd6HusXqftFBpSUzivIY6icTZ95+wY+xIOsf1QOgyzZ/CDx4Tly+rgue2xSNT
+59FmnFvh8jW202K8TykamsAX20A8ArzubNoc/+soA752YEvrMmOgWjmH2arqTfqg
+zcfNdgUDESwnOoy123F+PkT3rRDXwINzCwftxhKbvmqhO6YENteqyWWmSZoMClsJ
+xtm+bmPN+m26k6zMMYWzIu2HIXI3CgqOmJltfyqea02Y58S1+XlajrcewPpC17xD
+r5a1sizecCFrmV0ssbK8wvEYo9Xs+PNj8Vhi1DUwGjtnjrYn/WQ6v/luMEEO7EMD
+b3BbEziS3Pqej2JyprUKqOjv1g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
new file mode 100644
index 000000000..592bdcc58
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-badca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:badca
+subject:test end-entity
+issuerKey:alternate
+subjectKey:alternate
+extension:subjectAlternativeName:x.b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
new file mode 100644
index 000000000..642135994
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC5TCCAc+gAwIBAgIUNXGolw8M2HU/gP4dOSMD2bdTQ+MwCwYJKoZIhvcNAQEL
+MBYxFDASBgNVBAMMC3Bpbm5pbmdyb290MCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAx
+ODAyMDUwMDAwMDBaMBoxGDAWBgNVBAMMD3Rlc3QgZW5kLWVudGl0eTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMF1xlJmCZ93CCpnkfG4dsN/XOU4sGxK
+zSKxy9RvplraKt1ByMJJisSjs8H2FIf0G2mJQb2ApRw8EgJExYSkxEgzBeUTjAEG
+zwi+moYnYLrmoujzbyPF2YMTud+vN4NF2s5R1Nbc0qbLPMcG680wcOyYzOQKpZHX
+KVp/ccW+ZmkdKy3+yElEWQvFo+pJ/ZOx11NAXxdzdpmVhmYlR5ftQmkIiAgRQiBp
+mIpD/uSM5oeB3SK2ppzSg3UTH5MrEozihvp9JRwGKtJ+8Bbxh83VToMrNbiTD3S6
+kKqLx2FnJCqx/W1iFA0YxMC4xo/DdIRXMkrX3obmVS8dHhkdcSFo07sCAwEAAaMn
+MCUwIwYDVR0RBBwwGoIYeC5iLnBpbm5pbmcyLmV4YW1wbGUuY29tMAsGCSqGSIb3
+DQEBCwOCAQEAevN1gW64H2kCjW5W4wbQFkJIITjcdEUsw+8GPzDuBDJCvgGirhOi
+ArBie8Bz+JlqzgNCXSe6pFVLoNfLosG5xksLwHljEit/7gFQ5twFazdg7dwPXs9Z
+MIV2iv3vHmKYTFTcjfw07UWy0rHHt6EH+zXqpZFtFkJHqSgngKxAHgQlvSKeyynM
+albu5YAX/hzJ7TyAVGxVN8uxnvYqPbLCy3wKf9ILFiDer6B9pE4Ii+dUyUbqVQFZ
+tY2ac1474nkcfj3uj5qbV0TTpd9EL9HMvixTnoUrT3bqkRX7orvL4gXpnJJyRjvC
+/LvTh/Vt1mYKkNLc/ruOj7WfUUC0SJIDzQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
new file mode 100644
index 000000000..7e6d33d50
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_dynamic/x.b.pinning2.example.com-pinningroot.pem.certspec
@@ -0,0 +1,4 @@
+issuer:pinningroot
+subject:test end-entity
+subjectKey:alternate
+extension:subjectAlternativeName:x.b.pinning2.example.com
diff --git a/security/manager/ssl/tests/unit/test_pinning_header_parsing.js b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
new file mode 100644
index 000000000..fb4b32353
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pinning_header_parsing.js
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to check that parsing of HPKP headers
+// is correct.
+
+var profileDir = do_get_profile();
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+                   .getService(Ci.nsISiteSecurityService);
+
+function certFromFile(cert_name) {
+  return constructCertFromFile("test_pinning_dynamic/" + cert_name + ".pem");
+}
+
+function loadCert(cert_name, trust_string) {
+  let cert_filename = "test_pinning_dynamic/" + cert_name + ".pem";
+  addCertFromFile(certdb, cert_filename, trust_string);
+  return constructCertFromFile(cert_filename);
+}
+
+function checkFailParseInvalidPin(pinValue) {
+  let sslStatus = new FakeSSLStatus(
+                        certFromFile('a.pinning2.example.com-pinningroot'));
+  let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+  throws(() => {
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             pinValue, sslStatus, 0);
+  }, /NS_ERROR_FAILURE/, `Invalid pin "${pinValue}" should be rejected`);
+}
+
+function checkPassValidPin(pinValue, settingPin, expectedMaxAge) {
+  let sslStatus = new FakeSSLStatus(
+                        certFromFile('a.pinning2.example.com-pinningroot'));
+  let uri = Services.io.newURI("https://a.pinning2.example.com", null, null);
+  let maxAge = {};
+
+  // setup preconditions for the test, if setting ensure there is no previous
+  // state, if removing ensure there is a valid pin in place.
+  if (settingPin) {
+    gSSService.removeState(Ci.nsISiteSecurityService.HEADER_HPKP, uri, 0);
+  } else {
+    // add a known valid pin!
+    let validPinValue = "max-age=5000;" + VALID_PIN1 + BACKUP_PIN1;
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             validPinValue, sslStatus, 0);
+  }
+  try {
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HPKP, uri,
+                             pinValue, sslStatus, 0, maxAge);
+    ok(true, "Valid pin should be accepted");
+  } catch (e) {
+    ok(false, "Valid pin should have been accepted");
+  }
+
+  // check that maxAge was processed correctly
+  if (settingPin && expectedMaxAge) {
+    ok(maxAge.value == expectedMaxAge, `max-age value should be ${expectedMaxAge}`);
+  }
+
+  // after processing ensure that the postconditions are true, if setting
+  // the host must be pinned, if removing the host must not be pinned
+  let hostIsPinned = gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HPKP,
+                                             "a.pinning2.example.com", 0);
+  if (settingPin) {
+    ok(hostIsPinned, "Host should be considered pinned");
+  } else {
+    ok(!hostIsPinned, "Host should not be considered pinned");
+  }
+}
+
+function checkPassSettingPin(pinValue, expectedMaxAge) {
+  return checkPassValidPin(pinValue, true, expectedMaxAge);
+}
+
+function checkPassRemovingPin(pinValue) {
+  return checkPassValidPin(pinValue, false);
+}
+
+const MAX_MAX_AGE_SECONDS = 100000;
+const GOOD_MAX_AGE_SECONDS = 69403;
+const LONG_MAX_AGE_SECONDS = 2 * MAX_MAX_AGE_SECONDS;
+const NON_ISSUED_KEY_HASH1 = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+const NON_ISSUED_KEY_HASH2 = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ=";
+const PINNING_ROOT_KEY_HASH = "VCIlmPM9NkgFQtrs4Oa5TeFcDu6MWRTKSNdePEhOgD8=";
+const MAX_AGE_ZERO = "max-age=0;";
+const VALID_PIN1 = `pin-sha256="${PINNING_ROOT_KEY_HASH}";`;
+const BACKUP_PIN1 = `pin-sha256="${NON_ISSUED_KEY_HASH1}";`;
+const BACKUP_PIN2 = `pin-sha256="${NON_ISSUED_KEY_HASH2}";`;
+const BROKEN_PIN1 = "pin-sha256=\"jdjsjsjs\";";
+const GOOD_MAX_AGE = `max-age=${GOOD_MAX_AGE_SECONDS};`;
+const LONG_MAX_AGE = `max-age=${LONG_MAX_AGE_SECONDS};`;
+const INCLUDE_SUBDOMAINS = "includeSubdomains;";
+const REPORT_URI = "report-uri=\"https://www.example.com/report/\";";
+const UNRECOGNIZED_DIRECTIVE = "unreconized-dir=12343;";
+
+function run_test() {
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+  Services.prefs.setIntPref("security.cert_pinning.max_max_age_seconds", MAX_MAX_AGE_SECONDS);
+  Services.prefs.setBoolPref("security.cert_pinning.process_headers_from_non_builtin_roots", true);
+
+  loadCert("pinningroot", "CTu,CTu,CTu");
+  loadCert("badca", "CTu,CTu,CTu");
+
+  checkFailParseInvalidPin("max-age=INVALID");
+  // check that incomplete headers are failure
+  checkFailParseInvalidPin(GOOD_MAX_AGE);
+  checkFailParseInvalidPin(VALID_PIN1);
+  checkFailParseInvalidPin(REPORT_URI);
+  checkFailParseInvalidPin(UNRECOGNIZED_DIRECTIVE);
+  checkFailParseInvalidPin(VALID_PIN1 + BACKUP_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BROKEN_PIN1);
+  // next ensure a backup pin is present
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + VALID_PIN1);
+  // next section ensure duplicate directives result in failure
+  checkFailParseInvalidPin(GOOD_MAX_AGE + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + INCLUDE_SUBDOMAINS + INCLUDE_SUBDOMAINS);
+  checkFailParseInvalidPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + REPORT_URI + REPORT_URI);
+  checkFailParseInvalidPin("thisisinvalidtest");
+  checkFailParseInvalidPin("invalid" + GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+
+  checkPassRemovingPin("max-age=0"); //test removal without terminating ';'
+  checkPassRemovingPin(MAX_AGE_ZERO);
+  checkPassRemovingPin(MAX_AGE_ZERO + VALID_PIN1);
+
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, GOOD_MAX_AGE_SECONDS);
+  checkPassSettingPin(LONG_MAX_AGE + VALID_PIN1 + BACKUP_PIN1, MAX_MAX_AGE_SECONDS);
+
+  checkPassRemovingPin(VALID_PIN1 + MAX_AGE_ZERO + VALID_PIN1);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN2 + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2 + REPORT_URI + INCLUDE_SUBDOMAINS);
+  checkPassSettingPin(INCLUDE_SUBDOMAINS + VALID_PIN1 + GOOD_MAX_AGE + BACKUP_PIN2);
+  checkPassSettingPin(GOOD_MAX_AGE + VALID_PIN1 + BACKUP_PIN1 + UNRECOGNIZED_DIRECTIVE);
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js
new file mode 100644
index 000000000..b0592906c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_insert_remove.js
@@ -0,0 +1,41 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test loads a testing PKCS #11 module that simulates a token being
+// inserted and removed from a slot every 50ms. This causes the observer
+// service to broadcast the observation topics "smartcard-insert" and
+// "smartcard-remove", respectively. This test ensures that one of each event
+// has been succssfully observed, and then it unloads the test module.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+const gExpectedTokenLabel = "Test PKCS11 Tokeñ Label";
+
+function SmartcardObserver(type) {
+  this.type = type;
+  do_test_pending();
+}
+
+SmartcardObserver.prototype = {
+  observe: function(subject, topic, data) {
+    equal(topic, this.type, "Observed and expected types should match");
+    equal(gExpectedTokenLabel, data,
+          "Expected and observed token labels should match");
+    Services.obs.removeObserver(this, this.type);
+    do_test_finished();
+  }
+};
+
+function run_test() {
+  Services.obs.addObserver(new SmartcardObserver("smartcard-insert"),
+                           "smartcard-insert", false);
+  Services.obs.addObserver(new SmartcardObserver("smartcard-remove"),
+                           "smartcard-remove", false);
+
+  loadPKCS11TestModule(false);
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_module.js b/security/manager/ssl/tests/unit/test_pkcs11_module.js
new file mode 100644
index 000000000..f00143187
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_module.js
@@ -0,0 +1,121 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 module and
+// the module database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+const gModuleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
+                    .getService(Ci.nsIPKCS11ModuleDB);
+
+function checkTestModuleNotPresent() {
+  let modules = gModuleDB.listModules();
+  ok(modules.hasMoreElements(),
+     "One or more modules should be present with test module not present");
+  while (modules.hasMoreElements()) {
+    let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module);
+    notEqual(module.name, "PKCS11 Test Module",
+             "Non-test module name shouldn't equal 'PKCS11 Test Module'");
+    ok(!(module.libName && module.libName.includes("pkcs11testmodule")),
+       "Non-test module lib name should not include 'pkcs11testmodule'");
+  }
+
+  throws(() => gModuleDB.findModuleByName("PKCS11 Test Module"),
+         /NS_ERROR_FAILURE/, "Test module should not be findable by name");
+}
+
+/**
+ * Checks that the test module exists in the module list.
+ * Also checks various attributes of the test module for correctness.
+ *
+ * @returns {nsIPKCS11Module}
+ *          The test module.
+ */
+function checkTestModuleExists() {
+  let modules = gModuleDB.listModules();
+  ok(modules.hasMoreElements(),
+     "One or more modules should be present with test module present");
+  let testModule = null;
+  while (modules.hasMoreElements()) {
+    let module = modules.getNext().QueryInterface(Ci.nsIPKCS11Module);
+    if (module.name == "PKCS11 Test Module") {
+      testModule = module;
+      break;
+    }
+  }
+  notEqual(testModule, null, "Test module should have been found");
+  notEqual(testModule.libName, null, "Test module lib name should not be null");
+  ok(testModule.libName.includes(ctypes.libraryName("pkcs11testmodule")),
+     "Test module lib name should include lib name of 'pkcs11testmodule'");
+
+  notEqual(gModuleDB.findModuleByName("PKCS11 Test Module"), null,
+           "Test module should be findable by name");
+
+  return testModule;
+}
+
+function run_test() {
+  // Check that if we have never added the test module, that we don't find it
+  // in the module list.
+  checkTestModuleNotPresent();
+
+  // Check that adding the test module makes it appear in the module list.
+  loadPKCS11TestModule(true);
+  let testModule = checkTestModuleExists();
+
+  // Check that listing the slots for the test module works.
+  let slots = testModule.listSlots();
+  let testModuleSlotNames = [];
+  while (slots.hasMoreElements()) {
+    let slot = slots.getNext().QueryInterface(Ci.nsIPKCS11Slot);
+    testModuleSlotNames.push(slot.name);
+  }
+  testModuleSlotNames.sort();
+  const expectedSlotNames = ["Test PKCS11 Slot", "Test PKCS11 Slot 二"];
+  deepEqual(testModuleSlotNames, expectedSlotNames,
+            "Actual and expected slot names should be equal");
+
+  // Check that finding the test slot by name is possible, and that trying to
+  // find a non-present slot fails.
+  notEqual(testModule.findSlotByName("Test PKCS11 Slot"), null,
+           "Test slot should be findable by name");
+  throws(() => testModule.findSlotByName("Not Present"), /NS_ERROR_FAILURE/,
+         "Non-present slot should not be findable by name");
+
+  // Check that the strangely named nsIPKCS11ModuleDB.findSlotByName() works.
+  // In particular, a comment in nsPKCS11Slot.cpp notes that the method
+  // "is essentially the same as nsIPK11Token::findTokenByName, except that it
+  //  returns an nsIPKCS11Slot".
+  let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+                       .getService(Ci.nsIStringBundleService);
+  let bundle =
+    strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
+  let internalTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  let internalTokenAsSlot = gModuleDB.findSlotByName(internalTokenName);
+  notEqual(internalTokenAsSlot, null,
+           "Internal 'slot' should be findable by name via the module DB");
+  ok(internalTokenAsSlot instanceof Ci.nsIPKCS11Slot,
+     "Module DB findSlotByName() should return a token as an nsIPKCS11Slot");
+  equal(internalTokenAsSlot.name,
+        bundle.GetStringFromName("PrivateSlotDescription"),
+        "Spot check: actual and expected internal 'slot' names should be equal");
+  throws(() => gModuleDB.findSlotByName("Not Present"), /NS_ERROR_FAILURE/,
+         "Non-present 'slot' should not be findable by name via the module DB");
+
+  // Check that deleting the test module makes it disappear from the module list.
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  pkcs11.deleteModule("PKCS11 Test Module");
+  checkTestModuleNotPresent();
+
+  // Check miscellaneous module DB methods and attributes.
+  notEqual(gModuleDB.getInternal(), null,
+           "The internal module should be present");
+  notEqual(gModuleDB.getInternalFIPS(), null,
+           "The internal FIPS module should be present");
+  ok(gModuleDB.canToggleFIPS, "It should be possible to toggle FIPS");
+  ok(!gModuleDB.isFIPSEnabled, "FIPS should not be enabled");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
new file mode 100644
index 000000000..f31d1d494
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_no_events_after_removal.js
@@ -0,0 +1,29 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// This test loads a testing PKCS #11 module that simulates a token being
+// inserted and removed from a slot every 50ms. This causes the observer
+// service to broadcast the observation topics "smartcard-insert" and
+// "smartcard-remove", respectively. This test ensures that these events
+// are no longer emitted once the module has been unloaded.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+function run_test() {
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  loadPKCS11TestModule(true);
+  pkcs11.deleteModule("PKCS11 Test Module");
+  Services.obs.addObserver(function() {
+    ok(false, "smartcard-insert event should not have been emitted");
+  }, "smartcard-insert", false);
+  Services.obs.addObserver(function() {
+    ok(false, "smartcard-remove event should not have been emitted");
+  }, "smartcard-remove", false);
+  do_timeout(500, do_test_finished);
+  do_test_pending();
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
new file mode 100644
index 000000000..d64d194e4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_safe_mode.js
@@ -0,0 +1,49 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// In safe mode, PKCS#11 modules should not be loaded. This test tests this by
+// simulating starting in safe mode and then attempting to load a module.
+
+function run_test() {
+  do_get_profile();
+
+  // Simulate starting in safe mode.
+  let xulRuntime = {
+    inSafeMode: true,
+    logConsoleErrors: true,
+    OS: "XPCShell",
+    XPCOMABI: "noarch-spidermonkey",
+    invalidateCachesOnRestart: function invalidateCachesOnRestart() {
+      // Do nothing
+    },
+    QueryInterface: XPCOMUtils.generateQI([Ci.nsIXULRuntime])
+  };
+
+  let xulRuntimeFactory = {
+    createInstance: function (outer, iid) {
+      if (outer != null) {
+        throw new Error(Cr.NS_ERROR_NO_AGGREGATION);
+      }
+      return xulRuntime.QueryInterface(iid);
+    }
+  };
+
+  let registrar = Components.manager.QueryInterface(Ci.nsIComponentRegistrar);
+  const XULRUNTIME_CONTRACTID = "@mozilla.org/xre/runtime;1";
+  const XULRUNTIME_CID = Components.ID("{f0f0b230-5525-4127-98dc-7bca39059e70}");
+  registrar.registerFactory(XULRUNTIME_CID, "XULRuntime", XULRUNTIME_CONTRACTID,
+                            xulRuntimeFactory);
+
+  // When starting in safe mode, the test module should fail to load.
+  let pkcs11 = Cc["@mozilla.org/security/pkcs11;1"].getService(Ci.nsIPKCS11);
+  let libraryName = ctypes.libraryName("pkcs11testmodule");
+  let libraryFile = Services.dirsvc.get("CurWorkD", Ci.nsILocalFile);
+  libraryFile.append("pkcs11testmodule");
+  libraryFile.append(libraryName);
+  ok(libraryFile.exists(), "The pkcs11testmodule file should exist");
+  throws(() => pkcs11.addModule("PKCS11 Test Module", libraryFile.path, 0, 0),
+         /NS_ERROR_FAILURE/, "addModule should throw when in safe mode");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_slot.js b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
new file mode 100644
index 000000000..8aebf0439
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_slot.js
@@ -0,0 +1,38 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 slot.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  loadPKCS11TestModule(false);
+
+  let moduleDB = Cc["@mozilla.org/security/pkcs11moduledb;1"]
+                   .getService(Ci.nsIPKCS11ModuleDB);
+  let testModule = moduleDB.findModuleByName("PKCS11 Test Module");
+  let testSlot = testModule.findSlotByName("Test PKCS11 Slot 二");
+
+  equal(testSlot.name, "Test PKCS11 Slot 二",
+        "Actual and expected name should match");
+  equal(testSlot.desc, "Test PKCS11 Slot 二",
+        "Actual and expected description should match");
+  equal(testSlot.manID, "Test PKCS11 Manufacturer ID",
+        "Actual and expected manufacturer ID should match");
+  equal(testSlot.HWVersion, "0.0",
+        "Actual and expected hardware version should match");
+  equal(testSlot.FWVersion, "0.0",
+        "Actual and expected firmware version should match");
+  equal(testSlot.status, Ci.nsIPKCS11Slot.SLOT_READY,
+        "Actual and expected status should match");
+  equal(testSlot.tokenName, "Test PKCS11 Tokeñ 2 Label",
+        "Actual and expected token name should match");
+
+  let testToken = testSlot.getToken();
+  notEqual(testToken, null, "getToken() should succeed");
+  equal(testToken.tokenLabel, "Test PKCS11 Tokeñ 2 Label",
+        "Spot check: the actual and expected test token labels should be equal");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_token.js b/security/manager/ssl/tests/unit/test_pkcs11_token.js
new file mode 100644
index 000000000..69b2cb384
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_token.js
@@ -0,0 +1,119 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods and attributes for interfacing with a PKCS #11 token, using
+// the internal key token.
+// We don't use either of the test tokens in the test PKCS #11 module because:
+//   1. Test token 1 cyclically inserts and removes itself in a tight loop.
+//      Using token 1 would complicate the test and introduce intermittent
+//      failures.
+//   2. Neither test token implements login or password related functionality.
+//      We want to test such functionality.
+//   3. Using the internal token lets us actually test the internal token works
+//      as expected.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function checkBasicAttributes(token) {
+  let strBundleSvc = Cc["@mozilla.org/intl/stringbundle;1"]
+                       .getService(Ci.nsIStringBundleService);
+  let bundle =
+    strBundleSvc.createBundle("chrome://pipnss/locale/pipnss.properties");
+
+  let expectedTokenName = bundle.GetStringFromName("PrivateTokenDescription");
+  equal(token.tokenName, expectedTokenName,
+        "Actual and expected name should match");
+  equal(token.tokenLabel, expectedTokenName,
+        "Actual and expected label should match");
+  equal(token.tokenManID, bundle.GetStringFromName("ManufacturerID"),
+        "Actual and expected manufacturer ID should match");
+  equal(token.tokenHWVersion, "0.0",
+        "Actual and expected hardware version should match");
+  equal(token.tokenFWVersion, "0.0",
+        "Actual and expected firmware version should match");
+  equal(token.tokenSerialNumber, "0000000000000000",
+        "Actual and expected serial number should match");
+}
+
+/**
+ * Checks the various password related features of the given token.
+ * The token should already have been init with a password and be logged into.
+ * The password of the token will be reset after calling this function.
+ *
+ * @param {nsIPK11Token} token
+ *        The token to test.
+ * @param {String} initialPW
+ *        The password that the token should have been init with.
+ */
+function checkPasswordFeaturesAndResetPassword(token, initialPW) {
+  ok(!token.needsUserInit,
+     "Token should not need user init after setting a password");
+
+  equal(token.minimumPasswordLength, 0,
+        "Actual and expected min password length should match");
+
+  token.setAskPasswordDefaults(10, 20);
+  equal(token.getAskPasswordTimes(), 10,
+        "Actual and expected ask password times should match");
+  equal(token.getAskPasswordTimeout(), 20,
+        "Actual and expected ask password timeout should match");
+
+  ok(token.checkPassword(initialPW),
+     "checkPassword() should succeed if the correct initial password is given");
+  token.changePassword(initialPW, "newPW ÿ 一二三");
+  ok(token.checkPassword("newPW ÿ 一二三"),
+     "checkPassword() should succeed if the correct new password is given");
+
+  ok(!token.checkPassword("wrongPW"),
+     "checkPassword() should fail if an incorrect password is given");
+  ok(!token.isLoggedIn(),
+     "Token should be logged out after an incorrect password was given");
+  ok(!token.needsUserInit,
+     "Token should still be init with a password even if an incorrect " +
+     "password was given");
+
+  token.reset();
+  ok(token.needsUserInit,
+     "Token should need password init after reset");
+  ok(!token.isLoggedIn(), "Token should be logged out of after reset");
+}
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+  let token = tokenDB.getInternalKeyToken();
+  notEqual(token, null, "The internal token should be present");
+
+  checkBasicAttributes(token);
+
+  ok(!token.isLoggedIn(), "Token should not be logged into yet");
+  // Test that attempting to log out even when the token was not logged into
+  // does not result in an error.
+  token.logoutSimple();
+  ok(!token.isLoggedIn(), "Token should still not be logged into");
+
+  let initialPW = "foo 1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/? 一二三";
+  token.initPassword(initialPW);
+  token.login(/*force*/ false);
+  ok(token.isLoggedIn(), "Token should now be logged into");
+
+  checkPasswordFeaturesAndResetPassword(token, initialPW);
+
+  // We reset the password previously, so we need to initialize again.
+  token.initPassword("arbitrary");
+  ok(token.isLoggedIn(),
+     "Token should be logged into after initializing password again");
+  token.logoutSimple();
+  ok(!token.isLoggedIn(),
+     "Token should be logged out after calling logoutSimple()");
+
+  ok(!token.isHardwareToken(),
+     "The internal token should not be considered a hardware token");
+  ok(token.isFriendly(),
+     "The internal token should always be considered friendly");
+  ok(token.needsLogin(),
+     "The internal token should always need authentication");
+}
diff --git a/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
new file mode 100644
index 000000000..ac382ab82
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
@@ -0,0 +1,45 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests the methods for interfacing with the PKCS #11 token database.
+
+// Ensure that the appropriate initialization has happened.
+do_get_profile();
+
+function run_test() {
+  let tokenDB = Cc["@mozilla.org/security/pk11tokendb;1"]
+                  .getService(Ci.nsIPK11TokenDB);
+
+  let tokenListPreLoad = tokenDB.listTokens();
+  while (tokenListPreLoad.hasMoreElements()) {
+    let token = tokenListPreLoad.getNext().QueryInterface(Ci.nsIPK11Token);
+    notEqual(token.tokenLabel, "Test PKCS11 Tokeñ Label",
+             "Test PKCS11 Token 1 should not be listed prior to module load");
+    notEqual(token.tokenLabel, "Test PKCS11 Tokeñ 2 Label",
+             "Test PKCS11 Token 2 should not be listed prior to module load");
+  }
+
+  throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ Label"),
+         /NS_ERROR_FAILURE/,
+         "Non-present test token 1 should not be findable by name");
+  throws(() => tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"),
+         /NS_ERROR_FAILURE/,
+         "Non-present test token 2 should not be findable by name");
+
+  loadPKCS11TestModule(false);
+
+  // Test Token 1 is simulated to insert and remove itself in a tight loop, so
+  // we don't bother testing that it's present.
+  let tokenListPostLoad = tokenDB.listTokens();
+  let foundTokenNames = [];
+  while (tokenListPostLoad.hasMoreElements()) {
+    let token = tokenListPostLoad.getNext().QueryInterface(Ci.nsIPK11Token);
+    foundTokenNames.push(token.tokenName);
+  }
+  ok(foundTokenNames.includes("Test PKCS11 Tokeñ 2 Label"),
+     "Test PKCS11 Token 2 should be listed after module load");
+
+  notEqual(tokenDB.findTokenByName("Test PKCS11 Tokeñ 2 Label"), null,
+           "Test token 2 should be findable by name after loading test module");
+}
diff --git a/security/manager/ssl/tests/unit/test_sdr.js b/security/manager/ssl/tests/unit/test_sdr.js
new file mode 100644
index 000000000..3258ec901
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sdr.js
@@ -0,0 +1,87 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests various aspects of the nsISecretDecoderRing implementation.
+
+do_get_profile();
+
+let gSetPasswordShownCount = 0;
+
+// Mock implementation of nsITokenPasswordDialogs.
+const gTokenPasswordDialogs = {
+  setPassword: (ctx, tokenName, canceled) => {
+    gSetPasswordShownCount++;
+    do_print(`setPassword() called; shown ${gSetPasswordShownCount} times`);
+    do_print(`tokenName: ${tokenName}`);
+    canceled.value = false;
+  },
+
+  QueryInterface: XPCOMUtils.generateQI([Ci.nsITokenPasswordDialogs])
+};
+
+function run_test() {
+  // We have to set a password and login before we attempt to encrypt anything.
+  // In particular, failing to do so will cause the Encrypt() implementation to
+  // pop up a dialog asking for a password to be set. This won't work in the
+  // xpcshell environment and will lead to an assertion.
+  loginToDBWithDefaultPassword();
+
+  let sdr = Cc["@mozilla.org/security/sdr;1"]
+              .getService(Ci.nsISecretDecoderRing);
+
+  // Test valid inputs for encryptString() and decryptString().
+  let inputs = [
+    "",
+    " ", // First printable latin1 character (code point 32).
+    "foo",
+    "1234567890`~!@#$%^&*()-_=+{[}]|\\:;'\",<.>/?",
+    "¡äöüÿ", // Misc + last printable latin1 character (code point 255).
+    "aaa 一二三", // Includes Unicode with code points outside [0, 255].
+  ];
+  for (let input of inputs) {
+    let converter = Cc["@mozilla.org/intl/scriptableunicodeconverter"]
+                      .createInstance(Ci.nsIScriptableUnicodeConverter);
+    converter.charset = "UTF-8";
+
+    let convertedInput = converter.ConvertFromUnicode(input);
+    convertedInput += converter.Finish();
+
+    let encrypted = sdr.encryptString(convertedInput);
+
+    notEqual(convertedInput, encrypted,
+             "Encrypted input should not just be the input itself");
+
+    try {
+      atob(encrypted);
+    } catch (e) {
+      ok(false, `encryptString() should have returned Base64: ${e}`);
+    }
+
+    equal(convertedInput, sdr.decryptString(encrypted),
+          "decryptString(encryptString(input)) should return input");
+  }
+
+  // Test invalid inputs for decryptString().
+  throws(() => sdr.decryptString("*"), /NS_ERROR_ILLEGAL_VALUE/,
+         "decryptString() should throw if given non-Base64 input");
+
+  // Test calling changePassword() pops up the appropriate dialog.
+  // Note: On Android, nsITokenPasswordDialogs is apparently not implemented,
+  //       which also seems to prevent us from mocking out the interface.
+  if (AppConstants.platform != "android") {
+    let tokenPasswordDialogsCID =
+      MockRegistrar.register("@mozilla.org/nsTokenPasswordDialogs;1",
+                             gTokenPasswordDialogs);
+    do_register_cleanup(() => {
+      MockRegistrar.unregister(tokenPasswordDialogsCID);
+    });
+
+    equal(gSetPasswordShownCount, 0,
+          "changePassword() dialog should have been shown zero times");
+    sdr.changePassword();
+    equal(gSetPasswordShownCount, 1,
+          "changePassword() dialog should have been shown exactly once");
+  }
+}
diff --git a/security/manager/ssl/tests/unit/test_session_resumption.js b/security/manager/ssl/tests/unit/test_session_resumption.js
new file mode 100644
index 000000000..eea6b5f54
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_session_resumption.js
@@ -0,0 +1,159 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that PSM makes the correct determination of the security status of
+// loads involving session resumption (i.e. when a TLS handshake bypasses the
+// AuthCertificate callback).
+
+do_get_profile();
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+do_register_cleanup(() => {
+  Services.prefs.clearUserPref("security.OCSP.enabled");
+});
+
+Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+addCertFromFile(certdb, "bad_certs/evroot.pem", "CTu,,");
+addCertFromFile(certdb, "bad_certs/ev-test-intermediate.pem", ",,");
+
+// For expired.example.com, the platform will make a connection that will fail.
+// Using information gathered at that point, an override will be added and
+// another connection will be made. This connection will succeed. At that point,
+// as long as the session cache isn't cleared, subsequent new connections should
+// use session resumption, thereby bypassing the AuthCertificate hook. We need
+// to ensure that the correct security state is propagated to the new connection
+// information object.
+function add_resume_non_ev_with_override_test() {
+  // This adds the override and makes one successful connection.
+  add_cert_override_test("expired.example.com",
+                         Ci.nsICertOverrideService.ERROR_TIME,
+                         SEC_ERROR_EXPIRED_CERTIFICATE);
+
+  // This connects again, using session resumption. Note that we don't clear
+  // the TLS session cache between these operations (that would defeat the
+  // purpose).
+  add_connection_test("expired.example.com", PRErrorCodeSuccess, null,
+    (transportSecurityInfo) => {
+      ok(transportSecurityInfo.securityState &
+         Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN,
+         "expired.example.com should have STATE_CERT_USER_OVERRIDDEN flag");
+      let sslStatus = transportSecurityInfo
+                        .QueryInterface(Ci.nsISSLStatusProvider)
+                        .SSLStatus;
+      ok(!sslStatus.isDomainMismatch,
+         "expired.example.com should not have isDomainMismatch set");
+      ok(sslStatus.isNotValidAtThisTime,
+         "expired.example.com should have isNotValidAtThisTime set");
+      ok(!sslStatus.isUntrusted,
+         "expired.example.com should not have isUntrusted set");
+      ok(!sslStatus.isExtendedValidation,
+         "expired.example.com should not have isExtendedValidation set");
+    }
+  );
+}
+
+// Helper function that adds a test that connects to ev-test.example.com and
+// verifies that it validates as EV (or not, if we're running a non-debug
+// build). This assumes that an appropriate OCSP responder is running or that
+// good responses are cached.
+function add_one_ev_test() {
+  add_connection_test("ev-test.example.com", PRErrorCodeSuccess, null,
+    (transportSecurityInfo) => {
+      ok(!(transportSecurityInfo.securityState &
+           Ci.nsIWebProgressListener.STATE_CERT_USER_OVERRIDDEN),
+         "ev-test.example.com should not have STATE_CERT_USER_OVERRIDDEN flag");
+      let sslStatus = transportSecurityInfo
+                        .QueryInterface(Ci.nsISSLStatusProvider)
+                        .SSLStatus;
+      ok(!sslStatus.isDomainMismatch,
+         "ev-test.example.com should not have isDomainMismatch set");
+      ok(!sslStatus.isNotValidAtThisTime,
+         "ev-test.example.com should not have isNotValidAtThisTime set");
+      ok(!sslStatus.isUntrusted,
+         "ev-test.example.com should not have isUntrusted set");
+      ok(!gEVExpected || sslStatus.isExtendedValidation,
+         "ev-test.example.com should have isExtendedValidation set " +
+         "(or this is a non-debug build)");
+    }
+  );
+}
+
+// This test is similar, except with extended validation. We should connect
+// successfully, and the certificate should be EV in debug builds. Without
+// clearing the session cache, we should connect successfully again, this time
+// with session resumption. The certificate should again be EV in debug builds.
+function add_resume_ev_test() {
+  const SERVER_PORT = 8888;
+  let expectedRequestPaths = gEVExpected ? [ "ev-test-intermediate", "ev-test" ]
+                                         : [ "ev-test" ];
+  let responseTypes = gEVExpected ? [ "good", "good" ] : [ "good" ];
+  // Since we cache OCSP responses, we only ever actually serve one set.
+  let ocspResponder = startOCSPResponder(SERVER_PORT, "localhost", "bad_certs",
+                                         expectedRequestPaths,
+                                         expectedRequestPaths.slice(),
+                                         null, responseTypes);
+  // We should be able to connect and verify the certificate as EV (in debug
+  // builds).
+  add_one_ev_test();
+  // We should be able to connect again (using session resumption). In debug
+  // builds, the certificate should be noted as EV. Again, it's important that
+  // nothing clears the TLS cache in between these two operations.
+  add_one_ev_test();
+
+  add_test(() => {
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+const statsPtr = getSSLStatistics();
+const toInt32 = ctypes.Int64.lo;
+const GOOD_DOMAIN = "good.include-subdomains.pinning.example.com";
+
+// Connect to the same domain with two origin attributes and check if any ssl
+// session is resumed.
+function add_origin_attributes_test(originAttributes1, originAttributes2,
+                                    resumeExpected) {
+  add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess, clearSessionCache, null,
+                      null, originAttributes1);
+
+  let hitsBeforeConnect;
+  let missesBeforeConnect;
+  let expectedHits = resumeExpected ? 1 : 0;
+  let expectedMisses = 1 - expectedHits;
+
+  add_connection_test(GOOD_DOMAIN, PRErrorCodeSuccess,
+                      function() {
+                        // Add the hits and misses before connection.
+                        let stats = statsPtr.contents;
+                        hitsBeforeConnect = toInt32(stats.sch_sid_cache_hits);
+                        missesBeforeConnect =
+                          toInt32(stats.sch_sid_cache_misses);
+                      },
+                      function() {
+                        let stats = statsPtr.contents;
+                        equal(toInt32(stats.sch_sid_cache_hits),
+                              hitsBeforeConnect + expectedHits,
+                              "Unexpected cache hits");
+                        equal(toInt32(stats.sch_sid_cache_misses),
+                              missesBeforeConnect + expectedMisses,
+                              "Unexpected cache misses");
+                      }, null, originAttributes2);
+}
+
+function run_test() {
+  add_tls_server_setup("BadCertServer", "bad_certs");
+  add_resume_non_ev_with_override_test();
+  add_resume_ev_test();
+  add_origin_attributes_test({}, {}, true);
+  add_origin_attributes_test({ userContextId: 1 }, { userContextId: 2 }, false);
+  add_origin_attributes_test({ userContextId: 3 }, { userContextId: 3 }, true);
+  add_origin_attributes_test({ firstPartyDomain: "foo.com" },
+                             { firstPartyDomain: "bar.com" }, false);
+  add_origin_attributes_test({ firstPartyDomain: "baz.com" },
+                             { firstPartyDomain: "baz.com" }, true);
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
new file mode 100644
index 000000000..9f2af752d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps-marketplace.js
@@ -0,0 +1,42 @@
+"use strict";
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+
+function run_test() {
+  run_next_test();
+}
+
+function check_open_result(name, expectedRv) {
+  return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+    do_print("openSignedAppFileCallback called for " + name);
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
+    run_next_test();
+  };
+}
+
+function original_app_path(test_name) {
+  return do_get_file("test_signed_apps/" + test_name + ".zip", false);
+}
+
+// Test that we no longer trust the test root cert that was originally used
+// during development of B2G 1.0.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
+    original_app_path("test-privileged-app-test-1.0"),
+    check_open_result("test-privileged-app-test-1.0",
+                      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
+});
+
+// Test that we trust the root cert used by by the Firefox Marketplace.
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppMarketplaceProdPublicRoot,
+    original_app_path("privileged-app-test-1.0"),
+    check_open_result("privileged-app-test-1.0", Cr.NS_OK));
+});
diff --git a/security/manager/ssl/tests/unit/test_signed_apps.js b/security/manager/ssl/tests/unit/test_signed_apps.js
new file mode 100644
index 000000000..819ea767a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps.js
@@ -0,0 +1,233 @@
+"use strict";
+/* To regenerate the certificates and apps for this test:
+
+        cd security/manager/ssl/tests/unit/test_signed_apps
+        PATH=$NSS/bin:$NSS/lib:$PATH ./generate.sh
+        cd ../../../../../..
+        make -C $OBJDIR/security/manager/ssl/tests
+
+   $NSS is the path to NSS binaries and libraries built for the host platform.
+   If you get error messages about "CertUtil" on Windows, then it means that
+   the Windows CertUtil.exe is ahead of the NSS certutil.exe in $PATH.
+
+   Check in the generated files. These steps are not done as part of the build
+   because we do not want to add a build-time dependency on the OpenSSL or NSS
+   tools or libraries built for the host platform.
+*/
+
+// XXX from prio.h
+const PR_RDWR        = 0x04;
+const PR_CREATE_FILE = 0x08;
+const PR_TRUNCATE    = 0x20;
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
+
+// Creates a new app package based in the inFilePath package, with a set of
+// modifications (including possibly deletions) applied to the existing entries,
+// and/or a set of new entries to be included.
+function tamper(inFilePath, outFilePath, modifications, newEntries) {
+  let writer = Cc["@mozilla.org/zipwriter;1"].createInstance(Ci.nsIZipWriter);
+  writer.open(outFilePath, PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE);
+  try {
+    let reader = Cc["@mozilla.org/libjar/zip-reader;1"]
+                   .createInstance(Ci.nsIZipReader);
+    reader.open(inFilePath);
+    try {
+      let entries = reader.findEntries("");
+      while (entries.hasMore()) {
+        let entryName = entries.getNext();
+        let inEntry = reader.getEntry(entryName);
+        let entryInput = reader.getInputStream(entryName);
+        try {
+          let f = modifications[entryName];
+          let outEntry, outEntryInput;
+          if (f) {
+            [outEntry, outEntryInput] = f(inEntry, entryInput);
+            delete modifications[entryName];
+          } else {
+            [outEntry, outEntryInput] = [inEntry, entryInput];
+          }
+          // if f does not want the input entry to be copied to the output entry
+          // at all (i.e. it wants it to be deleted), it will return null.
+          if (outEntryInput) {
+            try {
+              writer.addEntryStream(entryName,
+                                    outEntry.lastModifiedTime,
+                                    outEntry.compression,
+                                    outEntryInput,
+                                    false);
+            } finally {
+              if (entryInput != outEntryInput) {
+                outEntryInput.close();
+              }
+            }
+          }
+        } finally {
+          entryInput.close();
+        }
+      }
+    } finally {
+      reader.close();
+    }
+
+    // Any leftover modification means that we were expecting to modify an entry
+    // in the input file that wasn't there.
+    for (let name in modifications) {
+      if (modifications.hasOwnProperty(name)) {
+        throw new Error("input file was missing expected entries: " + name);
+      }
+    }
+
+    // Now, append any new entries to the end
+    newEntries.forEach(function(newEntry) {
+      let sis = Cc["@mozilla.org/io/string-input-stream;1"]
+                  .createInstance(Ci.nsIStringInputStream);
+      try {
+        sis.setData(newEntry.content, newEntry.content.length);
+        writer.addEntryStream(newEntry.name,
+                              new Date(),
+                              Ci.nsIZipWriter.COMPRESSION_BEST,
+                              sis,
+                              false);
+      } finally {
+        sis.close();
+      }
+    });
+  } finally {
+    writer.close();
+  }
+}
+
+function removeEntry(entry, entryInput) { return [null, null]; }
+
+function truncateEntry(entry, entryInput) {
+  if (entryInput.available() == 0) {
+    throw new Error("Truncating already-zero length entry will result in " +
+                    "identical entry.");
+  }
+
+  let content = Cc["@mozilla.org/io/string-input-stream;1"]
+                  .createInstance(Ci.nsIStringInputStream);
+  content.data = "";
+
+  return [entry, content];
+}
+
+function run_test() {
+  run_next_test();
+}
+
+function check_open_result(name, expectedRv) {
+  return function openSignedAppFileCallback(rv, aZipReader, aSignerCert) {
+    do_print("openSignedAppFileCallback called for " + name);
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aZipReader != null, Components.isSuccessCode(expectedRv),
+          "ZIP reader should be null only if the return value denotes failure");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "Signer cert should be null only if the return value denotes failure");
+    run_next_test();
+  };
+}
+
+function original_app_path(test_name) {
+  return do_get_file("test_signed_apps/" + test_name + ".zip", false);
+}
+
+function tampered_app_path(test_name) {
+  return FileUtils.getFile("TmpD", ["test_signed_app-" + test_name + ".zip"]);
+}
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"),
+    check_open_result("valid", Cr.NS_OK));
+});
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unsigned_app_1"),
+    check_open_result("unsigned", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED));
+});
+
+add_test(function () {
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("unknown_issuer_app_1"),
+    check_open_result("unknown_issuer",
+                      getXPCOMStatusFromNSS(SEC_ERROR_UNKNOWN_ISSUER)));
+});
+
+// Sanity check to ensure a no-op tampering gives a valid result
+add_test(function () {
+  let tampered = tampered_app_path("identity_tampering");
+  tamper(original_app_path("valid_app_1"), tampered, { }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, original_app_path("valid_app_1"),
+    check_open_result("identity_tampering", Cr.NS_OK));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_rsa");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.RSA": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_rsa", Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_sf");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/A.SF": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_sf", Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_manifest_mf");
+  tamper(original_app_path("valid_app_1"), tampered, { "META-INF/MANIFEST.MF": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_manifest_mf",
+                      Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("missing_entry");
+  tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": removeEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("missing_entry", Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("truncated_entry");
+  tamper(original_app_path("valid_app_1"), tampered, { "manifest.webapp": truncateEntry }, []);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("truncated_entry", Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("unsigned_entry");
+  tamper(original_app_path("valid_app_1"), tampered, {},
+    [ { "name": "unsigned.txt", "content": "unsigned content!" } ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("unsigned_entry", Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
+});
+
+add_test(function () {
+  let tampered = tampered_app_path("unsigned_metainf_entry");
+  tamper(original_app_path("valid_app_1"), tampered, {},
+    [ { name: "META-INF/unsigned.txt", content: "unsigned content!" } ]);
+  certdb.openSignedAppFileAsync(
+    Ci.nsIX509CertDB.AppXPCShellRoot, tampered,
+    check_open_result("unsigned_metainf_entry",
+                      Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY));
+});
+
+// TODO: tampered MF, tampered SF
+// TODO: too-large MF, too-large RSA, too-large SF
+// TODO: MF and SF that end immediately after the last main header
+//       (no CR nor LF)
+// TODO: broken headers to exercise the parser
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md
new file mode 100644
index 000000000..5c6201534
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/README.md
@@ -0,0 +1,18 @@
+This file contains the scripts and binary files needed to regenerate the signed
+files used on the signed apps test.
+
+Prerequisites:
+
+* NSS 3.4 or higher.
+* Python 2.7 (should work with 2.6 also)
+* Bash
+
+Usage:
+
+Run
+
+./create_test_files.sh
+
+The new test files will be created at the ./testApps directory. Just copy the
+contents of this directory to the test directory (dom/apps/tests/signed and
+security/manager/ssl/tests/unit) to use the new files.
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh
new file mode 100755
index 000000000..e211c3685
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/create_test_files.sh
@@ -0,0 +1,213 @@
+#!/bin/bash
+
+export NSS_DEFAULT_DB_TYPE=sql
+
+export BASE_PATH=`dirname $0`
+export SIGN_SCR_LOC=.
+export APPS_TEST_LOC=../../../../../../../dom/apps/tests/signed
+export TOOLKIT_WEBAPPS_TEST_LOC=../../../../../../../toolkit/webapps/tests/data/
+
+# Creates the entry zip files (unsigned apps) from the source directories
+packageApps() {
+APPS="unsigned_app_1 unsigned_app_origin unsigned_app_origin_toolkit_webapps"
+OLD_PWD=`pwd`
+cd ${BASE_PATH}
+for i in $APPS
+do
+  echo "Creating $i.zip"
+  cd $i && zip -r ../$i.zip . && cd ..
+done
+cd ${OLD_PWD}
+}
+
+
+# Function to create a signing database
+# Parameters:
+# $1: Output directory (where the DB will be created)
+createDb() {
+
+  db=$1
+
+  mkdir -p $db
+
+  # Insecure by design, so... please don't use this for anything serious
+  passwordfile=$db/passwordfile
+
+  echo insecurepassword > $passwordfile
+  certutil -d $db -N -f $passwordfile 2>&1 >/dev/null
+
+}
+
+# Add a CA cert and a signing cert to the database
+# Arguments:
+#   $1: DB directory
+#   $2: CA CN (don't include the CN=, just the value)
+#   $3: Signing Cert CN (don't include the CN=, just the value)
+#   $4: CA short name (don't use spaces!)
+#   $5: Signing Cert short name (don't use spaces!)
+addCerts() {
+  org="O=Examplla Corporation,L=Mountain View,ST=CA,C=US"
+  ca_subj="CN=${2},${org}"
+  ee_subj="CN=${3},${org}"
+
+  noisefile=/tmp/noise.$$
+  head -c 32 /dev/urandom > $noisefile
+
+  ca_responses=/tmp/caresponses.$$
+  ee_responses=/tmp/earesponses
+
+  echo y >  $ca_responses # Is this a CA?
+  echo >>   $ca_responses # Accept default path length constraint (no constraint)
+  echo y >> $ca_responses # Is this a critical constraint?
+  echo n >  $ee_responses # Is this a CA?
+  echo >>   $ee_responses # Accept default path length constraint (no constraint)
+  echo y >> $ee_responses # Is this a critical constraint?
+
+  make_cert="certutil -d $db -f $passwordfile -S -g 2048 -Z SHA256 \
+                    -z $noisefile -y 3 -2 --extKeyUsage critical,codeSigning"
+  $make_cert -v 480 -n ${4}        -m 1 -s "$ca_subj" \
+      --keyUsage critical,certSigning      -t ",,CTu" -x < $ca_responses 2>&1 >/dev/null
+  $make_cert -v 240 -n ${5} -c ${4} -m 2 -s "$ee_subj" \
+      --keyUsage critical,digitalSignature -t ",,,"      < $ee_responses 2>&1 >/dev/null
+
+  # In case we want to inspect the generated certs
+
+  # Also, we'll need this one later on
+  certutil -d $db -L -n ${4} -r -o $db/${4}.der
+  certutil -d $db -L -n ${5} -r -o $db/${5}.der
+
+  rm -f $noisefile $ee_responses $ca_responses
+}
+
+
+# Signs an app
+# Parameters:
+# $1: Database directory
+# $2: Unsigned ZIP file path
+# $3: Signed ZIP file path
+# $4: Store ID for the signed App
+# $5: Version of the signed App
+# $6: Nickname of the signing certificate
+signApp() {
+
+  db=$1
+
+  # Once again, this is INSECURE. It doesn't matter here but
+  # DON'T use this for anything production related
+  passwordfile=$db/passwordfile
+
+  python ${BASE_PATH}/${SIGN_SCR_LOC}/sign_b2g_app.py -d $db -f $passwordfile \
+         -k ${6} -i ${2} -o ${3} -S ${4} -V ${5}
+}
+
+DB_PATH=${BASE_PATH}/signingDB
+TEST_APP_PATH=${BASE_PATH}/testApps
+
+echo "Warning! The directories ${DB_PATH} and ${TEST_APP_PATH} will be erased!"
+echo "Do you want to proceed anyway?"
+select answer in "Yes" "No"
+do
+  case $answer in
+    Yes) break;;
+    No) exit 1;;
+  esac
+done
+
+rm -rf ${DB_PATH} ${TEST_APP_PATH}
+
+TRUSTED_EE=trusted_ee1
+UNTRUSTED_EE=untrusted_ee1
+TRUSTED_CA=trusted_ca1
+UNTRUSTED_CA=untrusted_ca1
+
+# First, we'll create a new couple of signing DBs
+createDb $DB_PATH
+addCerts $DB_PATH "Valid CA" "Store Cert" trusted_ca1 ${TRUSTED_EE}
+addCerts $DB_PATH "Invalid CA" "Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE}
+
+# Then we'll create the unsigned apps
+echo "Creating unsigned apps"
+packageApps
+
+# And then we'll create all the test apps...
+mkdir -p ${TEST_APP_PATH}
+
+# We need:
+# A valid signed file, with two different versions:
+#    valid_app_1.zip
+#    valid_app_2.zip
+VALID_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/valid_app_1.zip \
+        $VALID_UID 1 ${TRUSTED_EE}
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/valid_app_2.zip \
+        $VALID_UID 2 ${TRUSTED_EE}
+
+
+# A corrupt_package:
+#    corrupt_app_1.zip
+# A corrupt package is a package with a entry modified, for example...
+CURDIR=`pwd`
+export TEMP_DIR=$TEST_APP_PATH/aux_unzip_$$
+mkdir -p $TEMP_DIR
+cd  $TEMP_DIR
+unzip ../valid_app_1.zip 2>&1 >/dev/null
+echo " - " >> index.html
+zip -r ../corrupt_app_1.zip * 2>&1 >/dev/null
+cd $CURDIR
+rm -rf $TEMP_DIR
+
+# A file signed by a unknown issuer
+#    unknown_issuer_app_1.zip
+INVALID_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_1.zip \
+        $TEST_APP_PATH/unknown_issuer_app_1.zip \
+        $INVALID_UID 1 ${UNTRUSTED_EE}
+
+# And finally a priviledged signed file that includes the origin on the manifest
+# to avoid that reverting again
+PRIV_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin.zip \
+        $TEST_APP_PATH/origin_app_1.zip \
+        $PRIV_UID 1 ${TRUSTED_EE}
+
+# A privileged signed app needed for a toolkit/webapps test
+PRIV_TOOLKIT_UID=`uuidgen`
+signApp $DB_PATH ${BASE_PATH}/unsigned_app_origin_toolkit_webapps.zip \
+        $TEST_APP_PATH/custom_origin.zip \
+        $PRIV_TOOLKIT_UID 1 ${TRUSTED_EE}
+
+# Now let's copy the trusted cert to the app directory so we have everything
+# on the same place...
+cp ${DB_PATH}/${TRUSTED_CA}.der ${TEST_APP_PATH}
+
+cat <<EOF
+
+All done. The new test files are in ${TEST_APP_PATH}. You should copy the
+contents of that directory to the dom/apps/tests/signed directory and to
+the security/manager/ssl/tests/unit/test_signed_apps (which should be the
+parent of this directory) to install them.
+
+EOF
+
+echo "Do you wish me to do that for you now?"
+select answer in "Yes" "No"
+do
+  case $answer in
+    Yes) break;;
+    No) echo "Ok, not installing the new files"
+        echo "You should run: "
+        echo cp ${TEST_APP_PATH}/* ${BASE_PATH}/${APPS_TEST_LOC}
+        echo cp ${TEST_APP_PATH}/* ${TEST_APP_PATH}/../unsigned_app_1.zip ${BASE_PATH}/..
+        echo cp ${TEST_APP_PATH}/* ${BASE_PATH}/${TOOLKIT_WEBAPPS_TEST_LOC}
+        echo "to install them"
+        exit 0;;
+  esac
+done
+
+cp ${TEST_APP_PATH}/* ${BASE_PATH}/${APPS_TEST_LOC}
+cp ${TEST_APP_PATH}/* ${TEST_APP_PATH}/../unsigned_app_1.zip ${BASE_PATH}/..
+cp ${TEST_APP_PATH}/* ${BASE_PATH}/${TOOLKIT_WEBAPPS_TEST_LOC}
+
+echo "Done!"
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py
new file mode 100644
index 000000000..35ca92959
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/nss_ctypes.py
@@ -0,0 +1,129 @@
+from ctypes import *
+import os
+import sys
+
+if sys.platform == 'darwin':
+  libprefix = "lib"
+  libsuffix = ".dylib"
+elif os.name == 'posix':
+  libprefix = "lib"
+  libsuffix = ".so"
+else: # assume windows
+  libprefix = ""
+  libsuffix = ".dll"
+
+plc   = cdll.LoadLibrary(libprefix + "plc4"   + libsuffix)
+nspr  = cdll.LoadLibrary(libprefix + "nspr4"  + libsuffix)
+nss   = cdll.LoadLibrary(libprefix + "nss3"   + libsuffix)
+smime = cdll.LoadLibrary(libprefix + "smime3" + libsuffix)
+
+nspr.PR_GetError.argtypes = []
+nspr.PR_GetError.restype = c_int32
+nspr.PR_ErrorToName.argtypes = [c_int32]
+nspr.PR_ErrorToName.restype = c_char_p
+
+def raise_if_not_SECSuccess(rv):
+  SECSuccess = 0
+  if (rv != SECSuccess):
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+
+def raise_if_NULL(p):
+  if not p:
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+  return p
+
+PRBool = c_int
+SECStatus = c_int
+
+# from secoidt.h
+SEC_OID_SHA1 = 4
+
+# from certt.h
+certUsageObjectSigner = 6
+
+class SECItem(Structure):
+  _fields_ = [("type", c_int),
+              ("data", c_char_p),
+              ("len", c_uint)]
+
+nss.NSS_Init.argtypes = [c_char_p]
+nss.NSS_Init.restype = SECStatus
+def NSS_Init(db_dir):
+  nss.NSS_Init.argtypes = [c_char_p]
+  nss.NSS_Init.restype = SECStatus
+  raise_if_not_SECSuccess(nss.NSS_Init(db_dir))
+
+nss.NSS_Shutdown.argtypes = []
+nss.NSS_Shutdown.restype = SECStatus
+def NSS_Shutdown():
+  raise_if_not_SECSuccess(nss.NSS_Shutdown())
+
+PK11PasswordFunc = CFUNCTYPE(c_char_p, c_void_p, PRBool, c_char_p)
+
+# pass the result of this as the wincx parameter when a wincx is required
+nss.PK11_SetPasswordFunc.argtypes = [PK11PasswordFunc]
+nss.PK11_SetPasswordFunc.restype = None
+
+# Set the return type as *void so Python doesn't touch it
+plc.PL_strdup.argtypes = [c_char_p]
+plc.PL_strdup.restype = c_void_p
+def SetPasswordContext(password):
+  def callback(slot, retry, arg):
+    return plc.PL_strdup(password)
+  wincx = PK11PasswordFunc(callback)
+  nss.PK11_SetPasswordFunc(wincx)
+  return wincx
+
+nss.CERT_GetDefaultCertDB.argtypes = []
+nss.CERT_GetDefaultCertDB.restype = c_void_p
+def CERT_GetDefaultCertDB():
+  return raise_if_NULL(nss.CERT_GetDefaultCertDB())
+
+nss.PK11_FindCertFromNickname.argtypes = [c_char_p, c_void_p]
+nss.PK11_FindCertFromNickname.restype = c_void_p
+def PK11_FindCertFromNickname(nickname, wincx):
+  return raise_if_NULL(nss.PK11_FindCertFromNickname(nickname, wincx))
+
+nss.CERT_DestroyCertificate.argtypes = [c_void_p]
+nss.CERT_DestroyCertificate.restype = None
+def CERT_DestroyCertificate(cert):
+  nss.CERT_DestroyCertificate(cert)
+
+smime.SEC_PKCS7CreateSignedData.argtypes = [c_void_p, c_int, c_void_p,
+                                            c_int, c_void_p,
+                                            c_void_p, c_void_p]
+smime.SEC_PKCS7CreateSignedData.restype = c_void_p
+def SEC_PKCS7CreateSignedData(cert, certusage, certdb, digestalg, digest, wincx):
+  item = SECItem(0,  c_char_p(digest), len(digest))
+  return raise_if_NULL(smime.SEC_PKCS7CreateSignedData(cert, certusage, certdb,
+                                                       digestalg,
+                                                       pointer(item),
+                                                       None, wincx))
+
+smime.SEC_PKCS7AddSigningTime.argtypes = [c_void_p]
+smime.SEC_PKCS7AddSigningTime.restype = SECStatus
+def SEC_PKCS7AddSigningTime(p7):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7AddSigningTime(p7))
+
+smime.SEC_PKCS7IncludeCertChain.argtypes = [c_void_p, c_void_p]
+smime.SEC_PKCS7IncludeCertChain.restype = SECStatus
+def SEC_PKCS7IncludeCertChain(p7, wincx):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7IncludeCertChain(p7, wincx))
+
+SEC_PKCS7EncoderOutputCallback = CFUNCTYPE(None, c_void_p, c_void_p, c_long)
+smime.SEC_PKCS7Encode.argtypes = [c_void_p, SEC_PKCS7EncoderOutputCallback,
+                                  c_void_p, c_void_p, c_void_p, c_void_p]
+smime.SEC_PKCS7Encode.restype = SECStatus
+def SEC_PKCS7Encode(p7, bulkkey, wincx):
+  outputChunks = []
+  def callback(chunks, data, len):
+    outputChunks.append(string_at(data, len))
+  callbackWrapper = SEC_PKCS7EncoderOutputCallback(callback)
+  raise_if_not_SECSuccess(smime.SEC_PKCS7Encode(p7, callbackWrapper,
+                                                None, None, None, wincx))
+  return "".join(outputChunks)
+
+smime.SEC_PKCS7DestroyContentInfo.argtypes = [c_void_p]
+smime.SEC_PKCS7DestroyContentInfo.restype = None
+def SEC_PKCS7DestroyContentInfo(p7):
+  smime.SEC_PKCS7DestroyContentInfo(p7)
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py
new file mode 100644
index 000000000..89b385a9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/sign_b2g_app.py
@@ -0,0 +1,174 @@
+import argparse
+from base64 import b64encode
+from hashlib import sha1
+import sys
+import zipfile
+import ctypes
+
+import nss_ctypes
+
+# Change the limits in JarSignatureVerification.cpp when you change the limits
+# here.
+max_entry_uncompressed_len = 100 * 1024 * 1024
+max_total_uncompressed_len = 500 * 1024 * 1024
+max_entry_count = 100 * 1000
+max_entry_filename_len = 1024
+max_mf_len = max_entry_count * 50
+max_sf_len = 1024
+
+
+
+def nss_load_cert(nss_db_dir, nss_password, cert_nickname):
+  nss_ctypes.NSS_Init(nss_db_dir)
+  try:
+    wincx = nss_ctypes.SetPasswordContext(nss_password)
+    cert = nss_ctypes.PK11_FindCertFromNickname(cert_nickname, wincx)
+    return (wincx, cert)
+  except:
+    nss_ctypes.NSS_Shutdown()
+    raise
+
+def nss_create_detached_signature(cert, dataToSign, wincx):
+  certdb = nss_ctypes.CERT_GetDefaultCertDB()
+  p7 = nss_ctypes.SEC_PKCS7CreateSignedData(cert,
+                                            nss_ctypes.certUsageObjectSigner,
+                                            certdb,
+                                            nss_ctypes.SEC_OID_SHA1,
+                                            sha1(dataToSign).digest(),
+                                            wincx       )
+  try:
+    nss_ctypes.SEC_PKCS7AddSigningTime(p7)
+    nss_ctypes.SEC_PKCS7IncludeCertChain(p7, wincx)
+    return nss_ctypes.SEC_PKCS7Encode(p7, None, wincx)
+  finally:
+    nss_ctypes.SEC_PKCS7DestroyContentInfo(p7)
+
+# We receive a ids_json string for the toBeSigned app
+def sign_zip(in_zipfile_name, out_zipfile_name, cert, wincx, ids_json):
+  mf_entries = []
+  seen_entries = set()
+
+  total_uncompressed_len = 0
+  entry_count = 0
+  with zipfile.ZipFile(out_zipfile_name, 'w') as out_zip:
+    with zipfile.ZipFile(in_zipfile_name, 'r') as in_zip:
+      for entry_info in in_zip.infolist():
+        name = entry_info.filename
+
+        # Check for reserved and/or insane (potentially malicious) names
+        if name.endswith("/"):
+          pass
+          # Do nothing; we don't copy directory entries since they are just a
+          # waste of space.
+        elif name.lower().startswith("meta-inf/"):
+          # META-INF/* is reserved for our use
+          raise ValueError("META-INF entries are not allowed: %s" % (name))
+        elif len(name) > max_entry_filename_len:
+          raise ValueError("Entry's filename is too long: %s" % (name))
+        # TODO: elif name has invalid characters...
+        elif name in seen_entries:
+          # It is possible for a zipfile to have duplicate entries (with the exact
+          # same filenames). Python's zipfile module accepts them, but our zip
+          # reader in Gecko cannot do anything useful with them, and there's no
+          # sane reason for duplicate entries to exist, so reject them.
+          raise ValueError("Duplicate entry in input file: %s" % (name))
+        else:
+          entry_count += 1
+          if entry_count > max_entry_count:
+            raise ValueError("Too many entries in input archive")
+
+          seen_entries.add(name)
+
+          # Read in the input entry, but be careful to avoid going over the
+          # various limits we have, to minimize the likelihood that we'll run
+          # out of memory. Note that we can't use the length from entry_info
+          # because that might not be accurate if the input zip file is
+          # maliciously crafted to contain misleading metadata.
+          with in_zip.open(name, 'r') as entry_file:
+            contents = entry_file.read(max_entry_uncompressed_len + 1)
+          if len(contents) > max_entry_uncompressed_len:
+            raise ValueError("Entry is too large: %s" % (name))
+          total_uncompressed_len += len(contents)
+          if total_uncompressed_len > max_total_uncompressed_len:
+            raise ValueError("Input archive is too large")
+
+          # Copy the entry, using the same compression as used in the input file
+          out_zip.writestr(entry_info, contents)
+
+          # Add the entry to the manifest we're building
+          mf_entries.append('Name: %s\nSHA1-Digest: %s\n'
+                                % (name, b64encode(sha1(contents).digest())))
+    if (ids_json):
+      mf_entries.append('Name: %s\nSHA1-Digest: %s\n'
+                        % ("META-INF/ids.json", b64encode(sha1(ids_json).digest())))
+
+    mf_contents = 'Manifest-Version: 1.0\n\n' + '\n'.join(mf_entries)
+    if len(mf_contents) > max_mf_len:
+      raise ValueError("Generated MANIFEST.MF is too large: %d" % (len(mf_contents)))
+
+    sf_contents = ('Signature-Version: 1.0\nSHA1-Digest-Manifest: %s\n'
+                                % (b64encode(sha1(mf_contents).digest())))
+    if len(sf_contents) > max_sf_len:
+      raise ValueError("Generated SIGNATURE.SF is too large: %d"
+                          % (len(mf_contents)))
+
+    p7 = nss_create_detached_signature(cert, sf_contents, wincx)
+
+    # write the signature, SF, and MF
+    out_zip.writestr("META-INF/A.RSA", p7, zipfile.ZIP_DEFLATED)
+    out_zip.writestr("META-INF/A.SF",  sf_contents, zipfile.ZIP_DEFLATED)
+    out_zip.writestr("META-INF/MANIFEST.MF", mf_contents, zipfile.ZIP_DEFLATED)
+    if (ids_json):
+        out_zip.writestr("META-INF/ids.json", ids_json, zipfile.ZIP_DEFLATED)
+
+def main():
+  parser = argparse.ArgumentParser(description='Sign a B2G app.')
+  parser.add_argument('-d', action='store',
+                            required=True, help='NSS database directory')
+  parser.add_argument('-f', action='store',
+                            type=argparse.FileType('rb'),
+                            required=True, help='password file')
+  parser.add_argument('-k', action='store',
+                            required=True, help="nickname of signing cert.")
+  parser.add_argument('-i', action='store', type=argparse.FileType('rb'),
+                            required=True, help="input JAR file (unsigned)")
+  parser.add_argument('-o', action='store', type=argparse.FileType('wb'),
+                            required=True, help="output JAR file (signed)")
+  parser.add_argument('-I', '--ids-file', action='store', type=argparse.FileType('rb'),
+                     help="Path to the ids.json file", dest='I')
+  parser.add_argument('-S', '--storeId', action='store',
+                      help="Store Id for the package", dest='S')
+  parser.add_argument('-V', '--storeVersion', action='store', type=int,
+                      help="Package Version", dest='V')
+  args = parser.parse_args()
+
+  # Sadly nested groups and neccesarily inclusive groups (http://bugs.python.org/issue11588)
+  # are not implemented. Note that this means the automatic help is slighty incorrect
+  if not((not args.I and args.V and args.S) or (args.I and not args.V and not args.S)):
+      raise ValueError("Either -I or -S and -V must be specified")
+
+  if (args.I):
+    ids_contents = args.I.read(max_entry_uncompressed_len+1)
+  else:
+    ids_contents = '''{
+  "id": "%(id)s",
+  "version": %(version)d
+}
+''' % {"id": args.S, "version": args.V}
+  if len(ids_contents) > max_entry_uncompressed_len:
+    raise ValueError("Entry is too large: %s" % (name))
+
+  db_dir = args.d
+  password = args.f.readline().strip()
+  cert_nickname = args.k
+
+  (wincx, cert) = nss_load_cert(db_dir, password, cert_nickname)
+  try:
+    sign_zip(args.i, args.o, cert, wincx, ids_contents)
+    return 0
+  finally:
+    nss_ctypes.CERT_DestroyCertificate(cert)
+    nss_ctypes.NSS_Shutdown()
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png
new file mode 100644
index 000000000..d6fd07a41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/icon-128.png
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html
new file mode 100644
index 000000000..2acf635e8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/index.html
@@ -0,0 +1,6 @@
+<!doctype html>

+<html lang=en>

+<head><meta charset=utf-8><title>Simple App</title></head>

+<body><p>This is a Simple App.</body>

+</html>

+

diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp
new file mode 100644
index 000000000..447cd1e71
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_1/manifest.webapp
@@ -0,0 +1,8 @@
+{ "name": "Simple App"
+, "description": "A Simple Open Web App"
+, "launch_path": "tests/dom/apps/tests/signed_app.sjs"
+, "icons": { "128" : "icon-128.png" }
+, "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ]
+, "version": 1
+, "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png
new file mode 100644
index 000000000..d6fd07a41
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/icon-128.png
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html
new file mode 100644
index 000000000..9f2adf57b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/index.html
@@ -0,0 +1,6 @@
+<!doctype html>
+<html lang=en>
+<head><meta charset=utf-8><title>Simple App</title></head>
+<body><p>This is a Simple App.</body>
+</html>
+
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp
new file mode 100644
index 000000000..d2393e3c3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin/manifest.webapp
@@ -0,0 +1,10 @@
+{ "name": "Simple App",
+  "description": "A Simple Open Web App",
+  "type": "privileged",
+  "origin": "app://test.origin.privileged.app",
+  "launch_path": "tests/dom/apps/tests/signed_app.sjs",
+  "icons": { "128" : "icon-128.png" },
+  "installs_allowed_from": [ "https://marketplace.mozilla.com", "http://mochi.test:8888" ],
+  "version": 1,
+  "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html
new file mode 100644
index 000000000..12c6881c2
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/index.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Test app</title>
+</head>
+<body>
+Test app:
+<iframe src="http://127.0.0.1:8888/chrome/toolkit/webapps/tests/app.sjs?appreq"></iframe>
+</body>
+</html>
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp
new file mode 100644
index 000000000..55103ca5a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/gentestfiles/unsigned_app_origin_toolkit_webapps/manifest.webapp
@@ -0,0 +1,9 @@
+{
+  "name": "Custom Origin Test",
+  "version": 1,
+  "size": 777,
+  "package_path": "custom_origin.zip",
+  "launch_path": "/index.html",
+  "origin": "app://test.origin.privileged.app",
+  "type": "privileged"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip
new file mode 100644
index 000000000..3a12106c8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/privileged-app-test-1.0.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip
new file mode 100644
index 000000000..ec137ea14
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/test-privileged-app-test-1.0.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der
new file mode 100644
index 000000000..0200a7f35
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/trusted_ca1.der
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip
new file mode 100644
index 000000000..374e45f6f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/unknown_issuer_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip
new file mode 100644
index 000000000..731e050ab
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/unsigned_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip
new file mode 100644
index 000000000..74a35a420
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_apps/valid_app_1.zip
diff --git a/security/manager/ssl/tests/unit/test_signed_dir.js b/security/manager/ssl/tests/unit/test_signed_dir.js
new file mode 100644
index 000000000..b07fd2285
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_dir.js
@@ -0,0 +1,201 @@
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that signed extensions extracted/unpacked into a directory work pass
+// verification when non-tampered, and fail verification when tampered via
+// various means.
+
+const { ZipUtils } = Cu.import("resource://gre/modules/ZipUtils.jsm", {});
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+/**
+ * Signed test extension. This is any arbitrary Mozilla signed XPI that
+ * preferably has recently been signed (but note that it actually doesn't
+ * matter, since we ignore expired certificates when checking signing).
+ * @type nsIFile
+ */
+var gSignedXPI =
+  do_get_file("test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi", false);
+/**
+ * The directory that the test extension will be extracted to.
+ * @type nsIFile
+ */
+var gTarget = FileUtils.getDir("TmpD", ["test_signed_dir"]);
+gTarget.createUnique(Ci.nsIFile.DIRECTORY_TYPE, FileUtils.PERMS_DIRECTORY);
+
+/**
+ * Each property below is optional. Defining none of them means "don't tamper".
+ *
+ * @typedef {TamperInstructions}
+ * @type Object
+ * @property {String[][]} copy
+ *           Format: [[path,newname], [path2,newname2], ...]
+ *           Copy the file located at |path| and name it |newname|.
+ * @property {String[]} delete
+ *           List of paths to files to delete.
+ * @property {String[]} corrupt
+ *           List of paths to files to corrupt.
+ */
+
+/**
+ * Extracts the signed XPI into a directory, and tampers the files in that
+ * directory if instructed.
+ *
+ * @param {TamperInstructions} tamper
+ *        Instructions on whether to tamper any files, and if so, how.
+ * @returns {nsIFile}
+ *          The directory where the XPI was extracted to.
+ */
+function prepare(tamper) {
+  ZipUtils.extractFiles(gSignedXPI, gTarget);
+
+  // copy files
+  if (tamper.copy) {
+    tamper.copy.forEach(i => {
+      let f = gTarget.clone();
+      i[0].split("/").forEach(seg => { f.append(seg); });
+      f.copyTo(null, i[1]);
+    });
+  }
+
+  // delete files
+  if (tamper.delete) {
+    tamper.delete.forEach(i => {
+      let f = gTarget.clone();
+      i.split("/").forEach(seg => { f.append(seg); });
+      f.remove(true);
+    });
+  }
+
+  // corrupt files
+  if (tamper.corrupt) {
+    tamper.corrupt.forEach(i => {
+      let f = gTarget.clone();
+      i.split("/").forEach(seg => { f.append(seg); });
+      let s = FileUtils.openFileOutputStream(f, FileUtils.MODE_WRONLY);
+      const str = "Kilroy was here";
+      s.write(str, str.length);
+      s.close();
+    });
+  }
+
+  return gTarget;
+}
+
+function checkResult(expectedRv, dir, resolve) {
+  return function verifySignedDirCallback(rv, aSignerCert) {
+    equal(rv, expectedRv, "Actual and expected return value should match");
+    equal(aSignerCert != null, Components.isSuccessCode(expectedRv),
+          "expecting certificate:");
+    dir.remove(true);
+    resolve();
+  };
+}
+
+function verifyDirAsync(expectedRv, tamper) {
+  let targetDir = prepare(tamper);
+  return new Promise((resolve, reject) => {
+    certdb.verifySignedDirectoryAsync(
+      Ci.nsIX509CertDB.AddonsPublicRoot, targetDir,
+      checkResult(expectedRv, targetDir, resolve));
+  });
+}
+
+//
+// the tests
+//
+add_task(function* testValid() {
+  yield verifyDirAsync(Cr.NS_OK, {} /* no tampering */);
+});
+
+add_task(function* testNoMetaDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED,
+                       {delete: ["META-INF"]});
+});
+
+add_task(function* testEmptyMetaDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_NOT_SIGNED,
+                       {delete: ["META-INF/mozilla.rsa",
+                                 "META-INF/mozilla.sf",
+                                 "META-INF/manifest.mf"]});
+});
+
+add_task(function* testTwoRSAFiles() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {copy: [["META-INF/mozilla.rsa", "extra.rsa"]]});
+});
+
+add_task(function* testCorruptRSAFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/mozilla.rsa"]});
+});
+
+add_task(function* testMissingSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {delete: ["META-INF/mozilla.sf"]});
+});
+
+add_task(function* testCorruptSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/mozilla.sf"]});
+});
+
+add_task(function* testExtraInvalidSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["META-INF/mozilla.rsa", "extra.sf"]]});
+});
+
+add_task(function* testExtraValidSFFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["META-INF/mozilla.sf", "extra.sf"]]});
+});
+
+add_task(function* testMissingManifest() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {delete: ["META-INF/manifest.mf"]});
+});
+
+add_task(function* testCorruptManifest() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MANIFEST_INVALID,
+                       {corrupt: ["META-INF/manifest.mf"]});
+});
+
+add_task(function* testMissingFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+                       {delete: ["bootstrap.js"]});
+});
+
+add_task(function* testCorruptFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+                       {corrupt: ["bootstrap.js"]});
+});
+
+add_task(function* testExtraFile() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["bootstrap.js", "extra"]]});
+});
+
+add_task(function* testMissingFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_ENTRY_MISSING,
+                       {delete: ["lib/ui.js"]});
+});
+
+add_task(function* testCorruptFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_MODIFIED_ENTRY,
+                       {corrupt: ["lib/ui.js"]});
+});
+
+add_task(function* testExtraFileInDir() {
+  yield verifyDirAsync(Cr.NS_ERROR_SIGNED_JAR_UNSIGNED_ENTRY,
+                       {copy: [["lib/ui.js", "extra"]]});
+});
+
+do_register_cleanup(function() {
+  if (gTarget.exists()) {
+    gTarget.remove(true);
+  }
+});
diff --git a/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi
new file mode 100644
index 000000000..902b731f3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_dir/lightbeam_for_firefox-1.3.1-fx.xpi
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/README.md b/security/manager/ssl/tests/unit/test_signed_manifest/README.md
new file mode 100644
index 000000000..a442c7052
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/README.md
@@ -0,0 +1,17 @@
+This folder contains the scripts needed to generate signed manifest files
+to verify the Trusted Hosted Apps concept.
+
+Prerequisites:
+
+* NSS 3.4 or higher.
+* Python 2.7 (should work with 2.6 also)
+* Bash
+* OpenSSL
+
+Usage:
+
+Run
+  I) For usage info execute ./create_test_files.sh --help
+
+ II) Upload the signed manifest.webapp and manifest.sig to the
+     application hosting server.
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh
new file mode 100755
index 000000000..cddbe17ec
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/create_test_files.sh
@@ -0,0 +1,181 @@
+#!/bin/bash
+#
+# Mode: shell-script; sh-indentation:2;
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+export BASE_PATH=`dirname $0`
+echo $BASE_PATH
+
+# location of the 'sign_b2g_manifest.py' script
+export SIGN_SCR_PATH=.
+
+DB_PATH=${BASE_PATH}/signingDB
+PASSWORD_FILE=${DB_PATH}/passwordfile
+VALID_MANIFEST_PATH=${BASE_PATH}/testValidSignedManifest
+INVALID_MANIFEST_PATH=${BASE_PATH}/testInvalidSignedManifest
+
+TRUSTED_EE=trusted_ee1
+UNTRUSTED_EE=untrusted_ee1
+TRUSTED_CA=trusted_ca1
+UNTRUSTED_CA=untrusted_ca1
+
+# Print usage info
+usage() {
+    echo
+    echo
+    tput bold
+    echo "NAME"
+    tput sgr0
+    echo "     create_test_files.sh - Signing a manifest for Trusted Hosted Apps."
+    echo
+    tput bold
+    echo "SYNOPSIS"
+    tput sgr0
+    echo "     create_test_files.sh"
+    echo "     create_test_files.sh [--regenerate-test-certs]"
+    echo "     create_test_files.sh [--help]"
+    echo
+    tput bold
+    echo "DESCRIPTION"
+    tput sgr0
+    echo "     The script signs a manifest for Trusted Hosted Apps if no parameter"
+    echo "     is given and if the manifest file and a certificate database directory"
+    echo "     is present in the current directory."
+    echo "     Two directories ./testValidSignedManifest and ./testInvalidSignedManifest"
+    echo "     are generated containing a manifest signature file each, signed with valid"
+    echo "     and invalid certificates respectively."
+    echo "     If the --regenerate-test-certs parameter is given, a new certificate database"
+    echo "     directory is generated before the signing takes place."
+    echo "     If the certificate database is not present and the --regenerate-test-certs"
+    echo "     parameter is not given the script exits whithout any operations."
+    echo
+    tput bold
+    echo "OPTIONS"
+    echo "    --regenerate-test-certs,"
+    tput sgr0
+    echo "        Generates a test certificate database and then signs the manifest.webapp"
+    echo "        file in the current directory."
+    echo
+    tput bold
+    echo "    --help,"
+    tput sgr0
+    echo "        Show this usage information."
+    echo
+}
+
+# Function to create a signing database
+# Parameters:
+# $1: Output directory (where the DB will be created)
+# $2: Password file
+createDB() {
+  local db_path=${1}
+  local password_file=${2}
+
+  mkdir -p ${db_path}
+  echo insecurepassword > ${password_file}
+  certutil -d ${db_path} -N -f ${password_file} 2>&1 >/dev/null
+}
+
+# Add a CA cert and a signing cert to the database
+# Arguments:
+#   $1: DB directory
+#   $2: CA CN (don't include the CN=, just the value)
+#   $3: Signing Cert CN (don't include the CN=, just the value)
+#   $4: CA short name (don't use spaces!)
+#   $5: Signing Cert short name (don't use spaces!)
+#   $6: Password file
+addCerts() {
+  local db_path=${1}
+  local password_file=${6}
+
+  org="O=Example Trusted Corporation,L=Mountain View,ST=CA,C=US"
+  ca_subj="CN=${2},${org}"
+  ee_subj="CN=${3},${org}"
+
+  noisefile=/tmp/noise.$$
+  head -c 32 /dev/urandom > ${noisefile}
+
+  ca_responses=/tmp/caresponses.$$
+  ee_responses=/tmp/earesponses
+
+  echo y >  ${ca_responses} # Is this a CA?
+  echo >>   ${ca_responses} # Accept default path length constraint (no constraint)
+  echo y >> ${ca_responses} # Is this a critical constraint?
+  echo n >  ${ee_responses} # Is this a CA?
+  echo >>   ${ee_responses} # Accept default path length constraint (no constraint)
+  echo y >> ${ee_responses} # Is this a critical constraint?
+
+  make_cert="certutil -d ${db_path} -f ${password_file} -S -g 2048 -Z SHA256 \
+                      -z ${noisefile} -y 3 -2 --extKeyUsage critical,codeSigning"
+  ${make_cert} -v 480 -n ${4} -m 1 -s "${ca_subj}" --keyUsage critical,certSigning \
+             -t ",,CTu" -x < ${ca_responses} 2>&1 >/dev/null
+  ${make_cert} -v 240 -n ${5} -c ${4} -m 2 -s "${ee_subj}" --keyUsage critical,digitalSignature \
+             -t ",,," < ${ee_responses} 2>&1 >/dev/null
+
+  certutil -d ${db_path} -L -n ${4} -r -o ${SIGN_SCR_PATH}/${4}.der
+
+  rm -f ${noisefile} ${ee_responses} ${ca_responses}
+}
+
+# Signs a manifest
+# Parameters:
+# $1: Database directory
+# $2: Unsigned manifest file path
+# $3: Signed manifest file path
+# $4: Nickname of the signing certificate
+# $5: Password file
+signManifest() {
+  local db_path=${1}
+  local password_file=${5}
+
+  python ${BASE_PATH}/${SIGN_SCR_PATH}/sign_b2g_manifest.py -d ${db_path} \
+      -f ${password_file} -k ${4} -i ${2} -o ${3}
+}
+
+# Generate the necessary files to be used for the signing
+generate_files() {
+  # First create a new couple of signing DBs
+  rm -rf ${DB_PATH} ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH}
+  createDB ${DB_PATH} ${PASSWORD_FILE}
+  addCerts ${DB_PATH} "Trusted Valid CA" "Trusted Corp Cert" ${TRUSTED_CA} ${TRUSTED_EE} ${PASSWORD_FILE}
+  addCerts ${DB_PATH} "Trusted Invalid CA" "Trusted Invalid Cert" ${UNTRUSTED_CA} ${UNTRUSTED_EE} ${PASSWORD_FILE}
+}
+
+#Start of execution
+if [ ${1} ] && [ "${1}" == '--regenerate-test-certs' ]; then
+  generate_files
+elif [ "${1}" == '--help' ]; then
+    usage
+    exit 1
+else
+  if [ -d ${DB_PATH} ]; then
+    rm -rf ${VALID_MANIFEST_PATH} ${INVALID_MANIFEST_PATH}
+  else
+    echo "Error! The directory ${DB_PATH} does not exist!"
+    echo "New certificate database must be created!"
+    usage $0
+    exit 1
+  fi
+fi
+
+# Create all the test manifests
+mkdir -p ${VALID_MANIFEST_PATH}
+mkdir -p ${INVALID_MANIFEST_PATH}
+
+CURDIR=`pwd`
+cd $CURDIR
+
+# Sign a manifest file with a known issuer
+signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \
+             ${VALID_MANIFEST_PATH}/manifest.sig \
+             ${TRUSTED_EE} ${PASSWORD_FILE}
+
+# Sign a manifest file with a unknown issuer
+signManifest ${DB_PATH} ${BASE_PATH}/manifest.webapp \
+             ${INVALID_MANIFEST_PATH}/manifest.sig \
+             ${UNTRUSTED_EE} ${PASSWORD_FILE}
+
+echo "Done!"
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp
new file mode 100644
index 000000000..ad477719b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/manifest.webapp
@@ -0,0 +1,10 @@
+{ "name": "Trusted App Example",
+  "description": "A Manifest for a Trusted Hosted Application",
+  "type": "trusted",
+  "launch_path": "/index.html",
+  "icons": { "128" : "icon-128.png" },
+  "version": 1,
+  "csp" : "script-src https://www.example.com; style-src https://www.example.com",
+  "permissions": { "device-storage:videos":{ "access": "readonly" }, "device-storage:pictures":{ "access": "readwrite" } },
+  "default_locale": "en-US"
+}
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py
new file mode 100644
index 000000000..a0c50b1ed
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/nss_ctypes.py
@@ -0,0 +1,136 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+from ctypes import *
+import os
+import sys
+
+if sys.platform == 'darwin':
+  libprefix = "lib"
+  libsuffix = ".dylib"
+elif os.name == 'posix':
+  libprefix = "lib"
+  libsuffix = ".so"
+else: # assume windows
+  libprefix = ""
+  libsuffix = ".dll"
+
+plc   = cdll.LoadLibrary(libprefix + "plc4"   + libsuffix)
+nspr  = cdll.LoadLibrary(libprefix + "nspr4"  + libsuffix)
+nss   = cdll.LoadLibrary(libprefix + "nss3"   + libsuffix)
+smime = cdll.LoadLibrary(libprefix + "smime3" + libsuffix)
+
+nspr.PR_GetError.argtypes = []
+nspr.PR_GetError.restype = c_int32
+nspr.PR_ErrorToName.argtypes = [c_int32]
+nspr.PR_ErrorToName.restype = c_char_p
+
+def raise_if_not_SECSuccess(rv):
+  SECSuccess = 0
+  if (rv != SECSuccess):
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+
+def raise_if_NULL(p):
+  if not p:
+    raise ValueError(nspr.PR_ErrorToName(nspr.PR_GetError()))
+  return p
+
+PRBool = c_int
+SECStatus = c_int
+
+# from secoidt.h
+SEC_OID_SHA1 = 4
+
+# from certt.h
+certUsageObjectSigner = 6
+
+class SECItem(Structure):
+  _fields_ = [("type", c_int),
+              ("data", c_char_p),
+              ("len", c_uint)]
+
+nss.NSS_Init.argtypes = [c_char_p]
+nss.NSS_Init.restype = SECStatus
+def NSS_Init(db_dir):
+  nss.NSS_Init.argtypes = [c_char_p]
+  nss.NSS_Init.restype = SECStatus
+  raise_if_not_SECSuccess(nss.NSS_Init(db_dir))
+
+nss.NSS_Shutdown.argtypes = []
+nss.NSS_Shutdown.restype = SECStatus
+def NSS_Shutdown():
+  raise_if_not_SECSuccess(nss.NSS_Shutdown())
+
+PK11PasswordFunc = CFUNCTYPE(c_char_p, c_void_p, PRBool, c_char_p)
+
+# pass the result of this as the wincx parameter when a wincx is required
+nss.PK11_SetPasswordFunc.argtypes = [PK11PasswordFunc]
+nss.PK11_SetPasswordFunc.restype = None
+
+# Set the return type as *void so Python doesn't touch it
+plc.PL_strdup.argtypes = [c_char_p]
+plc.PL_strdup.restype = c_void_p
+def SetPasswordContext(password):
+  def callback(slot, retry, arg):
+    return plc.PL_strdup(password)
+  wincx = PK11PasswordFunc(callback)
+  nss.PK11_SetPasswordFunc(wincx)
+  return wincx
+
+nss.CERT_GetDefaultCertDB.argtypes = []
+nss.CERT_GetDefaultCertDB.restype = c_void_p
+def CERT_GetDefaultCertDB():
+  return raise_if_NULL(nss.CERT_GetDefaultCertDB())
+
+nss.PK11_FindCertFromNickname.argtypes = [c_char_p, c_void_p]
+nss.PK11_FindCertFromNickname.restype = c_void_p
+def PK11_FindCertFromNickname(nickname, wincx):
+  return raise_if_NULL(nss.PK11_FindCertFromNickname(nickname, wincx))
+
+nss.CERT_DestroyCertificate.argtypes = [c_void_p]
+nss.CERT_DestroyCertificate.restype = None
+def CERT_DestroyCertificate(cert):
+  nss.CERT_DestroyCertificate(cert)
+
+smime.SEC_PKCS7CreateSignedData.argtypes = [c_void_p, c_int, c_void_p,
+                                            c_int, c_void_p,
+                                            c_void_p, c_void_p]
+smime.SEC_PKCS7CreateSignedData.restype = c_void_p
+def SEC_PKCS7CreateSignedData(cert, certusage, certdb, digestalg, digest, wincx):
+  item = SECItem(0,  c_char_p(digest), len(digest))
+  return raise_if_NULL(smime.SEC_PKCS7CreateSignedData(cert, certusage, certdb,
+                                                       digestalg,
+                                                       pointer(item),
+                                                       None, wincx))
+
+smime.SEC_PKCS7AddSigningTime.argtypes = [c_void_p]
+smime.SEC_PKCS7AddSigningTime.restype = SECStatus
+def SEC_PKCS7AddSigningTime(p7):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7AddSigningTime(p7))
+
+smime.SEC_PKCS7IncludeCertChain.argtypes = [c_void_p, c_void_p]
+smime.SEC_PKCS7IncludeCertChain.restype = SECStatus
+def SEC_PKCS7IncludeCertChain(p7, wincx):
+  raise_if_not_SECSuccess(smime.SEC_PKCS7IncludeCertChain(p7, wincx))
+
+SEC_PKCS7EncoderOutputCallback = CFUNCTYPE(None, c_void_p, c_void_p, c_long)
+smime.SEC_PKCS7Encode.argtypes = [c_void_p, SEC_PKCS7EncoderOutputCallback,
+                                  c_void_p, c_void_p, c_void_p, c_void_p]
+smime.SEC_PKCS7Encode.restype = SECStatus
+def SEC_PKCS7Encode(p7, bulkkey, wincx):
+  outputChunks = []
+  def callback(chunks, data, len):
+    outputChunks.append(string_at(data, len))
+  callbackWrapper = SEC_PKCS7EncoderOutputCallback(callback)
+  raise_if_not_SECSuccess(smime.SEC_PKCS7Encode(p7, callbackWrapper,
+                                                None, None, None, wincx))
+  return "".join(outputChunks)
+
+smime.SEC_PKCS7DestroyContentInfo.argtypes = [c_void_p]
+smime.SEC_PKCS7DestroyContentInfo.restype = None
+def SEC_PKCS7DestroyContentInfo(p7):
+  smime.SEC_PKCS7DestroyContentInfo(p7)
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py
new file mode 100644
index 000000000..a7f060481
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/sign_b2g_manifest.py
@@ -0,0 +1,76 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+import argparse
+from base64 import b64encode
+from hashlib import sha1
+import sys
+import ctypes
+import nss_ctypes
+
+def nss_create_detached_signature(cert, dataToSign, wincx):
+  certdb = nss_ctypes.CERT_GetDefaultCertDB()
+  p7 = nss_ctypes.SEC_PKCS7CreateSignedData(cert,
+                                            nss_ctypes.certUsageObjectSigner,
+                                            certdb,
+                                            nss_ctypes.SEC_OID_SHA1,
+                                            sha1(dataToSign).digest(),
+                                            wincx)
+  try:
+    nss_ctypes.SEC_PKCS7AddSigningTime(p7)
+    nss_ctypes.SEC_PKCS7IncludeCertChain(p7, wincx)
+    return nss_ctypes.SEC_PKCS7Encode(p7, None, wincx)
+  finally:
+    nss_ctypes.SEC_PKCS7DestroyContentInfo(p7)
+
+# Sign a manifest file
+def sign_file(in_file, out_file, cert, wincx):
+  contents = in_file.read()
+  in_file.close()
+
+  # generate base64 encoded string of the sha1 digest of the input file
+  in_file_hash = b64encode(sha1(contents).digest())
+
+  # sign the base64 encoded string with the given certificate
+  in_file_signature = nss_create_detached_signature(cert, in_file_hash, wincx)
+
+  # write the content of the output file
+  out_file.write(in_file_signature)
+  out_file.close()
+
+def main():
+  parser = argparse.ArgumentParser(description='Sign a B2G app manifest.')
+  parser.add_argument('-d', action='store',
+                            required=True, help='NSS database directory')
+  parser.add_argument('-f', action='store',
+                            type=argparse.FileType('rb'),
+                            required=True, help='password file')
+  parser.add_argument('-k', action='store',
+                            required=True, help="nickname of signing cert.")
+  parser.add_argument('-i', action='store', type=argparse.FileType('rb'),
+                            required=True, help="input manifest file (unsigned)")
+  parser.add_argument('-o', action='store', type=argparse.FileType('wb'),
+                            required=True, help="output manifest file (signed)")
+  args = parser.parse_args()
+
+  db_dir = args.d
+  password = args.f.readline().strip()
+  cert_nickname = args.k
+  cert = None
+
+  try:
+    nss_ctypes.NSS_Init(db_dir)
+    wincx = nss_ctypes.SetPasswordContext(password)
+    cert = nss_ctypes.PK11_FindCertFromNickname(cert_nickname, wincx)
+    sign_file(args.i, args.o, cert, wincx)
+    return 0
+  finally:
+    nss_ctypes.CERT_DestroyCertificate(cert)
+    nss_ctypes.NSS_Shutdown()
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig
new file mode 100644
index 000000000..d5eee196c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/testInvalidSignedManifest/manifest.sig
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig
new file mode 100644
index 000000000..996226351
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/testValidSignedManifest/manifest.sig
diff --git a/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der
new file mode 100644
index 000000000..bf05308cc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_signed_manifest/trusted_ca1.der
diff --git a/security/manager/ssl/tests/unit/test_sss_eviction.js b/security/manager/ssl/tests/unit/test_sss_eviction.js
new file mode 100644
index 000000000..0ac8983f6
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_eviction.js
@@ -0,0 +1,85 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to check that a frequently visited site
+// will not be evicted over an infrequently visited site.
+
+var gSSService = null;
+var gProfileDir = null;
+
+function do_state_written(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last part is removed because it's the empty string after the final \n
+  let lines = stateFileContents.split('\n').slice(0, -1);
+  // We can receive multiple data-storage-written events. In particular, we
+  // may receive one where DataStorage wrote out data before we were done
+  // processing all of our headers. In this case, the data may not be
+  // as we expect. We only care about the final one being correct, however,
+  // so we return and wait for the next event if things aren't as we expect.
+  // There should be 1024 entries.
+  if (lines.length != 1024) {
+    return;
+  }
+
+  let foundLegitSite = false;
+  for (let line of lines) {
+    if (line.startsWith("frequentlyused.example.com:HSTS")) {
+      foundLegitSite = true;
+      break;
+    }
+  }
+
+  ok(foundLegitSite);
+  do_test_finished();
+}
+
+function do_state_read(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "frequentlyused.example.com", 0));
+  let sslStatus = new FakeSSLStatus();
+  for (let i = 0; i < 2000; i++) {
+    let uri = Services.io.newURI("http://bad" + i + ".example.com", null, null);
+    gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                            "max-age=1000", sslStatus, 0);
+  }
+  do_test_pending();
+  Services.obs.addObserver(do_state_written, "data-storage-written", false);
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  let line = "frequentlyused.example.com:HSTS\t4\t0\t" + (now + 100000) + ",1,0\n";
+  outputStream.write(line, line.length);
+  outputStream.close();
+  Services.obs.addObserver(do_state_read, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate.js b/security/manager/ssl/tests/unit/test_sss_readstate.js
new file mode 100644
index 000000000..8b7e8cbb5
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate.js
@@ -0,0 +1,82 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "expired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "notexpired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "incsubdomain.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.incsubdomain.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains2.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.includesubdomains2.preloaded.test", 0));
+
+  // Clearing the data should make everything go back to default.
+  gSSService.clearAll();
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "expired.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notexpired.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "incsubdomain.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "sub.incsubdomain.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.includesubdomains2.preloaded.test", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
+  writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_child.js b/security/manager/ssl/tests/unit/test_sss_readstate_child.js
new file mode 100644
index 000000000..80f00c31a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_child.js
@@ -0,0 +1,41 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// and see that the site security service reads it properly. We also verify
+// that state changes are reflected in the child process.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+function start_test_in_child() {
+  run_test_in_child("sss_readstate_child_worker.js");
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("expired.example.com:HSTS\t0\t0\t" + (now - 100000) + ",1,0\n", outputStream);
+  writeLine("notexpired.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains.preloaded.test:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("incsubdomain.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,1\n", outputStream);
+  // This overrides an entry on the preload list.
+  writeLine("includesubdomains2.preloaded.test:HSTS\t0\t0\t0,2,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(start_test_in_child, "data-storage-ready", false);
+  do_test_pending();
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  notEqual(SSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_empty.js b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
new file mode 100644
index 000000000..c4605c0af
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_empty.js
@@ -0,0 +1,40 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create an empty site security service state
+// file and see that the site security service doesn't fail when reading it.
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  // nonexistent.example.com should never be an HSTS host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "nonexistent.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // notexpired.example.com is an HSTS host in a different test - we
+  // want to make sure that test hasn't interfered with this one.
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notexpired.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  stateFile.create(Ci.nsIFile.NORMAL_FILE_TYPE, 0x1a4); // 0x1a4 == 0o644
+  ok(stateFile.exists());
+  // Initialize nsISiteSecurityService after do_get_profile() so it
+  // can read the state file.
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
new file mode 100644
index 000000000..d4165f7f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_garbage.js
@@ -0,0 +1,56 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a mostly bogus site security service
+// state file and see that the site security service handles it properly.
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example1.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example2.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example3.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  writeLine("example1.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  writeLine("I'm a lumberjack and I'm okay; I work all night and I sleep all day!\n", outputStream);
+  writeLine("This is a totally bogus entry\t\n", outputStream);
+  writeLine("0\t0\t0\t0\t\n", outputStream);
+  writeLine("\t\t\t\t\t\t\t\n", outputStream);
+  writeLine("example.com:HSTS\t\t\t\t\t\t\t\n", outputStream);
+  writeLine("example3.example.com:HSTS\t0\t\t\t\t\t\t\n", outputStream);
+  writeLine("example2.example.com:HSTS\t0\t0\t" + (now + 100000) + ",1,0\n", outputStream);
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_readstate_huge.js b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
new file mode 100644
index 000000000..eec93b6f4
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_readstate_huge.js
@@ -0,0 +1,60 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to create a site security service state file
+// that is too large and see that the site security service reads it properly
+// (this means discarding all entries after the 1024th).
+
+function writeLine(aLine, aOutputStream) {
+  aOutputStream.write(aLine, aLine.length);
+}
+
+var gSSService = null;
+
+function checkStateRead(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example0.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example423.example.com", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example1023.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example1024.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example1025.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example9000.example.com", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "example99999.example.com", 0));
+  do_test_finished();
+}
+
+function run_test() {
+  let profileDir = do_get_profile();
+  let stateFile = profileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  // Assuming we're working with a clean slate, the file shouldn't exist
+  // until we create it.
+  ok(!stateFile.exists());
+  let outputStream = FileUtils.openFileOutputStream(stateFile);
+  let now = (new Date()).getTime();
+  for (let i = 0; i < 10000; i++) {
+    // The 0s will all get squashed down into one 0 when they are read.
+    // This is just to make the file size large (>2MB).
+    writeLine("example" + i + ".example.com:HSTS\t0000000000000000000000000000000000000000000000000\t00000000000000000000000000000000000000\t" + (now + 100000) + ",1,0000000000000000000000000000000000000000000000000000000000000000000000000\n", outputStream);
+  }
+  outputStream.close();
+  Services.obs.addObserver(checkStateRead, "data-storage-ready", false);
+  do_test_pending();
+  gSSService = Cc["@mozilla.org/ssservice;1"]
+                 .getService(Ci.nsISiteSecurityService);
+  notEqual(gSSService, null);
+}
diff --git a/security/manager/ssl/tests/unit/test_sss_savestate.js b/security/manager/ssl/tests/unit/test_sss_savestate.js
new file mode 100644
index 000000000..a4d8b5297
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sss_savestate.js
@@ -0,0 +1,128 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+"use strict";
+
+// The purpose of this test is to see that the site security service properly
+// writes its state file.
+
+const EXPECTED_ENTRIES = 6;
+const EXPECTED_HSTS_COLUMNS = 3;
+const EXPECTED_HPKP_COLUMNS = 4;
+var gProfileDir = null;
+
+const NON_ISSUED_KEY_HASH = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
+
+// For reference, the format of the state file is a list of:
+// <domain name> <expiration time in milliseconds>,<sts status>,<includeSubdomains>
+// separated by newlines ('\n')
+
+function checkStateWritten(aSubject, aTopic, aData) {
+  if (aData == PRELOAD_STATE_FILE_NAME) {
+    return;
+  }
+
+  equal(aData, SSS_STATE_FILE_NAME);
+
+  let stateFile = gProfileDir.clone();
+  stateFile.append(SSS_STATE_FILE_NAME);
+  ok(stateFile.exists());
+  let stateFileContents = readFile(stateFile);
+  // the last line is removed because it's just a trailing newline
+  let lines = stateFileContents.split('\n').slice(0, -1);
+  equal(lines.length, EXPECTED_ENTRIES);
+  let sites = {}; // a map of domain name -> [the entry in the state file]
+  for (let line of lines) {
+    let parts = line.split('\t');
+    let host = parts[0];
+    let score = parts[1];
+    let lastAccessed = parts[2];
+    let entry = parts[3].split(',');
+    let expectedColumns = EXPECTED_HSTS_COLUMNS;
+    if (host.indexOf("HPKP") != -1) {
+      expectedColumns = EXPECTED_HPKP_COLUMNS;
+    }
+    equal(entry.length, expectedColumns);
+    sites[host] = entry;
+  }
+
+  // We can receive multiple data-storage-written events. In particular, we
+  // may receive one where DataStorage wrote out data before we were done
+  // processing all of our headers. In this case, the data may not be
+  // as we expect. We only care about the final one being correct, however,
+  // so we return and wait for the next event if things aren't as we expect.
+  // sites[url][1] corresponds to SecurityPropertySet (if 1) and
+  //                              SecurityPropertyUnset (if 0)
+  // sites[url][2] corresponds to includeSubdomains
+  if (sites["includesubdomains.preloaded.test:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["includesubdomains.preloaded.test:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["a.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["b.example.com:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["c.c.example.com:HSTS"][2] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][1] != 1) {
+    return;
+  }
+  if (sites["d.example.com:HSTS"][2] != 0) {
+    return;
+  }
+  if (sites["dynamic-pin.example.com:HPKP"][1] != 1) {
+    return;
+  }
+  if (sites["dynamic-pin.example.com:HPKP"][2] != 1) {
+    return;
+  }
+  equal(sites["dynamic-pin.example.com:HPKP"][3], NON_ISSUED_KEY_HASH);
+
+  do_test_finished();
+}
+
+function run_test() {
+  Services.prefs.setIntPref("test.datastorage.write_timer_ms", 100);
+  gProfileDir = do_get_profile();
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  // Put an HPKP entry
+  SSService.setKeyPins("dynamic-pin.example.com", true,
+                       new Date().getTime() + 1000000, 1,
+                       [NON_ISSUED_KEY_HASH]);
+
+  let uris = [ Services.io.newURI("http://includesubdomains.preloaded.test", null, null),
+               Services.io.newURI("http://a.example.com", null, null),
+               Services.io.newURI("http://b.example.com", null, null),
+               Services.io.newURI("http://c.c.example.com", null, null),
+               Services.io.newURI("http://d.example.com", null, null) ];
+
+  for (let i = 0; i < 1000; i++) {
+    let uriIndex = i % uris.length;
+    // vary max-age
+    let maxAge = "max-age=" + (i * 1000);
+     // alternate setting includeSubdomains
+    let includeSubdomains = (i % 2 == 0 ? "; includeSubdomains" : "");
+    let sslStatus = new FakeSSLStatus();
+    SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            uris[uriIndex], maxAge + includeSubdomains,
+                            sslStatus, 0);
+  }
+
+  do_test_pending();
+  Services.obs.addObserver(checkStateWritten, "data-storage-written", false);
+}
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign.js b/security/manager/ssl/tests/unit/test_startcom_wosign.js
new file mode 100644
index 000000000..4ba89ca73
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign.js
@@ -0,0 +1,43 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests handling of certificates issued by StartCom and WoSign. If such
+// certificates have a notBefore before 21 October 2016, they are handled
+// normally. Otherwise, they are treated as revoked.
+
+do_get_profile(); // must be called before getting nsIX509CertDB
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+function loadCertWithTrust(certName, trustString) {
+  addCertFromFile(certdb, "test_startcom_wosign/" + certName + ".pem", trustString);
+}
+
+function certFromFile(certName) {
+  return constructCertFromFile("test_startcom_wosign/" + certName + ".pem");
+}
+
+function checkEndEntity(cert, expectedResult) {
+  // (new Date("2016-11-01")).getTime() / 1000
+  const VALIDATION_TIME = 1477958400;
+  checkCertErrorGenericAtTime(certdb, cert, expectedResult,
+                              certificateUsageSSLServer, VALIDATION_TIME);
+}
+
+loadCertWithTrust("ca", "CTu,,");
+// This is not a real StartCom CA - it merely has the same distinguished name as
+// one (namely "/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2",
+// encoded with PrintableStrings). By checking for specific DNs, we can enforce
+// the date-based policy in a way that is testable.
+loadCertWithTrust("StartComCA", ",,");
+checkEndEntity(certFromFile("StartCom-before-cutoff"), PRErrorCodeSuccess);
+checkEndEntity(certFromFile("StartCom-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE);
+
+// Similarly, this is not a real WoSign CA. It has the same distinguished name
+// as "/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign", encoded
+// with PrintableStrings).
+loadCertWithTrust("WoSignCA", ",,");
+checkEndEntity(certFromFile("WoSign-before-cutoff"), PRErrorCodeSuccess);
+checkEndEntity(certFromFile("WoSign-after-cutoff"), SEC_ERROR_REVOKED_CERTIFICATE);
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem
new file mode 100644
index 000000000..a3914b33f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgWgAwIBAgIUQcnJ38esL8x6sizuR5KC5SFcqMUwCwYJKoZIhvcNAQEL
+MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD
+EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE2MTAy
+MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAgMR4wHAYDVQQDDBVTdGFydENvbS1h
+ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG
+CSqGSIb3DQEBCwOCAQEAhvpbb5H8Cokd2S8g/tYMutgqnA7UXrYMiIMTC4AwLua3
+FCbqpHVU8oyAuL2uQ+RIPGIRBgVKgqlz1zrvB3HLX1DJ1yiUUbgDcCfGeLTQ1dOj
+ZEHKYgRxmb6OQyMjaHRvXSlPpuKoA2eymj7IaCyRwX3qxVX1vt7UpVEInpwVusNQ
+L2UH4ni0W/GfoO2z8DgMWv2fJAWaFJlVQgalhEq7qZ0B1vSMsx/exwjsqQiTCdGL
+y46y/wo/sUklpQyX7U3/FsYGAEw27LoJ+pf88Stk5VuTu+Ip5KnbWklRlKDxHoo1
+5VriR2NfFVfqtvapGNougn7t2xEuISVtSp2CKVBuUA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec
new file mode 100644
index 000000000..9f0fe22fc
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+subject:StartCom-after-cutoff
+validity:20161022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem
new file mode 100644
index 000000000..a219e745f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgagAwIBAgIUWZ9YRoup7gVY1EokoIfmnmi93gYwCwYJKoZIhvcNAQEL
+MFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYDVQQD
+EyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjAiGA8yMDE1MTAy
+MjAwMDAwMFoYDzIwMTcxMDIyMDAwMDAwWjAhMR8wHQYDVQQDDBZTdGFydENvbS1i
+ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBAFhgX9UQSu/Bde3O4EDhIrl413weRbOsy2qU8UrRMrm5
+3im2TGF2/75rlu3vE3dHQaSqPRiZ1HK1FvHt6faohJKGfbN2AFABIpPleh2evQC8
+wXjOcrURnz0MrK5c9v6gNjUq63n9daeIDLby7CTnKPuVGa2kpOWFI8gBGnOj3a96
+oBO9wfi8fVpKRxK+BoCfwUmF4HzlyQy7hMDcHUuf0rlSch6NKVeUpHBP4XlmnITO
+KC7TCIbM2cGSqsSr8rF5AdeCSf2ZukAHQUwO7W/Bs8OIaqurIjwEnM3E/wqUk/MW
+VzySem5LqHnz4yfeOKR9+DQImKZ0pAWn6cIuumMDP2M=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec
new file mode 100644
index 000000000..b7fbd4954
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartCom-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+subject:StartCom-before-cutoff
+validity:20151022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem
new file mode 100644
index 000000000..720c59d4f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDCzCCAfWgAwIBAgIUP4zQ8t+wfQSkTf7d5CJUa6DCaDEwCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMFMxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSwwKgYD
+VQQDEyNTdGFydENvbSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBHMjCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1
+SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+
+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYL
+K7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwc
+bJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibW
+JZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaMd
+MBswCwYDVR0PBAQDAgEGMAwGA1UdEwQFMAMBAf8wCwYJKoZIhvcNAQELA4IBAQBJ
+c1GQxMzouK7DnQ1vgrw5LH92x3navGhO7gJWN2dca1QXnzXG3c/Yh3aqbmNI0fu+
+4PXBEKWP2i+Idgslmxi0O/I9VURHGfEo5JzLEbK6Bj/hU1VIrHj64HZ4F0XcL/K8
+kD8kqLWyuoD/i1mjTp4oGNsprv6M/TsU5nv5FszWvtv0CaGmrjNjOvYEUBo5xies
+ETPbmmPKeVwa1Npk/9uBK8Zyczj0s3rRBaOa3NhzhKuL+6x5sKzEO6uxKgEf1GYB
+KFyugaqLXYsHRTI47gwtRtVHkmriZdxLJJV+8C9OkINUf7fVZNTrdcFncrAQrxDS
+can7HEO19JtMcStdW34i
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec
new file mode 100644
index 000000000..ee5d9fff1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/StartComCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:printableString/C=IL/O=StartCom Ltd./CN=StartCom Certification Authority G2
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem
new file mode 100644
index 000000000..5d7d50527
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgWgAwIBAgIUMYT7CkMtLLxN3tKEWzFXFQ6c/gwwCwYJKoZIhvcNAQEL
+MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG
+A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTYx
+MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB4xHDAaBgNVBAMME1dvU2lnbi1h
+ZnRlci1jdXRvZmYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6iFGo
+RI4W1kH9braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9a
+dWtqZHEIeqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6t
+aRqx0wI6iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8n
+FthVt2Zaqn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kX
+Dqdo4bN7LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/py
+UcQx1QOs2hgKNe2NAgMBAAGjGjAYMBYGA1UdEQQPMA2CC2V4YW1wbGUuY29tMAsG
+CSqGSIb3DQEBCwOCAQEAjBm9k3WX810z55fcMrbsT6AJk4Fhr+rRLth+KWEpkvN+
+gYZymkVIA390oFyH9VxbEGvSIv6bJfB7yVOtL2q6mj9mn7ybRoWlX1HOH7Cjqp7R
+6qivI4nG5Khn6uQxSxBbu26yhHmGcyq0QrhKEGrLzhoQc/0MOg32xnRRNu/bkFiL
+GNsu6wkRnB82aC4qjyohfkNqnaHES+D5ed+GuSD5QEU/r7Gz0Wd1a+MiOBc71R0W
+WDadFfE7sTuMiidSrxdN4j5sGwSvyudM3NlEHhnyn/jJcOzYpTtVOg5qmcrNRxq5
+ppj7eoIfCz+YJVz86cI96TM7S4OL8LG+UU90+3Kd8w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec
new file mode 100644
index 000000000..2afb5d6ea
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-after-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+subject:WoSign-after-cutoff
+validity:20161022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem
new file mode 100644
index 000000000..09c661a92
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHDCCAgagAwIBAgIUVWn2KHK/AHKe+8z02VsFj3fXqjAwCwYJKoZIhvcNAQEL
+MFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgG
+A1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMCIYDzIwMTUx
+MDIyMDAwMDAwWhgPMjAxNzEwMjIwMDAwMDBaMB8xHTAbBgNVBAMMFFdvU2lnbi1i
+ZWZvcmUtY3V0b2ZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohR
+qESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+Kv
+WnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+
+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPv
+JxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5
+Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6
+clHEMdUDrNoYCjXtjQIDAQABoxowGDAWBgNVHREEDzANggtleGFtcGxlLmNvbTAL
+BgkqhkiG9w0BAQsDggEBALMqCQoOhrBOeIzR7ffMCR/qUNz8LeELms31eF0Ks/Ol
+vMUJ9FBJOVHWq40zXnNBrH3qTVnTgAAZegjepzgggwd52gkkg0aD5WCZZy7TP1ie
+fbcdqC71LWghBZKkl6EFBDcnB4/ssc5MDhFAd3qyH/GHZSwtn2Ekk3vQBudOC/tW
+W/OGS5o+qP3NwtTWXmdD5Q/dmm0wUp9t+4sJ9glwBVDeJfi23QWbR6G2cBBcyzvS
+IZ+F1dOPKrZ23OJufiu4pDLQupC9mpQUWXb5kst+i//52Zsfupe3U/4XjcLbqR+1
+VVhcoBNf/mJs9UMIpaG0tn+j82rw7t8zGd1VMcA/XYM=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec
new file mode 100644
index 000000000..224522bf0
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSign-before-cutoff.pem.certspec
@@ -0,0 +1,4 @@
+issuer:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+subject:WoSign-before-cutoff
+validity:20151022-20171022
+extension:subjectAlternativeName:example.com
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem
new file mode 100644
index 000000000..30199bb3f
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDTCCAfegAwIBAgIUDxl5OmNq9eGdBbJrOQ/hkQbkVH0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAyMDUwMDAw
+MDBaMFUxCzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEq
+MCgGA1UEAxMhQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq
+5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SSc
+An7NQ/weadA4ICmTqyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39
+ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYk
+zBxsl62WYVu34pYSwHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3u
+JtYlnauRCE42yxwkBCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQAB
+ox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB/zALBgkqhkiG9w0BAQsDggEB
+AEXCRSFaCDBBttpHRtGnX/tHbazxrHVzK2e5C8wN5piB8sOnwDHfpbRkcqs5Dn11
+7CAaRb993YVk22qzQ+R+r9cbbg2VuuBEYeHgGWNFdy4Oe4FMneHzOarWLiwIKjvS
+ZWf+obcRQpfI1hhXu5NkkZM5VgRwuRziIF6Xe9brQq5oqos/B9Rn7Edu6i8URrHx
+JLmpzTWGpyMYxVjUnvFQUyhFWaDMNE83SvXFY4bJww7O44XdXPpvrGU40oqZPPF4
+gzkYRmBAa/T4ERDQFigoqgZ9AmbFCnRQOBMLUwHT4ShcBO7iMCpxChpEb+nhr0LP
+fPkwoQr8c4keJOSpman2iXA=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec
new file mode 100644
index 000000000..db92c5f6d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/WoSignCA.pem.certspec
@@ -0,0 +1,4 @@
+issuer:ca
+subject:printableString/C=CN/O=WoSign CA Limited/CN=Certification Authority of WoSign
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem
new file mode 100644
index 000000000..4e4cb7814
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICxTCCAa+gAwIBAgIUQd13DvR3qDTAkz/7io280SPUCd0wCwYJKoZIhvcNAQEL
+MA0xCzAJBgNVBAMMAmNhMCIYDzIwMTAwMTAxMDAwMDAwWhgPMjA1MDAxMDEwMDAw
+MDBaMA0xCzAJBgNVBAMMAmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvBxyWo4NgfvbGcBptu
+Gobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmTqyDDSeTbuUzCa2wO
+7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5kLFXkD3SO8XguEgf
+qDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYSwHUxowyR3bTK9/yt
+HSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwkBCy/Fosv5fGPmRcx
+uLP+SSP6clHEMdUDrNoYCjXtjQIDAQABox0wGzALBgNVHQ8EBAMCAQYwDAYDVR0T
+BAUwAwEB/zALBgkqhkiG9w0BAQsDggEBAAEilE//BPKAsXleuiF6ITvBkjgJzlaD
+lGphvhPZNXENmYqkSOAZXAglmX0N4mq/1o3OC4IAhxqOj901y+QRM8zdemGDbpG7
+oqvAgeX5JLMKg5zj1lkdVkuNTfnKzNVJOWLHU4T1LrLuUGkVl7ba3s9RrqRmYtu8
+o4IgFUOXopjAo6Be/xrPzrRE6wTOFkhVaShYZBNNN/yJ4Eni4BnwxQ3uNSs6OQOO
+MpHW1Ibil2Oq7xcOmMj3WbB8uWCp1deM7h7l/u8cyUEMSCAhkYgSCorv/rECjP1k
+K3quGWnX3aN7idc4lOZkROIFyKR2V1No5OyUjmR2QKxf2RUq4XEWP2E=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec
new file mode 100644
index 000000000..efd24b153
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/ca.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ca
+subject:ca
+validity:20100101-20500101
+extension:keyUsage:keyCertSign,cRLSign
+extension:basicConstraints:cA,
diff --git a/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build
new file mode 100644
index 000000000..ed3680061
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_startcom_wosign/moz.build
@@ -0,0 +1,19 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'StartCom-after-cutoff.pem',
+#    'StartCom-before-cutoff.pem',
+#    'StartComCA.pem',
+#    'WoSign-after-cutoff.pem',
+#    'WoSign-before-cutoff.pem',
+#    'WoSignCA.pem',
+#    'ca.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
diff --git a/security/manager/ssl/tests/unit/test_sts_fqdn.js b/security/manager/ssl/tests/unit/test_sts_fqdn.js
new file mode 100644
index 000000000..c2c3eb2bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_fqdn.js
@@ -0,0 +1,50 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com.", 0));
+  // These cases are only relevant as long as bug 1118522 hasn't been fixed.
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com..", 0));
+
+  let uri = Services.io.newURI("https://example.com", null, null);
+  let sslStatus = new FakeSSLStatus();
+  SSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                          "max-age=1000;includeSubdomains", sslStatus, 0);
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com.", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.com..", 0));
+
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  uri = Services.io.newURI("https://example.com.", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+  uri = Services.io.newURI("https://example.com..", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0));
+
+  SSService.removeState(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com.", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "example.com..", 0));
+
+  // Somehow creating this malformed URI succeeds - we need to handle it
+  // gracefully.
+  uri = Services.io.newURI("https://../foo", null, null);
+  equal(uri.host, "..");
+  throws(() => {
+    SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, uri, 0);
+  }, /NS_ERROR_UNEXPECTED/, "Malformed URI should be rejected");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_holepunch.js b/security/manager/ssl/tests/unit/test_sts_holepunch.js
new file mode 100644
index 000000000..b7e643148
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_holepunch.js
@@ -0,0 +1,34 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+"use strict";
+
+// bug 961528: chart.apis.google.com doesn't handle https. Check that
+// it isn't considered HSTS (other example.apis.google.com hosts should be
+// HSTS as long as they're on the preload list, however).
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "chart.apis.google.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "CHART.APIS.GOOGLE.COM", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sub.chart.apis.google.com", 0));
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "SUB.CHART.APIS.GOOGLE.COM", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "example.apis.google.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "EXAMPLE.APIS.GOOGLE.COM", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "sub.example.apis.google.com", 0));
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "SUB.EXAMPLE.APIS.GOOGLE.COM", 0));
+  // also check isSecureURI
+  let chartURI = Services.io.newURI("http://chart.apis.google.com", null, null);
+  ok(!SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, chartURI, 0));
+  let otherURI = Services.io.newURI("http://other.apis.google.com", null, null);
+  ok(SSService.isSecureURI(Ci.nsISiteSecurityService.HEADER_HSTS, otherURI, 0));
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
new file mode 100644
index 000000000..934fa4c3a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_ipv4_ipv6.js
@@ -0,0 +1,42 @@
+"use strict";
+
+function check_ip(s, v, ip) {
+  let sslStatus = new FakeSSLStatus();
+  ok(!s.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, ip, 0));
+
+  let str = "https://";
+  if (v == 6) {
+    str += "[";
+  }
+  str += ip;
+  if (v == 6) {
+    str += "]";
+  }
+  str += "/";
+
+  let uri = Services.io.newURI(str, null, null);
+
+  let parsedMaxAge = {};
+  let parsedIncludeSubdomains = {};
+  s.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                  "max-age=1000;includeSubdomains", sslStatus, 0,
+                  parsedMaxAge, parsedIncludeSubdomains);
+
+  /* Test that processHeader will ignore headers for an uri, if the uri
+   * contains an IP address not a hostname.
+   * If processHeader indeed ignore the header, then the output parameters will
+   * remain empty, and we shouldn't see the values passed as the header.
+   */
+  notEqual(parsedMaxAge.value, 1000);
+  notEqual(parsedIncludeSubdomains.value, true);
+}
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  check_ip(SSService, 4, "127.0.0.1");
+  check_ip(SSService, 4, "10.0.0.1");
+  check_ip(SSService, 6, "2001:db8::1");
+  check_ip(SSService, 6, "1080::8:800:200C:417A");
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
new file mode 100644
index 000000000..e83f6f5b9
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_perwindowpb.js
@@ -0,0 +1,217 @@
+"use strict";
+
+var gSSService = Cc["@mozilla.org/ssservice;1"]
+                   .getService(Ci.nsISiteSecurityService);
+
+function Observer() {}
+Observer.prototype = {
+  observe: function(subject, topic, data) {
+    if (topic == "last-pb-context-exited") {
+      run_next_test();
+    }
+  }
+};
+
+var gObserver = new Observer();
+var sslStatus = new FakeSSLStatus();
+
+function cleanup() {
+  Services.obs.removeObserver(gObserver, "last-pb-context-exited");
+  gSSService.clearAll();
+}
+
+function run_test() {
+  do_register_cleanup(cleanup);
+  Services.obs.addObserver(gObserver, "last-pb-context-exited", false);
+
+  add_test(test_part1);
+  add_test(test_private_browsing1);
+  add_test(test_private_browsing2);
+
+  run_next_test();
+}
+
+function test_part1() {
+  // check that a host not in the list is not identified as an sts host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "nonexistent.example.com", 0));
+
+  // check that an ancestor domain is not identified as an sts host
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS, "com", 0));
+
+  // check that the pref to toggle using the preload list works
+  Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", false);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", 0));
+  Services.prefs.setBoolPref("network.stricttransportsecurity.preloadlist", true);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+
+  // check that a subdomain is an sts host (includeSubdomains is set)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+
+  // check that another subdomain is an sts host (includeSubdomains is set)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.b.c.def.includesubdomains.preloaded.test", 0));
+
+  // check that a subdomain is not an sts host (includeSubdomains is not set)
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.noincludesubdomains.preloaded.test", 0));
+
+  // check that a host with a dot on the end won't break anything
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "notsts.nonexistent.example.com.", 0));
+
+  // check that processing a header with max-age: 0 will remove a preloaded
+  // site from the list
+  let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", 0));
+  // check that processing another header (with max-age non-zero) will
+  // re-enable a site's sts status
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, 0);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // but this time include subdomains was not set, so test for that
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", 0));
+  gSSService.clearAll();
+
+  // check that processing a header with max-age: 0 from a subdomain of a site
+  // will not remove that (ancestor) site from the list
+  uri = Services.io.newURI("http://subdomain.noincludesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "noincludesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.noincludesubdomains.preloaded.test", 0));
+
+  uri = Services.io.newURI("http://subdomain.includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, 0);
+  // we received a header with "max-age=0", so we have "no information"
+  // regarding the sts state of subdomain.includesubdomains.preloaded.test specifically,
+  // but it is actually still an STS host, because of the preloaded
+  // includesubdomains.preloaded.test including subdomains.
+  // Here's a drawing:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test                          IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sibling.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "another.subdomain.includesubdomains.preloaded.test", 0));
+
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, 0);
+  // Here's what we have now:
+  // |-- includesubdomains.preloaded.test (in preload list, includes subdomains) IS sts host
+  //     |-- subdomain.includesubdomains.preloaded.test (include subdomains is false) IS sts host
+  //     |   `-- another.subdomain.includesubdomains.preloaded.test              IS NOT sts host
+  //     `-- sibling.includesubdomains.preloaded.test                            IS sts host
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "sibling.includesubdomains.preloaded.test", 0));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "another.subdomain.includesubdomains.preloaded.test", 0));
+
+  // Test that an expired non-private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in regular browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+  uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1", sslStatus, 0);
+  do_timeout(1250, function() {
+    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                                "includesubdomains2.preloaded.test", 0));
+    run_next_test();
+  });
+}
+
+const IS_PRIVATE = Ci.nsISocketProvider.NO_PERMANENT_STORAGE;
+
+function test_private_browsing1() {
+  gSSService.clearAll();
+  // sanity - includesubdomains.preloaded.test is preloaded, includeSubdomains set
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "a.b.c.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  let uri = Services.io.newURI("http://includesubdomains.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, IS_PRIVATE);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "a.b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // check adding it back in
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1000", sslStatus, IS_PRIVATE);
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", IS_PRIVATE));
+  // but no includeSubdomains this time
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "b.subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // do the hokey-pokey...
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=0", sslStatus, IS_PRIVATE);
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "includesubdomains.preloaded.test", IS_PRIVATE));
+  ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                              "subdomain.includesubdomains.preloaded.test", IS_PRIVATE));
+
+  // Test that an expired private browsing entry results in correctly
+  // identifying a host that is on the preload list as no longer sts.
+  // (This happens when we're in private browsing mode, we get a header from
+  // a site on the preload list, and that header later expires. We need to
+  // then treat that host as no longer an sts host.)
+  // (sanity check first - this should be in the preload list)
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", IS_PRIVATE));
+  uri = Services.io.newURI("http://includesubdomains2.preloaded.test", null, null);
+  gSSService.processHeader(Ci.nsISiteSecurityService.HEADER_HSTS, uri,
+                           "max-age=1", sslStatus, IS_PRIVATE);
+  do_timeout(1250, function() {
+    ok(!gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                                "includesubdomains2.preloaded.test", IS_PRIVATE));
+    // Simulate leaving private browsing mode
+    Services.obs.notifyObservers(null, "last-pb-context-exited", null);
+  });
+}
+
+function test_private_browsing2() {
+  // if this test gets this far, it means there's a private browsing service
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+  // the includesubdomains.preloaded.test entry has includeSubdomains set
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "subdomain.includesubdomains.preloaded.test", 0));
+
+  // Now that we're out of private browsing mode, we need to make sure
+  // we've "forgotten" that we "forgot" this site's sts status.
+  ok(gSSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains2.preloaded.test", 0));
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
new file mode 100644
index 000000000..8b75b52ae
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_sts_preloadlist_selfdestruct.js
@@ -0,0 +1,23 @@
+"use strict";
+
+function run_test() {
+  let SSService = Cc["@mozilla.org/ssservice;1"]
+                    .getService(Ci.nsISiteSecurityService);
+
+  // check that a host on the preload list is identified as an sts host
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+
+  // now simulate that it's 19 weeks later than it actually is
+  let offsetSeconds = 19 * 7 * 24 * 60 * 60;
+  Services.prefs.setIntPref("test.currentTimeOffsetSeconds", offsetSeconds);
+
+  // check that the preloaded host is no longer considered sts
+  ok(!SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                             "includesubdomains.preloaded.test", 0));
+
+  // just make sure we can get everything back to normal
+  Services.prefs.clearUserPref("test.currentTimeOffsetSeconds");
+  ok(SSService.isSecureHost(Ci.nsISiteSecurityService.HEADER_HSTS,
+                            "includesubdomains.preloaded.test", 0));
+}
diff --git a/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
new file mode 100644
index 000000000..d7ffd17bd
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_toolkit_securityreporter.js
@@ -0,0 +1,133 @@
+/* -*- indent-tabs-mode: nil; js-indent-level: 2 -*- */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This test is for the TLS error reporting functionality exposed by
+ * SecurityReporter.js in /toolkit/components/securityreporter. The test is
+ * here because we make use of the tlsserver functionality that lives with the
+ * PSM ssl tests.
+ *
+ * The testing here will be augmented by the existing mochitests for the
+ * error reporting functionality in aboutNetError.xhtml and
+ * aboutCertError.xhtml once these make use of this component.
+ */
+
+"use strict";
+const CC = Components.Constructor;
+const Cm = Components.manager;
+
+Cu.import("resource://testing-common/AppInfo.jsm");
+/*global updateAppInfo:false*/ // Imported via AppInfo.jsm.
+updateAppInfo();
+
+// We must get the profile before performing operations on the cert db.
+do_get_profile();
+
+const certdb = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+const reporter = Cc["@mozilla.org/securityreporter;1"]
+                   .getService(Ci.nsISecurityReporter);
+
+
+const BinaryInputStream = CC("@mozilla.org/binaryinputstream;1",
+                             "nsIBinaryInputStream", "setInputStream");
+
+var server;
+
+// this allows us to create a callback which checks that a report is as
+// expected.
+function getReportCheck(expectReport, expectedError) {
+  return function sendReportWithInfo(transportSecurityInfo) {
+    // register a path handler on the server
+    server.registerPathHandler("/submit/sslreports",
+                              function(request, response) {
+      if (expectReport) {
+        let report = JSON.parse(readDataFromRequest(request));
+        do_check_eq(report.errorCode, expectedError);
+        response.setStatusLine(null, 201, "Created");
+        response.write("Created");
+      } else {
+        do_throw("No report should have been received");
+      }
+    });
+
+    reporter.reportTLSError(transportSecurityInfo, "example.com", -1);
+  };
+}
+
+// read the request body from a request
+function readDataFromRequest(aRequest) {
+  if (aRequest.method == "POST" || aRequest.method == "PUT") {
+    if (aRequest.bodyInputStream) {
+      let inputStream = new BinaryInputStream(aRequest.bodyInputStream);
+      let bytes = [];
+      let available;
+
+      while ((available = inputStream.available()) > 0) {
+        Array.prototype.push.apply(bytes, inputStream.readByteArray(available));
+      }
+
+      return String.fromCharCode.apply(null, bytes);
+    }
+  }
+  return null;
+}
+
+function run_test() {
+  // start a report server
+  server = new HttpServer();
+  server.start(-1);
+
+  let port = server.identity.primaryPort;
+
+  // Set the reporting URL to ensure any reports are sent to the test server
+  Services.prefs.setCharPref("security.ssl.errorReporting.url",
+                             `http://localhost:${port}/submit/sslreports`);
+  // set strict-mode pinning enforcement so we can cause connection failures.
+  Services.prefs.setIntPref("security.cert_pinning.enforcement_level", 2);
+
+  // start a TLS server
+  add_tls_server_setup("BadCertServer", "bad_certs");
+
+  // Add a user-specified trust anchor.
+  addCertFromFile(certdb, "bad_certs/other-test-ca.pem", "CTu,u,u");
+
+
+  // Cause a reportable condition with error reporting disabled. No report
+  // should be sent.
+  Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", false);
+  add_connection_test("expired.example.com",
+                      SEC_ERROR_EXPIRED_CERTIFICATE, null,
+                      getReportCheck(false));
+
+  // Now enable reporting
+  add_test(function () {
+    Services.prefs.setBoolPref("security.ssl.errorReporting.enabled", true);
+    run_next_test();
+  });
+
+  // test calling the component with no transportSecurityInfo. No report should
+  // be sent even though reporting is enabled.
+  add_test(function() {
+    server.registerPathHandler("/submit/sslreports",
+                               function(request, response) {
+      do_throw("No report should be sent");
+    });
+    reporter.reportTLSError(null, "example.com", -1);
+    run_next_test();
+  });
+
+  // Test sending a report with no error. This allows us to check the case
+  // where there is no failed cert chain
+  add_connection_test("good.include-subdomains.pinning.example.com",
+                      PRErrorCodeSuccess, null,
+                      getReportCheck(true, PRErrorCodeSuccess));
+
+  // Test sending a report where there is an error and a failed cert chain.
+  add_connection_test("expired.example.com",
+                      SEC_ERROR_EXPIRED_CERTIFICATE, null,
+                      getReportCheck(true, SEC_ERROR_EXPIRED_CERTIFICATE));
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_validity.js b/security/manager/ssl/tests/unit/test_validity.js
new file mode 100644
index 000000000..9158c7a5d
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity.js
@@ -0,0 +1,92 @@
+// -*- indent-tabs-mode: nil; js-indent-level: 2 -*-
+// Any copyright is dedicated to the Public Domain.
+// http://creativecommons.org/publicdomain/zero/1.0/
+"use strict";
+
+// Tests that chains containing an end-entity cert with an overly long validity
+// period are rejected.
+
+do_get_profile(); // Must be called before getting nsIX509CertDB
+const certDB = Cc["@mozilla.org/security/x509certdb;1"]
+                 .getService(Ci.nsIX509CertDB);
+
+const SERVER_PORT = 8888;
+
+function getOCSPResponder(expectedCertNames) {
+  let expectedPaths = expectedCertNames.slice();
+  return startOCSPResponder(SERVER_PORT, "www.example.com", "test_validity",
+                            expectedCertNames, expectedPaths);
+}
+
+function certFromFile(filename) {
+  return constructCertFromFile(`test_validity/${filename}`);
+}
+
+function loadCert(certFilename, trustString) {
+  addCertFromFile(certDB, `test_validity/${certFilename}`, trustString);
+}
+
+/**
+ * Adds a single EV test.
+ *
+ * @param {Array} expectedNamesForOCSP
+ *        An array of nicknames of the certs to be responded to.
+ * @param {String} rootCertFileName
+ *        The file name of the root cert. Can begin with ".." to reference
+ *        certs in folders other than "test_validity/".
+ * @param {Array} intCertFileNames
+ *        An array of file names of any intermediate certificates.
+ * @param {String} endEntityCertFileName
+ *        The file name of the end entity cert.
+ * @param {Boolean} expectedResult
+ *        Whether the chain is expected to validate as EV.
+ */
+function addEVTest(expectedNamesForOCSP, rootCertFileName, intCertFileNames,
+                   endEntityCertFileName, expectedResult)
+{
+  add_test(function() {
+    clearOCSPCache();
+    let ocspResponder = getOCSPResponder(expectedNamesForOCSP);
+
+    loadCert(`${rootCertFileName}.pem`, "CTu,CTu,CTu");
+    for (let intCertFileName of intCertFileNames) {
+      loadCert(`${intCertFileName}.pem`, ",,");
+    }
+    checkEVStatus(certDB, certFromFile(`${endEntityCertFileName}.pem`),
+                  certificateUsageSSLServer, expectedResult);
+
+    ocspResponder.stop(run_next_test);
+  });
+}
+
+function checkEVChains() {
+  // Chain with an end entity cert with a validity period that is acceptable
+  // for EV.
+  const intFullName = "ev_int_60_months-evroot";
+  let eeFullName = `ev_ee_27_months-${intFullName}`;
+  let expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ],
+            eeFullName, gEVExpected);
+
+  // Chain with an end entity cert with a validity period that is too long
+  // for EV.
+  eeFullName = `ev_ee_28_months-${intFullName}`;
+  expectedNamesForOCSP = gEVExpected
+                           ? [ intFullName,
+                               eeFullName ]
+                           : [ eeFullName ];
+  addEVTest(expectedNamesForOCSP, "../test_ev_certs/evroot", [ intFullName ],
+            eeFullName, false);
+}
+
+function run_test() {
+  Services.prefs.setCharPref("network.dns.localDomains", "www.example.com");
+  Services.prefs.setIntPref("security.OCSP.enabled", 1);
+
+  checkEVChains();
+
+  run_next_test();
+}
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..6a351f0f8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlOgAwIBAgIUCfxWL6o44roTydDNAETL0eXxLF4wCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTE3
+MDAwMDAwWhgPMjAxODAyMTYwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI3X21v
+bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF
+BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+OC9ldl9lZV8yN19tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud
+IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAIVNL
+5xN2XbNowmdE1AqGcx+fPzou65QRhhus3kLeDKiULIn8fk75rI9+3oqOpeu908iu
+1BQze/EX24DC8k+vkSWRSud1by/AL1ztnTFuFa1UFxKyTBzn9CGHqOK2fcQ2/TZk
+Zewt7yNcsazKGaf+V2K3slnNOjx1Jx7aby8moA74FzoEv6jCHhfbx5l+Ul5izDZH
+EcBi4kOZR6AFP8RhhG8ohqKXv7pxi7tS2OV75cl0sE4XwKp1UbdH7B2ea/aO9ZY8
+Bkq6vgY6Y2kAp8PE2S6cAY9ugEjoplBUq85/1n5FhpBevhMJ/L7oZ+EhooGowRfH
+VofhfUBd6Cn2fsTiMQ==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..d2c7fa127
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_27_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_27_months-ev_int_60_months-evroot
+validity:823
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_27_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..28d7bdb90
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDaTCCAlOgAwIBAgIUVzCbeSKUj0d/ynX8eWoINELWJi8wCwYJKoZIhvcNAQEL
+MCIxIDAeBgNVBAMMF2V2X2ludF82MF9tb250aHMtZXZyb290MCIYDzIwMTUxMTAx
+MDAwMDAwWhgPMjAxODAzMDQwMDAwMDBaMDIxMDAuBgNVBAMMJ2V2X2VlXzI4X21v
+bnRocy1ldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ6uQ1SrTs9WhXbCR7wccl
+qODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUknAJ+zUP8HmnQOCApk6sg
+w0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N/WYLK7AkkqR9uYhheZCx
+V5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAGJMwcbJetlmFbt+KWEsB1
+MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd7ibWJZ2rkQhONsscJAQs
+vxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEAAaOBhjCBgzBgBggrBgEF
+BQcBAQRUMFIwUAYIKwYBBQUHMAGGRGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4
+OC9ldl9lZV8yOF9tb250aHMtZXZfaW50XzYwX21vbnRocy1ldnJvb3QvMB8GA1Ud
+IAQYMBYwFAYSKwYBBAHrSYUahRqFGgGDdAkBMAsGCSqGSIb3DQEBCwOCAQEAjqOB
+RSvTVS9M/STcTmevwdW+JZXFkXvMYQ2TZQNsdKL8jTF7V8yUAuWIXt9dfZksRzCH
+J2M2iFBeme2w9732nv8dLiBvfHNHpWAW8YnQka0+SMXgsD7lMuHgXhbesGoGS6f6
+jtO5TsB+D1pXFncehDcxbW+0Ai1yd5sFuFaq2wN6zgsANzwehXp9qCGQ1jVQ2ti5
+ai4raaipKXEo3j3DxlNPdrdeN0RSimP+Mnyfj8LSxnmZQM1hdwRhJekUPQUux4pZ
+qseofBITmHehriREJRZlzxCzccpr2wCcwUYNBDwSJK91xy0SW2gSAQV0OVx/e3tA
+SqIRcRMdskz9NWa/oA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..2dcfb2e29
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_ee_28_months-ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,5 @@
+issuer:ev_int_60_months-evroot
+subject:ev_ee_28_months-ev_int_60_months-evroot
+validity:854
+extension:authorityInformationAccess:http://www.example.com:8888/ev_ee_28_months-ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
new file mode 100644
index 000000000..8af23e068
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6iFGoRI4W1kH9
+braIBjYQPTwT2erkNUq07PVoV2wke8HHJajg2B+9sZwGm24ahvJr4q9adWtqZHEI
+eqVap0WH9xzVJJwCfs1D/B5p0DggKZOrIMNJ5Nu5TMJrbA7tFYIP8X6taRqx0wI6
+iypB7qdw4A8Njf1mCyuwJJKkfbmIYXmQsVeQPdI7xeC4SB+oN9OIQ+8nFthVt2Za
+qn4CkC86exCABiTMHGyXrZZhW7filhLAdTGjDJHdtMr3/K0dJdMJ77kXDqdo4bN7
+LyJvaeO0ipVhHe4m1iWdq5EITjbLHCQELL8Wiy/l8Y+ZFzG4s/5JI/pyUcQx1QOs
+2hgKNe2NAgMBAAECggEBAJ7LzjhhpFTsseD+j4XdQ8kvWCXOLpl4hNDhqUnaosWs
+VZskBFDlrJ/gw+McDu+mUlpl8MIhlABO4atGPd6e6CKHzJPnRqkZKcXmrD2IdT9s
+JbpZeec+XY+yOREaPNq4pLDN9fnKsF8SM6ODNcZLVWBSXn47kq18dQTPHcfLAFeI
+r8vh6Pld90AqFRUw1YCDRoZOs3CqeZVqWHhiy1M3kTB/cNkcltItABppAJuSPGgz
+iMnzbLm16+ZDAgQceNkIIGuHAJy4yrrK09vbJ5L7kRss9NtmA1hb6a4Mo7jmQXqg
+SwbkcOoaO1gcoDpngckxW2KzDmAR8iRyWUbuxXxtlEECgYEA3W4dT//r9o2InE0R
+TNqqnKpjpZN0KGyKXCmnF7umA3VkTVyqZ0xLi8cyY1hkYiDkVQ12CKwn1Vttt0+N
+gSfvj6CQmLaRR94GVXNEfhg9Iv59iFrOtRPZWB3V4HwakPXOCHneExNx7O/JznLp
+xD3BJ9I4GQ3oEXc8pdGTAfSMdCsCgYEA16dz2evDgKdn0v7Ak0rU6LVmckB3Gs3r
+ta15b0eP7E1FmF77yVMpaCicjYkQL63yHzTi3UlA66jAnW0fFtzClyl3TEMnXpJR
+3b5JCeH9O/Hkvt9Go5uLODMo70rjuVuS8gcK8myefFybWH/t3gXo59hspXiG+xZY
+EKd7mEW8MScCgYEAlkcrQaYQwK3hryJmwWAONnE1W6QtS1oOtOnX6zWBQAul3RMs
+2xpekyjHu8C7sBVeoZKXLt+X0SdR2Pz2rlcqMLHqMJqHEt1OMyQdse5FX8CT9byb
+WS11bmYhR08ywHryL7J100B5KzK6JZC7smGu+5WiWO6lN2VTFb6cJNGRmS0CgYAo
+tFCnp1qFZBOyvab3pj49lk+57PUOOCPvbMjo+ibuQT+LnRIFVA8Su+egx2got7pl
+rYPMpND+KiIBFOGzXQPVqFv+Jwa9UPzmz83VcbRspiG47UfWBbvnZbCqSgZlrCU2
+TaIBVAMuEgS4VZ0+NPtbF3yaVv+TUQpaSmKHwVHeLQKBgCgGe5NVgB0u9S36ltit
+tYlnPPjuipxv9yruq+nva+WKT0q/BfeIlH3IUf2qNFQhR6caJGv7BU7naqNGq80m
+ks/J5ExR5vBpxzXgc7oBn2pyFJYckbJoccrqv48GRBigJpDjmo1f8wZ7fNt/ULH1
+NBinA5ZsT8d0v3QCr2xDJH9D
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
new file mode 100644
index 000000000..4ad96d515
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.key.keyspec
@@ -0,0 +1 @@
+default
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
new file mode 100644
index 000000000..370f4ff36
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAj2gAwIBAgIUc/8GbZoQxUER+Wpe3STidbOom4UwCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE0MDcwNDAwMDAwMFoYDzIwMTkwNzAy
+MDAwMDAwWjAiMSAwHgYDVQQDDBdldl9pbnRfNjBfbW9udGhzLWV2cm9vdDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqIUahEjhbWQf1utogGNhA9PBPZ
+6uQ1SrTs9WhXbCR7wcclqODYH72xnAabbhqG8mvir1p1a2pkcQh6pVqnRYf3HNUk
+nAJ+zUP8HmnQOCApk6sgw0nk27lMwmtsDu0Vgg/xfq1pGrHTAjqLKkHup3DgDw2N
+/WYLK7AkkqR9uYhheZCxV5A90jvF4LhIH6g304hD7ycW2FW3ZlqqfgKQLzp7EIAG
+JMwcbJetlmFbt+KWEsB1MaMMkd20yvf8rR0l0wnvuRcOp2jhs3svIm9p47SKlWEd
+7ibWJZ2rkQhONsscJAQsvxaLL+Xxj5kXMbiz/kkj+nJRxDHVA6zaGAo17Y0CAwEA
+AaOBkTCBjjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjBQBggrBgEFBQcBAQRE
+MEIwQAYIKwYBBQUHMAGGNGh0dHA6Ly93d3cuZXhhbXBsZS5jb206ODg4OC9ldl9p
+bnRfNjBfbW9udGhzLWV2cm9vdC8wHwYDVR0gBBgwFjAUBhIrBgEEAetJhRqFGoUa
+AYN0CQEwCwYJKoZIhvcNAQELA4IBAQBKiGfIv5d53ND76/fYD4UrAQCe4K5Ktj8s
+UkVgozmHi5IE7e2Ikzp5gDAEIirehSQAdGI4DXYArZYG7O90isYiItxD/LDh342Z
+sFkg5Zdm6Cmr0V5EZRcWtfj7ZwdTl3/YdI6Sp00BfeTLabsHQD0/trFcd3BcXXLR
++WcNPwrCktVCtem7mgUPa5GTFgUyoOtcVGC5BBk7MqqLBHX6/R4u8oLcNwQOYZ0v
+Ad/6iQCcJ+siLTuQHWB6zu1uLd9CZQXu3pBU43p3WvvQwCPFSfT4wAOEoqn0a9ny
+YWmq+mXlLH0M28x931Ay5/q3TV93fFHVv5bratytdoUBYpsx3Edy
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
new file mode 100644
index 000000000..e169514ff
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/ev_int_60_months-evroot.pem.certspec
@@ -0,0 +1,8 @@
+issuer:evroot
+subject:ev_int_60_months-evroot
+issuerKey:ev
+validity:1825
+extension:basicConstraints:cA,
+extension:keyUsage:cRLSign,keyCertSign
+extension:authorityInformationAccess:http://www.example.com:8888/ev_int_60_months-evroot/
+extension:certificatePolicies:1.3.6.1.4.1.13769.666.666.666.1.500.9.1
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key b/security/manager/ssl/tests/unit/test_validity/evroot.key
new file mode 100644
index 000000000..a756a0705
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQC1SYlcnQAQjRGh
++Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQOMF0Ask6Kkc9vShq7T/c02PPWikU
+dwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURhuT5RQk4XRLsuqtRqqzjOGWghlh+H
+cUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94rjFE7SjEXnkpOGOnoipImAo2pA5y
+1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3RquiqLMzjSKAWm4Diii1wwalgxvM18t
+oJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oYUJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ
+5XNPsikFAgMBAAECggEBAJg9VPlNb0x26yPW+T14UjUwz3Ow0WJUxueBdo1F9VaB
+0dAvsr0qrGq8HDiYYJNcUqDY9BSCAQOUd4MUHYZL/zCANjilwBUlcK6dGPPYyhY+
++0dbDd3zLn4W7HVl5rteAlxBxcZuV6A87eVUIh+DBFNHosTEUcPc5Ha3h84MBXJE
+vp4E7xMRjbuz1eCmzIcCnq/Upp7ZsUdZsV452KmITlb1TS+asBPw0V8xipq2svc9
+HsPJ/idK6JQxoQZAvniZsAEcXlCToYNHCGid4QBjTaveYPvWqu+joz3zSh829gwE
+MDa3SNHJ7pjEAxoK/sYO/aCpkL5ST1YU6sT9s0pS+VECgYEA6twssz5f8co3a72V
+vWoXd9LPT6xHVF6S0RpiCbnV5N7UeDRYHBabPIhHQqCeoYdQXBylVBTY0ltJdjLV
+7CqqBSM0MPrUmJJ3en1o4Dj1YaO4lp5gsKJj3vv9pIqbD/OdlbyIsVJnyK3pe1EH
+lI5B5DMknYf32xCdXXRYTYa8wdcCgYEAxZrldqIWRwJI2USlW56b+TKZ2jQexW5V
+jrqCGrzhv1e3nPQR0pBMd0+duh8VGF9gewV0oIIF1uwotmo21jQjLqry/qN1Yauv
+nWRLaNs4yZZMuMluwKxh66ZNBbRGVC9COXb1rN5OzJVTbS31eJVPk/DP2cWPt4ui
+p23VrChNyIMCgYEAwdLvOQYzHFKspkgR+f5CW+somDIvs9tRAyzo1+n8MiQL6SAZ
+zySA/NXjKYNxJxGLKlmhv+BsiD46REfz8DHNmuvQuNNo/Hl0DSzOjq2zJN9/CR6v
+4VZDYdVJILAbBHEjDl5H2T+O0zljxRe8T8ePbYsfnrqFvM7bcDMCZQjbYoUCgYEA
+hSG421aU376ASjFfnvybZSdcVJCs8qNFbWXm5hC/n2R/xnUB1PV3LyMqxwzN75/C
+pt+kFcfEG2r8evnQfDygP37ZPAnwuZ8sMEQ0Mi8QcXCbvBuqTJFXX6apWeB9SZaV
+bZXiK1eTi25HyNUf/t/Jv4iM4NGj5CtlqJvtS5HT5fUCgYEA3El7BrkgyL4LAHe3
+mOl37vdEqQ7Cxdfmy7IkSPrHLagaMxgODYoC6DFGDH/H/TphL3uZMLYbeZ+OkI5j
+LpugQJtqpwsDo7p4dCYmO1vVhD34R27bXRT2qGE+uvW5zVykL1+9KALgjk5J5XCf
+UVFRDKpassHG6z7+kpXRbowlyRY=
+-----END PRIVATE KEY-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
new file mode 100644
index 000000000..1a3d76a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.key.keyspec
@@ -0,0 +1 @@
+ev
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem b/security/manager/ssl/tests/unit/test_validity/evroot.pem
new file mode 100644
index 000000000..cd2fd7ed8
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIICzTCCAbegAwIBAgIUW9j5PS8YoKgynZdYa9i2Kwexnp8wCwYJKoZIhvcNAQEL
+MBExDzANBgNVBAMMBmV2cm9vdDAiGA8yMDE1MDEwMTAwMDAwMFoYDzIwMzUwMTAx
+MDAwMDAwWjARMQ8wDQYDVQQDDAZldnJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQC1SYlcnQAQjRGh+Z+HqePRpdtd+uzxiNpXv2QTaI8s5HIs/xCQ
+OMF0Ask6Kkc9vShq7T/c02PPWikUdwG92BjXYVv5NWvV08gzaqqMCXE2igbDzURh
+uT5RQk4XRLsuqtRqqzjOGWghlh+HcUoWY2k/CXYc301roSXqzse+Jw04j3ifbN94
+rjFE7SjEXnkpOGOnoipImAo2pA5y1XnJuSXf+MeTNi/9aJenwXVMXpfJZ8Pq3Rqu
+iqLMzjSKAWm4Diii1wwalgxvM18toJubZD9av7pJ6Kqpgelg4n2HSAvdVd2UF/oY
+UJ+7VUzPgaQ5fouoEoo0vfJ4ZcGJ5XNPsikFAgMBAAGjHTAbMAwGA1UdEwQFMAMB
+Af8wCwYDVR0PBAQDAgEGMAsGCSqGSIb3DQEBCwOCAQEAO1EZ134zXCiYSMixYSVP
+gAXWdR8zvaeS8UF0Xihle6nBdtkcmhiMgxXecMv7P7xO/U/wz5NAyJ1cvqaxrPbn
+8bekVCCsAAae6mVJIsVeuLtg3f89Qmx6KF6By2NI5R/AX5gxs0V9Tvjp9NfpIWh9
+I0BO0/REmq+CxKWjO6Loq0JA/QRW1jnD3XLitJ9QiCfnLqgUAG8JnkhG/JtpcJC3
+91SluwhVw+8i7caDOgHZGvjBEycyje0iyDLybaVjv2PpyuQx8H6hDzTGd2bNDl22
+fZ0FsOYCH6TJPx7nsCJCQ8/jGsRAGPxbItwSpTQJegKVaJ9s2dOAreJdkQFSIEo+
+3g==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
new file mode 100644
index 000000000..3121f3486
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/evroot.pem.certspec
@@ -0,0 +1,7 @@
+issuer:evroot
+subject:evroot
+subjectKey:ev
+issuerKey:ev
+validity:20150101-20350101
+extension:basicConstraints:cA,
+extension:keyUsage:keyCertSign,cRLSign
diff --git a/security/manager/ssl/tests/unit/test_validity/moz.build b/security/manager/ssl/tests/unit/test_validity/moz.build
new file mode 100644
index 000000000..d2f9bf8d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_validity/moz.build
@@ -0,0 +1,24 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# Temporarily disabled. See bug 1256495.
+#test_certificates = (
+#    'ev_ee_27_months-ev_int_60_months-evroot.pem',
+#    'ev_ee_28_months-ev_int_60_months-evroot.pem',
+#    'ev_int_60_months-evroot.pem',
+#    'evroot.pem',
+#)
+#
+#for test_certificate in test_certificates:
+#    GeneratedTestCertificate(test_certificate)
+#
+#test_keys = (
+#    'ev_int_60_months-evroot.key',
+#    'evroot.key',
+#)
+#
+#for test_key in test_keys:
+#    GeneratedTestKey(test_key)
diff --git a/security/manager/ssl/tests/unit/test_weak_crypto.js b/security/manager/ssl/tests/unit/test_weak_crypto.js
new file mode 100644
index 000000000..effedf8e3
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_weak_crypto.js
@@ -0,0 +1,273 @@
+/* Any copyright is dedicated to the Public Domain.
+   http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests the weak crypto override
+
+const TLS_RSA_WITH_RC4_128_MD5         = 0x0004;
+const TLS_RSA_WITH_RC4_128_SHA         = 0x0005;
+const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
+const TLS_ECDHE_RSA_WITH_RC4_128_SHA   = 0xC011;
+
+// Need profile dir to store the key / cert
+do_get_profile();
+// Ensure PSM is initialized
+Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
+
+const certService = Cc["@mozilla.org/security/local-cert-service;1"]
+                    .getService(Ci.nsILocalCertService);
+const certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
+                            .getService(Ci.nsICertOverrideService);
+const weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
+                           .getService(Ci.nsIWeakCryptoOverride);
+const socketTransportService =
+  Cc["@mozilla.org/network/socket-transport-service;1"]
+  .getService(Ci.nsISocketTransportService);
+
+function getCert() {
+  let deferred = Promise.defer();
+  certService.getOrCreateCert("tls-test", {
+    handleCert: function(c, rv) {
+      if (rv) {
+        deferred.reject(rv);
+        return;
+      }
+      deferred.resolve(c);
+    }
+  });
+  return deferred.promise;
+}
+
+function startServer(cert, rc4only) {
+  let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"]
+                  .createInstance(Ci.nsITLSServerSocket);
+  tlsServer.init(-1, true, -1);
+  tlsServer.serverCert = cert;
+
+  let input, output;
+
+  let listener = {
+    onSocketAccepted: function(socket, transport) {
+      do_print("Accept TLS client connection");
+      let connectionInfo = transport.securityInfo
+                           .QueryInterface(Ci.nsITLSServerConnectionInfo);
+      connectionInfo.setSecurityObserver(listener);
+      input = transport.openInputStream(0, 0, 0);
+      output = transport.openOutputStream(0, 0, 0);
+    },
+    onHandshakeDone: function(socket, status) {
+      do_print("TLS handshake done");
+
+      equal(status.tlsVersionUsed, Ci.nsITLSClientStatus.TLS_VERSION_1_2,
+            "Using TLS 1.2");
+      let expectedCipher = rc4only ? "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+                                   : "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+      equal(status.cipherName, expectedCipher,
+            "Using expected cipher");
+      equal(status.keyLength, 128, "Using 128-bit key");
+      equal(status.macLength, rc4only ? 160 : 128, "Using MAC of expected length");
+
+      input.asyncWait({
+        onInputStreamReady: function(streamReadyInput) {
+          NetUtil.asyncCopy(streamReadyInput, output);
+        }
+      }, 0, 0, Services.tm.currentThread);
+    },
+    onStopListening: function() {}
+  };
+
+  tlsServer.setSessionCache(false);
+  tlsServer.setSessionTickets(false);
+  tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_NEVER);
+  if (rc4only) {
+    let cipherSuites = [
+      TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
+      TLS_RSA_WITH_RC4_128_SHA,
+      TLS_RSA_WITH_RC4_128_MD5
+    ];
+    tlsServer.setCipherSuites(cipherSuites, cipherSuites.length);
+  }
+
+  tlsServer.asyncListen(listener);
+
+  return tlsServer.port;
+}
+
+function storeCertOverride(port, cert) {
+  let overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
+                     Ci.nsICertOverrideService.ERROR_MISMATCH;
+  certOverrideService.rememberValidityOverride("127.0.0.1", port, cert,
+                                               overrideBits, true);
+}
+
+function startClient(port, expectedResult, options = {}) {
+  let transport =
+    socketTransportService.createTransport(["ssl"], 1, "127.0.0.1", port, null);
+  if (options.isPrivate) {
+    transport.connectionFlags |= Ci.nsISocketTransport.NO_PERMANENT_STORAGE;
+  }
+  let input;
+  let output;
+
+  let deferred = Promise.defer();
+
+  let handler = {
+
+    onTransportStatus: function(unused, status) {
+      if (status === Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
+        output.asyncWait(handler, 0, 0, Services.tm.currentThread);
+      }
+    },
+
+    onInputStreamReady: function(streamReadyInput) {
+      try {
+        let data =
+          NetUtil.readInputStreamToString(streamReadyInput,
+                                          streamReadyInput.available());
+        equal(Cr.NS_OK, expectedResult, "Connection should succeed");
+        equal(data, "HELLO", "Echoed data received");
+      } catch (e) {
+        if (!((e.result == Cr.NS_ERROR_NET_RESET) && options.allowReset) &&
+            (e.result != expectedResult)) {
+          deferred.reject(e);
+        }
+      }
+      streamReadyInput.close();
+      output.close();
+      deferred.resolve();
+    },
+
+    onOutputStreamReady: function(streamReadyOutput) {
+      try {
+        try {
+          streamReadyOutput.write("HELLO", 5);
+        } catch (e) {
+          if (e.result == Cr.NS_BASE_STREAM_WOULD_BLOCK) {
+            streamReadyOutput.asyncWait(handler, 0, 0, Services.tm.currentThread);
+            return;
+          }
+          if (e.result != Cr.NS_OK) {
+            ok((e.result === expectedResult) ||
+               (options.allowReset && (e.result === Cr.NS_ERROR_NET_RESET)),
+               "Actual and expected connection result should match");
+            streamReadyOutput.close();
+            deferred.resolve();
+            return;
+          }
+        }
+        do_print("Output to server written");
+        input = transport.openInputStream(0, 0, 0);
+        input.asyncWait(handler, 0, 0, Services.tm.currentThread);
+      } catch (e) {
+        deferred.reject(e);
+      }
+    }
+
+  };
+
+  transport.setEventSink(handler, Services.tm.currentThread);
+  output = transport.openOutputStream(Ci.nsITransport.OPEN_UNBUFFERED, 0, 0);
+  output.QueryInterface(Ci.nsIAsyncOutputStream);
+
+  return deferred.promise;
+}
+
+function run_test() {
+  Services.prefs.setBoolPref("security.tls.unrestricted_rc4_fallback", false);
+  run_next_test();
+}
+
+// for sanity check
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, false);
+  storeCertOverride(port, cert);
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, Cr.NS_OK, {isPrivate: true});
+});
+
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, true);
+  storeCertOverride(port, cert);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", true);
+  // private browsing should not affect the permanent storage.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  // The auto-retry on connection reset is implemented in our HTTP layer.
+  // So we will see the crafted NS_ERROR_NET_RESET when we use
+  // nsISocketTransport directly.
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true, allowReset: true});
+  // retry manually to simulate the HTTP layer
+  yield startClient(port, Cr.NS_OK, {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, true);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false, true);
+  // temporary override should not change the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
+  // permanent override should change the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "127.0.0.1");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {isPrivate: true});
+
+  // add a host to the pref to prepare the next test
+  weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
+  yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
+                    {allowReset: true});
+  yield startClient(port, Cr.NS_OK);
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "127.0.0.1");
+});
+
+add_task(function* () {
+  let cert = yield getCert();
+  ok(!!cert, "Got self-signed cert");
+  let port = startServer(cert, false);
+  storeCertOverride(port, cert);
+  yield startClient(port, Cr.NS_OK);
+  // Successful strong cipher will remove the host from the pref.
+  equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
+        "");
+});
diff --git a/security/manager/ssl/tests/unit/test_x509.js b/security/manager/ssl/tests/unit/test_x509.js
new file mode 100644
index 000000000..4c22e28d1
--- /dev/null
+++ b/security/manager/ssl/tests/unit/test_x509.js
@@ -0,0 +1,83 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+// Tests X509.jsm functionality.
+
+var { X509 } = Cu.import("resource://gre/modules/psm/X509.jsm", {});
+
+function stringToBytes(s) {
+  let b = [];
+  for (let i = 0; i < s.length; i++) {
+    b.push(s.charCodeAt(i));
+  }
+  return b;
+}
+
+function readPEMToBytes(filename) {
+  return stringToBytes(atob(pemToBase64(readFile(do_get_file(filename)))));
+}
+
+function run_test() {
+  let certificate = new X509.Certificate();
+  certificate.parse(readPEMToBytes("bad_certs/default-ee.pem"));
+
+  equal(certificate.tbsCertificate.version, 3,
+        "default-ee.pem should be x509v3");
+
+  // serialNumber
+  deepEqual(certificate.tbsCertificate.serialNumber,
+            [ 0x35, 0x1b, 0xe9, 0x3a, 0x1b, 0x03, 0x1c, 0x46, 0x1b, 0x45,
+              0xfe, 0x9b, 0xb2, 0x20, 0x0f, 0x6e, 0xf2, 0x9e, 0xd9, 0x50 ],
+            "default-ee.pem should have expected serialNumber");
+
+  deepEqual(certificate.tbsCertificate.signature.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption
+            "default-ee.pem should have sha256WithRSAEncryption signature");
+  // TODO: there should actually be an explicit encoded NULL here, but it looks
+  // like pycert doesn't include it.
+  deepEqual(certificate.tbsCertificate.signature.parameters, null,
+            "default-ee.pem should have NULL parameters for signature");
+
+  equal(certificate.tbsCertificate.issuer.rdns.length, 1,
+        "default-ee.pem should have one RDN in issuer");
+  equal(certificate.tbsCertificate.issuer.rdns[0].avas.length, 1,
+        "default-ee.pem should have one AVA in RDN in issuer");
+  deepEqual(certificate.tbsCertificate.issuer.rdns[0].avas[0].value.value,
+            stringToBytes("Test CA"),
+            "default-ee.pem should have issuer 'Test CA'");
+
+  equal(certificate.tbsCertificate.validity.notBefore.time.getTime(),
+        Date.parse("2015-11-28T00:00:00.000Z"),
+        "default-ee.pem should have the correct value for notBefore");
+  equal(certificate.tbsCertificate.validity.notAfter.time.getTime(),
+        Date.parse("2018-02-05T00:00:00.000Z"),
+        "default-ee.pem should have the correct value for notAfter");
+
+  equal(certificate.tbsCertificate.subject.rdns.length, 1,
+        "default-ee.pem should have one RDN in subject");
+  equal(certificate.tbsCertificate.subject.rdns[0].avas.length, 1,
+        "default-ee.pem should have one AVA in RDN in subject");
+  deepEqual(certificate.tbsCertificate.subject.rdns[0].avas[0].value.value,
+            stringToBytes("Test End-entity"),
+            "default-ee.pem should have subject 'Test End-entity'");
+
+  deepEqual(certificate.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 1 ], // rsaEncryption
+            "default-ee.pem should have a spki algorithm of rsaEncryption");
+
+  equal(certificate.tbsCertificate.extensions.length, 2,
+        "default-ee.pem should have two extensions");
+
+  deepEqual(certificate.signatureAlgorithm.algorithm._values,
+            [ 1, 2, 840, 113549, 1, 1, 11 ], // sha256WithRSAEncryption
+            "default-ee.pem should have sha256WithRSAEncryption signatureAlgorithm");
+  // TODO: there should actually be an explicit encoded NULL here, but it looks
+  // like pycert doesn't include it.
+  deepEqual(certificate.signatureAlgorithm.parameters, null,
+            "default-ee.pem should have NULL parameters for signatureAlgorithm");
+
+  equal(certificate.signatureValue.length, 2048 / 8,
+        "length of signature on default-ee.pem should be 2048 bits");
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
new file mode 100644
index 000000000..348dcfc5c
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/BadCertServer.cpp
@@ -0,0 +1,141 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that uses various bad certificates.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the certificate.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct BadCertHost
+{
+  const char *mHostName;
+  const char *mCertName;
+};
+
+// Hostname, cert nickname pairs.
+const BadCertHost sBadCertHosts[] =
+{
+  { "expired.example.com", "expired-ee" },
+  { "notyetvalid.example.com", "notYetValid" },
+  { "before-epoch.example.com", "beforeEpoch" },
+  { "selfsigned.example.com", "selfsigned" },
+  { "unknownissuer.example.com", "unknownissuer" },
+  { "mismatch.example.com", "mismatch" },
+  { "mismatch-CN.example.com", "mismatchCN" },
+  { "expiredissuer.example.com", "expiredissuer" },
+  { "notyetvalidissuer.example.com", "notYetValidIssuer" },
+  { "before-epoch-issuer.example.com", "beforeEpochIssuer" },
+  { "md5signature.example.com", "md5signature" },
+  { "untrusted.example.com", "default-ee" },
+  { "untrustedissuer.example.com", "untrustedissuer" },
+  { "mismatch-expired.example.com", "mismatch-expired" },
+  { "mismatch-notYetValid.example.com", "mismatch-notYetValid" },
+  { "mismatch-untrusted.example.com", "mismatch-untrusted" },
+  { "untrusted-expired.example.com", "untrusted-expired" },
+  { "md5signature-expired.example.com", "md5signature-expired" },
+  { "mismatch-untrusted-expired.example.com", "mismatch-untrusted-expired" },
+  { "inadequatekeyusage.example.com", "inadequatekeyusage-ee" },
+  { "selfsigned-inadequateEKU.example.com", "selfsigned-inadequateEKU" },
+  { "self-signed-end-entity-with-cA-true.example.com", "self-signed-EE-with-cA-true" },
+  { "ca-used-as-end-entity.example.com", "ca-used-as-end-entity" },
+  { "ca-used-as-end-entity-name-mismatch.example.com", "ca-used-as-end-entity" },
+  // All of include-subdomains.pinning.example.com is pinned to End Entity
+  // Test Cert with nick default-ee. Any other nick will only
+  // pass pinning when security.cert_pinning.enforcement.level != strict and
+  // otherCA is added as a user-specified trust anchor. See StaticHPKPins.h.
+  { "include-subdomains.pinning.example.com", "default-ee" },
+  { "good.include-subdomains.pinning.example.com", "default-ee" },
+  { "bad.include-subdomains.pinning.example.com", "other-issuer-ee" },
+  { "bad.include-subdomains.pinning.example.com.", "other-issuer-ee" },
+  { "bad.include-subdomains.pinning.example.com..", "other-issuer-ee" },
+  { "exclude-subdomains.pinning.example.com", "default-ee" },
+  { "sub.exclude-subdomains.pinning.example.com", "other-issuer-ee" },
+  { "test-mode.pinning.example.com", "other-issuer-ee" },
+  { "unknownissuer.include-subdomains.pinning.example.com", "unknownissuer" },
+  { "unknownissuer.test-mode.pinning.example.com", "unknownissuer" },
+  { "nsCertTypeNotCritical.example.com", "nsCertTypeNotCritical" },
+  { "nsCertTypeCriticalWithExtKeyUsage.example.com", "nsCertTypeCriticalWithExtKeyUsage" },
+  { "nsCertTypeCritical.example.com", "nsCertTypeCritical" },
+  { "end-entity-issued-by-v1-cert.example.com", "eeIssuedByV1Cert" },
+  { "end-entity-issued-by-non-CA.example.com", "eeIssuedByNonCA" },
+  { "inadequate-key-size-ee.example.com", "inadequateKeySizeEE" },
+  { "badSubjectAltNames.example.com", "badSubjectAltNames" },
+  { "ipAddressAsDNSNameInSAN.example.com", "ipAddressAsDNSNameInSAN" },
+  { "noValidNames.example.com", "noValidNames" },
+  { "bug413909.xn--hxajbheg2az3al.xn--jxalpdlp", "idn-certificate" },
+  { "emptyissuername.example.com", "emptyIssuerName" },
+  { "ev-test.example.com", "ev-test" },
+  { nullptr, nullptr }
+};
+
+int32_t
+DoSNISocketConfigBySubjectCN(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                             uint32_t aSrvNameArrSize)
+{
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    UniquePORTString name(
+      static_cast<char*>(PORT_ZAlloc(aSrvNameArr[i].len + 1)));
+    if (name) {
+      PORT_Memcpy(name.get(), aSrvNameArr[i].data, aSrvNameArr[i].len);
+      if (ConfigSecureServerWithNamedCert(aFd, name.get(), nullptr, nullptr)
+            == SECSuccess) {
+        return 0;
+      }
+    }
+  }
+
+  return SSL_SNI_SEND_ALERT;
+}
+
+int32_t
+DoSNISocketConfig(PRFileDesc* aFd, const SECItem* aSrvNameArr,
+                  uint32_t aSrvNameArrSize, void* aArg)
+{
+  const BadCertHost* host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
+                                          sBadCertHosts);
+  if (!host) {
+    // No static cert <-> hostname mapping found. This happens when we use a
+    // collection of certificates in a given directory and build a cert DB at
+    // runtime, rather than using an NSS cert DB populated at build time.
+    // (This will be the default in the future.)
+    // For all given server names, check if the runtime-built cert DB contains
+    // a certificate with a matching subject CN.
+    return DoSNISocketConfigBySubjectCN(aFd, aSrvNameArr, aSrvNameArrSize);
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, host->mCertName,
+                                                    &cert, &certKEA)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+  if (argc != 2) {
+    fprintf(stderr, "usage: %s <NSS DB directory>\n", argv[0]);
+    return 1;
+  }
+
+  return StartServer(argv[1], DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
new file mode 100644
index 000000000..775f1f06e
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/GenerateOCSPResponse.cpp
@@ -0,0 +1,170 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 sw=2 tw=80 et: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+/* This simple program takes a database directory, and one or more tuples like
+ * <typeOfResponse> <CertNick> <ExtraCertNick> <outPutFilename>
+ * to generate (one or more) ocsp responses.
+ */
+
+#include <stdio.h>
+#include <string>
+#include <vector>
+
+#include "mozilla/ArrayUtils.h"
+
+#include "base64.h"
+#include "cert.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prerror.h"
+#include "ssl.h"
+#include "secerr.h"
+
+#include "OCSPCommon.h"
+#include "ScopedNSSTypes.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+struct OCSPResponseName
+{
+  const char *mTypeString;
+  const OCSPResponseType mORT;
+};
+
+const static OCSPResponseName kOCSPResponseNameList[] = {
+  { "good",            ORTGood },          // the certificate is good
+  { "good-delegated",  ORTDelegatedIncluded}, // the certificate is good, using
+                                           // a delegated signer
+  { "revoked",         ORTRevoked},        // the certificate has been revoked
+  { "unknown",         ORTUnknown},        // the responder doesn't know if the
+                                           //   cert is good
+  { "goodotherca",     ORTGoodOtherCA},    // the wrong CA has signed the
+                                           //   response
+  { "expiredresponse", ORTExpired},        // the signature on the response has
+                                           //   expired
+  { "oldvalidperiod",  ORTExpiredFreshCA}, // fresh signature, but old validity
+                                           //   period
+  { "empty",           ORTEmpty},          // an empty stapled response
+
+  { "malformed",       ORTMalformed},      // the response from the responder
+                                           //   was malformed
+  { "serverr",         ORTSrverr},         // the response indicates there was a
+                                           //   server error
+  { "trylater",        ORTTryLater},       // the responder replied with
+                                           //   "try again later"
+  { "resp-unsigned",   ORTNeedsSig},       // the response needs a signature
+  { "unauthorized",    ORTUnauthorized},   // the responder does not know about
+                                           //   the cert
+  { "bad-signature",   ORTBadSignature},   // the response has a bad signature
+  { "longvalidityalmostold", ORTLongValidityAlmostExpired}, // the response is
+                                           // still valid, but the generation
+                                           // is almost a year old
+  { "ancientstillvalid", ORTAncientAlmostExpired}, // The response is still
+                                           // valid but the generation is almost
+                                           // two years old
+};
+
+bool
+StringToOCSPResponseType(const char* respText,
+                         /*out*/ OCSPResponseType* OCSPType)
+{
+  if (!OCSPType) {
+    return false;
+  }
+  for (uint32_t i = 0; i < mozilla::ArrayLength(kOCSPResponseNameList); i++) {
+    if (strcmp(respText, kOCSPResponseNameList[i].mTypeString) == 0) {
+      *OCSPType = kOCSPResponseNameList[i].mORT;
+      return true;
+    }
+  }
+  return false;
+}
+
+bool
+WriteResponse(const char* filename, const SECItem* item)
+{
+  if (!filename || !item || !item->data) {
+    PR_fprintf(PR_STDERR, "invalid parameters to WriteResponse");
+    return false;
+  }
+
+  UniquePRFileDesc outFile(PR_Open(filename,
+                                   PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE,
+                                   0644));
+  if (!outFile) {
+    PrintPRError("cannot open file for writing");
+    return false;
+  }
+  int32_t rv = PR_Write(outFile.get(), item->data, item->len);
+  if (rv < 0 || (uint32_t) rv != item->len) {
+    PrintPRError("File write failure");
+    return false;
+  }
+
+  return true;
+}
+
+int
+main(int argc, char* argv[])
+{
+
+  if (argc < 6 || (argc - 6) % 4 != 0) {
+    PR_fprintf(PR_STDERR, "usage: %s <NSS DB directory> <responsetype> "
+                          "<cert_nick> <extranick> <outfilename> [<resptype> "
+                          "<cert_nick> <extranick> <outfilename>]* \n",
+                          argv[0]);
+    exit(EXIT_FAILURE);
+  }
+  SECStatus rv = InitializeNSS(argv[1]);
+  if (rv != SECSuccess) {
+    PR_fprintf(PR_STDERR, "Failed to initialize NSS\n");
+    exit(EXIT_FAILURE);
+  }
+  UniquePLArenaPool arena(PORT_NewArena(256 * argc));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    exit(EXIT_FAILURE);
+  }
+
+  for (int i = 2; i + 3 < argc; i += 4) {
+    const char* ocspTypeText  = argv[i];
+    const char* certNick      = argv[i + 1];
+    const char* extraCertname = argv[i + 2];
+    const char* filename      = argv[i + 3];
+
+    OCSPResponseType ORT;
+    if (!StringToOCSPResponseType(ocspTypeText, &ORT)) {
+      PR_fprintf(PR_STDERR, "Cannot generate OCSP response of type %s\n",
+                 ocspTypeText);
+      exit(EXIT_FAILURE);
+    }
+
+    UniqueCERTCertificate cert(PK11_FindCertFromNickname(certNick, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      PR_fprintf(PR_STDERR, "Failed to find certificate with nick '%s'\n",
+                 certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    SECItemArray* response = GetOCSPResponseForType(ORT, cert, arena,
+                                                    extraCertname);
+    if (!response) {
+      PR_fprintf(PR_STDERR, "Failed to generate OCSP response of type %s "
+                            "for %s\n", ocspTypeText, certNick);
+      exit(EXIT_FAILURE);
+    }
+
+    if (!WriteResponse(filename, &response->items[0])) {
+      PR_fprintf(PR_STDERR, "Failed to write file %s\n", filename);
+      exit(EXIT_FAILURE);
+    }
+  }
+  return 0;
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
new file mode 100644
index 000000000..6bf33a143
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/OCSPStaplingServer.cpp
@@ -0,0 +1,129 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// This is a standalone server that delivers various stapled OCSP responses.
+// The client is expected to connect, initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to), and verify the OCSP response.
+// If all is good, the client then sends one encrypted byte and receives that
+// same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdio.h>
+
+#include "OCSPCommon.h"
+#include "TLSServer.h"
+
+using namespace mozilla;
+using namespace mozilla::test;
+
+const OCSPHost sOCSPHosts[] =
+{
+  { "ocsp-stapling-good.example.com", ORTGood, nullptr, nullptr },
+  { "ocsp-stapling-revoked.example.com", ORTRevoked, nullptr, nullptr },
+  { "ocsp-stapling-revoked-old.example.com", ORTRevokedOld, nullptr, nullptr },
+  { "ocsp-stapling-unknown.example.com", ORTUnknown, nullptr, nullptr },
+  { "ocsp-stapling-unknown-old.example.com", ORTUnknownOld, nullptr, nullptr },
+  { "ocsp-stapling-good-other.example.com", ORTGoodOtherCert, "ocspOtherEndEntity", nullptr },
+  { "ocsp-stapling-good-other-ca.example.com", ORTGoodOtherCA, "other-test-ca", nullptr },
+  { "ocsp-stapling-expired.example.com", ORTExpired, nullptr, nullptr },
+  { "ocsp-stapling-expired-fresh-ca.example.com", ORTExpiredFreshCA, nullptr, nullptr },
+  { "ocsp-stapling-none.example.com", ORTNone, nullptr, nullptr },
+  { "ocsp-stapling-empty.example.com", ORTEmpty, nullptr, nullptr },
+  { "ocsp-stapling-malformed.example.com", ORTMalformed, nullptr, nullptr },
+  { "ocsp-stapling-srverr.example.com", ORTSrverr, nullptr, nullptr },
+  { "ocsp-stapling-trylater.example.com", ORTTryLater, nullptr, nullptr },
+  { "ocsp-stapling-needssig.example.com", ORTNeedsSig, nullptr, nullptr },
+  { "ocsp-stapling-unauthorized.example.com", ORTUnauthorized, nullptr, nullptr },
+  { "ocsp-stapling-with-intermediate.example.com", ORTGood, nullptr, "ocspEEWithIntermediate" },
+  { "ocsp-stapling-bad-signature.example.com", ORTBadSignature, nullptr, nullptr },
+  { "ocsp-stapling-skip-responseBytes.example.com", ORTSkipResponseBytes, nullptr, nullptr },
+  { "ocsp-stapling-critical-extension.example.com", ORTCriticalExtension, nullptr, nullptr },
+  { "ocsp-stapling-noncritical-extension.example.com", ORTNoncriticalExtension, nullptr, nullptr },
+  { "ocsp-stapling-empty-extensions.example.com", ORTEmptyExtensions, nullptr, nullptr },
+  { "ocsp-stapling-delegated-included.example.com", ORTDelegatedIncluded, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-included-last.example.com", ORTDelegatedIncludedLast, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-missing.example.com", ORTDelegatedMissing, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-missing-multiple.example.com", ORTDelegatedMissingMultiple, "delegatedSigner", nullptr },
+  { "ocsp-stapling-delegated-no-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerNoExtKeyUsage", nullptr },
+  { "ocsp-stapling-delegated-from-intermediate.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerFromIntermediate", nullptr },
+  { "ocsp-stapling-delegated-keyUsage-crlSigning.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerKeyUsageCrlSigning", nullptr },
+  { "ocsp-stapling-delegated-wrong-extKeyUsage.example.com", ORTDelegatedIncluded, "invalidDelegatedSignerWrongExtKeyUsage", nullptr },
+  { "ocsp-stapling-ancient-valid.example.com", ORTAncientAlmostExpired, nullptr, nullptr },
+  { "keysize-ocsp-delegated.example.com", ORTDelegatedIncluded, "rsa-1016-keysizeDelegatedSigner", nullptr },
+  { "revoked-ca-cert-used-as-end-entity.example.com", ORTRevoked, "ca-used-as-end-entity", nullptr },
+  { "ocsp-stapling-must-staple.example.com", ORTGood, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-revoked.example.com", ORTRevoked, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-missing.example.com", ORTNone, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-empty.example.com", ORTEmpty, nullptr, "must-staple-ee" },
+  { "ocsp-stapling-must-staple-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-ee-with-must-staple-int" },
+  { "ocsp-stapling-plain-ee-with-must-staple-int.example.com", ORTGood, nullptr, "must-staple-missing-ee" },
+  { "multi-tls-feature-good.example.com", ORTNone, nullptr, "multi-tls-feature-good-ee" },
+  { "multi-tls-feature-bad.example.com", ORTNone, nullptr, "multi-tls-feature-bad-ee" },
+  { nullptr, ORTNull, nullptr, nullptr }
+};
+
+int32_t
+DoSNISocketConfig(PRFileDesc *aFd, const SECItem *aSrvNameArr,
+                  uint32_t aSrvNameArrSize, void *aArg)
+{
+  const OCSPHost *host = GetHostForSNI(aSrvNameArr, aSrvNameArrSize,
+                                       sOCSPHosts);
+  if (!host) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+  }
+
+  const char *certNickname = host->mServerCertName ? host->mServerCertName
+                                                   : DEFAULT_CERT_NICKNAME;
+
+  UniqueCERTCertificate cert;
+  SSLKEAType certKEA;
+  if (SECSuccess != ConfigSecureServerWithNamedCert(aFd, certNickname,
+                                                    &cert, &certKEA)) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // If the OCSP response type is "none", don't staple a response.
+  if (host->mORT == ORTNone) {
+    return 0;
+  }
+
+  UniquePLArenaPool arena(PORT_NewArena(1024));
+  if (!arena) {
+    PrintPRError("PORT_NewArena failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // response is contained by the arena - freeing the arena will free it
+  SECItemArray *response = GetOCSPResponseForType(host->mORT, cert, arena,
+                                                  host->mAdditionalCertName);
+  if (!response) {
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  // SSL_SetStapledOCSPResponses makes a deep copy of response
+  SECStatus st = SSL_SetStapledOCSPResponses(aFd, response, certKEA);
+  if (st != SECSuccess) {
+    PrintPRError("SSL_SetStapledOCSPResponses failed");
+    return SSL_SNI_SEND_ALERT;
+  }
+
+  return 0;
+}
+
+int
+main(int argc, char *argv[])
+{
+  if (argc != 2) {
+    fprintf(stderr, "usage: %s <NSS DB directory>\n", argv[0]);
+    return 1;
+  }
+
+  return StartServer(argv[1], DoSNISocketConfig, nullptr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
new file mode 100644
index 000000000..6fdd0c35b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/cmd/moz.build
@@ -0,0 +1,25 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+GeckoSimplePrograms([
+    'BadCertServer',
+    'GenerateOCSPResponse',
+    'OCSPStaplingServer',
+], linkage=None)
+
+LOCAL_INCLUDES += [
+    '../lib',
+]
+
+USE_LIBS += [
+    'mozillapkix',
+    'nspr',
+    'nss',
+    'pkixtestutil',
+    'tlsserver',
+]
+
+CXXFLAGS += CONFIG['TK_CFLAGS']
diff --git a/security/manager/ssl/tests/unit/tlsserver/default-ee.der b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
new file mode 100644
index 000000000..3a9b8fa9b
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/default-ee.der
@@ -0,0 +1,3 @@
+This is now an unused file. It exists to ease the coordination between gecko
+development trees and the automation infrastructure that runs periodic updates.
+See bug 1203312 and bug 1205406.
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
new file mode 100644
index 000000000..5c99edade
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.cpp
@@ -0,0 +1,215 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "OCSPCommon.h"
+
+#include <stdio.h>
+
+#include "pkixtestutil.h"
+#include "TLSServer.h"
+#include "secder.h"
+#include "secerr.h"
+
+namespace mozilla { namespace pkix { namespace test {
+
+// Ownership of privateKey is transfered.
+TestKeyPair* CreateTestKeyPair(const TestPublicKeyAlgorithm publicKeyAlg,
+                               const SECKEYPublicKey& publicKey,
+                               SECKEYPrivateKey* privateKey);
+
+} } } // namespace mozilla::pkix::test
+
+using namespace mozilla;
+using namespace mozilla::pkix;
+using namespace mozilla::pkix::test;
+using namespace mozilla::test;
+
+static TestKeyPair*
+CreateTestKeyPairFromCert(const UniqueCERTCertificate& cert)
+{
+  UniqueSECKEYPrivateKey privateKey(PK11_FindKeyByAnyCert(cert.get(), nullptr));
+  if (!privateKey) {
+    return nullptr;
+  }
+  UniqueSECKEYPublicKey publicKey(CERT_ExtractPublicKey(cert.get()));
+  if (!publicKey) {
+    return nullptr;
+  }
+  return CreateTestKeyPair(RSA_PKCS1(), *publicKey.get(), privateKey.release());
+}
+
+SECItemArray*
+GetOCSPResponseForType(OCSPResponseType aORT, const UniqueCERTCertificate& aCert,
+                       const UniquePLArenaPool& aArena,
+                       const char* aAdditionalCertName)
+{
+  MOZ_ASSERT(aArena);
+  MOZ_ASSERT(aCert);
+  // Note: |aAdditionalCertName| may or may not need to be non-null depending
+  //       on the |aORT| value given.
+
+  if (aORT == ORTNone) {
+    if (gDebugLevel >= DEBUG_WARNINGS) {
+      fprintf(stderr, "GetOCSPResponseForType called with type ORTNone, "
+                      "which makes no sense.\n");
+    }
+    return nullptr;
+  }
+
+  if (aORT == ORTEmpty) {
+    SECItemArray* arr = SECITEM_AllocArray(aArena.get(), nullptr, 1);
+    arr->items[0].data = nullptr;
+    arr->items[0].len = 0;
+    return arr;
+  }
+
+  time_t now = time(nullptr);
+  time_t oldNow = now - (8 * Time::ONE_DAY_IN_SECONDS);
+
+  mozilla::UniqueCERTCertificate cert(CERT_DupCertificate(aCert.get()));
+
+  if (aORT == ORTGoodOtherCert) {
+    cert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!cert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+  // XXX CERT_FindCertIssuer uses the old, deprecated path-building logic
+  mozilla::UniqueCERTCertificate
+    issuerCert(CERT_FindCertIssuer(aCert.get(), PR_Now(), certUsageSSLCA));
+  if (!issuerCert) {
+    PrintPRError("CERT_FindCertIssuer failed");
+    return nullptr;
+  }
+  Input issuer;
+  if (issuer.Init(cert->derIssuer.data, cert->derIssuer.len) != Success) {
+    return nullptr;
+  }
+  Input issuerPublicKey;
+  if (issuerPublicKey.Init(issuerCert->derPublicKey.data,
+                           issuerCert->derPublicKey.len) != Success) {
+    return nullptr;
+  }
+  Input serialNumber;
+  if (serialNumber.Init(cert->serialNumber.data,
+                        cert->serialNumber.len) != Success) {
+    return nullptr;
+  }
+  CertID certID(issuer, issuerPublicKey, serialNumber);
+  OCSPResponseContext context(certID, now);
+
+  mozilla::UniqueCERTCertificate signerCert;
+  if (aORT == ORTGoodOtherCA || aORT == ORTDelegatedIncluded ||
+      aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissing ||
+      aORT == ORTDelegatedMissingMultiple) {
+    signerCert.reset(PK11_FindCertFromNickname(aAdditionalCertName, nullptr));
+    if (!signerCert) {
+      PrintPRError("PK11_FindCertFromNickname failed");
+      return nullptr;
+    }
+  }
+
+  ByteString certs[5];
+
+  if (aORT == ORTDelegatedIncluded) {
+    certs[0].assign(signerCert->derCert.data, signerCert->derCert.len);
+    context.certs = certs;
+  }
+  if (aORT == ORTDelegatedIncludedLast || aORT == ORTDelegatedMissingMultiple) {
+    certs[0].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    certs[1].assign(cert->derCert.data, cert->derCert.len);
+    certs[2].assign(issuerCert->derCert.data, issuerCert->derCert.len);
+    if (aORT != ORTDelegatedMissingMultiple) {
+      certs[3].assign(signerCert->derCert.data, signerCert->derCert.len);
+    }
+    context.certs = certs;
+  }
+
+  switch (aORT) {
+    case ORTMalformed:
+      context.responseStatus = 1;
+      break;
+    case ORTSrverr:
+      context.responseStatus = 2;
+      break;
+    case ORTTryLater:
+      context.responseStatus = 3;
+      break;
+    case ORTNeedsSig:
+      context.responseStatus = 5;
+      break;
+    case ORTUnauthorized:
+      context.responseStatus = 6;
+      break;
+    default:
+      // context.responseStatus is 0 in all other cases, and it has
+      // already been initialized in the constructor.
+      break;
+  }
+  if (aORT == ORTSkipResponseBytes) {
+    context.skipResponseBytes = true;
+  }
+  if (aORT == ORTExpired || aORT == ORTExpiredFreshCA ||
+      aORT == ORTRevokedOld || aORT == ORTUnknownOld) {
+    context.thisUpdate = oldNow;
+    context.nextUpdate = oldNow + Time::ONE_DAY_IN_SECONDS;
+  }
+  if (aORT == ORTLongValidityAlmostExpired) {
+    context.thisUpdate = now - (320 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTAncientAlmostExpired) {
+    context.thisUpdate = now - (640 * Time::ONE_DAY_IN_SECONDS);
+  }
+  if (aORT == ORTRevoked || aORT == ORTRevokedOld) {
+    context.certStatus = 1;
+  }
+  if (aORT == ORTUnknown || aORT == ORTUnknownOld) {
+    context.certStatus = 2;
+  }
+  if (aORT == ORTBadSignature) {
+    context.badSignature = true;
+  }
+  OCSPResponseExtension extension;
+  if (aORT == ORTCriticalExtension || aORT == ORTNoncriticalExtension) {
+    // python DottedOIDToCode.py --tlv some-Mozilla-OID 1.3.6.1.4.1.13769.666.666.666.1.500.9.2
+    static const uint8_t tlv_some_Mozilla_OID[] = {
+      0x06, 0x12, 0x2b, 0x06, 0x01, 0x04, 0x01, 0xeb, 0x49, 0x85, 0x1a, 0x85,
+      0x1a, 0x85, 0x1a, 0x01, 0x83, 0x74, 0x09, 0x02
+    };
+
+    extension.id.assign(tlv_some_Mozilla_OID, sizeof(tlv_some_Mozilla_OID));
+    extension.critical = (aORT == ORTCriticalExtension);
+    extension.value.push_back(0x05); // tag: NULL
+    extension.value.push_back(0x00); // length: 0
+    extension.next = nullptr;
+    context.responseExtensions = &extension;
+  }
+  if (aORT == ORTEmptyExtensions) {
+    context.includeEmptyExtensions = true;
+  }
+
+  if (!signerCert) {
+    signerCert.reset(CERT_DupCertificate(issuerCert.get()));
+  }
+  context.signerKeyPair.reset(CreateTestKeyPairFromCert(signerCert));
+  if (!context.signerKeyPair) {
+    PrintPRError("PK11_FindKeyByAnyCert failed");
+    return nullptr;
+  }
+
+  ByteString response(CreateEncodedOCSPResponse(context));
+  if (ENCODING_FAILED(response)) {
+    PrintPRError("CreateEncodedOCSPResponse failed");
+    return nullptr;
+  }
+
+  SECItem item = {
+    siBuffer,
+    const_cast<uint8_t*>(response.data()),
+    static_cast<unsigned int>(response.length())
+  };
+  SECItemArray arr = { &item, 1 };
+  return SECITEM_DupArray(aArena.get(), &arr);
+}
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
new file mode 100644
index 000000000..5a88d6e52
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/OCSPCommon.h
@@ -0,0 +1,61 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+// Implements generating OCSP responses of various types. Used by the
+// programs in tlsserver/cmd.
+
+#ifndef OCSPCommon_h
+#define OCSPCommon_h
+
+#include "ScopedNSSTypes.h"
+#include "certt.h"
+#include "seccomon.h"
+
+enum OCSPResponseType
+{
+  ORTNull = 0,
+  ORTGood,             // the certificate is good
+  ORTRevoked,          // the certificate has been revoked
+  ORTRevokedOld,       // same, but the response is old
+  ORTUnknown,          // the responder doesn't know if the cert is good
+  ORTUnknownOld,       // same, but the response is old
+  ORTGoodOtherCert,    // the response references a different certificate
+  ORTGoodOtherCA,      // the wrong CA has signed the response
+  ORTExpired,          // the signature on the response has expired
+  ORTExpiredFreshCA,   // fresh signature, but old validity period
+  ORTNone,             // no stapled response
+  ORTEmpty,            // an empty stapled response
+  ORTMalformed,        // the response from the responder was malformed
+  ORTSrverr,           // the response indicates there was a server error
+  ORTTryLater,         // the responder replied with "try again later"
+  ORTNeedsSig,         // the response needs a signature
+  ORTUnauthorized,     // the responder is not authorized for this certificate
+  ORTBadSignature,     // the response has a signature that does not verify
+  ORTSkipResponseBytes, // the response does not include responseBytes
+  ORTCriticalExtension, // the response includes a critical extension
+  ORTNoncriticalExtension, // the response includes an extension that is not critical
+  ORTEmptyExtensions,  // the response includes a SEQUENCE OF Extension that is empty
+  ORTDelegatedIncluded, // the response is signed by an included delegated responder
+  ORTDelegatedIncludedLast, // same, but multiple other certificates are included
+  ORTDelegatedMissing, // the response is signed by a not included delegated responder
+  ORTDelegatedMissingMultiple, // same, but multiple other certificates are included
+  ORTLongValidityAlmostExpired, // a good response, but that was generated a almost a year ago
+  ORTAncientAlmostExpired, // a good response, with a validity of almost two years almost expiring
+};
+
+struct OCSPHost
+{
+  const char *mHostName;
+  OCSPResponseType mORT;
+  const char *mAdditionalCertName; // useful for ORTGoodOtherCert, etc.
+  const char *mServerCertName;
+};
+
+SECItemArray*
+GetOCSPResponseForType(OCSPResponseType aORT,
+                       const mozilla::UniqueCERTCertificate& aCert,
+                       const mozilla::UniquePLArenaPool& aArena,
+                       const char* aAdditionalCertName);
+
+#endif // OCSPCommon_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
new file mode 100644
index 000000000..fcf6aa951
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.cpp
@@ -0,0 +1,600 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "TLSServer.h"
+
+#include <stdio.h>
+#include <string>
+#include <vector>
+
+#include "base64.h"
+#include "mozilla/Move.h"
+#include "mozilla/Sprintf.h"
+#include "nspr.h"
+#include "nss.h"
+#include "plarenas.h"
+#include "prenv.h"
+#include "prerror.h"
+#include "prnetdb.h"
+#include "prtime.h"
+#include "ssl.h"
+
+namespace mozilla { namespace test {
+
+static const uint16_t LISTEN_PORT = 8443;
+
+DebugLevel gDebugLevel = DEBUG_ERRORS;
+uint16_t gCallbackPort = 0;
+
+const char DEFAULT_CERT_NICKNAME[] = "default-ee";
+
+struct Connection
+{
+  PRFileDesc *mSocket;
+  char mByte;
+
+  explicit Connection(PRFileDesc *aSocket);
+  ~Connection();
+};
+
+Connection::Connection(PRFileDesc *aSocket)
+: mSocket(aSocket)
+, mByte(0)
+{}
+
+Connection::~Connection()
+{
+  if (mSocket) {
+    PR_Close(mSocket);
+  }
+}
+
+void
+PrintPRError(const char *aPrefix)
+{
+  const char *err = PR_ErrorToName(PR_GetError());
+  if (err) {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s: %s\n", aPrefix, err);
+    }
+  } else {
+    if (gDebugLevel >= DEBUG_ERRORS) {
+      fprintf(stderr, "%s\n", aPrefix);
+    }
+  }
+}
+
+template <size_t N>
+SECStatus
+ReadFileToBuffer(const char* basePath, const char* filename, char (&buf)[N])
+{
+  static_assert(N > 0, "input buffer too small for ReadFileToBuffer");
+  if (snprintf(buf, N - 1, "%s/%s", basePath, filename) == 0) {
+    PrintPRError("snprintf failed");
+    return SECFailure;
+  }
+  UniquePRFileDesc fd(PR_OpenFile(buf, PR_RDONLY, 0));
+  if (!fd) {
+    PrintPRError("PR_Open failed");
+    return SECFailure;
+  }
+  int32_t fileSize = PR_Available(fd.get());
+  if (fileSize < 0) {
+    PrintPRError("PR_Available failed");
+    return SECFailure;
+  }
+  if (static_cast<size_t>(fileSize) > N - 1) {
+    PR_fprintf(PR_STDERR, "file too large - not reading\n");
+    return SECFailure;
+  }
+  int32_t bytesRead = PR_Read(fd.get(), buf, fileSize);
+  if (bytesRead != fileSize) {
+    PrintPRError("PR_Read failed");
+    return SECFailure;
+  }
+  buf[bytesRead] = 0;
+  return SECSuccess;
+}
+
+SECStatus
+AddKeyFromFile(const char* basePath, const char* filename)
+{
+  const char* PRIVATE_KEY_HEADER = "-----BEGIN PRIVATE KEY-----";
+  const char* PRIVATE_KEY_FOOTER = "-----END PRIVATE KEY-----";
+
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+  if (strncmp(buf, PRIVATE_KEY_HEADER, strlen(PRIVATE_KEY_HEADER)) != 0) {
+    PR_fprintf(PR_STDERR, "invalid key - not importing\n");
+    return SECFailure;
+  }
+  const char* bufPtr = buf + strlen(PRIVATE_KEY_HEADER);
+  size_t bufLen = strlen(buf);
+  char base64[16384] = { 0 };
+  char* base64Ptr = base64;
+  while (bufPtr < buf + bufLen) {
+    if (strncmp(bufPtr, PRIVATE_KEY_FOOTER, strlen(PRIVATE_KEY_FOOTER)) == 0) {
+      break;
+    }
+    if (*bufPtr != '\r' && *bufPtr != '\n') {
+      *base64Ptr = *bufPtr;
+      base64Ptr++;
+    }
+    bufPtr++;
+  }
+
+  unsigned int binLength;
+  UniquePORTString bin(
+    BitwiseCast<char*, unsigned char*>(ATOB_AsciiToData(base64, &binLength)));
+  if (!bin || binLength == 0) {
+    PrintPRError("ATOB_AsciiToData failed");
+    return SECFailure;
+  }
+  UniqueSECItem secitem(::SECITEM_AllocItem(nullptr, nullptr, binLength));
+  if (!secitem) {
+    PrintPRError("SECITEM_AllocItem failed");
+    return SECFailure;
+  }
+  PORT_Memcpy(secitem->data, bin.get(), binLength);
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  if (PK11_NeedUserInit(slot.get())) {
+    if (PK11_InitPin(slot.get(), nullptr, nullptr) != SECSuccess) {
+      PrintPRError("PK11_InitPin failed");
+      return SECFailure;
+    }
+  }
+  SECKEYPrivateKey* privateKey;
+  if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(), secitem.get(),
+                                               nullptr, nullptr, true, false,
+                                               KU_ALL, &privateKey, nullptr)
+        != SECSuccess) {
+    PrintPRError("PK11_ImportDERPrivateKeyInfoAndReturnKey failed");
+    return SECFailure;
+  }
+  SECKEY_DestroyPrivateKey(privateKey);
+  return SECSuccess;
+}
+
+SECStatus
+DecodeCertCallback(void* arg, SECItem** certs, int numcerts)
+{
+  if (numcerts != 1) {
+    PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
+    return SECFailure;
+  }
+
+  SECItem* certDEROut = static_cast<SECItem*>(arg);
+  return SECITEM_CopyItem(nullptr, certDEROut, *certs);
+}
+
+SECStatus
+AddCertificateFromFile(const char* basePath, const char* filename)
+{
+  char buf[16384] = { 0 };
+  SECStatus rv = ReadFileToBuffer(basePath, filename, buf);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+  ScopedAutoSECItem certDER;
+  rv = CERT_DecodeCertPackage(buf, strlen(buf), DecodeCertCallback, &certDER);
+  if (rv != SECSuccess) {
+    PrintPRError("CERT_DecodeCertPackage failed");
+    return rv;
+  }
+  UniqueCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+                                                     &certDER, nullptr, false,
+                                                     true));
+  if (!cert) {
+    PrintPRError("CERT_NewTempCertificate failed");
+    return SECFailure;
+  }
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  // The nickname is the filename without '.pem'.
+  std::string nickname(filename, strlen(filename) - 4);
+  rv = PK11_ImportCert(slot.get(), cert.get(), CK_INVALID_HANDLE,
+                       nickname.c_str(), false);
+  if (rv != SECSuccess) {
+    PrintPRError("PK11_ImportCert failed");
+    return rv;
+  }
+  return SECSuccess;
+}
+
+SECStatus
+LoadCertificatesAndKeys(const char* basePath)
+{
+  // The NSS cert DB path could have been specified as "sql:path". Trim off
+  // the leading "sql:" if so.
+  if (strncmp(basePath, "sql:", 4) == 0) {
+    basePath = basePath + 4;
+  }
+
+  UniquePRDir fdDir(PR_OpenDir(basePath));
+  if (!fdDir) {
+    PrintPRError("PR_OpenDir failed");
+    return SECFailure;
+  }
+  // On the B2G ICS emulator, operations taken in AddCertificateFromFile
+  // appear to interact poorly with readdir (more specifically, something is
+  // causing readdir to never return null - it indefinitely loops through every
+  // file in the directory, which causes timeouts). Rather than waste more time
+  // chasing this down, loading certificates and keys happens in two phases:
+  // filename collection and then loading. (This is probably a good
+  // idea anyway because readdir isn't reentrant. Something could change later
+  // such that it gets called as a result of calling AddCertificateFromFile or
+  // AddKeyFromFile.)
+  std::vector<std::string> certificates;
+  std::vector<std::string> keys;
+  for (PRDirEntry* dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH); dirEntry;
+       dirEntry = PR_ReadDir(fdDir.get(), PR_SKIP_BOTH)) {
+    size_t nameLength = strlen(dirEntry->name);
+    if (nameLength > 4) {
+      if (strncmp(dirEntry->name + nameLength - 4, ".pem", 4) == 0) {
+        certificates.push_back(dirEntry->name);
+      } else if (strncmp(dirEntry->name + nameLength - 4, ".key", 4) == 0) {
+        keys.push_back(dirEntry->name);
+      }
+    }
+  }
+  SECStatus rv;
+  for (std::string& certificate : certificates) {
+    rv = AddCertificateFromFile(basePath, certificate.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  for (std::string& key : keys) {
+    rv = AddKeyFromFile(basePath, key.c_str());
+    if (rv != SECSuccess) {
+      return rv;
+    }
+  }
+  return SECSuccess;
+}
+
+SECStatus
+InitializeNSS(const char* nssCertDBDir)
+{
+  // Try initializing an existing DB.
+  if (NSS_Init(nssCertDBDir) == SECSuccess) {
+    return SECSuccess;
+  }
+
+  // Create a new DB if there is none...
+  SECStatus rv = NSS_Initialize(nssCertDBDir, nullptr, nullptr, nullptr, 0);
+  if (rv != SECSuccess) {
+    return rv;
+  }
+
+  // ...and load all certificates into it.
+  return LoadCertificatesAndKeys(nssCertDBDir);
+}
+
+nsresult
+SendAll(PRFileDesc *aSocket, const char *aData, size_t aDataLen)
+{
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "sending '%s'\n", aData);
+  }
+
+  while (aDataLen > 0) {
+    int32_t bytesSent = PR_Send(aSocket, aData, aDataLen, 0,
+                                PR_INTERVAL_NO_TIMEOUT);
+    if (bytesSent == -1) {
+      PrintPRError("PR_Send failed");
+      return NS_ERROR_FAILURE;
+    }
+
+    aDataLen -= bytesSent;
+    aData += bytesSent;
+  }
+
+  return NS_OK;
+}
+
+nsresult
+ReplyToRequest(Connection *aConn)
+{
+  // For debugging purposes, SendAll can print out what it's sending.
+  // So, any strings we give to it to send need to be null-terminated.
+  char buf[2] = { aConn->mByte, 0 };
+  return SendAll(aConn->mSocket, buf, 1);
+}
+
+nsresult
+SetupTLS(Connection *aConn, PRFileDesc *aModelSocket)
+{
+  PRFileDesc *sslSocket = SSL_ImportFD(aModelSocket, aConn->mSocket);
+  if (!sslSocket) {
+    PrintPRError("SSL_ImportFD failed");
+    return NS_ERROR_FAILURE;
+  }
+  aConn->mSocket = sslSocket;
+
+  SSL_OptionSet(sslSocket, SSL_SECURITY, true);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_CLIENT, false);
+  SSL_OptionSet(sslSocket, SSL_HANDSHAKE_AS_SERVER, true);
+
+  SSL_ResetHandshake(sslSocket, /* asServer */ 1);
+
+  return NS_OK;
+}
+
+nsresult
+ReadRequest(Connection *aConn)
+{
+  int32_t bytesRead = PR_Recv(aConn->mSocket, &aConn->mByte, 1, 0,
+                              PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed");
+    return NS_ERROR_FAILURE;
+  } else if (bytesRead == 0) {
+    PR_SetError(PR_IO_ERROR, 0);
+    PrintPRError("PR_Recv EOF in ReadRequest");
+    return NS_ERROR_FAILURE;
+  } else {
+    if (gDebugLevel >= DEBUG_VERBOSE) {
+      fprintf(stderr, "read '0x%hhx'\n", aConn->mByte);
+    }
+  }
+  return NS_OK;
+}
+
+void
+HandleConnection(PRFileDesc* aSocket, const UniquePRFileDesc& aModelSocket)
+{
+  Connection conn(aSocket);
+  nsresult rv = SetupTLS(&conn, aModelSocket.get());
+  if (NS_FAILED(rv)) {
+    PR_SetError(PR_INVALID_STATE_ERROR, 0);
+    PrintPRError("PR_Recv failed");
+    exit(1);
+  }
+
+  // TODO: On tests that are expected to fail (e.g. due to a revoked
+  // certificate), the client will close the connection wtihout sending us the
+  // request byte. In those cases, we should keep going. But, in the cases
+  // where the connection is supposed to suceed, we should verify that we
+  // successfully receive the request and send the response.
+  rv = ReadRequest(&conn);
+  if (NS_SUCCEEDED(rv)) {
+    rv = ReplyToRequest(&conn);
+  }
+}
+
+// returns 0 on success, non-zero on error
+int
+DoCallback()
+{
+  UniquePRFileDesc socket(PR_NewTCPSocket());
+  if (!socket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRNetAddr addr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, gCallbackPort, &addr);
+  if (PR_Connect(socket.get(), &addr, PR_INTERVAL_NO_TIMEOUT) != PR_SUCCESS) {
+    PrintPRError("PR_Connect failed");
+    return 1;
+  }
+
+  const char *request = "GET / HTTP/1.0\r\n\r\n";
+  SendAll(socket.get(), request, strlen(request));
+  char buf[4096];
+  memset(buf, 0, sizeof(buf));
+  int32_t bytesRead = PR_Recv(socket.get(), buf, sizeof(buf) - 1, 0,
+                              PR_INTERVAL_NO_TIMEOUT);
+  if (bytesRead < 0) {
+    PrintPRError("PR_Recv failed 1");
+    return 1;
+  }
+  if (bytesRead == 0) {
+    fprintf(stderr, "PR_Recv eof 1\n");
+    return 1;
+  }
+  fprintf(stderr, "%s\n", buf);
+  return 0;
+}
+
+SECStatus
+ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName,
+                                /*optional*/ UniqueCERTCertificate* certOut,
+                                /*optional*/ SSLKEAType* keaOut)
+{
+  UniqueCERTCertificate cert(PK11_FindCertFromNickname(certName, nullptr));
+  if (!cert) {
+    PrintPRError("PK11_FindCertFromNickname failed");
+    return SECFailure;
+  }
+  // If an intermediate certificate issued the server certificate (rather than
+  // directly by a trust anchor), we want to send it along in the handshake so
+  // we don't encounter unknown issuer errors when that's not what we're
+  // testing.
+  UniqueCERTCertificateList certList;
+  UniqueCERTCertificate issuerCert(
+    CERT_FindCertByName(CERT_GetDefaultCertDB(), &cert->derIssuer));
+  // If we can't find the issuer cert, continue without it.
+  if (issuerCert) {
+    // Sadly, CERTCertificateList does not have a CERT_NewCertificateList
+    // utility function, so we must create it ourselves. This consists
+    // of creating an arena, allocating space for the CERTCertificateList,
+    // and then transferring ownership of the arena to that list.
+    UniquePLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+    if (!arena) {
+      PrintPRError("PORT_NewArena failed");
+      return SECFailure;
+    }
+    certList.reset(static_cast<CERTCertificateList*>(
+      PORT_ArenaAlloc(arena.get(), sizeof(CERTCertificateList))));
+    if (!certList) {
+      PrintPRError("PORT_ArenaAlloc failed");
+      return SECFailure;
+    }
+    certList->arena = arena.release();
+    // We also have to manually copy the certificates we care about to the
+    // list, because there aren't any utility functions for that either.
+    certList->certs = static_cast<SECItem*>(
+      PORT_ArenaAlloc(certList->arena, 2 * sizeof(SECItem)));
+    if (SECITEM_CopyItem(certList->arena, certList->certs, &cert->derCert)
+          != SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    if (SECITEM_CopyItem(certList->arena, certList->certs + 1,
+                         &issuerCert->derCert) != SECSuccess) {
+      PrintPRError("SECITEM_CopyItem failed");
+      return SECFailure;
+    }
+    certList->len = 2;
+  }
+
+  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
+  if (!slot) {
+    PrintPRError("PK11_GetInternalKeySlot failed");
+    return SECFailure;
+  }
+  UniqueSECKEYPrivateKey key(
+    PK11_FindKeyByDERCert(slot.get(), cert.get(), nullptr));
+  if (!key) {
+    PrintPRError("PK11_FindKeyByDERCert failed");
+    return SECFailure;
+  }
+
+  SSLKEAType certKEA = NSS_FindCertKEAType(cert.get());
+
+  if (SSL_ConfigSecureServerWithCertChain(fd, cert.get(), certList.get(),
+                                          key.get(), certKEA) != SECSuccess) {
+    PrintPRError("SSL_ConfigSecureServer failed");
+    return SECFailure;
+  }
+
+  if (certOut) {
+    *certOut = Move(cert);
+  }
+
+  if (keaOut) {
+    *keaOut = certKEA;
+  }
+
+  SSL_OptionSet(fd, SSL_NO_CACHE, false);
+  SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, true);
+
+  return SECSuccess;
+}
+
+int
+StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
+            void *sniSocketConfigArg)
+{
+  const char *debugLevel = PR_GetEnv("MOZ_TLS_SERVER_DEBUG_LEVEL");
+  if (debugLevel) {
+    int level = atoi(debugLevel);
+    switch (level) {
+      case DEBUG_ERRORS: gDebugLevel = DEBUG_ERRORS; break;
+      case DEBUG_WARNINGS: gDebugLevel = DEBUG_WARNINGS; break;
+      case DEBUG_VERBOSE: gDebugLevel = DEBUG_VERBOSE; break;
+      default:
+        PrintPRError("invalid MOZ_TLS_SERVER_DEBUG_LEVEL");
+        return 1;
+    }
+  }
+
+  const char *callbackPort = PR_GetEnv("MOZ_TLS_SERVER_CALLBACK_PORT");
+  if (callbackPort) {
+    gCallbackPort = atoi(callbackPort);
+  }
+
+  if (InitializeNSS(nssCertDBDir) != SECSuccess) {
+    PR_fprintf(PR_STDERR, "InitializeNSS failed");
+    return 1;
+  }
+
+  if (NSS_SetDomesticPolicy() != SECSuccess) {
+    PrintPRError("NSS_SetDomesticPolicy failed");
+    return 1;
+  }
+
+  if (SSL_ConfigServerSessionIDCache(0, 0, 0, nullptr) != SECSuccess) {
+    PrintPRError("SSL_ConfigServerSessionIDCache failed");
+    return 1;
+  }
+
+  UniquePRFileDesc serverSocket(PR_NewTCPSocket());
+  if (!serverSocket) {
+    PrintPRError("PR_NewTCPSocket failed");
+    return 1;
+  }
+
+  PRSocketOptionData socketOption;
+  socketOption.option = PR_SockOpt_Reuseaddr;
+  socketOption.value.reuse_addr = true;
+  PR_SetSocketOption(serverSocket.get(), &socketOption);
+
+  PRNetAddr serverAddr;
+  PR_InitializeNetAddr(PR_IpAddrLoopback, LISTEN_PORT, &serverAddr);
+  if (PR_Bind(serverSocket.get(), &serverAddr) != PR_SUCCESS) {
+    PrintPRError("PR_Bind failed");
+    return 1;
+  }
+
+  if (PR_Listen(serverSocket.get(), 1) != PR_SUCCESS) {
+    PrintPRError("PR_Listen failed");
+    return 1;
+  }
+
+  UniquePRFileDesc rawModelSocket(PR_NewTCPSocket());
+  if (!rawModelSocket) {
+    PrintPRError("PR_NewTCPSocket failed for rawModelSocket");
+    return 1;
+  }
+
+  UniquePRFileDesc modelSocket(SSL_ImportFD(nullptr, rawModelSocket.release()));
+  if (!modelSocket) {
+    PrintPRError("SSL_ImportFD of rawModelSocket failed");
+    return 1;
+  }
+
+  if (SSL_SNISocketConfigHook(modelSocket.get(), sniSocketConfig,
+                              sniSocketConfigArg) != SECSuccess) {
+    PrintPRError("SSL_SNISocketConfigHook failed");
+    return 1;
+  }
+
+  // We have to configure the server with a certificate, but it's not one
+  // we're actually going to end up using. In the SNI callback, we pick
+  // the right certificate for the connection.
+  if (ConfigSecureServerWithNamedCert(modelSocket.get(), DEFAULT_CERT_NICKNAME,
+                                      nullptr, nullptr) != SECSuccess) {
+    return 1;
+  }
+
+  if (gCallbackPort != 0) {
+    if (DoCallback()) {
+      return 1;
+    }
+  }
+
+  while (true) {
+    PRNetAddr clientAddr;
+    PRFileDesc* clientSocket = PR_Accept(serverSocket.get(), &clientAddr,
+                                         PR_INTERVAL_NO_TIMEOUT);
+    HandleConnection(clientSocket, modelSocket);
+  }
+
+  return 0;
+}
+
+} } // namespace mozilla::test
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
new file mode 100644
index 000000000..f1dc1569a
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/TLSServer.h
@@ -0,0 +1,89 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef TLSServer_h
+#define TLSServer_h
+
+// This is a standalone server for testing SSL features of Gecko.
+// The client is expected to connect and initiate an SSL handshake (with SNI
+// to indicate which "server" to connect to). If all is good, the client then
+// sends one encrypted byte and receives that same byte back.
+// This server also has the ability to "call back" another process waiting on
+// it. That is, when the server is all set up and ready to receive connections,
+// it will connect to a specified port and issue a simple HTTP request.
+
+#include <stdint.h>
+
+#include "ScopedNSSTypes.h"
+#include "mozilla/Casting.h"
+#include "prio.h"
+#include "secerr.h"
+#include "ssl.h"
+
+namespace mozilla {
+
+MOZ_TYPE_SPECIFIC_UNIQUE_PTR_TEMPLATE(UniquePRDir, PRDir, PR_CloseDir);
+
+} // namespace mozilla
+
+namespace mozilla { namespace test {
+
+enum DebugLevel
+{
+  DEBUG_ERRORS = 1,
+  DEBUG_WARNINGS  = 2,
+  DEBUG_VERBOSE = 3
+};
+
+extern DebugLevel gDebugLevel;
+
+void PrintPRError(const char *aPrefix);
+
+// The default certificate is trusted for localhost and *.example.com
+extern const char DEFAULT_CERT_NICKNAME[];
+
+// Pass DEFAULT_CERT_NICKNAME as certName unless you need a specific
+// certificate.
+SECStatus
+ConfigSecureServerWithNamedCert(PRFileDesc* fd, const char* certName,
+                                /*optional*/ UniqueCERTCertificate* cert,
+                                /*optional*/ SSLKEAType* kea);
+
+SECStatus
+InitializeNSS(const char* nssCertDBDir);
+
+int
+StartServer(const char *nssCertDBDir, SSLSNISocketConfig sniSocketConfig,
+            void *sniSocketConfigArg);
+
+template <typename Host>
+inline const Host *
+GetHostForSNI(const SECItem *aSrvNameArr, uint32_t aSrvNameArrSize,
+              const Host *hosts)
+{
+  for (uint32_t i = 0; i < aSrvNameArrSize; i++) {
+    for (const Host *host = hosts; host->mHostName; ++host) {
+      SECItem hostName;
+      hostName.data = BitwiseCast<unsigned char*, const char*>(host->mHostName);
+      hostName.len = strlen(host->mHostName);
+      if (SECITEM_ItemsAreEqual(&hostName, &aSrvNameArr[i])) {
+        if (gDebugLevel >= DEBUG_VERBOSE) {
+          fprintf(stderr, "found pre-defined host '%s'\n", host->mHostName);
+        }
+        return host;
+      }
+    }
+  }
+
+  if (gDebugLevel >= DEBUG_VERBOSE) {
+    fprintf(stderr, "could not find host info from SNI\n");
+  }
+
+  PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
+  return nullptr;
+}
+
+} } // namespace mozilla::test
+
+#endif // TLSServer_h
diff --git a/security/manager/ssl/tests/unit/tlsserver/lib/moz.build b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
new file mode 100644
index 000000000..5b28e4a55
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/lib/moz.build
@@ -0,0 +1,17 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+UNIFIED_SOURCES += [
+    'OCSPCommon.cpp',
+    'TLSServer.cpp',
+]
+
+LOCAL_INCLUDES += [
+    '../../../../../../pkix/include',
+    '../../../../../../pkix/test/lib',
+]
+
+Library('tlsserver')
diff --git a/security/manager/ssl/tests/unit/tlsserver/moz.build b/security/manager/ssl/tests/unit/tlsserver/moz.build
new file mode 100644
index 000000000..96fb65d06
--- /dev/null
+++ b/security/manager/ssl/tests/unit/tlsserver/moz.build
@@ -0,0 +1,8 @@
+# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
+# vim: set filetype=python:
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+# lib must be first, because cmd depends on its output
+DIRS += ['lib', 'cmd']
diff --git a/security/manager/ssl/tests/unit/xpcshell-smartcards.ini b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
new file mode 100644
index 000000000..df099b746
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell-smartcards.ini
@@ -0,0 +1,14 @@
+[DEFAULT]
+head = head_psm.js
+tail =
+tags = psm
+skip-if = toolkit == 'android'
+support-files =
+
+[test_pkcs11_insert_remove.js]
+[test_pkcs11_module.js]
+[test_pkcs11_no_events_after_removal.js]
+[test_pkcs11_safe_mode.js]
+[test_pkcs11_slot.js]
+[test_pkcs11_token.js]
+[test_pkcs11_tokenDB.js]
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini
new file mode 100644
index 000000000..b2f3de420
--- /dev/null
+++ b/security/manager/ssl/tests/unit/xpcshell.ini
@@ -0,0 +1,149 @@
+[DEFAULT]
+head = head_psm.js
+tail =
+tags = psm
+support-files =
+  bad_certs/**
+  ocsp_certs/**
+  test_baseline_requirements/**
+  test_cert_eku/**
+  test_cert_embedded_null/**
+  test_cert_isBuiltInRoot_reload/**
+  test_cert_keyUsage/**
+  test_cert_sha1/**
+  test_cert_signatures/**
+  test_cert_trust/**
+  test_cert_version/**
+  test_certDB_import/**
+  test_certviewer_invalid_oids/**
+  test_content_signing/**
+  test_ev_certs/**
+  test_getchain/**
+  test_intermediate_basic_usage_constraints/**
+  test_keysize/**
+  test_keysize_ev/**
+  test_name_constraints/**
+  test_ocsp_fetch_method/**
+  test_ocsp_url/**
+  test_onecrl/**
+  test_pinning_dynamic/**
+  test_signed_apps/**
+  test_signed_dir/**
+  test_startcom_wosign/**
+  test_validity/**
+  tlsserver/**
+
+[test_add_preexisting_cert.js]
+[test_baseline_requirements_subject_common_name.js]
+[test_cert_blocklist.js]
+tags = addons psm
+[test_cert_chains.js]
+run-sequentially = hardcoded ports
+[test_cert_dbKey.js]
+[test_cert_eku.js]
+[test_cert_embedded_null.js]
+[test_cert_keyUsage.js]
+[test_cert_isBuiltInRoot.js]
+[test_cert_isBuiltInRoot_reload.js]
+[test_cert_overrides.js]
+run-sequentially = hardcoded ports
+[test_cert_override_bits_mismatches.js]
+run-sequentially = hardcoded ports
+[test_cert_sha1.js]
+[test_cert_signatures.js]
+[test_cert_trust.js]
+[test_cert_version.js]
+[test_certDB_import.js]
+[test_certDB_import_pkcs12.js]
+[test_certviewer_invalid_oids.js]
+skip-if = toolkit == 'android'
+[test_constructX509FromBase64.js]
+[test_content_signing.js]
+[test_datasignatureverifier.js]
+[test_der.js]
+[test_enterprise_roots.js]
+skip-if = os != 'win' # tests a Windows-specific feature
+[test_ev_certs.js]
+run-sequentially = hardcoded ports
+[test_forget_about_site_security_headers.js]
+skip-if = toolkit == 'android'
+[test_getchain.js]
+[test_hash_algorithms.js]
+[test_hash_algorithms_wrap.js]
+# bug 1124289 - run_test_in_child violates the sandbox on android
+skip-if = toolkit == 'android'
+[test_hmac.js]
+[test_intermediate_basic_usage_constraints.js]
+[test_js_cert_override_service.js]
+run-sequentially = hardcoded ports
+[test_keysize.js]
+[test_keysize_ev.js]
+run-sequentially = hardcoded ports
+[test_local_cert.js]
+[test_logoutAndTeardown.js]
+run-sequentially = hardcoded ports
+[test_name_constraints.js]
+[test_nsCertType.js]
+run-sequentially = hardcoded ports
+[test_nsIX509Cert_utf8.js]
+[test_nsIX509CertValidity.js]
+[test_nss_shutdown.js]
+[test_ocsp_caching.js]
+run-sequentially = hardcoded ports
+[test_ocsp_enabled_pref.js]
+run-sequentially = hardcoded ports
+[test_ocsp_fetch_method.js]
+run-sequentially = hardcoded ports
+[test_ocsp_must_staple.js]
+run-sequentially = hardcoded ports
+[test_ocsp_no_hsts_upgrade.js]
+run-sequentially = hardcoded ports
+[test_ocsp_required.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_expired.js]
+run-sequentially = hardcoded ports
+[test_ocsp_stapling_with_intermediate.js]
+run-sequentially = hardcoded ports
+[test_ocsp_timeout.js]
+run-sequentially = hardcoded ports
+[test_ocsp_url.js]
+run-sequentially = hardcoded ports
+[test_password_prompt.js]
+[test_pinning.js]
+run-sequentially = hardcoded ports
+# This test can take longer than 300 seconds on B2G emulator debug builds, so
+# give it enough time to finish. See bug 1081128.
+requesttimeoutfactor = 2
+[test_pinning_dynamic.js]
+[test_pinning_header_parsing.js]
+[test_sdr.js]
+[test_session_resumption.js]
+run-sequentially = hardcoded ports
+[test_signed_apps.js]
+[test_signed_apps-marketplace.js]
+[test_signed_dir.js]
+tags = addons psm
+[test_sss_eviction.js]
+[test_sss_readstate.js]
+[test_sss_readstate_child.js]
+support-files = sss_readstate_child_worker.js
+# bug 1124289 - run_test_in_child violates the sandbox on android
+skip-if = toolkit == 'android'
+[test_sss_readstate_empty.js]
+[test_sss_readstate_garbage.js]
+[test_sss_readstate_huge.js]
+[test_sss_savestate.js]
+[test_startcom_wosign.js]
+[test_sts_fqdn.js]
+[test_sts_holepunch.js]
+[test_sts_ipv4_ipv6.js]
+[test_sts_preloadlist_perwindowpb.js]
+[test_sts_preloadlist_selfdestruct.js]
+[test_validity.js]
+run-sequentially = hardcoded ports
+[test_x509.js]
+
+# The TLS error reporting functionality lives in /toolkit but needs tlsserver
+[test_toolkit_securityreporter.js]